Unreviewed, rolling out r94445 and r94448.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-09-05  Sheriff Bot  <webkit.review.bot@gmail.com>
2
3         Unreviewed, rolling out r94445 and r94448.
4         http://trac.webkit.org/changeset/94445
5         http://trac.webkit.org/changeset/94448
6         https://bugs.webkit.org/show_bug.cgi?id=67595
7
8         It broke everything (Requested by ossy on #webkit).
9
10         * JavaScriptCore.exp:
11         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
12         * heap/Heap.cpp:
13         (JSC::Heap::collect):
14         * heap/Heap.h:
15         * heap/NewSpace.cpp:
16         (JSC::NewSpace::NewSpace):
17         * heap/NewSpace.h:
18         * jit/JITStubs.cpp:
19         (JSC::DEFINE_STUB_FUNCTION):
20         * runtime/JSObject.cpp:
21         (JSC::JSObject::allocatePropertyStorage):
22         * runtime/JSObject.h:
23         (JSC::JSObject::~JSObject):
24         (JSC::JSObject::putDirectInternal):
25         (JSC::JSObject::putDirectWithoutTransition):
26         (JSC::JSObject::putDirectFunctionWithoutTransition):
27         (JSC::JSObject::transitionTo):
28         (JSC::JSObject::visitChildrenDirect):
29
30 2011-09-05  Patrick Gansterer  <paroga@webkit.org>
31
32         Unreviewed build fix for r94452.
33
34         Add config.h as the first header to the cc files as required by the coding style.
35         Reuse macros from Assertions.h instead of adding addional #ifdefs.
36
37         * wtf/dtoa/bignum-dtoa.cc:
38         * wtf/dtoa/bignum.cc:
39         * wtf/dtoa/cached-powers.cc:
40         * wtf/dtoa/diy-fp.cc:
41         * wtf/dtoa/double-conversion.cc:
42         * wtf/dtoa/fast-dtoa.cc:
43         * wtf/dtoa/fixed-dtoa.cc:
44         * wtf/dtoa/strtod.cc:
45         * wtf/dtoa/utils.h:
46
47 2011-09-05  Andras Becsi  <andras.becsi@nokia.com>
48
49         [Qt][WK2] Fix the build
50
51         Rubber-stamped by Csaba Osztrogon√°c.
52
53         * wtf/dtoa/double-conversion.cc: Remove dead variable in file added in r94452.
54         The variable fractional_part is only set but never used.
55
56 2011-09-04  Mark Hahnenberg  <mhahnenberg@apple.com>
57
58         REGRESSION (r94452): 20 http/tests tests failing on Qt Linux Release
59         https://bugs.webkit.org/show_bug.cgi?id=67562
60
61         Reviewed by Darin Adler.
62
63         Fixing the build (again which was broken by the dtoa patch.  Needed 
64         to make sure WTF::double_conversion::initialize() is called for Qt
65         as well as adding a check for WinCE in dtoa/utils.h
66
67         * runtime/InitializeThreading.cpp:
68         (JSC::initializeThreadingOnce):
69         * wtf/dtoa/cached-powers.cc:
70         * wtf/dtoa/utils.h:
71
72 2011-09-03  Filip Pizlo  <fpizlo@apple.com>
73
74         ThunkGenerators does not convert positive double zero into integer zero
75         https://bugs.webkit.org/show_bug.cgi?id=67553
76
77         Reviewed by Gavin Barraclough.
78         
79         This is an 0.5% speed-up on V8 and neutral elsewhere.
80
81         * jit/SpecializedThunkJIT.h:
82         (JSC::SpecializedThunkJIT::returnDouble):
83
84 2011-09-03  Kevin Ollivier  <kevino@theolliviers.com>
85
86         [wx] Unreviewed build fix. Add wtf/dtoa directory to build.
87
88         * wscript:
89
90 2011-09-03  Filip Pizlo  <fpizlo@apple.com>
91
92         DFG variable predictions only work for local variables, not temporaries
93         https://bugs.webkit.org/show_bug.cgi?id=67554
94
95         Reviewed by Gavin Barraclough.
96         
97         This appears to be a slight speed-up in Kraken (0.3% but significant)
98         and neutral elsewhere.
99
100         * dfg/DFGGraph.h:
101         (JSC::DFG::Graph::predict):
102
103 2011-09-02  Filip Pizlo  <fpizlo@apple.com>
104
105         DFG JIT speculation failure does recovery of additions in reverse and
106         doesn't rebox
107         https://bugs.webkit.org/show_bug.cgi?id=67551
108
109         Reviewed by Sam Weinig.
110
111         * dfg/DFGJITCompiler.cpp:
112         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
113
114 2011-09-02  Filip Pizlo  <fpizlo@apple.com>
115
116         ValueProfile does not make it safe to introspect cell values
117         after garbage collection
118         https://bugs.webkit.org/show_bug.cgi?id=67354
119
120         Reviewed by Gavin Barraclough.
121         
122         ValueProfile buckets are now weak references, implemented using a
123         light-weight weak reference mechanism that this patch also adds (the
124         WeakReferenceHarvester).  If a cell stored in a ValueProfile bucket
125         is not marked, then the bucket is transformed into a Structure
126         pointer.  If the Structure is not marked either, then it is turned
127         into a ClassInfo pointer.
128
129         * JavaScriptCore.xcodeproj/project.pbxproj:
130         * bytecode/CodeBlock.cpp:
131         (JSC::CodeBlock::~CodeBlock):
132         (JSC::CodeBlock::visitAggregate):
133         (JSC::CodeBlock::visitWeakReferences):
134         * bytecode/CodeBlock.h:
135         * bytecode/ValueProfile.h:
136         (JSC::ValueProfile::ValueProfile):
137         (JSC::ValueProfile::classInfo):
138         (JSC::ValueProfile::numberOfInt32s):
139         (JSC::ValueProfile::numberOfDoubles):
140         (JSC::ValueProfile::numberOfCells):
141         (JSC::ValueProfile::numberOfArrays):
142         (JSC::ValueProfile::probabilityOfArray):
143         (JSC::ValueProfile::WeakBucket::WeakBucket):
144         (JSC::ValueProfile::WeakBucket::operator!):
145         (JSC::ValueProfile::WeakBucket::isEmpty):
146         (JSC::ValueProfile::WeakBucket::isClassInfo):
147         (JSC::ValueProfile::WeakBucket::isStructure):
148         (JSC::ValueProfile::WeakBucket::asStructure):
149         (JSC::ValueProfile::WeakBucket::asClassInfo):
150         (JSC::ValueProfile::WeakBucket::getClassInfo):
151         * heap/Heap.cpp:
152         (JSC::Heap::harvestWeakReferences):
153         (JSC::Heap::markRoots):
154         * heap/Heap.h:
155         * heap/MarkStack.cpp:
156         (JSC::SlotVisitor::drain):
157         (JSC::SlotVisitor::harvestWeakReferences):
158         * heap/MarkStack.h:
159         (JSC::MarkStack::addWeakReferenceHarvester):
160         (JSC::MarkStack::MarkStack):
161         (JSC::MarkStack::appendUnbarrieredPointer):
162         * heap/SlotVisitor.h:
163         * heap/WeakReferenceHarvester.h: Added.
164         (JSC::WeakReferenceHarvester::WeakReferenceHarvester):
165         (JSC::WeakReferenceHarvester::~WeakReferenceHarvester):
166
167 2011-09-02  Michael Saboff  <msaboff@apple.com>
168
169         Replace local implementation of string equals() methods with UString versions
170         https://bugs.webkit.org/show_bug.cgi?id=67342
171
172         In preparation to allowing StringImpl to be backed by 8 bit 
173         characters when appropriate, we need to eliminate or change the
174         usage of StringImpl::characters(). Change the uses of characters()
175         that are used to implement redundant equals() methods.
176
177         Reviewed by Gavin Barraclough.
178
179         * runtime/Identifier.cpp:
180         (JSC::Identifier::equal):
181         * runtime/Identifier.h:
182         (JSC::Identifier::equal):
183         * wtf/text/AtomicString.cpp:
184         (WTF::CStringTranslator::equal): Moved an optimized method to here.
185         (WTF::operator==):
186         * wtf/text/StringImpl.cpp:
187         (WTF::equal):
188         * wtf/text/StringImpl.h:
189
190 2011-09-02  Michael Saboff  <msaboff@apple.com>
191
192         Add JSC:RegExp functional tests
193         https://bugs.webkit.org/show_bug.cgi?id=67339
194
195         Added new test driver program (testRegExp) and corresponding data file
196         along with build scripts changes.
197
198         Reviewed by Gavin Barraclough.
199
200         * JavaScriptCore.exp:
201         * JavaScriptCore.xcodeproj/project.pbxproj:
202         * testRegExp.cpp: Added.
203         (Options::Options):
204         (StopWatch::start):
205         (StopWatch::stop):
206         (StopWatch::getElapsedMS):
207         (RegExpTest::RegExpTest):
208         (GlobalObject::create):
209         (GlobalObject::className):
210         (GlobalObject::GlobalObject):
211         (main):
212         (cleanupGlobalData):
213         (testOneRegExp):
214         (scanString):
215         (parseRegExpLine):
216         (parseTestLine):
217         (runFromFiles):
218         (printUsageStatement):
219         (parseArguments):
220         (realMain):
221         * tests/regexp: Added.
222         * tests/regexp/RegExpTest.data: Added.
223
224 2011-09-02  Michael Saboff  <msaboff@apple.com>
225
226         Add JSC:RegExp functional test data generator
227         https://bugs.webkit.org/show_bug.cgi?id=67519
228
229         Add a data generator for regular expressions.  To enable, change the
230         #undef REGEXP_FUNC_TEST_DATA_GEN to #define.  Then compile and use
231         regular expressions.  The resulting data will be in /tmp/RegExpTestsData.
232
233         Reviewed by Gavin Barraclough.
234
235         * runtime/RegExp.cpp:
236         (JSC::regExpFlags):
237         (JSC::RegExpFunctionalTestCollector::clearRegExp):
238         (JSC::RegExpFunctionalTestCollector::get):
239         (JSC::RegExpFunctionalTestCollector::outputOneTest):
240         (JSC::RegExpFunctionalTestCollector::RegExpFunctionalTestCollector):
241         (JSC::RegExpFunctionalTestCollector::~RegExpFunctionalTestCollector):
242         (JSC::RegExpFunctionalTestCollector::outputEscapedUString):
243         (JSC::RegExp::~RegExp):
244         (JSC::RegExp::compile):
245         (JSC::RegExp::match):
246         (JSC::RegExp::matchCompareWithInterpreter):
247
248 2011-09-02  Mark Hahnenberg  <mhahnenberg@apple.com>
249
250         Fix the broken build due to dtoa patch
251         https://bugs.webkit.org/show_bug.cgi?id=67534
252
253         Reviewed by Oliver Hunt.
254
255         Fixing the build.
256
257         * GNUmakefile.list.am:
258         * wtf/dtoa/bignum.cc:
259         * wtf/dtoa/fast-dtoa.cc:
260         * wtf/dtoa/utils.h:
261
262 2011-09-02  Oliver Hunt  <oliver@apple.com>
263
264         Remove OldSpace classes
265         https://bugs.webkit.org/show_bug.cgi?id=67533
266
267         Reviewed by Gavin Barraclough.
268
269         Remove the unused OldSpace classes
270
271         * CMakeLists.txt:
272         * GNUmakefile.list.am:
273         * JavaScriptCore.gypi:
274         * JavaScriptCore.pro:
275         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
276         * JavaScriptCore.xcodeproj/project.pbxproj:
277         * heap/Heap.cpp:
278         (JSC::Heap::writeBarrierSlowCase):
279         * heap/MarkedBlock.h:
280         * heap/OldSpace.cpp: Removed.
281         * heap/OldSpace.h: Removed.
282
283 2011-09-02  James Robinson  <jamesr@chromium.org>
284
285         Compile fix for mac build.
286
287         * wtf/CheckedArithmetic.h:
288         (WTF::operator+):
289         (WTF::operator-):
290         (WTF::operator*):
291
292 2011-08-30  Matthew Delaney  <mdelaney@apple.com>
293
294         Read out of bounds in sUnpremultiplyData_RGBA8888 / ImageBufferData::getData
295         https://bugs.webkit.org/show_bug.cgi?id=65352
296
297         Reviewed by Simon Fraser.
298
299         New test: fast/canvas/canvas-getImageData-large-crash.html
300
301         This patch prevents overflows from happening in getImageData, createImageData, and canvas creation
302         calls that specify widths and heights that end up overflowing the ints that we store those values in
303         as well as derived values such as area and maxX / maxY of the bounding rects involved. Overflow of integer
304         arithmetic is detected via the use of the new Checked type that was introduced in r94207. The change to JSC
305         is just to add a new helper method described below.
306
307         * wtf/MathExtras.h:
308         (isWithinIntRange): Reports if a float's value is within the range expressible by an int.
309
310 2011-09-02  Mark Hahnenberg  <mhahnenberg@apple.com>
311
312         Incorporate newer, faster dtoa library
313         https://bugs.webkit.org/show_bug.cgi?id=66346
314
315         Reviewed by Oliver Hunt.
316
317         Added new dtoa library at http://code.google.com/p/double-conversion/.
318         Replaced old call to dtoa.  The new library is much faster than the old one.
319         We still use the old dtoa for some stuff in WebCore as well as the old strtod, 
320         but we can phase these out eventually as well.
321
322         * GNUmakefile.list.am:
323         * JavaScriptCore.exp:
324         * JavaScriptCore.gypi:
325         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
326         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
327         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
328         * JavaScriptCore.xcodeproj/project.pbxproj:
329         * runtime/InitializeThreading.cpp:
330         * runtime/NumberPrototype.cpp:
331         (JSC::numberProtoFuncToExponential):
332         (JSC::numberProtoFuncToFixed):
333         (JSC::numberProtoFuncToPrecision):
334         * runtime/UString.cpp:
335         (JSC::UString::number):
336         * wtf/CMakeLists.txt:
337         * wtf/ThreadingPthreads.cpp:
338         (WTF::initializeThreading):
339         * wtf/ThreadingWin.cpp:
340         (WTF::initializeThreading):
341         * wtf/dtoa.cpp:
342         (WTF::dtoa):
343         * wtf/dtoa.h:
344         * wtf/dtoa/COPYING: Added.
345         * wtf/dtoa/LICENSE: Added.
346         * wtf/dtoa/README: Added.
347         * wtf/dtoa/bignum-dtoa.cc: Added.
348         * wtf/dtoa/bignum-dtoa.h: Added.
349         * wtf/dtoa/bignum.cc: Added.
350         * wtf/dtoa/bignum.h: Added.
351         (WTF::double_conversion::Bignum::Times10):
352         (WTF::double_conversion::Bignum::Equal):
353         (WTF::double_conversion::Bignum::LessEqual):
354         (WTF::double_conversion::Bignum::Less):
355         (WTF::double_conversion::Bignum::PlusEqual):
356         (WTF::double_conversion::Bignum::PlusLessEqual):
357         (WTF::double_conversion::Bignum::PlusLess):
358         (WTF::double_conversion::Bignum::EnsureCapacity):
359         (WTF::double_conversion::Bignum::BigitLength):
360         * wtf/dtoa/cached-powers.cc: Added.
361         * wtf/dtoa/cached-powers.h: Added.
362         * wtf/dtoa/diy-fp.cc: Added.
363         * wtf/dtoa/diy-fp.h: Added.
364         (WTF::double_conversion::DiyFp::DiyFp):
365         (WTF::double_conversion::DiyFp::Subtract):
366         (WTF::double_conversion::DiyFp::Minus):
367         (WTF::double_conversion::DiyFp::Times):
368         (WTF::double_conversion::DiyFp::Normalize):
369         (WTF::double_conversion::DiyFp::f):
370         (WTF::double_conversion::DiyFp::e):
371         (WTF::double_conversion::DiyFp::set_f):
372         (WTF::double_conversion::DiyFp::set_e):
373         * wtf/dtoa/double-conversion.cc: Added.
374         * wtf/dtoa/double-conversion.h: Added.
375         (WTF::double_conversion::DoubleToStringConverter::DoubleToStringConverter):
376         (WTF::double_conversion::StringToDoubleConverter::StringToDoubleConverter):
377         * wtf/dtoa/double.h: Added.
378         (WTF::double_conversion::double_to_uint64):
379         (WTF::double_conversion::uint64_to_double):
380         (WTF::double_conversion::Double::Double):
381         (WTF::double_conversion::Double::AsDiyFp):
382         (WTF::double_conversion::Double::AsNormalizedDiyFp):
383         (WTF::double_conversion::Double::AsUint64):
384         (WTF::double_conversion::Double::NextDouble):
385         (WTF::double_conversion::Double::Exponent):
386         (WTF::double_conversion::Double::Significand):
387         (WTF::double_conversion::Double::IsDenormal):
388         (WTF::double_conversion::Double::IsSpecial):
389         (WTF::double_conversion::Double::IsNan):
390         (WTF::double_conversion::Double::IsInfinite):
391         (WTF::double_conversion::Double::Sign):
392         (WTF::double_conversion::Double::UpperBoundary):
393         (WTF::double_conversion::Double::NormalizedBoundaries):
394         (WTF::double_conversion::Double::value):
395         (WTF::double_conversion::Double::SignificandSizeForOrderOfMagnitude):
396         (WTF::double_conversion::Double::Infinity):
397         (WTF::double_conversion::Double::NaN):
398         (WTF::double_conversion::Double::DiyFpToUint64):
399         * wtf/dtoa/fast-dtoa.cc: Added.
400         * wtf/dtoa/fast-dtoa.h: Added.
401         * wtf/dtoa/fixed-dtoa.cc: Added.
402         * wtf/dtoa/fixed-dtoa.h: Added.
403         * wtf/dtoa/strtod.cc: Added.
404         * wtf/dtoa/strtod.h: Added.
405         * wtf/dtoa/utils.h: Added.
406         (WTF::double_conversion::Max):
407         (WTF::double_conversion::Min):
408         (WTF::double_conversion::StrLength):
409         (WTF::double_conversion::Vector::Vector):
410         (WTF::double_conversion::Vector::SubVector):
411         (WTF::double_conversion::Vector::length):
412         (WTF::double_conversion::Vector::is_empty):
413         (WTF::double_conversion::Vector::start):
414         (WTF::double_conversion::Vector::operator[]):
415         (WTF::double_conversion::Vector::first):
416         (WTF::double_conversion::Vector::last):
417         (WTF::double_conversion::StringBuilder::StringBuilder):
418         (WTF::double_conversion::StringBuilder::~StringBuilder):
419         (WTF::double_conversion::StringBuilder::size):
420         (WTF::double_conversion::StringBuilder::position):
421         (WTF::double_conversion::StringBuilder::Reset):
422         (WTF::double_conversion::StringBuilder::AddCharacter):
423         (WTF::double_conversion::StringBuilder::AddString):
424         (WTF::double_conversion::StringBuilder::AddSubstring):
425         (WTF::double_conversion::StringBuilder::AddPadding):
426         (WTF::double_conversion::StringBuilder::Finalize):
427         (WTF::double_conversion::StringBuilder::is_finalized):
428         (WTF::double_conversion::BitCast):
429         * wtf/wtf.pri:
430
431 2011-09-02  Filip Pizlo  <fpizlo@apple.com>
432
433         DFG graph has no way of distinguishing or reconciling between static
434         and dynamic predictions
435         https://bugs.webkit.org/show_bug.cgi?id=67343
436
437         Reviewed by Gavin Barraclough.
438         
439         PredictedType now stores the source of the prediction.  Merging predictions,
440         which was previously done with a bitwise or, is now done via the
441         mergePredictions (equivalent to |) and mergePrediction (equivalent to |=)
442         functions, which correctly handle combinations of static and dynamic.
