4fdec7f5dcc80f61a32353ba8926dd3b8421ccca
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-11-08  Sheriff Bot  <webkit.review.bot@gmail.com>
2
3         Unreviewed, rolling out r99647.
4         http://trac.webkit.org/changeset/99647
5         https://bugs.webkit.org/show_bug.cgi?id=71876
6
7         It broke jsc and layout tests on all bot (Requested by
8         Ossy_night on #webkit).
9
10         * assembler/MacroAssemblerARM.h:
11         (JSC::MacroAssemblerARM::supportsFloatingPoint):
12         (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
13         (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
14         (JSC::MacroAssemblerARM::supportsDoubleBitops):
15         (JSC::MacroAssemblerARM::andnotDouble):
16         * assembler/MacroAssemblerARMv7.h:
17         (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
18         (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
19         (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
20         (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
21         * assembler/MacroAssemblerMIPS.h:
22         (JSC::MacroAssemblerMIPS::andnotDouble):
23         (JSC::MacroAssemblerMIPS::supportsFloatingPoint):
24         (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
25         (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
26         (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
27         * assembler/MacroAssemblerSH4.h:
28         (JSC::MacroAssemblerSH4::supportsFloatingPoint):
29         (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
30         (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
31         (JSC::MacroAssemblerSH4::supportsDoubleBitops):
32         (JSC::MacroAssemblerSH4::andnotDouble):
33         * assembler/MacroAssemblerX86.h:
34         (JSC::MacroAssemblerX86::MacroAssemblerX86):
35         (JSC::MacroAssemblerX86::supportsFloatingPoint):
36         (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
37         (JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
38         (JSC::MacroAssemblerX86::supportsDoubleBitops):
39         * assembler/MacroAssemblerX86Common.h:
40         (JSC::MacroAssemblerX86Common::andnotDouble):
41         * assembler/MacroAssemblerX86_64.h:
42         (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
43         (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
44         (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
45         (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
46         * assembler/X86Assembler.h:
47         * dfg/DFGByteCodeParser.cpp:
48         (JSC::DFG::ByteCodeParser::handleIntrinsic):
49         * dfg/DFGSpeculativeJIT32_64.cpp:
50         (JSC::DFG::SpeculativeJIT::compile):
51         * dfg/DFGSpeculativeJIT64.cpp:
52         (JSC::DFG::SpeculativeJIT::compile):
53         * jit/ThunkGenerators.cpp:
54         (JSC::absThunkGenerator):
55         * runtime/JSGlobalData.cpp:
56
57 2011-11-08  Gavin Barraclough  <barraclough@apple.com>
58
59         Better abstract 'abs' operation through the MacroAssembler.
60         https://bugs.webkit.org/show_bug.cgi?id=71873
61
62         Reviewed by Geoff Garen.
63
64         Currently the x86 specific instruction sequence to perform a double abs
65         is duplicated throughout the JITs / thunk generators.
66
67         * assembler/MacroAssemblerARM.h:
68         (JSC::MacroAssemblerARM::supportsFloatingPoint):
69         (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
70         (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
71         (JSC::MacroAssemblerARM::supportsFloatingPointAbs):
72         (JSC::MacroAssemblerARM::absDouble):
73             - Renamed supportsFloatingPointAbs, make these methods static so that
74               we can check the JIT's capabilites before we begin compilation.
75         * assembler/MacroAssemblerARMv7.h:
76         (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
77         (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
78         (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
79         (JSC::MacroAssemblerARMv7::supportsFloatingPointAbs):
80             - Renamed supportsFloatingPointAbs, make these methods static so that
81               we can check the JIT's capabilites before we begin compilation.
82         * assembler/MacroAssemblerMIPS.h:
83         (JSC::MacroAssemblerMIPS::absDouble):
84         (JSC::MacroAssemblerMIPS::supportsFloatingPoint):
85         (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
86         (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
87         (JSC::MacroAssemblerMIPS::supportsFloatingPointAbs):
88             - Renamed supportsFloatingPointAbs, make these methods static so that
89               we can check the JIT's capabilites before we begin compilation.
90         * assembler/MacroAssemblerSH4.h:
91         (JSC::MacroAssemblerSH4::supportsFloatingPoint):
92         (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
93         (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
94         (JSC::MacroAssemblerSH4::supportsFloatingPointAbs):
95         (JSC::MacroAssemblerSH4::absDouble):
96             - Renamed supportsFloatingPointAbs, make these methods static so that
97               we can check the JIT's capabilites before we begin compilation.
98         * assembler/MacroAssemblerX86.h:
99         (JSC::MacroAssemblerX86::absDouble):
100         (JSC::MacroAssemblerX86::supportsFloatingPoint):
101         (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
102         (JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
103         (JSC::MacroAssemblerX86::supportsFloatingPointAbs):
104             - Made supports* methods static so that we can check the JIT's
105               capabilites before we begin compilation. Added absDouble.
106         * assembler/MacroAssemblerX86Common.h:
107             - Removed andnotDouble, added s_maskSignBit.
108         * assembler/MacroAssemblerX86_64.h:
109         (JSC::MacroAssemblerX86_64::absDouble):
110         (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
111         (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
112         (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
113         (JSC::MacroAssemblerX86_64::supportsFloatingPointAbs):
114             - Made supports* methods static so that we can check the JIT's
115               capabilites before we begin compilation. Added absDouble.
116         * assembler/X86Assembler.h:
117         (JSC::X86Assembler::andpd_rr):
118         (JSC::X86Assembler::andpd_mr):
119             - Added support for andpd instruction.
120         * dfg/DFGByteCodeParser.cpp:
121         (JSC::DFG::ByteCodeParser::handleIntrinsic):
122             - Added checks for supportsFloatingPointAbs, supportsFloatingPointSqrt.
123         * dfg/DFGSpeculativeJIT32_64.cpp:
124         (JSC::DFG::SpeculativeJIT::compile):
125             - Switched to use doubleAbs, we can now also reuse the operand register for the result.
126         * dfg/DFGSpeculativeJIT64.cpp:
127         (JSC::DFG::SpeculativeJIT::compile):
128             - Switched to use doubleAbs, we can now also reuse the operand register for the result.
129         * jit/ThunkGenerators.cpp:
130             - Switched to use doubleAbs.
131         (JSC::absThunkGenerator):
132         * runtime/JSGlobalData.cpp:
133             - Declared MacroAssemblerX86Common::s_maskSignBit here.
134               This is a little ugly, but it doesn't seem worth adding a whole extra .cpp
135               to the compile for just one constant.
136
137 2011-11-08  Gavin Barraclough  <barraclough@apple.com>
138
139         Move duplicates of SYMBOL_STRING* macros to the single location
140         https://bugs.webkit.org/show_bug.cgi?id=71456
141
142         Reviewed by Sam Weinig.
143
144         * JavaScriptCore.xcodeproj/project.pbxproj:
145         * dfg/DFGOperations.cpp:
146         * jit/JITStubs.cpp:
147         * wtf/InlineASM.h: Added.
148             - Moved asm related macros.
149
150 2011-11-08  Gavin Barraclough  <barraclough@apple.com>
151
152         Move code to handle 8bit regs from X86Assembler to MacroAssembler
153         https://bugs.webkit.org/show_bug.cgi?id=71867
154
155         Reviewed by Oliver Hunt.
156
157         This code is fine, but is in the wrong place really. X86 assembler should
158         basically just format up exactly the instruction you request - not expand
159         out to a set of instructions (that is what the macro assembler layer is
160         for!). For other 8-bit ops, on X86 we don't guard against clients accessing
161         the XH registers.
162
163         * assembler/MacroAssemblerX86Common.h:
164         (JSC::MacroAssemblerX86Common::store8):
165         * assembler/X86Assembler.h:
166         (JSC::X86Assembler::movb_rm):
167             - moved some code.
168
169 2011-11-08  Filip Pizlo  <fpizlo@apple.com>
170
171         Unreviewed build fix for GTK.
172
173         * GNUmakefile.list.am:
174
175 2011-11-08  Gavin Barraclough  <barraclough@apple.com>
176
177         Build fix.
178
179         * assembler/X86Assembler.h:
180
181 2011-11-08  Gavin Barraclough  <barraclough@apple.com>
182
183         Errrk, failed to commit this in last change.
184
185         * assembler/X86Assembler.h:
186
187 2011-11-08  Gavin Barraclough  <barraclough@apple.com>
188
189         Remove an unused method.
190
191         Rubber stamped by Geoff Garen.
192
193         * assembler/AbstractMacroAssembler.h:
194         * assembler/AssemblerBuffer.h:
195             - removed rewindToLabel.
196
197 2011-11-08  Gavin Barraclough  <barraclough@apple.com>
198
199         Fix OSR entry points to calculate offsets correctly WRT to branch compaction.
200         https://bugs.webkit.org/show_bug.cgi?id=71864
201
202         Reviewed by Filip Pizlo.
203
204         * assembler/LinkBuffer.h:
205         (JSC::LinkBuffer::offsetOf):
206             - We use this to return the offsets into the code of the entry points.
207         * dfg/DFGJITCompiler.cpp:
208         (JSC::DFG::JITCompiler::compileEntry):
209         (JSC::DFG::JITCompiler::compileBody):
210         (JSC::DFG::JITCompiler::compile):
211         (JSC::DFG::JITCompiler::compileFunction):
212             - Move the construction of the speculative JIT outside of
213               compileBody, such that it is still available to link the
214               OSR entry points at the point we are linking.
215         * dfg/DFGJITCompiler.h:
216         (JSC::DFG::JITCompiler::noticeOSREntry):
217             - Pass the label of the block & linkbuffer into noticeOSREntry.
218         * dfg/DFGSpeculativeJIT.cpp:
219         (JSC::DFG::SpeculativeJIT::compile):
220         (JSC::DFG::SpeculativeJIT::linkOSREntries):
221             - Moved call to noticeOSREntry until we we linking.
222         * dfg/DFGSpeculativeJIT.h:
223         * jit/JIT.cpp:
224         (JSC::JIT::privateCompileMainPass):
225         (JSC::JIT::privateCompileSlowCases):
226         (JSC::JIT::privateCompile):
227             - Moved calculation of entries until we we linking.
228         * jit/JIT.h:
229             - Removed some members.
230
231 2011-11-08  Filip Pizlo  <fpizlo@apple.com>
232
233         DFG OSR exit code should be generated by a separate compiler, not
234         related to DFG::JITCompiler
235         https://bugs.webkit.org/show_bug.cgi?id=71787
236
237         Reviewed by Gavin Barraclough.
238         
239         Moves the exitSpeculativeWithOSR() method from JITCompiler to
240         OSRExitCompiler::compileExit().
241
242         * CMakeListsEfl.txt:
243         * JavaScriptCore.xcodeproj/project.pbxproj:
244         * Target.pri:
245         * dfg/DFGJITCompiler.cpp:
246         (JSC::DFG::JITCompiler::linkOSRExits):
247         * dfg/DFGJITCompiler32_64.cpp: Removed.
248         * dfg/DFGOSRExitCompiler.h: Added.
249         (JSC::DFG::OSRExitCompiler::OSRExitCompiler):
250         * dfg/DFGOSRExitCompiler32_64.cpp: Added.
251         (JSC::DFG::OSRExitCompiler::compileExit):
252         * dfg/DFGOSRExitCompiler64.cpp: Added.
253         (JSC::DFG::OSRExitCompiler::compileExit):
254         * runtime/JSValue.h:
255
256 2011-11-08  Filip Pizlo  <fpizlo@apple.com>
257
258         Basic DFG definitions should be moved out of DFGNode.h
259         https://bugs.webkit.org/show_bug.cgi?id=71861
260
261         Rubber-stamped by Gavin Barraclough.
262
263         * JavaScriptCore.xcodeproj/project.pbxproj:
264         * dfg/DFGCommon.h: Added.
265         (JSC::DFG::NodeIndexTraits::defaultValue):
266         * dfg/DFGNode.h:
267         * dfg/DFGOSRExit.h:
268         * dfg/DFGRegisterBank.h:
269
270 2011-11-08  Michael Saboff  <msaboff@apple.com>
271
272         Towards 8 Bit Strings: Templatize JSC::Parser class by Lexer type
273         https://bugs.webkit.org/show_bug.cgi?id=71761
274
275         Templatized Parser based on Lexer<T>. Moved two enums,
276         SourceElementsMode and FunctionRequirements out of Parser definition
277         to work around a clang compiler defect.
278
279         Cleaned up SourceCode data() to return StringImpl* and eliminated
280         the recently added stringData() virtual method.
281
282         To keep code in Parser.cpp and keep Parser.h small, the two flavors
283         of Parser are explicitly instantiated at the end of Parser.cpp.
284
285         Reviewed by Gavin Barraclough.
286
287         * interpreter/Interpreter.cpp:
288         (JSC::appendSourceToError):
289         * parser/Lexer.cpp:
290         (JSC::::setCode):
291         (JSC::::sourceCode):
292         * parser/Parser.cpp:
293         (JSC::::Parser):
294         (JSC::::~Parser):
295         (JSC::::parseInner):
296         (JSC::::didFinishParsing):
297         (JSC::::allowAutomaticSemicolon):
298         (JSC::::parseSourceElements):
299         (JSC::::parseVarDeclaration):
300         (JSC::::parseConstDeclaration):
301         (JSC::::parseDoWhileStatement):
302         (JSC::::parseWhileStatement):
303         (JSC::::parseVarDeclarationList):
304         (JSC::::parseConstDeclarationList):
305         (JSC::::parseForStatement):
306         (JSC::::parseBreakStatement):
307         (JSC::::parseContinueStatement):
308         (JSC::::parseReturnStatement):
309         (JSC::::parseThrowStatement):
310         (JSC::::parseWithStatement):
311         (JSC::::parseSwitchStatement):
312         (JSC::::parseSwitchClauses):
313         (JSC::::parseSwitchDefaultClause):
314         (JSC::::parseTryStatement):
315         (JSC::::parseDebuggerStatement):
316         (JSC::::parseBlockStatement):
317         (JSC::::parseStatement):
318         (JSC::::parseFormalParameters):
319         (JSC::::parseFunctionBody):
320         (JSC::::parseFunctionInfo):
321         (JSC::::parseFunctionDeclaration):
322         (JSC::::parseExpressionOrLabelStatement):
323         (JSC::::parseExpressionStatement):
324         (JSC::::parseIfStatement):
325         (JSC::::parseExpression):
326         (JSC::::parseAssignmentExpression):
327         (JSC::::parseConditionalExpression):
328         (JSC::::isBinaryOperator):
329         (JSC::::parseBinaryExpression):
330         (JSC::::parseProperty):
331         (JSC::::parseObjectLiteral):
332         (JSC::::parseStrictObjectLiteral):
333         (JSC::::parseArrayLiteral):
334         (JSC::::parsePrimaryExpression):
335         (JSC::::parseArguments):
336         (JSC::::parseMemberExpression):
337         (JSC::::parseUnaryExpression):
338         * parser/Parser.h:
339         (JSC::::parse):
340         (JSC::parse):
341         * parser/SourceCode.h:
342         (JSC::SourceCode::data):
343         (JSC::SourceCode::subExpression):
344         * parser/SourceProvider.h:
345         (JSC::UStringSourceProvider::data):
346
347 2011-11-08  Gavin Barraclough  <barraclough@apple.com>
348
349         Fix PropertyAccessRecords in DFG JIT to take account of branch compaction.
350         https://bugs.webkit.org/show_bug.cgi?id=71855
351
352         Reviewed by Filip Pizlo.
353
354         The DFG JIT presently calculates a set of offsets early, before branches have been compacted.
355         This won't work on ARMv7.
356
357         * assembler/AbstractMacroAssembler.h:
358         (JSC::AbstractMacroAssembler::differenceBetweenCodePtr):
359         * assembler/LinkBuffer.h:
360         (JSC::LinkBuffer::locationOf):
361         * dfg/DFGJITCodeGenerator32_64.cpp:
362         (JSC::DFG::JITCodeGenerator::cachedGetById):
363         (JSC::DFG::JITCodeGenerator::cachedPutById):
364         * dfg/DFGJITCodeGenerator64.cpp:
365         (JSC::DFG::JITCodeGenerator::cachedGetById):
366         (JSC::DFG::JITCodeGenerator::cachedPutById):
367         * dfg/DFGJITCompiler.cpp:
368         (JSC::DFG::JITCompiler::link):
369         * dfg/DFGJITCompiler.h:
370         (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
371         (JSC::DFG::JITCompiler::addPropertyAccess):
372
373 2011-11-08  Gavin Barraclough  <barraclough@apple.com>
374
375         DFG JIT calculation of OSR entry points is not THUMB2 safe
376         https://bugs.webkit.org/show_bug.cgi?id=71852
377
378         Reviewed by Oliver Hunt.
379
380         Executable addresses are tagged with a low bit set to distinguish
381         between THUMB2 and traditional ARM.
382
383         * dfg/DFGJITCompiler.cpp:
384         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
385         * dfg/DFGJITCompiler32_64.cpp:
386         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
387         * dfg/DFGOSREntry.cpp:
388         (JSC::DFG::prepareOSREntry):
389         * jit/JITCode.h:
390         (JSC::JITCode::executableAddressAtOffset):
391         (JSC::JITCode::start):
392         (JSC::JITCode::size):
393
394 2011-11-08  Michael Saboff  <msaboff@apple.com>
395
396         JSC::Parser::Parser leaks Lexer member
397         https://bugs.webkit.org/show_bug.cgi?id=71847
398
399         Changed m_lexer member of Parser to be OwnPtr to fix a memory leak.
400
401         Reviewed by Oliver Hunt.
402
403         * parser/Parser.cpp:
404         (JSC::Parser::Parser):
405         (JSC::Parser::parseFunctionBody):
406         * parser/Parser.h:
407
408 2011-11-08  Yuqiang Xian  <yuqiang.xian@intel.com>
409
410         Enable DFG JIT by default on X86 Linux and Mac platforms
411         https://bugs.webkit.org/show_bug.cgi?id=71686
412
413         Reviewed by Filip Pizlo.
414
415         We can get 9% on SunSpider, 89% on Kraken and 37% on V8, on Linux X86.
416
417         * wtf/Platform.h:
418
419 2011-11-08  Yuqiang Xian  <yuqiang.xian@intel.com>
420
421         DFG 32_64 - update make lists for efl, gtk, and Qt ports with DFG change r99519
422         https://bugs.webkit.org/show_bug.cgi?id=71768
423
424         Reviewed by Geoffrey Garen.
425
426         Also includes a fix to make the newly introduced AssemblyHelpers
427         friend of JSValue as we need the Tag definitions.
428
429         * CMakeListsEfl.txt:
430         * GNUmakefile.list.am:
431         * Target.pri:
432         * runtime/JSValue.h:
433
434 2011-11-07  Yuqiang Xian  <yuqiang.xian@intel.com>
435
436         Fix gcc 4.4 compilation warnings in DFG 32_64
437         https://bugs.webkit.org/show_bug.cgi?id=71762
438
439         Reviewed by Filip Pizlo.
440
441         * dfg/DFGJITCodeGenerator.h:
442         (JSC::DFG::JITCodeGenerator::registersMatched):
443
444 2011-11-07  Filip Pizlo  <fpizlo@apple.com>
445
446         DFG code base should allow for classes not related to DFG::JITCompiler
447         to use DFG idioms
448         https://bugs.webkit.org/show_bug.cgi?id=71746
449
450         Reviewed by Gavin Barraclough.
451
452         * JavaScriptCore.xcodeproj/project.pbxproj:
453         * dfg/DFGAssemblyHelpers.cpp: Added.
454         (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
455         (JSC::DFG::AssemblyHelpers::emitCount):
456         (JSC::DFG::AssemblyHelpers::setSamplingFlag):
457         (JSC::DFG::AssemblyHelpers::clearSamplingFlag):
458         (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
459         (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
460         (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
461         (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
462         (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
463         * dfg/DFGAssemblyHelpers.h: Added.
464         * dfg/DFGJITCompiler.cpp:
465         * dfg/DFGJITCompiler.h:
466         (JSC::DFG::JITCompiler::JITCompiler):
467         (JSC::DFG::JITCompiler::graph):
468         * dfg/DFGJITCompiler32_64.cpp:
469         * dfg/DFGOSRExit.h: Added.
470         (JSC::DFG::SpeculationRecovery::SpeculationRecovery):
471         (JSC::DFG::SpeculationRecovery::type):
472         (JSC::DFG::SpeculationRecovery::dest):
473         (JSC::DFG::SpeculationRecovery::src):
474         (JSC::DFG::OSRExit::numberOfRecoveries):
475         (JSC::DFG::OSRExit::valueRecovery):
476         (JSC::DFG::OSRExit::isArgument):
477         (JSC::DFG::OSRExit::isVariable):
478         (JSC::DFG::OSRExit::argumentForIndex):
479         (JSC::DFG::OSRExit::variableForIndex):
480         (JSC::DFG::OSRExit::operandForArgument):
481         (JSC::DFG::OSRExit::operandForIndex):
482         * dfg/DFGSpeculativeJIT.h:
483
484 2011-11-07  Filip Pizlo  <fpizlo@apple.com>
485
486         Switch back to 1+1 value profiling buckets, since it didn't help on arewefastyet,
487         but it appears to help on other benchmarks.
488
489         Rubber stamped by Oliver Hunt.
490
491         * bytecode/ValueProfile.h:
492
493 2011-11-07  Ariya Hidayat  <ariya@sencha.com>
494
495         "use strict" can not contain escape sequences or line continuation
496         https://bugs.webkit.org/show_bug.cgi?id=71532
497
498         Reviewed by Darin Adler.
499
500         Store the actual literal length (before the escapes and line
501         continuation are encoded) while parsing the directive and use it
502         for the directive comparison.
503
504         * parser/Parser.cpp:
505         (JSC::Parser::parseSourceElements):
506         (JSC::Parser::parseStatement):
507         * parser/Parser.h:
508
509 2011-11-06  Filip Pizlo  <fpizlo@apple.com>
510
511         DFG operationCreateThis slow path may get the wrong callee in case of inlining
512         https://bugs.webkit.org/show_bug.cgi?id=71647
513
514         Reviewed by Oliver Hunt.
515         
516         No new tests because I only saw this manifest itself when I had other bugs
517         leading to spurious slow path executions.
518
519         * dfg/DFGJITCodeGenerator.h:
520         (JSC::DFG::callOperation):
521         * dfg/DFGOperations.cpp:
522         * dfg/DFGOperations.h:
523         * dfg/DFGSpeculativeJIT32_64.cpp:
524         (JSC::DFG::SpeculativeJIT::compile):
525         * dfg/DFGSpeculativeJIT64.cpp:
526         (JSC::DFG::SpeculativeJIT::compile):
527
528 2011-11-07  Mark Hahnenberg  <mhahnenberg@apple.com>
529
530         De-virtualize JSObject::putWithAttributes
531         https://bugs.webkit.org/show_bug.cgi?id=71716
532
533         Reviewed by Darin Adler.
534
535         Added putWithAttributes to the MethodTable, changed all the virtual 
536         implementations of putWithAttributes to static ones, and replaced 
537         all call sites with corresponding lookups in the MethodTable.
