465c7d38d41e0940a94b5f1477f5236762d97ee4
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-07-09  Chao-ying Fu  <fu@mips.com>
2
3         Fix MIPS build due to readInt32 and readPointer
4         https://bugs.webkit.org/show_bug.cgi?id=63962
5
6         * assembler/MIPSAssembler.h:
7         (JSC::MIPSAssembler::readInt32):
8         (JSC::MIPSAssembler::readPointer):
9         * assembler/MacroAssemblerMIPS.h:
10         (JSC::MacroAssemblerMIPS::rshift32):
11
12 2011-07-08  Gavin Barraclough  <barraclough@apple.com>
13
14         https://bugs.webkit.org/show_bug.cgi?id=64181
15         REGRESSION (r90602): Gmail doesn't load
16
17         Rolling out r90601, r90602.
18
19         * dfg/DFGAliasTracker.h:
20         * dfg/DFGByteCodeParser.cpp:
21         (JSC::DFG::ByteCodeParser::addVarArgChild):
22         (JSC::DFG::ByteCodeParser::parseBlock):
23         * dfg/DFGJITCodeGenerator.cpp:
24         (JSC::DFG::JITCodeGenerator::emitCall):
25         * dfg/DFGNode.h:
26         * dfg/DFGNonSpeculativeJIT.cpp:
27         (JSC::DFG::NonSpeculativeJIT::compile):
28         * dfg/DFGOperations.cpp:
29         * dfg/DFGOperations.h:
30         * dfg/DFGRepatch.cpp:
31         (JSC::DFG::tryCacheGetByID):
32         (JSC::DFG::dfgLinkCall):
33         * dfg/DFGRepatch.h:
34         * dfg/DFGSpeculativeJIT.cpp:
35         (JSC::DFG::SpeculativeJIT::compile):
36         * runtime/JSObject.h:
37         (JSC::JSObject::isUsingInlineStorage):
38
39 2011-07-08  Kalev Lember  <kalev@smartlink.ee>
40
41         Reviewed by Adam Roben.
42
43         Add missing _WIN32_WINNT and WINVER definitions
44         https://bugs.webkit.org/show_bug.cgi?id=59702
45
46         Moved _WIN32_WINNT and WINVER definitions to config.h so that they are
47         available for all source files.
48
49         In particular, wtf/FastMalloc.cpp uses CreateTimerQueueTimer and
50         DeleteTimerQueueTimer which are both guarded by
51         #if (_WIN32_WINNT >= 0x0500)
52         in MinGW headers.
53
54         * config.h:
55         * wtf/Assertions.cpp:
56
57 2011-07-08  Chang Shu  <cshu@webkit.org>
58
59         Rename "makeSecure" to "fill" and remove the support for displaying last character
60         to avoid layering violatation.
61         https://bugs.webkit.org/show_bug.cgi?id=59114
62
63         Reviewed by Alexey Proskuryakov.
64
65         * JavaScriptCore.exp:
66         * JavaScriptCore.order:
67         * wtf/text/StringImpl.cpp:
68         (WTF::StringImpl::fill):
69         * wtf/text/StringImpl.h:
70         * wtf/text/WTFString.h:
71         (WTF::String::fill):
72
73 2011-07-08  Benjamin Poulain  <benjamin@webkit.org>
74
75         [WK2] Do not forward touch events to the web process when it does not need them
76         https://bugs.webkit.org/show_bug.cgi?id=64164
77
78         Reviewed by Kenneth Rohde Christiansen.
79
80         Add a convenience function to obtain a reference to the last element of a Deque.
81
82         * wtf/Deque.h:
83         (WTF::Deque::last):
84
85 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
86
87         DFG JIT does not implement op_construct.
88         https://bugs.webkit.org/show_bug.cgi?id=64066
89
90         Reviewed by Gavin Barraclough.
91
92         * dfg/DFGAliasTracker.h:
93         (JSC::DFG::AliasTracker::recordConstruct):
94         * dfg/DFGByteCodeParser.cpp:
95         (JSC::DFG::ByteCodeParser::addCall):
96         (JSC::DFG::ByteCodeParser::parseBlock):
97         * dfg/DFGJITCodeGenerator.cpp:
98         (JSC::DFG::JITCodeGenerator::emitCall):
99         * dfg/DFGNode.h:
100         * dfg/DFGNonSpeculativeJIT.cpp:
101         (JSC::DFG::NonSpeculativeJIT::compile):
102         * dfg/DFGOperations.cpp:
103         * dfg/DFGOperations.h:
104         * dfg/DFGRepatch.cpp:
105         (JSC::DFG::dfgLinkFor):
106         * dfg/DFGRepatch.h:
107         * dfg/DFGSpeculativeJIT.cpp:
108         (JSC::DFG::SpeculativeJIT::compile):
109
110 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
111
112         DFG JIT does not implement get_by_id prototype caching.
113         https://bugs.webkit.org/show_bug.cgi?id=64077
114
115         Reviewed by Gavin Barraclough.
116
117         * dfg/DFGRepatch.cpp:
118         (JSC::DFG::emitRestoreScratch):
119         (JSC::DFG::linkRestoreScratch):
120         (JSC::DFG::tryCacheGetByID):
121         * runtime/JSObject.h:
122         (JSC::JSObject::addressOfPropertyAtOffset):
123
124 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
125
126         DFG JIT method_check implementation does not link to optimized get_by_id
127         slow path.
128         https://bugs.webkit.org/show_bug.cgi?id=64073
129
130         Reviewed by Gavin Barraclough.
131
132         * dfg/DFGRepatch.cpp:
133         (JSC::DFG::dfgRepatchGetMethodFast):
134
135 2011-07-07  Oliver Hunt  <oliver@apple.com>
136
137         Encode jump and link sizes into the appropriate enums
138         https://bugs.webkit.org/show_bug.cgi?id=64123
139
140         Reviewed by Sam Weinig.
141
142         Finally kill off the out of line jump and link size arrays, 
143         so we can avoid icky loads and constant fold the linking arithmetic.
144
145         * assembler/ARMv7Assembler.cpp:
146         * assembler/ARMv7Assembler.h:
147         (JSC::ARMv7Assembler::jumpSizeDelta):
148         (JSC::ARMv7Assembler::computeJumpType):
149
150 2011-07-06  Juan C. Montemayor  <jmont@apple.com>
151
152         ASSERT_NOT_REACHED running test 262
153         https://bugs.webkit.org/show_bug.cgi?id=63951
154         
155         Added a case to the switch statement where the code was failing. Fixed
156         some logic as well that gave faulty error messages.
157
158         Reviewed by Gavin Barraclough.
159
160         * parser/JSParser.cpp:
161         (JSC::JSParser::getTokenName):
162         (JSC::JSParser::updateErrorMessageSpecialCase):
163         (JSC::JSParser::updateErrorMessage):
164
165 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
166
167         DFG JIT implementation of op_call results in regressions on sunspider
168         controlflow-recursive.
169         https://bugs.webkit.org/show_bug.cgi?id=64039
170
171         Reviewed by Gavin Barraclough.
172
173         * dfg/DFGByteCodeParser.cpp:
174         (JSC::DFG::ByteCodeParser::isSmallInt32Constant):
175         (JSC::DFG::ByteCodeParser::parseBlock):
176         * dfg/DFGSpeculativeJIT.h:
177         (JSC::DFG::SpeculativeJIT::isInteger):
178
179 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
180
181         DFG JIT does not support method_check
182         https://bugs.webkit.org/show_bug.cgi?id=63972
183
184         Reviewed by Gavin Barraclough.
185
186         * assembler/CodeLocation.h:
187         (JSC::CodeLocationPossiblyNearCall::CodeLocationPossiblyNearCall):
188         * bytecode/CodeBlock.cpp:
189         (JSC::CodeBlock::visitAggregate):
190         * bytecode/CodeBlock.h:
191         (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
192         (JSC::MethodCallLinkInfo::seenOnce):
193         (JSC::MethodCallLinkInfo::setSeen):
194         * dfg/DFGAliasTracker.h:
195         (JSC::DFG::AliasTracker::recordGetMethod):
196         * dfg/DFGByteCodeParser.cpp:
197         (JSC::DFG::ByteCodeParser::parseBlock):
198         * dfg/DFGJITCodeGenerator.cpp:
199         (JSC::DFG::JITCodeGenerator::cachedGetById):
200         (JSC::DFG::JITCodeGenerator::cachedGetMethod):
201         * dfg/DFGJITCodeGenerator.h:
202         * dfg/DFGJITCompiler.cpp:
203         (JSC::DFG::JITCompiler::compileFunction):
204         * dfg/DFGJITCompiler.h:
205         (JSC::DFG::JITCompiler::addMethodGet):
206         (JSC::DFG::JITCompiler::MethodGetRecord::MethodGetRecord):
207         * dfg/DFGNode.h:
208         (JSC::DFG::Node::hasIdentifier):
209         * dfg/DFGNonSpeculativeJIT.cpp:
210         (JSC::DFG::NonSpeculativeJIT::compile):
211         * dfg/DFGOperations.cpp:
212         * dfg/DFGOperations.h:
213         * dfg/DFGRepatch.cpp:
214         (JSC::DFG::dfgRepatchGetMethodFast):
215         (JSC::DFG::tryCacheGetMethod):
216         (JSC::DFG::dfgRepatchGetMethod):
217         * dfg/DFGRepatch.h:
218         * dfg/DFGSpeculativeJIT.cpp:
219         (JSC::DFG::SpeculativeJIT::compile):
220         * jit/JITWriteBarrier.h:
221         (JSC::JITWriteBarrier::set):
222
223 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
224
225         DFG JIT op_call implementation will flush registers even when those registers are dead
226         https://bugs.webkit.org/show_bug.cgi?id=64023
227
228         Reviewed by Gavin Barraclough.
229
230         * dfg/DFGJITCodeGenerator.cpp:
231         (JSC::DFG::JITCodeGenerator::emitCall):
232         * dfg/DFGJITCodeGenerator.h:
233         (JSC::DFG::JITCodeGenerator::integerResult):
234         (JSC::DFG::JITCodeGenerator::noResult):
235         (JSC::DFG::JITCodeGenerator::cellResult):
236         (JSC::DFG::JITCodeGenerator::jsValueResult):
237         (JSC::DFG::JITCodeGenerator::doubleResult):
238         * dfg/DFGNonSpeculativeJIT.cpp:
239         (JSC::DFG::NonSpeculativeJIT::compile):
240         * dfg/DFGSpeculativeJIT.cpp:
241         (JSC::DFG::SpeculativeJIT::compile):
242
243 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
244
245         DFG speculative JIT may crash when speculating int on a non-int JSConstant.
246         https://bugs.webkit.org/show_bug.cgi?id=64017
247
248         Reviewed by Gavin Barraclough.
249
250         * dfg/DFGSpeculativeJIT.cpp:
251         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
252         (JSC::DFG::SpeculativeJIT::compile):
253
254 2011-07-06  Dmitriy Vyukov  <dvyukov@google.com>
255
256         Reviewed by David Levin.
257
258         Allow substitution of dynamic annotations and prevent identical code folding by the linker.
259         https://bugs.webkit.org/show_bug.cgi?id=62443
260
261         * wtf/DynamicAnnotations.cpp:
262         (WTFAnnotateBenignRaceSized):
263         (WTFAnnotateHappensBefore):
264         (WTFAnnotateHappensAfter):
265
266 2011-07-06  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
267
268         Calls on 32 bit machines are failed after r90423
269         https://bugs.webkit.org/show_bug.cgi?id=63980
270
271         Reviewed by Gavin Barraclough.
272
273         Copy the necessary lines from JITCall.cpp.
274
275         * jit/JITCall32_64.cpp:
276         (JSC::JIT::compileOpCall):
277
278 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
279
280         DFG JIT virtual call implementation is inefficient.
281         https://bugs.webkit.org/show_bug.cgi?id=63974
282
283         Reviewed by Gavin Barraclough.
284
285         * dfg/DFGOperations.cpp:
286         * runtime/Executable.h:
287         (JSC::ExecutableBase::generatedJITCodeForCallWithArityCheck):
288         (JSC::ExecutableBase::generatedJITCodeForConstructWithArityCheck):
289         (JSC::ExecutableBase::generatedJITCodeWithArityCheckFor):
290         (JSC::ExecutableBase::hasJITCodeForCall):
291         (JSC::ExecutableBase::hasJITCodeForConstruct):
292         (JSC::ExecutableBase::hasJITCodeFor):
293         * runtime/JSFunction.h:
294         (JSC::JSFunction::scopeUnchecked):
295
296 2011-07-05  Oliver Hunt  <oliver@apple.com>
297
298         Force inlining of simple functions that show up as not being inlined
299         https://bugs.webkit.org/show_bug.cgi?id=63964
300
301         Reviewed by Gavin Barraclough.
302
303         Looking at profile data indicates the gcc is failing to inline a
304         number of trivial functions.  This patch hits the ones that show
305         up in profiles with the ALWAYS_INLINE hammer.
306
307         We also replace the memcpy() call in linking with a manual loop.
308         Apparently memcpy() is almost never faster than an inlined loop.
309
310         * assembler/ARMv7Assembler.h:
311         (JSC::ARMv7Assembler::add):
312         (JSC::ARMv7Assembler::add_S):
313         (JSC::ARMv7Assembler::ARM_and):
314         (JSC::ARMv7Assembler::asr):
315         (JSC::ARMv7Assembler::b):
316         (JSC::ARMv7Assembler::blx):
317         (JSC::ARMv7Assembler::bx):
318         (JSC::ARMv7Assembler::clz):
319         (JSC::ARMv7Assembler::cmn):
320         (JSC::ARMv7Assembler::cmp):
321         (JSC::ARMv7Assembler::eor):
322         (JSC::ARMv7Assembler::it):
323         (JSC::ARMv7Assembler::ldr):
324         (JSC::ARMv7Assembler::ldrCompact):
325         (JSC::ARMv7Assembler::ldrh):
326         (JSC::ARMv7Assembler::ldrb):
327         (JSC::ARMv7Assembler::lsl):
328         (JSC::ARMv7Assembler::lsr):
329         (JSC::ARMv7Assembler::movT3):
330         (JSC::ARMv7Assembler::mov):
331         (JSC::ARMv7Assembler::movt):
332         (JSC::ARMv7Assembler::mvn):
333         (JSC::ARMv7Assembler::neg):
334         (JSC::ARMv7Assembler::orr):
335         (JSC::ARMv7Assembler::orr_S):
336         (JSC::ARMv7Assembler::ror):
337         (JSC::ARMv7Assembler::smull):
338         (JSC::ARMv7Assembler::str):
339         (JSC::ARMv7Assembler::sub):
340         (JSC::ARMv7Assembler::sub_S):
341         (JSC::ARMv7Assembler::tst):
342         (JSC::ARMv7Assembler::linkRecordSourceComparator):
343         (JSC::ARMv7Assembler::link):
344         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Reg3Imm8):
345         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Imm5Reg3Reg3):
346         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp7Reg3Reg3Reg3):
347         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8Imm8):
348         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8RegReg143):
349         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp9Imm7):
350         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp10Reg3Reg3):
351         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4FourFours):
352         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16FourFours):
353         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16Op16):
354         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp5i6Imm4Reg4EncodedImm):
355         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4Reg4Imm12):
356         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp):
357         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp):
358         * assembler/LinkBuffer.h:
359         (JSC::LinkBuffer::linkCode):
360         * assembler/MacroAssemblerARMv7.h:
361         (JSC::MacroAssemblerARMv7::nearCall):
362         (JSC::MacroAssemblerARMv7::call):
363         (JSC::MacroAssemblerARMv7::ret):
364         (JSC::MacroAssemblerARMv7::moveWithPatch):
365         (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
366         (JSC::MacroAssemblerARMv7::storePtrWithPatch):
367         (JSC::MacroAssemblerARMv7::tailRecursiveCall):
368         (JSC::MacroAssemblerARMv7::makeTailRecursiveCall):
369         (JSC::MacroAssemblerARMv7::jump):
370         (JSC::MacroAssemblerARMv7::makeBranch):
371
372 2011-07-05  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
373
374         Make "Add optimised paths for a few maths functions" work on Qt
375         https://bugs.webkit.org/show_bug.cgi?id=63893
376
377         Reviewed by Oliver Hunt.
378
379         Move the generated code to the .text section instead of .data section.
380         Fix alignment for the 32 bit thunk code.
381
382         * jit/ThunkGenerators.cpp:
383
384 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
385
386         DFG JIT does not implement op_call.
387         https://bugs.webkit.org/show_bug.cgi?id=63858
388
389         Reviewed by Gavin Barraclough.
390
391         * bytecode/CodeBlock.cpp:
392         (JSC::CodeBlock::unlinkCalls):
393         * bytecode/CodeBlock.h:
394         (JSC::CodeBlock::setNumberOfCallLinkInfos):
395         (JSC::CodeBlock::numberOfCallLinkInfos):
396         * bytecompiler/BytecodeGenerator.cpp:
397         (JSC::BytecodeGenerator::emitCall):
398         (JSC::BytecodeGenerator::emitConstruct):
399         * dfg/DFGAliasTracker.h:
400         (JSC::DFG::AliasTracker::lookupGetByVal):
401         (JSC::DFG::AliasTracker::recordCall):
402         (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
403         * dfg/DFGByteCodeParser.cpp:
404         (JSC::DFG::ByteCodeParser::ByteCodeParser):
405         (JSC::DFG::ByteCodeParser::getLocal):
406         (JSC::DFG::ByteCodeParser::getArgument):
407         (JSC::DFG::ByteCodeParser::toInt32):
408         (JSC::DFG::ByteCodeParser::addToGraph):
409         (JSC::DFG::ByteCodeParser::addVarArgChild):
410         (JSC::DFG::ByteCodeParser::predictInt32):
411         (JSC::DFG::ByteCodeParser::parseBlock):
412         (JSC::DFG::ByteCodeParser::processPhiStack):
413         (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
414         * dfg/DFGGraph.cpp:
415         (JSC::DFG::Graph::opName):
416         (JSC::DFG::Graph::dump):
417         (JSC::DFG::Graph::refChildren):
418         * dfg/DFGGraph.h:
419         * dfg/DFGJITCodeGenerator.cpp:
420         (JSC::DFG::JITCodeGenerator::useChildren):
421         (JSC::DFG::JITCodeGenerator::emitCall):
422         * dfg/DFGJITCodeGenerator.h:
423         (JSC::DFG::JITCodeGenerator::addressOfCallData):
424         * dfg/DFGJITCompiler.cpp:
425         (JSC::DFG::JITCompiler::compileFunction):
426         * dfg/DFGJITCompiler.h:
427         (JSC::DFG::CallRecord::CallRecord):
428         (JSC::DFG::JITCompiler::notifyCall):
429         (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
430         (JSC::DFG::JITCompiler::addJSCall):
431         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
432         (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
433         * dfg/DFGNode.h:
434         (JSC::DFG::Node::Node):
435         (JSC::DFG::Node::child1):
436         (JSC::DFG::Node::child2):
437         (JSC::DFG::Node::child3):
438         (JSC::DFG::Node::firstChild):
439         (JSC::DFG::Node::numChildren):
440         * dfg/DFGNonSpeculativeJIT.cpp:
441         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
442         (JSC::DFG::NonSpeculativeJIT::compare):
443         (JSC::DFG::NonSpeculativeJIT::compile):
444         * dfg/DFGOperations.cpp:
445         * dfg/DFGOperations.h:
446         * dfg/DFGRepatch.cpp:
447         (JSC::DFG::dfgLinkCall):
448         * dfg/DFGRepatch.h:
449         * dfg/DFGSpeculativeJIT.cpp:
450         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
451         (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
452         (JSC::DFG::SpeculativeJIT::compile):
453         * dfg/DFGSpeculativeJIT.h:
454         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
455         * interpreter/CallFrame.h:
456         (JSC::ExecState::calleeAsValue):
457         * jit/JIT.cpp:
458         (JSC::JIT::JIT):
459         (JSC::JIT::privateCompileMainPass):
460         (JSC::JIT::privateCompileSlowCases):
461         (JSC::JIT::privateCompile):
462         (JSC::JIT::linkCall):
463         (JSC::JIT::linkConstruct):
464         * jit/JITCall.cpp:
465         (JSC::JIT::compileOpCall):
466         * jit/JITCode.h:
467         (JSC::JITCode::JITCode):
468         (JSC::JITCode::jitType):
469         (JSC::JITCode::HostFunction):
470         * runtime/JSFunction.h:
471         * runtime/JSGlobalData.h:
472
473 2011-07-05  Oliver Hunt  <oliver@apple.com>
474
475         Initialize new MarkStack member
476
477         * heap/MarkStack.h:
478         (JSC::MarkStack::MarkStack):
479
480 2011-07-05  Oliver Hunt  <oliver@apple.com>
481
482         Don't throw out compiled code repeatedly
483         https://bugs.webkit.org/show_bug.cgi?id=63960
484
485         Reviewed by Gavin Barraclough.
486
487         Stop throwing away all compiled code every time
488         we're told to do a full GC.  Instead unlink all
489         callsites during such GC passes to maximise the
490         number of collectable functions, but otherwise
491         leave compiled functions alone.
