cssText should use shorthand notations
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-03-26  Ryosuke Niwa  <rniwa@webkit.org>
2
3         cssText should use shorthand notations
4         https://bugs.webkit.org/show_bug.cgi?id=81737
5
6         Reviewed by Enrica Casucci.
7
8         Export symbols of BitVector on Windows.
9
10         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
11
12 2012-03-26  Filip Pizlo  <fpizlo@apple.com>
13
14         DFG should assert that argument value recoveries can only be
15         AlreadyInRegisterFile or Constant
16         https://bugs.webkit.org/show_bug.cgi?id=82249
17
18         Reviewed by Michael Saboff.
19         
20         Made the assertions that the DFG makes for argument value recoveries match
21         what Arguments expects.
22
23         * bytecode/ValueRecovery.h:
24         (JSC::ValueRecovery::isConstant):
25         (ValueRecovery):
26         (JSC::ValueRecovery::isAlreadyInRegisterFile):
27         * dfg/DFGSpeculativeJIT.cpp:
28         (JSC::DFG::SpeculativeJIT::compile):
29
30 2012-03-26  Dan Bernstein  <mitz@apple.com>
31
32         Tried to fix the Windows build.
33
34         * yarr/YarrPattern.cpp:
35         (JSC::Yarr::CharacterClassConstructor::putRange):
36
37 2012-03-26  Gavin Barraclough  <barraclough@apple.com>
38
39         Unreviewed - speculative Windows build fix.
40
41         * yarr/YarrCanonicalizeUCS2.h:
42         (JSC::Yarr::getCanonicalPair):
43
44 2012-03-26  Dan Bernstein  <mitz@apple.com>
45
46         Fixed builds with assertions disabled.
47
48         * yarr/YarrCanonicalizeUCS2.h:
49         (JSC::Yarr::areCanonicallyEquivalent):
50
51 2012-03-26  Gavin Barraclough  <barraclough@apple.com>
52
53         Unreviewed - errk! - accidentally the whole pbxproj.
54
55         * JavaScriptCore.xcodeproj/project.pbxproj:
56
57 2012-03-25  Gavin Barraclough  <barraclough@apple.com>
58
59         Greek sigma is handled wrong in case independent regexp.
60         https://bugs.webkit.org/show_bug.cgi?id=82063
61
62         Reviewed by Oliver Hunt.
63
64         The bug here is that we assume that any given codepoint has at most one additional value it
65         should match under a case insensitive match, and that the pair of codepoints that match (if
66         a codepoint does not only match itself) can be determined by calling toUpper/toLower on the
67         given codepoint). Life is not that simple.
68
69         Instead, pre-calculate a set of tables mapping from a UCS2 codepoint to the set of characters
70         it may match, under the ES5.1 case-insensitive matching rules. Since unicode is fairly regular
71         we can pack this table quite nicely, and get it down to 364 entries. This means we can use a
72         simple binary search to find an entry in typically eight compares.
73
74         * CMakeLists.txt:
75         * GNUmakefile.list.am:
76         * JavaScriptCore.gypi:
77         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
78         * JavaScriptCore.xcodeproj/project.pbxproj:
79         * yarr/yarr.pri:
80             - Added new files to build systems.
81         * yarr/YarrCanonicalizeUCS2.cpp: Added.
82             - New - autogenerated, UCS2 canonicalized comparison tables.
83         * yarr/YarrCanonicalizeUCS2.h: Added.
84         (JSC::Yarr::rangeInfoFor):
85             - Look up the canonicalization info for a UCS2 character.
86         (JSC::Yarr::getCanonicalPair):
87             - For a UCS2 character with a single equivalent value, look it up.
88         (JSC::Yarr::isCanonicallyUnique):
89             - Returns true if no other UCS2 code points are canonically equal.
90         (JSC::Yarr::areCanonicallyEquivalent):
91             - Compare two values, under canonicalization rules.
92         * yarr/YarrCanonicalizeUCS2.js: Added.
93             - script used to generate YarrCanonicalizeUCS2.cpp.
94         * yarr/YarrInterpreter.cpp:
95         (JSC::Yarr::Interpreter::tryConsumeBackReference):
96             - Use isCanonicallyUnique, rather than Unicode toUpper/toLower.
97         * yarr/YarrJIT.cpp:
98         (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
99         (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
100         (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
101             - Use isCanonicallyUnique, rather than Unicode toUpper/toLower.
102         * yarr/YarrPattern.cpp:
103         (JSC::Yarr::CharacterClassConstructor::putChar):
104             - Updated to determine canonical equivalents correctly.
105         (JSC::Yarr::CharacterClassConstructor::putUnicodeIgnoreCase):
106             - Added, used to put a non-ascii, non-unique character in a case-insensitive match.
107         (JSC::Yarr::CharacterClassConstructor::putRange):
108             - Updated to determine canonical equivalents correctly.
109         (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
110             - Changed to call putUnicodeIgnoreCase, instead of putChar, avoid a double lookup of rangeInfo.
111
112 2012-03-26  Kevin Ollivier  <kevino@theolliviers.com>
113
114         [wx] Unreviewed build fix. Add the build outputs dir to the list of build dirs,
115         so we make sure it finds the API headers on all platforms.
116
117         * wscript:
118
119 2012-03-26  Patrick Gansterer  <paroga@webkit.org>
120
121         Build fix for WinCE after r112039.
122
123         * interpreter/Register.h:
124         (Register): Removed inline keyword from decleration since
125                     there is an ALWAYS_INLINE at the definition anyway.
126
127 2012-03-26  Carlos Garcia Campos  <cgarcia@igalia.com>
128
129         Unreviewed. Fix make distcheck.
130
131         * GNUmakefile.list.am: Add missing files.
132
133 2012-03-25  Kevin Ollivier  <kevino@theolliviers.com>
134
135         [wx] Unreviewed build fix. Move WTF to its own static lib build.
136
137         * wscript:
138
139 2012-03-25  Filip Pizlo  <fpizlo@apple.com>
140
141         DFG int-to-double conversion should be revealed to CSE
142         https://bugs.webkit.org/show_bug.cgi?id=82135
143
144         Reviewed by Oliver Hunt.
145         
146         This introduces the notion of an Int32ToDouble node, which is injected
147         into the graph anytime we know that we have a double use of a node that
148         was predicted integer. The Int32ToDouble simplifies double speculation
149         on integers by skipping the path that would unbox doubles, if we know
150         that the value is already proven to be an integer. It allows integer to
151         double conversions to be subjected to common subexpression elimination
152         (CSE) by allowing the CSE phase to see where these conversions are
153         occurring. Finally, it allows us to see when a constant is being used
154         as both a double and an integer. This is a bit odd, since it means that
155         sometimes a double use of a constant will not refer directly to the
156         constant. This should not cause problems, for now, but it may require
157         some canonizalization in the future if we want to support strength
158         reductions of double operations based on constants.
159         
160         To allow injection of nodes into the graph, this change introduces the
161         DFG::InsertionSet, which is a way of lazily inserting elements into a
162         list. This allows the FixupPhase to remain O(N) despite performing
163         multiple injections in a single basic block. Without the InsertionSet,
164         each injection would require performing an insertion into a vector,
165         which is O(N), leading to O(N^2) performance overall. With the
166         InsertionSet, each injection simply records what insertion would have
167         been performed, and all insertions are performed at once (via
168         InsertionSet::execute) after processing of a basic block is completed.
169
170         * JavaScriptCore.xcodeproj/project.pbxproj:
171         * bytecode/PredictedType.h:
172         (JSC::isActionableIntMutableArrayPrediction):
173         (JSC):
174         (JSC::isActionableFloatMutableArrayPrediction):
175         (JSC::isActionableTypedMutableArrayPrediction):
176         (JSC::isActionableMutableArrayPrediction):
177         * dfg/DFGAbstractState.cpp:
178         (JSC::DFG::AbstractState::execute):
179         * dfg/DFGCSEPhase.cpp:
180         (JSC::DFG::CSEPhase::performNodeCSE):
181         * dfg/DFGCommon.h:
182         (JSC::DFG::useKindToString):
183         (DFG):
184         * dfg/DFGFixupPhase.cpp:
185         (JSC::DFG::FixupPhase::run):
186         (JSC::DFG::FixupPhase::fixupBlock):
187         (FixupPhase):
188         (JSC::DFG::FixupPhase::fixupNode):
189         (JSC::DFG::FixupPhase::fixDoubleEdge):
190         * dfg/DFGGraph.cpp:
191         (JSC::DFG::Graph::dump):
192         * dfg/DFGInsertionSet.h: Added.
193         (DFG):
194         (Insertion):
195         (JSC::DFG::Insertion::Insertion):
196         (JSC::DFG::Insertion::index):
197         (JSC::DFG::Insertion::element):
198         (InsertionSet):
199         (JSC::DFG::InsertionSet::InsertionSet):
200         (JSC::DFG::InsertionSet::append):
201         (JSC::DFG::InsertionSet::execute):
202         * dfg/DFGNodeType.h:
203         (DFG):
204         * dfg/DFGPredictionPropagationPhase.cpp:
205         (JSC::DFG::PredictionPropagationPhase::propagate):
206         * dfg/DFGSpeculativeJIT.cpp:
207         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
208         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
209         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
210         (DFG):
211         * dfg/DFGSpeculativeJIT.h:
212         (SpeculativeJIT):
213         (JSC::DFG::IntegerOperand::IntegerOperand):
214         (JSC::DFG::DoubleOperand::DoubleOperand):
215         (JSC::DFG::JSValueOperand::JSValueOperand):
216         (JSC::DFG::StorageOperand::StorageOperand):
217         (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
218         (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
219         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
220         (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
221         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
222         * dfg/DFGSpeculativeJIT32_64.cpp:
223         (JSC::DFG::SpeculativeJIT::compile):
224         * dfg/DFGSpeculativeJIT64.cpp:
225         (JSC::DFG::SpeculativeJIT::compile):
226
227 2012-03-25  Filip Pizlo  <fpizlo@apple.com>
228
229         DFGOperands should be moved out of the DFG and into bytecode
230         https://bugs.webkit.org/show_bug.cgi?id=82151
231
232         Reviewed by Dan Bernstein.
233
234         * GNUmakefile.list.am:
235         * JavaScriptCore.xcodeproj/project.pbxproj:
236         * bytecode/Operands.h: Copied from Source/JavaScriptCore/dfg/DFGOperands.h.
237         * dfg/DFGBasicBlock.h:
238         * dfg/DFGNode.h:
239         * dfg/DFGOSREntry.h:
240         * dfg/DFGOSRExit.h:
241         * dfg/DFGOperands.h: Removed.
242         * dfg/DFGVariableAccessData.h:
243
244 2012-03-24  Filip Pizlo  <fpizlo@apple.com>
245
246         DFG 64-bit Branch implementation should not be creating a JSValueOperand that
247         it isn't going to use
248         https://bugs.webkit.org/show_bug.cgi?id=82136
249
250         Reviewed by Geoff Garen.
251
252         * dfg/DFGSpeculativeJIT64.cpp:
253         (JSC::DFG::SpeculativeJIT::emitBranch):
254
255 2012-03-24  Kevin Ollivier  <kevino@theolliviers.com>
256
257         [wx] Unreviewed. Fix the build after WTF move.
258
259         * wscript:
260
261 2012-03-23  Filip Pizlo  <fpizlo@apple.com>
262
263         DFG double voting may be overzealous in the case of variables that end up
264         being used as integers
265         https://bugs.webkit.org/show_bug.cgi?id=82008
266
267         Reviewed by Oliver Hunt.
268         
269         Cleaned up propagation, making the intent more explicit in most places.
270         Back-propagate NodeUsedAsInt for cases where a node was used in a context
271         that is known to strongly prefer integers.
272
273         * dfg/DFGByteCodeParser.cpp:
274         (JSC::DFG::ByteCodeParser::handleCall):
275         (JSC::DFG::ByteCodeParser::parseBlock):
276         * dfg/DFGGraph.cpp:
277         (JSC::DFG::Graph::dumpCodeOrigin):
278         (JSC::DFG::Graph::dump):
279         * dfg/DFGGraph.h:
280         (Graph):
281         * dfg/DFGNodeFlags.cpp:
282         (JSC::DFG::nodeFlagsAsString):
283         * dfg/DFGNodeFlags.h:
284         (DFG):
285         * dfg/DFGPredictionPropagationPhase.cpp:
286         (JSC::DFG::PredictionPropagationPhase::run):
287         (JSC::DFG::PredictionPropagationPhase::propagate):
288         (PredictionPropagationPhase):
289         (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags):
290         (JSC::DFG::PredictionPropagationPhase::vote):
291         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
292         (JSC::DFG::PredictionPropagationPhase::fixupNode):
293         * dfg/DFGVariableAccessData.h:
294         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
295
296 2012-03-24  Filip Pizlo  <fpizlo@apple.com>
297
298         DFG::Node::shouldNotSpeculateInteger() should be eliminated
299         https://bugs.webkit.org/show_bug.cgi?id=82123
300
301         Reviewed by Geoff Garen.
302
303         * dfg/DFGAbstractState.cpp:
304         (JSC::DFG::AbstractState::execute):
305         * dfg/DFGNode.h:
306         (Node):
307         * dfg/DFGSpeculativeJIT.cpp:
308         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
309         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
310
311 2012-03-24  Yong Li  <yoli@rim.com>
312
313         Increase getByIdSlowCase ConstantSpace/InstructionSpace for CPU(ARM_TRADITIONAL)
314         https://bugs.webkit.org/show_bug.cgi?id=81521
315
316         Increase sequenceGetByIdSlowCaseConstantSpace and sequenceGetByIdSlowCaseInstructionSpace
317         for CPU(ARM_TRADITIONAL) to fit actual need.
318
319         Reviewed by Oliver Hunt.
320
321         * jit/JIT.h:
322         (JIT):
323
324 2012-03-23  Filip Pizlo  <fpizlo@apple.com>
325
326         DFG Fixup should be able to short-circuit trivial ValueToInt32's
327         https://bugs.webkit.org/show_bug.cgi?id=82030
328
329         Reviewed by Michael Saboff.
330         
331         Takes the fixup() method of the prediction propagation phase and makes it
332         into its own phase. Adds the ability to short-circuit trivial ValueToInt32
333         nodes, and mark pure ValueToInt32's as such.
334
335         * CMakeLists.txt:
336         * GNUmakefile.list.am:
337         * JavaScriptCore.xcodeproj/project.pbxproj:
338         * Target.pri:
339         * dfg/DFGByteCodeParser.cpp:
340         (JSC::DFG::ByteCodeParser::makeSafe):
341         (JSC::DFG::ByteCodeParser::handleCall):
342         (JSC::DFG::ByteCodeParser::parseBlock):
343         * dfg/DFGCommon.h:
344         * dfg/DFGDriver.cpp:
345         (JSC::DFG::compile):
346         * dfg/DFGFixupPhase.cpp: Added.
347         (DFG):
348         (FixupPhase):
349         (JSC::DFG::FixupPhase::FixupPhase):
350         (JSC::DFG::FixupPhase::run):
351         (JSC::DFG::FixupPhase::fixupNode):
352         (JSC::DFG::FixupPhase::fixIntEdge):
353         (JSC::DFG::performFixup):
354         * dfg/DFGFixupPhase.h: Added.
355         (DFG):
356         * dfg/DFGPredictionPropagationPhase.cpp:
357         (JSC::DFG::PredictionPropagationPhase::run):
358         (PredictionPropagationPhase):
359
360 2012-03-23  Mark Hahnenberg  <mhahnenberg@apple.com>
361
362         tryReallocate could break the zero-ed memory invariant of CopiedBlocks
363         https://bugs.webkit.org/show_bug.cgi?id=82087
364
365         Reviewed by Filip Pizlo.
366
367         Removing this optimization turned out to be ~1% regression on kraken, so I simply 
368         undid the modification to the current block if we fail.
369
370         * heap/CopiedSpace.cpp:
371         (JSC::CopiedSpace::tryReallocate): Undid the reset in the CopiedAllocator if we fail 
372         to reallocate from the current block.
373
374 2012-03-23  Alexey Proskuryakov  <ap@apple.com>
375
376         [Mac] No need for platform-specific ENABLE_BLOB values
377         https://bugs.webkit.org/show_bug.cgi?id=82102
378
379         Reviewed by David Kilzer.
380
381         * Configurations/FeatureDefines.xcconfig:
382
383 2012-03-23  Michael Saboff  <msaboff@apple.com>
384
385         DFG::compileValueToInt32 Sometime Generates GPR to FPR reg back to GPR
386         https://bugs.webkit.org/show_bug.cgi?id=81805
387
388         Reviewed by Filip Pizlo.
389
390         Added SpeculativeJIT::checkGeneratedType() to determine the current format
391         of an operand.  Used that information in SpeculativeJIT::compileValueToInt32
392         to generate code that will use integer and JSValue types in integer
393         format directly without a conversion to double.
394
395         * JavaScriptCore.xcodeproj/project.pbxproj:
396         * dfg/DFGSpeculativeJIT.cpp:
397         (JSC::DFG::SpeculativeJIT::checkGeneratedType):
398         (DFG):
399         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
400         * dfg/DFGSpeculativeJIT.h:
401         (DFG):
402         (SpeculativeJIT):
403
404 2012-03-23  Steve Falkenburg  <sfalken@apple.com>
405
406         Update Apple Windows build files for WTF move
407         https://bugs.webkit.org/show_bug.cgi?id=82069
408
409         Reviewed by Jessie Berlin.
410
411         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed WTF and WTFGenerated.
412
413 2012-03-23  Dean Jackson  <dino@apple.com>
414
415         Disable CSS_SHADERS in Apple builds
416         https://bugs.webkit.org/show_bug.cgi?id=81996
417
418         Reviewed by Simon Fraser.
419
420         Remove ENABLE_CSS_SHADERS from FeatureDefines. It's now in Platform.h.
421
422         * Configurations/FeatureDefines.xcconfig:
423
424 2012-03-23  Gavin Barraclough  <barraclough@apple.com>
425
426         RexExp constructor last match properties should not rely on previous ovector
427         https://bugs.webkit.org/show_bug.cgi?id=82077
428
429         Reviewed by Oliver Hunt.
430
431         This change simplifies matching, and will enable subpattern results to be fully lazily generated in the future.
432
433         This patch changes the scheme used to lazily generate the last match properties of the RegExp object.
434         Instead of relying on the results in the ovector, we can instead lazily generate the subpatters using
435         a RegExpMatchesArray. To do so we just need to store the input, the regexp matched, and the match
436         location (the MatchResult). When the match is accessed or the input is set, we reify results. We use
437         a special value of setting the saved result to MatchResult::failed() to indicated that we're in a
438         reified state. This means that next time a match is performed, the store of the result will
439         automatically blow away the reified value.
440
441         * JavaScriptCore.xcodeproj/project.pbxproj:
442             - Added new files.
