minidom configurations should be based on ToolExecutable.xcconfig
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-03-28  David Kilzer  <ddkilzer@apple.com>
2
3         minidom configurations should be based on ToolExecutable.xcconfig
4         <http://webkit.org/b/82513>
5
6         Reviewed by Mark Rowe.
7
8         Note that this patch changes minidom from being installed in
9         /usr/local/bin to JavaScriptCore.framework/Resources.
10
11         * Configurations/ToolExecutable.xcconfig: Add semi-colon.
12         * JavaScriptCore.xcodeproj/project.pbxproj: Base minidom
13         configurations on ToolExecutable.xcconfig.  Remove redundant
14         PRODUCT_NAME and SKIP_INSTALL variables.
15
16 2012-03-28  Gavin Barraclough  <barraclough@apple.com>
17
18         Build fix - some compiles generating NORETURN related warnings.
19
20         * yarr/YarrJIT.cpp:
21         (JSC::Yarr::YarrGenerator::setSubpatternStart):
22         (JSC::Yarr::YarrGenerator::setSubpatternEnd):
23         (JSC::Yarr::YarrGenerator::clearSubpatternStart):
24
25 2012-03-28  Kevin Ollivier  <kevino@theolliviers.com>
26
27         [wx] Unreviewed. Build fix, move WTF back into JSCore target
28         until issues with JSCore not linking in all WTF symbols are resolved.
29         
30         * wscript:
31
32 2012-03-28  Gavin Barraclough  <barraclough@apple.com>
33
34         Yarr: if we're not using the output array, don't populate it!
35         https://bugs.webkit.org/show_bug.cgi?id=82519
36
37         Reviewed by Sam Weinig.
38
39         * runtime/RegExp.cpp:
40         (JSC):
41             - Missed review comment! - didn't fully remove RegExpRepresentation.
42
43 2012-03-28  Gavin Barraclough  <barraclough@apple.com>
44
45         Yarr: if we're not using the output array, don't populate it!
46         https://bugs.webkit.org/show_bug.cgi?id=82519
47
48         Reviewed by Sam Weinig.
49
50         Add a new variant of the match method to RegExp that returns a MatchResult,
51         and modify YarrJIT to be able to compile code that doesn't use an output vector.
52
53         This is a 3% progression on v8-regexp.
54
55         * JavaScriptCore.xcodeproj/project.pbxproj:
56             - Moved MatchResult into its own header.
57         * assembler/AbstractMacroAssembler.h:
58             - Added missing include.
59         * runtime/MatchResult.h: Added.
60         (MatchResult::MatchResult):
61         (MatchResult):
62         (MatchResult::failed):
63         (MatchResult::operator bool):
64         (MatchResult::empty):
65             - Moved MatchResult into its own header.
66         * runtime/RegExp.cpp:
67         (JSC::RegExp::compile):
68         (JSC::RegExp::compileIfNecessary):
69         (JSC::RegExp::match):
70             - Changed due to execute & representation changes.
71         (JSC::RegExp::compileMatchOnly):
72         (JSC::RegExp::compileIfNecessaryMatchOnly):
73             - Added helper to compile MatchOnly code.
74         (JSC::RegExp::invalidateCode):
75         (JSC::RegExp::matchCompareWithInterpreter):
76         (JSC::RegExp::printTraceData):
77             - Changed due representation changes.
78         * runtime/RegExp.h:
79         (RegExp):
80         (JSC::RegExp::hasCode):
81             - Made YarrCodeBlock a member.
82         * runtime/RegExpConstructor.h:
83         (RegExpConstructor):
84         (JSC::RegExpConstructor::performMatch):
85             - Added no-ovector form.
86         * runtime/RegExpMatchesArray.cpp:
87         (JSC::RegExpMatchesArray::reifyAllProperties):
88             - Match now takes a reference to ovector, not a pointer.
89         * runtime/RegExpObject.h:
90         (JSC):
91             - Moved MatchResult into its own header.
92         * runtime/StringPrototype.cpp:
93         (JSC::stringProtoFuncSplit):
94             - Match now takes a reference to ovector, not a pointer.
95         * testRegExp.cpp:
96         (testOneRegExp):
97             - Match now takes a reference to ovector, not a pointer.
98         * yarr/YarrJIT.cpp:
99         (Yarr):
100         (YarrGenerator):
101         (JSC::Yarr::YarrGenerator::initCallFrame):
102         (JSC::Yarr::YarrGenerator::removeCallFrame):
103         (JSC::Yarr::YarrGenerator::setSubpatternStart):
104         (JSC::Yarr::YarrGenerator::setSubpatternEnd):
105         (JSC::Yarr::YarrGenerator::clearSubpatternStart):
106         (JSC::Yarr::YarrGenerator::setMatchStart):
107         (JSC::Yarr::YarrGenerator::getMatchStart):
108             - Added helper functions to intermediate access to output.
109         (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
110         (JSC::Yarr::YarrGenerator::generate):
111         (JSC::Yarr::YarrGenerator::backtrack):
112         (JSC::Yarr::YarrGenerator::generateEnter):
113         (JSC::Yarr::YarrGenerator::compile):
114             - Changed to use the new helpers, only generate subpatterns if IncludeSubpatterns.
115         (JSC::Yarr::jitCompile):
116             - Needs to template of MatchOnly or IncludeSubpatterns.
117         * yarr/YarrJIT.h:
118         (YarrCodeBlock):
119         (JSC::Yarr::YarrCodeBlock::set8BitCode):
120         (JSC::Yarr::YarrCodeBlock::set16BitCode):
121         (JSC::Yarr::YarrCodeBlock::has8BitCodeMatchOnly):
122         (JSC::Yarr::YarrCodeBlock::has16BitCodeMatchOnly):
123         (JSC::Yarr::YarrCodeBlock::set8BitCodeMatchOnly):
124         (JSC::Yarr::YarrCodeBlock::set16BitCodeMatchOnly):
125         (JSC::Yarr::YarrCodeBlock::execute):
126         (JSC::Yarr::YarrCodeBlock::clear):
127             - Added a second set of CodeRefs, so that we can compile RexExps with/without subpattern matching.
128
129 2012-03-27  Filip Pizlo  <fpizlo@apple.com>
130
131         DFG OSR exit should not generate an exit for variables of inlinees if the
132         inlinees are not in scope
133         https://bugs.webkit.org/show_bug.cgi?id=82312
134
135         Reviewed by Oliver Hunt.
136         
137         * bytecode/CodeBlock.h:
138         (JSC::baselineCodeBlockForInlineCallFrame):
139         (JSC):
140         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
141         * dfg/DFGOSRExit.cpp:
142         (JSC::DFG::computeNumVariablesForCodeOrigin):
143         (DFG):
144         (JSC::DFG::OSRExit::OSRExit):
145
146 2012-03-27  Matt Lilek  <mrl@apple.com>
147
148         Stop compiling Interpreter.cpp with -fno-var-tracking
149         https://bugs.webkit.org/show_bug.cgi?id=82299
150
151         Reviewed by Anders Carlsson.
152
153         * JavaScriptCore.xcodeproj/project.pbxproj:
154
155 2012-03-27  Pratik Solanki  <psolanki@apple.com>
156
157         Compiler warning when JIT is not enabled
158         https://bugs.webkit.org/show_bug.cgi?id=82352
159
160         Reviewed by Filip Pizlo.
161
162         * runtime/JSFunction.cpp:
163         (JSC::JSFunction::create):
164
165 2012-03-26  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
166
167         Unaligned userspace access for SH4 platforms
168         https://bugs.webkit.org/show_bug.cgi?id=79104
169
170         Reviewed by Gavin Barraclough.
171
172         * assembler/AbstractMacroAssembler.h:
173         (Jump):
174         (JSC::AbstractMacroAssembler::Jump::Jump):
175         (JSC::AbstractMacroAssembler::Jump::link):
176         * assembler/MacroAssemblerSH4.h:
177         (JSC::MacroAssemblerSH4::load16Unaligned):
178         (JSC::MacroAssemblerSH4::load32WithUnalignedHalfWords):
179         (JSC::MacroAssemblerSH4::branchDouble):
180         (JSC::MacroAssemblerSH4::branchTrue):
181         (JSC::MacroAssemblerSH4::branchFalse):
182         * assembler/SH4Assembler.h:
183         (JSC::SH4Assembler::extraInstrForBranch):
184         (SH4Assembler):
185         (JSC::SH4Assembler::bra):
186         (JSC::SH4Assembler::linkJump):
187         * jit/JIT.h:
188         (JIT):
189         * yarr/YarrJIT.cpp:
190         (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
191
192 2012-03-26  Ryosuke Niwa  <rniwa@webkit.org>
193
194         cssText should use shorthand notations
195         https://bugs.webkit.org/show_bug.cgi?id=81737
196
197         Reviewed by Enrica Casucci.
198
199         Export symbols of BitVector on Windows.
200
201         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
202
203 2012-03-26  Filip Pizlo  <fpizlo@apple.com>
204
205         DFG should assert that argument value recoveries can only be
206         AlreadyInRegisterFile or Constant
207         https://bugs.webkit.org/show_bug.cgi?id=82249
208
209         Reviewed by Michael Saboff.
210         
211         Made the assertions that the DFG makes for argument value recoveries match
212         what Arguments expects.
213
214         * bytecode/ValueRecovery.h:
215         (JSC::ValueRecovery::isConstant):
216         (ValueRecovery):
217         (JSC::ValueRecovery::isAlreadyInRegisterFile):
218         * dfg/DFGSpeculativeJIT.cpp:
219         (JSC::DFG::SpeculativeJIT::compile):
220
221 2012-03-26  Dan Bernstein  <mitz@apple.com>
222
223         Tried to fix the Windows build.
224
225         * yarr/YarrPattern.cpp:
226         (JSC::Yarr::CharacterClassConstructor::putRange):
227
228 2012-03-26  Gavin Barraclough  <barraclough@apple.com>
229
230         Unreviewed - speculative Windows build fix.
231
232         * yarr/YarrCanonicalizeUCS2.h:
233         (JSC::Yarr::getCanonicalPair):
234
235 2012-03-26  Dan Bernstein  <mitz@apple.com>
236
237         Fixed builds with assertions disabled.
238
239         * yarr/YarrCanonicalizeUCS2.h:
240         (JSC::Yarr::areCanonicallyEquivalent):
241
242 2012-03-26  Gavin Barraclough  <barraclough@apple.com>
243
244         Unreviewed - errk! - accidentally the whole pbxproj.
245
246         * JavaScriptCore.xcodeproj/project.pbxproj:
247
248 2012-03-25  Gavin Barraclough  <barraclough@apple.com>
249
250         Greek sigma is handled wrong in case independent regexp.
251         https://bugs.webkit.org/show_bug.cgi?id=82063
252
253         Reviewed by Oliver Hunt.
254
255         The bug here is that we assume that any given codepoint has at most one additional value it
256         should match under a case insensitive match, and that the pair of codepoints that match (if
257         a codepoint does not only match itself) can be determined by calling toUpper/toLower on the
258         given codepoint). Life is not that simple.
259
260         Instead, pre-calculate a set of tables mapping from a UCS2 codepoint to the set of characters
261         it may match, under the ES5.1 case-insensitive matching rules. Since unicode is fairly regular
262         we can pack this table quite nicely, and get it down to 364 entries. This means we can use a
263         simple binary search to find an entry in typically eight compares.
264
265         * CMakeLists.txt:
266         * GNUmakefile.list.am:
267         * JavaScriptCore.gypi:
268         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
269         * JavaScriptCore.xcodeproj/project.pbxproj:
270         * yarr/yarr.pri:
271             - Added new files to build systems.
272         * yarr/YarrCanonicalizeUCS2.cpp: Added.
273             - New - autogenerated, UCS2 canonicalized comparison tables.
274         * yarr/YarrCanonicalizeUCS2.h: Added.
275         (JSC::Yarr::rangeInfoFor):
276             - Look up the canonicalization info for a UCS2 character.
277         (JSC::Yarr::getCanonicalPair):
278             - For a UCS2 character with a single equivalent value, look it up.
279         (JSC::Yarr::isCanonicallyUnique):
280             - Returns true if no other UCS2 code points are canonically equal.
281         (JSC::Yarr::areCanonicallyEquivalent):
282             - Compare two values, under canonicalization rules.
283         * yarr/YarrCanonicalizeUCS2.js: Added.
284             - script used to generate YarrCanonicalizeUCS2.cpp.
285         * yarr/YarrInterpreter.cpp:
286         (JSC::Yarr::Interpreter::tryConsumeBackReference):
287             - Use isCanonicallyUnique, rather than Unicode toUpper/toLower.
288         * yarr/YarrJIT.cpp:
289         (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
290         (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
291         (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
292             - Use isCanonicallyUnique, rather than Unicode toUpper/toLower.
293         * yarr/YarrPattern.cpp:
294         (JSC::Yarr::CharacterClassConstructor::putChar):
295             - Updated to determine canonical equivalents correctly.
296         (JSC::Yarr::CharacterClassConstructor::putUnicodeIgnoreCase):
297             - Added, used to put a non-ascii, non-unique character in a case-insensitive match.
298         (JSC::Yarr::CharacterClassConstructor::putRange):
299             - Updated to determine canonical equivalents correctly.
300         (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
301             - Changed to call putUnicodeIgnoreCase, instead of putChar, avoid a double lookup of rangeInfo.
302
303 2012-03-26  Kevin Ollivier  <kevino@theolliviers.com>
304
305         [wx] Unreviewed build fix. Add the build outputs dir to the list of build dirs,
306         so we make sure it finds the API headers on all platforms.
307
308         * wscript:
309
310 2012-03-26  Patrick Gansterer  <paroga@webkit.org>
311
312         Build fix for WinCE after r112039.
313
314         * interpreter/Register.h:
315         (Register): Removed inline keyword from decleration since
316                     there is an ALWAYS_INLINE at the definition anyway.
317
318 2012-03-26  Carlos Garcia Campos  <cgarcia@igalia.com>
319
320         Unreviewed. Fix make distcheck.
321
322         * GNUmakefile.list.am: Add missing files.
323
324 2012-03-25  Kevin Ollivier  <kevino@theolliviers.com>
325
326         [wx] Unreviewed build fix. Move WTF to its own static lib build.
327
328         * wscript:
329
330 2012-03-25  Filip Pizlo  <fpizlo@apple.com>
331
332         DFG int-to-double conversion should be revealed to CSE
333         https://bugs.webkit.org/show_bug.cgi?id=82135
334
335         Reviewed by Oliver Hunt.
336         
337         This introduces the notion of an Int32ToDouble node, which is injected
338         into the graph anytime we know that we have a double use of a node that
339         was predicted integer. The Int32ToDouble simplifies double speculation
340         on integers by skipping the path that would unbox doubles, if we know
341         that the value is already proven to be an integer. It allows integer to
342         double conversions to be subjected to common subexpression elimination
343         (CSE) by allowing the CSE phase to see where these conversions are
344         occurring. Finally, it allows us to see when a constant is being used
345         as both a double and an integer. This is a bit odd, since it means that
346         sometimes a double use of a constant will not refer directly to the
347         constant. This should not cause problems, for now, but it may require
348         some canonizalization in the future if we want to support strength
349         reductions of double operations based on constants.
350         
351         To allow injection of nodes into the graph, this change introduces the
352         DFG::InsertionSet, which is a way of lazily inserting elements into a
353         list. This allows the FixupPhase to remain O(N) despite performing
354         multiple injections in a single basic block. Without the InsertionSet,
355         each injection would require performing an insertion into a vector,
356         which is O(N), leading to O(N^2) performance overall. With the
357         InsertionSet, each injection simply records what insertion would have
358         been performed, and all insertions are performed at once (via
359         InsertionSet::execute) after processing of a basic block is completed.
360
361         * JavaScriptCore.xcodeproj/project.pbxproj:
362         * bytecode/PredictedType.h:
363         (JSC::isActionableIntMutableArrayPrediction):
364         (JSC):
365         (JSC::isActionableFloatMutableArrayPrediction):
366         (JSC::isActionableTypedMutableArrayPrediction):
367         (JSC::isActionableMutableArrayPrediction):
368         * dfg/DFGAbstractState.cpp:
369         (JSC::DFG::AbstractState::execute):
370         * dfg/DFGCSEPhase.cpp:
371         (JSC::DFG::CSEPhase::performNodeCSE):
372         * dfg/DFGCommon.h:
373         (JSC::DFG::useKindToString):
374         (DFG):
375         * dfg/DFGFixupPhase.cpp:
376         (JSC::DFG::FixupPhase::run):
377         (JSC::DFG::FixupPhase::fixupBlock):
378         (FixupPhase):
379         (JSC::DFG::FixupPhase::fixupNode):
380         (JSC::DFG::FixupPhase::fixDoubleEdge):
381         * dfg/DFGGraph.cpp:
382         (JSC::DFG::Graph::dump):
383         * dfg/DFGInsertionSet.h: Added.
384         (DFG):
385         (Insertion):
386         (JSC::DFG::Insertion::Insertion):
387         (JSC::DFG::Insertion::index):
388         (JSC::DFG::Insertion::element):
389         (InsertionSet):
390         (JSC::DFG::InsertionSet::InsertionSet):
391         (JSC::DFG::InsertionSet::append):
392         (JSC::DFG::InsertionSet::execute):
393         * dfg/DFGNodeType.h:
394         (DFG):
395         * dfg/DFGPredictionPropagationPhase.cpp:
396         (JSC::DFG::PredictionPropagationPhase::propagate):
397         * dfg/DFGSpeculativeJIT.cpp:
398         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
399         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
400         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
401         (DFG):
402         * dfg/DFGSpeculativeJIT.h:
403         (SpeculativeJIT):
404         (JSC::DFG::IntegerOperand::IntegerOperand):
405         (JSC::DFG::DoubleOperand::DoubleOperand):
406         (JSC::DFG::JSValueOperand::JSValueOperand):
407         (JSC::DFG::StorageOperand::StorageOperand):
408         (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
409         (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
410         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
411         (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
412         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
413         * dfg/DFGSpeculativeJIT32_64.cpp:
414         (JSC::DFG::SpeculativeJIT::compile):
415         * dfg/DFGSpeculativeJIT64.cpp:
416         (JSC::DFG::SpeculativeJIT::compile):
417
418 2012-03-25  Filip Pizlo  <fpizlo@apple.com>
419
420         DFGOperands should be moved out of the DFG and into bytecode
421         https://bugs.webkit.org/show_bug.cgi?id=82151
422
423         Reviewed by Dan Bernstein.
424
425         * GNUmakefile.list.am:
426         * JavaScriptCore.xcodeproj/project.pbxproj:
427         * bytecode/Operands.h: Copied from Source/JavaScriptCore/dfg/DFGOperands.h.
428         * dfg/DFGBasicBlock.h:
429         * dfg/DFGNode.h:
430         * dfg/DFGOSREntry.h:
431         * dfg/DFGOSRExit.h:
432         * dfg/DFGOperands.h: Removed.