492
493         * API/JSBase.cpp:
494         (JSGarbageCollect):
495         * bytecode/CodeBlock.cpp:
496         (JSC::CodeBlock::visitAggregate):
497         * heap/Heap.cpp:
498         (JSC::Heap::collectAllGarbage):
499         * heap/MarkStack.h:
500         (JSC::MarkStack::shouldUnlinkCalls):
501         (JSC::MarkStack::setShouldUnlinkCalls):
502         * runtime/JSGlobalData.cpp:
503         (JSC::JSGlobalData::recompileAllJSFunctions):
504         (JSC::JSGlobalData::releaseExecutableMemory):
505         * runtime/RegExp.cpp:
506         (JSC::RegExp::compile):
507         (JSC::RegExp::invalidateCode):
508         * runtime/RegExp.h:
509
510 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
511
512         JSC JIT has code duplication for the handling of call and construct
513         https://bugs.webkit.org/show_bug.cgi?id=63957
514
515         Reviewed by Gavin Barraclough.
516
517         * jit/JIT.cpp:
518         (JSC::JIT::linkFor):
519         * jit/JIT.h:
520         * jit/JITStubs.cpp:
521         (JSC::jitCompileFor):
522         (JSC::DEFINE_STUB_FUNCTION):
523         (JSC::arityCheckFor):
524         (JSC::lazyLinkFor):
525         * runtime/Executable.h:
526         (JSC::ExecutableBase::generatedJITCodeFor):
527         (JSC::FunctionExecutable::compileFor):
528         (JSC::FunctionExecutable::isGeneratedFor):
529         (JSC::FunctionExecutable::generatedBytecodeFor):
530         (JSC::FunctionExecutable::generatedJITCodeWithArityCheckFor):
531
532 2011-07-05  Gavin Barraclough  <barraclough@apple.com>
533
534         Build fix following last patch.
535
536         * runtime/JSFunction.cpp:
537         (JSC::createPrototypeProperty):
538
539 2011-07-05  Gavin Barraclough  <barraclough@apple.com>
540
541         https://bugs.webkit.org/show_bug.cgi?id=63947
542         ASSERT running Object.preventExtensions(Math.sin)
543
544         Reviewed by Oliver Hunt.
545
546         This is due to calling scope() on a hostFunction as a part of
547         calling createPrototypeProperty to reify the prototype property.
548         But host functions don't have a prototype property anyway!
549
550         Prevent callling createPrototypeProperty on a host function.
551
552         * runtime/JSFunction.cpp:
553         (JSC::JSFunction::createPrototypeProperty):
554         (JSC::JSFunction::preventExtensions):
555
556 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
557
558         https://bugs.webkit.org/show_bug.cgi?id=63880
559         Evaluation order of conversions of operands to >, >= incorrect.
560
561         Reviewed by Sam Weinig.
562
563         Add 'leftFirst' parameter to jsLess, jsLessEq matching that described in the ES5
564         spec. This allows these methods to be reused to perform >, >= relational compares
565         with correct ordering of type conversions.
566
567         * dfg/DFGOperations.cpp:
568         * interpreter/Interpreter.cpp:
569         (JSC::Interpreter::privateExecute):
570         * jit/JITStubs.cpp:
571         (JSC::DEFINE_STUB_FUNCTION):
572         * runtime/Operations.h:
573         (JSC::jsLess):
574         (JSC::jsLessEq):
575
576 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
577
578         Reviewed by Sam Weinig.
579
580         https://bugs.webkit.org/show_bug.cgi?id=16652
581         Firefox and JavaScriptCore differ in Number.toString(integer)
582
583         Our arbitrary radix (2..36) toString conversion is inaccurate.
584         This is partly because it uses doubles to perform math that requires
585         higher accuracy, and partly becasue it does not attempt to correctly
586         detect where to terminate, instead relying on a simple 'epsilon'.
587
588         * runtime/NumberPrototype.cpp:
589         (JSC::decomposeDouble):
590             - helper function to extract sign, exponent, mantissa from IEEE doubles.
591         (JSC::Uint16WithFraction::Uint16WithFraction):
592             - helper class, u16int with infinite precision fraction, used to convert
593               the fractional part of the number to a string.
594         (JSC::Uint16WithFraction::operator*=):
595             - Multiply by a uint16.
596         (JSC::Uint16WithFraction::operator<):
597             - Compare two Uint16WithFractions.
598         (JSC::Uint16WithFraction::floorAndSubtract):
599             - Extract the integer portion of the number, and subtract it (clears the integer portion).
600         (JSC::Uint16WithFraction::comparePoint5):
601             - Compare to 0.5.
602         (JSC::Uint16WithFraction::sumGreaterThanOne):
603             - Passed a second Uint16WithFraction, returns true if the result of adding
604               the two values would be greater than one.
605         (JSC::Uint16WithFraction::isNormalized):
606             - Used by ASSERTs to consistency check internal representation.
607         (JSC::BigInteger::BigInteger):
608             - helper class, unbounded integer value, used to convert the integer part
609               of the number to a string.
610         (JSC::BigInteger::divide):
611             - Divide this value through by a uint32.
612         (JSC::BigInteger::operator!):
613             - test for zero.
614         (JSC::toStringWithRadix):
615             - Performs number to string conversion, with the given radix (2..36).
616         (JSC::numberProtoFuncToString):
617             - Changed to use toStringWithRadix.
618
619 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
620
621         https://bugs.webkit.org/show_bug.cgi?id=63881
622         Need separate bytecodes for handling >, >= comparisons.
623
624         Reviewed by Oliver Hunt.
625
626         This clears the way to fix Bug#63880. We currently handle greater-than comparisons
627         as being using the corresponding op_less, etc opcodes.  This is incorrect with
628         respect to evaluation ordering of the implicit conversions performed on operands -
629         we should be calling ToPrimitive on the LHS and RHS operands to the greater than,
630         but instead convert RHS then LHS.
631
632         This patch adds opcodes for greater-than comparisons mirroring existing ones used
633         for less-than.
634
635         * bytecode/CodeBlock.cpp:
636         (JSC::CodeBlock::dump):
637         * bytecode/Opcode.h:
638         * bytecompiler/BytecodeGenerator.cpp:
639         (JSC::BytecodeGenerator::emitJumpIfTrue):
640         (JSC::BytecodeGenerator::emitJumpIfFalse):
641         * bytecompiler/NodesCodegen.cpp:
642         * dfg/DFGByteCodeParser.cpp:
643         (JSC::DFG::ByteCodeParser::parseBlock):
644         * dfg/DFGNode.h:
645         * dfg/DFGNonSpeculativeJIT.cpp:
646         (JSC::DFG::NonSpeculativeJIT::compare):
647         (JSC::DFG::NonSpeculativeJIT::compile):
648         * dfg/DFGNonSpeculativeJIT.h:
649         * dfg/DFGOperations.cpp:
650         * dfg/DFGOperations.h:
651         * dfg/DFGSpeculativeJIT.cpp:
652         (JSC::DFG::SpeculativeJIT::compare):
653         (JSC::DFG::SpeculativeJIT::compile):
654         * dfg/DFGSpeculativeJIT.h:
655         * interpreter/Interpreter.cpp:
656         (JSC::Interpreter::privateExecute):
657         * jit/JIT.cpp:
658         (JSC::JIT::privateCompileMainPass):
659         (JSC::JIT::privateCompileSlowCases):
660         * jit/JIT.h:
661         (JSC::JIT::emit_op_loop_if_greater):
662         (JSC::JIT::emitSlow_op_loop_if_greater):
663         (JSC::JIT::emit_op_loop_if_greatereq):
664         (JSC::JIT::emitSlow_op_loop_if_greatereq):
665         * jit/JITArithmetic.cpp:
666         (JSC::JIT::emit_op_jgreater):
667         (JSC::JIT::emit_op_jgreatereq):
668         (JSC::JIT::emit_op_jngreater):
669         (JSC::JIT::emit_op_jngreatereq):
670         (JSC::JIT::emitSlow_op_jgreater):
671         (JSC::JIT::emitSlow_op_jgreatereq):
672         (JSC::JIT::emitSlow_op_jngreater):
673         (JSC::JIT::emitSlow_op_jngreatereq):
674         (JSC::JIT::emit_compareAndJumpSlow):
675         * jit/JITArithmetic32_64.cpp:
676         (JSC::JIT::emitBinaryDoubleOp):
677         * jit/JITStubs.cpp:
678         (JSC::DEFINE_STUB_FUNCTION):
679         * jit/JITStubs.h:
680         * parser/NodeConstructors.h:
681         (JSC::GreaterNode::GreaterNode):
682         (JSC::GreaterEqNode::GreaterEqNode):
683         * parser/Nodes.h:
684
685 2011-07-03  Gavin Barraclough  <barraclough@apple.com>
686
687         https://bugs.webkit.org/show_bug.cgi?id=63879
688         Reduce code duplication for op_jless, op_jlesseq, op_jnless, op_jnlesseq.
689
690         Reviewed by Sam Weinig.
691         
692         There is a lot of copy & paste code here; we can reduce duplication by making
693         a shared implementation.
694
695         * assembler/MacroAssembler.h:
696         (JSC::MacroAssembler::branch32):
697         (JSC::MacroAssembler::commute):
698             - Make these function platform agnostic.
699         * assembler/MacroAssemblerX86Common.h:
700             - Moved branch32/commute up to MacroAssembler.
701         * jit/JIT.h:
702         (JSC::JIT::emit_op_loop_if_lesseq):
703         (JSC::JIT::emitSlow_op_loop_if_lesseq):
704             - Add an implementation matching that for op_loop_if_less, which just calls op_jless.
705         * jit/JITArithmetic.cpp:
706         (JSC::JIT::emit_op_jless):
707         (JSC::JIT::emit_op_jlesseq):
708         (JSC::JIT::emit_op_jnless):
709         (JSC::JIT::emit_op_jnlesseq):
710         (JSC::JIT::emitSlow_op_jless):
711         (JSC::JIT::emitSlow_op_jlesseq):
712         (JSC::JIT::emitSlow_op_jnless):
713         (JSC::JIT::emitSlow_op_jnlesseq):
714             - Common implmentations of these methods for JSVALUE64 & JSVALUE32_64.
715         (JSC::JIT::emit_compareAndJump):
716         (JSC::JIT::emit_compareAndJumpSlow):
717             - Internal implmementation of jless etc for JSVALUE64.
718         * jit/JITArithmetic32_64.cpp:
719         (JSC::JIT::emit_compareAndJump):
720         (JSC::JIT::emit_compareAndJumpSlow):
721             - Internal implmementation of jless etc for JSVALUE32_64.
722         * jit/JITOpcodes.cpp:
723         * jit/JITOpcodes32_64.cpp:
724         * jit/JITStubs.cpp:
725         * jit/JITStubs.h:
726             - Remove old implementation of emit_op_loop_if_lesseq.
727
728 2011-07-03  Sheriff Bot  <webkit.review.bot@gmail.com>
729
730         Unreviewed, rolling out r90347.
731         http://trac.webkit.org/changeset/90347
732         https://bugs.webkit.org/show_bug.cgi?id=63886
733
734         Build breaks on Leopard, Chromium-win, WinCairo, and WinCE.
735         (Requested by tkent on #webkit).
736
737         * JavaScriptCore.xcodeproj/project.pbxproj:
738         * runtime/BigInteger.h: Removed.
739         * runtime/NumberPrototype.cpp:
740         (JSC::numberProtoFuncToPrecision):
741         (JSC::numberProtoFuncToString):
742         * runtime/Uint16WithFraction.h: Removed.
743         * wtf/MathExtras.h:
744
745 2011-06-30  Gavin Barraclough  <barraclough@apple.com>
746
747         Reviewed by Sam Weinig.
748
749         https://bugs.webkit.org/show_bug.cgi?id=16652
750         Firefox and JavaScriptCore differ in Number.toString(integer)
751
752         Our arbitrary radix (2..36) toString conversion is inaccurate.
753         This is partly because it uses doubles to perform math that requires
754         higher accuracy, and partly becasue it does not attempt to correctly
755         detect where to terminate, instead relying on a simple 'epsilon'.
756
757         * runtime/NumberPrototype.cpp:
758         (JSC::decomposeDouble):
759             - helper function to extract sign, exponent, mantissa from IEEE doubles.
760         (JSC::Uint16WithFraction::Uint16WithFraction):
761             - helper class, u16int with infinite precision fraction, used to convert
762               the fractional part of the number to a string.
763         (JSC::Uint16WithFraction::operator*=):
764             - Multiply by a uint16.
765         (JSC::Uint16WithFraction::operator<):
766             - Compare two Uint16WithFractions.
767         (JSC::Uint16WithFraction::floorAndSubtract):
768             - Extract the integer portion of the number, and subtract it (clears the integer portion).
769         (JSC::Uint16WithFraction::comparePoint5):
770             - Compare to 0.5.
771         (JSC::Uint16WithFraction::sumGreaterThanOne):
772             - Passed a second Uint16WithFraction, returns true if the result of adding
773               the two values would be greater than one.
774         (JSC::Uint16WithFraction::isNormalized):
775             - Used by ASSERTs to consistency check internal representation.
776         (JSC::BigInteger::BigInteger):
777             - helper class, unbounded integer value, used to convert the integer part
778               of the number to a string.
779         (JSC::BigInteger::divide):
780             - Divide this value through by a uint32.
781         (JSC::BigInteger::operator!):
782             - test for zero.
783         (JSC::toStringWithRadix):
784             - Performs number to string conversion, with the given radix (2..36).
785         (JSC::numberProtoFuncToString):
786             - Changed to use toStringWithRadix.
787
788 2011-07-02  Gavin Barraclough  <barraclough@apple.com>
789
790         https://bugs.webkit.org/show_bug.cgi?id=63866
791         DFG JIT - implement instanceof
792
793         Reviewed by Sam Weinig.
794
795         Add ops CheckHasInstance & InstanceOf to implement bytecodes
796         op_check_has_instance & op_instanceof. This is an initial
797         functional implementation, performance is a wash. We can
798         follow up with changes to fuse the InstanceOf node with
799         a subsequant branch, as we do with other comparisons.
800
801         * dfg/DFGByteCodeParser.cpp:
802         (JSC::DFG::ByteCodeParser::parseBlock):
803         * dfg/DFGJITCompiler.cpp:
804         (JSC::DFG::JITCompiler::jitAssertIsCell):
805         * dfg/DFGJITCompiler.h:
806         (JSC::DFG::JITCompiler::jitAssertIsCell):
807         * dfg/DFGNode.h:
808         * dfg/DFGNonSpeculativeJIT.cpp:
809         (JSC::DFG::NonSpeculativeJIT::compile):
810         * dfg/DFGOperations.cpp:
811         * dfg/DFGOperations.h:
812         * dfg/DFGSpeculativeJIT.cpp:
813         (JSC::DFG::SpeculativeJIT::compile):
814
815 2011-07-01  Oliver Hunt  <oliver@apple.com>
816
817         IE Web Workers demo crashes in JSC::SlotVisitor::visitChildren()
818         https://bugs.webkit.org/show_bug.cgi?id=63732
819
820         Reviewed by Gavin Barraclough.
821
822         Initialise the memory at the head of the new storage so that
823         GC is safe if triggered by reportExtraMemoryCost.
824
825         * runtime/JSArray.cpp:
826         (JSC::JSArray::increaseVectorPrefixLength):
827
828 2011-07-01  Oliver Hunt  <oliver@apple.com>
829
830         GC sweep can occur before an object is completely initialised
831         https://bugs.webkit.org/show_bug.cgi?id=63836
832
833         Reviewed by Gavin Barraclough.
834
835         In rare cases it's possible for a GC sweep to occur while a
836         live, but not completely initialised object is on the stack.
837         In such a case we may incorrectly choose to mark it, even
838         though it has no children that need marking.
839
840         We resolve this by always zeroing out the structure of any
841         value returned from JSCell::operator new(), and making the
842         markstack tolerant of a null structure. 
843
844         * runtime/JSCell.h:
845         (JSC::JSCell::JSCell::~JSCell):
846         (JSC::JSCell::JSCell::operator new):
847         * runtime/Structure.h:
848         (JSC::MarkStack::internalAppend):
849
850 2011-07-01  Filip Pizlo  <fpizlo@apple.com>
851
852         Reviewed by Gavin Barraclough.
853
854         DFG non-speculative JIT always performs slow C calls for div and mod.
855         https://bugs.webkit.org/show_bug.cgi?id=63684
856
857         * dfg/DFGNonSpeculativeJIT.cpp:
858         (JSC::DFG::NonSpeculativeJIT::compile):
859
860 2011-07-01  Juan C. Montemayor  <jmont@apple.com>
861
862         Reviewed by Oliver Hunt.
863
864         Lexer error messages are currently appalling
865         https://bugs.webkit.org/show_bug.cgi?id=63340
866
867         Added error messages for the Lexer. These messages will be displayed
868         instead of the lexer error messages from the parser that are currently
869         shown.
870
871         * parser/Lexer.cpp:
872         (JSC::Lexer::getInvalidCharMessage):
873         (JSC::Lexer::setCode):
874         (JSC::Lexer::parseString):
875         (JSC::Lexer::lex):
876         (JSC::Lexer::clear):
877         * parser/Lexer.h:
878         (JSC::Lexer::getErrorMessage):
879         (JSC::Lexer::setOffset):
880         * parser/Parser.cpp:
881         (JSC::Parser::parse):
882
883 2011-07-01  Jungshik Shin  <jshin@chromium.org>
884
885         Reviewed by Alexey Proskuryakov.
886
887         Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
888         build files for ports not using ICU.
889         Add icu/unicode/uscript.h for ports using ICU. It's taken from 
890         ICU 3.6 (the version used on Mac OS 10.5)
891
892         http://bugs.webkit.org/show_bug.cgi?id=20797
893
894         * GNUmakefile.list.am:
895         * JavaScriptCore.gypi:
896         * icu/unicode/uscript.h: Added for UScriptCode enum.
897         * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
898         * wtf/unicode/icu/UnicodeIcu.h:
899         * wtf/unicode/brew/UnicodeBrew.h:
900         * wtf/unicode/glib/UnicodeGLib.h:
901         * wtf/unicode/qt4/UnicodeQt4.h:
902         * wtf/unicode/wince/UnicodeWinCE.h:
903
904 2011-07-01  Gavin Barraclough  <barraclough@apple.com>
905
906         Reviewed by Sam Weinig.
907
908         https://bugs.webkit.org/show_bug.cgi?id=63819
909         Escaping of forwardslashes in strings incorrect if multiple exist.
910
911         The bug is in the parameters passed to a substring - should be
912         start & length, but we're passing start & end indices!
913
914         * runtime/RegExpObject.cpp:
915         (JSC::regExpObjectSource):
916
917 2011-07-01  Adam Roben  <aroben@apple.com>
918
919         Roll out r90194
920         http://trac.webkit.org/changeset/90194
921         https://bugs.webkit.org/show_bug.cgi?id=63778
922
923         Fixes <http://webkit.org/b/63812> REGRESSION (r90194): Multiple tests intermittently failing
924         assertions in WriteBarrierBase<JSC::Structure>::get
925
926         * runtime/JSCell.h:
927         (JSC::JSCell::JSCell::~JSCell):
928
929 2011-06-30  Oliver Hunt  <oliver@apple.com>
930
931         Reviewed by Gavin Barraclough.
932
933         Add optimised paths for a few maths functions
934         https://bugs.webkit.org/show_bug.cgi?id=63757
935
936         Relanding as a Mac only patch.
937
938         This adds specialised thunks for Math.abs, Math.round, Math.ceil,
939         Math.floor, Math.log, and Math.exp as they are apparently more
940         important in real web content than we thought, which is somewhat
941         mind-boggling.  On average doubles the performance of the common
942         cases (eg. actually passing numbers in).  They're not as efficient
943         as they could be, but this way gives them the most portability.
944
945         * assembler/MacroAssemblerARM.h:
946         (JSC::MacroAssemblerARM::supportsDoubleBitops):
947         (JSC::MacroAssemblerARM::andnotDouble):
948         * assembler/MacroAssemblerARMv7.h:
949         (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
950         (JSC::MacroAssemblerARMv7::andnotDouble):
951         * assembler/MacroAssemblerMIPS.h:
952         (JSC::MacroAssemblerMIPS::andnotDouble):
953         (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
954         * assembler/MacroAssemblerSH4.h:
955         (JSC::MacroAssemblerSH4::supportsDoubleBitops):
956         (JSC::MacroAssemblerSH4::andnotDouble):
957         * assembler/MacroAssemblerX86.h:
958         (JSC::MacroAssemblerX86::supportsDoubleBitops):
959         * assembler/MacroAssemblerX86Common.h:
960         (JSC::MacroAssemblerX86Common::andnotDouble):
961         * assembler/MacroAssemblerX86_64.h:
962         (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
963         * assembler/X86Assembler.h:
964         (JSC::X86Assembler::andnpd_rr):
965         * create_hash_table:
966         * jit/SpecializedThunkJIT.h:
967         (JSC::SpecializedThunkJIT::finalize):
968         (JSC::SpecializedThunkJIT::callDoubleToDouble):
969         * jit/ThunkGenerators.cpp:
970         (JSC::floorThunkGenerator):
971         (JSC::ceilThunkGenerator):
972         (JSC::roundThunkGenerator):
973         (JSC::expThunkGenerator):
974         (JSC::logThunkGenerator):
975         (JSC::absThunkGenerator):
976         * jit/ThunkGenerators.h:
977
978 2011-07-01  David Kilzer  <ddkilzer@apple.com>
979
980         <http://webkit.org/b/63814> Fix clang build error in JITOpcodes32_64.cpp
981
982         Fixes the following build error in clang:
983
984             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:9-741:35}: error: operator '?:' has lower precedence than '+'; '+' will be evaluated first [-Werror,-Wparentheses,3]
985                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
986                      ~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
987             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36: note: place parentheses around the '+' expression to silence this warning [3]
988                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
989                                                 ^
990                      (                         )
991             fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:9-741:9}:"("
992             fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:35-741:35}:")"
993             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:28-741:94}: note: place parentheses around the '?:' expression to evaluate it first [3]
994                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
995                                         ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
996             1 error generated.
997
998         * jit/JITOpcodes32_64.cpp:
999         (JSC::JIT::emit_op_resolve_global): Add parenthesis to make the
1000         tertiary expression evaluate first.
1001
1002 2011-07-01  Sheriff Bot  <webkit.review.bot@gmail.com>
1003
1004         Unreviewed, rolling out r90177 and r90179.
1005         http://trac.webkit.org/changeset/90177
1006         http://trac.webkit.org/changeset/90179
1007         https://bugs.webkit.org/show_bug.cgi?id=63790
1008
1009         It caused crashes on Qt in debug mode (Requested by Ossy on
1010         #webkit).
1011
1012         * assembler/MacroAssemblerARM.h:
1013         (JSC::MacroAssemblerARM::rshift32):
1014         (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
1015         (JSC::MacroAssemblerARM::sqrtDouble):
1016         * assembler/MacroAssemblerARMv7.h:
1017         (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
1018         (JSC::MacroAssemblerARMv7::sqrtDouble):
1019         * assembler/MacroAssemblerMIPS.h:
1020         (JSC::MacroAssemblerMIPS::sqrtDouble):
1021         (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
1022         * assembler/MacroAssemblerSH4.h:
1023         (JSC::MacroAssemblerSH4::sqrtDouble):
1024         * assembler/MacroAssemblerX86.h:
1025         * assembler/MacroAssemblerX86Common.h:
1026         * assembler/MacroAssemblerX86_64.h:
1027         * assembler/X86Assembler.h:
1028         * create_hash_table:
1029         * jit/JSInterfaceJIT.h:
1030         (JSC::JSInterfaceJIT::emitLoadDouble):
1031         * jit/SpecializedThunkJIT.h:
1032         (JSC::SpecializedThunkJIT::finalize):
1033         * jit/ThunkGenerators.cpp:
1034         * jit/ThunkGenerators.h:
1035
1036 2011-06-30  Oliver Hunt  <oliver@apple.com>
1037
1038         Reviewed by Beth Dakin.
1039
1040         Make GC validation clear cell structure on destruction
1041         https://bugs.webkit.org/show_bug.cgi?id=63778
1042
1043         * runtime/JSCell.h:
1044         (JSC::JSCell::JSCell::~JSCell):
1045
1046 2011-06-30  Geoffrey Garen  <ggaren@apple.com>
1047
1048         Reviewed by Gavin Barraclough.
1049
1050         Added write barrier that was missing from put_by_id_transition
1051         https://bugs.webkit.org/show_bug.cgi?id=63775
1052
1053         * dfg/DFGJITCodeGenerator.cpp:
1054         (JSC::DFG::JITCodeGenerator::writeBarrier): Made this static with a
1055         MacroAssembler& argument so our patching functions could use it.
1056
1057         (JSC::DFG::JITCodeGenerator::cachedPutById):
1058         * dfg/DFGJITCodeGenerator.h:
1059         * dfg/DFGNonSpeculativeJIT.cpp:
1060         (JSC::DFG::NonSpeculativeJIT::compile): Updated for signature change.
1061
1062         * dfg/DFGRepatch.cpp:
1063         (JSC::DFG::tryCachePutByID): Missing barrier!
1064
1065         * dfg/DFGSpeculativeJIT.cpp:
1066         (JSC::DFG::SpeculativeJIT::compile): Updated for signature change.
1067
1068         * jit/JITPropertyAccess.cpp:
1069         (JSC::JIT::privateCompilePutByIdTransition):
1070         * jit/JITPropertyAccess32_64.cpp:
1071         (JSC::JIT::privateCompilePutByIdTransition):
1072         * jit/JSInterfaceJIT.h: Same game here. Removed storePtrWithWriteBarrier
1073         because its meaning isn't clear -- maybe in the future we'll have a
1074         clear way to pass all stores through a common function that guarantees
1075         a write barrier, but that's not the case right now.
1076
1077 2011-06-30  Filip Pizlo  <fpizlo@apple.com>
1078
1079         Reviewed by Gavin Barraclough.
1080
1081         DFG non-speculative JIT does not reuse registers when compiling comparisons.
1082         https://bugs.webkit.org/show_bug.cgi?id=63565
1083
1084         * dfg/DFGNonSpeculativeJIT.cpp:
1085         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1086         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1087         (JSC::DFG::NonSpeculativeJIT::compare):
1088
1089 2011-06-30  Geoffrey Garen  <ggaren@apple.com>
1090
1091         Reviewed by Gavin Barraclough.
1092
1093         Added empty write barrier stubs in all the right places in the DFG JIT
1094         https://bugs.webkit.org/show_bug.cgi?id=63764
1095         
1096         SunSpider thinks this might be a 0.5% speedup. Meh.
1097
1098         * dfg/DFGJITCodeGenerator.cpp:
1099         (JSC::DFG::JITCodeGenerator::writeBarrier): Le stub.
1100
1101         (JSC::DFG::JITCodeGenerator::cachedPutById): Don't do anything special
1102         for the case where base == scratch, since we now require base and scratch
1103         to be not equal, for the sake of the write barrier.
1104
1105         * dfg/DFGJITCodeGenerator.h: Le stub.
1106
1107         * dfg/DFGNonSpeculativeJIT.cpp:
1108         (JSC::DFG::NonSpeculativeJIT::compile): Don't reuse the base register
1109         as the scratch register, since that's incompatible with the write barrier,
1110         which needs a distinct base and scratch.
1111         
1112         Do put the global object into a register before loading its var storage,
1113         since it needs to be in a register for the write barrier to operate on it.
1114
1115         * dfg/DFGSpeculativeJIT.cpp:
1116         (JSC::DFG::SpeculativeJIT::compile):
1117         * jit/JITPropertyAccess.cpp:
1118         (JSC::JIT::emitWriteBarrier): Second verse, same as the first.
1119
1120         * jit/JITPropertyAccess.cpp:
1121         (JSC::JIT::emit_op_get_scoped_var):
1122         (JSC::JIT::emit_op_put_scoped_var):
1123         (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
1124         places.
1125
1126         (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
1127         is a little more than meaningless.
1128
1129         * jit/JITPropertyAccess32_64.cpp:
1130         (JSC::JIT::emit_op_get_scoped_var):
1131         (JSC::JIT::emit_op_put_scoped_var):
1132         (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
1133         places.
1134
1135         (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
1136         is a little more than meaningless.
1137
1138         * runtime/JSVariableObject.h:
1139         (JSC::JSVariableObject::offsetOfRegisters): Now used by the JIT, since
1140         we put the global object in a register and only then load its var storage
1141         by offset.
1142
1143         (JSC::JIT::emitWriteBarrier):
1144
1145 2011-06-30  Oliver Hunt  <oliver@apple.com>
1146
1147         Fix ARMv6 build
1148
1149         * assembler/MacroAssemblerARM.h:
1150         (JSC::MacroAssemblerARM::rshift32):
1151
1152 2011-06-30  Oliver Hunt  <oliver@apple.com>
1153
1154         Reviewed by Gavin Barraclough.
1155
1156         Add optimised paths for a few maths functions
1157         https://bugs.webkit.org/show_bug.cgi?id=63757
1158
1159         This adds specialised thunks for Math.abs, Math.round, Math.ceil,
1160         Math.floor, Math.log, and Math.exp as they are apparently more
1161         important in real web content than we thought, which is somewhat
1162         mind-boggling.  On average doubles the performance of the common
1163         cases (eg. actually passing numbers in).  They're not as efficient
1164         as they could be, but this way gives them the most portability.
1165
1166         * assembler/MacroAssemblerARM.h:
1167         (JSC::MacroAssemblerARM::supportsDoubleBitops):
1168         (JSC::MacroAssemblerARM::andnotDouble):
1169         * assembler/MacroAssemblerARMv7.h:
1170         (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
1171         (JSC::MacroAssemblerARMv7::andnotDouble):
1172         * assembler/MacroAssemblerMIPS.h:
1173         (JSC::MacroAssemblerMIPS::andnotDouble):
1174         (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
1175         * assembler/MacroAssemblerSH4.h:
1176         (JSC::MacroAssemblerSH4::supportsDoubleBitops):
1177         (JSC::MacroAssemblerSH4::andnotDouble):
1178         * assembler/MacroAssemblerX86.h:
1179         (JSC::MacroAssemblerX86::supportsDoubleBitops):
1180         * assembler/MacroAssemblerX86Common.h:
1181         (JSC::MacroAssemblerX86Common::andnotDouble):
1182         * assembler/MacroAssemblerX86_64.h:
1183         (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
1184         * assembler/X86Assembler.h:
1185         (JSC::X86Assembler::andnpd_rr):
1186         * create_hash_table:
1187         * jit/SpecializedThunkJIT.h:
1188         (JSC::SpecializedThunkJIT::finalize):
1189         (JSC::SpecializedThunkJIT::callDoubleToDouble):
1190         * jit/ThunkGenerators.cpp:
1191         (JSC::floorThunkGenerator):
1192         (JSC::ceilThunkGenerator):
1193         (JSC::roundThunkGenerator):
1194         (JSC::expThunkGenerator):
1195         (JSC::logThunkGenerator):
1196         (JSC::absThunkGenerator):
1197         * jit/ThunkGenerators.h:
1198
1199 2011-06-30  Cary Clark  <caryclark@google.com>
1200
1201         Reviewed by James Robinson.
1202
1203         Use Skia if Skia on Mac Chrome is enabled
1204         https://bugs.webkit.org/show_bug.cgi?id=62999
1205
1206         * wtf/Platform.h:
1207         Add switch to use Skia if, externally,
1208         Skia has been enabled by a gyp define.
1209
1210 2011-06-30  Juan C. Montemayor  <jmont@apple.com>
1211
1212         Reviewed by Geoffrey Garen.
1213
1214         Web Inspector fails to display source for eval with syntax error
1215         https://bugs.webkit.org/show_bug.cgi?id=63583
1216
1217         Web Inspector now displays a link to an eval statement that contains
1218         a syntax error.
1219
1220         * parser/Parser.h:
1221         (JSC::isEvalNode):
1222         (JSC::EvalNode):
1223         (JSC::Parser::parse):
1224
1225 2011-06-30  Filip Pizlo  <fpizlo@apple.com>
1226
1227         Reviewed by Gavin Barraclough.
1228
1229         X86Assembler does not encode byte registers in 64-bit mode correctly.
1230         https://bugs.webkit.org/show_bug.cgi?id=63665
1231
1232         * assembler/X86Assembler.h:
1233         (JSC::X86Assembler::testb_rr):
1234         (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
1235
1236 2011-06-30  Sheriff Bot  <webkit.review.bot@gmail.com>
1237
1238         Unreviewed, rolling out r90102.
1239         http://trac.webkit.org/changeset/90102
1240         https://bugs.webkit.org/show_bug.cgi?id=63714
1241
1242         Lots of tests asserting beneath
1243         SVGSMILElement::findInstanceTime (Requested by aroben on
1244         #webkit).
1245
1246         * wtf/StdLibExtras.h:
1247         (WTF::binarySearch):
1248
1249 2011-06-30  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
1250
1251         Reviewed by Nikolas Zimmermann.
1252
1253         Speed up SVGSMILElement::findInstanceTime.
1254         https://bugs.webkit.org/show_bug.cgi?id=61025
1255
1256         Add a new parameter to StdlibExtras.h::binarySerarch function
1257         to also handle cases when the array does not contain the key value.
1258         This is needed for an svg function.
1259
1260         * wtf/StdLibExtras.h:
1261         (WTF::binarySearch):
1262
1263 2011-06-29  Gavin Barraclough  <barraclough@apple.com>
1264
1265         Reviewed by Geoff Garen.
1266
1267         https://bugs.webkit.org/show_bug.cgi?id=63669
1268         DFG JIT - fix spectral-norm regression
1269
1270         The problem is a mis-speculation leading to us falling off the speculative path.
1271         Make the speculation logic slightly smarter, don't predict int if one of the
1272         operands is already loaded as a double (we use this logic already for compares).
1273
1274         * dfg/DFGSpeculativeJIT.cpp:
1275         (JSC::DFG::SpeculativeJIT::compile):
1276         * dfg/DFGSpeculativeJIT.h:
1277         (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
1278
1279 2011-06-29  Filip Pizlo  <fpizlo@apple.com>
1280
1281         Reviewed by Gavin Barraclough.
1282
1283         DFG JIT does not do put_by_id transition caching.
1284         https://bugs.webkit.org/show_bug.cgi?id=63662
1285
1286         * dfg/DFGJITCodeGenerator.cpp:
1287         (JSC::DFG::JITCodeGenerator::cachedPutById):
1288         * dfg/DFGJITCompiler.h:
1289         (JSC::DFG::JITCompiler::addPropertyAccess):
1290         * dfg/DFGRepatch.cpp:
1291         (JSC::DFG::testPrototype):
1292         (JSC::DFG::tryCachePutByID):
1293
1294 2011-06-29  Geoffrey Garen  <ggaren@apple.com>
1295
1296         Reviewed by Oliver Hunt.
1297
1298         Added a dummy write barrier emitting function in all the right places in the old JIT
1299         https://bugs.webkit.org/show_bug.cgi?id=63667
1300         
1301         SunSpider reports no change.
1302
1303         * jit/JIT.h:
1304         * jit/JITPropertyAccess.cpp:
1305         (JSC::JIT::emit_op_put_by_id):
1306         (JSC::JIT::emit_op_put_scoped_var): Do it.
1307
1308         (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
1309         for the sake of the write barrier.
1310
1311         (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
1312
1313         * jit/JITPropertyAccess32_64.cpp:
1314         (JSC::JIT::emit_op_put_by_val):
1315         (JSC::JIT::emit_op_put_by_id):
1316         (JSC::JIT::emit_op_put_scoped_var): Do it.
1317
1318         (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
1319         for the sake of the write barrier.
1320
1321         (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
1322
1323 2011-06-29  Filip Pizlo  <fpizlo@apple.com>
1324
1325         Reviewed by Gavin Barraclough.
1326
1327         DFG JIT does not perform get_by_id self list caching.
1328         https://bugs.webkit.org/show_bug.cgi?id=63605
1329
1330         * bytecode/StructureStubInfo.h:
1331         * dfg/DFGJITCompiler.cpp:
1332         (JSC::DFG::JITCompiler::compileFunction):
1333         * dfg/DFGOperations.cpp:
1334         * dfg/DFGOperations.h:
1335         * dfg/DFGRepatch.cpp:
1336         (JSC::DFG::tryCacheGetByID):
1337         (JSC::DFG::tryBuildGetByIDList):
1338         (JSC::DFG::dfgBuildGetByIDList):
1339         * dfg/DFGRepatch.h:
1340
1341 2011-06-28  Filip Pizlo  <fpizlo@apple.com>
1342
1343         Reviewed by Gavin Barraclough.
1344
1345         DFG JIT lacks array.length caching.
1346         https://bugs.webkit.org/show_bug.cgi?id=63505
1347
1348         * bytecode/StructureStubInfo.h:
1349         * dfg/DFGJITCodeGenerator.cpp:
1350         (JSC::DFG::JITCodeGenerator::cachedGetById):
1351         (JSC::DFG::JITCodeGenerator::cachedPutById):
1352         * dfg/DFGJITCodeGenerator.h:
1353         (JSC::DFG::JITCodeGenerator::tryAllocate):
1354         (JSC::DFG::JITCodeGenerator::selectScratchGPR):
1355         (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
1356         * dfg/DFGJITCompiler.cpp:
1357         (JSC::DFG::JITCompiler::compileFunction):
1358         * dfg/DFGJITCompiler.h:
1359         (JSC::DFG::JITCompiler::addPropertyAccess):
1360         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
1361         * dfg/DFGRegisterBank.h:
1362         (JSC::DFG::RegisterBank::tryAllocate):
1363         * dfg/DFGRepatch.cpp:
1364         (JSC::DFG::tryCacheGetByID):
1365
1366 2011-06-28  Pierre Rossi  <pierre.rossi@gmail.com>
1367
1368         Reviewed by Eric Seidel.
1369
1370         Warnings in JSC's JIT on 32 bit
1371         https://bugs.webkit.org/show_bug.cgi?id=63259
1372
1373         Fairly straightforward, just use ASSERT_JIT_OFFSET_UNUSED when it applies.
1374
1375         * jit/JITPropertyAccess32_64.cpp:
1376         (JSC::JIT::emit_op_method_check):
1377         (JSC::JIT::compileGetByIdHotPath):
1378         (JSC::JIT::emit_op_put_by_id):
1379
1380 2011-06-28  Sheriff Bot  <webkit.review.bot@gmail.com>
1381
1382         Unreviewed, rolling out r89968.
1383         http://trac.webkit.org/changeset/89968
1384         https://bugs.webkit.org/show_bug.cgi?id=63581
1385
1386         Broke chromium windows compile (Requested by jamesr on
1387         #webkit).
1388
1389         * wtf/Platform.h:
1390
1391 2011-06-28  Oliver Hunt  <oliver@apple.com>
1392
1393         Reviewed by Gavin Barraclough.
1394
1395         Fix sampling build
1396         https://bugs.webkit.org/show_bug.cgi?id=63579
1397
1398         Gets opcode sampling building again, doesn't seem to work alas
1399
1400         * bytecode/SamplingTool.cpp:
1401         (JSC::SamplingTool::notifyOfScope):
1402         * bytecode/SamplingTool.h:
1403         (JSC::SamplingTool::SamplingTool):
1404         * interpreter/Interpreter.cpp:
1405         (JSC::Interpreter::enableSampler):
1406         * runtime/Executable.h:
1407         (JSC::ScriptExecutable::ScriptExecutable):
1408
1409 2011-06-28  Cary Clark  <caryclark@google.com>
1410
1411         Reviewed by James Robinson.
1412
1413         Use Skia if Skia on Mac Chrome is enabled
1414         https://bugs.webkit.org/show_bug.cgi?id=62999
1415
1416         * wtf/Platform.h:
1417         Add switch to use Skia if, externally,
1418         Skia has been enabled by a gyp define.
1419
1420 2011-06-28  Oliver Hunt  <oliver@apple.com>
1421
1422         Reviewed by Gavin Barraclough.
1423
1424         ASSERT when launching debug builds with interpreter and jit enabled
1425         https://bugs.webkit.org/show_bug.cgi?id=63566
1426
1427         Add appropriate guards to the various Executable's memory reporting
1428         logic.
1429
1430         * runtime/Executable.cpp:
1431         (JSC::EvalExecutable::compileInternal):
1432         (JSC::ProgramExecutable::compileInternal):
1433         (JSC::FunctionExecutable::compileForCallInternal):
1434         (JSC::FunctionExecutable::compileForConstructInternal):
1435
1436 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1437
1438         Reviewed by Oliver Hunt.
1439
1440         https://bugs.webkit.org/show_bug.cgi?id=63563
1441         DFG JIT - add support for double arith to speculative path
1442
1443         Add integer support for div & mod, add double support for div, mod,
1444         add, sub & mul, dynamically selecting based on operand types.
1445
1446         * dfg/DFGJITCodeGenerator.cpp:
1447         (JSC::DFG::FPRTemporary::FPRTemporary):
1448         * dfg/DFGJITCodeGenerator.h:
1449         * dfg/DFGJITCompiler.h:
1450         (JSC::DFG::JITCompiler::assembler):
1451         * dfg/DFGSpeculativeJIT.cpp:
1452         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1453         (JSC::DFG::SpeculativeJIT::compile):
1454         * dfg/DFGSpeculativeJIT.h:
1455         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
1456         (JSC::DFG::SpeculateDoubleOperand::~SpeculateDoubleOperand):
1457         (JSC::DFG::SpeculateDoubleOperand::index):
1458         (JSC::DFG::SpeculateDoubleOperand::fpr):
1459
1460 2011-06-28  Oliver Hunt  <oliver@apple.com>
1461
1462         Fix interpreter build.
1463
1464         * interpreter/Interpreter.cpp:
1465         (JSC::Interpreter::privateExecute):
1466
1467 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1468
1469         Reviewed by Oliver Hunt.
1470
1471         https://bugs.webkit.org/show_bug.cgi?id=63561
1472         DFG JIT - don't always assume integer in relational compare
1473
1474         If neither operand is known integer, or either is in double representation,
1475         then at least use a function call (don't bail off the speculative path).
1476
1477         * dfg/DFGSpeculativeJIT.cpp:
1478         (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
1479         (JSC::DFG::SpeculativeJIT::compile):
1480         * dfg/DFGSpeculativeJIT.h:
1481         (JSC::DFG::SpeculativeJIT::isDataFormatDouble):
1482         (JSC::DFG::SpeculativeJIT::compareIsInteger):
1483
1484 2011-06-28  Oliver Hunt  <oliver@apple.com>
1485
1486         Reviewed by Gavin Barraclough.
1487
1488         Make constant array optimisation less strict about what constitutes a constant
1489         https://bugs.webkit.org/show_bug.cgi?id=63554
1490
1491         Now allow string constants in array literals to actually be considered constant,
1492         and so avoid codegen in array literals with strings in them.
1493
1494         * bytecode/CodeBlock.h:
1495         (JSC::CodeBlock::addConstantBuffer):
1496         (JSC::CodeBlock::constantBuffer):
1497         * bytecompiler/BytecodeGenerator.cpp:
1498         (JSC::BytecodeGenerator::addConstantBuffer):
1499         (JSC::BytecodeGenerator::addStringConstant):
1500         (JSC::BytecodeGenerator::emitNewArray):
1501         * bytecompiler/BytecodeGenerator.h:
1502         * interpreter/Interpreter.cpp:
1503         (JSC::Interpreter::privateExecute):
1504         * jit/JITStubs.cpp:
1505         (JSC::DEFINE_STUB_FUNCTION):
1506
1507 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1508
1509         Reviewed by Oliver Hunt.
1510
1511         https://bugs.webkit.org/show_bug.cgi?id=63560
1512         DFG_JIT allow allocation of specific machine registers
1513
1514         This allow us to allocate the registers necessary to perform x86
1515         idiv instructions for div/mod, and may be useful for shifts, too.
1516
1517         * dfg/DFGJITCodeGenerator.cpp:
1518         (JSC::DFG::GPRTemporary::GPRTemporary):
1519         * dfg/DFGJITCodeGenerator.h:
1520         (JSC::DFG::JITCodeGenerator::allocate):
1521         (JSC::DFG::GPRResult::GPRResult):
1522         * dfg/DFGRegisterBank.h:
1523         (JSC::DFG::RegisterBank::allocateSpecific):
1524         * dfg/DFGSpeculativeJIT.h:
1525         (JSC::DFG::SpeculativeJIT::isInteger):
1526
1527 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1528
1529         Reviewed by Oliver Hunt.
1530
1531         https://bugs.webkit.org/show_bug.cgi?id=55040
1532         RegExp constructor returns the argument regexp instead of a new object
1533
1534         Per 15.10.3.1, our current behaviour is correct if called as a function,
1535         but incorrect when called as a constructor.