443         
444         This is performance-neutral, since all predictions are currently static and
445         so the code has no visible effects.
446
447         * dfg/DFGByteCodeParser.cpp:
448         (JSC::DFG::ByteCodeParser::set):
449         (JSC::DFG::ByteCodeParser::staticallyPredictArray):
450         (JSC::DFG::ByteCodeParser::staticallyPredictInt32):
451         (JSC::DFG::ByteCodeParser::parseBlock):
452         * dfg/DFGGraph.h:
453         (JSC::DFG::Graph::predict):
454         (JSC::DFG::Graph::predictGlobalVar):
455         * dfg/DFGNode.h:
456         (JSC::DFG::isArrayPrediction):
457         (JSC::DFG::isInt32Prediction):
458         (JSC::DFG::isDoublePrediction):
459         (JSC::DFG::isDynamicPrediction):
460         (JSC::DFG::mergePredictions):
461         (JSC::DFG::mergePrediction):
462         (JSC::DFG::makePrediction):
463         (JSC::DFG::Node::predict):
464
465 2011-09-02  Oliver Hunt  <oliver@apple.com>
466
467         Fix 32bit build.
468
469         * heap/NewSpace.h:
470         (JSC::NewSpace::allocatePropertyStorage):
471         (JSC::NewSpace::inPropertyStorageNursery):
472
473 2011-09-02  Oliver Hunt  <oliver@apple.com>
474
475         Use bump allocator for initial property storage
476         https://bugs.webkit.org/show_bug.cgi?id=67494
477
478         Reviewed by Gavin Barraclough.
479
480         Switch to a bump allocator for the initial out of line
481         property storage.  This gives us slightly faster allocation
482         for short lived objects that need out of line storage at
483         the cost of an additional memcpy when the object survives
484         a GC pass.
485
486         No performance impact.
487
488         * JavaScriptCore.exp:
489         * heap/Heap.cpp:
490         (JSC::Heap::collect):
491         * heap/Heap.h:
492         (JSC::Heap::allocatePropertyStorage):
493         (JSC::Heap::inPropertyStorageNursary):
494         * heap/NewSpace.cpp:
495         (JSC::NewSpace::NewSpace):
496         * heap/NewSpace.h:
497         (JSC::NewSpace::resetPropertyStorageNursary):
498         (JSC::NewSpace::allocatePropertyStorage):
499         (JSC::NewSpace::inPropertyStorageNursary):
500         * jit/JITStubs.cpp:
501         (JSC::DEFINE_STUB_FUNCTION):
502         * runtime/JSObject.cpp:
503         (JSC::JSObject::allocatePropertyStorage):
504         * runtime/JSObject.h:
505         (JSC::JSObject::~JSObject):
506         (JSC::JSObject::putDirectInternal):
507         (JSC::JSObject::putDirectWithoutTransition):
508         (JSC::JSObject::putDirectFunctionWithoutTransition):
509         (JSC::JSObject::transitionTo):
510         (JSC::JSObject::visitChildrenDirect):
511
512 2011-09-01  Mark Rowe  <mrowe@apple.com>
513
514         Fix the build.
515
516         * JavaScriptCore.JSVALUE32_64only.exp:
517         * JavaScriptCore.JSVALUE64only.exp:
518         * JavaScriptCore.exp:
519
520 2011-09-01  Mark Hahnenberg  <mhahnenberg@apple.com>
521
522         Unzip initialization lists and constructors in JSCell hierarchy (4/7)
523         https://bugs.webkit.org/show_bug.cgi?id=67174
524
525         Reviewed by Oliver Hunt.
526
527         Completed the fourth level of the refactoring to add finishCreation() 
528         methods to all classes within the JSCell hierarchy with non-trivial 
529         constructor bodies.
530
531         This primarily consists of pushing the calls to finishCreation() down 
532         into the constructors of the subclasses of the second level of the hierarchy 
533         as well as pulling the finishCreation() calls out into the class's corresponding
534         create() method if it has one.  Doing both simultaneously allows us to 
535         maintain the invariant that the finishCreation() method chain is called exactly 
536         once during the creation of an object, since calling it any other number of 
537         times (0, 2, or more) will cause an assertion failure.
538
539         * API/JSCallbackConstructor.cpp:
540         (JSC::JSCallbackConstructor::JSCallbackConstructor):
541         (JSC::JSCallbackConstructor::finishCreation):
542         * API/JSCallbackConstructor.h:
543         * API/JSCallbackObject.h:
544         (JSC::JSCallbackObject::create):
545         * API/JSCallbackObjectFunctions.h:
546         (JSC::::JSCallbackObject):
547         (JSC::::finishCreation):
548         * JavaScriptCore.JSVALUE64only.exp:
549         * JavaScriptCore.exp:
550         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
551         * debugger/DebuggerActivation.cpp:
552         (JSC::DebuggerActivation::DebuggerActivation):
553         (JSC::DebuggerActivation::create):
554         * debugger/DebuggerActivation.h:
555         * runtime/Arguments.h:
556         (JSC::Arguments::create):
557         (JSC::Arguments::createNoParameters):
558         (JSC::Arguments::Arguments):
559         * runtime/ArrayPrototype.cpp:
560         (JSC::ArrayPrototype::ArrayPrototype):
561         (JSC::ArrayPrototype::finishCreation):
562         * runtime/ArrayPrototype.h:
563         * runtime/BooleanObject.cpp:
564         (JSC::BooleanObject::BooleanObject):
565         (JSC::BooleanObject::finishCreation):
566         * runtime/BooleanObject.h:
567         * runtime/DateInstance.cpp:
568         (JSC::DateInstance::DateInstance):
569         (JSC::DateInstance::finishCreation):
570         * runtime/DateInstance.h:
571         * runtime/ErrorInstance.cpp:
572         (JSC::ErrorInstance::ErrorInstance):
573         * runtime/ErrorInstance.h:
574         (JSC::ErrorInstance::create):
575         * runtime/ErrorPrototype.cpp:
576         (JSC::ErrorPrototype::ErrorPrototype):
577         (JSC::ErrorPrototype::finishCreation):
578         * runtime/ErrorPrototype.h:
579         * runtime/ExceptionHelpers.cpp:
580         (JSC::InterruptedExecutionError::InterruptedExecutionError):
581         (JSC::InterruptedExecutionError::create):
582         (JSC::TerminatedExecutionError::TerminatedExecutionError):
583         (JSC::TerminatedExecutionError::create):
584         * runtime/Executable.cpp:
585         (JSC::EvalExecutable::EvalExecutable):
586         (JSC::ProgramExecutable::ProgramExecutable):
587         (JSC::FunctionExecutable::FunctionExecutable):
588         * runtime/Executable.h:
589         (JSC::NativeExecutable::create):
590         (JSC::NativeExecutable::NativeExecutable):
591         (JSC::EvalExecutable::create):
592         (JSC::ProgramExecutable::create):
593         (JSC::FunctionExecutable::create):
594         * runtime/InternalFunction.cpp:
595         (JSC::InternalFunction::InternalFunction):
596         (JSC::InternalFunction::finishCreation):
597         * runtime/InternalFunction.h:
598         * runtime/JSActivation.cpp:
599         (JSC::JSActivation::JSActivation):
600         (JSC::JSActivation::finishCreation):
601         * runtime/JSActivation.h:
602         * runtime/JSArray.cpp:
603         (JSC::JSArray::JSArray):
604         * runtime/JSArray.h:
605         (JSC::JSArray::create):
606         * runtime/JSByteArray.cpp:
607         (JSC::JSByteArray::JSByteArray):
608         * runtime/JSByteArray.h:
609         (JSC::JSByteArray::create):
610         * runtime/JSFunction.cpp:
611         (JSC::JSFunction::JSFunction):
612         (JSC::JSFunction::finishCreation):
613         * runtime/JSFunction.h:
614         (JSC::JSFunction::create):
615         * runtime/JSGlobalObject.h:
616         (JSC::JSGlobalObject::JSGlobalObject):
617         (JSC::JSGlobalObject::finishCreation):
618         * runtime/JSNotAnObject.h:
619         (JSC::JSNotAnObject::JSNotAnObject):
620         (JSC::JSNotAnObject::create):
621         * runtime/JSONObject.cpp:
622         (JSC::JSONObject::JSONObject):
623         (JSC::JSONObject::finishCreation):
624         * runtime/JSONObject.h:
625         * runtime/JSObjectWithGlobalObject.cpp:
626         (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
627         * runtime/JSObjectWithGlobalObject.h:
628         * runtime/JSStaticScopeObject.h:
629         (JSC::JSStaticScopeObject::create):
630         (JSC::JSStaticScopeObject::finishCreation):
631         (JSC::JSStaticScopeObject::JSStaticScopeObject):
632         * runtime/JSVariableObject.h:
633         (JSC::JSVariableObject::JSVariableObject):
634         * runtime/JSWrapperObject.h:
635         (JSC::JSWrapperObject::JSWrapperObject):
636         * runtime/MathObject.cpp:
637         (JSC::MathObject::MathObject):
638         (JSC::MathObject::finishCreation):
639         * runtime/MathObject.h:
640         * runtime/NumberObject.cpp:
641         (JSC::NumberObject::NumberObject):
642         (JSC::NumberObject::finishCreation):
643         * runtime/NumberObject.h:
644         * runtime/ObjectPrototype.cpp:
645         (JSC::ObjectPrototype::ObjectPrototype):
646         * runtime/ObjectPrototype.h:
647         (JSC::ObjectPrototype::create):
648         * runtime/RegExpConstructor.cpp:
649         (JSC::RegExpMatchesArray::RegExpMatchesArray):
650         (JSC::RegExpMatchesArray::finishCreation):
651         * runtime/RegExpMatchesArray.h:
652         * runtime/RegExpObject.cpp:
653         (JSC::RegExpObject::RegExpObject):
654         (JSC::RegExpObject::finishCreation):
655         * runtime/RegExpObject.h:
656         * runtime/StrictEvalActivation.cpp:
657         (JSC::StrictEvalActivation::StrictEvalActivation):
658         * runtime/StrictEvalActivation.h:
659         (JSC::StrictEvalActivation::create):
660         * runtime/StringObject.cpp:
661         (JSC::StringObject::StringObject):
662         (JSC::StringObject::finishCreation):
663         * runtime/StringObject.h:
664
665 2011-09-01  Daniel Bates  <dbates@rim.com>
666
667         QNX GCC distribution doesn't support vasprintf()
668         https://bugs.webkit.org/show_bug.cgi?id=67423
669
670         Reviewed by Antonio Gomes.
671
672         * wtf/Platform.h: Don't enable HAVE_VASPRINTF when building with GCC on QNX.
673
674 2011-09-01  Michael Saboff  <msaboff@apple.com>
675
676         Remove simple usage of UString::characters() from JavaScriptCore
677         https://bugs.webkit.org/show_bug.cgi?id=67340
678
679         In preparation to allowing StringImpl to be backed by 8 bit 
680         characters when appropriate, we need to eliminate or change the
681         usage of StringImpl::characters().  Most of the changes below
682         change s->characters()[0] to s[0].
683
684         Reviewed by Geoffrey Garen.
685
686         * bytecompiler/BytecodeGenerator.cpp:
687         (JSC::keyForCharacterSwitch):
688         * bytecompiler/NodesCodegen.cpp:
689         (JSC::processClauseList):
690         * interpreter/Interpreter.cpp:
691         (JSC::Interpreter::privateExecute):
692         * jit/JITStubs.cpp:
693         (JSC::DEFINE_STUB_FUNCTION):
694         * runtime/Identifier.cpp:
695         (JSC::Identifier::addSlowCase):
696         * runtime/JSGlobalObjectFunctions.cpp:
697         (JSC::jsToNumber):
698         (JSC::parseFloat):
699         * runtime/JSString.cpp:
700         (JSC::JSString::substringFromRope):
701         * runtime/JSString.h:
702         (JSC::jsSingleCharacterSubstring):
703         (JSC::jsString):
704         (JSC::jsSubstring):
705         (JSC::jsOwnedString):
706         * runtime/RegExp.cpp:
707         (JSC::regExpFlags):
708         * wtf/text/StringBuilder.h:
709         (WTF::StringBuilder::operator[]):
710
711 2011-09-01  Ada Chan  <adachan@apple.com>
712
713         Export fastMallocStatistics and Heap::objectTypeCounts for https://bugs.webkit.org/show_bug.cgi?id=67160.
714
715         Reviewed by Darin Adler.
716
717         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
718
719 2011-09-01  Hao Zheng  <zhenghao@chromium.org>
720
721         Define PTHREAD_KEYS_MAX to fix Android port build.
722         https://bugs.webkit.org/show_bug.cgi?id=67362
723
724         Reviewed by Adam Barth.
725
726         PTHREAD_KEYS_MAX is not defined in bionic, so explicitly define it.
727
728         * wtf/ThreadIdentifierDataPthreads.cpp:
729
730 2011-08-31  Oliver Hunt  <oliver@apple.com>
731
732         Fix build.
733
734         * wtf/CheckedArithmetic.h:
735         (WTF::Checked::Checked):
736         (WTF::Checked::operator=):
737
738 2011-08-31  Oliver Hunt  <oliver@apple.com>
739
740         fast/regex/overflow.html asserts in debug builds
741         https://bugs.webkit.org/show_bug.cgi?id=67326
742
743         Reviewed by Gavin Barraclough.
744
745         The deliberate overflows in these expressions don't interact nicely
746         with Checked<32bit-type> so we just bump up to Checked<int64_t> for the
747         intermediate calculations.
748
749         * yarr/YarrJIT.cpp:
750         (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
751         (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
752
753 2011-08-31  Jeff Miller  <jeffm@apple.com>
754
755         REGRESSION(92210): AVFoundation media engine is disabled on OS X
756         https://bugs.webkit.org/show_bug.cgi?id=67316
757
758         Move the definition of WTF_USE_AVFOUNDATION on the Mac back to JavaScriptCore/wtf/Platform.h,
759         since WebKit2 doesn't have access to WebCore/config.h on this platform. This reverts the
760         changes that were made in r92210.
761
762         Reviewed by Darin Adler.
763
764         * wtf/Platform.h: Added definition of WTF_USE_AVFOUNDATION on the Mac.
765
766 2011-08-31  Peter Beverloo  <peter@chromium.org>
767
768         Add Android's platform specification and the right atomic functions.
769         https://bugs.webkit.org/show_bug.cgi?id=66687
770
771         Reviewed by Adam Barth.
772
773         * wtf/Atomics.h:
774         (WTF::atomicIncrement):
775         (WTF::atomicDecrement):
776         * wtf/Platform.h:
777
778 2011-08-30  Oliver Hunt  <oliver@apple.com>
779
780         Add support for checked arithmetic
781         https://bugs.webkit.org/show_bug.cgi?id=67095
782
783         Reviewed by Sam Weinig.
784
785         Add a checked arithmetic class Checked<T> that provides overflow-safe
786         arithmetic over all integral types.  Checked<T> supports addition, subtraction
787         and multiplication, along with "bool" conversions and equality operators.
788
789         Checked<> can be used in either CRASH() on overflow or delayed failure modes,
790         although the default is to CRASH().
791
792         To ensure the code is actually in use (rather than checking in dead code) I've
793         made a couple of properties in YARR use Checked<int> and Checked<unsigned>
794         instead of raw value arithmetic.  This has resulted in a moderate set of changes,
795         to YARR - mostly adding .get() calls, but a couple of casts from unsigned long
796         to unsigned for some uses of sizeof, as Checked<> currently does not support
797         mixed signed-ness of types wider that 32 bits.
798
799         Happily the increased type safety of Checked<> means that it's not possible to
800         accidentally assign away precision, nor accidentally call integer overload of
801         a function instead of the bool version.
802
803         No measurable regression in performance, and SunSpider claims this patch to be
804         a progression of 0.3%.
805
806         * GNUmakefile.list.am:
807         * JavaScriptCore.gypi:
808         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
809         * JavaScriptCore.xcodeproj/project.pbxproj:
810         * wtf/CheckedArithmetic.h: Added.
811         (WTF::CrashOnOverflow::overflowed):
812         (WTF::CrashOnOverflow::clearOverflow):
813         (WTF::CrashOnOverflow::hasOverflowed):
814         (WTF::RecordOverflow::RecordOverflow):
815         (WTF::RecordOverflow::overflowed):
816         (WTF::RecordOverflow::clearOverflow):
817         (WTF::RecordOverflow::hasOverflowed):
818         (WTF::isInBounds):
819         (WTF::safeAdd):
820         (WTF::safeSub):
821         (WTF::safeMultiply):
822         (WTF::safeEquals):
823         (WTF::workAroundClangBug):
824         (WTF::Checked::Checked):
825         (WTF::Checked::operator=):
826         (WTF::Checked::operator++):
827         (WTF::Checked::operator--):
828         (WTF::Checked::operator!):
829         (WTF::Checked::operator UnspecifiedBoolType*):
830         (WTF::Checked::get):
831         (WTF::Checked::operator+=):
832         (WTF::Checked::operator-=):
833         (WTF::Checked::operator*=):
834         (WTF::Checked::operator==):
835         (WTF::Checked::operator!=):
836         (WTF::operator+):
837         (WTF::operator-):
838         (WTF::operator*):
839         * yarr/YarrInterpreter.cpp:
840         (JSC::Yarr::ByteCompiler::atomPatternCharacter):
841         (JSC::Yarr::ByteCompiler::atomCharacterClass):
842         (JSC::Yarr::ByteCompiler::atomBackReference):
843         (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
844         (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
845         (JSC::Yarr::ByteCompiler::atomParenthesesOnceEnd):
846         (JSC::Yarr::ByteCompiler::atomParenthesesTerminalEnd):
847         * yarr/YarrInterpreter.h:
848         (JSC::Yarr::ByteTerm::ByteTerm):
849         (JSC::Yarr::ByteTerm::CheckInput):
850         (JSC::Yarr::ByteTerm::UncheckInput):
851         * yarr/YarrJIT.cpp:
852         (JSC::Yarr::YarrGenerator::generateAssertionEOL):
853         (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
854         (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
855         (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
856         (JSC::Yarr::YarrGenerator::generateCharacterClassOnce):
857         (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
858         (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
859         (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
860         * yarr/YarrPattern.cpp:
861         (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
862         * yarr/YarrPattern.h:
863
864 2011-08-31  Andrei Popescu  <andreip@google.com>
865
866         Investigate current uses of OS(ANDROID)
867         https://bugs.webkit.org/show_bug.cgi?id=66761
868
869         Unreviewed, build fix for ARM platforms.
870
871         * wtf/Platform.h:
872
873 2011-08-31  Andrei Popescu  <andreip@google.com>
874
875         Investigate current uses of OS(ANDROID)
876         https://bugs.webkit.org/show_bug.cgi?id=66761
877
878         Reviewed by Darin Adler.
879
880         Remove the last legacy Android code.
881
882         No new tests needed as the code wasn't tested in the first place.
883
884         * wtf/Atomics.h:
885         * wtf/Platform.h:
886         * wtf/ThreadingPthreads.cpp:
887         (WTF::createThreadInternal):
888
889 2011-08-30  Aaron Colwell  <acolwell@chromium.org>
890
891         Add MediaSource API to HTMLMediaElement
892         https://bugs.webkit.org/show_bug.cgi?id=64731
893
894         Reviewed by Eric Carlson.
895
896         * Configurations/FeatureDefines.xcconfig:
897
898 2011-08-30  Oliver Hunt  <oliver@apple.com>
899
900         TypedArrays don't ensure that denormalised values are normalised
901         https://bugs.webkit.org/show_bug.cgi?id=67178
902
903         Reviewed by Gavin Barraclough.
904
905         Add a couple of assertions to jsNumber() to ensure that
906         we block signaling NaNs
907
908         * runtime/JSValue.h:
909         (JSC::jsDoubleNumber):
910         (JSC::jsNumber):
911
912 2011-08-30  Ademar de Souza Reis Jr.  <ademar.reis@openbossa.org>
913
914         [Qt] Do not unconditionally use pkg-config in .pro files
915         https://bugs.webkit.org/show_bug.cgi?id=67055
916
917         Reviewed by Andreas Kling.
918
919         Original patch from Rohan McGovern <rohan.mcgovern@nokia.com>
920
921         Using the first pkg-config in PATH is prone to errors when cross
922         compiling inside the Qt repository (using Qt's build-system).
923
924         This patch protect calls for pkg-config with
925         !contains(QT_CONFIG, no-pkg-config). no-pkg-config is added to
926         QT_CONFIG by Qt's 'configure' when cross-compiling on systems
927         without pkg-config.
928
929         The respective change in Qt's configure has been submited already.
930
931         No new tests as this is just a build change.
932
933         * wtf/wtf.pri: protect pkg-config calls
934
935 2011-08-29  Daniel Bates  <dbates@webkit.org>
936
937         Add HAVE(VASPRINTF) macro to test for vasprintf() support
938         https://bugs.webkit.org/show_bug.cgi?id=67156
939
940         Reviewed by Darin Adler.
941
942         Encapsulate testing of vasprintf() support in a HAVE macro
943         instead of hardcoding the list of supported/unsupported
944         compilers at the call site.
945
946         * wtf/Platform.h:
947
948 2011-08-29  Mark Hahnenberg  <mhahnenberg@apple.com>
949
950         Unzip initialization lists and constructors in JSCell hierarchy (3/7)
951         https://bugs.webkit.org/show_bug.cgi?id=67064
952
953         Reviewed by Darin Adler.
954
955         Completed the third level of the refactoring to add finishCreation() 
956         methods to all classes within the JSCell hierarchy with non-trivial 
957         constructor bodies.
958
959         This primarily consists of pushing the calls to finishCreation() down 
960         into the constructors of the subclasses of the second level of the hierarchy 
961         as well as pulling the finishCreation() calls out into the class's corresponding
962         create() method if it has one.  Doing both simultaneously allows us to 
963         maintain the invariant that the finishCreation() method chain is called exactly 
964         once during the creation of an object, since calling it any other number of 
965         times (0, 2, or more) will cause an assertion failure.
966
967         * debugger/DebuggerActivation.cpp:
968         (JSC::DebuggerActivation::DebuggerActivation):
969         (JSC::DebuggerActivation::finishCreation):
970         * debugger/DebuggerActivation.h:
971         (JSC::DebuggerActivation::create):
972         * runtime/Arguments.h:
973         (JSC::Arguments::create):
974         (JSC::Arguments::createNoParameters):
975         (JSC::Arguments::Arguments):
976         (JSC::Arguments::finishCreation):
977         * runtime/ErrorInstance.cpp:
978         (JSC::ErrorInstance::ErrorInstance):
979         * runtime/ErrorInstance.h:
980         (JSC::ErrorInstance::finishCreation):
981         * runtime/ExceptionHelpers.cpp:
982         (JSC::InterruptedExecutionError::InterruptedExecutionError):
983         (JSC::TerminatedExecutionError::TerminatedExecutionError):
984         * runtime/Executable.cpp:
985         (JSC::EvalExecutable::EvalExecutable):
986         (JSC::ProgramExecutable::ProgramExecutable):
987         (JSC::FunctionExecutable::FunctionExecutable):
988         Moved the assignment of m_firstLine and m_lastLine into the 
989         FunctionExecutable::finishCreation() method in Executable.h
990         * runtime/Executable.h:
991         (JSC::ScriptExecutable::ScriptExecutable):
992         (JSC::EvalExecutable::create):
993         (JSC::ProgramExecutable::create):
994         (JSC::FunctionExecutable::create):
995         (JSC::FunctionExecutable::finishCreation):
996         * runtime/JSArray.cpp:
997         (JSC::JSArray::JSArray):
998         (JSC::JSArray::finishCreation):
999         * runtime/JSArray.h:
1000         * runtime/JSByteArray.cpp:
1001         (JSC::JSByteArray::JSByteArray):
1002         * runtime/JSByteArray.h:
1003         (JSC::JSByteArray::finishCreation):
1004         * runtime/JSNotAnObject.h:
1005         (JSC::JSNotAnObject::JSNotAnObject):
1006         * runtime/JSObject.h:
1007         (JSC::JSNonFinalObject::JSNonFinalObject):
1008         * runtime/JSObjectWithGlobalObject.cpp:
1009         (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
1010         (JSC::JSObjectWithGlobalObject::finishCreation):
1011         * runtime/JSObjectWithGlobalObject.h:
1012         * runtime/JSVariableObject.h:
1013         (JSC::JSVariableObject::JSVariableObject):
1014         (JSC::JSVariableObject::finishCreation):
1015         * runtime/JSWrapperObject.h:
1016         (JSC::JSWrapperObject::JSWrapperObject):
1017         * runtime/ObjectPrototype.cpp:
1018         (JSC::ObjectPrototype::ObjectPrototype):
1019         (JSC::ObjectPrototype::finishCreation):
1020         * runtime/ObjectPrototype.h:
1021         * runtime/StrictEvalActivation.cpp:
1022         (JSC::StrictEvalActivation::StrictEvalActivation):
1023
1024 2011-08-29  Andreas Kling  <kling@webkit.org>
1025
1026         Unreviewed build fix after r93990.
1027
1028         * wtf/HashTable.h:
1029
1030 2011-08-29  Andreas Kling  <kling@webkit.org>
1031
1032         Viewing a post on reddit.com wastes a lot of memory on event listeners.
1033         https://bugs.webkit.org/show_bug.cgi?id=67133
1034
1035         Reviewed by Darin Adler.
1036
1037         Add a minimum table size to the HashTraits, instead of having it hard coded.
1038         The default value remains at 64, but can now be specialized.
1039
1040         * runtime/StructureTransitionTable.h:
1041         * wtf/HashTable.h:
1042         (WTF::HashTable::shouldShrink):
1043         (WTF::::expand):
1044         (WTF::::checkTableConsistencyExceptSize):
1045         * wtf/HashTraits.h:
1046
1047 2011-08-28  Jonathan Liu  <net147@gmail.com>
1048
1049         Fix build error when compiling with MinGW-w64 by disabling JIT
1050         on Windows 64-bit
1051         https://bugs.webkit.org/show_bug.cgi?id=61235
1052
1053         Reviewed by Gavin Barraclough.
1054
1055         The fixed mmap executable allocator for JIT on x86_64 requires
1056         sys/mman.h which is not available on Windows.
1057
1058         * wtf/Platform.h:
1059
1060 2011-08-27  Filip Pizlo  <fpizlo@apple.com>
1061
1062         JSC::Executable is inconsistent about using weak handle finalizers
1063         and destructors for releasing memory
1064         https://bugs.webkit.org/show_bug.cgi?id=67072
1065
1066         Reviewed by Darin Adler.
1067         
1068         Moved more of the destruction of Executable state into the finalizer,
1069         which also resulted in an opportunity to mostly combine this with
1070         discardCode().  This also means that the finalizer is now enabled even
1071         when the JIT is turned off.  This is performance neutral on SunSpider,
1072         V8, and Kraken.
1073
1074         * runtime/Executable.cpp:
1075         (JSC::ExecutableBase::clearCode):
1076         (JSC::ExecutableFinalizer::finalize):
1077         (JSC::EvalExecutable::clearCode):
1078         (JSC::ProgramExecutable::clearCode):
1079         (JSC::FunctionExecutable::discardCode):
1080         (JSC::FunctionExecutable::clearCode):
1081         * runtime/Executable.h:
1082         (JSC::ExecutableBase::finishCreation):
1083
1084 2011-08-26  Gavin Barraclough  <barraclough@apple.com>
1085
1086         DFG JIT - ArithMod may clobber operands.
1087         https://bugs.webkit.org/show_bug.cgi?id=67085
1088
1089         Reviewed by Sam Weinig.
1090
1091         unboxDouble must be called on a temporary.
1092
1093         * dfg/DFGJITCodeGenerator.cpp:
1094         (JSC::DFG::JITCodeGenerator::fillDouble):
1095         * dfg/DFGJITCodeGenerator.h:
1096         (JSC::DFG::JITCodeGenerator::boxDouble):
1097         * dfg/DFGNonSpeculativeJIT.cpp:
1098         (JSC::DFG::NonSpeculativeJIT::compile):
1099         * dfg/DFGSpeculativeJIT.cpp:
1100         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1101
1102 2011-08-26  Mark Hahnenberg  <mhahnenberg@apple.com>
1103
1104         Unzip initialization lists and constructors in JSCell hierarchy (2/7)
1105         https://bugs.webkit.org/show_bug.cgi?id=66957
1106
1107         Reviewed by Darin Adler.
1108
1109         Completed the second level of the refactoring to add finishCreation()
1110         methods to all classes within the JSCell hierarchy with non-trivial 
1111         constructor bodies.
1112
1113         * runtime/Executable.h:
1114         (JSC::ExecutableBase::ExecutableBase):
1115         (JSC::ExecutableBase::create):
1116         (JSC::NativeExecutable::create):
1117         (JSC::NativeExecutable::finishCreation):
1118         (JSC::NativeExecutable::NativeExecutable):
1119         (JSC::ScriptExecutable::ScriptExecutable):
1120         (JSC::ScriptExecutable::finishCreation):
1121         * runtime/GetterSetter.h:
1122         (JSC::GetterSetter::GetterSetter):
1123         (JSC::GetterSetter::create):
1124         * runtime/JSAPIValueWrapper.h:
1125         (JSC::JSAPIValueWrapper::create):
1126         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
1127         * runtime/JSObject.h:
1128         (JSC::JSNonFinalObject::JSNonFinalObject):
1129         (JSC::JSNonFinalObject::finishCreation):
1130         (JSC::JSFinalObject::create):
1131         (JSC::JSFinalObject::finishCreation):
1132         (JSC::JSFinalObject::JSFinalObject):
1133         (JSC::JSObject::JSObject):
1134         * runtime/JSPropertyNameIterator.cpp:
1135         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
1136         (JSC::JSPropertyNameIterator::create):
1137         * runtime/JSPropertyNameIterator.h:
1138         (JSC::JSPropertyNameIterator::create):
1139         * runtime/RegExp.cpp:
1140         (JSC::RegExp::RegExp):
1141         (JSC::RegExp::createWithoutCaching):
1142         * runtime/ScopeChain.h:
1143         (JSC::ScopeChainNode::ScopeChainNode):
1144         (JSC::ScopeChainNode::create):
1145         * runtime/Structure.cpp:
1146         (JSC::Structure::Structure):
1147         * runtime/Structure.h:
1148         (JSC::Structure::create):
1149         (JSC::Structure::finishCreation):
1150         (JSC::Structure::createStructure):
1151         * runtime/StructureChain.cpp:
1152         (JSC::StructureChain::StructureChain):
1153         * runtime/StructureChain.h:
1154         (JSC::StructureChain::create):
1155
1156 2011-08-26  Filip Pizlo  <fpizlo@apple.com>
1157
1158         The GC does not have a facility for profiling the kinds of objects
1159         that occupy the heap
1160         https://bugs.webkit.org/show_bug.cgi?id=66849
1161
1162         Reviewed by Geoffrey Garen.
1163         
1164         Destructor calls and object scans are now optionally counted, per
1165         vtable. When the heap is destroyed and profiling is enabled, the
1166         counts are dumped, with care taken to print the names of classes
1167         (modulo C++ mangling) sorted in descending commonality.
1168
1169         * GNUmakefile.list.am:
1170         * JavaScriptCore.exp:
1171         * JavaScriptCore.pro:
1172         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1173         * JavaScriptCore.xcodeproj/project.pbxproj:
1174         * heap/Heap.cpp:
1175         (JSC::Heap::destroy):
1176         * heap/Heap.h:
1177         * heap/MarkStack.cpp:
1178         (JSC::SlotVisitor::visitChildren):
1179         (JSC::SlotVisitor::drain):
1180         * heap/MarkStack.h:
1181         * heap/MarkedBlock.cpp:
1182         (JSC::MarkedBlock::callDestructor):
1183         * heap/MarkedBlock.h:
1184         * heap/VTableSpectrum.cpp: Added.
1185         (JSC::VTableSpectrum::VTableSpectrum):
1186         (JSC::VTableSpectrum::~VTableSpectrum):
1187         (JSC::VTableSpectrum::countVPtr):
1188         (JSC::VTableSpectrum::count):
1189         (JSC::VTableAndCount::VTableAndCount):
1190         (JSC::VTableAndCount::operator<):
1191         (JSC::VTableSpectrum::dump):
1192         * heap/VTableSpectrum.h: Added.
1193         * wtf/Platform.h:
1194
1195 2011-08-26  Juan C. Montemayor  <jmont@apple.com>
1196
1197         Update topCallFrame when calling host functions in the JIT
1198         https://bugs.webkit.org/show_bug.cgi?id=67010
1199
1200         Reviewed by Oliver Hunt.
1201         
1202         The topCallFrame is not being updated when a host function is
1203         called by the JIT. This causes problems when trying to create a
1204         stack trace (https://bugs.webkit.org/show_bug.cgi?id=66994).
1205
1206         * jit/JITOpcodes.cpp:
1207         (JSC::JIT::privateCompileCTIMachineTrampolines):
1208         (JSC::JIT::privateCompileCTINativeCall):
1209
1210 2011-08-26  Alexey Proskuryakov  <ap@apple.com>
1211
1212         Get rid of frame life support timer
1213         https://bugs.webkit.org/show_bug.cgi?id=66874
1214
1215         Reviewed by Geoff Garen.
1216
1217         * runtime/JSGlobalObject.h:
1218         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1219         globalExec() no longer needs to be virtual, its only override was in JSDOMWindowBase.
1220
1221 2011-08-26  Chao-ying Fu  <fu@mips.com>
1222
1223         Fix MIPS patchOffsetGetByIdSlowCaseCall
1224         https://bugs.webkit.org/show_bug.cgi?id=67046
1225
1226         Reviewed by Gavin Barraclough.
1227
1228         * jit/JIT.h:
1229
1230 2011-08-25  Mark Hahnenberg  <mhahnenberg@apple.com>
1231
1232         Fixing broken build due to unused variables in release mode
1233         https://bugs.webkit.org/show_bug.cgi?id=67004
1234
1235         Unreviewed, release build fix.
1236
1237         Fixing broken build due to unused variables in ASSERTs in release build.
1238
1239         * runtime/JSObject.h:
1240         (JSC::JSObject::finishCreation):
1241         * runtime/JSString.h:
1242         (JSC::RopeBuilder::finishCreation):
1243         * runtime/ScopeChain.h:
1244         (JSC::ScopeChainNode::finishCreation):
1245
1246 2011-08-25  Mark Hahnenberg  <mhahnenberg@apple.com>
1247
1248         Unzip initialization lists and constructors in JSCell hierarchy (1/7)
1249         https://bugs.webkit.org/show_bug.cgi?id=66827
1250
1251         Reviewed by Geoffrey Garen.
1252
1253         Added finishCreation() methods to all immediately subclasses of JSCell with
1254         non-empty constructors.  Part of a larger refactoring to "unzip" initialization
1255         lists and constructor bodies.  Also renamed JSCell's constructorBody() method
1256         to finishCreation().
1257
1258         * runtime/Executable.h:
1259         (JSC::ExecutableBase::ExecutableBase):
1260         (JSC::ExecutableBase::constructorBody):
1261         * runtime/GetterSetter.h:
1262         (JSC::GetterSetter::GetterSetter):
1263         * runtime/JSAPIValueWrapper.h:
1264         (JSC::JSAPIValueWrapper::constructorBody):
1265         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
1266         * runtime/JSCell.h:
1267         (JSC::JSCell::JSCell::JSCell):
1268         (JSC::JSCell::JSCell::constructorBody):
1269         * runtime/JSObject.h:
1270         (JSC::JSObject::constructorBody):
1271         (JSC::JSObject::JSObject):
1272         * runtime/JSPropertyNameIterator.h:
1273         (JSC::JSPropertyNameIterator::constructorBody):
1274         * runtime/JSString.h:
1275         (JSC::RopeBuilder::JSString):
1276         (JSC::RopeBuilder::constructorBody):
1277         * runtime/RegExp.cpp:
1278         (JSC::RegExp::RegExp):
1279         (JSC::RegExp::constructorBody):
1280         * runtime/RegExp.h:
1281         * runtime/ScopeChain.h:
1282         (JSC::ScopeChainNode::ScopeChainNode):
1283         (JSC::ScopeChainNode::constructorBody):
1284         * runtime/Structure.cpp:
1285         (JSC::Structure::Structure):
1286         * runtime/StructureChain.cpp:
1287         (JSC::StructureChain::StructureChain):
1288         * runtime/StructureChain.h:
1289         (JSC::StructureChain::create):
1290         (JSC::StructureChain::constructorBody):
1291
1292 2011-08-25  Gabor Loki  <loki@webkit.org>
1293
1294         REGRESSION(r93755): It made 14 jsc test and ~500 layout test fail on Qt-ARM bot
1295         https://bugs.webkit.org/show_bug.cgi?id=66956
1296
1297         Rebaseline constants for patching GetByIdSlowCaseCall on ARM.
1298
1299         Reviewed by Oliver Hunt.
1300
1301         * jit/JIT.h:
1302
1303 2011-08-24  Juan C. Montemayor  <jmont@apple.com>
1304
1305         Keep track of topCallFrame for Stack traces
1306         https://bugs.webkit.org/show_bug.cgi?id=66571
1307
1308         Reviewed by Geoffrey Garen.
1309
1310         This patch adds a TopCallFrame to JSC in order to have that information
1311         when an error is thrown to create a stack trace. The TopCallFrame is
1312         updated throughout select points in the Interpreter and the JSC.
1313
1314         * interpreter/Interpreter.cpp:
1315         (JSC::Interpreter::unwindCallFrame):
1316         (JSC::Interpreter::throwException):
1317         (JSC::Interpreter::execute):
1318         (JSC::Interpreter::executeCall):
1319         (JSC::Interpreter::executeConstruct):
1320         (JSC::Interpreter::privateExecute):
1321         * interpreter/Interpreter.h:
1322         (JSC::TopCallFrameSetter::TopCallFrameSetter):
1323         (JSC::TopCallFrameSetter::~TopCallFrameSetter):
1324         * jit/JIT.h:
1325         * jit/JITInlineMethods.h:
1326         (JSC::JIT::updateTopCallFrame):
1327         * jit/JITStubCall.h:
1328         (JSC::JITStubCall::call):
1329         * jit/JITStubs.cpp:
1330         (JSC::throwExceptionFromOpCall):
1331         (JSC::DEFINE_STUB_FUNCTION):
1332         (JSC::arityCheckFor):
1333         * runtime/JSGlobalData.cpp:
1334         (JSC::JSGlobalData::JSGlobalData):
1335         * runtime/JSGlobalData.h:
1336
1337 2011-08-24  Filip Pizlo  <fpizlo@apple.com>
1338
1339         ErrorInstance::create sometimes has two heap object constructions
1340         in flight at once
1341         https://bugs.webkit.org/show_bug.cgi?id=66845
1342
1343         Reviewed by Darin Adler.
1344         
1345         The fix is simple since there is already a second create() method
1346         that takes a UString.
1347
1348         * runtime/ErrorInstance.cpp:
1349         (JSC::ErrorInstance::create):
1350
1351 2011-08-24  Filip Pizlo  <fpizlo@apple.com>
1352
1353         There is no facility for profiling how the write barrier is used
1354         https://bugs.webkit.org/show_bug.cgi?id=66747
1355
1356         Reviewed by Geoffrey Garen.
1357         
1358         Added facilities for the JIT to specify the kind of write barrier
1359         being executed.  Added code for profiling the number of each kind
1360         of barrier encountered.
1361
1362         * GNUmakefile.list.am:
1363         * JavaScriptCore.exp:
1364         * JavaScriptCore.pro:
1365         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1366         * JavaScriptCore.xcodeproj/project.pbxproj:
1367         * dfg/DFGJITCodeGenerator.cpp:
1368         (JSC::DFG::JITCodeGenerator::writeBarrier):
1369         (JSC::DFG::JITCodeGenerator::cachedPutById):
1370         * dfg/DFGJITCodeGenerator.h:
1371         * dfg/DFGJITCompiler.cpp:
1372         (JSC::DFG::JITCompiler::emitCount):
1373         * dfg/DFGJITCompiler.h:
1374         (JSC::DFG::JITCompiler::emitCount):
1375         * dfg/DFGNonSpeculativeJIT.cpp:
1376         (JSC::DFG::NonSpeculativeJIT::compile):
1377         * dfg/DFGRepatch.cpp:
1378         (JSC::DFG::tryCachePutByID):
1379         * dfg/DFGSpeculativeJIT.cpp:
1380         (JSC::DFG::SpeculativeJIT::compile):
1381         * heap/Heap.h:
1382         (JSC::Heap::writeBarrier):
1383         * heap/WriteBarrierSupport.cpp: Added.
1384         (JSC::WriteBarrierCounters::initialize):
1385         * heap/WriteBarrierSupport.h: Added.
1386         (JSC::WriteBarrierCounters::WriteBarrierCounters):
1387         (JSC::WriteBarrierCounters::jitCounterFor):
1388         (JSC::WriteBarrierCounters::countWriteBarrier):
1389         * jit/JIT.h:
1390         * jit/JITPropertyAccess.cpp:
1391         (JSC::JIT::emit_op_put_by_id):
1392         (JSC::JIT::privateCompilePutByIdTransition):
1393         (JSC::JIT::emit_op_put_scoped_var):
1394         (JSC::JIT::emit_op_put_global_var):
1395         (JSC::JIT::emitWriteBarrier):
1396         * jit/JITPropertyAccess32_64.cpp:
1397         (JSC::JIT::emit_op_put_by_val):
1398         (JSC::JIT::emit_op_put_by_id):
1399         (JSC::JIT::privateCompilePutByIdTransition):
1400         (JSC::JIT::emit_op_put_scoped_var):
1401         (JSC::JIT::emit_op_put_global_var):
1402         (JSC::JIT::emitWriteBarrier):
1403         * runtime/InitializeThreading.cpp:
1404         (JSC::initializeThreadingOnce):
1405         * runtime/WriteBarrier.h:
1406         (JSC::WriteBarrierBase::setWithoutWriteBarrier):
1407
1408 2011-08-23  Mark Hahnenberg  <mhahnenberg@apple.com>
1409
1410         Add checks to ensure allocation does not take place during initialization of GC-managed objects
1411         https://bugs.webkit.org/show_bug.cgi?id=65288
1412
1413         Reviewed by Darin Adler.
1414
1415         Adding the new validation functionality.  In its current state, it will performs checks, 
1416         but they don't fail unless you do allocation in the arguments to the parent constructor in the 
1417         initialization list of a class.  The allocateCell() method turns on the global flag disallowing any new 
1418         allocations, and the constructorBody() method in JSCell turns it off.  This way, allocation is still 
1419         allowed in constructor bodies while other refactoring efforts continue.
1420
1421         * runtime/JSCell.h:
1422         (JSC::JSCell::JSCell::constructorBody):
1423         (JSC::JSCell::JSCell::JSCell):
1424         (JSC::JSCell::allocateCell):
1425         * runtime/JSGlobalData.cpp:
1426         (JSC::JSGlobalData::JSGlobalData):
1427         * runtime/JSGlobalData.h:
1428         (JSC::JSGlobalData::isInitializingObject):
1429         (JSC::JSGlobalData::setInitializingObject):
1430         * runtime/StringObjectThatMasqueradesAsUndefined.h:
1431         (JSC::StringObjectThatMasqueradesAsUndefined::create):
1432
1433 2011-08-23  Gavin Barraclough  <barraclough@apple.com>
1434
1435         https://bugs.webkit.org/show_bug.cgi?id=55347
1436         "name" and "message" enumerable on *Error.prototype
1437
1438         Reviewed by Sam Weinig.
1439
1440         The default value of a NativeErrorPrototype's message
1441         property is "", not the name of the error.
1442
1443         * runtime/NativeErrorConstructor.cpp:
1444         (JSC::NativeErrorConstructor::NativeErrorConstructor):
1445         * runtime/NativeErrorConstructor.h:
1446         (JSC::NativeErrorConstructor::create):
1447         (JSC::NativeErrorConstructor::constructorBody):
1448         * runtime/NativeErrorPrototype.cpp:
1449         (JSC::NativeErrorPrototype::NativeErrorPrototype):
1450         (JSC::NativeErrorPrototype::constructorBody):
1451         * runtime/NativeErrorPrototype.h:
1452         (JSC::NativeErrorPrototype::create):
1453         * runtime/StringPrototype.cpp:
1454         (JSC::StringPrototype::StringPrototype):
1455         * runtime/StringPrototype.h:
1456         (JSC::StringPrototype::create):
1457
1458 2011-08-23  Steve Block  <steveblock@google.com>
1459
1460         Remove last occurrences of PLATFORM(ANDROID)
1461         https://bugs.webkit.org/show_bug.cgi?id=66763
1462
1463         Reviewed by Tony Gentilcore.
1464
1465         * wtf/Platform.h:
1466
1467 2011-08-23  Steve Block  <steveblock@google.com>
1468
1469         Remove all mention of removed Android files from build scripts
1470         https://bugs.webkit.org/show_bug.cgi?id=66755
1471
1472         Reviewed by Tony Gentilcore.
1473
1474         * JavaScriptCore.gyp/JavaScriptCore.gyp:
1475         * JavaScriptCore.gypi:
1476         * gyp/JavaScriptCore.gyp:
1477
1478 2011-08-23  Adam Barth  <abarth@webkit.org>
1479
1480         Remove WebCore/editing/android and other Android-specific directories
1481         https://bugs.webkit.org/show_bug.cgi?id=66739
1482
1483         Reviewed by Steve Block.
1484
1485         Now that Android shares more code with Chromium, we don't need these
1486         Android-specific files.
1487
1488         * wtf/android: Removed.
1489         * wtf/android/AndroidThreading.h: Removed.
1490         * wtf/android/MainThreadAndroid.cpp: Removed.
1491
1492 2011-08-23  Ilya Tikhonovsky  <loislo@chromium.org>
1493
1494         Unreviewed build fix for compile error on Windows for r93560.
1495
1496         * runtime/SamplingCounter.h:
1497
1498 2011-08-22  Filip Pizlo  <fpizlo@apple.com>
1499
1500         Sampling counter support is in the bytecode directory
1501         https://bugs.webkit.org/show_bug.cgi?id=66724
1502
1503         Reviewed by Darin Adler.
1504         
1505         Moved SamplingCounter to a separate header in runtime/.
1506
1507         * GNUmakefile.list.am:
1508         * JavaScriptCore.pro:
1509         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1510         * JavaScriptCore.xcodeproj/project.pbxproj:
1511         * bytecode/SamplingTool.cpp:
1512         * bytecode/SamplingTool.h:
1513         * runtime/SamplingCounter.cpp: Added.
1514         (JSC::AbstractSamplingCounter::dump):
1515         * runtime/SamplingCounter.h: Added.
1516         (JSC::AbstractSamplingCounter::count):
1517         (JSC::AbstractSamplingCounter::addressOfCounter):
1518         (JSC::AbstractSamplingCounter::init):
1519         (JSC::SamplingCounter::SamplingCounter):
1520         (JSC::GlobalSamplingCounter::name):
1521         (JSC::DeletableSamplingCounter::DeletableSamplingCounter):
1522         (JSC::DeletableSamplingCounter::~DeletableSamplingCounter):
1523
1524 2011-08-21  Martin Robinson  <mrobinson@igalia.com>
1525
1526         Fix 'make dist' for WebKitGTK+.
1527
1528         * GNUmakefile.list.am: Add a missing header to the sources list.
1529
1530 2011-08-20  Filip Pizlo  <fpizlo@apple.com>
1531
1532         JavaScriptCore bytecompiler does not compute scope depth correctly
1533         in the case of constant declarations
1534         https://bugs.webkit.org/show_bug.cgi?id=66572
1535
1536         Reviewed by Oliver Hunt.
1537         
1538         Changed the handling of const to add the dynamic scope depth.
1539
1540         * bytecompiler/NodesCodegen.cpp:
1541         (JSC::ConstDeclNode::emitCodeSingle):
1542
1543 2011-08-19  Daniel Bates  <dbates@webkit.org>
1544
1545         Only #include <signal.h> and require SA_RESTART when building with JSC_MULTIPLE_THREADS
1546         https://bugs.webkit.org/show_bug.cgi?id=66617
1547
1548         Both <signal.h> and SA_RESTART usage are guarded behind ENABLE(JSC_MULTIPLE_THREADS).
1549         But we cause a compile error if the platform doesn't support SA_RESTART regardless of
1550         whether JSC_MULTIPLE_THREADS is enabled for the port. Instead, we shouldn't require
1551         SA_RESTART support unless we are building with JSC_MULTIPLE_THREADS enabled.
1552
1553         Reviewed by Antonio Gomes.
1554
1555         * heap/MachineStackMarker.cpp:
1556
1557 2011-08-19  Filip Pizlo  <fpizlo@apple.com>
1558
1559         The JSC JIT currently has no facility to profile and report
1560         the types of values
1561         https://bugs.webkit.org/show_bug.cgi?id=65901
1562
1563         Reviewed by Gavin Barraclough.
1564         
1565         Added the ability to profile the values seen at function calls (both
1566         arguments and results) and heap loads.  This is done with emphasis
1567         on performance.  A value profiling site consists of: add, and,
1568         move, and store; no branching is necessary.  Each value profiling
1569         site (called a ValueProfile) has a ring buffer of 8 recently-seen
1570         values.  ValueProfiles are stored in the CodeBlock; there will be
1571         one for each argument (excluding this) and each heap load or callsite.
1572         Each time a value profiling site executes, it stores the value into
1573         a pseudo-random element in the ValueProfile buffer.  The point is
1574         that for frequently executed code, we will have 8 somewhat recent
1575         values in the buffer and will be able to not only figure out what
1576         type it is, but also to be able to reason about the actual values
1577         if we wish to do so.
1578         
1579         This feature is currently disabled by default.  When enabled, it
1580         results in a 3.7% slow-down on SunSpider.
1581
1582         * JavaScriptCore.xcodeproj/project.pbxproj:
1583         * bytecode/CodeBlock.cpp:
1584         (JSC::CodeBlock::~CodeBlock):
1585         * bytecode/CodeBlock.h:
1586         (JSC::CodeBlock::addValueProfile):
1587         (JSC::CodeBlock::numberOfValueProfiles):
1588         (JSC::CodeBlock::valueProfile):
1589         (JSC::CodeBlock::valueProfileForBytecodeOffset):
1590         * bytecode/ValueProfile.h: Added.
1591         (JSC::ValueProfile::ValueProfile):
1592         (JSC::ValueProfile::numberOfSamples):
1593         (JSC::ValueProfile::computeProbability):
1594         (JSC::ValueProfile::numberOfInt32s):
1595         (JSC::ValueProfile::numberOfDoubles):
1596         (JSC::ValueProfile::numberOfCells):
1597         (JSC::ValueProfile::probabilityOfInt32):
1598         (JSC::ValueProfile::probabilityOfDouble):
1599         (JSC::ValueProfile::probabilityOfCell):
1600         (JSC::getValueProfileBytecodeOffset):
1601         * jit/JIT.cpp:
1602         (JSC::JIT::privateCompileSlowCases):
1603         (JSC::JIT::privateCompile):
1604         * jit/JIT.h:
1605         (JSC::JIT::emitValueProfilingSite):
1606         * jit/JITCall.cpp:
1607         (JSC::JIT::emit_op_call_put_result):
1608         * jit/JITInlineMethods.h:
1609         (JSC::JIT::emitValueProfilingSite):
1610         * jit/JITPropertyAccess.cpp:
1611         (JSC::JIT::emit_op_get_by_val):
1612         (JSC::JIT::emitSlow_op_get_by_val):
1613         (JSC::JIT::emit_op_method_check):
1614         (JSC::JIT::emit_op_get_by_id):
1615         (JSC::JIT::emitSlow_op_get_by_id):
1616         * jit/JSInterfaceJIT.h:
1617         * wtf/Platform.h:
1618         * wtf/StdLibExtras.h:
1619         (WTF::binarySearch):
1620         (WTF::genericBinarySearch):
1621
1622 2011-08-19  Daniel Bates  <dbates@webkit.org>
1623
1624         Don't include DisallowCType.h when building on QNX
1625         https://bugs.webkit.org/show_bug.cgi?id=66616
1626
1627         Reviewed by Antonio Gomes.
1628
1629         * config.h:
1630
1631 2011-08-19  Daniel Bates  <dbates@webkit.org>
1632
1633         Implement ExecutableAllocator::cacheFlush() for QNX
1634         https://bugs.webkit.org/show_bug.cgi?id=66611
1635
1636         Reviewed by Antonio Gomes.
1637
1638         * jit/ExecutableAllocator.h:
1639         (JSC::ExecutableAllocator::cacheFlush):
1640
1641 2011-08-19  Daniel Bates  <dbates@webkit.org>
1642
1643         Implement WTF::atomic{Increment, Decrement}() for QNX
1644         https://bugs.webkit.org/show_bug.cgi?id=66605
1645
1646         Reviewed by Darin Adler.
1647
1648         * wtf/Atomics.h:
1649         (WTF::atomicIncrement):
1650         (WTF::atomicDecrement):
1651
1652 2011-08-19  Beth Dakin  <bdakin@apple.com>
1653
1654         https://bugs.webkit.org/show_bug.cgi?id=66590
1655         Re-name scrollbar painter types
1656
1657         Reviewed by Sam Weinig.
1658
1659         WTF_USE_WK_SCROLLBAR_PAINTER is now WTF_USE_SCROLLBAR_PAINTER since WK no longer 
1660         applies.
1661         * wtf/Platform.h:
1662
1663 2011-08-18  Mark Hahnenberg  <mhahnenberg@apple.com>
1664
1665         Move allocation in constructors into separate constructorBody() methods
1666         https://bugs.webkit.org/show_bug.cgi?id=66265
1667
1668         Reviewed by Oliver Hunt.
1669
1670         Refactoring to put all allocations that need to be done after the object's 
1671         initialization list has executed but before the object is ready for use 
1672         into a separate constructorBody() method.  This method is still called by the constructor, 
1673         so the patch doesn't resolve any potential issues, it's just to set up the code for further refactoring.
1674
1675         * JavaScriptCore.exp:
1676         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1677         * jsc.cpp:
1678         (GlobalObject::constructorBody):
1679         (GlobalObject::GlobalObject):
1680         * runtime/ErrorInstance.cpp:
1681         (JSC::ErrorInstance::ErrorInstance):
1682         * runtime/ErrorInstance.h:
1683         (JSC::ErrorInstance::constructorBody):
1684         * runtime/ErrorPrototype.cpp:
1685         (JSC::ErrorPrototype::ErrorPrototype):
1686         (JSC::ErrorPrototype::constructorBody):
1687         * runtime/ErrorPrototype.h:
1688         * runtime/Executable.cpp:
1689         (JSC::FunctionExecutable::FunctionExecutable):
1690         * runtime/Executable.h:
1691         (JSC::FunctionExecutable::constructorBody):
1692         * runtime/InternalFunction.cpp:
1693         (JSC::InternalFunction::InternalFunction):
1694         * runtime/InternalFunction.h:
1695         (JSC::InternalFunction::constructorBody):
1696         * runtime/JSByteArray.cpp:
1697         (JSC::JSByteArray::JSByteArray):
1698         * runtime/JSByteArray.h:
1699         (JSC::JSByteArray::constructorBody):
1700         * runtime/JSFunction.cpp:
1701         (JSC::JSFunction::JSFunction):
1702         (JSC::JSFunction::constructorBody):
1703         * runtime/JSFunction.h:
1704         * runtime/JSGlobalObject.h:
1705         (JSC::JSGlobalObject::JSGlobalObject):
1706         (JSC::JSGlobalObject::constructorBody):
1707         * runtime/JSPropertyNameIterator.cpp:
1708         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
1709         * runtime/JSPropertyNameIterator.h:
1710         (JSC::JSPropertyNameIterator::constructorBody):
1711         * runtime/JSString.h:
1712         (JSC::RopeBuilder::JSString):
1713         (JSC::RopeBuilder::constructorBody):
1714         * runtime/NativeErrorConstructor.cpp:
1715         (JSC::NativeErrorConstructor::NativeErrorConstructor):
1716         * runtime/NativeErrorConstructor.h:
1717         (JSC::NativeErrorConstructor::constructorBody):
1718         * runtime/NativeErrorPrototype.cpp:
1719         (JSC::NativeErrorPrototype::NativeErrorPrototype):
1720         (JSC::NativeErrorPrototype::constructorBody):
1721         * runtime/NativeErrorPrototype.h:
1722         * runtime/StringObject.cpp:
1723         * runtime/StringObject.h:
1724         (JSC::StringObject::create):
1725         * runtime/StringObjectThatMasqueradesAsUndefined.h:
1726         (JSC::StringObjectThatMasqueradesAsUndefined::create):
1727         (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
1728         * runtime/StringPrototype.cpp:
1729         (JSC::StringPrototype::StringPrototype):
1730         * runtime/StringPrototype.h:
1731         (JSC::StringPrototype::create):
1732
1733 2011-08-10  Filip Pizlo  <fpizlo@apple.com>
1734
1735         DFG non-speculative JIT does not inline the double case of ValueAdd
1736         https://bugs.webkit.org/show_bug.cgi?id=66025
1737
1738         Reviewed by Gavin Barraclough.
1739         
1740         This is a 1.3% win on Kraken overall, with >=8% speed-ups on a few
1741         benchmarks (imaging-darkroom, stanford-crypto-pbkdf2,
1742         stanford-crypto-sha256-iterative).  It looks like it might have
1743         a speed-up in SunSpider (though not statistically significant or
1744         particularly reproducible) and a slight slow-down in V8 (0.14%,
1745         not statistically significant).  It does slow down v8-crypto by
1746         1.5%.
1747
1748         * dfg/DFGJITCodeGenerator.cpp:
1749         (JSC::DFG::JITCodeGenerator::isKnownInteger):
1750         (JSC::DFG::JITCodeGenerator::isKnownNumeric):
1751         * dfg/DFGNonSpeculativeJIT.cpp:
1752         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1753         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1754         * dfg/DFGOperations.cpp:
1755
1756 2011-08-18  Filip Pizlo  <fpizlo@apple.com>
1757
1758         [jsfunfuzz] DFG speculative JIT does divide-by-zero checks incorrectly
1759         https://bugs.webkit.org/show_bug.cgi?id=66426
1760
1761         Reviewed by Oliver Hunt.
1762         
1763         Changed the branchTestPtr to branchTest32.
1764
1765         * dfg/DFGSpeculativeJIT.cpp:
1766         (JSC::DFG::SpeculativeJIT::compile):
1767
1768 2011-08-17  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
1769
1770         https://bugs.webkit.org/show_bug.cgi?id=66379
1771         implements load32WithCompactAddressOffsetPatch function 
1772         and fixes store32 and moveWithPatch functions for SH4 platforms.
1773
1774         Reviewed by Gavin Barraclough.
1775
1776         * assembler/MacroAssemblerSH4.h:
1777         (JSC::MacroAssemblerSH4::rshift32):
1778         (JSC::MacroAssemblerSH4::store32):
1779         (JSC::MacroAssemblerSH4::load32WithCompactAddressOffsetPatch):
1780         (JSC::MacroAssemblerSH4::moveWithPatch):
1781         * assembler/SH4Assembler.h:
1782         (JSC::SH4Assembler::movlMemRegCompact):
1783         (JSC::SH4Assembler::readPointer):
1784         (JSC::SH4Assembler::repatchCompact):
1785         * jit/JIT.h:
1786
1787 2011-08-17  Filip Pizlo  <fpizlo@apple.com>
1788
1789         JSC verbose debugging output sometimes doesn't work as expected.
1790         https://bugs.webkit.org/show_bug.cgi?id=66107
1791
1792         Reviewed by Gavin Barraclough.
1793         
1794         Hardened the CodeBlock::dump() code so that it no longer crashes.  Improved
1795         the DFG verbose code so that it prints slightly more useful information.
1796
1797         * assembler/LinkBuffer.h:
1798         (JSC::LinkBuffer::debugSize):
1799         * bytecode/CodeBlock.cpp:
1800         (JSC::valueToSourceString):
1801         (JSC::CodeBlock::dump):
1802         * bytecode/CodeBlock.h:
1803         (JSC::CodeBlock::numberOfRegExps):
1804         * dfg/DFGJITCompiler.cpp:
1805         (JSC::DFG::JITCompiler::link):
1806
1807 2011-08-16  Michael Saboff  <msaboff@apple.com>
1808
1809         Crash in Structure::visitChildren running iAd.js regression test suite under memory pressure
1810         https://bugs.webkit.org/show_bug.cgi?id=66351
1811
1812         JIT::privateCompilePutByIdTransition expects that regT0 and regT1
1813         have the basePayload and baseTag respectively.  In some cases,
1814         we may get to this generated code with one or both of these
1815         registers trash.  One know case is that regT0 on ARM may be
1816         trashed as regT0 (r0) is also arg0 and can be overrun with sp due
1817         to calls to JIT::restoreReturnAddress().  This patch uses the
1818         values on the stack.  A longer term solution is to work out all
1819         cases so that the register entry assumptions can assured.
1820
1821         While fixing this, also determined that the additional stack offset
1822         of sizeof(void*) is not needed for ARM.
1823
1824         Reviewed by Gavin Barraclough.
1825
1826         * jit/JITPropertyAccess32_64.cpp:
1827         (JSC::JIT::privateCompilePutByIdTransition):
1828
1829 2011-08-15  Gavin Barraclough  <barraclough@apple.com>
1830
1831         https://bugs.webkit.org/show_bug.cgi?id=66263
1832         DFG JIT does not always zero extend boolean result of DFG operations
1833
1834         Reviewed by Sam Weinig.
1835
1836         * dfg/DFGOperations.cpp:
1837         * dfg/DFGOperations.h:
1838             - Change bool return values to a 64-bit type.
1839
1840 2011-08-15  Gavin Barraclough  <barraclough@apple.com>
1841
1842         Crash accessing static property on sealed object
1843         https://bugs.webkit.org/show_bug.cgi?id=66242
1844
1845         Reviewed by Sam Weinig.
1846
1847         * runtime/JSObject.h:
1848         (JSC::JSObject::putDirectInternal):
1849             - should only check isExtensible if checkReadOnly.
1850
1851 2011-08-15  Sam Weinig  <sam@webkit.org>
1852
1853         Fix release build when building with Clang.
1854
1855         Reviewed by Anders Carlsson.
1856
1857         * runtime/Identifier.cpp:
1858         (JSC::Identifier::checkCurrentIdentifierTable):
1859         Add NO_RETURN_DUE_TO_CRASH.
1860
1861 2011-08-15  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
1862
1863         Reviewed by Nikolas Zimmermann.
1864
1865         Speed up SVGSMILElement::findInstanceTime.
1866         https://bugs.webkit.org/show_bug.cgi?id=61025
1867
1868         Add a new parameter to StdlibExtras.h::binarySerarch function
1869         to also handle cases when the array does not contain the key value.
1870         This is needed for an svg function.
1871
1872         * wtf/StdLibExtras.h:
1873         (WTF::binarySearch):
1874
1875 2011-08-13  Sam Weinig  <sam@webkit.org>
1876
1877         Add back 0xbbadbeef to CRASH to allow for old habits
1878         https://bugs.webkit.org/show_bug.cgi?id=66190
1879
1880         Reviewed by David Kilzer.
1881
1882         * wtf/Assertions.h:
1883         Add back the assignment to the memory address 0xbbadbeef in the CRASH
1884         macro, as it does not cause issue in the clang static analyzer and many
1885         people use its presence in crash reports to easily identify ASSERTs. 
1886
1887 2011-08-13  Sam Weinig  <sam@webkit.org>
1888
1889         Fix a bunch of minor bugs caught by the clang static analyzer in JavaScriptCore
1890         https://bugs.webkit.org/show_bug.cgi?id=66182
1891
1892         Reviewed by Dan Bernstein.
1893
1894         Fixes 10 warnings in JavaScriptCore and 2 in testapi.
1895
1896         * API/tests/testapi.c:
1897         (main):
1898         Remove dead variables.
1899
1900         * dfg/DFGGraph.cpp:
1901         (JSC::DFG::Graph::dump):
1902         Initialize hasPrinted and silence an unused warning by casting to void (Ok here
1903         since it is debug code and I want to keep it clear that if other cases are added,
1904         the hasPrinted flag would be needed).
1905
1906         * wtf/dtoa.cpp:
1907         (WTF::d2b):
1908         The variable "de" in the else block is always zero, so there is no reason to
1909         use it.
1910
1911 2011-08-12  Sam Weinig  <sam@webkit.org>
1912
1913         Use __builtin_trap() for CRASH when building with clang
1914         https://bugs.webkit.org/show_bug.cgi?id=66152
1915
1916         Reviewed by Anders Carlsson.
1917
1918         * wtf/Assertions.h:
1919         Add Clang specific CRASH macro that calls __builtin_trap() instead
1920         of silly techniques to crash. This allows the static analyzer to understand
1921         that we are intentionally crashing. As a result, we need to mark some functions
1922         as not returning.
1923
1924         Also adds a macros that annotates a function as never returning due to ASSERT or CRASH.
1925
1926         * wtf/Compiler.h:
1927         Add COMPILIER(CLANG) and fix some formatting and spelling mistakes.
1928
1929         * wtf/FastMalloc.cpp:
1930         (WTF::Internal::fastMallocMatchFailed):
1931         Add NO_RETURN_DUE_TO_CRASH.
1932
1933         * yarr/YarrParser.h:
1934         (JSC::Yarr::Parser::CharacterClassParserDelegate::assertionWordBoundary):
1935         (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBackReference):
1936         Add NO_RETURN_DUE_TO_ASSERT.
1937
1938 2011-08-12  Filip Pizlo  <fpizlo@apple.com>
1939
1940         DFG JIT has inconsistent use of boxDouble and unboxDouble,
1941         inconsistent use of assertions regarding doubles, and those
1942         assertions are not turned on in debug builds
1943         https://bugs.webkit.org/show_bug.cgi?id=66160
1944
1945         Reviewed by Gavin Barraclough.
1946         
1947         JIT assertions are now turned on in debug builds.  JIT
1948         assertions are now used for boxing and unboxing doubles, and boxing
1949         and unboxing no longer involves code duplication.
1950
1951         * dfg/DFGJITCodeGenerator.cpp:
1952         (JSC::DFG::JITCodeGenerator::fillDouble):
1953         * dfg/DFGJITCodeGenerator.h:
1954         (JSC::DFG::JITCodeGenerator::boxDouble):
1955         (JSC::DFG::JITCodeGenerator::unboxDouble):
1956         * dfg/DFGJITCompiler.cpp:
1957         (JSC::DFG::JITCompiler::fillNumericToDouble):
1958         (JSC::DFG::GeneralizedRegister::moveTo):
1959         (JSC::DFG::GeneralizedRegister::swapWith):
1960         * dfg/DFGJITCompiler.h:
1961         (JSC::DFG::JITCompiler::boxDouble):
1962         (JSC::DFG::JITCompiler::unboxDouble):
1963         * dfg/DFGNode.h:
1964         * dfg/DFGNonSpeculativeJIT.cpp:
1965         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1966         (JSC::DFG::NonSpeculativeJIT::compile):
1967         * dfg/DFGSpeculativeJIT.cpp:
1968         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1969         (JSC::DFG::SpeculativeJIT::convertToDouble):
1970
1971 2011-08-12  Mark Rowe  <mrowe@apple.com>
1972
1973         Be more forward-looking in the choice of compiler.
1974
1975         Rubber-stamped by Jon Honeycutt.
1976
1977         * Configurations/CompilerVersion.xcconfig:
1978
1979 2011-08-12  Kalev Lember  <kalevlember@gmail.com>
1980
1981         [GTK] Fix non-pthreads build after r91906.
1982         https://bugs.webkit.org/show_bug.cgi?id=66151
1983
1984         Reviewed by David Levin.
1985
1986         r91906 broke the non-pthreads GTK+ build by including a header which
1987         doesn't exist. Fix it by including DateMath.h instead of DateMap.h.
1988
1989         * wtf/gtk/ThreadingGtk.cpp:
1990
1991 2011-08-12  Mark Rowe  <mrowe@apple.com>
1992
1993         Update some configuration settings that were missed back in r92432.
1994
1995         * Configurations/CompilerVersion.xcconfig:
1996
1997 2011-08-12  Filip Pizlo  <fpizlo@apple.com>
1998
1999         REGRESSION (r91610?): Bing Maps fail to initialize (InvalidOperation:
2000         Matrix3D.invert)
2001         https://bugs.webkit.org/show_bug.cgi?id=66038
2002
2003         Reviewed by Gavin Barraclough.
2004         
2005         Simplest and lowest-impact fix for the case where the spilled format
2006         of a DFG node differs from the register format: if the format is
2007         converted then indicate that the spilled value is no longer valid
2008         ("kill the spill").
2009
2010         * dfg/DFGGenerationInfo.h:
2011         (JSC::DFG::GenerationInfo::killSpilled):
2012         * dfg/DFGJITCodeGenerator.cpp:
2013         (JSC::DFG::JITCodeGenerator::fillDouble):
2014         * dfg/DFGSpeculativeJIT.cpp:
2015         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2016
2017 2011-08-12  Sam Weinig  <sam@webkit.org>
2018
2019         Move compiler specific macros to their own header
2020         https://bugs.webkit.org/show_bug.cgi?id=66119
2021
2022         Reviewed by Anders Carlsson.
2023
2024         * JavaScriptCore.gypi:
2025         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
2026         * JavaScriptCore.xcodeproj/project.pbxproj:
2027         * wtf/CMakeLists.txt:
2028         Add Compiler.h
2029
2030         * wtf/AlwaysInline.h:
2031         Move the contents of this file (which no longer was just about ALWAYS_INLINE) to
2032         Compiler.h.  We can remove this file in a later commit.
2033
2034         * wtf/Compiler.h: Added.
2035         Put all compiler specific checks and features in this file.
2036
2037         * wtf/Platform.h:
2038         Move COMPILER macro and definitions (and the odd WARN_UNUSED_RETURN compiler feature)
2039         to Compiler.h.  Include Compiler.h since it is necessary.
2040
2041 2011-08-11  Filip Pizlo  <fpizlo@apple.com>
2042
2043         DFG JIT-specific structure stub info code offset fields are signed
2044         8-bit, but it is possible for the offsets to be greater than 127
2045         https://bugs.webkit.org/show_bug.cgi?id=66122
2046
2047         Reviewed by Gavin Barraclough.
2048
2049         * bytecode/StructureStubInfo.h:
2050         * dfg/DFGJITCodeGenerator.cpp:
2051         (JSC::DFG::JITCodeGenerator::cachedGetById):
2052         (JSC::DFG::JITCodeGenerator::cachedPutById):
2053
2054 2011-08-11  Filip Pizlo  <fpizlo@apple.com>
2055
2056         DFG JIT speculation failure code sometimes picks the wrong register
2057         as a scratch register.
2058         https://bugs.webkit.org/show_bug.cgi?id=66104
2059
2060         Reviewed by Gavin Barraclough.
2061         
2062         Hardened the code with more assertions and fixed the bug.  Now a
2063         spilled register is only used for scratch if it also isn't being
2064         used for shuffling.
2065
2066         * dfg/DFGJITCompiler.cpp:
2067         (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
2068         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
2069
2070 2011-08-11  Sheriff Bot  <webkit.review.bot@gmail.com>
2071
2072         Unreviewed, rolling out r92880.
2073         http://trac.webkit.org/changeset/92880
2074         https://bugs.webkit.org/show_bug.cgi?id=66123
2075
2076         Breaks compile in VS2010 (Requested by jamesr_ on #webkit).
2077
2078         * wtf/PassRefPtr.h:
2079
2080 2011-08-11  Mark Rowe  <mrowe@apple.com>
2081
2082         Don't conditionalize the use of -fomit-frame-pointer on compiler version as
2083         all of our supported compilers are now new enough to have the same, sane behavior.
2084
2085         Rubber-stamped by Sam Weinig.
2086
2087         * Configurations/JavaScriptCore.xcconfig:
2088
2089 2011-08-11  Filip Pizlo  <fpizlo@apple.com>
2090
2091         DFG JIT verbose mode does not report the generated types of nodes
2092         https://bugs.webkit.org/show_bug.cgi?id=65830
2093
2094         Reviewed by Sam Weinig.
2095         
2096         Added code that prints the type selected for each node's result.
2097
2098         * dfg/DFGGenerationInfo.h:
2099         (JSC::DFG::dataFormatToString):
2100         * dfg/DFGNonSpeculativeJIT.cpp:
2101         (JSC::DFG::NonSpeculativeJIT::compile):
2102         * dfg/DFGSpeculativeJIT.cpp:
2103         (JSC::DFG::SpeculativeJIT::compile):
2104
2105 2011-08-11  James Robinson  <jamesr@chromium.org>
2106
2107         nullptr can't be used for PassRefPtr
2108         https://bugs.webkit.org/show_bug.cgi?id=66024
2109
2110         Reviewed by Anders Carlsson.
2111
2112         * wtf/PassRefPtr.h:
2113         (WTF::PassRefPtr::PassRefPtr):
2114
2115 2011-08-11  Daniel Bates  <dbates@rim.com>
2116
2117         Removed unused variable in StackBounds::initialize() to resolve
2118         compiler warning when building on QNX.
2119         https://bugs.webkit.org/show_bug.cgi?id=66072
2120
2121         Reviewed by Antonio Gomes.
2122
2123         * wtf/StackBounds.cpp:
2124         (WTF::StackBounds::initialize):
2125
2126 2011-08-11  Devdatta Deshpande  <pwjd73@motorola.com>
2127
2128         Implementation of monotonically increasing clock on GTK
2129         https://bugs.webkit.org/show_bug.cgi?id=62175
2130
2131         Reviewed by Martin Robinson.
2132
2133         * wtf/CurrentTime.cpp:
2134         (WTF::monotonicallyIncreasingTime):
2135         The default implementation of monotonicallyIncreasingTime only
2136         guarantees the result to be non-decreasing.
2137         If the system time is changed to past then default implementation will
2138         still fail and WebCore timers will not fire.
2139
2140 2011-08-10  Geoffrey Garen  <ggaren@apple.com>
2141
2142         Removed some incorrect code that was dead.
2143
2144         Reviewed by Oliver Hunt.
2145
2146         clearSingleTransition() wasn't resetting m_data. Luckily,
2147         no one cares, because its caller was unused. Removed both.
2148
2149         * runtime/Structure.cpp:
2150         * runtime/StructureTransitionTable.h:
2151         (JSC::StructureTransitionTable::~StructureTransitionTable):
2152
2153 2011-08-10  Filip Pizlo  <fpizlo@apple.com>
2154
2155         REGRESSION(r92670-r92744): WebKit crashes when opening Gmail
2156         https://bugs.webkit.org/show_bug.cgi?id=66010
2157
2158         Reviewed by Oliver Hunt.
2159         
2160         Made sure that Construct calls use() on the this argument.
2161
2162         * dfg/DFGJITCodeGenerator.cpp:
2163         (JSC::DFG::JITCodeGenerator::emitCall):
2164
2165 2011-08-10  Mark Hahnenberg  <mhahnenberg@apple.com>
2166
2167         JSC should always throw when function arg list is too long
2168         https://bugs.webkit.org/show_bug.cgi?id=65869
2169
2170         Reviewed by Oliver Hunt.
2171
2172         Changed the behavior of the interpreter and JIT to throw an exception 
2173         when too many arguments are passed rather than truncating the list.  Added 
2174         a new method to create a "Too many arguments." exception used by this 
2175         new functionality.
2176
2177         * interpreter/Interpreter.cpp:
2178         (JSC::Interpreter::privateExecute):
2179         * jit/JITStubs.cpp:
2180         (JSC::DEFINE_STUB_FUNCTION):
2181         * runtime/ExceptionHelpers.cpp:
2182         (JSC::createTooManyParamsError):
2183         * runtime/ExceptionHelpers.h:
2184
2185 2011-08-10  Oliver Hunt  <oliver@apple.com>
2186
2187         Make GC checks more aggressive in release builds
2188         https://bugs.webkit.org/show_bug.cgi?id=66001
2189
2190         Reviewed by Gavin Barraclough.
2191
2192         * heap/HandleHeap.cpp:
2193         (JSC::HandleHeap::visitStrongHandles):
2194         (JSC::HandleHeap::visitWeakHandles):
2195         (JSC::HandleHeap::finalizeWeakHandles):
2196         (JSC::HandleHeap::writeBarrier):
2197         (JSC::HandleHeap::isLiveNode):
2198         (JSC::HandleHeap::isValidWeakNode):
2199            Increase handle heap validation logic, and make some of
2200            the crashes trigger in release builds as well as debug.
2201         * heap/HandleHeap.h:
2202         (JSC::HandleHeap::allocate):
2203         (JSC::HandleHeap::makeWeak):
2204            Ditto
2205         * runtime/JSGlobalData.cpp:
2206         (WTF::Recompiler::operator()):
2207         * runtime/JSGlobalObject.cpp:
2208         (JSC::JSGlobalObject::visitChildren):
2209            Fix GC bugs found while testing this patch
2210
2211 2011-08-10  Oliver Hunt  <oliver@apple.com>
2212
2213         JSEvaluteScript does not return the correct object when given JSONP data
2214         https://bugs.webkit.org/show_bug.cgi?id=66003
2215
2216         Reviewed by Gavin Barraclough.
2217
2218         Make sure we propagate the result of the function call rather than the
2219         argument.
2220
2221         * interpreter/Interpreter.cpp:
2222         (JSC::Interpreter::execute):
2223
2224 2011-08-10  Filip Pizlo  <fpizlo@apple.com>
2225
2226         DFG JIT heap prediction causes regressions when combined with
2227         aggressive integer prediction
2228         https://bugs.webkit.org/show_bug.cgi?id=65954
2229
2230         Reviewed by Gavin Barraclough.
2231         
2232         Disabled heap prediction, but did not remove the capability.
2233         This improves V8 crypto performance by 20%.
2234
2235         * dfg/DFGGraph.h:
2236         (JSC::DFG::Graph::predict):
2237
2238 2011-08-09  Filip Pizlo  <fpizlo@apple.com>
2239
2240         DFG JIT does not speculative integers as aggressively as it should
2241         https://bugs.webkit.org/show_bug.cgi?id=65949
2242
2243         Reviewed by Gavin Barraclough.
2244         
2245         Added a tree walk to propagate integer predictions through arithmetic
2246         expressions.
2247         
2248         This is a 71% speed-up on Kraken's imaging-gaussian-blur, which
2249         translates to a 19% speed-up on Kraken overall.  It's neutral on
2250         other benchmarks.
2251
2252         * dfg/DFGByteCodeParser.cpp:
2253         (JSC::DFG::ByteCodeParser::predictInt32):
2254
2255 2011-08-09  Filip Pizlo  <fpizlo@apple.com>
2256
2257         DFG JIT has no way of propagating predictions to loads and calls
2258         https://bugs.webkit.org/show_bug.cgi?id=65883
2259
2260         Reviewed by Gavin Barraclough.
2261         
2262         This introduces the capability to store predictions on graph
2263         nodes.  To save space while being somewhat consistent, the
2264         prediction is always stored in the second OpInfo slot (since
2265         a GetById will use the first one for the identifier).  This
2266         change is a natural extension of r92593 (global variable
2267         prediction).
2268         
2269         This is a 1.5% win on V8 in the arithmetic mean, and a 0.6%
2270         win on V8 in the geometric mean.  It is neutral on SunSpider
2271         and Kraken.  Interestingly, on V8 it regresses crypto by 3%
2272         while progressing deltablue and richards by 2.6% and 4.3%,
2273         respectively.
2274
2275         * dfg/DFGByteCodeParser.cpp:
2276         (JSC::DFG::ByteCodeParser::addToGraph):
2277         (JSC::DFG::ByteCodeParser::addCall):
2278         (JSC::DFG::ByteCodeParser::parseBlock):
2279         * dfg/DFGGraph.cpp:
2280         (JSC::DFG::Graph::dump):
2281         * dfg/DFGGraph.h:
2282         (JSC::DFG::Graph::predict):
2283         (JSC::DFG::Graph::getPrediction):
2284         * dfg/DFGNode.h:
2285         (JSC::DFG::isCellPrediction):
2286         (JSC::DFG::isArrayPrediction):
2287         (JSC::DFG::isInt32Prediction):
2288         (JSC::DFG::isDoublePrediction):
2289         (JSC::DFG::isNumberPrediction):
2290         (JSC::DFG::predictionToString):
2291         (JSC::DFG::Node::Node):
2292         (JSC::DFG::Node::hasPrediction):
2293         (JSC::DFG::Node::getPrediction):
2294         (JSC::DFG::Node::predict):
2295
2296 2011-08-09  Filip Pizlo  <fpizlo@apple.com>
2297
2298         DFG JIT passes the this argument to constructors even though
2299         it's not necessary
2300         https://bugs.webkit.org/show_bug.cgi?id=65943
2301
2302         Reviewed by Gavin Barraclough.
2303
2304         * dfg/DFGJITCodeGenerator.cpp:
2305         (JSC::DFG::JITCodeGenerator::emitCall):
2306
2307 2011-08-09  Chao-ying Fu  <fu@mips.com>
2308
2309         Fix one MIPS instruction to call JITStubThunked_##op
2310         https://bugs.webkit.org/show_bug.cgi?id=65942
2311
2312         Reviewed by Gavin Barraclough.
2313
2314         Changed "bal" to "jalr" for a possible processor mode change from
2315         MIPS32 to MIPS16.
2316
2317         * jit/JITStubs.cpp:
2318
2319 2011-08-09  Filip Pizlo  <fpizlo@apple.com>
2320
2321         DFG JIT failure loading web site
2322         https://bugs.webkit.org/show_bug.cgi?id=65930
2323
2324         Reviewed by Oliver Hunt.
2325         
2326         Put the use() call after the fpr()/gpr() calls, since doing otherwise
2327         breaks the register allocator.
2328
2329         * dfg/DFGNonSpeculativeJIT.cpp:
2330         (JSC::DFG::NonSpeculativeJIT::compile):
2331
2332 2011-08-09  Mark Hahnenberg  <mhahnenberg@apple.com>
2333
2334         Add ParentClass typedef in all JSC classes
2335         https://bugs.webkit.org/show_bug.cgi?id=65731
2336
2337         Reviewed by Oliver Hunt.
2338
2339         Just added the Base typedefs in all the classes that are a subclass of JSCell 
2340         to point at their parent classes.  This is a change to support future changes to the way
2341         constructors and destructors are implemented in JS objects, among other things.
2342
2343         * API/JSCallbackConstructor.h:
2344         * API/JSCallbackFunction.h:
2345         * API/JSCallbackObject.h:
2346         (JSC::JSCallbackObject::createStructure):
2347         (JSC::JSCallbackObject::visitChildren):
2348         * API/JSCallbackObjectFunctions.h:
2349         (JSC::::asCallbackObject):
2350         (JSC::::JSCallbackObject):
2351         (JSC::::init):
2352         (JSC::::className):
2353         (JSC::::getOwnPropertySlot):
2354         (JSC::::getOwnPropertyDescriptor):
2355         (JSC::::put):
2356         (JSC::::deleteProperty):
2357         (JSC::::getConstructData):
2358         (JSC::::construct):
2359         (JSC::::hasInstance):
2360         (JSC::::getCallData):
2361         (JSC::::call):
2362         (JSC::::getOwnPropertyNames):
2363         (JSC::::toNumber):
2364         (JSC::::toString):
2365         (JSC::::setPrivate):
2366         (JSC::::getPrivate):
2367         (JSC::::inherits):
2368         (JSC::::getStaticValue):
2369         (JSC::::staticFunctionGetter):
2370         (JSC::::callbackGetter):
2371         * debugger/DebuggerActivation.h:
2372         * jsc.cpp:
2373         * runtime/Arguments.h:
2374         * runtime/ArrayConstructor.h:
2375         * runtime/ArrayPrototype.h:
2376         * runtime/BooleanConstructor.h:
2377         * runtime/BooleanObject.h:
2378         * runtime/BooleanPrototype.h:
2379         * runtime/DateConstructor.h:
2380         * runtime/DateInstance.h:
2381         * runtime/DatePrototype.h:
2382         * runtime/Error.cpp:
2383         * runtime/ErrorConstructor.h:
2384         * runtime/ErrorInstance.h:
2385         * runtime/ErrorPrototype.h:
2386         * runtime/ExceptionHelpers.cpp:
2387         * runtime/Executable.h:
2388         * runtime/FunctionConstructor.h:
2389         * runtime/FunctionPrototype.h:
2390         * runtime/GetterSetter.h:
2391         * runtime/InternalFunction.h:
2392         * runtime/JSAPIValueWrapper.h:
2393         * runtime/JSActivation.h:
2394         * runtime/JSArray.h:
2395         * runtime/JSFunction.h:
2396         * runtime/JSGlobalObject.h:
2397         * runtime/JSNotAnObject.h:
2398         * runtime/JSONObject.h:
2399         * runtime/JSObject.h:
2400         * runtime/JSPropertyNameIterator.h:
2401         * runtime/JSStaticScopeObject.h:
2402         * runtime/JSString.h:
2403         * runtime/JSVariableObject.h:
2404         * runtime/JSWrapperObject.h:
2405         * runtime/MathObject.h:
2406         * runtime/NativeErrorConstructor.h:
2407         * runtime/NativeErrorPrototype.h:
2408         * runtime/NumberConstructor.h:
2409         * runtime/NumberObject.h:
2410         * runtime/NumberPrototype.h:
2411         * runtime/ObjectConstructor.h:
2412         * runtime/ObjectPrototype.h:
2413         * runtime/RegExp.h:
2414         * runtime/RegExpConstructor.h:
2415         * runtime/RegExpMatchesArray.h:
2416         * runtime/RegExpObject.h:
2417         (JSC::RegExpObject::create):
2418         * runtime/RegExpPrototype.h:
2419         * runtime/ScopeChain.h:
2420         * runtime/StrictEvalActivation.h:
2421         * runtime/StringConstructor.h:
2422         * runtime/StringObject.h:
2423         * runtime/StringObjectThatMasqueradesAsUndefined.h:
2424         * runtime/StringPrototype.h:
2425         * runtime/Structure.h:
2426         * runtime/StructureChain.h:
2427
2428 2011-08-08  Oliver Hunt  <oliver@apple.com>
2429
2430         Using mprotect to create guard pages breaks our use of madvise to release executable memory
2431         https://bugs.webkit.org/show_bug.cgi?id=65870
2432
2433         Reviewed by Gavin Barraclough.
2434
2435         Use mmap rather than mprotect to clear guard page permissions.
2436
2437         * wtf/OSAllocatorPosix.cpp:
2438         (WTF::OSAllocator::reserveAndCommit):
2439
2440 2011-08-08  Oliver Hunt  <oliver@apple.com>
2441
2442         Non-extensibility does not prevent mutating [[Prototype]]
2443         https://bugs.webkit.org/show_bug.cgi?id=65832
2444
2445         Reviewed by Gavin Barraclough.
2446
2447         Disallow mutation of __proto__ on objects that are not extensible.
2448
2449         * runtime/JSObject.cpp:
2450         (JSC::JSObject::put):
2451
2452 2011-08-08  Filip Pizlo  <fpizlo@apple.com>
2453
2454         DFG JIT does not track speculation decisions for global variables
2455         https://bugs.webkit.org/show_bug.cgi?id=65825
2456
2457         Reviewed by Gavin Barraclough.
2458         
2459         Added the capability to track predictions for global variables, and
2460         ensured that code can abstract over the source of prediction (local
2461         versus global variable) wherever it is appropriate to do so.  Also
2462         cleaned up the code in SpeculativeJIT that decides how to speculate
2463         based on recorded predictions (for example instead of using isInteger,
2464         which makes sense for local predictions where the GetLocal would
2465         return an integer value, we now tend to use shouldSpeculateInteger,
2466         which checks if the value is either already an integer or should be
2467         speculated to be an integer).
2468         
2469         This is an 0.8% win on SunSpider, almost entirely thanks to a 25%
2470         win on controlflow-recursive.  It's also a 4.8% win on v8-crypto.
2471
2472         * dfg/DFGByteCodeParser.cpp:
2473         (JSC::DFG::ByteCodeParser::predictArray):
2474         (JSC::DFG::ByteCodeParser::predictInt32):
2475         (JSC::DFG::ByteCodeParser::parseBlock):
2476         * dfg/DFGGraph.cpp:
2477         (JSC::DFG::Graph::dump):
2478         * dfg/DFGGraph.h:
2479         (JSC::DFG::Graph::predictGlobalVar):
2480         (JSC::DFG::Graph::predict):
2481         (JSC::DFG::Graph::getGlobalVarPrediction):
2482         (JSC::DFG::Graph::getPrediction):
2483         * dfg/DFGSpeculativeJIT.cpp:
2484         (JSC::DFG::SpeculativeJIT::compile):
2485         * dfg/DFGSpeculativeJIT.h:
2486         (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
2487         (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
2488
2489 2011-08-07  Martin Robinson  <mrobinson@igalia.com>
2490
2491         Distribution fix for GTK+.
2492
2493         * GNUmakefile.list.am: Strip removed files from the source list.
2494
2495 2011-08-06  Gavin Barraclough  <barraclough@apple.com>
2496
2497         https://bugs.webkit.org/show_bug.cgi?id=65821
2498         Don't form identifiers the first time a string is used as a property name.
2499
2500         Reviewed by Oliver Hunt.
2501
2502         This is a 1% win on SunSpider.
2503
2504         * dfg/DFGOperations.cpp:
2505             - Use fastGetOwnProperty.
2506         * jit/JITStubs.cpp:
2507         (JSC::DEFINE_STUB_FUNCTION):
2508             - Use fastGetOwnProperty.
2509         * runtime/JSCell.h:
2510         * runtime/JSObject.h:
2511         (JSC::JSCell::fastGetOwnProperty):
2512             - Fast call to get a property without creating an identifier the first time.
2513         * runtime/PropertyMapHashTable.h:
2514         (JSC::PropertyTable::find):
2515         (JSC::PropertyTable::findWithString):
2516             - Add interface to look up by either strinsg or identifiers.
2517         * runtime/Structure.h:
2518         (JSC::Structure::get):
2519             - Add a get() call that takes a UString, not an Identifier.
2520         * wtf/text/StringImpl.h:
2521         (WTF::StringImpl::hasHash):
2522             - Add a call to check if the has has been set (to detect the first use as a property name).
2523
2524 2011-08-06  Aron Rosenberg  <arosenberg@logitech.com>
2525
2526         Reviewed by Benjamin Poulain.
2527
2528         [Qt] Fix build with Intel compiler on Windows
2529         https://bugs.webkit.org/show_bug.cgi?id=65088
2530
2531         Intel compiler needs .lib suffixes instead of .a
2532         Intel compiler doesn't support nullptr
2533         Intel compiler supports unsized arrays
2534
2535         * JavaScriptCore.pri:
2536         * jsc.cpp:
2537         * wtf/ByteArray.h:
2538         * wtf/NullPtr.h:
2539
2540 2011-08-05  Gavin Barraclough  <barraclough@apple.com>
2541
2542         String replace with the empty string means string removal
2543         https://bugs.webkit.org/show_bug.cgi?id=65799
2544
2545         Reviewed by Sam Weinig.
2546
2547         Optimization for String.prototype.replace([RegExp], ""), this improves v8-regexp by ~3%.
2548
2549         * runtime/StringPrototype.cpp:
2550         (JSC::jsSpliceSubstrings):
2551         (JSC::stringProtoFuncReplace):
2552
2553 2011-08-05  Noel Gordon  <noel.gordon@gmail.com>
2554
2555         [Chromium] Remove JSZombie references from gyp project files.
2556         https://bugs.webkit.org/show_bug.cgi?id=65798
2557
2558         JSC runtime/JSZombie.{cpp,h} were removed in r92046.  Remove references to these
2559         file names from the gyp projects.
2560
2561         Reviewed by Darin Adler.
2562
2563         * JavaScriptCore.gypi: zombies be gone.
2564
2565 2011-08-05  Mark Rowe  <mrowe@apple.com>
2566
2567         <http://webkit.org/b/65785> ThreadRestrictionVerifier needs a mode where an object
2568         is tied to a particular dispatch queue
2569
2570         A RefCounted object can be opted in to this mode by calling setDispatchQueueForVerifier
2571         with the dispatch queue it will be tied to. This will cause ThreadRestrictionVerifier
2572         to ensure that all operations are performed on the given dispatch queue.
2573
2574         Reviewed by Anders Carlsson.
2575
2576         * wtf/RefCounted.h:
2577         (WTF::RefCountedBase::setDispatchQueueForVerifier):
2578         * wtf/ThreadRestrictionVerifier.h:
2579         (WTF::ThreadRestrictionVerifier::ThreadRestrictionVerifier):
2580         (WTF::ThreadRestrictionVerifier::~ThreadRestrictionVerifier):
2581         (WTF::ThreadRestrictionVerifier::setDispatchQueueMode):
2582         (WTF::ThreadRestrictionVerifier::setShared):
2583         (WTF::ThreadRestrictionVerifier::isSafeToUse):
2584
2585 2011-08-05  Oliver Hunt  <oliver@apple.com>
2586
2587         Inline allocation of function objects
2588         https://bugs.webkit.org/show_bug.cgi?id=65779
2589
2590         Reviewed by Gavin Barraclough.
2591
2592         Inline allocation and initilisation of function objects
2593         in generated code.  This ended up being a 60-70% improvement
2594         in function allocation performance.  This improvement shows
2595         up as a ~2% improvement in 32bit sunspider and V8, but is a
2596         wash on 64-bit.
2597
2598         We currently don't inline the allocation of named function
2599         expressions, as that requires being able to gc allocate a
2600         variable object.
2601
2602         * jit/JIT.cpp:
2603         (JSC::JIT::privateCompileSlowCases):
2604         * jit/JIT.h:
2605         (JSC::JIT::emitStoreCell):
2606         * jit/JITInlineMethods.h:
2607         (JSC::JIT::emitAllocateBasicJSObject):
2608         (JSC::JIT::emitAllocateJSFinalObject):
2609         (JSC::JIT::emitAllocateJSFunction):
2610         * jit/JITOpcodes.cpp:
2611         (JSC::JIT::emit_op_new_func):
2612         (JSC::JIT::emitSlow_op_new_func):
2613         (JSC::JIT::emit_op_new_func_exp):
2614         (JSC::JIT::emitSlow_op_new_func_exp):
2615         * jit/JITOpcodes32_64.cpp:
2616             Removed duplicate implementation of op_new_func and op_new_func_exp
2617         * runtime/JSFunction.h:
2618         (JSC::JSFunction::offsetOfScopeChain):
2619         (JSC::JSFunction::offsetOfExecutable):
2620
2621 2011-08-04  David Levin  <levin@chromium.org>
2622
2623         CStringBuffer should have thread safety checks turned on.
2624         https://bugs.webkit.org/show_bug.cgi?id=58093
2625
2626         Reviewed by Dmitry Titov.
2627
2628         * wtf/text/CString.h:
2629         (WTF::CStringBuffer::CStringBuffer): Removed the ifdef that
2630         turned this off for Chromium.
2631
2632 2011-08-04  Mark Rowe  <mrowe@apple.com>
2633
2634         Future-proof Xcode configuration settings.
2635
2636         * Configurations/Base.xcconfig:
2637         * Configurations/DebugRelease.xcconfig:
2638         * Configurations/JavaScriptCore.xcconfig:
2639         * Configurations/Version.xcconfig:
2640
2641 2011-08-04  Mark Hahnenberg  <mhahnenberg@apple.com>
2642
2643         Interpreter can potentially GC in the middle of initializing a structure chain
2644         https://bugs.webkit.org/show_bug.cgi?id=65638
2645
2646         Reviewed by Oliver Hunt.
2647
2648         Moved the allocation of a prototype StructureChain before the initialization of 
2649         the structure chain within the interpreter that was causing intermittent GC crashes.
2650
2651         * interpreter/Interpreter.cpp:
2652         (JSC::Interpreter::tryCachePutByID):
2653         * wtf/Platform.h:
2654
2655 2011-08-04  Filip Pizlo  <fpizlo@apple.com>
2656
2657         Eval handling attempts literal parsing even when the eval
2658         string is in the cache
2659         https://bugs.webkit.org/show_bug.cgi?id=65675
2660
2661         Reviewed by Oliver Hunt.
2662         
2663         This is a 25% speed-up on date-format-tofte and a 1.5% speed-up overall
2664         in SunSpider.  It's neutral on V8.
2665
2666         * bytecode/EvalCodeCache.h:
2667         (JSC::EvalCodeCache::tryGet):
2668         (JSC::EvalCodeCache::getSlow):
2669         (JSC::EvalCodeCache::get):
2670         * interpreter/Interpreter.cpp:
2671         (JSC::Interpreter::callEval):
2672
2673 2011-08-03  Mark Rowe  <mrowe@apple.com>
2674
2675         Bring some order to FeatureDefines.xcconfig to make it easier to follow.
2676
2677         Reviewed by Sam Weinig.
2678
2679         * Configurations/FeatureDefines.xcconfig:
2680
2681 2011-08-03  Mark Rowe  <mrowe@apple.com>
2682
2683         Clean up FeatureDefines.xcconfig to remove some unnecessary conditional settings
2684
2685         Reviewed by Dave Kilzer.
2686
2687         * Configurations/FeatureDefines.xcconfig:
2688
2689 2011-08-03  Filip Pizlo  <fpizlo@apple.com>
2690
2691         JSC GC heap size improvement breaks build on some platforms due to
2692         unused parameter
2693         https://bugs.webkit.org/show_bug.cgi?id=65641
2694
2695         Reviewed by Darin Adler.
2696         
2697         Fix build on non-x86 platforms, by ensuring that the relevant
2698         parameter always appears to be used even when it isn't.
2699
2700         * heap/Heap.cpp:
2701
2702 2011-08-03  Carlos Garcia Campos  <cgarcia@igalia.com>
2703
2704         [GTK] Reorganize pkg-config files
2705         https://bugs.webkit.org/show_bug.cgi?id=65548
2706
2707         Reviewed by Martin Robinson.
2708
2709         * GNUmakefile.am:
2710         * javascriptcoregtk.pc.in: Renamed from Source/WebKit/gtk/javascriptcoregtk.pc.in.
2711
2712 2011-08-01  David Levin  <levin@chromium.org>
2713
2714         Add asserts to RefCounted to make sure ref/deref happens on the right thread.
2715         https://bugs.webkit.org/show_bug.cgi?id=31639
2716
2717         Reviewed by Dmitry Titov.
2718
2719         * GNUmakefile.list.am: Added new files to the build.
2720         * JavaScriptCore.gypi: Ditto.
2721         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
2722         * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
2723         * jit/ExecutableAllocator.h:
2724         (JSC::ExecutablePool::ExecutablePool): Turned off checks for this
2725         due to not being able to figure out what was guarding it (bug 58091).
2726         * parser/SourceProvider.h:
2727         (JSC::SourceProvider::SourceProvider): Ditto.
2728         * wtf/CMakeLists.txt: Added new files to the build.
2729         * wtf/ThreadRestrictionVerifier.h: Added.
2730         Everything is done in the header to avoid the issue with exports
2731         that are only useful in debug but still needing to export them.
2732         * wtf/RefCounted.h:
2733         (WTF::RefCountedBase::ref): Added checks using the non thread safe verifier.
2734         and filed bug 58171 about making it stricter.
2735         (WTF::RefCountedBase::hasOneRef): Ditto.
2736         (WTF::RefCountedBase::refCount): Ditto.
2737         (WTF::RefCountedBase::setMutexForVerifier): Expose a way to change the checks to be based
2738         on a mutex. This is in the header to avoid adding more exports from JavaScriptCore.
2739         (WTF::RefCountedBase::deprecatedTurnOffVerifier): Temporary way to turn off verification.
2740         Filed bug 58174 to remove this method.
2741         (WTF::RefCountedBase::derefBase):
2742         * wtf/SizeLimits.cpp: Adjusted the debug size check for RefCounted.
2743         * wtf/text/CString.h:
2744         (WTF::CStringBuffer::CStringBuffer): Turned off checks for this while a fix is being
2745         done in Chromium (bug 58093).
2746
2747 2011-08-02  Filip Pizlo  <fpizlo@apple.com>
2748
2749         JSC GC may not be able to reuse partially-free blocks after a
2750         full collection
2751         https://bugs.webkit.org/show_bug.cgi?id=65585
2752
2753         Reviewed by Darin Adler.
2754         
2755         This fixes the linked list management bug.  This fix is performance
2756         neutral on SunSpider.
2757
2758         * heap/NewSpace.cpp:
2759         (JSC::NewSpace::removeBlock):
2760
2761 2011-07-30  Oliver Hunt  <oliver@apple.com>
2762
2763         Simplify JSFunction creation for functions written in JS
2764         https://bugs.webkit.org/show_bug.cgi?id=65422
2765
2766         Reviewed by Gavin Barraclough.
2767
2768         Remove hash lookups used to write name property and transition
2769         function structure by caching the resultant structure and property
2770         offset in JSGlobalObject.  This doesn't impact performance, but
2771         we can use this change to make other improvements later.
2772
2773         * runtime/Executable.cpp:
2774         (JSC::FunctionExecutable::FunctionExecutable):
2775         * runtime/Executable.h:
2776         (JSC::ScriptExecutable::ScriptExecutable):
2777         (JSC::FunctionExecutable::jsName):
2778         * runtime/JSFunction.cpp:
2779         (JSC::JSFunction::JSFunction):
2780         * runtime/JSGlobalObject.cpp:
2781         (JSC::JSGlobalObject::reset):
2782         * runtime/JSGlobalObject.h:
2783         (JSC::JSGlobalObject::namedFunctionStructure):
2784         (JSC::JSGlobalObject::functionNameOffset):
2785
2786 2011-08-02  Filip Pizlo  <fpizlo@apple.com>
2787
2788         JSC GC uses dummy cells to avoid having to remember which cells
2789         it has already destroyed
2790         https://bugs.webkit.org/show_bug.cgi?id=65556
2791
2792         Reviewed by Oliver Hunt.
2793         
2794         This gets rid of dummy cells, and ensures that it's not necessary
2795         to invoke a destructor on cells that have already been swept.  In
2796         the common case, a block knows that either all of its free cells
2797         still need to have destructors called, or none of them do, which
2798         minimizes the amount of branching that needs to happen per cell
2799         when performing a sweep.
2800         
2801         This is performance neutral on SunSpider and V8.  It is meant as
2802         a stepping stone to simplify the implementation of more
2803         sophisticated sweeping algorithms.
2804
2805         * heap/Heap.cpp:
2806         (JSC::CountFunctor::ClearMarks::operator()):
2807         * heap/MarkedBlock.cpp:
2808         (JSC::MarkedBlock::initForCellSize):
2809         (JSC::MarkedBlock::callDestructor):
2810         (JSC::MarkedBlock::specializedReset):
2811         (JSC::MarkedBlock::reset):
2812         (JSC::MarkedBlock::specializedSweep):
2813         (JSC::MarkedBlock::sweep):
2814         (JSC::MarkedBlock::produceFreeList):
2815         (JSC::MarkedBlock::lazySweep):
2816         (JSC::MarkedBlock::blessNewBlockForFastPath):
2817         (JSC::MarkedBlock::blessNewBlockForSlowPath):
2818         (JSC::MarkedBlock::canonicalizeBlock):
2819         * heap/MarkedBlock.h:
2820         (JSC::MarkedBlock::FreeCell::setNoObject):
2821         (JSC::MarkedBlock::setDestructorState):
2822         (JSC::MarkedBlock::destructorState):
2823         (JSC::MarkedBlock::notifyMayHaveFreshFreeCells):
2824         * runtime/JSCell.cpp:
2825         * runtime/JSCell.h:
2826         (JSC::JSCell::JSCell::JSCell):
2827         * runtime/JSGlobalData.cpp:
2828         (JSC::JSGlobalData::JSGlobalData):
2829         (JSC::JSGlobalData::clearBuiltinStructures):
2830         * runtime/JSGlobalData.h:
2831         * runtime/Structure.h:
2832
2833 2011-08-01  Michael Saboff  <msaboff@apple.com>
2834
2835         Virtual copying of FastMalloc allocated memory causes madvise MADV_FREE_REUSABLE errors
2836         https://bugs.webkit.org/show_bug.cgi?id=65502
2837
2838         Reviewed by Anders Carlsson.
2839
2840         With the fix of the issues causing madvise MADV_FREE_REUSABLE to fail,
2841         added an assert to the return code of madvise to catch any regressions.
2842
2843         * wtf/TCSystemAlloc.cpp:
2844         (TCMalloc_SystemRelease):
2845
2846 2011-08-02  Anders Carlsson  <andersca@apple.com>
2847
2848         Fix Windows build.
2849
2850         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2851
2852 2011-08-02  Anders Carlsson  <andersca@apple.com>
2853
2854         Fix a Windows build error.
2855
2856         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2857
2858 2011-08-02  Filip Pizlo  <fpizlo@apple.com>
2859
2860         JSC GC is far too conservative about growing the heap size, particularly
2861         on desktop platforms
2862         https://bugs.webkit.org/show_bug.cgi?id=65438
2863
2864         Reviewed by Oliver Hunt.
2865
2866         The minimum heap size is now 16MB instead of 512KB, provided all of the
2867         following are true:
2868         a) ENABLE(LARGE_HEAP) is set, which currently only happens on
2869            x86 targets, but could reasonably happen on any platform that is
2870            known to have a decent amount of RAM.
2871         b) JSGlobalData is initialized with HeapSize = LargeHeap, which
2872            currently only happens when it's the JSDOMWindowBase in WebCore or
2873            in the jsc command-line tool.
2874            
2875         This is a 4.1% speed-up on SunSpider.
2876
2877         * JavaScriptCore.exp:
2878         * heap/Heap.cpp:
2879         (JSC::Heap::Heap):
2880         (JSC::Heap::collect):
2881         * heap/Heap.h:
2882         * jsc.cpp:
2883         (main):
2884         * runtime/JSGlobalData.cpp:
2885         (JSC::JSGlobalData::JSGlobalData):
2886         (JSC::JSGlobalData::createContextGroup):
2887         (JSC::JSGlobalData::create):
2888         (JSC::JSGlobalData::createLeaked):
2889         (JSC::JSGlobalData::sharedInstance):
2890         * runtime/JSGlobalData.h:
2891         * wtf/Platform.h:
2892
2893 2011-08-02  Filip Pizlo  <fpizlo@apple.com>
2894
2895         JSC does a GC even when the heap still has free pages
2896         https://bugs.webkit.org/show_bug.cgi?id=65445
2897
2898         Reviewed by Oliver Hunt.
2899         
2900         If the high watermark is not reached, then we allocate new blocks as
2901         before.  If the current watermark does reach (or exceed) the high
2902         watermark, then we check if there is a block on the free block pool.
2903         If there is, we simply allocation from it.  If there isn't, we
2904         invoke a collectin as before.  This effectively couples the elastic
2905         scavenging to the collector's decision function.  That is, if an
2906         application rapidly varies its heap usage (sometimes using more and
2907         sometimes less) then the collector will not thrash as it used to.
2908         But if heap usage drops and stays low then the scavenger thread and
2909         the GC will eventually reach a kind of consensus: the GC will set
2910         the watermark low because of low heap usage, and the scavenger thread
2911         will steadily eliminate pages from the free page pool, until the size
2912         of the free pool is below the high watermark.
2913         
2914         On command-line, this is neutral on SunSpider and Kraken and a 3% win
2915         on V8.  In browser, this is a 1% win on V8 and neutral on the other
2916         two.
2917
2918         * heap/Heap.cpp:
2919         (JSC::Heap::allocateSlowCase):
2920         (JSC::Heap::allocateBlock):
2921         * heap/Heap.h:
2922
2923 2011-08-02  Jeff Miller  <jeffm@apple.com>
2924
2925         Move WTF_USE_AVFOUNDATION from JavaScriptCore/wtf/platform.h to WebCore/config.h
2926         https://bugs.webkit.org/show_bug.cgi?id=65552
2927         
2928         Since this is a WebCore feature, there's no need to define it in JavaScriptCore/wtf/platform.h.
2929
2930         Reviewed by Adam Roben.
2931
2932         * wtf/Platform.h: Removed WTF_USE_AVFOUNDATION.
2933
2934 2011-08-01  Jean-luc Brouillet  <jeanluc@chromium.org>
2935
2936         Removing old source files in gyp files that slow build
2937         https://bugs.webkit.org/show_bug.cgi?id=65503
2938
2939         Reviewed by Adam Barth.
2940
2941         A number of stale files are listed in the gyp files. These slow the
2942         build on Visual Studio 2010. Removing them.
2943
2944         * JavaScriptCore.gypi:
2945
2946 2011-07-14  David Levin  <levin@chromium.org>
2947
2948         currentThread is too slow!
2949         https://bugs.webkit.org/show_bug.cgi?id=64577
2950
2951         Reviewed by Darin Adler and Dmitry Titov.
2952
2953         The problem is that currentThread results in a pthread_once call which always takes a lock.
2954         With this change, currentThread is 10% faster than isMainThread in release mode and only
2955         5% slower than isMainThread in debug.
2956
2957         * wtf/ThreadIdentifierDataPthreads.cpp:
2958         (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
2959         which is no longer needed because this is called from initializeThreading().
2960         (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
2961         intialization of the pthread key should already be done.
2962         (WTF::ThreadIdentifierData::initialize): Ditto.
2963         * wtf/ThreadIdentifierDataPthreads.h:
2964         * wtf/ThreadingPthreads.cpp:
2965         (WTF::initializeThreading): Acquire the pthread key here.
2966
2967 2011-08-01  Filip Pizlo  <fpizlo@apple.com>
2968
2969         DFG JIT sometimes creates speculation check data structures that have
2970         invalid information about the format of a register
2971         https://bugs.webkit.org/show_bug.cgi?id=65490
2972
2973         Reviewed by Gavin Barraclough.
2974         
2975         The code now makes sure to (1) always have correct and up-to-date
2976         information about register format at the time that a speculation
2977         check is emitted, (2) assert that speculation data is correct
2978         inside the speculation check implementation, and (3) avoid creating
2979         speculation data altogether if compilation has already failed, since
2980         at that point the format data is almost guaranteed to be bogus.
2981
2982         * dfg/DFGNonSpeculativeJIT.cpp:
2983         (JSC::DFG::EntryLocation::EntryLocation):
2984         * dfg/DFGSpeculativeJIT.cpp:
2985         (JSC::DFG::SpeculationCheck::SpeculationCheck):
2986         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2987         (JSC::DFG::SpeculativeJIT::compile):
2988         * dfg/DFGSpeculativeJIT.h:
2989         (JSC::DFG::SpeculativeJIT::speculationCheck):
2990
2991 2011-08-01  Filip Pizlo  <fpizlo@apple.com>
2992
2993         REGRESSION(r92092): Build fails on 64 bit
2994         https://bugs.webkit.org/show_bug.cgi?id=65458
2995
2996         Reviewed by Oliver Hunt.
2997         
2998         The build was broken because some compilers were smart enough to see
2999         an array index out of bounds due to the decision fuction for when to
3000         go from precise size classes to imprecise size classes being broken:
3001         it would assume that sizes in the range 97..128 belonged to a precise
3002         size class when in fact they belonged to an imprecise one.
3003         
3004         In fact, the code would have run correctly, by way of a fluke, because
3005         though the 4th precise size class (for 97..128) didn't exist, the next
3006         array over from m_preciseSizeClasses was m_impreciseSizeClasses, and
3007         its first entry would have been a size class that is appropriate for
3008         allocations in the range 97..128.  However, this relies on specific
3009         ordering of fields in NewSpace, so it's still a bug.
3010         
3011         This fixes the bug by ensuring that allocations larger than 96 use
3012         the imprecise size classes.
3013
3014         * heap/NewSpace.h:
3015         (JSC::NewSpace::sizeClassFor):
3016
3017 2011-07-31  Gavin Barraclough  <barraclough@apple.com>
3018
3019         https://bugs.webkit.org/show_bug.cgi?id=64679
3020         Fix bugs in Array.prototype this handling.
3021
3022         Unreviewed - rolling out r91290.
3023
3024         Looks like the wild wild web isn't ready for this yet.
3025
3026         This change broke http://slides.html5rocks.com/#landing-slide.
3027         Interestingly, this might only be due to our lack of bind support -
3028         it looks like this site is calling  Array.prototype.slice as a part
3029         of its bind implementation.
3030
3031         * runtime/ArrayPrototype.cpp:
3032         (JSC::arrayProtoFuncJoin):
3033         (JSC::arrayProtoFuncConcat):
3034         (JSC::arrayProtoFuncPop):
3035         (JSC::arrayProtoFuncPush):
3036         (JSC::arrayProtoFuncReverse):
3037         (JSC::arrayProtoFuncShift):
3038         (JSC::arrayProtoFuncSlice):
3039         (JSC::arrayProtoFuncSort):
3040         (JSC::arrayProtoFuncSplice):
3041         (JSC::arrayProtoFuncUnShift):
3042         (JSC::arrayProtoFuncFilter):
3043         (JSC::arrayProtoFuncMap):
3044         (JSC::arrayProtoFuncEvery):
3045         (JSC::arrayProtoFuncForEach):
3046         (JSC::arrayProtoFuncSome):
3047         (JSC::arrayProtoFuncReduce):
3048         (JSC::arrayProtoFuncReduceRight):
3049         (JSC::arrayProtoFuncIndexOf):
3050         (JSC::arrayProtoFuncLastIndexOf):
3051
3052 2011-07-31  Filip Pizlo  <fpizlo@apple.com>
3053
3054         JSC GC lays out size classes under wrong assumptions about expected
3055         object size.
3056         https://bugs.webkit.org/show_bug.cgi?id=65437
3057
3058         Reviewed by Oliver Hunt.
3059         
3060         Changed the atom size - which is both the smallest allocation size and
3061         the smallest possible stepping unit for size class spacing - from
3062         8 bytes to 4 pointer-size words.  This is a 1% win on SunSpider.
3063
3064         * heap/MarkedBlock.h:
3065
3066 2011-07-31  Filip Pizlo  <fpizlo@apple.com>
3067
3068         DFG non-speculative JIT does not optimize PutByVal
3069         https://bugs.webkit.org/show_bug.cgi?id=65424
3070
3071         Reviewed by Gavin Barraclough.
3072         
3073         Added code to emit PutByVal inline fast path.
3074
3075         * dfg/DFGNonSpeculativeJIT.cpp:
3076         (JSC::DFG::NonSpeculativeJIT::compile):
3077
3078 2011-07-31  Filip Pizlo  <fpizlo@apple.com>
3079
3080         The JSC garbage collector returns memory to the operating system too
3081         eagerly.
3082         https://bugs.webkit.org/show_bug.cgi?id=65382
3083
3084         Reviewed by Oliver Hunt.
3085         
3086         This introduces a memory reuse model similar to the one in FastMalloc.
3087         A periodic scavenger thread runs in the background and returns half the
3088         free memory to the OS on each timer fire.  New block allocations first
3089         attempt to get the memory from the collector's internal pool, reverting
3090         to OS allocation only when this pool is empty.
3091
3092         * heap/Heap.cpp:
3093         (JSC::Heap::Heap):
3094         (JSC::Heap::~Heap):
3095         (JSC::Heap::destroy):
3096         (JSC::Heap::waitForRelativeTimeWhileHoldingLock):
3097         (JSC::Heap::waitForRelativeTime):
3098         (JSC::Heap::blockFreeingThreadStartFunc):
3099         (JSC::Heap::blockFreeingThreadMain):
3100         (JSC::Heap::allocateBlock):
3101         (JSC::Heap::freeBlocks):
3102         (JSC::Heap::releaseFreeBlocks):
3103         * heap/Heap.h:
3104         * heap/MarkedBlock.cpp:
3105         (JSC::MarkedBlock::destroy):
3106         (JSC::MarkedBlock::MarkedBlock):
3107         (JSC::MarkedBlock::initForCellSize):
3108         (JSC::MarkedBlock::reset):
3109         * heap/MarkedBlock.h:
3110         * wtf/Platform.h:
3111
3112 2011-07-30  Filip Pizlo  <fpizlo@apple.com>
3113
3114         DFG JIT speculation failure pass sometimes forgets to emit code to
3115         move certain registers.
3116         https://bugs.webkit.org/show_bug.cgi?id=65421
3117
3118         Reviewed by Oliver Hunt.
3119         
3120         Restructured the offending loops (for gprs and fprs).  It's once again
3121         possible to use spreadsheets on docs.google.com.
3122
3123         * dfg/DFGJITCompiler.cpp:
3124         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
3125
3126 2011-07-30  Patrick Gansterer  <paroga@webkit.org>
3127
3128         Remove inclusion of MainThread.h from Threading.h
3129         https://bugs.webkit.org/show_bug.cgi?id=65081
3130
3131         Reviewed by Darin Adler.
3132
3133         Add missing and remove unneeded include statements for MainThread.
3134
3135         * wtf/CryptographicallyRandomNumber.cpp:
3136         * wtf/Threading.h:
3137         * wtf/ThreadingPthreads.cpp:
3138         * wtf/text/StringStatics.cpp:
3139
3140 2011-07-30  Oliver Hunt  <oliver@apple.com>
3141
3142         Reduce the size of JSGlobalObject slightly
3143         https://bugs.webkit.org/show_bug.cgi?id=65417
3144
3145         Reviewed by Dan Bernstein.
3146
3147         Push a few members that either aren't commonly used,
3148         or aren't frequently accessed into a separate struct.
3149
3150         * runtime/JSGlobalObject.cpp:
3151         (JSC::JSGlobalObject::init):
3152         (JSC::JSGlobalObject::WeakMapsFinalizer::finalize):
3153         * runtime/JSGlobalObject.h:
3154         (JSC::JSGlobalObject::JSGlobalObjectRareData::JSGlobalObjectRareData):
3155         (JSC::JSGlobalObject::createRareDataIfNeeded):
3156         (JSC::JSGlobalObject::setProfileGroup):
3157         (JSC::JSGlobalObject::profileGroup):
3158         (JSC::JSGlobalObject::registerWeakMap):
3159         (JSC::JSGlobalObject::deregisterWeakMap):
3160
3161 2011-07-30  Balazs Kelemen  <kbalazs@webkit.org>
3162
3163         MessageQueue::waitForMessageFilteredWithTimeout can triggers an assertion
3164         https://bugs.webkit.org/show_bug.cgi?id=65263
3165
3166         Reviewed by Dmitry Titov.
3167
3168         * wtf/Deque.h:
3169         (WTF::::operator): Don't check the validity of an iterator
3170         that will be reassigned right now.
3171         * wtf/MessageQueue.h:
3172         (WTF::::removeIf): Revert r51198 as I beleave this is the better
3173         solution for the problem that was solved by that.
3174
3175 2011-07-29  Filip Pizlo  <fpizlo@apple.com>
3176
3177         JSC GC zombie support no longer works, and is likely no longer needed.
3178         https://bugs.webkit.org/show_bug.cgi?id=65404
3179
3180         Reviewed by Darin Adler.
3181         
3182         This removes zombies, because they no longer work, are not tested, are
3183         probably not needed, and are getting in the way of GC optimization
3184         work.
3185
3186         * JavaScriptCore.xcodeproj/project.pbxproj:
3187         * heap/Handle.h:
3188         (JSC::HandleConverter::operator->):
3189         (JSC::HandleConverter::operator*):
3190         * heap/HandleHeap.cpp:
3191         (JSC::HandleHeap::isValidWeakNode):
3192         * heap/Heap.cpp:
3193         (JSC::Heap::destroy):
3194         (JSC::Heap::collect):
3195         * heap/MarkedBlock.cpp:
3196         (JSC::MarkedBlock::sweep):
3197         * heap/MarkedBlock.h:
3198         (JSC::MarkedBlock::clearMarks):
3199         * interpreter/Register.h:
3200         (JSC::Register::Register):
3201         (JSC::Register::operator=):
3202         * runtime/ArgList.h:
3203         (JSC::MarkedArgumentBuffer::append):
3204         (JSC::ArgList::ArgList):
3205         * runtime/JSCell.cpp:
3206         (JSC::isZombie):
3207         * runtime/JSCell.h:
3208         * runtime/JSGlobalData.cpp:
3209         (JSC::JSGlobalData::JSGlobalData):
3210         (JSC::JSGlobalData::clearBuiltinStructures):
3211         * runtime/JSGlobalData.h:
3212         * runtime/JSValue.h:
3213         * runtime/JSValueInlineMethods.h:
3214         (JSC::JSValue::JSValue):
3215         * runtime/JSZombie.cpp: Removed.
3216         * runtime/JSZombie.h: Removed.
3217         * runtime/WriteBarrier.h:
3218         (JSC::WriteBarrierBase::setEarlyValue):
3219         (JSC::WriteBarrierBase::operator*):
3220         (JSC::WriteBarrierBase::setWithoutWriteBarrier):
3221         * wtf/Platform.h:
3222
3223 2011-07-29  Filip Pizlo  <fpizlo@apple.com>
3224
3225         DFG JIT verbose mode provides no details about predictions
3226         https://bugs.webkit.org/show_bug.cgi?id=65389
3227
3228         Reviewed by Darin Adler.
3229         
3230         Added a print-out of the predictions to the IR dump, with names as follows:
3231         "p-bottom" = the parser made no predictions
3232         "p-int32" = the parser predicted int32
3233         ... (same for array, cell, double, number)
3234         "p-top" = the parser made conflicting predictions which will be ignored.
3235
3236         * dfg/DFGGraph.cpp:
3237         (JSC::DFG::Graph::dump):
3238         * dfg/DFGGraph.h:
3239         (JSC::DFG::predictionToString):
3240
3241 2011-07-29  Filip Pizlo  <fpizlo@apple.com>
3242
3243         DFG JIT does not have any way of undoing double speculation.
3244         https://bugs.webkit.org/show_bug.cgi?id=65334
3245
3246         Reviewed by Gavin Barraclough.
3247         
3248         This adds code to do a branchConvertDoubleToInt on specualtion failure.
3249         This is performance-neutral on most benchmarks but does result in
3250         a slight improvement in Kraken.
3251
3252         * dfg/DFGJITCompiler.cpp:
3253         (JSC::DFG::GeneralizedRegister::moveTo):
3254         (JSC::DFG::GeneralizedRegister::swapWith):
3255         (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
3256         (JSC::DFG::ShuffledRegister::handleCyclingPermutation):
3257         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
3258
3259 2011-07-29  Filip Pizlo  <fpizlo@apple.com>
3260
3261         Crash when opening docs.google.com
3262         https://bugs.webkit.org/show_bug.cgi?id=65327
3263
3264         Reviewed by Gavin Barraclough.
3265         
3266         The speculative JIT was only checking whether a value is an array when
3267         we had already checked that it was, rather then when we hadn't.
3268
3269         * dfg/DFGSpeculativeJIT.cpp:
3270         (JSC::DFG::SpeculativeJIT::compile):
3271
3272 2011-07-28  Oliver Hunt  <oliver@apple.com>
3273
3274         *_list instructions are only used in one place, where the code is wrong.
3275         https://bugs.webkit.org/show_bug.cgi?id=65348
3276
3277         Reviewed by Darin Adler.
3278
3279         Simply remove the instructions and all users.  Speeds up the interpreter
3280         slightly due to code motion, but otherwise has no effect (because none
3281         of the _list instructions are ever used).
3282
3283         * bytecode/CodeBlock.cpp:
3284         (JSC::isPropertyAccess):
3285         (JSC::CodeBlock::dump):
3286         (JSC::CodeBlock::visitStructures):
3287         * bytecode/Instruction.h:
3288         * bytecode/Opcode.h:
3289         * interpreter/Interpreter.cpp:
3290         (JSC::Interpreter::privateExecute):
3291         * jit/JIT.cpp:
3292         (JSC::JIT::privateCompileMainPass):
3293
3294 2011-07-28  Gavin Barraclough  <barraclough@apple.com>
3295
3296         https://bugs.webkit.org/show_bug.cgi?id=65325
3297         Performance tweak to parseInt
3298
3299         Reviewed by Oliver Hunt.
3300
3301         * runtime/JSGlobalObjectFunctions.cpp:
3302         (JSC::globalFuncParseInt):
3303             - This change may an existing optimization redundant,
3304               cleanup from Darin's comments, plus fix existing bugs.
3305
3306 2011-07-28  Gavin Barraclough  <barraclough@apple.com>
3307
3308         https://bugs.webkit.org/show_bug.cgi?id=65325
3309         Performance tweak to parseInt
3310
3311         Reviewed by Oliver Hunt.
3312
3313         * runtime/JSGlobalObjectFunctions.cpp:
3314         (JSC::globalFuncParseInt):
3315             - parseInt applied to small positive numbers = floor.
3316
3317 2011-07-28  Dan Bernstein  <mitz@apple.com>
3318
3319         Build fix.
3320
3321         * runtime/Executable.cpp:
3322         (JSC::FunctionExecutable::compileForCallInternal):
3323
3324 2011-07-28  Kent Tamura  <tkent@chromium.org>
3325
3326         Improve StringImpl::stripWhiteSpace() and simplifyWhiteSpace().
3327         https://bugs.webkit.org/show_bug.cgi?id=65300
3328
3329         Reviewed by Darin Adler.
3330
3331         r91837 had performance regression of StringImpl::stripWhiteSpace()
3332         and simplifyWhiteSpace(). This changes the code so that compilers
3333         generates code equivalent to r91836 or piror.
3334
3335         * wtf/text/StringImpl.cpp:
3336         (WTF::StringImpl::stripMatchedCharacters):
3337         A template member function for stripWhiteSpace(). This function takes a functor.
3338         (WTF::UCharPredicate):
3339         A functor for generic predicate for single UChar argument.
3340         (WTF::SpaceOrNewlinePredicate):
3341         A special functor for isSpaceOrNewline().
3342         (WTF::StringImpl::stripWhiteSpace):
3343         Use stripmatchedCharacters().
3344         (WTF::StringImpl::simplifyMatchedCharactersToSpace):
3345         A template member function for simplifyWhiteSpace().
3346         (WTF::StringImpl::simplifyWhiteSpace):
3347         Use simplifyMatchedCharactersToSpace().
3348         * wtf/text/StringImpl.h:
3349
3350 2011-07-27  Dmitry Lomov  <dslomov@google.com>
3351
3352         [chromium] Turn on WTF_MULTIPLE_THREADS.
3353         https://bugs.webkit.org/show_bug.cgi?id=61017
3354         The patch turns on WTF_MULTIPLE_THREADS in chromium and 
3355         pushes some relevant initializations from JSC::initializeThreading
3356         to WTF::initializeThreading.
3357
3358         Reviewed by David Levin.
3359
3360         * runtime/InitializeThreading.cpp:
3361         (JSC::initializeThreadingOnce):
3362         * wtf/FastMalloc.cpp:
3363         (WTF::isForbidden):
3364         (WTF::fastMallocForbid):
3365         (WTF::fastMallocAllow):
3366         * wtf/Platform.h:
3367         * wtf/ThreadingPthreads.cpp:
3368         (WTF::initializeThreading):
3369         * wtf/ThreadingWin.cpp:
3370         (WTF::initializeThreading):
3371         * wtf/gtk/ThreadingGtk.cpp:
3372         (WTF::initializeThreading):
3373         * wtf/qt/ThreadingQt.cpp:
3374         (WTF::initializeThreading):
3375
3376 2011-07-27  Mark Hahnenberg  <mhahnenberg@apple.com>
3377
3378         Remove operator new from JSCell
3379         https://bugs.webkit.org/show_bug.cgi?id=64999
3380
3381         Reviewed by Oliver Hunt.
3382
3383         Removed the implementation of operator new in JSCell, so any further uses
3384         will not successfully link.  Also removed any remaining uses of operator new.
3385
3386         * API/JSContextRef.cpp:
3387         * debugger/DebuggerActivation.h:
3388         (JSC::DebuggerActivation::create):
3389         * interpreter/Interpreter.cpp:
3390         (JSC::Interpreter::execute):
3391         (JSC::Interpreter::createExceptionScope):
3392         (JSC::Interpreter::privateExecute):
3393         * jit/JITStubs.cpp:
3394         (JSC::DEFINE_STUB_FUNCTION):
3395         * runtime/JSCell.h:
3396         * runtime/JSGlobalObject.h:
3397         (JSC::JSGlobalObject::create):
3398         * runtime/JSStaticScopeObject.h:
3399         (JSC::JSStaticScopeObject::create):
3400         (JSC::JSStaticScopeObject::JSStaticScopeObject):
3401         * runtime/StrictEvalActivation.h:
3402         (JSC::StrictEvalActivation::create):
3403
3404 2011-07-27  Filip Pizlo  <fpizlo@apple.com>
3405
3406         DFG graph has no notion of double prediction.
3407         https://bugs.webkit.org/show_bug.cgi?id=65234
3408
3409         Reviewed by Gavin Barraclough.
3410         
3411         Added the notion of PredictDouble, and PredictNumber, which is the least
3412         upper bound of PredictInt32 and PredictDouble.  Least upper bound is
3413         defined as the bitwise-or of two predictions.  Bottom is defined as 0,
3414         and Top is defined as all bits being set.  Added the ability to explicitly
3415         distinguish between a node having had a prediction associated with it,
3416         and that prediction still being valid (i.e. no conflicting predictions
3417         have also been added).  Used this to guard the speculative JIT from
3418         speculating Int32 in cases where the graph knows that the value is
3419         double, which currently only happens for GetLocal nodes on arguments
3420         which were double at compile-time.
3421
3422         * dfg/DFGGraph.cpp:
3423         (JSC::DFG::Graph::predictArgumentTypes):
3424         * dfg/DFGGraph.h:
3425         (JSC::DFG::isCellPrediction):
3426         (JSC::DFG::isArrayPrediction):
3427         (JSC::DFG::isInt32Prediction):
3428         (JSC::DFG::isDoublePrediction):
3429         (JSC::DFG::isNumberPrediction):
3430         * dfg/DFGSpeculativeJIT.cpp:
3431         (JSC::DFG::SpeculativeJIT::compile):
3432         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
3433         (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
3434         * dfg/DFGSpeculativeJIT.h:
3435         (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
3436
3437 2011-07-27  Gavin Barraclough  <barraclough@apple.com>
3438
3439         https://bugs.webkit.org/show_bug.cgi?id=65294
3440         DFG JIT - may speculate based on wrong arguments.
3441
3442         Reviewed by Oliver Hunt
3443
3444         In the case of a DFG compiled function calling to and compiling a second function that
3445         also compiles through the DFG JIT (i.e. compilation triggered with DFGOperations.cpp),
3446         we call compileFor passing the caller functions exec state, rather than the callee's.
3447         This may lead to mis-optimization, since the DFG compiler will example the exec state's
3448         arguments on the assumption that these will be passed to the callee - it is wanting the
3449         callee exec state, not the caller's exec state.
3450
3451         Fixing this for all cases of compilation is tricksy, due to the way the numeric sort
3452         function is compiled, & the structure of the calls in the Interpreter::execute methods.
3453         Only fix for compilation from the JIT, in other calls don't speculate based on arguments
3454         for now.
3455
3456         * dfg/DFGOperations.cpp:
3457         * runtime/Executable.cpp:
3458         (JSC::tryDFGCompile):
3459         (JSC::tryDFGCompileFunction):
3460         (JSC::FunctionExecutable::compileForCallInternal):
3461         * runtime/Executable.h:
3462         (JSC::FunctionExecutable::compileForCall):