[WebKit-https.git] / Source / JavaScriptCore / ChangeLog

2011-06-04  Kevin Ollivier  <kevino@theolliviers.com>

        [wx] Unreviewed build fix. Restore the PPC build and allow users to specify architectures
        to build on Mac.

        * wtf/Platform.h:

2011-06-04  Gustavo Noronha Silva  <gns@gnome.org>

        Unreviewed, MIPS build fix.

        WebKitGTK+ tarball fails to build on MIPS.
        https://buildd.debian.org/status/fetch.php?pkg=webkitgtk%2B&arch=mips&ver=1.4.0-1&stamp=1304786691

        * GNUmakefile.list.am: Add missing MIPS-related file to the list
        of files that are added to the tarball on make dist, and fix
        sorting.

2011-06-04  Sam Weinig  <sam@webkit.org>

        Reviewed by Darin Adler.

        Fix formatting of the output generated by KeywordLookupGenerator.py
        https://bugs.webkit.org/show_bug.cgi?id=62083

        - Uses correct year for copyright.
        - Puts ending brace on same line as "else if"
        - Puts starting brace of function on its own line.
        - Adds some tasteful whitespace.
        - Adds comments to make clear that scopes are ending
        - Make macros actually split on two lines.

        * KeywordLookupGenerator.py:

2011-06-04  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        KeywordLookupGenerator.py spams stdout in Chromium Linux build
        https://bugs.webkit.org/show_bug.cgi?id=62087

        This action does not appear to be needed.

        * JavaScriptCore.gyp/JavaScriptCore.gyp:

2011-06-03  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej Stachowiak.

        Lexer needs to provide Identifier for reserved words
        https://bugs.webkit.org/show_bug.cgi?id=62086

        Alas it is necessary to provide an Identifier reference for keywords
        so that we can do the right thing when they're used in object literals.
        We now keep Identifiers for all reserved words in the CommonIdentifiers
        structure so that we can access them without a hash lookup.

        * KeywordLookupGenerator.py:
        * parser/Lexer.cpp:
        (JSC::Lexer::parseIdentifier):
        * parser/Lexer.h:
        * runtime/CommonIdentifiers.cpp:
        (JSC::CommonIdentifiers::CommonIdentifiers):
        * runtime/CommonIdentifiers.h:

2011-06-03  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Sam Weinig.

        Add debug code to break on speculation failures.

        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
        (JSC::DFG::JITCompiler::compileFunction):
        * dfg/DFGNode.h:

2011-06-03  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Sam Weinig.

        https://bugs.webkit.org/show_bug.cgi?id=62082
        DFG JIT - bug passing arguments that need swap

        This is really just a typo.
        When setting up the arguments for a call out to a C operation, we'll
        fail to swap arguments where this is necessary. For example, in the
        case of 2 arg calls, where the first argument is in %rdx & the second
        is in %rsi we should swap (exec will be passed in %rdi), but we don't.

        This can also affect function calls passing three arguments.

        * dfg/DFGJITCodeGenerator.h:
        (JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
            - Call swap with the correct arguments.

2011-06-03  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        Force inlining of some hot lexer functions
        https://bugs.webkit.org/show_bug.cgi?id=62079

        Fix more GCC stupidity

        * parser/Lexer.h:
        (JSC::Lexer::isWhiteSpace):
        (JSC::Lexer::isLineTerminator):

2011-06-03  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        GCC not inlining some functions that it really should be
        https://bugs.webkit.org/show_bug.cgi?id=62075

        Add ALWAYS_INLINE to a number of parsing and lexing functions
        that should always be inlined.  This gets us ~1.4% on my ad hoc
        parser test.

        * KeywordLookupGenerator.py:
        * parser/JSParser.cpp:
        (JSC::JSParser::next):
        (JSC::JSParser::nextTokenIsColon):
        (JSC::JSParser::consume):
        (JSC::JSParser::match):
        (JSC::JSParser::tokenStart):
        (JSC::JSParser::tokenLine):
        (JSC::JSParser::tokenEnd):
        * parser/Lexer.cpp:
        (JSC::isIdentPart):

2011-06-03  Oliver Hunt  <oliver@apple.com>

        Whoops, fix last minute bug.

        * parser/Lexer.cpp:
        (JSC::Lexer::parseIdentifier):

2011-06-03  Martin Robinson  <mrobinson@igalia.com>

        Try to fix the GTK+ build.

        * GNUmakefile.am: Clean up some spaces that should be tabs.
        * GNUmakefile.list.am: Add KeywordLookup.h to the source list
        and clean up some spaces that should be tabs.

2011-06-03  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Improve keyword lookup
        https://bugs.webkit.org/show_bug.cgi?id=61913

        Rather than doing multiple hash lookups as we currently
        do when trying to identify keywords we now use an 
        automatically generated decision tree (essentially it's
        a hard coded patricia trie).  We still use the regular
        lookup table for the last few characters of an input as
        this allows us to completely skip all bounds checks.

        * CMakeLists.txt:
        * DerivedSources.make:
        * DerivedSources.pro:
        * GNUmakefile.am:
        * JavaScriptCore.gyp/JavaScriptCore.gyp:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * KeywordLookupGenerator.py: Added.
        * make-generated-sources.sh:
        * parser/Lexer.cpp:
        (JSC::Lexer::internalShift):
        (JSC::Lexer::shift):
        (JSC::Lexer::parseIdentifier):
        * parser/Lexer.h:

2011-06-03  Siddharth Mathur  <siddharth.mathur@nokia.com>

        Reviewed by Benjamin Poulain.

        [Qt] Build flag for experimental ICU library support
        https://bugs.webkit.org/show_bug.cgi?id=60786

        Adds a build-time flag (CONFIG+=use_system_icu) that enables experimental 
        ICU powered Unicode support. 

        * JavaScriptCore.pri: Support for use_system_icu CONFIG flag.
        * wtf/unicode/qt4/UnicodeQt4.h: Guard an include file with USE(ICU_UNICODE). 

2011-06-03  Alexis Menard  <alexis.menard@openbossa.org>

        Reviewed by Benjamin Poulain.

        [Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6.
        https://bugs.webkit.org/show_bug.cgi?id=61957

        When building inside the Qt source tree, qmake always append the mkspecs
        defines after ours. We have to workaround and make sure that we append 
        our flags after the qmake variable used inside Qt. This workaround was provided 
        by our qmake folks. We need to append in both case because qmake behave differently
        when called with -spec or via SUBDIR+=. This patch unbreak r87950 on Mac for Qt port.

        * JavaScriptCore.pro:

2011-06-02  Jay Civelli  <jcivelli@chromium.org>

        Reviewed by Adam Barth.

        Added a method to generate RFC 2822 compliant date strings.
        https://bugs.webkit.org/show_bug.cgi?id=7169

        * wtf/DateMath.cpp:
        (WTF::twoDigitStringFromNumber):
        (WTF::makeRFC2822DateString):
        * wtf/DateMath.h:

2011-06-02  Alexis Menard  <alexis.menard@openbossa.org>

        Reviewed by Andreas Kling.

        [Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6.
        https://bugs.webkit.org/show_bug.cgi?id=61957

        When building inside the Qt source tree, qmake always append the mkspecs
        defines after ours. We have to workaround and make sure that we append  
        our flags after the qmake variable used inside Qt. This workaround was provided
        by our qmake folks.

        * JavaScriptCore.pro:

2011-06-01  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Add single character lookup cache to IdentifierArena
        https://bugs.webkit.org/show_bug.cgi?id=61879

        Add a simple lookup cache for single ascii character
        identifiers.  Produces around a 2% improvement in parse
        time for my adhoc parser test.

        * parser/ParserArena.h:
        (JSC::IdentifierArena::IdentifierArena):
        (JSC::IdentifierArena::clear):
        (JSC::IdentifierArena::makeIdentifier):

2011-05-31  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Freezing a function and its prototype causes browser to crash.
        https://bugs.webkit.org/show_bug.cgi?id=61758

        Make JSObject::preventExtensions virtual so that we can override it
        and instantiate all lazy

        * JavaScriptCore.exp:
        * runtime/JSFunction.cpp:
        (JSC::createPrototypeProperty):
        (JSC::JSFunction::preventExtensions):
        (JSC::JSFunction::getOwnPropertySlot):
        * runtime/JSFunction.h:
        * runtime/JSObject.h:
        * runtime/JSObject.cpp:
        (JSC::JSObject::seal):
        (JSC::JSObject::seal):

2011-06-01  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r87788.
        http://trac.webkit.org/changeset/87788
        https://bugs.webkit.org/show_bug.cgi?id=61856

        breaks windows chromium canary (Requested by jknotten on
        #webkit).

        * wtf/DateMath.cpp:
        (WTF::timeClip):
        * wtf/DateMath.h:

2011-06-01  Jay Civelli  <jcivelli@chromium.org>

        Reviewed by Adam Barth.

        Added a method to generate RFC 2822 compliant date strings.
        https://bugs.webkit.org/show_bug.cgi?id=7169

        * wtf/DateMath.cpp:
        (WTF::twoDigitStringFromNumber):
        (WTF::makeRFC2822DateString):
        * wtf/DateMath.h:

2011-05-31  Yong Li  <yoli@rim.com>

        Reviewed by Eric Seidel.

        https://bugs.webkit.org/show_bug.cgi?id=54807
        We have been assuming plain bitfields (like "int a : 31") are always signed integers.
        However some compilers can treat them as unsigned. For example, RVCT 4.0 states plain
        bitfields (declared without either signed or unsigned qualifiers) are treats as unsigned.
        http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0348c/Babjddhe.html
        Although we can use "--signed-bitfields" flag to make RVCT 4.0 behave as most other compilers,
        always using "signed"/"unsigned" qualifier to declare integral type bitfields is still a good
        rule we should have in order to make our code independent from compilers and compiler flags.

        No new test added because this change is not known to fix any issue.

        * bytecode/StructureStubInfo.h:

2011-05-30  Hojong Han  <hojong.han@samsung.com>

        Reviewed by Geoffrey Garen.

        [JSC] malfunction during arithmetic condition check with negative number (-2147483648)
        https://bugs.webkit.org/show_bug.cgi?id=61416

        * assembler/MacroAssemblerARM.h:
        (JSC::MacroAssemblerARM::branch32):
        * tests/mozilla/ecma/Expressions/11.12-1.js:
        (getTestCases):

2011-05-29  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Sam Weinig.

        Some heap refactoring
        https://bugs.webkit.org/show_bug.cgi?id=61704
        
        SunSpider says no change.

        * JavaScriptCore.exp: Export!

        * heap/Heap.cpp: COLLECT_ON_EVERY_ALLOCATION can actually do so now.

        (JSC::Heap::Heap): Changed Heap sub-objects to point to the heap.

        (JSC::Heap::allocate): Changed inline allocation code to only select the
        size class, since this can be optimized out at compile time -- everything
        else is now inlined into this out-of-line function.
        
        No need to duplicate ASSERTs made in our caller.

        * heap/Heap.h:
        (JSC::Heap::heap):
        (JSC::Heap::isMarked):
        (JSC::Heap::testAndSetMarked):
        (JSC::Heap::testAndClearMarked):
        (JSC::Heap::setMarked): Call directly into MarkedBlock instead of adding
        a layer of indirection through MarkedSpace.

        (JSC::Heap::allocate): See above.

        * heap/MarkedBlock.cpp:
        (JSC::MarkedBlock::create):
        (JSC::MarkedBlock::MarkedBlock):
        * heap/MarkedBlock.h: Changed Heap sub-objects to point to the heap.

        * heap/MarkedSpace.cpp:
        (JSC::MarkedSpace::MarkedSpace):
        (JSC::MarkedSpace::allocateBlock):
        * heap/MarkedSpace.h:
        (JSC::MarkedSpace::allocate): Updated to match changes above.

2011-05-28  David Kilzer  <ddkilzer@apple.com>

        BUILD FIX when building only the interpreter

        Fixes the following compiler warning:

            JavaScriptCore/runtime/JSGlobalData.cpp:462:6: error: no previous prototype for function 'releaseExecutableMemory' [-Werror,-Wmissing-prototypes,3]
             void releaseExecutableMemory(JSGlobalData& globalData)
                  ^

        * jit/ExecutableAllocator.h: Moved declaration of
        JSC::releaseExecutableMemory().

2011-05-28  David Kilzer  <ddkilzer@apple.com>

        BUILD FIX after r87527 with ENABLE(BRANCH_COMPACTION)

        * assembler/LinkBuffer.h:
        (JSC::LinkBuffer::linkCode): Added missing argument.

2011-05-27  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        JS API is too aggressive about throwing exceptions for NULL get or set operations
        https://bugs.webkit.org/show_bug.cgi?id=61678

        * API/JSCallbackObject.h: Changed our staticValueGetter to a regular
        function that returns a JSValue, so it can fail and still forward to
        normal property lookup.

        * API/JSCallbackObjectFunctions.h:
        (JSC::::getOwnPropertySlot): Don't throw an exception when failing to
        access a static property -- just forward the access. This allows objects
        to observe get/set operations but still let the JS object manage lifetime.

        (JSC::::put): Ditto.

        (JSC::::getStaticValue): Same as JSCallbackObject.h.

        * API/tests/testapi.c:
        (MyObject_set_nullGetForwardSet):
        * API/tests/testapi.js: Updated tests to reflect slightly less strict
        behavior, which matches headerdoc claims.

2011-05-27  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Property caching is too aggressive for API objects
        https://bugs.webkit.org/show_bug.cgi?id=61677

        * API/JSCallbackObject.h: Opt in to ProhibitsPropertyCaching, since our
        callback APIs allow the client to change its mind about our propertis at
        any time.

        * API/tests/testapi.c:
        (PropertyCatchalls_getProperty):
        (PropertyCatchalls_setProperty):
        (PropertyCatchalls_getPropertyNames):
        (PropertyCatchalls_class):
        (main):
        * API/tests/testapi.js: Some tests for dynamic API objects.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::tryCachePutByID):
        (JSC::Interpreter::tryCacheGetByID):
        * jit/JITStubs.cpp:
        (JSC::JITThunks::tryCachePutByID):
        (JSC::JITThunks::tryCacheGetByID):
        (JSC::DEFINE_STUB_FUNCTION): Opt out of property caching if the client
        requires it.

        * runtime/JSTypeInfo.h:
        (JSC::TypeInfo::TypeInfo):
        (JSC::TypeInfo::isFinal):
        (JSC::TypeInfo::prohibitsPropertyCaching):
        (JSC::TypeInfo::flags): Added a flag to track opting out of property
        caching. Fixed an "&&" vs "&" typo that was previously harmless, but
        is now harmful since m_flags2 can have more than one bit set.

2011-05-27  Stephanie Lewis  <slewis@apple.com>

        Unreviewed.

        Fix a typo in the order_file flag.

        * Configurations/Base.xcconfig:

2011-05-27  Patrick Gansterer  <paroga@webkit.org>

        Unreviewed. Build fix for !ENABLE(ASSEMBLER) after r87527.

        * runtime/JSGlobalData.cpp:
        (JSGlobalData::JSGlobalData):

2011-05-27  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Add a few validity assertions to JSCallbackObject
        https://bugs.webkit.org/show_bug.cgi?id=61659

        * API/JSCallbackObject.h:
        (JSC::JSCallbackObject::visitChildren):

2011-05-27  Oliver Hunt  <oliver@apple.com>

        Build fix

        * runtime/RegExpCache.cpp:
        (JSC::RegExpCache::invalidateCode):

2011-05-27  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Try to release unused executable memory when the FixedVMPool allocator is under pressure
        https://bugs.webkit.org/show_bug.cgi?id=61651

        Rather than crashing when full the FixedVMPool allocator now returns a null
        allocation.  We replace the code that used to CRASH() on null allocations
        with logic that asks the provided globalData to release any executable memory
        that it can.  Currently this just means throwing away all regexp code, but
        in future we'll try to be more aggressive.