1536
1537         * runtime/RegExpConstructor.cpp:
1538         (JSC::constructRegExp):
1539         (JSC::constructWithRegExpConstructor):
1540         * runtime/RegExpConstructor.h:
1541
1542 2011-06-28  Luke Macpherson   <macpherson@chromium.org>
1543
1544         Reviewed by Darin Adler.
1545
1546         Clean up integer clamping functions in MathExtras.h and support arbitrary numeric types and limits.
1547         https://bugs.webkit.org/show_bug.cgi?id=63469
1548
1549         * wtf/MathExtras.h:
1550         (defaultMinimumForClamp):
1551         Version of std::numeric_limits::min() that returns the largest negative value for floating point types.
1552         (defaultMaximumForClamp):
1553         Symmetric alias for std::numeric_limits::max()
1554         (clampTo):
1555         New templated clamping function that supports arbitrary output types.
1556         (clampToInteger):
1557         Use new clampTo template.
1558         (clampToFloat):
1559         Use new clampTo template.
1560         (clampToPositiveInteger):
1561         Use new clampTo template.
1562
1563 2011-06-28  Adam Roben  <aroben@apple.com>
1564
1565         Windows Debug build fix after r89885
1566
1567         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported
1568         JSGlobalData::releaseExecutableMemory for jsc.exe's benefit.
1569
1570 2011-06-28  Shinya Kawanaka  <shinyak@google.com>
1571
1572         Reviewed by Kent Tamura.
1573
1574         Add const to show() method in WTFString and AtomicString.
1575         https://bugs.webkit.org/show_bug.cgi?id=63515
1576
1577         The lack of const in show() method is painful when
1578         doing something like printf-debug.
1579
1580         * wtf/text/AtomicString.cpp:
1581         (WTF::AtomicString::show):
1582         * wtf/text/AtomicString.h:
1583         * wtf/text/WTFString.cpp:
1584         (String::show):
1585         * wtf/text/WTFString.h:
1586
1587 2011-06-27  Ryosuke Niwa  <rniwa@webkit.org>
1588
1589         Build fix attempt after r89885.
1590
1591         * JavaScriptCore.exp:
1592         * jsc.cpp:
1593
1594 2011-06-27  Oliver Hunt  <oliver@apple.com>
1595
1596         Reviewed by Geoffrey Garen.
1597
1598         Support throwing away non-running code even while other code is running
1599         https://bugs.webkit.org/show_bug.cgi?id=63485
1600
1601         Add a function to CodeBlock to support unlinking direct linked callsites,
1602         and then with that in place add logic to discard code from any function
1603         that is not currently on the stack.
1604
1605         The unlinking completely reverts any optimized call sites, such that they
1606         may be relinked again in future.
1607
1608         * JavaScriptCore.exp:
1609         * bytecode/CodeBlock.cpp:
1610         (JSC::CodeBlock::unlinkCalls):
1611         (JSC::CodeBlock::clearEvalCache):
1612         * bytecode/CodeBlock.h:
1613         (JSC::CallLinkInfo::CallLinkInfo):
1614         (JSC::CallLinkInfo::unlink):
1615         * bytecode/EvalCodeCache.h:
1616         (JSC::EvalCodeCache::clear):
1617         * heap/Heap.cpp:
1618         (JSC::Heap::getConservativeRegisterRoots):
1619         * heap/Heap.h:
1620         * jit/JIT.cpp:
1621         (JSC::JIT::privateCompile):
1622         * jit/JIT.h:
1623         * jit/JITCall.cpp:
1624         (JSC::JIT::compileOpCall):
1625         * jit/JITWriteBarrier.h:
1626         (JSC::JITWriteBarrierBase::clear):
1627         * jsc.cpp:
1628         (GlobalObject::GlobalObject):
1629         (functionReleaseExecutableMemory):
1630         * runtime/Executable.cpp:
1631         (JSC::EvalExecutable::unlinkCalls):
1632         (JSC::ProgramExecutable::unlinkCalls):
1633         (JSC::FunctionExecutable::discardCode):
1634         (JSC::FunctionExecutable::unlinkCalls):
1635         * runtime/Executable.h:
1636         * runtime/JSGlobalData.cpp:
1637         (JSC::SafeRecompiler::returnValue):
1638         (JSC::SafeRecompiler::operator()):
1639         (JSC::JSGlobalData::releaseExecutableMemory):
1640
1641 2011-06-27  Gavin Barraclough  <barraclough@apple.com>
1642
1643         Reviewed by Darin Adler & Oliver Hunt.
1644
1645         https://bugs.webkit.org/show_bug.cgi?id=50554
1646         RegExp.prototype.toString does not escape slashes
1647
1648         The problem here is that we don't escape forwards slashes when converting
1649         a RegExp to a string. This means that RegExp("/").toString() is "///",
1650         which is not a valid RegExp literal. Also, we return an invalid literal
1651         for RegExp.prototype.toString() ("//", which is an empty single-line comment).
1652
1653         From ES5:
1654         "NOTE: The returned String has the form of a RegularExpressionLiteral that
1655         evaluates to another RegExp object with the same behaviour as this object."
1656
1657         * runtime/RegExpObject.cpp:
1658         (JSC::regExpObjectSource):
1659             - Escape forward slashes when getting the source of a RegExp.
1660         * runtime/RegExpPrototype.cpp:
1661         (JSC::regExpProtoFuncToString):
1662             - Remove unnecessary and erroneous hack to return "//" as the string
1663             representation of RegExp.prototype. This is not a valid RegExp literal
1664             (it is an empty single-line comment).
1665
1666 2011-06-27  Gavin Barraclough  <barraclough@apple.com>
1667
1668         Reviewed by Oliver Hunt.
1669
1670         https://bugs.webkit.org/show_bug.cgi?id=63497
1671         Add DEBUG_WITH_BREAKPOINT support to the DFG JIT.
1672
1673         * dfg/DFGByteCodeParser.cpp:
1674         (JSC::DFG::ByteCodeParser::parseBlock):
1675         * dfg/DFGNode.h:
1676         * dfg/DFGNonSpeculativeJIT.cpp:
1677         (JSC::DFG::NonSpeculativeJIT::compile):
1678         * dfg/DFGSpeculativeJIT.cpp:
1679         (JSC::DFG::SpeculativeJIT::compile):
1680
1681 2011-06-27  Juan C. Montemayor  <jmont@apple.com>
1682
1683         Reviewed by Mark Rowe.
1684
1685         Indirectly including TextPosition.h and XPathGrammar.h causes compile errors
1686         https://bugs.webkit.org/show_bug.cgi?id=63392
1687         
1688         When both TextPosition.h and XPathGrammar.h are included a compile-error
1689         is caused, since XPathGrammar.h defines a macro called NUMBER and 
1690         TextPosition has a typedef named NUMBER.
1691
1692         * wtf/text/TextPosition.h:
1693         (WTF::TextPosition::TextPosition):
1694         (WTF::TextPosition::minimumPosition):
1695         (WTF::TextPosition::belowRangePosition):
1696
1697 2011-06-27  Filip Pizlo  <fpizlo@apple.com>
1698
1699         Reviewed by Gavin Barraclough.
1700
1701         DFG JIT does not perform put_by_id caching.
1702         https://bugs.webkit.org/show_bug.cgi?id=63409
1703
1704         * bytecode/StructureStubInfo.h:
1705         * dfg/DFGJITCodeGenerator.cpp:
1706         (JSC::DFG::JITCodeGenerator::cachedPutById):
1707         * dfg/DFGJITCodeGenerator.h:
1708         * dfg/DFGJITCompiler.cpp:
1709         (JSC::DFG::JITCompiler::compileFunction):
1710         * dfg/DFGJITCompiler.h:
1711         (JSC::DFG::JITCompiler::addPropertyAccess):
1712         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
1713         * dfg/DFGNonSpeculativeJIT.cpp:
1714         (JSC::DFG::NonSpeculativeJIT::compile):
1715         * dfg/DFGOperations.cpp:
1716         * dfg/DFGOperations.h:
1717         * dfg/DFGRepatch.cpp:
1718         (JSC::DFG::dfgRepatchByIdSelfAccess):
1719         (JSC::DFG::tryCacheGetByID):
1720         (JSC::DFG::appropriatePutByIdFunction):
1721         (JSC::DFG::tryCachePutByID):
1722         (JSC::DFG::dfgRepatchPutByID):
1723         * dfg/DFGRepatch.h:
1724         * dfg/DFGSpeculativeJIT.cpp:
1725         (JSC::DFG::SpeculativeJIT::compile):
1726
1727 2011-06-27  Gustavo Noronha Silva  <gns@gnome.org>
1728
1729         Unreviewed build fix. One more filed missing during distcheck, for
1730         the MIPS build.
1731
1732         * GNUmakefile.list.am:
1733
1734 2011-06-26  Filip Pizlo  <fpizlo@apple.com>
1735
1736         Reviewed by Gavin Barraclough.
1737
1738         DFG non-speculative JIT has potentially harmful speculations with respect to arithmetic operations.
1739         https://bugs.webkit.org/show_bug.cgi?id=63347
1740
1741         * dfg/DFGNonSpeculativeJIT.cpp:
1742             - Changed arithmetic operations to speculate in favor of integers.
1743         (JSC::DFG::NonSpeculativeJIT::valueToNumber):
1744         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1745         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1746         (JSC::DFG::NonSpeculativeJIT::compile):
1747         * dfg/DFGNonSpeculativeJIT.h:
1748         * dfg/DFGOperations.cpp:
1749             - Added slow-path routines for arithmetic that perform no speculation; the
1750               non-speculative JIT will generate calls to these in cases where its
1751               speculation fails.
1752         * dfg/DFGOperations.h:
1753
1754 2011-06-24  Nikolas Zimmermann  <nzimmermann@rim.com>
1755
1756         Reviewed by Rob Buis.
1757
1758         Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
1759         https://bugs.webkit.org/show_bug.cgi?id=59085
1760
1761         * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
1762
1763 2011-06-24  Michael Saboff  <msaboff@apple.com>
1764
1765         Reviewed by Gavin Barraclough.
1766
1767         Arm Assembler, Immediate stack offset values truncated to 8 bits for add & sub
1768         https://bugs.webkit.org/show_bug.cgi?id=63345
1769
1770         The methods ARMThumbImmediate::getUInt9 and ARMThumbImmediate::getUInt10
1771         return 9 and 10 bit quantities, therefore changed their return type from
1772         uint8_t to uint16_t.  Also casted the places where they are used as they
1773         are currently shifted and used as 7 or 8 bit values.
1774
1775         These methods are currently used for literals for stack offsets, 
1776         including creating and destroying stack frames.  The prior truncation of
1777         the upper bits caused stack frames to be too small, thus allowing a
1778         JIT'ed function to access and overwrite stack space outside of the
1779         incorrectly sized stack frame.
1780
1781         * assembler/ARMv7Assembler.h:
1782         (JSC::ARMThumbImmediate::getUInt9):
1783         (JSC::ARMThumbImmediate::getUInt10):
1784         (JSC::ARMv7Assembler::add):
1785         (JSC::ARMv7Assembler::ldr):
1786         (JSC::ARMv7Assembler::str):
1787         (JSC::ARMv7Assembler::sub):
1788         (JSC::ARMv7Assembler::sub_S):
1789
1790 2011-06-24  Michael Saboff  <msaboff@apple.com>
1791
1792         Reviewed by Geoffrey Garen.
1793
1794         releaseFastMallocFreeMemory doesn't adjust free counts for scavenger
1795         https://bugs.webkit.org/show_bug.cgi?id=63015
1796
1797         Added code to adjust class TCMalloc_PageHeap variables free_committed_pages_ and
1798         min_free_committed_pages_since_last_scavenge_ in ReleaseFreeList().  These 
1799         adjustments are a bug.  These need to reflect the pages that are released
1800         in ReleaseFreeLsit so that scavenge doesn't try to free that many pages as well.
1801         Made ReleaseFreeList a member of TCMalloc_PageHeap in the process.  Updated
1802         Check() and helper method CheckList() to check the number of actual free pages
1803         with free_committed_pages_.
1804
1805         The symptom of the problem of the existing code is that the scavenger may
1806         run unneccesarily without any real work to do, i.e. pages on the free lists.
1807         The scanvenger would also end up freeing too many pages, that is going below 
1808         the current 528 target free pages.
1809
1810         Note that the style of the changes was kept consistent with the
1811         existing style.
1812
1813         * wtf/FastMalloc.cpp:
1814         (WTF::TCMalloc_PageHeap::Check):
1815         (WTF::TCMalloc_PageHeap::CheckList):
1816         (WTF::TCMalloc_PageHeap::ReleaseFreeList):
1817
1818 2011-06-24  Abhishek Arya  <inferno@chromium.org>
1819
1820         Reviewed by Darin Adler.
1821
1822         Match other clampTo* functions in style with clampToInteger(float)
1823         function.
1824         https://bugs.webkit.org/show_bug.cgi?id=53449
1825
1826         * wtf/MathExtras.h:
1827         (clampToInteger):
1828         (clampToFloat):
1829         (clampToPositiveInteger):
1830
1831 2011-06-24  Sheriff Bot  <webkit.review.bot@gmail.com>
1832
1833         Unreviewed, rolling out r89594.
1834         http://trac.webkit.org/changeset/89594
1835         https://bugs.webkit.org/show_bug.cgi?id=63316
1836
1837         It broke 5 tests on the Qt bot (Requested by Ossy_DC on
1838         #webkit).
1839
1840         * GNUmakefile.list.am:
1841         * JavaScriptCore.gypi:
1842         * icu/unicode/uscript.h: Removed.
1843         * wtf/unicode/ScriptCodesFromICU.h: Removed.
1844         * wtf/unicode/brew/UnicodeBrew.h:
1845         * wtf/unicode/glib/UnicodeGLib.h:
1846         * wtf/unicode/icu/UnicodeIcu.h:
1847         * wtf/unicode/qt4/UnicodeQt4.h:
1848         * wtf/unicode/wince/UnicodeWinCE.h:
1849
1850 2011-06-23  Filip Pizlo  <fpizlo@apple.com>
1851
1852         Reviewed by Gavin Barraclough.
1853
1854         DFG non-speculative JIT should have obvious optimizations for GetById and GetByVal
1855         https://bugs.webkit.org/show_bug.cgi?id=63173
1856
1857         * dfg/DFGJITCodeGenerator.cpp:
1858         (JSC::DFG::JITCodeGenerator::cachedGetById):
1859         * dfg/DFGJITCodeGenerator.h:
1860         * dfg/DFGNonSpeculativeJIT.cpp:
1861         (JSC::DFG::NonSpeculativeJIT::compile):
1862         * dfg/DFGSpeculativeJIT.cpp:
1863         (JSC::DFG::SpeculativeJIT::compile):
1864
1865 2011-06-23  Oliver Hunt  <oliver@apple.com>
1866
1867         Fix Qt again.
1868
1869         * assembler/ARMAssembler.h:
1870         (JSC::ARMAssembler::readPointer):
1871
1872 2011-06-23  Oliver Hunt  <oliver@apple.com>
1873
1874         Fix Qt Build
1875
1876         * assembler/ARMAssembler.h:
1877         (JSC::ARMAssembler::readPointer):
1878
1879 2011-06-23  Stephanie Lewis  <slewis@apple.com>
1880
1881         Reviewed by Darin Adler.
1882
1883         https://bugs.webkit.org/show_bug.cgi?id=63298
1884         Replace Malloc with FastMalloc to match the rest of wtf.
1885
1886         * wtf/BlockStack.h:
1887         (WTF::::~BlockStack):
1888         (WTF::::grow):
1889         (WTF::::shrink):
1890
1891 2011-06-23  Oliver Hunt  <oliver@apple.com>
1892
1893         Reviewed by Gavin Barraclough.
1894
1895         Add the ability to dynamically modify linked call sites
1896         https://bugs.webkit.org/show_bug.cgi?id=63291
1897
1898         Add JITWriteBarrier as a writebarrier class that allows
1899         reading and writing directly into the code stream.
1900
1901         This required adding logic to all the assemblers to allow
1902         us to read values back out of the instruction stream.
1903
1904         * JavaScriptCore.xcodeproj/project.pbxproj:
1905         * assembler/ARMAssembler.h:
1906         (JSC::ARMAssembler::readPointer):
1907         * assembler/ARMv7Assembler.h:
1908         (JSC::ARMv7Assembler::readPointer):
1909         (JSC::ARMv7Assembler::readInt32):
1910         (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmFirst):
1911         (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmSecond):
1912         * assembler/AbstractMacroAssembler.h:
1913         (JSC::AbstractMacroAssembler::readPointer):
1914         * assembler/MIPSAssembler.h:
1915         (JSC::MIPSAssembler::readInt32):
1916         (JSC::MIPSAssembler::readPointer):
1917         * assembler/MacroAssemblerCodeRef.h:
1918         (JSC::MacroAssemblerCodePtr::operator!):
1919         * assembler/SH4Assembler.h:
1920         (JSC::SH4Assembler::readPCrelativeAddress):
1921         (JSC::SH4Assembler::readPointer):
1922         (JSC::SH4Assembler::readInt32):
1923         * assembler/X86Assembler.h:
1924         (JSC::X86Assembler::readPointer):
1925         * bytecode/CodeBlock.cpp:
1926         (JSC::CodeBlock::visitAggregate):
1927         * bytecode/CodeBlock.h:
1928         (JSC::MethodCallLinkInfo::seenOnce):
1929         (JSC::MethodCallLinkInfo::setSeen):
1930         * heap/MarkStack.h:
1931         * jit/JIT.cpp:
1932         (JSC::JIT::privateCompile):
1933         (JSC::JIT::linkCall):
1934         (JSC::JIT::linkConstruct):
1935         * jit/JITPropertyAccess.cpp:
1936         (JSC::JIT::patchMethodCallProto):
1937         * jit/JITPropertyAccess32_64.cpp:
1938         * jit/JITWriteBarrier.h: Added.
1939         (JSC::JITWriteBarrierBase::operator UnspecifiedBoolType*):
1940         (JSC::JITWriteBarrierBase::operator!):
1941         (JSC::JITWriteBarrierBase::setFlagOnBarrier):
1942         (JSC::JITWriteBarrierBase::isFlagged):
1943         (JSC::JITWriteBarrierBase::setLocation):
1944         (JSC::JITWriteBarrierBase::location):
1945         (JSC::JITWriteBarrierBase::JITWriteBarrierBase):
1946         (JSC::JITWriteBarrierBase::set):
1947         (JSC::JITWriteBarrierBase::get):
1948         (JSC::JITWriteBarrier::JITWriteBarrier):
1949         (JSC::JITWriteBarrier::set):
1950         (JSC::JITWriteBarrier::get):
1951         (JSC::MarkStack::append):
1952
1953 2011-06-23  Gavin Barraclough  <barraclough@apple.com>
1954
1955         Reviewed by Oliver Hunt.
1956
1957         https://bugs.webkit.org/show_bug.cgi?id=61585
1958         Crash running regexp /(?:(?=g))|(?:m).{2147483648,}/
1959
1960         This is due to use of int instead of unsigned, bad math around
1961         the 2^31 boundary.
1962
1963         * yarr/YarrInterpreter.cpp:
1964         (JSC::Yarr::ByteCompiler::emitDisjunction):
1965             - Change some uses of int to unsigned, refactor compare logic to
1966               restrict to the range 0..2^32-1 (rather than -2^32-1..2^32-1).
1967         * yarr/YarrJIT.cpp:
1968         (JSC::Yarr::YarrGenerator::generate):
1969         (JSC::Yarr::YarrGenerator::backtrack):
1970             - Ditto.
1971
1972 2011-06-22  Gavin Barraclough  <barraclough@apple.com>
1973
1974         Reviewed by Sam Weinig.
1975
1976         https://bugs.webkit.org/show_bug.cgi?id=63218
1977         DFG JIT - remove machine type guarantees from graph
1978
1979         The DFG JIT currently makes assumptions about the types of machine registers
1980         that certain nodes will be loaded into. This will be broken as we generate
1981         nodes to produce both integer and double code paths. Remove int<->double
1982         conversions nodes. This design decision also gave rise to multiple types of
1983         constant nodes, requiring separate handling for each type. Merge these back
1984         into JSConstant.
1985
1986         * dfg/DFGAliasTracker.h:
1987         (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
1988         * dfg/DFGByteCodeParser.cpp:
1989         (JSC::DFG::ByteCodeParser::getToInt32):
1990         (JSC::DFG::ByteCodeParser::getToNumber):
1991         (JSC::DFG::ByteCodeParser::toInt32):
1992         (JSC::DFG::ByteCodeParser::toNumber):
1993         (JSC::DFG::ByteCodeParser::isInt32Constant):
1994         (JSC::DFG::ByteCodeParser::isDoubleConstant):
1995         (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
1996         (JSC::DFG::ByteCodeParser::valueOfDoubleConstant):
1997         (JSC::DFG::ByteCodeParser::one):
1998         (JSC::DFG::ByteCodeParser::predictInt32):
1999         * dfg/DFGGraph.cpp:
2000         (JSC::DFG::Graph::dump):
2001         * dfg/DFGJITCodeGenerator.h:
2002         (JSC::DFG::JITCodeGenerator::silentFillGPR):
2003         (JSC::DFG::JITCodeGenerator::silentFillFPR):
2004         (JSC::DFG::JITCodeGenerator::isJSConstant):
2005         (JSC::DFG::JITCodeGenerator::isDoubleConstant):
2006         (JSC::DFG::JITCodeGenerator::valueOfJSConstantAsImmPtr):
2007         * dfg/DFGJITCompiler.cpp:
2008         (JSC::DFG::JITCompiler::fillNumericToDouble):
2009         (JSC::DFG::JITCompiler::fillInt32ToInteger):
2010         * dfg/DFGJITCompiler.h:
2011         (JSC::DFG::JITCompiler::isJSConstant):
2012         (JSC::DFG::JITCompiler::isInt32Constant):
2013         (JSC::DFG::JITCompiler::isDoubleConstant):
2014         (JSC::DFG::JITCompiler::valueOfJSConstant):
2015         (JSC::DFG::JITCompiler::valueOfInt32Constant):
2016         (JSC::DFG::JITCompiler::valueOfDoubleConstant):
2017         * dfg/DFGNode.h:
2018         (JSC::DFG::Node::Node):
2019         (JSC::DFG::Node::isConstant):
2020         (JSC::DFG::Node::notTakenBytecodeOffset):
2021         * dfg/DFGNonSpeculativeJIT.cpp:
2022         (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
2023         (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
2024         (JSC::DFG::NonSpeculativeJIT::compile):
2025         * dfg/DFGSpeculativeJIT.cpp:
2026         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
2027         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2028         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
2029         (JSC::DFG::SpeculativeJIT::compile):
2030
2031 2011-06-23  Jungshik Shin  <jshin@chromium.org>
2032
2033         Reviewed by Alexey Proskuryakov.
2034
2035         Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
2036         build files for ports not using ICU.
2037         Add icu/unicode/uscript.h for ports using ICU. It's taken from 
2038         ICU 3.6 (the version used on Mac OS 10.5)
2039
2040         http://bugs.webkit.org/show_bug.cgi?id=20797
2041
2042         * GNUmakefile.list.am:
2043         * JavaScriptCore.gypi:
2044         * icu/unicode/uscript.h: Added for UScriptCode enum.
2045         * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
2046         * wtf/unicode/icu/UnicodeIcu.h:
2047         * wtf/unicode/brew/UnicodeBrew.h:
2048         * wtf/unicode/glib/UnicodeGLib.h:
2049         * wtf/unicode/qt4/UnicodeQt4.h:
2050         * wtf/unicode/wince/UnicodeWinCE.h:
2051
2052 2011-06-23  Ryuan Choi  <ryuan.choi@samsung.com>
2053
2054         Reviewed by Andreas Kling.
2055
2056         [EFL][WK2] Add PLATFORM(EFL) to use UNIX_DOMAIN_SOCKETS.
2057         https://bugs.webkit.org/show_bug.cgi?id=63228
2058
2059         * wtf/Platform.h: Add PLATFORM(EFL) guard.
2060
2061 2011-06-23  Sheriff Bot  <webkit.review.bot@gmail.com>
2062
2063         Unreviewed, rolling out r89547.
2064         http://trac.webkit.org/changeset/89547
2065         https://bugs.webkit.org/show_bug.cgi?id=63252
2066
2067         "Chrmium crash on start" (Requested by yurys on #webkit).
2068
2069         * wtf/DynamicAnnotations.cpp:
2070         (WTFAnnotateBenignRaceSized):
2071         (WTFAnnotateHappensBefore):
2072         (WTFAnnotateHappensAfter):
2073         * wtf/DynamicAnnotations.h:
2074
2075 2011-06-23  Timur Iskhodzhanov  <timurrrr@google.com>
2076
2077         Reviewed by David Levin.
2078
2079         Make dynamic annotations weak symbols and prevent identical code folding by the linker
2080         https://bugs.webkit.org/show_bug.cgi?id=62443
2081
2082         * wtf/DynamicAnnotations.cpp:
2083         (WTFAnnotateBenignRaceSized):
2084         (WTFAnnotateHappensBefore):
2085         (WTFAnnotateHappensAfter):
2086         * wtf/DynamicAnnotations.h:
2087
2088 2011-06-22  Yael Aharon  <yael.aharon@nokia.com>
2089
2090         Reviewed by Andreas Kling.
2091
2092         [Qt] Add a build flag for building with libxml2 and libxslt.
2093         https://bugs.webkit.org/show_bug.cgi?id=63113
2094
2095         * wtf/Platform.h:
2096
2097 2011-06-22  Sheriff Bot  <webkit.review.bot@gmail.com>
2098
2099         Unreviewed, rolling out r89489.
2100         http://trac.webkit.org/changeset/89489
2101         https://bugs.webkit.org/show_bug.cgi?id=63203
2102
2103         Broke chromium mac build on build.webkit.org (Requested by
2104         abarth on #webkit).
2105
2106         * wtf/Platform.h:
2107
2108 2011-06-22  Cary Clark  <caryclark@google.com>
2109
2110         Reviewed by Darin Fisher.
2111
2112         Use Skia if Skia on Mac Chrome is enabled
2113         https://bugs.webkit.org/show_bug.cgi?id=62999
2114
2115         * wtf/Platform.h:
2116         Add switch to use Skia if, externally,
2117         Skia has been enabled by a gyp define.
2118
2119 2011-06-22  Geoffrey Garen  <ggaren@apple.com>
2120
2121         Reviewed by Oliver Hunt.
2122
2123         * interpreter/RegisterFile.h: Removed unnecessary #include <stdio.h>.
2124
2125 2011-06-22  Geoffrey Garen  <ggaren@apple.com>
2126
2127         Reviewed by Oliver Hunt.
2128
2129         Removed the conceit that global variables are local variables when running global code
2130         https://bugs.webkit.org/show_bug.cgi?id=63106
2131         
2132         This is required for write barrier correctness.
2133         
2134         SunSpider reports about a 0.5% regression, mostly from bitops-bitwise-and.js.
2135         I was able to reduce the regression with a tiny peephole optimization in
2136         the bytecompiler, but not eliminate it. I'm committing this assuming
2137         that turning on generational GC will win back at least 0.5%.
2138
2139         (FWIW, the DFG JIT can easily eliminate any regression by sharing loads of
2140         the global object's var storage. I considered doing the same kind of
2141         optimization in the existing JIT, but it seemed like moving in the wrong
2142         direction.)
2143
2144         * bytecompiler/BytecodeGenerator.cpp:
2145         (JSC::BytecodeGenerator::addGlobalVar):
2146         (JSC::BytecodeGenerator::BytecodeGenerator): Don't give global variables
2147         negative indices, since they're no longer negatively offset from the
2148         current stack frame.
2149         
2150         Do give global variables monotonically increasing positive indices, since
2151         that's much easier to work with.
2152         
2153         Don't limit the number of optimizable global variables, since it's no
2154         longer limited by the register file, since they're no longer stored in
2155         the register file.
2156
2157         (JSC::BytecodeGenerator::registerFor): Global code never has any local
2158         registers because a var in global code is actually a property of the
2159         global object.
2160
2161         (JSC::BytecodeGenerator::constRegisterFor): Ditto.
2162
2163         (JSC::BytecodeGenerator::emitResolve): Did a tiny bit of constant
2164         propagation and dead code elimination to speed up our compiles and
2165         reduce WTFs / minute.
2166
2167         * bytecompiler/BytecodeGenerator.h:
2168         (JSC::BytecodeGenerator::registerFor): Removed special handling of globals.
2169
2170         (JSC::BytecodeGenerator::shouldOptimizeLocals): Don't optimize locals in
2171         global code, since there are none.
2172
2173         (JSC::BytecodeGenerator::canOptimizeNonLocals): Do optimize non-locals
2174         in global code (i.e., global vars), since there are some.
2175
2176         * interpreter/Interpreter.cpp:
2177         (JSC::Interpreter::callEval):
2178         (JSC::Interpreter::Interpreter):
2179         (JSC::Interpreter::dumpRegisters):
2180         (JSC::Interpreter::execute):
2181         * interpreter/Interpreter.h: Updated for deleted / renamed code.
2182
2183         * interpreter/RegisterFile.cpp:
2184         (JSC::RegisterFile::gatherConservativeRoots):
2185         (JSC::RegisterFile::releaseExcessCapacity): Updated for deleted / renamed
2186         data members.
2187
2188         * interpreter/RegisterFile.h:
2189         (JSC::RegisterFile::begin):
2190         (JSC::RegisterFile::size):
2191         (JSC::RegisterFile::RegisterFile):
2192         (JSC::RegisterFile::shrink): Removed all code and comments dealing with
2193         global variables stored in the register file.
2194
2195         (JSC::RegisterFile::grow): Updated for same.
2196         
2197         Also, a slight correctness fix: Test the VM commit end, and not just the
2198         in-use end, when checking for stack overflow. In theory, it's invalid to
2199         commit past the end of your allocation, even if you never touch that
2200         memory. This makes the usable size of the stack slightly smaller. No test
2201         because we don't know of any case in practice where this crashes.
2202
2203         * runtime/JSGlobalData.cpp:
2204         (JSC::JSGlobalData::JSGlobalData): Updated for changes above.
2205
2206         * runtime/JSGlobalObject.cpp:
2207         (JSC::JSGlobalObject::resizeRegisters):
2208         (JSC::JSGlobalObject::addStaticGlobals):
2209         * runtime/JSGlobalObject.h: Simplified globals to have monotonically 
2210         increasing indexes, always located in our external storage.
2211
2212 2011-06-21  MORITA Hajime  <morrita@google.com>
2213
2214         Unreviewed, rolling out r89401 and r89403.
2215         http://trac.webkit.org/changeset/89401
2216         http://trac.webkit.org/changeset/89403
2217         https://bugs.webkit.org/show_bug.cgi?id=62970
2218
2219         Breaks mac build and mistakenly enables the spellcheck API
2220
2221         * Configurations/FeatureDefines.xcconfig:
2222         * JavaScriptCore.xcodeproj/project.pbxproj:
2223
2224 2011-06-21  Kent Tamura  <tkent@chromium.org>
2225
2226         [Mac] Sort Xcode project files.
2227
2228         * JavaScriptCore.xcodeproj/project.pbxproj:
2229
2230 2011-06-20  MORITA Hajime  <morrita@google.com>
2231
2232         Reviewed by Kent Tamura.
2233
2234         Spellcheck API should be build-able.
2235         https://bugs.webkit.org/show_bug.cgi?id=62970
2236
2237         No new tests, changing only build related files
2238         
2239         * Configurations/FeatureDefines.xcconfig:
2240
2241 2011-06-21  Geoffrey Garen  <ggaren@apple.com>
2242
2243         Reviewed by Oliver Hunt.
2244
2245         Moved 'const' off the global-variable-as-local-variable crack pipe
2246         https://bugs.webkit.org/show_bug.cgi?id=63105
2247         
2248         This is necessary for moving the rest of the code off of same.
2249         
2250         Many problems remain in our handling of const. I have fixed none of them.
2251
2252         * bytecompiler/BytecodeGenerator.h:
2253         (JSC::BytecodeGenerator::scopeChain): New accessor, needed to enable
2254         const to directly implement its unique scoping rules.
2255
2256         * bytecompiler/NodesCodegen.cpp:
2257         (JSC::PrefixResolveNode::emitBytecode): Do specify that our resolve is
2258         for writing, so we don't overwrite const variables.
2259
2260         (JSC::ConstDeclNode::emitCodeSingle): Don't assume that all declared const
2261         variables are available as local variables, since this won't be the case
2262         once global variables are not available as local variables. Instead, use
2263         put_scoped_var in the case where there is no local variable. Like a local
2264         variable, put_scoped_var succeeds even though const properties are
2265         read-only, since put_scoped_var skips read-only checks. (Yay?)
2266
2267 2011-06-21  Oliver Hunt  <oliver@apple.com>
2268
2269         Reviewed by Alexey Proskuryakov.
2270
2271         REGRESSION(r89257): It broke 2 jscore tests (Requested by Ossy_away on #webkit).
2272         https://bugs.webkit.org/show_bug.cgi?id=63052
2273
2274         Release mode only failure, the stack overflow guards were getting there error
2275         handling inlined, so that they were essentially causing their own demise.
2276
2277         * parser/JSParser.cpp:
2278         (JSC::JSParser::updateErrorMessage):
2279         (JSC::JSParser::updateErrorWithNameAndMessage):
2280
2281 2011-06-20  Kenneth Russell  <kbr@google.com>
2282
2283         Unreviewed.
2284
2285         Rolled out r89233 and r89235 because of crashes in http/tests/misc/acid3.html on Snow Leopard and other platforms
2286         https://bugs.webkit.org/show_bug.cgi?id=63022
2287
2288         * wtf/Platform.h:
2289
2290 2011-06-18  Anders Carlsson  <andersca@apple.com>
2291
2292         Reviewed by Darin Adler.
2293
2294         Disallow assigning into PassOwnArrayPtr, PassOwnPtr and PassRefPtr
2295         https://bugs.webkit.org/show_bug.cgi?id=62940
2296
2297         Remove clear() and all assignment operators except one which now has a COMPILE_ASSERT.
2298
2299         * wtf/PassOwnArrayPtr.h:
2300         (WTF::PassOwnArrayPtr::operator=):
2301         * wtf/PassOwnPtr.h:
2302         (WTF::PassOwnPtr::operator=):
2303         * wtf/PassRefPtr.h:
2304         (WTF::PassRefPtr::operator=):
2305         (WTF::NonNullPassRefPtr::operator=):
2306
2307 2011-06-20  Oliver Hunt  <oliver@apple.com>
2308
2309         Reviewed by Darin Adler.
2310
2311         REGRESSION (r79060): Searching for a flight at united.com fails
2312         https://bugs.webkit.org/show_bug.cgi?id=63003
2313
2314         This original change also broke Twitter, and we attempted to refine the fix to 
2315         address that problem (http://trac.webkit.org/changeset/80542), but since it still breaks United,
2316         we need to revert the change until we understand the problem better.
2317
2318         * wtf/DateMath.cpp:
2319         (WTF::parseDateFromNullTerminatedCharacters):
2320
2321 2011-06-20  Juan C. Montemayor  <jmont@apple.com>
2322
2323         Reviewed by Oliver Hunt.
2324
2325         No context for javascript parse errors.
2326         https://bugs.webkit.org/show_bug.cgi?id=62613
2327         
2328         Parse errors now show more details like:
2329         "Unexpected token: ]"
2330         or
2331         "Expected token: while"
2332         
2333         For reserved names, numbers, indentifiers, strings, lexer errors, 
2334         and EOFs, the following error messages are printed:
2335         
2336         "Use of reserved word: super"
2337         "Unexpected number: 42"
2338         "Unexpected identifier: "
2339         "Unexpected string: "foobar""
2340         "Invalid token character sequence: \u4023"
2341         "Unexpected EOF"
2342
2343         * parser/JSParser.cpp:
2344         (JSC::JSParser::consume):
2345         (JSC::JSParser::getToken):
2346         (JSC::JSParser::getTokenName):
2347         (JSC::JSParser::updateErrorMessageSpecialCase):
2348         (JSC::JSParser::updateErrorMessage):
2349         (JSC::JSParser::updateErrorWithNameAndMessage):
2350         (JSC::jsParse):
2351         (JSC::JSParser::JSParser):
2352         (JSC::JSParser::parseProgram):
2353         (JSC::JSParser::parseVarDeclarationList):
2354         (JSC::JSParser::parseForStatement):
2355         (JSC::JSParser::parseBreakStatement):
2356         (JSC::JSParser::parseContinueStatement):
2357         (JSC::JSParser::parseWithStatement):
2358         (JSC::JSParser::parseTryStatement):
2359         (JSC::JSParser::parseStatement):
2360         (JSC::JSParser::parseFormalParameters):
2361         (JSC::JSParser::parseFunctionInfo):
2362         (JSC::JSParser::parseAssignmentExpression):
2363         (JSC::JSParser::parsePrimaryExpression):
2364         (JSC::JSParser::parseMemberExpression):
2365         (JSC::JSParser::parseUnaryExpression):
2366         * parser/JSParser.h:
2367         * parser/Lexer.cpp:
2368         (JSC::Lexer::lex):
2369         * parser/Parser.cpp:
2370         (JSC::Parser::parse):
2371
2372 2011-06-20  Nikolas Zimmermann  <nzimmermann@rim.com>
2373
2374         Reviewed by Rob Buis.
2375
2376         Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
2377         https://bugs.webkit.org/show_bug.cgi?id=59085
2378
2379         * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
2380
2381 2011-06-19  Oliver Hunt  <oliver@apple.com>
2382
2383         Reviewed by Sam Weinig.
2384
2385         Correct logic for putting errors on the correct line when handling JSONP
2386         https://bugs.webkit.org/show_bug.cgi?id=62962
2387
2388         Minor fix for the minor fix.  *sigh*
2389
2390         * interpreter/Interpreter.cpp:
2391         (JSC::Interpreter::execute):
2392
2393 2011-06-19  Oliver Hunt  <oliver@apple.com>
2394
2395         Minor fix to correct layout test results.
2396
2397         * interpreter/Interpreter.cpp:
2398         (JSC::Interpreter::execute):
2399
2400 2011-06-17  Oliver Hunt  <oliver@apple.com>
2401
2402         Reviewed by Gavin Barraclough.
2403
2404         JSONP is unnecessarily slow
2405         https://bugs.webkit.org/show_bug.cgi?id=62920
2406
2407         JSONP has unfortunately become a fairly common idiom online, yet
2408         it triggers very poor performance in JSC as we end up doing codegen
2409         for a large number of property accesses that will
2410            * only be run once, so the vast amount of logic we dump to handle
2411              caching of accesses is unnecessary.
2412            * We are doing codegen that is directly proportional to just
2413              creating the object in the first place.
2414
2415         This patch extends the use of the literal parser to JSONP-like structures
2416         in global code, handling a number of different forms I have seen online.
2417         In an extreme case this improves performance of JSONP by more than 2x
2418         due to removal of code generation and execution time, and a few optimisations
2419         that I made to the parser itself.
2420
2421         * API/JSValueRef.cpp:
2422         (JSValueMakeFromJSONString):
2423         * interpreter/Interpreter.cpp:
2424         (JSC::Interpreter::callEval):
2425         (JSC::Interpreter::execute):
2426         * parser/Lexer.cpp:
2427         (JSC::Lexer::isKeyword):
2428         * parser/Lexer.h:
2429         * runtime/JSGlobalObjectFunctions.cpp:
2430         (JSC::globalFuncEval):
2431         * runtime/JSONObject.cpp:
2432         (JSC::JSONProtoFuncParse):
2433         * runtime/LiteralParser.cpp:
2434         (JSC::LiteralParser::tryJSONPParse):
2435         (JSC::LiteralParser::makeIdentifier):
2436         (JSC::LiteralParser::Lexer::lex):
2437         (JSC::LiteralParser::Lexer::next):
2438         (JSC::isSafeStringCharacter):
2439         (JSC::LiteralParser::Lexer::lexString):
2440         (JSC::LiteralParser::Lexer::lexNumber):
2441         (JSC::LiteralParser::parse):
2442         * runtime/LiteralParser.h:
2443         (JSC::LiteralParser::LiteralParser):
2444         (JSC::LiteralParser::tryLiteralParse):
2445         (JSC::LiteralParser::Lexer::Lexer):
2446
2447 2011-06-18  Sheriff Bot  <webkit.review.bot@gmail.com>
2448
2449         Unreviewed, rolling out r89184.
2450         http://trac.webkit.org/changeset/89184
2451         https://bugs.webkit.org/show_bug.cgi?id=62927
2452
2453         It broke 22 tests on all bot (Requested by Ossy_weekend on
2454         #webkit).
2455
2456         * API/JSValueRef.cpp:
2457         (JSValueMakeFromJSONString):
2458         * interpreter/Interpreter.cpp:
2459         (JSC::Interpreter::callEval):
2460         (JSC::Interpreter::execute):
2461         * parser/Lexer.cpp:
2462         * parser/Lexer.h:
2463         * runtime/JSGlobalObjectFunctions.cpp:
2464         (JSC::globalFuncEval):
2465         * runtime/JSONObject.cpp:
2466         (JSC::JSONProtoFuncParse):
2467         * runtime/LiteralParser.cpp:
2468         (JSC::LiteralParser::Lexer::lex):
2469         (JSC::isSafeStringCharacter):
2470         (JSC::LiteralParser::Lexer::lexString):
2471         (JSC::LiteralParser::Lexer::lexNumber):
2472         (JSC::LiteralParser::parse):
2473         * runtime/LiteralParser.h:
2474         (JSC::LiteralParser::LiteralParser):
2475         (JSC::LiteralParser::tryLiteralParse):
2476         (JSC::LiteralParser::Lexer::Lexer):
2477         (JSC::LiteralParser::Lexer::next):
2478
2479 2011-06-17  Oliver Hunt  <oliver@apple.com>
2480
2481         Reviewed by Gavin Barraclough.
2482
2483         JSONP is unnecessarily slow
2484         https://bugs.webkit.org/show_bug.cgi?id=62920
2485
2486         JSONP has unfortunately become a fairly common idiom online, yet
2487         it triggers very poor performance in JSC as we end up doing codegen
2488         for a large number of property accesses that will
2489            * only be run once, so the vast amount of logic we dump to handle
2490              caching of accesses is unnecessary.
2491            * We are doing codegen that is directly proportional to just
2492              creating the object in the first place.
2493
2494         This patch extends the use of the literal parser to JSONP-like structures
2495         in global code, handling a number of different forms I have seen online.
2496         In an extreme case this improves performance of JSONP by more than 2x
2497         due to removal of code generation and execution time, and a few optimisations
2498         that I made to the parser itself.
2499
2500         * API/JSValueRef.cpp:
2501         (JSValueMakeFromJSONString):
2502         * interpreter/Interpreter.cpp:
2503         (JSC::Interpreter::callEval):
2504         (JSC::Interpreter::execute):
2505         * parser/Lexer.cpp:
2506         (JSC::Lexer::isKeyword):
2507         * parser/Lexer.h:
2508         * runtime/JSGlobalObjectFunctions.cpp:
2509         (JSC::globalFuncEval):
2510         * runtime/JSONObject.cpp:
2511         (JSC::JSONProtoFuncParse):
2512         * runtime/LiteralParser.cpp:
2513         (JSC::LiteralParser::tryJSONPParse):
2514         (JSC::LiteralParser::makeIdentifier):
2515         (JSC::LiteralParser::Lexer::lex):
2516         (JSC::LiteralParser::Lexer::next):
2517         (JSC::isSafeStringCharacter):
2518         (JSC::LiteralParser::Lexer::lexString):
2519         (JSC::LiteralParser::Lexer::lexNumber):
2520         (JSC::LiteralParser::parse):
2521         * runtime/LiteralParser.h:
2522         (JSC::LiteralParser::LiteralParser):
2523         (JSC::LiteralParser::tryLiteralParse):
2524         (JSC::LiteralParser::Lexer::Lexer):
2525
2526 2011-06-17  Geoffrey Garen  <ggaren@apple.com>
2527
2528         Reviewed by Oliver Hunt.
2529
2530         Moved some property access JIT code into property access JIT files
2531         https://bugs.webkit.org/show_bug.cgi?id=62906
2532
2533         * jit/JITOpcodes.cpp:
2534         * jit/JITOpcodes32_64.cpp:
2535         * jit/JITPropertyAccess.cpp:
2536         (JSC::JIT::emitSlow_op_put_by_val):
2537         (JSC::JIT::emit_op_get_scoped_var):
2538         (JSC::JIT::emit_op_put_scoped_var):
2539         (JSC::JIT::emit_op_get_global_var):
2540         (JSC::JIT::emit_op_put_global_var):
2541         * jit/JITPropertyAccess32_64.cpp:
2542         (JSC::JIT::emit_op_get_scoped_var):
2543         (JSC::JIT::emit_op_put_scoped_var):
2544         (JSC::JIT::emit_op_get_global_var):
2545         (JSC::JIT::emit_op_put_global_var):
2546
2547 2011-06-17  Anders Carlsson  <andersca@apple.com>
2548
2549         Build fix.
2550
2551         * JavaScriptCore.xcodeproj/project.pbxproj:
2552
2553 2011-06-17  Geoffrey Garen  <ggaren@apple.com>
2554
2555         Try to fix the Leopard build?
2556
2557         * JavaScriptCore.xcodeproj/project.pbxproj:
2558
2559 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2560
2561         Reviewed by Oliver Hunt.
2562
2563         Added some write barrier action, compiled out by default
2564         https://bugs.webkit.org/show_bug.cgi?id=62844
2565
2566         * JavaScriptCore.exp: Build!
2567
2568         * JavaScriptCore.xcodeproj/project.pbxproj: Fixed an incremental build
2569         issue with Heap.cpp.
2570
2571         * heap/Heap.cpp:
2572         (JSC::Heap::writeBarrierSlowCase):
2573         * heap/Heap.h:
2574         (JSC::Heap::writeBarrier):
2575         * heap/MarkedBlock.h:
2576         (JSC::MarkedBlock::isAtomAligned):
2577         (JSC::MarkedBlock::blockFor):
2578         (JSC::MarkedBlock::atomNumber):
2579         (JSC::MarkedBlock::ownerSetNumber):
2580         (JSC::MarkedBlock::addOldSpaceOwner):
2581         (JSC::MarkedBlock::OwnerSet::OwnerSet):
2582         (JSC::MarkedBlock::OwnerSet::add):
2583         (JSC::MarkedBlock::OwnerSet::clear):
2584         (JSC::MarkedBlock::OwnerSet::size):
2585         (JSC::MarkedBlock::OwnerSet::didOverflow):
2586         (JSC::MarkedBlock::OwnerSet::owners): Added a basic write barrier that
2587         tracks owners for regions within blocks. Currently unused.
2588
2589 2011-06-17  Raphael Kubo da Costa  <kubo@profusion.mobi>
2590
2591         Reviewed by Eric Seidel.
2592
2593         [EFL] Add some OwnPtr specializations for EFL types.
2594         For now there are specializations for Ecore_Evas and Evas_Object.
2595         https://bugs.webkit.org/show_bug.cgi?id=62877
2596
2597         * wtf/CMakeListsEfl.txt:
2598         * wtf/OwnPtrCommon.h:
2599         * wtf/efl/OwnPtrEfl.cpp: Added.
2600         (WTF::deleteOwnedPtr):
2601
2602 2011-06-17  Joone Hur  <joone.hur@collabora.co.uk>
2603
2604         Reviewed by Martin Robinson.
2605
2606         [GTK] Replace GdkRectangle by cairo_rectangle_int_t
2607         https://bugs.webkit.org/show_bug.cgi?id=60687
2608
2609         Replace GdkRectangle by cairo_rectangle_int_t.
2610
2611         * wtf/gobject/GTypedefs.h: Replace GdkRectangle by cairo_rectangle_int_t.
2612
2613 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
2614
2615         Reviewed by Oliver Hunt.
2616
2617         https://bugs.webkit.org/show_bug.cgi?id=53014
2618         ES5 strict mode keyword restrictions aren't implemented
2619
2620         The following are future restricted words is strict mode code:
2621             implements, interface, let, package, private, protected, public, static, yield
2622
2623         * parser/JSParser.h:
2624             - Add RESERVED_IF_STRICT token.
2625         * parser/Keywords.table:
2626             - Add new future restricted words.
2627         * parser/Lexer.cpp:
2628         (JSC::Lexer::parseIdentifier):
2629             - Check for RESERVED_IF_STRICT; in nonstrict code this is converted to IDENT.
2630         (JSC::Lexer::lex):
2631             - Pass strictMode flag to parseIdentifier.
2632         * parser/Lexer.h:
2633             - parseIdentifier needs a strictMode flag.
2634         * runtime/CommonIdentifiers.h:
2635             - Add identifiers for new reserved words.
2636
2637 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
2638
2639         Reviewed by Oliver Hunt.
2640
2641         https://bugs.webkit.org/show_bug.cgi?id=23611
2642         Multiline Javascript comments cause incorrect parsing of following script.
2643
2644         From the spec:
2645         "A MultiLineComment [is] simply discarded if it contains no line terminator,
2646         but if a MultiLineComment contains one or more line terminators, then it is
2647         replaced with a single line terminator, which becomes part of the stream of
2648         inputs for the syntactic grammar." 
2649
2650         This may result in behavioural changes, due to automatic semicolon insertion.
2651
2652         * parser/Lexer.cpp:
2653         (JSC::Lexer::parseMultilineComment):
2654             - Set m_terminator is we see a line terminator in a multiline comment.
2655
2656 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
2657
2658         Reviewed by Sam Weinig.
2659
2660         https://bugs.webkit.org/show_bug.cgi?id=62824
2661         DFG JIT - add support for branch-fusion of compareEq, JSValue comparisons in SpeculativeJIT
2662
2663         CompareEq of non-integer values is the most common cause of speculation failure.
2664
2665         * dfg/DFGSpeculativeJIT.cpp:
2666         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
2667             - Support Equals.
2668         (JSC::DFG::SpeculativeJIT::compilePeepHoleEq):
2669             - new! - peephole optimized Eq of JSValues.
2670         (JSC::DFG::SpeculativeJIT::compile):
2671             - Add peephole optimization for CompareEq.
2672         * dfg/DFGSpeculativeJIT.h:
2673         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
2674             - Add support for dead nodes between compare & branch.
2675         (JSC::DFG::SpeculativeJIT::isInteger):
2676             - Added to determine which form of peephole to do in CompareEq.
2677
2678 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2679
2680         Try to fix the Windows build.
2681
2682         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export another
2683         symbol.
2684
2685         * bytecode/EvalCodeCache.h:
2686         * heap/HandleHeap.h:
2687         * heap/HeapRootVisitor.h:
2688         * heap/NewSpace.h:
2689         * runtime/ArgList.h:
2690         * runtime/ScopeChain.h:
2691         * runtime/SmallStrings.h:
2692         * runtime/Structure.h: Stop forward-declaring things that don't really
2693         exist anymore.
2694
2695 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2696
2697         Try to fix the Mac build: Removed and re-added SlotVisitor.h to the Xcode
2698         project while crossing my fingers and facing west.
2699
2700         * JavaScriptCore.xcodeproj/project.pbxproj:
2701
2702 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2703
2704         Build fix: Removed an incorrect symbol on Windows.
2705
2706         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2707
2708 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2709
2710         Build fix: Removed an accidental commit from the future.
2711
2712         * CMakeLists.txt:
2713
2714 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2715
2716         Reviewed by Oliver Hunt.
2717
2718         Introduced SlotVisitor into the project
2719         https://bugs.webkit.org/show_bug.cgi?id=62820
2720         
2721         This resolves a class vs typedef forward declaration issue, and gives all
2722         exported symbols the correct names.
2723
2724         * CMakeLists.txt:
2725         * GNUmakefile.list.am:
2726         * JavaScriptCore.exp:
2727         * JavaScriptCore.gypi:
2728         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2729         * JavaScriptCore.xcodeproj/project.pbxproj: Build!
2730
2731         * bytecode/EvalCodeCache.h:
2732         * heap/HandleHeap.h:
2733         * heap/Heap.cpp:
2734         (JSC::Heap::Heap):
2735         (JSC::Heap::markRoots):
2736         * heap/Heap.h:
2737         * heap/HeapRootVisitor.h: Replaced MarkStack with SlotVisitor. Now no
2738         clients operate on a MarkStack.
2739
2740         * heap/MarkStack.cpp:
2741         (JSC::SlotVisitor::visitChildren):
2742         (JSC::SlotVisitor::drain):
2743         * heap/SlotVisitor.h: Added.
2744         (JSC::SlotVisitor::SlotVisitor): Used 'protected' and a little cheesy
2745         inheritance to give SlotVisitor all the attributes of MarkStack without
2746         making this change giant. Over time, we will move more behavior into
2747         SlotVisitor and its subclasses.
2748
2749         * heap/MarkStack.h:
2750         * heap/NewSpace.h: Replaced MarkStack with SlotVisitor. Now no
2751         clients operate on a MarkStack.
2752
2753         * runtime/ArgList.h:
2754         * runtime/JSCell.h:
2755         * runtime/JSObject.h:
2756         * runtime/ScopeChain.h:
2757         * runtime/SmallStrings.h:
2758         * runtime/Structure.h: Replaced MarkStack with SlotVisitor. Now no
2759         clients operate on a MarkStack.
2760
2761 2011-06-15  Oliver Hunt  <oliver@apple.com>
2762
2763         Reviewed by Geoffrey Garen.
2764
2765         Reduce memory usage of resolve_global
2766         https://bugs.webkit.org/show_bug.cgi?id=62765
2767
2768         If we have a large number of resolve_globals in a single
2769         block start planting plain resolve instructions instead 
2770         whenever we aren't in a loop.  This allows us to reduce
2771         the code size for extremely large functions without
2772         losing the performance benefits of op_resolve_global.
2773
2774         * bytecode/CodeBlock.h:
2775         (JSC::CodeBlock::globalResolveInfoCount):
2776         * bytecompiler/BytecodeGenerator.cpp:
2777         (JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
2778         (JSC::BytecodeGenerator::emitResolve):
2779         (JSC::BytecodeGenerator::emitResolveWithBase):
2780         * bytecompiler/BytecodeGenerator.h:
2781
2782 2011-06-16  Qi Zhang  <qi.2.zhang@nokia.com>
2783
2784         Reviewed by Laszlo Gombos.
2785
2786         [Qt] Fix building with CONFIG(use_system_icu)
2787         https://bugs.webkit.org/show_bug.cgi?id=62744
2788
2789         Do not define WTF_USE_QT4_UNICODE if WTF_USE_ICU_UNICODE is set.
2790
2791         * wtf/Platform.h:
2792
2793 2011-06-15  Darin Adler  <darin@apple.com>
2794
2795         Reviewed by Adam Barth.
2796
2797         Remove obsolete LOOSE_OWN_PTR code
2798         https://bugs.webkit.org/show_bug.cgi?id=59909
2799
2800         The internal Apple dependency on this is gone now.
2801
2802         * wtf/OwnArrayPtr.h: Removed constructor that takes a raw pointer,
2803         set function that takes a raw pointer.
2804
2805         * wtf/OwnPtr.h: Removed constructor that takes a raw pointer,
2806         set functino that takes a raw pointer.
2807
2808         * wtf/PassOwnArrayPtr.h: Made constructor that takes a nullptr
2809         and assignment operator that takes a nullptr unconditional.
2810         Made constructor that takes a raw pointer private and explicit,
2811         and removed assignment operator that takes a raw pointer.
2812
2813         * wtf/PassOwnPtr.h: Made assignment operator that takes a nullptr
2814         unconditional. Made constructor that takes a raw pointer private
2815         and explicit, and removed assignment operator that takes a raw pointer.
2816
2817 2011-06-15  Sam Weinig  <sam@webkit.org>
2818
2819         Reviewed by Geoffrey Garen and Gavin Barraclough.
2820
2821         Make access-nseive ~9x faster on the non-speculative path by
2822         adding special casing for doubles that can lossless-ly be converted
2823         to a uint32_t in getByVal and putByVal. This avoids calls to stringification
2824         and the hash lookup.  Long term, we should try and get property of a getByVal
2825         and putByVal to be an integer immediate even in the non-speculative path.
2826
2827         * dfg/DFGOperations.cpp:
2828         (JSC::DFG::putByVal):
2829         (JSC::DFG::operationPutByValInternal):
2830
2831 2011-06-15  Oliver Hunt  <oliver@apple.com>
2832
2833         Reviewed by Darin Adler.
2834
2835         REGRESSION (r88719): 5by5.tv schedule is not visible
2836         https://bugs.webkit.org/show_bug.cgi?id=62720
2837
2838         Problem here is that the lexer wasn't considering '$' to be
2839         a valid character in an identifier.
2840
2841         * parser/Lexer.h:
2842         (JSC::Lexer::lexExpectIdentifier):
2843
2844 2011-06-15  Oliver Hunt  <oliver@apple.com>
2845
2846         Reviewed by Sam Weinig.
2847
2848         Reduce the size of global_resolve
2849         https://bugs.webkit.org/show_bug.cgi?id=62738
2850
2851         Reduce the code size of global_resolve in the JIT by replacing
2852         multiple pointer loads with a single pointer move + two offset
2853         loads.
2854
2855         * jit/JITOpcodes.cpp:
2856         (JSC::JIT::emit_op_resolve_global):
2857         * jit/JITOpcodes32_64.cpp:
2858         (JSC::JIT::emit_op_resolve_global):
2859
2860 2011-06-14  Geoffrey Garen  <ggaren@apple.com>
2861
2862         Reviewed by Dan Bernstein.
2863
2864         Fixed an inavlid ASSERT I found while investigating
2865         <rdar://problem/9580254> Crash in JSC::HandleHeap::finalizeWeakHandles + 92
2866         https://bugs.webkit.org/show_bug.cgi?id=62699        
2867
2868         No test since we don't know of a way to get WebCore to deallocate the
2869         next-to-finalize handle, which is also the last handle in the list,
2870         while finalizing the second-to-last handle in the list.
2871
2872         * heap/HandleHeap.h:
2873         (JSC::HandleHeap::deallocate): Don't ASSERT that m_nextToFinalize has a
2874         non-0 next() after updating it, since it is valid to update m_nextToFinalize
2875         to point to the tail sentinel.
2876         
2877         Do ASSERT that m_nextToFinalize has a non-0 next() before updating it,
2878         since it is not valid to update m_nextToFinalize to point past the tail
2879         sentinel.
2880         
2881         Also, use m_nextToFinalize consistently for clarity.
2882
2883 2011-06-14  Gavin Barraclough  <barraclough@apple.com>
2884
2885         Reviewed by Sam Weinig.
2886
2887         https://bugs.webkit.org/show_bug.cgi?id=43841
2888         SegmentedVector::operator== typo
2889
2890         * wtf/SegmentedVector.h:
2891         (WTF::SegmentedVectorIterator::operator==):
2892         (WTF::SegmentedVectorIterator::operator!=):
2893
2894 2011-06-14  Oliver Hunt  <oliver@apple.com>
2895
2896         Reviewed by Gavin Barraclough.
2897
2898         Constant array literals result in unnecessarily large amounts of code
2899         https://bugs.webkit.org/show_bug.cgi?id=62658
2900
2901         Add a new version of op_new_array that simply copies values from a buffer
2902         we hang off of the CodeBlock, rather than generating code to place each
2903         entry into the registerfile, and then copying it from the registerfile into
2904         the array.  This is a slight improvement on some sunspider tests, but no
2905         measurable overall change.  That's okay though as our goal was to reduce
2906         code size without hurting performance.
2907
2908         * bytecode/CodeBlock.cpp:
2909         (JSC::CodeBlock::dump):
2910         * bytecode/CodeBlock.h:
2911         (JSC::CodeBlock::addImmediateBuffer):
2912         (JSC::CodeBlock::immediateBuffer):
2913         * bytecode/Opcode.h:
2914         * bytecompiler/BytecodeGenerator.cpp:
2915         (JSC::BytecodeGenerator::addImmediateBuffer):
2916         (JSC::BytecodeGenerator::emitNewArray):
2917         * bytecompiler/BytecodeGenerator.h:
2918         * bytecompiler/NodesCodegen.cpp:
2919         (JSC::ArrayNode::emitBytecode):
2920         * interpreter/Interpreter.cpp:
2921         (JSC::Interpreter::privateExecute):
2922         * jit/JIT.cpp:
2923         (JSC::JIT::privateCompileMainPass):
2924         * jit/JIT.h:
2925         * jit/JITOpcodes.cpp:
2926         (JSC::JIT::emit_op_new_array):
2927         (JSC::JIT::emit_op_new_array_buffer):
2928         * jit/JITOpcodes32_64.cpp:
2929         * jit/JITStubs.cpp:
2930         (JSC::DEFINE_STUB_FUNCTION):
2931         * jit/JITStubs.h:
2932
2933 2011-06-14  Sheriff Bot  <webkit.review.bot@gmail.com>
2934
2935         Unreviewed, rolling out r88841.
2936         http://trac.webkit.org/changeset/88841
2937         https://bugs.webkit.org/show_bug.cgi?id=62672
2938
2939         Caused many tests to crash (Requested by rniwa on #webkit).
2940
2941         * bytecode/CodeBlock.cpp:
2942         (JSC::CodeBlock::dump):
2943         * bytecode/CodeBlock.h:
2944         * bytecode/Opcode.h:
2945         * bytecompiler/BytecodeGenerator.cpp:
2946         (JSC::BytecodeGenerator::emitNewArray):
2947         * bytecompiler/BytecodeGenerator.h:
2948         * bytecompiler/NodesCodegen.cpp:
2949         (JSC::ArrayNode::emitBytecode):
2950         * interpreter/Interpreter.cpp:
2951         (JSC::Interpreter::privateExecute):
2952         * jit/JIT.cpp:
2953         (JSC::JIT::privateCompileMainPass):
2954         * jit/JIT.h:
2955         * jit/JITOpcodes.cpp:
2956         (JSC::JIT::emit_op_new_array):
2957         * jit/JITOpcodes32_64.cpp:
2958         (JSC::JIT::emit_op_new_array):
2959         * jit/JITStubs.cpp:
2960         * jit/JITStubs.h:
2961
2962 2011-06-14  Oliver Hunt  <oliver@apple.com>
2963
2964         Reviewed by Gavin Barraclough.
2965
2966         Constant array literals result in unnecessarily large amounts of code
2967         https://bugs.webkit.org/show_bug.cgi?id=62658
2968
2969         Add a new version of op_new_array that simply copies values from a buffer
2970         we hang off of the CodeBlock, rather than generating code to place each
2971         entry into the registerfile, and then copying it from the registerfile into
2972         the array.  This is a slight improvement on some sunspider tests, but no
2973         measurable overall change.  That's okay though as our goal was to reduce
2974         code size without hurting performance.
2975
2976         * bytecode/CodeBlock.cpp:
2977         (JSC::CodeBlock::dump):
2978         * bytecode/CodeBlock.h:
2979         (JSC::CodeBlock::addImmediateBuffer):
2980         (JSC::CodeBlock::immediateBuffer):
2981         * bytecode/Opcode.h:
2982         * bytecompiler/BytecodeGenerator.cpp:
2983         (JSC::BytecodeGenerator::addImmediateBuffer):
2984         (JSC::BytecodeGenerator::emitNewArray):
2985         * bytecompiler/BytecodeGenerator.h:
2986         * bytecompiler/NodesCodegen.cpp:
2987         (JSC::ArrayNode::emitBytecode):
2988         * interpreter/Interpreter.cpp:
2989         (JSC::Interpreter::privateExecute):
2990         * jit/JIT.cpp:
2991         (JSC::JIT::privateCompileMainPass):
2992         * jit/JIT.h:
2993         * jit/JITOpcodes.cpp:
2994         (JSC::JIT::emit_op_new_array):
2995         (JSC::JIT::emit_op_new_array_buffer):
2996         * jit/JITOpcodes32_64.cpp:
2997         * jit/JITStubs.cpp:
2998         (JSC::DEFINE_STUB_FUNCTION):
2999         * jit/JITStubs.h:
3000
3001 2011-06-14  Stephanie Lewis  <slewis@apple.com>
3002
3003         Rubber stamped by Oliver Hunt.
3004
3005         <rdar://problem/9511169>
3006         Update order files.
3007
3008         * JavaScriptCore.order:
3009
3010 2011-06-14  Sam Weinig  <sam@webkit.org>
3011
3012         Reviewed by Geoffrey Garen.
3013
3014         Fix dumping of constants to have the correct constant number.
3015
3016         * bytecode/CodeBlock.cpp:
3017         (JSC::CodeBlock::dump):
3018
3019 2011-06-14  Benjamin Poulain  <benjamin@webkit.org>
3020
3021         Reviewed by Eric Seidel.
3022
3023         KeywordLookupGenerator's Trie does not work with Python 3
3024         https://bugs.webkit.org/show_bug.cgi?id=62635
3025
3026         With Python 3, dict.items() return an iterator. Since the iterator
3027         protocol changed between Python 2 and 3, the easiest way to get the
3028         values is to have something that use the iterator implicitely, like a
3029         for() loop.
3030
3031         * KeywordLookupGenerator.py:
3032
3033 2011-06-13  Oliver Hunt  <oliver@apple.com>
3034
3035         Reviewed by Gavin Barraclough.
3036
3037         Fix llocp and lvalp names in the lexer to something more meaningful
3038         https://bugs.webkit.org/show_bug.cgi?id=62605
3039
3040         A simple rename
3041
3042         * parser/Lexer.cpp:
3043         (JSC::Lexer::parseIdentifier):
3044         (JSC::Lexer::parseString):
3045         (JSC::Lexer::lex):
3046         * parser/Lexer.h:
3047         (JSC::Lexer::lexExpectIdentifier):
3048
3049 2011-06-13  Oliver Hunt  <oliver@apple.com>
3050
3051         Reviewed by Gavin Barraclough.
3052
3053         Make it possible to inline the common case of identifier lexing
3054         https://bugs.webkit.org/show_bug.cgi?id=62600
3055
3056         Add a lexing function that expects to lex an "normal" alpha numeric
3057         identifier (that ignores keywords) so it's possible to inline the
3058         common parsing cases.  This comes out as a reasonable parsing speed
3059         boost.
3060
3061         * parser/JSParser.cpp:
3062         (JSC::JSParser::nextExpectIdentifier):
3063         (JSC::JSParser::parseProperty):
3064         (JSC::JSParser::parseMemberExpression):
3065         * parser/Lexer.cpp:
3066         * parser/Lexer.h:
3067         (JSC::Lexer::makeIdentifier):
3068         (JSC::Lexer::lexExpectIdentifier):
3069
3070 2011-06-13  Xan Lopez  <xlopez@igalia.com>
3071
3072         Reviewed by Martin Robinson.
3073
3074         Distcheck fixes.
3075
3076         * GNUmakefile.am:
3077         * GNUmakefile.list.am:
3078
3079 2011-06-13  Oliver Hunt  <oliver@apple.com>
3080
3081         Reviewed by Simon Fraser.
3082
3083         Make it possible to inline Identifier::equal
3084         https://bugs.webkit.org/show_bug.cgi?id=62584
3085
3086         Move Identifier::equal to the Identifier header file.
3087
3088         * runtime/Identifier.cpp:
3089         * runtime/Identifier.h:
3090         (JSC::Identifier::equal):
3091
3092 2011-06-13  Tony Chang  <tony@chromium.org>
3093
3094         Reviewed by Dimitri Glazkov.
3095
3096         rename ENABLE_NEW_FLEXBOX to ENABLE_CSS3_FLEXBOX
3097         https://bugs.webkit.org/show_bug.cgi?id=62578
3098
3099         * Configurations/FeatureDefines.xcconfig:
3100
3101 2011-06-13  Tony Chang  <tony@chromium.org>
3102
3103         Reviewed by Adam Barth.
3104
3105         rename ENABLE_FLEXBOX to ENABLE_NEW_FLEXBOX
3106         https://bugs.webkit.org/show_bug.cgi?id=62545
3107
3108         * Configurations/FeatureDefines.xcconfig:
3109
3110 2011-06-12  Patrick Gansterer  <paroga@webkit.org>
3111
3112         Unreviewed. Build fix for !ENABLE(JIT) after r88604.
3113
3114         * bytecode/CodeBlock.cpp:
3115         (JSC::CodeBlock::visitAggregate):
3116
3117 2011-06-11  Gavin Barraclough  <barraclough@apple.com>
3118
3119         Reviewed by Darin Adler.
3120
3121         https://bugs.webkit.org/show_bug.cgi?id=16777
3122
3123         Remove #define NaN per Darin's comments.
3124
3125         * runtime/JSGlobalObjectFunctions.cpp:
3126         (JSC::parseIntOverflow):
3127         (JSC::parseInt):
3128         (JSC::jsStrDecimalLiteral):
3129         (JSC::jsToNumber):
3130         (JSC::parseFloat):
3131         * wtf/DateMath.cpp:
3132         (WTF::equivalentYearForDST):
3133         (WTF::parseES5DateFromNullTerminatedCharacters):
3134         (WTF::parseDateFromNullTerminatedCharacters):
3135         (WTF::timeClip):
3136         (JSC::parseDateFromNullTerminatedCharacters):
3137
3138 2011-06-11  Gavin Barraclough  <barraclough@apple.com>
3139
3140         Rubber stamped by Geoff Garen.
3141
3142         https://bugs.webkit.org/show_bug.cgi?id=62503
3143         Remove JIT_OPTIMIZE_* switches
3144
3145         The alternative code paths are untested, and not well maintained.
3146         These were useful when there was more churn in the JIT, but now
3147         are a maintenance overhead. Time to move on, removing.
3148
3149         * bytecode/CodeBlock.cpp:
3150         (JSC::CodeBlock::visitAggregate):
3151         * jit/JIT.cpp:
3152         (JSC::JIT::privateCompileSlowCases):
3153         (JSC::JIT::privateCompile):
3154         (JSC::JIT::linkConstruct):
3155         * jit/JIT.h:
3156         * jit/JITCall.cpp:
3157         * jit/JITCall32_64.cpp:
3158         * jit/JITOpcodes.cpp:
3159         (JSC::JIT::privateCompileCTIMachineTrampolines):
3160         (JSC::JIT::privateCompileCTINativeCall):
3161         * jit/JITOpcodes32_64.cpp:
3162         (JSC::JIT::privateCompileCTIMachineTrampolines):
3163         (JSC::JIT::privateCompileCTINativeCall):
3164         (JSC::JIT::softModulo):
3165         * jit/JITPropertyAccess.cpp:
3166         * jit/JITPropertyAccess32_64.cpp:
3167         * jit/JITStubs.cpp:
3168         (JSC::DEFINE_STUB_FUNCTION):
3169         * runtime/Lookup.cpp:
3170         (JSC::setUpStaticFunctionSlot):
3171         * runtime/Lookup.h:
3172         * wtf/Platform.h:
3173
3174 2011-06-10  Gavin Barraclough  <barraclough@apple.com>
3175
3176         Reviewed by Sam Weinig.
3177
3178         https://bugs.webkit.org/show_bug.cgi?id=16777
3179         Eliminate JSC::NaN and JSC::Inf
3180
3181         There's no good reason for -K-J-S- JSC to have its own NAN and infinity constants.
3182         The ones in std::numeric_limits are perfectly good.
3183         Remove JSC::Inf, JSC::NaN, switch some cases of (isnan || isinf) to !isfinite.
3184
3185         * API/JSCallbackObjectFunctions.h:
3186         (JSC::::toNumber):
3187         * API/JSValueRef.cpp:
3188         (JSValueMakeNumber):
3189         (JSValueToNumber):
3190         * JavaScriptCore.exp:
3191         * runtime/CachedTranscendentalFunction.h:
3192         (JSC::CachedTranscendentalFunction::initialize):
3193         * runtime/DateConstructor.cpp:
3194         (JSC::constructDate):
3195         * runtime/DateInstanceCache.h:
3196         (JSC::DateInstanceData::DateInstanceData):
3197         (JSC::DateInstanceCache::reset):
3198         * runtime/JSCell.cpp:
3199         * runtime/JSCell.h:
3200         (JSC::JSCell::JSValue::getPrimitiveNumber):
3201         (JSC::JSCell::JSValue::toNumber):
3202         * runtime/JSGlobalData.cpp:
3203         (JSC::JSGlobalData::JSGlobalData):
3204         (JSC::JSGlobalData::resetDateCache):
3205         * runtime/JSGlobalObject.cpp:
3206         (JSC::JSGlobalObject::reset):
3207         * runtime/JSGlobalObjectFunctions.cpp:
3208         (JSC::globalFuncParseInt):
3209         (JSC::globalFuncIsFinite):
3210         * runtime/JSNotAnObject.cpp:
3211         (JSC::JSNotAnObject::toNumber):
3212         * runtime/JSValue.cpp:
3213         * runtime/JSValue.h:
3214         * runtime/JSValueInlineMethods.h:
3215         (JSC::jsNaN):
3216         * runtime/MathObject.cpp:
3217         (JSC::mathProtoFuncMax):
3218         (JSC::mathProtoFuncMin):
3219         * runtime/NumberConstructor.cpp:
3220         (JSC::numberConstructorNegInfinity):
3221         (JSC::numberConstructorPosInfinity):
3222         * runtime/NumberPrototype.cpp:
3223         (JSC::numberProtoFuncToExponential):
3224         (JSC::numberProtoFuncToFixed):
3225         (JSC::numberProtoFuncToPrecision):
3226         (JSC::numberProtoFuncToString):
3227         * runtime/UString.cpp:
3228         * wtf/DecimalNumber.h:
3229         (WTF::DecimalNumber::DecimalNumber):
3230         * wtf/dtoa.cpp:
3231         (WTF::dtoa):
3232
3233 2011-06-10  Tony Chang  <tony@chromium.org>
3234
3235         Reviewed by Ojan Vafai.
3236
3237         add a compile guard ENABLE(FLEXBOX)
3238         https://bugs.webkit.org/show_bug.cgi?id=62049
3239
3240         * Configurations/FeatureDefines.xcconfig:
3241
3242 2011-06-10  Gavin Barraclough  <barraclough@apple.com>
3243
3244         Reviewed by Sam Weinig.
3245
3246         https://bugs.webkit.org/show_bug.cgi?id=55347
3247         "name" and "message" enumerable on *Error.prototype
3248
3249         This arises from chapter 15 of the spec:
3250             "Every other property described in this clause has the attributes
3251             { [[Writable]]: true, [[Enumerable]]: false, [[Configurable]]: true }
3252             unless otherwise specified."
3253         Standardized properties are not enumerable.
3254
3255         * runtime/ErrorInstance.cpp:
3256         (JSC::ErrorInstance::ErrorInstance):
3257         * runtime/NativeErrorPrototype.cpp:
3258         (JSC::NativeErrorPrototype::NativeErrorPrototype):
3259
3260 2011-06-09  Geoffrey Garen  <ggaren@apple.com>
3261
3262         Build fix: Corrected header spelling.
3263
3264         * heap/OldSpace.h:
3265
3266 2011-06-09  Geoffrey Garen  <ggaren@apple.com>
3267
3268         Reviewed by Oliver Hunt.
3269
3270         Added OldSpace to the project
3271         https://bugs.webkit.org/show_bug.cgi?id=62417
3272         
3273         Currently unused.
3274         
3275         Added OldSpace, the ability to iterate NewSpace vs OldSpace, and a
3276         per-block flag for testing whether you're in NewSpace vs OldSpace.
3277
3278         * CMakeLists.txt:
3279         * GNUmakefile.list.am:
3280         * JavaScriptCore.gypi:
3281         * JavaScriptCore.pro:
3282         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3283         * JavaScriptCore.xcodeproj/project.pbxproj: Build!
3284
3285         * heap/MarkedBlock.cpp:
3286         (JSC::MarkedBlock::MarkedBlock):
3287         * heap/MarkedBlock.h:
3288         (JSC::MarkedBlock::inNewSpace):
3289         (JSC::MarkedBlock::setInNewSpace): Added inNewSpace flag, for use in
3290         write barrier.
3291
3292         * heap/NewSpace.cpp:
3293         (JSC::NewSpace::addBlock):
3294         (JSC::NewSpace::removeBlock):
3295         * heap/NewSpace.h:
3296         (JSC::NewSpace::forEachBlock): Added forEachBlock, to use for
3297         NewSpace-specific operations.
3298
3299         * heap/OldSpace.cpp: Added.
3300         (JSC::OldSpace::OldSpace):
3301         (JSC::OldSpace::addBlock):
3302         (JSC::OldSpace::removeBlock):
3303         * heap/OldSpace.h: Added.
3304         (JSC::OldSpace::forEachBlock): New class for holding promoted blocks.
3305         Not in use yet.
3306
3307 2011-06-09  Hyowon Kim  <hw1008.kim@samsung.com>
3308
3309         Reviewed by Antonio Gomes.
3310
3311         [EFL] Make accelerated compositing build in Webkit-EFL
3312         https://bugs.webkit.org/show_bug.cgi?id=62361
3313
3314         Add PLATFORM(EFL) to enable ACCELERATED_COMPOSITING on EFL port.
3315
3316         * wtf/Platform.h:
3317
3318 2011-06-09  Gavin Barraclough  <barraclough@apple.com>
3319
3320         Reviewed by Geoff Garen.
3321
3322         Bug 62405 - Fix integer overflow in Array.prototype.push
3323
3324         Fix geoff's review comments re static_cast.
3325
3326         * runtime/ArrayPrototype.cpp:
3327         (JSC::arrayProtoFuncPush):
3328
3329 2011-06-09  Geoffrey Garen  <ggaren@apple.com>
3330
3331         Reviewed by Oliver Hunt.
3332
3333         Factored MarkedBlock set management into a helper class with a fast case Bloom filter
3334         https://bugs.webkit.org/show_bug.cgi?id=62413
3335         
3336         SunSpider reports a small speedup.
3337         
3338         This is in preparation for having ConservativeSet operate on arbitrary
3339         sets of MarkedBlocks, and in preparation for conservative scanning
3340         becoming proportionally more important than other GC activities.
3341
3342         * GNUmakefile.list.am:
3343         * JavaScriptCore.gypi:
3344         * JavaScriptCore.xcodeproj/project.pbxproj: Build-o.
3345
3346         * heap/ConservativeRoots.cpp:
3347         (JSC::ConservativeRoots::add):
3348         * heap/ConservativeRoots.h:
3349         (JSC::ConservativeRoots::ConservativeRoots): Operate on a MarkedBlockSet
3350         directly, instead of a Heap, so we can operate on subsets of the Heap
3351         instead.
3352         
3353         Use a TinyBloomFilter for single-cycle exclusion of most pointers. This
3354         is particularly important since we expect not to find our subject pointer
3355         in the MarkedBlock hash, and hash misses are more expensive than typical
3356         hash lookups because they have high collision rates.
3357         
3358         No need for single-pointer add() to be public anymore, since nobody uses it.
3359
3360         * heap/Heap.cpp:
3361         (JSC::Heap::markRoots):
3362         * heap/Heap.h:
3363         (JSC::Heap::forEachCell):
3364         (JSC::Heap::forEachBlock): Use MarkedBlockSet since that's what
3365         ConservativeRoots relies on.
3366         
3367         Nixed contains(), since nobody uses it anymore.
3368
3369         * heap/MarkedBlock.h:
3370         (WTF::MarkedBlockHash::hash): Added a faster hash taking advantage of
3371         the VM layout properties of MarkedBlocks.
3372
3373         * heap/MarkedBlockSet.h: Added.
3374         (JSC::MarkedBlockSet::add):
3375         (JSC::MarkedBlockSet::remove):
3376         (JSC::MarkedBlockSet::recomputeFilter):
3377         (JSC::MarkedBlockSet::filter):
3378         (JSC::MarkedBlockSet::set):
3379         * heap/TinyBloomFilter.h: Added.
3380         (JSC::TinyBloomFilter::TinyBloomFilter):
3381         (JSC::TinyBloomFilter::add):
3382         (JSC::TinyBloomFilter::ruleOut): New helper class, used above.
3383
3384         * interpreter/RegisterFile.cpp:
3385         (JSC::RegisterFile::gatherConservativeRoots): No need to specifically
3386         exclude values by tag -- the tiny bloom filter is already a register-register
3387         compare, so adding another "rule out" factor just slows things down.
3388
3389 2011-06-09  Gavin Barraclough  <barraclough@apple.com>
3390
3391         Reviewed by Oliver Hunt.
3392
3393         Bug 62405 - Fix integer overflow in Array.prototype.push
3394
3395         There are three integer overflows here, leading to safe (not a security risk)
3396         but incorrect (non-spec-compliant) behaviour.
3397
3398         Two overflows occur when calculating the new length after pushing (one in the
3399         fast version of push in JSArray, one in the generic version in ArrayPrototype).
3400         The other occurs calculating indices to write to when multiple items are pushed.
3401
3402         These errors result in three test-262 failures.
3403
3404         * runtime/ArrayPrototype.cpp:
3405         (JSC::arrayProtoFuncPush):
3406         * runtime/JSArray.cpp:
3407         (JSC::JSArray::put):
3408         (JSC::JSArray::push):
3409
3410 2011-06-09  Dan Bernstein  <mitz@apple.com>
3411
3412         Reviewed by Anders Carlsson.
3413
3414         Add Vector::reverse()
3415         https://bugs.webkit.org/show_bug.cgi?id=62393
3416
3417         * wtf/Vector.h:
3418         (WTF::Vector::reverse): Added
3419
3420 2011-06-08  Geoffrey Garen  <ggaren@apple.com>
3421
3422         Reviewed by Oliver Hunt.
3423
3424         Factored a bunch of Heap functionality into stand-alone functors
3425         https://bugs.webkit.org/show_bug.cgi?id=62337
3426         
3427         This is in preparation for making these functors operate on arbitrary
3428         sets of MarkedBlocks.
3429
3430         * JavaScriptCore.exp: This file is a small tragedy.
3431
3432         * debugger/Debugger.cpp:
3433         (JSC::Debugger::recompileAllJSFunctions): Updated for type change and rename.
3434
3435         * heap/HandleHeap.h:
3436         (JSC::HandleHeap::forEachStrongHandle): New function for iterating all
3437         strong handles, so we can play along in the functor game.
3438
3439         * heap/Heap.cpp:
3440         (JSC::CountFunctor::CountFunctor::CountFunctor):
3441         (JSC::CountFunctor::CountFunctor::count):
3442         (JSC::CountFunctor::CountFunctor::returnValue):
3443         (JSC::CountFunctor::ClearMarks::operator()):
3444         (JSC::CountFunctor::ResetAllocator::operator()):
3445         (JSC::CountFunctor::Sweep::operator()):
3446         (JSC::CountFunctor::MarkCount::operator()):
3447         (JSC::CountFunctor::Size::operator()):
3448         (JSC::CountFunctor::Capacity::operator()):
3449         (JSC::CountFunctor::Count::operator()):
3450         (JSC::CountFunctor::CountIfGlobalObject::operator()):
3451         (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
3452         (JSC::CountFunctor::TakeIfEmpty::operator()):
3453         (JSC::CountFunctor::TakeIfEmpty::returnValue):
3454         (JSC::CountFunctor::RecordType::RecordType):
3455         (JSC::CountFunctor::RecordType::typeName):
3456         (JSC::CountFunctor::RecordType::operator()):
3457         (JSC::CountFunctor::RecordType::returnValue): These functors factor out
3458         behavior that used to be in the functions below.
3459
3460         (JSC::Heap::clearMarks):
3461         (JSC::Heap::sweep):
3462         (JSC::Heap::objectCount):
3463         (JSC::Heap::size):
3464         (JSC::Heap::capacity):
3465         (JSC::Heap::protectedGlobalObjectCount):
3466         (JSC::Heap::protectedObjectCount):
3467         (JSC::Heap::protectedObjectTypeCounts):
3468         (JSC::Heap::objectTypeCounts):
3469         (JSC::Heap::resetAllocator):
3470         (JSC::Heap::freeBlocks):
3471         (JSC::Heap::shrink): Factored out behavior into the functors above.
3472
3473         * heap/Heap.h:
3474         (JSC::Heap::forEachProtectedCell):
3475         (JSC::Heap::forEachCell):
3476         (JSC::Heap::forEachBlock): Added forEach* iteration templates. I chose
3477         functor-based templates instead of plain iterators because they're simpler
3478         to implement in this case and they require a lot less code at the call site.
3479
3480         * heap/MarkedBlock.h:
3481         (JSC::MarkedBlock::VoidFunctor::returnValue): Default parent class for
3482         trivial functors.
3483
3484         (JSC::MarkedBlock::forEachCell): Renamed forEach to forEachCell because
3485         we have a few different kind of "for each" now.
3486
3487         * runtime/JSGlobalData.cpp:
3488         (WTF::Recompile::operator()):
3489         (JSC::JSGlobalData::JSGlobalData):
3490         (JSC::JSGlobalData::recompileAllJSFunctions): Updated for type change and rename.
3491
3492         * runtime/JSGlobalData.h: Removed globalObjectCount because it was unused.
3493
3494 2011-06-08  Mikołaj Małecki  <m.malecki@samsung.com>
3495
3496         Reviewed by Pavel Feldman.
3497
3498         Web Inspector: Crash by buffer overrun crash when serializing inspector object tree.
3499         https://bugs.webkit.org/show_bug.cgi?id=52791
3500
3501         No new tests. The problem can be reproduced by trying to create InspectorValue
3502         from 1.0e-100 and call ->toJSONString() on this.
3503
3504         * JavaScriptCore.exp:
3505         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3506         export 2 functions DecimalNumber::bufferLengthForStringExponential and
3507         DecimalNumber::toStringExponential.
3508
3509 2011-06-08  Sheriff Bot  <webkit.review.bot@gmail.com>
3510
3511         Unreviewed, rolling out r88404.
3512         http://trac.webkit.org/changeset/88404
3513         https://bugs.webkit.org/show_bug.cgi?id=62342
3514
3515         broke win and mac build (Requested by tony^work on #webkit).
3516
3517         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3518
3519 2011-06-08  Evan Martin  <evan@chromium.org>
3520
3521         Reviewed by Adam Barth.
3522
3523         [chromium] use gyp 'settings' type for settings target
3524         https://bugs.webkit.org/show_bug.cgi?id=62323
3525
3526         The 'settings' gyp target type is for targets that exist solely
3527         for their settings (no build rules).  The comment above this target
3528         says it's for this, but it incorrectly uses 'none'.
3529
3530         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3531
3532 2011-06-08  Sailesh Agrawal  <sail@chromium.org>
3533
3534         Reviewed by Mihai Parparita.
3535
3536         Chromium Mac: Enable overlay scrollbars
3537         https://bugs.webkit.org/show_bug.cgi?id=59756
3538
3539         Enable WTF_USE_WK_SCROLLBAR_PAINTER for Chromium Mac. This allows us to use overlay scrollbars on future versions of Mac OS X.
3540
3541         * wtf/Platform.h:
3542
3543 2011-06-08  Oliver Hunt  <oliver@apple.com>
3544
3545         Reviewed by Geoffrey Garen.
3546
3547         Add faster lookup cache for multi character identifiers
3548         https://bugs.webkit.org/show_bug.cgi?id=62327
3549
3550         Add a non-hash lookup for mutiple character identifiers.  This saves us from
3551         adding repeated identifiers to the ParserArena's identifier list as people
3552         tend to not start all their variables and properties with the same character
3553         and happily identifier locality works in our favour.
3554
3555         * parser/ParserArena.h:
3556         (JSC::IdentifierArena::isEmpty):
3557         (JSC::IdentifierArena::clear):
3558         (JSC::IdentifierArena::makeIdentifier):
3559
3560 2011-06-08  Geoffrey Garen  <ggaren@apple.com>
3561
3562         Reviewed by Oliver Hunt.
3563
3564         Took some responsibilities away from NewSpace
3565         https://bugs.webkit.org/show_bug.cgi?id=62325
3566         
3567         NewSpace is basically just an allocator now.
3568         
3569         Heap acts as a controller, responsible for managing the set of all
3570         MarkedBlocks.
3571         
3572         This is in preparation for moving parts of the controller logic into
3573         separate helper classes that can act on arbitrary sets of MarkedBlocks
3574         that may or may not be in NewSpace.
3575
3576         * heap/Heap.cpp:
3577         (JSC::Heap::Heap):
3578         (JSC::Heap::destroy):
3579         (JSC::Heap::allocate):
3580         (JSC::Heap::markRoots):
3581         (JSC::Heap::clearMarks):
3582         (JSC::Heap::sweep):
3583         (JSC::Heap::objectCount):
3584         (JSC::Heap::size):
3585         (JSC::Heap::capacity):
3586         (JSC::Heap::collect):
3587         (JSC::Heap::resetAllocator):
3588         (JSC::Heap::allocateBlock):
3589         (JSC::Heap::freeBlocks):
3590         (JSC::Heap::shrink): Moved the set of MarkedBlocks from NewSpace to Heap,
3591         along with all functions that operate on the set of MarkedBlocks. Also
3592         moved responsibility for deciding whether to allocate a new MarkedBlock,
3593         and for allocating it.
3594
3595         * heap/Heap.h:
3596         (JSC::Heap::contains):
3597         (JSC::Heap::forEach): Ditto.
3598
3599         * heap/NewSpace.cpp:
3600         (JSC::NewSpace::addBlock):
3601         (JSC::NewSpace::removeBlock):
3602         (JSC::NewSpace::resetAllocator):
3603         * heap/NewSpace.h:
3604         (JSC::NewSpace::waterMark):
3605         (JSC::NewSpace::allocate): Ditto.
3606
3607 2011-06-08  Geoffrey Garen  <ggaren@apple.com>
3608
3609         Reviewed by Oliver Hunt.
3610
3611         Some more MarkedSpace => NewSpace renaming
3612         https://bugs.webkit.org/show_bug.cgi?id=62305
3613
3614         * JavaScriptCore.exp:
3615         * JavaScriptCore.order:
3616         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3617         * heap/Heap.cpp:
3618         (JSC::Heap::Heap):
3619         (JSC::Heap::destroy):
3620         (JSC::Heap::reportExtraMemoryCostSlowCase):
3621         (JSC::Heap::allocate):
3622         (JSC::Heap::markRoots):
3623         (JSC::Heap::objectCount):
3624         (JSC::Heap::size):
3625         (JSC::Heap::capacity):
3626         (JSC::Heap::collect):
3627         (JSC::Heap::isValidAllocation):
3628         * heap/Heap.h:
3629         (JSC::Heap::markedSpace):
3630         (JSC::Heap::contains):
3631         (JSC::Heap::forEach):
3632         (JSC::Heap::allocate):
3633         * runtime/JSCell.h:
3634
3635 2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
3636
3637         Reviewed by Eric Seidel.
3638
3639         Add export macros to profiler headers.
3640         https://bugs.webkit.org/show_bug.cgi?id=27551
3641
3642         * profiler/Profiler.h:
3643
3644 2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
3645
3646         Reviewed by Eric Seidel.
3647
3648         Add export symbols to parser headers.
3649         https://bugs.webkit.org/show_bug.cgi?id=27551
3650
3651         * parser/SourceProviderCache.h:
3652
3653 2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
3654
3655         Reviewed by Eric Seidel.
3656
3657         Add export symbols to interpreter headers.
3658         https://bugs.webkit.org/show_bug.cgi?id=27551
3659
3660         * interpreter/Interpreter.h:
3661
3662 2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
3663
3664         Reviewed by Eric Seidel.
3665
3666         Add export symbols to debugger headers.
3667         https://bugs.webkit.org/show_bug.cgi?id=27551
3668
3669         * debugger/Debugger.h:
3670         * debugger/DebuggerCallFrame.h:
3671
3672 2011-06-08  Geoffrey Garen  <ggaren@apple.com>
3673
3674         Reviewed by Darin Adler.
3675
3676         Moved MarkedSpace.* to NewSpace.* in preparation for more renaming
3677         https://bugs.webkit.org/show_bug.cgi?id=62268
3678
3679         * CMakeLists.txt:
3680         * GNUmakefile.list.am:
3681         * JavaScriptCore.gypi:
3682         * JavaScriptCore.pro:
3683         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3684         * JavaScriptCore.xcodeproj/project.pbxproj:
3685         * heap/Heap.h:
3686         * heap/MarkedBlock.h:
3687         * heap/MarkedSpace.cpp: Removed.
3688         * heap/MarkedSpace.h: Removed.
3689         * heap/NewSpace.cpp: Copied from Source/JavaScriptCore/heap/MarkedSpace.cpp.
3690         * heap/NewSpace.h: Copied from Source/JavaScriptCore/heap/MarkedSpace.h.
3691
3692 2011-06-08  Sheriff Bot  <webkit.review.bot@gmail.com>
3693
3694         Unreviewed, rolling out r88365.
3695         http://trac.webkit.org/changeset/88365
3696         https://bugs.webkit.org/show_bug.cgi?id=62301
3697
3698         windows bots broken (Requested by loislo_ on #webkit).
3699
3700         * JavaScriptCore.exp:
3701
3702 2011-06-08  Ryan Sleevi  <rsleevi@chromium.org>
3703
3704         Reviewed by Tony Chang.
3705
3706         Suppress C++0x compat warnings when compiling Chromium port with GCC 4.6
3707
3708         Compiling Chromium port under GCC 4.6 produces warnings about nullptr
3709         https://bugs.webkit.org/show_bug.cgi?id=62242
3710
3711         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3712
3713 2011-06-08  Ademar de Souza Reis Jr.  <ademar.reis@openbossa.org>
3714
3715         Reviewed by Andreas Kling.
3716
3717         Webkit on SPARC Solaris has wrong endian
3718         https://bugs.webkit.org/show_bug.cgi?id=29407
3719
3720         Bug 57256 fixed one crash on misaligned reads on sparc/solaris, but
3721         there are more ocurrences of the same code pattern in webkit.
3722
3723         This patch includes the check on these other parts of the code.
3724
3725         This is a speculative fix, I don't have a sparc machine to test and
3726         don't know which kind of test would trigger a crash (but it's quite
3727         obvious that it's the same code duplicated in different files).
3728
3729         * runtime/UString.h:
3730         (JSC::UStringHash::equal):
3731         * wtf/text/StringHash.h:
3732         (WTF::StringHash::equal):
3733
3734 2011-06-08  Yael Aharon  <yael.aharon@nokia.com>
3735
3736         Reviewed by Andreas Kling.
3737
3738         [Qt] Build fix for building QtWebKit inside of Qt.
3739         https://bugs.webkit.org/show_bug.cgi?id=62280
3740
3741         Remove CONFIG=staticlib, because it causes the configure script to add -ljavascriptcore
3742         into QtWebKit.prl.
3743
3744         No new tests, as this is just a build fix.
3745
3746         * JavaScriptCore.pri:
3747
3748 2011-06-07  Geoffrey Garen  <ggaren@apple.com>
3749
3750         Reviewed by Oliver Hunt.
3751
3752         Split 'reset' into 'collect' and 'resetAllocator'
3753         https://bugs.webkit.org/show_bug.cgi?id=62267
3754
3755         * heap/Heap.cpp:
3756         (JSC::Heap::allocate):
3757         (JSC::Heap::collectAllGarbage):
3758         (JSC::Heap::collect):
3759         * heap/Heap.h:
3760         * heap/MarkedBlock.h:
3761         (JSC::MarkedBlock::resetAllocator):
3762         * heap/MarkedSpace.cpp:
3763         (JSC::MarkedSpace::resetAllocator):
3764         * heap/MarkedSpace.h:
3765         (JSC::MarkedSpace::SizeClass::resetAllocator):
3766
3767 2011-06-07  Geoffrey Garen  <ggaren@apple.com>
3768
3769         Reviewed by Sam Weinig.
3770
3771         Renamed some more marks to visits
3772         https://bugs.webkit.org/show_bug.cgi?id=62254
3773
3774         * heap/HandleHeap.cpp:
3775         (JSC::HandleHeap::visitStrongHandles):
3776         (JSC::HandleHeap::visitWeakHandles):
3777         * heap/HandleHeap.h:
3778         * heap/HandleStack.cpp:
3779         (JSC::HandleStack::visit):
3780         * heap/HandleStack.h:
3781         * heap/Heap.cpp:
3782         (JSC::Heap::markProtectedObjects):
3783         (JSC::Heap::markTempSortVectors):
3784         (JSC::Heap::markRoots):
3785         * heap/HeapRootVisitor.h:
3786         (JSC::HeapRootVisitor::visit):
3787         * runtime/ArgList.cpp:
3788         (JSC::MarkedArgumentBuffer::markLists):
3789
3790 2011-06-07  Gavin Barraclough  <barraclough@apple.com>
3791
3792         Reviewed by Sam Weinig
3793
3794         https://bugs.webkit.org/show_bug.cgi?id=55537
3795         Functions claim to have 'callee' which they actually don't (and shouldn't)
3796
3797         * JavaScriptCore.xcodeproj/project.pbxproj:
3798         * runtime/JSFunction.cpp:
3799         (JSC::JSFunction::getOwnPropertyNames):
3800
3801 2011-06-07  Juan C. Montemayor  <jmont@apple.com>
3802
3803         Reviewed by Darin Adler.
3804
3805         Make JSStaticFunction and JSStaticValue less "const"
3806         https://bugs.webkit.org/show_bug.cgi?id=62222
3807
3808         * API/JSObjectRef.h:
3809         * API/tests/testapi.c:
3810         (checkConstnessInJSObjectNames):
3811         (main):
3812         * JavaScriptCore.xcodeproj/project.pbxproj:
3813
3814 2011-06-07  Gavin Barraclough  <barraclough@apple.com>
3815
3816         Reviewed by Sam Weinig.
3817
3818         https://bugs.webkit.org/show_bug.cgi?id=62240
3819         DFG JIT - add support for for-loop array initialization.
3820
3821         Support put by val beyond vector length.
3822         Add a operationPutByValBeyondArrayBounds operation, make
3823         PutValVal call this if the vector length check fails.
3824
3825         * dfg/DFGJITCodeGenerator.h:
3826         (JSC::DFG::JITCodeGenerator::silentSpillGPR):
3827         (JSC::DFG::JITCodeGenerator::silentFillGPR):
3828         (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
3829         (JSC::DFG::JITCodeGenerator::isDoubleConstantWithInt32Value):
3830         (JSC::DFG::JITCodeGenerator::isJSConstantWithInt32Value):
3831         (JSC::DFG::JITCodeGenerator::isIntegerConstant):
3832         (JSC::DFG::JITCodeGenerator::valueOfIntegerConstant):
3833         * dfg/DFGOperations.cpp:
3834         (JSC::DFG::operationPutByValInternal):
3835         * dfg/DFGOperations.h:
3836         * dfg/DFGSpeculativeJIT.cpp:
3837         (JSC::DFG::SpeculativeJIT::compile):
3838         * dfg/DFGSpeculativeJIT.h:
3839
3840 2011-06-06  James Simonsen  <simonjam@chromium.org>
3841
3842         Reviewed by James Robinson.
3843
3844         Add monotonicallyIncreasingTime() to get monotonically increasing time
3845         https://bugs.webkit.org/show_bug.cgi?id=37743
3846
3847         * wtf/CurrentTime.cpp: Add monotonicallyIncreasingTime() for mac and a fallback implementation that just wraps currentTime().
3848         (WTF::monotonicallyIncreasingTime):
3849         * wtf/CurrentTime.h: Add monotonicallyIncreasingTime().
3850
3851 2011-06-06  Alexandru Chiculita  <achicu@adobe.com>
3852
3853         Reviewed by Kent Tamura.
3854
3855         Add ENABLE_CSS_EXCLUSIONS support for build-webkit script
3856         https://bugs.webkit.org/show_bug.cgi?id=61628
3857
3858         * Configurations/FeatureDefines.xcconfig:
3859
3860 2011-06-06  Mihnea Ovidenie  <mihnea@adobe.com>
3861
3862         Reviewed by Kent Tamura.
3863
3864         Add ENABLE(CSS_REGIONS) guard for CSS Regions support
3865         https://bugs.webkit.org/show_bug.cgi?id=61631
3866
3867         * Configurations/FeatureDefines.xcconfig:
3868
3869 2011-06-06  Carlos Garcia Campos  <cgarcia@igalia.com>
3870
3871         Unreviewed. Fix the GTK+ build.
3872
3873         * GNUmakefile.am: Add javascriptcore_cflags variable.
3874
3875 2011-06-04  Kevin Ollivier  <kevino@theolliviers.com>
3876
3877         [wx] Unreviewed build fix. Restore the PPC build and allow users to specify architectures
3878         to build on Mac.
3879
3880         * wtf/Platform.h:
3881
3882 2011-06-04  Gustavo Noronha Silva  <gns@gnome.org>
3883
3884         Unreviewed, MIPS build fix.
3885
3886         WebKitGTK+ tarball fails to build on MIPS.
3887         https://buildd.debian.org/status/fetch.php?pkg=webkitgtk%2B&arch=mips&ver=1.4.0-1&stamp=1304786691
3888
3889         * GNUmakefile.list.am: Add missing MIPS-related file to the list
3890         of files that are added to the tarball on make dist, and fix
3891         sorting.
3892
3893 2011-06-04  Sam Weinig  <sam@webkit.org>
3894
3895         Reviewed by Darin Adler.
3896
3897         Fix formatting of the output generated by KeywordLookupGenerator.py
3898         https://bugs.webkit.org/show_bug.cgi?id=62083
3899
3900         - Uses correct year for copyright.
3901         - Puts ending brace on same line as "else if"
3902         - Puts starting brace of function on its own line.
3903         - Adds some tasteful whitespace.
3904         - Adds comments to make clear that scopes are ending
3905         - Make macros actually split on two lines.
3906
3907         * KeywordLookupGenerator.py:
3908
3909 2011-06-04  Adam Barth  <abarth@webkit.org>
3910
3911         Reviewed by Eric Seidel.
3912
3913         KeywordLookupGenerator.py spams stdout in Chromium Linux build
3914         https://bugs.webkit.org/show_bug.cgi?id=62087
3915
3916         This action does not appear to be needed.
3917
3918         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3919
3920 2011-06-03  Oliver Hunt  <oliver@apple.com>
3921
3922         Reviewed by Maciej Stachowiak.
3923
3924         Lexer needs to provide Identifier for reserved words
3925         https://bugs.webkit.org/show_bug.cgi?id=62086
3926
3927         Alas it is necessary to provide an Identifier reference for keywords
3928         so that we can do the right thing when they're used in object literals.
3929         We now keep Identifiers for all reserved words in the CommonIdentifiers
3930         structure so that we can access them without a hash lookup.
3931
3932         * KeywordLookupGenerator.py:
3933         * parser/Lexer.cpp:
3934         (JSC::Lexer::parseIdentifier):
3935         * parser/Lexer.h:
3936         * runtime/CommonIdentifiers.cpp:
3937         (JSC::CommonIdentifiers::CommonIdentifiers):
3938         * runtime/CommonIdentifiers.h:
3939
3940 2011-06-03  Gavin Barraclough  <barraclough@apple.com>
3941
3942         Reviewed by Sam Weinig.
3943
3944         Add debug code to break on speculation failures.
3945
3946         * dfg/DFGJITCompiler.cpp:
3947         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
3948         (JSC::DFG::JITCompiler::compileFunction):
3949         * dfg/DFGNode.h:
3950
3951 2011-06-03  Gavin Barraclough  <barraclough@apple.com>
3952
3953         Reviewed by Sam Weinig.
3954
3955         https://bugs.webkit.org/show_bug.cgi?id=62082
3956         DFG JIT - bug passing arguments that need swap
3957
3958         This is really just a typo.
3959         When setting up the arguments for a call out to a C operation, we'll
3960         fail to swap arguments where this is necessary. For example, in the
3961         case of 2 arg calls, where the first argument is in %rdx & the second
3962         is in %rsi we should swap (exec will be passed in %rdi), but we don't.
3963
3964         This can also affect function calls passing three arguments.
3965
3966         * dfg/DFGJITCodeGenerator.h:
3967         (JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
3968             - Call swap with the correct arguments.
3969
3970 2011-06-03  Oliver Hunt  <oliver@apple.com>
3971
3972         Reviewed by Gavin Barraclough.
3973
3974         Force inlining of some hot lexer functions
3975         https://bugs.webkit.org/show_bug.cgi?id=62079
3976
3977         Fix more GCC stupidity
3978
3979         * parser/Lexer.h:
3980         (JSC::Lexer::isWhiteSpace):
3981         (JSC::Lexer::isLineTerminator):
3982
3983 2011-06-03  Oliver Hunt  <oliver@apple.com>
3984
3985         Reviewed by Gavin Barraclough.
3986
3987         GCC not inlining some functions that it really should be
3988         https://bugs.webkit.org/show_bug.cgi?id=62075
3989
3990         Add ALWAYS_INLINE to a number of parsing and lexing functions
3991         that should always be inlined.  This gets us ~1.4% on my ad hoc
3992         parser test.
3993
3994         * KeywordLookupGenerator.py:
3995         * parser/JSParser.cpp:
3996         (JSC::JSParser::next):
3997         (JSC::JSParser::nextTokenIsColon):
3998         (JSC::JSParser::consume):
3999         (JSC::JSParser::match):
4000         (JSC::JSParser::tokenStart):
4001         (JSC::JSParser::tokenLine):
4002         (JSC::JSParser::tokenEnd):
4003         * parser/Lexer.cpp:
4004         (JSC::isIdentPart):
4005
4006 2011-06-03  Oliver Hunt  <oliver@apple.com>
4007
4008         Whoops, fix last minute bug.
4009
4010         * parser/Lexer.cpp:
4011         (JSC::Lexer::parseIdentifier):
4012
4013 2011-06-03  Martin Robinson  <mrobinson@igalia.com>
4014
4015         Try to fix the GTK+ build.
4016
4017         * GNUmakefile.am: Clean up some spaces that should be tabs.
4018         * GNUmakefile.list.am: Add KeywordLookup.h to the source list
4019         and clean up some spaces that should be tabs.
4020
4021 2011-06-03  Oliver Hunt  <oliver@apple.com>
4022
4023         Reviewed by Geoffrey Garen.
4024
4025         Improve keyword lookup
4026         https://bugs.webkit.org/show_bug.cgi?id=61913
4027
4028         Rather than doing multiple hash lookups as we currently
4029         do when trying to identify keywords we now use an 
4030         automatically generated decision tree (essentially it's
4031         a hard coded patricia trie).  We still use the regular
4032         lookup table for the last few characters of an input as
4033         this allows us to completely skip all bounds checks.
4034
4035         * CMakeLists.txt:
4036         * DerivedSources.make:
4037         * DerivedSources.pro:
4038         * GNUmakefile.am:
4039         * JavaScriptCore.gyp/JavaScriptCore.gyp:
4040         * JavaScriptCore.xcodeproj/project.pbxproj:
4041         * KeywordLookupGenerator.py: Added.
4042         * make-generated-sources.sh:
4043         * parser/Lexer.cpp:
4044         (JSC::Lexer::internalShift):
4045         (JSC::Lexer::shift):
4046         (JSC::Lexer::parseIdentifier):
4047         * parser/Lexer.h:
4048
4049 2011-06-03  Siddharth Mathur  <siddharth.mathur@nokia.com>
4050
4051         Reviewed by Benjamin Poulain.
4052
4053         [Qt] Build flag for experimental ICU library support
4054         https://bugs.webkit.org/show_bug.cgi?id=60786
4055
4056         Adds a build-time flag (CONFIG+=use_system_icu) that enables experimental 
4057         ICU powered Unicode support. 
4058
4059         * JavaScriptCore.pri: Support for use_system_icu CONFIG flag.
4060         * wtf/unicode/qt4/UnicodeQt4.h: Guard an include file with USE(ICU_UNICODE). 
4061
4062 2011-06-03  Alexis Menard  <alexis.menard@openbossa.org>
4063
4064         Reviewed by Benjamin Poulain.
4065
4066         [Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6.
4067         https://bugs.webkit.org/show_bug.cgi?id=61957
4068
4069         When building inside the Qt source tree, qmake always append the mkspecs
4070         defines after ours. We have to workaround and make sure that we append 
4071         our flags after the qmake variable used inside Qt. This workaround was provided 
4072         by our qmake folks. We need to append in both case because qmake behave differently
4073         when called with -spec or via SUBDIR+=. This patch unbreak r87950 on Mac for Qt port.
4074
4075         * JavaScriptCore.pro:
4076
4077 2011-06-02  Jay Civelli  <jcivelli@chromium.org>
4078
4079         Reviewed by Adam Barth.
4080
4081         Added a method to generate RFC 2822 compliant date strings.
4082         https://bugs.webkit.org/show_bug.cgi?id=7169
4083
4084         * wtf/DateMath.cpp:
4085         (WTF::twoDigitStringFromNumber):
4086         (WTF::makeRFC2822DateString):
4087         * wtf/DateMath.h:
4088
4089 2011-06-02  Alexis Menard  <alexis.menard@openbossa.org>
4090