433         * dfg/DFGVariableAccessData.h:
434
435 2012-03-24  Filip Pizlo  <fpizlo@apple.com>
436
437         DFG 64-bit Branch implementation should not be creating a JSValueOperand that
438         it isn't going to use
439         https://bugs.webkit.org/show_bug.cgi?id=82136
440
441         Reviewed by Geoff Garen.
442
443         * dfg/DFGSpeculativeJIT64.cpp:
444         (JSC::DFG::SpeculativeJIT::emitBranch):
445
446 2012-03-24  Kevin Ollivier  <kevino@theolliviers.com>
447
448         [wx] Unreviewed. Fix the build after WTF move.
449
450         * wscript:
451
452 2012-03-23  Filip Pizlo  <fpizlo@apple.com>
453
454         DFG double voting may be overzealous in the case of variables that end up
455         being used as integers
456         https://bugs.webkit.org/show_bug.cgi?id=82008
457
458         Reviewed by Oliver Hunt.
459         
460         Cleaned up propagation, making the intent more explicit in most places.
461         Back-propagate NodeUsedAsInt for cases where a node was used in a context
462         that is known to strongly prefer integers.
463
464         * dfg/DFGByteCodeParser.cpp:
465         (JSC::DFG::ByteCodeParser::handleCall):
466         (JSC::DFG::ByteCodeParser::parseBlock):
467         * dfg/DFGGraph.cpp:
468         (JSC::DFG::Graph::dumpCodeOrigin):
469         (JSC::DFG::Graph::dump):
470         * dfg/DFGGraph.h:
471         (Graph):
472         * dfg/DFGNodeFlags.cpp:
473         (JSC::DFG::nodeFlagsAsString):
474         * dfg/DFGNodeFlags.h:
475         (DFG):
476         * dfg/DFGPredictionPropagationPhase.cpp:
477         (JSC::DFG::PredictionPropagationPhase::run):
478         (JSC::DFG::PredictionPropagationPhase::propagate):
479         (PredictionPropagationPhase):
480         (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags):
481         (JSC::DFG::PredictionPropagationPhase::vote):
482         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
483         (JSC::DFG::PredictionPropagationPhase::fixupNode):
484         * dfg/DFGVariableAccessData.h:
485         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
486
487 2012-03-24  Filip Pizlo  <fpizlo@apple.com>
488
489         DFG::Node::shouldNotSpeculateInteger() should be eliminated
490         https://bugs.webkit.org/show_bug.cgi?id=82123
491
492         Reviewed by Geoff Garen.
493
494         * dfg/DFGAbstractState.cpp:
495         (JSC::DFG::AbstractState::execute):
496         * dfg/DFGNode.h:
497         (Node):
498         * dfg/DFGSpeculativeJIT.cpp:
499         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
500         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
501
502 2012-03-24  Yong Li  <yoli@rim.com>
503
504         Increase getByIdSlowCase ConstantSpace/InstructionSpace for CPU(ARM_TRADITIONAL)
505         https://bugs.webkit.org/show_bug.cgi?id=81521
506
507         Increase sequenceGetByIdSlowCaseConstantSpace and sequenceGetByIdSlowCaseInstructionSpace
508         for CPU(ARM_TRADITIONAL) to fit actual need.
509
510         Reviewed by Oliver Hunt.
511
512         * jit/JIT.h:
513         (JIT):
514
515 2012-03-23  Filip Pizlo  <fpizlo@apple.com>
516
517         DFG Fixup should be able to short-circuit trivial ValueToInt32's
518         https://bugs.webkit.org/show_bug.cgi?id=82030
519
520         Reviewed by Michael Saboff.
521         
522         Takes the fixup() method of the prediction propagation phase and makes it
523         into its own phase. Adds the ability to short-circuit trivial ValueToInt32
524         nodes, and mark pure ValueToInt32's as such.
525
526         * CMakeLists.txt:
527         * GNUmakefile.list.am:
528         * JavaScriptCore.xcodeproj/project.pbxproj:
529         * Target.pri:
530         * dfg/DFGByteCodeParser.cpp:
531         (JSC::DFG::ByteCodeParser::makeSafe):
532         (JSC::DFG::ByteCodeParser::handleCall):
533         (JSC::DFG::ByteCodeParser::parseBlock):
534         * dfg/DFGCommon.h:
535         * dfg/DFGDriver.cpp:
536         (JSC::DFG::compile):
537         * dfg/DFGFixupPhase.cpp: Added.
538         (DFG):
539         (FixupPhase):
540         (JSC::DFG::FixupPhase::FixupPhase):
541         (JSC::DFG::FixupPhase::run):
542         (JSC::DFG::FixupPhase::fixupNode):
543         (JSC::DFG::FixupPhase::fixIntEdge):
544         (JSC::DFG::performFixup):
545         * dfg/DFGFixupPhase.h: Added.
546         (DFG):
547         * dfg/DFGPredictionPropagationPhase.cpp:
548         (JSC::DFG::PredictionPropagationPhase::run):
549         (PredictionPropagationPhase):
550
551 2012-03-23  Mark Hahnenberg  <mhahnenberg@apple.com>
552
553         tryReallocate could break the zero-ed memory invariant of CopiedBlocks
554         https://bugs.webkit.org/show_bug.cgi?id=82087
555
556         Reviewed by Filip Pizlo.
557
558         Removing this optimization turned out to be ~1% regression on kraken, so I simply 
559         undid the modification to the current block if we fail.
560
561         * heap/CopiedSpace.cpp:
562         (JSC::CopiedSpace::tryReallocate): Undid the reset in the CopiedAllocator if we fail 
563         to reallocate from the current block.
564
565 2012-03-23  Alexey Proskuryakov  <ap@apple.com>
566
567         [Mac] No need for platform-specific ENABLE_BLOB values
568         https://bugs.webkit.org/show_bug.cgi?id=82102
569
570         Reviewed by David Kilzer.
571
572         * Configurations/FeatureDefines.xcconfig:
573
574 2012-03-23  Michael Saboff  <msaboff@apple.com>
575
576         DFG::compileValueToInt32 Sometime Generates GPR to FPR reg back to GPR
577         https://bugs.webkit.org/show_bug.cgi?id=81805
578
579         Reviewed by Filip Pizlo.
580
581         Added SpeculativeJIT::checkGeneratedType() to determine the current format
582         of an operand.  Used that information in SpeculativeJIT::compileValueToInt32
583         to generate code that will use integer and JSValue types in integer
584         format directly without a conversion to double.
585
586         * JavaScriptCore.xcodeproj/project.pbxproj:
587         * dfg/DFGSpeculativeJIT.cpp:
588         (JSC::DFG::SpeculativeJIT::checkGeneratedType):
589         (DFG):
590         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
591         * dfg/DFGSpeculativeJIT.h:
592         (DFG):
593         (SpeculativeJIT):
594
595 2012-03-23  Steve Falkenburg  <sfalken@apple.com>
596
597         Update Apple Windows build files for WTF move
598         https://bugs.webkit.org/show_bug.cgi?id=82069
599
600         Reviewed by Jessie Berlin.
601
602         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed WTF and WTFGenerated.
603
604 2012-03-23  Dean Jackson  <dino@apple.com>
605
606         Disable CSS_SHADERS in Apple builds
607         https://bugs.webkit.org/show_bug.cgi?id=81996
608
609         Reviewed by Simon Fraser.
610
611         Remove ENABLE_CSS_SHADERS from FeatureDefines. It's now in Platform.h.
612
613         * Configurations/FeatureDefines.xcconfig:
614
615 2012-03-23  Gavin Barraclough  <barraclough@apple.com>
616
617         RexExp constructor last match properties should not rely on previous ovector
618         https://bugs.webkit.org/show_bug.cgi?id=82077
619
620         Reviewed by Oliver Hunt.
621
622         This change simplifies matching, and will enable subpattern results to be fully lazily generated in the future.
623
624         This patch changes the scheme used to lazily generate the last match properties of the RegExp object.
625         Instead of relying on the results in the ovector, we can instead lazily generate the subpatters using
626         a RegExpMatchesArray. To do so we just need to store the input, the regexp matched, and the match
627         location (the MatchResult). When the match is accessed or the input is set, we reify results. We use
628         a special value of setting the saved result to MatchResult::failed() to indicated that we're in a
629         reified state. This means that next time a match is performed, the store of the result will
630         automatically blow away the reified value.
631
632         * JavaScriptCore.xcodeproj/project.pbxproj:
633             - Added new files.
634         * runtime/RegExp.cpp:
635         (JSC::RegExpFunctionalTestCollector::outputOneTest):
636             - changed 'subPattern' -> 'subpattern' (there was a mix in JSC, 'subpattern' was more common).
637         * runtime/RegExpCachedResult.cpp: Added.
638         (JSC::RegExpCachedResult::visitChildren):
639         (JSC::RegExpCachedResult::lastResult):
640         (JSC::RegExpCachedResult::setInput):
641             - New methods, mark GC objects, lazily create the matches array, and record a user provided input (via assignment to RegExp.inupt).
642         * runtime/RegExpCachedResult.h: Added.
643         (RegExpCachedResult):
644             - Added new class.
645         (JSC::RegExpCachedResult::RegExpCachedResult):
646         (JSC::RegExpCachedResult::record):
647         (JSC::RegExpCachedResult::input):
648             - Initialize the object, record the result of a RegExp match, access the stored input property.
649         * runtime/RegExpConstructor.cpp:
650         (JSC::RegExpConstructor::RegExpConstructor):
651             - Initialize m_result/m_multiline properties.
652         (JSC::RegExpConstructor::visitChildren):
653             - Make sure the cached results (or lazy source for them) are marked.
654         (JSC::RegExpConstructor::getBackref):
655         (JSC::RegExpConstructor::getLastParen):
656         (JSC::RegExpConstructor::getLeftContext):
657         (JSC::RegExpConstructor::getRightContext):
658             - Moved from RegExpConstructor, moved to RegExpCachedResult, and using new caching scheme.
659         (JSC::regExpConstructorInput):
660         (JSC::setRegExpConstructorInput):
661             - Changed to use RegExpCachedResult.
662         * runtime/RegExpConstructor.h:
663         (JSC::RegExpConstructor::create):
664         (RegExpConstructor):
665         (JSC::RegExpConstructor::setMultiline):
666         (JSC::RegExpConstructor::multiline):
667             - Move multiline property onto the constructor object; it is not affected by the last match.
668         (JSC::RegExpConstructor::setInput):
669         (JSC::RegExpConstructor::input):
670             - These defer to RegExpCachedResult.
671         (JSC::RegExpConstructor::performMatch):
672         * runtime/RegExpMatchesArray.cpp: Added.
673         (JSC::RegExpMatchesArray::visitChildren):
674             - Eeeep! added missing visitChildren!
675         (JSC::RegExpMatchesArray::finishCreation):
676         (JSC::RegExpMatchesArray::reifyAllProperties):
677         (JSC::RegExpMatchesArray::reifyMatchProperty):
678             - Moved from RegExpConstructor.cpp.
679         (JSC::RegExpMatchesArray::leftContext):
680         (JSC::RegExpMatchesArray::rightContext):
681             - Since the match start/
682         * runtime/RegExpMatchesArray.h:
683         (RegExpMatchesArray):
684             - Declare new methods & structure flags.
685         * runtime/RegExpObject.cpp:
686         (JSC::RegExpObject::match):
687             - performMatch now requires the JSString input, to cache.
688         * runtime/StringPrototype.cpp:
689         (JSC::removeUsingRegExpSearch):
690         (JSC::replaceUsingRegExpSearch):
691         (JSC::stringProtoFuncMatch):
692         (JSC::stringProtoFuncSearch):
693             - performMatch now requires the JSString input, to cache.
694
695 2012-03-23  Tony Chang  <tony@chromium.org>
696
697         [chromium] rename newwtf target back to wtf
698         https://bugs.webkit.org/show_bug.cgi?id=82064
699
700         Reviewed by Adam Barth.
701
702         * JavaScriptCore.gyp/JavaScriptCore.gyp:
703
704 2012-03-23  Mark Hahnenberg  <mhahnenberg@apple.com>
705
706         Simplify memory usage tracking in CopiedSpace
707         https://bugs.webkit.org/show_bug.cgi?id=80705
708
709         Reviewed by Filip Pizlo.
710
711         * heap/CopiedAllocator.h:
712         (CopiedAllocator): Rename currentUtilization to currentSize.
713         (JSC::CopiedAllocator::currentCapacity):
714         * heap/CopiedBlock.h:
715         (CopiedBlock):
716         (JSC::CopiedBlock::payload): Move the implementation of payload() out of the class
717         declaration.
718         (JSC):
719         (JSC::CopiedBlock::size): Add new function to calculate the block's size.
720         (JSC::CopiedBlock::capacity): Ditto for capacity.
721         * heap/CopiedSpace.cpp:
722         (JSC::CopiedSpace::CopiedSpace): Remove old bogus memory stats fields and add a new
723         field for the water mark.
724         (JSC::CopiedSpace::init):
725         (JSC::CopiedSpace::tryAllocateSlowCase): When we fail to allocate from the current 
726         block, we need to update our current water mark with the size of the block.
727         (JSC::CopiedSpace::tryAllocateOversize): When we allocate a new oversize block, we 
728         need to update our current water mark with the size of the used portion of the block.
729         (JSC::CopiedSpace::tryReallocate): We don't need to update the water mark when 
730         reallocating because it will either get accounted for when we fill up the block later 
731         in the case of being able to reallocate in the current block or it will get picked up 
732         immediately because we'll have to get a new block.
733         (JSC::CopiedSpace::tryReallocateOversize): We do, however, need to update in when 
734         realloc-ing an oversize block because we deallocate the old block and allocate a brand 
735         new one.
736         (JSC::CopiedSpace::doneFillingBlock): Update the water mark as blocks are returned to 
737         the CopiedSpace by the SlotVisitors.
738         (JSC::CopiedSpace::doneCopying): Add in any pinned blocks to the water mark.
739         (JSC::CopiedSpace::getFreshBlock): We use the Heap's new function to tell us whether or 
740         not we should collect now instead of doing the calculation ourself.
741         (JSC::CopiedSpace::destroy):
742         (JSC):
743         (JSC::CopiedSpace::size): Manually calculate the size of the CopiedSpace, similar to how 
744         MarkedSpace does.
745         (JSC::CopiedSpace::capacity): Ditto for capacity.
746         * heap/CopiedSpace.h:
747         (JSC::CopiedSpace::waterMark):
748         (CopiedSpace):
749         * heap/CopiedSpaceInlineMethods.h:
750         (JSC::CopiedSpace::startedCopying): Reset water mark to 0 when we start copying during a 
751         collection.
752         (JSC::CopiedSpace::allocateNewBlock):
753         (JSC::CopiedSpace::fitsInBlock):
754         (JSC::CopiedSpace::allocateFromBlock):
755         * heap/Heap.cpp:
756         (JSC::Heap::size): Incorporate size of CopiedSpace into the total size of the Heap.
757         (JSC::Heap::capacity): Ditto for capacity.
758         (JSC::Heap::collect):
759         * heap/Heap.h:
760         (Heap):
761         (JSC::Heap::shouldCollect): New function for other sub-parts of the Heap to use to 
762         determine whether they should initiate a collection or continue to allocate new blocks.
763         (JSC):
764         (JSC::Heap::waterMark): Now is the sum of the water marks of the two sub-parts of the
765         Heap (MarkedSpace and CopiedSpace).
766         * heap/MarkedAllocator.cpp:
767         (JSC::MarkedAllocator::allocateSlowCase): Changed to use the Heap's new shouldCollect() function.
768
769 2012-03-23  Ryosuke Niwa  <rniwa@webkit.org>
770
771         BitVector::resizeOutOfLine doesn't memset when converting an inline buffer
772         https://bugs.webkit.org/show_bug.cgi?id=82012
773
774         Reviewed by Filip Pizlo.
775
776         Initialize out-of-line buffers while extending an inline buffer. Also export symbols to be used in WebCore.
777
778         * wtf/BitVector.cpp:
779         (WTF::BitVector::resizeOutOfLine):
780         * wtf/BitVector.h:
781         (BitVector):
782         (OutOfLineBits):
783
784 2012-03-22  Michael Saboff  <msaboff@apple.com>
785
786         ExecutableAllocator::memoryPressureMultiplier() might can return NaN
787         https://bugs.webkit.org/show_bug.cgi?id=82002
788
789         Reviewed by Filip Pizlo.
790
791         Guard against divide by zero and then make sure the return
792         value is >= 1.0.
793
794         * jit/ExecutableAllocator.cpp:
795         (JSC::ExecutableAllocator::memoryPressureMultiplier):
796         * jit/ExecutableAllocatorFixedVMPool.cpp:
797         (JSC::ExecutableAllocator::memoryPressureMultiplier):
798
799 2012-03-22  Jessie Berlin  <jberlin@apple.com>
800
801         Windows build fix after r111778.
802
803         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
804         Don't include and try to build files owned by WTF.
805         Also, let VS have its way with the vcproj in terms of file ordering.
806
807 2012-03-22  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
808
809         [CMake] Unreviewed build fix after r111778.
810
811         * CMakeLists.txt: Move ${WTF_DIR} after ${JAVASCRIPTCORE_DIR} in
812         the include paths so that the right config.h is used.
813
814 2012-03-22  Tony Chang  <tony@chromium.org>
815
816         Unreviewed, fix chromium build after wtf move.
817
818         Remove old wtf_config and wtf targets.
819
820         * JavaScriptCore.gyp/JavaScriptCore.gyp:
821
822 2012-03-22  Martin Robinson  <mrobinson@igalia.com>
823
824         Fixed the GTK+ WTF/JavaScriptCore build after r111778.
825
826         * GNUmakefile.list.am: Removed an extra trailing backslash.
827
828 2012-03-22  Mark Rowe  <mrowe@apple.com>
829
830         Fix the build.
831
832         * Configurations/JavaScriptCore.xcconfig: Tell the linker to pull in all members from static libraries
833         rather than only those that contain symbols that JavaScriptCore itself uses.
834         * JavaScriptCore.xcodeproj/project.pbxproj: Remove some bogus settings that crept in to the Xcode project.
835
836 2012-03-22  Filip Pizlo  <fpizlo@apple.com>
837
838         DFG NodeFlags has some duplicate code and naming issues
839         https://bugs.webkit.org/show_bug.cgi?id=81975
840
841         Reviewed by Gavin Barraclough.
842         
843         Removed most references to "ArithNodeFlags" since those are now just part
844         of the node flags. Fixed some renaming goofs (EdgedAsNum is once again
845         NodeUsedAsNum). Got rid of setArithNodeFlags() and mergeArithNodeFlags()
846         because the former was never called and the latter did the same things as
847         mergeFlags().