        * assembler/ARMAssembler.cpp:
        (JSC::ARMAssembler::executableCopy):
        * assembler/ARMAssembler.h:
        * assembler/AssemblerBuffer.h:
        (JSC::AssemblerBuffer::executableCopy):
        * assembler/AssemblerBufferWithConstantPool.h:
        * assembler/LinkBuffer.h:
        (JSC::LinkBuffer::LinkBuffer):
        (JSC::LinkBuffer::linkCode):
        * assembler/MIPSAssembler.h:
        (JSC::MIPSAssembler::executableCopy):
        * assembler/SH4Assembler.h:
        (JSC::SH4Assembler::executableCopy):
        * assembler/X86Assembler.h:
        (JSC::X86Assembler::executableCopy):
        (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::compileFunction):
        * jit/ExecutableAllocator.h:
        (JSC::ExecutablePool::create):
        (JSC::ExecutablePool::alloc):
        (JSC::ExecutableAllocator::ExecutableAllocator):
        (JSC::ExecutableAllocator::poolForSize):
        (JSC::ExecutablePool::ExecutablePool):
        (JSC::ExecutablePool::poolAllocate):
        * jit/ExecutableAllocatorFixedVMPool.cpp:
        (JSC::FixedVMPoolAllocator::alloc):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompile):
        * jit/JITOpcodes.cpp:
        (JSC::JIT::privateCompileCTIMachineTrampolines):
        * jit/JITOpcodes32_64.cpp:
        (JSC::JIT::privateCompileCTIMachineTrampolines):
        (JSC::JIT::privateCompileCTINativeCall):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::stringGetByValStubGenerator):
        (JSC::JIT::privateCompilePutByIdTransition):
        (JSC::JIT::privateCompilePatchGetArrayLength):
        (JSC::JIT::privateCompileGetByIdProto):
        (JSC::JIT::privateCompileGetByIdSelfList):
        (JSC::JIT::privateCompileGetByIdProtoList):
        (JSC::JIT::privateCompileGetByIdChainList):
        (JSC::JIT::privateCompileGetByIdChain):
        * jit/JITPropertyAccess32_64.cpp:
        (JSC::JIT::stringGetByValStubGenerator):
        (JSC::JIT::privateCompilePutByIdTransition):
        (JSC::JIT::privateCompilePatchGetArrayLength):
        (JSC::JIT::privateCompileGetByIdProto):
        (JSC::JIT::privateCompileGetByIdSelfList):
        (JSC::JIT::privateCompileGetByIdProtoList):
        (JSC::JIT::privateCompileGetByIdChainList):
        (JSC::JIT::privateCompileGetByIdChain):
        * jit/SpecializedThunkJIT.h:
        (JSC::SpecializedThunkJIT::finalize):
        * jit/ThunkGenerators.cpp:
        (JSC::charCodeAtThunkGenerator):
        (JSC::charAtThunkGenerator):
        (JSC::fromCharCodeThunkGenerator):
        (JSC::sqrtThunkGenerator):
        (JSC::powThunkGenerator):
        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        (JSC::JSGlobalData::releaseExecutableMemory):
        (JSC::releaseExecutableMemory):
        * runtime/JSGlobalData.h:
        * runtime/RegExpCache.cpp:
        (JSC::RegExpCache::invalidateCode):
        * runtime/RegExpCache.h:
        * yarr/YarrJIT.cpp:
        (JSC::Yarr::YarrGenerator::compile):

2011-05-26  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Optimized ConservativeSet to avoid double-visiting objects
        https://bugs.webkit.org/show_bug.cgi?id=61592
        
        SunSpider thinks this might be a 1% speedup

        * heap/ConservativeRoots.h:
        (JSC::ConservativeRoots::add): Use testAndClearMarked to avoid double-visiting
        an object.

        * heap/Heap.h:
        (JSC::Heap::isMarked):
        (JSC::Heap::testAndSetMarked):
        (JSC::Heap::testAndClearMarked):
        (JSC::Heap::setMarked): Added testAndClearMarked. Changed argument type
        to void*, since clients want to ask questions about arbitrary pointers
        into the heap, even when they aren't known to be JSCells.

        * heap/MarkedBlock.h:
        (JSC::MarkedBlock::testAndClearMarked):
        * heap/MarkedSpace.h:
        (JSC::MarkedSpace::isMarked):
        (JSC::MarkedSpace::testAndSetMarked):
        (JSC::MarkedSpace::testAndClearMarked):
        (JSC::MarkedSpace::setMarked):
        (JSC::MarkedSpace::contains): Ditto.

        * wtf/Bitmap.h:
        (WTF::::testAndClear): New function for ConservativeRoots's inverted
        marking pass.

2011-05-27  Stephanie Lewis  <slewis@apple.com>

        Rubber Stamped by Adam Roben.

        Update Order Files.  Use -order_file flag since it can order more of the binary.

        * Configurations/Base.xcconfig:
        * JavaScriptCore.order:

2011-05-26  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Renamed heapRootMarker to heapRootVisitor to match its class name
        https://bugs.webkit.org/show_bug.cgi?id=61584

        * heap/Heap.cpp:
        (JSC::Heap::markProtectedObjects):
        (JSC::Heap::markTempSortVectors):
        (JSC::Heap::markRoots):

2011-05-26  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Removed some interdependency between Heap and SmallStrings by simplifying
        the SmallStrings lifetime model
        https://bugs.webkit.org/show_bug.cgi?id=61579
        
        SunSpider reports no change.
        
        Using Weak<T> could accomplish this too, but we're not sure it will give
        us the performance we need. This is a first step, and it accomplishes
        most of the value of using Weak<T>.

        * heap/Heap.cpp:
        (JSC::Heap::destroy):
        (JSC::Heap::markRoots):
        (JSC::Heap::reset): Finalize small strings just like other weak handles.

        * runtime/SmallStrings.cpp:
        (JSC::finalize):
        (JSC::SmallStrings::finalizeSmallStrings):
        * runtime/SmallStrings.h: Make all small strings trivially weak, instead
        of having an "all for one, one for all" memory model.

2011-05-26  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Make RegExpCache a weak map
        https://bugs.webkit.org/show_bug.cgi?id=61554

        Switch to a weak map for the regexp cache, and hide that
        behaviour behind RegExp::create.

        When a RegExp is compiled it attempts to add itself to
        the "strong" cache.  This cache is a simple round-robin
        buffer as was the old strong cache.  Happily this can
        be smaller than the old strong cache as RegExps are only
        added when they're compiled so it is under less pressure
        to evict.

        * bytecompiler/NodesCodegen.cpp:
        (JSC::RegExpNode::emitBytecode):
        * runtime/RegExp.cpp:
        (JSC::RegExp::RegExp):
        (JSC::RegExp::create):
        (JSC::RegExp::match):
        * runtime/RegExp.h:
        (JSC::RegExp::gcShouldInvalidateCode):
        (JSC::RegExp::hasCode):
        (JSC::RegExp::key):
        * runtime/RegExpCache.cpp:
        (JSC::RegExpCache::lookupOrCreate):
        (JSC::RegExpCache::RegExpCache):
        (JSC::RegExpCache::isReachableFromOpaqueRoots):
        (JSC::RegExpCache::finalize):
        * runtime/RegExpCache.h:
        * runtime/RegExpConstructor.cpp:
        (JSC::constructRegExp):
        * runtime/RegExpPrototype.cpp:
        (JSC::regExpProtoFuncCompile):
        * runtime/StringPrototype.cpp:
        (JSC::stringProtoFuncMatch):
        (JSC::stringProtoFuncSearch):

2011-05-26  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Moved Heap-related functions out of JSCell.h and into respective header files
        https://bugs.webkit.org/show_bug.cgi?id=61567

        * heap/Heap.h:
        (JSC::Heap::allocate):
        (JSC::Heap::heap):
        * heap/MarkedBlock.h:
        (JSC::MarkedBlock::allocate):
        * heap/MarkedSpace.h:
        (JSC::MarkedSpace::sizeClassFor):
        (JSC::MarkedSpace::allocate):
        * runtime/JSCell.h:
        (JSC::JSCell::destructor):

2011-05-26  Geoffrey Garen  <ggaren@apple.com>

        Try to fix Windows build.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2011-05-26  Ryosuke Niwa  <rniwa@webkit.org>

        Reviewed by Eric Seidel.

        [debug feature] WTFString should have show() method
        https://bugs.webkit.org/show_bug.cgi?id=61149

        Added String::show and AtomicString::show in NDEBUG.

        * wtf/text/AtomicString.cpp:
        (WTF::AtomicString::show):
        * wtf/text/AtomicString.h:
        * wtf/text/WTFString.cpp:
        (String::show):
        * wtf/text/WTFString.h:

2011-05-26  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Geoffrey Garen.

        Factored out some Heap ASSERTs
        https://bugs.webkit.org/show_bug.cgi?id=61565

        * JavaScriptCore.exp:
        * heap/Heap.cpp:
        (JSC::isValidSharedInstanceThreadState):
        (JSC::isValidThreadState):
        (JSC::Heap::markRoots):
        (JSC::Heap::isValidAllocation):
        * heap/Heap.h:
        * runtime/JSCell.h:
        (JSC::JSCell::Heap::allocate):

2011-05-26  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoff Garen.

        https://bugs.webkit.org/show_bug.cgi?id=61508
        DFG JIT - Add support for get by id self caching.

        Change the call out to be an unexpected call (using silent spill/fill functions),
        add a structure check & compact load to the JIT code, and add repatching mechanisms.
        Since DFGOperations may want to be be implemented in asm, make these symbols be extern
        "C". Add an asm wrapper to pass the return address to the optimizing get-by-id operation,
        so that it can look up its StructureStubInfo.

        * JavaScriptCore.xcodeproj/project.pbxproj:
            - Added new files.
        * bytecode/StructureStubInfo.h:
            - Added 'unset' entries to union.
        * dfg/DFGJITCodeGenerator.h:
        (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheck):
            - Return the call, we need this to populate the StructureStubInfo.
        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::compileFunction):
            - Populate the CodebBlock's StructureStubInfo Vector.
        * dfg/DFGJITCompiler.h:
        (JSC::DFG::JITCompiler::appendCallWithExceptionCheck):
            - Return the call, we need this to populate the StructureStubInfo.
        (JSC::DFG::JITCompiler::addPropertyAccess):
        (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
            - Add structures to record property access info during compilation.
        * dfg/DFGOperations.cpp:
            - Made all external methods extern "C".
        (JSC::DFG::operationPutByValInternal):
            - Moved outside of the extern "C" block.
        * dfg/DFGOperations.h:
            - Made all external methods extern "C".
        * dfg/DFGRepatch.cpp: Added.
        (JSC::DFG::dfgRepatchCall):
            - repatch a call to link to a new callee function.
        (JSC::DFG::dfgRepatchGetByIdSelf):
            - Modify the JIT code to optimize self accesses.
        (JSC::DFG::tryCacheGetByID):
            - Internal implementation of dfgRepatchGetByID (factor out failing cases).
        (JSC::DFG::dfgRepatchGetByID):
            - Used to optimize 'operationGetByIdOptimize' - repatches to 'operationGetById', and tries to optimize self accesses!
        * dfg/DFGRepatch.h: Added.
            - Expose dfgRepatchGetByID.
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
            - Changed implementation of GetById ops.

2011-05-26  Geoffrey Garen  <ggaren@apple.com>

        Rolled back in http://trac.webkit.org/changeset/87408 with Windows build fixed.

        * heap/MarkedBlock.cpp:
        (JSC::MarkedBlock::MarkedBlock):
        * heap/MarkedBlock.h:
        * wtf/DoublyLinkedList.h:
        (WTF::::DoublyLinkedListNode):
        (WTF::::setPrev):
        (WTF::::setNext):
        (WTF::::prev):
        (WTF::::next):
        (WTF::::DoublyLinkedList):
        (WTF::::isEmpty):
        (WTF::::size):
        (WTF::::clear):
        (WTF::::head):
        (WTF::::append):
        (WTF::::remove):
        (WTF::::removeHead):

2011-05-26  Geoffrey Garen  <ggaren@apple.com>

        Rolled out http://trac.webkit.org/changeset/87408 because it broke the
        Windows build.

        * heap/MarkedBlock.cpp:
        (JSC::MarkedBlock::MarkedBlock):
        * heap/MarkedBlock.h:
        (JSC::MarkedBlock::setPrev):
        (JSC::MarkedBlock::setNext):
        (JSC::MarkedBlock::prev):
        (JSC::MarkedBlock::next):
        * wtf/DoublyLinkedList.h:
        (WTF::::DoublyLinkedList):
        (WTF::::isEmpty):
        (WTF::::head):
        (WTF::::append):
        (WTF::::remove):

2011-05-26  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Provide a real owner when copying a property table, for the sake of
        write barriers.
        https://bugs.webkit.org/show_bug.cgi?id=61547
        
        No test because we can't enable the writeBarrier() ASSERT just yet.

        * runtime/Structure.cpp:
        (JSC::Structure::addPropertyTransition):

2011-05-26  Adam Roben  <aroben@apple.com>

        Windows build fix after r87346

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Fixed up exports to match
        reality.

2011-05-26  Patrick Gansterer  <paroga@webkit.org>

        Reviewed by Adam Barth.

        ASSERT(isMainThread()) when using single threaded jsc executable
        https://bugs.webkit.org/show_bug.cgi?id=60846

        Remove the ASSERT since we do not have the concept of MainThread in JSC.

        * wtf/CryptographicallyRandomNumber.cpp:
        (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber):
        (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues):

2011-05-25  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Sam Weinig.

        https://bugs.webkit.org/show_bug.cgi?id=61506

        Move the silent spill/fill methods in the DFG JIT to the JITCodeGenerator
        so that they are available to the SpeculativeJIT.

        * dfg/DFGJITCodeGenerator.h:
        (JSC::DFG::JITCodeGenerator::silentSpillGPR):
        (JSC::DFG::JITCodeGenerator::silentSpillFPR):
        (JSC::DFG::JITCodeGenerator::silentFillGPR):
        (JSC::DFG::JITCodeGenerator::silentFillFPR):
        (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
        (JSC::DFG::JITCodeGenerator::silentFillAllRegisters):
        * dfg/DFGNonSpeculativeJIT.h:

2011-05-25  Ryosuke Niwa  <rniwa@webkit.org>

        An attempt to revive Windows bots.

        * runtime/RegExp.cpp:
        * runtime/RegExp.h:

2011-05-25  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Sam Weinig.

        Bug 61503 - Move population of CodeBlock::m_structureStubInfos into JIT

        This data structure, used at runtime by the JIT, is currently unnecessarily populated
        with default entries during byte compilation.

        Aside from meaning that there is JIT specific code in the bytecompiler, this also ties
        us to one entry per corresponding bytecode op, which may be undesirable. Instead,
        populate this array from the JIT.

        The type StructureStubInfo has two unused states, one for gets & one for puts. Unify
        these, so that the class can have a default constructor (and to simply switch statements
        in code walking over the table).

        This change has ramification for the DFG JIT, in that the DFG JIT used this datastructure
        to check for functions containing property access. Instead do so in the DFGByteCodeParser.