538
539         * API/JSObjectRef.cpp:
540         (JSObjectSetProperty):
541         * JavaScriptCore.exp:
542         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
543         * debugger/DebuggerActivation.cpp:
544         (JSC::DebuggerActivation::putWithAttributes):
545         * debugger/DebuggerActivation.h:
546         * interpreter/Interpreter.cpp:
547         (JSC::Interpreter::execute):
548         * runtime/ClassInfo.h:
549         * runtime/JSActivation.cpp:
550         (JSC::JSActivation::putWithAttributes):
551         * runtime/JSActivation.h:
552         * runtime/JSCell.cpp:
553         (JSC::JSCell::putWithAttributes):
554         * runtime/JSCell.h:
555         * runtime/JSGlobalObject.cpp:
556         (JSC::JSGlobalObject::putWithAttributes):
557         * runtime/JSGlobalObject.h:
558         * runtime/JSObject.cpp:
559         (JSC::JSObject::putWithAttributes):
560         (JSC::putDescriptor):
561         * runtime/JSObject.h:
562         * runtime/JSStaticScopeObject.cpp:
563         (JSC::JSStaticScopeObject::putWithAttributes):
564         * runtime/JSStaticScopeObject.h:
565         * runtime/JSVariableObject.cpp:
566         (JSC::JSVariableObject::putWithAttributes):
567         * runtime/JSVariableObject.h:
568
569 2011-11-07  Dmitry Lomov  <dslomov@google.com>
570
571         Unreviewed. Release build fix.
572
573         * parser/Lexer.cpp:
574         (JSC::assertCharIsIn8BitRange):
575
576 2011-11-07  Filip Pizlo  <fpizlo@apple.com>
577
578         Switch the value profiler back to 8 buckets, because we suspect that while this
579         is more expensive it's also more stable.
580
581         Rubber stamped by Geoff Garen.
582
583         * bytecode/ValueProfile.h:
584
585 2011-11-07  Andrew Wason  <rectalogic@rectalogic.com>
586
587         Uninitialized Heap member var
588         https://bugs.webkit.org/show_bug.cgi?id=71722
589
590         Reviewed by Filip Pizlo.
591
592         * heap/Heap.cpp:
593         (JSC::Heap::Heap): Initialize m_blockFreeingThreadShouldQuit
594
595 2011-11-07  Yuqiang Xian  <yuqiang.xian@intel.com>
596
597         DFG 32_64 - registers cannot be reused arbitrarily if speculation failures are possible
598         https://bugs.webkit.org/show_bug.cgi?id=71684
599
600         Reviewed by Filip Pizlo.
601
602         Currently in DFG JIT, we try to reuse the physical register of an
603         operand for temporary usage if the current use of the operand is the
604         last use. But sometimes this can be wrong, for example if there are
605         possible speculation failures and we need to fallback to baseline JIT,
606         the value of the operand which is supposed to be hold in the physical
607         register can be modified by register reusing. The fixes the last
608         inspector failures in layout test on Mac 32-bit if switching on DFG.
609
610         * dfg/DFGSpeculativeJIT32_64.cpp:
611         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
612         (JSC::DFG::SpeculativeJIT::compile):
613
614 2011-11-07  Ryosuke Niwa  <rniwa@webkit.org>
615
616         REGRESSION(r99436): Broke Snow Leopard debug build
617         https://bugs.webkit.org/show_bug.cgi?id=71713
618
619         Reviewed by Darin Adler.
620
621         Put the assertion in a template and use template specialization
622         to avoid warning when instantiated with UChar or LChar.
623
624         In the long term, we should have traits for unsigned integral types
625         and use that to specialize template instead of specializing it for UChar and LChar.
626
627         * parser/Lexer.cpp:
628         (JSC::assertCharIsIn8BitRange):
629         (JSC::::append8):
630
631 2011-11-07  ChangSeok Oh  <shivamidow@gmail.com>
632
633         [EFL] Support requestAnimationFrame API
634         https://bugs.webkit.org/show_bug.cgi?id=67112
635
636         Reviewed by Andreas Kling.
637
638         Let EFL port use REQUEST_ANIMATION_FRAME_TIMER.
639
640         * wtf/Platform.h:
641
642 2011-11-07  Michael Saboff  <msaboff@apple.com>
643
644         Towards 8 Bit Strings: Templatize JSC::Lexer class by character type
645         https://bugs.webkit.org/show_bug.cgi?id=71331
646
647         Change the Lexer class to be a template class based on the character
648         type of the source.  In the process updated the parseIdentifier()
649         and parseString() methods to create 8 bit strings where possible.
650         Also added some helper methods for accumulating temporary string
651         data in the 8 and 16 bit vectors.
652
653         Changed the SourceProvider::data() virtual method to return a
654         StringImpl* instead of a UChar*.
655
656         Updated the KeywordLookup generator to create code to match keywords
657         for both 8 and 16 bit source strings.
658
659         Due to a compiler bug (<rdar://problem/10194295>) moved enum
660         definition outside of Lexer class declaration.  Remove second enum
661         no longer needed.
662
663         Reviewed by Darin Adler.
664
665         * KeywordLookupGenerator.py:
666         * interpreter/Interpreter.cpp:
667         (JSC::Interpreter::callEval):
668         * parser/Lexer.cpp:
669         (JSC::::Lexer):
670         (JSC::::~Lexer):
671         (JSC::::getInvalidCharMessage):
672         (JSC::::currentCharacter):
673         (JSC::::setCode):
674         (JSC::::internalShift):
675         (JSC::::shift):
676         (JSC::::peek):
677         (JSC::::getUnicodeCharacter):
678         (JSC::::shiftLineTerminator):
679         (JSC::::lastTokenWasRestrKeyword):
680         (JSC::::record8):
681         (JSC::::append8):
682         (JSC::::append16):
683         (JSC::::record16):
684         (JSC::::parseIdentifier):
685         (JSC::::parseIdentifierSlowCase):
686         (JSC::::parseString):
687         (JSC::::parseStringSlowCase):
688         (JSC::::parseHex):
689         (JSC::::parseOctal):
690         (JSC::::parseDecimal):
691         (JSC::::parseNumberAfterDecimalPoint):
692         (JSC::::parseNumberAfterExponentIndicator):
693         (JSC::::parseMultilineComment):
694         (JSC::::nextTokenIsColon):
695         (JSC::::lex):
696         (JSC::::scanRegExp):
697         (JSC::::skipRegExp):
698         (JSC::::clear):
699         (JSC::::sourceCode):
700         * parser/Lexer.h:
701         (JSC::Lexer::append16):
702         (JSC::Lexer::currentOffset):
703         (JSC::Lexer::setOffsetFromCharOffset):
704         (JSC::::isWhiteSpace):
705         (JSC::::isLineTerminator):
706         (JSC::::convertHex):
707         (JSC::::convertUnicode):
708         (JSC::::makeIdentifier):
709         (JSC::::setCodeStart):
710         (JSC::::makeIdentifierLCharFromUChar):
711         (JSC::::lexExpectIdentifier):
712         * parser/Parser.cpp:
713         (JSC::Parser::Parser):
714         (JSC::Parser::parseProperty):
715         (JSC::Parser::parseMemberExpression):
716         * parser/Parser.h:
717         (JSC::Parser::next):
718         (JSC::Parser::nextExpectIdentifier):
719         * parser/ParserArena.h:
720         (JSC::IdentifierArena::makeIdentifier):
721         (JSC::IdentifierArena::makeIdentifierLCharFromUChar):
722         * parser/SourceCode.h:
723         (JSC::SourceCode::subExpression):
724         * parser/SourceProvider.h:
725         (JSC::UStringSourceProvider::stringData):
726         * parser/SourceProviderCache.h:
727         * parser/SyntaxChecker.h:
728         * runtime/FunctionPrototype.cpp:
729         (JSC::insertSemicolonIfNeeded):
730         * runtime/Identifier.cpp:
731         (JSC::IdentifierTable::add):
732         (JSC::IdentifierLCharFromUCharTranslator::hash):
733         (JSC::IdentifierLCharFromUCharTranslator::equal):
734         (JSC::IdentifierLCharFromUCharTranslator::translate):
735         (JSC::Identifier::add8):
736         * runtime/Identifier.h:
737         (JSC::Identifier::Identifier):
738         (JSC::Identifier::createLCharFromUChar):
739         (JSC::Identifier::canUseSingleCharacterString):
740         (JSC::IdentifierCharBufferTranslator::hash):
741         (JSC::IdentifierCharBufferTranslator::equal):
742         (JSC::IdentifierCharBufferTranslator::translate):
743         (JSC::Identifier::add):
744         (JSC::Identifier::equal):
745         (JSC::IdentifierTable::add):
746         * runtime/JSGlobalObjectFunctions.cpp:
747         (JSC::decode):
748         (JSC::parseIntOverflow):
749         (JSC::globalFuncUnescape):
750         * runtime/JSGlobalObjectFunctions.h:
751         (JSC::parseIntOverflow):
752         * runtime/LiteralParser.cpp:
753         (JSC::LiteralParser::tryJSONPParse):
754         (JSC::LiteralParser::Lexer::lexString):
755         * wtf/text/StringImpl.h:
756
757 2011-11-07  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
758
759         [Qt] Put the jsc binary in 'bin' instead of leaving it deep in the build tree
760
761         Allows us to not package up the whole Source/JavaScriptCore directory for the
762         buildbots.
763
764         Reviewed-by Simon Hausmann.
765
766         * jsc.pro:
767
768 2011-11-06  Filip Pizlo  <fpizlo@apple.com>
769
770         REGRESSION(r99374): GTK+ build of the jsc binary doesn't like the call
771         to initializeMainThread, and crashes
772         https://bugs.webkit.org/show_bug.cgi?id=71643
773
774         Reviewed by Sam Weinig.
775
776         * jsc.cpp:
777         (main):
778
779 2011-11-06  Sam Weinig  <sam@webkit.org>
780
781         Add space missing from some class declarations
782         https://bugs.webkit.org/show_bug.cgi?id=71632
783
784         Reviewed by Anders Carlsson.
785
786         * assembler/AssemblerBufferWithConstantPool.h:
787         * bytecode/CodeBlock.h:
788         * dfg/DFGVariableAccessData.h:
789         * heap/VTableSpectrum.h:
790         * jit/ExecutableAllocator.cpp:
791         * jit/ExecutableAllocatorFixedVMPool.cpp:
792         * wtf/MetaAllocatorHandle.h:
793         * wtf/UnionFind.h:
794
795 2011-11-06  Sam Weinig  <sam@webkit.org>
796
797         Allow use of FINAL in JavaScriptCore
798         https://bugs.webkit.org/show_bug.cgi?id=71630
799
800         Reviewed by Anders Carlsson.
801
802         * Configurations/Base.xcconfig:
803         Don't warn about C++11 extensions used in C++98 mode.
804
805 2011-11-05  Filip Pizlo  <fpizlo@apple.com>
806
807         Value profiling should just use two buckets
808         https://bugs.webkit.org/show_bug.cgi?id=71619
809
810         Reviewed by Gavin Barraclough.
811         
812         Added one more configuration options (like Heuristics::minimumOptimizationDelay),
813         improved debugging in JIT optimization support, changed the number of buckets
814         in the value profile from 9 to 2, and wrote a more optimal value profiling path
815         in the old JIT to take advantage of this. It's still possible to play around with
816         larger numbers of buckets, and we should probably keep this for a little while
817         until we convince ourselves that using just two buckets is the right call.
818
819         * bytecode/CodeBlock.cpp:
820         (JSC::CodeBlock::shouldOptimizeNow):
821         * bytecode/ValueProfile.h:
822         * jit/JITInlineMethods.h:
823         (JSC::JIT::emitValueProfilingSite):
824         * jit/JITStubs.cpp:
825         (JSC::DEFINE_STUB_FUNCTION):
826         * runtime/Heuristics.cpp:
827         (JSC::Heuristics::initializeHeuristics):
828         * runtime/Heuristics.h:
829
830 2011-11-03  Filip Pizlo  <fpizlo@apple.com>
831
832         JSC should be able to sample itself in a more flexible way than just sampling flags
833         https://bugs.webkit.org/show_bug.cgi?id=71522
834
835         Reviewed by Gavin Barraclough.
836         
837         Added a construct that looks like SamplingRegion samplingRegion("name").
838
839         * JavaScriptCore.exp:
840         * JavaScriptCore.xcodeproj/project.pbxproj:
841         * bytecode/SamplingTool.cpp:
842         (JSC::SamplingRegion::Locker::Locker):
843         (JSC::SamplingRegion::Locker::~Locker):
844         (JSC::SamplingRegion::sample):
845         (JSC::SamplingRegion::dump):
846         (JSC::SamplingRegion::dumpInternal):
847         (JSC::SamplingThread::threadStartFunc):
848         * bytecode/SamplingTool.h:
849         (JSC::SamplingRegion::SamplingRegion):
850         (JSC::SamplingRegion::~SamplingRegion):
851         (JSC::SamplingRegion::exchangeCurrent):
852         * bytecompiler/BytecodeGenerator.cpp:
853         (JSC::BytecodeGenerator::generate):
854         * dfg/DFGDriver.cpp:
855         (JSC::DFG::compile):
856         * heap/Heap.cpp:
857         (JSC::Heap::markRoots):
858         (JSC::Heap::collect):
859         * heap/VTableSpectrum.cpp:
860         (JSC::VTableSpectrum::countVPtr):
861         (JSC::VTableSpectrum::dump):
862         * heap/VTableSpectrum.h:
863         * jsc.cpp:
864         (main):
865         (runWithScripts):
866         * parser/Parser.h:
867         (JSC::parse):
868         * runtime/Executable.cpp:
869         (JSC::EvalExecutable::compileInternal):
870         (JSC::ProgramExecutable::compileInternal):
871         (JSC::FunctionExecutable::compileForCallInternal):
872         (JSC::FunctionExecutable::compileForConstructInternal):
873         * wtf/Atomics.h:
874         (WTF::weakCompareAndSwap):
875         * wtf/Platform.h:
876         * wtf/Spectrum.h: Added.
877         (WTF::Spectrum::Spectrum):
878         (WTF::Spectrum::add):
879         (WTF::Spectrum::get):
880         (WTF::Spectrum::begin):
881         (WTF::Spectrum::end):
882         (WTF::Spectrum::KeyAndCount::KeyAndCount):
883         (WTF::Spectrum::KeyAndCount::operator<):
884         (WTF::Spectrum::buildList):
885         * wtf/wtf.pri:
886
887 2011-11-05  Sam Weinig  <sam@webkit.org>
888
889         Fix windows build.
890
891         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
892
893 2011-11-04  Sam Weinig  <sam@webkit.org>
894
895         Reduce the number of putWithAttributes
896         https://bugs.webkit.org/show_bug.cgi?id=71597
897
898         Reviewed by Adam Roben.
899
900         * JavaScriptCore.exp:
901         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
902         Remove exports of removed functions.
903
904         * runtime/JSActivation.cpp:
905         (JSC::JSActivation::putWithAttributes):
906         Calling the overload without the extra parameters does the same thing.
907
908         * runtime/JSObject.cpp:
909         (JSC::JSObject::putWithAttributes):
910         * runtime/JSObject.h:
911         Remove four unused JSObject::putWithAttributes overloads and make one of the remaining
912         two overloads not virtual, since no one overrides it.
913
914 2011-11-04  Pratik Solanki  <psolanki@apple.com>
915
916         sqrtDouble and andnotDouble should be declared noreturn
917         https://bugs.webkit.org/show_bug.cgi?id=71592
918
919         Reviewed by Sam Weinig.
920
921         * assembler/MacroAssemblerARMv7.h:
922
923 2011-11-04  Mark Hahnenberg  <mhahnenberg@apple.com>
924
925         De-virtualize JSObject::hasInstance
926         https://bugs.webkit.org/show_bug.cgi?id=71430
927
928         Reviewed by Darin Adler.
929
930         Added hasInstance to the MethodTable, changed all the virtual 
931         implementations of hasInstance to static ones, and replaced 
932         all call sites with corresponding lookups in the MethodTable.
933
934         * API/JSCallbackObject.h:
935         * API/JSCallbackObjectFunctions.h:
936         (JSC::::hasInstance):
937         * API/JSValueRef.cpp:
938         (JSValueIsInstanceOfConstructor):
939         * JavaScriptCore.exp:
940         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
941         * interpreter/Interpreter.cpp:
942         (JSC::Interpreter::privateExecute):
943         * jit/JITStubs.cpp:
944         (JSC::DEFINE_STUB_FUNCTION):
945         * runtime/ClassInfo.h:
946         * runtime/JSBoundFunction.cpp:
947         (JSC::JSBoundFunction::hasInstance):
948         * runtime/JSBoundFunction.h:
949         * runtime/JSCell.cpp:
950         (JSC::JSCell::hasInstance):
951         * runtime/JSCell.h:
952         * runtime/JSObject.cpp:
953         (JSC::JSObject::hasInstance):
954         * runtime/JSObject.h:
955
956 2011-11-04  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
957
958         [Qt] Refactor and clean up the qmake build system
959
960         The qmake build system has accumulated a bit of cruft and redundancy
961         over time. There's also a fairly tight coupling between how to build
962         the various targets, and _what_ to build, making it harder to add new
963         rules or sources. This patch aims to elevate these issues somewhat.
964
965         This is a short-list of the changes:
966
967           * The rules for how to build targets are now mostly contained as
968             prf-files in Tools/qmake/mkspecs/features. Using mkspecs also
969             allows us to do pre- and post-processing of each project file,
970             which helps to clean up the actual project files.
971
972           * Derived sources are no longer generated as a separate make-step
973             but is part of each target's project file as a subdir. Makefile
974             rules are used to ensure that we run make on the derived sources
975             before running qmake on the actual target makefile. This makes
976             it easier to keep a proper dependency between derived sources
977             and the target.
978
979           * We use GNU make and the compiler to generate dependencies on
980             UNIX-based systems running Qt 5. This allows us to lessen the
981             need to run qmake, which should reduce compile time.
982
983           * WebKit2 is now build by default if building with Qt 5. It can
984             be disabled by passing --no-webkit2 to build-webkit.
985
986         The result of these changes are hopefully a cleaner and easier
987         build system to modify, and faster build times due to no longer
988         running qmake on every single build. It's also a first step
989         towards possibly generating the list of sources using another
990         build system.
991
992         https://bugs.webkit.org/show_bug.cgi?id=71222
993
994         Reviewed by Simon Hausmann.
995
996         * DerivedSources.pri: Added.
997         * DerivedSources.pro: Removed.
998         * JavaScriptCore.pro:
999         * Target.pri: Copied from Source/JavaScriptCore/JavaScriptCore.pro.
1000         * headers.pri: Removed.
1001         * jsc.pro:
1002         * wtf/wtf.pri:
1003         * yarr/yarr.pri:
1004
1005 2011-11-04  Yuqiang Xian  <yuqiang.xian@intel.com>
1006
1007         More code clean-up in DFG 32_64
1008         https://bugs.webkit.org/show_bug.cgi?id=71540
1009
1010         Remove unnecessary code duplications, and fix compilation warnings.
1011
1012         Reviewed by Gavin Barraclough.
1013
1014         * dfg/DFGJITCompiler.cpp:
1015         (JSC::DFG::JITCompiler::emitCount):
1016         (JSC::DFG::JITCompiler::setSamplingFlag):
1017         (JSC::DFG::JITCompiler::clearSamplingFlag):
1018         (JSC::DFG::JITCompiler::jitAssertIsCell):
1019         * dfg/DFGJITCompiler32_64.cpp:
1020         * dfg/DFGSpeculativeJIT32_64.cpp:
1021         (JSC::DFG::SpeculativeJIT::compile):
1022
1023 2011-11-04  Csaba Osztrogonác  <ossy@webkit.org>
1024
1025         De-virtualize JSObject::hasInstance
1026         https://bugs.webkit.org/show_bug.cgi?id=71430
1027
1028         Unreviewed rolling out r99238, because it made a test crash on all platform.
1029
1030         * API/JSCallbackObject.h:
1031         * API/JSCallbackObjectFunctions.h:
1032         (JSC::::hasInstance):
1033         * API/JSValueRef.cpp:
1034         (JSValueIsInstanceOfConstructor):
1035         * JavaScriptCore.exp:
1036         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1037         * interpreter/Interpreter.cpp:
1038         (JSC::Interpreter::privateExecute):
1039         * jit/JITStubs.cpp:
1040         (JSC::DEFINE_STUB_FUNCTION):
1041         * runtime/ClassInfo.h:
1042         * runtime/JSBoundFunction.cpp:
1043         (JSC::JSBoundFunction::hasInstance):
1044         * runtime/JSBoundFunction.h:
1045         * runtime/JSCell.cpp:
1046         * runtime/JSCell.h:
1047         * runtime/JSObject.cpp:
1048         (JSC::JSObject::hasInstance):
1049         * runtime/JSObject.h:
1050
1051 2011-11-03  Mark Hahnenberg  <mhahnenberg@apple.com>
1052
1053         De-virtualize JSObject::getPropertyNames
1054         https://bugs.webkit.org/show_bug.cgi?id=71306
1055
1056         Reviewed by Darin Adler.
1057
1058         Added getPropertyNames to the MethodTable, changed all the virtual 
1059         implementations of getPropertyNames to static ones, and replaced 
1060         all call sites with corresponding lookups in the MethodTable.
1061
1062         * API/JSObjectRef.cpp:
1063         (JSObjectCopyPropertyNames):
1064         * JavaScriptCore.exp:
1065         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1066         * debugger/DebuggerActivation.cpp:
1067         (JSC::DebuggerActivation::getOwnPropertyNames):
1068         * runtime/ClassInfo.h:
1069         * runtime/JSCell.cpp:
1070         (JSC::JSCell::getPropertyNames):
1071         * runtime/JSCell.h:
1072         * runtime/JSObject.cpp:
1073         (JSC::JSObject::getPropertyNames):
1074         (JSC::JSObject::getOwnPropertyNames):
1075         * runtime/JSObject.h:
1076         * runtime/JSPropertyNameIterator.cpp:
1077         (JSC::JSPropertyNameIterator::create):
1078         * runtime/ScopeChain.cpp:
1079         (JSC::ScopeChainNode::print):
1080         * runtime/Structure.cpp:
1081         (JSC::Structure::getPropertyNamesFromStructure):
1082         * runtime/Structure.h:
1083
1084 2011-11-03  Darin Adler  <darin@apple.com>
1085
1086         Change remaining callers of releaseRef to call leakRef
1087         https://bugs.webkit.org/show_bug.cgi?id=71422
1088
1089         * wtf/text/AtomicString.cpp:
1090         (WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef.