848
849         * dfg/DFGByteCodeParser.cpp:
850         (JSC::DFG::ByteCodeParser::makeSafe):
851         (JSC::DFG::ByteCodeParser::makeDivSafe):
852         (JSC::DFG::ByteCodeParser::handleIntrinsic):
853         * dfg/DFGGraph.cpp:
854         (JSC::DFG::Graph::dump):
855         * dfg/DFGNode.h:
856         (JSC::DFG::Node::arithNodeFlags):
857         (Node):
858         * dfg/DFGNodeFlags.cpp:
859         (JSC::DFG::nodeFlagsAsString):
860         * dfg/DFGNodeFlags.h:
861         (DFG):
862         (JSC::DFG::nodeUsedAsNumber):
863         * dfg/DFGPredictionPropagationPhase.cpp:
864         (JSC::DFG::PredictionPropagationPhase::propagate):
865         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
866
867 2012-03-22  Eric Seidel  <eric@webkit.org>
868
869         Actually move WTF files to their new home
870         https://bugs.webkit.org/show_bug.cgi?id=81844
871
872         Unreviewed.  The details of the port-specific changes
873         have been seen by contributors from those ports, but
874         the whole 5MB change isn't very reviewable as-is.
875
876         * GNUmakefile.am:
877         * GNUmakefile.list.am:
878         * JSCTypedArrayStubs.h:
879         * JavaScriptCore.gypi:
880         * JavaScriptCore.xcodeproj/project.pbxproj:
881         * jsc.cpp:
882
883 2012-03-22  Kevin Ollivier  <kevino@theolliviers.com>
884
885         [wx] Unreviewed. Adding Source/WTF to the build.
886
887         * wscript:
888
889 2012-03-22  Gavin Barraclough  <barraclough@apple.com>
890
891         Add JSValue::isFunction
892         https://bugs.webkit.org/show_bug.cgi?id=81935
893
894         Reviewed by Geoff Garen.
895
896         This would be useful in the WebCore bindings code.
897         Also, remove asFunction, replace with jsCast<JSFunction*>.
898
899         * API/JSContextRef.cpp:
900         * debugger/Debugger.cpp:
901         * debugger/DebuggerCallFrame.cpp:
902         (JSC::DebuggerCallFrame::functionName):
903         * dfg/DFGGraph.h:
904         (JSC::DFG::Graph::valueOfFunctionConstant):
905         * dfg/DFGOperations.cpp:
906         * interpreter/CallFrame.cpp:
907         (JSC::CallFrame::isInlineCallFrameSlow):
908         * interpreter/Interpreter.cpp:
909         (JSC::Interpreter::privateExecute):
910         * jit/JITStubs.cpp:
911         (JSC::DEFINE_STUB_FUNCTION):
912         (JSC::jitCompileFor):
913         (JSC::lazyLinkFor):
914         * llint/LLIntSlowPaths.cpp:
915         (JSC::LLInt::traceFunctionPrologue):
916         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
917         (JSC::LLInt::setUpCall):
918         * runtime/Arguments.h:
919         (JSC::Arguments::finishCreation):
920         * runtime/ArrayPrototype.cpp:
921         (JSC::arrayProtoFuncFilter):
922         (JSC::arrayProtoFuncMap):
923         (JSC::arrayProtoFuncEvery):
924         (JSC::arrayProtoFuncForEach):
925         (JSC::arrayProtoFuncSome):
926         (JSC::arrayProtoFuncReduce):
927         (JSC::arrayProtoFuncReduceRight):
928         * runtime/CommonSlowPaths.h:
929         (JSC::CommonSlowPaths::arityCheckFor):
930         * runtime/Executable.h:
931         (JSC::FunctionExecutable::compileFor):
932         (JSC::FunctionExecutable::compileOptimizedFor):
933         * runtime/FunctionPrototype.cpp:
934         (JSC::functionProtoFuncToString):
935         * runtime/JSArray.cpp:
936         (JSC::JSArray::sort):
937         * runtime/JSFunction.cpp:
938         (JSC::JSFunction::argumentsGetter):
939         (JSC::JSFunction::callerGetter):
940         (JSC::JSFunction::lengthGetter):
941         * runtime/JSFunction.h:
942         (JSC):
943         (JSC::asJSFunction):
944         (JSC::JSValue::isFunction):
945         * runtime/JSGlobalData.cpp:
946         (WTF::Recompiler::operator()):
947         (JSC::JSGlobalData::releaseExecutableMemory):
948         * runtime/JSValue.h:
949         * runtime/StringPrototype.cpp:
950         (JSC::replaceUsingRegExpSearch):
951
952 2012-03-21  Filip Pizlo  <fpizlo@apple.com>
953
954         DFG speculation on booleans should be rationalized
955         https://bugs.webkit.org/show_bug.cgi?id=81840
956
957         Reviewed by Gavin Barraclough.
958         
959         This removes isKnownBoolean() and replaces it with AbstractState-based
960         optimization, and cleans up the control flow in code gen methods for
961         Branch and LogicalNot. Also fixes a goof in Node::shouldSpeculateNumber,
962         and removes isKnownNotBoolean() since that method appeared to be a
963         helper used solely by 32_64's speculateBooleanOperation().
964         
965         This is performance-neutral.
966
967         * dfg/DFGAbstractState.cpp:
968         (JSC::DFG::AbstractState::execute):
969         * dfg/DFGNode.h:
970         (JSC::DFG::Node::shouldSpeculateNumber):
971         * dfg/DFGSpeculativeJIT.cpp:
972         (DFG):
973         * dfg/DFGSpeculativeJIT.h:
974         (SpeculativeJIT):
975         * dfg/DFGSpeculativeJIT32_64.cpp:
976         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
977         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
978         (JSC::DFG::SpeculativeJIT::emitBranch):
979         (JSC::DFG::SpeculativeJIT::compile):
980         * dfg/DFGSpeculativeJIT64.cpp:
981         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
982         (JSC::DFG::SpeculativeJIT::emitBranch):
983         (JSC::DFG::SpeculativeJIT::compile):
984
985 2012-03-21  Mark Rowe  <mrowe@apple.com>
986
987         Fix the build.
988
989         * wtf/MetaAllocator.h:
990         (MetaAllocator): Export the destructor.
991
992 2012-03-21  Eric Seidel  <eric@webkit.org>
993
994         Fix remaining WTF includes in JavaScriptCore in preparation for moving WTF headers out of JavaScriptCore
995         https://bugs.webkit.org/show_bug.cgi?id=81834
996
997         Reviewed by Adam Barth.
998
999         * jsc.cpp:
1000         * os-win32/WinMain.cpp:
1001         * runtime/JSDateMath.cpp:
1002         * runtime/TimeoutChecker.cpp:
1003         * testRegExp.cpp:
1004         * tools/CodeProfiling.cpp:
1005
1006 2012-03-21  Eric Seidel  <eric@webkit.org>
1007
1008         WTF::MetaAllocator has a weak vtable (discovered when building wtf as a static library)
1009         https://bugs.webkit.org/show_bug.cgi?id=81838
1010
1011         Reviewed by Geoffrey Garen.
1012
1013         My understanding is that weak vtables happen when the compiler/linker cannot
1014         determine which compilation unit should constain the vtable.  In this case
1015         because there were only pure virtual functions as well as an "inline"
1016         virtual destructor (thus the virtual destructor was defined in many compilation
1017         units).  Since you can't actually "inline" a virtual function (it still has to
1018         bounce through the vtable), the "inline" on this virutal destructor doesn't
1019         actually help performance, and is only serving to confuse the compiler here.
1020         I've moved the destructor implementation to the .cpp file, thus making
1021         it clear to the compiler where the vtable should be stored, and solving the error.
1022
1023         * wtf/MetaAllocator.cpp:
1024         (WTF::MetaAllocator::~MetaAllocator):
1025         (WTF):
1026         * wtf/MetaAllocator.h:
1027
1028 2012-03-20  Gavin Barraclough  <barraclough@apple.com>
1029
1030         RegExpMatchesArray should not copy the ovector
1031         https://bugs.webkit.org/show_bug.cgi?id=81742
1032
1033         Reviewed by Michael Saboff.
1034
1035         Currently, all RegExpMatchesArray object contain Vector<int, 32>, used to hold any sub-pattern results.
1036         This makes allocation/construction/destruction of these objects more expensive. Instead, just store the
1037         main match, and recreate the sub-pattern ranges only if necessary (these are often only used for grouping,
1038         and the results never accessed).
1039         If the main match (index 0) of the RegExpMatchesArray is accessed, reify that value alone.
1040
1041         * dfg/DFGOperations.cpp:
1042             - RegExpObject match renamed back to test (test returns a bool).
1043         * runtime/RegExpConstructor.cpp:
1044         (JSC):
1045             - Removed RegExpResult, RegExpMatchesArray constructor, destroy method.
1046         (JSC::RegExpMatchesArray::finishCreation):
1047             - Removed RegExpConstructorPrivate parameter.
1048         (JSC::RegExpMatchesArray::reifyAllProperties):
1049             - (Was fillArrayInstance) Reify all properties of the RegExpMatchesArray.
1050             If there are sub-pattern properties, the RegExp is re-run to generate their values.
1051         (JSC::RegExpMatchesArray::reifyMatchProperty):
1052             - Reify just the match (index 0) property of the RegExpMatchesArray.
1053         * runtime/RegExpConstructor.h:
1054         (RegExpConstructor):
1055         (JSC::RegExpConstructor::performMatch):
1056             - performMatch now returns a MatchResult, rather than using out-parameters.
1057         * runtime/RegExpMatchesArray.h:
1058         (JSC::RegExpMatchesArray::RegExpMatchesArray):
1059             - Moved from .cpp, stores the input/regExp/result to use when lazily reifying properties.
1060         (RegExpMatchesArray):
1061         (JSC::RegExpMatchesArray::create):
1062             - Now passed the input string matched against, the RegExp, and the MatchResult.
1063         (JSC::RegExpMatchesArray::reifyAllPropertiesIfNecessary):
1064         (JSC::RegExpMatchesArray::reifyMatchPropertyIfNecessary):
1065             - Helpers to conditionally reify properties.
1066         (JSC::RegExpMatchesArray::getOwnPropertySlot):
1067         (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
1068         (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
1069         (JSC::RegExpMatchesArray::put):
1070         (JSC::RegExpMatchesArray::putByIndex):
1071         (JSC::RegExpMatchesArray::deleteProperty):
1072         (JSC::RegExpMatchesArray::deletePropertyByIndex):
1073         (JSC::RegExpMatchesArray::getOwnPropertyNames):
1074         (JSC::RegExpMatchesArray::defineOwnProperty):
1075             - Changed to use reifyAllPropertiesIfNecessary/reifyMatchPropertyIfNecessary
1076             (getOwnPropertySlotByIndex calls reifyMatchPropertyIfNecessary if index is 0).
1077         * runtime/RegExpObject.cpp:
1078         (JSC::RegExpObject::exec):
1079         (JSC::RegExpObject::match):
1080             - match now returns a MatchResult.
1081         * runtime/RegExpObject.h:
1082         (JSC::MatchResult::MatchResult):
1083             - Added the result of a match is a start & end tuple.
1084         (JSC::MatchResult::failed):
1085             - A failure is indicated by (notFound, 0).
1086         (JSC::MatchResult::operator bool):
1087             - Evaluates to false if the match failed.
1088         (JSC::MatchResult::empty):
1089             - Evaluates to true if the match succeeded with length 0.
1090         (JSC::RegExpObject::test):
1091             - Now returns a bool.
1092         * runtime/RegExpPrototype.cpp:
1093         (JSC::regExpProtoFuncTest):
1094             - RegExpObject match renamed back to test (test returns a bool).
1095         * runtime/StringPrototype.cpp:
1096         (JSC::removeUsingRegExpSearch):
1097         (JSC::replaceUsingRegExpSearch):
1098         (JSC::stringProtoFuncMatch):
1099         (JSC::stringProtoFuncSearch):
1100             - performMatch now returns a MatchResult, rather than using out-parameters.
1101
1102 2012-03-21  Hojong Han  <hojong.han@samsung.com>
1103
1104         Fix out of memory by allowing overcommit
1105         https://bugs.webkit.org/show_bug.cgi?id=81743
1106
1107         Reviewed by Geoffrey Garen.
1108
1109         Garbage collection is not triggered and new blocks are added
1110         because overcommit is allowed by MAP_NORESERVE flag when high water mark is big enough.
1111
1112         * wtf/OSAllocatorPosix.cpp:
1113         (WTF::OSAllocator::reserveAndCommit):
1114
1115 2012-03-21  Jessie Berlin  <jberlin@apple.com>
1116
1117         More Windows build fixing.
1118
1119         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
1120         Fix the order of the include directories to look in include/private first before looking
1121         in include/private/JavaScriptCore.
1122         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
1123         Look in the Production output directory (where the wtf headers will be). This is the same
1124         thing that is done for jsc and testRegExp in ReleasePGO.
1125
1126 2012-03-21  Jessie Berlin  <jberlin@apple.com>
1127
1128         WTF headers should be in $(ConfigurationBuildDir)\include\private\wtf, not
1129         $(ConfigurationBuildDir)\include\private\JavaScriptCore\wtf.
1130         https://bugs.webkit.org/show_bug.cgi?id=81739
1131
1132         Reviewed by Dan Bernstein.
1133
1134         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
1135         Look for AtomicString.cpp, StringBuilder.cpp, StringImpl.cpp, and WTFString.cpp in the wtf
1136         subdirectory of the build output, not the JavaScriptCore/wtf subdirectory.
1137         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
1138         Ditto.
1139
1140         * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops:
1141         Get the headers for those 4 files from the wtf subdirectory of the build output, not the
1142         JavaScriptCore/wtf subdirectory.
1143         * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
1144         Ditto.
1145
1146 2012-03-20  Eric Seidel  <eric@webkit.org>
1147
1148         Move wtf/Platform.h from JavaScriptCore to Source/WTF/wtf
1149         https://bugs.webkit.org/show_bug.cgi?id=80911
1150
1151         Reviewed by Adam Barth.
1152
1153         Update the various build systems to depend on Source/WTF headers
1154         as well as remove references to Platform.h (since it's now moved).
1155
1156         * CMakeLists.txt:
1157         * JavaScriptCore.pri:
1158         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
1159         * JavaScriptCore.xcodeproj/project.pbxproj:
1160         * wtf/CMakeLists.txt:
1161
1162 2012-03-20  Filip Pizlo  <fpizlo@apple.com>
1163
1164         op_mod fails on many interesting corner cases
1165         https://bugs.webkit.org/show_bug.cgi?id=81648
1166
1167         Reviewed by Oliver Hunt.
1168         
1169         Removed most strength reduction for op_mod, and fixed the integer handling
1170         to do the right thing for corner cases. Oddly, this revealed bugs in OSR,
1171         which this patch also fixes.
1172         
1173         This patch is performance neutral on all of the major benchmarks we track.
1174
1175         * dfg/DFGOperations.cpp:
1176         * dfg/DFGOperations.h:
1177         * dfg/DFGSpeculativeJIT.cpp:
1178         (DFG):
1179         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
1180         (JSC::DFG::SpeculativeJIT::compileArithMod):
1181         * jit/JIT.h:
1182         (JIT):
1183         * jit/JITArithmetic.cpp:
1184         (JSC):
1185         (JSC::JIT::emit_op_mod):
1186         (JSC::JIT::emitSlow_op_mod):
1187         * jit/JITArithmetic32_64.cpp:
1188         (JSC::JIT::emit_op_mod):
1189         (JSC::JIT::emitSlow_op_mod):
1190         * jit/JITOpcodes32_64.cpp:
1191         (JSC::JIT::privateCompileCTIMachineTrampolines):
1192         (JSC):
1193         * jit/JITStubs.h:
1194         (TrampolineStructure):
1195         (JSC::JITThunks::ctiNativeConstruct):
1196         * llint/LowLevelInterpreter64.asm:
1197         * wtf/Platform.h:
1198         * wtf/SimpleStats.h:
1199         (WTF::SimpleStats::variance):
1200
1201 2012-03-20  Steve Falkenburg  <sfalken@apple.com>
1202
1203         Windows (make based) build fix.
1204         <rdar://problem/11069015>
1205
1206         * JavaScriptCore.vcproj/JavaScriptCore.make: devenv /rebuild doesn't work with JavaScriptCore.vcproj. Use /clean and /build instead.
1207
1208 2012-03-20  Steve Falkenburg  <sfalken@apple.com>
1209
1210         Move WTF-related Windows project files out of JavaScriptCore
1211         https://bugs.webkit.org/show_bug.cgi?id=80680
1212
1213         This change only moves the vcproj and related files from JavaScriptCore/JavaScriptCore.vcproj/WTF.
1214         It does not move any source code. This is in preparation for the WTF source move out of
1215         JavaScriptCore.
1216
1217         Reviewed by Jessie Berlin.
1218
1219         * JavaScriptCore.vcproj/JavaScriptCore.sln:
1220         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
1221         * JavaScriptCore.vcproj/WTF: Removed.
1222         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed.
1223         * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Removed.
1224         * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Removed.
1225         * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Removed.
1226         * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Removed.
1227         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Removed.
1228         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Removed.
1229         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Removed.
1230         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Removed.
1231         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Removed.
1232         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Removed.
1233         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Removed.
1234         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Removed.
1235         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Removed.
1236         * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd: Removed.
1237         * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd: Removed.
1238         * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Removed.
1239         * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Removed.
1240         * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Removed.
1241         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Removed.
1242         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Removed.
1243         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Removed.
1244
1245 2012-03-20  Benjamin Poulain  <bpoulain@apple.com>
1246
1247         Cache the type string of JavaScript object
1248         https://bugs.webkit.org/show_bug.cgi?id=81446
1249
1250         Reviewed by Geoffrey Garen.
1251
1252         Instead of creating the JSString every time, we create
1253         lazily the strings in JSGlobalData.
1254
1255         This avoid the construction of the StringImpl and of the JSString,
1256         which gives some performance improvements.
1257
1258         * runtime/CommonIdentifiers.h:
1259         * runtime/JSValue.cpp:
1260         (JSC::JSValue::toStringSlowCase):
1261         * runtime/Operations.cpp:
1262         (JSC::jsTypeStringForValue):
1263         * runtime/SmallStrings.cpp:
1264         (JSC::SmallStrings::SmallStrings):
1265         (JSC::SmallStrings::finalizeSmallStrings):
1266         (JSC::SmallStrings::initialize):
1267         (JSC):
1268         * runtime/SmallStrings.h:
1269         (SmallStrings):
1270
1271 2012-03-20  Oliver Hunt  <oliver@apple.com>
1272
1273         Allow LLINT to work even when executable allocation fails.
1274         https://bugs.webkit.org/show_bug.cgi?id=81693
1275
1276         Reviewed by Gavin Barraclough.
1277
1278         Don't crash if executable allocation fails if we can fall back on LLINT
1279
1280         * jit/ExecutableAllocatorFixedVMPool.cpp:
1281         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
1282         * wtf/OSAllocatorPosix.cpp:
1283         (WTF::OSAllocator::reserveAndCommit):
1284
1285 2012-03-20  Csaba Osztrogonác  <ossy@webkit.org>
1286
1287         Division optimizations fail to infer cases of truncated division and mishandle -2147483648/-1
1288         https://bugs.webkit.org/show_bug.cgi?id=81428
1289
1290         32 bit buildfix after r111355.