443         * runtime/RegExp.cpp:
444         (JSC::RegExpFunctionalTestCollector::outputOneTest):
445             - changed 'subPattern' -> 'subpattern' (there was a mix in JSC, 'subpattern' was more common).
446         * runtime/RegExpCachedResult.cpp: Added.
447         (JSC::RegExpCachedResult::visitChildren):
448         (JSC::RegExpCachedResult::lastResult):
449         (JSC::RegExpCachedResult::setInput):
450             - New methods, mark GC objects, lazily create the matches array, and record a user provided input (via assignment to RegExp.inupt).
451         * runtime/RegExpCachedResult.h: Added.
452         (RegExpCachedResult):
453             - Added new class.
454         (JSC::RegExpCachedResult::RegExpCachedResult):
455         (JSC::RegExpCachedResult::record):
456         (JSC::RegExpCachedResult::input):
457             - Initialize the object, record the result of a RegExp match, access the stored input property.
458         * runtime/RegExpConstructor.cpp:
459         (JSC::RegExpConstructor::RegExpConstructor):
460             - Initialize m_result/m_multiline properties.
461         (JSC::RegExpConstructor::visitChildren):
462             - Make sure the cached results (or lazy source for them) are marked.
463         (JSC::RegExpConstructor::getBackref):
464         (JSC::RegExpConstructor::getLastParen):
465         (JSC::RegExpConstructor::getLeftContext):
466         (JSC::RegExpConstructor::getRightContext):
467             - Moved from RegExpConstructor, moved to RegExpCachedResult, and using new caching scheme.
468         (JSC::regExpConstructorInput):
469         (JSC::setRegExpConstructorInput):
470             - Changed to use RegExpCachedResult.
471         * runtime/RegExpConstructor.h:
472         (JSC::RegExpConstructor::create):
473         (RegExpConstructor):
474         (JSC::RegExpConstructor::setMultiline):
475         (JSC::RegExpConstructor::multiline):
476             - Move multiline property onto the constructor object; it is not affected by the last match.
477         (JSC::RegExpConstructor::setInput):
478         (JSC::RegExpConstructor::input):
479             - These defer to RegExpCachedResult.
480         (JSC::RegExpConstructor::performMatch):
481         * runtime/RegExpMatchesArray.cpp: Added.
482         (JSC::RegExpMatchesArray::visitChildren):
483             - Eeeep! added missing visitChildren!
484         (JSC::RegExpMatchesArray::finishCreation):
485         (JSC::RegExpMatchesArray::reifyAllProperties):
486         (JSC::RegExpMatchesArray::reifyMatchProperty):
487             - Moved from RegExpConstructor.cpp.
488         (JSC::RegExpMatchesArray::leftContext):
489         (JSC::RegExpMatchesArray::rightContext):
490             - Since the match start/
491         * runtime/RegExpMatchesArray.h:
492         (RegExpMatchesArray):
493             - Declare new methods & structure flags.
494         * runtime/RegExpObject.cpp:
495         (JSC::RegExpObject::match):
496             - performMatch now requires the JSString input, to cache.
497         * runtime/StringPrototype.cpp:
498         (JSC::removeUsingRegExpSearch):
499         (JSC::replaceUsingRegExpSearch):
500         (JSC::stringProtoFuncMatch):
501         (JSC::stringProtoFuncSearch):
502             - performMatch now requires the JSString input, to cache.
503
504 2012-03-23  Tony Chang  <tony@chromium.org>
505
506         [chromium] rename newwtf target back to wtf
507         https://bugs.webkit.org/show_bug.cgi?id=82064
508
509         Reviewed by Adam Barth.
510
511         * JavaScriptCore.gyp/JavaScriptCore.gyp:
512
513 2012-03-23  Mark Hahnenberg  <mhahnenberg@apple.com>
514
515         Simplify memory usage tracking in CopiedSpace
516         https://bugs.webkit.org/show_bug.cgi?id=80705
517
518         Reviewed by Filip Pizlo.
519
520         * heap/CopiedAllocator.h:
521         (CopiedAllocator): Rename currentUtilization to currentSize.
522         (JSC::CopiedAllocator::currentCapacity):
523         * heap/CopiedBlock.h:
524         (CopiedBlock):
525         (JSC::CopiedBlock::payload): Move the implementation of payload() out of the class
526         declaration.
527         (JSC):
528         (JSC::CopiedBlock::size): Add new function to calculate the block's size.
529         (JSC::CopiedBlock::capacity): Ditto for capacity.
530         * heap/CopiedSpace.cpp:
531         (JSC::CopiedSpace::CopiedSpace): Remove old bogus memory stats fields and add a new
532         field for the water mark.
533         (JSC::CopiedSpace::init):
534         (JSC::CopiedSpace::tryAllocateSlowCase): When we fail to allocate from the current 
535         block, we need to update our current water mark with the size of the block.
536         (JSC::CopiedSpace::tryAllocateOversize): When we allocate a new oversize block, we 
537         need to update our current water mark with the size of the used portion of the block.
538         (JSC::CopiedSpace::tryReallocate): We don't need to update the water mark when 
539         reallocating because it will either get accounted for when we fill up the block later 
540         in the case of being able to reallocate in the current block or it will get picked up 
541         immediately because we'll have to get a new block.
542         (JSC::CopiedSpace::tryReallocateOversize): We do, however, need to update in when 
543         realloc-ing an oversize block because we deallocate the old block and allocate a brand 
544         new one.
545         (JSC::CopiedSpace::doneFillingBlock): Update the water mark as blocks are returned to 
546         the CopiedSpace by the SlotVisitors.
547         (JSC::CopiedSpace::doneCopying): Add in any pinned blocks to the water mark.
548         (JSC::CopiedSpace::getFreshBlock): We use the Heap's new function to tell us whether or 
549         not we should collect now instead of doing the calculation ourself.
550         (JSC::CopiedSpace::destroy):
551         (JSC):
552         (JSC::CopiedSpace::size): Manually calculate the size of the CopiedSpace, similar to how 
553         MarkedSpace does.
554         (JSC::CopiedSpace::capacity): Ditto for capacity.
555         * heap/CopiedSpace.h:
556         (JSC::CopiedSpace::waterMark):
557         (CopiedSpace):
558         * heap/CopiedSpaceInlineMethods.h:
559         (JSC::CopiedSpace::startedCopying): Reset water mark to 0 when we start copying during a 
560         collection.
561         (JSC::CopiedSpace::allocateNewBlock):
562         (JSC::CopiedSpace::fitsInBlock):
563         (JSC::CopiedSpace::allocateFromBlock):
564         * heap/Heap.cpp:
565         (JSC::Heap::size): Incorporate size of CopiedSpace into the total size of the Heap.
566         (JSC::Heap::capacity): Ditto for capacity.
567         (JSC::Heap::collect):
568         * heap/Heap.h:
569         (Heap):
570         (JSC::Heap::shouldCollect): New function for other sub-parts of the Heap to use to 
571         determine whether they should initiate a collection or continue to allocate new blocks.
572         (JSC):
573         (JSC::Heap::waterMark): Now is the sum of the water marks of the two sub-parts of the
574         Heap (MarkedSpace and CopiedSpace).
575         * heap/MarkedAllocator.cpp:
576         (JSC::MarkedAllocator::allocateSlowCase): Changed to use the Heap's new shouldCollect() function.
577
578 2012-03-23  Ryosuke Niwa  <rniwa@webkit.org>
579
580         BitVector::resizeOutOfLine doesn't memset when converting an inline buffer
581         https://bugs.webkit.org/show_bug.cgi?id=82012
582
583         Reviewed by Filip Pizlo.
584
585         Initialize out-of-line buffers while extending an inline buffer. Also export symbols to be used in WebCore.
586
587         * wtf/BitVector.cpp:
588         (WTF::BitVector::resizeOutOfLine):
589         * wtf/BitVector.h:
590         (BitVector):
591         (OutOfLineBits):
592
593 2012-03-22  Michael Saboff  <msaboff@apple.com>
594
595         ExecutableAllocator::memoryPressureMultiplier() might can return NaN
596         https://bugs.webkit.org/show_bug.cgi?id=82002
597
598         Reviewed by Filip Pizlo.
599
600         Guard against divide by zero and then make sure the return
601         value is >= 1.0.
602
603         * jit/ExecutableAllocator.cpp:
604         (JSC::ExecutableAllocator::memoryPressureMultiplier):
605         * jit/ExecutableAllocatorFixedVMPool.cpp:
606         (JSC::ExecutableAllocator::memoryPressureMultiplier):
607
608 2012-03-22  Jessie Berlin  <jberlin@apple.com>
609
610         Windows build fix after r111778.
611
612         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
613         Don't include and try to build files owned by WTF.
614         Also, let VS have its way with the vcproj in terms of file ordering.
615
616 2012-03-22  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
617
618         [CMake] Unreviewed build fix after r111778.
619
620         * CMakeLists.txt: Move ${WTF_DIR} after ${JAVASCRIPTCORE_DIR} in
621         the include paths so that the right config.h is used.
622
623 2012-03-22  Tony Chang  <tony@chromium.org>
624
625         Unreviewed, fix chromium build after wtf move.
626
627         Remove old wtf_config and wtf targets.
628
629         * JavaScriptCore.gyp/JavaScriptCore.gyp:
630
631 2012-03-22  Martin Robinson  <mrobinson@igalia.com>
632
633         Fixed the GTK+ WTF/JavaScriptCore build after r111778.
634
635         * GNUmakefile.list.am: Removed an extra trailing backslash.
636
637 2012-03-22  Mark Rowe  <mrowe@apple.com>
638
639         Fix the build.
640
641         * Configurations/JavaScriptCore.xcconfig: Tell the linker to pull in all members from static libraries
642         rather than only those that contain symbols that JavaScriptCore itself uses.
643         * JavaScriptCore.xcodeproj/project.pbxproj: Remove some bogus settings that crept in to the Xcode project.
644
645 2012-03-22  Filip Pizlo  <fpizlo@apple.com>
646
647         DFG NodeFlags has some duplicate code and naming issues
648         https://bugs.webkit.org/show_bug.cgi?id=81975
649
650         Reviewed by Gavin Barraclough.
651         
652         Removed most references to "ArithNodeFlags" since those are now just part
653         of the node flags. Fixed some renaming goofs (EdgedAsNum is once again
654         NodeUsedAsNum). Got rid of setArithNodeFlags() and mergeArithNodeFlags()
655         because the former was never called and the latter did the same things as
656         mergeFlags().
657
658         * dfg/DFGByteCodeParser.cpp:
659         (JSC::DFG::ByteCodeParser::makeSafe):
660         (JSC::DFG::ByteCodeParser::makeDivSafe):
661         (JSC::DFG::ByteCodeParser::handleIntrinsic):
662         * dfg/DFGGraph.cpp:
663         (JSC::DFG::Graph::dump):
664         * dfg/DFGNode.h:
665         (JSC::DFG::Node::arithNodeFlags):
666         (Node):
667         * dfg/DFGNodeFlags.cpp:
668         (JSC::DFG::nodeFlagsAsString):
669         * dfg/DFGNodeFlags.h:
670         (DFG):
671         (JSC::DFG::nodeUsedAsNumber):
672         * dfg/DFGPredictionPropagationPhase.cpp:
673         (JSC::DFG::PredictionPropagationPhase::propagate):
674         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
675
676 2012-03-22  Eric Seidel  <eric@webkit.org>
677
678         Actually move WTF files to their new home
679         https://bugs.webkit.org/show_bug.cgi?id=81844
680
681         Unreviewed.  The details of the port-specific changes
682         have been seen by contributors from those ports, but
683         the whole 5MB change isn't very reviewable as-is.
684
685         * GNUmakefile.am:
686         * GNUmakefile.list.am:
687         * JSCTypedArrayStubs.h:
688         * JavaScriptCore.gypi:
689         * JavaScriptCore.xcodeproj/project.pbxproj:
690         * jsc.cpp:
691
692 2012-03-22  Kevin Ollivier  <kevino@theolliviers.com>
693
694         [wx] Unreviewed. Adding Source/WTF to the build.
695
696         * wscript:
697
698 2012-03-22  Gavin Barraclough  <barraclough@apple.com>
699
700         Add JSValue::isFunction
701         https://bugs.webkit.org/show_bug.cgi?id=81935
702
703         Reviewed by Geoff Garen.
704
705         This would be useful in the WebCore bindings code.
706         Also, remove asFunction, replace with jsCast<JSFunction*>.
707
708         * API/JSContextRef.cpp:
709         * debugger/Debugger.cpp:
710         * debugger/DebuggerCallFrame.cpp:
711         (JSC::DebuggerCallFrame::functionName):
712         * dfg/DFGGraph.h:
713         (JSC::DFG::Graph::valueOfFunctionConstant):
714         * dfg/DFGOperations.cpp:
715         * interpreter/CallFrame.cpp:
716         (JSC::CallFrame::isInlineCallFrameSlow):
717         * interpreter/Interpreter.cpp:
718         (JSC::Interpreter::privateExecute):
719         * jit/JITStubs.cpp:
720         (JSC::DEFINE_STUB_FUNCTION):
721         (JSC::jitCompileFor):
722         (JSC::lazyLinkFor):
723         * llint/LLIntSlowPaths.cpp:
724         (JSC::LLInt::traceFunctionPrologue):
725         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
726         (JSC::LLInt::setUpCall):
727         * runtime/Arguments.h:
728         (JSC::Arguments::finishCreation):
729         * runtime/ArrayPrototype.cpp:
730         (JSC::arrayProtoFuncFilter):
731         (JSC::arrayProtoFuncMap):
732         (JSC::arrayProtoFuncEvery):
733         (JSC::arrayProtoFuncForEach):
734         (JSC::arrayProtoFuncSome):
735         (JSC::arrayProtoFuncReduce):
736         (JSC::arrayProtoFuncReduceRight):
737         * runtime/CommonSlowPaths.h:
738         (JSC::CommonSlowPaths::arityCheckFor):
739         * runtime/Executable.h:
740         (JSC::FunctionExecutable::compileFor):
741         (JSC::FunctionExecutable::compileOptimizedFor):
742         * runtime/FunctionPrototype.cpp:
743         (JSC::functionProtoFuncToString):
744         * runtime/JSArray.cpp:
745         (JSC::JSArray::sort):
746         * runtime/JSFunction.cpp:
747         (JSC::JSFunction::argumentsGetter):
748         (JSC::JSFunction::callerGetter):
749         (JSC::JSFunction::lengthGetter):
750         * runtime/JSFunction.h:
751         (JSC):
752         (JSC::asJSFunction):
753         (JSC::JSValue::isFunction):
754         * runtime/JSGlobalData.cpp:
755         (WTF::Recompiler::operator()):
756         (JSC::JSGlobalData::releaseExecutableMemory):
757         * runtime/JSValue.h:
758         * runtime/StringPrototype.cpp:
759         (JSC::replaceUsingRegExpSearch):
760
761 2012-03-21  Filip Pizlo  <fpizlo@apple.com>
762
763         DFG speculation on booleans should be rationalized
764         https://bugs.webkit.org/show_bug.cgi?id=81840
765
766         Reviewed by Gavin Barraclough.
767         
768         This removes isKnownBoolean() and replaces it with AbstractState-based
769         optimization, and cleans up the control flow in code gen methods for
770         Branch and LogicalNot. Also fixes a goof in Node::shouldSpeculateNumber,
771         and removes isKnownNotBoolean() since that method appeared to be a
772         helper used solely by 32_64's speculateBooleanOperation().
773         
774         This is performance-neutral.
775
776         * dfg/DFGAbstractState.cpp:
777         (JSC::DFG::AbstractState::execute):
778         * dfg/DFGNode.h:
779         (JSC::DFG::Node::shouldSpeculateNumber):
780         * dfg/DFGSpeculativeJIT.cpp:
781         (DFG):
782         * dfg/DFGSpeculativeJIT.h:
783         (SpeculativeJIT):
784         * dfg/DFGSpeculativeJIT32_64.cpp:
785         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
786         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
787         (JSC::DFG::SpeculativeJIT::emitBranch):
788         (JSC::DFG::SpeculativeJIT::compile):
789         * dfg/DFGSpeculativeJIT64.cpp:
790         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
791         (JSC::DFG::SpeculativeJIT::emitBranch):
792         (JSC::DFG::SpeculativeJIT::compile):
793
794 2012-03-21  Mark Rowe  <mrowe@apple.com>
795
796         Fix the build.
797
798         * wtf/MetaAllocator.h:
799         (MetaAllocator): Export the destructor.
800
801 2012-03-21  Eric Seidel  <eric@webkit.org>
802
803         Fix remaining WTF includes in JavaScriptCore in preparation for moving WTF headers out of JavaScriptCore
804         https://bugs.webkit.org/show_bug.cgi?id=81834
805
806         Reviewed by Adam Barth.
807
808         * jsc.cpp:
809         * os-win32/WinMain.cpp:
810         * runtime/JSDateMath.cpp:
811         * runtime/TimeoutChecker.cpp:
812         * testRegExp.cpp:
813         * tools/CodeProfiling.cpp:
814
815 2012-03-21  Eric Seidel  <eric@webkit.org>
816
817         WTF::MetaAllocator has a weak vtable (discovered when building wtf as a static library)
818         https://bugs.webkit.org/show_bug.cgi?id=81838
819
820         Reviewed by Geoffrey Garen.
821
822         My understanding is that weak vtables happen when the compiler/linker cannot
823         determine which compilation unit should constain the vtable.  In this case
824         because there were only pure virtual functions as well as an "inline"
825         virtual destructor (thus the virtual destructor was defined in many compilation
826         units).  Since you can't actually "inline" a virtual function (it still has to
827         bounce through the vtable), the "inline" on this virutal destructor doesn't
828         actually help performance, and is only serving to confuse the compiler here.
829         I've moved the destructor implementation to the .cpp file, thus making
830         it clear to the compiler where the vtable should be stored, and solving the error.
831
832         * wtf/MetaAllocator.cpp:
833         (WTF::MetaAllocator::~MetaAllocator):
834         (WTF):
835         * wtf/MetaAllocator.h:
836
837 2012-03-20  Gavin Barraclough  <barraclough@apple.com>
838
839         RegExpMatchesArray should not copy the ovector
840         https://bugs.webkit.org/show_bug.cgi?id=81742
841
842         Reviewed by Michael Saboff.
843
844         Currently, all RegExpMatchesArray object contain Vector<int, 32>, used to hold any sub-pattern results.
845         This makes allocation/construction/destruction of these objects more expensive. Instead, just store the
846         main match, and recreate the sub-pattern ranges only if necessary (these are often only used for grouping,
847         and the results never accessed).
848         If the main match (index 0) of the RegExpMatchesArray is accessed, reify that value alone.
849
850         * dfg/DFGOperations.cpp:
851             - RegExpObject match renamed back to test (test returns a bool).
852         * runtime/RegExpConstructor.cpp:
853         (JSC):
854             - Removed RegExpResult, RegExpMatchesArray constructor, destroy method.
855         (JSC::RegExpMatchesArray::finishCreation):
856             - Removed RegExpConstructorPrivate parameter.
857         (JSC::RegExpMatchesArray::reifyAllProperties):
858             - (Was fillArrayInstance) Reify all properties of the RegExpMatchesArray.
859             If there are sub-pattern properties, the RegExp is re-run to generate their values.
860         (JSC::RegExpMatchesArray::reifyMatchProperty):
861             - Reify just the match (index 0) property of the RegExpMatchesArray.
862         * runtime/RegExpConstructor.h:
863         (RegExpConstructor):
864         (JSC::RegExpConstructor::performMatch):
865             - performMatch now returns a MatchResult, rather than using out-parameters.
866         * runtime/RegExpMatchesArray.h:
867         (JSC::RegExpMatchesArray::RegExpMatchesArray):
868             - Moved from .cpp, stores the input/regExp/result to use when lazily reifying properties.
869         (RegExpMatchesArray):
870         (JSC::RegExpMatchesArray::create):
871             - Now passed the input string matched against, the RegExp, and the MatchResult.
872         (JSC::RegExpMatchesArray::reifyAllPropertiesIfNecessary):
873         (JSC::RegExpMatchesArray::reifyMatchPropertyIfNecessary):
874             - Helpers to conditionally reify properties.
875         (JSC::RegExpMatchesArray::getOwnPropertySlot):
876         (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
877         (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
878         (JSC::RegExpMatchesArray::put):
879         (JSC::RegExpMatchesArray::putByIndex):
880         (JSC::RegExpMatchesArray::deleteProperty):
881         (JSC::RegExpMatchesArray::deletePropertyByIndex):
882         (JSC::RegExpMatchesArray::getOwnPropertyNames):
883         (JSC::RegExpMatchesArray::defineOwnProperty):
884             - Changed to use reifyAllPropertiesIfNecessary/reifyMatchPropertyIfNecessary
885             (getOwnPropertySlotByIndex calls reifyMatchPropertyIfNecessary if index is 0).
886         * runtime/RegExpObject.cpp:
887         (JSC::RegExpObject::exec):
888         (JSC::RegExpObject::match):
889             - match now returns a MatchResult.
890         * runtime/RegExpObject.h:
891         (JSC::MatchResult::MatchResult):
892             - Added the result of a match is a start & end tuple.
893         (JSC::MatchResult::failed):
894             - A failure is indicated by (notFound, 0).
895         (JSC::MatchResult::operator bool):
896             - Evaluates to false if the match failed.
897         (JSC::MatchResult::empty):
898             - Evaluates to true if the match succeeded with length 0.
899         (JSC::RegExpObject::test):
900             - Now returns a bool.
901         * runtime/RegExpPrototype.cpp:
902         (JSC::regExpProtoFuncTest):
903             - RegExpObject match renamed back to test (test returns a bool).
904         * runtime/StringPrototype.cpp:
905         (JSC::removeUsingRegExpSearch):
906         (JSC::replaceUsingRegExpSearch):
907         (JSC::stringProtoFuncMatch):
908         (JSC::stringProtoFuncSearch):
909             - performMatch now returns a MatchResult, rather than using out-parameters.
910
911 2012-03-21  Hojong Han  <hojong.han@samsung.com>
912
913         Fix out of memory by allowing overcommit
914         https://bugs.webkit.org/show_bug.cgi?id=81743
915
916         Reviewed by Geoffrey Garen.
917
918         Garbage collection is not triggered and new blocks are added
919         because overcommit is allowed by MAP_NORESERVE flag when high water mark is big enough.
920
921         * wtf/OSAllocatorPosix.cpp:
922         (WTF::OSAllocator::reserveAndCommit):
923
924 2012-03-21  Jessie Berlin  <jberlin@apple.com>
925
926         More Windows build fixing.
927
928         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
929         Fix the order of the include directories to look in include/private first before looking
930         in include/private/JavaScriptCore.
931         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
932         Look in the Production output directory (where the wtf headers will be). This is the same
933         thing that is done for jsc and testRegExp in ReleasePGO.
934
935 2012-03-21  Jessie Berlin  <jberlin@apple.com>
936
937         WTF headers should be in $(ConfigurationBuildDir)\include\private\wtf, not
938         $(ConfigurationBuildDir)\include\private\JavaScriptCore\wtf.
939         https://bugs.webkit.org/show_bug.cgi?id=81739
940
941         Reviewed by Dan Bernstein.
942
943         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
944         Look for AtomicString.cpp, StringBuilder.cpp, StringImpl.cpp, and WTFString.cpp in the wtf
945         subdirectory of the build output, not the JavaScriptCore/wtf subdirectory.
946         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
947         Ditto.
948
949         * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops:
950         Get the headers for those 4 files from the wtf subdirectory of the build output, not the
951         JavaScriptCore/wtf subdirectory.
952         * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
953         Ditto.
954
955 2012-03-20  Eric Seidel  <eric@webkit.org>
956
957         Move wtf/Platform.h from JavaScriptCore to Source/WTF/wtf
958         https://bugs.webkit.org/show_bug.cgi?id=80911
959
960         Reviewed by Adam Barth.
961
962         Update the various build systems to depend on Source/WTF headers
963         as well as remove references to Platform.h (since it's now moved).
964
965         * CMakeLists.txt:
966         * JavaScriptCore.pri:
967         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
968         * JavaScriptCore.xcodeproj/project.pbxproj:
969         * wtf/CMakeLists.txt:
970
971 2012-03-20  Filip Pizlo  <fpizlo@apple.com>
972
973         op_mod fails on many interesting corner cases
974         https://bugs.webkit.org/show_bug.cgi?id=81648
975
976         Reviewed by Oliver Hunt.
977         
978         Removed most strength reduction for op_mod, and fixed the integer handling
979         to do the right thing for corner cases. Oddly, this revealed bugs in OSR,
980         which this patch also fixes.
981         
982         This patch is performance neutral on all of the major benchmarks we track.
983
984         * dfg/DFGOperations.cpp:
985         * dfg/DFGOperations.h:
986         * dfg/DFGSpeculativeJIT.cpp:
987         (DFG):
988         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
989         (JSC::DFG::SpeculativeJIT::compileArithMod):
990         * jit/JIT.h:
991         (JIT):
992         * jit/JITArithmetic.cpp:
993         (JSC):
994         (JSC::JIT::emit_op_mod):
995         (JSC::JIT::emitSlow_op_mod):
996         * jit/JITArithmetic32_64.cpp:
997         (JSC::JIT::emit_op_mod):
998         (JSC::JIT::emitSlow_op_mod):
999         * jit/JITOpcodes32_64.cpp:
1000         (JSC::JIT::privateCompileCTIMachineTrampolines):
1001         (JSC):
1002         * jit/JITStubs.h:
1003         (TrampolineStructure):
1004         (JSC::JITThunks::ctiNativeConstruct):
1005         * llint/LowLevelInterpreter64.asm:
1006         * wtf/Platform.h:
1007         * wtf/SimpleStats.h:
1008         (WTF::SimpleStats::variance):
1009
1010 2012-03-20  Steve Falkenburg  <sfalken@apple.com>
1011
1012         Windows (make based) build fix.
1013         <rdar://problem/11069015>
1014
1015         * JavaScriptCore.vcproj/JavaScriptCore.make: devenv /rebuild doesn't work with JavaScriptCore.vcproj. Use /clean and /build instead.
1016
1017 2012-03-20  Steve Falkenburg  <sfalken@apple.com>
1018
1019         Move WTF-related Windows project files out of JavaScriptCore
1020         https://bugs.webkit.org/show_bug.cgi?id=80680
1021
1022         This change only moves the vcproj and related files from JavaScriptCore/JavaScriptCore.vcproj/WTF.
1023         It does not move any source code. This is in preparation for the WTF source move out of
1024         JavaScriptCore.
1025
1026         Reviewed by Jessie Berlin.
1027
1028         * JavaScriptCore.vcproj/JavaScriptCore.sln:
1029         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
1030         * JavaScriptCore.vcproj/WTF: Removed.
1031         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed.
1032         * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Removed.
1033         * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Removed.
1034         * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Removed.
1035         * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Removed.
1036         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Removed.
1037         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Removed.
1038         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Removed.
1039         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Removed.
1040         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Removed.
1041         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Removed.
1042         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Removed.
1043         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Removed.
1044         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Removed.
1045         * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd: Removed.
1046         * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd: Removed.
1047         * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Removed.
1048         * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Removed.
1049         * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Removed.
1050         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Removed.
1051         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Removed.
1052         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Removed.
1053
1054 2012-03-20  Benjamin Poulain  <bpoulain@apple.com>
1055
1056         Cache the type string of JavaScript object
1057         https://bugs.webkit.org/show_bug.cgi?id=81446
1058
1059         Reviewed by Geoffrey Garen.
1060
1061         Instead of creating the JSString every time, we create
1062         lazily the strings in JSGlobalData.
1063
1064         This avoid the construction of the StringImpl and of the JSString,
1065         which gives some performance improvements.
1066
1067         * runtime/CommonIdentifiers.h:
1068         * runtime/JSValue.cpp:
1069         (JSC::JSValue::toStringSlowCase):
1070         * runtime/Operations.cpp:
1071         (JSC::jsTypeStringForValue):
1072         * runtime/SmallStrings.cpp:
1073         (JSC::SmallStrings::SmallStrings):
1074         (JSC::SmallStrings::finalizeSmallStrings):
1075         (JSC::SmallStrings::initialize):
1076         (JSC):
1077         * runtime/SmallStrings.h:
1078         (SmallStrings):
1079
1080 2012-03-20  Oliver Hunt  <oliver@apple.com>
1081
1082         Allow LLINT to work even when executable allocation fails.
1083         https://bugs.webkit.org/show_bug.cgi?id=81693
1084
1085         Reviewed by Gavin Barraclough.
1086
1087         Don't crash if executable allocation fails if we can fall back on LLINT
1088
1089         * jit/ExecutableAllocatorFixedVMPool.cpp:
1090         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
1091         * wtf/OSAllocatorPosix.cpp:
1092         (WTF::OSAllocator::reserveAndCommit):
1093
1094 2012-03-20  Csaba Osztrogonác  <ossy@webkit.org>
1095
1096         Division optimizations fail to infer cases of truncated division and mishandle -2147483648/-1
1097         https://bugs.webkit.org/show_bug.cgi?id=81428
1098
1099         32 bit buildfix after r111355.
1100
1101         2147483648 (2^31) isn't valid int literal in ISO C90, because 2147483647 (2^31-1) is the biggest int.
1102         The smallest int is -2147483648 (-2^31) == -2147483647 - 1  == -INT32_MAX-1 == INT32_MIN (stdint.h).
1103
1104         Reviewed by Zoltan Herczeg.
1105
1106         * dfg/DFGSpeculativeJIT.cpp:
1107         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
1108
1109 2012-03-19  Jochen Eisinger  <jochen@chromium.org>
1110
1111         Split WTFReportBacktrace into WTFReportBacktrace and WTFPrintBacktrace
1112         https://bugs.webkit.org/show_bug.cgi?id=80983
1113
1114         Reviewed by Darin Adler.
1115
1116         This allows printing a backtrace acquired by an earlier WTFGetBacktrace
1117         call which is useful for local debugging.
1118
1119         * wtf/Assertions.cpp:
1120         * wtf/Assertions.h:
1121
1122 2012-03-19  Benjamin Poulain  <benjamin@webkit.org>
1123
1124         Do not copy the script source in the SourceProvider, just reference the existing string
1125         https://bugs.webkit.org/show_bug.cgi?id=81466
1126
1127         Reviewed by Geoffrey Garen.
1128
1129         * parser/SourceCode.h: Remove the unused, and incorrect, function data().
1130         * parser/SourceProvider.h: Add OVERRIDE for clarity.
1131
1132 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1133
1134         Division optimizations fail to infer cases of truncated division and
1135         mishandle -2147483648/-1
1136         https://bugs.webkit.org/show_bug.cgi?id=81428
1137         <rdar://problem/11067382>
1138
1139         Reviewed by Oliver Hunt.
1140
1141         If you're a division over integers and you're only used as an integer, then you're
1142         an integer division and remainder checks become unnecessary. If you're dividing
1143         -2147483648 by -1, don't crash.
1144
1145         * assembler/MacroAssemblerX86Common.h:
1146         (MacroAssemblerX86Common):
1147         (JSC::MacroAssemblerX86Common::add32):
1148         * dfg/DFGSpeculativeJIT.cpp:
1149         (DFG):
1150         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
1151         * dfg/DFGSpeculativeJIT.h:
1152         (SpeculativeJIT):
1153         * dfg/DFGSpeculativeJIT32_64.cpp:
1154         (JSC::DFG::SpeculativeJIT::compile):
1155         * dfg/DFGSpeculativeJIT64.cpp:
1156         (JSC::DFG::SpeculativeJIT::compile):
1157         * llint/LowLevelInterpreter64.asm:
1158
1159 2012-03-19  Benjamin Poulain  <bpoulain@apple.com>
1160
1161         Simplify SmallStrings
1162         https://bugs.webkit.org/show_bug.cgi?id=81445
1163
1164         Reviewed by Gavin Barraclough.
1165
1166         SmallStrings had two methods that should not be public: count() and clear().
1167
1168         The method clear() is effectively replaced by finalizeSmallStrings(). The body
1169         of the method was moved to the constructor since the code is obvious.
1170
1171         The method count() is unused.
1172
1173         * runtime/SmallStrings.cpp:
1174         (JSC::SmallStrings::SmallStrings):
1175         * runtime/SmallStrings.h:
1176         (SmallStrings):
1177
1178 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1179
1180         DFG can no longer compile V8-v4/regexp in debug mode
1181         https://bugs.webkit.org/show_bug.cgi?id=81592
1182
1183         Reviewed by Gavin Barraclough.
1184
1185         * dfg/DFGSpeculativeJIT32_64.cpp:
1186         (JSC::DFG::SpeculativeJIT::compile):
1187         * dfg/DFGSpeculativeJIT64.cpp:
1188         (JSC::DFG::SpeculativeJIT::compile):
1189
1190 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1191
1192         Prediction propagation for UInt32ToNumber incorrectly assumes that outs outcome does not
1193         change throughout the fixpoint
1194         https://bugs.webkit.org/show_bug.cgi?id=81583
1195
1196         Reviewed by Michael Saboff.
1197
1198         * dfg/DFGPredictionPropagationPhase.cpp:
1199         (JSC::DFG::PredictionPropagationPhase::propagate):
1200
1201 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1202
1203         GC should not attempt to clear LLInt instruction inline caches for code blocks that are in
1204         the process of being generated
1205         https://bugs.webkit.org/show_bug.cgi?id=81565
1206
1207         Reviewed by Oliver Hunt.
1208
1209         * bytecode/CodeBlock.cpp:
1210         (JSC::CodeBlock::finalizeUnconditionally):
1211
1212 2012-03-19  Eric Seidel  <eric@webkit.org>
1213
1214         Fix WTF header include discipline in Chromium WebKit
1215         https://bugs.webkit.org/show_bug.cgi?id=81281
1216
1217         Reviewed by James Robinson.
1218
1219         * JavaScriptCore.gyp/JavaScriptCore.gyp:
1220         * wtf/unicode/icu/CollatorICU.cpp:
1221
1222 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1223
1224         DFG NodeUse should be called Edge and NodeReferenceBlob should be called AdjacencyList
1225         https://bugs.webkit.org/show_bug.cgi?id=81556
1226
1227         Rubber stamped by Gavin Barraclough.
1228
1229         * GNUmakefile.list.am:
1230         * JavaScriptCore.xcodeproj/project.pbxproj:
1231         * dfg/DFGAbstractState.h:
1232         (JSC::DFG::AbstractState::forNode):
1233         * dfg/DFGAdjacencyList.h: Copied from Source/JavaScriptCore/dfg/DFGNodeReferenceBlob.h.
1234         (JSC::DFG::AdjacencyList::AdjacencyList):
1235         (JSC::DFG::AdjacencyList::child):
1236         (JSC::DFG::AdjacencyList::setChild):
1237         (JSC::DFG::AdjacencyList::child1):
1238         (JSC::DFG::AdjacencyList::child2):
1239         (JSC::DFG::AdjacencyList::child3):
1240         (JSC::DFG::AdjacencyList::setChild1):
1241         (JSC::DFG::AdjacencyList::setChild2):
1242         (JSC::DFG::AdjacencyList::setChild3):
1243         (JSC::DFG::AdjacencyList::child1Unchecked):
1244         (JSC::DFG::AdjacencyList::initialize):
1245         (AdjacencyList):
1246         * dfg/DFGByteCodeParser.cpp:
1247         (JSC::DFG::ByteCodeParser::addVarArgChild):
1248         (JSC::DFG::ByteCodeParser::processPhiStack):
1249         * dfg/DFGCSEPhase.cpp:
1250         (JSC::DFG::CSEPhase::canonicalize):
1251         (JSC::DFG::CSEPhase::performSubstitution):
1252         * dfg/DFGEdge.h: Copied from Source/JavaScriptCore/dfg/DFGNodeUse.h.
1253         (DFG):
1254         (JSC::DFG::Edge::Edge):
1255         (JSC::DFG::Edge::operator==):
1256         (JSC::DFG::Edge::operator!=):
1257         (Edge):
1258         (JSC::DFG::operator==):
1259         (JSC::DFG::operator!=):
1260         * dfg/DFGGraph.h:
1261         (JSC::DFG::Graph::operator[]):
1262         (JSC::DFG::Graph::at):
1263         (JSC::DFG::Graph::ref):
1264         (JSC::DFG::Graph::deref):
1265         (JSC::DFG::Graph::clearAndDerefChild1):
1266         (JSC::DFG::Graph::clearAndDerefChild2):
1267         (JSC::DFG::Graph::clearAndDerefChild3):
1268         (Graph):
1269         * dfg/DFGJITCompiler.h:
1270         (JSC::DFG::JITCompiler::getPrediction):
1271         * dfg/DFGNode.h:
1272         (JSC::DFG::Node::Node):
1273         (JSC::DFG::Node::child1):
1274         (JSC::DFG::Node::child1Unchecked):
1275         (JSC::DFG::Node::child2):
1276         (JSC::DFG::Node::child3):
1277         (Node):
1278         * dfg/DFGNodeFlags.cpp:
1279         (JSC::DFG::arithNodeFlagsAsString):
1280         * dfg/DFGNodeFlags.h:
1281         (DFG):
1282         (JSC::DFG::nodeUsedAsNumber):
1283         * dfg/DFGNodeReferenceBlob.h: Removed.
1284         * dfg/DFGNodeUse.h: Removed.
1285         * dfg/DFGPredictionPropagationPhase.cpp:
1286         (JSC::DFG::PredictionPropagationPhase::propagate):
1287         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
1288         (JSC::DFG::PredictionPropagationPhase::vote):
1289         (JSC::DFG::PredictionPropagationPhase::fixupNode):
1290         * dfg/DFGScoreBoard.h:
1291         (JSC::DFG::ScoreBoard::use):
1292         * dfg/DFGSpeculativeJIT.cpp:
1293         (JSC::DFG::SpeculativeJIT::useChildren):
1294         (JSC::DFG::SpeculativeJIT::writeBarrier):
1295         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
1296         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
1297         (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
1298         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
1299         * dfg/DFGSpeculativeJIT.h:
1300         (JSC::DFG::SpeculativeJIT::at):
1301         (JSC::DFG::SpeculativeJIT::canReuse):
1302         (JSC::DFG::SpeculativeJIT::use):
1303         (SpeculativeJIT):
1304         (JSC::DFG::SpeculativeJIT::speculationCheck):
1305         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
1306         (JSC::DFG::IntegerOperand::IntegerOperand):
1307         (JSC::DFG::DoubleOperand::DoubleOperand):
1308         (JSC::DFG::JSValueOperand::JSValueOperand):
1309         (JSC::DFG::StorageOperand::StorageOperand):
1310         (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
1311         (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
1312         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
1313         (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
1314         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
1315         * dfg/DFGSpeculativeJIT32_64.cpp:
1316         (JSC::DFG::SpeculativeJIT::cachedPutById):
1317         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1318         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1319         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
1320         (JSC::DFG::SpeculativeJIT::emitCall):
1321         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1322         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1323         * dfg/DFGSpeculativeJIT64.cpp:
1324         (JSC::DFG::SpeculativeJIT::cachedPutById):
1325         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1326         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1327         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
1328         (JSC::DFG::SpeculativeJIT::emitCall):
1329         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1330         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1331
1332 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1333
1334         Object.freeze broken on latest Nightly
1335         https://bugs.webkit.org/show_bug.cgi?id=80577
1336
1337         Reviewed by Oliver Hunt.
1338
1339         * runtime/Arguments.cpp:
1340         (JSC::Arguments::defineOwnProperty):
1341             - defineOwnProperty was checking for correct behaviour, provided that length/callee hadn't
1342             been overrridden. instead, just reify length/callee & rely on JSObject::defineOwnProperty.
1343         * runtime/JSFunction.cpp:
1344         (JSC::JSFunction::defineOwnProperty):
1345             - for arguments/caller/length properties, defineOwnProperty was incorrectly asserting that
1346             the object must be extensible; this is incorrect since these properties should already exist
1347             on the object. In addition, it was asserting that the arguments/caller values must match the
1348             corresponding magic data properties, but for strict mode function this is incorrect. Instead,
1349             just reify the arguments/caller accessor & defer to JSObject::defineOwnProperty.
1350
1351 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1352
1353         LLInt get_by_pname slow path incorrectly assumes that the operands are not constants
1354         https://bugs.webkit.org/show_bug.cgi?id=81559
1355
1356         Reviewed by Michael Saboff.
1357
1358         * llint/LLIntSlowPaths.cpp:
1359         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1360
1361 2012-03-19  Yong Li  <yoli@rim.com>
1362
1363         [BlackBerry] Implement OSAllocator::commit/decommit in the correct way
1364         https://bugs.webkit.org/show_bug.cgi?id=77013
1365
1366         We should use mmap(PROT_NONE, MAP_LAZY) instead of posix_madvise() to
1367         implement memory decommitting for QNX.
1368
1369         Reviewed by Rob Buis.
1370
1371         * wtf/OSAllocatorPosix.cpp:
1372         (WTF::OSAllocator::reserveUncommitted):
1373         (WTF::OSAllocator::commit):
1374         (WTF::OSAllocator::decommit):
1375
1376 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1377
1378         Unreviewed - revent a couple of files accidentally committed.
1379
1380         * runtime/Arguments.cpp:
1381         (JSC::Arguments::defineOwnProperty):
1382         * runtime/JSFunction.cpp:
1383         (JSC::JSFunction::defineOwnProperty):
1384
1385 2012-03-19  Jessie Berlin  <jberlin@apple.com>
1386
1387         Another Windows build fix after r111129.
1388
1389         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1390
1391 2012-03-19  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
1392
1393         Cross-platform processor core counter: fix build on FreeBSD.
1394         https://bugs.webkit.org/show_bug.cgi?id=81482
1395
1396         Reviewed by Zoltan Herczeg.
1397
1398         The documentation of sysctl(3) shows that <sys/types.h> should be
1399         included before <sys/sysctl.h> (sys/types.h tends to be the first
1400         included header in general).
1401
1402         This should fix the build on FreeBSD and other systems where
1403         sysctl.h really depends on types defined in types.h.
1404
1405         * wtf/NumberOfCores.cpp:
1406
1407 2012-03-19  Jessie Berlin  <jberlin@apple.com>
1408
1409         Windows build fix after r111129.
1410
1411         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1412
1413 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1414
1415         JSCallbackFunction::toStringCallback/valueOfCallback do not handle 0 return value from convertToType
1416         https://bugs.webkit.org/show_bug.cgi?id=81468 <rdar://problem/11034745>
1417
1418         Reviewed by Oliver Hunt.
1419
1420         The API specifies that convertToType may opt not to handle a conversion:
1421             "@result The objects's converted value, or NULL if the object was not converted."
1422         In which case, it would propagate first up the JSClass hierarchy, calling its superclass's
1423         conversion functions, and failing that call the JSObject::defaultValue function.
1424
1425         Unfortunately this behaviour was removed in bug#69677/bug#69858, and instead we now rely on
1426         the toStringCallback/valueOfCallback function introduced in bug#69156. Even after a fix in
1427         bug#73368, these will return the result from the first convertToType they find, regardless
1428         of whether this result is null, and if no convertToType method is found in the api class
1429         hierarchy (possible if toStringCallback/valueOfCallback was accessed off the prototype
1430         chain), they will also return a null pointer. This is unsafe.
1431
1432         It would be easy to make the approach based around toStringCallback/valueOfCallback continue
1433         to walk the api class hierarchy, but making the fallback to defaultValue would be problematic
1434         (since defaultValue calls toStringCallback/valueOfCallback, this would infinitely recurse).
1435         Making the fallback work with toString/valueOf methods attached to api objects is probably
1436         not the right thing to do – instead, we should just implement the defaultValue trap for api
1437         objects.
1438
1439         In addition, this bug highlights that fact that JSCallbackFunction::call will allow a hard
1440         null to be returned from C to JavaScript - this is not okay. Handle with an exception.
1441
1442         * API/JSCallbackFunction.cpp:
1443         (JSC::JSCallbackFunction::call):
1444             - Should be null checking the return value.
1445         (JSC):
1446             - Remove toStringCallback/valueOfCallback.
1447         * API/JSCallbackFunction.h:
1448         (JSCallbackFunction):
1449             - Remove toStringCallback/valueOfCallback.
1450         * API/JSCallbackObject.h:
1451         (JSCallbackObject):
1452             - Add defaultValue mthods to JSCallbackObject.
1453         * API/JSCallbackObjectFunctions.h:
1454         (JSC::::defaultValue):
1455             - Add defaultValue mthods to JSCallbackObject.
1456         * API/JSClassRef.cpp:
1457         (OpaqueJSClass::prototype):
1458             - Remove toStringCallback/valueOfCallback.
1459         * API/tests/testapi.js:
1460             - Revert this test, now we no longer artificially introduce a toString method onto the api object.
1461
1462 2012-03-18  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
1463
1464         [EFL] Include ICU_INCLUDE_DIRS when building.
1465         https://bugs.webkit.org/show_bug.cgi?id=81483
1466
1467         Reviewed by Daniel Bates.
1468
1469         So far, only the ICU libraries were being included when building
1470         JavaScriptCore, however the include path is also needed, otherwise the
1471         build will fail when ICU is installed into a non-standard location.
1472
1473         * PlatformEfl.cmake: Include ${ICU_INCLUDE_DIRS}.
1474
1475 2012-03-17  Gavin Barraclough  <barraclough@apple.com>
1476
1477         Strength reduction, RegExp.exec -> RegExp.test
1478         https://bugs.webkit.org/show_bug.cgi?id=81459
1479
1480         Reviewed by Sam Weinig.
1481
1482         RegExp.prototype.exec & RegExp.prototype.test can both be used to test a regular
1483         expression for a match against a string - however exec is more expensive, since
1484         it allocates a matches array object. In cases where the result is consumed in a
1485         boolean context the allocation of the matches array can be trivially elided.
1486
1487         For example:
1488             function f()
1489             {
1490                 for (i =0; i < 10000000; ++i)
1491                     if(!/a/.exec("a"))
1492                         err = true;
1493             }
1494
1495         This is a 2.5x speedup on this example microbenchmark loop.
1496
1497         In a more advanced form of this optimization, we may be able to avoid allocating
1498         the array where access to the array can be observed.
1499
1500         * create_hash_table:
1501         * dfg/DFGAbstractState.cpp:
1502         (JSC::DFG::AbstractState::execute):
1503         * dfg/DFGByteCodeParser.cpp:
1504         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1505         * dfg/DFGNode.h:
1506         (JSC::DFG::Node::hasHeapPrediction):
1507         * dfg/DFGNodeType.h:
1508         (DFG):
1509         * dfg/DFGOperations.cpp:
1510         * dfg/DFGOperations.h:
1511         * dfg/DFGPredictionPropagationPhase.cpp:
1512         (JSC::DFG::PredictionPropagationPhase::propagate):
1513         * dfg/DFGSpeculativeJIT.cpp:
1514         (JSC::DFG::SpeculativeJIT::compileRegExpExec):
1515         (DFG):
1516         * dfg/DFGSpeculativeJIT.h:
1517         (JSC::DFG::SpeculativeJIT::callOperation):
1518         * dfg/DFGSpeculativeJIT32_64.cpp:
1519         (JSC::DFG::SpeculativeJIT::compile):
1520         * dfg/DFGSpeculativeJIT64.cpp:
1521         (JSC::DFG::SpeculativeJIT::compile):
1522         * jsc.cpp:
1523         (GlobalObject::addConstructableFunction):
1524         * runtime/Intrinsic.h:
1525         * runtime/JSFunction.cpp:
1526         (JSC::JSFunction::create):
1527         (JSC):
1528         * runtime/JSFunction.h:
1529         (JSFunction):
1530         * runtime/Lookup.cpp:
1531         (JSC::setUpStaticFunctionSlot):
1532         * runtime/RegExpObject.cpp:
1533         (JSC::RegExpObject::exec):
1534         (JSC::RegExpObject::match):
1535         * runtime/RegExpObject.h:
1536         (RegExpObject):
1537         * runtime/RegExpPrototype.cpp:
1538         (JSC::regExpProtoFuncTest):
1539         (JSC::regExpProtoFuncExec):
1540
1541 2012-03-16  Michael Saboff  <msaboff@apple.com>
1542
1543         Improve diagnostic benefit of JSGlobalData::m_isInitializingObject
1544         https://bugs.webkit.org/show_bug.cgi?id=81244
1545
1546         Rubber stamped by Filip Pizlo.
1547
1548         Changed type and name of JSGlobalData::m_isInitializingObject to
1549         ClassInfo* and m_initializingObjectClass.
1550         Changed JSGlobalData::setInitializingObject to
1551         JSGlobalData::setInitializingObjectClass.  This pointer can be used within 
1552         the debugger to determine what type of object is being initialized.
1553         
1554         * runtime/JSCell.h:
1555         (JSC::JSCell::finishCreation):
1556         (JSC::allocateCell):
1557         * runtime/JSGlobalData.cpp:
1558         (JSC::JSGlobalData::JSGlobalData):
1559         * runtime/JSGlobalData.h:
1560         (JSGlobalData):
1561         (JSC::JSGlobalData::isInitializingObject):
1562         (JSC::JSGlobalData::setInitializingObjectClass):
1563         * runtime/Structure.h:
1564         (JSC::JSCell::finishCreation):
1565
1566 2012-03-16  Mark Rowe  <mrowe@apple.com>
1567
1568         Build fix. Do not preserve owner and group information when installing the WTF headers.
1569
1570         * JavaScriptCore.xcodeproj/project.pbxproj:
1571
1572 2012-03-15  David Dorwin  <ddorwin@chromium.org>
1573
1574         Make the array pointer parameters in the Typed Array create() methods const.
1575         https://bugs.webkit.org/show_bug.cgi?id=81147
1576
1577         Reviewed by Kenneth Russell.
1578
1579         This allows const arrays to be passed to these methods.
1580         They use PassRefPtr<Subclass> create(), which already has a const parameter.
1581
1582         * wtf/Int16Array.h:
1583         (Int16Array):
1584         (WTF::Int16Array::create):
1585         * wtf/Int32Array.h:
1586         (Int32Array):
1587         (WTF::Int32Array::create):
1588         * wtf/Int8Array.h:
1589         (Int8Array):
1590         (WTF::Int8Array::create):
1591         * wtf/Uint16Array.h:
1592         (Uint16Array):
1593         (WTF::Uint16Array::create):
1594         * wtf/Uint32Array.h:
1595         (Uint32Array):
1596         (WTF::Uint32Array::create):
1597         * wtf/Uint8Array.h:
1598         (Uint8Array):
1599         (WTF::Uint8Array::create):
1600         * wtf/Uint8ClampedArray.h:
1601         (Uint8ClampedArray):
1602         (WTF::Uint8ClampedArray::create):
1603
1604 2012-03-15  Myles Maxfield  <mmaxfield@google.com>
1605
1606         CopiedSpace::tryAllocateOversize assumes system page size
1607         https://bugs.webkit.org/show_bug.cgi?id=80615
1608
1609         Reviewed by Geoffrey Garen.
1610
1611         * heap/CopiedSpace.cpp:
1612         (JSC::CopiedSpace::tryAllocateOversize):
1613         * heap/CopiedSpace.h:
1614         (CopiedSpace):
1615         * heap/CopiedSpaceInlineMethods.h:
1616         (JSC::CopiedSpace::oversizeBlockFor):
1617         * wtf/BumpPointerAllocator.h:
1618         (WTF::BumpPointerPool::create):
1619         * wtf/StdLibExtras.h:
1620         (WTF::roundUpToMultipleOf):
1621
1622 2012-03-15  Mark Hahnenberg  <mhahnenberg@apple.com>
1623
1624         Fixing Windows build breakage
1625
1626         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1627
1628 2012-03-15  Patrick Gansterer  <paroga@webkit.org>
1629
1630         [EFL] Make zlib a general build requirement
1631         https://bugs.webkit.org/show_bug.cgi?id=80153
1632
1633         Reviewed by Hajime Morita.
1634
1635         After r109538 WebSocket module needs zlib to support deflate-frame extension.
1636
1637         * wtf/Platform.h:
1638
1639 2012-03-15  Benjamin Poulain  <bpoulain@apple.com>
1640
1641         NumericStrings should be inlined
1642         https://bugs.webkit.org/show_bug.cgi?id=81183
1643
1644         Reviewed by Gavin Barraclough.
1645
1646         NumericStrings is not always inlined. When it is not, the class is not faster
1647         than using UString::number() directly.
1648
1649         * runtime/NumericStrings.h:
1650         (JSC::NumericStrings::add):
1651         (JSC::NumericStrings::lookupSmallString):
1652
1653 2012-03-15  Andras Becsi  <andras.becsi@nokia.com>
1654
1655         Fix ARM build after r110792.
1656
1657         Unreviewed build fix.
1658
1659         * jit/ExecutableAllocator.h:
1660         (JSC::ExecutableAllocator::cacheFlush):
1661         Remove superfluous curly brackets.
1662
1663 2012-03-15  Gavin Barraclough  <barraclough@apple.com>
1664
1665         ARMv7: prefer vmov(gpr,gpr->double) over vmov(gpr->single)
1666         https://bugs.webkit.org/show_bug.cgi?id=81256
1667
1668         Reviewed by Oliver Hunt.
1669
1670         This is a 0.5% sunspider progression.
1671
1672         * assembler/MacroAssemblerARMv7.h:
1673         (JSC::MacroAssemblerARMv7::convertInt32ToDouble):
1674             - switch which form of vmov we use.
1675
1676 2012-03-15  YoungTaeck Song  <youngtaeck.song@samsung.com>
1677
1678         [EFL] Add OwnPtr specialization for Ecore_Timer.
1679         https://bugs.webkit.org/show_bug.cgi?id=80119
1680
1681         Reviewed by Hajime Morita.
1682
1683         Add an overload for deleteOwnedPtr(Ecore_Timer*) on EFL port.
1684
1685         * wtf/OwnPtrCommon.h:
1686         (WTF):
1687         * wtf/efl/OwnPtrEfl.cpp:
1688         (WTF::deleteOwnedPtr):
1689         (WTF):
1690
1691 2012-03-15  Hojong Han  <hojong.han@samsung.com>
1692
1693         Linux has madvise enough to support OSAllocator::commit/decommit
1694         https://bugs.webkit.org/show_bug.cgi?id=80505
1695
1696         Reviewed by Geoffrey Garen.
1697
1698         * wtf/OSAllocatorPosix.cpp:
1699         (WTF::OSAllocator::reserveUncommitted):
1700         (WTF::OSAllocator::commit):
1701         (WTF::OSAllocator::decommit):
1702
1703 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
1704
1705         Windows build fix.
1706
1707         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
1708         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
1709         * JavaScriptCore.vcproj/WTF/copy-files.cmd:
1710         * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
1711
1712 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
1713
1714         Windows build fix.
1715
1716         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
1717
1718 2012-03-15  Kevin Ollivier  <kevino@theolliviers.com>
1719
1720         Move wx port to using export macros
1721         https://bugs.webkit.org/show_bug.cgi?id=77279
1722
1723         Reviewed by Hajime Morita.
1724
1725         * wscript:
1726         * wtf/Platform.h:
1727
1728 2012-03-14  Benjamin Poulain  <bpoulain@apple.com>
1729
1730         Avoid StringImpl::getData16SlowCase() when sorting array
1731         https://bugs.webkit.org/show_bug.cgi?id=81070
1732
1733         Reviewed by Geoffrey Garen.
1734
1735         The function codePointCompare() is used intensively when sorting strings.
1736         This patch improves its performance by:
1737         -Avoiding character conversion.
1738         -Inlining the function.
1739
1740         This makes Peacekeeper's arrayCombined test 30% faster.
1741
1742         * wtf/text/StringImpl.cpp:
1743         * wtf/text/StringImpl.h:
1744         (WTF):
1745         (WTF::codePointCompare):
1746         (WTF::codePointCompare8):
1747         (WTF::codePointCompare16):
1748         (WTF::codePointCompare8To16):
1749
1750 2012-03-14  Hojong Han  <hojong.han@samsung.com>
1751
1752         Fix memory allocation failed by fastmalloc
1753         https://bugs.webkit.org/show_bug.cgi?id=79614
1754
1755         Reviewed by Geoffrey Garen.
1756
1757         Memory allocation failed even if the heap grows successfully.
1758         It is wrong to get the span only from the large list after the heap grows,
1759         because new span could be added in the normal list.
1760
1761         * wtf/FastMalloc.cpp:
1762         (WTF::TCMalloc_PageHeap::New):
1763
1764 2012-03-14  Hojong Han  <hojong.han@samsung.com>
1765
1766         Run cacheFlush page by page to assure of flushing all the requested ranges
1767         https://bugs.webkit.org/show_bug.cgi?id=77712
1768
1769         Reviewed by Geoffrey Garen.
1770
1771         Current MetaAllocator concept, always coalesces adjacent free spaces,
1772         doesn't meet memory management of Linux kernel.
1773         In a certain case Linux kernel doesn't regard contiguous virtual memory areas as one but two.
1774         Therefore cacheFlush page by page guarantees a flush-requested range.
1775
1776         * jit/ExecutableAllocator.h:
1777         (JSC::ExecutableAllocator::cacheFlush):
1778
1779 2012-03-14  Oliver Hunt  <oliver@apple.com>
1780
1781         Make ARMv7 work again
1782         https://bugs.webkit.org/show_bug.cgi?id=81157
1783
1784         Reviewed by Geoffrey Garen.
1785
1786         We were trying to use the ARMv7 dataRegister as a scratch register in a scenario
1787         where we the ARMv7MacroAssembler would also try to use dataRegister for its own
1788         nefarious purposes.
1789
1790         * assembler/MacroAssembler.h:
1791         (JSC::MacroAssembler::store32):
1792         * assembler/MacroAssemblerARMv7.h:
1793         (MacroAssemblerARMv7):
1794
1795 2012-03-14  Mark Hahnenberg  <mhahnenberg@apple.com>
1796
1797         Heap::destroy leaks CopiedSpace
1798         https://bugs.webkit.org/show_bug.cgi?id=81055
1799
1800         Reviewed by Geoffrey Garen.
1801
1802         Added a destroy() function to CopiedSpace that moves all normal size 
1803         CopiedBlocks from the CopiedSpace to the Heap's list of free blocks 
1804         as well as deallocates all of the oversize blocks in the CopiedSpace. 
1805         This function is now called in Heap::destroy().
1806
1807         * heap/CopiedSpace.cpp:
1808         (JSC::CopiedSpace::destroy):
1809         (JSC):
1810         * heap/CopiedSpace.h:
1811         (CopiedSpace):
1812         * heap/Heap.cpp:
1813         (JSC::Heap::destroy):
1814
1815 2012-03-14  Andrew Lo  <anlo@rim.com>
1816
1817         [BlackBerry] Implement REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR using AnimationFrameRateController
1818         https://bugs.webkit.org/show_bug.cgi?id=81000
1819
1820         Enable WTF_USE_REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for BlackBerry.
1821
1822         Reviewed by Antonio Gomes.
1823
1824         * wtf/Platform.h:
1825
1826 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1827
1828         ValueToInt32 speculation will cause OSR exits even when it does not have to
1829         https://bugs.webkit.org/show_bug.cgi?id=81068
1830         <rdar://problem/11043926>
1831
1832         Reviewed by Anders Carlsson.
1833         
1834         Two related changes:
1835         1) ValueToInt32 will now always just defer to the non-speculative path, instead
1836            of exiting, if it doesn't know what speculations to perform.
1837         2) ValueToInt32 will speculate boolean if it sees this to be profitable.
1838
1839         * dfg/DFGAbstractState.cpp:
1840         (JSC::DFG::AbstractState::execute):
1841         * dfg/DFGNode.h:
1842         (JSC::DFG::Node::shouldSpeculateBoolean):
1843         (Node):
1844         * dfg/DFGSpeculativeJIT.cpp:
1845         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
1846
1847 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
1848
1849         More Windows build fixing
1850
1851         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1852
1853 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
1854
1855         Windows build fix
1856
1857         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1858
1859 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
1860
1861         Type conversion of exponential part failed
1862         https://bugs.webkit.org/show_bug.cgi?id=80673
1863
1864         Reviewed by Geoffrey Garen.
1865
1866         * parser/Lexer.cpp:
1867         (JSC::::lex):
1868         * runtime/JSGlobalObjectFunctions.cpp:
1869         (JSC::parseInt):
1870         (JSC):
1871         (JSC::jsStrDecimalLiteral): Added another template argument that exposes whether or not
1872         we accept trailing junk to clients of jsStrDecimalLiteral. Also added additional template 
1873         parameter for strtod to allow trailing spaces.
1874         (JSC::toDouble):
1875         (JSC::parseFloat): Accept trailing junk, as per the ECMA 262 spec (15.1.2.3).
1876         * runtime/LiteralParser.cpp:
1877         (JSC::::Lexer::lexNumber):
1878         * tests/mozilla/expected.html: Update the expected page for run-javascriptcore-tests so that 
1879         we will run ecma/TypeConversion/9.3.1-3.js as a regression test now.
1880         * wtf/dtoa.cpp:
1881         (WTF):
1882         (WTF::strtod): We also needed to sometimes accept trailing spaces to pass a few other tests that were 
1883         broken by changing the default allowance of trailing junk in jsStrDecimalLiteral.
1884         * wtf/dtoa.h:
1885         * wtf/dtoa/double-conversion.cc: When the AdvanceToNonspace function was lifted out of the 
1886         Chromium codebase, the person porting it only thought to check for spaces when skipping whitespace.
1887         A few of our JSC tests check for other types of trailing whitespace, so I've added checks for those 
1888         here to cover those cases (horizontal tab, vertical tab, carriage return, form feed, and line feed).
1889         * wtf/text/WTFString.cpp:
1890         (WTF::toDoubleType): Disallow trailing spaces, as this breaks form input verification stuff.
1891
1892 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1893
1894         Unreviewed, build fix since is_pod<> includes some header that I didn't know about.
1895         Removing the assert for now.
1896
1897         * dfg/DFGOperations.h:
1898         * llint/LLIntSlowPaths.h:
1899
1900 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1901
1902         Functions with C linkage should return POD types
1903         https://bugs.webkit.org/show_bug.cgi?id=81061
1904
1905         Reviewed by Mark Rowe.
1906
1907         * dfg/DFGOperations.h:
1908         * llint/LLIntSlowPaths.h:
1909         (LLInt):
1910         (SlowPathReturnType):
1911         (JSC::LLInt::encodeResult):
1912
1913 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1914
1915         Loads from UInt32Arrays should not result in a double up-convert if it isn't necessary
1916         https://bugs.webkit.org/show_bug.cgi?id=80979
1917         <rdar://problem/11036848>
1918
1919         Reviewed by Oliver Hunt.
1920         
1921         Also improved DFG IR dumping to include type information in a somewhat more
1922         intuitive way.
1923
1924         * bytecode/PredictedType.cpp:
1925         (JSC::predictionToAbbreviatedString):
1926         (JSC):
1927         * bytecode/PredictedType.h:
1928         (JSC):
1929         * dfg/DFGAbstractState.cpp:
1930         (JSC::DFG::AbstractState::execute):
1931         * dfg/DFGGraph.cpp:
1932         (JSC::DFG::Graph::dump):
1933         * dfg/DFGPredictionPropagationPhase.cpp:
1934         (JSC::DFG::PredictionPropagationPhase::propagate):
1935         * dfg/DFGSpeculativeJIT.cpp:
1936         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
1937         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
1938         * dfg/DFGSpeculativeJIT.h:
1939         (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
1940
1941 2012-03-13  George Staikos  <staikos@webkit.org>
1942
1943         The callback is only used if SA_RESTART is defined.  Compile it out
1944         otherwise to avoid a warning.
1945         https://bugs.webkit.org/show_bug.cgi?id=80926
1946
1947         Reviewed by Alexey Proskuryakov.
1948
1949         * heap/MachineStackMarker.cpp:
1950         (JSC):
1951
1952 2012-03-13  Hojong Han  <hojong.han@samsung.com>
1953
1954         Dump the generated code for ARM_TRADITIONAL
1955         https://bugs.webkit.org/show_bug.cgi?id=80975
1956
1957         Reviewed by Gavin Barraclough.
1958
1959         * assembler/LinkBuffer.h:
1960         (JSC::LinkBuffer::dumpCode):
1961
1962 2012-03-13  Adam Barth  <abarth@webkit.org> && Benjamin Poulain  <bpoulain@apple.com>
1963
1964         Always enable ENABLE(CLIENT_BASED_GEOLOCATION)
1965         https://bugs.webkit.org/show_bug.cgi?id=78853
1966
1967         Reviewed by Adam Barth.
1968
1969         * Configurations/FeatureDefines.xcconfig:
1970         * wtf/Platform.h:
1971
1972 2012-03-13  Kwonjin Jeong  <gram@company100.net>
1973
1974         Remove SlotVisitor::copy() method.
1975         https://bugs.webkit.org/show_bug.cgi?id=80973
1976
1977         Reviewed by Geoffrey Garen.
1978
1979         SlotVisitor::copy() method isn't called anywhere.
1980
1981         * heap/MarkStack.cpp: Remove definition of SlotVisitor::copy() method.
1982         * heap/SlotVisitor.h: Remove declaration of SlotVisitor::copy() method.
1983
1984 2012-03-12  Hojong Han  <hojong.han@samsung.com>
1985
1986         Fix test cases for RegExp multiline
1987         https://bugs.webkit.org/show_bug.cgi?id=80822
1988
1989         Reviewed by Gavin Barraclough.
1990
1991         * tests/mozilla/js1_2/regexp/RegExp_multiline.js:
1992         * tests/mozilla/js1_2/regexp/RegExp_multiline_as_array.js:
1993         * tests/mozilla/js1_2/regexp/beginLine.js:
1994         * tests/mozilla/js1_2/regexp/endLine.js:
1995
1996 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
1997
1998         Arithmetic use inference should be procedure-global and should run in tandem
1999         with type propagation
2000         https://bugs.webkit.org/show_bug.cgi?id=80819
2001         <rdar://problem/11034006>
2002
2003         Reviewed by Gavin Barraclough.
2004         
2005         * CMakeLists.txt:
2006         * GNUmakefile.list.am:
2007         * JavaScriptCore.xcodeproj/project.pbxproj:
2008         * Target.pri:
2009         * dfg/DFGArithNodeFlagsInferencePhase.cpp: Removed.
2010         * dfg/DFGArithNodeFlagsInferencePhase.h: Removed.
2011         * dfg/DFGDriver.cpp:
2012         (JSC::DFG::compile):
2013         * dfg/DFGPredictionPropagationPhase.cpp:
2014         (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
2015         (PredictionPropagationPhase):
2016         (JSC::DFG::PredictionPropagationPhase::isNotZero):
2017         (JSC::DFG::PredictionPropagationPhase::propagate):
2018         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
2019         * dfg/DFGVariableAccessData.h:
2020         (JSC::DFG::VariableAccessData::VariableAccessData):
2021         (JSC::DFG::VariableAccessData::flags):
2022         (VariableAccessData):
2023         (JSC::DFG::VariableAccessData::mergeFlags):
2024
2025 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
2026
2027         Node::op and Node::flags should be private
2028         https://bugs.webkit.org/show_bug.cgi?id=80824
2029         <rdar://problem/11033435>
2030
2031         Reviewed by Gavin Barraclough.
2032
2033         * CMakeLists.txt:
2034         * GNUmakefile.list.am:
2035         * JavaScriptCore.xcodeproj/project.pbxproj:
2036         * Target.pri:
2037         * dfg/DFGAbstractState.cpp:
2038         (JSC::DFG::AbstractState::initialize):
2039         (JSC::DFG::AbstractState::execute):
2040         (JSC::DFG::AbstractState::mergeStateAtTail):
2041         (JSC::DFG::AbstractState::mergeToSuccessors):
2042         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
2043         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
2044         * dfg/DFGByteCodeParser.cpp:
2045         (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
2046         (JSC::DFG::ByteCodeParser::getLocal):
2047         (JSC::DFG::ByteCodeParser::getArgument):
2048         (JSC::DFG::ByteCodeParser::flushArgument):
2049         (JSC::DFG::ByteCodeParser::toInt32):
2050         (JSC::DFG::ByteCodeParser::isJSConstant):
2051         (JSC::DFG::ByteCodeParser::makeSafe):
2052         (JSC::DFG::ByteCodeParser::makeDivSafe):
2053         (JSC::DFG::ByteCodeParser::handleInlining):
2054         (JSC::DFG::ByteCodeParser::parseBlock):
2055         (JSC::DFG::ByteCodeParser::processPhiStack):
2056         (JSC::DFG::ByteCodeParser::linkBlock):
2057         * dfg/DFGCFAPhase.cpp:
2058         (JSC::DFG::CFAPhase::performBlockCFA):
2059         * dfg/DFGCSEPhase.cpp:
2060         (JSC::DFG::CSEPhase::canonicalize):
2061         (JSC::DFG::CSEPhase::endIndexForPureCSE):
2062         (JSC::DFG::CSEPhase::pureCSE):
2063         (JSC::DFG::CSEPhase::byValIsPure):
2064         (JSC::DFG::CSEPhase::clobbersWorld):
2065         (JSC::DFG::CSEPhase::impureCSE):
2066         (JSC::DFG::CSEPhase::globalVarLoadElimination):
2067         (JSC::DFG::CSEPhase::getByValLoadElimination):
2068         (JSC::DFG::CSEPhase::checkFunctionElimination):
2069         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
2070         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
2071         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
2072         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
2073         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
2074         (JSC::DFG::CSEPhase::performNodeCSE):
2075         * dfg/DFGGraph.cpp:
2076         (JSC::DFG::Graph::dump):
2077         (DFG):
2078         * dfg/DFGGraph.h:
2079         (JSC::DFG::Graph::addShouldSpeculateInteger):
2080         (JSC::DFG::Graph::negateShouldSpeculateInteger):
2081         (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
2082         * dfg/DFGNode.cpp: Removed.
2083         * dfg/DFGNode.h:
2084         (DFG):
2085         (JSC::DFG::Node::Node):
2086         (Node):
2087         (JSC::DFG::Node::op):
2088         (JSC::DFG::Node::flags):
2089         (JSC::DFG::Node::setOp):
2090         (JSC::DFG::Node::setFlags):
2091         (JSC::DFG::Node::mergeFlags):
2092         (JSC::DFG::Node::filterFlags):
2093         (JSC::DFG::Node::clearFlags):
2094         (JSC::DFG::Node::setOpAndDefaultFlags):
2095         (JSC::DFG::Node::mustGenerate):
2096         (JSC::DFG::Node::isConstant):
2097         (JSC::DFG::Node::isWeakConstant):
2098         (JSC::DFG::Node::valueOfJSConstant):
2099         (JSC::DFG::Node::hasVariableAccessData):
2100         (JSC::DFG::Node::hasIdentifier):
2101         (JSC::DFG::Node::resolveGlobalDataIndex):
2102         (JSC::DFG::Node::hasArithNodeFlags):
2103         (JSC::DFG::Node::arithNodeFlags):
2104         (JSC::DFG::Node::setArithNodeFlag):
2105         (JSC::DFG::Node::mergeArithNodeFlags):
2106         (JSC::DFG::Node::hasConstantBuffer):
2107         (JSC::DFG::Node::hasRegexpIndex):
2108         (JSC::DFG::Node::hasVarNumber):
2109         (JSC::DFG::Node::hasScopeChainDepth):
2110         (JSC::DFG::Node::hasResult):
2111         (JSC::DFG::Node::hasInt32Result):
2112         (JSC::DFG::Node::hasNumberResult):
2113         (JSC::DFG::Node::hasJSResult):
2114         (JSC::DFG::Node::hasBooleanResult):
2115         (JSC::DFG::Node::isJump):
2116         (JSC::DFG::Node::isBranch):
2117         (JSC::DFG::Node::isTerminal):
2118         (JSC::DFG::Node::hasHeapPrediction):
2119         (JSC::DFG::Node::hasFunctionCheckData):
2120         (JSC::DFG::Node::hasStructureTransitionData):
2121         (JSC::DFG::Node::hasStructureSet):
2122         (JSC::DFG::Node::hasStorageAccessData):
2123         (JSC::DFG::Node::hasFunctionDeclIndex):
2124         (JSC::DFG::Node::hasFunctionExprIndex):
2125         (JSC::DFG::Node::child1):
2126         (JSC::DFG::Node::child2):
2127         (JSC::DFG::Node::child3):
2128         (JSC::DFG::Node::firstChild):
2129         (JSC::DFG::Node::numChildren):
2130         * dfg/DFGNodeFlags.cpp: Copied from Source/JavaScriptCore/dfg/DFGNode.cpp.
2131         * dfg/DFGNodeFlags.h: Added.
2132         (DFG):
2133         (JSC::DFG::nodeUsedAsNumber):
2134         (JSC::DFG::nodeCanTruncateInteger):
2135         (JSC::DFG::nodeCanIgnoreNegativeZero):
2136         (JSC::DFG::nodeMayOverflow):
2137         (JSC::DFG::nodeCanSpeculateInteger):
2138         * dfg/DFGNodeType.h: Added.
2139         (DFG):
2140         (JSC::DFG::defaultFlags):
2141         * dfg/DFGPredictionPropagationPhase.cpp:
2142         (JSC::DFG::PredictionPropagationPhase::propagate):
2143         (JSC::DFG::PredictionPropagationPhase::vote):
2144         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
2145         (JSC::DFG::PredictionPropagationPhase::fixupNode):
2146         * dfg/DFGRedundantPhiEliminationPhase.cpp:
2147         (JSC::DFG::RedundantPhiEliminationPhase::run):
2148         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
2149         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
2150         * dfg/DFGSpeculativeJIT.cpp:
2151         (JSC::DFG::SpeculativeJIT::useChildren):
2152         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
2153         (JSC::DFG::SpeculativeJIT::compileMovHint):
2154         (JSC::DFG::SpeculativeJIT::compile):
2155         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2156         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
2157         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
2158         (JSC::DFG::SpeculativeJIT::compileAdd):
2159         (JSC::DFG::SpeculativeJIT::compare):
2160         * dfg/DFGSpeculativeJIT.h:
2161         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
2162         * dfg/DFGSpeculativeJIT32_64.cpp:
2163         (JSC::DFG::SpeculativeJIT::emitCall):
2164         (JSC::DFG::SpeculativeJIT::compile):
2165         * dfg/DFGSpeculativeJIT64.cpp:
2166         (JSC::DFG::SpeculativeJIT::emitCall):
2167         (JSC::DFG::SpeculativeJIT::compile):
2168         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2169         (JSC::DFG::VirtualRegisterAllocationPhase::run):
2170
2171 2012-03-12  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
2172
2173         Minor DataLog fixes
2174         https://bugs.webkit.org/show_bug.cgi?id=80826
2175
2176         Reviewed by Andreas Kling.
2177
2178         * bytecode/ExecutionCounter.cpp:
2179         Do not include DataLog.h, it is not used.
2180         
2181         * jit/ExecutableAllocator.cpp:
2182         Ditto.
2183
2184         * wtf/DataLog.cpp:
2185         (WTF::initializeLogFileOnce):
2186         Add missing semi-colon to the code path where DATA_LOG_FILENAME is defined.
2187
2188         * wtf/HashTable.cpp:
2189         Include DataLog as it is used.
2190
2191 2012-03-12  SangGyu Lee  <sg5.lee@samsung.com>
2192
2193         Integer overflow check code in arithmetic operation in classic interpreter
2194         https://bugs.webkit.org/show_bug.cgi?id=80465
2195
2196         Reviewed by Gavin Barraclough.
2197
2198         * interpreter/Interpreter.cpp:
2199         (JSC::Interpreter::privateExecute):
2200
2201 2012-03-12  Zeno Albisser  <zeno@webkit.org>
2202
2203         [Qt][Mac] Build fails after enabling LLINT when JIT is disabled (r109863)
2204         https://bugs.webkit.org/show_bug.cgi?id=80827
2205
2206         Qt on Mac uses OS(DARWIN) as well, but we do not want to enable LLINT.
2207
2208         Reviewed by Simon Hausmann.
2209
2210         * wtf/Platform.h:
2211
2212 2012-03-12  Simon Hausmann  <simon.hausmann@nokia.com>
2213
2214         Unreviewed prospective Qt/Mac build fix
2215
2216         * runtime/JSGlobalData.cpp: use #USE(CF) instead of PLATFORM(MAC) to determine
2217         whether to include CoreFoundation headers, used for JIT configuration in JSGlobalData
2218         constructor.
2219
2220 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
2221
2222         All DFG nodes should have a mutable set of flags
2223         https://bugs.webkit.org/show_bug.cgi?id=80779
2224         <rdar://problem/11026218>
2225
2226         Reviewed by Gavin Barraclough.
2227         
2228         Got rid of NodeId, and placed all of the flags that distinguished NodeId
2229         from NodeType into a separate Node::flags field. Combined what was previously
2230         ArithNodeFlags into Node::flags.
2231         
2232         In the process of debugging, I found that the debug support in the virtual
2233         register allocator was lacking, so I improved it. I also realized that the
2234         virtual register allocator was assuming that the nodes in a basic block were
2235         contiguous, which is no longer the case. So I fixed that. The fix also made
2236         it natural to have more extreme assertions, so I added them. I suspect this
2237         will make it easier to catch virtual register allocation bugs in the future.
2238         
2239         This is mostly performance neutral; if anything it looks like a slight
2240         speed-up.
2241         
2242         This patch does leave some work for future refactorings; for example, Node::op
2243         is unencapsulated. This was already the case, though now it feels even more
2244         like it should be. I avoided doing that because this patch has already grown
2245         way bigger than I wanted.
2246         
2247         Finally, this patch creates a DFGNode.cpp file and makes a slight effort to
2248         move some unnecessarily inline stuff out of DFGNode.h.
2249
2250         * CMakeLists.txt:
2251         * GNUmakefile.list.am:
2252         * JavaScriptCore.xcodeproj/project.pbxproj:
2253         * Target.pri:
2254         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
2255         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
2256         * dfg/DFGByteCodeParser.cpp:
2257         (JSC::DFG::ByteCodeParser::addToGraph):
2258         (JSC::DFG::ByteCodeParser::makeSafe):
2259         (JSC::DFG::ByteCodeParser::makeDivSafe):
2260         (JSC::DFG::ByteCodeParser::handleMinMax):
2261         (JSC::DFG::ByteCodeParser::handleIntrinsic):
2262         (JSC::DFG::ByteCodeParser::parseBlock):
2263         * dfg/DFGCFAPhase.cpp:
2264         (JSC::DFG::CFAPhase::performBlockCFA):
2265         * dfg/DFGCSEPhase.cpp:
2266         (JSC::DFG::CSEPhase::endIndexForPureCSE):
2267         (JSC::DFG::CSEPhase::pureCSE):
2268         (JSC::DFG::CSEPhase::clobbersWorld):
2269         (JSC::DFG::CSEPhase::impureCSE):
2270         (JSC::DFG::CSEPhase::setReplacement):
2271         (JSC::DFG::CSEPhase::eliminate):
2272         (JSC::DFG::CSEPhase::performNodeCSE):
2273         (JSC::DFG::CSEPhase::performBlockCSE):
2274         (CSEPhase):
2275         * dfg/DFGGraph.cpp:
2276         (JSC::DFG::Graph::opName):
2277         (JSC::DFG::Graph::dump):
2278         (DFG):
2279         * dfg/DFGNode.cpp: Added.
2280         (DFG):
2281         (JSC::DFG::arithNodeFlagsAsString):
2282         * dfg/DFGNode.h:
2283         (DFG):
2284         (JSC::DFG::nodeUsedAsNumber):
2285         (JSC::DFG::nodeCanTruncateInteger):
2286         (JSC::DFG::nodeCanIgnoreNegativeZero):
2287         (JSC::DFG::nodeMayOverflow):
2288         (JSC::DFG::nodeCanSpeculateInteger):
2289         (JSC::DFG::defaultFlags):
2290         (JSC::DFG::Node::Node):
2291         (Node):
2292         (JSC::DFG::Node::setOpAndDefaultFlags):
2293         (JSC::DFG::Node::mustGenerate):
2294         (JSC::DFG::Node::arithNodeFlags):
2295         (JSC::DFG::Node::setArithNodeFlag):
2296         (JSC::DFG::Node::mergeArithNodeFlags):
2297         (JSC::DFG::Node::hasResult):
2298         (JSC::DFG::Node::hasInt32Result):
2299         (JSC::DFG::Node::hasNumberResult):
2300         (JSC::DFG::Node::hasJSResult):
2301         (JSC::DFG::Node::hasBooleanResult):
2302         (JSC::DFG::Node::isJump):
2303         (JSC::DFG::Node::isBranch):
2304         (JSC::DFG::Node::isTerminal):
2305         (JSC::DFG::Node::child1):
2306         (JSC::DFG::Node::child2):
2307         (JSC::DFG::Node::child3):
2308         (JSC::DFG::Node::firstChild):
2309         (JSC::DFG::Node::numChildren):
2310         * dfg/DFGPredictionPropagationPhase.cpp:
2311         (JSC::DFG::PredictionPropagationPhase::propagate):
2312         (JSC::DFG::PredictionPropagationPhase::vote):
2313         (JSC::DFG::PredictionPropagationPhase::fixupNode):
2314         * dfg/DFGScoreBoard.h:
2315         (ScoreBoard):
2316         (JSC::DFG::ScoreBoard::~ScoreBoard):
2317         (JSC::DFG::ScoreBoard::assertClear):
2318         (JSC::DFG::ScoreBoard::use):
2319         * dfg/DFGSpeculativeJIT.cpp:
2320         (JSC::DFG::SpeculativeJIT::useChildren):
2321         * dfg/DFGSpeculativeJIT32_64.cpp:
2322         (JSC::DFG::SpeculativeJIT::compile):
2323         * dfg/DFGSpeculativeJIT64.cpp:
2324         (JSC::DFG::SpeculativeJIT::compile):
2325         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2326         (JSC::DFG::VirtualRegisterAllocationPhase::run):
2327
2328 2012-03-10  Filip Pizlo  <fpizlo@apple.com>
2329
2330         LLInt should support JSVALUE64
2331         https://bugs.webkit.org/show_bug.cgi?id=79609
2332         <rdar://problem/10063437>
2333
2334         Reviewed by Gavin Barraclough and Oliver Hunt.
2335         
2336         Ported the LLInt, which previously only worked on 32-bit, to 64-bit. This
2337         patch moves a fair bit of code from LowLevelInterpreter32_64.asm to the common
2338         file, LowLevelInterpreter.asm. About 1/3 of the LLInt did not have to be
2339         specialized for value representation.
2340         
2341         Also made some minor changes to offlineasm and the slow-paths.
2342
2343         * llint/LLIntData.cpp:
2344         (JSC::LLInt::Data::performAssertions):
2345         * llint/LLIntEntrypoints.cpp:
2346         * llint/LLIntSlowPaths.cpp:
2347         (LLInt):
2348         (JSC::LLInt::llint_trace_value):
2349         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2350         (JSC::LLInt::jitCompileAndSetHeuristics):
2351         * llint/LLIntSlowPaths.h:
2352         (LLInt):
2353         (SlowPathReturnType):
2354         (JSC::LLInt::SlowPathReturnType::SlowPathReturnType):
2355         (JSC::LLInt::encodeResult):
2356         * llint/LLIntThunks.cpp:
2357         * llint/LowLevelInterpreter.asm:
2358         * llint/LowLevelInterpreter32_64.asm:
2359         * llint/LowLevelInterpreter64.asm:
2360         * offlineasm/armv7.rb:
2361         * offlineasm/asm.rb:
2362         * offlineasm/ast.rb:
2363         * offlineasm/backends.rb:
2364         * offlineasm/instructions.rb:
2365         * offlineasm/parser.rb:
2366         * offlineasm/registers.rb:
2367         * offlineasm/transform.rb:
2368         * offlineasm/x86.rb:
2369         * wtf/Platform.h:
2370
2371 2012-03-10  Yong Li  <yoli@rim.com>
2372
2373         Web Worker crashes with WX_EXCLUSIVE
2374         https://bugs.webkit.org/show_bug.cgi?id=80532
2375
2376         Let each JS global object own a meta allocator
2377         for WX_EXCLUSIVE to avoid conflicts from Web Worker.
2378         Also fix a mutex leak in MetaAllocator's dtor.
2379
2380         Reviewed by Filip Pizlo.
2381
2382         * jit/ExecutableAllocator.cpp:
2383         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
2384         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
2385         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
2386         (DemandExecutableAllocator):
2387         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
2388         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
2389         (JSC::DemandExecutableAllocator::allocateNewSpace):
2390         (JSC::DemandExecutableAllocator::allocators):
2391         (JSC::DemandExecutableAllocator::allocatorsMutex):
2392         (JSC):
2393         (JSC::ExecutableAllocator::initializeAllocator):
2394         (JSC::ExecutableAllocator::ExecutableAllocator):
2395         (JSC::ExecutableAllocator::underMemoryPressure):
2396         (JSC::ExecutableAllocator::memoryPressureMultiplier):
2397         (JSC::ExecutableAllocator::allocate):
2398         (JSC::ExecutableAllocator::committedByteCount):
2399         (JSC::ExecutableAllocator::dumpProfile):
2400         * jit/ExecutableAllocator.h:
2401         (JSC):
2402         (ExecutableAllocator):
2403         (JSC::ExecutableAllocator::allocator):
2404         * wtf/MetaAllocator.h:
2405         (WTF::MetaAllocator::~MetaAllocator): Finalize the spin lock.
2406         * wtf/TCSpinLock.h:
2407         (TCMalloc_SpinLock::Finalize): Add empty Finalize() to some implementations.
2408
2409 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2410
2411         Object.freeze broken on latest Nightly
2412         https://bugs.webkit.org/show_bug.cgi?id=80577
2413
2414         Reviewed by Oliver Hunt.
2415
2416         The problem here is that deleteProperty rejects deletion of prototype.
2417         This is correct in most cases, however defineOwnPropery is presently
2418         implemented internally to ensure the attributes change by deleting the
2419         old property, and creating a new one.
2420
2421         * runtime/JSFunction.cpp:
2422         (JSC::JSFunction::deleteProperty):
2423             - If deletePropery is called via defineOwnPropery, allow old prototype to be removed.
2424
2425 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2426
2427         Array.prototype.toLocaleString visits elements in wrong order under certain conditions
2428         https://bugs.webkit.org/show_bug.cgi?id=80663
2429
2430         Reviewed by Michael Saboff.
2431
2432         The bug here is actually that we're continuing to process the array after an exception
2433         has been thrown, and that the second value throw is overriding the first.
2434
2435         * runtime/ArrayPrototype.cpp:
2436         (JSC::arrayProtoFuncToLocaleString):
2437
2438 2012-03-09  Ryosuke Niwa  <rniwa@webkit.org>
2439
2440         WebKit compiled by gcc (Xcode 3.2.6) hangs while running DOM/Accessors.html
2441         https://bugs.webkit.org/show_bug.cgi?id=80080
2442
2443         Reviewed by Filip Pizlo.
2444
2445         * bytecode/SamplingTool.cpp:
2446         (JSC::SamplingRegion::Locker::Locker):
2447         (JSC::SamplingRegion::Locker::~Locker):
2448         * bytecode/SamplingTool.h:
2449         (JSC::SamplingRegion::exchangeCurrent):
2450         * wtf/Atomics.h:
2451         (WTF):
2452         (WTF::weakCompareAndSwap):
2453         (WTF::weakCompareAndSwapUIntPtr):
2454
2455 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2456
2457         REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN
2458         https://bugs.webkit.org/show_bug.cgi?id=49989
2459
2460         Reviewed by Oliver Hunt.
2461
2462         Patch originally by chris reiss <christopher.reiss@nokia.com>,
2463         allow the year to appear before the timezone in date strings.
2464
2465         * wtf/DateMath.cpp:
2466         (WTF::parseDateFromNullTerminatedCharacters):
2467
2468 2012-03-09  Mark Rowe  <mrowe@apple.com>
2469
2470         Ensure that the WTF headers are copied at installhdrs time.
2471
2472         Reviewed by Dan Bernstein and Jessie Berlin.
2473
2474         * Configurations/JavaScriptCore.xcconfig: Set INSTALLHDRS_SCRIPT_PHASE = YES
2475         so that our script phases are invoked at installhdrs time. The only one that
2476         does any useful work at that time is the one that installs WTF headers.
2477
2478 2012-03-09  Jon Lee  <jonlee@apple.com>
2479
2480         Add support for ENABLE(LEGACY_NOTIFICATIONS)
2481         https://bugs.webkit.org/show_bug.cgi?id=80497
2482
2483         Reviewed by Adam Barth.
2484
2485         Prep for b80472: Update API for Web Notifications
2486         * Configurations/FeatureDefines.xcconfig:
2487
2488 2012-03-09  Ashod Nakashian  <ashodnakashian@yahoo.com>
2489
2490         Bash scripts should support LF endings only
2491         https://bugs.webkit.org/show_bug.cgi?id=79509
2492
2493         Reviewed by David Kilzer.
2494
2495         * gyp/generate-derived-sources.sh: Added property svn:eol-style.
2496         * gyp/run-if-exists.sh: Added property svn:eol-style.
2497         * gyp/update-info-plist.sh: Added property svn:eol-style.
2498
2499 2012-03-09  Jessie Berlin  <jberlin@apple.com>
2500
2501         Windows debug build fix.
2502
2503         * assembler/MacroAssembler.h:
2504         (JSC::MacroAssembler::shouldBlind):
2505         Fix unreachable code warnings (which we treat as errors).
2506
2507 2012-03-09  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
2508
2509         Reviewed by Zoltan Herczeg.
2510
2511         [Qt] Fix the SH4 build after r109834
2512         https://bugs.webkit.org/show_bug.cgi?id=80492
2513
2514         * assembler/MacroAssemblerSH4.h:
2515         (JSC::MacroAssemblerSH4::branchAdd32):
2516         (JSC::MacroAssemblerSH4::branchSub32):
2517
2518 2012-03-09  Andy Wingo  <wingo@igalia.com>
2519
2520         Refactor code feature analysis in the parser
2521         https://bugs.webkit.org/show_bug.cgi?id=79112
2522
2523         Reviewed by Geoffrey Garen.
2524
2525         This commit refactors the parser to more uniformly propagate flag
2526         bits down and up the parse process, as the parser descends and
2527         returns into nested blocks.  Some flags get passed town to
2528         subscopes, some apply to specific scopes only, and some get
2529         unioned up after parsing subscopes.
2530
2531         The goal is to eventually be very precise with scoping
2532         information, once we have block scopes: one block scope might use
2533         `eval', which would require the emission of a symbol table within
2534         that block and containing blocks, whereas another block in the
2535         same function might not, allowing us to not emit a symbol table.
2536
2537         * parser/Nodes.h:
2538         (JSC::ScopeFlags): Rename from CodeFeatures.
2539         (JSC::ScopeNode::addScopeFlags):
2540         (JSC::ScopeNode::scopeFlags): New accessors for m_scopeFlags.
2541         (JSC::ScopeNode::isStrictMode):
2542         (JSC::ScopeNode::usesEval):
2543         (JSC::ScopeNode::usesArguments):
2544         (JSC::ScopeNode::setUsesArguments):
2545         (JSC::ScopeNode::usesThis):
2546         (JSC::ScopeNode::needsActivationForMoreThanVariables):
2547         (JSC::ScopeNode::needsActivation): Refactor these accessors to
2548         operate on the m_scopeFlags member.
2549         (JSC::ScopeNode::source):
2550         (JSC::ScopeNode::sourceURL):
2551         (JSC::ScopeNode::sourceID): Shuffle these definitions around; no
2552         semantic change.
2553         (JSC::ScopeNode::ScopeNode)
2554         (JSC::ProgramNode::ProgramNode)
2555         (JSC::EvalNode::EvalNode)
2556         (JSC::FunctionBodyNode::FunctionBodyNode): Have these constructors
2557         take a ScopeFlags as an argument, instead of a bool inStrictContext.
2558
2559         * parser/Nodes.cpp:
2560         (JSC::ScopeNode::ScopeNode):
2561         (JSC::ProgramNode::ProgramNode):
2562         (JSC::ProgramNode::create):
2563         (JSC::EvalNode::EvalNode):
2564         (JSC::EvalNode::create):
2565         (JSC::FunctionBodyNode::FunctionBodyNode):
2566         (JSC::FunctionBodyNode::create): Adapt constructors to change.
2567
2568         * parser/ASTBuilder.h:
2569         (JSC::ASTBuilder::ASTBuilder):
2570         (JSC::ASTBuilder::thisExpr):
2571         (JSC::ASTBuilder::createResolve):
2572         (JSC::ASTBuilder::createFunctionBody):
2573         (JSC::ASTBuilder::createFuncDeclStatement):
2574         (JSC::ASTBuilder::createTryStatement):
2575         (JSC::ASTBuilder::createWithStatement):
2576         (JSC::ASTBuilder::addVar):
2577         (JSC::ASTBuilder::Scope::Scope):
2578         (Scope):
2579         (ASTBuilder):
2580         (JSC::ASTBuilder::makeFunctionCallNode): Don't track scope
2581         features here.  Instead rely on the base Parser mechanism to track
2582         features.
2583
2584         * parser/NodeInfo.h (NodeInfo, NodeDeclarationInfo): "ScopeFlags".
2585
2586         * parser/Parser.h:
2587         (JSC::Scope::Scope): Manage scope through flags, not
2588         bit-booleans.  This lets us uniformly propagate them up and down.
2589         (JSC::Scope::declareWrite):
2590         (JSC::Scope::declareParameter):
2591         (JSC::Scope::useVariable):
2592         (JSC::Scope::collectFreeVariables):
2593         (JSC::Scope::getCapturedVariables):
2594         (JSC::Scope::saveFunctionInfo):
2595         (JSC::Scope::restoreFunctionInfo):
2596         (JSC::Parser::pushScope): Adapt to use scope flags and their
2597         accessors instead of bit-booleans.
2598         * parser/Parser.cpp:
2599         (JSC::::Parser):
2600         (JSC::::parseInner):
2601         (JSC::::didFinishParsing):
2602         (JSC::::parseSourceElements):
2603         (JSC::::parseVarDeclarationList):
2604         (JSC::::parseConstDeclarationList):
2605         (JSC::::parseWithStatement):
2606         (JSC::::parseTryStatement):
2607         (JSC::::parseFunctionBody):
2608         (JSC::::parseFunctionInfo):
2609         (JSC::::parseFunctionDeclaration):
2610         (JSC::::parsePrimaryExpression): Hoist some of the flag handling
2611         out of the "context" (ASTBuilder or SyntaxChecker) and to here.
2612         Does not seem to have a performance impact.
2613
2614         * parser/SourceProviderCacheItem.h (SourceProviderCacheItem):
2615         Cache the scopeflags.
2616         * parser/SyntaxChecker.h: Remove evalCount() decl.
2617
2618         * runtime/Executable.cpp:
2619         (JSC::EvalExecutable::compileInternal):
2620         (JSC::ProgramExecutable::compileInternal):
2621         (JSC::FunctionExecutable::produceCodeBlockFor):
2622         * runtime/Executable.h:
2623         (JSC::ScriptExecutable::ScriptExecutable):
2624         (JSC::ScriptExecutable::usesEval):
2625         (JSC::ScriptExecutable::usesArguments):
2626         (JSC::ScriptExecutable::needsActivation):
2627         (JSC::ScriptExecutable::isStrictMode):
2628         (JSC::ScriptExecutable::recordParse):
2629         (ScriptExecutable): ScopeFlags, not features.
2630
2631 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
2632
2633         Build fix for MSVC after r110266
2634
2635         Unreviewed. A #ifdef for MSVC was left over in r110266.
2636
2637         * runtime/RegExpObject.h:
2638         (RegExpObject):
2639
2640 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
2641
2642         Allocate the RegExpObject's data with the Cell
2643         https://bugs.webkit.org/show_bug.cgi?id=80654
2644
2645         Reviewed by Gavin Barraclough.
2646
2647         This patch removes the creation of RegExpObject's data to avoid the overhead
2648         create by the allocation and destruction.
2649
2650         We RegExp are created repeatedly, this provides some performance improvment.
2651         The PeaceKeeper test stringDetectBrowser improves by 10%.
2652
2653         * runtime/RegExpObject.cpp:
2654         (JSC::RegExpObject::RegExpObject):
2655         (JSC::RegExpObject::visitChildren):
2656         (JSC::RegExpObject::getOwnPropertyDescriptor):
2657         (JSC::RegExpObject::defineOwnProperty):
2658         (JSC::RegExpObject::match):
2659         * runtime/RegExpObject.h:
2660         (JSC::RegExpObject::setRegExp):
2661         (JSC::RegExpObject::regExp):
2662         (JSC::RegExpObject::setLastIndex):
2663         (JSC::RegExpObject::getLastIndex):
2664         (RegExpObject):
2665
2666 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
2667
2668         Separate WTF parts of JavaScriptCoreGenerated into WTFGenerated for Windows build
2669         https://bugs.webkit.org/show_bug.cgi?id=80657
2670         
2671         Preparation for WTF separation from JavaScriptCore.
2672         The "Generated" vcproj files on Windows are necessary so Visual Studio can calculate correct
2673         dependencies for generated files.
2674         
2675         This also removes the PGO build targets from the WTF code, since we can't build instrumentation/optimization
2676         versions of the WTF code independent of the JavaScriptCore code.
2677
2678         Reviewed by Jessie Berlin.
2679
2680         * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WTFGenerated, update dependent projects.
2681         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed WTF specific parts.
2682         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed WTF specific parts.
2683         * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed WTF specific parts.
2684         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed WTF specific parts.
2685         * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Removed.
2686         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Add WTFGenerated, update dependent projects.
2687         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Remove PGO targets from WTF.
2688         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make.
2689         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj.
2690         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops.
2691         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops.
2692         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops.
2693         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops.
2694         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops.
2695         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops.
2696         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops.
2697         * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Removed.
2698         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh.
2699         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd.
2700         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py.
2701
2702 2012-03-08  Benjamin Poulain  <benjamin@webkit.org>
2703
2704         Fix the build of WebKit with WTFURL following the removal of ForwardingHeaders/wtf
2705         https://bugs.webkit.org/show_bug.cgi?id=80652
2706
2707         Reviewed by Eric Seidel.
2708
2709         Fix the header, URLSegments.h is not part of the API.
2710
2711         * wtf/url/api/ParsedURL.h:
2712
2713 2012-03-08  Ryosuke Niwa  <rniwa@webkit.org>
2714
2715         Mac build fix for micro data API.
2716
2717         * Configurations/FeatureDefines.xcconfig:
2718
2719 2012-03-08  Gavin Barraclough  <barraclough@apple.com>
2720
2721         String.prototype.match and replace do not clear global regexp lastIndex per ES5.1 15.5.4.10
2722         https://bugs.webkit.org/show_bug.cgi?id=26890
2723
2724         Reviewed by Oliver Hunt.
2725
2726         Per 15.10.6.2 step 9.a.1 called via the action of the last iteration of 15.5.4.10 8.f.i.
2727
2728         * runtime/StringPrototype.cpp:
2729         (JSC::replaceUsingRegExpSearch):
2730         (JSC::stringProtoFuncMatch):
2731             - added calls to setLastIndex.
2732
2733 2012-03-08  Matt Lilek  <mrl@apple.com>
2734
2735         Don't enable VIDEO_TRACK on all OS X platforms
2736         https://bugs.webkit.org/show_bug.cgi?id=80635
2737
2738         Reviewed by Eric Carlson.
2739
2740         * Configurations/FeatureDefines.xcconfig:
2741
2742 2012-03-08  Oliver Hunt  <oliver@apple.com>
2743
2744         Build fix.  That day is not today.
2745
2746         * assembler/MacroAssembler.h:
2747         (JSC::MacroAssembler::shouldBlind):
2748         * assembler/MacroAssemblerX86Common.h:
2749         (MacroAssemblerX86Common):
2750         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2751
2752 2012-03-08  Oliver Hunt  <oliver@apple.com>
2753
2754         Build fix. One of these days I'll manage to commit something that works everywhere.
2755
2756         * assembler/AbstractMacroAssembler.h:
2757         (AbstractMacroAssembler):
2758         * assembler/MacroAssemblerARMv7.h:
2759         (MacroAssemblerARMv7):
2760         * assembler/MacroAssemblerX86Common.h:
2761         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2762         (MacroAssemblerX86Common):
2763
2764 2012-03-08  Chao-ying Fu  <fu@mips.com>
2765
2766         Update MIPS patchOffsetGetByIdSlowCaseCall
2767         https://bugs.webkit.org/show_bug.cgi?id=80302
2768
2769         Reviewed by Oliver Hunt.
2770
2771         * jit/JIT.h:
2772         (JIT):
2773
2774 2012-03-08  Oliver Hunt  <oliver@apple.com>
2775
2776         Missing some places where we should be blinding 64bit values (and blinding something we shouldn't)
2777         https://bugs.webkit.org/show_bug.cgi?id=80633
2778
2779         Reviewed by Gavin Barraclough.
2780
2781         Add 64-bit trap for shouldBlindForSpecificArch, so that we always blind
2782         if there isn't a machine specific implementation (otherwise the 64bit value
2783         got truncated and 32bit checks were used -- leaving 32bits untested).
2784         Also add a bit of logic to ensure that we don't try to blind a few common
2785         constants that go through the ImmPtr paths -- encoded numeric JSValues and
2786         unencoded doubles with common "safe" values.
2787
2788         * assembler/AbstractMacroAssembler.h:
2789         (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
2790         * assembler/MacroAssembler.h:
2791         (JSC::MacroAssembler::shouldBlindDouble):
2792         (MacroAssembler):
2793         (JSC::MacroAssembler::shouldBlind):
2794         * assembler/MacroAssemblerX86Common.h:
2795         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2796
2797 2012-03-08  Mark Rowe  <mrowe@apple.com>
2798
2799         <rdar://problem/11012572> Ensure that the staged frameworks path is in the search path for JavaScriptCore
2800
2801         Reviewed by Dan Bernstein.
2802
2803         * Configurations/Base.xcconfig:
2804
2805 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
2806
2807         Fix line endings for copy-files.cmd.
2808         
2809         If a cmd file doesn't have Windows line endings, it doesn't work properly.
2810         In this case, the label :clean wasn't found, breaking the clean build.
2811         
2812         Reviewed by Jessie Berlin.
2813
2814         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2815
2816 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
2817
2818         DFG CFA incorrectly handles ValueToInt32
2819         https://bugs.webkit.org/show_bug.cgi?id=80568
2820
2821         Reviewed by Gavin Barraclough.
2822         
2823         Changed it match exactly the decision pattern used in
2824         DFG::SpeculativeJIT::compileValueToInt32
2825
2826         * dfg/DFGAbstractState.cpp:
2827         (JSC::DFG::AbstractState::execute):
2828
2829 2012-03-08  Viatcheslav Ostapenko  <ostapenko.viatcheslav@nokia.com>
2830
2831         [Qt] [WK2] Webkit fails to link when compiled with force_static_libs_as_shared
2832         https://bugs.webkit.org/show_bug.cgi?id=80524
2833
2834         Reviewed by Simon Hausmann.
2835
2836         Move IdentifierTable methods defintion to WTFThreadData.cpp to fix linking 
2837         of WTF library.
2838
2839         * runtime/Identifier.cpp:
2840         * wtf/WTFThreadData.cpp:
2841         (JSC):
2842         (JSC::IdentifierTable::~IdentifierTable):
2843         (JSC::IdentifierTable::add):
2844
2845 2012-03-08  Filip Pizlo  <fpizlo@apple.com>
2846
2847         DFG instruction count threshold should be lifted to 10000
2848         https://bugs.webkit.org/show_bug.cgi?id=80579
2849
2850         Reviewed by Gavin Barraclough.
2851
2852         * runtime/Options.cpp:
2853         (JSC::Options::initializeOptions):
2854
2855 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
2856
2857         Incorrect tracking of abstract values of variables forced double
2858         https://bugs.webkit.org/show_bug.cgi?id=80566
2859         <rdar://problem/11001442>
2860
2861         Reviewed by Gavin Barraclough.
2862
2863         * dfg/DFGAbstractState.cpp:
2864         (JSC::DFG::AbstractState::mergeStateAtTail):
2865
2866 2012-03-07  Chao-yng Fu  <fu@mips.com>
2867
2868         [Qt] Fix the MIPS/SH4 build after r109834
2869         https://bugs.webkit.org/show_bug.cgi?id=80492
2870
2871         Reviewed by Oliver Hunt.
2872
2873         Implement three-argument branch(Add,Sub)32.
2874
2875         * assembler/MacroAssemblerMIPS.h:
2876         (JSC::MacroAssemblerMIPS::add32):
2877         (MacroAssemblerMIPS):
2878         (JSC::MacroAssemblerMIPS::sub32):
2879         (JSC::MacroAssemblerMIPS::branchAdd32):
2880         (JSC::MacroAssemblerMIPS::branchSub32):
2881
2882 2012-03-07  Sheriff Bot  <webkit.review.bot@gmail.com>
2883
2884         Unreviewed, rolling out r110127.
2885         http://trac.webkit.org/changeset/110127
2886         https://bugs.webkit.org/show_bug.cgi?id=80562
2887
2888         compile failed on AppleWin (Requested by ukai on #webkit).
2889
2890         * heap/Heap.cpp:
2891         (JSC::Heap::collectAllGarbage):
2892         * heap/Heap.h:
2893         (JSC):
2894         (Heap):
2895         * runtime/Executable.cpp:
2896         (JSC::FunctionExecutable::FunctionExecutable):
2897         (JSC::FunctionExecutable::finalize):
2898         * runtime/Executable.h:
2899         (FunctionExecutable):
2900         (JSC::FunctionExecutable::create):
2901         * runtime/JSGlobalData.cpp:
2902         (WTF):
2903         (Recompiler):
2904         (WTF::Recompiler::operator()):
2905         (JSC::JSGlobalData::recompileAllJSFunctions):
2906         (JSC):
2907         * runtime/JSGlobalData.h:
2908         (JSGlobalData):
2909         * runtime/JSGlobalObject.cpp:
2910         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
2911
2912 2012-03-07  Hojong Han  <hojong.han@samsung.com>
2913
2914         The end atom of the marked block considered to filter invalid cells
2915         https://bugs.webkit.org/show_bug.cgi?id=79191
2916
2917         Reviewed by Geoffrey Garen.
2918
2919         Register file could have stale pointers beyond the end atom of marked block.
2920         Those pointers can weasel out of filtering in-middle-of-cell pointer.
2921
2922         * heap/MarkedBlock.h:
2923         (JSC::MarkedBlock::isLiveCell):
2924
2925 2012-03-07  Jessie Berlin  <jberlin@apple.com>
2926
2927         Clean Windows build fails after r110033
2928         https://bugs.webkit.org/show_bug.cgi?id=80553
2929
2930         Rubber-stamped by Jon Honeycutt and Eric Seidel.
2931
2932         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2933         Place the implementation files next to their header files in the wtf/text subdirectory.
2934         Use echo -F to tell xcopy that these are files (since there is apparently no flag).
2935         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
2936         Update the path to those implementation files.
2937         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
2938         Ditto.
2939
2940 2012-03-07  Yuqiang Xian  <yuqiang.xian@intel.com>
2941
2942         Eliminate redundant Phis in DFG
2943         https://bugs.webkit.org/show_bug.cgi?id=80415
2944
2945         Reviewed by Filip Pizlo.
2946
2947         Although this may not have any advantage at current stage, this is towards
2948         minimal SSA to make more high level optimizations (like bug 76770) easier.
2949         We have the choices either to build minimal SSA from scratch or to
2950         keep current simple Phi insertion mechanism and remove the redundancy
2951         in another phase. Currently we choose the latter because the change
2952         could be smaller.
2953
2954         * CMakeLists.txt:
2955         * GNUmakefile.list.am:
2956         * JavaScriptCore.xcodeproj/project.pbxproj:
2957         * Target.pri:
2958         * dfg/DFGDriver.cpp:
2959         (JSC::DFG::compile):
2960         * dfg/DFGGraph.cpp:
2961         (JSC::DFG::Graph::dump):
2962         * dfg/DFGRedundantPhiEliminationPhase.cpp: Added.
2963         (DFG):
2964         (RedundantPhiEliminationPhase):
2965         (JSC::DFG::RedundantPhiEliminationPhase::RedundantPhiEliminationPhase):
2966         (JSC::DFG::RedundantPhiEliminationPhase::run):
2967         (JSC::DFG::RedundantPhiEliminationPhase::getRedundantReplacement):
2968         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
2969         (JSC::DFG::RedundantPhiEliminationPhase::fixupPhis):
2970         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
2971         (JSC::DFG::performRedundantPhiElimination):
2972         * dfg/DFGRedundantPhiEliminationPhase.h: Added.
2973         (DFG):
2974
2975 2012-03-07  Mark Hahnenberg  <mhahnenberg@apple.com>
2976
2977         Refactor recompileAllJSFunctions() to be less expensive
2978         https://bugs.webkit.org/show_bug.cgi?id=80330
2979
2980         Reviewed by Geoffrey Garen.
2981
2982         This change is performance neutral on the JS benchmarks we track. It's mostly to improve page 
2983         load performance, which currently does at least a couple full GCs per navigation.
2984
2985         * heap/Heap.cpp:
2986         (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode 
2987         because the function doesn't actually recompile anything (and never did); it simply throws code
2988         away for it to be recompiled later if we determine we should do so.
2989         (JSC):
2990         (JSC::Heap::collectAllGarbage):
2991         (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list.
2992         (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list.
2993         * heap/Heap.h:
2994         (JSC):
2995         (Heap):
2996         * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can 
2997         be used in DoublyLinkedLists.
2998         (JSC::FunctionExecutable::FunctionExecutable):
2999         (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list.
3000         * runtime/Executable.h:
3001         (FunctionExecutable):
3002         (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list.
3003         * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage 
3004         the list of FunctionExecutables.
3005         * runtime/JSGlobalData.h:
3006         (JSGlobalData):
3007         * runtime/JSGlobalObject.cpp:
3008         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode.
3009
3010 2012-03-06  Oliver Hunt  <oliver@apple.com>
3011
3012         Further harden 64-bit JIT
3013         https://bugs.webkit.org/show_bug.cgi?id=80457
3014
3015         Reviewed by Filip Pizlo.
3016
3017         This patch implements blinding for ImmPtr.  Rather than xor based blinding
3018         we perform randomised pointer rotations in order to avoid the significant
3019         cost in executable memory that would otherwise be necessary (and to avoid
3020         the need for an additional scratch register in some cases).
3021
3022         As with the prior blinding patch there's a moderate amount of noise as we
3023         correct the use of ImmPtr vs. TrustedImmPtr.