1091
1092 2011-11-02  Darin Adler  <darin@apple.com>
1093
1094         Change remaining callers of releaseRef to call leakRef
1095         https://bugs.webkit.org/show_bug.cgi?id=71422
1096
1097         * wtf/text/AtomicString.cpp:
1098         (WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef.
1099
1100 2011-11-03  Mark Hahnenberg  <mhahnenberg@apple.com>
1101
1102         De-virtualize JSObject::hasInstance
1103         https://bugs.webkit.org/show_bug.cgi?id=71430
1104
1105         Reviewed by Darin Adler.
1106
1107         Added hasInstance to the MethodTable, changed all the virtual 
1108         implementations of hasInstance to static ones, and replaced 
1109         all call sites with corresponding lookups in the MethodTable.
1110
1111         * API/JSCallbackObject.h:
1112         * API/JSCallbackObjectFunctions.h:
1113         (JSC::::hasInstance):
1114         * API/JSValueRef.cpp:
1115         (JSValueIsInstanceOfConstructor):
1116         * JavaScriptCore.exp:
1117         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1118         * interpreter/Interpreter.cpp:
1119         (JSC::Interpreter::privateExecute):
1120         * jit/JITStubs.cpp:
1121         (JSC::DEFINE_STUB_FUNCTION):
1122         * runtime/ClassInfo.h:
1123         * runtime/JSBoundFunction.cpp:
1124         (JSC::JSBoundFunction::hasInstance):
1125         * runtime/JSBoundFunction.h:
1126         * runtime/JSCell.cpp:
1127         (JSC::JSCell::hasInstance):
1128         * runtime/JSCell.h:
1129         * runtime/JSObject.cpp:
1130         (JSC::JSObject::hasInstance):
1131         * runtime/JSObject.h:
1132
1133 2011-11-03  Filip Pizlo  <fpizlo@apple.com>
1134
1135         JIT-specific code should be able to refer to register types even on JIT-disabled builds
1136         https://bugs.webkit.org/show_bug.cgi?id=71498
1137
1138         Reviewed by Gavin Barraclough.
1139
1140         * assembler/MacroAssembler.h:
1141         (MacroAssembler::MacroAssembler):
1142
1143 2011-11-03  Mark Hahnenberg  <mhahnenberg@apple.com>
1144
1145         De-virtualize JSObject::className
1146         https://bugs.webkit.org/show_bug.cgi?id=71428
1147
1148         Reviewed by Sam Weinig.
1149
1150         Added className to the MethodTable, changed all the virtual 
1151         implementations of className to static ones, and replaced 
1152         all call sites with corresponding lookups in the MethodTable.
1153
1154         * API/JSCallbackObject.h:
1155         * API/JSCallbackObjectFunctions.h:
1156         (JSC::::className):
1157         * JavaScriptCore.exp:
1158         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1159         * debugger/DebuggerActivation.cpp:
1160         (JSC::DebuggerActivation::className):
1161         * debugger/DebuggerActivation.h:
1162         * jsc.cpp:
1163         (GlobalObject::createStructure):
1164         * profiler/Profiler.cpp:
1165         (JSC::Profiler::createCallIdentifier):
1166         * runtime/ClassInfo.h:
1167         * runtime/JSCell.cpp:
1168         (JSC::JSCell::className):
1169         * runtime/JSCell.h:
1170         * runtime/JSObject.cpp:
1171         (JSC::JSObject::className):
1172         * runtime/JSObject.h:
1173         * runtime/ObjectPrototype.cpp:
1174         (JSC::objectProtoFuncToString):
1175         * testRegExp.cpp:
1176         (GlobalObject::createStructure):
1177
1178 2011-11-02  Jer Noble  <jer.noble@apple.com>
1179
1180         Add Clock class and platform-specific implementations.
1181         https://bugs.webkit.org/show_bug.cgi?id=71341
1182
1183         Reviewed by Sam Weinig.
1184
1185         Add WTF_USE_COREAUDIO macro for use by PlatformClockCA.
1186
1187         * wtf/Platform.h:
1188
1189 2011-11-03  Pavel Feldman  <pfeldman@chromium.org>
1190
1191         Not reviewed: fixing win build. step2.
1192
1193         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1194
1195 2011-11-03  Pavel Feldman  <pfeldman@chromium.org>
1196
1197         Not reviewed: fix windows build, step1
1198
1199         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1200
1201 2011-11-03  Pavel Feldman  <pfeldman@google.com>
1202
1203         Web Inspector: preserve script location for inline handlers.
1204         https://bugs.webkit.org/show_bug.cgi?id=71367
1205
1206         Makes SourceCode factories receive TextPosition instead of the line number;
1207         Stores consistent position values in SourceCode and SourceProvider;
1208
1209         Reviewed by Yury Semikhatsky.
1210
1211         * API/JSBase.cpp:
1212         (JSEvaluateScript):
1213         (JSCheckScriptSyntax):
1214         * API/JSObjectRef.cpp:
1215         (JSObjectMakeFunction):
1216         * parser/SourceCode.h:
1217         (JSC::makeSource):
1218         * parser/SourceProvider.h:
1219         (JSC::SourceProvider::SourceProvider):
1220         (JSC::SourceProvider::startPosition):
1221         (JSC::UStringSourceProvider::create):
1222         (JSC::UStringSourceProvider::UStringSourceProvider):
1223         * runtime/FunctionConstructor.cpp:
1224         (JSC::constructFunction):
1225         (JSC::constructFunctionSkippingEvalEnabledCheck):
1226         * runtime/FunctionConstructor.h:
1227
1228 2011-11-03  Kentaro Hara  <haraken@chromium.org>
1229
1230         Fixed wrong implementation of doubleValue % 2^{64}.
1231         https://bugs.webkit.org/show_bug.cgi?id=67980
1232
1233         Reviewed by Hajime Morita.
1234
1235         fast/events/constructors/progress-event-constructor.html was failing
1236         because of the wrong implementation of conversion from an ECMAScript value
1237         to an IDL unsigned long long value (Spec: http://www.w3.org/TR/WebIDL/#es-unsigned-long-long).
1238         In particular, the calculation of doubleValue % 2^{64} was wrong.
1239         This patch implemented it correctly in doubleToInteger() in wtf/MathExtras.h.
1240
1241         * wtf/MathExtras.h:
1242         (doubleToInteger): Implemented the spec correctly.
1243
1244 2011-11-03  Sheriff Bot  <webkit.review.bot@gmail.com>
1245
1246         Unreviewed, rolling out r99089.
1247         http://trac.webkit.org/changeset/99089
1248         https://bugs.webkit.org/show_bug.cgi?id=71448
1249
1250         @plt postfix for math functions cause crash on Linux 32 (the
1251         symbol is defined but it points to NULL) (Requested by
1252         zherczeg on #webkit).
1253
1254         * dfg/DFGOperations.cpp:
1255         * jit/JITStubs.cpp:
1256         * jit/ThunkGenerators.cpp:
1257
1258 2011-11-02  Filip Pizlo  <fpizlo@apple.com>
1259
1260         DFG inlining breaks function.arguments[something] if the argument being
1261         retrieved was subjected to DFG's unboxing optimizations
1262         https://bugs.webkit.org/show_bug.cgi?id=71436
1263
1264         Reviewed by Oliver Hunt.
1265         
1266         This makes inlined arguments retrieval use some of the same machinery as
1267         OSR to determine where from, and how, to retrieve a value that the DFG
1268         might have somehow squirreled away while the old JIT would put it in its
1269         obvious location, using an obvious format.
1270         
1271         To that end, previously DFG-internal notions such as DataFormat,
1272         VirtualRegister, and ValueRecovery are now in bytecode/ since they are
1273         stored as part of InlineCallFrames.
1274
1275         * bytecode/CodeOrigin.h:
1276         * dfg/DFGAbstractState.cpp:
1277         (JSC::DFG::AbstractState::execute):
1278         * dfg/DFGByteCodeParser.cpp:
1279         (JSC::DFG::ByteCodeParser::handleInlining):
1280         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1281         * dfg/DFGJITCompiler.cpp:
1282         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1283         * dfg/DFGJITCompiler32_64.cpp:
1284         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1285         * dfg/DFGNode.h:
1286         * dfg/DFGPropagator.cpp:
1287         (JSC::DFG::Propagator::propagateNodePredictions):
1288         * dfg/DFGSpeculativeJIT.cpp:
1289         (JSC::DFG::SpeculativeJIT::compile):
1290         * dfg/DFGSpeculativeJIT64.cpp:
1291         (JSC::DFG::SpeculativeJIT::compile):
1292         * interpreter/CallFrame.cpp:
1293         (JSC::CallFrame::trueCallerFrame):
1294         * interpreter/CallFrame.h:
1295         (JSC::ExecState::inlineCallFrame):
1296         * interpreter/Register.h:
1297         (JSC::Register::asInlineCallFrame):
1298         (JSC::Register::unboxedInt32):
1299         (JSC::Register::unboxedBoolean):
1300         (JSC::Register::unboxedCell):
1301         * runtime/Arguments.h:
1302         (JSC::Arguments::finishCreationAndCopyRegisters):
1303
1304 2011-11-02  Filip Pizlo  <fpizlo@apple.com>
1305
1306         ValueRecovery should be moved out of the DFG JIT
1307         https://bugs.webkit.org/show_bug.cgi?id=71439
1308
1309         Reviewed by Oliver Hunt.
1310
1311         * JavaScriptCore.xcodeproj/project.pbxproj:
1312         * bytecode/DataFormat.h: Added.
1313         (JSC::dataFormatToString):
1314         (JSC::needDataFormatConversion):
1315         (JSC::isJSFormat):
1316         (JSC::isJSInteger):
1317         (JSC::isJSDouble):
1318         (JSC::isJSCell):
1319         (JSC::isJSBoolean):
1320         * bytecode/ValueRecovery.h: Added.
1321         (JSC::ValueRecovery::ValueRecovery):
1322         (JSC::ValueRecovery::alreadyInRegisterFile):
1323         (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedInt32):
1324         (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedCell):
1325         (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
1326         (JSC::ValueRecovery::inGPR):
1327         (JSC::ValueRecovery::inPair):
1328         (JSC::ValueRecovery::inFPR):
1329         (JSC::ValueRecovery::displacedInRegisterFile):
1330         (JSC::ValueRecovery::constant):
1331         (JSC::ValueRecovery::technique):
1332         (JSC::ValueRecovery::isInRegisters):
1333         (JSC::ValueRecovery::gpr):
1334         (JSC::ValueRecovery::tagGPR):
1335         (JSC::ValueRecovery::payloadGPR):
1336         (JSC::ValueRecovery::fpr):
1337         (JSC::ValueRecovery::virtualRegister):
1338         (JSC::ValueRecovery::dump):
1339         * bytecode/VirtualRegister.h: Added.
1340         * dfg/DFGGenerationInfo.h:
1341         (JSC::DFG::GenerationInfo::isJSFormat):
1342         * dfg/DFGSpeculativeJIT.cpp:
1343         (JSC::DFG::ValueSource::dump):
1344         * dfg/DFGSpeculativeJIT.h:
1345         * dfg/DFGVariableAccessData.h:
1346
1347 2011-11-02  Sam Weinig  <sam@webkit.org>
1348
1349         Object.getOwnPropertyDescriptor() does not retrieve the getter/setter from a property on the window that has been overridden with a getter/setter
1350         https://bugs.webkit.org/show_bug.cgi?id=71333
1351
1352         Reviewed by Gavin Barraclough.
1353
1354         Tested by fast/dom/getter-on-window-object2.html
1355
1356         * runtime/PropertyDescriptor.cpp:
1357         (JSC::PropertyDescriptor::setDescriptor):
1358         The attributes returned from Structure::get do not include Getter or Setter, so
1359         instead check if the value is a GetterSetter like we do elsewhere. If it is, update
1360         the descriptor's attributes accordingly.
1361
1362 2011-11-02  Yuqiang Xian  <yuqiang.xian@intel.com>
1363
1364         FunctionPtr should accept FASTCALL functions on X86
1365         https://bugs.webkit.org/show_bug.cgi?id=71434
1366
1367         Reviewed by Filip Pizlo.
1368
1369         On X86 we sometimes use FASTCALL convention functions, for example the
1370         cti functions, and we may need the pointers to such functions, e.g.,
1371         in current DFG register file check and arity check, though long term
1372         we may avoid such usage of cti calls in DFG.
1373
1374         * assembler/MacroAssemblerCodeRef.h:
1375         (JSC::FunctionPtr::FunctionPtr):
1376
1377 2011-11-02  Filip Pizlo  <fpizlo@apple.com>
1378
1379         Inlined uses of the global object should use the right global object
1380         https://bugs.webkit.org/show_bug.cgi?id=71427
1381
1382         Reviewed by Oliver Hunt.
1383
1384         * dfg/DFGJITCompiler.h:
1385         (JSC::DFG::JITCompiler::globalObjectFor):
1386         * dfg/DFGSpeculativeJIT64.cpp:
1387         (JSC::DFG::SpeculativeJIT::compile):
1388
1389 2011-11-02  Yuqiang Xian  <yuqiang.xian@intel.com>
1390
1391         Remove some unnecessary loads/stores in DFG JIT 32_64
1392         https://bugs.webkit.org/show_bug.cgi?id=71090
1393
1394         Reviewed by Filip Pizlo.
1395
1396         In fillSpeculateCell and OSR exit, some unnecessary loads/stores can
1397         be eliminated.
1398
1399         * dfg/DFGJITCompiler32_64.cpp:
1400         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1401         * dfg/DFGSpeculativeJIT32_64.cpp:
1402         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1403
1404 2011-11-02  Adam Klein  <adamk@chromium.org>
1405
1406         Replace usage of StringImpl with String where possible in CharacterData and Text
1407         https://bugs.webkit.org/show_bug.cgi?id=71383
1408
1409         Reviewed by Darin Adler.
1410
1411         * wtf/text/WTFString.h:
1412         (WTF::String::containsOnlyWhitespace): Added new method.
1413
1414 2011-11-02  Mark Hahnenberg  <mhahnenberg@apple.com>
1415
1416         De-virtualize JSObject::getOwnPropertyNames
1417         https://bugs.webkit.org/show_bug.cgi?id=71307
1418
1419         Reviewed by Darin Adler.
1420
1421         Added getOwnPropertyNames to the MethodTable, changed all the virtual 
1422         implementations of getOwnPropertyNames to static ones, and replaced 
1423         all call sites with corresponding lookups in the MethodTable.
1424
1425         * API/JSCallbackObject.h:
1426         * API/JSCallbackObjectFunctions.h:
1427         (JSC::::getOwnPropertyNames):
1428         * JavaScriptCore.exp:
1429         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1430         * debugger/DebuggerActivation.cpp:
1431         (JSC::DebuggerActivation::getOwnPropertyNames):
1432         * debugger/DebuggerActivation.h:
1433         * runtime/Arguments.cpp:
1434         (JSC::Arguments::getOwnPropertyNames):
1435         * runtime/Arguments.h:
1436         * runtime/ClassInfo.h:
1437         * runtime/JSActivation.cpp:
1438         (JSC::JSActivation::getOwnPropertyNames):
1439         * runtime/JSActivation.h:
1440         * runtime/JSArray.cpp:
1441         (JSC::JSArray::getOwnPropertyNames):
1442         * runtime/JSArray.h:
1443         * runtime/JSByteArray.cpp:
1444         (JSC::JSByteArray::getOwnPropertyNames):
1445         * runtime/JSByteArray.h:
1446         * runtime/JSCell.cpp:
1447         (JSC::JSCell::getOwnPropertyNames):
1448         * runtime/JSCell.h:
1449         * runtime/JSFunction.cpp:
1450         (JSC::JSFunction::getOwnPropertyNames):
1451         * runtime/JSFunction.h:
1452         * runtime/JSNotAnObject.cpp:
1453         (JSC::JSNotAnObject::getOwnPropertyNames):
1454         * runtime/JSNotAnObject.h:
1455         * runtime/JSONObject.cpp:
1456         (JSC::Stringifier::Holder::appendNextProperty):
1457         (JSC::Walker::walk):
1458         * runtime/JSObject.cpp:
1459         (JSC::JSObject::getPropertyNames):
1460         (JSC::JSObject::getOwnPropertyNames):
1461         * runtime/JSObject.h:
1462         * runtime/JSVariableObject.cpp:
1463         (JSC::JSVariableObject::~JSVariableObject):
1464         (JSC::JSVariableObject::getOwnPropertyNames):
1465         * runtime/JSVariableObject.h:
1466         * runtime/ObjectConstructor.cpp:
1467         (JSC::objectConstructorGetOwnPropertyNames):
1468         (JSC::objectConstructorKeys):
1469         (JSC::defineProperties):
1470         * runtime/RegExpMatchesArray.h:
1471         (JSC::RegExpMatchesArray::getOwnPropertyNames):
1472         * runtime/StringObject.cpp:
1473         (JSC::StringObject::getOwnPropertyNames):
1474         * runtime/StringObject.h:
1475         * runtime/Structure.h:
1476
1477 2011-11-02  Dean Jackson  <dino@apple.com>
1478
1479         Add ENABLE_CSS_SHADERS flag
1480         https://bugs.webkit.org/show_bug.cgi?id=71394
1481
1482         Reviewed by Sam Weinig.
1483
1484         * Configurations/FeatureDefines.xcconfig:
1485
1486 2011-11-02  Alexey Shabalin  <a.shabalin@gmail.com>
1487
1488         TEXTREL in libjavascriptcoregtk-1.0.so.0.11.0 on x86 (or i586)
1489         https://bugs.webkit.org/show_bug.cgi?id=70610
1490
1491         Reviewed by Martin Robinson.
1492
1493         Properly annotate ASM on BSD and Linux x86 systems.
1494
1495         * dfg/DFGOperations.cpp: Add annotation for X86.
1496         * jit/JITStubs.cpp: Ditto.
1497         * jit/ThunkGenerators.cpp: Ditto.
1498
1499 2011-11-02  Xianzhu Wang  <wangxianzhu@chromium.org>
1500
1501         Missing Force8BitConstructor in 8-bit version of StringImpl::reallocate()
1502         https://bugs.webkit.org/show_bug.cgi?id=71347
1503
1504         Reviewed by Geoffrey Garen.
1505
1506         * wtf/text/StringImpl.cpp:
1507         (WTF::StringImpl::reallocate):
1508
1509 2011-11-01  Darin Adler  <darin@apple.com>
1510
1511         Cut down on malloc/free a bit in the parser arena
1512         https://bugs.webkit.org/show_bug.cgi?id=71343
1513
1514         Reviewed by Oliver Hunt.
1515
1516         * parser/ParserArena.cpp:
1517         (JSC::ParserArena::deallocateObjects): Call the destructors of
1518         the deletable objects before freeing the pools. Don't call
1519         fastFree on the deletable objects any more.
1520
1521         * parser/ParserArena.h:
1522         (JSC::ParserArena::allocateDeletable): Use allocateFreeable
1523         instead of fastMalloc here.
1524
1525 2011-11-01  Sam Weinig  <sam@webkit.org>
1526
1527         Implement __lookupGetter__/__lookupSetter__ in terms of getPropertyDescriptor
1528         https://bugs.webkit.org/show_bug.cgi?id=71336
1529
1530         Reviewed by Darin Adler.
1531
1532         * debugger/DebuggerActivation.cpp:
1533         * debugger/DebuggerActivation.h:
1534         Remove overrides of lookupGetter/lookupSetter, which are no longer needed
1535         due to implementing getPropertyDescriptor.
1536
1537         * runtime/JSObject.cpp:
1538         (JSC::JSObject::lookupGetter):
1539         (JSC::JSObject::lookupSetter):
1540         * runtime/JSObject.h:
1541         De-virtualize lookupGetter/lookupSetter, and implement them in terms of
1542         getPropertyDescriptor.
1543
1544 2011-11-01  Mark Hahnenberg  <mhahnenberg@apple.com>
1545
1546         De-virtualize JSObject::defineSetter
1547         https://bugs.webkit.org/show_bug.cgi?id=71303
1548
1549         Reviewed by Darin Adler.
1550
1551         Added defineSetter to the MethodTable, changed all the virtual 
1552         implementations of defineSetter to static ones, and replaced 
1553         all call sites with corresponding lookups in the MethodTable.
1554
1555         * JavaScriptCore.exp:
1556         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1557         * debugger/DebuggerActivation.cpp:
1558         (JSC::DebuggerActivation::defineSetter):
1559         * debugger/DebuggerActivation.h:
1560         * interpreter/Interpreter.cpp:
1561         (JSC::Interpreter::privateExecute):
1562         * jit/JITStubs.cpp:
1563         (JSC::DEFINE_STUB_FUNCTION):
1564         * runtime/ClassInfo.h:
1565         * runtime/JSCell.cpp:
1566         (JSC::JSCell::defineSetter):
1567         * runtime/JSCell.h:
1568         * runtime/JSGlobalObject.cpp:
1569         (JSC::JSGlobalObject::defineSetter):
1570         * runtime/JSGlobalObject.h:
1571         * runtime/JSObject.cpp:
1572         (JSC::JSObject::defineSetter):
1573         (JSC::putDescriptor):
1574         * runtime/JSObject.h:
1575         * runtime/ObjectPrototype.cpp:
1576         (JSC::objectProtoFuncDefineSetter):
1577
1578 2011-11-01  Filip Pizlo  <fpizlo@apple.com>
1579
1580         DFG inlining breaks function.arguments
1581         https://bugs.webkit.org/show_bug.cgi?id=71329
1582
1583         Reviewed by Oliver Hunt.
1584         
1585         The DFG was forgetting to store code origin mappings for inlined
1586         call sites. Some of the fast-path optimizations for
1587         CallFrame::trueCallerFrame() were wrong. An assertion in Arguments
1588         was wrong.
1589         
1590         I also took the opportunity to decrease code duplication between
1591         DFG64 and DFG32_64, because I didn't feel like writing the same
1592         code twice.
1593
1594         * bytecode/CodeBlock.h:
1595         (JSC::ExecState::isInlineCallFrame):
1596         * dfg/DFGJITCompiler.cpp:
1597         (JSC::DFG::JITCompiler::compileEntry):
1598         (JSC::DFG::JITCompiler::compileBody):
1599         (JSC::DFG::JITCompiler::link):
1600         (JSC::DFG::JITCompiler::compile):
1601         (JSC::DFG::JITCompiler::compileFunction):
1602         * dfg/DFGJITCompiler32_64.cpp:
1603         * dfg/DFGNode.h:
1604         * interpreter/CallFrame.cpp:
1605         (JSC::CallFrame::trueCallerFrame):
1606         * interpreter/CallFrame.h:
1607         * runtime/Arguments.h:
1608         (JSC::Arguments::getArgumentsData):
1609
1610 2011-11-01  Xianzhu Wang  <wangxianzhu@chromium.org>
1611
1612         StringImpl::reallocate() should have a 8-bit version
1613         https://bugs.webkit.org/show_bug.cgi?id=71210
1614
1615         Reviewed by Geoffrey Garen.
1616
1617         * wtf/text/StringImpl.cpp:
1618         (WTF::StringImpl::reallocate):
1619         * wtf/text/StringImpl.h:
1620
1621 2011-10-31  Filip Pizlo  <fpizlo@apple.com>
1622
1623         The GC should be parallel
1624         https://bugs.webkit.org/show_bug.cgi?id=70995
1625
1626         Reviewed by Geoff Garen.
1627         
1628         Added parallel tracing to the GC. This works by having local mark
1629         stacks per thread, and a global shared one. Threads sometimes
1630         donate cells from the mark stack to the global one if the heuristics
1631         tell them that it's affordable to do so. Threads that have depleted
1632         their local mark stacks try to steal some from the shared one.
1633
1634         Marking is now done using an atomic weak relaxed CAS (compare-and-swap).
1635         
1636         This is a 23% speed-up on V8-splay when I use 4 marking threads,
1637         leading to a 3.5% speed-up on V8.
1638         
1639         It also appears that this reduces GC pause times on real websites by
1640         more than half.
1641
1642         * JavaScriptCore.exp:
1643         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1644         * heap/Heap.cpp:
1645         (JSC::Heap::Heap):
1646         (JSC::Heap::~Heap):
1647         (JSC::Heap::markRoots):
1648         * heap/Heap.h:
1649         * heap/MarkStack.cpp:
1650         (JSC::MarkStackSegmentAllocator::MarkStackSegmentAllocator):
1651         (JSC::MarkStackSegmentAllocator::~MarkStackSegmentAllocator):
1652         (JSC::MarkStackSegmentAllocator::allocate):
1653         (JSC::MarkStackSegmentAllocator::release):
1654         (JSC::MarkStackSegmentAllocator::shrinkReserve):
1655         (JSC::MarkStackArray::MarkStackArray):
1656         (JSC::MarkStackArray::~MarkStackArray):
1657         (JSC::MarkStackArray::expand):
1658         (JSC::MarkStackArray::refill):
1659         (JSC::MarkStackArray::donateSomeCellsTo):
1660         (JSC::MarkStackArray::stealSomeCellsFrom):
1661         (JSC::MarkStackThreadSharedData::markingThreadMain):
1662         (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
1663         (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
1664         (JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData):
1665         (JSC::MarkStackThreadSharedData::reset):
1666         (JSC::MarkStack::reset):
1667         (JSC::SlotVisitor::donateSlow):
1668         (JSC::SlotVisitor::drain):
1669         (JSC::SlotVisitor::drainFromShared):
1670         (JSC::MarkStack::mergeOpaqueRoots):
1671         (JSC::SlotVisitor::harvestWeakReferences):
1672         * heap/MarkStack.h:
1673         (JSC::MarkStackSegment::data):
1674         (JSC::MarkStackSegment::capacityFromSize):
1675         (JSC::MarkStackSegment::sizeFromCapacity):
1676         (JSC::MarkStackArray::postIncTop):
1677         (JSC::MarkStackArray::preDecTop):
1678         (JSC::MarkStackArray::setTopForFullSegment):
1679         (JSC::MarkStackArray::setTopForEmptySegment):
1680         (JSC::MarkStackArray::top):
1681         (JSC::MarkStackArray::validatePrevious):
1682         (JSC::MarkStack::addWeakReferenceHarvester):
1683         (JSC::MarkStack::mergeOpaqueRootsIfNecessary):
1684         (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
1685         (JSC::MarkStack::MarkStack):
1686         (JSC::MarkStack::addOpaqueRoot):
1687         (JSC::MarkStack::containsOpaqueRoot):
1688         (JSC::MarkStack::opaqueRootCount):
1689         (JSC::MarkStackArray::append):
1690         (JSC::MarkStackArray::canRemoveLast):
1691         (JSC::MarkStackArray::removeLast):
1692         (JSC::MarkStackArray::isEmpty):
1693         (JSC::MarkStackArray::canDonateSomeCells):
1694         (JSC::MarkStackArray::size):
1695         (JSC::ParallelModeEnabler::ParallelModeEnabler):
1696         (JSC::ParallelModeEnabler::~ParallelModeEnabler):
1697         * heap/MarkedBlock.h:
1698         (JSC::MarkedBlock::testAndSetMarked):
1699         * heap/SlotVisitor.h:
1700         (JSC::SlotVisitor::donate):
1701         (JSC::SlotVisitor::donateAndDrain):
1702         (JSC::SlotVisitor::donateKnownParallel):
1703         (JSC::SlotVisitor::SlotVisitor):
1704         * heap/WeakReferenceHarvester.h:
1705         * runtime/Heuristics.cpp:
1706         (JSC::Heuristics::initializeHeuristics):
1707         * runtime/Heuristics.h:
1708         * wtf/Atomics.h:
1709         (WTF::weakCompareAndSwap):
1710         * wtf/Bitmap.h:
1711         (WTF::::Bitmap):
1712         (WTF::::get):
1713         (WTF::::set):
1714         (WTF::::testAndSet):
1715         (WTF::::testAndClear):
1716         (WTF::::concurrentTestAndSet):
1717         (WTF::::concurrentTestAndClear):
1718         (WTF::::clear):
1719         (WTF::::clearAll):
1720         (WTF::::nextPossiblyUnset):
1721         (WTF::::findRunOfZeros):
1722         (WTF::::count):
1723         (WTF::::isEmpty):
1724         (WTF::::isFull):
1725         * wtf/MainThread.h:
1726         (WTF::isMainThreadOrGCThread):
1727         * wtf/Platform.h:
1728         * wtf/ThreadSpecific.h:
1729         (WTF::::isSet):
1730         * wtf/mac/MainThreadMac.mm:
1731         (WTF::initializeGCThreads):
1732         (WTF::initializeMainThreadPlatform):
1733         (WTF::initializeMainThreadToProcessMainThreadPlatform):
1734         (WTF::registerGCThread):
1735         (WTF::isMainThreadOrGCThread):
1736
1737 2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
1738
1739         De-virtualize JSObject::defaultValue
1740         https://bugs.webkit.org/show_bug.cgi?id=71146
1741
1742         Reviewed by Sam Weinig.
1743
1744         Added defaultValue to the MethodTable.  Replaced all virtual versions of 
1745         defaultValue with static versions.  Replaced all call sites with lookups in the 
1746         MethodTable.
1747
1748         * JavaScriptCore.exp:
1749         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1750         * runtime/ClassInfo.h:
1751         * runtime/ExceptionHelpers.cpp:
1752         (JSC::InterruptedExecutionError::defaultValue):
1753         (JSC::TerminatedExecutionError::defaultValue):
1754         * runtime/ExceptionHelpers.h:
1755         * runtime/JSCell.cpp:
1756         (JSC::JSCell::defaultValue):
1757         * runtime/JSCell.h:
1758         * runtime/JSNotAnObject.cpp:
1759         (JSC::JSNotAnObject::defaultValue):
1760         * runtime/JSNotAnObject.h:
1761         * runtime/JSObject.cpp:
1762         (JSC::JSObject::getPrimitiveNumber):
1763         (JSC::JSObject::defaultValue):
1764         * runtime/JSObject.h:
1765         (JSC::JSObject::toPrimitive):
1766
1767 2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
1768
1769         Interpreter build fix
1770
1771         Unreviewed build fix
1772
1773         * interpreter/Interpreter.cpp:
1774         (JSC::Interpreter::privateExecute):
1775         * runtime/Executable.cpp:
1776         (JSC::FunctionExecutable::compileForCallInternal):
1777         (JSC::FunctionExecutable::compileForConstructInternal):
1778
1779 2011-10-31  Filip Pizlo  <fpizlo@apple.com>
1780
1781         DFG OSR exits should add to value profiles
1782         https://bugs.webkit.org/show_bug.cgi?id=71202
1783
1784         Reviewed by Oliver Hunt.
1785         
1786         Value profiles now have an extra special slot not used by the old JIT's
1787         profiling, which is reserved for OSR exits.
1788         
1789         The DFG's OSR exit code now knows which register, node index, and value
1790         profiling site was responsible for the (possibly flawed) information that
1791         led to the OSR failure. This is somewhat opportunistic and imperfect;
1792         if there's a lot of control flow between the value profiling site and the
1793         OSR failure point, then this mechanism simply gives up. It also gives up
1794         if the OSR failure is caused by either known deficiencies in the DFG
1795         (like that we always assume that the index in a strict charCodeAt access
1796         is within bounds) or where the OSR failure would be catalogues and
1797         profiled through other means (like slow case counters).
1798         
1799         This patch also adds the notion of a JSValueRegs, which is either a
1800         single register in JSVALUE64 or a pair in JSVALUE32_64. We should
1801         probably move the 32_64 DFG towards using this, since it often makes it
1802         easier to share code between 64 and 32_64.
1803         
1804         Also fixed a number of pathologies that this uncovered. op_method_check 
1805         didn't have a value profiling site on the slow path. GetById should not
1806         always force OSR exit if it never executed in the old JIT; we may be
1807         able to infer its type if it's a array or string length get. Finally,
1808         these changes benefit from a slight tweak to optimization delay
1809         heuristics (profile fullness is now 0.35 instead of 0.25).
1810         
1811         3.8% speed-up on Kraken, mostly due to ~35% on both stanford-crypto-aes
1812         and imaging-darkroom.
1813
1814         * bytecode/ValueProfile.cpp:
1815         (JSC::ValueProfile::computeStatistics):
1816         (JSC::ValueProfile::computeUpdatedPrediction):
1817         * bytecode/ValueProfile.h:
1818         (JSC::ValueProfile::ValueProfile):
1819         (JSC::ValueProfile::specFailBucket):
1820         (JSC::ValueProfile::numberOfSamples):
1821         (JSC::ValueProfile::isLive):
1822         (JSC::ValueProfile::numberOfInt32s):
1823         (JSC::ValueProfile::numberOfDoubles):
1824         (JSC::ValueProfile::numberOfCells):
1825         (JSC::ValueProfile::numberOfObjects):
1826         (JSC::ValueProfile::numberOfFinalObjects):
1827         (JSC::ValueProfile::numberOfStrings):
1828         (JSC::ValueProfile::numberOfArrays):
1829         (JSC::ValueProfile::numberOfBooleans):
1830         (JSC::ValueProfile::dump):
1831         * dfg/DFGAbstractState.cpp:
1832         (JSC::DFG::AbstractState::execute):
1833         * dfg/DFGByteCodeParser.cpp:
1834         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
1835         (JSC::DFG::ByteCodeParser::getPrediction):
1836         (JSC::DFG::ByteCodeParser::parseBlock):
1837         * dfg/DFGGPRInfo.h:
1838         (JSC::DFG::JSValueRegs::JSValueRegs):
1839         (JSC::DFG::JSValueRegs::operator!):
1840         (JSC::DFG::JSValueRegs::gpr):
1841         (JSC::DFG::JSValueSource::JSValueSource):
1842         (JSC::DFG::JSValueSource::unboxedCell):
1843         (JSC::DFG::JSValueSource::operator!):
1844         (JSC::DFG::JSValueSource::isAddress):
1845         (JSC::DFG::JSValueSource::offset):
1846         (JSC::DFG::JSValueSource::base):
1847         (JSC::DFG::JSValueSource::gpr):
1848         (JSC::DFG::JSValueSource::asAddress):
1849         (JSC::DFG::JSValueSource::notAddress):
1850         (JSC::DFG::JSValueRegs::tagGPR):
1851         (JSC::DFG::JSValueRegs::payloadGPR):
1852         (JSC::DFG::JSValueSource::tagGPR):
1853         (JSC::DFG::JSValueSource::payloadGPR):
1854         (JSC::DFG::JSValueSource::hasKnownTag):
1855         (JSC::DFG::JSValueSource::tag):
1856         * dfg/DFGGenerationInfo.h:
1857         (JSC::DFG::GenerationInfo::jsValueRegs):
1858         * dfg/DFGGraph.h:
1859         (JSC::DFG::Graph::valueProfileFor):
1860         * dfg/DFGJITCodeGenerator.h:
1861         (JSC::JSValueOperand::jsValueRegs):
1862         * dfg/DFGJITCompiler.cpp:
1863         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1864         * dfg/DFGJITCompiler.h:
1865         (JSC::DFG::JITCompiler::valueProfileFor):
1866         * dfg/DFGJITCompiler32_64.cpp:
1867         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1868         * dfg/DFGPropagator.cpp:
1869         (JSC::DFG::Propagator::propagateNodePredictions):
1870         * dfg/DFGSpeculativeJIT.cpp:
1871         (JSC::DFG::OSRExit::OSRExit):
1872         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
1873         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
1874         (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
1875         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
1876         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
1877         (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
1878         * dfg/DFGSpeculativeJIT.h:
1879         (JSC::DFG::SpeculativeJIT::speculationCheck):
1880         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
1881         * dfg/DFGSpeculativeJIT32_64.cpp:
1882         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1883         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1884         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1885         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1886         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
1887         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1888         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1889         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1890         (JSC::DFG::SpeculativeJIT::compile):
1891         * dfg/DFGSpeculativeJIT64.cpp:
1892         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1893         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1894         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1895         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1896         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
1897         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1898         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1899         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1900         (JSC::DFG::SpeculativeJIT::emitBranch):
1901         (JSC::DFG::SpeculativeJIT::compile):
1902         * jit/JITPropertyAccess.cpp:
1903         (JSC::JIT::emitSlow_op_method_check):
1904         * jit/JITPropertyAccess32_64.cpp:
1905         (JSC::JIT::emitSlow_op_method_check):
1906         * runtime/Heuristics.cpp:
1907         (JSC::Heuristics::initializeHeuristics):
1908         * runtime/JSValue.h:
1909
1910 2011-10-31  Sam Weinig  <sam@webkit.org>
1911
1912         Remove need for virtual JSObject::unwrappedObject
1913         https://bugs.webkit.org/show_bug.cgi?id=71034
1914
1915         Reviewed by Geoffrey Garen.
1916
1917         * JavaScriptCore.exp:
1918         Update exports.
1919
1920         * CMakeLists.txt:
1921         * GNUmakefile.list.am:
1922         * JavaScriptCore.exp:
1923         * JavaScriptCore.gypi:
1924         * JavaScriptCore.pro:
1925         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1926         * JavaScriptCore.xcodeproj/project.pbxproj:
1927         Add JSGlobalThis.cpp.
1928
1929         * runtime/JSGlobalThis.cpp: Added.
1930         (JSC::JSGlobalThis::visitChildren):
1931         (JSC::JSGlobalThis::unwrappedObject):
1932         * runtime/JSGlobalThis.h:
1933         (JSC::JSGlobalThis::createStructure):
1934         Move underlying object from JSDOMWindowShell down to JSGlobalThis
1935         and corresponding visitChildren method.
1936
1937         * runtime/JSObject.cpp:
1938         (JSC::JSObject::unwrappedObject):
1939         Change unwrappedObject from virtual, to just needing an if check.
1940
1941         * runtime/JSObject.h:
1942         (JSC::JSObject::isGlobalThis):
1943         * runtime/JSType.h:
1944         Add isGlobalThis predicate and type.
1945
1946 2011-10-31  Xianzhu Wang  <wangxianzhu@chromium.org>
1947
1948         WTF::StringImpl::create(const char*, unsigned) calls itself
1949         https://bugs.webkit.org/show_bug.cgi?id=71206
1950
1951         The original implementation just calls itself, causing infinite recursion.
1952         Cast the first parameter to const LChar* to fix that.
1953
1954         Reviewed by Ryosuke Niwa.
1955
1956         * wtf/text/StringImpl.h:
1957         (WTF::StringImpl::create):
1958
1959 2011-10-31  Andy Wingo  <wingo@igalia.com>
1960
1961         Fix DFG JIT compilation on Linux targets.
1962         https://bugs.webkit.org/show_bug.cgi?id=70904
1963
1964         Reviewed by Darin Adler.
1965
1966         * jit/JITStubs.cpp (SYMBOL_STRING_RELOCATION): Simplify this
1967         macro.
1968
1969         * dfg/DFGOperations.cpp (SYMBOL_STRING_RELOCATION): Copy the
1970         simplified definition from jit/JITStubs.cpp.
1971         (FUNCTION_WRAPPER_WITH_RETURN_ADDRESS, getHostCallReturnValue):
1972         Use the macro to access trampoline targets through the PLT on PIC
1973         systems, instead of introducing a text relocation.  Otherwise, the
1974         library fails to link.
1975
1976 2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
1977
1978         De-virtualize JSObject::defineGetter
1979         https://bugs.webkit.org/show_bug.cgi?id=71134
1980
1981         Reviewed by Darin Adler.
1982
1983         Added defineGetter to the MethodTable.  Replaced all virtual versions of defineGetter
1984         with static versions.  Replaced all call sites with lookups in the MethodTable.
1985
1986         * JavaScriptCore.exp:
1987         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1988         * debugger/DebuggerActivation.cpp:
1989         (JSC::DebuggerActivation::defineGetter):
1990         * debugger/DebuggerActivation.h:
1991         * interpreter/Interpreter.cpp:
1992         (JSC::Interpreter::privateExecute):
1993         * jit/JITStubs.cpp:
1994         (JSC::DEFINE_STUB_FUNCTION):
1995         * runtime/ClassInfo.h:
1996         * runtime/JSCell.cpp:
1997         (JSC::JSCell::defineGetter):
1998         * runtime/JSCell.h:
1999         * runtime/JSGlobalObject.cpp:
2000         (JSC::JSGlobalObject::defineGetter):
2001         * runtime/JSGlobalObject.h:
2002         * runtime/JSObject.cpp:
2003         (JSC::JSObject::defineGetter):
2004         (JSC::putDescriptor):
2005         * runtime/JSObject.h:
2006         * runtime/ObjectPrototype.cpp:
2007         (JSC::objectProtoFuncDefineGetter):
2008
2009 2011-10-31  Michael Saboff  <msaboff@apple.com>
2010
2011         Towards 8-bit Strings: Move Lexer and Parser Objects out of JSGlobalData
2012         https://bugs.webkit.org/show_bug.cgi?id=71138
2013
2014         Restructure and movement of Lexer and Parser code.
2015         Moved Lexer and Parser objects out of JSGlobalData.
2016         Added a new ParserTokens class and instance to JSGlobalData that
2017         have JavaScript token related definitions.
2018         Replaced JSGlobalData arguments to Node classes with lineNumber,
2019         as that was the only use of the JSGlobalData.
2020         Combined JSParser and Parser classes into one class,
2021         eliminating JSParser.h and .cpp.
2022         Various supporting #include changes.
2023
2024         These mostly mechanical changes are done in preparation to
2025         making the Lexer and Parser template classes.
2026
2027         Reviewed by Darin Adler.
2028
2029         * CMakeLists.txt:
2030         * GNUmakefile.list.am:
2031         * JavaScriptCore.gypi:
2032         * JavaScriptCore.pro:
2033         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2034         * JavaScriptCore.xcodeproj/project.pbxproj:
2035         * bytecompiler/NodesCodegen.cpp:
2036         (JSC::ArrayNode::toArgumentList):
2037         (JSC::ApplyFunctionCallDotNode::emitBytecode):
2038         * parser/ASTBuilder.h:
2039         (JSC::ASTBuilder::ASTBuilder):
2040         (JSC::ASTBuilder::createSourceElements):
2041         (JSC::ASTBuilder::createCommaExpr):
2042         (JSC::ASTBuilder::createLogicalNot):
2043         (JSC::ASTBuilder::createUnaryPlus):
2044         (JSC::ASTBuilder::createVoid):
2045         (JSC::ASTBuilder::thisExpr):
2046         (JSC::ASTBuilder::createResolve):
2047         (JSC::ASTBuilder::createObjectLiteral):
2048         (JSC::ASTBuilder::createArray):
2049         (JSC::ASTBuilder::createNumberExpr):
2050         (JSC::ASTBuilder::createString):
2051         (JSC::ASTBuilder::createBoolean):
2052         (JSC::ASTBuilder::createNull):
2053         (JSC::ASTBuilder::createBracketAccess):
2054         (JSC::ASTBuilder::createDotAccess):
2055         (JSC::ASTBuilder::createRegExp):
2056         (JSC::ASTBuilder::createNewExpr):
2057         (JSC::ASTBuilder::createConditionalExpr):
2058         (JSC::ASTBuilder::createAssignResolve):
2059         (JSC::ASTBuilder::createFunctionExpr):
2060         (JSC::ASTBuilder::createFunctionBody):
2061         (JSC::ASTBuilder::createGetterOrSetterProperty):
2062         (JSC::ASTBuilder::createArguments):
2063         (JSC::ASTBuilder::createArgumentsList):
2064         (JSC::ASTBuilder::createPropertyList):
2065         (JSC::ASTBuilder::createElementList):
2066         (JSC::ASTBuilder::createFormalParameterList):
2067         (JSC::ASTBuilder::createClause):
2068         (JSC::ASTBuilder::createClauseList):
2069         (JSC::ASTBuilder::createFuncDeclStatement):
2070         (JSC::ASTBuilder::createBlockStatement):
2071         (JSC::ASTBuilder::createExprStatement):
2072         (JSC::ASTBuilder::createIfStatement):
2073         (JSC::ASTBuilder::createForLoop):
2074         (JSC::ASTBuilder::createForInLoop):
2075         (JSC::ASTBuilder::createEmptyStatement):
2076         (JSC::ASTBuilder::createVarStatement):
2077         (JSC::ASTBuilder::createReturnStatement):
2078         (JSC::ASTBuilder::createBreakStatement):
2079         (JSC::ASTBuilder::createContinueStatement):
2080         (JSC::ASTBuilder::createTryStatement):
2081         (JSC::ASTBuilder::createSwitchStatement):
2082         (JSC::ASTBuilder::createWhileStatement):
2083         (JSC::ASTBuilder::createDoWhileStatement):
2084         (JSC::ASTBuilder::createLabelStatement):
2085         (JSC::ASTBuilder::createWithStatement):
2086         (JSC::ASTBuilder::createThrowStatement):
2087         (JSC::ASTBuilder::createDebugger):
2088         (JSC::ASTBuilder::createConstStatement):
2089         (JSC::ASTBuilder::appendConstDecl):
2090         (JSC::ASTBuilder::combineCommaNodes):
2091         (JSC::ASTBuilder::appendBinaryOperation):
2092         (JSC::ASTBuilder::createAssignment):
2093         (JSC::ASTBuilder::createNumber):
2094         (JSC::ASTBuilder::makeTypeOfNode):
2095         (JSC::ASTBuilder::makeDeleteNode):
2096         (JSC::ASTBuilder::makeNegateNode):
2097         (JSC::ASTBuilder::makeBitwiseNotNode):
2098         (JSC::ASTBuilder::makeMultNode):
2099         (JSC::ASTBuilder::makeDivNode):
2100         (JSC::ASTBuilder::makeModNode):
2101         (JSC::ASTBuilder::makeAddNode):
2102         (JSC::ASTBuilder::makeSubNode):
2103         (JSC::ASTBuilder::makeLeftShiftNode):
2104         (JSC::ASTBuilder::makeRightShiftNode):
2105         (JSC::ASTBuilder::makeURightShiftNode):
2106         (JSC::ASTBuilder::makeBitOrNode):
2107         (JSC::ASTBuilder::makeBitAndNode):
2108         (JSC::ASTBuilder::makeBitXOrNode):
2109         (JSC::ASTBuilder::makeFunctionCallNode):
2110         (JSC::ASTBuilder::makeBinaryNode):
2111         (JSC::ASTBuilder::makeAssignNode):
2112         (JSC::ASTBuilder::makePrefixNode):
2113         (JSC::ASTBuilder::makePostfixNode):
2114         * parser/JSParser.cpp: Removed.