1291
1292         2147483648 (2^31) isn't valid int literal in ISO C90, because 2147483647 (2^31-1) is the biggest int.
1293         The smallest int is -2147483648 (-2^31) == -2147483647 - 1  == -INT32_MAX-1 == INT32_MIN (stdint.h).
1294
1295         Reviewed by Zoltan Herczeg.
1296
1297         * dfg/DFGSpeculativeJIT.cpp:
1298         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
1299
1300 2012-03-19  Jochen Eisinger  <jochen@chromium.org>
1301
1302         Split WTFReportBacktrace into WTFReportBacktrace and WTFPrintBacktrace
1303         https://bugs.webkit.org/show_bug.cgi?id=80983
1304
1305         Reviewed by Darin Adler.
1306
1307         This allows printing a backtrace acquired by an earlier WTFGetBacktrace
1308         call which is useful for local debugging.
1309
1310         * wtf/Assertions.cpp:
1311         * wtf/Assertions.h:
1312
1313 2012-03-19  Benjamin Poulain  <benjamin@webkit.org>
1314
1315         Do not copy the script source in the SourceProvider, just reference the existing string
1316         https://bugs.webkit.org/show_bug.cgi?id=81466
1317
1318         Reviewed by Geoffrey Garen.
1319
1320         * parser/SourceCode.h: Remove the unused, and incorrect, function data().
1321         * parser/SourceProvider.h: Add OVERRIDE for clarity.
1322
1323 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1324
1325         Division optimizations fail to infer cases of truncated division and
1326         mishandle -2147483648/-1
1327         https://bugs.webkit.org/show_bug.cgi?id=81428
1328         <rdar://problem/11067382>
1329
1330         Reviewed by Oliver Hunt.
1331
1332         If you're a division over integers and you're only used as an integer, then you're
1333         an integer division and remainder checks become unnecessary. If you're dividing
1334         -2147483648 by -1, don't crash.
1335
1336         * assembler/MacroAssemblerX86Common.h:
1337         (MacroAssemblerX86Common):
1338         (JSC::MacroAssemblerX86Common::add32):
1339         * dfg/DFGSpeculativeJIT.cpp:
1340         (DFG):
1341         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
1342         * dfg/DFGSpeculativeJIT.h:
1343         (SpeculativeJIT):
1344         * dfg/DFGSpeculativeJIT32_64.cpp:
1345         (JSC::DFG::SpeculativeJIT::compile):
1346         * dfg/DFGSpeculativeJIT64.cpp:
1347         (JSC::DFG::SpeculativeJIT::compile):
1348         * llint/LowLevelInterpreter64.asm:
1349
1350 2012-03-19  Benjamin Poulain  <bpoulain@apple.com>
1351
1352         Simplify SmallStrings
1353         https://bugs.webkit.org/show_bug.cgi?id=81445
1354
1355         Reviewed by Gavin Barraclough.
1356
1357         SmallStrings had two methods that should not be public: count() and clear().
1358
1359         The method clear() is effectively replaced by finalizeSmallStrings(). The body
1360         of the method was moved to the constructor since the code is obvious.
1361
1362         The method count() is unused.
1363
1364         * runtime/SmallStrings.cpp:
1365         (JSC::SmallStrings::SmallStrings):
1366         * runtime/SmallStrings.h:
1367         (SmallStrings):
1368
1369 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1370
1371         DFG can no longer compile V8-v4/regexp in debug mode
1372         https://bugs.webkit.org/show_bug.cgi?id=81592
1373
1374         Reviewed by Gavin Barraclough.
1375
1376         * dfg/DFGSpeculativeJIT32_64.cpp:
1377         (JSC::DFG::SpeculativeJIT::compile):
1378         * dfg/DFGSpeculativeJIT64.cpp:
1379         (JSC::DFG::SpeculativeJIT::compile):
1380
1381 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1382
1383         Prediction propagation for UInt32ToNumber incorrectly assumes that outs outcome does not
1384         change throughout the fixpoint
1385         https://bugs.webkit.org/show_bug.cgi?id=81583
1386
1387         Reviewed by Michael Saboff.
1388
1389         * dfg/DFGPredictionPropagationPhase.cpp:
1390         (JSC::DFG::PredictionPropagationPhase::propagate):
1391
1392 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1393
1394         GC should not attempt to clear LLInt instruction inline caches for code blocks that are in
1395         the process of being generated
1396         https://bugs.webkit.org/show_bug.cgi?id=81565
1397
1398         Reviewed by Oliver Hunt.
1399
1400         * bytecode/CodeBlock.cpp:
1401         (JSC::CodeBlock::finalizeUnconditionally):
1402
1403 2012-03-19  Eric Seidel  <eric@webkit.org>
1404
1405         Fix WTF header include discipline in Chromium WebKit
1406         https://bugs.webkit.org/show_bug.cgi?id=81281
1407
1408         Reviewed by James Robinson.
1409
1410         * JavaScriptCore.gyp/JavaScriptCore.gyp:
1411         * wtf/unicode/icu/CollatorICU.cpp:
1412
1413 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1414
1415         DFG NodeUse should be called Edge and NodeReferenceBlob should be called AdjacencyList
1416         https://bugs.webkit.org/show_bug.cgi?id=81556
1417
1418         Rubber stamped by Gavin Barraclough.
1419
1420         * GNUmakefile.list.am:
1421         * JavaScriptCore.xcodeproj/project.pbxproj:
1422         * dfg/DFGAbstractState.h:
1423         (JSC::DFG::AbstractState::forNode):
1424         * dfg/DFGAdjacencyList.h: Copied from Source/JavaScriptCore/dfg/DFGNodeReferenceBlob.h.
1425         (JSC::DFG::AdjacencyList::AdjacencyList):
1426         (JSC::DFG::AdjacencyList::child):
1427         (JSC::DFG::AdjacencyList::setChild):
1428         (JSC::DFG::AdjacencyList::child1):
1429         (JSC::DFG::AdjacencyList::child2):
1430         (JSC::DFG::AdjacencyList::child3):
1431         (JSC::DFG::AdjacencyList::setChild1):
1432         (JSC::DFG::AdjacencyList::setChild2):
1433         (JSC::DFG::AdjacencyList::setChild3):
1434         (JSC::DFG::AdjacencyList::child1Unchecked):
1435         (JSC::DFG::AdjacencyList::initialize):
1436         (AdjacencyList):
1437         * dfg/DFGByteCodeParser.cpp:
1438         (JSC::DFG::ByteCodeParser::addVarArgChild):
1439         (JSC::DFG::ByteCodeParser::processPhiStack):
1440         * dfg/DFGCSEPhase.cpp:
1441         (JSC::DFG::CSEPhase::canonicalize):
1442         (JSC::DFG::CSEPhase::performSubstitution):
1443         * dfg/DFGEdge.h: Copied from Source/JavaScriptCore/dfg/DFGNodeUse.h.
1444         (DFG):
1445         (JSC::DFG::Edge::Edge):
1446         (JSC::DFG::Edge::operator==):
1447         (JSC::DFG::Edge::operator!=):
1448         (Edge):
1449         (JSC::DFG::operator==):
1450         (JSC::DFG::operator!=):
1451         * dfg/DFGGraph.h:
1452         (JSC::DFG::Graph::operator[]):
1453         (JSC::DFG::Graph::at):
1454         (JSC::DFG::Graph::ref):
1455         (JSC::DFG::Graph::deref):
1456         (JSC::DFG::Graph::clearAndDerefChild1):
1457         (JSC::DFG::Graph::clearAndDerefChild2):
1458         (JSC::DFG::Graph::clearAndDerefChild3):
1459         (Graph):
1460         * dfg/DFGJITCompiler.h:
1461         (JSC::DFG::JITCompiler::getPrediction):
1462         * dfg/DFGNode.h:
1463         (JSC::DFG::Node::Node):
1464         (JSC::DFG::Node::child1):
1465         (JSC::DFG::Node::child1Unchecked):
1466         (JSC::DFG::Node::child2):
1467         (JSC::DFG::Node::child3):
1468         (Node):
1469         * dfg/DFGNodeFlags.cpp:
1470         (JSC::DFG::arithNodeFlagsAsString):
1471         * dfg/DFGNodeFlags.h:
1472         (DFG):
1473         (JSC::DFG::nodeUsedAsNumber):
1474         * dfg/DFGNodeReferenceBlob.h: Removed.
1475         * dfg/DFGNodeUse.h: Removed.
1476         * dfg/DFGPredictionPropagationPhase.cpp:
1477         (JSC::DFG::PredictionPropagationPhase::propagate):
1478         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
1479         (JSC::DFG::PredictionPropagationPhase::vote):
1480         (JSC::DFG::PredictionPropagationPhase::fixupNode):
1481         * dfg/DFGScoreBoard.h:
1482         (JSC::DFG::ScoreBoard::use):
1483         * dfg/DFGSpeculativeJIT.cpp:
1484         (JSC::DFG::SpeculativeJIT::useChildren):
1485         (JSC::DFG::SpeculativeJIT::writeBarrier):
1486         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
1487         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
1488         (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
1489         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
1490         * dfg/DFGSpeculativeJIT.h:
1491         (JSC::DFG::SpeculativeJIT::at):
1492         (JSC::DFG::SpeculativeJIT::canReuse):
1493         (JSC::DFG::SpeculativeJIT::use):
1494         (SpeculativeJIT):
1495         (JSC::DFG::SpeculativeJIT::speculationCheck):
1496         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
1497         (JSC::DFG::IntegerOperand::IntegerOperand):
1498         (JSC::DFG::DoubleOperand::DoubleOperand):
1499         (JSC::DFG::JSValueOperand::JSValueOperand):
1500         (JSC::DFG::StorageOperand::StorageOperand):
1501         (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
1502         (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
1503         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
1504         (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
1505         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
1506         * dfg/DFGSpeculativeJIT32_64.cpp:
1507         (JSC::DFG::SpeculativeJIT::cachedPutById):
1508         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1509         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1510         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
1511         (JSC::DFG::SpeculativeJIT::emitCall):
1512         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1513         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1514         * dfg/DFGSpeculativeJIT64.cpp:
1515         (JSC::DFG::SpeculativeJIT::cachedPutById):
1516         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1517         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1518         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
1519         (JSC::DFG::SpeculativeJIT::emitCall):
1520         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1521         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1522
1523 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1524
1525         Object.freeze broken on latest Nightly
1526         https://bugs.webkit.org/show_bug.cgi?id=80577
1527
1528         Reviewed by Oliver Hunt.
1529
1530         * runtime/Arguments.cpp:
1531         (JSC::Arguments::defineOwnProperty):
1532             - defineOwnProperty was checking for correct behaviour, provided that length/callee hadn't
1533             been overrridden. instead, just reify length/callee & rely on JSObject::defineOwnProperty.
1534         * runtime/JSFunction.cpp:
1535         (JSC::JSFunction::defineOwnProperty):
1536             - for arguments/caller/length properties, defineOwnProperty was incorrectly asserting that
1537             the object must be extensible; this is incorrect since these properties should already exist
1538             on the object. In addition, it was asserting that the arguments/caller values must match the
1539             corresponding magic data properties, but for strict mode function this is incorrect. Instead,
1540             just reify the arguments/caller accessor & defer to JSObject::defineOwnProperty.
1541
1542 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1543
1544         LLInt get_by_pname slow path incorrectly assumes that the operands are not constants
1545         https://bugs.webkit.org/show_bug.cgi?id=81559
1546
1547         Reviewed by Michael Saboff.
1548
1549         * llint/LLIntSlowPaths.cpp:
1550         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1551
1552 2012-03-19  Yong Li  <yoli@rim.com>
1553
1554         [BlackBerry] Implement OSAllocator::commit/decommit in the correct way
1555         https://bugs.webkit.org/show_bug.cgi?id=77013
1556
1557         We should use mmap(PROT_NONE, MAP_LAZY) instead of posix_madvise() to
1558         implement memory decommitting for QNX.
1559
1560         Reviewed by Rob Buis.
1561
1562         * wtf/OSAllocatorPosix.cpp:
1563         (WTF::OSAllocator::reserveUncommitted):
1564         (WTF::OSAllocator::commit):
1565         (WTF::OSAllocator::decommit):
1566
1567 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1568
1569         Unreviewed - revent a couple of files accidentally committed.
1570
1571         * runtime/Arguments.cpp:
1572         (JSC::Arguments::defineOwnProperty):
1573         * runtime/JSFunction.cpp:
1574         (JSC::JSFunction::defineOwnProperty):
1575
1576 2012-03-19  Jessie Berlin  <jberlin@apple.com>
1577
1578         Another Windows build fix after r111129.
1579
1580         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1581
1582 2012-03-19  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
1583
1584         Cross-platform processor core counter: fix build on FreeBSD.
1585         https://bugs.webkit.org/show_bug.cgi?id=81482
1586
1587         Reviewed by Zoltan Herczeg.
1588
1589         The documentation of sysctl(3) shows that <sys/types.h> should be
1590         included before <sys/sysctl.h> (sys/types.h tends to be the first
1591         included header in general).
1592
1593         This should fix the build on FreeBSD and other systems where
1594         sysctl.h really depends on types defined in types.h.
1595
1596         * wtf/NumberOfCores.cpp:
1597
1598 2012-03-19  Jessie Berlin  <jberlin@apple.com>
1599
1600         Windows build fix after r111129.
1601
1602         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1603
1604 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1605
1606         JSCallbackFunction::toStringCallback/valueOfCallback do not handle 0 return value from convertToType
1607         https://bugs.webkit.org/show_bug.cgi?id=81468 <rdar://problem/11034745>
1608
1609         Reviewed by Oliver Hunt.
1610
1611         The API specifies that convertToType may opt not to handle a conversion:
1612             "@result The objects's converted value, or NULL if the object was not converted."
1613         In which case, it would propagate first up the JSClass hierarchy, calling its superclass's
1614         conversion functions, and failing that call the JSObject::defaultValue function.
1615
1616         Unfortunately this behaviour was removed in bug#69677/bug#69858, and instead we now rely on
1617         the toStringCallback/valueOfCallback function introduced in bug#69156. Even after a fix in
1618         bug#73368, these will return the result from the first convertToType they find, regardless
1619         of whether this result is null, and if no convertToType method is found in the api class
1620         hierarchy (possible if toStringCallback/valueOfCallback was accessed off the prototype
1621         chain), they will also return a null pointer. This is unsafe.
1622
1623         It would be easy to make the approach based around toStringCallback/valueOfCallback continue
1624         to walk the api class hierarchy, but making the fallback to defaultValue would be problematic
1625         (since defaultValue calls toStringCallback/valueOfCallback, this would infinitely recurse).
1626         Making the fallback work with toString/valueOf methods attached to api objects is probably
1627         not the right thing to do – instead, we should just implement the defaultValue trap for api
1628         objects.
1629
1630         In addition, this bug highlights that fact that JSCallbackFunction::call will allow a hard
1631         null to be returned from C to JavaScript - this is not okay. Handle with an exception.
1632
1633         * API/JSCallbackFunction.cpp:
1634         (JSC::JSCallbackFunction::call):
1635             - Should be null checking the return value.
1636         (JSC):
1637             - Remove toStringCallback/valueOfCallback.
1638         * API/JSCallbackFunction.h:
1639         (JSCallbackFunction):
1640             - Remove toStringCallback/valueOfCallback.
1641         * API/JSCallbackObject.h:
1642         (JSCallbackObject):
1643             - Add defaultValue mthods to JSCallbackObject.
1644         * API/JSCallbackObjectFunctions.h:
1645         (JSC::::defaultValue):
1646             - Add defaultValue mthods to JSCallbackObject.
1647         * API/JSClassRef.cpp:
1648         (OpaqueJSClass::prototype):
1649             - Remove toStringCallback/valueOfCallback.
1650         * API/tests/testapi.js:
1651             - Revert this test, now we no longer artificially introduce a toString method onto the api object.
1652
1653 2012-03-18  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
1654
1655         [EFL] Include ICU_INCLUDE_DIRS when building.
1656         https://bugs.webkit.org/show_bug.cgi?id=81483
1657
1658         Reviewed by Daniel Bates.
1659
1660         So far, only the ICU libraries were being included when building
1661         JavaScriptCore, however the include path is also needed, otherwise the
1662         build will fail when ICU is installed into a non-standard location.
1663
1664         * PlatformEfl.cmake: Include ${ICU_INCLUDE_DIRS}.
1665
1666 2012-03-17  Gavin Barraclough  <barraclough@apple.com>
1667
1668         Strength reduction, RegExp.exec -> RegExp.test
1669         https://bugs.webkit.org/show_bug.cgi?id=81459
1670
1671         Reviewed by Sam Weinig.
1672
1673         RegExp.prototype.exec & RegExp.prototype.test can both be used to test a regular
1674         expression for a match against a string - however exec is more expensive, since
1675         it allocates a matches array object. In cases where the result is consumed in a
1676         boolean context the allocation of the matches array can be trivially elided.
1677
1678         For example:
1679             function f()
1680             {
1681                 for (i =0; i < 10000000; ++i)
1682                     if(!/a/.exec("a"))
1683                         err = true;
1684             }
1685
1686         This is a 2.5x speedup on this example microbenchmark loop.
1687
1688         In a more advanced form of this optimization, we may be able to avoid allocating
1689         the array where access to the array can be observed.