3024
3025         * assembler/AbstractMacroAssembler.h:
3026         (ImmPtr):
3027         (JSC::AbstractMacroAssembler::ImmPtr::asTrustedImmPtr):
3028         * assembler/MacroAssembler.h:
3029         (MacroAssembler):
3030         (JSC::MacroAssembler::storePtr):
3031         (JSC::MacroAssembler::branchPtr):
3032         (JSC::MacroAssembler::shouldBlind):
3033         (JSC::MacroAssembler::RotatedImmPtr::RotatedImmPtr):
3034         (RotatedImmPtr):
3035         (JSC::MacroAssembler::rotationBlindConstant):
3036         (JSC::MacroAssembler::loadRotationBlindedConstant):
3037         (JSC::MacroAssembler::convertInt32ToDouble):
3038         (JSC::MacroAssembler::move):
3039         (JSC::MacroAssembler::poke):
3040         * assembler/MacroAssemblerARMv7.h:
3041         (JSC::MacroAssemblerARMv7::storeDouble):
3042         (JSC::MacroAssemblerARMv7::branchAdd32):
3043         * assembler/MacroAssemblerX86_64.h:
3044         (MacroAssemblerX86_64):
3045         (JSC::MacroAssemblerX86_64::rotateRightPtr):
3046         (JSC::MacroAssemblerX86_64::xorPtr):
3047         * assembler/X86Assembler.h:
3048         (X86Assembler):
3049         (JSC::X86Assembler::xorq_rm):
3050         (JSC::X86Assembler::rorq_i8r):
3051         * dfg/DFGCCallHelpers.h:
3052         (CCallHelpers):
3053         (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
3054         * dfg/DFGOSRExitCompiler32_64.cpp:
3055         (JSC::DFG::OSRExitCompiler::compileExit):
3056         * dfg/DFGOSRExitCompiler64.cpp:
3057         (JSC::DFG::OSRExitCompiler::compileExit):
3058         * dfg/DFGSpeculativeJIT.cpp:
3059         (JSC::DFG::SpeculativeJIT::createOSREntries):
3060         * dfg/DFGSpeculativeJIT.h:
3061         (JSC::DFG::SpeculativeJIT::silentFillGPR):
3062         (JSC::DFG::SpeculativeJIT::callOperation):
3063         (JSC::DFG::SpeculativeJIT::emitEdgeCode):
3064         * dfg/DFGSpeculativeJIT32_64.cpp:
3065         (JSC::DFG::SpeculativeJIT::compile):
3066         * dfg/DFGSpeculativeJIT64.cpp:
3067         (JSC::DFG::SpeculativeJIT::fillInteger):
3068         (JSC::DFG::SpeculativeJIT::fillDouble):
3069         (JSC::DFG::SpeculativeJIT::fillJSValue):
3070         (JSC::DFG::SpeculativeJIT::emitCall):
3071         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
3072         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
3073         (JSC::DFG::SpeculativeJIT::emitBranch):
3074         * jit/JIT.cpp:
3075         (JSC::JIT::emitOptimizationCheck):
3076         * jit/JITArithmetic32_64.cpp:
3077         (JSC::JIT::emitSlow_op_post_inc):
3078         * jit/JITInlineMethods.h:
3079         (JSC::JIT::emitValueProfilingSite):
3080         (JSC::JIT::emitGetVirtualRegister):
3081         * jit/JITOpcodes.cpp:
3082         (JSC::JIT::emit_op_mov):
3083         (JSC::JIT::emit_op_new_object):
3084         (JSC::JIT::emit_op_strcat):
3085         (JSC::JIT::emit_op_ensure_property_exists):
3086         (JSC::JIT::emit_op_resolve_skip):
3087         (JSC::JIT::emitSlow_op_resolve_global):
3088         (JSC::JIT::emit_op_resolve_with_base):
3089         (JSC::JIT::emit_op_resolve_with_this):
3090         (JSC::JIT::emit_op_jmp_scopes):
3091         (JSC::JIT::emit_op_switch_imm):
3092         (JSC::JIT::emit_op_switch_char):
3093         (JSC::JIT::emit_op_switch_string):
3094         (JSC::JIT::emit_op_throw_reference_error):
3095         (JSC::JIT::emit_op_debug):
3096         (JSC::JIT::emitSlow_op_resolve_global_dynamic):
3097         (JSC::JIT::emit_op_new_array):
3098         (JSC::JIT::emitSlow_op_new_array):
3099         (JSC::JIT::emit_op_new_array_buffer):
3100         * jit/JITOpcodes32_64.cpp:
3101         (JSC::JIT::emit_op_new_object):
3102         (JSC::JIT::emit_op_strcat):
3103         (JSC::JIT::emit_op_ensure_property_exists):
3104         (JSC::JIT::emit_op_resolve_skip):
3105         (JSC::JIT::emitSlow_op_resolve_global):
3106         (JSC::JIT::emit_op_resolve_with_base):
3107         (JSC::JIT::emit_op_resolve_with_this):
3108         (JSC::JIT::emit_op_jmp_scopes):
3109         (JSC::JIT::emit_op_switch_imm):
3110         (JSC::JIT::emit_op_switch_char):
3111         (JSC::JIT::emit_op_switch_string):
3112         * jit/JITPropertyAccess32_64.cpp:
3113         (JSC::JIT::emit_op_put_by_index):
3114         * jit/JITStubCall.h:
3115         (JITStubCall):
3116         (JSC::JITStubCall::addArgument):
3117
3118 2012-03-07  Simon Hausmann  <simon.hausmann@nokia.com>
3119
3120         ARM build fix.
3121
3122         Reviewed by Zoltan Herczeg.
3123
3124         Implement three-argument branch(Add,Sub)32.
3125
3126         * assembler/MacroAssemblerARM.h:
3127         (JSC::MacroAssemblerARM::add32):
3128         (MacroAssemblerARM):
3129         (JSC::MacroAssemblerARM::sub32):
3130         (JSC::MacroAssemblerARM::branchAdd32):
3131         (JSC::MacroAssemblerARM::branchSub32):
3132
3133 2012-03-07  Andy Wingo  <wingo@igalia.com>
3134
3135         Parser: Inline ScopeNodeData into ScopeNode
3136         https://bugs.webkit.org/show_bug.cgi?id=79776
3137
3138         Reviewed by Geoffrey Garen.
3139
3140         It used to be that some ScopeNode members were kept in a separate
3141         structure because sometimes they wouldn't be needed, and
3142         allocating a ParserArena was expensive.  This patch makes
3143         ParserArena lazily allocate its IdentifierArena, allowing the
3144         members to be included directly, which is simpler and easier to
3145         reason about.
3146
3147         * parser/ParserArena.cpp:
3148         (JSC::ParserArena::ParserArena):
3149         (JSC::ParserArena::reset):
3150         (JSC::ParserArena::isEmpty):
3151         * parser/ParserArena.h:
3152         (JSC::ParserArena::identifierArena): Lazily allocate the
3153         IdentifierArena.
3154
3155         * parser/Nodes.cpp:
3156         (JSC::ScopeNode::ScopeNode):
3157         (JSC::ScopeNode::singleStatement):
3158         (JSC::ProgramNode::create):
3159         (JSC::EvalNode::create):
3160         (JSC::FunctionBodyNode::create):
3161         * parser/Nodes.h:
3162         (JSC::ScopeNode::destroyData):
3163         (JSC::ScopeNode::needsActivationForMoreThanVariables):
3164         (JSC::ScopeNode::needsActivation):
3165         (JSC::ScopeNode::hasCapturedVariables):
3166         (JSC::ScopeNode::capturedVariableCount):
3167         (JSC::ScopeNode::captures):
3168         (JSC::ScopeNode::varStack):
3169         (JSC::ScopeNode::functionStack):
3170         (JSC::ScopeNode::neededConstants):
3171         (ScopeNode):
3172         * bytecompiler/NodesCodegen.cpp:
3173         (JSC::ScopeNode::emitStatementsBytecode): Inline ScopeNodeData
3174         into ScopeNode.  Adapt accessors.
3175
3176 2012-03-06  Eric Seidel  <eric@webkit.org>
3177
3178         Make WTF public headers use fully-qualified include paths and remove ForwardingHeaders/wtf
3179         https://bugs.webkit.org/show_bug.cgi?id=80363
3180
3181         Reviewed by Mark Rowe.
3182
3183         Historically WTF has been part of JavaScriptCore, and on Mac and Windows
3184         its headers have appeared as part of the "private" headers exported by
3185         JavaScriptCore.  All of the WTF headers there are "flattened" into a single
3186         private headers directory, and WebCore, WebKit and WebKit2 have used "ForwardingHeaders"
3187         to re-map fully-qualified <wtf/text/Foo.h> includes to simple <JavaScriptCore/Foo.h> includes.
3188
3189         However, very soon, we are moving the WTF source code out of JavaScriptCore into its
3190         own directory and project.  As part of such, the WTF headers will no longer be part of
3191         the JavaScriptCore private interfaces.
3192         In preparation for that, this change makes both the Mac and Win builds export
3193         WTF headers in a non-flattened manner.  On Mac, that means into usr/local/include/wtf
3194         (and subdirectories), on Windows for now that means JavaScriptCore/wtf (and subdirectories).
3195
3196         There are 5 parts to this change.
3197         1.  Updates the JavaScriptCore XCode and VCProj files to actually install these headers
3198             (and header directories) into the appropriate places in the build directory.
3199         2.  Updates JavaScriptCore.xcodeproj to look for these WTF headers in this install location
3200             (WebCore, WebKit, etc. had already been taught to look in previous patches).
3201         3.  Fixes all JavaScriptCore source files, and WTF headers to include WTF headers
3202             using fully qualified paths.
3203         4.  Stops the Mac and Win builds from installing these WTF headers in their old "flattened" location.
3204         5.  Removes WebCore and WebKit ForwardingHeaders/wtf directories now that the flattened headers no longer exist.
3205
3206         Unfortunately we see no way to do this change in smaller parts, since all of these steps are interdependant.
3207         It is possible there are internal Apple projects which depend on JavaScriptCore/Foo.h working for WTF
3208         headers, those will have to be updated to use <wtf/Foo.h> after this change.
3209         I've discussed this proposed change at length with Mark Rowe, and my understanding is they
3210         are ready for (and interested in) this change happening.
3211
3212         * API/tests/JSNode.c:
3213         * API/tests/JSNodeList.c:
3214         * Configurations/Base.xcconfig:
3215         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
3216         * JavaScriptCore.xcodeproj/project.pbxproj:
3217         * assembler/MacroAssemblerCodeRef.h:
3218         * bytecompiler/BytecodeGenerator.h:
3219         * dfg/DFGOperations.cpp:
3220         * heap/GCAssertions.h:
3221         * heap/HandleHeap.h:
3222         * heap/HandleStack.h:
3223         * heap/MarkedSpace.h:
3224         * heap/PassWeak.h:
3225         * heap/Strong.h:
3226         * heap/Weak.h:
3227         * jit/HostCallReturnValue.cpp:
3228         * jit/JIT.cpp:
3229         * jit/JITStubs.cpp:
3230         * jit/ThunkGenerators.cpp:
3231         * parser/Lexer.cpp:
3232         * runtime/Completion.cpp:
3233         * runtime/Executable.cpp:
3234         * runtime/Identifier.h:
3235         * runtime/InitializeThreading.cpp:
3236         * runtime/JSDateMath.cpp:
3237         * runtime/JSGlobalObjectFunctions.cpp:
3238         * runtime/JSStringBuilder.h:
3239         * runtime/JSVariableObject.h:
3240         * runtime/NumberPrototype.cpp:
3241         * runtime/WriteBarrier.h:
3242         * tools/CodeProfile.cpp:
3243         * tools/TieredMMapArray.h:
3244         * wtf/AVLTree.h:
3245         * wtf/Alignment.h:
3246         * wtf/AlwaysInline.h:
3247         * wtf/ArrayBufferView.h:
3248         * wtf/Assertions.h:
3249         * wtf/Atomics.h:
3250         * wtf/Bitmap.h:
3251         * wtf/BoundsCheckedPointer.h:
3252         * wtf/CheckedArithmetic.h:
3253         * wtf/Deque.h:
3254         * wtf/ExportMacros.h:
3255         * wtf/FastAllocBase.h:
3256         * wtf/FastMalloc.h:
3257         * wtf/Float32Array.h:
3258         * wtf/Float64Array.h:
3259         * wtf/Functional.h:
3260         * wtf/HashCountedSet.h:
3261         * wtf/HashFunctions.h:
3262         * wtf/HashMap.h:
3263         * wtf/HashSet.h:
3264         * wtf/HashTable.h:
3265         * wtf/HashTraits.h:
3266         * wtf/Int16Array.h:
3267         * wtf/Int32Array.h:
3268         * wtf/Int8Array.h:
3269         * wtf/IntegralTypedArrayBase.h:
3270         * wtf/ListHashSet.h:
3271         * wtf/MainThread.h:
3272         * wtf/MetaAllocator.h:
3273         * wtf/Noncopyable.h:
3274         * wtf/OwnArrayPtr.h:
3275         * wtf/OwnPtr.h:
3276         * wtf/PackedIntVector.h:
3277         * wtf/ParallelJobs.h:
3278         * wtf/PassOwnArrayPtr.h:
3279         * wtf/PassOwnPtr.h:
3280         * wtf/PassRefPtr.h:
3281         * wtf/PassTraits.h:
3282         * wtf/Platform.h:
3283         * wtf/PossiblyNull.h:
3284         * wtf/RefCounted.h:
3285         * wtf/RefCountedLeakCounter.h:
3286         * wtf/RefPtr.h:
3287         * wtf/RetainPtr.h:
3288         * wtf/SimpleStats.h:
3289         * wtf/Spectrum.h:
3290         * wtf/StdLibExtras.h:
3291         * wtf/TCPageMap.h:
3292         * wtf/TemporaryChange.h:
3293         * wtf/ThreadSafeRefCounted.h:
3294         * wtf/Threading.h:
3295         * wtf/ThreadingPrimitives.h:
3296         * wtf/TypeTraits.h:
3297         * wtf/TypedArrayBase.h:
3298         * wtf/Uint16Array.h:
3299         * wtf/Uint32Array.h:
3300         * wtf/Uint8Array.h:
3301         * wtf/Uint8ClampedArray.h:
3302         * wtf/UnusedParam.h:
3303         * wtf/Vector.h:
3304         * wtf/VectorTraits.h:
3305         * wtf/dtoa/double-conversion.h:
3306         * wtf/dtoa/utils.h:
3307         * wtf/gobject/GRefPtr.h:
3308         * wtf/gobject/GlibUtilities.h:
3309         * wtf/text/AtomicString.h:
3310         * wtf/text/AtomicStringImpl.h:
3311         * wtf/text/CString.h:
3312         * wtf/text/StringConcatenate.h:
3313         * wtf/text/StringHash.h:
3314         * wtf/text/WTFString.h:
3315         * wtf/unicode/CharacterNames.h:
3316         * wtf/unicode/UTF8.h:
3317         * wtf/unicode/glib/UnicodeGLib.h:
3318         * wtf/unicode/qt4/UnicodeQt4.h:
3319         * wtf/unicode/wince/UnicodeWinCE.h:
3320         * wtf/url/api/ParsedURL.h:
3321         * wtf/url/api/URLString.h:
3322         * wtf/wince/FastMallocWinCE.h:
3323         * yarr/YarrJIT.cpp:
3324
3325 2012-03-06  Gavin Barraclough  <barraclough@apple.com>
3326
3327         Array.prototype functions should throw if delete fails
3328         https://bugs.webkit.org/show_bug.cgi?id=80467
3329
3330         Reviewed by Oliver Hunt.
3331
3332         All calls to [[Delete]] from Array.prototype are specified to pass 'true' as the value of Throw.
3333         In the case of shift/unshift, these are also missing a throw from the 'put' in the implementations
3334         in JSArray.cpp. There are effectively three copies of each of the generic shift/unshift routines,
3335         one in splice, one in ArrayPrototype's shift/unshift methods, and one in JSArray's shift/unshift
3336         routines, for handling arrays with holes. These three copies should be unified.
3337
3338         * runtime/ArrayPrototype.cpp:
3339         (JSC::shift):
3340         (JSC::unshift):
3341             - Added - shared copies of the shift/unshift functionality.
3342         (JSC::arrayProtoFuncPop):
3343             - should throw if the delete fails.
3344         (JSC::arrayProtoFuncReverse):
3345             - should throw if the delete fails.
3346         (JSC::arrayProtoFuncShift):
3347         (JSC::arrayProtoFuncSplice):
3348         (JSC::arrayProtoFuncUnShift):
3349             - use shift/unshift.
3350         * runtime/JSArray.cpp:
3351         (JSC::JSArray::shiftCount):
3352         (JSC::JSArray::unshiftCount):
3353             - Don't try to handle arrays with holes; return a value indicating
3354               the generic routine should be used instead.
3355         * runtime/JSArray.h:
3356             - declaration for shiftCount/unshiftCount changed.
3357         * tests/mozilla/js1_6/Array/regress-304828.js:
3358             - this was asserting incorrect behaviour.
3359
3360 2012-03-06  Raphael Kubo da Costa  <kubo@profusion.mobi>
3361
3362         [CMake] Make the removal of transitive library dependencies work with CMake < 2.8.7.
3363         https://bugs.webkit.org/show_bug.cgi?id=80469
3364
3365         Reviewed by Antonio Gomes.
3366
3367         * CMakeLists.txt: Manually set the LINK_INTERFACE_LIBRARIES target
3368         property on the library being created.
3369
3370 2012-03-06  Yuqiang Xian  <yuqiang.xian@intel.com>
3371
3372         DFG BasicBlock should group the Phi nodes together and separate them
3373         from the other nodes
3374         https://bugs.webkit.org/show_bug.cgi?id=80361
3375
3376         Reviewed by Filip Pizlo.
3377
3378         This would make it more efficient to remove the redundant Phi nodes or
3379         insert new Phi nodes for SSA, besides providing a cleaner BasicBlock structure.
3380         This is performance neutral on SunSpider, V8 and Kraken.
3381
3382         * dfg/DFGAbstractState.cpp:
3383         (JSC::DFG::AbstractState::clobberStructures):
3384         (JSC::DFG::AbstractState::dump):
3385         * dfg/DFGBasicBlock.h:
3386         (JSC::DFG::BasicBlock::BasicBlock):
3387         (BasicBlock):
3388         * dfg/DFGByteCodeParser.cpp:
3389         (JSC::DFG::ByteCodeParser::addToGraph):
3390         (JSC::DFG::ByteCodeParser::insertPhiNode):
3391         * dfg/DFGCFAPhase.cpp:
3392         (JSC::DFG::CFAPhase::performBlockCFA):
3393         * dfg/DFGCSEPhase.cpp:
3394         (JSC::DFG::CSEPhase::pureCSE):
3395         (JSC::DFG::CSEPhase::impureCSE):
3396         (JSC::DFG::CSEPhase::globalVarLoadElimination):
3397         (JSC::DFG::CSEPhase::getByValLoadElimination):
3398         (JSC::DFG::CSEPhase::checkFunctionElimination):
3399         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
3400         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
3401         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
3402         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
3403         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
3404         (JSC::DFG::CSEPhase::performBlockCSE):
3405         * dfg/DFGGraph.cpp:
3406         (JSC::DFG::Graph::dump):
3407         * dfg/DFGSpeculativeJIT.cpp:
3408         (JSC::DFG::SpeculativeJIT::compile):
3409
3410 2012-03-06  Mark Hahnenberg  <mhahnenberg@apple.com>
3411
3412         GCActivityCallback timer should vary with the length of the previous GC
3413         https://bugs.webkit.org/show_bug.cgi?id=80344
3414
3415         Reviewed by Geoffrey Garen.
3416
3417         * heap/Heap.cpp: Gave Heap the ability to keep track of the length of its last 
3418         GC length so that the GC Activity Callback can use it.
3419         (JSC::Heap::Heap):
3420         (JSC::Heap::collect):
3421         * heap/Heap.h:
3422        &n