2115         * parser/JSParser.h: Removed.
2116         * parser/Lexer.cpp:
2117         (JSC::Keywords::Keywords):
2118         (JSC::Lexer::Lexer):
2119         (JSC::Lexer::~Lexer):
2120         (JSC::Lexer::setCode):
2121         (JSC::Lexer::parseIdentifier):
2122         * parser/Lexer.h:
2123         (JSC::Keywords::isKeyword):
2124         (JSC::Keywords::getKeyword):
2125         (JSC::Keywords::~Keywords):
2126         (JSC::Lexer::setIsReparsing):
2127         (JSC::Lexer::isReparsing):
2128         (JSC::Lexer::lineNumber):
2129         (JSC::Lexer::setLastLineNumber):
2130         (JSC::Lexer::lastLineNumber):
2131         (JSC::Lexer::prevTerminator):
2132         (JSC::Lexer::sawError):
2133         (JSC::Lexer::getErrorMessage):
2134         (JSC::Lexer::currentOffset):
2135         (JSC::Lexer::setOffset):
2136         (JSC::Lexer::setLineNumber):
2137         (JSC::Lexer::sourceProvider):
2138         (JSC::Lexer::isWhiteSpace):
2139         (JSC::Lexer::isLineTerminator):
2140         (JSC::Lexer::convertHex):
2141         (JSC::Lexer::convertUnicode):
2142         (JSC::Lexer::makeIdentifier):
2143         (JSC::Lexer::lexExpectIdentifier):
2144         * parser/NodeConstructors.h:
2145         (JSC::ParserArenaFreeable::operator new):
2146         (JSC::ParserArenaDeletable::operator new):
2147         (JSC::ParserArenaRefCounted::ParserArenaRefCounted):
2148         (JSC::Node::Node):
2149         (JSC::ExpressionNode::ExpressionNode):
2150         (JSC::StatementNode::StatementNode):
2151         (JSC::NullNode::NullNode):
2152         (JSC::BooleanNode::BooleanNode):
2153         (JSC::NumberNode::NumberNode):
2154         (JSC::StringNode::StringNode):
2155         (JSC::RegExpNode::RegExpNode):
2156         (JSC::ThisNode::ThisNode):
2157         (JSC::ResolveNode::ResolveNode):
2158         (JSC::ElementNode::ElementNode):
2159         (JSC::ArrayNode::ArrayNode):
2160         (JSC::PropertyNode::PropertyNode):
2161         (JSC::PropertyListNode::PropertyListNode):
2162         (JSC::ObjectLiteralNode::ObjectLiteralNode):
2163         (JSC::BracketAccessorNode::BracketAccessorNode):
2164         (JSC::DotAccessorNode::DotAccessorNode):
2165         (JSC::ArgumentListNode::ArgumentListNode):
2166         (JSC::ArgumentsNode::ArgumentsNode):
2167         (JSC::NewExprNode::NewExprNode):
2168         (JSC::EvalFunctionCallNode::EvalFunctionCallNode):
2169         (JSC::FunctionCallValueNode::FunctionCallValueNode):
2170         (JSC::FunctionCallResolveNode::FunctionCallResolveNode):
2171         (JSC::FunctionCallBracketNode::FunctionCallBracketNode):
2172         (JSC::FunctionCallDotNode::FunctionCallDotNode):
2173         (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
2174         (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
2175         (JSC::PrePostResolveNode::PrePostResolveNode):
2176         (JSC::PostfixResolveNode::PostfixResolveNode):
2177         (JSC::PostfixBracketNode::PostfixBracketNode):
2178         (JSC::PostfixDotNode::PostfixDotNode):
2179         (JSC::PostfixErrorNode::PostfixErrorNode):
2180         (JSC::DeleteResolveNode::DeleteResolveNode):
2181         (JSC::DeleteBracketNode::DeleteBracketNode):
2182         (JSC::DeleteDotNode::DeleteDotNode):
2183         (JSC::DeleteValueNode::DeleteValueNode):
2184         (JSC::VoidNode::VoidNode):
2185         (JSC::TypeOfResolveNode::TypeOfResolveNode):
2186         (JSC::TypeOfValueNode::TypeOfValueNode):
2187         (JSC::PrefixResolveNode::PrefixResolveNode):
2188         (JSC::PrefixBracketNode::PrefixBracketNode):
2189         (JSC::PrefixDotNode::PrefixDotNode):
2190         (JSC::PrefixErrorNode::PrefixErrorNode):
2191         (JSC::UnaryOpNode::UnaryOpNode):
2192         (JSC::UnaryPlusNode::UnaryPlusNode):
2193         (JSC::NegateNode::NegateNode):
2194         (JSC::BitwiseNotNode::BitwiseNotNode):
2195         (JSC::LogicalNotNode::LogicalNotNode):
2196         (JSC::BinaryOpNode::BinaryOpNode):
2197         (JSC::MultNode::MultNode):
2198         (JSC::DivNode::DivNode):
2199         (JSC::ModNode::ModNode):
2200         (JSC::AddNode::AddNode):
2201         (JSC::SubNode::SubNode):
2202         (JSC::LeftShiftNode::LeftShiftNode):
2203         (JSC::RightShiftNode::RightShiftNode):
2204         (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
2205         (JSC::LessNode::LessNode):
2206         (JSC::GreaterNode::GreaterNode):
2207         (JSC::LessEqNode::LessEqNode):
2208         (JSC::GreaterEqNode::GreaterEqNode):
2209         (JSC::ThrowableBinaryOpNode::ThrowableBinaryOpNode):
2210         (JSC::InstanceOfNode::InstanceOfNode):
2211         (JSC::InNode::InNode):
2212         (JSC::EqualNode::EqualNode):
2213         (JSC::NotEqualNode::NotEqualNode):
2214         (JSC::StrictEqualNode::StrictEqualNode):
2215         (JSC::NotStrictEqualNode::NotStrictEqualNode):
2216         (JSC::BitAndNode::BitAndNode):
2217         (JSC::BitOrNode::BitOrNode):
2218         (JSC::BitXOrNode::BitXOrNode):
2219         (JSC::LogicalOpNode::LogicalOpNode):
2220         (JSC::ConditionalNode::ConditionalNode):
2221         (JSC::ReadModifyResolveNode::ReadModifyResolveNode):
2222         (JSC::AssignResolveNode::AssignResolveNode):
2223         (JSC::ReadModifyBracketNode::ReadModifyBracketNode):
2224         (JSC::AssignBracketNode::AssignBracketNode):
2225         (JSC::AssignDotNode::AssignDotNode):
2226         (JSC::ReadModifyDotNode::ReadModifyDotNode):
2227         (JSC::AssignErrorNode::AssignErrorNode):
2228         (JSC::CommaNode::CommaNode):
2229         (JSC::ConstStatementNode::ConstStatementNode):
2230         (JSC::SourceElements::SourceElements):
2231         (JSC::EmptyStatementNode::EmptyStatementNode):
2232         (JSC::DebuggerStatementNode::DebuggerStatementNode):
2233         (JSC::ExprStatementNode::ExprStatementNode):
2234         (JSC::VarStatementNode::VarStatementNode):
2235         (JSC::IfNode::IfNode):
2236         (JSC::IfElseNode::IfElseNode):
2237         (JSC::DoWhileNode::DoWhileNode):
2238         (JSC::WhileNode::WhileNode):
2239         (JSC::ForNode::ForNode):
2240         (JSC::ContinueNode::ContinueNode):
2241         (JSC::BreakNode::BreakNode):
2242         (JSC::ReturnNode::ReturnNode):
2243         (JSC::WithNode::WithNode):
2244         (JSC::LabelNode::LabelNode):
2245         (JSC::ThrowNode::ThrowNode):
2246         (JSC::TryNode::TryNode):
2247         (JSC::ParameterNode::ParameterNode):
2248         (JSC::FuncExprNode::FuncExprNode):
2249         (JSC::FuncDeclNode::FuncDeclNode):
2250         (JSC::CaseClauseNode::CaseClauseNode):
2251         (JSC::ClauseListNode::ClauseListNode):
2252         (JSC::CaseBlockNode::CaseBlockNode):
2253         (JSC::SwitchNode::SwitchNode):
2254         (JSC::ConstDeclNode::ConstDeclNode):
2255         (JSC::BlockNode::BlockNode):
2256         (JSC::ForInNode::ForInNode):
2257         * parser/NodeInfo.h:
2258         * parser/Nodes.cpp:
2259         (JSC::StatementNode::setLoc):
2260         (JSC::ScopeNode::ScopeNode):
2261         (JSC::ProgramNode::ProgramNode):
2262         (JSC::ProgramNode::create):
2263         (JSC::EvalNode::EvalNode):
2264         (JSC::EvalNode::create):
2265         (JSC::FunctionBodyNode::FunctionBodyNode):
2266         (JSC::FunctionBodyNode::create):
2267         * parser/Nodes.h:
2268         (JSC::Node::lineNo):
2269         * parser/Parser.cpp:
2270         (JSC::Parser::Parser):
2271         (JSC::Parser::~Parser):
2272         (JSC::Parser::parseInner):
2273         (JSC::Parser::allowAutomaticSemicolon):
2274         (JSC::Parser::parseSourceElements):
2275         (JSC::Parser::parseVarDeclaration):
2276         (JSC::Parser::parseConstDeclaration):
2277         (JSC::Parser::parseDoWhileStatement):
2278         (JSC::Parser::parseWhileStatement):
2279         (JSC::Parser::parseVarDeclarationList):
2280         (JSC::Parser::parseConstDeclarationList):
2281         (JSC::Parser::parseForStatement):
2282         (JSC::Parser::parseBreakStatement):
2283         (JSC::Parser::parseContinueStatement):
2284         (JSC::Parser::parseReturnStatement):
2285         (JSC::Parser::parseThrowStatement):
2286         (JSC::Parser::parseWithStatement):
2287         (JSC::Parser::parseSwitchStatement):
2288         (JSC::Parser::parseSwitchClauses):
2289         (JSC::Parser::parseSwitchDefaultClause):
2290         (JSC::Parser::parseTryStatement):
2291         (JSC::Parser::parseDebuggerStatement):
2292         (JSC::Parser::parseBlockStatement):
2293         (JSC::Parser::parseStatement):
2294         (JSC::Parser::parseFormalParameters):
2295         (JSC::Parser::parseFunctionBody):
2296         (JSC::Parser::parseFunctionInfo):
2297         (JSC::Parser::parseFunctionDeclaration):
2298         (JSC::LabelInfo::LabelInfo):
2299         (JSC::Parser::parseExpressionOrLabelStatement):
2300         (JSC::Parser::parseExpressionStatement):
2301         (JSC::Parser::parseIfStatement):
2302         (JSC::Parser::parseExpression):
2303         (JSC::Parser::parseAssignmentExpression):
2304         (JSC::Parser::parseConditionalExpression):
2305         (JSC::isUnaryOp):
2306         (JSC::Parser::isBinaryOperator):
2307         (JSC::Parser::parseBinaryExpression):
2308         (JSC::Parser::parseProperty):
2309         (JSC::Parser::parseObjectLiteral):
2310         (JSC::Parser::parseStrictObjectLiteral):
2311         (JSC::Parser::parseArrayLiteral):
2312         (JSC::Parser::parsePrimaryExpression):
2313         (JSC::Parser::parseArguments):
2314         (JSC::Parser::parseMemberExpression):
2315         (JSC::Parser::parseUnaryExpression):
2316         * parser/Parser.h:
2317         (JSC::isEvalNode):
2318         (JSC::EvalNode):
2319         (JSC::DepthManager::DepthManager):
2320         (JSC::DepthManager::~DepthManager):
2321         (JSC::ScopeLabelInfo::ScopeLabelInfo):
2322         (JSC::Scope::Scope):
2323         (JSC::Scope::startSwitch):
2324         (JSC::Scope::endSwitch):
2325         (JSC::Scope::startLoop):
2326         (JSC::Scope::endLoop):
2327         (JSC::Scope::inLoop):
2328         (JSC::Scope::breakIsValid):
2329         (JSC::Scope::continueIsValid):
2330         (JSC::Scope::pushLabel):
2331         (JSC::Scope::popLabel):
2332         (JSC::Scope::getLabel):
2333         (JSC::Scope::setIsFunction):
2334         (JSC::Scope::isFunction):
2335         (JSC::Scope::isFunctionBoundary):
2336         (JSC::Scope::declareVariable):
2337         (JSC::Scope::declareWrite):
2338         (JSC::Scope::preventNewDecls):
2339         (JSC::Scope::allowsNewDecls):
2340         (JSC::Scope::declareParameter):
2341         (JSC::Scope::useVariable):
2342         (JSC::Scope::setNeedsFullActivation):
2343         (JSC::Scope::collectFreeVariables):
2344         (JSC::Scope::getUncapturedWrittenVariables):
2345         (JSC::Scope::getCapturedVariables):
2346         (JSC::Scope::setStrictMode):
2347         (JSC::Scope::strictMode):
2348         (JSC::Scope::isValidStrictMode):
2349         (JSC::Scope::shadowsArguments):
2350         (JSC::Scope::copyCapturedVariablesToVector):
2351         (JSC::Scope::saveFunctionInfo):
2352         (JSC::Scope::restoreFunctionInfo):
2353         (JSC::ScopeRef::ScopeRef):
2354         (JSC::ScopeRef::operator->):
2355         (JSC::ScopeRef::index):
2356         (JSC::ScopeRef::hasContainingScope):
2357         (JSC::ScopeRef::containingScope):
2358         (JSC::Parser::AllowInOverride::AllowInOverride):
2359         (JSC::Parser::AllowInOverride::~AllowInOverride):
2360         (JSC::Parser::AutoPopScopeRef::AutoPopScopeRef):
2361         (JSC::Parser::AutoPopScopeRef::~AutoPopScopeRef):
2362         (JSC::Parser::AutoPopScopeRef::setPopped):
2363         (JSC::Parser::currentScope):
2364         (JSC::Parser::pushScope):
2365         (JSC::Parser::popScopeInternal):
2366         (JSC::Parser::popScope):
2367         (JSC::Parser::declareVariable):
2368         (JSC::Parser::declareWrite):
2369         (JSC::Parser::findCachedFunctionInfo):
2370         (JSC::Parser::isFunctionBodyNode):
2371         (JSC::Parser::next):
2372         (JSC::Parser::nextExpectIdentifier):
2373         (JSC::Parser::nextTokenIsColon):
2374         (JSC::Parser::consume):
2375         (JSC::Parser::getToken):
2376         (JSC::Parser::match):
2377         (JSC::Parser::tokenStart):
2378         (JSC::Parser::tokenLine):
2379         (JSC::Parser::tokenEnd):
2380         (JSC::Parser::getTokenName):
2381         (JSC::Parser::updateErrorMessageSpecialCase):
2382         (JSC::Parser::updateErrorMessage):
2383         (JSC::Parser::updateErrorWithNameAndMessage):
2384         (JSC::Parser::startLoop):
2385         (JSC::Parser::endLoop):
2386         (JSC::Parser::startSwitch):
2387         (JSC::Parser::endSwitch):
2388         (JSC::Parser::setStrictMode):
2389         (JSC::Parser::strictMode):
2390         (JSC::Parser::isValidStrictMode):
2391         (JSC::Parser::declareParameter):
2392         (JSC::Parser::breakIsValid):
2393         (JSC::Parser::continueIsValid):
2394         (JSC::Parser::pushLabel):
2395         (JSC::Parser::popLabel):
2396         (JSC::Parser::getLabel):
2397         (JSC::Parser::autoSemiColon):
2398         (JSC::Parser::canRecurse):
2399         (JSC::Parser::lastTokenEnd):
2400         (JSC::Parser::DepthManager::DepthManager):
2401         (JSC::Parser::DepthManager::~DepthManager):
2402         (JSC::Parser::parse):
2403         (JSC::parse):
2404         * parser/ParserTokens.h: Added.
2405         (JSC::JSTokenInfo::JSTokenInfo):
2406         * parser/SourceCode.h:
2407         (JSC::SourceCode::subExpression):
2408         * parser/SourceProviderCacheItem.h:
2409         * parser/SyntaxChecker.h:
2410         (JSC::SyntaxChecker::SyntaxChecker):
2411         (JSC::SyntaxChecker::makeFunctionCallNode):
2412         (JSC::SyntaxChecker::createCommaExpr):
2413         (JSC::SyntaxChecker::makeAssignNode):
2414         (JSC::SyntaxChecker::makePrefixNode):
2415         (JSC::SyntaxChecker::makePostfixNode):
2416         (JSC::SyntaxChecker::makeTypeOfNode):
2417         (JSC::SyntaxChecker::makeDeleteNode):
2418         (JSC::SyntaxChecker::makeNegateNode):
2419         (JSC::SyntaxChecker::makeBitwiseNotNode):
2420         (JSC::SyntaxChecker::createLogicalNot):
2421         (JSC::SyntaxChecker::createUnaryPlus):
2422         (JSC::SyntaxChecker::createVoid):
2423         (JSC::SyntaxChecker::thisExpr):
2424         (JSC::SyntaxChecker::createResolve):
2425         (JSC::SyntaxChecker::createObjectLiteral):
2426         (JSC::SyntaxChecker::createArray):
2427         (JSC::SyntaxChecker::createNumberExpr):
2428         (JSC::SyntaxChecker::createString):
2429         (JSC::SyntaxChecker::createBoolean):
2430         (JSC::SyntaxChecker::createNull):
2431         (JSC::SyntaxChecker::createBracketAccess):
2432         (JSC::SyntaxChecker::createDotAccess):
2433         (JSC::SyntaxChecker::createRegExp):
2434         (JSC::SyntaxChecker::createNewExpr):
2435         (JSC::SyntaxChecker::createConditionalExpr):
2436         (JSC::SyntaxChecker::createAssignResolve):
2437         (JSC::SyntaxChecker::createFunctionExpr):
2438         (JSC::SyntaxChecker::createFunctionBody):
2439         (JSC::SyntaxChecker::createArguments):
2440         (JSC::SyntaxChecker::createArgumentsList):
2441         (JSC::SyntaxChecker::createProperty):
2442         (JSC::SyntaxChecker::createPropertyList):
2443         (JSC::SyntaxChecker::createFuncDeclStatement):
2444         (JSC::SyntaxChecker::createBlockStatement):
2445         (JSC::SyntaxChecker::createExprStatement):
2446         (JSC::SyntaxChecker::createIfStatement):
2447         (JSC::SyntaxChecker::createForLoop):
2448         (JSC::SyntaxChecker::createForInLoop):
2449         (JSC::SyntaxChecker::createEmptyStatement):
2450         (JSC::SyntaxChecker::createVarStatement):
2451         (JSC::SyntaxChecker::createReturnStatement):
2452         (JSC::SyntaxChecker::createBreakStatement):
2453         (JSC::SyntaxChecker::createContinueStatement):
2454         (JSC::SyntaxChecker::createTryStatement):
2455         (JSC::SyntaxChecker::createSwitchStatement):
2456         (JSC::SyntaxChecker::createWhileStatement):
2457         (JSC::SyntaxChecker::createWithStatement):
2458         (JSC::SyntaxChecker::createDoWhileStatement):
2459         (JSC::SyntaxChecker::createLabelStatement):
2460         (JSC::SyntaxChecker::createThrowStatement):
2461         (JSC::SyntaxChecker::createDebugger):
2462         (JSC::SyntaxChecker::createConstStatement):
2463         (JSC::SyntaxChecker::appendConstDecl):
2464         (JSC::SyntaxChecker::createGetterOrSetterProperty):
2465         (JSC::SyntaxChecker::combineCommaNodes):
2466         (JSC::SyntaxChecker::operatorStackPop):
2467         * runtime/Executable.cpp:
2468         (JSC::EvalExecutable::compileInternal):
2469         (JSC::ProgramExecutable::checkSyntax):
2470         (JSC::ProgramExecutable::compileInternal):
2471         (JSC::FunctionExecutable::produceCodeBlockFor):
2472         (JSC::FunctionExecutable::fromGlobalCode):
2473         * runtime/JSGlobalData.cpp:
2474         (JSC::JSGlobalData::JSGlobalData):
2475         (JSC::JSGlobalData::~JSGlobalData):
2476         * runtime/JSGlobalData.h:
2477         * runtime/LiteralParser.cpp:
2478         (JSC::LiteralParser::tryJSONPParse):
2479
2480 2011-10-31  Filip Pizlo  <fpizlo@apple.com>
2481
2482         REGRESSION (r97118): Reproducible crash in JSCell::toPrimitive when adding
2483         https://bugs.webkit.org/show_bug.cgi?id=71227
2484
2485         Reviewed by Oliver Hunt.
2486         
2487         No new tests, since while I can see exactly where the DFG went wrong on the
2488         site in question from looking at the generated machine code, and while I can
2489         certainly believe that such a scenario would happen, I cannot visualize how
2490         to make it happen reproducibly. It requires an odd combination of double
2491         values getting spilled and then refilled, but then reboxed at just the right
2492         time so that the spilled value is an unboxed double while the in-register
2493         value is a boxed double.
2494
2495         * dfg/DFGJITCodeGenerator.h:
2496         (JSC::DFG::JITCodeGenerator::silentFillGPR):
2497
2498 2011-10-30  Filip Pizlo  <fpizlo@apple.com>
2499
2500         JSParser::parsePrimaryExpression should have an overflow check
2501         https://bugs.webkit.org/show_bug.cgi?id=71197
2502
2503         Reviewed by Geoff Garen.
2504
2505         * parser/JSParser.cpp:
2506         (JSC::JSParser::parsePrimaryExpression):
2507
2508 2011-10-30  Filip Pizlo  <fpizlo@apple.com>
2509
2510         DFG ValueAdd(string, int) should not fail speculation
2511         https://bugs.webkit.org/show_bug.cgi?id=71195
2512
2513         Reviewed by Geoff Garen.
2514         
2515         1% speed-up on V8.
2516
2517         * dfg/DFGNode.h:
2518         (JSC::DFG::Node::shouldNotSpeculateInteger):
2519         (JSC::DFG::Node::shouldSpeculateInteger):
2520
2521 2011-10-30  Filip Pizlo  <fpizlo@apple.com>
2522
2523         The DFG inliner should not flush the callee
2524         https://bugs.webkit.org/show_bug.cgi?id=71191
2525
2526         Reviewed by Oliver Hunt.
2527         
2528         0.6% speed-up on V8.
2529
2530         * bytecode/CodeBlock.cpp:
2531         (JSC::CodeBlock::visitAggregate):
2532         * bytecode/CodeOrigin.h:
2533         * dfg/DFGByteCodeParser.cpp:
2534         (JSC::DFG::ByteCodeParser::flush):
2535         (JSC::DFG::ByteCodeParser::handleInlining):
2536         (JSC::DFG::ByteCodeParser::parseBlock):
2537         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2538         (JSC::DFG::ByteCodeParser::parse):
2539         * dfg/DFGJITCompiler.cpp:
2540         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
2541         * dfg/DFGJITCompiler32_64.cpp:
2542         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
2543         * interpreter/CallFrame.cpp:
2544         (JSC::CallFrame::trueCallerFrameSlow):
2545
2546 2011-10-28  Mark Hahnenberg  <mhahnenberg@apple.com>
2547
2548         De-virtualize isGlobalObject, isVariableObject, isActivationObject, and isErrorInstance in JSObject
2549         https://bugs.webkit.org/show_bug.cgi?id=70968
2550
2551         Reviewed by Geoffrey Garen.
2552
2553         * API/JSCallbackObject.cpp: Added two specializations for createStructure that use different JSTypes in their
2554         TypeInfo.  Had to also create a specialization for JSNonFinalObject, even JSGlobalObject was the only that 
2555         needed it because Windows wouldn't build without it.
2556         (JSC::::createStructure):
2557         * API/JSCallbackObject.h:
2558         * JavaScriptCore.exp:
2559         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2560         * runtime/ErrorInstance.h: Removed virtual function and changed JSType provided to TypeInfo in createStructure. 
2561         (JSC::ErrorInstance::createStructure):
2562         * runtime/ErrorPrototype.h: Ditto
2563         (JSC::ErrorPrototype::createStructure):
2564         * runtime/JSActivation.h: Ditto
2565         (JSC::JSActivation::createStructure):
2566         * runtime/JSGlobalObject.h: Ditto
2567         (JSC::JSGlobalObject::createStructure):
2568         * runtime/JSObject.h: De-virtualized functions.  They now check the JSType of the object for the corresponding type.
2569         (JSC::JSObject::isGlobalObject):
2570         (JSC::JSObject::isVariableObject):
2571         (JSC::JSObject::isActivationObject):
2572         (JSC::JSObject::isErrorInstance):
2573         * runtime/JSType.h: Added new types for GlobalObject, VariableObject, ActivationObject, and ErrorInstance.
2574         * runtime/JSVariableObject.cpp: Removed virtual function.
2575         * runtime/JSVariableObject.h: Changed JSType provided to TypeInfo in createStructure.
2576         (JSC::JSVariableObject::createStructure):
2577
2578 2011-10-28  Pavel Feldman  <pfeldman@google.com>
2579
2580         Reset line numbers for scripts generated with document.write.
2581         https://bugs.webkit.org/show_bug.cgi?id=71099
2582
2583         Reviewed by Yury Semikhatsky.
2584
2585         * wtf/text/TextPosition.h:
2586         (WTF::OrdinalNumber::OrdinalNumber):
2587
2588 2011-10-27  Daniel Bates  <dbates@rim.com>
2589
2590         CMake: Add support to optionally install the built JavaScript shell
2591         https://bugs.webkit.org/show_bug.cgi?id=71062
2592
2593         Reviewed by Antonio Gomes.
2594
2595         Generate an installation rule for installing the JavaScript shell in
2596         /bin (with respect to the prefix path) when SHOULD_INSTALL_JS_SHELL
2597         is defined.
2598
2599         * shell/CMakeLists.txt:
2600
2601 2011-10-27  Kentaro Hara  <haraken@chromium.org>
2602
2603         Generate WebKitCSSMatrix constructor for JSC by [Constructor] IDL
2604         https://bugs.webkit.org/show_bug.cgi?id=70215
2605
2606         Reviewed by Adam Barth.
2607
2608         Added a method that judges if a given JSValue is empty.
2609
2610         Tests: transforms/svg-vs-css.xhtml
2611                transforms/cssmatrix-2d-interface.xhtml
2612                transforms/cssmatrix-3d-interface.xhtml
2613
2614         * runtime/JSValue.h:
2615         * runtime/JSValueInlineMethods.h:
2616         (JSC::JSValue::isEmpty):
2617
2618 2011-10-27  Michael Saboff  <msaboff@apple.com>
2619
2620         ENH: Add 8 bit string support to JSC JIT
2621         https://bugs.webkit.org/show_bug.cgi?id=71073
2622
2623         Changed the JIT String character access generation to create code
2624         to check the character size and load8() or load16() as approriate.
2625
2626         Reviewed by Gavin Barraclough.
2627
2628         * assembler/MacroAssemblerX86Common.h:
2629         (JSC::MacroAssemblerX86Common::load8):
2630         * assembler/X86Assembler.h:
2631         (JSC::X86Assembler::movzbl_mr):
2632         * dfg/DFGSpeculativeJIT.cpp:
2633         (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
2634         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
2635         * jit/JITInlineMethods.h:
2636         (JSC::JIT::emitLoadCharacterString):
2637         * jit/JITPropertyAccess.cpp:
2638         (JSC::JIT::stringGetByValStubGenerator):
2639         * jit/JITPropertyAccess32_64.cpp:
2640         (JSC::JIT::stringGetByValStubGenerator):
2641         * jit/JSInterfaceJIT.h:
2642         (JSC::ThunkHelpers::stringImplFlagsOffset):
2643         (JSC::ThunkHelpers::stringImpl8BitFlag):
2644         * jit/ThunkGenerators.cpp:
2645         (JSC::stringCharLoad):
2646
2647 2011-10-27  Filip Pizlo  <fpizlo@apple.com>
2648
2649         If the bytecode generator emits code after the return in the first basic block,
2650         DFG's inliner crashes
2651         https://bugs.webkit.org/show_bug.cgi?id=71071
2652
2653         Reviewed by Gavin Barraclough.
2654         
2655         Removed some cruft dealing with parsing failures due to unsupported functionality
2656         (that's never reached anymore due to it being caught in DFGCapabilities). This
2657         allowed me to repurpose the bool return from parseBlock() to mean: true if we
2658         should continue to parse, or false if we've already parsed all live code.
2659
2660         * dfg/DFGByteCodeParser.cpp:
2661         (JSC::DFG::ByteCodeParser::ByteCodeParser):
2662         (JSC::DFG::ByteCodeParser::parseBlock):
2663         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2664
2665 2011-10-27  Joseph Pecoraro  <pecoraro@apple.com>
2666
2667         Reviewed by David Kilzer.
2668
2669         Make FeatureDefines Identical Across OS X Projects
2670         https://bugs.webkit.org/show_bug.cgi?id=71051
2671
2672         * Configurations/FeatureDefines.xcconfig:
2673
2674 2011-10-27  Filip Pizlo  <fpizlo@apple.com>
2675
2676         Crash in JSC::Structure::materializePropertyMap when viewing Garden-O-Matic
2677         https://bugs.webkit.org/show_bug.cgi?id=71045
2678
2679         Reviewed by Geoff Garen.
2680         
2681         Make sure that if a structure is pinned, it also has a property map.
2682
2683         * runtime/Structure.cpp:
2684         (JSC::Structure::changePrototypeTransition):
2685         (JSC::Structure::despecifyFunctionTransition):
2686         (JSC::Structure::getterSetterTransition):
2687         (JSC::Structure::toDictionaryTransition):
2688         (JSC::Structure::preventExtensionsTransition):
2689         (JSC::Structure::addPropertyWithoutTransition):
2690         (JSC::Structure::removePropertyWithoutTransition):
2691         (JSC::Structure::pin):
2692         (JSC::Structure::copyPropertyTableForPinning):
2693         * runtime/Structure.h:
2694         (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
2695
2696 2011-10-27  Michael Saboff  <msaboff@apple.com>
2697
2698         32bit build failure after r98624
2699         https://bugs.webkit.org/show_bug.cgi?id=71064
2700
2701         Disambiguated operator overload with unsigned index (0u).
2702
2703         Reviewed by Sam Weinig.
2704
2705         * runtime/UString.h:
2706         (JSC::operator==):
2707
2708 2011-10-27  Gustavo Noronha Silva  <gns@gnome.org>
2709
2710         Fix building on GNU/kFreeBSD
2711         https://bugs.webkit.org/show_bug.cgi?id=71005
2712
2713         Reviewed by Darin Adler.
2714
2715         * config.h:
2716         * wtf/Platform.h:
2717
2718 2011-10-27  Michael Saboff  <msaboff@apple.com>
2719
2720         Investigate storing strings in 8-bit buffers when possible
2721         https://bugs.webkit.org/show_bug.cgi?id=66161
2722
2723         Investigate storing strings in 8-bit buffers when possible
2724         https://bugs.webkit.org/show_bug.cgi?id=66161
2725
2726         Added support for 8 bit string data in StringImpl.  Changed
2727         (UChar*) m_data to m_data16.  Added char* m_data8 as a union
2728         with m_data16.  Added UChar* m_copyData16 to the other union
2729         to store a 16 bit copy of an 8 bit string when needed.
2730         Added characters8() and characters16() accessor methods
2731         that assume the caller has checked the underlying string type
2732         via the new is8Bit() method. The characters() method will
2733         return a UChar* of the string, materializing a 16 bit copy if the
2734         string is an 8 bit string.  Added two flags, one for 8 bit buffer
2735         and a second for a 16 bit copy for an 8 bit string.
2736
2737         Fixed method name typo (StringHasher::defaultCoverter()).
2738
2739         Over time the goal is to eliminate calls to characters() and
2740         us the character8() and characters16() accessors.
2741
2742         This patch does not include changes that actually create 8 bit
2743         strings. This is the first of at least 8 patches.  Subsequent
2744         patches will be submitted for JIT changes, making the JSC lexer,
2745         parser and literal parser, JavaScript string changes and
2746         then changes in webcore to take advantage of the 8 bit strings.
2747
2748         This change is performance neutral for SunSpider and V8 when
2749         run from the command line with "jsc".
2750
2751         Reviewed by Geoffrey Garen.
2752
2753         * JavaScriptCore.exp:
2754         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def
2755         * interpreter/Interpreter.cpp:
2756         (JSC::Interpreter::callEval):
2757         * parser/SourceProvider.h:
2758         (JSC::UStringSourceProvider::data):
2759         (JSC::UStringSourceProvider::UStringSourceProvider):
2760         * runtime/Identifier.cpp:
2761         (JSC::IdentifierCStringTranslator::hash):
2762         (JSC::IdentifierCStringTranslator::equal):
2763         (JSC::IdentifierCStringTranslator::translate):
2764         (JSC::Identifier::add):
2765         (JSC::Identifier::toUInt32):
2766         * runtime/Identifier.h:
2767         (JSC::Identifier::equal):
2768         (JSC::operator==):
2769         (JSC::operator!=):
2770         * runtime/JSString.cpp:
2771         (JSC::JSString::resolveRope):
2772         (JSC::JSString::resolveRopeSlowCase):
2773         * runtime/RegExp.cpp:
2774         (JSC::RegExp::match):
2775         * runtime/StringPrototype.cpp:
2776         (JSC::jsSpliceSubstringsWithSeparators):
2777         * runtime/UString.cpp:
2778         (JSC::UString::UString):
2779         (JSC::equalSlowCase):
2780         (JSC::UString::utf8):
2781         * runtime/UString.h:
2782         (JSC::UString::characters):
2783         (JSC::UString::characters8):
2784         (JSC::UString::characters16):
2785         (JSC::UString::is8Bit):
2786         (JSC::UString::operator[]):
2787         (JSC::UString::find):
2788         (JSC::operator==):
2789         * wtf/StringHasher.h:
2790         (WTF::StringHasher::computeHash):
2791         (WTF::StringHasher::defaultConverter):
2792         * wtf/text/AtomicString.cpp:
2793         (WTF::CStringTranslator::hash):
2794         (WTF::CStringTranslator::equal):
2795         (WTF::CStringTranslator::translate):
2796         (WTF::AtomicString::add):
2797         * wtf/text/AtomicString.h:
2798         (WTF::AtomicString::AtomicString):
2799         (WTF::AtomicString::contains):
2800         (WTF::AtomicString::find):
2801         (WTF::AtomicString::add):
2802         (WTF::operator==):
2803         (WTF::operator!=):
2804         (WTF::equalIgnoringCase):
2805         * wtf/text/StringConcatenate.h:
2806         * wtf/text/StringHash.h:
2807         (WTF::StringHash::equal):
2808         (WTF::CaseFoldingHash::hash):
2809         * wtf/text/StringImpl.cpp:
2810         (WTF::StringImpl::~StringImpl):
2811         (WTF::StringImpl::createUninitialized):
2812         (WTF::StringImpl::create):
2813         (WTF::StringImpl::getData16SlowCase):
2814         (WTF::StringImpl::containsOnlyWhitespace):
2815         (WTF::StringImpl::substring):
2816         (WTF::StringImpl::characterStartingAt):
2817         (WTF::StringImpl::lower):
2818         (WTF::StringImpl::upper):
2819         (WTF::StringImpl::fill):
2820         (WTF::StringImpl::foldCase):
2821         (WTF::StringImpl::stripMatchedCharacters):
2822         (WTF::StringImpl::removeCharacters):
2823         (WTF::StringImpl::simplifyMatchedCharactersToSpace):
2824         (WTF::StringImpl::toIntStrict):
2825         (WTF::StringImpl::toUIntStrict):
2826         (WTF::StringImpl::toInt64Strict):
2827         (WTF::StringImpl::toUInt64Strict):
2828         (WTF::StringImpl::toIntPtrStrict):
2829         (WTF::StringImpl::toInt):
2830         (WTF::StringImpl::toUInt):
2831         (WTF::StringImpl::toInt64):
2832         (WTF::StringImpl::toUInt64):
2833         (WTF::StringImpl::toIntPtr):
2834         (WTF::StringImpl::toDouble):
2835         (WTF::StringImpl::toFloat):
2836         (WTF::equal):
2837         (WTF::equalIgnoringCase):
2838         (WTF::StringImpl::find):
2839         (WTF::StringImpl::findIgnoringCase):
2840         (WTF::StringImpl::reverseFind):
2841         (WTF::StringImpl::replace):
2842         (WTF::StringImpl::defaultWritingDirection):
2843         (WTF::StringImpl::adopt):
2844         (WTF::StringImpl::createWithTerminatingNullCharacter):
2845         * wtf/text/StringImpl.h:
2846         (WTF::StringImpl::StringImpl):
2847         (WTF::StringImpl::create):
2848         (WTF::StringImpl::create8):
2849         (WTF::StringImpl::tryCreateUninitialized):
2850         (WTF::StringImpl::flagsOffset):
2851         (WTF::StringImpl::flagIs8Bit):
2852         (WTF::StringImpl::dataOffset):
2853         (WTF::StringImpl::is8Bit):
2854         (WTF::StringImpl::characters8):
2855         (WTF::StringImpl::characters16):
2856         (WTF::StringImpl::characters):
2857         (WTF::StringImpl::has16BitShadow):
2858         (WTF::StringImpl::setHash):
2859         (WTF::StringImpl::hash):
2860         (WTF::StringImpl::copyChars):
2861         (WTF::StringImpl::operator[]):
2862         (WTF::StringImpl::find):
2863         (WTF::StringImpl::findIgnoringCase):
2864         (WTF::equal):
2865         (WTF::equalIgnoringCase):
2866         (WTF::StringImpl::isolatedCopy):
2867         * wtf/text/WTFString.cpp:
2868         (WTF::String::String):
2869         (WTF::String::append):
2870         (WTF::String::format):
2871         (WTF::String::fromUTF8):
2872         (WTF::String::fromUTF8WithLatin1Fallback):
2873         * wtf/text/WTFString.h:
2874         (WTF::String::find):
2875         (WTF::String::findIgnoringCase):
2876         (WTF::String::contains):
2877         (WTF::String::append):
2878         (WTF::String::fromUTF8):
2879         (WTF::String::fromUTF8WithLatin1Fallback):
2880         (WTF::operator==):
2881         (WTF::operator!=):
2882         (WTF::equalIgnoringCase):
2883         * wtf/unicode/Unicode.h:
2884         * yarr/YarrJIT.cpp:
2885         (JSC::Yarr::execute):
2886         * yarr/YarrJIT.h:
2887         (JSC::Yarr::YarrCodeBlock::execute):
2888         * yarr/YarrParser.h:
2889         (JSC::Yarr::Parser::Parser):
2890
2891 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
2892
2893         Fixing windows build
2894
2895         Unreviewed build fix
2896
2897         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2898
2899 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
2900
2901         Add ability to check for presence of static members at compile time
2902         https://bugs.webkit.org/show_bug.cgi?id=70986
2903
2904         Reviewed by Geoffrey Garen.
2905
2906         Added new CREATE_MEMBER_CHECKER macro to instantiate the template and the 
2907         HAS_MEMBER_NAMED macro to use that template to check if the specified class 
2908         does indeed have a method with that name.  This mechanism is not currently 
2909         used anywhere, but will be in the future when adding virtual methods from 
2910         JSObject to the MethodTable.
2911
2912         * runtime/ClassInfo.h:
2913
2914 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
2915
2916         De-virtualize JSCell::toThisObject
2917         https://bugs.webkit.org/show_bug.cgi?id=70958
2918
2919         Reviewed by Geoffrey Garen.
2920
2921         Converted all instances of toThisObject to static functions, 
2922         added toThisObject to the MethodTable, and replaced all call sites
2923         with a corresponding lookup in the MethodTable.
2924
2925         * API/JSContextRef.cpp:
2926         * JavaScriptCore.exp:
2927         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2928         * runtime/ClassInfo.h:
2929         * runtime/JSActivation.cpp:
2930         (JSC::JSActivation::toThisObject):
2931         * runtime/JSActivation.h:
2932         * runtime/JSCell.cpp:
2933         (JSC::JSCell::toThisObject):
2934         * runtime/JSCell.h:
2935         * runtime/JSObject.cpp:
2936         (JSC::JSObject::put):
2937         (JSC::JSObject::toThisObject):
2938         * runtime/JSObject.h:
2939         (JSC::JSValue::toThisObject):
2940         * runtime/JSStaticScopeObject.cpp:
2941         (JSC::JSStaticScopeObject::toThisObject):
2942         * runtime/JSStaticScopeObject.h:
2943         * runtime/JSString.cpp:
2944         (JSC::JSString::toThisObject):
2945         * runtime/JSString.h:
2946         * runtime/StrictEvalActivation.cpp:
2947         (JSC::StrictEvalActivation::toThisObject):
2948         * runtime/StrictEvalActivation.h:
2949
2950 2011-10-27  Yuqiang Xian  <yuqiang.xian@intel.com>
2951
2952         Fix a small bug in callOperation after r98431
2953         https://bugs.webkit.org/show_bug.cgi?id=70984
2954
2955         Reviewed by Geoffrey Garen.
2956
2957         TrustedImmPtr is not expecting "int" type parameters.
2958
2959         * dfg/DFGJITCodeGenerator.h:
2960         (JSC::DFG::callOperation):
2961
2962 2011-10-26  Oliver Hunt  <oliver@apple.com>
2963
2964         Restore structure-clearing behaviour of allocateCell<>
2965         https://bugs.webkit.org/show_bug.cgi?id=70976
2966
2967         Reviewed by Geoffrey Garen.
2968
2969         This restores the logic that allows the markstack to filter
2970         live objects that have not yet been initialised.
2971
2972         * runtime/JSCell.h:
2973         (JSC::JSCell::clearStructure):
2974            Validation-safe method to clear a cell's structure.
2975         (JSC::allocateCell):
2976            Call the above method.
2977         * runtime/Structure.h:
2978         (JSC::MarkStack::internalAppend):
2979            Don't visit cells that haven't been initialised.
2980
2981 2011-10-26  Filip Pizlo  <fpizlo@apple.com>
2982
2983         REGRESSION (r97030): Cannot log in to progressive.com
2984         https://bugs.webkit.org/show_bug.cgi?id=70094
2985
2986         Reviewed by Oliver Hunt.
2987
2988         * dfg/DFGByteCodeParser.cpp:
2989         (JSC::DFG::ByteCodeParser::handleCall):
2990
2991 2011-10-26  Mark Hahnenberg  <mhahnenberg@apple.com>
2992
2993         Remove getOwnPropertySlotVirtual
2994         https://bugs.webkit.org/show_bug.cgi?id=70741
2995
2996         Reviewed by Geoffrey Garen.
2997
2998         Removed all declarations and definitions of getOwnPropertySlotVirtual.
2999         Also replaced all call sites to getOwnPropertyVirtualVirtual with a 
3000         corresponding lookup in the MethodTable.
3001
3002         * API/JSCallbackObject.h:
3003         * API/JSCallbackObjectFunctions.h:
3004         (JSC::::getOwnPropertyDescriptor):
3005         * JavaScriptCore.exp:
3006         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3007         * debugger/DebuggerActivation.cpp:
3008         (JSC::DebuggerActivation::getOwnPropertySlot):
3009         * debugger/DebuggerActivation.h:
3010         * runtime/Arguments.cpp:
3011         * runtime/Arguments.h:
3012         * runtime/ArrayConstructor.cpp:
3013         * runtime/ArrayConstructor.h:
3014         * runtime/ArrayPrototype.cpp:
3015         * runtime/ArrayPrototype.h:
3016         * runtime/BooleanPrototype.cpp:
3017         * runtime/BooleanPrototype.h:
3018         * runtime/DateConstructor.cpp:
3019         * runtime/DateConstructor.h:
3020         * runtime/DatePrototype.cpp:
3021         * runtime/DatePrototype.h:
3022         (JSC::DatePrototype::create):
3023         * runtime/ErrorPrototype.cpp:
3024         * runtime/ErrorPrototype.h:
3025         * runtime/JSActivation.cpp:
3026         * runtime/JSActivation.h:
3027         * runtime/JSArray.cpp:
3028         (JSC::JSArray::getOwnPropertySlotByIndex):
3029         * runtime/JSArray.h:
3030         * runtime/JSByteArray.cpp:
3031         * runtime/JSByteArray.h:
3032         * runtime/JSCell.cpp:
3033         * runtime/JSCell.h:
3034         * runtime/JSFunction.cpp:
3035         (JSC::JSFunction::getOwnPropertyDescriptor):
3036         (JSC::JSFunction::getOwnPropertyNames):
3037         (JSC::JSFunction::put):
3038         * runtime/JSFunction.h:
3039         * runtime/JSGlobalObject.cpp:
3040         * runtime/JSGlobalObject.h:
3041         * runtime/JSNotAnObject.cpp:
3042         * runtime/JSNotAnObject.h:
3043         * runtime/JSONObject.cpp:
3044         (JSC::Stringifier::Holder::appendNextProperty):
3045         (JSC::Walker::walk):
3046         * runtime/JSONObject.h:
3047         * runtime/JSObject.cpp:
3048         (JSC::JSObject::getOwnPropertySlotByIndex):
3049         (JSC::JSObject::hasOwnProperty):
3050         * runtime/JSObject.h:
3051         (JSC::JSCell::fastGetOwnPropertySlot):
3052         (JSC::JSObject::getPropertySlot):
3053         (JSC::JSValue::get):
3054         * runtime/JSStaticScopeObject.cpp:
3055         * runtime/JSStaticScopeObject.h:
3056         * runtime/JSString.cpp:
3057         (JSC::JSString::getOwnPropertySlot):
3058         * runtime/JSString.h:
3059         * runtime/MathObject.cpp:
3060         * runtime/MathObject.h:
3061         (JSC::MathObject::create):
3062         * runtime/NumberConstructor.cpp:
3063         * runtime/NumberConstructor.h:
3064         * runtime/NumberPrototype.cpp:
3065         * runtime/NumberPrototype.h:
3066         * runtime/ObjectConstructor.cpp:
3067         * runtime/ObjectConstructor.h:
3068         * runtime/ObjectPrototype.cpp:
3069         * runtime/ObjectPrototype.h:
3070         * runtime/RegExpConstructor.cpp:
3071         * runtime/RegExpConstructor.h:
3072         * runtime/RegExpMatchesArray.h:
3073         (JSC::RegExpMatchesArray::createStructure):
3074         * runtime/RegExpObject.cpp:
3075         * runtime/RegExpObject.h:
3076         * runtime/RegExpPrototype.cpp:
3077         * runtime/RegExpPrototype.h:
3078         * runtime/StringConstructor.cpp:
3079         * runtime/StringConstructor.h:
3080         * runtime/StringObject.cpp:
3081         * runtime/StringObject.h:
3082         * runtime/StringPrototype.cpp:
3083         * runtime/StringPrototype.h:
3084
3085 2011-10-26  Alejandro G. Castro  <alex@igalia.com>
3086
3087         [GTK] [WK2] Add WebKit2 distcheck support
3088         https://bugs.webkit.org/show_bug.cgi?id=70933
3089
3090         Reviewed by Martin Robinson.
3091
3092         * GNUmakefile.list.am: Add MemoryStatistics.h to the sources list.
3093
3094 2011-10-26  Michael Saboff  <msaboff@apple.com>
3095
3096         Increase StringImpl Flag Bits for 8 bit Strings
3097         https://bugs.webkit.org/show_bug.cgi?id=70937
3098
3099         Increased the number of bits used for flags in StringImpl
3100         from 6 to 8 bits. This frees up 2 flag bits that will be
3101         used for 8-bit string support. Updated hash methods accordingly.
3102         Changed hash value masking from the low bits to the high
3103         bits.
3104
3105         Reviewed by Darin Adler.
3106
3107         * create_hash_table:
3108         * wtf/StringHasher.h:
3109         (WTF::StringHasher::hash):
3110         * wtf/text/StringImpl.h:
3111
3112 2011-10-26  Dan Bernstein  <mitz@apple.com>
3113
3114         Build fix.
3115
3116         Reverted r98488, which caused the scripts’ status messages to be included in the generated
3117         files.
3118
3119         * create_hash_table:
3120         * create_jit_stubs:
3121
3122 2011-10-26  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
3123
3124         Don't print regular output to STDERR when generating hashtables and JIT stubs
3125
3126         Reviewed by Simon Hausmann.
3127
3128         * create_hash_table:
3129         * create_jit_stubs:
3130
3131 2011-10-25  Gavin Barraclough  <barraclough@apple.com>
3132
3133         Split DFGJITCodeGenerator::callOperation methods
3134         https://bugs.webkit.org/show_bug.cgi?id=70870
3135
3136         Reviewed by Filip Pizlo.
3137
3138         The DFGJITCodeGenerator currently contains two sets of callOperation methods.
3139         One set works with the JSVALUE64 value representation and passes arguments in
3140         registers (suitable for use on x86-64), and one set works with the JSVALUE32_64
3141         value representation and passes arguments in memory  (suitable for use on x86).
3142         By refactoring out the representation and calling convention specific aspects
3143         of the code we can also configure the DFG JIT to operator on platforms that use
3144         the JSVALUE32_64 value representation but pass arguments in registers.
3145
3146         On platforms supported by the JIT, the payload precedes the tag of a value in
3147         argument/result ordering, as such, in order to make the setupResults method
3148         generally applicable to return the results of a function that are returned in
3149         two registers, the ordering of arguments to this function has been reversed -
3150         as is the ordering of augments passed to setupArguments methods, with respect
3151         to the ordering with which they are passed in to callOperation.
3152         This inconsistency will be resolved in a later change when we combine the pairs
3153         of arguments passed into callOperation, such that the function signatures can
3154         be made consistent across the two value representations (the callOperation
3155         methods will be passed a reference to a struct representing the JSValue
3156         temporary, this will consist of two gprs on 32_64 and one on 64).
3157
3158         * dfg/DFGJITCodeGenerator.h:
3159         (JSC::DFG::resetCallArguments):
3160         (JSC::DFG::addCallArgument):
3161             - moved, removed tag,payload version of this method.
3162         (JSC::DFG::setupArguments):
3163         (JSC::DFG::setupArgumentsExecState):
3164         (JSC::DFG::setupArgumentsWithExecState):
3165             - Calling convention specific portion of callOperation refactored out into these methods.
3166         (JSC::DFG::callOperation):
3167             - updated these methods to use setupArguments* methods.
3168         (JSC::DFG::setupResults):
3169             - setupResults is now passed payload,tag.
3170         (JSC::DFG::appendCallWithExceptionCheckSetResult):
3171             - Added fpr versions of this function.
3172         (JSC::DFG::appendCallSetResult):
3173             - Added versions of this function without exception check.
3174         * dfg/DFGJITCodeGenerator32_64.cpp:
3175         (JSC::DFG::JITCodeGenerator::emitCall):
3176             - setupResults is now passed payload,tag.
3177
3178 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
3179
3180         Remove deletePropertyVirtual
3181         https://bugs.webkit.org/show_bug.cgi?id=70738
3182
3183         Reviewed by Geoffrey Garen.
3184
3185         Removed all declarations and definitions of deletePropertyVirtual.
3186         Also replaced all call sites to deletePropertyVirtual with a 
3187         corresponding lookup in the MethodTable.
3188
3189         * API/JSCallbackObject.h:
3190         * API/JSCallbackObjectFunctions.h:
3191         (JSC::::deletePropertyByIndex):
3192         * API/JSObjectRef.cpp:
3193         (JSObjectDeleteProperty):
3194         * JavaScriptCore.exp:
3195         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3196         * debugger/DebuggerActivation.cpp:
3197         (JSC::DebuggerActivation::deleteProperty):
3198         * debugger/DebuggerActivation.h:
3199         * interpreter/Interpreter.cpp:
3200         (JSC::Interpreter::privateExecute):
3201         * jit/JITStubs.cpp:
3202         (JSC::DEFINE_STUB_FUNCTION):
3203         * runtime/Arguments.cpp:
3204         * runtime/Arguments.h:
3205         * runtime/ArrayPrototype.cpp:
3206         (JSC::arrayProtoFuncPop):
3207         (JSC::arrayProtoFuncReverse):
3208         (JSC::arrayProtoFuncShift):
3209         (JSC::arrayProtoFuncSplice):
3210         (JSC::arrayProtoFuncUnShift):
3211         * runtime/JSActivation.cpp:
3212         * runtime/JSActivation.h:
3213         * runtime/JSArray.cpp:
3214         (JSC::JSArray::deleteProperty):
3215         (JSC::JSArray::deletePropertyByIndex):
3216         * runtime/JSArray.h:
3217         * runtime/JSCell.cpp:
3218         (JSC::JSCell::deleteProperty):
3219         (JSC::JSCell::deletePropertyByIndex):
3220         * runtime/JSCell.h:
3221         * runtime/JSFunction.cpp:
3222         * runtime/JSFunction.h:
3223         * runtime/JSNotAnObject.cpp:
3224         * runtime/JSNotAnObject.h:
3225         * runtime/JSONObject.cpp:
3226         (JSC::Walker::walk):
3227         * runtime/JSObject.cpp:
3228         (JSC::JSObject::deletePropertyByIndex):
3229         (JSC::JSObject::defineOwnProperty):
3230         * runtime/JSObject.h:
3231         * runtime/JSVariableObject.cpp:
3232         * runtime/JSVariableObject.h:
3233         * runtime/RegExpMatchesArray.h:
3234         * runtime/StrictEvalActivation.cpp:
3235         * runtime/StrictEvalActivation.h:
3236         * runtime/StringObject.cpp:
3237         * runtime/StringObject.h:
3238
3239 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
3240
3241         Remove putVirtual
3242         https://bugs.webkit.org/show_bug.cgi?id=70740
3243
3244         Reviewed by Geoffrey Garen.
3245
3246         Removed all declarations and definitions of putVirtual.
3247         Also replaced all call sites to putVirtual with a 
3248         corresponding lookup in the MethodTable.
3249
3250         * API/JSCallbackObject.h:
3251         * API/JSCallbackObjectFunctions.h:
3252         * API/JSObjectRef.cpp:
3253         (JSObjectSetProperty):
3254         (JSObjectSetPropertyAtIndex):
3255         * JavaScriptCore.exp:
3256         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3257         * debugger/DebuggerActivation.cpp:
3258         (JSC::DebuggerActivation::put):
3259         * debugger/DebuggerActivation.h:
3260         * dfg/DFGOperations.cpp:
3261         * interpreter/Interpreter.cpp:
3262         (JSC::Interpreter::execute):
3263         (JSC::Interpreter::privateExecute):
3264         * jsc.cpp:
3265         (GlobalObject::finishCreation):
3266         * runtime/Arguments.cpp:
3267         * runtime/Arguments.h:
3268         * runtime/ArrayPrototype.cpp:
3269         (JSC::putProperty):
3270         (JSC::arrayProtoFuncConcat):
3271         (JSC::arrayProtoFuncPush):
3272         (JSC::arrayProtoFuncReverse):
3273         (JSC::arrayProtoFuncShift):
3274         (JSC::arrayProtoFuncSlice):
3275         (JSC::arrayProtoFuncSort):
3276         (JSC::arrayProtoFuncSplice):
3277         (JSC::arrayProtoFuncUnShift):
3278         (JSC::arrayProtoFuncFilter):
3279         (JSC::arrayProtoFuncMap):
3280         * runtime/JSActivation.cpp:
3281         * runtime/JSActivation.h:
3282         * runtime/JSArray.cpp:
3283         (JSC::JSArray::putSlowCase):
3284         (JSC::JSArray::push):
3285         (JSC::JSArray::shiftCount):
3286         (JSC::JSArray::unshiftCount):
3287         * runtime/JSArray.h:
3288         * runtime/JSByteArray.cpp:
3289         * runtime/JSByteArray.h:
3290         * runtime/JSCell.cpp:
3291         (JSC::JSCell::put):
3292         (JSC::JSCell::putByIndex):
3293         * runtime/JSCell.h:
3294         * runtime/JSFunction.cpp:
3295         * runtime/JSFunction.h:
3296         * runtime/JSGlobalObject.cpp:
3297         * runtime/JSGlobalObject.h:
3298         * runtime/JSNotAnObject.cpp:
3299         * runtime/JSNotAnObject.h:
3300         * runtime/JSONObject.cpp:
3301         (JSC::Walker::walk):
3302         * runtime/JSObject.cpp:
3303         (JSC::JSObject::putByIndex):
3304         (JSC::JSObject::defineOwnProperty):
3305         * runtime/JSObject.h:
3306         (JSC::JSValue::put):
3307         * runtime/JSStaticScopeObject.cpp:
3308         * runtime/JSStaticScopeObject.h:
3309         * runtime/ObjectPrototype.cpp:
3310         * runtime/ObjectPrototype.h:
3311         * runtime/RegExpConstructor.cpp:
3312         * runtime/RegExpConstructor.h:
3313         * runtime/RegExpMatchesArray.h:
3314         * runtime/RegExpObject.cpp:
3315         * runtime/RegExpObject.h:
3316         * runtime/StringObject.cpp:
3317         * runtime/StringObject.h:
3318         * runtime/StringPrototype.cpp:
3319         (JSC::stringProtoFuncSplit):
3320
3321 2011-10-25  Gavin Barraclough  <barraclough@apple.com>
3322
3323         Separate out function linking & exception check data structures.
3324         https://bugs.webkit.org/show_bug.cgi?id=70858
3325
3326         Reviewed by Oliver Hunt.
3327
3328         This will make it easier to refactor the callOperation methods to spilt the value
3329         representation specific handling from the cpu/calling-convention implementation.
3330
3331         * dfg/DFGJITCodeGenerator.h:
3332         (JSC::DFG::appendCallWithExceptionCheck):
3333         * dfg/DFGJITCodeGenerator32_64.cpp:
3334         (JSC::DFG::JITCodeGenerator::emitCall):
3335         * dfg/DFGJITCodeGenerator64.cpp:
3336         (JSC::DFG::JITCodeGenerator::emitCall):
3337         * dfg/DFGJITCompiler.cpp:
3338         (JSC::DFG::JITCompiler::compileBody):
3339         (JSC::DFG::JITCompiler::link):
3340         * dfg/DFGJITCompiler.h:
3341         (JSC::DFG::CallLinkRecord::CallLinkRecord):
3342         (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
3343         (JSC::DFG::JITCompiler::JITCompiler):
3344         (JSC::DFG::JITCompiler::notifyCall):
3345         (JSC::DFG::JITCompiler::appendCall):
3346         (JSC::DFG::JITCompiler::addExceptionCheck):
3347         (JSC::DFG::JITCompiler::addFastExceptionCheck):
3348         * dfg/DFGJITCompiler32_64.cpp:
3349         (JSC::DFG::JITCompiler::compileBody):
3350         (JSC::DFG::JITCompiler::link):
3351
3352 2011-10-25  Filip Pizlo  <fpizlo@apple.com>
3353
3354         Tiered compilation may introduce dangling pointers in constant buffers
3355         https://bugs.webkit.org/show_bug.cgi?id=70854
3356
3357         Reviewed by Oliver Hunt.
3358         
3359         Tiered compilation now copies constant buffers, which fixes the regression in
3360         https://bugs.webkit.org/show_bug.cgi?id=70246. No new tests because this
3361         regression relies on a subtle interleaving of optimized compilation and garbage
3362         collection, and cannot be reproduced in a simple test.
3363         
3364         This also adds some new debug support, which was used to fix this bug and is
3365         likely to be useful in the future.
3366
3367         * bytecode/CodeBlock.cpp:
3368         (JSC::CodeBlock::copyDataFrom):
3369         (JSC::CodeBlock::usesOpcode):
3370         * bytecode/CodeBlock.h:
3371         * dfg/DFGGraph.cpp:
3372         (JSC::DFG::Graph::dump):
3373
3374 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
3375
3376         Fixing Windows build after r98367
3377
3378         Unreviewed build fix
3379
3380         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3381
3382 2011-10-25  Yuqiang Xian  <yuqiang.xian@intel.com>
3383
3384         Add missing DFG file entries to the make lists for GTK and Qt ports
3385         https://bugs.webkit.org/show_bug.cgi?id=70806
3386
3387         Reviewed by Darin Adler.
3388
3389         * GNUmakefile.list.am:
3390         * JavaScriptCore.pro:
3391
3392 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
3393
3394         Add getOwnPropertySlot to MethodTable
3395         https://bugs.webkit.org/show_bug.cgi?id=69807
3396
3397         Reviewed by Oliver Hunt.
3398
3399         * JavaScriptCore.exp:
3400         * runtime/ClassInfo.h: Added both versions of getOwnPropertySlot to the MethodTable.
3401         * runtime/JSCell.h: Changed getOwnPropertySlot to be protected so other classes can 
3402         reference it in their MethodTables.
3403
3404 2011-10-25  Oliver Hunt  <oliver@apple.com>
3405
3406         Need to support marking of multiple nested codeblocks when compiling
3407         https://bugs.webkit.org/show_bug.cgi?id=70832
3408
3409         Reviewed by Gavin Barraclough.
3410
3411         When inlining a function we end up with multiple codeblocks being
3412         compiled at the same time, so we need to support a list of live
3413         codeblocks.
3414
3415         * heap/Heap.cpp:
3416         (JSC::Heap::markRoots):
3417         * runtime/JSGlobalData.cpp:
3418         (JSC::JSGlobalData::JSGlobalData):
3419         * runtime/JSGlobalData.h:
3420         (JSC::JSGlobalData::startedCompiling):
3421         (JSC::JSGlobalData::finishedCompiling):
3422
3423 2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
3424
3425         DFG JIT 32_64 - fillInteger should accept DataFormatJSInteger
3426         https://bugs.webkit.org/show_bug.cgi?id=70798
3427
3428         Reviewed by Filip Pizlo.
3429
3430         When filling an integer for a known integer node (not speculated), it
3431         should accept DataFormatJSInteger as well.
3432
3433         * dfg/DFGJITCodeGenerator32_64.cpp:
3434         (JSC::DFG::JITCodeGenerator::fillInteger):
3435
3436 2011-10-24  Geoffrey Garen  <ggaren@apple.com>
3437
3438         Build fix: removed some cases of threadsafeCopy() that I missed in
3439         my previous patch.
3440
3441         * JavaScriptCore.order:
3442
3443 2011-10-24  Geoffrey Garen  <ggaren@apple.com>
3444
3445         Removed SharedUChar and tightened language around its previous uses
3446         https://bugs.webkit.org/show_bug.cgi?id=70698
3447
3448         Reviewed by David Levin.
3449
3450         - Removed SharedUChar because most of its functionality has moved into
3451         other abstraction layers, and we want remaining clients to choose their
3452         abstractions explicitly instead of relying on StringImpl to provide this
3453         behavior implicitly, since we think they can sometimes make more efficient
3454         choices.
3455
3456         - Renamed "threadSafeCopy" and "crossThreadCopy" to "isolatedCopy" because
3457         the former names could give the impression that the resulting object was
3458         thread-safe, but actually it's just an isolated copy, which is not
3459         thread-safe by itself, but can be used to implement a thread-safe
3460         algorithm through isolation.
3461
3462         * wtf/CrossThreadRefCounted.h: Removed.
3463
3464         * JavaScriptCore.exp: Export!
3465
3466         * wtf/text/StringImpl.cpp:
3467         (WTF::StringImpl::~StringImpl): Removed the stuff mentioned above.
3468
3469         * wtf/text/StringImpl.h:
3470         (WTF::StringImpl::length): Ditto.
3471
3472         (WTF::StringImpl::isolatedCopy): Inlined this, since it's now trivial.
3473
3474         * wtf/text/WTFString.cpp:
3475         (WTF::String::isolatedCopy):
3476         * wtf/text/WTFString.h: Updated for StringImpl changes.
3477
3478         * API/OpaqueJSString.h:
3479         * GNUmakefile.list.am:
3480         * JavaScriptCore.exp:
3481         * JavaScriptCore.gypi:
3482         * JavaScriptCore.order:
3483         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
3484         * JavaScriptCore.xcodeproj/project.pbxproj:
3485         * wtf/CMakeLists.txt:
3486         * wtf/OwnFastMallocPtr.h:
3487         * wtf/RefCounted.h:
3488         * wtf/SizeLimits.cpp:
3489         * wtf/ThreadSafeRefCounted.h:
3490         * wtf/wtf.pri:
3491         * yarr/YarrPattern.h: Updated these files to accomodate removal of
3492         CrossThreadRefCounted.h.
3493
3494 2011-10-24  Oliver Hunt  <oliver@apple.com>
3495
3496         Crash in void JSC::validateCell<JSC::RegExp*>(JSC::RegExp*)
3497         https://bugs.webkit.org/show_bug.cgi?id=70689
3498
3499         Reviewed by Filip Pizlo.
3500
3501         While performing codegen we need to make the GlobalData explicitly
3502         aware of the codeblock being compiled, as compilation may trigger GC
3503         and CodeBlock holds GC values, but has not yet been assigned to its
3504         owner executable.
3505
3506         * bytecompiler/BytecodeGenerator.cpp:
3507         (JSC::BytecodeGenerator::BytecodeGenerator):
3508         (JSC::BytecodeGenerator::~BytecodeGenerator):
3509         * bytecompiler/BytecodeGenerator.h:
3510         * heap/AllocationSpace.cpp:
3511         (JSC::AllocationSpace::allocateSlowCase):
3512         * heap/Heap.cpp:
3513         (JSC::Heap::markRoots):
3514         * runtime/JSGlobalData.cpp:
3515         (JSC::JSGlobalData::JSGlobalData):
3516         * runtime/JSGlobalData.h:
3517         (JSC::JSGlobalData::startedCompiling):
3518         (JSC::JSGlobalData::finishedCompiling):
3519
3520 2011-10-24  Filip Pizlo  <fpizlo@apple.com>
3521
3522         Object-or-other branch speculation may corrupt the state for OSR if the child of the
3523         branch is an integer
3524         https://bugs.webkit.org/show_bug.cgi?id=70777
3525
3526         Reviewed by Oliver Hunt.
3527
3528         * dfg/DFGSpeculativeJIT64.cpp:
3529         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
3530
3531 2011-10-24  Filip Pizlo  <fpizlo@apple.com>
3532
3533         op_new_array_buffer is not inlined correctly
3534         https://bugs.webkit.org/show_bug.cgi?id=70770
3535
3536         Reviewed by Oliver Hunt.
3537         
3538         Disabled inlining of op_new_array_buffer, for now.
3539
3540         * dfg/DFGCapabilities.h:
3541         (JSC::DFG::canInlineOpcode):
3542
3543 2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
3544
3545         Add boolean speculations to DFG JIT 32_64
3546         https://bugs.webkit.org/show_bug.cgi?id=70706
3547
3548         Reviewed by Filip Pizlo.
3549
3550         Different from the boolean speculations in DFG 64, the boolean
3551         speculations in DFG 32_64 will use a 32bit GPR to hold the primitive
3552         boolean instead of a JSBoolean. This choice is not only for
3553         performance, but also to save a register as we're short of registers on
3554         X86.
3555         To accomplish this we make use of DataFormatBoolean, allow a value to
3556         be represented as a primitive boolean and converted from/to a
3557         JSBoolean.
3558         This patch also fixes SpillOrder in 32_64, which should be different
3559         from 64, and fixes needDataFormatConversion logic in 32_64.
3560
3561         * assembler/MacroAssemblerX86Common.h:
3562         (JSC::MacroAssemblerX86Common::branchTest32):
3563             We don't expect byte test actually as it doesn't work for registers
3564             esp..edi on X86.
3565         * dfg/DFGGenerationInfo.h:
3566         (JSC::DFG::needDataFormatConversion):
3567         (JSC::DFG::GenerationInfo::initBoolean):
3568         (JSC::DFG::GenerationInfo::gpr):
3569         (JSC::DFG::GenerationInfo::fillInteger):
3570         (JSC::DFG::GenerationInfo::fillBoolean):
3571         * dfg/DFGJITCodeGenerator.cpp:
3572         (JSC::DFG::JITCodeGenerator::checkConsistency):
3573         * dfg/DFGJITCodeGenerator.h:
3574         (JSC::DFG::JITCodeGenerator::use):
3575         (JSC::DFG::JITCodeGenerator::silentSpillGPR):
3576         (JSC::DFG::JITCodeGenerator::silentFillGPR):
3577         (JSC::DFG::JITCodeGenerator::spill):
3578         (JSC::DFG::cellResult):
3579         (JSC::DFG::booleanResult):
3580         * dfg/DFGJITCodeGenerator32_64.cpp:
3581         (JSC::DFG::JITCodeGenerator::fillJSValue):
3582         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
3583         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
3584         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
3585         * dfg/DFGJITCompiler32_64.cpp:
3586         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
3587         * dfg/DFGSpeculativeJIT.cpp:
3588         (JSC::DFG::ValueSource::dump):
3589         (JSC::DFG::ValueRecovery::dump):
3590         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
3591         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
3592         * dfg/DFGSpeculativeJIT.h:
3593         (JSC::DFG::ValueSource::forPrediction):
3594         (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
3595         (JSC::DFG::ValueRecovery::inGPR):
3596         (JSC::DFG::ValueRecovery::gpr):
3597         * dfg/DFGSpeculativeJIT32_64.cpp:
3598         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
3599         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3600         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
3601         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
3602         (JSC::DFG::SpeculativeJIT::compare):
3603         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
3604         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
3605         (JSC::DFG::SpeculativeJIT::emitBranch):
3606         (JSC::DFG::SpeculativeJIT::compile):
3607
3608 2011-10-24  Mark Hahnenberg  <mhahnenberg@apple.com>
3609
3610         Fixing Windows build
3611
3612         Unreviewed build fix
3613
3614         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3615
3616 2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
3617
3618         BitVector isInline check could fail
3619         https://bugs.webkit.org/show_bug.cgi?id=70691
3620
3621         Reviewed by Geoffrey Garen.
3622
3623         Current BitVector uses the highest bit of m_bitsOrPointer to indicate
3624         whether it's an inlined bit set or a pointer to an outOfLine bit set.
3625         This check may fail in case the pointer also has the highest bit set,
3626         which is surely possible on IA32 (Linux).
3627         In this case the check failure can result in unexpected behaviors,
3628         for example if the BitVector is incorrectly determined as having an
3629         inlined bit set, then setting a bit exceeding maxInlineBits will wrongly
3630         modify the memory adjacent to the BitVector object.
3631         This fix is to use the lowest bit of m_bitsOrPointer to indicate inline
3632         or outofline, based on the assumption that the pointer to OutOfLineBits
3633         should be 4 or 8 byte aligned.
3634         We could mark the lowest bit (bit 0) with 1 for inlined bit set,
3635         and bits 1~bitsInPointer are used for bit set/test.
3636         In this case we need do one bit more shift for bit set/test.
3637
3638         * wtf/BitVector.cpp:
3639         (WTF::BitVector::resizeOutOfLine):
3640         * wtf/BitVector.h:
3641         (WTF::BitVector::quickGet):
3642         (WTF::BitVector::quickSet):
3643         (WTF::BitVector::quickClear):
3644         (WTF::BitVector::makeInlineBits):
3645         (WTF::BitVector::isInline):
3646
3647 2011-10-24  Mark Hahnenberg  <mhahnenberg@apple.com>
3648
3649         Rename static getOwnPropertySlot to getOwnPropertySlotByIndex
3650         https://bugs.webkit.org/show_bug.cgi?id=70271
3651
3652         Reviewed by Darin Adler.
3653
3654         Renaming versions of getOwnPropertySlot that use an unsigned as the property
3655         name to "getOwnPropertySlotByIndex" in preparation for adding them to the 
3656         MethodTable, which requires unique names for each method.
3657
3658         * JavaScriptCore.exp:
3659         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3660         * runtime/Arguments.cpp:
3661         (JSC::Arguments::getOwnPropertySlotVirtual):
3662         (JSC::Arguments::getOwnPropertySlotByIndex):
3663         * runtime/Arguments.h:
3664         * runtime/JSArray.cpp:
3665         (JSC::JSArray::getOwnPropertySlotVirtual):
3666         (JSC::JSArray::getOwnPropertySlotByIndex):
3667         (JSC::JSArray::getOwnPropertySlot):
3668         * runtime/JSArray.h:
3669         * runtime/JSByteArray.cpp:
3670         (JSC::JSByteArray::getOwnPropertySlotVirtual):
3671         (JSC::JSByteArray::getOwnPropertySlotByIndex):
3672         * runtime/JSByteArray.h:
3673         * runtime/JSCell.cpp:
3674         (JSC::JSCell::getOwnPropertySlotVirtual):
3675         (JSC::JSCell::getOwnPropertySlotByIndex):
3676         * runtime/JSCell.h:
3677         * runtime/JSNotAnObject.cpp:
3678         (JSC::JSNotAnObject::getOwnPropertySlotVirtual):
3679         (JSC::JSNotAnObject::getOwnPropertySlotByIndex):
3680         * runtime/JSNotAnObject.h:
3681         * runtime/JSObject.cpp:
3682         (JSC::JSObject::getOwnPropertySlotVirtual):
3683         (JSC::JSObject::getOwnPropertySlotByIndex):
3684         * runtime/JSObject.h:
3685         * runtime/JSString.cpp:
3686         (JSC::JSString::getOwnPropertySlotVirtual):
3687         (JSC::JSString::getOwnPropertySlotByIndex):
3688         * runtime/JSString.h:
3689         * runtime/ObjectPrototype.cpp:
3690         (JSC::ObjectPrototype::getOwnPropertySlotVirtual):
3691         (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
3692         * runtime/ObjectPrototype.h:
3693         * runtime/RegExpMatchesArray.h:
3694         (JSC::RegExpMatchesArray::getOwnPropertySlotVirtual):
3695         (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
3696         * runtime/StringObject.cpp:
3697         (JSC::StringObject::getOwnPropertySlotVirtual):
3698         (JSC::StringObject::getOwnPropertySlotByIndex):
3699         * runtime/StringObject.h:
3700
3701 2011-10-24  Patrick Gansterer  <paroga@webkit.org>
3702
3703         Interpreter build fix after r98179.
3704
3705         * bytecode/CodeBlock.h:
3706         Moved CodeBlock::baselineVersion() into ENABLE(JIT) block,
3707         since it is only used there.
3708
3709 2011-10-23  Geoffrey Garen  <ggaren@apple.com>
3710
3711         Fixed a typo Darin spotted.
3712
3713         * wtf/StringHasher.h:
3714         (WTF::StringHasher::hash): Expelliarmus!
3715
3716 2011-10-23  Geoffrey Garen  <ggaren@apple.com>
3717
3718         Removed StringImpl::createStrippingNullCharacters
3719         https://bugs.webkit.org/show_bug.cgi?id=70700
3720
3721         Reviewed by David Levin.
3722         
3723         It was unused.
3724
3725         * JavaScriptCore.exp:
3726         * wtf/text/StringImpl.cpp:
3727         * wtf/text/StringImpl.h:
3728
3729 2011-10-22  Filip Pizlo  <fpizlo@apple.com>
3730
3731         DFG should inline constructors
3732         https://bugs.webkit.org/show_bug.cgi?id=70675
3733
3734         Reviewed by Oliver Hunt.
3735         
3736         Adds support for inlining constructors. Also fixes two pathologies
3737         uncovered along the way: CheckMethod claimed that it never returned a
3738         result (causing CheckMethod -> SetLocal -> GetLocal sequences to
3739         result in the GetLocal doing OSR exit), and get_by_id parsing never
3740         checked if it was hot in slow path. Also fiddled with inlining
3741         heuristics; it appears that for now, the more inlining, the happier
3742         V8 is. Finally, a bug was uncovered where a silent spill of a boxed
3743         integer that had previously been spilled unboxed causes the silent
3744         fill to forget to unbox.
3745         
3746         This appears to be a 4% speed-up on V8 in their harness, or a 1%
3747         speed-up in my harness. The difference is due to warm-up: in my
3748         harness we see significant amounts of time spent in compilation, but
3749         in V8's harness compilation gets amortizes. Profiling indicates that
3750         we have the potential for a 5% win from basic optimizations like
3751         generating OSR exits lazily and holding onto bytecode longer.
3752
3753         * dfg/DFGAbstractState.cpp:
3754         (JSC::DFG::AbstractState::execute):
3755         * dfg/DFGByteCodeParser.cpp:
3756         (JSC::DFG::ByteCodeParser::handleCall):
3757         (JSC::DFG::ByteCodeParser::handleInlining):
3758         (JSC::DFG::ByteCodeParser::handleMinMax):
3759         (JSC::DFG::ByteCodeParser::parseBlock):
3760         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
3761         (JSC::DFG::ByteCodeParser::parse):
3762         * dfg/DFGCapabilities.h:
3763         (JSC::DFG::mightInlineFunctionForConstruct):
3764         (JSC::DFG::canInlineOpcode):
3765         (JSC::DFG::mightInlineFunctionFor):
3766         (JSC::DFG::canInlineFunctionFor):
3767         * dfg/DFGJITCodeGenerator.h:
3768         (JSC::DFG::JITCodeGenerator::silentFillGPR):
3769         * runtime/Executable.h:
3770         (JSC::isCall):
3771         (JSC::ExecutableBase::intrinsicFor):
3772         * runtime/Heuristics.cpp:
3773         (JSC::Heuristics::initializeHeuristics):
3774         * runtime/Heuristics.h:
3775
3776 2011-10-23  Noel Gordon  <noel.gordon@gmail.com>
3777
3778         [chromium] Remove RopeImpl.{h,cpp} from the gyp projects
3779         https://bugs.webkit.org/show_bug.cgi?id=70703
3780
3781         Reviewed by Kent Tamura.
3782
3783         runtime/RopeImpl.{h,cpp} were removed in r97872, remove references
3784         to these files from the gyp project files.
3785
3786         * JavaScriptCore.gypi:
3787
3788 2011-10-23  Mark Hahnenberg  <mhahnenberg@apple.com>
3789
3790         Add deleteProperty to the MethodTable
3791         https://bugs.webkit.org/show_bug.cgi?id=70162
3792
3793         Reviewed by Sam Weinig.
3794
3795         * JavaScriptCore.exp:
3796         * runtime/ClassInfo.h: Added both versions of deleteProperty to the MethodTable.
3797         * runtime/JSFunction.h: Changed JSFunction::deleteProperty to 
3798         be protected rather than private for subclasses who don't provide their own
3799         implementation.
3800
3801 2011-10-23  Mark Hahnenberg  <mhahnenberg@apple.com>
3802
3803         Remove getConstructDataVirtual
3804         https://bugs.webkit.org/show_bug.cgi?id=70638
3805
3806         Reviewed by Darin Adler.
3807
3808         Removed all declarations and definitions of getConstructDataVirtual.
3809         Also replaced all call sites to getConstructDataVirtual with a 
3810         corresponding lookup in the MethodTable.
3811
3812         * API/JSCallbackConstructor.cpp:
3813         * API/JSCallbackConstructor.h:
3814         * API/JSCallbackObject.h:
3815         * API/JSCallbackObjectFunctions.h:
3816         * API/JSObjectRef.cpp:
3817         (JSObjectIsConstructor):
3818         (JSObjectCallAsConstructor):
3819         * JavaScriptCore.exp:
3820         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3821         * dfg/DFGOperations.cpp:
3822         * interpreter/Interpreter.cpp:
3823         (JSC::Interpreter::privateExecute):
3824         * jit/JITStubs.cpp:
3825         (JSC::DEFINE_STUB_FUNCTION):
3826         * runtime/ArrayConstructor.cpp:
3827         * runtime/ArrayConstructor.h:
3828         * runtime/BooleanConstructor.cpp:
3829         * runtime/BooleanConstructor.h:
3830         * runtime/DateConstructor.cpp:
3831         * runtime/DateConstructor.h:
3832         * runtime/Error.h:
3833         (JSC::StrictModeTypeErrorFunction::getConstructData):
3834         * runtime/ErrorConstructor.cpp:
3835         * runtime/ErrorConstructor.h:
3836         * runtime/FunctionConstructor.cpp:
3837         * runtime/FunctionConstructor.h:
3838         * runtime/JSCell.cpp:
3839         * runtime/JSCell.h:
3840         * runtime/JSFunction.cpp:
3841         * runtime/JSFunction.h:
3842         * runtime/JSObject.h:
3843         (JSC::getConstructData):
3844         * runtime/NativeErrorConstructor.cpp:
3845         * runtime/NativeErrorConstructor.h:
3846         * runtime/NumberConstructor.cpp:
3847         * runtime/NumberConstructor.h:
3848         * runtime/ObjectConstructor.cpp:
3849         * runtime/ObjectConstructor.h:
3850         * runtime/RegExpConstructor.cpp:
3851         * runtime/RegExpConstructor.h:
3852         * runtime/StringConstructor.cpp:
3853         * runtime/StringConstructor.h:
3854
3855 2011-10-23  Geoffrey Garen  <ggaren@apple.com>
3856
3857         Try to fix the SL build.
3858
3859         * dfg/DFGByteCodeParser.cpp:
3860         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Cast
3861         away int vs unisgned warning.
3862
3863 2011-10-21  Geoffrey Garen  <ggaren@apple.com>
3864
3865         Separated string lifetime bits from character buffer state bits
3866         https://bugs.webkit.org/show_bug.cgi?id=70673
3867
3868         Reviewed by Anders Carlsson.
3869         
3870         Moved the static/immortal bit into the bottom bit of the refcount, and
3871         moved all other bits into the high bits of the hash code.
3872         
3873         This is the first step toward a new Characters/PassString class, and it
3874         makes ref/deref slightly more efficient.
3875
3876         * create_hash_table:
3877         * wtf/StringHasher.h:
3878         (WTF::StringHasher::hash): Tweaked the string hashing function to leave
3879         the top bits clear, so they can be used as flags.
3880         
3881         Fixed some small differences between the PERL copy of this function and
3882         the C++ copy of this function, which could have in theory caused subtle
3883         crashes.
3884
3885         * wtf/text/StringImpl.cpp:
3886         (WTF::StringImpl::sharedBuffer):
3887         (WTF::StringImpl::createWithTerminatingNullCharacter):
3888         * wtf/text/StringImpl.h:
3889         (WTF::StringImpl::StringImpl):
3890         (WTF::StringImpl::cost): Renamed s_refCountFlagShouldReportedCost to
3891         s_didReportExtraCost, since the original name was both self-contradictory
3892         and used as a double-negative.
3893
3894         (WTF::StringImpl::isIdentifier):
3895         (WTF::StringImpl::setIsIdentifier):
3896         (WTF::StringImpl::hasTerminatingNullCharacter):
3897         (WTF::StringImpl::isAtomic):
3898         (WTF::StringImpl::setIsAtomic):
3899         (WTF::StringImpl::setHash):
3900         (WTF::StringImpl::rawHash):
3901         (WTF::StringImpl::hasHash):
3902         (WTF::StringImpl::existingHash):
3903         (WTF::StringImpl::hash):
3904         (WTF::StringImpl::hasOneRef):
3905         (WTF::StringImpl::ref):
3906         (WTF::StringImpl::deref):
3907         (WTF::StringImpl::bufferOwnership):
3908         (WTF::StringImpl::isStatic): Moved the static/immortal bit into the bottom
3909         bit of the refcount. Now, all lifetime information lives in the refcount
3910         field. Moved the other bits into the hash code field.
3911
3912 2011-10-21  Filip Pizlo  <fpizlo@apple.com>
3913
3914         DFG inlining sometimes fails to reset constant references
3915         https://bugs.webkit.org/show_bug.cgi?id=70668
3916
3917         Reviewed by Anders Carlsson.
3918         
3919         Reset constant references when we need to (new block created) and not
3920         when we don't (change of inlining depth).
3921
3922         * dfg/DFGByteCodeParser.cpp:
3923         (JSC::DFG::ByteCodeParser::handleInlining):
3924         (JSC::DFG::ByteCodeParser::prepareToParseBlock):
3925         (JSC::DFG::ByteCodeParser::parseBlock):
3926         (JSC::DFG::ByteCodeParser::parseCodeBlock):
3927
3928 2011-10-21  Filip Pizlo  <fpizlo@apple.com>
3929
3930         DFG should have inlining
3931         https://bugs.webkit.org/show_bug.cgi?id=69996
3932
3933         Reviewed by Oliver Hunt.
3934         
3935         Implements inlining that's hooked into the bytecode parser. Only
3936         works for calls, for now, though nothing fundamentally prevents us
3937         from inlining constructor calls. 2% overall speed-up on all
3938         benchmarks. 7% speed-up on V8 (around 34% and 27% on deltablue and
3939         richards respectively), neutral on Kraken and SunSpider. 
3940         
3941         * bytecode/CodeBlock.cpp:
3942         (JSC::CodeBlock::visitAggregate):
3943         * bytecode/CodeBlock.h:
3944         (JSC::CodeBlock::baselineVersion):
3945         (JSC::CodeBlock::setInstructionCount):
3946         (JSC::CodeBlock::likelyToTakeSlowCase):
3947         (JSC::CodeBlock::couldTakeSlowCase):
3948         (JSC::CodeBlock::likelyToTakeSpecialFastCase):
3949         (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
3950         (JSC::CodeBlock::likelyToTakeAnySlowCase):
3951         * bytecode/CodeOrigin.h:
3952         (JSC::CodeOrigin::inlineDepthForCallFrame):
3953         (JSC::CodeOrigin::inlineDepth):
3954         (JSC::CodeOrigin::operator==):
3955         (JSC::CodeOrigin::inlineStack):
3956         * bytecompiler/BytecodeGenerator.cpp:
3957         (JSC::BytecodeGenerator::generate):
3958         * dfg/DFGAbstractState.cpp:
3959         (JSC::DFG::AbstractState::beginBasicBlock):
3960         (JSC::DFG::AbstractState::execute):
3961         (JSC::DFG::AbstractState::mergeStateAtTail):
3962         * dfg/DFGBasicBlock.h:
3963         (JSC::DFG::BasicBlock::BasicBlock):
3964         (JSC::DFG::BasicBlock::ensureLocals):
3965         (JSC::DFG::UnlinkedBlock::UnlinkedBlock):
3966         * dfg/DFGByteCodeParser.cpp:
3967         (JSC::DFG::ByteCodeParser::ByteCodeParser):
3968         (JSC::DFG::ByteCodeParser::getDirect):
3969         (JSC::DFG::ByteCodeParser::get):
3970         (JSC::DFG::ByteCodeParser::setDirect):
3971         (JSC::DFG::ByteCodeParser::set):
3972         (JSC::DFG::ByteCodeParser::getLocal):
3973         (JSC::DFG::ByteCodeParser::getArgument):
3974         (JSC::DFG::ByteCodeParser::flush):
3975         (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry):
3976         (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
3977         (JSC::DFG::ByteCodeParser::handleInlining):
3978         (JSC::DFG::ByteCodeParser::parseBlock):
3979         (JSC::DFG::ByteCodeParser::processPhiStack):
3980         (JSC::DFG::ByteCodeParser::linkBlock):
3981         (JSC::DFG::ByteCodeParser::linkBlocks):
3982         (JSC::DFG::ByteCodeParser::handleSuccessor):
3983         (JSC::DFG::ByteCodeParser::determineReachability):
3984         (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
3985         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
3986         (JSC::DFG::ByteCodeParser::parseCodeBlock):
3987         (JSC::DFG::ByteCodeParser::parse):
3988         * dfg/DFGCapabilities.cpp:
3989         (JSC::DFG::canHandleOpcodes):
3990         (JSC::DFG::canCompileOpcodes):
3991         (JSC::DFG::canInlineOpcodes):
3992         * dfg/DFGCapabilities.h:
3993         (JSC::DFG::mightCompileEval):
3994         (JSC::DFG::mightCompileProgram):
3995         (JSC::DFG::mightCompileFunctionForCall):
3996         (JSC::DFG::mightCompileFunctionForConstruct):
3997         (JSC::DFG::mightInlineFunctionForCall):
3998         (JSC::DFG::mightInlineFunctionForConstruct):
3999         (JSC::DFG::canInlineOpcode):
4000         (JSC::DFG::canInlineOpcodes):
4001         (JSC::DFG::canInlineFunctionForCall):
4002         (JSC::DFG::canInlineFunctionForConstruct):
4003         * dfg/DFGGraph.cpp:
4004         (JSC::DFG::printWhiteSpace):
4005         (JSC::DFG::Graph::dumpCodeOrigin):
4006         (JSC::DFG::Graph::dump):
4007         * dfg/DFGGraph.h:
4008         (JSC::DFG::GetBytecodeBeginForBlock::operator()):
4009         (JSC::DFG::Graph::blockIndexForBytecodeOffset):
4010         * dfg/DFGJITCompiler.cpp:
4011         (JSC::DFG::JITCompiler::decodedCodeMapFor):
4012         (JSC::DFG::JITCompiler::linkOSRExits):
4013         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
4014         * dfg/DFGJITCompiler.h:
4015         (JSC::DFG::JITCompiler::debugCall):
4016         (JSC::DFG::JITCompiler::baselineCodeBlockFor):
4017         * dfg/DFGJITCompiler32_64.cpp:
4018         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
4019         * dfg/DFGNode.h:
4020         (JSC::DFG::Node::hasVariableAccessData):
4021         (JSC::DFG::Node::shouldGenerate):
4022         * dfg/DFGOperands.h:
4023         (JSC::DFG::Operands::ensureLocals):
4024         (JSC::DFG::Operands::setLocal):
4025         (JSC::DFG::Operands::getLocal):
4026         * dfg/DFGPropagator.cpp:
4027         (JSC::DFG::Propagator::propagateNodePredictions):
4028         * dfg/DFGSpeculativeJIT.cpp:
4029         (JSC::DFG::OSRExit::OSRExit):
4030         (JSC::DFG::SpeculativeJIT::compile):
4031         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
4032         * dfg/DFGSpeculativeJIT.h:
4033         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
4034         * dfg/DFGSpeculativeJIT32_64.cpp:
4035         (JSC::DFG::SpeculativeJIT::compile):
4036         * dfg/DFGSpeculativeJIT64.cpp:
4037         (JSC::DFG::Speculativ