1690
1691         * create_hash_table:
1692         * dfg/DFGAbstractState.cpp:
1693         (JSC::DFG::AbstractState::execute):
1694         * dfg/DFGByteCodeParser.cpp:
1695         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1696         * dfg/DFGNode.h:
1697         (JSC::DFG::Node::hasHeapPrediction):
1698         * dfg/DFGNodeType.h:
1699         (DFG):
1700         * dfg/DFGOperations.cpp:
1701         * dfg/DFGOperations.h:
1702         * dfg/DFGPredictionPropagationPhase.cpp:
1703         (JSC::DFG::PredictionPropagationPhase::propagate):
1704         * dfg/DFGSpeculativeJIT.cpp:
1705         (JSC::DFG::SpeculativeJIT::compileRegExpExec):
1706         (DFG):
1707         * dfg/DFGSpeculativeJIT.h:
1708         (JSC::DFG::SpeculativeJIT::callOperation):
1709         * dfg/DFGSpeculativeJIT32_64.cpp:
1710         (JSC::DFG::SpeculativeJIT::compile):
1711         * dfg/DFGSpeculativeJIT64.cpp:
1712         (JSC::DFG::SpeculativeJIT::compile):
1713         * jsc.cpp:
1714         (GlobalObject::addConstructableFunction):
1715         * runtime/Intrinsic.h:
1716         * runtime/JSFunction.cpp:
1717         (JSC::JSFunction::create):
1718         (JSC):
1719         * runtime/JSFunction.h:
1720         (JSFunction):
1721         * runtime/Lookup.cpp:
1722         (JSC::setUpStaticFunctionSlot):
1723         * runtime/RegExpObject.cpp:
1724         (JSC::RegExpObject::exec):
1725         (JSC::RegExpObject::match):
1726         * runtime/RegExpObject.h:
1727         (RegExpObject):
1728         * runtime/RegExpPrototype.cpp:
1729         (JSC::regExpProtoFuncTest):
1730         (JSC::regExpProtoFuncExec):
1731
1732 2012-03-16  Michael Saboff  <msaboff@apple.com>
1733
1734         Improve diagnostic benefit of JSGlobalData::m_isInitializingObject
1735         https://bugs.webkit.org/show_bug.cgi?id=81244
1736
1737         Rubber stamped by Filip Pizlo.
1738
1739         Changed type and name of JSGlobalData::m_isInitializingObject to
1740         ClassInfo* and m_initializingObjectClass.
1741         Changed JSGlobalData::setInitializingObject to
1742         JSGlobalData::setInitializingObjectClass.  This pointer can be used within 
1743         the debugger to determine what type of object is being initialized.
1744         
1745         * runtime/JSCell.h:
1746         (JSC::JSCell::finishCreation):
1747         (JSC::allocateCell):
1748         * runtime/JSGlobalData.cpp:
1749         (JSC::JSGlobalData::JSGlobalData):
1750         * runtime/JSGlobalData.h:
1751         (JSGlobalData):
1752         (JSC::JSGlobalData::isInitializingObject):
1753         (JSC::JSGlobalData::setInitializingObjectClass):
1754         * runtime/Structure.h:
1755         (JSC::JSCell::finishCreation):
1756
1757 2012-03-16  Mark Rowe  <mrowe@apple.com>
1758
1759         Build fix. Do not preserve owner and group information when installing the WTF headers.
1760
1761         * JavaScriptCore.xcodeproj/project.pbxproj:
1762
1763 2012-03-15  David Dorwin  <ddorwin@chromium.org>
1764
1765         Make the array pointer parameters in the Typed Array create() methods const.
1766         https://bugs.webkit.org/show_bug.cgi?id=81147
1767
1768         Reviewed by Kenneth Russell.
1769
1770         This allows const arrays to be passed to these methods.
1771         They use PassRefPtr<Subclass> create(), which already has a const parameter.
1772
1773         * wtf/Int16Array.h:
1774         (Int16Array):
1775         (WTF::Int16Array::create):
1776         * wtf/Int32Array.h:
1777         (Int32Array):
1778         (WTF::Int32Array::create):
1779         * wtf/Int8Array.h:
1780         (Int8Array):
1781         (WTF::Int8Array::create):
1782         * wtf/Uint16Array.h:
1783         (Uint16Array):
1784         (WTF::Uint16Array::create):
1785         * wtf/Uint32Array.h:
1786         (Uint32Array):
1787         (WTF::Uint32Array::create):
1788         * wtf/Uint8Array.h:
1789         (Uint8Array):
1790         (WTF::Uint8Array::create):
1791         * wtf/Uint8ClampedArray.h:
1792         (Uint8ClampedArray):
1793         (WTF::Uint8ClampedArray::create):
1794
1795 2012-03-15  Myles Maxfield  <mmaxfield@google.com>
1796
1797         CopiedSpace::tryAllocateOversize assumes system page size
1798         https://bugs.webkit.org/show_bug.cgi?id=80615
1799
1800         Reviewed by Geoffrey Garen.
1801
1802         * heap/CopiedSpace.cpp:
1803         (JSC::CopiedSpace::tryAllocateOversize):
1804         * heap/CopiedSpace.h:
1805         (CopiedSpace):
1806         * heap/CopiedSpaceInlineMethods.h:
1807         (JSC::CopiedSpace::oversizeBlockFor):
1808         * wtf/BumpPointerAllocator.h:
1809         (WTF::BumpPointerPool::create):
1810         * wtf/StdLibExtras.h:
1811         (WTF::roundUpToMultipleOf):
1812
1813 2012-03-15  Mark Hahnenberg  <mhahnenberg@apple.com>
1814
1815         Fixing Windows build breakage
1816
1817         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1818
1819 2012-03-15  Patrick Gansterer  <paroga@webkit.org>
1820
1821         [EFL] Make zlib a general build requirement
1822         https://bugs.webkit.org/show_bug.cgi?id=80153
1823
1824         Reviewed by Hajime Morita.
1825
1826         After r109538 WebSocket module needs zlib to support deflate-frame extension.
1827
1828         * wtf/Platform.h:
1829
1830 2012-03-15  Benjamin Poulain  <bpoulain@apple.com>
1831
1832         NumericStrings should be inlined
1833         https://bugs.webkit.org/show_bug.cgi?id=81183
1834
1835         Reviewed by Gavin Barraclough.
1836
1837         NumericStrings is not always inlined. When it is not, the class is not faster
1838         than using UString::number() directly.
1839
1840         * runtime/NumericStrings.h:
1841         (JSC::NumericStrings::add):
1842         (JSC::NumericStrings::lookupSmallString):
1843
1844 2012-03-15  Andras Becsi  <andras.becsi@nokia.com>
1845
1846         Fix ARM build after r110792.
1847
1848         Unreviewed build fix.
1849
1850         * jit/ExecutableAllocator.h:
1851         (JSC::ExecutableAllocator::cacheFlush):
1852         Remove superfluous curly brackets.
1853
1854 2012-03-15  Gavin Barraclough  <barraclough@apple.com>
1855
1856         ARMv7: prefer vmov(gpr,gpr->double) over vmov(gpr->single)
1857         https://bugs.webkit.org/show_bug.cgi?id=81256
1858
1859         Reviewed by Oliver Hunt.
1860
1861         This is a 0.5% sunspider progression.
1862
1863         * assembler/MacroAssemblerARMv7.h:
1864         (JSC::MacroAssemblerARMv7::convertInt32ToDouble):
1865             - switch which form of vmov we use.
1866
1867 2012-03-15  YoungTaeck Song  <youngtaeck.song@samsung.com>
1868
1869         [EFL] Add OwnPtr specialization for Ecore_Timer.
1870         https://bugs.webkit.org/show_bug.cgi?id=80119
1871
1872         Reviewed by Hajime Morita.
1873
1874         Add an overload for deleteOwnedPtr(Ecore_Timer*) on EFL port.
1875
1876         * wtf/OwnPtrCommon.h:
1877         (WTF):
1878         * wtf/efl/OwnPtrEfl.cpp:
1879         (WTF::deleteOwnedPtr):
1880         (WTF):
1881
1882 2012-03-15  Hojong Han  <hojong.han@samsung.com>
1883
1884         Linux has madvise enough to support OSAllocator::commit/decommit
1885         https://bugs.webkit.org/show_bug.cgi?id=80505
1886
1887         Reviewed by Geoffrey Garen.
1888
1889         * wtf/OSAllocatorPosix.cpp:
1890         (WTF::OSAllocator::reserveUncommitted):
1891         (WTF::OSAllocator::commit):
1892         (WTF::OSAllocator::decommit):
1893
1894 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
1895
1896         Windows build fix.
1897
1898         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
1899         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
1900         * JavaScriptCore.vcproj/WTF/copy-files.cmd:
1901         * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
1902
1903 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
1904
1905         Windows build fix.
1906
1907         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
1908
1909 2012-03-15  Kevin Ollivier  <kevino@theolliviers.com>
1910
1911         Move wx port to using export macros
1912         https://bugs.webkit.org/show_bug.cgi?id=77279
1913
1914         Reviewed by Hajime Morita.
1915
1916         * wscript:
1917         * wtf/Platform.h:
1918
1919 2012-03-14  Benjamin Poulain  <bpoulain@apple.com>
1920
1921         Avoid StringImpl::getData16SlowCase() when sorting array
1922         https://bugs.webkit.org/show_bug.cgi?id=81070
1923
1924         Reviewed by Geoffrey Garen.
1925
1926         The function codePointCompare() is used intensively when sorting strings.
1927         This patch improves its performance by:
1928         -Avoiding character conversion.
1929         -Inlining the function.
1930
1931         This makes Peacekeeper's arrayCombined test 30% faster.
1932
1933         * wtf/text/StringImpl.cpp:
1934         * wtf/text/StringImpl.h:
1935         (WTF):
1936         (WTF::codePointCompare):
1937         (WTF::codePointCompare8):
1938         (WTF::codePointCompare16):
1939         (WTF::codePointCompare8To16):
1940
1941 2012-03-14  Hojong Han  <hojong.han@samsung.com>
1942
1943         Fix memory allocation failed by fastmalloc
1944         https://bugs.webkit.org/show_bug.cgi?id=79614
1945
1946         Reviewed by Geoffrey Garen.
1947
1948         Memory allocation failed even if the heap grows successfully.
1949         It is wrong to get the span only from the large list after the heap grows,
1950         because new span could be added in the normal list.
1951
1952         * wtf/FastMalloc.cpp:
1953         (WTF::TCMalloc_PageHeap::New):
1954
1955 2012-03-14  Hojong Han  <hojong.han@samsung.com>
1956
1957         Run cacheFlush page by page to assure of flushing all the requested ranges
1958         https://bugs.webkit.org/show_bug.cgi?id=77712
1959
1960         Reviewed by Geoffrey Garen.
1961
1962         Current MetaAllocator concept, always coalesces adjacent free spaces,
1963         doesn't meet memory management of Linux kernel.
1964         In a certain case Linux kernel doesn't regard contiguous virtual memory areas as one but two.
1965         Therefore cacheFlush page by page guarantees a flush-requested range.
1966
1967         * jit/ExecutableAllocator.h:
1968         (JSC::ExecutableAllocator::cacheFlush):
1969
1970 2012-03-14  Oliver Hunt  <oliver@apple.com>
1971
1972         Make ARMv7 work again
1973         https://bugs.webkit.org/show_bug.cgi?id=81157
1974
1975         Reviewed by Geoffrey Garen.
1976
1977         We were trying to use the ARMv7 dataRegister as a scratch register in a scenario
1978         where we the ARMv7MacroAssembler would also try to use dataRegister for its own
1979         nefarious purposes.
1980
1981         * assembler/MacroAssembler.h:
1982         (JSC::MacroAssembler::store32):
1983         * assembler/MacroAssemblerARMv7.h:
1984         (MacroAssemblerARMv7):
1985
1986 2012-03-14  Mark Hahnenberg  <mhahnenberg@apple.com>
1987
1988         Heap::destroy leaks CopiedSpace
1989         https://bugs.webkit.org/show_bug.cgi?id=81055
1990
1991         Reviewed by Geoffrey Garen.
1992
1993         Added a destroy() function to CopiedSpace that moves all normal size 
1994         CopiedBlocks from the CopiedSpace to the Heap's list of free blocks 
1995         as well as deallocates all of the oversize blocks in the CopiedSpace. 
1996         This function is now called in Heap::destroy().
1997
1998         * heap/CopiedSpace.cpp:
1999         (JSC::CopiedSpace::destroy):
2000         (JSC):
2001         * heap/CopiedSpace.h:
2002         (CopiedSpace):
2003         * heap/Heap.cpp:
2004         (JSC::Heap::destroy):
2005
2006 2012-03-14  Andrew Lo  <anlo@rim.com>
2007
2008         [BlackBerry] Implement REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR using AnimationFrameRateController
2009         https://bugs.webkit.org/show_bug.cgi?id=81000
2010
2011         Enable WTF_USE_REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for BlackBerry.
2012
2013         Reviewed by Antonio Gomes.
2014
2015         * wtf/Platform.h:
2016
2017 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
2018
2019         ValueToInt32 speculation will cause OSR exits even when it does not have to
2020         https://bugs.webkit.org/show_bug.cgi?id=81068
2021         <rdar://problem/11043926>
2022
2023         Reviewed by Anders Carlsson.
2024         
2025         Two related changes:
2026         1) ValueToInt32 will now always just defer to the non-speculative path, instead
2027            of exiting, if it doesn't know what speculations to perform.
2028         2) ValueToInt32 will speculate boolean if it sees this to be profitable.
2029
2030         * dfg/DFGAbstractState.cpp:
2031         (JSC::DFG::AbstractState::execute):
2032         * dfg/DFGNode.h:
2033         (JSC::DFG::Node::shouldSpeculateBoolean):
2034         (Node):
2035         * dfg/DFGSpeculativeJIT.cpp:
2036         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
2037
2038 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
2039
2040         More Windows build fixing
2041
2042         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2043
2044 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
2045
2046         Windows build fix
2047
2048         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2049
2050 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
2051
2052         Type conversion of exponential part failed
2053         https://bugs.webkit.org/show_bug.cgi?id=80673
2054
2055         Reviewed by Geoffrey Garen.
2056
2057         * parser/Lexer.cpp:
2058         (JSC::::lex):
2059         * runtime/JSGlobalObjectFunctions.cpp:
2060         (JSC::parseInt):
2061         (JSC):
2062         (JSC::jsStrDecimalLiteral): Added another template argument that exposes whether or not
2063         we accept trailing junk to clients of jsStrDecimalLiteral. Also added additional template 
2064         parameter for strtod to allow trailing spaces.
2065         (JSC::toDouble):
2066         (JSC::parseFloat): Accept trailing junk, as per the ECMA 262 spec (15.1.2.3).
2067         * runtime/LiteralParser.cpp:
2068         (JSC::::Lexer::lexNumber):
2069         * tests/mozilla/expected.html: Update the expected page for run-javascriptcore-tests so that 
2070         we will run ecma/TypeConversion/9.3.1-3.js as a regression test now.
2071         * wtf/dtoa.cpp:
2072         (WTF):
2073         (WTF::strtod): We also needed to sometimes accept trailing spaces to pass a few other tests that were 
2074         broken by changing the default allowance of trailing junk in jsStrDecimalLiteral.
2075         * wtf/dtoa.h:
2076         * wtf/dtoa/double-conversion.cc: When the AdvanceToNonspace function was lifted out of the 
2077         Chromium codebase, the person porting it only thought to check for spaces when skipping whitespace.
2078         A few of our JSC tests check for other types of trailing whitespace, so I've added checks for those 
2079         here to cover those cases (horizontal tab, vertical tab, carriage return, form feed, and line feed).
2080         * wtf/text/WTFString.cpp:
2081         (WTF::toDoubleType): Disallow trailing spaces, as this breaks form input verification stuff.
2082
2083 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
2084
2085         Unreviewed, build fix since is_pod<> includes some header that I didn't know about.
2086         Removing the assert for now.
2087
2088         * dfg/DFGOperations.h:
2089         * llint/LLIntSlowPaths.h:
2090
2091 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
2092
2093         Functions with C linkage should return POD types
2094         https://bugs.webkit.org/show_bug.cgi?id=81061
2095
2096         Reviewed by Mark Rowe.
2097
2098         * dfg/DFGOperations.h:
2099         * llint/LLIntSlowPaths.h:
2100         (LLInt):
2101         (SlowPathReturnType):
2102         (JSC::LLInt::encodeResult):
2103
2104 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
2105
2106         Loads from UInt32Arrays should not result in a double up-convert if it isn't necessary
2107         https://bugs.webkit.org/show_bug.cgi?id=80979
2108         <rdar://problem/11036848>
2109
2110         Reviewed by Oliver Hunt.
2111         
2112         Also improved DFG IR dumping to include type information in a somewhat more
2113         intuitive way.
2114
2115         * bytecode/PredictedType.cpp:
2116         (JSC::predictionToAbbreviatedString):
2117         (JSC):
2118         * bytecode/PredictedType.h:
2119         (JSC):
2120         * dfg/DFGAbstractState.cpp:
2121         (JSC::DFG::AbstractState::execute):
2122         * dfg/DFGGraph.cpp:
2123         (JSC::DFG::Graph::dump):
2124         * dfg/DFGPredictionPropagationPhase.cpp:
2125         (JSC::DFG::PredictionPropagationPhase::propagate):
2126         * dfg/DFGSpeculativeJIT.cpp:
2127         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
2128         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
2129         * dfg/DFGSpeculativeJIT.h:
2130         (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
2131
2132 2012-03-13  George Staikos  <staikos@webkit.org>
2133
2134         The callback is only used if SA_RESTART is defined.  Compile it out
2135         otherwise to avoid a warning.
2136         https://bugs.webkit.org/show_bug.cgi?id=80926
2137
2138         Reviewed by Alexey Proskuryakov.
2139
2140         * heap/MachineStackMarker.cpp:
2141         (JSC):
2142
2143 2012-03-13  Hojong Han  <hojong.han@samsung.com>
2144
2145         Dump the generated code for ARM_TRADITIONAL
2146         https://bugs.webkit.org/show_bug.cgi?id=80975
2147
2148         Reviewed by Gavin Barraclough.
2149
2150         * assembler/LinkBuffer.h:
2151         (JSC::LinkBuffer::dumpCode):
2152
2153 2012-03-13  Adam Barth  <abarth@webkit.org> && Benjamin Poulain  <bpoulain@apple.com>
2154
2155         Always enable ENABLE(CLIENT_BASED_GEOLOCATION)
2156         https://bugs.webkit.org/show_bug.cgi?id=78853
2157
2158         Reviewed by Adam Barth.
2159
2160         * Configurations/FeatureDefines.xcconfig:
2161         * wtf/Platform.h:
2162
2163 2012-03-13  Kwonjin Jeong  <gram@company100.net>
2164
2165         Remove SlotVisitor::copy() method.
2166         https://bugs.webkit.org/show_bug.cgi?id=80973
2167
2168         Reviewed by Geoffrey Garen.
2169
2170         SlotVisitor::copy() method isn't called anywhere.
2171
2172         * heap/MarkStack.cpp: Remove definition of SlotVisitor::copy() method.
2173         * heap/SlotVisitor.h: Remove declaration of SlotVisitor::copy() method.
2174
2175 2012-03-12  Hojong Han  <hojong.han@samsung.com>
2176
2177         Fix test cases for RegExp multiline
2178         https://bugs.webkit.org/show_bug.cgi?id=80822
2179
2180         Reviewed by Gavin Barraclough.
2181
2182         * tests/mozilla/js1_2/regexp/RegExp_multiline.js:
2183         * tests/mozilla/js1_2/regexp/RegExp_multiline_as_array.js:
2184         * tests/mozilla/js1_2/regexp/beginLine.js:
2185         * tests/mozilla/js1_2/regexp/endLine.js:
2186
2187 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
2188
2189         Arithmetic use inference should be procedure-global and should run in tandem
2190         with type propagation
2191         https://bugs.webkit.org/show_bug.cgi?id=80819
2192         <rdar://problem/11034006>
2193
2194         Reviewed by Gavin Barraclough.
2195         
2196         * CMakeLists.txt:
2197         * GNUmakefile.list.am:
2198         * JavaScriptCore.xcodeproj/project.pbxproj:
2199         * Target.pri:
2200         * dfg/DFGArithNodeFlagsInferencePhase.cpp: Removed.
