27caf1e08099514c71c96deaf17dd2e5e0513472
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-02-16  Oliver Hunt  <oliver@apple.com>
2
3         Implement Error.stack
4         https://bugs.webkit.org/show_bug.cgi?id=66994
5
6         Reviewed by Gavin Barraclough.
7
8         Implement support for stack traces on exception objects.  This is a rewrite
9         of the core portion of the last stack walking logic, but the mechanical work
10         of adding the information to an exception comes from the original work by
11         Juan Carlos Montemayor Elosua.
12
13         * interpreter/Interpreter.cpp:
14         (JSC::getCallerInfo):
15         (JSC):
16         (JSC::getSourceURLFromCallFrame):
17         (JSC::getStackFrameCodeType):
18         (JSC::Interpreter::getStackTrace):
19         (JSC::Interpreter::throwException):
20         (JSC::Interpreter::privateExecute):
21         * interpreter/Interpreter.h:
22         (JSC):
23         (StackFrame):
24         (JSC::StackFrame::toString):
25         (Interpreter):
26         * jsc.cpp:
27         (GlobalObject::finishCreation):
28         (functionJSCStack):
29         * parser/Nodes.h:
30         (JSC::FunctionBodyNode::setInferredName):
31         * parser/Parser.h:
32         (JSC::::parse):
33         * runtime/CommonIdentifiers.h:
34         * runtime/Error.cpp:
35         (JSC::addErrorInfo):
36         * runtime/Error.h:
37         (JSC):
38
39 2012-02-17  Mark Hahnenberg  <mhahnenberg@apple.com>
40
41         Rename Bump* to Copy*
42         https://bugs.webkit.org/show_bug.cgi?id=78573
43
44         Reviewed by Geoffrey Garen.
45
46         Renamed anything with "Bump" in the name to have "Copied" instead.
47
48         * CMakeLists.txt:
49         * GNUmakefile.list.am:
50         * JavaScriptCore.gypi:
51         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
52         * JavaScriptCore.xcodeproj/project.pbxproj:
53         * Target.pri:
54         * heap/BumpBlock.h: Removed.
55         * heap/BumpSpace.cpp: Removed.
56         * heap/BumpSpace.h: Removed.
57         * heap/BumpSpaceInlineMethods.h: Removed.
58         * heap/ConservativeRoots.cpp:
59         (JSC::ConservativeRoots::ConservativeRoots):
60         (JSC::ConservativeRoots::genericAddPointer):
61         * heap/ConservativeRoots.h:
62         (ConservativeRoots):
63         * heap/CopiedBlock.h: Added.
64         (JSC):
65         (CopiedBlock):
66         (JSC::CopiedBlock::CopiedBlock):
67         * heap/CopiedSpace.cpp: Added.
68         (JSC):
69         (JSC::CopiedSpace::tryAllocateSlowCase):
70         * heap/CopiedSpace.h: Added.
71         (JSC):
72         (CopiedSpace):
73         (JSC::CopiedSpace::isInCopyPhase):
74         (JSC::CopiedSpace::totalMemoryAllocated):
75         (JSC::CopiedSpace::totalMemoryUtilized):
76         * heap/CopiedSpaceInlineMethods.h: Added.
77         (JSC):
78         (JSC::CopiedSpace::CopiedSpace):
79         (JSC::CopiedSpace::init):
80         (JSC::CopiedSpace::contains):
81         (JSC::CopiedSpace::pin):
82         (JSC::CopiedSpace::startedCopying):
83         (JSC::CopiedSpace::doneCopying):
84         (JSC::CopiedSpace::doneFillingBlock):
85         (JSC::CopiedSpace::recycleBlock):
86         (JSC::CopiedSpace::getFreshBlock):
87         (JSC::CopiedSpace::borrowBlock):
88         (JSC::CopiedSpace::addNewBlock):
89         (JSC::CopiedSpace::allocateNewBlock):
90         (JSC::CopiedSpace::fitsInBlock):
91         (JSC::CopiedSpace::fitsInCurrentBlock):
92         (JSC::CopiedSpace::tryAllocate):
93         (JSC::CopiedSpace::tryAllocateOversize):
94         (JSC::CopiedSpace::allocateFromBlock):
95         (JSC::CopiedSpace::tryReallocate):
96         (JSC::CopiedSpace::tryReallocateOversize):
97         (JSC::CopiedSpace::isOversize):
98         (JSC::CopiedSpace::isPinned):
99         (JSC::CopiedSpace::oversizeBlockFor):
100         (JSC::CopiedSpace::blockFor):
101         * heap/Heap.cpp:
102         * heap/Heap.h:
103         (JSC):
104         (Heap):
105         * heap/MarkStack.cpp:
106         (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
107         (JSC::SlotVisitor::drainFromShared):
108         (JSC::SlotVisitor::startCopying):
109         (JSC::SlotVisitor::allocateNewSpace):
110         (JSC::SlotVisitor::doneCopying):
111         * heap/MarkStack.h:
112         (MarkStackThreadSharedData):
113         * heap/SlotVisitor.h:
114         (SlotVisitor):
115         * runtime/JSArray.cpp:
116         * runtime/JSObject.cpp:
117
118 2012-02-16  Yuqiang Xian  <yuqiang.xian@intel.com>
119
120         Add JSC code profiling support on Linux x86
121         https://bugs.webkit.org/show_bug.cgi?id=78871
122
123         Reviewed by Gavin Barraclough.
124
125         We don't unwind the stack for now as we cannot guarantee all the
126         libraries are compiled without -fomit-frame-pointer.
127
128         * tools/CodeProfile.cpp:
129         (JSC::CodeProfile::sample):
130         * tools/CodeProfiling.cpp:
131         (JSC):
132         (JSC::profilingTimer):
133         (JSC::CodeProfiling::begin):
134         (JSC::CodeProfiling::end):
135
136 2012-02-16  Csaba Osztrogonác  <ossy@webkit.org>
137
138         Unreviewed. Rolling out r107980, because it broke 32 bit platforms.
139
140         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
141         * interpreter/Interpreter.cpp:
142         (JSC::Interpreter::throwException):
143         (JSC::Interpreter::privateExecute):
144         * interpreter/Interpreter.h:
145         (JSC):
146         (Interpreter):
147         * jsc.cpp:
148         (GlobalObject::finishCreation):
149         * parser/Nodes.h:
150         (JSC::FunctionBodyNode::setInferredName):
151         * parser/Parser.h:
152         (JSC::::parse):
153         * runtime/CommonIdentifiers.h:
154         * runtime/Error.cpp:
155         (JSC::addErrorInfo):
156         * runtime/Error.h:
157         (JSC):
158
159 2012-02-16  Filip Pizlo  <fpizlo@apple.com>
160
161         ENABLE_INTERPRETER should be ENABLE_CLASSIC_INTERPRETER
162         https://bugs.webkit.org/show_bug.cgi?id=78791
163
164         Rubber stamped by Oliver Hunt.
165         
166         Just a renaming, nothing more. Also renamed COMPUTED_GOTO_INTERPRETER to
167         COMPUTED_GOTO_CLASSIC_INTERPRETER.
168
169         * bytecode/CodeBlock.cpp:
170         (JSC::CodeBlock::dump):
171         (JSC::CodeBlock::stronglyVisitStrongReferences):
172         (JSC):
173         (JSC::CodeBlock::shrinkToFit):
174         * bytecode/CodeBlock.h:
175         (CodeBlock):
176         * bytecode/Instruction.h:
177         (JSC::Instruction::Instruction):
178         * bytecode/Opcode.h:
179         (JSC::padOpcodeName):
180         * bytecompiler/BytecodeGenerator.cpp:
181         (JSC::BytecodeGenerator::emitResolve):
182         (JSC::BytecodeGenerator::emitResolveWithBase):
183         (JSC::BytecodeGenerator::emitGetById):
184         (JSC::BytecodeGenerator::emitPutById):
185         (JSC::BytecodeGenerator::emitDirectPutById):
186         * interpreter/AbstractPC.cpp:
187         (JSC::AbstractPC::AbstractPC):
188         * interpreter/AbstractPC.h:
189         (AbstractPC):
190         * interpreter/CallFrame.h:
191         (ExecState):
192         * interpreter/Interpreter.cpp:
193         (JSC):
194         (JSC::Interpreter::initialize):
195         (JSC::Interpreter::isOpcode):
196         (JSC::Interpreter::unwindCallFrame):
197         (JSC::Interpreter::execute):
198         (JSC::Interpreter::privateExecute):
199         (JSC::Interpreter::retrieveLastCaller):
200         * interpreter/Interpreter.h:
201         (JSC::Interpreter::getOpcode):
202         (JSC::Interpreter::getOpcodeID):
203         (Interpreter):
204         * jit/ExecutableAllocatorFixedVMPool.cpp:
205         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
206         * runtime/Executable.cpp:
207         (JSC::EvalExecutable::compileInternal):
208         (JSC::ProgramExecutable::compileInternal):
209         (JSC::FunctionExecutable::compileForCallInternal):
210         (JSC::FunctionExecutable::compileForConstructInternal):
211         * runtime/Executable.h:
212         (NativeExecutable):
213         * runtime/JSGlobalData.cpp:
214         (JSC::JSGlobalData::JSGlobalData):
215         (JSC::JSGlobalData::getHostFunction):
216         * runtime/JSGlobalData.h:
217         (JSGlobalData):
218         * wtf/OSAllocatorPosix.cpp:
219         (WTF::OSAllocator::reserveAndCommit):
220         * wtf/Platform.h:
221
222 2012-02-15  Geoffrey Garen  <ggaren@apple.com>
223
224         Made Weak<T> single-owner, adding PassWeak<T>
225         https://bugs.webkit.org/show_bug.cgi?id=78740
226
227         Reviewed by Sam Weinig.
228
229         This works basically the same way as OwnPtr<T> and PassOwnPtr<T>.
230
231         This clarifies the semantics of finalizers: It's ambiguous and probably
232         a bug to copy a finalizer (i.e., it's a bug to run a C++ destructor
233         twice), so I've made Weak<T> non-copyable. Anywhere we used to copy a 
234         Weak<T>, we now use PassWeak<T>.
235
236         This also makes Weak<T> HashMaps more efficient.
237
238         * API/JSClassRef.cpp:
239         (OpaqueJSClass::prototype): Use PassWeak<T> instead of set(), since 
240         set() is gone now.
241
242         * JavaScriptCore.xcodeproj/project.pbxproj: Export!
243
244         * heap/PassWeak.h: Added.
245         (JSC):
246         (PassWeak):
247         (JSC::PassWeak::PassWeak):
248         (JSC::PassWeak::~PassWeak):
249         (JSC::PassWeak::get):
250         (JSC::::leakHandle):
251         (JSC::adoptWeak):
252         (JSC::operator==):
253         (JSC::operator!=): This is the Weak<T> version of PassOwnPtr<T>.
254
255         * heap/Weak.h:
256         (Weak):
257         (JSC::Weak::Weak):
258         (JSC::Weak::release):
259         (JSC::Weak::hashTableDeletedValue):
260         (JSC::=):
261         (JSC): Changed to be non-copyable, removing a lot of copying-related
262         APIs. Added hash traits so hash maps still work.
263
264         * jit/JITStubs.cpp:
265         (JSC::JITThunks::hostFunctionStub):
266         * runtime/RegExpCache.cpp:
267         (JSC::RegExpCache::lookupOrCreate): Use PassWeak<T>, as required by
268         our new hash map API.
269
270 2012-02-16  Mark Hahnenberg  <mhahnenberg@apple.com>
271
272         Fix the broken viewport tests
273         https://bugs.webkit.org/show_bug.cgi?id=78774
274
275         Reviewed by Kenneth Rohde Christiansen.
276
277         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
278         * wtf/text/WTFString.cpp:
279         (WTF):
280         (WTF::toDoubleType): Template-ized to allow other functions to specify whether they
281         want to allow trailing junk or not when calling strtod.
282         (WTF::charactersToDouble):
283         (WTF::charactersToFloat):
284         (WTF::charactersToFloatIgnoringJunk): Created new version of charactersToFloat that allows 
285         trailing junk.
286         * wtf/text/WTFString.h:
287         (WTF):
288
289 2012-02-16  Oliver Hunt  <oliver@apple.com>
290
291         Implement Error.stack
292         https://bugs.webkit.org/show_bug.cgi?id=66994
293
294         Reviewed by Gavin Barraclough.
295
296         Implement support for stack traces on exception objects.  This is a rewrite
297         of the core portion of the last stack walking logic, but the mechanical work
298         of adding the information to an exception comes from the original work by
299         Juan Carlos Montemayor Elosua.
300
301         * interpreter/Interpreter.cpp:
302         (JSC::getCallerInfo):
303         (JSC):
304         (JSC::getSourceURLFromCallFrame):
305         (JSC::getStackFrameCodeType):
306         (JSC::Interpreter::getStackTrace):
307         (JSC::Interpreter::throwException):
308         (JSC::Interpreter::privateExecute):
309         * interpreter/Interpreter.h:
310         (JSC):
311         (StackFrame):
312         (JSC::StackFrame::toString):
313         (Interpreter):
314         * jsc.cpp:
315         (GlobalObject::finishCreation):
316         (functionJSCStack):
317         * parser/Nodes.h:
318         (JSC::FunctionBodyNode::setInferredName):
319         * parser/Parser.h:
320         (JSC::::parse):
321         * runtime/CommonIdentifiers.h:
322         * runtime/Error.cpp:
323         (JSC::addErrorInfo):
324         * runtime/Error.h:
325         (JSC):
326
327 2012-02-15  Gavin Barraclough  <barraclough@apple.com>
328
329         Numerous trivial bugs in Object.defineProperty
330         https://bugs.webkit.org/show_bug.cgi?id=78777
331
332         Reviewed by Sam Weinig.
333
334         There are a handful of really trivial bugs, related to Object.defineProperty:
335             * Redefining an accessor with different attributes changes the attributes, but not the get/set functions!
336             * Calling an undefined setter should only throw in strict mode.
337             * When redefining an accessor to a data decriptor, if writable is not specified we should default to false.
338             * Any attempt to redefine a non-configurable property of an array as configurable should be rejected.
339             * Object.defineProperties should call toObject on 'Properties' argument, rather than throwing if it is not an object.
340             * If preventExtensions has been called on an array, subsequent assignment beyond array bounds should fail.
341             * 'isFrozen' shouldn't be checking the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false').
342             * Should be able to redefine an non-writable, non-configurable property, with the same value and attributes.
343             * Should be able to define an non-configurable accessor.
344         These are mostly all one-line changes, e.g. inverted boolean checks, masking against wrong attribute.
345
346         * runtime/JSArray.cpp:
347         (JSC::SparseArrayValueMap::put):
348             - Added ASSERT.
349             - Calling an undefined setter should only throw in strict mode.
350         (JSC::JSArray::putDescriptor):
351             - Should be able to define an non-configurable accessor.
352         (JSC::JSArray::defineOwnNumericProperty):
353             - Any attempt to redefine a non-configurable property of an array as configurable should be rejected.
354         (JSC::JSArray::putByIndexBeyondVectorLength):
355             - If preventExtensions has been called on an array, subsequent assignment beyond array bounds should fail.
356         * runtime/JSArray.h:
357         (JSArray):
358             - made enterDictionaryMode public, called from JSObject.
359         * runtime/JSObject.cpp:
360         (JSC::JSObject::put):
361             - Calling an undefined setter should only throw in strict mode.
362         (JSC::JSObject::preventExtensions):
363             - Put array objects into dictionary mode to handle this!
364         (JSC::JSObject::defineOwnProperty):
365             - Should be able to redefine an non-writable, non-configurable property, with the same value and attributes.
366             - Redefining an accessor with different attributes changes the attributes, but not the get/set functions!
367         * runtime/ObjectConstructor.cpp:
368         (JSC::objectConstructorDefineProperties):
369             - Object.defineProperties should call toObject on 'Properties' argument, rather than throwing if it is not an object.
370         * runtime/PropertyDescriptor.cpp:
371         (JSC::PropertyDescriptor::attributesWithOverride):
372             - When redefining an accessor to a data decriptor, if writable is not specified we should default to false.
373         (JSC::PropertyDescriptor::attributesOverridingCurrent):
374             - When redefining an accessor to a data decriptor, if writable is not specified we should default to false.
375         * runtime/Structure.cpp:
376         (JSC::Structure::freezeTransition):
377             - 'freezeTransition' shouldn't be setting the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false').
378         (JSC::Structure::isFrozen):
379             - 'isFrozen' shouldn't be checking the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false').
380
381 2012-02-13  Filip Pizlo  <fpizlo@apple.com>
382
383         DFG should not check the types of arguments that are dead
384         https://bugs.webkit.org/show_bug.cgi?id=78518
385
386         Reviewed by Geoff Garen.
387         
388         The argument checks are now elided if the corresponding SetArgument is dead,
389         and the abstract value of the argument is set to bottom (None, []). This is
390         performance neutral on the benchmarks we currently track.
391
392         * dfg/DFGAbstractState.cpp:
393         (JSC::DFG::AbstractState::initialize):
394         * dfg/DFGSpeculativeJIT.cpp:
395         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
396
397 2012-02-15  Oliver Hunt  <oliver@apple.com>
398
399         Ensure that the DFG JIT always plants a CodeOrigin when making calls
400         https://bugs.webkit.org/show_bug.cgi?id=78763
401
402         Reviewed by Gavin Barraclough.
403
404         Make all calls plant a CodeOrigin prior to the actual
405         call.  Also clobbers the Interpreter with logic to ensure
406         that the interpreter always plants a bytecode offset.
407
408         * dfg/DFGJITCompiler.cpp:
409         (JSC::DFG::JITCompiler::link):
410         (JSC::DFG::JITCompiler::compileFunction):
411         * dfg/DFGJITCompiler.h:
412         (CallBeginToken):
413         (JSC::DFG::JITCompiler::beginJSCall):
414         (JSC::DFG::JITCompiler::beginCall):
415         * dfg/DFGRepatch.cpp:
416         (JSC::DFG::tryBuildGetByIDList):
417         * dfg/DFGSpeculativeJIT.h:
418         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
419         * dfg/DFGSpeculativeJIT32_64.cpp:
420         (JSC::DFG::SpeculativeJIT::emitCall):
421         * dfg/DFGSpeculativeJIT64.cpp:
422         (JSC::DFG::SpeculativeJIT::emitCall):
423         * interpreter/AbstractPC.cpp:
424         (JSC::AbstractPC::AbstractPC):
425         * interpreter/CallFrame.cpp:
426         (JSC::CallFrame::trueCallFrame):
427         * interpreter/CallFrame.h:
428         (JSC::ExecState::bytecodeOffsetForNonDFGCode):
429         (ExecState):
430         (JSC::ExecState::setBytecodeOffsetForNonDFGCode):
431         (JSC::ExecState::codeOriginIndexForDFG):
432
433 2012-02-14  Oliver Hunt  <oliver@apple.com>
434
435         Fix Interpreter.
436
437         * runtime/Executable.cpp:
438         (JSC):
439         * runtime/Executable.h:
440         (ExecutableBase):
441
442 2012-02-14  Matt Lilek  <mrl@apple.com>
443
444         Don't ENABLE_DASHBOARD_SUPPORT unconditionally on all Mac platforms
445         https://bugs.webkit.org/show_bug.cgi?id=78629
446
447         Reviewed by David Kilzer.
448
449         * Configurations/FeatureDefines.xcconfig:
450
451 2012-02-14  Filip Pizlo  <fpizlo@apple.com>
452
453         Unreviewed, build fix for non-DFG platforms.
454
455         * assembler/MacroAssembler.h:
456         (MacroAssembler):
457
458 2012-02-14  Filip Pizlo  <fpizlo@apple.com>
459
460         Unreviewed, fix build and configuration goof.
461
462         * assembler/MacroAssembler.h:
463         (JSC::MacroAssembler::invert):
464         * dfg/DFGCommon.h:
465
466 2012-02-13  Filip Pizlo  <fpizlo@apple.com>
467
468         DFG should be able to emit code on control flow edges
469         https://bugs.webkit.org/show_bug.cgi?id=78515
470
471         Reviewed by Gavin Barraclough.
472         
473         This gets us a few steps closer to being able to perform global register allocation,
474         by allowing us to have landing pads on control flow edges. This will let us reshuffle
475         registers if it happens to be necessary due to different reg alloc decisions in
476         differen blocks.
477         
478         This also introduces the notion of a landing pad for OSR entry, which will allow us
479         to emit code that places data into registers when we're entering into the DFG from
480         the old JIT.
481         
482         Finally, this patch introduces a verification mode that checks that the landing pads
483         are actually emitted and do actually work as advertised. When verification is disabled,
484         this has no effect on behavior.
485
486         * assembler/MacroAssembler.h:
487         (MacroAssembler):
488         (JSC::MacroAssembler::invert):
489         (JSC::MacroAssembler::isInvertible):
490         * dfg/DFGCommon.h:
491         * dfg/DFGJITCompiler.cpp:
492         (JSC::DFG::JITCompiler::compile):
493         (JSC::DFG::JITCompiler::compileFunction):
494         * dfg/DFGSpeculativeJIT.cpp:
495         (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
496         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
497         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
498         (JSC::DFG::SpeculativeJIT::compile):
499         (JSC::DFG::SpeculativeJIT::createOSREntries):
500         (DFG):
501         (JSC::DFG::SpeculativeJIT::linkOSREntries):
502         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
503         * dfg/DFGSpeculativeJIT.h:
504         (SpeculativeJIT):
505         (JSC::DFG::SpeculativeJIT::branchDouble):
506         (JSC::DFG::SpeculativeJIT::branchDoubleNonZero):
507         (JSC::DFG::SpeculativeJIT::branch32):
508         (JSC::DFG::SpeculativeJIT::branchTest32):
509         (JSC::DFG::SpeculativeJIT::branchPtr):
510         (JSC::DFG::SpeculativeJIT::branchTestPtr):
511         (JSC::DFG::SpeculativeJIT::branchTest8):
512         (JSC::DFG::SpeculativeJIT::jump):
513         (JSC::DFG::SpeculativeJIT::haveEdgeCodeToEmit):
514         (JSC::DFG::SpeculativeJIT::emitEdgeCode):
515         * dfg/DFGSpeculativeJIT32_64.cpp:
516         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
517         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
518         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
519         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
520         (JSC::DFG::SpeculativeJIT::emitBranch):
521         (JSC::DFG::SpeculativeJIT::compile):
522         * dfg/DFGSpeculativeJIT64.cpp:
523         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
524         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
525         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
526         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
527         (JSC::DFG::SpeculativeJIT::emitBranch):
528         (JSC::DFG::SpeculativeJIT::compile):
529
530 2012-02-14  Filip Pizlo  <fpizlo@apple.com>
531
532         Assertion failure under JSC::DFG::AbstractState::execute loading economist.com
533         https://bugs.webkit.org/show_bug.cgi?id=78153
534         <rdar://problem/10861712> <rdar://problem/10861947>
535
536         Reviewed by Oliver Hunt.
537
538         * dfg/DFGAbstractState.cpp:
539         (JSC::DFG::AbstractState::execute):
540         * dfg/DFGSpeculativeJIT.cpp:
541         (JSC::DFG::SpeculativeJIT::compileAdd):
542
543 2012-02-14  Eric Seidel  <eric@webkit.org>
544
545         Upstream Android's additions to Platform.h
546         https://bugs.webkit.org/show_bug.cgi?id=78536
547
548         Reviewed by Adam Barth.
549
550         * wtf/Platform.h:
551
552 2012-02-12  Mark Hahnenberg  <mhahnenberg@apple.com>
553
554         Replace old strtod with new strtod
555         https://bugs.webkit.org/show_bug.cgi?id=68044
556
557         Reviewed by Geoffrey Garen.
558
559         * parser/Lexer.cpp: Added template argument. This version allows junk after numbers.
560         (JSC::::lex):
561         * runtime/JSGlobalObjectFunctions.cpp: Ditto.
562         (JSC::parseInt):
563         (JSC::jsStrDecimalLiteral):
564         * runtime/LiteralParser.cpp: Ditto.
565         (JSC::::Lexer::lexNumber):
566         * wtf/dtoa.cpp: Replaced old strtod with a new version that uses the new StringToDoubleConverter.
567         It takes a template argument to allow clients to determine statically whether it should allow 
568         junk after the numbers or not.
569         (WTF):
570         (WTF::strtod):
571         * wtf/dtoa.h:
572         (WTF):
573         * wtf/text/WTFString.cpp: Added template argument. This version does not allow junk after numbers.
574         (WTF::toDoubleType):
575
576 2012-02-13  Mark Hahnenberg  <mhahnenberg@apple.com>
577
578         More windows build fixing
579
580         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
581
582 2012-02-13  Oliver Hunt  <oliver@apple.com>
583
584         Executing out of bounds in JSC::Yarr::YarrCodeBlock::execute / JSC::RegExp::match
585         https://bugs.webkit.org/show_bug.cgi?id=76315
586
587         Reviewed by Gavin Barraclough.
588
589         Perform a 3 byte compare using two comparisons, rather than trying to perform the
590         operation with a four byte load.
591
592         * yarr/YarrJIT.cpp:
593         (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
594
595 2012-02-13  Mark Hahnenberg  <mhahnenberg@apple.com>
596
597         Windows build fix
598
599         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
600
601 2012-02-12  Mark Hahnenberg  <mhahnenberg@apple.com>
602
603         Replace old strtod with new strtod
604         https://bugs.webkit.org/show_bug.cgi?id=68044
605
606         Reviewed by Geoffrey Garen.
607
608         * parser/Lexer.cpp: Added template argument. This version allows junk after numbers.
609         (JSC::::lex):
610         * runtime/JSGlobalObjectFunctions.cpp: Ditto.
611         (JSC::parseInt):
612         (JSC::jsStrDecimalLiteral):
613         * runtime/LiteralParser.cpp: Ditto.
614         (JSC::::Lexer::lexNumber):
615         * wtf/dtoa.cpp: Replaced old strtod with a new version that uses the new StringToDoubleConverter.
616         It takes a template argument to allow clients to determine statically whether it should allow 
617         junk after the numbers or not.
618         (WTF):
619         (WTF::strtod):
620         * wtf/dtoa.h:
621         (WTF):
622         * wtf/text/WTFString.cpp: Added template argument. This version does not allow junk after numbers.
623         (WTF::toDoubleType):
624
625 2012-02-13  Sam Weinig  <sam@webkit.org>
626
627         Move JSC related assertions out of Assertions.h and into their own header
628         https://bugs.webkit.org/show_bug.cgi?id=78508
629
630         Reviewed by Gavin Barraclough.
631
632         * GNUmakefile.list.am:
633         * JavaScriptCore.gypi:
634         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
635         * JavaScriptCore.xcodeproj/project.pbxproj:
636         Add GCAssertions.h
637
638         * heap/GCAssertions.h: Added.
639         Move assertions here.
640
641         * runtime/WriteBarrier.h:
642         Add #include of GCAssertions.h
643
644         * wtf/Assertions.h:
645         Remove JSC related assertions.
646
647         * wtf/Compiler.h:
648         Add compiler check for __has_trivial_destructor.
649
650 2012-02-13  Chao-ying Fu  <fu@mips.com>
651
652         Update MIPS patchOffsetGetByIdSlowCaseCall
653         https://bugs.webkit.org/show_bug.cgi?id=78392
654
655         Reviewed by Gavin Barraclough.
656
657         * jit/JIT.h:
658         (JIT):
659
660 2012-02-13  Patrick Gansterer  <paroga@webkit.org>
661
662         Remove obsolete #if from ThreadSpecific.h
663         https://bugs.webkit.org/show_bug.cgi?id=78485
664
665         Reviewed by Adam Roben.
666
667         Since alle platform use either pthread or Win32 for threading,
668         we can remove all PLATFORM() preprocessor statements.
669
670         * wtf/ThreadSpecific.h:
671         (ThreadSpecific):
672
673 2012-02-13  Jessie Berlin  <jberlin@apple.com>
674
675         Fix the Windows build.
676
677         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
678
679 2012-02-13  Sam Weinig  <sam@webkit.org>
680
681         Use C11's _Static_assert for COMPILE_ASSERT if it is available
682         https://bugs.webkit.org/show_bug.cgi?id=78506
683
684         Rubber-stamped by Antti Koivisto.
685
686         Use C11's _Static_assert for COMPILE_ASSERT if it is available to give slightly
687         better error messages.
688
689         * wtf/Assertions.h:
690         Use _Static_assert if it is available.
691
692         * wtf/Compiler.h:
693         Add COMPILER_SUPPORTS support for _Static_assert when using the LLVM Compiler.
694
695 2012-02-13  Mario Sanchez Prada  <msanchez@igalia.com>
696
697         [GTK] Add GSList to the list of GObject types in GOwnPtr
698         https://bugs.webkit.org/show_bug.cgi?id=78487
699
700         Reviewed by Philippe Normand.
701
702         Handle the GSList type in GOwnPtr, by calling g_slist_free in the
703         implementation of the freeOwnedGPtr template function.
704
705         * wtf/gobject/GOwnPtr.cpp:
706         (WTF::GSList):
707         (WTF):
708         * wtf/gobject/GOwnPtr.h:
709         (WTF):
710         * wtf/gobject/GTypedefs.h:
711
712 2012-02-06  Raphael Kubo da Costa  <kubo@profusion.mobi>
713
714         [EFL] Drop support for the Curl network backend.
715         https://bugs.webkit.org/show_bug.cgi?id=77874
716
717         Reviewed by Eric Seidel.
718
719         Nobody seems to be maintaining the Curl backend in WebCore, the
720         EFL port developers all seem to be using the Soup backend and the
721         port itself has many features which are only implemented for the
722         latter.
723
724         * wtf/PlatformEfl.cmake: Always build the gobject-dependent source
725         files.
726
727 2012-02-13  Patrick Gansterer  <paroga@webkit.org>
728
729         Unreviewed. Build fix for !ENABLE(JIT) after r107485.
730
731         * bytecode/PolymorphicPutByIdList.cpp:
732
733 2012-02-13  Gavin Barraclough  <barraclough@apple.com>
734
735         https://bugs.webkit.org/show_bug.cgi?id=78434
736         Unreviewed - temporarily reverting r107498 will I fix a couple of testcases.
737
738         * parser/Parser.cpp:
739         (JSC::::parseFunctionInfo):
740         * runtime/ClassInfo.h:
741         (MethodTable):
742         (JSC):
743         * runtime/JSCell.cpp:
744         (JSC):
745         * runtime/JSCell.h:
746         (JSCell):
747         * runtime/JSGlobalObject.cpp:
748         (JSC::JSGlobalObject::reset):
749         * runtime/JSGlobalObjectFunctions.cpp:
750         (JSC):
751         * runtime/JSGlobalObjectFunctions.h:
752         (JSC):
753         * runtime/JSObject.cpp:
754         (JSC::JSObject::put):
755         (JSC):
756         (JSC::JSObject::putDirectAccessor):
757         (JSC::JSObject::defineOwnProperty):
758         * runtime/JSObject.h:
759         (JSC::JSObject::inlineGetOwnPropertySlot):
760         (JSC::JSValue::get):
761         * runtime/JSString.cpp:
762         (JSC::JSString::getOwnPropertySlot):
763         * runtime/JSValue.h:
764         (JSValue):
765         * runtime/ObjectConstructor.cpp:
766         (JSC::objectConstructorGetPrototypeOf):
767         * runtime/Structure.cpp:
768         (JSC::Structure::Structure):
769         * runtime/Structure.h:
770         (JSC::Structure::setHasGetterSetterProperties):
771         (Structure):
772
773 2012-02-12  Ashod Nakashian  <ashodnakashian@yahoo.com>
774
775         KeywordLookupGenerator.py script fails in some cases
776         https://bugs.webkit.org/show_bug.cgi?id=77886
777
778         Reviewed by Benjamin Poulain.
779
780         * parser/Keywords.table: Converted to LF-only.
781
782 2012-02-12  Shinya Kawanaka  <shinyak@google.com>
783
784         Introduce ShadowRootList.
785         https://bugs.webkit.org/show_bug.cgi?id=78069
786
787         Reviewed by Hajime Morita.
788
789         DoublyLinkedList should have tail() method to take the last element.
790
791         * wtf/DoublyLinkedList.h:
792         (DoublyLinkedList):
793         (WTF::::tail):
794         (WTF):
795
796 2012-02-12  Raphael Kubo da Costa  <kubo@profusion.mobi>
797
798         [CMake] Move source files in WTF_HEADERS to WTF_SOURCES.
799         https://bugs.webkit.org/show_bug.cgi?id=78436
800
801         Reviewed by Daniel Bates.
802
803         * wtf/CMakeLists.txt: Move .cpp files from WTF_HEADERS to WTF_SOURCES,
804         and correctly sort the files which start with 'M'.
805
806 2012-02-12  Sam Weinig  <sam@webkit.org>
807
808         Move the NumberOfCores.h/cpp files into the WTF group of JavaScriptCore.xcodeproj.
809
810         Rubber-stamped by Anders Carlsson.
811
812         * JavaScriptCore.xcodeproj/project.pbxproj:
813
814 2012-02-12  Raphael Kubo da Costa  <kubo@profusion.mobi>
815
816         [CMake] Remove unused or empty variable definitions.
817         https://bugs.webkit.org/show_bug.cgi?id=78437
818
819         Reviewed by Daniel Bates.
820
821         * CMakeLists.txt: Remove unused JavaScriptCore_HEADERS definition.
822         * shell/CMakeLists.txt: Remove unused JSC_HEADERS definition.
823         * wtf/CMakeLists.txt: Remove empty WTF_LIBRARIES definition, it will
824         be defined later by Platform*.cmake via LIST(APPEND WTF_LIBRARIES).
825
826 2012-02-12  Filip Pizlo  <fpizlo@apple.com>
827
828         DFG::SpeculativeJIT calls fprintf() instead of dataLog in terminateSpeculativeExecution()
829         https://bugs.webkit.org/show_bug.cgi?id=78431
830
831         Reviewed by Gavin Barraclough.
832
833         * dfg/DFGSpeculativeJIT.h:
834         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
835
836 2012-02-11  Benjamin Poulain  <benjamin@webkit.org>
837
838         Add back WTFURL to WebKit
839         https://bugs.webkit.org/show_bug.cgi?id=77291
840
841         Reviewed by Adam Barth.
842
843         WTFURL was removed from WebKit in r86787.
844
845         This patch adds the code back to WTF with the following changes:
846         -Guard the feature with USE(WTFURL).
847         -Change the typename CHAR to CharacterType to follow recent WebKit conventions.
848         -Fix some coding style to make check-webkit-style happy.
849
850         * JavaScriptCore.xcodeproj/project.pbxproj:
851         * wtf/Platform.h:
852         * wtf/url/api/ParsedURL.cpp: Added.
853         (WTF):
854         (WTF::ParsedURL::ParsedURL):
855         (WTF::ParsedURL::scheme):
856         (WTF::ParsedURL::username):
857         (WTF::ParsedURL::password):
858         (WTF::ParsedURL::host):
859         (WTF::ParsedURL::port):
860         (WTF::ParsedURL::path):
861         (WTF::ParsedURL::query):
862         (WTF::ParsedURL::fragment):
863         (WTF::ParsedURL::segment):
864         * wtf/url/api/ParsedURL.h: Added.
865         (WTF):
866         (ParsedURL):
867         (WTF::ParsedURL::spec):
868         * wtf/url/api/URLString.h: Added.
869         (WTF):
870         (URLString):
871         (WTF::URLString::URLString):
872         (WTF::URLString::string):
873         * wtf/url/src/RawURLBuffer.h: Added.
874         (WTF):
875         (RawURLBuffer):
876         (WTF::RawURLBuffer::RawURLBuffer):
877         (WTF::RawURLBuffer::~RawURLBuffer):
878         (WTF::RawURLBuffer::resize):
879         * wtf/url/src/URLBuffer.h: Added.
880         (WTF):
881         (URLBuffer):
882         (WTF::URLBuffer::URLBuffer):
883         (WTF::URLBuffer::~URLBuffer):
884         (WTF::URLBuffer::at):
885         (WTF::URLBuffer::set):
886         (WTF::URLBuffer::capacity):
887         (WTF::URLBuffer::length):
888         (WTF::URLBuffer::data):
889         (WTF::URLBuffer::setLength):
890         (WTF::URLBuffer::append):
891         (WTF::URLBuffer::grow):
892         * wtf/url/src/URLCharacterTypes.cpp: Added.
893         (WTF):
894         ():
895         * wtf/url/src/URLCharacterTypes.h: Added.
896         (WTF):
897         (URLCharacterTypes):
898         (WTF::URLCharacterTypes::isQueryChar):
899         (WTF::URLCharacterTypes::isIPv4Char):
900         (WTF::URLCharacterTypes::isHexChar):
901         ():
902         (WTF::URLCharacterTypes::isCharOfType):
903         * wtf/url/src/URLComponent.h: Added.
904         (WTF):
905         (URLComponent):
906         (WTF::URLComponent::URLComponent):
907         (WTF::URLComponent::fromRange):
908         (WTF::URLComponent::isValid):
909         (WTF::URLComponent::isNonEmpty):
910         (WTF::URLComponent::isEmptyOrInvalid):
911         (WTF::URLComponent::reset):
912         (WTF::URLComponent::operator==):
913         (WTF::URLComponent::begin):
914         (WTF::URLComponent::setBegin):
915         (WTF::URLComponent::length):
916         (WTF::URLComponent::setLength):
917         (WTF::URLComponent::end):
918         * wtf/url/src/URLEscape.cpp: Added.
919         (WTF):
920         ():
921         * wtf/url/src/URLEscape.h: Added.
922         (WTF):
923         (WTF::appendURLEscapedCharacter):
924         * wtf/url/src/URLParser.h: Added.
925         (WTF):
926         (URLParser):
927         ():
928         (WTF::URLParser::isPossibleAuthorityTerminator):
929         (WTF::URLParser::parseAuthority):
930         (WTF::URLParser::extractScheme):
931         (WTF::URLParser::parseAfterScheme):
932         (WTF::URLParser::parseStandardURL):
933         (WTF::URLParser::parsePath):
934         (WTF::URLParser::parsePathURL):
935         (WTF::URLParser::parseMailtoURL):
936         (WTF::URLParser::parsePort):
937         (WTF::URLParser::extractFileName):
938         (WTF::URLParser::extractQueryKeyValue):
939         (WTF::URLParser::isURLSlash):
940         (WTF::URLParser::shouldTrimFromURL):
941         (WTF::URLParser::trimURL):
942         (WTF::URLParser::consecutiveSlashes):
943         (WTF::URLParser::isPortDigit):
944         (WTF::URLParser::nextAuthorityTerminator):
945         (WTF::URLParser::parseUserInfo):
946         (WTF::URLParser::parseServerInfo):
947         * wtf/url/src/URLQueryCanonicalizer.h: Added.
948         (WTF):
949         (URLQueryCanonicalizer):
950         (WTF::URLQueryCanonicalizer::canonicalize):
951         (WTF::URLQueryCanonicalizer::isAllASCII):
952         (WTF::URLQueryCanonicalizer::isRaw8Bit):
953         (WTF::URLQueryCanonicalizer::appendRaw8BitQueryString):
954         (WTF::URLQueryCanonicalizer::convertToQueryEncoding):
955         * wtf/url/src/URLSegments.cpp: Added.
956         (WTF):
957         (WTF::URLSegments::length):
958         (WTF::URLSegments::charactersBefore):
959         * wtf/url/src/URLSegments.h: Added.
960         (WTF):
961         (URLSegments):
962         ():
963         (WTF::URLSegments::URLSegments):
964
965 2012-02-11  Filip Pizlo  <fpizlo@apple.com>
966
967         Old JIT put_by_id profiling counts every put_by_id_transition as taking slow path
968         https://bugs.webkit.org/show_bug.cgi?id=78430
969         <rdar://problem/10849469> <rdar://problem/10849684>
970
971         Reviewed by Gavin Barraclough.
972         
973         The old JIT's put_by_id transition caching involves repatching the slow call to
974         a generated stub. That means that the call is counted as "slow case". So, this
975         patch inserts code to decrement the slow case count if the stub succeeds.
976         
977         Looks like a ~1% speed-up on V8.
978
979         * jit/JITPropertyAccess.cpp:
980         (JSC::JIT::privateCompilePutByIdTransition):
981         * jit/JITPropertyAccess32_64.cpp:
982         (JSC::JIT::privateCompilePutByIdTransition):
983
984 2012-02-11  Filip Pizlo  <fpizlo@apple.com>
985
986         Build fix for Qt.
987
988         * wtf/DataLog.h:
989
990 2012-02-11  Filip Pizlo  <fpizlo@apple.com>
991
992         It should be possible to send all JSC debug logging to a file
993         https://bugs.webkit.org/show_bug.cgi?id=78418
994
995         Reviewed by Sam Weinig.
996         
997         Introduced wtf/DataLog, which defines WTF::dataFile, WTF::dataLog,
998         and WTF::dataLogV. Changed all debugging- and profiling-related printfs
999         to use WTF::dataLog() or one of its friends. By default, debug logging
1000         goes to stderr, unless you change the setting in wtf/DataLog.cpp.
1001
1002         * GNUmakefile.list.am:
1003         * JavaScriptCore.gypi:
1004         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
1005         * JavaScriptCore.xcodeproj/project.pbxproj:
1006         * assembler/LinkBuffer.h:
1007         (JSC::LinkBuffer::dumpLinkStatistics):
1008         (JSC::LinkBuffer::dumpCode):
1009         * assembler/SH4Assembler.h:
1010         (JSC::SH4Assembler::vprintfStdoutInstr):
1011         * bytecode/CodeBlock.cpp:
1012         (JSC::CodeBlock::printUnaryOp):
1013         (JSC::CodeBlock::printBinaryOp):
1014         (JSC::CodeBlock::printConditionalJump):
1015         (JSC::CodeBlock::printGetByIdOp):
1016         (JSC::CodeBlock::printCallOp):
1017         (JSC::CodeBlock::printPutByIdOp):
1018         (JSC::printGlobalResolveInfo):
1019         (JSC::printStructureStubInfo):
1020         (JSC::CodeBlock::printStructure):
1021         (JSC::CodeBlock::printStructures):
1022         (JSC::CodeBlock::dump):
1023         (JSC::CodeBlock::dumpStatistics):
1024         (JSC::CodeBlock::finalizeUnconditionally):
1025         (JSC::CodeBlock::shouldOptimizeNow):
1026         (JSC::CodeBlock::tallyFrequentExitSites):
1027         (JSC::CodeBlock::dumpValueProfiles):
1028         * bytecode/Opcode.cpp:
1029         (JSC::OpcodeStats::~OpcodeStats):
1030         * bytecode/SamplingTool.cpp:
1031         (JSC::SamplingFlags::stop):
1032         (JSC::SamplingRegion::dumpInternal):
1033         (JSC::SamplingTool::dump):
1034         * dfg/DFGAbstractState.cpp:
1035         (JSC::DFG::AbstractState::endBasicBlock):
1036         (JSC::DFG::AbstractState::mergeStateAtTail):
1037         * dfg/DFGByteCodeParser.cpp:
1038         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
1039         (JSC::DFG::ByteCodeParser::makeSafe):
1040         (JSC::DFG::ByteCodeParser::makeDivSafe):
1041         (JSC::DFG::ByteCodeParser::handleCall):
1042         (JSC::DFG::ByteCodeParser::handleInlining):
1043         (JSC::DFG::ByteCodeParser::parseBlock):
1044         (JSC::DFG::ByteCodeParser::processPhiStack):
1045         (JSC::DFG::ByteCodeParser::linkBlock):
1046         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1047         (JSC::DFG::ByteCodeParser::parse):
1048         * dfg/DFGCommon.h:
1049         * dfg/DFGDriver.cpp:
1050         (JSC::DFG::compile):
1051         * dfg/DFGGraph.cpp:
1052         (JSC::DFG::printWhiteSpace):
1053         (JSC::DFG::Graph::dumpCodeOrigin):
1054         (JSC::DFG::Graph::dump):
1055         (JSC::DFG::Graph::predictArgumentTypes):
1056         * dfg/DFGJITCompiler.cpp:
1057         (JSC::DFG::JITCompiler::link):
1058         * dfg/DFGOSREntry.cpp:
1059         (JSC::DFG::prepareOSREntry):
1060         * dfg/DFGOSRExitCompiler.cpp:
1061         * dfg/DFGOSRExitCompiler32_64.cpp:
1062         (JSC::DFG::OSRExitCompiler::compileExit):
1063         * dfg/DFGOSRExitCompiler64.cpp:
1064         (JSC::DFG::OSRExitCompiler::compileExit):
1065         * dfg/DFGOperations.cpp:
1066         * dfg/DFGPropagator.cpp:
1067         (JSC::DFG::Propagator::fixpoint):
1068         (JSC::DFG::Propagator::propagateArithNodeFlags):
1069         (JSC::DFG::Propagator::propagateArithNodeFlagsForward):
1070         (JSC::DFG::Propagator::propagateArithNodeFlagsBackward):
1071         (JSC::DFG::Propagator::propagateNodePredictions):
1072         (JSC::DFG::Propagator::propagatePredictionsForward):
1073         (JSC::DFG::Propagator::propagatePredictionsBackward):
1074         (JSC::DFG::Propagator::doRoundOfDoubleVoting):
1075         (JSC::DFG::Propagator::fixupNode):
1076         (JSC::DFG::Propagator::fixup):
1077         (JSC::DFG::Propagator::startIndexForChildren):
1078         (JSC::DFG::Propagator::endIndexForPureCSE):
1079         (JSC::DFG::Propagator::setReplacement):
1080         (JSC::DFG::Propagator::eliminate):
1081         (JSC::DFG::Propagator::performNodeCSE):
1082         (JSC::DFG::Propagator::localCSE):
1083         (JSC::DFG::Propagator::allocateVirtualRegisters):
1084         (JSC::DFG::Propagator::performBlockCFA):
1085         (JSC::DFG::Propagator::performForwardCFA):
1086         * dfg/DFGRegisterBank.h:
1087         (JSC::DFG::RegisterBank::dump):
1088         * dfg/DFGScoreBoard.h:
1089         (JSC::DFG::ScoreBoard::dump):
1090         * dfg/DFGSpeculativeJIT.cpp:
1091         (JSC::DFG::SpeculativeJIT::dump):
1092         (JSC::DFG::SpeculativeJIT::checkConsistency):
1093         (JSC::DFG::SpeculativeJIT::compile):
1094         * dfg/DFGSpeculativeJIT32_64.cpp:
1095         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1096         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1097         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1098         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1099         * dfg/DFGSpeculativeJIT64.cpp:
1100         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1101         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1102         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1103         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1104         * heap/Heap.cpp:
1105         (JSC::Heap::destroy):
1106         * heap/MarkedBlock.h:
1107         * interpreter/CallFrame.cpp:
1108         (JSC::CallFrame::dumpCaller):
1109         * interpreter/Interpreter.cpp:
1110         (JSC::Interpreter::dumpRegisters):
1111         * jit/JIT.cpp:
1112         (JSC::JIT::privateCompileMainPass):
1113         (JSC::JIT::privateCompileSlowCases):
1114         (JSC::JIT::privateCompile):
1115         * jit/JITStubs.cpp:
1116         (JSC::DEFINE_STUB_FUNCTION):
1117         * profiler/Profile.cpp:
1118         (JSC::Profile::debugPrintData):
1119         (JSC::Profile::debugPrintDataSampleStyle):
1120         * profiler/ProfileNode.cpp:
1121         (JSC::ProfileNode::debugPrintData):
1122         (JSC::ProfileNode::debugPrintDataSampleStyle):
1123         * runtime/JSGlobalData.cpp:
1124         (JSC::JSGlobalData::dumpRegExpTrace):
1125         * runtime/RegExp.cpp:
1126         (JSC::RegExp::matchCompareWithInterpreter):
1127         * runtime/SamplingCounter.cpp:
1128         (JSC::AbstractSamplingCounter::dump):
1129         * runtime/SamplingCounter.h:
1130         (JSC::DeletableSamplingCounter::~DeletableSamplingCounter):
1131         * runtime/ScopeChain.cpp:
1132         (JSC::ScopeChainNode::print):
1133         * runtime/Structure.cpp:
1134         (JSC::Structure::dumpStatistics):
1135         (JSC::PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger):
1136         * tools/CodeProfile.cpp:
1137         (JSC::CodeProfile::report):
1138         * tools/ProfileTreeNode.h:
1139         (JSC::ProfileTreeNode::dumpInternal):
1140         * wtf/CMakeLists.txt:
1141         * wtf/DataLog.cpp: Added.
1142         (WTF):
1143         (WTF::initializeLogFileOnce):
1144         (WTF::initializeLogFile):
1145         (WTF::dataFile):
1146         (WTF::dataLogV):
1147         (WTF::dataLog):
1148         * wtf/DataLog.h: Added.
1149         (WTF):
1150         * wtf/HashTable.cpp:
1151         (WTF::HashTableStats::~HashTableStats):
1152         * wtf/MetaAllocator.cpp:
1153         (WTF::MetaAllocator::dumpProfile):
1154         * wtf/text/WTFString.cpp:
1155         (String::show):
1156         * yarr/YarrInterpreter.cpp:
1157         (JSC::Yarr::ByteCompiler::dumpDisjunction):
1158
1159 2012-02-11  Gavin Barraclough  <barraclough@apple.com>
1160
1161         Move special __proto__ property to Object.prototype
1162         https://bugs.webkit.org/show_bug.cgi?id=78409
1163
1164         Reviewed by Oliver Hunt.
1165
1166         Re-implement this as a regular accessor property.  This has three key benefits:
1167         1) It makes it possible for objects to be given properties named __proto__.
1168         2) Object.prototype.__proto__ can be deleted, preventing object prototypes from being changed.
1169         3) This largely removes the magic used the implement __proto__, it can just be made a regular accessor property.
1170
1171         * parser/Parser.cpp:
1172         (JSC::::parseFunctionInfo):
1173             - No need to prohibit functions named __proto__.
1174         * runtime/JSGlobalObject.cpp:
1175         (JSC::JSGlobalObject::reset):
1176             - Add __proto__ accessor to Object.prototype.
1177         * runtime/JSGlobalObjectFunctions.cpp:
1178         (JSC::globalFuncProtoGetter):
1179         (JSC::globalFuncProtoSetter):
1180             - Definition of the __proto__ accessor functions.
1181         * runtime/JSGlobalObjectFunctions.h:
1182             - Declaration of the __proto__ accessor functions.
1183         * runtime/JSObject.cpp:
1184         (JSC::JSObject::put):
1185             - Remove the special handling for __proto__, there is still a check to allow for a fast guard for accessors excluding __proto__.
1186         (JSC::JSObject::putDirectAccessor):
1187             - Track on the structure whether an object contains accessors other than one for __proto__.
1188         (JSC::JSObject::defineOwnProperty):
1189             - No need to prohibit definition of own properties named __proto__.
1190         * runtime/JSObject.h:
1191         (JSC::JSObject::inlineGetOwnPropertySlot):
1192             - Remove the special handling for __proto__.
1193         (JSC::JSValue::get):
1194             - Remove the special handling for __proto__.
1195         * runtime/JSString.cpp:
1196         (JSC::JSString::getOwnPropertySlot):
1197             - Remove the special handling for __proto__.
1198         * runtime/JSValue.h:
1199         (JSValue):
1200             - Made synthesizePrototype public (this may be needed by the __proto__ getter).
1201         * runtime/ObjectConstructor.cpp:
1202         (JSC::objectConstructorGetPrototypeOf):
1203             - Perform the security check & call prototype() directly.
1204         * runtime/Structure.cpp:
1205         (JSC::Structure::Structure):
1206             - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
1207         * runtime/Structure.h:
1208         (JSC::Structure::hasGetterSetterPropertiesExcludingProto):
1209         (JSC::Structure::setHasGetterSetterProperties):
1210         (Structure):
1211             - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
1212
1213 2012-02-11  Filip Pizlo  <fpizlo@apple.com>
1214
1215         DFG CFA assumes that a WeakJSConstant's structure is known
1216         https://bugs.webkit.org/show_bug.cgi?id=78428
1217         <rdar://problem/10849492> <rdar://problem/10849621>
1218
1219         Reviewed by Gavin Barraclough.
1220
1221         * dfg/DFGAbstractState.cpp:
1222         (JSC::DFG::AbstractState::execute):
1223
1224 2012-02-11  Mark Hahnenberg  <mhahnenberg@apple.com>
1225
1226         Qt debug build fix
1227
1228         * heap/MarkedBlock.cpp:
1229         (JSC::MarkedBlock::callDestructor): Platforms that don't use clang will allocate 
1230         JSFinalObjects in the destuctor subspace, so we should remove this assert so it 
1231         doesn't cause crashes.
1232
1233 2012-02-11  Filip Pizlo  <fpizlo@apple.com>
1234
1235         Old 32_64 JIT should assert that its use of map() is consistent with the DFG
1236         OSR exit's expectations
1237         https://bugs.webkit.org/show_bug.cgi?id=78419
1238         <rdar://problem/10817121>
1239
1240         Reviewed by Oliver Hunt.
1241
1242         * jit/JITInlineMethods.h:
1243         (JSC::JIT::map):
1244
1245 2012-02-11  Mark Hahnenberg  <mhahnenberg@apple.com>
1246
1247         Reduce the reentrancy limit of the interpreter for the iOS simulator
1248         https://bugs.webkit.org/show_bug.cgi?id=78400
1249
1250         Reviewed by Gavin Barraclough.
1251
1252         * interpreter/Interpreter.h: Lowered the maximum reentrancy limit for large thread stacks.
1253         (JSC):
1254
1255 2012-02-11  Filip Pizlo  <fpizlo@apple.com>
1256
1257         [DFG] Misuse of WeakJSConstants in silentFillGPR code.
1258         https://bugs.webkit.org/show_bug.cgi?id=78423
1259         <rdar://problem/10849353> <rdar://problem/10804043>
1260
1261         Reviewed by Sam Weinig.
1262         
1263         The code was using Node::isConstant(), when it was supposed to use Node::hasConstant().
1264         This patch is a surgical fix; the bigger problem is: why do we have isConstant() and
1265         hasConstant() when hasConstant() is correct and isConstant() is almost always wrong?
1266
1267         * dfg/DFGSpeculativeJIT.h:
1268         (JSC::DFG::SpeculativeJIT::silentFillGPR):
1269
1270 2012-02-11  Sam Weinig  <sam@webkit.org>
1271
1272         Prepare JavaScriptCore to build with libc++
1273         <rdar://problem/10426673>
1274         https://bugs.webkit.org/show_bug.cgi?id=78424
1275
1276         Reviewed by Anders Carlsson.
1277
1278         * wtf/NullPtr.cpp:
1279         * wtf/NullPtr.h:
1280         libc++ provides std::nullptr emulation, so we don't have to.
1281
1282 2012-02-07  Filip Pizlo  <fpizlo@apple.com>
1283
1284         DFG should have polymorphic put_by_id caching
1285         https://bugs.webkit.org/show_bug.cgi?id=78062
1286         <rdar://problem/10326439> <rdar://problem/10824839>
1287
1288         Reviewed by Oliver Hunt.
1289         
1290         Implemented polymorphic put_by_id caching in the DFG, and added much of the
1291         machinery that would be needed to implement it in the old JIT as well.
1292         
1293         I decided against using the old PolymorphicAccessStructureList mechanism as
1294         this didn't quite fit with put_by_id. In particular, I wanted the ability to
1295         have one list that captured all relevant cases (including proto put_by_id
1296         if we ever decided to do it). And I wanted the code to have better
1297         encapsulation. And I didn't want to get confused by the fact that the
1298         original (non-list) put_by_id cache may itself consist of a stub routine.
1299         
1300         This code is still sub-optimal (for example adding a replace to a list whose
1301         previous elements are all transitions should just repatch the original code,
1302         but here it will generate a stub) but it already generates a >20% speed-up
1303         on V8-splay, leading to a 2% win overall in splay. Neutral elsewhere.
1304
1305         * CMakeLists.txt:
1306         * GNUmakefile.list.am:
1307         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1308         * JavaScriptCore.xcodeproj/project.pbxproj:
1309         * Target.pri:
1310         * bytecode/PolymorphicPutByIdList.cpp: Added.
1311         (JSC):
1312         (JSC::PutByIdAccess::fromStructureStubInfo):
1313         (JSC::PutByIdAccess::visitWeak):
1314         (JSC::PolymorphicPutByIdList::PolymorphicPutByIdList):
1315         (JSC::PolymorphicPutByIdList::from):
1316         (JSC::PolymorphicPutByIdList::~PolymorphicPutByIdList):
1317         (JSC::PolymorphicPutByIdList::isFull):
1318         (JSC::PolymorphicPutByIdList::isAlmostFull):
1319         (JSC::PolymorphicPutByIdList::addAccess):
1320         (JSC::PolymorphicPutByIdList::visitWeak):
1321         * bytecode/PolymorphicPutByIdList.h: Added.
1322         (JSC):
1323         (PutByIdAccess):
1324         (JSC::PutByIdAccess::PutByIdAccess):
1325         (JSC::PutByIdAccess::transition):
1326         (JSC::PutByIdAccess::replace):
1327         (JSC::PutByIdAccess::isSet):
1328         (JSC::PutByIdAccess::operator!):
1329         (JSC::PutByIdAccess::type):
1330         (JSC::PutByIdAccess::isTransition):
1331         (JSC::PutByIdAccess::isReplace):
1332         (JSC::PutByIdAccess::oldStructure):
1333         (JSC::PutByIdAccess::structure):
1334         (JSC::PutByIdAccess::newStructure):
1335         (JSC::PutByIdAccess::chain):
1336         (JSC::PutByIdAccess::stubRoutine):
1337         (PolymorphicPutByIdList):
1338         (JSC::PolymorphicPutByIdList::currentSlowPathTarget):
1339         (JSC::PolymorphicPutByIdList::isEmpty):
1340         (JSC::PolymorphicPutByIdList::size):
1341         (JSC::PolymorphicPutByIdList::at):
1342         (JSC::PolymorphicPutByIdList::operator[]):
1343         (JSC::PolymorphicPutByIdList::kind):
1344         * bytecode/PutKind.h: Added.
1345         (JSC):
1346         * bytecode/StructureStubInfo.cpp:
1347         (JSC::StructureStubInfo::deref):
1348         (JSC::StructureStubInfo::visitWeakReferences):
1349         * bytecode/StructureStubInfo.h:
1350         (JSC):
1351         (JSC::isPutByIdAccess):
1352         (JSC::StructureStubInfo::initPutByIdList):
1353         (StructureStubInfo):
1354         (JSC::StructureStubInfo::reset):
1355         * dfg/DFGOperations.cpp:
1356         * dfg/DFGOperations.h:
1357         (DFG):
1358         * dfg/DFGRepatch.cpp:
1359         (JSC::DFG::appropriateGenericPutByIdFunction):
1360         (JSC::DFG::appropriateListBuildingPutByIdFunction):
1361         (DFG):
1362         (JSC::DFG::emitPutReplaceStub):
1363         (JSC::DFG::emitPutTransitionStub):
1364         (JSC::DFG::tryCachePutByID):
1365         (JSC::DFG::dfgRepatchPutByID):
1366         (JSC::DFG::tryBuildPutByIdList):
1367         (JSC::DFG::dfgBuildPutByIdList):
1368         (JSC::DFG::dfgResetPutByID):
1369         * dfg/DFGRepatch.h:
1370         (DFG):
1371         * runtime/WriteBarrier.h:
1372         (WriteBarrierBase):
1373         (JSC::WriteBarrierBase::copyFrom):
1374
1375 2012-02-10  Vineet Chaudhary  <rgf748@motorola.com>
1376
1377         https://bugs.webkit.org/show_bug.cgi?id=72756
1378         DOMHTMLElement’s accessKey property is declared as available in WebKit version that didn’t have it 
1379
1380         Reviewed by Timothy Hatcher.
1381
1382         * API/WebKitAvailability.h: Added AVAILABLE_AFTER_WEBKIT_VERSION_5_1 and
1383           AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED_AFTER_WEBKIT_VERSION_5_1 for the new versions.
1384
1385 2012-02-10  Mark Hahnenberg  <mhahnenberg@apple.com>
1386
1387         Fixing windows build
1388
1389         Unreviewed build fix
1390
1391         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1392
1393 2012-02-10  Adam Klein  <adamk@chromium.org>
1394
1395         Enable MUTATION_OBSERVERS by default on all platforms
1396         https://bugs.webkit.org/show_bug.cgi?id=78196
1397
1398         Reviewed by Ojan Vafai.
1399
1400         * Configurations/FeatureDefines.xcconfig:
1401
1402 2012-02-10  Yong Li  <yoli@rim.com>
1403
1404         ENABLE(ASSEMBLER_WX_EXCLUSIVE): LinkBuffer can leave pages not marked as executable.
1405         https://bugs.webkit.org/show_bug.cgi?id=76724
1406
1407         Reviewed by Rob Buis.
1408
1409         This issue only exists when both ENABLE(ASSEMBLER_WX_EXCLUSIVE) and ENABLE(BRANCH_COMPACTION) are on.
1410         The size used to call makeExecutable can be smaller than the one that was used for makeWritable.
1411         So it can leave pages behind that are not set back to default flags. When an assembly on one of those
1412         pages is executed or JIT returns to those pages in the case it was already executing from there, the
1413         software will crash.
1414
1415         * assembler/LinkBuffer.h: Add m_initialSize and use it in performFinalization().
1416         (JSC::LinkBuffer::LinkBuffer):
1417         (JSC::LinkBuffer::linkCode):
1418         (JSC::LinkBuffer::performFinalization):
1419         (LinkBuffer):
1420
1421 2012-02-10  Mark Hahnenberg  <mhahnenberg@apple.com>
1422
1423         Split MarkedSpace into destructor and destructor-free subspaces
1424         https://bugs.webkit.org/show_bug.cgi?id=77761
1425
1426         Reviewed by Geoffrey Garen.
1427
1428         * dfg/DFGSpeculativeJIT.h:
1429         (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Switched over to use destructor-free space.
1430         * heap/Heap.h:
1431         (JSC::Heap::allocatorForObjectWithoutDestructor): Added to give clients (e.g. the JIT) the ability to 
1432         pick which subspace they want to allocate out of.
1433         (JSC::Heap::allocatorForObjectWithDestructor): Ditto.
1434         (Heap):
1435         (JSC::Heap::allocateWithDestructor): Added private function for CellAllocator to use.
1436         (JSC):
1437         (JSC::Heap::allocateWithoutDestructor): Ditto.
1438         * heap/MarkedAllocator.cpp: Added the cellsNeedDestruction flag to allocators so that they can allocate 
1439         their MarkedBlocks correctly.
1440         (JSC::MarkedAllocator::allocateBlock):
1441         * heap/MarkedAllocator.h:
1442         (JSC::MarkedAllocator::cellsNeedDestruction):
1443         (MarkedAllocator):
1444         (JSC::MarkedAllocator::MarkedAllocator):
1445         (JSC):
1446         (JSC::MarkedAllocator::init): Replaced custom set functions, which were only used upon initialization, with
1447         an init function that does all of that stuff in fewer lines.
1448         * heap/MarkedBlock.cpp:
1449         (JSC::MarkedBlock::create):
1450         (JSC::MarkedBlock::recycle):
1451         (JSC::MarkedBlock::MarkedBlock):
1452         (JSC::MarkedBlock::callDestructor): Templatized, along with specializedSweep and sweepHelper, to make 
1453         checking the m_cellsNeedDestructor flag faster and cleaner looking.
1454         (JSC):
1455         (JSC::MarkedBlock::specializedSweep):
1456         (JSC::MarkedBlock::sweep):
1457         (JSC::MarkedBlock::sweepHelper):
1458         * heap/MarkedBlock.h:
1459         (MarkedBlock):
1460         (JSC::MarkedBlock::cellsNeedDestruction):
1461         (JSC):
1462         * heap/MarkedSpace.cpp:
1463         (JSC::MarkedSpace::MarkedSpace):
1464         (JSC::MarkedSpace::resetAllocators):
1465         (JSC::MarkedSpace::canonicalizeCellLivenessData):
1466         (JSC::TakeIfUnmarked::operator()):
1467         * heap/MarkedSpace.h:
1468         (MarkedSpace):
1469         (Subspace):
1470         (JSC::MarkedSpace::allocatorFor): Needed function to differentiate between the two broad subspaces of 
1471         allocators.
1472         (JSC):
1473         (JSC::MarkedSpace::destructorAllocatorFor): Ditto.
1474         (JSC::MarkedSpace::allocateWithoutDestructor): Ditto.
1475         (JSC::MarkedSpace::allocateWithDestructor): Ditto.
1476         (JSC::MarkedSpace::forEachBlock):
1477         * jit/JIT.h:
1478         * jit/JITInlineMethods.h: Modified to use the proper allocator for JSFinalObjects and others.
1479         (JSC::JIT::emitAllocateBasicJSObject):
1480         (JSC::JIT::emitAllocateJSFinalObject):
1481         (JSC::JIT::emitAllocateJSFunction):
1482         * runtime/JSArray.cpp:
1483         (JSC):
1484         * runtime/JSArray.h:
1485         (JSArray):
1486         (JSC::JSArray::create):
1487         (JSC):
1488         (JSC::JSArray::tryCreateUninitialized):
1489         * runtime/JSCell.h:
1490         (JSCell):
1491         (JSC):
1492         (NeedsDestructor): Template struct that calculates at compile time whether the class in question requires 
1493         destruction or not using the compiler type trait __has_trivial_destructor. allocateCell then checks this 
1494         constant to decide whether to allocate in the destructor or destructor-free parts of the heap.
1495         (JSC::allocateCell): 
1496         * runtime/JSFunction.cpp:
1497         (JSC):
1498         * runtime/JSFunction.h:
1499         (JSFunction):
1500         * runtime/JSObject.cpp:
1501         (JSC):
1502         * runtime/JSObject.h:
1503         (JSNonFinalObject):
1504         (JSC):
1505         (JSFinalObject):
1506         (JSC::JSFinalObject::create):
1507
1508 2012-02-10  Adrienne Walker  <enne@google.com>
1509
1510         Remove implicit copy constructor usage in HashMaps with OwnPtr
1511         https://bugs.webkit.org/show_bug.cgi?id=78071
1512
1513         Reviewed by Darin Adler.
1514
1515         Change the return type of emptyValue() in PairHashTraits to be the
1516         actual type returned rather than the trait type to avoid an implicit
1517         generation of the OwnPtr copy constructor. This happens for hash
1518         traits involving OwnPtr where the empty value is not zero and each
1519         hash bucket needs to be initialized with emptyValue().
1520
1521         Also, update StructureTransitionTable to use default hash traits
1522         rather than rolling its own, in order to update it to handle
1523         EmptyValueType.
1524
1525         Test: patch from bug 74154 compiles on Clang with this patch
1526
1527         * runtime/StructureTransitionTable.h:
1528         (StructureTransitionTable):
1529         * wtf/HashTraits.h:
1530         (GenericHashTraits):
1531         (PairHashTraits):
1532         (WTF::PairHashTraits::emptyValue):
1533
1534 2012-02-10  Aron Rosenberg  <arosenberg@logitech.com>
1535
1536         [Qt] Fix compiler warning in Visual Studio 2010 about TR1
1537         https://bugs.webkit.org/show_bug.cgi?id=63642
1538
1539         Reviewed by Simon Hausmann.
1540
1541         * JavaScriptCore.pri:
1542
1543 2012-02-10  Michael Saboff  <msaboff@apple.com>
1544
1545         Yarr assert with regexp where alternative in *-quantified group matches empty
1546         https://bugs.webkit.org/show_bug.cgi?id=67752        
1547
1548         Reviewed by Gavin Barraclough.
1549
1550         Added backtracking for the prior alternative if it matched
1551         but didn't consume any input characters.
1552
1553         * yarr/YarrJIT.cpp:
1554         (YarrOp): New jump.
1555         (JSC::Yarr::YarrGenerator::generate): Emit conditional jump
1556         when an alternative matches and no input was consumed.  Moved the
1557         zero length match check for a set of alternatives to the alternative
1558         code from the parentheses cases to the alternative end cases.
1559         Converted the existing zero length checks in the parentheses cases
1560         to runtime assertion checks.
1561         (JSC::Yarr::YarrGenerator::backtrack): Link new jump to backtrack
1562         to prior term.
1563
1564 2012-02-10  Roland Takacs  <takacs.roland@stud.u-szeged.hu>
1565
1566         [Qt] GC should be parallel on Qt platform
1567         https://bugs.webkit.org/show_bug.cgi?id=73309
1568
1569         Reviewed by Zoltan Herczeg.
1570
1571         These changes made the parallel gc feature available for Qt port.
1572         The implementation of "registerGCThread" and "isMainThreadOrGCThread",
1573         and a local static function [initializeGCThreads] is moved from
1574         MainThreadMac.mm to the common MainThread.cpp to make them available
1575         for other platforms.
1576
1577         Measurement results:
1578         V8           speed-up:  1.025x as fast  [From: 663.4ms  To: 647.0ms ]
1579         V8 Splay     speed-up:  1.185x as fast  [From: 138.4ms  To: 116.8ms ]
1580
1581         Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core.
1582
1583         * JavaScriptCore.order:
1584         * wtf/MainThread.cpp:
1585         (WTF::initializeMainThread):
1586         (WTF):
1587         (WTF::initializeGCThreads):
1588         (WTF::registerGCThread):
1589         (WTF::isMainThreadOrGCThread):
1590         * wtf/MainThread.h:
1591         (WTF):
1592         * wtf/Platform.h:
1593         * wtf/mac/MainThreadMac.mm:
1594         (WTF):
1595
1596 2012-02-09  Andy Wingo  <wingo@igalia.com>
1597
1598         Eliminate dead code in BytecodeGenerator::resolve()
1599         https://bugs.webkit.org/show_bug.cgi?id=78242
1600
1601         Reviewed by Gavin Barraclough.
1602
1603         * bytecompiler/BytecodeGenerator.cpp:
1604         (JSC::BytecodeGenerator::resolve):
1605         BytecodeGenerator::shouldOptimizeLocals() is only true for
1606         FunctionCode, and thus cannot be true for GlobalCode.
1607
1608 2012-02-09  Andy Wingo  <wingo@igalia.com>
1609
1610         Remove BytecodeGenerator::isLocal
1611         https://bugs.webkit.org/show_bug.cgi?id=78241
1612
1613         Minor refactor to BytecodeGenerator.
1614
1615         Reviewed by Gavin Barraclough.
1616
1617         * bytecompiler/BytecodeGenerator.h:
1618         * bytecompiler/BytecodeGenerator.cpp:
1619         (JSC::BytecodeGenerator::isLocal):
1620         (JSC::BytecodeGenerator::isLocalConstant): Remove now-unused
1621         methods.
1622         * bytecompiler/NodesCodegen.cpp:
1623         (JSC::ResolveNode::isPure): Use the ResolveResult mechanism
1624         instead of isLocal.  This will recognize more resolve nodes as
1625         being pure.
1626         (JSC::PrefixResolveNode::emitBytecode): Use isReadOnly on the
1627         location instead of isLocalConstant.
1628
1629 2012-02-09  Oliver Hunt  <oliver@apple.com>
1630
1631         The JS Parser scope object needs a VectorTrait specialization
1632         https://bugs.webkit.org/show_bug.cgi?id=78308
1633
1634         Reviewed by Gavin Barraclough.
1635
1636         This showed up as a periodic crash in various bits of generated code
1637         originally, but I've added an assertion in the bytecode generator
1638         that makes the effected code much more crash-happy should it go
1639         wrong again.
1640
1641         * bytecompiler/BytecodeGenerator.cpp:
1642         (JSC::BytecodeGenerator::BytecodeGenerator):
1643         (JSC::BytecodeGenerator::resolve):
1644         * parser/Parser.cpp:
1645         * parser/Parser.h:
1646         (JSC):
1647         * runtime/JSActivation.h:
1648         (JSC::JSActivation::isValidScopedLookup):
1649         (JSActivation):
1650
1651 2012-02-08  Oliver Hunt  <oliver@apple.com>
1652
1653         Whoops, fix the build.
1654
1655         * runtime/Executable.cpp:
1656         (JSC::FunctionExecutable::FunctionExecutable):
1657
1658 2012-02-08  Oliver Hunt  <oliver@apple.com>
1659
1660         Fix issue encountered while debugging stacktraces
1661         https://bugs.webkit.org/show_bug.cgi?id=78147
1662
1663         Reviewed by Gavin Barraclough.
1664
1665         Debugging is easier if we always ensure that we have a non-null
1666         inferred name.
1667
1668         * runtime/Executable.cpp:
1669         (JSC::FunctionExecutable::FunctionExecutable):
1670
1671 2012-02-08  Oliver Hunt  <oliver@apple.com>
1672
1673         updateTopCallframe in the baseline JIT doesn't provide enough information to the stubs
1674         https://bugs.webkit.org/show_bug.cgi?id=78145
1675
1676         Reviewed by Gavin Barraclough.
1677
1678         Fix the updateTopCallFrame helper to store additional information
1679         that becomes necessary when we are trying to provide more stack
1680         frame information.
1681
1682         * interpreter/CallFrame.h:
1683         (JSC::ExecState::bytecodeOffsetForBaselineJIT):
1684         (ExecState):
1685         * jit/JIT.cpp:
1686         (JSC::JIT::privateCompile):
1687         * jit/JIT.h:
1688         (JSC::JIT::compileGetByIdProto):
1689         (JSC::JIT::compileGetByIdSelfList):
1690         (JSC::JIT::compileGetByIdProtoList):
1691         (JSC::JIT::compileGetByIdChainList):
1692         (JSC::JIT::compileGetByIdChain):
1693         (JSC::JIT::compilePutByIdTransition):
1694         (JIT):
1695         * jit/JITInlineMethods.h:
1696         (JSC::JIT::updateTopCallFrame):
1697
1698 2012-02-07  Robert Kroeger  <rjkroege@chromium.org>
1699
1700         [chromium] Remove the enable marcro for the no longer necessary Chromium
1701         gesture recognizer.
1702         https://bugs.webkit.org/show_bug.cgi?id=77492
1703
1704         Reviewed by Adam Barth.
1705
1706         * wtf/Platform.h:
1707
1708 2012-02-07  Tony Chang  <tony@chromium.org>
1709
1710         merge DashboardSupportCSSPropertyNames.in into CSSPropertyNames.in
1711         https://bugs.webkit.org/show_bug.cgi?id=78036
1712
1713         Reviewed by Darin Adler.
1714
1715         * Configurations/FeatureDefines.xcconfig: Add ENABLE_DASHBOARD_SUPPORT to FEATURE_DEFINES.
1716
1717 2012-02-07  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
1718
1719         [CMAKE] Use *bin* and *lib* directories for executable and libraries.
1720         https://bugs.webkit.org/show_bug.cgi?id=77928
1721
1722         Reviewed by Daniel Bates.
1723
1724         CMake has used *Programs* directory for executable. In addition, shared libraries are being
1725         built in source directory. It is better to set common places in order to maintain executable
1726         and libraries. *bin* is for executable and *lib* is for library.
1727
1728         * shell/CMakeLists.txt: Change *Programs* with *bin*.
1729
1730 2012-02-07  Gavin Barraclough  <barraclough@apple.com>
1731
1732         Crash on http://www.rickshawbags.com/
1733         https://bugs.webkit.org/show_bug.cgi?id=78045
1734
1735         Reviewed by Darin Adler.
1736
1737         Problem URL is: http://www.rickshawbags.com/customize/custom-bag#!thl=rickshaw/bag()
1738         
1739         This is a bug introduced by https://bugs.webkit.org/show_bug.cgi?id=71933,
1740         isVariableObject() checks were excluding StaticScopeObjects, this patch
1741         inadvertently changed them to be included.
1742
1743         * runtime/JSType.h:
1744             - sort JSType enum such that StaticScopeObjectType comes before VariableObjectType,
1745               and thus is excluded from isVariableObject() checks.
1746
1747 2012-02-06  Jer Noble  <jer.noble@apple.com>
1748
1749         Use CMClock as a timing source for PlatformClock where available.
1750         https://bugs.webkit.org/show_bug.cgi?id=77885
1751
1752         Reviewed by Eric Carlson.
1753
1754         * wtf/Platform.h: Added WTF_USE_COREMEDIA.
1755
1756 2012-02-06  Filip Pizlo  <fpizlo@apple.com>
1757
1758         ValueToNumber and ValueToDouble nodes don't do anything and should be removed
1759         https://bugs.webkit.org/show_bug.cgi?id=77855
1760         <rdar://problem/10811325>
1761
1762         Reviewed by Gavin Barraclough.
1763         
1764         Removed ValueToNumber and ValueToDouble, because the only thing they were doing
1765         was wasting registers.
1766         
1767         This looks like a 1% win on V8 (with a 5% win on crypto) and a 2-3% win on Kraken,
1768         mostly due to a >10% win on gaussian-blur. No win anywhere else.
1769
1770         * dfg/DFGAbstractState.cpp:
1771         (JSC::DFG::AbstractState::execute):
1772         * dfg/DFGByteCodeParser.cpp:
1773         (JSC::DFG::ByteCodeParser::getToInt32):
1774         (ByteCodeParser):
1775         (JSC::DFG::ByteCodeParser::handleMinMax):
1776         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1777         (JSC::DFG::ByteCodeParser::parseBlock):
1778         * dfg/DFGNode.h:
1779         (DFG):
1780         (JSC::DFG::Node::hasArithNodeFlags):
1781         * dfg/DFGPropagator.cpp:
1782         (JSC::DFG::Propagator::propagateArithNodeFlags):
1783         (JSC::DFG::Propagator::propagateNodePredictions):
1784         (JSC::DFG::Propagator::vote):
1785         (JSC::DFG::Propagator::doRoundOfDoubleVoting):
1786         (Propagator):
1787         (JSC::DFG::Propagator::fixupNode):
1788         (JSC::DFG::Propagator::canonicalize):
1789         * dfg/DFGSpeculativeJIT.cpp:
1790         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
1791         * dfg/DFGSpeculativeJIT32_64.cpp:
1792         (JSC::DFG::SpeculativeJIT::compile):
1793         * dfg/DFGSpeculativeJIT64.cpp:
1794         (JSC::DFG::SpeculativeJIT::compile):
1795
1796 2012-02-06  Patrick Gansterer  <paroga@webkit.org>
1797
1798         Unreviewed WinCE build fix after r106197.
1799
1800         * tools/CodeProfiling.cpp:
1801         (JSC::CodeProfiling::notifyAllocator): getenv() isn't supported by WinCE. Don't call it.
1802
1803 2012-02-05  Gavin Barraclough  <barraclough@apple.com>
1804
1805         Remove JSObject defineGetter/defineSetter lookupGetter/lookupSetter
1806         https://bugs.webkit.org/show_bug.cgi?id=77451
1807
1808         Reviewed by Sam Weinig.
1809
1810         These can now all be implemented in terms of defineOwnProperty & getPropertyDescriptor.
1811         Also remove initializeGetterSetterProperty, since this is equivalent to putDirectAccessor.
1812
1813         * JavaScriptCore.exp:
1814         * debugger/DebuggerActivation.cpp:
1815         (JSC::DebuggerActivation::defineOwnProperty):
1816         * debugger/DebuggerActivation.h:
1817         (DebuggerActivation):
1818         * runtime/ClassInfo.h:
1819         (MethodTable):
1820         (JSC):
1821         * runtime/JSBoundFunction.cpp:
1822         (JSC::JSBoundFunction::finishCreation):
1823         * runtime/JSCell.cpp:
1824         (JSC):
1825         * runtime/JSCell.h:
1826         (JSCell):
1827         * runtime/JSFunction.cpp:
1828         (JSC::JSFunction::getOwnPropertySlot):
1829         (JSC::JSFunction::getOwnPropertyDescriptor):
1830         * runtime/JSGlobalObject.cpp:
1831         (JSC::JSGlobalObject::defineOwnProperty):
1832         (JSC):
1833         * runtime/JSGlobalObject.h:
1834         (JSGlobalObject):
1835         * runtime/JSObject.cpp:
1836         (JSC):
1837         * runtime/JSObject.h:
1838         (JSObject):
1839         * runtime/ObjectPrototype.cpp:
1840         (JSC::objectProtoFuncDefineGetter):
1841         (JSC::objectProtoFuncDefineSetter):
1842         (JSC::objectProtoFuncLookupGetter):
1843         (JSC::objectProtoFuncLookupSetter):
1844
1845 2012-02-06  Carlos Garcia Campos  <cgarcia@igalia.com>
1846
1847         Unreviewed. Fix make distcheck.
1848
1849         * GNUmakefile.list.am: Add missing files.
1850
1851 2012-02-05  Filip Pizlo  <fpizlo@apple.com>
1852
1853         DFG's child references from one node to another should have room for type information
1854         https://bugs.webkit.org/show_bug.cgi?id=77797
1855
1856         Reviewed by Oliver Hunt.
1857         
1858         The DFG::Node::child fields now contain both a DFG::NodeIndex (which is just an unsigned)
1859         and a DFG::UseKind (which is currently an effectively empty enum). They are encapsulated
1860         together as a DFG::NodeUse, which can in most cases still be used as an index (for
1861         example DFG::Graph, AbstractState, and SpeculativeJIT all accept NodeUse in most places
1862         where they really want a NodeIndex).
1863         
1864         The NodeUse stores both the index and the UseKind without bloating the memory usage of
1865         DFG::Node, since we really don't need full 32 bits for the NodeIndex (a DFG::Node is
1866         roughly 11 words, so if we assume that we never want to use more than 1GB to DFG compile
1867         something - likely a sensible assumption! - then we will only be able to have room for
1868         about 24 million nodes, which means we only need about 24.5 bits for the node index).
1869         Currently the DFG::NodeUse allocates 4 bits for the UseKind and 28 bits for the index,
1870         but stores the index as a signed number to make NoNode work naturally. Hence we really
1871         just have 27 bits for the index.
1872         
1873         This is performance-neutral on all benchmarks we track.
1874
1875         * JavaScriptCore.xcodeproj/project.pbxproj:
1876         * dfg/DFGAbstractState.h:
1877         (JSC::DFG::AbstractState::forNode):
1878         (AbstractState):
1879         * dfg/DFGByteCodeParser.cpp:
1880         (JSC::DFG::ByteCodeParser::getLocal):
1881         (JSC::DFG::ByteCodeParser::getArgument):
1882         (JSC::DFG::ByteCodeParser::toInt32):
1883         (JSC::DFG::ByteCodeParser::addVarArgChild):
1884         (JSC::DFG::ByteCodeParser::processPhiStack):
1885         * dfg/DFGCommon.h:
1886         * dfg/DFGGraph.cpp:
1887         (JSC::DFG::Graph::dump):
1888         (DFG):
1889         * dfg/DFGGraph.h:
1890         (Graph):
1891         (JSC::DFG::Graph::operator[]):
1892         (JSC::DFG::Graph::at):
1893         (JSC::DFG::Graph::ref):
1894         (JSC::DFG::Graph::deref):
1895         (JSC::DFG::Graph::clearAndDerefChild1):
1896         (JSC::DFG::Graph::clearAndDerefChild2):
1897         (JSC::DFG::Graph::clearAndDerefChild3):
1898         * dfg/DFGJITCompiler.h:
1899         (JSC::DFG::JITCompiler::getPrediction):
1900         * dfg/DFGNode.h:
1901         (JSC::DFG::Node::Node):
1902         (JSC::DFG::Node::child1):
1903         (JSC::DFG::Node::child1Unchecked):
1904         (JSC::DFG::Node::child2):
1905         (JSC::DFG::Node::child3):
1906         (JSC::DFG::Node::firstChild):
1907         (JSC::DFG::Node::numChildren):
1908         (JSC::DFG::Node::dumpChildren):
1909         (Node):
1910         * dfg/DFGNodeReferenceBlob.h: Added.
1911         (DFG):
1912         (NodeReferenceBlob):
1913         (JSC::DFG::NodeReferenceBlob::NodeReferenceBlob):
1914         (JSC::DFG::NodeReferenceBlob::child):
1915         (JSC::DFG::NodeReferenceBlob::child1):
1916         (JSC::DFG::NodeReferenceBlob::child2):
1917         (JSC::DFG::NodeReferenceBlob::child3):
1918         (JSC::DFG::NodeReferenceBlob::child1Unchecked):
1919         (JSC::DFG::NodeReferenceBlob::initialize):
1920         (JSC::DFG::NodeReferenceBlob::firstChild):
1921         (JSC::DFG::NodeReferenceBlob::setFirstChild):
1922         (JSC::DFG::NodeReferenceBlob::numChildren):
1923         (JSC::DFG::NodeReferenceBlob::setNumChildren):
1924         * dfg/DFGNodeUse.h: Added.
1925         (DFG):
1926         (NodeUse):
1927         (JSC::DFG::NodeUse::NodeUse):
1928         (JSC::DFG::NodeUse::indexUnchecked):
1929         (JSC::DFG::NodeUse::index):
1930         (JSC::DFG::NodeUse::setIndex):
1931         (JSC::DFG::NodeUse::useKind):
1932         (JSC::DFG::NodeUse::setUseKind):
1933         (JSC::DFG::NodeUse::isSet):
1934         (JSC::DFG::NodeUse::operator!):
1935         (JSC::DFG::NodeUse::operator==):
1936         (JSC::DFG::NodeUse::operator!=):
1937         (JSC::DFG::NodeUse::shift):
1938         (JSC::DFG::NodeUse::makeWord):
1939         (JSC::DFG::operator==):
1940         (JSC::DFG::operator!=):
1941         * dfg/DFGPropagator.cpp:
1942         (JSC::DFG::Propagator::propagateArithNodeFlags):
1943         (JSC::DFG::Propagator::vote):
1944         (JSC::DFG::Propagator::toDouble):
1945         (JSC::DFG::Propagator::fixupNode):
1946         (JSC::DFG::Propagator::canonicalize):
1947         (JSC::DFG::Propagator::startIndex):
1948         (JSC::DFG::Propagator::globalVarLoadElimination):
1949         (JSC::DFG::Propagator::getByValLoadElimination):
1950         (JSC::DFG::Propagator::getByOffsetLoadElimination):
1951         (JSC::DFG::Propagator::performSubstitution):
1952         (JSC::DFG::Propagator::performNodeCSE):
1953         * dfg/DFGScoreBoard.h:
1954         (JSC::DFG::ScoreBoard::use):
1955         * dfg/DFGSpeculativeJIT.cpp:
1956         (JSC::DFG::SpeculativeJIT::useChildren):
1957         (JSC::DFG::SpeculativeJIT::writeBarrier):
1958         (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
1959         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
1960         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
1961         (JSC::DFG::SpeculativeJIT::compileMovHint):
1962         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
1963         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
1964         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
1965         (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
1966         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
1967         (JSC::DFG::SpeculativeJIT::compileAdd):
1968         (JSC::DFG::SpeculativeJIT::compileArithSub):
1969         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
1970         (JSC::DFG::SpeculativeJIT::compileStrictEq):
1971         * dfg/DFGSpeculativeJIT.h:
1972         (JSC::DFG::SpeculativeJIT::at):
1973         (JSC::DFG::SpeculativeJIT::canReuse):
1974         (JSC::DFG::SpeculativeJIT::use):
1975         (SpeculativeJIT):
1976         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
1977         (JSC::DFG::SpeculativeJIT::speculationCheck):
1978         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
1979         (JSC::DFG::IntegerOperand::IntegerOperand):
1980         (JSC::DFG::DoubleOperand::DoubleOperand):
1981         (JSC::DFG::JSValueOperand::JSValueOperand):
1982         (JSC::DFG::StorageOperand::StorageOperand):
1983         (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
1984         (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
1985         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
1986         (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
1987         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
1988         * dfg/DFGSpeculativeJIT32_64.cpp:
1989         (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
1990         (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
1991         (JSC::DFG::SpeculativeJIT::cachedPutById):
1992         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1993         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1994         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
1995         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
1996         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
1997         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
1998         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
1999         (JSC::DFG::SpeculativeJIT::emitCall):
2000         (JSC::DFG::SpeculativeJIT::compileValueAdd):
2001         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
2002         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
2003         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
2004         (JSC::DFG::SpeculativeJIT::emitBranch):
2005         (JSC::DFG::SpeculativeJIT::compile):
2006         * dfg/DFGSpeculativeJIT64.cpp:
2007         (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
2008         (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
2009         (JSC::DFG::SpeculativeJIT::cachedPutById):
2010         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
2011         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
2012         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
2013         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
2014         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
2015         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
2016         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
2017         (JSC::DFG::SpeculativeJIT::emitCall):
2018         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
2019         (JSC::DFG::SpeculativeJIT::compileValueAdd):
2020         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
2021         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
2022         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
2023         (JSC::DFG::SpeculativeJIT::emitBranch):
2024         (JSC::DFG::SpeculativeJIT::compile):
2025
2026 2012-02-05  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2027
2028         [CMAKE] Support javascriptcore test for EFL port. 
2029         https://bugs.webkit.org/show_bug.cgi?id=77425
2030
2031         Reviewed by Daniel Bates.
2032
2033         Efl and WinCE as well as Blackberry port are now using Cmake as its build system
2034         and they are share the make file to create jsc excutable. In order to run
2035         "run-javascriptcore-tests", EFL port needs to change jsc installation configuration
2036         with executable output directory(e.g. Programs). So, this patch change jsc installation
2037         configuration only for EFL port.
2038
2039         * shell/CMakeLists.txt:
2040
2041 2012-02-04  Gavin Barraclough  <barraclough@apple.com>
2042
2043         Rubber stamped by Sam Weinig.
2044
2045         * yarr/YarrPattern.cpp:
2046         (JSC::Yarr::YarrPatternConstructor::quantifyAtom):
2047             - Fix comment.
2048
2049 2012-02-04  Kalev Lember  <kalevlember@gmail.com>
2050
2051         [GTK] CurrentTime: Reorder headers for win32
2052         https://bugs.webkit.org/show_bug.cgi?id=77808
2053
2054         Reviewed by Martin Robinson.
2055
2056         In GTK+ win32 port, monotonicallyIncreasingTime() implementation is
2057         based on g_get_monotonic_time(). Reorder headers to make sure glib.h
2058         gets included even when the platform is win32.
2059
2060         CurrentTime.cpp: In function 'double WTF::monotonicallyIncreasingTime()':
2061         CurrentTime.cpp:321:53: error: 'g_get_monotonic_time' was not declared in this scope
2062         CurrentTime.cpp:322:1: warning: control reaches end of non-void function [-Wreturn-type]
2063
2064         * wtf/CurrentTime.cpp:
2065
2066 2012-02-03  Anders Carlsson  <andersca@apple.com>
2067
2068         Prefix the typedef in WTF_MAKE_FAST_ALLOCATED with underscores
2069         https://bugs.webkit.org/show_bug.cgi?id=77788
2070
2071         Reviewed by Andreas Kling.
2072
2073         The current typedef name, 'ThisIsHereToForceASemicolonAfterThisMacro', shows up when trying to 
2074         code-complete 'this' in Xcode. Prefix the typedef with two underscores to stop this from happening.
2075
2076         * wtf/FastAllocBase.h:
2077
2078 2012-02-03  Rob Buis  <rbuis@rim.com>
2079
2080         Fix alignment warnings in ARMv7
2081         https://bugs.webkit.org/show_bug.cgi?id=55368
2082
2083         Reviewed by Filip Pizlo.
2084
2085         Use reinterpret_cast_ptr and static_cast to get rid of alignment issues in ARMv7 code.
2086
2087         * heap/HandleTypes.h:
2088         (JSC::HandleTypes::getFromSlot):
2089         * heap/MarkedBlock.cpp:
2090         (JSC::MarkedBlock::specializedSweep):
2091         * heap/MarkedBlock.h:
2092         (JSC::MarkedBlock::forEachCell):
2093         * runtime/WriteBarrier.h:
2094         (JSC::WriteBarrierBase::get):
2095         (JSC::WriteBarrierBase::unvalidatedGet):
2096
2097 2012-02-03  Mark Hahnenberg  <mhahnenberg@apple.com>
2098
2099         Build fix
2100
2101         Unreviewed build fix
2102
2103         Forgot to add a couple files.
2104
2105         * heap/MarkedAllocator.cpp: Added.
2106         (JSC):
2107         (JSC::MarkedAllocator::tryAllocateHelper):
2108         (JSC::MarkedAllocator::tryAllocate):
2109         (JSC::MarkedAllocator::allocateSlowCase):
2110         (JSC::MarkedAllocator::allocateBlock):
2111         (JSC::MarkedAllocator::addBlock):
2112         (JSC::MarkedAllocator::removeBlock):
2113         * heap/MarkedAllocator.h: Added.
2114         (JSC):
2115         (DFG):
2116         (MarkedAllocator):
2117         (JSC::MarkedAllocator::cellSize):
2118         (JSC::MarkedAllocator::heap):
2119         (JSC::MarkedAllocator::setHeap):
2120         (JSC::MarkedAllocator::setCellSize):
2121         (JSC::MarkedAllocator::setMarkedSpace):
2122         (JSC::MarkedAllocator::MarkedAllocator):
2123         (JSC::MarkedAllocator::allocate):
2124         (JSC::MarkedAllocator::reset):
2125         (JSC::MarkedAllocator::zapFreeList):
2126         (JSC::MarkedAllocator::forEachBlock):
2127
2128 2012-02-03  Mark Hahnenberg  <mhahnenberg@apple.com>
2129
2130         Refactor MarkedBlock::SizeClass into a separate class
2131         https://bugs.webkit.org/show_bug.cgi?id=77600
2132
2133         Reviewed by Geoffrey Garen.
2134
2135         We pulled SizeClass out into its own class, named MarkedAllocator, and gave it
2136         the responsibility of allocating objects from the collection of MarkedBlocks 
2137         that it manages. Also limited the amount of coupling to internal data fields 
2138         from other places, although it's mostly unavoidable in the JIT code.
2139
2140         Eventually MarkedAllocator will implement various policies to do with object 
2141         management, e.g. whether or not to run destructors on objects that it manages.
2142         MarkedSpace will manage a collection of MarkedAllocators with varying policies,
2143         as it does now but to a larger extent. 
2144
2145         * CMakeLists.txt:
2146         * GNUmakefile.list.am:
2147         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2148         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2149         * JavaScriptCore.xcodeproj/project.pbxproj:
2150         * Target.pri:
2151         * dfg/DFGSpeculativeJIT.h:
2152         (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
2153         * heap/Heap.cpp:
2154         (JSC::Heap::collect):
2155         (JSC::Heap::resetAllocators):
2156         * heap/Heap.h:
2157         (JSC::Heap::allocatorForObject):
2158         (Heap):
2159         * heap/MarkedAllocator.cpp: Added.
2160         (JSC):
2161         (JSC::MarkedAllocator::tryAllocateHelper):
2162         (JSC::MarkedAllocator::tryAllocate):
2163         (JSC::MarkedAllocator::allocateSlowCase):
2164         (JSC::MarkedAllocator::allocateBlock):
2165         (JSC::MarkedAllocator::addBlock):
2166         (JSC::MarkedAllocator::removeBlock):
2167         * heap/MarkedAllocator.h: Added.
2168         (JSC):
2169         (DFG):
2170         (MarkedAllocator):
2171         (JSC::MarkedAllocator::cellSize):
2172         (JSC::MarkedAllocator::heap):
2173         (JSC::MarkedAllocator::setHeap):
2174         (JSC::MarkedAllocator::setCellSize):
2175         (JSC::MarkedAllocator::setMarkedSpace):
2176         (JSC::MarkedAllocator::MarkedAllocator):
2177         (JSC::MarkedAllocator::allocate):
2178         (JSC::MarkedAllocator::reset):
2179         (JSC::MarkedAllocator::zapFreeList):
2180         (JSC::MarkedAllocator::forEachBlock):
2181         * heap/MarkedSpace.cpp:
2182         (JSC::MarkedSpace::MarkedSpace):
2183         (JSC::MarkedSpace::resetAllocators):
2184         (JSC::MarkedSpace::canonicalizeCellLivenessData):
2185         (JSC::TakeIfUnmarked::operator()):
2186         * heap/MarkedSpace.h:
2187         (MarkedSpace):
2188         (JSC::MarkedSpace::allocatorFor):
2189         (JSC::MarkedSpace::allocate):
2190         (JSC::MarkedSpace::forEachBlock):
2191         (JSC::MarkedSpace::didAddBlock):
2192         (JSC::MarkedSpace::didConsumeFreeList):
2193         * jit/JITInlineMethods.h:
2194         (JSC::JIT::emitAllocateBasicJSObject):
2195
2196 2012-02-03  Simon Hausmann  <simon.hausmann@nokia.com>
2197
2198         [Qt] Replace GNU linker script for exports with export macros in WTF/JSC
2199         https://bugs.webkit.org/show_bug.cgi?id=77723
2200
2201         Reviewed by Tor Arne Vestbø.
2202
2203         * wtf/Platform.h: Enable use of export macros.
2204
2205 2012-02-02  Hajime Morrita  <morrita@chromium.org>
2206
2207         Unreviewed, removing an unnecessarily JS_PRIVATE_EXPORT annotation.
2208
2209         * interpreter/Interpreter.h:
2210         (Interpreter):
2211
2212 2012-01-31  Hajime Morrita  <morrita@chromium.org>
2213
2214         [Mac] eliminate JavaScriptCore.exp
2215         https://bugs.webkit.org/show_bug.cgi?id=72854
2216
2217         Reviewed by Darin Adler.
2218
2219         - Removed exp files and corresponding makefile entries.
2220         - Changed the build configuration no to use exp file.
2221
2222         * Configurations/JavaScriptCore.xcconfig:
2223         * DerivedSources.make:
2224         * JavaScriptCore.JSVALUE32_64only.exp: Removed.
2225         * JavaScriptCore.JSVALUE64only.exp: Removed.
2226         * JavaScriptCore.exp: Removed.
2227         * JavaScriptCore.xcodeproj/project.pbxproj:
2228         * wtf/Platform.h:
2229
2230 2012-02-02  Benjamin Poulain  <bpoulain@apple.com>
2231
2232         Running a Web Worker on about:blank crashes the interpreter
2233         https://bugs.webkit.org/show_bug.cgi?id=77593
2234
2235         Reviewed by Michael Saboff.
2236
2237         The method Interpreter::execute() was crashing on empty programs because
2238         the assumption is made the source is not null.
2239
2240         This patch shortcut the execution when the String is null to avoid invalid
2241         memory access.
2242
2243         * interpreter/Interpreter.cpp:
2244         (JSC::Interpreter::execute):
2245
2246 2012-02-02  Kalev Lember  <kalevlember@gmail.com>
2247
2248         [GTK] Use win32 native threading
2249         https://bugs.webkit.org/show_bug.cgi?id=77676
2250
2251         Reviewed by Martin Robinson.
2252
2253         r97269 switched from glib threading to pthreads, breaking win32 GTK+.
2254         This is a follow up, removing some leftovers in ThreadSpecific.h and
2255         switching win32 to use the native threading in ThreadingWin.cpp.
2256
2257         * GNUmakefile.list.am: Compile in win32 native threading support
2258         * wtf/ThreadSpecific.h: Remove GTK+-specific definitions
2259         (ThreadSpecific):
2260         (WTF::::destroy):
2261
2262 2012-02-02  Filip Pizlo  <fpizlo@apple.com>
2263
2264         retrieveCallerFromVMCode should call trueCallerFrame
2265         https://bugs.webkit.org/show_bug.cgi?id=77684
2266
2267         Reviewed by Oliver Hunt.
2268
2269         * interpreter/Interpreter.cpp:
2270         (JSC::Interpreter::retrieveCallerFromVMCode):
2271
2272 2012-02-02  Kalev Lember  <kalevlember@gmail.com>
2273
2274         [GTK] Implement current executable path finding for win32
2275         https://bugs.webkit.org/show_bug.cgi?id=77677
2276
2277         Reviewed by Martin Robinson.
2278
2279         The WTF helper for getting the binary path that was added in r101710
2280         left out the win32 implementation. Fix this.
2281
2282         * wtf/gobject/GlibUtilities.cpp:
2283         (getCurrentExecutablePath):
2284
2285 2012-02-02  Filip Pizlo  <fpizlo@apple.com>
2286
2287         Throwing away bytecode and then reparsing during DFG optimization is just
2288         plain wrong and makes things crash
2289         https://bugs.webkit.org/show_bug.cgi?id=77680
2290         <rdar://problem/10798490>
2291
2292         Reviewed by Oliver Hunt.
2293
2294         This is the minimal surgical fix: it removes the code that triggered bytecode
2295         throw-away. Once we're confident that this is a good idea, we can kill all of
2296         the code that implements the feature.
2297
2298         * bytecode/CodeBlock.h:
2299         (JSC::CodeBlock::discardBytecodeLater):
2300         (JSC::CodeBlock::addValueProfile):
2301         * jit/JITDriver.h:
2302         (JSC::jitCompileIfAppropriate):
2303         (JSC::jitCompileFunctionIfAppropriate):
2304
2305 2012-02-02  Filip Pizlo  <fpizlo@apple.com>
2306
2307         Release build debugging should be easier
2308         https://bugs.webkit.org/show_bug.cgi?id=77669
2309
2310         Reviewed by Gavin Barraclough.
2311
2312         * assembler/ARMAssembler.h:
2313         (ARMAssembler):
2314         (JSC::ARMAssembler::debugOffset):
2315         * assembler/ARMv7Assembler.h:
2316         (ARMv7Assembler):
2317         (JSC::ARMv7Assembler::debugOffset):
2318         (ARMInstructionFormatter):
2319         (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
2320         * assembler/AbstractMacroAssembler.h:
2321         (AbstractMacroAssembler):
2322         (JSC::AbstractMacroAssembler::debugOffset):
2323         * assembler/AssemblerBuffer.h:
2324         (AssemblerBuffer):
2325         (JSC::AssemblerBuffer::debugOffset):
2326         * assembler/LinkBuffer.h:
2327         (LinkBuffer):
2328         (JSC::LinkBuffer::debugSize):
2329         * assembler/MIPSAssembler.h:
2330         (MIPSAssembler):
2331         (JSC::MIPSAssembler::debugOffset):
2332         * assembler/X86Assembler.h:
2333         (X86Assembler):
2334         (JSC::X86Assembler::debugOffset):
2335         (X86InstructionFormatter):
2336         (JSC::X86Assembler::X86InstructionFormatter::debugOffset):
2337         * bytecode/CodeBlock.cpp:
2338         (JSC):
2339         * bytecode/CodeBlock.h:
2340         (CodeBlock):
2341         * bytecode/CodeOrigin.h:
2342         (CodeOrigin):
2343         (JSC):
2344         (JSC::CodeOrigin::inlineStack):
2345         * bytecode/DFGExitProfile.h:
2346         (JSC::DFG::exitKindToString):
2347         * bytecode/DataFormat.h:
2348         (JSC::dataFormatToString):
2349         * bytecode/PredictedType.cpp:
2350         (JSC):
2351         (JSC::predictionToString):
2352         * bytecode/PredictedType.h:
2353         (JSC):
2354         * bytecode/ValueRecovery.h:
2355         (ValueRecovery):
2356         (JSC::ValueRecovery::dump):
2357         * bytecompiler/BytecodeGenerator.cpp:
2358         (JSC):
2359         (JSC::BytecodeGenerator::setDumpsGeneratedCode):
2360         (JSC::BytecodeGenerator::dumpsGeneratedCode):
2361         (JSC::BytecodeGenerator::generate):
2362         * dfg/DFGAbstractValue.h:
2363         (StructureAbstractValue):
2364         (JSC::DFG::StructureAbstractValue::dump):
2365         (AbstractValue):
2366         (JSC::DFG::AbstractValue::dump):
2367         * dfg/DFGAssemblyHelpers.h:
2368         (DFG):
2369         (AssemblyHelpers):
2370         (JSC::DFG::AssemblyHelpers::debugCall):
2371         * dfg/DFGFPRInfo.h:
2372         (FPRInfo):
2373         (JSC::DFG::FPRInfo::debugName):
2374         * dfg/DFGGPRInfo.h:
2375         (GPRInfo):
2376         (JSC::DFG::GPRInfo::debugName):
2377         * dfg/DFGGraph.cpp:
2378         (DFG):
2379         * dfg/DFGGraph.h:
2380         (Graph):
2381         * dfg/DFGNode.h:
2382         (DFG):
2383         (JSC::DFG::arithNodeFlagsAsString):
2384         (Node):
2385         (JSC::DFG::Node::hasIdentifier):
2386         (JSC::DFG::Node::dumpChildren):
2387         * dfg/DFGOSRExit.cpp:
2388         (DFG):
2389         (JSC::DFG::OSRExit::dump):
2390         * dfg/DFGOSRExit.h:
2391         (OSRExit):
2392         * runtime/JSValue.cpp:
2393         (JSC):
2394         (JSC::JSValue::description):
2395         * runtime/JSValue.h:
2396         (JSValue):
2397         * wtf/BitVector.cpp:
2398         (WTF):
2399         (WTF::BitVector::dump):
2400         * wtf/BitVector.h:
2401         (BitVector):
2402
2403 2012-02-02  Oliver Hunt  <oliver@apple.com>
2404
2405         Getters and setters cause line numbers in errors/console.log to be offset for the whole file
2406         https://bugs.webkit.org/show_bug.cgi?id=77675
2407
2408         Reviewed by Timothy Hatcher.
2409
2410         Our default literal parsing logic doesn't handle the extra work required for
2411         getters and setters.  When it encounters one, it rolls back the lexer and 
2412         then switches to a more complete parsing function.  Unfortunately it was only
2413         winding back the character position, and was ignoring the line number and
2414         other lexer data.  This led to every getter and setter causing the line number
2415         to be incorrectly incremented leading to increasingly incorrect numbers for
2416         the rest of the file.
2417
2418         * parser/Parser.cpp:
2419         (JSC::::parseObjectLiteral):
2420
2421 2012-02-02  Andy Wingo  <wingo@igalia.com>
2422
2423         Fix type punning warning in HashTable.h debug builds
2424         https://bugs.webkit.org/show_bug.cgi?id=77422
2425
2426         Reviewed by Gavin Barraclough.
2427
2428         * wtf/HashTable.h (WTF::HashTable::checkKey): Fix type punning
2429         warning appearing in debug builds with gcc-4.6.2 on GNU/Linux.
2430
2431 2012-02-01  Michael Saboff  <msaboff@apple.com>
2432
2433         Yarr crash with regexp replace
2434         https://bugs.webkit.org/show_bug.cgi?id=67454
2435
2436         Reviewed by Gavin Barraclough.
2437
2438         Properly handle the case of a back reference to an unmatched
2439         subpattern by always matching without consuming any characters.
2440
2441         * yarr/YarrInterpreter.cpp:
2442         (JSC::Yarr::Interpreter::matchBackReference):
2443         (JSC::Yarr::Interpreter::backtrackBackReference):
2444
2445 2012-02-01  Gavin Barraclough  <barraclough@apple.com>
2446
2447         calling function on catch block scope containing an eval result in wrong this value being passed
2448         https://bugs.webkit.org/show_bug.cgi?id=77581
2449
2450         Reviewed by Oliver Hunt.
2451
2452         javascript:function F(){ return 'F' in this; }; try { throw F; } catch (e) { eval(""); alert(e()); }
2453
2454         * bytecompiler/NodesCodegen.cpp:
2455         (JSC::TryNode::emitBytecode):
2456         * interpreter/Interpreter.cpp:
2457         (JSC::Interpreter::execute):
2458         * parser/ASTBuilder.h:
2459         (JSC::ASTBuilder::createTryStatement):
2460         * parser/NodeConstructors.h:
2461         (JSC::TryNode::TryNode):
2462         * parser/Nodes.h:
2463         (TryNode):
2464         * parser/Parser.cpp:
2465         (JSC::::parseTryStatement):
2466         * parser/SyntaxChecker.h:
2467         (JSC::SyntaxChecker::createTryStatement):
2468         * runtime/JSObject.h:
2469         (JSObject):
2470         (JSC::JSObject::isStaticScopeObject):
2471         (JSC):
2472
2473 2012-02-01  Oliver Hunt  <oliver@apple.com>
2474
2475         Add support for inferred function names
2476         https://bugs.webkit.org/show_bug.cgi?id=77579
2477
2478         Reviewed by Gavin Barraclough.
2479
2480         Add new "inferred" names to function expressions, getters, and setters.
2481         This property is not exposed to JS, so is only visible in the debugger
2482         and profiler.
2483
2484         * JavaScriptCore.exp:
2485         * bytecompiler/BytecodeGenerator.h:
2486         (JSC::BytecodeGenerator::makeFunction):
2487         * debugger/DebuggerCallFrame.cpp:
2488         (JSC::DebuggerCallFrame::calculatedFunctionName):
2489         * parser/ASTBuilder.h:
2490         (JSC::ASTBuilder::createAssignResolve):
2491         (JSC::ASTBuilder::createGetterOrSetterProperty):
2492         (JSC::ASTBuilder::createProperty):
2493         (JSC::ASTBuilder::makeAssignNode):
2494         * parser/Nodes.h:
2495         (JSC::FunctionBodyNode::setInferredName):
2496         (JSC::FunctionBodyNode::inferredName):
2497         (FunctionBodyNode):
2498         * profiler/Profiler.cpp:
2499         (JSC):
2500         (JSC::Profiler::createCallIdentifier):
2501         (JSC::createCallIdentifierFromFunctionImp):
2502         * runtime/Executable.cpp:
2503         (JSC::FunctionExecutable::FunctionExecutable):
2504         (JSC::FunctionExecutable::fromGlobalCode):
2505         * runtime/Executable.h:
2506         (JSC::FunctionExecutable::create):
2507         (JSC::FunctionExecutable::inferredName):
2508         (FunctionExecutable):
2509         * runtime/JSFunction.cpp:
2510         (JSC::JSFunction::calculatedDisplayName):
2511         (JSC):
2512         (JSC::getCalculatedDisplayName):
2513         * runtime/JSFunction.h:
2514         (JSC):
2515
2516 2012-02-01  Filip Pizlo  <fpizlo@apple.com>
2517
2518         DFG should fold double-to-int conversions
2519         https://bugs.webkit.org/show_bug.cgi?id=77532
2520
2521         Reviewed by Oliver Hunt.
2522         
2523         Performance neutral on major benchmarks. But it makes calling V8's
2524         Math.random() 4x faster.
2525
2526         * bytecode/CodeBlock.cpp:
2527         (JSC):
2528         (JSC::CodeBlock::addOrFindConstant):
2529         * bytecode/CodeBlock.h:
2530         (JSC::CodeBlock::addConstant):
2531         (CodeBlock):
2532         * dfg/DFGAbstractState.cpp:
2533         (JSC::DFG::AbstractState::execute):
2534         * dfg/DFGByteCodeParser.cpp:
2535         (JSC::DFG::ByteCodeParser::toInt32):
2536         (ByteCodeParser):
2537         (JSC::DFG::ByteCodeParser::getJSConstantForValue):
2538         (JSC::DFG::ByteCodeParser::isInt32Constant):
2539         * dfg/DFGGraph.h:
2540         (JSC::DFG::Graph::addShouldSpeculateInteger):
2541         (Graph):
2542         (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
2543         * dfg/DFGPropagator.cpp:
2544         (JSC::DFG::Propagator::propagateNodePredictions):
2545         (JSC::DFG::Propagator::doRoundOfDoubleVoting):
2546         (JSC::DFG::Propagator::fixupNode):
2547         * dfg/DFGSpeculativeJIT.cpp:
2548         (JSC::DFG::SpeculativeJIT::compileAdd):
2549         (DFG):
2550         (JSC::DFG::SpeculativeJIT::compileArithSub):
2551         * dfg/DFGSpeculativeJIT.h:
2552         (JSC::DFG::SpeculativeJIT::valueOfNumberConstantAsInt32):
2553         (SpeculativeJIT):
2554         * dfg/DFGSpeculativeJIT32_64.cpp:
2555         (JSC::DFG::SpeculativeJIT::compile):
2556         * dfg/DFGSpeculativeJIT64.cpp:
2557         (JSC::DFG::SpeculativeJIT::compile):
2558         * runtime/JSValueInlineMethods.h:
2559         (JSC::JSValue::asDouble):
2560
2561 2012-02-01  Filip Pizlo  <fpizlo@apple.com>
2562
2563         DFG graph dump for GetScopedVar should show the correct prediction
2564         https://bugs.webkit.org/show_bug.cgi?id=77530
2565
2566         Reviewed by Geoff Garen.
2567         
2568         GetScopedVar has a heap prediction, not a variable prediction. But it does
2569         have a variable. Hence we need to check for heap predictions before checking
2570         for variable predictions.
2571
2572         * dfg/DFGGraph.cpp:
2573         (JSC::DFG::Graph::dump):
2574
2575 2012-02-01  Mark Hahnenberg  <mhahnenberg@apple.com>
2576
2577         Replace JSArray destructor with finalizer
2578         https://bugs.webkit.org/show_bug.cgi?id=77488
2579
2580         Reviewed by Geoffrey Garen.
2581
2582         * JavaScriptCore.exp:
2583         * runtime/JSArray.cpp:
2584         (JSC::JSArray::finalize): Added finalizer.
2585         (JSC::JSArray::allocateSparseMap): Factored out code for allocating new sparse maps.
2586         (JSC):
2587         (JSC::JSArray::deallocateSparseMap): Factored out code for deallocating sparse maps.
2588         (JSC::JSArray::enterDictionaryMode): Renamed enterSparseMode to enterDictionaryMode 
2589         because the old name was confusing because we could have a sparse array that never 
2590         called enterSparseMode.
2591         (JSC::JSArray::defineOwnNumericProperty):
2592         (JSC::JSArray::setLengthWritable):
2593         (JSC::JSArray::putByIndexBeyondVectorLength):
2594         (JSC::JSArray::setLength):
2595         (JSC::JSArray::pop):
2596         (JSC::JSArray::sort):
2597         (JSC::JSArray::compactForSorting):
2598         * runtime/JSArray.h:
2599         (JSArray):
2600
2601 2012-02-01  Andy Wingo  <wingo@igalia.com>
2602
2603         Refactor identifier resolution in BytecodeGenerator
2604         https://bugs.webkit.org/show_bug.cgi?id=76285
2605
2606         Reviewed by Geoffrey Garen.
2607
2608         * bytecompiler/BytecodeGenerator.h:
2609         (JSC::ResolveResult): New class, to describe the storage
2610         location corresponding to an identifier in a program.
2611         * bytecompiler/BytecodeGenerator.cpp:
2612         (JSC::BytecodeGenerator::resolve): New function, replacing
2613         findScopedProperty.
2614         (JSC::BytecodeGenerator::resolveConstDecl): New function,
2615         encapsulating what ConstDeclNode::emitBytecode used to do.
2616         (JSC::BytecodeGenerator::emitGetStaticVar):
2617         (JSC::BytecodeGenerator::emitPutStaticVar): New functions,
2618         corresponding to the old emitGetScopedVar and emitPutScopedVar.
2619         (JSC::BytecodeGenerator::registerFor): Remove version that took an
2620         Identifier&; replaced by ResolveResult::local().
2621         (JSC::BytecodeGenerator::emitResolve):
2622         (JSC::BytecodeGenerator::emitResolveBase):
2623         (JSC::BytecodeGenerator::emitResolveBaseForPut):
2624         (JSC::BytecodeGenerator::emitResolveWithBase):
2625         (JSC::BytecodeGenerator::emitResolveWithThis): Change to accept a
2626         "resolveResult" argument.  This is more clear, and reduces the
2627         amount of double analysis happening at compile-time.
2628         * bytecompiler/NodesCodegen.cpp:
2629         (JSC::ResolveNode::emitBytecode):
2630         (JSC::EvalFunctionCallNode::emitBytecode):
2631         (JSC::FunctionCallResolveNode::emitBytecode):
2632         (JSC::PostfixResolveNode::emitBytecode):
2633         (JSC::DeleteResolveNode::emitBytecode):
2634         (JSC::TypeOfResolveNode::emitBytecode):
2635         (JSC::PrefixResolveNode::emitBytecode):
2636         (JSC::ReadModifyResolveNode::emitBytecode):
2637         (JSC::AssignResolveNode::emitBytecode):
2638         (JSC::ConstDeclNode::emitCodeSingle):
2639         (JSC::ForInNode::emitBytecode): Refactor to use the new
2640         ResolveResult structure.
2641
2642 2012-02-01  Csaba Osztrogonác  <ossy@webkit.org>
2643
2644         Implement Error.stack
2645         https://bugs.webkit.org/show_bug.cgi?id=66994
2646
2647         Unreviewed, rolling out r106407.
2648
2649         * JavaScriptCore.exp:
2650         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2651         * interpreter/AbstractPC.cpp:
2652         (JSC::AbstractPC::AbstractPC):
2653         * interpreter/Interpreter.cpp:
2654         (JSC::Interpreter::throwException):
2655         * interpreter/Interpreter.h:
2656         (JSC):
2657         (Interpreter):
2658         * jsc.cpp:
2659         (GlobalObject::finishCreation):
2660         * parser/Parser.h:
2661         (JSC::::parse):
2662         * runtime/CommonIdentifiers.h:
2663         * runtime/Error.cpp:
2664         (JSC::addErrorInfo):
2665         * runtime/Error.h:
2666         (JSC):
2667
2668 2012-01-31  Hajime Morrita  <morrita@chromium.org>
2669
2670         Add missing JS_PRIVATE_EXPORTs
2671         https://bugs.webkit.org/show_bug.cgi?id=77507
2672
2673         Reviewed by Kevin Ollivier.
2674
2675         * heap/MarkedSpace.h:
2676         (MarkedSpace):
2677         * interpreter/Interpreter.h:
2678         (Interpreter):
2679         * runtime/JSValue.h:
2680         (JSValue):
2681         * wtf/text/AtomicString.h:
2682         (WTF::AtomicString::add):
2683         * wtf/text/WTFString.h:
2684         (WTF):
2685
2686 2012-01-31  Geoffrey Garen  <ggaren@apple.com>
2687
2688         Stop using -fomit-frame-pointer
2689         https://bugs.webkit.org/show_bug.cgi?id=77403
2690
2691         Reviewed by Filip Pizlo.
2692         
2693         JavaScriptCore is too fast. I'm just the man to fix it.
2694
2695         * Configurations/JavaScriptCore.xcconfig:
2696
2697 2012-01-31  Michael Saboff  <msaboff@apple.com>
2698
2699         StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase
2700         https://bugs.webkit.org/show_bug.cgi?id=76647
2701
2702         Reviewed by Darin Adler.
2703
2704         Changed stringProtoFuncToUpperCase to call StringImpl::upper() in a manor similar
2705         to stringProtoFuncToLowerCase().  Fixed StringImpl::upper() to handle to special
2706         cases.  One case is s-sharp (0xdf) which converts to "SS".  The other case is 
2707         for characters which become 16 bit values when converted to upper case.  For
2708         those, we up convert the the source string and use the 16 bit path.
2709
2710         * runtime/StringPrototype.cpp:
2711         (JSC::stringProtoFuncToUpperCase):
2712         * wtf/text/StringImpl.cpp:
2713         (WTF::StringImpl::upper):
2714         * wtf/unicode/CharacterNames.h:
2715         (smallLetterSharpS): New constant
2716
2717 2012-01-31  Oliver Hunt  <oliver@apple.com>
2718
2719         Remove unneeded sourceId property
2720         https://bugs.webkit.org/show_bug.cgi?id=77495
2721
2722         Reviewed by Filip Pizlo.
2723
2724         sourceId isn't used anymore, so we'll just remove it.
2725
2726         * runtime/Error.cpp:
2727         (JSC):
2728         (JSC::addErrorInfo):
2729         (JSC::hasErrorInfo):
2730
2731 2012-01-31  Oliver Hunt  <oliver@apple.com>
2732
2733         Implement Error.stack
2734         https://bugs.webkit.org/show_bug.cgi?id=66994
2735
2736         Reviewed by Gavin Barraclough.
2737
2738         Original patch by Juan Carlos Montemayor Elosua:
2739             This patch utilizes topCallFrame to create a stack trace when
2740             an error is thrown. Users will also be able to use the stack()
2741             command in jsc to get arrays with stack trace information.
2742
2743         Modified to be correct on ToT, with a variety of correctness,
2744         performance, and security improvements.
2745
2746         * JavaScriptCore.exp:
2747         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2748         * interpreter/Interpreter.cpp:
2749         (JSC::getCallerLine):
2750         (JSC::getSourceURLFromCallFrame):
2751         (JSC::getStackFrameCodeType):
2752         (JSC::Interpreter::getStackTrace):
2753         (JSC::Interpreter::throwException):
2754         * interpreter/Interpreter.h:
2755         (JSC::StackFrame::toString):
2756         * jsc.cpp:
2757         (GlobalObject::finishCreation):
2758         (functionJSCStack):
2759         * parser/Parser.h:
2760         (JSC::Parser::parse):
2761         * runtime/CommonIdentifiers.h:
2762         * runtime/Error.cpp:
2763         (JSC::addErrorInfo):
2764         * runtime/Error.h:
2765
2766 2012-01-31  Scott Graham  <scottmg@chromium.org>
2767
2768         [Chromium] Remove references to gyp cygwin build target
2769         https://bugs.webkit.org/show_bug.cgi?id=77253
2770
2771         Reviewed by Julien Chaffraix.
2772
2773         Target dependency is no longer required, it's done earlier in the
2774         build process.
2775
2776         * JavaScriptCore.gyp/JavaScriptCore.gyp:
2777
2778 2012-01-31  Michael Saboff  <msaboff@apple.com>
2779
2780         ASSERT(m_jumpsToLink.isEmpty()) failing in ARMv7Assembler dtor
2781         https://bugs.webkit.org/show_bug.cgi?id=77443
2782
2783         Reviewed by Gavin Barraclough.
2784
2785         Removed failing ASSERT() and thus destructor.  The ASSERT isn't needed.
2786         We are hitting it in the YARR JIT case where we bail out and go to the
2787         interpreter with a partially JIT'ed function.  Since we haven't linked
2788         the JIT'ed code, there is likely to be some unresolved jumps in the vector
2789         when the ARMv7Assembler destructor is called.  For the case where we
2790         complete the JIT process, we clear the vector at the end of
2791         LinkBuffer::linkCode (LinkBuffer.h:292).
2792
2793         * assembler/ARMv7Assembler.h:
2794         (ARMv7Assembler):
2795
2796 2012-01-31  Anders Carlsson  <andersca@apple.com>
2797
2798         Vector<T>::operator== shouldn't require T to have operator!=
2799         https://bugs.webkit.org/show_bug.cgi?id=77448
2800
2801         Reviewed by Andreas Kling.
2802
2803         Change VectorComparer::compare to use !(a == b) instead of a != b since
2804         it makes more sense for Vector::operator== to use the element's operator==.
2805
2806         * wtf/Vector.h:
2807
2808 2012-01-30  Oliver Hunt  <oliver@apple.com>
2809
2810         get_by_val_arguments is broken in the interpreter
2811         https://bugs.webkit.org/show_bug.cgi?id=77389
2812
2813         Reviewed by Gavin Barraclough.
2814
2815         When get_by_val had wad a value profile added, the same slot was not added to
2816         get_by_val_arguments.  This broke the interpreter as the interpreter falls
2817         back on its regular get_by_val implementation.
2818
2819         No tests are added as the interpreter is fairly broken in its
2820         current state (multiple tests fail due to this bug).
2821
2822         * bytecode/CodeBlock.cpp:
2823         (JSC::CodeBlock::dump):
2824         * bytecode/Opcode.h:
2825         (JSC):
2826         ():
2827         * bytecompiler/BytecodeGenerator.cpp:
2828         (JSC::BytecodeGenerator::emitGetArgumentByVal):
2829
2830 2012-01-30  Oliver Hunt  <oliver@apple.com>
2831
2832         Unexpected syntax error
2833         https://bugs.webkit.org/show_bug.cgi?id=77340
2834
2835         Reviewed by Gavin Barraclough.
2836
2837         Function calls and new expressions have the same semantics for
2838         assignment, so should simply share their lhs handling.
2839
2840         * parser/Parser.cpp:
2841         (JSC::::parseMemberExpression):
2842
2843 2012-01-30  Gavin Barraclough  <barraclough@apple.com>
2844
2845         Unreviewed ARMv7 build fix.
2846
2847         * tools/CodeProfiling.cpp:
2848         (JSC):
2849         (JSC::setProfileTimer):
2850         (JSC::CodeProfiling::begin):
2851         (JSC::CodeProfiling::end):
2852
2853 2012-01-30  David Levin  <levin@chromium.org>
2854
2855         Using OS(WIN) or OS(MAC) should cause a build error.
2856         https://bugs.webkit.org/show_bug.cgi?id=77162
2857
2858         Reviewed by Darin Adler.
2859
2860         * wtf/Platform.h: Expand them into something that will
2861          cause a compile error.
2862
2863 2012-01-30  Yong Li  <yoli@rim.com>
2864
2865         [BlackBerry] OS(QNX) also has TM_GMTOFF, TM_ZONE, and TIMEGM
2866         https://bugs.webkit.org/show_bug.cgi?id=77360
2867
2868         Reviewed by Rob Buis.
2869
2870         Turn on HAVE(TM_GMTOFF), HAVE(TM_ZONE), and HAVE(TIMEGM)
2871         for OS(QNX).
2872
2873         * wtf/Platform.h:
2874
2875 2012-01-30  Gavin Barraclough  <barraclough@apple.com>
2876
2877         Speculative Windows build fix.
2878
2879         * assembler/MacroAssemblerCodeRef.h:
2880         (FunctionPtr):
2881
2882 2012-01-30  Gavin Barraclough  <barraclough@apple.com>
2883
2884         https://bugs.webkit.org/show_bug.cgi?id=77163
2885         MacroAssemblerCodeRef.h uses OS(WIN) instead of OS(WINDOWS)
2886
2887         Rubber stamped by Geoff Garen
2888
2889         * assembler/MacroAssemblerCodeRef.h:
2890
2891 2012-01-30  Gavin Barraclough  <barraclough@apple.com>
2892
2893         Unreviewed build fix for interpreter builds.
2894
2895         * bytecode/CodeBlock.cpp:
2896         (JSC::CodeBlock::CodeBlock):
2897         * bytecode/CodeBlock.h:
2898         (CodeBlock):
2899         * interpreter/Interpreter.cpp:
2900         (JSC::Interpreter::privateExecute):
2901         * tools/CodeProfile.cpp:
2902         (JSC::CodeProfile::sample):
2903
2904 2012-01-30  Gavin Barraclough  <barraclough@apple.com>
2905
2906         Unreviewed build fix following bug#76855
2907
2908         * JavaScriptCore.exp:
2909
2910 2012-01-30  Michael Saboff  <msaboff@apple.com>
2911
2912         CaseFoldingHash::hash() doesn't handle 8 bit strings directly
2913         https://bugs.webkit.org/show_bug.cgi?id=76652
2914
2915         Reviewed by Andreas Kling.
2916
2917         * wtf/text/StringHash.h:
2918         (WTF::CaseFoldingHash::hash): Added 8 bit string code path.
2919
2920 2012-01-30  Michael Saboff  <msaboff@apple.com>
2921
2922         stringProtoFuncReplace converts 8 bit strings to 16 bit during replacement
2923         https://bugs.webkit.org/show_bug.cgi?id=76651
2924
2925         Reviewed by Geoffrey Garen.
2926
2927         Made local function substituteBackreferencesSlow a template function
2928         based on character width.  Cleaned up getCharacters() in both UString
2929         and StringImpl.  Changed getCharacters<UChar> to up convert an 8 bit
2930         string to 16 bits if necessary.
2931
2932         * runtime/StringPrototype.cpp:
2933         (JSC::substituteBackreferencesSlow):
2934         (JSC::substituteBackreferences):
2935         * runtime/UString.h:
2936         (JSC::LChar):
2937         (JSC::UChar):
2938         * wtf/text/StringImpl.h:
2939         (WTF::UChar):
2940
2941 2012-01-30  Gavin Barraclough  <barraclough@apple.com>
2942
2943         Clean up putDirect
2944         https://bugs.webkit.org/show_bug.cgi?id=76232
2945
2946         Reviewed by Sam Weinig.
2947
2948         Part 3 - merge op_put_getter & op_put_setter.
2949
2950         Putting these separately is inefficient (and makes future optimiation,
2951         e.g. making GetterSetter immutable) harder. Change to emit a single
2952         op_put_getter_setter bytecode op. Ultimately we should probably be
2953         able to merge this with put direct, to create a common op to initialize
2954         object literal properties.
2955
2956         * bytecode/CodeBlock.cpp:
2957         (JSC::CodeBlock::dump):
2958         * bytecode/Opcode.h:
2959         (JSC):
2960         ():
2961         * bytecompiler/BytecodeGenerator.cpp:
2962         (JSC::BytecodeGenerator::emitPutGetterSetter):
2963         * bytecompiler/BytecodeGenerator.h:
2964         (BytecodeGenerator):
2965         * bytecompiler/NodesCodegen.cpp:
2966         (JSC::PropertyListNode::emitBytecode):
2967         * interpreter/Interpreter.cpp:
2968         (JSC::Interpreter::privateExecute):
2969         * jit/JIT.cpp:
2970         (JSC::JIT::privateCompileMainPass):
2971         * jit/JIT.h:
2972         (JIT):
2973         * jit/JITPropertyAccess.cpp:
2974         (JSC::JIT::emit_op_put_getter_setter):
2975         * jit/JITPropertyAccess32_64.cpp:
2976         (JSC::JIT::emit_op_put_getter_setter):
2977         * jit/JITStubs.cpp:
2978         (JSC::DEFINE_STUB_FUNCTION):
2979         * jit/JITStubs.h:
2980         ():
2981         * runtime/JSObject.cpp:
2982         (JSC::JSObject::putDirectVirtual):
2983         (JSC::JSObject::putDirectAccessor):
2984         (JSC):
2985         (JSC::putDescriptor):
2986         (JSC::JSObject::defineOwnProperty):
2987         * runtime/JSObject.h:
2988         ():
2989         (JSC::JSObject::putDirectInternal):
2990         (JSC::JSObject::putDirect):
2991         (JSC::JSObject::putDirectWithoutTransition):
2992
2993 2012-01-30  Michael Saboff  <msaboff@apple.com>
2994
2995         Dromaeo tests call parseSimpleLengthValue() on 8 bit strings
2996         https://bugs.webkit.org/show_bug.cgi?id=76649
2997
2998         Reviewed by Geoffrey Garen.
2999
3000         * JavaScriptCore.exp: Added export for charactersToDouble.
3001
3002 2012-01-30  Michael Saboff  <msaboff@apple.com>
3003
3004         WebCore decodeEscapeSequences unnecessarily converts 8 bit strings to 16 bit when decoding.
3005         https://bugs.webkit.org/show_bug.cgi?id=76648
3006
3007         Reviewed by Geoffrey Garen.
3008
3009         Added a new overloaded append member that takes a String& argument, an offest
3010         and a length to do direct sub string appending to a StringBuilder.
3011
3012         * wtf/text/StringBuilder.h:
3013         (WTF::StringBuilder::append):
3014
3015 2012-01-29  Zoltan Herczeg  <zherczeg@webkit.org>
3016
3017         Custom written CSS lexer
3018         https://bugs.webkit.org/show_bug.cgi?id=70107
3019
3020         Reviewed by Antti Koivisto and Oliver Hunt.
3021
3022         Add new helper functions for the custom written CSS lexer.
3023
3024         * wtf/ASCIICType.h:
3025         (WTF::toASCIILowerUnchecked):
3026         (WTF):
3027         (WTF::isASCIIAlphaCaselessEqual):
3028
3029 2012-01-29  Filip Pizlo  <fpizlo@apple.com>
3030
3031         REGRESSION (r105576-r105582): Web Inspector Crash in JSC::JSValue::toString(JSC::ExecState*) const
3032         https://bugs.webkit.org/show_bug.cgi?id=77146
3033         <rdar://problem/10770586>
3034
3035         Reviewed by Oliver Hunt.
3036         
3037         The old JIT expects that the result of the last operation is in the lastResultRegister.  The DFG JIT is
3038         designed to correctly track the lastResultRegister by looking at SetLocal nodes.  However, when the DFG
3039         JIT inlines a code block, it forgets that the inlined code block's result would have been placed in the
3040         lastResultRegister.  Hence if we OSR exit on the first node following the end of an inlined code block
3041         that had a return value, and that first node uses the return value, the old JIT will get massively
3042         confused.  This patch takes a surgical approach: instead of making the DFG smarter, it makes the old
3043         JIT slightly dumber.
3044
3045         * jit/JITCall.cpp:
3046         (JSC::JIT::emit_op_call_put_result):
3047
3048 2012-01-29  Filip Pizlo  <fpizlo@apple.com>
3049
3050         Build fix for Mac non-x64 platforms.
3051
3052         * tools/CodeProfiling.cpp:
3053         (JSC):
3054
3055 2012-01-28  Gavin Barraclough  <barraclough@apple.com>
3056
3057         Reserve 'let'
3058         https://bugs.webkit.org/show_bug.cgi?id=77293
3059
3060         Rubber stamped by Oliver Hunt.
3061
3062         'let' may become a keyword in ES6.  We're going to try experimentally reserving it,
3063         to see if this breaks the web.
3064
3065         * parser/Keywords.table:
3066
3067 2012-01-27  Gavin Barraclough  <barraclough@apple.com>
3068
3069         Implement a JIT-code aware sampling profiler for JSC
3070         https://bugs.webkit.org/show_bug.cgi?id=76855
3071
3072         Reviewed by Oliver Hunt.
3073
3074         To enable the profiler, set the JSC_CODE_PROFILING environment variable to
3075         1 (no tracing the C stack), 2 (trace one level of C code) or 3 (recursively
3076         trace all samples).
3077
3078         The profiler requires -fomit-frame-pointer to be removed from the build flags.
3079
3080         * JavaScriptCore.exp:
3081             - Removed an export.
3082         * JavaScriptCore.xcodeproj/project.pbxproj:
3083             - Added new files
3084         * bytecode/CodeBlock.cpp:
3085             - For baseline codeblocks, cache the result of canCompileWithDFG.
3086         * bytecode/CodeBlock.h:
3087             - For baseline codeblocks, cache the result of canCompileWithDFG.
3088         * jit/ExecutableAllocator.cpp:
3089         (JSC::ExecutableAllocator::initializeAllocator):
3090             - Notify the profiler when the allocator is created.
3091         (JSC::ExecutableAllocator::allocate):
3092             - Inform the allocated of the ownerUID.
3093         * jit/ExecutableAllocatorFixedVMPool.cpp:
3094         (JSC::ExecutableAllocator::initializeAllocator):
3095             - Notify the profiler when the allocator is created.
3096         (JSC::ExecutableAllocator::allocate):
3097             - Inform the allocated of the ownerUID.
3098         * jit/JITStubs.cpp:
3099             - If profiling, don't mask the return address in JIT code.
3100               (We do so to provide nicer backtraces in debug builds).
3101         * runtime/Completion.cpp:
3102         (JSC::evaluate):
3103             - Notify the profiler of script evaluations.
3104         * tools: Added.
3105         * tools/CodeProfile.cpp: Added.
3106         (JSC::symbolName):
3107             - Helper function to get the name of a symbol in the framework.
3108         (JSC::truncateTrace):
3109             - Helper to truncate traces into methods know to have uninformatively deep stacks.
3110         (JSC::CodeProfile::sample):
3111             - Record a stack trace classifying samples.
3112         (JSC::CodeProfile::report):
3113             - {Print profiler output.
3114         * tools/CodeProfile.h: Added.
3115             - new class, captures a set of samples associated with an evaluated script,
3116               and nested to record samples from subscripts.
3117         * tools/CodeProfiling.cpp: Added.
3118         (JSC::CodeProfiling::profilingTimer):
3119             - callback fired then a timer event occurs.
3120         (JSC::CodeProfiling::notifyAllocator):
3121             - called when the executable allocator is constructed.
3122         (JSC::CodeProfiling::getOwnerUIDForPC):
3123             - helper to lookup the codeblock from an address in JIT code
3124         (JSC::CodeProfiling::begin):
3125             - enter a profiling scope.
3126         (JSC::CodeProfiling::end):
3127             - exit a profiling scope.
3128         * tools/CodeProfiling.h: Added.
3129             - new class, instantialed from Completion to define a profiling scope.
3130         * tools/ProfileTreeNode.h: Added.
3131             - new class, used to construct a tree of samples.
3132         * tools/TieredMMapArray.h: Added.
3133             - new class, a malloc-free vector (can be used while the main thread is suspended,
3134               possibly holding the malloc heap lock).
3135         * wtf/MetaAllocator.cpp:
3136         (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
3137         (WTF::MetaAllocator::allocate):
3138             - Allow allocation handles to track information about their owner.
3139         * wtf/MetaAllocator.h:
3140         (MetaAllocator):
3141             - Allow allocation handles to track information about their owner.
3142         * wtf/MetaAllocatorHandle.h:
3143         (MetaAllocatorHandle):
3144         (WTF::MetaAllocatorHandle::ownerUID):
3145             - Allow allocation handles to track information about their owner.
3146         * wtf/OSAllocator.h:
3147         (WTF::OSAllocator::reallocateCommitted):
3148             - reallocate an existing, committed memory allocation.
3149
3150 2012-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>
3151
3152         Unreviewed, rolling out r106187.
3153         http://trac.webkit.org/changeset/106187
3154         https://bugs.webkit.org/show_bug.cgi?id=77276
3155
3156         The last rollout was a false charge. (Requested by morrita on
3157         #webkit).
3158
3159         * runtime/ExceptionHelpers.h:
3160         (InterruptedExecutionError):
3161         * runtime/JSBoundFunction.h:
3162         (JSBoundFunction):
3163         * runtime/RegExp.h:
3164         (RegExp):
3165         * runtime/RegExpMatchesArray.h:
3166         (RegExpMatchesArray):
3167
3168 2012-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>
3169
3170         Unreviewed, rolling out r106151.
3171         http://trac.webkit.org/changeset/106151
3172         https://bugs.webkit.org/show_bug.cgi?id=77275
3173
3174         may break windows build (Requested by morrita on #webkit).
3175
3176         * runtime/ExceptionHelpers.h:
3177         (InterruptedExecutionError):
3178         * runtime/JSBoundFunction.h:
3179         (JSBoundFunction):
3180         * runtime/RegExp.h:
3181         (RegExp):
3182         * runtime/RegExpMatchesArray.h:
3183         (RegExpMatchesArray):
3184
3185 2012-01-28  Filip Pizlo  <fpizlo@apple.com>
3186
3187         GC invoked while doing an old JIT property storage reallocation may lead
3188         to an object that refers to a dead structure
3189         https://bugs.webkit.org/show_bug.cgi?id=77273
3190         <rdar://problem/10770565>
3191
3192         Reviewed by Gavin Barraclough.
3193         
3194         The put_by_id transition was already saving the old structure by virtue of
3195         having the object on the stack, so that wasn't going to get deleted. But the
3196         new structure was unprotected in the transition. I've now changed the
3197         transition code to save the new structure, ensuring that the GC will know it
3198         to be marked if invoked from within put_by_id_transition_realloc.
3199
3200         * jit/JITPropertyAccess.cpp:
3201         (JSC::JIT::privateCompilePutByIdTransition):
3202         * jit/JITPropertyAccess32_64.cpp:
3203         (JSC::JIT::privateCompilePutByIdTransition):
3204         * jit/JITStubs.cpp:
3205         (JSC::DEFINE_STUB_FUNCTION):
3206         * jit/JITStubs.h:
3207         (JSC):
3208         ():
3209
3210 2012-01-27  Sheriff Bot  <webkit.review.bot@gmail.com>
3211
3212         Unreviewed, rolling out r106167.
3213         http://trac.webkit.org/changeset/106167
3214         https://bugs.webkit.org/show_bug.cgi?id=77264
3215
3216         broke LayoutTests/fast/js/string-capitalization.html
3217         (Requested by msaboff on #webkit).
3218
3219         * runtime/StringPrototype.cpp:
3220         (JSC::stringProtoFuncToLowerCase):
3221         (JSC::stringProtoFuncToUpperCase):
3222         * wtf/text/StringImpl.cpp:
3223         (WTF::StringImpl::upper):
3224
3225 2012-01-27  Filip Pizlo  <fpizlo@apple.com>
3226
3227         Build fix for interpreter platforms.
3228
3229         * interpreter/AbstractPC.cpp:
3230         (JSC::AbstractPC::AbstractPC):
3231
3232 2012-01-27  Michael Saboff  <msaboff@apple.com>
3233
3234         StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase
3235         https://bugs.webkit.org/show_bug.cgi?id=76647
3236
3237         Reviewed by Geoffrey Garen.
3238
3239         Changed stringProtoFuncToUpperCase to call StringImpl::upper() is a manor similar
3240         to stringProtoFuncToLowerCase().  Fixed StringImpl::upper() to handle the two
3241         8 bit characters that when converted to upper case become 16 bit characters.
3242
3243         * runtime/StringPrototype.cpp:
3244         (JSC::stringProtoFuncToLowerCase): Removed extra trailing whitespace.
3245         (JSC::stringProtoFuncToUpperCase):
3246         * wtf/text/StringImpl.cpp:
3247         (WTF::StringImpl::upper):
3248
3249 2012-01-27  Hajime Morita  <morrita@google.com>
3250
3251         [JSC] ThunkGenerators.cpp should hide its asm-defined symbols
3252         https://bugs.webkit.org/show_bug.cgi?id=77244
3253
3254         Reviewed by Filip Pizlo.
3255
3256         * jit/ThunkGenerators.cpp: Added HIDE_SYMBOLS()
3257         * wtf/InlineASM.h: Moved some duplicated macros from ThunkGenerators.cpp
3258
3259 2012-01-27  Simon Hausmann  <simon.hausmann@nokia.com>
3260
3261         [JSC] Asm-originated symbols should be marked as hidden
3262         https://bugs.webkit.org/show_bug.cgi?id=77150
3263
3264         Reviewed by Filip Pizlo.
3265
3266         * dfg/DFGOperations.cpp: The HIDE_SYMBOLS macros were present in the CPU(ARM) preprocessor branches,
3267         but they were missing in the CPU(X86) and the CPU(X86_64) cases.
3268
3269 2012-01-27  MORITA Hajime  <morrita@google.com>
3270
3271         [JSC] Some JS_EXPORTDATA may not be necessary.
3272         https://bugs.webkit.org/show_bug.cgi?id=77145
3273
3274         Reviewed by Darin Adler.
3275
3276         Removed JS_EXPORTDATA attributes whose attributing symbols are
3277         not exported on Mac port.
3278         
3279         * runtime/ExceptionHelpers.h:
3280         (InterruptedExecutionError):
3281         * runtime/JSBoundFunction.h:
3282         (JSBoundFunction):
3283         * runtime/RegExp.h:
3284         (RegExp):
3285         * runtime/RegExpMatchesArray.h:
3286         (RegExpMatchesArray):
3287
3288 2012-01-27  MORITA Hajime  <morrita@google.com>
3289
3290         [WTF] WTFString.h has some extra JS_EXPORT_PRIVATEs
3291         https://bugs.webkit.org/show_bug.cgi?id=77113
3292
3293         Reviewed by Darin Adler.
3294
3295         * wtf/text/WTFString.h: Removed some WTF_EXPORT_PRIVATE attributes which we don't need to export.
3296
3297 2012-01-27  Zeno Albisser  <zeno@webkit.org>
3298
3299         [Qt][Mac] Build fails after adding ICU support (r105997).
3300         https://bugs.webkit.org/show_bug.cgi?id=77118
3301
3302         Use Apple code path for unicode date formats on mac.
3303
3304         Reviewed by Tor Arne Vestbø.
3305
3306         * runtime/DatePrototype.cpp:
3307         ():
3308
3309 2012-01-27  Carlos Garcia Campos  <cgarcia@igalia.com>
3310
3311         [GTK] Add a GKeyFile especialization to GOwnPtr
3312         https://bugs.webkit.org/show_bug.cgi?id=77191
3313
3314         Reviewed by Martin Robinson.
3315
3316         * wtf/gobject/GOwnPtr.cpp:
3317         (WTF::GKeyFile): Implement freeOwnedGPtr for GKeyFile.
3318         * wtf/gobject/GOwnPtr.h: Add GKeyFile template.
3319         * wtf/gobject/GTypedefs.h: Add forward declaration for GKeyFile.
3320
3321 2012-01-25  Yury Semikhatsky  <yurys@chromium.org>
3322
3323         Web Inspector: should be possible to open function declaration from script popover
3324         https://bugs.webkit.org/show_bug.cgi?id=76913
3325
3326         Added display function name and source location to the popover in scripts panel.
3327         Now when a function is hovered user can navigate to its definition.
3328
3329         Reviewed by Pavel Feldman.
3330
3331         * JavaScriptCore/JavaScriptCore.exp
3332         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3333         * runtime/JSFunction.h:
3334         (JSFunction):
3335
3336 2012-01-26  Kevin Ollivier  <kevino@theolliviers.com>
3337
3338         [wx] Unreviewed. Build fix, wx uses the Mac ICU headers so we must match Mac behavior.
3339         
3340         * runtime/DatePrototype.cpp:
3341         ():
3342
3343 2012-01-26  Mark Hahnenberg  <mhahnenberg@apple.com>
3344
3345         Merge AllocationSpace into MarkedSpace
3346         https://bugs.webkit.org/show_bug.cgi?id=77116
3347
3348         Reviewed by Geoffrey Garen.
3349
3350         Merging AllocationSpace and MarkedSpace in preparation for future refactoring/enhancement to 
3351         MarkedSpace allocation.
3352
3353         * CMakeLists.txt:
3354         * GNUmakefile.list.am:
3355         * JavaScriptCore.exp:
3356         * JavaScriptCore.gypi:
3357         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3358         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3359         * JavaScriptCore.xcodeproj/project.pbxproj:
3360         * Target.pri:
3361         * heap/AllocationSpace.cpp: Removed.
3362         * heap/AllocationSpace.h: Removed.
3363         * heap/BumpSpace.h:
3364         (BumpSpace):
3365         * heap/Heap.h:
3366         (JSC::Heap::objectSpace):
3367         (Heap):
3368         ():
3369         * heap/HeapBlock.h:
3370         ():
3371         * heap/MarkedSpace.cpp:
3372         (JSC::MarkedSpace::tryAllocateHelper):
3373         (JSC):
3374         (JSC::MarkedSpace::tryAllocate):
3375         (JSC::MarkedSpace::allocateSlowCase):
3376         (JSC::MarkedSpace::allocateBlock):
3377         (JSC::MarkedSpace::freeBlocks):
3378         (TakeIfUnmarked):
3379         (JSC::TakeIfUnmarked::TakeIfUnmarked):
3380         (JSC::TakeIfUnmarked::operator()):
3381         (JSC::TakeIfUnmarked::returnValue):
3382         (JSC::MarkedSpace::shrink):
3383         (GatherDirtyCells):
3384         (JSC::GatherDirtyCells::returnValue):
3385         (JSC::GatherDirtyCells::GatherDirtyCells):
3386         (JSC::GatherDirtyCells::operator()):
3387         (JSC::MarkedSpace::gatherDirtyCells):
3388         * heap/MarkedSpace.h:
3389         (MarkedSpace):
3390         (JSC::MarkedSpace::blocks):
3391         (JSC::MarkedSpace::forEachCell):
3392         (JSC):
3393         (JSC::MarkedSpace::allocate):
3394
3395 2012-01-26  Oliver Hunt  <oliver@apple.com>
3396
3397         MSVC bug fix.
3398         <rdar://problem/10703671> MSVC generates bad code for enum compare.
3399
3400         RS=Geoff
3401
3402         Make bitfield large enough to work around MSVC's desire to make enums
3403         signed types.
3404
3405         * bytecode/CallLinkInfo.h:
3406         (CallLinkInfo):
3407
3408 2012-01-26  Filip Pizlo  <fpizlo@apple.com>
3409
3410         All DFG helpers that may call out to arbitrary JS code must know where they
3411         were called from due to inlining and call stack walking
3412         https://bugs.webkit.org/show_bug.cgi?id=77070
3413         <rdar://problem/10750834>
3414
3415         Reviewed by Geoff Garen.
3416         
3417         Changed the DFG to always record a code origin index in the tag of the argument
3418         count (which we previously left blank for the benefit of LLInt, but is still
3419         otherwise unused by the DFG), so that if we ever need to walk the stack accurately
3420         we know where to start. In particular, if the current ExecState* points several
3421         semantic call frames away from the true semantic call frame because we had
3422         performed inlining, having the code origin index recorded means that we can reify
3423         those call frames as necessary to give runtime/library code an accurate view of
3424         the current JS state.
3425         
3426         This required several large but mechanical changes:
3427         
3428         - Calling a function from the DFG now plants a store32 instruction to store the
3429           code origin index. But the indices of code origins were previously picked by
3430           the DFG::JITCompiler after code generation completed. I changed this somewhat;
3431           even though the code origins are put into the CodeBlock after code gen, the
3432           code gen now knows a priori what their indices will be. Extensive assertions
3433           are in place to ensure that the two don't get out of sync, in the form of the
3434           DFG::CallBeginToken. Note that this mechanism has almost no effect on JS calls;
3435           those don't need the code origin index set in the call frame because we can get
3436           it by doing a binary search on the return PC.
3437
3438         - Stack walking now always calls trueCallFrame() first before beginning the walk,
3439           since even the top call frame may be wrong. It still calls trueCallerFrame() as
3440           before to get to the next frame, though trueCallerFrame() is now mostly a
3441           wrapper around callerFrame()->trueCallFrame().
3442           
3443         - Because the mechanism for getting the code origin of a call frame is bimodal
3444           (either the call frame knows its code origin because the code origin index was
3445           set, or it's necessary to use the callee frame's return PC), I put in extra
3446           mechanisms to determine whether your caller, or your callee, corresponds to
3447           a call out of C++ code. Previously we just had the host call flag, but this is
3448           insufficient as it does not cover the case of someone calling JSC::call(). But
3449           luckily we can determine this just by looking at the return PC: if the return
3450           PC is in range of the ctiTrampiline, then two things are true: this call
3451           frame's PC will tell you nothing about where you came from in your caller, and
3452           the caller already knows where it's at because it must have set the code origin
3453           index (unless it's not DFG code, in which case we don't care because there is
3454           no inlining to worry about).
3455           
3456         - During testing this revealed a simple off-by-one goof in DFG::ByteCodeParser's
3457           inlining code, so I fixed it.
3458
3459         - Finally because I was tired of doing random #if's for checking if I should be
3460           passing around an Instruction* or a ReturnAddressPtr, I created a class called
3461           AbstractPC that holds whatever notion of a PC is appropriate for the current
3462           execution environment. It's designed to work gracefully even if both the
3463           interpreter and the JIT are compiled in, and should integrate nicely with the
3464           LLInt.
3465           
3466         This is neutral on all benchmarks and fixes some nasty corner-case regressions of
3467         evil code that uses combinations of getters/setters and function.arguments.
3468
3469         * CMakeLists.txt:
3470         * GNUmakefile.list.am:
3471         * JavaScriptCore.exp:
3472         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3473         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3474         * JavaScriptCore.xcodeproj/project.pbxproj:
3475         * Target.pri:
3476         * bytecode/CodeBlock.h:
3477         (JSC::CodeBlock::codeOrigin):
3478         (CodeBlock):
3479         * dfg/DFGByteCodeParser.cpp:
3480         (JSC::DFG::ByteCodeParser::handleInlining):
3481         * dfg/DFGJITCompiler.cpp:
3482         (JSC::DFG::JITCompiler::link):
3483         * dfg/DFGJITCompiler.h:
3484         (CallBeginToken):
3485         (JSC::DFG::CallBeginToken::CallBeginToken):
3486         (JSC::DFG::CallBeginToken::assertCodeOriginIndex):
3487         (JSC::DFG::CallBeginToken::assertNoCodeOriginIndex):
3488         (DFG):
3489         (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
3490         (CallExceptionRecord):
3491         (JSC::DFG::JITCompiler::JITCompiler):
3492         (JITCompiler):
3493         (JSC::DFG::JITCompiler::nextCallBeginToken):
3494         (JSC::DFG::JITCompiler::beginCall):
3495         (JSC::DFG::JITCompiler::notifyCall):
3496         (JSC::DFG::JITCompiler::addExceptionCheck):
3497         (JSC::DFG::JITCompiler::addFastExceptionCheck):
3498         * dfg/DFGOperations.cpp:
3499         ():
3500         * dfg/DFGRepatch.cpp:
3501         (JSC::DFG::tryBuildGetByIDList):
3502         * dfg/DFGSpeculativeJIT.h:
3503         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
3504         * dfg/DFGSpeculativeJIT32_64.cpp:
3505         (JSC::DFG::SpeculativeJIT::emitCall):
3506         * dfg/DFGSpeculativeJIT64.cpp:
3507         (JSC::DFG::SpeculativeJIT::emitCall):
3508         * interpreter/AbstractPC.cpp: Added.
3509         (JSC):
3510         (JSC::AbstractPC::AbstractPC):
3511         * interpreter/AbstractPC.h: Added.
3512         (JSC):
3513         (AbstractPC):
3514         (JSC::AbstractPC::AbstractPC):
3515         (JSC::AbstractPC::hasJITReturnAddress):
3516         (JSC::AbstractPC::jitReturnAddress):
3517         (JSC::AbstractPC::hasInterpreterReturnAddress):
3518         (JSC::AbstractPC::interpreterReturnAddress):
3519         (JSC::AbstractPC::isSet):
3520         (JSC::AbstractPC::operator!):
3521         ():
3522         * interpreter/CallFrame.cpp:
3523         (JSC):
3524         (JSC::CallFrame::trueCallFrame):
3525         (JSC::CallFrame::trueCallerFrame):
3526         * interpreter/CallFrame.h:
3527         (JSC::ExecState::abstractReturnPC):
3528         (JSC::ExecState::codeOriginIndexForDFGWithInlining):
3529         (ExecState):
3530         (JSC::ExecState::trueCallFrame):
3531         (JSC::ExecState::trueCallFrameFromVMCode):
3532         * interpreter/Interpreter.cpp:
3533         (JSC::Interpreter::retrieveArgumentsFromVMCode):
3534         (JSC::Interpreter::retrieveCallerFromVMCode):
3535         (JSC::Interpreter::findFunctionCallFrameFromVMCode):
3536         * interpreter/Interpreter.h:
3537         (Interpreter):
3538         ():
3539         * jit/JITStubs.cpp:
3540         (JSC):
3541         ():
3542         * jit/JITStubs.h:
3543         (JSC):
3544         (JSC::returnAddressIsInCtiTrampoline):
3545         * runtime/JSFunction.cpp:
3546         (JSC::JSFunction::argumentsGetter):
3547         (JSC::JSFunction::callerGetter):
3548         (JSC::JSFunction::getOwnPropertyDescriptor):
3549
3550 2012-01-26  Peter Varga  <pvarga@webkit.org>
3551
3552         Fix build when VERBOSE_SPECULATION_FAILURE is enabled in DFG
3553         https://bugs.webkit.org/show_bug.cgi?id=77104
3554
3555         Reviewed by Filip Pizlo.
3556
3557         * dfg/DFGOperations.cpp:
3558         ():
3559
3560 2012-01-26  Michael Saboff  <msaboff@apple.com>
3561
3562         String::latin1() should take advantage of 8 bit strings
3563         https://bugs.webkit.org/show_bug.cgi?id=76646
3564
3565         Reviewed by Geoffrey Garen.
3566
3567         * wtf/text/WTFString.cpp:
3568         (WTF::String::latin1): For 8 bit strings, use existing buffer
3569         without conversion.
3570
3571 2012-01-26  Michael Saboff  <msaboff@apple.com>
3572
3573         Dromaeo tests usage of StringImpl find routines cause 8->16 bit conversions
3574         https://bugs.webkit.org/show_bug.cgi?id=76645
3575
3576         Reviewed by Geoffrey Garen.
3577
3578         * wtf/text/StringImpl.cpp:
3579         (WTF::equalIgnoringCase): New LChar version.
3580         (WTF::findInner): New helper function.
3581         (WTF::StringImpl::find): Added 8 bit path.
3582         (WTF::reverseFindInner): New helper funciton.
3583         (WTF::StringImpl::reverseFind): Added 8 bit path.
3584         (WTF::StringImpl::reverseFindIgnoringCase): Added 8 bit path.
3585         * wtf/text/StringImpl.h:
3586         (WTF):
3587
3588 2012-01-26  Csaba Osztrogonác  <ossy@webkit.org>
3589
3590         [Qt][Win] One more speculative buildfix after r105970.
3591
3592         * JavaScriptCore.pri:
3593
3594 2012-01-26  Csaba Osztrogonác  <ossy@webkit.org>
3595
3596         [Qt][Win] Speculative buildfix after r105970.
3597
3598         * JavaScriptCore.pri: Link lgdi for DeleteObject() and DeleteDC().
3599
3600 2012-01-26  Sheriff Bot  <webkit.review.bot@gmail.com>
3601
3602         Unreviewed, rolling out r105982.
3603         http://trac.webkit.org/changeset/105982
3604         https://bugs.webkit.org/show_bug.cgi?id=77090
3605
3606         breaks the world (Requested by WildFox on #webkit).
3607
3608         * wtf/MainThread.cpp:
3609         (WTF):
3610         * wtf/Platform.h:
3611         * wtf/mac/MainThreadMac.mm:
3612         (WTF):
3613         (WTF::registerGCThread):
3614         (WTF::isMainThreadOrGCThread):
3615
3616 2012-01-26  Roland Takacs  <takacs.roland@stud.u-szeged.hu>
3617
3618         [Qt] GC should be parallel on Qt platform
3619         https://bugs.webkit.org/show_bug.cgi?id=73309
3620
3621         Reviewed by Zoltan Herczeg.
3622
3623         These changes made the parallel gc feature available for Qt port.
3624         The implementation of "registerGCThread" and "isMainThreadOrGCThread"
3625         is moved from MainThreadMac.mm to the common MainThread.cpp to make
3626         them available for other platforms.
3627
3628         Measurement results:
3629         V8           speed-up:  1.071x as fast  [From: 746.1ms  To: 696.4ms ]
3630         WindScorpion speed-up:  1.082x as fast  [From: 3490.4ms To: 3226.7ms]
3631         V8 Splay     speed-up:  1.158x as fast  [From: 145.8ms  To: 125.9ms ]
3632
3633         Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core.
3634
3635         * wtf/MainThread.cpp:
3636         (WTF):
3637         (WTF::registerGCThread):
3638         (WTF::isMainThreadOrGCThread):
3639         * wtf/Platform.h:
3640         * wtf/mac/MainThreadMac.mm:
3641
3642 2012-01-26  Andy Estes  <aestes@apple.com>
3643
3644         REGRESSION (r105555): Incorrect use of OS() macro breaks OwnPtr when used with Win32 data types
3645         https://bugs.webkit.org/show_bug.cgi?id=77073
3646
3647         Reviewed by Ryosuke Niwa.
3648         
3649         r105555 changed PLATFORM(WIN) to OS(WIN), but WTF_OS_WIN isn't defined.
3650         This should have been changed to OS(WINDOWS). This causes the
3651         preprocessor to strip out Win32 data type overrides for deleteOwnedPtr,
3652         causing allocations made by Win32 to be deleted by fastmalloc.
3653
3654         * wtf/OwnPtrCommon.h:
3655         (WTF): Use OS(WINDOWS) instead of OS(WIN).
3656
3657 2012-01-25  Mark Rowe  <mrowe@apple.com>
3658
3659         Attempted Mac build fix after r105939.
3660
3661         * runtime/DatePrototype.cpp: Don't #include unicode/udat.h on Mac or iOS.
3662         It isn't used on these platforms and isn't available in the ICU headers
3663         for Mac.
3664
3665 2012-01-25  Mark Rowe  <mrowe@apple.com>
3666
3667         Build in to an alternate location when USE_STAGING_INSTALL_PATH is set.
3668
3669         <rdar://problem/10609417> Adopt USE_STAGING_INSTALL_PATH
3670
3671         Reviewed by David Kilzer.
3672
3673         * Configurations/Base.xcconfig: Define NORMAL_JAVASCRIPTCORE_FRAMEWORKS_DIR, which contains
3674         the path where JavaScriptCore is normally installed. Update JAVASCRIPTCORE_FRAMEWORKS_DIR
3675         to point to the staged frameworks directory when USE_STAGING_INSTALL_PATH is set.
3676         * Configurations/JavaScriptCore.xcconfig: Always set the framework's install name based on
3677         the normal framework location. This prevents an incorrect install name from being used when
3678         installing in to the staged frameworks directory.
3679
3680 2012-01-25  Eli Fidler  <efidler@rim.com>
3681
3682         Implement Date.toLocaleString() using ICU
3683         https://bugs.webkit.org/show_bug.cgi?id=76714
3684
3685         Reviewed by Darin Adler.
3686
3687         * runtime/DatePrototype.cpp:
3688         (JSC::formatLocaleDate):
3689
3690 2012-01-25  Hajime Morita  <morrita@google.com>
3691
3692         ENABLE_SHADOW_DOM should be available via build-webkit --shadow-dom
3693         https://bugs.webkit.org/show_bug.cgi?id=76863
3694
3695         Reviewed by Dimitri Glazkov.
3696
3697         Added a feature flag.
3698
3699         * Configurations/FeatureDefines.xcconfig:
3700
3701 2012-01-25  Yong Li  <yoli@rim.com>
3702
3703         [BlackBerry] Implement OSAllocator::commit/decommit.
3704         BlackBerry port should support virtual memory decommiting.
3705         https://bugs.webkit.org/show_bug.cgi?id=77013
3706
3707         Reviewed by Rob Buis.
3708
3709         * wtf/OSAllocatorPosix.cpp:
3710         (WTF::OSAllocator::reserveUncommitted):
3711         (WTF::OSAllocator::commit):
3712         (WTF::OSAllocator::decommit):
3713         * wtf/Platform.h:
3714
3715 2012-01-24  Oliver Hunt  <oliver@apple.com>
3716
3717         Make DFG update topCallFrame
3718         https://bugs.webkit.org/show_bug.cgi?id=76969
3719
3720         Reviewed by Filip Pizlo.
3721
3722         Add NativeCallFrameTracer to manage topCallFrame assignment
3723         in the DFG operations, and make use of it.
3724
3725         * dfg/DFGOperations.cpp:
3726         (JSC::DFG::operationPutByValInternal):
3727         ():
3728         * interpreter/Interpreter.h:
3729         (JSC):
3730         (NativeCallFrameTracer):
3731         (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
3732
3733 2012-01-24  Filip Pizlo  <fpizlo@apple.com>
3734
3735         Inlining breaks call frame walking when the walking is done from outside the inlinee,
3736         but inside a code block that had inlining
3737         https://bugs.webkit.org/show_bug.cgi?id=76978
3738         <rdar://problem/10720904>
3739
3740         Reviewed by Oliver Hunt.
3741
3742         * bytecode/CodeBlock.h:
3743         (JSC::CodeBlock::codeOriginForReturn):
3744         * interpreter/CallFrame.cpp:
3745         (JSC::CallFrame::trueCallerFrame):
3746
3747 2012-01-24  Gavin Barraclough  <barraclough@apple.com>
3748
3749         https://bugs.webkit.org/show_bug.cgi?id=76855
3750         Implement a JIT-code aware sampling profiler for JSC
3751
3752         Reviewed by Oliver Hunt.
3753
3754         Add support to MetaAllocator.cpp to track all live handles in a map,
3755         allowing lookup based on any address within the allocation.
3756
3757         * wtf/MetaAllocator.cpp:
3758         (WTF::MetaAllocatorTracker::notify):
3759         (WTF::MetaAllocatorTracker::release):
3760             - Track live handle objects in a map.
3761         (WTF::MetaAllocator::release):
3762             - Removed support for handles with null m_allocator (no longer used).
3763             - Notify the tracker of handles being released.
3764         (WTF::MetaAllocatorHandle::~MetaAllocatorHandle):
3765             - Moved functionality out into MetaAllocator::release.
3766         (WTF::MetaAllocatorHandle::shrink):
3767             - Removed support for handles with null m_allocator (no longer used).
3768         (WTF::MetaAllocator::MetaAllocator):
3769             - Initialize m_tracker.
3770         (WTF::MetaAllocator::allocate):
3771             - Notify the tracker of new allocations.
3772         * wtf/MetaAllocator.h:
3773         (WTF::MetaAllocatorTracker::find):
3774             - Lookup a MetaAllocatorHandle based on an address inside the allocation.
3775         (WTF::MetaAllocator::trackAllocations):
3776             - Register a callback object to track allocation state.
3777         * wtf/MetaAllocatorHandle.h:
3778             - Remove unused createSelfManagedHandle/constructor.
3779         (WTF::MetaAllocatorHandle::key):
3780             - Added, for use in RedBlackTree.
3781
3782 2012-01-24  Mark Hahnenberg  <mhahnenberg@apple.com>
3783
3784         Use copying collector for out-of-line JSObject property storage
3785         https://bugs.webkit.org/show_bug.cgi?id=76665
3786
3787         Reviewed by Geoffrey Garen.
3788
3789         * runtime/JSObject.cpp:
3790         (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line.
3791         Also added a temporary variable to avoid warnings from GCC.
3792         (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to 
3793         operator new. Also added a temporary variable to avoid warnings from GCC.
3794         * runtime/JSObject.h:
3795
3796 2012-01-24  Geoffrey Garen  <ggaren@apple.com>
3797
3798         JSValue::toString() should return a JSString* instead of a UString
3799         https://bugs.webkit.org/show_bug.cgi?id=76861
3800
3801         Fixed two failing layout tests after my last patch.
3802
3803         Reviewed by Gavin Barraclough.
3804
3805         * runtime/ArrayPrototype.cpp:
3806         (JSC::arrayProtoFuncSort): Call value() after calling toString(), as
3807         in all other cases.
3808         
3809         I missed this case because the JSString* type has a valid operator<,
3810         so the compiler didn't complain.
3811
3812 2012-01-24  Kenichi Ishibashi  <bashi@chromium.org>
3813
3814         [V8] Add Uint8ClampedArray support
3815         https://bugs.webkit.org/show_bug.cgi?id=76803
3816
3817         Reviewed by Kenneth Russell.
3818
3819         * wtf/ArrayBufferView.h:
3820         (WTF::ArrayBufferView::isUnsignedByteClampedArray): Added.
3821         * wtf/Uint8ClampedArray.h:
3822         (WTF::Uint8ClampedArray::isUnsignedByteClampedArray): Overridden to return true.
3823
3824 2012-01-23  Carlos Garcia Campos  <cgarcia@igalia.com>
3825
3826         [GTK] Add WebKitDownload to WebKit2 GTK+ API
3827         https://bugs.webkit.org/show_bug.cgi?id=72949
3828
3829         Reviewed by Martin Robinson.
3830
3831         * wtf/gobject/GOwnPtr.cpp:
3832         (WTF::GTimer): Use g_timer_destroy() to free a GTimer.
3833         * wtf/gobject/GOwnPtr.h: Add GTimer template.
3834         * wtf/gobject/GTypedefs.h: Add GTimer forward declaration.
3835
3836 2012-01-24  Ilya Tikhonovsky  <loislo@chromium.org>
3837
3838         Unreviewed build fix for Qt LinuxSH4 build after r105698.
3839
3840         * interpreter/Interpreter.cpp:
3841         (JSC::Interpreter::privateExecute):
3842
3843 2012-01-23  Geoffrey Garen  <ggaren@apple.com>
3844
3845         JSValue::toString() should return a JSString* instead of a UString
3846         https://bugs.webkit.org/show_bug.cgi?id=76861
3847
3848         Reviewed by Gavin Barraclough.
3849         
3850         This makes the common case -- toString() on a string -- faster and
3851         inline-able. (Not a measureable speedup, but we can now remove a bunch
3852         of duplicate hand-rolled code for this optimization.)
3853         
3854         This also clarifies the boundary between "C++ strings" and "JS strings".
3855         
3856         In all cases other than true, false, null, undefined, and multi-digit
3857         numbers, the JS runtime was just retrieving a UString from a JSString,
3858         so returning a JSString* is strictly better. In the other cases, we can
3859         optimize to avoid creating a new JSString if we care to, but it doesn't
3860         seem to be a big deal.
3861
3862         * JavaScriptCore.exp: Export!
3863         
3864         * jsc.cpp:
3865         (functionPrint):
3866         (functionDebug):
3867         (functionRun):
3868         (functionLoad):
3869         (functionCheckSyntax):
3870         (runWithScripts):
3871         (runInteractive):
3872         * API/JSValueRef.cpp:
3873         (JSValueToStringCopy):
3874         * bytecode/CodeBlock.cpp:
3875         (JSC::valueToSourceString): Call value() after calling toString(), to
3876         convert from "JS string" (JSString*) to "C++ string" (UString), since
3877         toString() no longer returns a "C++ string".
3878
3879         * dfg/DFGOperations.cpp:
3880         (JSC::DFG::operationValueAddNotNumber):
3881         * jit/JITStubs.cpp:
3882         (op_add): Updated for removal of toPrimitiveString():
3883         all '+' operands can use toString(), except for object operands, which
3884         need to take a slow path to call toPrimitive().
3885
3886         * runtime/ArrayPrototype.cpp:
3887         (JSC::arrayProtoFuncToString):
3888         (JSC::arrayProtoFuncToLocaleString):
3889         (JSC::arrayProtoFuncJoin):
3890         (JSC::arrayProtoFuncPush):
3891         * runtime/CommonSlowPaths.h:
3892         (JSC::CommonSlowPaths::opIn):
3893         * runtime/DateConstructor.cpp:
3894         (JSC::dateParse):
3895         * runtime/DatePrototype.cpp:
3896         (JSC::formatLocaleDate): Call value() after calling toString(), as above.
3897
3898         * runtime/ErrorInstance.h:
3899         (JSC::ErrorInstance::create): Simplified down to one canonical create()
3900         function, to make string handling easier.
3901
3902         * runtime/ErrorPrototype.cpp:
3903         (JSC::errorProtoFuncToString):
3904         * runtime/ExceptionHelpers.cpp:
3905         (JSC::createInvalidParamError):
3906         (JSC::createNotAConstructorError):
3907         (JSC::createNotAFunctionError):
3908         (JSC::createNotAnObjectError):
3909         * runtime/FunctionConstructor.cpp:
3910         (JSC::constructFunctionSkippingEvalEnabledCheck):
3911         * runtime/FunctionPrototype.cpp:
3912         (JSC::functionProtoFuncBind):
3913         * runtime/JSArray.cpp:
3914         (JSC::JSArray::sort): Call value() after calling toString(), as above.
3915
3916         * runtime/JSCell.cpp:
3917         * runtime/JSCell.h: Removed JSCell::toString() because JSValue does this
3918         job now. Doing it in JSCell is slower (requires extra type checking), and
3919         creates the misimpression that language-defined toString() behavior is
3920         an implementation detail of JSCell.
3921         
3922         * runtime/JSGlobalObjectFunctions.cpp:
3923         (JSC::encode):
3924         (JSC::decode):
3925         (JSC::globalFuncEval):
3926         (JSC::globalFuncParseInt):
3927         (JSC::globalFuncParseFloat):
3928         (JSC::globalFuncEscape):
3929         (JSC::globalFuncUnescape): Call value() after calling toString(), as above.
3930
3931         * runtime/JSONObject.cpp:
3932         (JSC::unwrapBoxedPrimitive):
3933         (JSC::Stringifier::Stringifier):
3934         (JSC::JSONProtoFuncParse): Removed some manual optimization that toString()
3935         takes care of.
3936
3937         * runtime/JSObject.cpp:
3938         (JSC::JSObject::toString):
3939         * runtime/JSObject.h: Updated to return JSString*.
3940
3941         * runtime/JSString.cpp:
3942         * runtime/JSString.h:
3943         (JSC::JSValue::toString): Removed, since I removed JSCell::toString().
3944
3945         * runtime/JSValue.cpp:
3946         (JSC::JSValue::toStringSlowCase): Removed toPrimitiveString(), and re-
3947         spawned toStringSlowCase() from its zombie corpse, since toPrimitiveString()
3948         basically did what we want all the time. (Note that the toPrimitive()
3949         preference changes from NoPreference to PreferString, because that's
3950         how ToString is defined in the language. op_add does not want this behavior.)
3951
3952         * runtime/NumberPrototype.cpp:
3953         (JSC::numberProtoFuncToString):
3954         (JSC::numberProtoFuncToLocaleString): A little simpler, now that toString()
3955         returns a JSString*.
3956
3957         * runtime/ObjectConstructor.cpp:
3958         (JSC::objectConstructorGetOwnPropertyDescriptor):
3959         (JSC::objectConstructorDefineProperty):
3960         * runtime/ObjectPrototype.cpp:
3961         (JSC::objectProtoFuncHasOwnProperty):
3962         (JSC::objectProtoFuncDefineGetter):
3963         (JSC::objectProtoFuncDefineSetter):
3964         (JSC::objectProtoFuncLookupGetter):
3965         (JSC::objectProtoFuncLookupSetter):
3966         (JSC::objectProtoFuncPropertyIsEnumerable): More calls to value(), as above.
3967
3968         * runtime/Operations.cpp:
3969         (JSC::jsAddSlowCase): Need to check for object before taking the toString()
3970         fast path becuase adding an object to a string requires calling toPrimitive()
3971         on the object, not toString(). (They differ in their preferred conversion
3972         type.)
3973
3974         * runtime/Operations.h:
3975         (JSC::jsString):
3976         (JSC::jsStringFromArguments): This code gets simpler, now that toString()
3977         does the right thing.
3978
3979         (JSC::jsAdd): Now checks for object, just like jsAddSlowCase().
3980
3981         * runtime/RegExpConstructor.cpp:
3982         (JSC::setRegExpConstructorInput):
3983         (JSC::constructRegExp):
3984         * runtime/RegExpObject.cpp:
3985         (JSC::RegExpObject::match):
3986         * runtime/RegExpPrototype.cpp:
3987         (JSC::regExpProtoFuncCompile):
3988         (JSC::regExpProtoFuncToString): More calls to value(), as above.
3989
3990         * runtime/StringConstructor.cpp:
3991         (JSC::constructWithStringConstructor):
3992         (JSC::callStringConstructor): This code gets simpler, now that toString()
3993         does the right thing.
3994
3995         * runtime/StringPrototype.cpp:
3996         (JSC::replaceUsingRegExpSearch):
3997         (JSC::replaceUsingStringSearch):
3998         (JSC::stringProtoFuncReplace):
3999         (JSC::stringProtoFuncCharAt):
4000         (JSC::stringProtoFuncCharCodeAt):
4001         (JSC::stringProtoFuncConcat):
4002         (JSC::stringProtoFuncIndexOf):
4003         (JSC::stringProtoFuncLastIndexOf):
4004         (JSC::stringProtoFuncMatch):
4005         (JSC::stringProtoFuncSearch):
4006         (JSC::stringProtoFuncSlice):
4007         (JSC::stringProtoFuncSplit):
4008         (JSC::stringProtoFuncSubstr):
4009         (JSC::stringProtoFuncSubstring):
4010         (JSC::stringProtoFuncToLowerCase):
4011         (JSC::stringProtoFuncToUpperCase):
4012         (JSC::stringProtoFuncLocaleCompare):
4013         (JSC::stringProtoFuncBig):
4014         (JSC::stringProtoFuncSmall):
4015         (JSC::stringProtoFuncBlink):
4016         (JSC::stringProtoFuncBold):
4017         (JSC::stringProtoFuncFixed):
4018         (JSC::stringProtoFuncItalics):
4019         (JSC::stringProtoFuncStrike):
4020         (JSC::stringProtoFuncSub):
4021         (JSC::stringProtoFuncSup):
4022         (JSC::stringProtoFuncFontcolor):
4023         (JSC::stringProtoFuncFontsize):
4024         (JSC::stringProtoFuncAnchor):
4025         (JSC::stringProtoFuncLink):
4026         (JSC::trimString): Some of this code gets simpler, now that toString()
4027         does the right thing. More calls to value(), as above.
4028
4029 2012-01-23  Luke Macpherson   <macpherson@chromium.org>
4030
4031         Unreviewed, rolling out r105676.
4032         http://trac.webkit.org/changeset/105676
4033         https://bugs.webkit.org/show_bug.cgi?id=76665
4034
4035         Breaks build on max due to compile warnings.
4036
4037         * runtime/JSObject.cpp:
4038         (JSC::JSObject::finalize):
4039         (JSC::JSObject::visitChildren):
4040