        * bytecode/CodeBlock.cpp:
        (JSC::printStructureStubInfo):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::setNumberOfStructureStubInfos):
        (JSC::CodeBlock::numberOfStructureStubInfos):
        * bytecode/StructureStubInfo.cpp:
        (JSC::StructureStubInfo::deref):
        (JSC::StructureStubInfo::visitAggregate):
        * bytecode/StructureStubInfo.h:
        (JSC::StructureStubInfo::StructureStubInfo):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitGetById):
        (JSC::BytecodeGenerator::emitPutById):
        (JSC::BytecodeGenerator::emitDirectPutById):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::parseBlock):
        * jit/JIT.cpp:
        (JSC::JIT::JIT):
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompileSlowCases):
        (JSC::JIT::privateCompile):
        * jit/JIT.h:
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::emit_op_get_by_id):
        (JSC::JIT::emit_op_put_by_id):
        (JSC::JIT::emit_op_method_check):
        (JSC::JIT::compileGetByIdHotPath):
        (JSC::JIT::compileGetByIdSlowCase):
        (JSC::JIT::emitSlow_op_put_by_id):
        * jit/JITPropertyAccess32_64.cpp:
        (JSC::JIT::emit_op_get_by_id):
        (JSC::JIT::emitSlow_op_get_by_id):
        (JSC::JIT::emit_op_put_by_id):
        (JSC::JIT::emitSlow_op_put_by_id):
        (JSC::JIT::emit_op_method_check):
        (JSC::JIT::compileGetByIdHotPath):
        (JSC::JIT::compileGetByIdSlowCase):
        * runtime/Executable.cpp:
        (JSC::tryDFGCompile):

2011-05-25  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Sam Weinig.

        Bug 61501 - Unify AbstractMacroAssembler::differenceBetween methods.

        * assembler/AbstractMacroAssembler.h:
        (JSC::AbstractMacroAssembler::Call::Call):
        (JSC::AbstractMacroAssembler::Call::fromTailJump):
        (JSC::AbstractMacroAssembler::Jump::Jump):
        (JSC::AbstractMacroAssembler::Jump::link):
        (JSC::AbstractMacroAssembler::Jump::linkTo):
        (JSC::AbstractMacroAssembler::Jump::isSet):
        (JSC::AbstractMacroAssembler::differenceBetween):
        (JSC::AbstractMacroAssembler::linkJump):
        (JSC::AbstractMacroAssembler::getLinkerCallReturnOffset):
        * assembler/LinkBuffer.h:
        (JSC::LinkBuffer::link):
        (JSC::LinkBuffer::locationOf):
        (JSC::LinkBuffer::locationOfNearCall):
        (JSC::LinkBuffer::returnAddressOffset):
        * assembler/MacroAssemblerARM.h:
        (JSC::MacroAssemblerARM::linkCall):
        * assembler/MacroAssemblerARMv7.h:
        (JSC::MacroAssemblerARMv7::linkCall):
        * assembler/MacroAssemblerMIPS.h:
        (JSC::MacroAssemblerMIPS::linkCall):
        * assembler/MacroAssemblerSH4.cpp:
        (JSC::MacroAssemblerSH4::linkCall):
        * assembler/MacroAssemblerX86.h:
        (JSC::MacroAssemblerX86::linkCall):
        * assembler/MacroAssemblerX86_64.h:
        (JSC::MacroAssemblerX86_64::linkCall):

2011-05-25  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Sam Weinig.

        https://bugs.webkit.org/show_bug.cgi?id=61500
        Add JSObject::offsetOfPropertyStorage

        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::compileGetDirectOffset):
        (JSC::JIT::compileGetByIdHotPath):
        (JSC::JIT::emit_op_put_by_id):
        (JSC::JIT::compilePutDirectOffset):
        * jit/JITPropertyAccess32_64.cpp:
        (JSC::JIT::compileGetByIdHotPath):
        (JSC::JIT::emit_op_put_by_id):
        (JSC::JIT::compilePutDirectOffset):
        (JSC::JIT::compileGetDirectOffset):
        * runtime/JSObject.h:
        (JSC::JSObject::offsetOfPropertyStorage):

2011-05-25  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Make RegExp GC allocated
        https://bugs.webkit.org/show_bug.cgi?id=61490

        Make RegExp GC allocated.  Basically mechanical change to replace
        most use of [Pass]RefPtr<RegExp> with RegExp* or WriteBarrier<RegExp>
        where actual ownership happens.

        Made the RegExpCache use Strong<> references currently to avoid any
        changes in behaviour.

        * JavaScriptCore.exp:
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::visitAggregate):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::addRegExp):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::addRegExp):
        (JSC::BytecodeGenerator::emitNewRegExp):
        * bytecompiler/BytecodeGenerator.h:
        * runtime/JSCell.h:
        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        (JSC::JSGlobalData::clearBuiltinStructures):
        (JSC::JSGlobalData::addRegExpToTrace):
        * runtime/JSGlobalData.h:
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::reset):
        * runtime/RegExp.cpp:
        (JSC::RegExp::RegExp):
        (JSC::RegExp::create):
        (JSC::RegExp::invalidateCode):
        * runtime/RegExp.h:
        (JSC::RegExp::createStructure):
        * runtime/RegExpCache.cpp:
        (JSC::RegExpCache::lookupOrCreate):
        (JSC::RegExpCache::create):
        * runtime/RegExpCache.h:
        * runtime/RegExpConstructor.cpp:
        (JSC::constructRegExp):
        * runtime/RegExpObject.cpp:
        (JSC::RegExpObject::RegExpObject):
        (JSC::RegExpObject::visitChildren):
        * runtime/RegExpObject.h:
        (JSC::RegExpObject::setRegExp):
        (JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
        * runtime/RegExpPrototype.cpp:
        (JSC::RegExpPrototype::RegExpPrototype):
        (JSC::regExpProtoFuncCompile):
        * runtime/RegExpPrototype.h:
        * runtime/StringPrototype.cpp:
        (JSC::stringProtoFuncMatch):
        (JSC::stringProtoFuncSearch):

2011-05-25  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Generate regexp code lazily
        https://bugs.webkit.org/show_bug.cgi?id=61476

        RegExp construction now simply validates the RegExp, it does
        not perform actual codegen.

        * runtime/RegExp.cpp:
        (JSC::RegExp::RegExp):
        (JSC::RegExp::recompile):
        (JSC::RegExp::compile):
        (JSC::RegExp::match):
        * runtime/RegExp.h:
        (JSC::RegExp::recompileIfNecessary):
        * runtime/RegExpConstructor.h:
        (JSC::RegExpConstructor::performMatch):
        * runtime/RegExpObject.cpp:
        (JSC::RegExpObject::match):
        * runtime/StringPrototype.cpp:
        (JSC::stringProtoFuncReplace):
        (JSC::stringProtoFuncMatch):
        (JSC::stringProtoFuncSearch):
        (JSC::stringProtoFuncSplit):

2011-05-24  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Geoffrey Garen.

        Removed MarkSetProperties because it was unused
        https://bugs.webkit.org/show_bug.cgi?id=61418

        * heap/MarkStack.h:
        (JSC::MarkSet::MarkSet):
        (JSC::MarkStack::append):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::visitChildren):
        * runtime/JSArray.h:
        (JSC::JSArray::visitChildrenDirect):
        * runtime/JSPropertyNameIterator.cpp:
        (JSC::JSPropertyNameIterator::visitChildren):
        * runtime/WriteBarrier.h:
        (JSC::MarkStack::appendValues):

2011-05-25  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Make allocations with guard pages ensure that the allocation succeeded
        https://bugs.webkit.org/show_bug.cgi?id=61453

        Add null checks, and make PageBlock's operator bool() use
        the realbase, rather than the start of usable memory.

        * wtf/OSAllocatorPosix.cpp:
        (WTF::OSAllocator::reserveAndCommit):
        * wtf/PageBlock.h:
        (WTF::PageBlock::operator bool):
        (WTF::PageBlock::PageBlock):

2011-04-10  Kevin Ollivier  <kevino@theolliviers.com>

        Reviewed by Eric Seidel.

        Add JS_EXPORT_PRIVATE macro for exported methods in bytecompiler headers.
        
        https://bugs.webkit.org/show_bug.cgi?id=27551

        * bytecompiler/BytecodeGenerator.h:

2011-05-24  Keishi Hattori  <keishi@webkit.org>

        Reviewed by Kent Tamura.

        Disable textfield implementation of <input type=color>. Add INPUT_COLOR feature flag. Add input color sanitizer.
        https://bugs.webkit.org/show_bug.cgi?id=61273

        * Configurations/FeatureDefines.xcconfig: Added COLOR_INPUT feature flag.

2011-05-24  Kevin Ollivier  <kevino@theolliviers.com>

        Reviewed by Eric Seidel.

        Add export macros to WTFString.h.
        
        https://bugs.webkit.org/show_bug.cgi?id=27551

        * wtf/text/WTFString.h:
        (WTF::String::String):
        (WTF::String::findIgnoringCase):
        (WTF::String::isHashTableDeletedValue):

2011-05-24  Geoffrey Garen  <ggaren@apple.com>

        Maybe fix the Mac build now?

        * JavaScriptCore.xcodeproj/project.pbxproj:

2011-05-24  Geoffrey Garen  <ggaren@apple.com>

        Maybe fix the Mac build?
        
        * JavaScriptCore.xcodeproj/project.pbxproj:

2011-05-24  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Split HeapRootVisitor into its own class
        https://bugs.webkit.org/show_bug.cgi?id=61399

        * GNUmakefile.list.am:
        * JavaScriptCore.gypi:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * heap/HandleHeap.cpp:
        * heap/HandleStack.cpp:
        * heap/Heap.cpp:
        * heap/HeapRootVisitor.h: Copied from Source/JavaScriptCore/heap/MarkStack.h.
        * heap/MarkStack.h:
        * runtime/ArgList.cpp:
        * runtime/SmallStrings.cpp:

2011-05-24  Jay Civelli  <jcivelli@chromium.org>

        Rubberstamped by David Kilzer.

        Updated some files that I forgot in my previous MHTML CL.

        * Configurations/FeatureDefines.xcconfig:

2011-05-24  Geoffrey Garen  <ggaren@apple.com>

        Fix the Mac build: Yes, please do remove these files, svn.

        * JavaScriptCore.xcodeproj/project.pbxproj:

2011-05-24  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Let's just have one way to get the system page size, bokay?
        https://bugs.webkit.org/show_bug.cgi?id=61384

        * CMakeListsEfl.txt:
        * CMakeListsWinCE.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.exp:
        * JavaScriptCore.gypi:
        * JavaScriptCore.pro:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: MarkStack[Platform].cpp
        is gone completely now, since it only existed to provide a duplicate way
        to access the system page size.

        * heap/MarkStack.cpp:
        (JSC::MarkStack::reset):
        * heap/MarkStack.h:
        (JSC::::MarkStackArray):
        (JSC::::shrinkAllocation): Use WTF::pageSize.

        * heap/MarkStackPosix.cpp:
        * heap/MarkStackSymbian.cpp:
        * heap/MarkStackWin.cpp: Removed now-empty files.

        * jit/ExecutableAllocator.cpp:
        (JSC::ExecutableAllocator::reprotectRegion):
        * jit/ExecutableAllocator.h:
        (JSC::ExecutableAllocator::ExecutableAllocator):
        (JSC::ExecutablePool::ExecutablePool):
        (JSC::ExecutablePool::poolAllocate):
        * jit/ExecutableAllocatorFixedVMPool.cpp: Use WTF::pageSize.

        * wscript: Removed now-empty files.

        * wtf/PageBlock.cpp:
        (WTF::systemPageSize): Integrated questionable Symbian page size rule
        from ExecutableAllocator, because that seems like what the original
        author should have done.

2011-05-24  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        Interpreter crashes with gc validation enabled due to failure to mark initial cache structure
        https://bugs.webkit.org/show_bug.cgi?id=61385

        The interpreter uses the structure slot of get_by_id and put_by_id to hold
        the initial structure it encountered so that it can identify whether a
        given access is stable.

        When marking though we only visit the slot when we've decided to cache, and
        so this value could die.  This was "safe" as the value was only used for a
        pointer compare, but it was incorrect.  We now just mark the slot like we
        should have been doing already.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::visitStructures):

2011-05-24  Adam Roben  <aroben@apple.com>

        Windows build fix

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed now-inline functions.

2011-05-24  Geoffrey Garen  <ggaren@apple.com>

        Windows build fix: update the #if OS(WINDOWS) section to match my last patch.

        * heap/MarkStack.h:
        (JSC::::shrinkAllocation):

2011-05-24  Geoffrey Garen  <ggaren@apple.com>

        Rubber-stamped by Oliver Hunt.

        Split out function definitions and class definitions from class
        declarations in MarkStack.h, for readability.

        * heap/MarkStack.h:
        (JSC::MarkStack::MarkStack):
        (JSC::MarkStack::~MarkStack):
        (JSC::MarkStack::addOpaqueRoot):
        (JSC::MarkStack::containsOpaqueRoot):
        (JSC::MarkStack::opaqueRootCount):
        (JSC::MarkSet::MarkSet):
        (JSC::MarkStack::allocateStack):
        (JSC::MarkStack::releaseStack):
        (JSC::MarkStack::pageSize):
        (JSC::::MarkStackArray):
        (JSC::::~MarkStackArray):
        (JSC::::expand):
        (JSC::::append):
        (JSC::::removeLast):
        (JSC::::last):
        (JSC::::isEmpty):
        (JSC::::size):
        (JSC::::shrinkAllocation):

2011-05-24  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Avoid creating unnecessary identifiers and strings in the syntax checker
        https://bugs.webkit.org/show_bug.cgi?id=61378

        Selectively tell the lexer that there are some places it does not need to
        do the real work of creating Identifiers for IDENT and STRING tokens.

        Make parseString and parseIdentifier templatized on whether they should
        do real work, or merely validate the tokens.

        SunSpider --parse-only reports ~5-8% win depending on hardware.

        * parser/ASTBuilder.h:
        (JSC::ASTBuilder::createDotAccess):
        * parser/JSParser.cpp:
        (JSC::JSParser::next):
        (JSC::JSParser::consume):
        (JSC::JSParser::parseVarDeclarationList):
        (JSC::JSParser::parseConstDeclarationList):
        (JSC::JSParser::parseExpression):
        (JSC::JSParser::parseAssignmentExpression):
        (JSC::JSParser::parseConditionalExpression):
        (JSC::JSParser::parseBinaryExpression):
        (JSC::JSParser::parseProperty):
        (JSC::JSParser::parseObjectLiteral):
        (JSC::JSParser::parseArrayLiteral):
        (JSC::JSParser::parseArguments):
        (JSC::JSParser::parseMemberExpression):
        * parser/Lexer.cpp:
        (JSC::Lexer::parseIdentifier):
        (JSC::Lexer::parseString):
        (JSC::Lexer::lex):
        * parser/Lexer.h:
        * parser/SyntaxChecker.h:
        (JSC::SyntaxChecker::createDotAccess):
        (JSC::SyntaxChecker::createProperty):

2011-05-23  Michael Saboff  <msaboff@apple.com>

        Reviewed by Mark Rowe.

        Safari often freezes when clicking "Return free memory" in Caches dialog
        https://bugs.webkit.org/show_bug.cgi?id=61325

        There are two fixes and improvement in instrumentation code used to find 
        one of the problems.
        Changed ReleaseFreeList() to set the "decommitted" bit when releasing
        pages to the system and moving Spans from the normal list to the returned 
        list.
        Added a "not making forward progress" check to TCMalloc_PageHeap::scavenge
        to eliminate an infinite loop if we can't meet the pagesToRelease target.
        Added a check for the decommitted bit being set properly in 
        TCMalloc_PageHeap::CheckList.

        * wtf/FastMalloc.cpp:
        (WTF::TCMalloc_PageHeap::scavenge):
        (WTF::TCMalloc_PageHeap::Check):
        (WTF::TCMalloc_PageHeap::CheckList):
        (WTF::ReleaseFreeList):

2011-05-23  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoff Garen.

        https://bugs.webkit.org/show_bug.cgi?id=61306

        The begin characters optimization currently has issues (#61129),
        and does not appear to still be a performance win. The prudent
        next step seems to be to disable while we ascertain whether this
        is still a useful performance optimization.

        * yarr/YarrInterpreter.cpp:
        (JSC::Yarr::Interpreter::matchDisjunction):
        (JSC::Yarr::Interpreter::interpret):
        * yarr/YarrInterpreter.h:
        (JSC::Yarr::BytecodePattern::BytecodePattern):
        * yarr/YarrPattern.cpp:
        (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
        (JSC::Yarr::YarrPattern::compile):
        (JSC::Yarr::YarrPattern::YarrPattern):
        * yarr/YarrPattern.h:
        (JSC::Yarr::YarrPattern::reset):

2011-05-23  Matthew Delaney  <mdelaney@apple.com>

        Reviewed by Simon Fraser.