2201         * dfg/DFGArithNodeFlagsInferencePhase.h: Removed.
2202         * dfg/DFGDriver.cpp:
2203         (JSC::DFG::compile):
2204         * dfg/DFGPredictionPropagationPhase.cpp:
2205         (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
2206         (PredictionPropagationPhase):
2207         (JSC::DFG::PredictionPropagationPhase::isNotZero):
2208         (JSC::DFG::PredictionPropagationPhase::propagate):
2209         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
2210         * dfg/DFGVariableAccessData.h:
2211         (JSC::DFG::VariableAccessData::VariableAccessData):
2212         (JSC::DFG::VariableAccessData::flags):
2213         (VariableAccessData):
2214         (JSC::DFG::VariableAccessData::mergeFlags):
2215
2216 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
2217
2218         Node::op and Node::flags should be private
2219         https://bugs.webkit.org/show_bug.cgi?id=80824
2220         <rdar://problem/11033435>
2221
2222         Reviewed by Gavin Barraclough.
2223
2224         * CMakeLists.txt:
2225         * GNUmakefile.list.am:
2226         * JavaScriptCore.xcodeproj/project.pbxproj:
2227         * Target.pri:
2228         * dfg/DFGAbstractState.cpp:
2229         (JSC::DFG::AbstractState::initialize):
2230         (JSC::DFG::AbstractState::execute):
2231         (JSC::DFG::AbstractState::mergeStateAtTail):
2232         (JSC::DFG::AbstractState::mergeToSuccessors):
2233         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
2234         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
2235         * dfg/DFGByteCodeParser.cpp:
2236         (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
2237         (JSC::DFG::ByteCodeParser::getLocal):
2238         (JSC::DFG::ByteCodeParser::getArgument):
2239         (JSC::DFG::ByteCodeParser::flushArgument):
2240         (JSC::DFG::ByteCodeParser::toInt32):
2241         (JSC::DFG::ByteCodeParser::isJSConstant):
2242         (JSC::DFG::ByteCodeParser::makeSafe):
2243         (JSC::DFG::ByteCodeParser::makeDivSafe):
2244         (JSC::DFG::ByteCodeParser::handleInlining):
2245         (JSC::DFG::ByteCodeParser::parseBlock):
2246         (JSC::DFG::ByteCodeParser::processPhiStack):
2247         (JSC::DFG::ByteCodeParser::linkBlock):
2248         * dfg/DFGCFAPhase.cpp:
2249         (JSC::DFG::CFAPhase::performBlockCFA):
2250         * dfg/DFGCSEPhase.cpp:
2251         (JSC::DFG::CSEPhase::canonicalize):
2252         (JSC::DFG::CSEPhase::endIndexForPureCSE):
2253         (JSC::DFG::CSEPhase::pureCSE):
2254         (JSC::DFG::CSEPhase::byValIsPure):
2255         (JSC::DFG::CSEPhase::clobbersWorld):
2256         (JSC::DFG::CSEPhase::impureCSE):
2257         (JSC::DFG::CSEPhase::globalVarLoadElimination):
2258         (JSC::DFG::CSEPhase::getByValLoadElimination):
2259         (JSC::DFG::CSEPhase::checkFunctionElimination):
2260         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
2261         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
2262         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
2263         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
2264         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
2265         (JSC::DFG::CSEPhase::performNodeCSE):
2266         * dfg/DFGGraph.cpp:
2267         (JSC::DFG::Graph::dump):
2268         (DFG):
2269         * dfg/DFGGraph.h:
2270         (JSC::DFG::Graph::addShouldSpeculateInteger):
2271         (JSC::DFG::Graph::negateShouldSpeculateInteger):
2272         (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
2273         * dfg/DFGNode.cpp: Removed.
2274         * dfg/DFGNode.h:
2275         (DFG):
2276         (JSC::DFG::Node::Node):
2277         (Node):
2278         (JSC::DFG::Node::op):
2279         (JSC::DFG::Node::flags):
2280         (JSC::DFG::Node::setOp):
2281         (JSC::DFG::Node::setFlags):
2282         (JSC::DFG::Node::mergeFlags):
2283         (JSC::DFG::Node::filterFlags):
2284         (JSC::DFG::Node::clearFlags):
2285         (JSC::DFG::Node::setOpAndDefaultFlags):
2286         (JSC::DFG::Node::mustGenerate):
2287         (JSC::DFG::Node::isConstant):
2288         (JSC::DFG::Node::isWeakConstant):
2289         (JSC::DFG::Node::valueOfJSConstant):
2290         (JSC::DFG::Node::hasVariableAccessData):
2291         (JSC::DFG::Node::hasIdentifier):
2292         (JSC::DFG::Node::resolveGlobalDataIndex):
2293         (JSC::DFG::Node::hasArithNodeFlags):
2294         (JSC::DFG::Node::arithNodeFlags):
2295         (JSC::DFG::Node::setArithNodeFlag):
2296         (JSC::DFG::Node::mergeArithNodeFlags):
2297         (JSC::DFG::Node::hasConstantBuffer):
2298         (JSC::DFG::Node::hasRegexpIndex):
2299         (JSC::DFG::Node::hasVarNumber):
2300         (JSC::DFG::Node::hasScopeChainDepth):
2301         (JSC::DFG::Node::hasResult):
2302         (JSC::DFG::Node::hasInt32Result):
2303         (JSC::DFG::Node::hasNumberResult):
2304         (JSC::DFG::Node::hasJSResult):
2305         (JSC::DFG::Node::hasBooleanResult):
2306         (JSC::DFG::Node::isJump):
2307         (JSC::DFG::Node::isBranch):
2308         (JSC::DFG::Node::isTerminal):
2309         (JSC::DFG::Node::hasHeapPrediction):
2310         (JSC::DFG::Node::hasFunctionCheckData):
2311         (JSC::DFG::Node::hasStructureTransitionData):
2312         (JSC::DFG::Node::hasStructureSet):
2313         (JSC::DFG::Node::hasStorageAccessData):
2314         (JSC::DFG::Node::hasFunctionDeclIndex):
2315         (JSC::DFG::Node::hasFunctionExprIndex):
2316         (JSC::DFG::Node::child1):
2317         (JSC::DFG::Node::child2):
2318         (JSC::DFG::Node::child3):
2319         (JSC::DFG::Node::firstChild):
2320         (JSC::DFG::Node::numChildren):
2321         * dfg/DFGNodeFlags.cpp: Copied from Source/JavaScriptCore/dfg/DFGNode.cpp.
2322         * dfg/DFGNodeFlags.h: Added.
2323         (DFG):
2324         (JSC::DFG::nodeUsedAsNumber):
2325         (JSC::DFG::nodeCanTruncateInteger):
2326         (JSC::DFG::nodeCanIgnoreNegativeZero):
2327         (JSC::DFG::nodeMayOverflow):
2328         (JSC::DFG::nodeCanSpeculateInteger):
2329         * dfg/DFGNodeType.h: Added.
2330         (DFG):
2331         (JSC::DFG::defaultFlags):
2332         * dfg/DFGPredictionPropagationPhase.cpp:
2333         (JSC::DFG::PredictionPropagationPhase::propagate):
2334         (JSC::DFG::PredictionPropagationPhase::vote):
2335         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
2336         (JSC::DFG::PredictionPropagationPhase::fixupNode):
2337         * dfg/DFGRedundantPhiEliminationPhase.cpp:
2338         (JSC::DFG::RedundantPhiEliminationPhase::run):
2339         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
2340         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
2341         * dfg/DFGSpeculativeJIT.cpp:
2342         (JSC::DFG::SpeculativeJIT::useChildren):
2343         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
2344         (JSC::DFG::SpeculativeJIT::compileMovHint):
2345         (JSC::DFG::SpeculativeJIT::compile):
2346         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2347         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
2348         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
2349         (JSC::DFG::SpeculativeJIT::compileAdd):
2350         (JSC::DFG::SpeculativeJIT::compare):
2351         * dfg/DFGSpeculativeJIT.h:
2352         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
2353         * dfg/DFGSpeculativeJIT32_64.cpp:
2354         (JSC::DFG::SpeculativeJIT::emitCall):
2355         (JSC::DFG::SpeculativeJIT::compile):
2356         * dfg/DFGSpeculativeJIT64.cpp:
2357         (JSC::DFG::SpeculativeJIT::emitCall):
2358         (JSC::DFG::SpeculativeJIT::compile):
2359         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2360         (JSC::DFG::VirtualRegisterAllocationPhase::run):
2361
2362 2012-03-12  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
2363
2364         Minor DataLog fixes
2365         https://bugs.webkit.org/show_bug.cgi?id=80826
2366
2367         Reviewed by Andreas Kling.
2368
2369         * bytecode/ExecutionCounter.cpp:
2370         Do not include DataLog.h, it is not used.
2371         
2372         * jit/ExecutableAllocator.cpp:
2373         Ditto.
2374
2375         * wtf/DataLog.cpp:
2376         (WTF::initializeLogFileOnce):
2377         Add missing semi-colon to the code path where DATA_LOG_FILENAME is defined.
2378
2379         * wtf/HashTable.cpp:
2380         Include DataLog as it is used.
2381
2382 2012-03-12  SangGyu Lee  <sg5.lee@samsung.com>
2383
2384         Integer overflow check code in arithmetic operation in classic interpreter
2385         https://bugs.webkit.org/show_bug.cgi?id=80465
2386
2387         Reviewed by Gavin Barraclough.
2388
2389         * interpreter/Interpreter.cpp:
2390         (JSC::Interpreter::privateExecute):
2391
2392 2012-03-12  Zeno Albisser  <zeno@webkit.org>
2393
2394         [Qt][Mac] Build fails after enabling LLINT when JIT is disabled (r109863)
2395         https://bugs.webkit.org/show_bug.cgi?id=80827
2396
2397         Qt on Mac uses OS(DARWIN) as well, but we do not want to enable LLINT.
2398
2399         Reviewed by Simon Hausmann.
2400
2401         * wtf/Platform.h:
2402
2403 2012-03-12  Simon Hausmann  <simon.hausmann@nokia.com>
2404
2405         Unreviewed prospective Qt/Mac build fix
2406
2407         * runtime/JSGlobalData.cpp: use #USE(CF) instead of PLATFORM(MAC) to determine
2408         whether to include CoreFoundation headers, used for JIT configuration in JSGlobalData
2409         constructor.
2410
2411 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
2412
2413         All DFG nodes should have a mutable set of flags
2414         https://bugs.webkit.org/show_bug.cgi?id=80779
2415         <rdar://problem/11026218>
2416
2417         Reviewed by Gavin Barraclough.
2418         
2419         Got rid of NodeId, and placed all of the flags that distinguished NodeId
2420         from NodeType into a separate Node::flags field. Combined what was previously
2421         ArithNodeFlags into Node::flags.
2422         
2423         In the process of debugging, I found that the debug support in the virtual
2424         register allocator was lacking, so I improved it. I also realized that the
2425         virtual register allocator was assuming that the nodes in a basic block were
2426         contiguous, which is no longer the case. So I fixed that. The fix also made
2427         it natural to have more extreme assertions, so I added them. I suspect this
2428         will make it easier to catch virtual register allocation bugs in the future.
2429         
2430         This is mostly performance neutral; if anything it looks like a slight
2431         speed-up.
2432         
2433         This patch does leave some work for future refactorings; for example, Node::op
2434         is unencapsulated. This was already the case, though now it feels even more
2435         like it should be. I avoided doing that because this patch has already grown
2436         way bigger than I wanted.
2437         
2438         Finally, this patch creates a DFGNode.cpp file and makes a slight effort to
2439         move some unnecessarily inline stuff out of DFGNode.h.
2440
2441         * CMakeLists.txt:
2442         * GNUmakefile.list.am:
2443         * JavaScriptCore.xcodeproj/project.pbxproj:
2444         * Target.pri:
2445         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
2446         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
2447         * dfg/DFGByteCodeParser.cpp:
2448         (JSC::DFG::ByteCodeParser::addToGraph):
2449         (JSC::DFG::ByteCodeParser::makeSafe):
2450         (JSC::DFG::ByteCodeParser::makeDivSafe):
2451         (JSC::DFG::ByteCodeParser::handleMinMax):
2452         (JSC::DFG::ByteCodeParser::handleIntrinsic):
2453         (JSC::DFG::ByteCodeParser::parseBlock):
2454         * dfg/DFGCFAPhase.cpp:
2455         (JSC::DFG::CFAPhase::performBlockCFA):
2456         * dfg/DFGCSEPhase.cpp:
2457         (JSC::DFG::CSEPhase::endIndexForPureCSE):
2458         (JSC::DFG::CSEPhase::pureCSE):
2459         (JSC::DFG::CSEPhase::clobbersWorld):
2460         (JSC::DFG::CSEPhase::impureCSE):
2461         (JSC::DFG::CSEPhase::setReplacement):
2462         (JSC::DFG::CSEPhase::eliminate):
2463         (JSC::DFG::CSEPhase::performNodeCSE):
2464         (JSC::DFG::CSEPhase::performBlockCSE):
2465         (CSEPhase):
2466         * dfg/DFGGraph.cpp:
2467         (JSC::DFG::Graph::opName):
2468         (JSC::DFG::Graph::dump):
2469         (DFG):
2470         * dfg/DFGNode.cpp: Added.
2471         (DFG):
2472         (JSC::DFG::arithNodeFlagsAsString):
2473         * dfg/DFGNode.h:
2474         (DFG):
2475         (JSC::DFG::nodeUsedAsNumber):
2476         (JSC::DFG::nodeCanTruncateInteger):
2477         (JSC::DFG::nodeCanIgnoreNegativeZero):
2478         (JSC::DFG::nodeMayOverflow):
2479         (JSC::DFG::nodeCanSpeculateInteger):
2480         (JSC::DFG::defaultFlags):
2481         (JSC::DFG::Node::Node):
2482         (Node):
2483         (JSC::DFG::Node::setOpAndDefaultFlags):
2484         (JSC::DFG::Node::mustGenerate):
2485         (JSC::DFG::Node::arithNodeFlags):
2486         (JSC::DFG::Node::setArithNodeFlag):
2487         (JSC::DFG::Node::mergeArithNodeFlags):
2488         (JSC::DFG::Node::hasResult):
2489         (JSC::DFG::Node::hasInt32Result):
2490         (JSC::DFG::Node::hasNumberResult):
2491         (JSC::DFG::Node::hasJSResult):
2492         (JSC::DFG::Node::hasBooleanResult):
2493         (JSC::DFG::Node::isJump):
2494         (JSC::DFG::Node::isBranch):
2495         (JSC::DFG::Node::isTerminal):
2496         (JSC::DFG::Node::child1):
2497         (JSC::DFG::Node::child2):
2498         (JSC::DFG::Node::child3):
2499         (JSC::DFG::Node::firstChild):
2500         (JSC::DFG::Node::numChildren):
2501         * dfg/DFGPredictionPropagationPhase.cpp:
2502         (JSC::DFG::PredictionPropagationPhase::propagate):
2503         (JSC::DFG::PredictionPropagationPhase::vote):
2504         (JSC::DFG::PredictionPropagationPhase::fixupNode):
2505         * dfg/DFGScoreBoard.h:
2506         (ScoreBoard):
2507         (JSC::DFG::ScoreBoard::~ScoreBoard):
2508         (JSC::DFG::ScoreBoard::assertClear):
2509         (JSC::DFG::ScoreBoard::use):
2510         * dfg/DFGSpeculativeJIT.cpp:
2511         (JSC::DFG::SpeculativeJIT::useChildren):
2512         * dfg/DFGSpeculativeJIT32_64.cpp:
2513         (JSC::DFG::SpeculativeJIT::compile):
2514         * dfg/DFGSpeculativeJIT64.cpp:
2515         (JSC::DFG::SpeculativeJIT::compile):
2516         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2517         (JSC::DFG::VirtualRegisterAllocationPhase::run):
2518
2519 2012-03-10  Filip Pizlo  <fpizlo@apple.com>
2520
2521         LLInt should support JSVALUE64
2522         https://bugs.webkit.org/show_bug.cgi?id=79609
2523         <rdar://problem/10063437>
2524
2525         Reviewed by Gavin Barraclough and Oliver Hunt.
2526         
2527         Ported the LLInt, which previously only worked on 32-bit, to 64-bit. This
2528         patch moves a fair bit of code from LowLevelInterpreter32_64.asm to the common
2529         file, LowLevelInterpreter.asm. About 1/3 of the LLInt did not have to be
2530         specialized for value representation.
2531         
2532         Also made some minor changes to offlineasm and the slow-paths.
2533
2534         * llint/LLIntData.cpp:
2535         (JSC::LLInt::Data::performAssertions):
2536         * llint/LLIntEntrypoints.cpp:
2537         * llint/LLIntSlowPaths.cpp:
2538         (LLInt):
2539         (JSC::LLInt::llint_trace_value):
2540         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2541         (JSC::LLInt::jitCompileAndSetHeuristics):
2542         * llint/LLIntSlowPaths.h:
2543         (LLInt):
2544         (SlowPathReturnType):
2545         (JSC::LLInt::SlowPathReturnType::SlowPathReturnType):
2546         (JSC::LLInt::encodeResult):
2547         * llint/LLIntThunks.cpp:
2548         * llint/LowLevelInterpreter.asm:
2549         * llint/LowLevelInterpreter32_64.asm:
2550         * llint/LowLevelInterpreter64.asm:
2551         * offlineasm/armv7.rb:
2552         * offlineasm/asm.rb:
2553         * offlineasm/ast.rb:
2554         * offlineasm/backends.rb:
2555         * offlineasm/instructions.rb:
2556         * offlineasm/parser.rb:
2557         * offlineasm/registers.rb:
2558         * offlineasm/transform.rb:
2559         * offlineasm/x86.rb:
2560         * wtf/Platform.h:
2561
2562 2012-03-10  Yong Li  <yoli@rim.com>
2563
2564         Web Worker crashes with WX_EXCLUSIVE
2565         https://bugs.webkit.org/show_bug.cgi?id=80532
2566
2567         Let each JS global object own a meta allocator
2568         for WX_EXCLUSIVE to avoid conflicts from Web Worker.
2569         Also fix a mutex leak in MetaAllocator's dtor.
2570
2571         Reviewed by Filip Pizlo.
2572
2573         * jit/ExecutableAllocator.cpp:
2574         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
2575         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
2576         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
2577         (DemandExecutableAllocator):
2578         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
2579         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
2580         (JSC::DemandExecutableAllocator::allocateNewSpace):
2581         (JSC::DemandExecutableAllocator::allocators):
2582         (JSC::DemandExecutableAllocator::allocatorsMutex):
2583         (JSC):
2584         (JSC::ExecutableAllocator::initializeAllocator):
2585         (JSC::ExecutableAllocator::ExecutableAllocator):
2586         (JSC::ExecutableAllocator::underMemoryPressure):
2587         (JSC::ExecutableAllocator::memoryPressureMultiplier):
2588         (JSC::ExecutableAllocator::allocate):
2589         (JSC::ExecutableAllocator::committedByteCount):
2590         (JSC::ExecutableAllocator::dumpProfile):
2591         * jit/ExecutableAllocator.h:
2592         (JSC):
2593         (ExecutableAllocator):
2594         (JSC::ExecutableAllocator::allocator):
2595         * wtf/MetaAllocator.h:
2596         (WTF::MetaAllocator::~MetaAllocator): Finalize the spin lock.
2597         * wtf/TCSpinLock.h:
2598         (TCMalloc_SpinLock::Finalize): Add empty Finalize() to some implementations.
2599
2600 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2601
2602         Object.freeze broken on latest Nightly
2603         https://bugs.webkit.org/show_bug.cgi?id=80577
2604
2605         Reviewed by Oliver Hunt.
2606
2607         The problem here is that deleteProperty rejects deletion of prototype.
2608         This is correct in most cases, however defineOwnPropery is presently
2609         implemented internally to ensure the attributes change by deleting the
2610         old property, and creating a new one.
2611
2612         * runtime/JSFunction.cpp:
2613         (JSC::JSFunction::deleteProperty):
2614             - If deletePropery is called via defineOwnPropery, allow old prototype to be removed.
2615
2616 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2617
2618         Array.prototype.toLocaleString visits elements in wrong order under certain conditions
2619         https://bugs.webkit.org/show_bug.cgi?id=80663
2620
2621         Reviewed by Michael Saboff.
2622
2623         The bug here is actually that we're continuing to process the array after an exception
2624         has been thrown, and that the second value throw is overriding the first.
2625
2626         * runtime/ArrayPrototype.cpp:
2627         (JSC::arrayProtoFuncToLocaleString):
2628
2629 2012-03-09  Ryosuke Niwa  <rniwa@webkit.org>
2630
2631         WebKit compiled by gcc (Xcode 3.2.6) hangs while running DOM/Accessors.html
2632         https://bugs.webkit.org/show_bug.cgi?id=80080
2633
2634         Reviewed by Filip Pizlo.
2635
2636         * bytecode/SamplingTool.cpp:
2637         (JSC::SamplingRegion::Locker::Locker):
2638         (JSC::SamplingRegion::Locker::~Locker):
2639         * bytecode/SamplingTool.h:
2640         (JSC::SamplingRegion::exchangeCurrent):
2641         * wtf/Atomics.h:
2642         (WTF):
2643         (WTF::weakCompareAndSwap):
2644         (WTF::weakCompareAndSwapUIntPtr):
2645
2646 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2647
2648         REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN
2649         https://bugs.webkit.org/show_bug.cgi?id=49989
2650
2651         Reviewed by Oliver Hunt.
2652
2653         Patch originally by chris reiss <christopher.reiss@nokia.com>,
2654         allow the year to appear before the timezone in date strings.
2655
2656         * wtf/DateMath.cpp:
2657         (WTF::parseDateFromNullTerminatedCharacters):
2658
2659 2012-03-09  Mark Rowe  <mrowe@apple.com>
2660
2661         Ensure that the WTF headers are copied at installhdrs time.
2662
2663         Reviewed by Dan Bernstein and Jessie Berlin.
2664
2665         * Configurations/JavaScriptCore.xcconfig: Set INSTALLHDRS_SCRIPT_PHASE = YES
2666         so that our script phases are invoked at installhdrs time. The only one that
2667         does any useful work at that time is the one that installs WTF headers.
2668
2669 2012-03-09  Jon Lee  <jonlee@apple.com>
2670
2671         Add support for ENABLE(LEGACY_NOTIFICATIONS)
2672         https://bugs.webkit.org/show_bug.cgi?id=80497
2673
2674         Reviewed by Adam Barth.
2675
2676         Prep for b80472: Update API for Web Notifications
2677         * Configurations/FeatureDefines.xcconfig:
2678
2679 2012-03-09  Ashod Nakashian  <ashodnakashian@yahoo.com>
2680
2681         Bash scripts should support LF endings only
2682         https://bugs.webkit.org/show_bug.cgi?id=79509
2683
2684         Reviewed by David Kilzer.
2685
2686         * gyp/generate-derived-sources.sh: Added property svn:eol-style.
2687         * gyp/run-if-exists.sh: Added property svn:eol-style.
2688         * gyp/update-info-plist.sh: Added property svn:eol-style.
2689
2690 2012-03-09  Jessie Berlin  <jberlin@apple.com>
2691
2692         Windows debug build fix.
2693
2694         * assembler/MacroAssembler.h:
2695         (JSC::MacroAssembler::shouldBlind):
2696         Fix unreachable code warnings (which we treat as errors).
2697
2698 2012-03-09  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
2699
2700         Reviewed by Zoltan Herczeg.
2701
2702         [Qt] Fix the SH4 build after r109834
2703         https://bugs.webkit.org/show_bug.cgi?id=80492
2704
2705         * assembler/MacroAssemblerSH4.h:
2706         (JSC::MacroAssemblerSH4::branchAdd32):
2707         (JSC::MacroAssemblerSH4::branchSub32):
2708
2709 2012-03-09  Andy Wingo  <wingo@igalia.com>
2710
2711         Refactor code feature analysis in the parser
2712         https://bugs.webkit.org/show_bug.cgi?id=79112
2713
2714         Reviewed by Geoffrey Garen.
2715
2716         This commit refactors the parser to more uniformly propagate flag
2717         bits down and up the parse process, as the parser descends and
2718         returns into nested blocks.  Some flags get passed town to
2719         subscopes, some apply to specific scopes only, and some get
2720         unioned up after parsing subscopes.
2721
2722         The goal is to eventually be very precise with scoping
2723         information, once we have block scopes: one block scope might use
2724         `eval', which would require the emission of a symbol table within
2725         that block and containing blocks, whereas another block in the
2726         same function might not, allowing us to not emit a symbol table.
2727
2728         * parser/Nodes.h:
2729         (JSC::ScopeFlags): Rename from CodeFeatures.
2730         (JSC::ScopeNode::addScopeFlags):
2731         (JSC::ScopeNode::scopeFlags): New accessors for m_scopeFlags.
2732         (JSC::ScopeNode::isStrictMode):
2733         (JSC::ScopeNode::usesEval):
2734         (JSC::ScopeNode::usesArguments):
2735         (JSC::ScopeNode::setUsesArguments):
2736         (JSC::ScopeNode::usesThis):
2737         (JSC::ScopeNode::needsActivationForMoreThanVariables):
2738         (JSC::ScopeNode::needsActivation): Refactor these accessors to
2739         operate on the m_scopeFlags member.
2740         (JSC::ScopeNode::source):
2741         (JSC::ScopeNode::sourceURL):
2742         (JSC::ScopeNode::sourceID): Shuffle these definitions around; no
2743         semantic change.
2744         (JSC::ScopeNode::ScopeNode)
2745         (JSC::ProgramNode::ProgramNode)
2746         (JSC::EvalNode::EvalNode)
2747         (JSC::FunctionBodyNode::FunctionBodyNode): Have these constructors
2748         take a ScopeFlags as an argument, instead of a bool inStrictContext.
2749
2750         * parser/Nodes.cpp:
2751         (JSC::ScopeNode::ScopeNode):
2752         (JSC::ProgramNode::ProgramNode):
2753         (JSC::ProgramNode::create):
2754         (JSC::EvalNode::EvalNode):
2755         (JSC::EvalNode::create):
2756         (JSC::FunctionBodyNode::FunctionBodyNode):
2757         (JSC::FunctionBodyNode::create): Adapt constructors to change.
2758
2759         * parser/ASTBuilder.h:
2760         (JSC::ASTBuilder::ASTBuilder):
2761         (JSC::ASTBuilder::thisExpr):
2762         (JSC::ASTBuilder::createResolve):
2763         (JSC::ASTBuilder::createFunctionBody):
2764         (JSC::ASTBuilder::createFuncDeclStatement):
2765         (JSC::ASTBuilder::createTryStatement):
2766         (JSC::ASTBuilder::createWithStatement):
2767         (JSC::ASTBuilder::addVar):
2768         (JSC::ASTBuilder::Scope::Scope):
2769         (Scope):
2770         (ASTBuilder):
2771         (JSC::ASTBuilder::makeFunctionCallNode): Don't track scope
2772         features here.  Instead rely on the base Parser mechanism to track
2773         features.
2774
2775         * parser/NodeInfo.h (NodeInfo, NodeDeclarationInfo): "ScopeFlags".
2776
2777         * parser/Parser.h:
2778         (JSC::Scope::Scope): Manage scope through flags, not
2779         bit-booleans.  This lets us uniformly propagate them up and down.
2780         (JSC::Scope::declareWrite):
2781         (JSC::Scope::declareParameter):
2782         (JSC::Scope::useVariable):
2783         (JSC::Scope::collectFreeVariables):
2784         (JSC::Scope::getCapturedVariables):
2785         (JSC::Scope::saveFunctionInfo):
2786         (JSC::Scope::restoreFunctionInfo):
2787         (JSC::Parser::pushScope): Adapt to use scope flags and their
2788         accessors instead of bit-booleans.
2789         * parser/Parser.cpp:
2790         (JSC::::Parser):
2791         (JSC::::parseInner):
2792         (JSC::::didFinishParsing):
2793         (JSC::::parseSourceElements):
2794         (JSC::::parseVarDeclarationList):
2795         (JSC::::parseConstDeclarationList):
2796         (JSC::::parseWithStatement):
2797         (JSC::::parseTryStatement):
2798         (JSC::::parseFunctionBody):
2799         (JSC::::parseFunctionInfo):
2800         (JSC::::parseFunctionDeclaration):
2801         (JSC::::parsePrimaryExpression): Hoist some of the flag handling
2802         out of the "context" (ASTBuilder or SyntaxChecker) and to here.
2803         Does not seem to have a performance impact.
2804
2805         * parser/SourceProviderCacheItem.h (SourceProviderCacheItem):
2806         Cache the scopeflags.
2807         * parser/SyntaxChecker.h: Remove evalCount() decl.
2808
2809         * runtime/Executable.cpp:
2810         (JSC::EvalExecutable::compileInternal):
2811         (JSC::ProgramExecutable::compileInternal):
2812         (JSC::FunctionExecutable::produceCodeBlockFor):
2813         * runtime/Executable.h:
2814         (JSC::ScriptExecutable::ScriptExecutable):
2815         (JSC::ScriptExecutable::usesEval):
2816         (JSC::ScriptExecutable::usesArguments):
2817         (JSC::ScriptExecutable::needsActivation):
2818         (JSC::ScriptExecutable::isStrictMode):
2819         (JSC::ScriptExecutable::recordParse):
2820         (ScriptExecutable): ScopeFlags, not features.
2821
2822 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
2823
2824         Build fix for MSVC after r110266
2825
2826         Unreviewed. A #ifdef for MSVC was left over in r110266.
2827
2828         * runtime/RegExpObject.h:
2829         (RegExpObject):
2830
2831 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
2832
2833         Allocate the RegExpObject's data with the Cell
2834         https://bugs.webkit.org/show_bug.cgi?id=80654
2835
2836         Reviewed by Gavin Barraclough.
2837
2838         This patch removes the creation of RegExpObject's data to avoid the overhead
2839         create by the allocation and destruction.
2840
2841         We RegExp are created repeatedly, this provides some performance improvment.
2842         The PeaceKeeper test stringDetectBrowser improves by 10%.
2843
2844         * runtime/RegExpObject.cpp:
2845         (JSC::RegExpObject::RegExpObject):
2846         (JSC::RegExpObject::visitChildren):
2847         (JSC::RegExpObject::getOwnPropertyDescriptor):
2848         (JSC::RegExpObject::defineOwnProperty):
2849         (JSC::RegExpObject::match):
2850         * runtime/RegExpObject.h:
2851         (JSC::RegExpObject::setRegExp):
2852         (JSC::RegExpObject::regExp):
2853         (JSC::RegExpObject::setLastIndex):
2854         (JSC::RegExpObject::getLastIndex):
2855         (RegExpObject):
2856
2857 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
2858
2859         Separate WTF parts of JavaScriptCoreGenerated into WTFGenerated for Windows build
2860         https://bugs.webkit.org/show_bug.cgi?id=80657
2861         
2862         Preparation for WTF separation from JavaScriptCore.
2863         The "Generated" vcproj files on Windows are necessary so Visual Studio can calculate correct
2864         dependencies for generated files.
2865         
2866         This also removes the PGO build targets from the WTF code, since we can't build instrumentation/optimization
2867         versions of the WTF code independent of the JavaScriptCore code.
2868
2869         Reviewed by Jessie Berlin.
2870
2871         * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WTFGenerated, update dependent projects.
2872         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed WTF specific parts.
2873         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed WTF specific parts.
2874         * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed WTF specific parts.
2875         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed WTF specific parts.
2876         * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Removed.
2877         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Add WTFGenerated, update dependent projects.
2878         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Remove PGO targets from WTF.
2879         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make.
2880         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj.
2881         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops.
2882         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops.
2883         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops.
2884         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops.
2885         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops.
2886         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops.
2887         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops.
2888         * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Removed.
2889         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh.
2890         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd.
2891         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py.
2892
2893 2012-03-08  Benjamin Poulain  <benjamin@webkit.org>
2894
2895         Fix the build of WebKit with WTFURL following the removal of ForwardingHeaders/wtf
2896         https://bugs.webkit.org/show_bug.cgi?id=80652
2897
2898         Reviewed by Eric Seidel.
2899
2900         Fix the header, URLSegments.h is not part of the API.
2901
2902         * wtf/url/api/ParsedURL.h:
2903
2904 2012-03-08  Ryosuke Niwa  <rniwa@webkit.org>
2905
2906         Mac build fix for micro data API.
2907
2908         * Configurations/FeatureDefines.xcconfig:
2909
2910 2012-03-08  Gavin Barraclough  <barraclough@apple.com>
2911
2912         String.prototype.match and replace do not clear global regexp lastIndex per ES5.1 15.5.4.10
2913         https://bugs.webkit.org/show_bug.cgi?id=26890
2914
2915         Reviewed by Oliver Hunt.
2916
2917         Per 15.10.6.2 step 9.a.1 called via the action of the last iteration of 15.5.4.10 8.f.i.
2918
2919         * runtime/StringPrototype.cpp:
2920         (JSC::replaceUsingRegExpSearch):
2921         (JSC::stringProtoFuncMatch):
2922             - added calls to setLastIndex.
2923
2924 2012-03-08  Matt Lilek  <mrl@apple.com>
2925
2926         Don't enable VIDEO_TRACK on all OS X platforms
2927         https://bugs.webkit.org/show_bug.cgi?id=80635
2928
2929         Reviewed by Eric Carlson.
2930
2931         * Configurations/FeatureDefines.xcconfig:
2932
2933 2012-03-08  Oliver Hunt  <oliver@apple.com>
2934
2935         Build fix.  That day is not today.
2936
2937         * assembler/MacroAssembler.h:
2938         (JSC::MacroAssembler::shouldBlind):
2939         * assembler/MacroAssemblerX86Common.h:
2940         (MacroAssemblerX86Common):
2941         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2942
2943 2012-03-08  Oliver Hunt  <oliver@apple.com>
2944
2945         Build fix. One of these days I'll manage to commit something that works everywhere.
2946
2947         * assembler/AbstractMacroAssembler.h:
2948         (AbstractMacroAssembler):
2949         * assembler/MacroAssemblerARMv7.h:
2950         (MacroAssemblerARMv7):
2951         * assembler/MacroAssemblerX86Common.h:
2952         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2953         (MacroAssemblerX86Common):
2954
2955 2012-03-08  Chao-ying Fu  <fu@mips.com>
2956
2957         Update MIPS patchOffsetGetByIdSlowCaseCall
2958         https://bugs.webkit.org/show_bug.cgi?id=80302
2959
2960         Reviewed by Oliver Hunt.
2961
2962         * jit/JIT.h:
2963         (JIT):
2964
2965 2012-03-08  Oliver Hunt  <oliver@apple.com>
2966
2967         Missing some places where we should be blinding 64bit values (and blinding something we shouldn't)
2968         https://bugs.webkit.org/show_bug.cgi?id=80633
2969
2970         Reviewed by Gavin Barraclough.
2971
2972         Add 64-bit trap for shouldBlindForSpecificArch, so that we always blind
2973         if there isn't a machine specific implementation (otherwise the 64bit value
2974         got truncated and 32bit checks were used -- leaving 32bits untested).
2975         Also add a bit of logic to ensure that we don't try to blind a few common
2976         constants that go through the ImmPtr paths -- encoded numeric JSValues and
2977         unencoded doubles with common "safe" values.
2978
2979         * assembler/AbstractMacroAssembler.h:
2980         (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
2981         * assembler/MacroAssembler.h:
2982         (JSC::MacroAssembler::shouldBlindDouble):
2983         (MacroAssembler):
2984         (JSC::MacroAssembler::shouldBlind):
2985         * assembler/MacroAssemblerX86Common.h:
2986         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2987
2988 2012-03-08  Mark Rowe  <mrowe@apple.com>
2989
2990         <rdar://problem/11012572> Ensure that the staged frameworks path is in the search path for JavaScriptCore
2991
2992         Reviewed by Dan Bernstein.
2993
2994         * Configurations/Base.xcconfig:
2995
2996 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
2997
2998         Fix line endings for copy-files.cmd.
2999         
3000         If a cmd file doesn't have Windows line endings, it doesn't work properly.
3001         In this case, the label :clean wasn't found, breaking the clean build.
3002         
3003         Reviewed by Jessie Berlin.
3004
3005         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
3006
3007 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
3008
3009         DFG CFA incorrectly handles ValueToInt32
3010         https://bugs.webkit.org/show_bug.cgi?id=80568
3011
3012         Reviewed by Gavin Barraclough.
3013         
3014         Changed it match exactly the decision pattern used in
3015         DFG::SpeculativeJIT::compileValueToInt32
3016
3017         * dfg/DFGAbstractState.cpp:
3018         (JSC::DFG::AbstractState::execute):
3019
3020 2012-03-08  Viatcheslav Ostapenko  <ostapenko.viatcheslav@nokia.com>
3021
3022         [Qt] [WK2] Webkit fails to link when compiled with force_static_libs_as_shared
3023         https://bugs.webkit.org/show_bug.cgi?id=80524
3024
3025         Reviewed by Simon Hausmann.
3026
3027         Move IdentifierTable methods defintion to WTFThreadData.cpp to fix linking 
3028         of WTF library.