        Remove safeFloatToInt() in FloatRect.cpp and replace with working version of clampToInteger()
        https://bugs.webkit.org/show_bug.cgi?id=58216

        * wtf/MathExtras.h:
        (clampToInteger):
        (clampToPositiveInteger):

2011-05-23  Ruben  <chromium@hybridsource.org>

        Reviewed by Tony Chang.

        Chromium gyp patch to use new POSIX defines toolkit_uses_gtk and os_posix
        https://bugs.webkit.org/show_bug.cgi?id=61219

        * JavaScriptCore.gyp/JavaScriptCore.gyp:

2011-05-23  Thouraya ANDOLSI  <thouraya.andolsi@st.com>

        Reviewed by Gavin Barraclough.

        [SH4] AssemblerLabel does not name a type
        https://bugs.webkit.org/show_bug.cgi?id=59927

        SH4Assembler.h file shoold be included before AbstractMacroAssembler.h.

        * assembler/MacroAssemblerSH4.h:

2011-05-23  Ryuan Choi  <ryuan.choi@samsung.com>

        Rubber stamped by Eric Seidel.

        [CMAKE] Refactoring wtf related code.
        https://bugs.webkit.org/show_bug.cgi?id=60146

        Move wtf-files to Source/JavaScriptCore/wtf/CMakeLists.txt.

        * CMakeLists.txt:
        * CMakeListsEfl.txt:
        * wtf/CMakeLists.txt:
        * wtf/CMakeListsEfl.txt:

2011-05-22  Adam Barth  <abarth@webkit.org>

        Enable strict PassOwnPtr for everyone.  I expect this patch will need
        some followups to make the GTK and EFL bots green again.

        * wtf/PassOwnPtr.h:

2011-05-20  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        Reduce size of inline cache path of get_by_id on ARMv7
        https://bugs.webkit.org/show_bug.cgi?id=61221

        This reduces the code size of get_by_id by 20 bytes

        * assembler/ARMv7Assembler.h:
        (JSC::ARMv7Assembler::ldrCompact):
        (JSC::ARMv7Assembler::repatchCompact):
        (JSC::ARMv7Assembler::setUInt7ForLoad):
        * assembler/MacroAssemblerARMv7.h:
        (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):
        * jit/JIT.h:

2011-05-20  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>

        Reviewed by Oliver Hunt.

        Zombies should "live" forever
        https://bugs.webkit.org/show_bug.cgi?id=61170

        Reusing zombie cells could still hide garbage
        collected cell related bugs.

        * JavaScriptCore.pro:
        * heap/MarkedBlock.cpp:
        (JSC::MarkedBlock::clearMarks):
        * heap/MarkedBlock.h:
        * heap/MarkedSpace.cpp:
        (JSC::MarkedSpace::destroy):
        * runtime/JSCell.h:
        (JSC::JSCell::JSValue::isZombie):
        * runtime/JSZombie.h:
        (JSC::JSZombie::~JSZombie):
        * runtime/WriteBarrier.h:
        (JSC::WriteBarrierBase::setWithoutWriteBarrier):

2011-05-20  Brady Eidson  <beidson@apple.com>

        Reviewed by Sam Weinig.

        <rdar://problem/9472883> and https://bugs.webkit.org/show_bug.cgi?id=61203
        Horrendous bug in callOnMainThreadAndWait

        * wtf/MainThread.cpp:
        (WTF::dispatchFunctionsFromMainThread): Before signaling the background thread with the
          syncFlag condition, reacquire the mutex first.

2011-05-20  Oliver Hunt  <oliver@apple.com>

        Reviewed by Sam Weinig.

        Remove unnecessary double->int conversion at the end of op_div
        https://bugs.webkit.org/show_bug.cgi?id=61198

        We don't attempt this conversion on 64bit, removing it actually speeds
        up sunspider and v8 slightly, and it reduces code size.

        * jit/JITArithmetic32_64.cpp:
        (JSC::JIT::emit_op_div):

2011-05-19  Evan Martin  <evan@chromium.org>

        Reviewed by Tony Chang.

        [chromium] remove <(library) variable
        https://bugs.webkit.org/show_bug.cgi?id=61158

        This was for a build experiment; we can just use the correct value now.

        * JavaScriptCore.gyp/JavaScriptCore.gyp:

2011-05-20  Oliver Hunt  <oliver@apple.com>

        Reviewed by Sam Weinig.

        Interpreter uses wrong bytecode offset for determining exception handler
        https://bugs.webkit.org/show_bug.cgi?id=61191

        The bytecode offset given for the returnPC from the JIT is
        actually the offset for the start of the instruction triggering
        the call, whereas in the interpreter it is the actual return
        VPC.  This means if the next instruction following a call was
        in an exception region we would incorrectly redirect to its
        handler.  Long term we want to completely redo how exceptions
        are handled anyway so the simplest and lowest risk fix here is
        to simply subtract one from the return vPC so that we have an
        offset in the triggering instruction.

        It turns out this is caught by a couple of tests already.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::unwindCallFrame):

2011-05-20  Xan Lopez  <xlopez@igalia.com>

        Reviewed by Oliver Hunt.

        JIT requires VM overcommit (particularly on x86-64), Linux does not by default support this without swap?
        https://bugs.webkit.org/show_bug.cgi?id=42756

        Use the MAP_NORESERVE flag for mmap on Linux to skip the kernel
        check of the available memory. This should give us an
        overcommit-like behavior in most systems, which is what we want.

        * wtf/OSAllocatorPosix.cpp:
        (WTF::OSAllocator::reserveAndCommit): pass MAP_NORSERVE to mmap.

2011-05-19  Gabor Loki  <loki@webkit.org>

        Fix ARM build after r86919

        * assembler/ARMAssembler.h:
        (JSC::ARMAssembler::nop):

2011-05-19  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        Randomise code starting location a little
        https://bugs.webkit.org/show_bug.cgi?id=61161

        Add a nop() function to the Assemblers so that we
        can randomise code offsets slightly at no real cost.

        * assembler/ARMAssembler.h:
        (JSC::ARMAssembler::nop):
        * assembler/ARMv7Assembler.h:
        (JSC::ARMv7Assembler::nop):
        * assembler/MacroAssemblerARM.h:
        (JSC::MacroAssemblerARM::nop):
        * assembler/MacroAssemblerARMv7.h:
        (JSC::MacroAssemblerARMv7::nop):
        * assembler/MacroAssemblerMIPS.h:
        (JSC::MacroAssemblerMIPS::nop):
        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::nop):
        * assembler/MacroAssemblerX86Common.h:
        (JSC::MacroAssemblerX86Common::nop):
        * assembler/X86Assembler.h:
        (JSC::X86Assembler::nop):
        * jit/JIT.cpp:
        (JSC::JIT::JIT):
        (JSC::JIT::privateCompile):
        * jit/JIT.h:
        * runtime/WeakRandom.h:
        (JSC::WeakRandom::getUint32):

2011-05-19  Oliver Hunt  <oliver@apple.com>

        Fix windows build.

        * wtf/OSAllocatorWin.cpp:
        (WTF::OSAllocator::reserveUncommitted):
        (WTF::OSAllocator::reserveAndCommit):

2011-05-19  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        Add guard pages to each end of the memory region used by the fixedvm allocator
        https://bugs.webkit.org/show_bug.cgi?id=61150

        Add mechanism to notify the OSAllocator that pages at either end of an
        allocation should be considered guard pages.  Update PageReservation,
        PageAllocation, etc to handle this.

        * JavaScriptCore.exp:
        * jit/ExecutableAllocatorFixedVMPool.cpp:
        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
        * wtf/OSAllocator.h:
        * wtf/OSAllocatorPosix.cpp:
        (WTF::OSAllocator::reserveUncommitted):
        (WTF::OSAllocator::reserveAndCommit):
        * wtf/PageAllocation.h:
        (WTF::PageAllocation::PageAllocation):
        * wtf/PageAllocationAligned.h:
        (WTF::PageAllocationAligned::PageAllocationAligned):
        * wtf/PageBlock.h:
        (WTF::PageBlock::PageBlock):
        * wtf/PageReservation.h:
        (WTF::PageReservation::reserve):
        (WTF::PageReservation::reserveWithGuardPages):
            Add a new function to make a reservation that will add guard
            pages to the ends of an allocation.
        (WTF::PageReservation::PageReservation):

2011-05-19  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Make Executables release their JIT code as soon as they become dead
        https://bugs.webkit.org/show_bug.cgi?id=61134

        Add an ability to clear an Executable's jit code without requiring
        it to be destroyed, and then call that from a finalizer.

        * heap/Weak.h:
        (JSC::Weak::Weak):
        (JSC::Weak::leak):
        * jit/JITCode.h:
        (JSC::JITCode::clear):
        * runtime/Executable.cpp:
        (JSC::ExecutableFinalizer::finalize):
        (JSC::ExecutableBase::executableFinalizer):
        * runtime/Executable.h:
        (JSC::ExecutableBase::ExecutableBase):
        (JSC::ExecutableBase::clearExecutableCode):

2011-05-19  Adam Roben  <aroben@apple.com>

        Remove a redundant and broken data export

        Data can't be exported from JavaScriptCore.dll by listing it in the .def file. The
        JS_EXPORTDATA macro must be used instead. (In this case it was already being used, leading
        to a linker warning about multiple definitions.)

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed JSGlobalData::s_info.

2011-05-18  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        Some tests crashing in JSC::MarkStack::validateValue beneath ScriptController::clearWindowShell on SnowLeopard Intel Release (WebKit2 Tests)
        https://bugs.webkit.org/show_bug.cgi?id=61064

        Switch NonFinalObject to using WriteBarrier<> rather than WriteBarrierBase<>
        for its inline storage.  This resolves the problem of GC occurring before
        a subclass has initialised its anonymous storage.

        * runtime/JSObject.h:

2011-05-18  Adam Barth  <abarth@webkit.org>

        Reviewed by Sam Weinig.

        Delete WTFURL
        https://bugs.webkit.org/show_bug.cgi?id=61084

        It's been a year and we've failed to complete this project.  It's time
        to throw in the towel.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * wtf/url: Removed.
        * wtf/url/api: Removed.
        * wtf/url/api/ParsedURL.cpp: Removed.
        * wtf/url/api/ParsedURL.h: Removed.
        * wtf/url/api/URLString.h: Removed.
        * wtf/url/src: Removed.
        * wtf/url/src/RawURLBuffer.h: Removed.
        * wtf/url/src/URLBuffer.h: Removed.
        * wtf/url/src/URLCharacterTypes.cpp: Removed.
        * wtf/url/src/URLCharacterTypes.h: Removed.
        * wtf/url/src/URLComponent.h: Removed.
        * wtf/url/src/URLEscape.cpp: Removed.
        * wtf/url/src/URLEscape.h: Removed.
        * wtf/url/src/URLParser.h: Removed.
        * wtf/url/src/URLQueryCanonicalizer.h: Removed.
        * wtf/url/src/URLSegments.cpp: Removed.
        * wtf/url/src/URLSegments.h: Removed.
        * wtf/url/wtfurl.gyp: Removed.

2011-05-18  Oliver Hunt  <oliver@apple.com>

        Reviewed by Sam Weinig.

        JSGlobalObject and some others do GC allocation during initialization, which can cause heap corruption
        https://bugs.webkit.org/show_bug.cgi?id=61090

        Remove the Structure-free JSGlobalObject constructor and instead always
        pass the structure into the JSGlobalObject constructor.
        Stop DebuggerActivation creating a new structure every time, and simply
        use a single shared structure held by the GlobalData.

        * API/JSContextRef.cpp:
        * debugger/DebuggerActivation.cpp:
        (JSC::DebuggerActivation::DebuggerActivation):
        * jsc.cpp:
        (GlobalObject::GlobalObject):
        (functionRun):
        (jscmain):
        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        (JSC::JSGlobalData::clearBuiltinStructures):
        * runtime/JSGlobalData.h:
        * runtime/JSGlobalObject.h:

2011-05-18  Oliver Hunt  <oliver@apple.com>

        Reviewed by Adam Roben.

        Disable gc validation in release builds
        https://bugs.webkit.org/show_bug.cgi?id=60680

        Add back the NDEBUG check

        * wtf/Platform.h:

2011-05-17  Geoffrey Garen  <ggaren@apple.com>

        Rolled out attempts to fix EFL build because they're not enough -- the
        build script needs to be fixed.

        * runtime/BooleanPrototype.cpp:
        * runtime/DateConstructor.cpp:
        * runtime/ErrorPrototype.cpp:

2011-05-17  Geoffrey Garen  <ggaren@apple.com>

        More attempts to work around the EFL build system being borken.

        * runtime/DateConstructor.cpp:
        * runtime/ErrorPrototype.cpp:

2011-05-17  Geoffrey Garen  <ggaren@apple.com>

        Try to fix the EFL build.

        * runtime/BooleanPrototype.cpp:

2011-05-16  Geoffrey Garen  <ggaren@apple.com>

        Rolling back in r86653 with build fixed.

        Reviewed by Gavin Barraclough and Oliver Hunt.

        Global object initialization is expensive
        https://bugs.webkit.org/show_bug.cgi?id=60933
        
        Changed a bunch of globals to allocate their properties lazily, and changed
        the global object to allocate a bunch of its globals lazily.
        
        This reduces the footprint of a global object from 287 objects with 58
        functions for 24K to 173 objects with 20 functions for 15K.

        Large patch, but it's all mechanical.

        * DerivedSources.make:
        * JavaScriptCore.exp: Build!

        * create_hash_table: Added a special case for fromCharCode, since it uses
        a custom "thunk generator".

        * heap/Heap.cpp:
        (JSC::TypeCounter::operator()): Fixed a bug where the type counter would
        overcount objects that were owned through more than one mechanism because
        it was getting in the way of counting the results for this patch.

        * interpreter/CallFrame.h:
        (JSC::ExecState::arrayConstructorTable):
        (JSC::ExecState::arrayPrototypeTable):
        (JSC::ExecState::booleanPrototypeTable):
        (JSC::ExecState::dateConstructorTable):
        (JSC::ExecState::errorPrototypeTable):
        (JSC::ExecState::globalObjectTable):
        (JSC::ExecState::numberConstructorTable):
        (JSC::ExecState::numberPrototypeTable):
        (JSC::ExecState::objectPrototypeTable):
        (JSC::ExecState::regExpPrototypeTable):
        (JSC::ExecState::stringConstructorTable): Added new tables.

        * runtime/ArrayConstructor.cpp:
        (JSC::ArrayConstructor::ArrayConstructor):
        (JSC::ArrayConstructor::getOwnPropertySlot):
        (JSC::ArrayConstructor::getOwnPropertyDescriptor):
        * runtime/ArrayConstructor.h:
        (JSC::ArrayConstructor::createStructure):
        * runtime/ArrayPrototype.cpp:
        (JSC::ArrayPrototype::getOwnPropertySlot):
        (JSC::ArrayPrototype::getOwnPropertyDescriptor):
        * runtime/ArrayPrototype.h:
        * runtime/BooleanPrototype.cpp:
        (JSC::BooleanPrototype::BooleanPrototype):
        (JSC::BooleanPrototype::getOwnPropertySlot):
        (JSC::BooleanPrototype::getOwnPropertyDescriptor):
        * runtime/BooleanPrototype.h:
        (JSC::BooleanPrototype::createStructure):
        * runtime/DateConstructor.cpp:
        (JSC::DateConstructor::DateConstructor):
        (JSC::DateConstructor::getOwnPropertySlot):
        (JSC::DateConstructor::getOwnPropertyDescriptor):
        * runtime/DateConstructor.h:
        (JSC::DateConstructor::createStructure):
        * runtime/ErrorPrototype.cpp:
        (JSC::ErrorPrototype::ErrorPrototype):
        (JSC::ErrorPrototype::getOwnPropertySlot):
        (JSC::ErrorPrototype::getOwnPropertyDescriptor):
        * runtime/ErrorPrototype.h:
        (JSC::ErrorPrototype::createStructure): Standardized these objects
        to use static tables for function properties.

        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        (JSC::JSGlobalData::~JSGlobalData):
        * runtime/JSGlobalData.h: Added new tables.

        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::reset):
        (JSC::JSGlobalObject::addStaticGlobals):
        (JSC::JSGlobalObject::getOwnPropertySlot):
        (JSC::JSGlobalObject::getOwnPropertyDescriptor):
        * runtime/JSGlobalObject.h:
        * runtime/JSGlobalObjectFunctions.cpp:
        * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
        static table for its global functions. This required uninlining some
        things to avoid a circular header dependency. However, those things
        probably shouldn't have been inlined in the first place.
        
        Even more global object properties can be made lazy, but that requires
        more in-depth changes.

        * runtime/MathObject.cpp:
        * runtime/NumberConstructor.cpp:
        (JSC::NumberConstructor::getOwnPropertySlot):
        (JSC::NumberConstructor::getOwnPropertyDescriptor):
        * runtime/NumberPrototype.cpp:
        (JSC::NumberPrototype::NumberPrototype):
        (JSC::NumberPrototype::getOwnPropertySlot):
        (JSC::NumberPrototype::getOwnPropertyDescriptor):
        * runtime/NumberPrototype.h:
        (JSC::NumberPrototype::createStructure):
        * runtime/ObjectPrototype.cpp:
        (JSC::ObjectPrototype::ObjectPrototype):
        (JSC::ObjectPrototype::put):
        (JSC::ObjectPrototype::getOwnPropertySlot):
        (JSC::ObjectPrototype::getOwnPropertyDescriptor):
        * runtime/ObjectPrototype.h:
        (JSC::ObjectPrototype::createStructure):
        * runtime/RegExpPrototype.cpp:
        (JSC::RegExpPrototype::RegExpPrototype):
        (JSC::RegExpPrototype::getOwnPropertySlot):
        (JSC::RegExpPrototype::getOwnPropertyDescriptor):
        * runtime/RegExpPrototype.h:
        (JSC::RegExpPrototype::createStructure):
        * runtime/StringConstructor.cpp:
        (JSC::StringConstructor::StringConstructor):
        (JSC::StringConstructor::getOwnPropertySlot):
        (JSC::StringConstructor::getOwnPropertyDescriptor):
        * runtime/StringConstructor.h:
        (JSC::StringConstructor::createStructure): Standardized these objects
        to use static tables for function properties.

2011-05-17  Sam Weinig  <sam@webkit.org>

        Reviewed by Oliver Hunt.

        JSGlobalContextRelease should not trigger a synchronous garbage collection
        https://bugs.webkit.org/show_bug.cgi?id=60990

        * API/JSContextRef.cpp:
        Change synchronous call to collectAllGarbage to a call to trigger the
        activityCallback.

2011-05-16  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        Reduce code size for inline cache
        https://bugs.webkit.org/show_bug.cgi?id=60942

        This patch introduces the concept of a "compact" address that
        allows individual architectures to control the maximum offset
        used for the inline path of get_by_id.  This reduces the code
        size of get_by_id by 3 bytes on x86 and x86_64 and slightly
        improves performance on v8 tests.

        * assembler/ARMAssembler.h:
        (JSC::ARMAssembler::repatchCompact):
        * assembler/ARMv7Assembler.h:
        (JSC::ARMv7Assembler::repatchCompact):
        * assembler/AbstractMacroAssembler.h:
        (JSC::AbstractMacroAssembler::DataLabelCompact::DataLabelCompact):
        (JSC::AbstractMacroAssembler::differenceBetween):
        (JSC::AbstractMacroAssembler::repatchCompact):
        * assembler/CodeLocation.h:
        (JSC::CodeLocationDataLabelCompact::CodeLocationDataLabelCompact):
        (JSC::CodeLocationCommon::dataLabelCompactAtOffset):
        * assembler/LinkBuffer.h:
        (JSC::LinkBuffer::locationOf):
        * assembler/MIPSAssembler.h:
        (JSC::MIPSAssembler::repatchCompact):
        * assembler/MacroAssembler.h:
        (JSC::MacroAssembler::loadPtrWithCompactAddressOffsetPatch):
        * assembler/MacroAssemblerARM.h:
        (JSC::MacroAssemblerARM::load32WithCompactAddressOffsetPatch):
        * assembler/MacroAssemblerARMv7.h:
        (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):
        * assembler/MacroAssemblerMIPS.h:
        (JSC::MacroAssemblerMIPS::load32WithCompactAddressOffsetPatch):
        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::load32WithAddressOffsetPatch):
        * assembler/MacroAssemblerX86.h:
        (JSC::MacroAssemblerX86::repatchCompact):
        * assembler/MacroAssemblerX86Common.h:
        (JSC::MacroAssemblerX86Common::loadCompactWithAddressOffsetPatch):
        * assembler/MacroAssemblerX86_64.h:
        (JSC::MacroAssemblerX86_64::loadPtrWithCompactAddressOffsetPatch):
        * assembler/RepatchBuffer.h:
        (JSC::RepatchBuffer::repatch):
        * assembler/SH4Assembler.h:
        (JSC::SH4Assembler::repatchCompact):
        * assembler/X86Assembler.h:
        (JSC::X86Assembler::movl_mr_disp8):
        (JSC::X86Assembler::movq_mr_disp8):
        (JSC::X86Assembler::repatchCompact):
        (JSC::X86Assembler::setInt8):
        (JSC::X86Assembler::X86InstructionFormatter::oneByteOp_disp8):
        (JSC::X86Assembler::X86InstructionFormatter::oneByteOp64_disp8):
        (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
        * jit/JIT.h:
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::compileGetByIdHotPath):
        (JSC::JIT::emit_op_put_by_id):
        (JSC::JIT::patchGetByIdSelf):
        * jit/JITPropertyAccess32_64.cpp:
        (JSC::JIT::compileGetByIdHotPath):
        (JSC::JIT::emit_op_put_by_id):
        (JSC::JIT::patchGetByIdSelf):
        * jit/JITStubs.cpp:
        (JSC::JITThunks::tryCacheGetByID):

2011-05-16  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r86653.
        http://trac.webkit.org/changeset/86653
        https://bugs.webkit.org/show_bug.cgi?id=60944

        "Caused regressions on Windows, OSX and EFL" (Requested by
        yutak on #webkit).

        * DerivedSources.make:
        * DerivedSources.pro:
        * GNUmakefile.am:
        * GNUmakefile.list.am:
        * JavaScriptCore.exp:
        * JavaScriptCore.gypi:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * create_hash_table:
        * heap/Heap.cpp:
        (JSC::TypeCounter::operator()):
        * interpreter/CallFrame.h:
        (JSC::ExecState::arrayTable):
        (JSC::ExecState::numberTable):
        * runtime/ArrayConstructor.cpp:
        (JSC::ArrayConstructor::ArrayConstructor):
        * runtime/ArrayConstructor.h:
        * runtime/ArrayPrototype.cpp:
        (JSC::ArrayPrototype::getOwnPropertySlot):
        (JSC::ArrayPrototype::getOwnPropertyDescriptor):
        * runtime/ArrayPrototype.h:
        * runtime/BooleanPrototype.cpp:
        (JSC::BooleanPrototype::BooleanPrototype):
        * runtime/BooleanPrototype.h:
        * runtime/DateConstructor.cpp:
        (JSC::DateConstructor::DateConstructor):
        * runtime/DateConstructor.h:
        * runtime/ErrorPrototype.cpp:
        (JSC::ErrorPrototype::ErrorPrototype):
        * runtime/ErrorPrototype.h:
        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        (JSC::JSGlobalData::~JSGlobalData):
        * runtime/JSGlobalData.h:
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::reset):
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::addStaticGlobals):
        (JSC::JSGlobalObject::getOwnPropertySlot):
        (JSC::JSGlobalObject::getOwnPropertyDescriptor):
        * runtime/JSGlobalObjectFunctions.cpp:
        (JSC::globalFuncJSCPrint):
        * runtime/JSGlobalObjectFunctions.h:
        * runtime/MathObject.cpp:
        * runtime/NumberConstructor.cpp:
        (JSC::NumberConstructor::getOwnPropertySlot):
        (JSC::NumberConstructor::getOwnPropertyDescriptor):
        * runtime/NumberPrototype.cpp:
        (JSC::NumberPrototype::NumberPrototype):
        * runtime/NumberPrototype.h:
        * runtime/ObjectPrototype.cpp:
        (JSC::ObjectPrototype::ObjectPrototype):
        (JSC::ObjectPrototype::put):
        (JSC::ObjectPrototype::getOwnPropertySlot):
        * runtime/ObjectPrototype.h:
        * runtime/RegExpPrototype.cpp:
        (JSC::RegExpPrototype::RegExpPrototype):
        * runtime/RegExpPrototype.h:
        * runtime/StringConstructor.cpp:
        (JSC::StringConstructor::StringConstructor):
        * runtime/StringConstructor.h:

2011-05-16  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Geoffrey Garen.

        Global object initialization is expensive
        https://bugs.webkit.org/show_bug.cgi?id=60933
        
        Changed a bunch of globals to allocate their properties lazily, and changed
        the global object to allocate a bunch of its globals lazily.
        
        This reduces the footprint of a global object from 287 objects with 58
        functions for 24K to 173 objects with 20 functions for 15K.

        Large patch, but it's all mechanical.

        * DerivedSources.make:
        * JavaScriptCore.exp: Build!

        * create_hash_table: Added a special case for fromCharCode, since it uses
        a custom "thunk generator".

        * heap/Heap.cpp:
        (JSC::TypeCounter::operator()): Fixed a bug where the type counter would
        overcount objects that were owned through more than one mechanism because
        it was getting in the way of counting the results for this patch.

        * interpreter/CallFrame.h:
        (JSC::ExecState::arrayConstructorTable):
        (JSC::ExecState::arrayPrototypeTable):
        (JSC::ExecState::booleanPrototypeTable):
        (JSC::ExecState::dateConstructorTable):
        (JSC::ExecState::errorPrototypeTable):
        (JSC::ExecState::globalObjectTable):
        (JSC::ExecState::numberConstructorTable):
        (JSC::ExecState::numberPrototypeTable):
        (JSC::ExecState::objectPrototypeTable):
        (JSC::ExecState::regExpPrototypeTable):
        (JSC::ExecState::stringConstructorTable): Added new tables.

        * runtime/ArrayConstructor.cpp:
        (JSC::ArrayConstructor::ArrayConstructor):
        (JSC::ArrayConstructor::getOwnPropertySlot):
        (JSC::ArrayConstructor::getOwnPropertyDescriptor):
        * runtime/ArrayConstructor.h:
        (JSC::ArrayConstructor::createStructure):
        * runtime/ArrayPrototype.cpp:
        (JSC::ArrayPrototype::getOwnPropertySlot):
        (JSC::ArrayPrototype::getOwnPropertyDescriptor):
        * runtime/ArrayPrototype.h:
        * runtime/BooleanPrototype.cpp:
        (JSC::BooleanPrototype::BooleanPrototype):
        (JSC::BooleanPrototype::getOwnPropertySlot):
        (JSC::BooleanPrototype::getOwnPropertyDescriptor):
        * runtime/BooleanPrototype.h:
        (JSC::BooleanPrototype::createStructure):
        * runtime/DateConstructor.cpp:
        (JSC::DateConstructor::DateConstructor):
        (JSC::DateConstructor::getOwnPropertySlot):
        (JSC::DateConstructor::getOwnPropertyDescriptor):
        * runtime/DateConstructor.h:
        (JSC::DateConstructor::createStructure):
        * runtime/ErrorPrototype.cpp:
        (JSC::ErrorPrototype::ErrorPrototype):
        (JSC::ErrorPrototype::getOwnPropertySlot):
        (JSC::ErrorPrototype::getOwnPropertyDescriptor):
        * runtime/ErrorPrototype.h:
        (JSC::ErrorPrototype::createStructure): Standardized these objects
        to use static tables for function properties.

        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        (JSC::JSGlobalData::~JSGlobalData):
        * runtime/JSGlobalData.h: Added new tables.

        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::reset):
        (JSC::JSGlobalObject::addStaticGlobals):
        (JSC::JSGlobalObject::getOwnPropertySlot):
        (JSC::JSGlobalObject::getOwnPropertyDescriptor):
        * runtime/JSGlobalObject.h:
        * runtime/JSGlobalObjectFunctions.cpp:
        * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
        static table for its global functions. This required uninlining some
        things to avoid a circular header dependency. However, those things
        probably shouldn't have been inlined in the first place.
        
        Even more global object properties can be made lazy, but that requires
        more in-depth changes.

        * runtime/MathObject.cpp:
        * runtime/NumberConstructor.cpp:
        (JSC::NumberConstructor::getOwnPropertySlot):
        (JSC::NumberConstructor::getOwnPropertyDescriptor):
        * runtime/NumberPrototype.cpp:
        (JSC::NumberPrototype::NumberPrototype):
        (JSC::NumberPrototype::getOwnPropertySlot):
        (JSC::NumberPrototype::getOwnPropertyDescriptor):
        * runtime/NumberPrototype.h:
        (JSC::NumberPrototype::createStructure):
        * runtime/ObjectPrototype.cpp:
        (JSC::ObjectPrototype::ObjectPrototype):
        (JSC::ObjectPrototype::put):
        (JSC::ObjectPrototype::getOwnPropertySlot):
        (JSC::ObjectPrototype::getOwnPropertyDescriptor):
        * runtime/ObjectPrototype.h:
        (JSC::ObjectPrototype::createStructure):
        * runtime/RegExpPrototype.cpp:
        (JSC::RegExpPrototype::RegExpPrototype):
        (JSC::RegExpPrototype::getOwnPropertySlot):
        (JSC::RegExpPrototype::getOwnPropertyDescriptor):
        * runtime/RegExpPrototype.h:
        (JSC::RegExpPrototype::createStructure):
        * runtime/StringConstructor.cpp:
        (JSC::StringConstructor::StringConstructor):
        (JSC::StringConstructor::getOwnPropertySlot):
        (JSC::StringConstructor::getOwnPropertyDescriptor):
        * runtime/StringConstructor.h:
        (JSC::StringConstructor::createStructure): Standardized these objects
        to use static tables for function properties.

2011-05-16  David Kilzer  <ddkilzer@apple.com>

        <http://webkit.org/b/60913> C++ exceptions should not be enabled when building with llvm-gcc-4.2
        <rdar://problem/9446430>

        Reviewed by Mark Rowe.

        * Configurations/Base.xcconfig: Fixed typo.

2011-05-16  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        JSWeakObjectMap finalisation may occur while gc is in inconsistent state
        https://bugs.webkit.org/show_bug.cgi?id=60908
        <rdar://problem/9409491>

        We need to ensure that we have called all the weak map finalizers while
        the global object (and hence global context) is still in a consistent
        state.  The best way to achieve this is to simply use a weak handle and
        finalizer on the global object.

        * JavaScriptCore.exp:
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::WeakMapFinalizer::finalize):
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::registerWeakMap):

2011-05-16  Siddharth Mathur  <siddharth.mathur@nokia.com>

        Reviewed by Laszlo Gombos.

        [Qt][WK2][Symbian] Shared memory implementation for Symbian
        https://bugs.webkit.org/show_bug.cgi?id=55875

        * wtf/Platform.h: Exclude Symbian OS from USE(UNIX_DOMAIN_SOCKETS) users

2011-05-16  Gavin Barraclough  <barraclough@apple.com>

        Rubber stamped by Geoff Garen.

        https://bugs.webkit.org/show_bug.cgi?id=60866
        Evaluation order broken for empty alternatives in subpatterns

        Reverting https://bugs.webkit.org/show_bug.cgi?id=51395

        * yarr/YarrPattern.cpp:
        (JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd):

2011-05-15  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoff Garen & Michael Saboff.

        https://bugs.webkit.org/show_bug.cgi?id=60860
        Simplify backtracking in YARR JIT

        YARR JIT currently performs a single pass of code generation over the pattern,
        with special handling to allow the code generation for some backtracking code
        out of line. We can simplify things by moving to a common mechanism whereby all
        forwards matching code is generated in one pass, and all backtracking code is
        generated in another. Backtracking code can be generated in reverse order, to
        optimized the common fall-through case.

        To make it easier to walk over the pattern, we can first convert to a more
        byte-code like format before JIT generating. In time we should unify this with
        the YARR interpreter to more closely unify the two.

        * yarr/YarrJIT.cpp:
        (JSC::Yarr::YarrGenerator::jumpIfNoAvailableInput):
        (JSC::Yarr::YarrGenerator::YarrOp::YarrOp):
        (JSC::Yarr::YarrGenerator::BacktrackingState::BacktrackingState):
        (JSC::Yarr::YarrGenerator::BacktrackingState::append):
        (JSC::Yarr::YarrGenerator::BacktrackingState::fallthrough):
        (JSC::Yarr::YarrGenerator::BacktrackingState::link):
        (JSC::Yarr::YarrGenerator::BacktrackingState::linkTo):
        (JSC::Yarr::YarrGenerator::BacktrackingState::takeBacktracksToJumpList):
        (JSC::Yarr::YarrGenerator::BacktrackingState::isEmpty):
        (JSC::Yarr::YarrGenerator::BacktrackingState::linkDataLabels):
        (JSC::Yarr::YarrGenerator::BacktrackingState::ReturnAddressRecord::ReturnAddressRecord):
        (JSC::Yarr::YarrGenerator::generateAssertionBOL):
        (JSC::Yarr::YarrGenerator::backtrackAssertionBOL):
        (JSC::Yarr::YarrGenerator::generateAssertionEOL):
        (JSC::Yarr::YarrGenerator::backtrackAssertionEOL):
        (JSC::Yarr::YarrGenerator::matchAssertionWordchar):
        (JSC::Yarr::YarrGenerator::generateAssertionWordBoundary):
        (JSC::Yarr::YarrGenerator::backtrackAssertionWordBoundary):
        (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
        (JSC::Yarr::YarrGenerator::backtrackPatternCharacterOnce):
        (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
        (JSC::Yarr::YarrGenerator::backtrackPatternCharacterFixed):
        (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
        (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):
        (JSC::Yarr::YarrGenerator::generatePatternCharacterNonGreedy):
        (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
        (JSC::Yarr::YarrGenerator::generateCharacterClassOnce):
        (JSC::Yarr::YarrGenerator::backtrackCharacterClassOnce):
        (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
        (JSC::Yarr::YarrGenerator::backtrackCharacterClassFixed):
        (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
        (JSC::Yarr::YarrGenerator::backtrackCharacterClassGreedy):
        (JSC::Yarr::YarrGenerator::generateCharacterClassNonGreedy):
        (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
        (JSC::Yarr::YarrGenerator::generateTerm):
        (JSC::Yarr::YarrGenerator::backtrackTerm):
        (JSC::Yarr::YarrGenerator::generate):
        (JSC::Yarr::YarrGenerator::backtrack):
        (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
        (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
        (JSC::Yarr::YarrGenerator::opCompileAlternative):
        (JSC::Yarr::YarrGenerator::opCompileBody):
        (JSC::Yarr::YarrGenerator::YarrGenerator):
        (JSC::Yarr::YarrGenerator::compile):

2011-05-15  Adam Barth  <abarth@webkit.org>

        Enable strict PassOwnPtr on Qt.  (Build fixes to follow.)

        * wtf/PassOwnPtr.h:

2011-05-15  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.

        Partial fix for <rdar://problem/9417875> REGRESSION: SunSpider ~17% slower
        in browser than on command line
        
        This patch fixes a few issues in generated code that could unreasonably
        prolong object lifetimes.

        * heap/Heap.cpp:
        (JSC::Heap::collectAllGarbage): Throw away all function code before doing
        a major collection. We want to clear polymorphic caches, since they can
        keep alive large object graphs that have gone "stale". For the same reason,
        but to a lesser extent, we also want to clear linked functions and other
        one-off caches.

        This has the side-benefit of reducing memory footprint from run-once
        functions, and of allowing predictions and caches that have failed to
        re-specialize.

        Eventually, if compilation costs rise far enough, we may want a more
        limited strategy for de-specializing code without throwing it away
        completely, but this works for now, and it's the simplest solution.

        * jit/JITStubs.cpp:
        (JSC::JITThunks::hostFunctionStub):
        * jit/JITStubs.h:
        * runtime/JSFunction.cpp: Made the host function stub cache weak --
        otherwise it's effectively a memory leak that can seriously fragment the
        GC and JIT heaps.

        (JSC::JSFunction::JSFunction):
        (JSC::JSFunction::visitChildren): Cleared up some comments that confused
        me when working with this code.

2011-05-13  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Make GC validation more aggressive
        https://bugs.webkit.org/show_bug.cgi?id=60802

        This patch makes the checks performed under GC_VALIDATION
        much more aggressive, and adds the checks to more places
        in order to allow us to catch GC bugs much closer to the
        point of failure.

        * JavaScriptCore.exp:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * debugger/DebuggerActivation.cpp:
        (JSC::DebuggerActivation::visitChildren):
        * heap/MarkedBlock.cpp:
        (JSC::MarkedBlock::MarkedBlock):
        * heap/MarkedSpace.cpp:
        * runtime/Arguments.cpp:
        (JSC::Arguments::visitChildren):
        * runtime/Executable.cpp:
        (JSC::EvalExecutable::visitChildren):
        (JSC::ProgramExecutable::visitChildren):
        (JSC::FunctionExecutable::visitChildren):
        * runtime/Executable.h:
        * runtime/GetterSetter.cpp:
        (JSC::GetterSetter::visitChildren):
        * runtime/GetterSetter.h:
        * runtime/JSAPIValueWrapper.h:
        (JSC::JSAPIValueWrapper::createStructure):
        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::visitChildren):
        * runtime/JSArray.cpp:
        (JSC::JSArray::visitChildren):
        * runtime/JSCell.cpp:
        (JSC::slowValidateCell):
        * runtime/JSCell.h:
        (JSC::JSCell::JSCell::unvalidatedStructure):
        (JSC::JSCell::JSCell::JSCell):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::visitChildren):
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::visitChildren):
        (JSC::slowValidateCell):
        * runtime/JSONObject.h:
        * runtime/JSObject.cpp:
        (JSC::JSObject::visitChildren):
        * runtime/JSPropertyNameIterator.cpp:
        (JSC::JSPropertyNameIterator::visitChildren):
        * runtime/JSPropertyNameIterator.h:
        * runtime/JSStaticScopeObject.cpp:
        (JSC::JSStaticScopeObject::visitChildren):
        * runtime/JSString.h:
        (JSC::RopeBuilder::JSString):
        * runtime/JSWrapperObject.cpp:
        (JSC::JSWrapperObject::visitChildren):
        * runtime/NativeErrorConstructor.cpp:
        (JSC::NativeErrorConstructor::visitChildren):
        * runtime/PropertyMapHashTable.h:
        (JSC::PropertyMapEntry::PropertyMapEntry):
        * runtime/RegExpObject.cpp:
        (JSC::RegExpObject::visitChildren):
        * runtime/ScopeChain.cpp:
        (JSC::ScopeChainNode::visitChildren):
        * runtime/ScopeChain.h:
        (JSC::ScopeChainNode::ScopeChainNode):
        * runtime/Structure.cpp:
        (JSC::Structure::Structure):
        (JSC::Structure::addPropertyTransition):
        (JSC::Structure::visitChildren):
        * runtime/Structure.h:
        (JSC::JSCell::classInfo):
        * runtime/StructureChain.cpp:
        (JSC::StructureChain::visitChildren):
        * runtime/StructureChain.h:
        * runtime/WriteBarrier.h:
        (JSC::validateCell):
        (JSC::JSCell):
        (JSC::JSGlobalObject):
        (JSC::WriteBarrierBase::set):
        (JSC::WriteBarrierBase::setMayBeNull):
        (JSC::WriteBarrierBase::setEarlyValue):
        (JSC::WriteBarrierBase::get):
        (JSC::WriteBarrierBase::operator*):
        (JSC::WriteBarrierBase::operator->):
        (JSC::WriteBarrierBase::unvalidatedGet):
        (JSC::WriteBarrier::WriteBarrier):
        * wtf/Assertions.h:

2011-05-13  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Make GC validation more aggressive
        https://bugs.webkit.org/show_bug.cgi?id=60802

        This patch makes the checks performed under GC_VALIDATION
        much more aggressive, and adds the checks to more places
        in order to allow us to catch GC bugs much closer to the
        point of failure.

        * JavaScriptCore.exp:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * debugger/DebuggerActivation.cpp:
        (JSC::DebuggerActivation::visitChildren):
        * heap/MarkedBlock.cpp:
        (JSC::MarkedBlock::MarkedBlock):
        * heap/MarkedSpace.cpp:
        * runtime/Arguments.cpp:
        (JSC::Arguments::visitChildren):
        * runtime/Executable.cpp:
        (JSC::EvalExecutable::visitChildren):
        (JSC::ProgramExecutable::visitChildren):
        (JSC::FunctionExecutable::visitChildren):
        * runtime/Executable.h:
        * runtime/GetterSetter.cpp:
        (JSC::GetterSetter::visitChildren):
        * runtime/GetterSetter.h:
        * runtime/JSAPIValueWrapper.h:
        (JSC::JSAPIValueWrapper::createStructure):
        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::visitChildren):
        * runtime/JSArray.cpp:
        (JSC::JSArray::visitChildren):
        * runtime/JSCell.cpp:
        (JSC::slowValidateCell):
        * runtime/JSCell.h:
        (JSC::JSCell::JSCell::unvalidatedStructure):
        (JSC::JSCell::JSCell::JSCell):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::visitChildren):
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::visitChildren):
        (JSC::slowValidateCell):
        * runtime/JSONObject.h:
        * runtime/JSObject.cpp:
        (JSC::JSObject::visitChildren):
        * runtime/JSPropertyNameIterator.cpp:
        (JSC::JSPropertyNameIterator::visitChildren):
        * runtime/JSPropertyNameIterator.h:
        * runtime/JSStaticScopeObject.cpp:
        (JSC::JSStaticScopeObject::visitChildren):
        * runtime/JSString.h:
        (JSC::RopeBuilder::JSString):
        * runtime/JSWrapperObject.cpp:
        (JSC::JSWrapperObject::visitChildren):
        * runtime/NativeErrorConstructor.cpp:
        (JSC::NativeErrorConstructor::visitChildren):
        * runtime/PropertyMapHashTable.h:
        (JSC::PropertyMapEntry::PropertyMapEntry):
        * runtime/RegExpObject.cpp:
        (JSC::RegExpObject::visitChildren):
        * runtime/ScopeChain.cpp:
        (JSC::ScopeChainNode::visitChildren):
        * runtime/ScopeChain.h:
        (JSC::ScopeChainNode::ScopeChainNode):
        * runtime/Structure.cpp:
        (JSC::Structure::Structure):
        (JSC::Structure::addPropertyTransition):
        (JSC::Structure::visitChildren):
        * runtime/Structure.h:
        (JSC::JSCell::classInfo):
        * runtime/StructureChain.cpp:
        (JSC::StructureChain::visitChildren):
        * runtime/StructureChain.h:
        * runtime/WriteBarrier.h:
        (JSC::validateCell):
        (JSC::JSCell):
        (JSC::JSGlobalObject):
        (JSC::WriteBarrierBase::set):
        (JSC::WriteBarrierBase::setMayBeNull):
        (JSC::WriteBarrierBase::setEarlyValue):
        (JSC::WriteBarrierBase::get):
        (JSC::WriteBarrierBase::operator*):
        (JSC::WriteBarrierBase::operator->):
        (JSC::WriteBarrierBase::unvalidatedGet):
        (JSC::WriteBarrier::WriteBarrier):
        * wtf/Assertions.h:

2011-05-14  Csaba Osztrogonác  <ossy@webkit.org>

        Unreviewed, rolling out r86469 and r86471, because they made hundreds tests crash on Qt.

        Make GC validation more aggressive
        https://bugs.webkit.org/show_bug.cgi?id=60802

        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * debugger/DebuggerActivation.cpp:
        (JSC::DebuggerActivation::visitChildren):
        * heap/MarkedBlock.cpp:
        (JSC::MarkedBlock::MarkedBlock):
        * heap/MarkedSpace.cpp:
        * runtime/Arguments.cpp:
        (JSC::Arguments::visitChildren):
        * runtime/Executable.cpp:
        (JSC::EvalExecutable::visitChildren):
        (JSC::ProgramExecutable::visitChildren):
        (JSC::FunctionExecutable::visitChildren):
        * runtime/Executable.h:
        (JSC::ProgramExecutable::createStructure):
        (JSC::FunctionExecutable::createStructure):
        * runtime/GetterSetter.cpp:
        (JSC::GetterSetter::visitChildren):
        * runtime/GetterSetter.h:
        (JSC::GetterSetter::createStructure):
        * runtime/JSAPIValueWrapper.h:
        (JSC::JSAPIValueWrapper::createStructure):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::visitChildren):
        * runtime/JSArray.cpp:
        (JSC::JSArray::visitChildren):
        * runtime/JSCell.cpp:
        * runtime/JSCell.h:
        (JSC::JSCell::JSCell::JSCell):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::visitChildren):
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::visitChildren):
        * runtime/JSONObject.h:
        (JSC::JSONObject::createStructure):
        * runtime/JSObject.cpp:
        (JSC::JSObject::visitChildren):
        * runtime/JSPropertyNameIterator.cpp:
        (JSC::JSPropertyNameIterator::visitChildren):
        * runtime/JSPropertyNameIterator.h:
        * runtime/JSStaticScopeObject.cpp:
        (JSC::JSStaticScopeObject::visitChildren):
        * runtime/JSString.h:
        (JSC::RopeBuilder::createStructure):
        * runtime/JSWrapperObject.cpp:
        (JSC::JSWrapperObject::visitChildren):
        * runtime/NativeErrorConstructor.cpp:
        (JSC::NativeErrorConstructor::visitChildren):
        * runtime/PropertyMapHashTable.h:
        (JSC::PropertyMapEntry::PropertyMapEntry):
        * runtime/RegExpObject.cpp:
        (JSC::RegExpObject::visitChildren):
        * runtime/ScopeChain.cpp:
        (JSC::ScopeChainNode::visitChildren):
        * runtime/ScopeChain.h:
        (JSC::ScopeChainNode::ScopeChainNode):
        * runtime/Structure.cpp:
        (JSC::Structure::Structure):
        (JSC::Structure::addPropertyTransition):
        (JSC::Structure::visitChildren):
        * runtime/Structure.h:
        (JSC::Structure::createStructure):
        (JSC::JSCell::classInfo):
        * runtime/StructureChain.cpp:
        (JSC::StructureChain::visitChildren):
        * runtime/StructureChain.h:
        * runtime/WriteBarrier.h:
        (JSC::WriteBarrierBase::set):
        (JSC::WriteBarrierBase::get):
        (JSC::WriteBarrierBase::operator*):
        (JSC::WriteBarrierBase::operator->):
        (JSC::WriteBarrier::WriteBarrier):
        * wtf/Assertions.h:

2011-05-13  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Make GC validation more aggressive
        https://bugs.webkit.org/show_bug.cgi?id=60802

        This patch makes the checks performed under GC_VALIDATION
        much more aggressive, and adds the checks to more places
        in order to allow us to catch GC bugs much closer to the
        point of failure.

        * JavaScriptCore.exp:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * debugger/DebuggerActivation.cpp:
        (JSC::DebuggerActivation::visitChildren):
        * heap/MarkedBlock.cpp:
        (JSC::MarkedBlock::MarkedBlock):
        * heap/MarkedSpace.cpp:
        * runtime/Arguments.cpp:
        (JSC::Arguments::visitChildren):
        * runtime/Executable.cpp:
        (JSC::EvalExecutable::visitChildren):
        (JSC::ProgramExecutable::visitChildren):
        (JSC::FunctionExecutable::visitChildren):
        * runtime/Executable.h:
        * runtime/GetterSetter.cpp:
        (JSC::GetterSetter::visitChildren):
        * runtime/GetterSetter.h:
        * runtime/JSAPIValueWrapper.h:
        (JSC::JSAPIValueWrapper::createStructure):
        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::visitChildren):
        * runtime/JSArray.cpp:
        (JSC::JSArray::visitChildren):
        * runtime/JSCell.cpp:
        (JSC::slowValidateCell):
        * runtime/JSCell.h:
        (JSC::JSCell::JSCell::unvalidatedStructure):
        (JSC::JSCell::JSCell::JSCell):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::visitChildren):
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::visitChildren):
        (JSC::slowValidateCell):
        * runtime/JSONObject.h:
        * runtime/JSObject.cpp:
        (JSC::JSObject::visitChildren):
        * runtime/JSPropertyNameIterator.cpp:
        (JSC::JSPropertyNameIterator::visitChildren):
        * runtime/JSPropertyNameIterator.h:
        * runtime/JSStaticScopeObject.cpp:
        (JSC::JSStaticScopeObject::visitChildren):
        * runtime/JSString.h:
        (JSC::RopeBuilder::JSString):
        * runtime/JSWrapperObject.cpp:
        (JSC::JSWrapperObject::visitChildren):
        * runtime/NativeErrorConstructor.cpp:
        (JSC::NativeErrorConstructor::visitChildren):
        * runtime/PropertyMapHashTable.h:
        (JSC::PropertyMapEntry::PropertyMapEntry):
        * runtime/RegExpObject.cpp:
        (JSC::RegExpObject::visitChildren):
        * runtime/ScopeChain.cpp:
        (JSC::ScopeChainNode::visitChildren):
        * runtime/ScopeChain.h:
        (JSC::ScopeChainNode::ScopeChainNode):
        * runtime/Structure.cpp:
        (JSC::Structure::Structure):
        (JSC::Structure::addPropertyTransition):
        (JSC::Structure::visitChildren):
        * runtime/Structure.h:
        (JSC::JSCell::classInfo):
        * runtime/StructureChain.cpp:
        (JSC::StructureChain::visitChildren):
        * runtime/StructureChain.h:
        * runtime/WriteBarrier.h:
        (JSC::validateCell):
        (JSC::JSCell):
        (JSC::JSGlobalObject):
        (JSC::WriteBarrierBase::set):
        (JSC::WriteBarrierBase::setMayBeNull):
        (JSC::WriteBarrierBase::setEarlyValue):
        (JSC::WriteBarrierBase::get):
        (JSC::WriteBarrierBase::operator*):
        (JSC::WriteBarrierBase::operator->):
        (JSC::WriteBarrierBase::unvalidatedGet):
        (JSC::WriteBarrier::WriteBarrier):
        * wtf/Assertions.h:

2011-05-01  Holger Hans Peter Freyther  <holger@moiji-mobile.com>

        Reviewed by Steve Block.

        [android] OS(ANDROID) does not imply PLATFORM(ANDROID)
        https://bugs.webkit.org/show_bug.cgi?id=59888

        It is possible to build QtWebKit and others for OS(ANDROID). Let
        the buildsystem decide which platform is to be build.

        * wtf/Platform.h:

2011-05-12  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin Adler.

        XMLDocumentParserLibxml2 should play nice with strict OwnPtrs
        https://bugs.webkit.org/show_bug.cgi?id=59394

        This portion of the change introduces a PassTraits template, which
        is used to enable takeFirst() to work for a Deque holding OwnPtrs,
        and optimize it for a Deque holding RefPtrs. In the future it can
        be deployed elsewhere to make our data structures work better with
        our smart pointers.

        * GNUmakefile.list.am:
        * JavaScriptCore.gypi:
        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * wtf/CMakeLists.txt:
        * wtf/Deque.h:
        (WTF::::takeFirst):
        * wtf/PassTraits.h: Added.
        (WTF::PassTraits::transfer):

2011-05-12  Nikolas Zimmermann  <nzimmermann@rim.com>

        Not reviewed.

        Revert r86334, it broke the win build. WinCE build is fixed even without this patch. WinCairo remains broken atm, everything else works.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2011-05-12  Nikolas Zimmermann  <nzimmermann@rim.com>

        Not reviewed.

        String operator+ reallocates unnecessarily when concatting > 2 strings
        https://bugs.webkit.org/show_bug.cgi?id=58420

        Try to fix WinCE/WinCairo linking by exporting three symbols, not sure whether it's correct though. Win worked just fine before.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2011-05-12  Nikolas Zimmermann  <nzimmermann@rim.com>

        Reviewed by Darin Adler.

        String operator+ reallocates unnecessarily when concatting > 2 strings
        https://bugs.webkit.org/show_bug.cgi?id=58420

        Provide a faster String append operator.
        Up until now, "String operator+(const String& a, const String& b)" copied String a into a temporary
        object, and used a.append(b), which reallocates a new buffer of aLength+bLength. When concatting
        N strings using operator+, this leads to N-1 reallocations.

        Replace this with a flexible operator+ implementation, that avoids these reallocations.
        When concatting a 'String' with any string type (char*, UChar, Vector<char>, String, AtomicString, etc..)
        a StringAppend<String, T> object is created, which holds the intermediate string objects, and delays
        creation of the final string, until operator String() is invoked.

        template<typename T>
        StringAppend<String, T> operator+(const String& string1, T string2)
        {
            return StringAppend<String, T>(string1, string2);
        }

        template<typename U, typename V, typename W>
        StringAppend<U, StringAppend<V, W> > operator+(U string1, const StringAppend<V, W>& string2)
        {
            return StringAppend<U, StringAppend<V, W> >(string1, string2);
        }

        When concatting three strings - "String a, b, c; String result = a + b + c;" following happens:
        first a StringAppend<String, String> object is created by operator+(const String& string1, String string2).
        Then operator+(String string1, const StringAppend<String, String>& string2) is invoked, which returns
        a StringAppend<String, StringAppend<String, String> > object.
        Then operator String() is invoked, which allocates a StringImpl object, once, large enough to hold the
        final string - it uses tryMakeString provided by StringConcatenate.h under the hoods, which guards us
        against too big string allocations, etc.

        Note that the second template, defines a recursive way to concat an arbitary number of strings
        into a single String with just one allocation.

        * GNUmakefile.list.am: Add StringOperators.h to build.
        * JavaScriptCore.exp: Export WTF::emptyString(). Remove no longer needed symbols.
        * JavaScriptCore.gypi: Add StringOperators.h to build.
        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
        * wtf/text/AtomicString.h: Pull in StringConcatenate.h at the end of the file.
        * wtf/text/StringConcatenate.h: Conditionally include AtomicString.h to avoid a cyclic dependency. Pull in StringOperators.h at the end of the file.
        * wtf/text/StringOperators.h: Added. This is never meant to be included directly, including either WTFString.h or AtomicString.h automatically pulls in this file.
        (WTF::StringAppend::StringAppend):
        (WTF::StringAppend::operator String):
        (WTF::StringAppend::operator AtomicString):
        (WTF::StringAppend::writeTo):
        (WTF::StringAppend::length):
        (WTF::operator+):
        * wtf/text/WTFString.cpp: Remove operator+ implementations that use String::append(). 
        (WTF::emptyString): Add new shared empty string free function.
        * wtf/text/WTFString.h: Replace operator+ implementations by StringAppend template solution. Pull in AtomicString.h at the end of the file.

2011-05-12  Philippe Normand  <pnormand@igalia.com>

        Unreviewed, GTK build fix.

        * wtf/Platform.h:

2011-05-12  Keith Kyzivat  <keith.kyzivat@nokia.com>

        Reviewed by Csaba Osztrogonác.

        [Qt] Arm debug build failing on ARMAssembler::debugOffset()
        https://bugs.webkit.org/show_bug.cgi?id=60688

        Related to svn rev 85523

        * assembler/ARMAssembler.h:
        (JSC::ARMAssembler::debugOffset):

2011-05-11  Igor Oliveira  <igor.oliveira@openbossa.org>

        Reviewed by Eric Seidel.

        WebKit does not build with GCCE
        https://bugs.webkit.org/show_bug.cgi?id=60667

        Allow compile WebKit with GCCE

        * wtf/Alignment.h:
        * wtf/Platform.h:

2011-05-11  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Enable strict PassOwnPtr on Mac
        https://bugs.webkit.org/show_bug.cgi?id=60684

        This should build cleanly now.

        * wtf/PassOwnPtr.h:

2011-05-11  Oliver Hunt  <oliver@apple.com>

        Reviewed by Darin Adler.

        Protect JSC from WebCore executing JS during JS wrapper finalization
        https://bugs.webkit.org/show_bug.cgi?id=60672
        <rdar://problem/9350997>

        Detect when we're trying to execute JS during GC and prevent the
        execution from happening.  We also assert that this isn't happening
        as it implies incorrect behaviour of an object's destructor.

        * JavaScriptCore.exp:
        * heap/Heap.cpp:
        * heap/Heap.h:
        (JSC::Heap::isBusy):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::execute):
        (JSC::Interpreter::executeCall):
        (JSC::Interpreter::executeConstruct):
        * runtime/JSGlobalData.h:
        (JSC::JSGlobalData::isCollectorBusy):

2011-05-11  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        Enable gc mark validation in temporarily in release builds
        https://bugs.webkit.org/show_bug.cgi?id=60678

        Make it easier to turn the gc mark validation on and off, and
        temporarily turn it on for all builds.

        * heap/MarkStack.cpp:
        * heap/MarkStack.h:
        (JSC::MarkStack::append):
        (JSC::MarkStack::internalAppend):
        * runtime/WriteBarrier.h:
        (JSC::MarkStack::appendValues):
        * wtf/Platform.h:

2011-05-11  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        <rdar://problem/9331651> REGRESSION: RPRVT grows by 1MB / sec @ dvd2blu.com
        
        SunSpider reports no change.

        This bug was caused by changing Structure and Executable to being GC
        objects, and by a long-standing bug that would thrash the global object
        between dictionary and non-dictionary states.

        * runtime/BatchedTransitionOptimizer.h:
        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer): Don't
        eagerly transition to dictionary -- this can cause pathological dictionary
        churn, and it's not necessary, since objects know how to automatically
        transition to dictionary when necessary.

        * runtime/Executable.cpp:
        (JSC::EvalExecutable::compileInternal):
        (JSC::ProgramExecutable::compileInternal):
        (JSC::FunctionExecutable::compileForCallInternal):
        (JSC::FunctionExecutable::compileForConstructInternal): Be sure to report
        extra cost from compilation, because it can be quite high. This is especially
        important for program code, since DOM timers can repeatedly allocate
        program code without allocating any other objects.

        * runtime/JSObject.cpp:
        (JSC::JSObject::removeDirect): Don't transition to the uncacheable state
        if the thing we're trying to remove doesn't exist. This can happen during
        compilation, since the compiler needs to ensure that no pre-existing
        conflicting definitions exist for certain declarations.

2011-05-11  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        Make mark stack validation functions do something useful in a release build
        https://bugs.webkit.org/show_bug.cgi?id=60645

        Turn ASSERTs into actual if(...) CRASH(); statements.

        * heap/MarkStack.cpp:
        (JSC::MarkStack::validateValue):

2011-05-11  Xan Lopez  <xlopez@igalia.com>

        Reviewed by Martin Robinson.

        Fix copy&paste error in comment.

        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::stringGetByValStubGenerator): the value is stored in
        regT2, not regT1.

2011-05-11  Adam Roben  <aroben@apple.com>

        WinCE build fixes for strict PassOwnPtr

        * wtf/unicode/CollatorDefault.cpp:
        (WTF::Collator::userDefault): Use adoptPtr.

2011-05-11  Holger Hans Peter Freyther  <holger@moiji-mobile.com>

        Unreviewed build fix.

        [MIPS] Fix compilation of the MIPS JIT

        Include the MIPSAssembler.h first to indirectly include
        AssemblerBuffer.h before the AbstractMacroAssembler.h. This
        order is used for the ARM and X86 MacroAssembler*.h

        * assembler/MacroAssemblerMIPS.h:

2011-05-11  Adam Roben  <aroben@apple.com>

        Turn on strict PassOwnPtr on Windows

        Fixes <http://webkit.org/b/60632> Windows should build with strict PassOwnPtr enabled

        Reviewed by Adam Barth.

        * wtf/PassOwnPtr.h:

2011-05-10  Stephanie Lewis  <slewis@apple.com>

        Unreviewed.

        Revert accidental JavaScriptCore change in http://trac.webkit.org/changeset/86130

        * Configurations/JavaScriptCore.xcconfig:

2011-05-10  Adam Barth  <abarth@webkit.org>

        Reviewed by David Levin.

        Enable strict PassOwnPtr on Chromium
        https://bugs.webkit.org/show_bug.cgi?id=60502

        Other platforms to follow.

        * wtf/PassOwnPtr.h:

2011-05-10  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.

        Fixed up some #include dependencies so the WriteBarrier class can actually call Heap::writeBarrier
        https://bugs.webkit.org/show_bug.cgi?id=60532

        * GNUmakefile.list.am:
        * JavaScriptCore.gypi:
        * JavaScriptCore.xcodeproj/project.pbxproj: Build!

        * heap/Handle.h: Moved HandleTypes to its own header because that's the
        WebKit style, and it was necessary to resolve a circular dependency
        between Handle.h and WriteBarrier.h.

        * heap/Heap.h:
        (JSC::Heap::writeBarrier): Added an inline no-op writeBarrier(), to
        verify that all the code is in the right place.

        * heap/MarkStack.h: Moved WriteBarrier operations to WriteBarrier.h to
        resolve a circular dependency.

        * runtime/ArgList.h:
        * runtime/JSCell.h: #include WriteBarrier.h since we don't get it for
        free anymore.

        * runtime/PropertyMapHashTable.h:
        (JSC::PropertyTable::PropertyTable): Call the real writeBarrier()
        function, now that it exists.

        * runtime/SmallStrings.h: Removed a stray #include to resolve a circular
        dependency.

        * runtime/WriteBarrier.h:
        (JSC::WriteBarrierBase::set):
        (JSC::MarkStack::append):
        (JSC::MarkStack::appendValues): Updated to match the changes above.

2011-05-10  Oliver Hunt  <oliver@apple.com>

        Build fix.

        * heap/MarkStack.cpp:
        (JSC::MarkStack::validateValue):

2011-05-10  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        Add some aggressive GC validation to debug builds.
        https://bugs.webkit.org/show_bug.cgi?id=60601

        When assertions are enabled we now do some validity checking
        of objects being added to the mark stack.

        * bytecode/Instruction.h:
        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::PolymorphicStubInfo):
        (JSC::PolymorphicAccessStructureList::visitAggregate):
        * heap/MarkStack.cpp:
        (JSC::MarkStack::validateSet):
        (JSC::MarkStack::validateValue):
        * heap/MarkStack.h:
        (JSC::MarkStack::appendValues):
        (JSC::MarkStack::append):
        (JSC::MarkStack::internalAppend):

2011-05-09  Darin Adler  <darin@apple.com>

        Reviewed by Oliver Hunt.

        http://bugs.webkit.org/show_bug.cgi?id=60509
        Wrong type used for return value from strlen

        * wtf/FastMalloc.cpp:
        (WTF::fastStrDup): Use size_t. Also don't bother checking for failure since
        fastMalloc won't return if it fails.

2011-05-09  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        CSP should block Function constructor
        https://bugs.webkit.org/show_bug.cgi?id=60240

        When eval is disabled, we need to block the use of the function
        constructor.  However, the WebCore JSC bindings call the function
        constructor directly to create inline event listeners.  To support that
        use, this patch adds an entrypoint that bypasses the check for whether
        eval is enabled.

        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * runtime/FunctionConstructor.cpp:
        (JSC::constructFunction):
        (JSC::constructFunctionSkippingEvalEnabledCheck):
        * runtime/FunctionConstructor.h:

2011-05-09  Adam Roben  <aroben@apple.com>

        Automatically touch WebKit.idl whenever any other WebKit1 IDL file changes

        Fixes <http://webkit.org/b/60468> WebKit.idl needs to be manually touched whenever any other
        WebKit1 IDL file changes to avoid build errors

        Reviewed by Tim Hatcher.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
        Updated for script rename.

        * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Renamed
        from react-to-vsprops-changes.py.
        (top level): Moved a constant here from main.
        (main): Moved most code from here to react_to_vsprops_changes. Added a call to the new
        react_to_webkit1_interface_changes function.
        (react_to_vsprops_changes): Moved code here from main. Updated to use the
        TOP_LEVEL_DIRECTORY global. Moved some code from here to mtime_of_newest_file_matching_globa
        and touch_if_older_than.
        (react_to_webkit1_interface_changes): Added. Touches WebKit.idl if any other WebKit1 IDL
        file has changed.
        (mtime_of_newest_file_matching_glob): Added. Code came from main.
        (touch_if_older_than): Added. Code came from main.

2011-05-08  Jessie Berlin  <jberlin@apple.com>

        Reviewed by Dan Bernstein.

        Make JSRetainPtr work with JSGlobalContextRefs.
        https://bugs.webkit.org/show_bug.cgi?id=60452

        Add specialized functions for JSRetain and JSRelease when dealing with JSGlobalContextRefs.

        * API/JSRetainPtr.h:
        (JSRetain):
        (JSRelease):

2011-05-07  Dawit Alemayehu  <adawit@kde.org>

        Reviewed by Daniel Bates.

        Fix compile with GCC 4.6.0
        https://bugs.webkit.org/show_bug.cgi?id=60380

        Remove unused local variable from code.

        * runtime/StringPrototype.cpp:
        (JSC::stringProtoFuncMatch):

2011-05-06  Alexis Menard  <alexis.menard@openbossa.org>

        Unreviewed build fix with gcc 4.6.0 on linux and c++0x support.

        std::tr1::has_trivial_constructor is in <tr1/memory>.

        * wtf/TypeTraits.h:

2011-05-05  Jay Civelli  <jcivelli@chromium.org>

        Reviewed by Adam Barth.

        Added convenience methods to convert from a byte to hex ASCII digit
        characters and vice-versa.
        https://bugs.webkit.org/show_bug.cgi?id=59834

        * wtf/ASCIICType.h:
        (WTF::toASCIIHexValue):
        (WTF::lowerNibbleToASCIIHexDigit):
        (WTF::upperNibbleToASCIIHexDigit):

2011-05-05  Alexis Menard  <alexis.menard@openbossa.org>

        Reviewed by Benjamin Poulain.

        [Qt] Make QtWebKit build when using gcc 4.6.0
        https://bugs.webkit.org/show_bug.cgi?id=60265

        If QtWebKit is compiled with gcc 4.6.0 or later we don't want to deactivate
        the c++0x support because it works.

        * JavaScriptCore.pro:

2011-05-04  Fridrich Strba  <fridrich.strba@bluewin.ch>

        Reviewed by Geoffrey Garen.

        Port MachineStackMarker.cpp to Windows x64
        https://bugs.webkit.org/show_bug.cgi?id=60216

        * heap/MachineStackMarker.cpp:
        (JSC::getPlatformThreadRegisters): the CONTEXT struct is usable also
        on 64-bit Windows.
        (JSC::otherThreadStackPointer): return the Rsp register on Windows x64.

2011-05-04  Fridrich Strba  <fridrich.strba@bluewin.ch>

        Reviewed by Martin Robinson.

        Link libjavascriptcoregtk on Windows with winmm.dll
        https://bugs.webkit.org/show_bug.cgi?id=60215

        * GNUmakefile.am:

2011-05-04  Tao Bai  <michaelbai@chromium.org>

        Reviewed by David Kilzer.

        Populate touch-icon url to FrameLoaderClient
        https://bugs.webkit.org/show_bug.cgi?id=59143

        * Configurations/FeatureDefines.xcconfig:

2011-05-03  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.

        <rdar://problem/9366557> Various crashes due to bad DFG codegen at canalplus.fr

        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::checkArgumentTypes): Removed a stray line of
        code that accidentally survived the conversion to a switch statement,
        causing a lot of important code not to run most of the time.

        Since this is not a trivial finger-picking mistake, I will not call it a
        typo.

2011-05-04  Adam Roben  <aroben@apple.com>

        Another attempted build fix

        * wtf/OwnPtr.h:
        (WTF::OwnPtr::operator==):
        (WTF::OwnPtr::operator!=):
        * wtf/PassOwnPtr.h:
        (WTF::PassOwnPtr::operator==):
        (WTF::PassOwnPtr::operator!=):
        Added a return statement. And made a tweak based on a suggestion from Anders Carlsson.

2011-05-04  Adam Roben  <aroben@apple.com>

        Try to fix Leopard, Qt, and probably others

        * wtf/OwnPtr.h:
        (WTF::OwnPtr::operator==):
        (WTF::OwnPtr::operator!=):
        * wtf/PassOwnPtr.h:
        (WTF::PassOwnPtr::operator==):
        (WTF::PassOwnPtr::operator!=):
        Try to get the compiler not to instantiate these function templates unnecessarily.

2011-05-03  Adam Roben  <aroben@apple.com>

        Disallow equality comparisons between [Pass]OwnPtrs

        If you have two OwnPtrs that are equal, you've already lost. (Unless you're doing something
        really sneaky, in which case you should stop!)

        Fixes <http://webkit.org/b/60053> Testing OwnPtrs for equality should cause a compiler error

        Reviewed by Anders Carlsson and Antti Koivisto.

        * wtf/OwnPtr.h:
        (WTF::OwnPtr::operator==):
        (WTF::OwnPtr::operator!=):
        * wtf/PassOwnPtr.h:
        (WTF::PassOwnPtr::operator==):
        (WTF::PassOwnPtr::operator!=):
        Added private equality operators that fail to compile when used. (When not used, the
        compiler will skip over them because they are function templates.)

2011-05-04  Alexis Menard  <alexis.menard@openbossa.org>

        Reviewed by Gavin Barraclough.

        JITArithmetic.cpp produces a warning on a unused variable.
        https://bugs.webkit.org/show_bug.cgi?id=60060

        Just properly use what we already have converted.

        * jit/JITArithmetic.cpp:
        (JSC::JIT::emitSlow_op_add):
        (JSC::JIT::emitSlow_op_mul):

2011-05-04  Alexis Menard  <alexis.menard@openbossa.org>

        Reviewed by Geoffrey Garen.

        JITPropertyAccess produces a unused but set variable warning in gcc 4.6.0.
        https://bugs.webkit.org/show_bug.cgi?id=60050

        This patch fix a compilation warning. The new warning scenario -Wunused-but-set-variable
        in gcc 4.6.0 is included in -Wall and therefore stops the compilation when warnings are treated
        as errors. The patch introduces a new macro ASSERT_JIT_OFFSET_UNUSED and ASSERT_WITH_MESSAGE_UNUSED
        which copy the idea of ASSERT_UNUSED.

        * jit/JIT.h:
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::emit_op_method_check):
        (JSC::JIT::compileGetByIdHotPath):
        (JSC::JIT::emit_op_put_by_id):
        * wtf/Assertions.h:
        (assertWithMessageUnused):

2011-04-29  Jer Noble  <jer.noble@apple.com>

        Reviewed by Eric Seidel.

        Implement FULLSCREEN_API on Windows, Part 4: Enable it
        https://bugs.webkit.org/show_bug.cgi?id=59798

        * wtf/Platform.h: Set ENABLE_FULLSCREEN_API on win.

2011-05-03  Alexis Menard  <alexis.menard@openbossa.org>

        Reviewed by Eric Seidel.

        Unused but set variable warning in MacroAssemberX86_64
        https://bugs.webkit.org/show_bug.cgi?id=59482

        * assembler/MacroAssemblerX86_64.h:
        (JSC::MacroAssemblerX86_64::call):
        (JSC::MacroAssemblerX86_64::tailRecursiveCall):
        (JSC::MacroAssemblerX86_64::makeTailRecursiveCall):

2011-05-03  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Make malloc validation useful
        https://bugs.webkit.org/show_bug.cgi?id=57502

        Reland this patch (rolled out in 82905) without
        turning it on by default.

        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * wtf/FastMalloc.cpp:
        (WTF::tryFastMalloc):
        (WTF::fastMalloc):
        (WTF::tryFastCalloc):
        (WTF::fastCalloc):
        (WTF::fastFree):
        (WTF::tryFastRealloc):
        (WTF::fastRealloc):
        (WTF::fastMallocSize):
        (WTF::TCMalloc_PageHeap::isScavengerSuspended):
        (WTF::TCMalloc_PageHeap::scheduleScavenger):
        (WTF::TCMalloc_PageHeap::suspendScavenger):
        (WTF::TCMalloc_PageHeap::signalScavenger):
        (WTF::TCMallocStats::malloc):
        (WTF::TCMallocStats::free):
        (WTF::TCMallocStats::fastCalloc):
        (WTF::TCMallocStats::tryFastCalloc):
        (WTF::TCMallocStats::calloc):
        (WTF::TCMallocStats::fastRealloc):
        (WTF::TCMallocStats::tryFastRealloc):
        (WTF::TCMallocStats::realloc):
        (WTF::TCMallocStats::fastMallocSize):
        * wtf/FastMalloc.h:
        (WTF::Internal::fastMallocValidationHeader):
        (WTF::Internal::fastMallocValidationSuffix):
        (WTF::Internal::fastMallocMatchValidationType):
        (WTF::Internal::setFastMallocMatchValidationType):
        (WTF::fastMallocMatchValidateFree):
        (WTF::fastMallocValidate):

2011-05-03  Xan Lopez  <xlopez@igalia.com>

        Reviewed by Anders Carlsson.

        Compile error with GCC 4.6.0, tries to assign unsigned& to bitfield
        https://bugs.webkit.org/show_bug.cgi?id=59261

        Use unary '+' to force proper type detection in template arguments
        with GCC 4.6.0. See bug report for more details.

        * runtime/Structure.cpp:
        (JSC::StructureTransitionTable::remove): Use '+' to force precise type detection.
        (JSC::StructureTransitionTable::add): ditto.
        * runtime/Structure.h:
        (JSC::StructureTransitionTable::keyForWeakGCMapFinalizer): ditto.

2011-05-03  Jessie Berlin  <jberlin@apple.com>

        Rubber-stamped by Adam Roben.

        Revert r85550 and r85575.

        Variables cannot be exported via the .def file. Instead, they should be annotated with
        JS_EXPORTDATA.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * runtime/Structure.cpp:
        (JSC::Structure::materializePropertyMap):
        * runtime/Structure.h:
        (JSC::Structure::typeInfo):
        (JSC::Structure::previousID):
        (JSC::Structure::propertyStorageCapacity):
        (JSC::Structure::propertyStorageSize):
        (JSC::Structure::get):
        (JSC::Structure::materializePropertyMapIfNecessary):

2011-05-02  Adam Roben  <aroben@apple.com>

        Allow implicit conversion from nullptr_t to PassOwnPtr

        This makes it a lot easier to write code that just wants a null PassOwnPtr, especially in
        strict PassOwnPtr mode.

        Fixes <http://webkit.org/b/59964> Implicit conversion from std::nullptr_t to PassOwnPtr
        doesn't work, but should

        Reviewed by Adam Barth.

        * wtf/PassOwnPtr.h:
        (WTF::PassOwnPtr::PassOwnPtr): Added a non-explicit constructor that takes a nullptr_t.

        * wtf/MessageQueue.h:
        (WTF::::waitForMessageFilteredWithTimeout):
        (WTF::::tryGetMessage):
        Use the new implicit conversion.

2011-05-02  Jessie Berlin  <jberlin@apple.com>

        Rubber-stamped by Oliver Hunt.

        Remove an assertion that Windows was hitting on launch.

        * runtime/Structure.cpp:
        (JSC::Structure::materializePropertyMap):
        * runtime/Structure.h:
        (JSC::Structure::typeInfo):
        (JSC::Structure::previousID):
        (JSC::Structure::propertyStorageCapacity):
        (JSC::Structure::propertyStorageSize):
        (JSC::Structure::get):
        (JSC::Structure::materializePropertyMapIfNecessary):

2011-05-02  Mark Rowe  <mrowe@apple.com>

        Reviewed by Geoff Garen.

        <rdar://problem/9371948> JavaScriptCore should build with GCC 4.2

        * Configurations/CompilerVersion.xcconfig:

2011-05-02  Gavin Barraclough  <barraclough@apple.com>

        ARMv7 build fix.

        * assembler/AbstractMacroAssembler.h:
        (JSC::AbstractMacroAssembler::Jump::link):
        (JSC::AbstractMacroAssembler::Jump::linkTo):

2011-05-02  Oliver Hunt  <oliver@apple.com>

        Windows build fix.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2011-05-02  Michael Saboff  <msaboff@apple.com>

        Reviewed by Geoffrey Garen.

        crash in JSC::RegExp::match
        https://bugs.webkit.org/show_bug.cgi?id=58922

        Cleared chained backtrack data label when linking label even if that 
        label doesn't chain itself.  This is needed so that subsequent 
        backtrack data labels point to the next outer paren and not within 
        the current paren.

        * yarr/YarrJIT.cpp:
        (JSC::Yarr::YarrGenerator::TermGenerationState::linkDataLabelToBacktrackIfExists):

2011-05-02  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Tiny bit of heap cleanup.

        * heap/MarkedBlock.h:
        (JSC::MarkedBlock::contains): Tightened up an assertion and a comment.

        * heap/MarkedSpace.h:
        (JSC::MarkedSpace::globalData):
        (JSC::MarkedSpace::highWaterMark):
        (JSC::MarkedSpace::setHighWaterMark): Moved inlines out of the class
        definition, for better clarity.

2011-05-02  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        Correct marking of interpreter data in mixed mode builds
        https://bugs.webkit.org/show_bug.cgi?id=59962

        We had a few places in mixed mode builds where we would not
        track data used by the interpreter for marking.  This patch
        corrects the problem and adds a number of assertions to catch
        live Structures being collected.

        * JavaScriptCore.exp:
        * assembler/ARMv7Assembler.h:
        (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::addPropertyAccessInstruction):
        (JSC::CodeBlock::addGlobalResolveInstruction):
        (JSC::CodeBlock::addStructureStubInfo):
        (JSC::CodeBlock::addGlobalResolveInfo):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitResolve):
        (JSC::BytecodeGenerator::emitResolveWithBase):
        (JSC::BytecodeGenerator::emitGetById):
        (JSC::BytecodeGenerator::emitPutById):
        (JSC::BytecodeGenerator::emitDirectPutById):
        * runtime/Structure.cpp:
        (JSC::Structure::materializePropertyMap):
        * runtime/Structure.h:
        (JSC::Structure::typeInfo):
        (JSC::Structure::previousID):
        (JSC::Structure::propertyStorageCapacity):
        (JSC::Structure::propertyStorageSize):
        (JSC::Structure::get):
        (JSC::Structure::materializePropertyMapIfNecessary):

2011-05-02  Xan Lopez  <xlopez@igalia.com>

        Reviewed by Alexey Proskuryakov.