3029
3030         * runtime/Identifier.cpp:
3031         * wtf/WTFThreadData.cpp:
3032         (JSC):
3033         (JSC::IdentifierTable::~IdentifierTable):
3034         (JSC::IdentifierTable::add):
3035
3036 2012-03-08  Filip Pizlo  <fpizlo@apple.com>
3037
3038         DFG instruction count threshold should be lifted to 10000
3039         https://bugs.webkit.org/show_bug.cgi?id=80579
3040
3041         Reviewed by Gavin Barraclough.
3042
3043         * runtime/Options.cpp:
3044         (JSC::Options::initializeOptions):
3045
3046 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
3047
3048         Incorrect tracking of abstract values of variables forced double
3049         https://bugs.webkit.org/show_bug.cgi?id=80566
3050         <rdar://problem/11001442>
3051
3052         Reviewed by Gavin Barraclough.
3053
3054         * dfg/DFGAbstractState.cpp:
3055         (JSC::DFG::AbstractState::mergeStateAtTail):
3056
3057 2012-03-07  Chao-yng Fu  <fu@mips.com>
3058
3059         [Qt] Fix the MIPS/SH4 build after r109834
3060         https://bugs.webkit.org/show_bug.cgi?id=80492
3061
3062         Reviewed by Oliver Hunt.
3063
3064         Implement three-argument branch(Add,Sub)32.
3065
3066         * assembler/MacroAssemblerMIPS.h:
3067         (JSC::MacroAssemblerMIPS::add32):
3068         (MacroAssemblerMIPS):
3069         (JSC::MacroAssemblerMIPS::sub32):
3070         (JSC::MacroAssemblerMIPS::branchAdd32):
3071         (JSC::MacroAssemblerMIPS::branchSub32):
3072
3073 2012-03-07  Sheriff Bot  <webkit.review.bot@gmail.com>
3074
3075         Unreviewed, rolling out r110127.
3076         http://trac.webkit.org/changeset/110127
3077         https://bugs.webkit.org/show_bug.cgi?id=80562
3078
3079         compile failed on AppleWin (Requested by ukai on #webkit).
3080
3081         * heap/Heap.cpp:
3082         (JSC::Heap::collectAllGarbage):
3083         * heap/Heap.h:
3084         (JSC):
3085         (Heap):
3086         * runtime/Executable.cpp:
3087         (JSC::FunctionExecutable::FunctionExecutable):
3088         (JSC::FunctionExecutable::finalize):
3089         * runtime/Executable.h:
3090         (FunctionExecutable):
3091         (JSC::FunctionExecutable::create):
3092         * runtime/JSGlobalData.cpp:
3093         (WTF):
3094         (Recompiler):
3095         (WTF::Recompiler::operator()):
3096         (JSC::JSGlobalData::recompileAllJSFunctions):
3097         (JSC):
3098         * runtime/JSGlobalData.h:
3099         (JSGlobalData):
3100         * runtime/JSGlobalObject.cpp:
3101         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
3102
3103 2012-03-07  Hojong Han  <hojong.han@samsung.com>
3104
3105         The end atom of the marked block considered to filter invalid cells
3106         https://bugs.webkit.org/show_bug.cgi?id=79191
3107
3108         Reviewed by Geoffrey Garen.
3109
3110         Register file could have stale pointers beyond the end atom of marked block.
3111         Those pointers can weasel out of filtering in-middle-of-cell pointer.
3112
3113         * heap/MarkedBlock.h:
3114         (JSC::MarkedBlock::isLiveCell):
3115
3116 2012-03-07  Jessie Berlin  <jberlin@apple.com>
3117
3118         Clean Windows build fails after r110033
3119         https://bugs.webkit.org/show_bug.cgi?id=80553
3120
3121         Rubber-stamped by Jon Honeycutt and Eric Seidel.
3122
3123         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
3124         Place the implementation files next to their header files in the wtf/text subdirectory.
3125         Use echo -F to tell xcopy that these are files (since there is apparently no flag).
3126         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
3127         Update the path to those implementation files.
3128         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
3129         Ditto.
3130
3131 2012-03-07  Yuqiang Xian  <yuqiang.xian@intel.com>
3132
3133         Eliminate redundant Phis in DFG
3134         https://bugs.webkit.org/show_bug.cgi?id=80415
3135
3136         Reviewed by Filip Pizlo.
3137
3138         Although this may not have any advantage at current stage, this is towards
3139         minimal SSA to make more high level optimizations (like bug 76770) easier.
3140         We have the choices either to build minimal SSA from scratch or to
3141         keep current simple Phi insertion mechanism and remove the redundancy
3142         in another phase. Currently we choose the latter because the change
3143         could be smaller.
3144
3145         * CMakeLists.txt:
3146         * GNUmakefile.list.am:
3147         * JavaScriptCore.xcodeproj/project.pbxproj:
3148         * Target.pri:
3149         * dfg/DFGDriver.cpp:
3150         (JSC::DFG::compile):
3151         * dfg/DFGGraph.cpp:
3152         (JSC::DFG::Graph::dump):
3153         * dfg/DFGRedundantPhiEliminationPhase.cpp: Added.
3154         (DFG):
3155         (RedundantPhiEliminationPhase):
3156         (JSC::DFG::RedundantPhiEliminationPhase::RedundantPhiEliminationPhase):
3157         (JSC::DFG::RedundantPhiEliminationPhase::run):
3158         (JSC::DFG::RedundantPhiEliminationPhase::getRedundantReplacement):
3159         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
3160         (JSC::DFG::RedundantPhiEliminationPhase::fixupPhis):
3161         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
3162         (JSC::DFG::performRedundantPhiElimination):
3163         * dfg/DFGRedundantPhiEliminationPhase.h: Added.
3164         (DFG):
3165
3166 2012-03-07  Mark Hahnenberg  <mhahnenberg@apple.com>
3167
3168         Refactor recompileAllJSFunctions() to be less expensive
3169         https://bugs.webkit.org/show_bug.cgi?id=80330
3170
3171         Reviewed by Geoffrey Garen.
3172
3173         This change is performance neutral on the JS benchmarks we track. It's mostly to improve page 
3174         load performance, which currently does at least a couple full GCs per navigation.
3175
3176         * heap/Heap.cpp:
3177         (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode 
3178         because the function doesn't actually recompile anything (and never did); it simply throws code
3179         away for it to be recompiled later if we determine we should do so.
3180         (JSC):
3181         (JSC::Heap::collectAllGarbage):
3182         (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list.
3183         (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list.
3184         * heap/Heap.h:
3185         (JSC):
3186         (Heap):
3187         * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can 
3188         be used in DoublyLinkedLists.
3189         (JSC::FunctionExecutable::FunctionExecutable):
3190         (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list.
3191         * runtime/Executable.h:
3192         (FunctionExecutable):
3193         (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list.
3194         * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage 
3195         the list of FunctionExecutables.
3196         * runtime/JSGlobalData.h:
3197         (JSGlobalData):
3198         * runtime/JSGlobalObject.cpp:
3199         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode.
3200
3201 2012-03-06  Oliver Hunt  <oliver@apple.com>
3202
3203         Further harden 64-bit JIT
3204         https://bugs.webkit.org/show_bug.cgi?id=80457
3205
3206         Reviewed by Filip Pizlo.
3207
3208         This patch implements blinding for ImmPtr.  Rather than xor based blinding
3209         we perform randomised pointer rotations in order to avoid the significant
3210         cost in executable memory that would otherwise be necessary (and to avoid
3211         the need for an additional scratch register in some cases).
3212
3213         As with the prior blinding patch there's a moderate amount of noise as we
3214         correct the use of ImmPtr vs. TrustedImmPtr.
3215
3216         * assembler/AbstractMacroAssembler.h:
3217         (ImmPtr):
3218         (JSC::AbstractMacroAssembler::ImmPtr::asTrustedImmPtr):
3219         * assembler/MacroAssembler.h:
3220         (MacroAssembler):
3221         (JSC::MacroAssembler::storePtr):
3222         (JSC::MacroAssembler::branchPtr):
3223         (JSC::MacroAssembler::shouldBlind):
3224         (JSC::MacroAssembler::RotatedImmPtr::RotatedImmPtr):
3225         (RotatedImmPtr):
3226         (JSC::MacroAssembler::rotationBlindConstant):
3227         (JSC::MacroAssembler::loadRotationBlindedConstant):
3228         (JSC::MacroAssembler::convertInt32ToDouble):
3229         (JSC::MacroAssembler::move):
3230         (JSC::MacroAssembler::poke):
3231         * assembler/MacroAssemblerARMv7.h:
3232         (JSC::MacroAssemblerARMv7::storeDouble):
3233         (JSC::MacroAssemblerARMv7::branchAdd32):
3234         * assembler/MacroAssemblerX86_64.h:
3235         (MacroAssemblerX86_64):
3236         (JSC::MacroAssemblerX86_64::rotateRightPtr):
3237         (JSC::MacroAssemblerX86_64::xorPtr):
3238         * assembler/X86Assembler.h:
3239         (X86Assembler):
3240         (JSC::X86Assembler::xorq_rm):
3241         (JSC::X86Assembler::rorq_i8r):
3242         * dfg/DFGCCallHelpers.h:
3243         (CCallHelpers):
3244         (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
3245         * dfg/DFGOSRExitCompiler32_64.cpp:
3246         (JSC::DFG::OSRExitCompiler::compileExit):
3247         * dfg/DFGOSRExitCompiler64.cpp:
3248         (JSC::DFG::OSRExitCompiler::compileExit):
3249         * dfg/DFGSpeculativeJIT.cpp:
3250         (JSC::DFG::SpeculativeJIT::createOSREntries):
3251         * dfg/DFGSpeculativeJIT.h:
3252         (JSC::DFG::SpeculativeJIT::silentFillGPR):
3253         (JSC::DFG::SpeculativeJIT::callOperation):
3254         (JSC::DFG::SpeculativeJIT::emitEdgeCode):
3255         * dfg/DFGSpeculativeJIT32_64.cpp:
3256         (JSC::DFG::SpeculativeJIT::compile):
3257         * dfg/DFGSpeculativeJIT64.cpp:
3258         (JSC::DFG::SpeculativeJIT::fillInteger):
3259         (JSC::DFG::SpeculativeJIT::fillDouble):
3260         (JSC::DFG::SpeculativeJIT::fillJSValue):
3261         (JSC::DFG::SpeculativeJIT::emitCall):
3262         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
3263         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
3264         (JSC::DFG::SpeculativeJIT::emitBranch):
3265         * jit/JIT.cpp:
3266         (JSC::JIT::emitOptimizationCheck):
3267         * jit/JITArithmetic32_64.cpp:
3268         (JSC::JIT::emitSlow_op_post_inc):
3269         * jit/JITInlineMethods.h:
3270         (JSC::JIT::emitValueProfilingSite):
3271         (JSC::JIT::emitGetVirtualRegister):
3272         * jit/JITOpcodes.cpp:
3273         (JSC::JIT::emit_op_mov):
3274         (JSC::JIT::emit_op_new_object):
3275         (JSC::JIT::emit_op_strcat):
3276         (JSC::JIT::emit_op_ensure_property_exists):
3277         (JSC::JIT::emit_op_resolve_skip):
3278         (JSC::JIT::emitSlow_op_resolve_global):
3279         (JSC::JIT::emit_op_resolve_with_base):
3280         (JSC::JIT::emit_op_resolve_with_this):
3281         (JSC::JIT::emit_op_jmp_scopes):
3282         (JSC::JIT::emit_op_switch_imm):
3283         (JSC::JIT::emit_op_switch_char):
3284         (JSC::JIT::emit_op_switch_string):
3285         (JSC::JIT::emit_op_throw_reference_error):
3286         (JSC::JIT::emit_op_debug):
3287         (JSC::JIT::emitSlow_op_resolve_global_dynamic):
3288         (JSC::JIT::emit_op_new_array):
3289         (JSC::JIT::emitSlow_op_new_array):
3290         (JSC::JIT::emit_op_new_array_buffer):
3291         * jit/JITOpcodes32_64.cpp:
3292         (JSC::JIT::emit_op_new_object):
3293         (JSC::JIT::emit_op_strcat):
3294         (JSC::JIT::emit_op_ensure_property_exists):
3295         (JSC::JIT::emit_op_resolve_skip):
3296         (JSC::JIT::emitSlow_op_resolve_global):
3297         (JSC::JIT::emit_op_resolve_with_base):
3298         (JSC::JIT::emit_op_resolve_with_this):
3299         (JSC::JIT::emit_op_jmp_scopes):
3300         (JSC::JIT::emit_op_switch_imm):
3301         (JSC::JIT::emit_op_switch_char):
3302         (JSC::JIT::emit_op_switch_string):
3303         * jit/JITPropertyAccess32_64.cpp:
3304         (JSC::JIT::emit_op_put_by_index):
3305         * jit/JITStubCall.h:
3306         (JITStubCall):
3307         (JSC::JITStubCall::addArgument):
3308
3309 2012-03-07  Simon Hausmann  <simon.hausmann@nokia.com>
3310
3311         ARM build fix.
3312
3313         Reviewed by Zoltan Herczeg.
3314
3315         Implement three-argument branch(Add,Sub)32.
3316
3317         * assembler/MacroAssemblerARM.h:
3318         (JSC::MacroAssemblerARM::add32):
3319         (MacroAssemblerARM):
3320         (JSC::MacroAssemblerARM::sub32):
3321         (JSC::MacroAssemblerARM::branchAdd32):
3322         (JSC::MacroAssemblerARM::branchSub32):
3323
3324 2012-03-07  Andy Wingo  <wingo@igalia.com>
3325
3326         Parser: Inline ScopeNodeData into ScopeNode
3327         https://bugs.webkit.org/show_bug.cgi?id=79776
3328
3329         Reviewed by Geoffrey Garen.
3330
3331         It used to be that some ScopeNode members were kept in a separate
3332         structure because sometimes they wouldn't be needed, and
3333         allocating a ParserArena was expensive.  This patch makes
3334         ParserArena lazily allocate its IdentifierArena, allowing the
3335         members to be included directly, which is simpler and easier to
3336         reason about.
3337
3338         * parser/ParserArena.cpp:
3339         (JSC::ParserArena::ParserArena):
3340         (JSC::ParserArena::reset):
3341         (JSC::ParserArena::isEmpty):
3342         * parser/ParserArena.h:
3343         (JSC::ParserArena::identifierArena): Lazily allocate the
3344         IdentifierArena.
3345
3346         * parser/Nodes.cpp:
3347         (JSC::ScopeNode::ScopeNode):
3348         (JSC::ScopeNode::singleStatement):
3349         (JSC::ProgramNode::create):
3350         (JSC::EvalNode::create):
3351         (JSC::FunctionBodyNode::create):
3352         * parser/Nodes.h:
3353         (JSC::ScopeNode::destroyData):
3354         (JSC::ScopeNode::needsActivationForMoreThanVariables):
3355         (JSC::ScopeNode::needsActivation):
3356         (JSC::ScopeNode::hasCapturedVariables):
3357         (JSC::ScopeNode::capturedVariableCount):
3358         (JSC::ScopeNode::captures):
3359         (JSC::ScopeNode::varStack):
3360         (JSC::ScopeNode::functionStack):
3361         (JSC::ScopeNode::neededConstants):
3362         (ScopeNode):
3363         * bytecompiler/NodesCodegen.cpp:
3364         (JSC::ScopeNode::emitStatementsBytecode): Inline ScopeNodeData
3365         into ScopeNode.  Adapt accessors.
3366
3367 2012-03-06  Eric Seidel  <eric@webkit.org>
3368
3369         Make WTF public headers use fully-qualified include paths and remove ForwardingHeaders/wtf
3370         https://bugs.webkit.org/show_bug.cgi?id=80363
3371
3372         Reviewed by Mark Rowe.
3373
3374         Historically WTF has been part of JavaScriptCore, and on Mac and Windows
3375         its headers have appeared as part of the "private" headers exported by
3376         JavaScriptCore.  All of the WTF headers there are "flattened" into a single
3377         private headers directory, and WebCore, WebKit and WebKit2 have used "ForwardingHeaders"
3378         to re-map fully-qualified <wtf/text/Foo.h> includes to simple <JavaScriptCore/Foo.h> includes.
3379
3380         However, very soon, we are moving the WTF source code out of JavaScriptCore into its
3381         own directory and project.  As part of such, the WTF headers will no longer be part of
3382         the JavaScriptCore private interfaces.
3383         In preparation for that, this change makes both the Mac and Win builds export
3384         WTF headers in a non-flattened manner.  On Mac, that means into usr/local/include/wtf
3385         (and subdirectories), on Windows for now that means JavaScriptCore/wtf (and subdirectories).
3386
3387         There are 5 parts to this change.
3388         1.  Updates the JavaScriptCore XCode and VCProj files to actually install these headers
3389             (and header directories) into the appropriate places in the build directory.
3390         2.  Updates JavaScriptCore.xcodeproj to look for these WTF headers in this install location
3391             (WebCore, WebKit, etc. had already been taught to look in previous patches).
3392         3.  Fixes all JavaScriptCore source files, and WTF headers to include WTF headers
3393             using fully qualified paths.
3394         4.  Stops the Mac and Win builds from installing these WTF headers in their old "flattened" location.
3395         5.  Removes WebCore and WebKit ForwardingHeaders/wtf directories now that the flattened headers no longer exist.
3396
3397         Unfortunately we see no way to do this change in smaller parts, since all of these steps are interdependant.
3398         It is possible there are internal Apple projects which depend on JavaScriptCore/Foo.h working for WTF
3399         headers, those will have to be updated to use <wtf/Foo.h> after this change.
3400         I've discussed this proposed change at length with Mark Rowe, and my understanding is they
3401         are ready for (and interested in) this change happening.
3402
3403         * API/tests/JSNode.c:
3404         * API/tests/JSNodeList.c:
3405         * Configurations/Base.xcconfig:
3406         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
3407         * JavaScriptCore.xcodeproj/project.pbxproj:
3408         * assembler/MacroAssemblerCodeRef.h:
3409         * bytecompiler/BytecodeGenerator.h:
3410         * dfg/DFGOperations.cpp:
3411         * heap/GCAssertions.h:
3412         * heap/HandleHeap.h:
3413         * heap/HandleStack.h:
3414         * heap/MarkedSpace.h:
3415         * heap/PassWeak.h:
3416         * heap/Strong.h:
3417         * heap/Weak.h:
3418         * jit/HostCallReturnValue.cpp:
3419         * jit/JIT.cpp:
3420         * jit/JITStubs.cpp:
3421         * jit/ThunkGenerators.cpp:
3422         * parser/Lexer.cpp:
3423         * runtime/Completion.cpp: