Remove the code guarded by STYLE_SCOPED
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-09-30  Benjamin Poulain  <benjamin@webkit.org>
2
3         Remove the code guarded by STYLE_SCOPED
4         https://bugs.webkit.org/show_bug.cgi?id=122123
5
6         Reviewed by Anders Carlsson.
7
8         * Configurations/FeatureDefines.xcconfig:
9
10 2013-09-30  Andreas Kling  <akling@apple.com>
11
12         Pass VM instead of ExecState to ObjectPrototype constructor.
13         <https://webkit.org/b/122116>
14
15         Reviewed by Geoffrey Garen.
16
17         The ObjectPrototype constructor was only using the ExecState to get
18         to the VM.
19
20 2013-09-30  Andreas Kling  <akling@apple.com>
21
22         Pass VM instead of JSGlobalObject to MathObject constructor.
23         <https://webkit.org/b/122119>
24
25         Reviewed by Geoffrey Garen.
26
27         The MathObject constructor was only using the global object to get
28         to the VM. finishCreation() still uses it to set up functions.
29
30 2013-09-30  Filip Pizlo  <fpizlo@apple.com>
31
32         Get rid of the AlreadyInJSStack recoveries since they are totally redundant with the DisplacedInJSStack recoveries
33         https://bugs.webkit.org/show_bug.cgi?id=122065
34
35         Reviewed by Mark Hahnenberg.
36         
37         This mostly just kills a bunch of code.
38         
39         But incidentaly while killing that code, I uncovered a bug in our FTL OSR entrypoint
40         creation phase. The phase inserts a sequence of SetLocal(ExtractOSREntryLocal) nodes.
41         If we hoist some type check into the local, then we might inject a conversion node
42         between the ExtractOSREntryLocal and the SetLocal - for example we might put in a
43         Int32ToDouble node. But currently the FixupPhase will make all conversion nodes placed
44         on an edge of a SetLocal use forward exit. This then confuses the OSR exit machinery.
45         When OSR exit sees a forward exit, it tries to "roll forward" execution from the exiting
46         node to the first node that has a different CodeOrigin. This only works if the nodes
47         after the forward exit are MovHints or other tnings that the OSR exit compiler can
48         forward-execute. But here, it will see a bunch of SetLocal and ExtractOSREntryLocal
49         nodes for the same bytecode index. Two possible solutions exist. We could teach the
50         forward-execution logic how to deal with multiple SetLocals and ExtractOSREntryLocals.
51         This would be a lot of complexity; right now it just needs to deal with exactly one
52         SetLocal-like operation. The alternative is to make sure that the conversion node that
53         we inject ends up exiting *backward* rather than forward.
54         
55         But making the conversion nodes exit backward is somewhat tricky. Before this patch,
56         conversion nodes always exit forward for SetLocals and backwards otherwise. It turns out
57         that the solution is to rationalize how we choose the speculation direciton for a
58         conversion node. The conversion node's speculation direction should be the same as the
59         speculation direction of the node for which it is doing a conversion. Since SetLocal's
60         already exit forward by default, this policy preserves our previous behavior. But it
61         also allows the OSR entrypoint creation phase to make its SetLocals exit backward
62         instead.
63         
64         Of course, if the SetLocal(ExtractOSREntryLocal) sequences exit backward, then we need
65         to make sure that the OSR exit machine knows that the local variables are indeed live.
66         Consider that if we have:
67         
68             a: ExtractOSREntryLocal(loc1)
69             b: SetLocal(@a, loc1)
70             c: ExtractOSRentryLocal(loc2)
71             d: SetLocal(@c, loc2)
72         
73         Without additional magic, the exit at @b will think that loc2 is dead and the OSR exit
74         compiler will clobber loc2 with Undefined. So we need to make sure that we actually
75         emit code like:
76         
77             a: ExtractOSREntryLocal(loc1)
78             b: ExtractOSREntryLocal(loc2)
79             c: SetLocal(@a, loc1)
80             d: SetLocal(@b, loc2)
81             e: SetLocal(@a, loc1)
82             f: SetLocal(@b, loc2)
83
84         * CMakeLists.txt:
85         * GNUmakefile.list.am:
86         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
87         * JavaScriptCore.xcodeproj/project.pbxproj:
88         * Target.pri:
89         * bytecode/CodeOrigin.h:
90         * bytecode/ValueRecovery.cpp: Added.
91         (JSC::ValueRecovery::recover):
92         (JSC::ValueRecovery::dumpInContext):
93         (JSC::ValueRecovery::dump):
94         * bytecode/ValueRecovery.h:
95         * dfg/DFGFixupPhase.cpp:
96         (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
97         (JSC::DFG::FixupPhase::fixEdge):
98         * dfg/DFGJITCode.cpp:
99         (JSC::DFG::JITCode::reconstruct):
100         * dfg/DFGNode.h:
101         (JSC::DFG::Node::speculationDirection):
102         (JSC::DFG::Node::setSpeculationDirection):
103         * dfg/DFGOSREntrypointCreationPhase.cpp:
104         (JSC::DFG::OSREntrypointCreationPhase::run):
105         * dfg/DFGOSRExitCompiler32_64.cpp:
106         (JSC::DFG::OSRExitCompiler::compileExit):
107         * dfg/DFGOSRExitCompiler64.cpp:
108         (JSC::DFG::OSRExitCompiler::compileExit):
109         * dfg/DFGSpeculativeJIT.cpp:
110         (JSC::DFG::SpeculativeJIT::compileInlineStart):
111         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
112         * dfg/DFGSpeculativeJIT.h:
113         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
114         * dfg/DFGValueSource.h:
115         (JSC::DFG::ValueSource::valueRecovery):
116         * dfg/DFGVariableEventStream.cpp:
117         (JSC::DFG::VariableEventStream::reconstruct):
118         * ftl/FTLLowerDFGToLLVM.cpp:
119         (JSC::FTL::LowerDFGToLLVM::speculate):
120         (JSC::FTL::LowerDFGToLLVM::speculateMachineInt):
121         * interpreter/Register.h:
122         (JSC::Register::unboxedStrictInt52):
123         * runtime/Arguments.cpp:
124         (JSC::Arguments::tearOff):
125         * runtime/Arguments.h:
126
127 2013-09-30  Alex Christensen  <alex.christensen@flexsim.com>
128
129         Win64 compile fix after r1256490.
130         https://bugs.webkit.org/show_bug.cgi?id=122117
131
132         Reviewed by Michael Saboff.
133
134         * jit/JITStubsMSVC64.asm:
135         Implemented getHostCallReturnValue for Windows x86_64 processors.
136
137 2013-09-30  Andreas Kling  <akling@apple.com>
138
139         Pass VM instead of JSGlobalObject to RegExp constructor.
140         <https://webkit.org/b/122113>
141
142         Reviewed by Darin Adler.
143
144         RegExps don't need anything from the global object during their
145         construction and only use it to get to the VM. Reduce loads by
146         simply passing the VM around instead.
147
148         JSC release binary size -= 120 bytes(!)
149
150 2013-09-30  Patrick Gansterer  <paroga@webkit.org>
151
152         Fix compilation for COMPILER(MSVC) && !CPU(X86) after r156490.
153         https://bugs.webkit.org/show_bug.cgi?id=122102
154
155         Reviewed by Geoffrey Garen.
156
157         _AddressOfReturnAddress() is supported for all platforms of
158         ths Microsoft compiler, so we can use it for !CPU(X86) too.
159
160         * jit/JITOperationWrappers.h:
161
162 2013-09-30  Gabor Rapcsanyi  <rgabor@webkit.org>
163
164         Unreviewed. Build fix for DEBUG_VERBOSE mode after r156511.
165
166         * dfg/DFGSpeculativeJIT.cpp:
167         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
168
169 2013-09-30  Gabor Rapcsanyi  <rgabor@webkit.org>
170
171         Unreviewed. Speculative build fix on ARMv7 Thumb2 after r156490.
172
173         * dfg/DFGSpeculativeJIT.cpp:
174         (JSC::DFG::fmodAsDFGOperation):
175
176 2013-09-29  Nadav Rotem  <nrotem@apple.com>
177
178         FTL: refactor compileAdd and compileArithSub into one function.
179         https://bugs.webkit.org/show_bug.cgi?id=122081
180
181         Reviewed by Geoffrey Garen.
182
183         * ftl/FTLLowerDFGToLLVM.cpp:
184         (JSC::FTL::LowerDFGToLLVM::compileNode):
185         (JSC::FTL::LowerDFGToLLVM::compileAddSub):
186
187 2013-09-29  Andreas Kling  <akling@apple.com>
188
189         Pass VM instead of JSGlobalObject to function constructors.
190         <https://webkit.org/b/122082>
191
192         Reviewed by Darin Adler.
193
194         Functions don't need anything from the global object during their
195         construction and only use it to get to the VM. Reduce loads by
196         simply passing the VM around instead.
197
198         This patch is mostly mechanical, I just changed the signature of
199         InternalFunction and worked my way from there until it built.
200
201         JSC release binary size -= 4840 bytes.
202
203 2013-09-29  Andreas Kling  <akling@apple.com>
204
205         Pass VM instead of JSGlobalObject to ArrayPrototype constructor.
206         <https://webkit.org/b/122079>
207
208         Reviewed by Geoffrey Garen.
209
210         ArrayPrototype doesn't need the global object for anything during
211         construction, so reduce the amount of loads by just passing the VM.
212
213 2013-09-29  Andreas Kling  <akling@apple.com>
214
215         Pass VM instead of ExecState to simple builtin constructors.
216         <https://webkit.org/b/122077>
217
218         Reviewed by Sam Weinig.
219
220         None of the simple builtins need the ExecState for anything during
221         their construction, so reduce the amount of loads by just passing
222         the VM around instead.
223
224 2013-09-29  Nadav Rotem  <nrotem@apple.com>
225
226         Refactor code for finding x86 scratch register.
227         https://bugs.webkit.org/show_bug.cgi?id=122072
228
229         Reviewed by Geoffrey Garen.
230
231         * assembler/MacroAssemblerX86Common.h:
232         (JSC::MacroAssemblerX86Common::getUnusedRegister):
233         (JSC::MacroAssemblerX86Common::store8):
234         (JSC::MacroAssemblerX86Common::store16):
235
236 2013-09-28  Mark Rowe  <mrowe@apple.com>
237
238         Take Xcode's advice and enable some extra warnings.
239
240         Reviewed by Sam Weinig.
241
242         * Configurations/Base.xcconfig:
243         * JavaScriptCore.xcodeproj/project.pbxproj:
244
245 2013-09-28  Andreas Kling  <akling@apple.com>
246
247         Pass VM instead of ExecState to JSFunction constructors.
248         <https://webkit.org/b/122014>
249
250         Reviewed by Geoffrey Garen.
251
252         JSFunction doesn't need the ExecState for anything during its
253         construction, so reduce the amount of loads by just passing the
254         VM around instead.
255
256         Factored out putDirectNonIndexAccessor() from the existing
257         putDirectAccessor() to avoid snowballing the patch (and because
258         it's kinda neat to avoid the extra branch.)
259
260         JSC release binary size -= 9680 bytes.
261
262 2013-09-28  Mark Rowe  <mrowe@apple.com>
263
264         JavaScriptCore fails to build with newer versions of clang.
265
266         Reviewed by Sam Weinig.
267
268         * interpreter/Interpreter.cpp: Remove an unused function.
269         * parser/SourceProvider.cpp: Ditto.
270         * runtime/GCActivityCallback.cpp: #if a constant that's only used on non-CF platforms.
271         * runtime/JSCJSValue.cpp: Remove an unused constant.
272         * runtime/JSString.cpp: Ditto.
273
274 2013-09-27  Filip Pizlo  <fpizlo@apple.com>
275
276         Get rid of SetMyScope/SetCallee; use normal variables for the scope and callee of inlined call frames of closures
277         https://bugs.webkit.org/show_bug.cgi?id=122047
278
279         Reviewed by Oliver Hunt.
280         
281         Currently we have the DFG reserve space for inline call frames at exactly the same stack
282         offsets that you would have gotten if the baseline interpreter/JIT had made the calls.
283         We need to get rid of that. One of the weirder parts of this is that we have special DFG
284         operations for accessing these inlined call frame headers. It's really hard for any
285         analysis of DFG IR to see what the liveness of any of those frame header "variables" is;
286         the liveness behaves like flushed arguments (it's all live until end of the inlinee) but
287         we don't have anything like a Flush node for those special variables.
288         
289         This patch gets rid of the special operations for accessing inline call frame headers.
290         GetMyScope and GetCallee still remain, and are only for accessing the machine call
291         frame's scope/callee entries. The inline call frame's scope/callee now behave like
292         normal variables, and have Flush behavior just like inline arguments.
293
294         * dfg/DFGAbstractInterpreterInlines.h:
295         (JSC::DFG::::executeEffects):
296         * dfg/DFGByteCodeParser.cpp:
297         (JSC::DFG::ByteCodeParser::getDirect):
298         (JSC::DFG::ByteCodeParser::get):
299         (JSC::DFG::ByteCodeParser::setDirect):
300         (JSC::DFG::ByteCodeParser::set):
301         (JSC::DFG::ByteCodeParser::setLocal):
302         (JSC::DFG::ByteCodeParser::setArgument):
303         (JSC::DFG::ByteCodeParser::flush):
304         (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
305         (JSC::DFG::ByteCodeParser::handleInlining):
306         (JSC::DFG::ByteCodeParser::getScope):
307         * dfg/DFGCSEPhase.cpp:
308         (JSC::DFG::CSEPhase::getCalleeLoadElimination):
309         (JSC::DFG::CSEPhase::getMyScopeLoadElimination):
310         (JSC::DFG::CSEPhase::performNodeCSE):
311         * dfg/DFGClobberize.h:
312         (JSC::DFG::clobberize):
313         * dfg/DFGFixupPhase.cpp:
314         (JSC::DFG::FixupPhase::fixupNode):
315         * dfg/DFGNodeType.h:
316         * dfg/DFGPredictionPropagationPhase.cpp:
317         (JSC::DFG::PredictionPropagationPhase::propagate):
318         * dfg/DFGSafeToExecute.h:
319         (JSC::DFG::safeToExecute):
320         * dfg/DFGSpeculativeJIT32_64.cpp:
321         (JSC::DFG::SpeculativeJIT::compile):
322         * dfg/DFGSpeculativeJIT64.cpp:
323         (JSC::DFG::SpeculativeJIT::compile):
324
325 2013-09-27  Filip Pizlo  <fpizlo@apple.com>
326
327         Deoptimize 32-bit deoptimization
328         https://bugs.webkit.org/show_bug.cgi?id=122025
329
330         Reviewed by Oliver Hunt.
331         
332         Just simplifying a bunch of code. I don't want the old, super-complicated,
333         deoptimization code to get in the way of changes I'll be making to DFG stack layout.
334
335         * bytecode/ValueRecovery.h:
336         (JSC::ValueRecovery::inGPR):
337         (JSC::ValueRecovery::isInRegisters):
338         (JSC::ValueRecovery::gpr):
339         (JSC::ValueRecovery::dumpInContext):
340         * dfg/DFGOSRExitCompiler32_64.cpp:
341         (JSC::DFG::OSRExitCompiler::compileExit):
342         * dfg/DFGOSRExitCompiler64.cpp:
343         (JSC::DFG::OSRExitCompiler::compileExit):
344
345 2013-09-27  Alex Christensen  <alex.christensen@flexsim.com>
346
347         Fixed Win64 build after r156184.
348         https://bugs.webkit.org/show_bug.cgi?id=121994
349
350         Reviewed by Oliver Hunt.
351
352         * jit/CCallHelpers.h:
353         (JSC::CCallHelpers::setupTwoStubArgsGPR):
354         (JSC::CCallHelpers::setupTwoStubArgsFPR):
355         Renamed from setupTwoStubArgs.
356         Visual Studio x64 compiler fails to see that this is an overloaded template function.
357         (JSC::CCallHelpers::setupStubArguments):
358         (JSC::CCallHelpers::setupArguments):
359         (JSC::CCallHelpers::setupArgumentsWithExecState):
360         Use setupTwoStubArgsGPR or setupTwoStubArgsFPR instead of setupTwoStubArgs.
361
362 2013-09-27  Gabor Rapcsanyi  <rgabor@webkit.org>
363
364         LLInt alignment problem on ARM in debug mode
365         https://bugs.webkit.org/show_bug.cgi?id=122012
366
367         Reviewed by Michael Saboff.
368
369         Force GCC to put the LLInt code to .text section.
370
371         * llint/LowLevelInterpreter.cpp:
372
373 2013-09-06  Jer Noble  <jer.noble@apple.com>
374
375         [Mac] Implement the media controls in JavaScript.
376         https://bugs.webkit.org/show_bug.cgi?id=120895
377
378         Reviewed by Dean Jackson.
379
380         Define and turn on ENABLE_MEDIA_CONTROLS_SCRIPT.
381
382         * Configurations/FeatureDefines.xcconfig:
383
384 2013-09-27  Andreas Kling  <akling@apple.com>
385
386         Pass VM instead of ExecState to JSDateMath functions.
387         <https://webkit.org/b/121997>
388
389         Reviewed by Geoffrey Garen.
390
391         The JSC date math functions only need the VM, so pass that from
392         callers instead of the whole ExecState.
393
394 2013-09-26  Andreas Kling  <akling@apple.com>
395
396         GetterSetter construction should take a VM instead of ExecState.
397         <https://webkit.org/b/121993>
398
399         Reviewed by Sam Weinig.
400
401         Pass VM& instead of ExecState* to GetterSetter. Updated surrounding
402         code at touched sites to cache VM in a local for fewer loads.
403
404         JSC release binary size -= 4120 bytes.
405
406 2013-09-26  Oliver Hunt  <oliver@apple.com>
407
408         Make GCC happy
409
410         * parser/Parser.h:
411
412 2013-09-25  Oliver Hunt  <oliver@apple.com>
413
414         Implement prefixed-destructuring assignment
415         https://bugs.webkit.org/show_bug.cgi?id=121930
416
417         Reviewed by Mark Hahnenberg.
418
419         Relanding with fix after rollout
420
421 2013-09-26  Michael Saboff  <msaboff@apple.com>
422
423         VirtualRegister should be a class
424         https://bugs.webkit.org/show_bug.cgi?id=121732
425
426         Reviewed by Geoffrey Garen.
427
428         This is a refactoring change.  Changed VirtualRegister from an enum to a class.
429         Moved Operands::operandIsArgument(), operandToArgument(), argumentToOperand()
430         and the similar functions for locals to VirtualRegister class.
431
432         This is in preparation for changing the offset for the first local register from
433         0 to -1.  This is needed since most native calling conventions have the architected
434         frame pointer (e.g. %rbp for X86) point at the slot that stores the previous frame
435         pointer.  Local values start below that address.
436
437         * bytecode/CodeBlock.cpp:
438         * bytecode/CodeBlock.h:
439         * bytecode/Instruction.h:
440         * bytecode/LazyOperandValueProfile.h:
441         * bytecode/MethodOfGettingAValueProfile.cpp:
442         * bytecode/Operands.h:
443         * bytecode/UnlinkedCodeBlock.cpp:
444         * bytecode/UnlinkedCodeBlock.h:
445         * bytecode/ValueRecovery.h:
446         * bytecode/VirtualRegister.h:
447         * bytecompiler/BytecodeGenerator.cpp:
448         * bytecompiler/BytecodeGenerator.h:
449         * bytecompiler/RegisterID.h:
450         * debugger/DebuggerCallFrame.cpp:
451         * dfg/DFGAbstractHeap.h:
452         * dfg/DFGAbstractInterpreterInlines.h:
453         * dfg/DFGArgumentPosition.h:
454         * dfg/DFGArgumentsSimplificationPhase.cpp:
455         * dfg/DFGByteCodeParser.cpp:
456         * dfg/DFGCFGSimplificationPhase.cpp:
457         * dfg/DFGCPSRethreadingPhase.cpp:
458         * dfg/DFGCapabilities.cpp:
459         * dfg/DFGConstantFoldingPhase.cpp:
460         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
461         * dfg/DFGGraph.cpp:
462         * dfg/DFGGraph.h:
463         * dfg/DFGJITCode.cpp:
464         * dfg/DFGNode.h:
465         * dfg/DFGOSREntry.cpp:
466         * dfg/DFGOSREntrypointCreationPhase.cpp:
467         * dfg/DFGOSRExit.h:
468         * dfg/DFGOSRExitCompiler32_64.cpp:
469         * dfg/DFGOSRExitCompiler64.cpp:
470         * dfg/DFGRegisterBank.h:
471         * dfg/DFGScoreBoard.h:
472         * dfg/DFGSpeculativeJIT.cpp:
473         * dfg/DFGSpeculativeJIT.h:
474         * dfg/DFGSpeculativeJIT32_64.cpp:
475         * dfg/DFGSpeculativeJIT64.cpp:
476         * dfg/DFGValidate.cpp:
477         * dfg/DFGValueRecoveryOverride.h:
478         * dfg/DFGVariableAccessData.h:
479         * dfg/DFGVariableEvent.h:
480         * dfg/DFGVariableEventStream.cpp:
481         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
482         * ftl/FTLExitArgumentForOperand.h:
483         * ftl/FTLLink.cpp:
484         * ftl/FTLLowerDFGToLLVM.cpp:
485         * ftl/FTLOSREntry.cpp:
486         * ftl/FTLOSRExit.cpp:
487         * ftl/FTLOSRExit.h:
488         * ftl/FTLOSRExitCompiler.cpp:
489         * interpreter/CallFrame.h:
490         * interpreter/Interpreter.cpp:
491         * jit/AssemblyHelpers.h:
492         * jit/JIT.h:
493         * jit/JITCall.cpp:
494         * jit/JITCall32_64.cpp:
495         * jit/JITInlines.h:
496         * jit/JITOpcodes.cpp:
497         * jit/JITOpcodes32_64.cpp:
498         * jit/JITPropertyAccess32_64.cpp:
499         * jit/JITStubs.cpp:
500         * llint/LLIntSlowPaths.cpp:
501         * profiler/ProfilerBytecodeSequence.cpp:
502         * runtime/CommonSlowPaths.cpp:
503         * runtime/JSActivation.cpp:
504
505 2013-09-26  Anders Carlsson  <andersca@apple.com>
506
507         Work around another MSVC bug.
508
509         * runtime/PrototypeMap.cpp:
510         (JSC::PrototypeMap::emptyObjectStructureForPrototype):
511
512 2013-09-26  Anders Carlsson  <andersca@apple.com>
513
514         Attempt to fix the FTL build.
515
516         * ftl/FTLAbstractHeap.cpp:
517         (JSC::FTL::IndexedAbstractHeap::atSlow):
518
519 2013-09-26  Andreas Kling  <akling@apple.com>
520
521         Pass VM instead of ExecState to many finishCreation() functions.
522         <https://webkit.org/b/121975>
523
524         Reviewed by Sam Weinig.
525
526         Reduce unnecessary loads by passing the VM to object creation
527         functions that don't need the ExecState.
528
529         There are tons of opportunities in this area, I'm just scratching
530         the surface.
531
532 2013-09-26  Commit Queue  <commit-queue@webkit.org>
533
534         Unreviewed, rolling out r156464 and r156480.
535         http://trac.webkit.org/changeset/156464
536         http://trac.webkit.org/changeset/156480
537         https://bugs.webkit.org/show_bug.cgi?id=121981
538
539         Leaking too much and killi\1cng buildbot. (Requested by xenon on
540         #webkit).
541
542         * bytecode/UnlinkedCodeBlock.cpp:
543         (JSC::UnlinkedFunctionExecutable::paramString):
544         * bytecompiler/BytecodeGenerator.cpp:
545         (JSC::BytecodeGenerator::BytecodeGenerator):
546         * bytecompiler/BytecodeGenerator.h:
547         (JSC::BytecodeGenerator::emitExpressionInfo):
548         * bytecompiler/NodesCodegen.cpp:
549         (JSC::ForInNode::emitBytecode):
550         (JSC::FuncExprNode::emitBytecode):
551         * parser/ASTBuilder.h:
552         (JSC::ASTBuilder::createFormalParameterList):
553         (JSC::ASTBuilder::createForInLoop):
554         (JSC::ASTBuilder::addVar):
555         * parser/NodeConstructors.h:
556         (JSC::CommaNode::CommaNode):
557         (JSC::ParameterNode::ParameterNode):
558         (JSC::ForInNode::ForInNode):
559         * parser/Nodes.cpp:
560         (JSC::FunctionParameters::create):
561         (JSC::FunctionParameters::FunctionParameters):
562         (JSC::FunctionParameters::~FunctionParameters):
563         * parser/Nodes.h:
564         (JSC::CommaNode::append):
565         (JSC::ParameterNode::ident):
566         (JSC::FunctionParameters::at):
567         (JSC::FunctionParameters::identifiers):
568         * parser/Parser.cpp:
569         (JSC::::Parser):
570         (JSC::::parseVarDeclaration):
571         (JSC::::parseVarDeclarationList):
572         (JSC::::parseForStatement):
573         (JSC::::parseFormalParameters):
574         (JSC::::parseAssignmentExpression):
575         * parser/Parser.h:
576         (JSC::Scope::declareParameter):
577         * parser/SyntaxChecker.h:
578         (JSC::SyntaxChecker::createFormalParameterList):
579         (JSC::SyntaxChecker::createForInLoop):
580         (JSC::SyntaxChecker::operatorStackPop):
581         * runtime/JSONObject.cpp:
582         * runtime/JSONObject.h:
583
584 2013-09-26  Anders Carlsson  <andersca@apple.com>
585
586         Try to fix the Windows build.
587
588         * jit/JITThunks.cpp:
589         (JSC::JITThunks::hostFunctionStub):
590         * jit/JITThunks.h:
591
592 2013-09-26  Anders Carlsson  <andersca@apple.com>
593
594         Change a couple of HashMap value types from OwnPtr to std::unique_ptr
595         https://bugs.webkit.org/show_bug.cgi?id=121973
596
597         Reviewed by Andreas Kling.
598
599         * API/JSClassRef.cpp:
600         (OpaqueJSClassContextData::OpaqueJSClassContextData):
601         (OpaqueJSClass::contextData):
602         * API/JSClassRef.h:
603         * bytecode/SamplingTool.h:
604         * ftl/FTLAbstractHeap.h:
605         * parser/Parser.cpp:
606         (JSC::::parseFunctionInfo):
607         * parser/SourceProviderCache.cpp:
608         (JSC::SourceProviderCache::add):
609         * parser/SourceProviderCache.h:
610         * parser/SourceProviderCacheItem.h:
611         (JSC::SourceProviderCacheItem::create):
612         * profiler/ProfilerCompilation.cpp:
613         (JSC::Profiler::Compilation::executionCounterFor):
614         (JSC::Profiler::Compilation::toJS):
615         * profiler/ProfilerCompilation.h:
616         * runtime/JSGlobalObject.h:
617
618 2013-09-26  Mark Lam  <mark.lam@apple.com>
619
620         Move DFG inline caching logic into jit/.
621         https://bugs.webkit.org/show_bug.cgi?id=121749.
622
623         Reviewed by Geoffrey Garen.
624
625         Relanding http://trac.webkit.org/changeset/156235 after rebasing to latest
626         revision and fixing build breakages on Windows.
627
628         * CMakeLists.txt:
629         * GNUmakefile.list.am:
630         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
631         * JavaScriptCore.xcodeproj/project.pbxproj:
632         * Target.pri:
633         * bytecode/CallLinkInfo.cpp:
634         (JSC::CallLinkInfo::unlink):
635         * bytecode/CodeBlock.cpp:
636         (JSC::CodeBlock::resetStubInternal):
637         * bytecode/StructureStubInfo.h:
638         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
639         (JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
640         (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
641         * dfg/DFGJITCompiler.h:
642         * dfg/DFGOSRExitCompiler.h:
643         * dfg/DFGOperations.cpp:
644         (JSC::DFG::operationPutByValInternal):
645         * dfg/DFGOperations.h:
646         (JSC::DFG::operationNewTypedArrayWithSizeForType):
647         (JSC::DFG::operationNewTypedArrayWithOneArgumentForType):
648         * dfg/DFGRegisterSet.h: Removed.
649         * dfg/DFGRepatch.cpp: Removed.
650         * dfg/DFGRepatch.h: Removed.
651         * dfg/DFGScratchRegisterAllocator.h: Removed.
652         * dfg/DFGSpeculativeJIT.cpp:
653         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
654         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
655         (JSC::DFG::SpeculativeJIT::compare):
656         * dfg/DFGSpeculativeJIT.h:
657         (JSC::DFG::SpeculativeJIT::callOperation):
658         * dfg/DFGSpeculativeJIT32_64.cpp:
659         (JSC::DFG::SpeculativeJIT::cachedPutById):
660         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
661         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
662         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
663         (JSC::DFG::SpeculativeJIT::compile):
664         * dfg/DFGSpeculativeJIT64.cpp:
665         (JSC::DFG::SpeculativeJIT::cachedPutById):
666         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
667         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
668         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
669         (JSC::DFG::SpeculativeJIT::compile):
670         * dfg/DFGThunks.cpp:
671         * dfg/DFGThunks.h:
672         * ftl/FTLIntrinsicRepository.h:
673         * ftl/FTLLowerDFGToLLVM.cpp:
674         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
675         * ftl/FTLOSRExitCompiler.h:
676         * jit/AssemblyHelpers.h:
677         (JSC::AssemblyHelpers::writeBarrier):
678         * jit/JIT.cpp:
679         (JSC::JIT::linkFor):
680         (JSC::JIT::linkSlowCall):
681         * jit/JITCall.cpp:
682         (JSC::JIT::compileCallEvalSlowCase):
683         (JSC::JIT::compileOpCallSlowCase):
684         (JSC::JIT::privateCompileClosureCall):
685         * jit/JITCall32_64.cpp:
686         (JSC::JIT::compileCallEvalSlowCase):
687         (JSC::JIT::compileOpCallSlowCase):
688         (JSC::JIT::privateCompileClosureCall):
689         * jit/JITOperationWrappers.h: Copied from Source/JavaScriptCore/jit/JITOperationWrappers.h.
690         * jit/JITOperations.cpp: Copied from Source/JavaScriptCore/jit/JITOperations.cpp.
691         (JSC::getHostCallReturnValueWithExecState):
692         * jit/JITOperations.h: Copied from Source/JavaScriptCore/jit/JITOperations.h.
693         * jit/RegisterSet.h: Copied from Source/JavaScriptCore/jit/RegisterSet.h.
694         * jit/Repatch.cpp: Copied from Source/JavaScriptCore/jit/Repatch.cpp.
695         (JSC::tryBuildGetByIDList):
696         * jit/Repatch.h: Copied from Source/JavaScriptCore/jit/Repatch.h.
697         * jit/ScratchRegisterAllocator.h: Copied from Source/JavaScriptCore/jit/ScratchRegisterAllocator.h.
698         * jit/ThunkGenerators.cpp:
699         (JSC::oldStyleGenerateSlowCaseFor):
700         (JSC::oldStyleLinkForGenerator):
701         (JSC::oldStyleLinkCallGenerator):
702         (JSC::oldStyleLinkConstructGenerator):
703         (JSC::oldStyleLinkClosureCallGenerator):
704         (JSC::oldStyleVirtualForGenerator):
705         (JSC::oldStyleVirtualCallGenerator):
706         (JSC::oldStyleVirtualConstructGenerator):
707         (JSC::emitPointerValidation):
708         (JSC::throwExceptionFromCallSlowPathGenerator):
709         (JSC::slowPathFor):
710         (JSC::linkForThunkGenerator):
711         (JSC::linkCallThunkGenerator):
712         (JSC::linkConstructThunkGenerator):
713         (JSC::linkClosureCallThunkGenerator):
714         (JSC::virtualForThunkGenerator):
715         (JSC::virtualCallThunkGenerator):
716         (JSC::virtualConstructThunkGenerator):
717         * jit/ThunkGenerators.h:
718
719 2013-09-26  Anders Carlsson  <andersca@apple.com>
720
721         Remove PassWeak.h
722         https://bugs.webkit.org/show_bug.cgi?id=121971
723
724         Reviewed by Geoffrey Garen.
725
726         * GNUmakefile.list.am:
727         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
728         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
729         * JavaScriptCore.xcodeproj/project.pbxproj:
730         * heap/PassWeak.h: Removed.
731         * heap/WeakInlines.h:
732
733 2013-09-26  Anders Carlsson  <andersca@apple.com>
734
735         Stop using PassWeak
736         https://bugs.webkit.org/show_bug.cgi?id=121968
737
738         Reviewed by Sam Weinig.
739
740         * heap/Weak.h:
741         Remove all knowledge of PassWeak.
742
743         (JSC::Weak::Weak):
744         These constructors don't need to be explicit.
745
746         * heap/WeakInlines.h:
747         (JSC::weakAdd):
748         Change Value to be an rvalue reference and use std::forward.
749
750         * jit/JITThunks.cpp:
751         (JSC::JITThunks::hostFunctionStub):
752         Remove PassWeak.
753
754         * runtime/RegExpCache.cpp:
755         (JSC::RegExpCache::lookupOrCreate):
756         Use Weak instead of PassWeak.
757
758         * runtime/SimpleTypedArrayController.cpp:
759         Change add and set to take Weak by value and std::move into place.
760
761         * runtime/WeakGCMap.h:
762         (JSC::WeakGCMap::get):
763         (JSC::WeakGCMap::set):
764         (JSC::WeakGCMap::add):
765
766 2013-09-26  Commit Queue  <commit-queue@webkit.org>
767
768         Unreviewed, rolling out r156474.
769         http://trac.webkit.org/changeset/156474
770         https://bugs.webkit.org/show_bug.cgi?id=121966
771
772         Broke the builds. (Requested by xenon on #webkit).
773
774         * bytecode/CodeBlock.cpp:
775         (JSC::CodeBlock::registerName):
776         (JSC::CodeBlock::dumpBytecode):
777         (JSC::CodeBlock::CodeBlock):
778         (JSC::CodeBlock::createActivation):
779         (JSC::CodeBlock::nameForRegister):
780         * bytecode/CodeBlock.h:
781         (JSC::unmodifiedArgumentsRegister):
782         (JSC::CodeBlock::isKnownNotImmediate):
783         (JSC::CodeBlock::setThisRegister):
784         (JSC::CodeBlock::thisRegister):
785         (JSC::CodeBlock::setArgumentsRegister):
786         (JSC::CodeBlock::argumentsRegister):
787         (JSC::CodeBlock::uncheckedArgumentsRegister):
788         (JSC::CodeBlock::setActivationRegister):
789         (JSC::CodeBlock::activationRegister):
790         (JSC::CodeBlock::uncheckedActivationRegister):
791         (JSC::CodeBlock::usesArguments):
792         (JSC::CodeBlock::isCaptured):
793         * bytecode/Instruction.h:
794         * bytecode/LazyOperandValueProfile.h:
795         (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey):
796         (JSC::LazyOperandValueProfileKey::operator!):
797         (JSC::LazyOperandValueProfileKey::hash):
798         (JSC::LazyOperandValueProfileKey::operand):
799         (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue):
800         (JSC::LazyOperandValueProfile::LazyOperandValueProfile):
801         * bytecode/MethodOfGettingAValueProfile.cpp:
802         (JSC::MethodOfGettingAValueProfile::fromLazyOperand):
803         (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
804         * bytecode/Operands.h:
805         (JSC::localToOperand):
806         (JSC::operandIsLocal):
807         (JSC::operandToLocal):
808         (JSC::operandIsArgument):
809         (JSC::operandToArgument):
810         (JSC::argumentToOperand):
811         (JSC::Operands::operand):
812         (JSC::Operands::hasOperand):
813         (JSC::Operands::setOperand):
814         (JSC::Operands::operandForIndex):
815         (JSC::Operands::setOperandFirstTime):
816         * bytecode/UnlinkedCodeBlock.cpp:
817         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
818         * bytecode/UnlinkedCodeBlock.h:
819         (JSC::UnlinkedCodeBlock::setThisRegister):
820         (JSC::UnlinkedCodeBlock::setActivationRegister):
821         (JSC::UnlinkedCodeBlock::setArgumentsRegister):
822         (JSC::UnlinkedCodeBlock::usesArguments):
823         (JSC::UnlinkedCodeBlock::argumentsRegister):
824         (JSC::UnlinkedCodeBlock::usesGlobalObject):
825         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister):
826         (JSC::UnlinkedCodeBlock::globalObjectRegister):
827         (JSC::UnlinkedCodeBlock::thisRegister):
828         (JSC::UnlinkedCodeBlock::activationRegister):
829         * bytecode/ValueRecovery.h:
830         (JSC::ValueRecovery::displacedInJSStack):
831         (JSC::ValueRecovery::virtualRegister):
832         (JSC::ValueRecovery::dumpInContext):
833         * bytecode/VirtualRegister.h:
834         (WTF::printInternal):
835         * bytecompiler/BytecodeGenerator.cpp:
836         (JSC::BytecodeGenerator::generate):
837         (JSC::BytecodeGenerator::addVar):
838         (JSC::BytecodeGenerator::BytecodeGenerator):
839         (JSC::BytecodeGenerator::createLazyRegisterIfNecessary):
840         (JSC::BytecodeGenerator::newRegister):
841         (JSC::BytecodeGenerator::emitLoadGlobalObject):
842         (JSC::BytecodeGenerator::emitGetArgumentsLength):
843         (JSC::BytecodeGenerator::emitGetArgumentByVal):
844         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
845         (JSC::BytecodeGenerator::emitReturn):
846         * bytecompiler/BytecodeGenerator.h:
847         (JSC::BytecodeGenerator::registerFor):
848         * bytecompiler/RegisterID.h:
849         (JSC::RegisterID::RegisterID):
850         (JSC::RegisterID::setIndex):
851         (JSC::RegisterID::index):
852         * debugger/DebuggerCallFrame.cpp:
853         (JSC::DebuggerCallFrame::thisObject):
854         * dfg/DFGAbstractHeap.h:
855         (JSC::DFG::AbstractHeap::Payload::Payload):
856         * dfg/DFGAbstractInterpreterInlines.h:
857         (JSC::DFG::::executeEffects):
858         (JSC::DFG::::clobberCapturedVars):
859         * dfg/DFGArgumentPosition.h:
860         (JSC::DFG::ArgumentPosition::dump):
861         * dfg/DFGArgumentsSimplificationPhase.cpp:
862         (JSC::DFG::ArgumentsSimplificationPhase::run):
863         (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
864         (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
865         * dfg/DFGByteCodeParser.cpp:
866         (JSC::DFG::ByteCodeParser::newVariableAccessData):
867         (JSC::DFG::ByteCodeParser::getDirect):
868         (JSC::DFG::ByteCodeParser::get):
869         (JSC::DFG::ByteCodeParser::setDirect):
870         (JSC::DFG::ByteCodeParser::set):
871         (JSC::DFG::ByteCodeParser::getLocal):
872         (JSC::DFG::ByteCodeParser::setLocal):
873         (JSC::DFG::ByteCodeParser::getArgument):
874         (JSC::DFG::ByteCodeParser::setArgument):
875         (JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
876         (JSC::DFG::ByteCodeParser::findArgumentPosition):
877         (JSC::DFG::ByteCodeParser::flush):
878         (JSC::DFG::ByteCodeParser::flushDirect):
879         (JSC::DFG::ByteCodeParser::getToInt32):
880         (JSC::DFG::ByteCodeParser::getThis):
881         (JSC::DFG::ByteCodeParser::addCall):
882         (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
883         (JSC::DFG::ByteCodeParser::handleCall):
884         (JSC::DFG::ByteCodeParser::emitFunctionChecks):
885         (JSC::DFG::ByteCodeParser::emitArgumentPhantoms):
886         (JSC::DFG::ByteCodeParser::handleInlining):
887         (JSC::DFG::ByteCodeParser::handleMinMax):
888         (JSC::DFG::ByteCodeParser::handleIntrinsic):
889         (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
890         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
891         (JSC::DFG::ByteCodeParser::handleGetByOffset):
892         (JSC::DFG::ByteCodeParser::handleGetById):
893         (JSC::DFG::ByteCodeParser::parseBlock):
894         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
895         (JSC::DFG::ByteCodeParser::parse):
896         * dfg/DFGCFGSimplificationPhase.cpp:
897         * dfg/DFGCPSRethreadingPhase.cpp:
898         (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocal):
899         (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocal):
900         (JSC::DFG::CPSRethreadingPhase::canonicalizeSetArgument):
901         * dfg/DFGCapabilities.cpp:
902         (JSC::DFG::capabilityLevel):
903         * dfg/DFGConstantFoldingPhase.cpp:
904         (JSC::DFG::ConstantFoldingPhase::isCapturedAtOrAfter):
905         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
906         (JSC::DFG::FlushLivenessAnalysisPhase::setForNode):
907         * dfg/DFGGraph.cpp:
908         (JSC::DFG::Graph::dump):
909         * dfg/DFGGraph.h:
910         (JSC::DFG::Graph::argumentsRegisterFor):
911         (JSC::DFG::Graph::uncheckedArgumentsRegisterFor):
912         (JSC::DFG::Graph::uncheckedActivationRegisterFor):
913         (JSC::DFG::Graph::valueProfileFor):
914         * dfg/DFGJITCode.cpp:
915         (JSC::DFG::JITCode::reconstruct):
916         * dfg/DFGNode.h:
917         (JSC::DFG::Node::Node):
918         (JSC::DFG::Node::convertToGetLocalUnlinked):
919         (JSC::DFG::Node::hasVirtualRegister):
920         (JSC::DFG::Node::virtualRegister):
921         (JSC::DFG::Node::setVirtualRegister):
922         * dfg/DFGOSREntry.cpp:
923         (JSC::DFG::prepareOSREntry):
924         * dfg/DFGOSREntrypointCreationPhase.cpp:
925         (JSC::DFG::OSREntrypointCreationPhase::run):
926         * dfg/DFGOSRExit.h:
927         * dfg/DFGOSRExitCompiler32_64.cpp:
928         (JSC::DFG::OSRExitCompiler::compileExit):
929         * dfg/DFGOSRExitCompiler64.cpp:
930         (JSC::DFG::OSRExitCompiler::compileExit):
931         * dfg/DFGRegisterBank.h:
932         (JSC::DFG::RegisterBank::tryAllocate):
933         (JSC::DFG::RegisterBank::allocateSpecific):
934         (JSC::DFG::RegisterBank::retain):
935         (JSC::DFG::RegisterBank::isInUse):
936         (JSC::DFG::RegisterBank::dump):
937         (JSC::DFG::RegisterBank::releaseAtIndex):
938         (JSC::DFG::RegisterBank::allocateInternal):
939         (JSC::DFG::RegisterBank::MapEntry::MapEntry):
940         * dfg/DFGScoreBoard.h:
941         (JSC::DFG::ScoreBoard::allocate):
942         (JSC::DFG::ScoreBoard::use):
943         * dfg/DFGSpeculativeJIT.cpp:
944         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
945         (JSC::DFG::SpeculativeJIT::checkConsistency):
946         (JSC::DFG::SpeculativeJIT::compileMovHint):
947         (JSC::DFG::SpeculativeJIT::compileInlineStart):
948         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
949         * dfg/DFGSpeculativeJIT.h:
950         (JSC::DFG::SpeculativeJIT::allocate):
951         (JSC::DFG::SpeculativeJIT::fprAllocate):
952         (JSC::DFG::SpeculativeJIT::silentSpillAllRegistersImpl):
953         (JSC::DFG::SpeculativeJIT::flushRegisters):
954         (JSC::DFG::SpeculativeJIT::isFlushed):
955         (JSC::DFG::SpeculativeJIT::argumentSlot):
956         (JSC::DFG::SpeculativeJIT::argumentTagSlot):
957         (JSC::DFG::SpeculativeJIT::argumentPayloadSlot):
958         (JSC::DFG::SpeculativeJIT::valueSourceForOperand):
959         (JSC::DFG::SpeculativeJIT::setNodeForOperand):
960         (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand):
961         (JSC::DFG::SpeculativeJIT::recordSetLocal):
962         (JSC::DFG::SpeculativeJIT::generationInfoFromVirtualRegister):
963         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
964         * dfg/DFGSpeculativeJIT64.cpp:
965         (JSC::DFG::SpeculativeJIT::compile):
966         * dfg/DFGValidate.cpp:
967         (JSC::DFG::Validate::validate):
968         (JSC::DFG::Validate::validateCPS):
969         (JSC::DFG::Validate::checkOperand):
970         (JSC::DFG::Validate::reportValidationContext):
971         * dfg/DFGValueRecoveryOverride.h:
972         (JSC::DFG::ValueRecoveryOverride::ValueRecoveryOverride):
973         * dfg/DFGVariableAccessData.h:
974         (JSC::DFG::VariableAccessData::operand):
975         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
976         (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
977         (JSC::DFG::VariableAccessData::flushFormat):
978         * dfg/DFGVariableEvent.h:
979         (JSC::DFG::VariableEvent::spill):
980         (JSC::DFG::VariableEvent::setLocal):
981         * dfg/DFGVariableEventStream.cpp:
982         (JSC::DFG::VariableEventStream::reconstruct):
983         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
984         (JSC::DFG::VirtualRegisterAllocationPhase::run):
985         * ftl/FTLExitArgumentForOperand.h:
986         (JSC::FTL::ExitArgumentForOperand::ExitArgumentForOperand):
987         (JSC::FTL::ExitArgumentForOperand::operand):
988         * ftl/FTLLink.cpp:
989         (JSC::FTL::link):
990         * ftl/FTLLowerDFGToLLVM.cpp:
991         (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
992         (JSC::FTL::LowerDFGToLLVM::compileGetArgument):
993         (JSC::FTL::LowerDFGToLLVM::compileExtractOSREntryLocal):
994         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
995         (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
996         (JSC::FTL::LowerDFGToLLVM::observeMovHint):
997         (JSC::FTL::LowerDFGToLLVM::addressFor):
998         (JSC::FTL::LowerDFGToLLVM::payloadFor):
999         (JSC::FTL::LowerDFGToLLVM::tagFor):
1000         * ftl/FTLOSREntry.cpp:
1001         (JSC::FTL::prepareOSREntry):
1002         * ftl/FTLOSRExit.cpp:
1003         (JSC::FTL::OSRExit::convertToForward):
1004         * ftl/FTLOSRExit.h:
1005         * ftl/FTLOSRExitCompiler.cpp:
1006         (JSC::FTL::compileStub):
1007         * interpreter/CallFrame.h:
1008         * interpreter/Interpreter.cpp:
1009         (JSC::Interpreter::dumpRegisters):
1010         (JSC::unwindCallFrame):
1011         (JSC::Interpreter::unwind):
1012         * jit/AssemblyHelpers.h:
1013         (JSC::AssemblyHelpers::addressFor):
1014         (JSC::AssemblyHelpers::tagFor):
1015         (JSC::AssemblyHelpers::payloadFor):
1016         (JSC::AssemblyHelpers::argumentsRegisterFor):
1017         * jit/JIT.h:
1018         * jit/JITCall.cpp:
1019         (JSC::JIT::compileLoadVarargs):
1020         * jit/JITInlines.h:
1021         (JSC::JIT::emitGetVirtualRegister):
1022         * jit/JITOpcodes.cpp:
1023         (JSC::JIT::emit_op_tear_off_arguments):
1024         (JSC::JIT::emit_op_get_pnames):
1025         (JSC::JIT::emit_op_enter):
1026         (JSC::JIT::emit_op_create_arguments):
1027         (JSC::JIT::emitSlow_op_get_argument_by_val):
1028         * jit/JITOpcodes32_64.cpp:
1029         (JSC::JIT::emit_op_enter):
1030         * jit/JITStubs.cpp:
1031         (JSC::DEFINE_STUB_FUNCTION):
1032         * llint/LLIntSlowPaths.cpp:
1033         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1034         * profiler/ProfilerBytecodeSequence.cpp:
1035         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
1036         * runtime/CommonSlowPaths.cpp:
1037         (JSC::SLOW_PATH_DECL):
1038         * runtime/JSActivation.cpp:
1039         (JSC::JSActivation::argumentsGetter):
1040
1041 2013-09-26  Oliver Hunt  <oliver@apple.com>
1042
1043         Attempt to fix MSVC build
1044
1045         * parser/Parser.cpp:
1046         (JSC::::createBindingPattern):
1047         (JSC::::parseDeconstructionPattern):
1048         * parser/Parser.h:
1049
1050 2013-09-26  Julien Brianceau  <jbriance@cisco.com>
1051
1052         [sh4] JSValue* exception is unused since r70703 in JITStackFrame.
1053         https://bugs.webkit.org/show_bug.cgi?id=121962
1054
1055         This is a cosmetic change, but it could avoid people reading sh4 part to
1056         waste time to understand why there is a JSValue* here.
1057
1058         Reviewed by Darin Adler.
1059
1060         * jit/JITStubs.h:
1061
1062 2013-09-26  Anders Carlsson  <andersca@apple.com>
1063
1064         WeakGCMap should not inherit from HashMap
1065         https://bugs.webkit.org/show_bug.cgi?id=121964
1066
1067         Reviewed by Geoffrey Garen.
1068
1069         Add the HashMap as a member variable instead and implement the missing member functions.
1070
1071         * runtime/WeakGCMap.h:
1072
1073 2013-09-25  Michael Saboff  <msaboff@apple.com>
1074
1075         VirtualRegister should be a class
1076         https://bugs.webkit.org/show_bug.cgi?id=121732
1077
1078         Reviewed by Geoffrey Garen.
1079
1080         This is a refactoring change.  Changed VirtualRegister from an enum to a class.
1081         Moved Operands::operandIsArgument(), operandToArgument(), argumentToOperand()
1082         and the similar functions for locals to VirtualRegister class.
1083
1084         This is in preparation for changing the offset for the first local register from
1085         0 to -1.  This is needed since most native calling conventions have the architected
1086         frame pointer (e.g. %rbp for X86) point at the slot that stores the previous frame
1087         pointer.  Local values start below that address.
1088
1089         * bytecode/CodeBlock.cpp:
1090         * bytecode/CodeBlock.h:
1091         * bytecode/Instruction.h:
1092         * bytecode/LazyOperandValueProfile.h:
1093         * bytecode/MethodOfGettingAValueProfile.cpp:
1094         * bytecode/Operands.h:
1095         * bytecode/UnlinkedCodeBlock.cpp:
1096         * bytecode/UnlinkedCodeBlock.h:
1097         * bytecode/ValueRecovery.h:
1098         * bytecode/VirtualRegister.h:
1099         * bytecompiler/BytecodeGenerator.cpp:
1100         * bytecompiler/BytecodeGenerator.h:
1101         * bytecompiler/RegisterID.h:
1102         * debugger/DebuggerCallFrame.cpp:
1103         * dfg/DFGAbstractHeap.h:
1104         * dfg/DFGAbstractInterpreterInlines.h:
1105         * dfg/DFGArgumentPosition.h:
1106         * dfg/DFGArgumentsSimplificationPhase.cpp:
1107         * dfg/DFGByteCodeParser.cpp:
1108         * dfg/DFGCFGSimplificationPhase.cpp:
1109         * dfg/DFGCPSRethreadingPhase.cpp:
1110         * dfg/DFGCapabilities.cpp:
1111         * dfg/DFGConstantFoldingPhase.cpp:
1112         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
1113         * dfg/DFGGraph.cpp:
1114         * dfg/DFGGraph.h:
1115         * dfg/DFGJITCode.cpp:
1116         * dfg/DFGNode.h:
1117         * dfg/DFGOSREntry.cpp:
1118         * dfg/DFGOSREntrypointCreationPhase.cpp:
1119         * dfg/DFGOSRExit.h:
1120         * dfg/DFGOSRExitCompiler32_64.cpp:
1121         * dfg/DFGOSRExitCompiler64.cpp:
1122         * dfg/DFGRegisterBank.h:
1123         * dfg/DFGScoreBoard.h:
1124         * dfg/DFGSpeculativeJIT.cpp:
1125         * dfg/DFGSpeculativeJIT.h:
1126         * dfg/DFGSpeculativeJIT64.cpp:
1127         * dfg/DFGValidate.cpp:
1128         * dfg/DFGValueRecoveryOverride.h:
1129         * dfg/DFGVariableAccessData.h:
1130         * dfg/DFGVariableEvent.h:
1131         * dfg/DFGVariableEventStream.cpp:
1132         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1133         * ftl/FTLExitArgumentForOperand.h:
1134         * ftl/FTLLink.cpp:
1135         * ftl/FTLLowerDFGToLLVM.cpp:
1136         * ftl/FTLOSREntry.cpp:
1137         * ftl/FTLOSRExit.cpp:
1138         * ftl/FTLOSRExit.h:
1139         * ftl/FTLOSRExitCompiler.cpp:
1140         * interpreter/CallFrame.h:
1141         * interpreter/Interpreter.cpp:
1142         * jit/AssemblyHelpers.h:
1143         * jit/JIT.h:
1144         * jit/JITCall.cpp:
1145         * jit/JITInlines.h:
1146         * jit/JITOpcodes.cpp:
1147         * jit/JITOpcodes32_64.cpp:
1148         * jit/JITStubs.cpp:
1149         * llint/LLIntSlowPaths.cpp:
1150         * profiler/ProfilerBytecodeSequence.cpp:
1151         * runtime/CommonSlowPaths.cpp:
1152         * runtime/JSActivation.cpp:
1153
1154 2013-09-26  Anders Carlsson  <andersca@apple.com>
1155
1156         Weak should have a move constructor and move assignment operator
1157         https://bugs.webkit.org/show_bug.cgi?id=121963
1158
1159         Reviewed by Oliver Hunt.
1160
1161         This is the first step towards getting rid of PassWeak.
1162
1163         * API/JSClassRef.cpp:
1164         (OpaqueJSClass::prototype):
1165         * heap/Weak.h:
1166         * heap/WeakInlines.h:
1167         (JSC::::Weak):
1168         (JSC::::leakImpl):
1169         * runtime/SimpleTypedArrayController.cpp:
1170         (JSC::SimpleTypedArrayController::toJS):
1171
1172 2013-09-26  Mark Hahnenberg  <mhahnenberg@apple.com>
1173
1174         op_to_this shouldn't use value profiling
1175         https://bugs.webkit.org/show_bug.cgi?id=121920
1176
1177         Reviewed by Geoffrey Garen.
1178
1179         Currently it's the only opcode that uses m_singletonValue, which is unnecessary. Our current plan is 
1180         to remove m_singletonValue so that GenGC can have a simpler story for handling CodeBlocks/FunctionExecutables 
1181         during nursery collections.
1182
1183         This patch adds an inline cache for the Structure of to_this so it no longer depends on the ValueProfile's
1184         m_singletonValue. Since nobody uses m_singletonValue now, this patch also removes m_singletonValue from
1185         ValueProfile.
1186
1187         * bytecode/CodeBlock.cpp:
1188         (JSC::CodeBlock::CodeBlock):
1189         (JSC::CodeBlock::finalizeUnconditionally):
1190         (JSC::CodeBlock::stronglyVisitStrongReferences):
1191         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
1192         (JSC::CodeBlock::updateAllValueProfilePredictions):
1193         (JSC::CodeBlock::updateAllPredictions):
1194         (JSC::CodeBlock::shouldOptimizeNow):
1195         * bytecode/CodeBlock.h:
1196         (JSC::CodeBlock::updateAllValueProfilePredictions):
1197         (JSC::CodeBlock::updateAllPredictions):
1198         * bytecode/LazyOperandValueProfile.cpp:
1199         (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
1200         * bytecode/LazyOperandValueProfile.h:
1201         * bytecode/ValueProfile.h:
1202         (JSC::ValueProfileBase::ValueProfileBase):
1203         (JSC::ValueProfileBase::briefDescription):
1204         (JSC::ValueProfileBase::dump):
1205         (JSC::ValueProfileBase::computeUpdatedPrediction):
1206         * bytecompiler/BytecodeGenerator.cpp:
1207         (JSC::BytecodeGenerator::BytecodeGenerator):
1208         * dfg/DFGByteCodeParser.cpp:
1209         (JSC::DFG::ByteCodeParser::parseBlock):
1210         * jit/JITOpcodes.cpp:
1211         (JSC::JIT::emit_op_to_this):
1212         (JSC::JIT::emitSlow_op_to_this):
1213         * jit/JITOpcodes32_64.cpp:
1214         (JSC::JIT::emit_op_to_this):
1215         (JSC::JIT::emitSlow_op_to_this):
1216         * llint/LowLevelInterpreter32_64.asm:
1217         * llint/LowLevelInterpreter64.asm:
1218         * runtime/CommonSlowPaths.cpp:
1219         (JSC::SLOW_PATH_DECL):
1220
1221 2013-09-25  Oliver Hunt  <oliver@apple.com>
1222
1223         Implement prefixed-destructuring assignment
1224         https://bugs.webkit.org/show_bug.cgi?id=121930
1225
1226         Reviewed by Mark Hahnenberg.
1227
1228         This is mostly simple - the semantics of deconstruction are already
1229         present in the language, so most of the complexity (if you call it
1230         that) is addition of new AST nodes, and parsing the syntax.
1231
1232         In order to get correct semantics for the parameter lists, FunctionParameters
1233         now needs to store refcounted references to the parameter patterns.
1234         There's also a little work to ensure that variable creation and assignment
1235         occurs in the correct order while the BytecodeGenerator is being constructed. 
1236
1237         * bytecode/UnlinkedCodeBlock.cpp:
1238         (JSC::UnlinkedFunctionExecutable::paramString):
1239         * bytecompiler/BytecodeGenerator.cpp:
1240         (JSC::BytecodeGenerator::BytecodeGenerator):
1241         * bytecompiler/BytecodeGenerator.h:
1242         (JSC::BytecodeGenerator::emitExpressionInfo):
1243         * bytecompiler/NodesCodegen.cpp:
1244         (JSC::ForInNode::emitBytecode):
1245         (JSC::DeconstructingAssignmentNode::emitBytecode):
1246         (JSC::DeconstructionPatternNode::~DeconstructionPatternNode):
1247         (JSC::ArrayPatternNode::emitBytecode):
1248         (JSC::ArrayPatternNode::emitDirectBinding):
1249         (JSC::ArrayPatternNode::toString):
1250         (JSC::ArrayPatternNode::collectBoundIdentifiers):
1251         (JSC::ObjectPatternNode::toString):
1252         (JSC::ObjectPatternNode::emitBytecode):
1253         (JSC::ObjectPatternNode::collectBoundIdentifiers):
1254         (JSC::BindingNode::emitBytecode):
1255         (JSC::BindingNode::toString):
1256         (JSC::BindingNode::collectBoundIdentifiers):
1257         * parser/ASTBuilder.h:
1258         (JSC::ASTBuilder::createFormalParameterList):
1259         (JSC::ASTBuilder::createForInLoop):
1260         (JSC::ASTBuilder::addVar):
1261         (JSC::ASTBuilder::createDeconstructingAssignment):
1262         (JSC::ASTBuilder::createArrayPattern):
1263         (JSC::ASTBuilder::appendArrayPatternSkipEntry):
1264         (JSC::ASTBuilder::appendArrayPatternEntry):
1265         (JSC::ASTBuilder::createObjectPattern):
1266         (JSC::ASTBuilder::appendObjectPatternEntry):
1267         (JSC::ASTBuilder::createBindingLocation):
1268         * parser/NodeConstructors.h:
1269         (JSC::CommaNode::CommaNode):
1270         (JSC::ParameterNode::ParameterNode):
1271         (JSC::ForInNode::ForInNode):
1272         (JSC::DeconstructionPatternNode::DeconstructionPatternNode):
1273         (JSC::ArrayPatternNode::ArrayPatternNode):
1274         (JSC::ArrayPatternNode::create):
1275         (JSC::ObjectPatternNode::ObjectPatternNode):
1276         (JSC::ObjectPatternNode::create):
1277         (JSC::BindingNode::create):
1278         (JSC::BindingNode::BindingNode):
1279         (JSC::DeconstructingAssignmentNode::DeconstructingAssignmentNode):
1280         * parser/Nodes.cpp:
1281         (JSC::FunctionParameters::create):
1282         (JSC::FunctionParameters::FunctionParameters):
1283         (JSC::FunctionParameters::~FunctionParameters):
1284         * parser/Nodes.h:
1285         (JSC::ExpressionNode::isDeconstructionNode):
1286         (JSC::ArrayNode::elements):
1287         (JSC::CommaNode::append):
1288         (JSC::ParameterNode::pattern):
1289         (JSC::FunctionParameters::at):
1290         (JSC::FunctionParameters::patterns):
1291         (JSC::DeconstructionPatternNode::isBindingNode):
1292         (JSC::DeconstructionPatternNode::emitDirectBinding):
1293         (JSC::ArrayPatternNode::appendIndex):
1294         (JSC::ObjectPatternNode::appendEntry):
1295         (JSC::ObjectPatternNode::Entry::Entry):
1296         (JSC::BindingNode::boundProperty):
1297         (JSC::BindingNode::isBindingNode):
1298         (JSC::DeconstructingAssignmentNode::bindings):
1299         (JSC::DeconstructingAssignmentNode::isLocation):
1300         (JSC::DeconstructingAssignmentNode::isDeconstructionNode):
1301         * parser/Parser.cpp:
1302         (JSC::::Parser):
1303         (JSC::::parseVarDeclaration):
1304         (JSC::::parseVarDeclarationList):
1305         (JSC::::createBindingPattern):
1306         (JSC::::parseDeconstructionPattern):
1307         (JSC::::parseForStatement):
1308         (JSC::::parseFormalParameters):
1309         (JSC::::parseAssignmentExpression):
1310         * parser/Parser.h:
1311         (JSC::Scope::declareBoundParameter):
1312         (JSC::Parser::declareBoundParameter):
1313         * parser/SyntaxChecker.h:
1314         (JSC::SyntaxChecker::createFormalParameterList):
1315         (JSC::SyntaxChecker::addVar):
1316         (JSC::SyntaxChecker::operatorStackPop):
1317         * runtime/JSONObject.cpp:
1318         (JSC::escapeStringToBuilder):
1319         * runtime/JSONObject.h:
1320
1321 2013-09-25  Brady Eidson  <beidson@apple.com>
1322
1323         Enable the IndexedDB build on Mac, but leave the feature non-functional
1324         https://bugs.webkit.org/show_bug.cgi?id=121918
1325
1326         Reviewed by Alexey Proskuryakov.
1327
1328         * Configurations/FeatureDefines.xcconfig:
1329
1330 2013-09-25  Commit Queue  <commit-queue@webkit.org>
1331
1332         Unreviewed, rolling out r156432.
1333         http://trac.webkit.org/changeset/156432
1334         https://bugs.webkit.org/show_bug.cgi?id=121932
1335
1336         some integer conversion things that need brady to fix
1337         (Requested by thorton on #webkit).
1338
1339         * Configurations/FeatureDefines.xcconfig:
1340
1341 2013-09-25  Anders Carlsson  <andersca@apple.com>
1342
1343         Move KeyValuePairTraits inside HashMap
1344         https://bugs.webkit.org/show_bug.cgi?id=121931
1345
1346         Reviewed by Sam Weinig.
1347
1348         * tools/ProfileTreeNode.h:
1349
1350 2013-09-25  Brady Eidson  <beidson@apple.com>
1351
1352         Enable the IndexedDB build on Mac, but leave the feature non-functional
1353         https://bugs.webkit.org/show_bug.cgi?id=121918
1354
1355         Reviewed by Alexey Proskuryakov.
1356
1357         * Configurations/FeatureDefines.xcconfig:
1358
1359 2013-09-25  Brady Eidson  <beidson@apple.com>
1360
1361         FeatureDefine.xcconfig cleanup (They should all be identical).
1362         https://bugs.webkit.org/show_bug.cgi?id=121921
1363
1364         Reviewed by Mark Rowe.
1365
1366         * Configurations/FeatureDefines.xcconfig:
1367
1368 2013-09-25  Patrick Gansterer  <paroga@webkit.org>
1369
1370         Build fix for WinCE after r155098.
1371
1372         Windows CE does not support getenv().
1373
1374         * jsc.cpp:
1375         (main):
1376
1377 2013-09-24  Mark Hahnenberg  <mhahnenberg@apple.com>
1378
1379         op_get_callee shouldn't use value profiling
1380         https://bugs.webkit.org/show_bug.cgi?id=121821
1381
1382         Reviewed by Filip Pizlo.
1383
1384         Currently it's one of the two opcodes that uses m_singletonValue, which is unnecessary. 
1385         Our current plan is to remove m_singletonValue so that GenGC can have a simpler story 
1386         for handling CodeBlocks/FunctionExecutables during nursery collections.
1387
1388         Instead of using a ValueProfile op_get_callee now has a simple inline cache of the most 
1389         recent JSFunction that we saw.
1390
1391         * bytecode/CodeBlock.cpp:
1392         (JSC::CodeBlock::CodeBlock):
1393         (JSC::CodeBlock::finalizeUnconditionally):
1394         * bytecompiler/BytecodeGenerator.cpp:
1395         (JSC::BytecodeGenerator::emitCreateThis):
1396         * dfg/DFGByteCodeParser.cpp:
1397         (JSC::DFG::ByteCodeParser::parseBlock):
1398         * jit/JIT.cpp:
1399         (JSC::JIT::privateCompileSlowCases):
1400         * jit/JIT.h:
1401         * jit/JITOpcodes.cpp:
1402         (JSC::JIT::emit_op_get_callee):
1403         (JSC::JIT::emitSlow_op_get_callee):
1404         * jit/JITOpcodes32_64.cpp:
1405         (JSC::JIT::emit_op_get_callee):
1406         (JSC::JIT::emitSlow_op_get_callee):
1407         * llint/LowLevelInterpreter32_64.asm:
1408         * llint/LowLevelInterpreter64.asm:
1409         * runtime/CommonSlowPaths.cpp:
1410         (JSC::SLOW_PATH_DECL):
1411         * runtime/CommonSlowPaths.h:
1412
1413 2013-09-24  Mark Lam  <mark.lam@apple.com>
1414
1415         Change JSC debug hooks to pass a CallFrame* instead of a DebuggerCallFrame.
1416         https://bugs.webkit.org/show_bug.cgi?id=121867.
1417
1418         Reviewed by Geoffrey Garen.
1419
1420         1. Removed the need for passing the line and column info to the debug hook
1421            callbacks. We now get the line and column info from the CallFrame.
1422
1423         2. Simplify BytecodeGenerator::emitDebugHook() to only take 1 line number
1424            argument. The caller can determine whether to pass in the first or last
1425            line number of the block of source code as appropriate.
1426            Note: we still need to pass in the line and column info to emitDebugHook()
1427            because it uses this info to emit expression info which is later used by
1428            the StackVisitor to determine the line and column info for its "pc".
1429
1430         3. Pass the exceptionValue explicitly to the exception() debug hook
1431            callback. It should not be embedded in the CallFrame / DebuggerCallFrame.
1432
1433         4. Change the op_debug opcode size to 2 (from 5) since we've removing 3 arg
1434            values. Update the LLINT and JIT code to handle this.
1435
1436         * bytecode/CodeBlock.cpp:
1437         (JSC::CodeBlock::dumpBytecode):
1438         (JSC::CodeBlock::CodeBlock):
1439         * bytecode/Opcode.h:
1440         (JSC::padOpcodeName):
1441         * bytecompiler/BytecodeGenerator.cpp:
1442         (JSC::BytecodeGenerator::emitDebugHook):
1443         * bytecompiler/BytecodeGenerator.h:
1444         * bytecompiler/NodesCodegen.cpp:
1445         (JSC::ConstStatementNode::emitBytecode):
1446         (JSC::EmptyStatementNode::emitBytecode):
1447         (JSC::DebuggerStatementNode::emitBytecode):
1448         (JSC::ExprStatementNode::emitBytecode):
1449         (JSC::VarStatementNode::emitBytecode):
1450         (JSC::IfElseNode::emitBytecode):
1451         (JSC::DoWhileNode::emitBytecode):
1452         (JSC::WhileNode::emitBytecode):
1453         (JSC::ForNode::emitBytecode):
1454         (JSC::ForInNode::emitBytecode):
1455         (JSC::ContinueNode::emitBytecode):
1456         (JSC::BreakNode::emitBytecode):
1457         (JSC::ReturnNode::emitBytecode):
1458         (JSC::WithNode::emitBytecode):
1459         (JSC::SwitchNode::emitBytecode):
1460         (JSC::LabelNode::emitBytecode):
1461         (JSC::ThrowNode::emitBytecode):
1462         (JSC::TryNode::emitBytecode):
1463         (JSC::ProgramNode::emitBytecode):
1464         (JSC::EvalNode::emitBytecode):
1465         (JSC::FunctionBodyNode::emitBytecode):
1466         * debugger/Debugger.h:
1467         * debugger/DebuggerCallFrame.cpp:
1468         (JSC::LineAndColumnFunctor::operator()):
1469         (JSC::LineAndColumnFunctor::line):
1470         (JSC::LineAndColumnFunctor::column):
1471         (JSC::DebuggerCallFrame::DebuggerCallFrame):
1472         (JSC::DebuggerCallFrame::clear):
1473         * debugger/DebuggerCallFrame.h:
1474         (JSC::DebuggerCallFrame::line):
1475         (JSC::DebuggerCallFrame::column):
1476         * interpreter/Interpreter.cpp:
1477         (JSC::unwindCallFrame):
1478         (JSC::UnwindFunctor::UnwindFunctor):
1479         (JSC::UnwindFunctor::operator()):
1480         (JSC::Interpreter::unwind):
1481         (JSC::Interpreter::debug):
1482         * interpreter/Interpreter.h:
1483         * jit/JITOpcodes.cpp:
1484         (JSC::JIT::emit_op_debug):
1485         * jit/JITOpcodes32_64.cpp:
1486         (JSC::JIT::emit_op_debug):
1487         * jit/JITStubs.cpp:
1488         (JSC::DEFINE_STUB_FUNCTION):
1489         * llint/LLIntSlowPaths.cpp:
1490         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1491         * llint/LowLevelInterpreter.asm:
1492
1493 2013-09-24  Filip Pizlo  <fpizlo@apple.com>
1494
1495         Crashing under JSC::DFG::SpeculativeJIT::spill visiting citicards.com
1496         https://bugs.webkit.org/show_bug.cgi?id=121844
1497
1498         Reviewed by Mark Hahnenberg.
1499         
1500         Fix some int52 bugs that caused this.
1501
1502         * bytecode/ValueRecovery.h:
1503         (JSC::ValueRecovery::dumpInContext): There's no such thing as int53.
1504         * dfg/DFGSpeculativeJIT.h:
1505         (JSC::DFG::SpeculativeJIT::spill): Actually spill int52's, instead of hitting an assert and crashing.
1506         * dfg/DFGSpeculativeJIT64.cpp:
1507         (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal): Use the right format (from before when we clobber it).
1508
1509 2013-09-24  Mark Rowe  <mrowe@apple.com>
1510
1511         <rdar://problem/14971518> WebKit should build against the Xcode default toolchain when targeting OS X 10.8
1512
1513         Reviewed by Dan Bernstein.
1514
1515         * Configurations/Base.xcconfig:
1516
1517 2013-09-23  Patrick Gansterer  <paroga@webkit.org>
1518
1519         use NOMINMAX instead of #define min min
1520         https://bugs.webkit.org/show_bug.cgi?id=73563
1521
1522         Reviewed by Brent Fulgham.
1523
1524         Use NOMINMAX instead of #define min/max as a cleaner
1525         way of ensuring that Windows system header files don't
1526         define min/max as macro in the first place.
1527
1528         * config.h:
1529
1530 2013-09-23  Filip Pizlo  <fpizlo@apple.com>
1531
1532         Never use ReturnPC for exception handling and quit using exception check indices as a lame replica of the CodeOrigin index
1533         https://bugs.webkit.org/show_bug.cgi?id=121734
1534
1535         Reviewed by Mark Hahnenberg.
1536         
1537         Exception handling can deduce where the exception was thrown from by looking at the
1538         code origin that was stored into the call frame header. There is no need to pass any
1539         additional meta-data into the exception throwing logic. But the DFG was still doing it
1540         anyway.
1541         
1542         This removes all of the logic to pass extra meta-data into lookupExceptionHandler()
1543         and friends. It simplifies a lot of code.
1544
1545         * CMakeLists.txt:
1546         * GNUmakefile.list.am:
1547         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1548         * JavaScriptCore.xcodeproj/project.pbxproj:
1549         * Target.pri:
1550         * bytecode/CodeBlock.cpp:
1551         (JSC::CodeBlock::shrinkToFit):
1552         * bytecode/CodeBlock.h:
1553         (JSC::CodeBlock::codeOrigins):
1554         (JSC::CodeBlock::hasCodeOrigins):
1555         (JSC::CodeBlock::canGetCodeOrigin):
1556         (JSC::CodeBlock::codeOrigin):
1557         * bytecode/CodeOrigin.h:
1558         (JSC::InlineCallFrame::InlineCallFrame):
1559         * bytecode/InlineCallFrameSet.cpp: Added.
1560         (JSC::InlineCallFrameSet::InlineCallFrameSet):
1561         (JSC::InlineCallFrameSet::~InlineCallFrameSet):
1562         (JSC::InlineCallFrameSet::add):
1563         (JSC::InlineCallFrameSet::shrinkToFit):
1564         * bytecode/InlineCallFrameSet.h: Added.
1565         (JSC::InlineCallFrameSet::isEmpty):
1566         (JSC::InlineCallFrameSet::size):
1567         (JSC::InlineCallFrameSet::at):
1568         * dfg/DFGArgumentsSimplificationPhase.cpp:
1569         (JSC::DFG::ArgumentsSimplificationPhase::run):
1570         * dfg/DFGByteCodeParser.cpp:
1571         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1572         * dfg/DFGCommonData.cpp:
1573         (JSC::DFG::CommonData::addCodeOrigin):
1574         (JSC::DFG::CommonData::shrinkToFit):
1575         * dfg/DFGCommonData.h:
1576         * dfg/DFGDesiredWriteBarriers.cpp:
1577         (JSC::DFG::DesiredWriteBarrier::DesiredWriteBarrier):
1578         (JSC::DFG::DesiredWriteBarrier::trigger):
1579         * dfg/DFGDesiredWriteBarriers.h:
1580         (JSC::DFG::DesiredWriteBarriers::add):
1581         (JSC::DFG::initializeLazyWriteBarrierForInlineCallFrameExecutable):
1582         (JSC::DFG::initializeLazyWriteBarrierForInlineCallFrameCallee):
1583         * dfg/DFGGraph.cpp:
1584         (JSC::DFG::Graph::Graph):
1585         * dfg/DFGGraph.h:
1586         * dfg/DFGJITCompiler.cpp:
1587         (JSC::DFG::JITCompiler::JITCompiler):
1588         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1589         (JSC::DFG::JITCompiler::link):
1590         (JSC::DFG::JITCompiler::compileFunction):
1591         * dfg/DFGJITCompiler.h:
1592         (JSC::DFG::JITCompiler::emitStoreCodeOrigin):
1593         (JSC::DFG::JITCompiler::exceptionCheck):
1594         (JSC::DFG::JITCompiler::fastExceptionCheck):
1595         * dfg/DFGOperations.cpp:
1596         * dfg/DFGOperations.h:
1597         * dfg/DFGRepatch.cpp:
1598         (JSC::DFG::tryBuildGetByIDList):
1599         * dfg/DFGSpeculativeJIT.h:
1600         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
1601         (JSC::DFG::SpeculativeJIT::appendCallSetResult):
1602         (JSC::DFG::SpeculativeJIT::appendCall):
1603         * dfg/DFGSpeculativeJIT32_64.cpp:
1604         (JSC::DFG::SpeculativeJIT::emitCall):
1605         * dfg/DFGSpeculativeJIT64.cpp:
1606         (JSC::DFG::SpeculativeJIT::emitCall):
1607         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1608         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1609         * ftl/FTLLowerDFGToLLVM.cpp:
1610         (JSC::FTL::LowerDFGToLLVM::callPreflight):
1611         * jit/AssemblyHelpers.h:
1612         (JSC::AssemblyHelpers::emitExceptionCheck):
1613
1614 2013-09-23  Oliver Hunt  <oliver@apple.com>
1615
1616         CodeLoad performance regression
1617
1618         Reviewed by Filip Pizlo.
1619
1620         Temporarily remove the ExpressionInfo compression until we can
1621         work out how to make it not clobber performance.
1622
1623         * bytecode/UnlinkedCodeBlock.cpp:
1624         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset):
1625         (JSC::UnlinkedCodeBlock::addExpressionInfo):
1626         * bytecode/UnlinkedCodeBlock.h:
1627
1628 2013-09-23  Patrick Gansterer  <paroga@webkit.org>
1629
1630         Cleanup CMake files in JavaScriptCore
1631         https://bugs.webkit.org/show_bug.cgi?id=121762
1632
1633         Reviewed by Gyuyoung Kim.
1634
1635         Sort files and unify style.
1636
1637         * CMakeLists.txt:
1638         * shell/CMakeLists.txt:
1639         * shell/PlatformBlackBerry.cmake:
1640         * shell/PlatformEfl.cmake:
1641
1642 2013-09-22  Filip Pizlo  <fpizlo@apple.com>
1643
1644         Get rid of CodeBlock::RareData::callReturnIndexVector and most of the evil that it introduced
1645         https://bugs.webkit.org/show_bug.cgi?id=121766
1646
1647         Reviewed by Andreas Kling.
1648
1649         * bytecode/CodeBlock.cpp:
1650         (JSC::CodeBlock::shrinkToFit):
1651         * bytecode/CodeBlock.h:
1652         * dfg/DFGJITCompiler.cpp:
1653         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1654         (JSC::DFG::JITCompiler::link):
1655         * jit/JIT.cpp:
1656         (JSC::JIT::privateCompile):
1657
1658 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
1659
1660         Interpreter::unwind() has no need for the bytecodeOffset
1661         https://bugs.webkit.org/show_bug.cgi?id=121755
1662
1663         Reviewed by Oliver Hunt.
1664         
1665         It was only using the bytecodeOffset for some debugger stuff, but the debugger could
1666         just get the bytecodeOffset the same way the rest of the machinery does: by using the
1667         CallFrame's location.
1668         
1669         It turns out that a lot of really ugly code was in place just to supply this
1670         bytecodeOffset. This patch kills most of that code, and allows us to kill even more
1671         code in a future patch - though most likely that killage will involve further
1672         refactorings as well, see https://bugs.webkit.org/show_bug.cgi?id=121734.
1673
1674         * dfg/DFGOperations.cpp:
1675         * interpreter/CallFrame.cpp:
1676         (JSC::CallFrame::bytecodeOffset):
1677         (JSC::CallFrame::codeOrigin):
1678         * interpreter/CallFrame.h:
1679         * interpreter/Interpreter.cpp:
1680         (JSC::Interpreter::unwind):
1681         * interpreter/Interpreter.h:
1682         * jit/JITExceptions.cpp:
1683         (JSC::genericUnwind):
1684         * jit/JITExceptions.h:
1685         * jit/JITStubs.cpp:
1686         (JSC::DEFINE_STUB_FUNCTION):
1687         (JSC::cti_vm_handle_exception):
1688         * llint/LLIntExceptions.cpp:
1689         (JSC::LLInt::doThrow):
1690         (JSC::LLInt::returnToThrow):
1691         (JSC::LLInt::callToThrow):
1692         * llint/LLIntExceptions.h:
1693         * llint/LLIntSlowPaths.cpp:
1694         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1695         * runtime/CommonSlowPaths.cpp:
1696         (JSC::SLOW_PATH_DECL):
1697         * runtime/CommonSlowPathsExceptions.cpp:
1698         (JSC::CommonSlowPaths::interpreterThrowInCaller):
1699         * runtime/CommonSlowPathsExceptions.h:
1700
1701 2013-09-21  Darin Adler  <darin@apple.com>
1702
1703         Add ExecState::uncheckedArgument and use where possible to shrink a bit
1704         https://bugs.webkit.org/show_bug.cgi?id=121750
1705
1706         Reviewed by Andreas Kling.
1707
1708         * interpreter/CallFrame.h:
1709         (JSC::ExecState::uncheckedArgument): Added. Like argument, but with an
1710         assertion rather than a runtime check.
1711
1712         * API/APICallbackFunction.h:
1713         (JSC::APICallbackFunction::call): Use uncheckedArgument because we are
1714         already in a loop over arguments, so don't need a range check.
1715         * API/JSCallbackConstructor.cpp:
1716         (JSC::constructJSCallback): Ditto.
1717         * API/JSCallbackObjectFunctions.h:
1718         (JSC::JSCallbackObject::construct): Ditto.
1719         (JSC::JSCallbackObject::call): Ditto.
1720         * jsc.cpp:
1721         (functionPrint): Ditto.
1722         (functionRun): Ditto.
1723         (functionSetSamplingFlags): Ditto.
1724         (functionClearSamplingFlags): Ditto.
1725         * runtime/ArrayPrototype.cpp:
1726         (JSC::arrayProtoFuncConcat): Ditto.
1727         (JSC::arrayProtoFuncPush): Use uncheckedArgument because there is already
1728         code that explicitly checks argumentCount.
1729         (JSC::arrayProtoFuncSplice): Ditto.
1730         (JSC::arrayProtoFuncUnShift): Ditto.
1731         (JSC::arrayProtoFuncReduce): Ditto.
1732         (JSC::arrayProtoFuncReduceRight): Ditto.
1733         (JSC::arrayProtoFuncLastIndexOf): Ditto.
1734         * runtime/DatePrototype.cpp:
1735         (JSC::fillStructuresUsingTimeArgs): Ditto.
1736         (JSC::fillStructuresUsingDateArgs): Ditto.
1737         * runtime/JSArrayBufferConstructor.cpp:
1738         (JSC::constructArrayBuffer): Ditto.
1739         * runtime/JSArrayBufferPrototype.cpp:
1740         (JSC::arrayBufferProtoFuncSlice): Ditto.
1741         * runtime/JSBoundFunction.cpp:
1742         (JSC::boundFunctionCall): Ditto.
1743         (JSC::boundFunctionConstruct): Ditto.
1744         * runtime/JSDataViewPrototype.cpp:
1745         (JSC::getData): Ditto.
1746         (JSC::setData): Ditto.
1747         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
1748         (JSC::constructGenericTypedArrayView): Ditto.
1749         * runtime/JSGenericTypedArrayViewPrototypeInlines.h:
1750         (JSC::genericTypedArrayViewProtoFuncSet): Ditto.
1751         (JSC::genericTypedArrayViewProtoFuncSubarray): Ditto.
1752         * runtime/JSONObject.cpp:
1753         (JSC::JSONProtoFuncParse): Ditto.
1754         (JSC::JSONProtoFuncStringify): Ditto.
1755         * runtime/JSPromiseConstructor.cpp:
1756         (JSC::constructPromise): Ditto.
1757         (JSC::JSPromiseConstructorFuncFulfill): Ditto.
1758         (JSC::JSPromiseConstructorFuncResolve): Ditto.
1759         (JSC::JSPromiseConstructorFuncReject): Ditto.
1760         * runtime/MathObject.cpp:
1761         (JSC::mathProtoFuncMax): Ditto.
1762         (JSC::mathProtoFuncMin): Ditto.
1763
1764         * runtime/NameConstructor.cpp:
1765         (JSC::constructPrivateName): Removed unneeded check of argumentCout
1766         that simply repeats what argument already does.
1767         * runtime/NativeErrorConstructor.cpp:
1768         (JSC::Interpreter::constructWithNativeErrorConstructor): Ditto.
1769         (JSC::Interpreter::callNativeErrorConstructor): Ditto.
1770
1771         * runtime/NumberConstructor.cpp:
1772         (JSC::constructWithNumberConstructor): Use uncheckedArgument since
1773         there is already code that explicitly checks argument count.
1774         (JSC::callNumberConstructor): Ditto.
1775
1776         * runtime/ObjectConstructor.cpp:
1777         (JSC::objectConstructorCreate): Small refactoring to not call argument(0)
1778         three times.
1779
1780         * runtime/SetConstructor.cpp:
1781         (JSC::constructSet): Use uncheckedArgument since we are already in a loop
1782         over arguments.
1783
1784         * runtime/StringConstructor.cpp:
1785         (JSC::stringFromCharCodeSlowCase): In a loop.
1786         (JSC::stringFromCharCode): Already checked count.
1787         (JSC::constructWithStringConstructor): Ditto.
1788         (JSC::callStringConstructor): Ditto.
1789         * runtime/StringPrototype.cpp:
1790         (JSC::stringProtoFuncConcat): Already checked count.
1791         * runtime/TestRunnerUtils.cpp:
1792         (JSC::numberOfDFGCompiles): Ditto.
1793         (JSC::setNeverInline): Ditto.
1794
1795 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
1796
1797         Remove the notion that a CallFrame can have a pointer to an InlineCallFrame, since that doesn't happen anymore
1798         https://bugs.webkit.org/show_bug.cgi?id=121753
1799
1800         Reviewed by Darin Adler.
1801
1802         * interpreter/CallFrame.cpp:
1803         (JSC::CallFrame::bytecodeOffsetFromCodeOriginIndex):
1804         * interpreter/CallFrame.h:
1805         * interpreter/Register.h:
1806
1807 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
1808
1809         Unreviewed, fix the revert.
1810
1811         * dfg/DFGRepatch.cpp:
1812
1813 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
1814
1815         Unreviewed, revert http://trac.webkit.org/changeset/156235. It won't work on Windows.
1816
1817         * CMakeLists.txt:
1818         * GNUmakefile.list.am:
1819         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1820         * JavaScriptCore.xcodeproj/project.pbxproj:
1821         * Target.pri:
1822         * bytecode/CallLinkInfo.cpp:
1823         (JSC::CallLinkInfo::unlink):
1824         * bytecode/CodeBlock.cpp:
1825         (JSC::CodeBlock::resetStubInternal):
1826         * bytecode/StructureStubInfo.h:
1827         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
1828         (JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
1829         (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
1830         * dfg/DFGJITCompiler.h:
1831         * dfg/DFGOSRExitCompiler.h:
1832         * dfg/DFGOperations.cpp:
1833         (JSC::DFG::operationPutByValInternal):
1834         * dfg/DFGOperations.h:
1835         (JSC::DFG::operationNewTypedArrayWithSizeForType):
1836         (JSC::DFG::operationNewTypedArrayWithOneArgumentForType):
1837         * dfg/DFGRegisterSet.h: Added.
1838         (JSC::DFG::RegisterSet::RegisterSet):
1839         (JSC::DFG::RegisterSet::asPOD):
1840         (JSC::DFG::RegisterSet::copyInfo):
1841         (JSC::DFG::RegisterSet::set):
1842         (JSC::DFG::RegisterSet::setGPRByIndex):
1843         (JSC::DFG::RegisterSet::clear):
1844         (JSC::DFG::RegisterSet::get):
1845         (JSC::DFG::RegisterSet::getGPRByIndex):
1846         (JSC::DFG::RegisterSet::getFreeGPR):
1847         (JSC::DFG::RegisterSet::setFPRByIndex):
1848         (JSC::DFG::RegisterSet::getFPRByIndex):
1849         (JSC::DFG::RegisterSet::setByIndex):
1850         (JSC::DFG::RegisterSet::getByIndex):
1851         (JSC::DFG::RegisterSet::numberOfSetGPRs):
1852         (JSC::DFG::RegisterSet::numberOfSetFPRs):
1853         (JSC::DFG::RegisterSet::numberOfSetRegisters):
1854         (JSC::DFG::RegisterSet::setBit):
1855         (JSC::DFG::RegisterSet::clearBit):
1856         (JSC::DFG::RegisterSet::getBit):
1857         * dfg/DFGRepatch.cpp: Added.
1858         (JSC::DFG::repatchCall):
1859         (JSC::DFG::repatchByIdSelfAccess):
1860         (JSC::DFG::addStructureTransitionCheck):
1861         (JSC::DFG::replaceWithJump):
1862         (JSC::DFG::emitRestoreScratch):
1863         (JSC::DFG::linkRestoreScratch):
1864         (JSC::DFG::generateProtoChainAccessStub):
1865         (JSC::DFG::tryCacheGetByID):
1866         (JSC::DFG::repatchGetByID):
1867         (JSC::DFG::getPolymorphicStructureList):
1868         (JSC::DFG::patchJumpToGetByIdStub):
1869         (JSC::DFG::tryBuildGetByIDList):
1870         (JSC::DFG::buildGetByIDList):
1871         (JSC::DFG::appropriateGenericPutByIdFunction):
1872         (JSC::DFG::appropriateListBuildingPutByIdFunction):
1873         (JSC::DFG::emitPutReplaceStub):
1874         (JSC::DFG::emitPutTransitionStub):
1875         (JSC::DFG::tryCachePutByID):
1876         (JSC::DFG::repatchPutByID):
1877         (JSC::DFG::tryBuildPutByIdList):
1878         (JSC::DFG::buildPutByIdList):
1879         (JSC::DFG::tryRepatchIn):
1880         (JSC::DFG::repatchIn):
1881         (JSC::DFG::linkSlowFor):
1882         (JSC::DFG::linkFor):
1883         (JSC::DFG::linkClosureCall):
1884         (JSC::DFG::resetGetByID):
1885         (JSC::DFG::resetPutByID):
1886         (JSC::DFG::resetIn):
1887         * dfg/DFGRepatch.h: Added.
1888         (JSC::DFG::resetGetByID):
1889         (JSC::DFG::resetPutByID):
1890         (JSC::DFG::resetIn):
1891         * dfg/DFGScratchRegisterAllocator.h: Added.
1892         (JSC::DFG::ScratchRegisterAllocator::ScratchRegisterAllocator):
1893         (JSC::DFG::ScratchRegisterAllocator::lock):
1894         (JSC::DFG::ScratchRegisterAllocator::allocateScratch):
1895         (JSC::DFG::ScratchRegisterAllocator::allocateScratchGPR):
1896         (JSC::DFG::ScratchRegisterAllocator::allocateScratchFPR):
1897         (JSC::DFG::ScratchRegisterAllocator::didReuseRegisters):
1898         (JSC::DFG::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
1899         (JSC::DFG::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
1900         (JSC::DFG::ScratchRegisterAllocator::desiredScratchBufferSize):
1901         (JSC::DFG::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
1902         (JSC::DFG::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
1903         * dfg/DFGSpeculativeJIT.cpp:
1904         (JSC::DFG::SpeculativeJIT::writeBarrier):
1905         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
1906         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
1907         (JSC::DFG::SpeculativeJIT::compare):
1908         * dfg/DFGSpeculativeJIT.h:
1909         (JSC::DFG::SpeculativeJIT::callOperation):
1910         * dfg/DFGSpeculativeJIT32_64.cpp:
1911         (JSC::DFG::SpeculativeJIT::cachedPutById):
1912         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
1913         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
1914         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
1915         (JSC::DFG::SpeculativeJIT::compile):
1916         * dfg/DFGSpeculativeJIT64.cpp:
1917         (JSC::DFG::SpeculativeJIT::cachedPutById):
1918         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
1919         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
1920         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
1921         (JSC::DFG::SpeculativeJIT::compile):
1922         * dfg/DFGThunks.cpp:
1923         (JSC::DFG::emitPointerValidation):
1924         (JSC::DFG::throwExceptionFromCallSlowPathGenerator):
1925         (JSC::DFG::slowPathFor):
1926         (JSC::DFG::linkForThunkGenerator):
1927         (JSC::DFG::linkCallThunkGenerator):
1928         (JSC::DFG::linkConstructThunkGenerator):
1929         (JSC::DFG::linkClosureCallThunkGenerator):
1930         (JSC::DFG::virtualForThunkGenerator):
1931         (JSC::DFG::virtualCallThunkGenerator):
1932         (JSC::DFG::virtualConstructThunkGenerator):
1933         * dfg/DFGThunks.h:
1934         * ftl/FTLIntrinsicRepository.h:
1935         * ftl/FTLLowerDFGToLLVM.cpp:
1936         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
1937         * ftl/FTLOSRExitCompiler.h:
1938         * jit/AssemblyHelpers.h:
1939         * jit/JIT.cpp:
1940         (JSC::JIT::linkFor):
1941         (JSC::JIT::linkSlowCall):
1942         * jit/JITCall.cpp:
1943         (JSC::JIT::compileCallEvalSlowCase):
1944         (JSC::JIT::compileOpCallSlowCase):
1945         (JSC::JIT::privateCompileClosureCall):
1946         * jit/JITCall32_64.cpp:
1947         (JSC::JIT::compileCallEvalSlowCase):
1948         (JSC::JIT::compileOpCallSlowCase):
1949         (JSC::JIT::privateCompileClosureCall):
1950         * jit/JITOperationWrappers.h: Removed.
1951         * jit/JITOperations.cpp: Removed.
1952         * jit/JITOperations.h: Removed.
1953         * jit/RegisterSet.h: Removed.
1954         * jit/Repatch.cpp: Removed.
1955         * jit/Repatch.h: Removed.
1956         * jit/ScratchRegisterAllocator.h: Removed.
1957         * jit/ThunkGenerators.cpp:
1958         (JSC::generateSlowCaseFor):
1959         (JSC::linkForGenerator):
1960         (JSC::linkCallGenerator):
1961         (JSC::linkConstructGenerator):
1962         (JSC::linkClosureCallGenerator):
1963         (JSC::virtualForGenerator):
1964         (JSC::virtualCallGenerator):
1965         (JSC::virtualConstructGenerator):
1966         * jit/ThunkGenerators.h:
1967
1968 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
1969
1970         Move DFG inline caching logic into jit/
1971         https://bugs.webkit.org/show_bug.cgi?id=121749
1972
1973         Rubber stamped by Sam Weinig.
1974         
1975         We want to get rid of the baseline JIT's inline caching machinery and have it use the
1976         DFG's instead. But before we do that we need to move the DFG's inline caching machine
1977         out from behind its ENABLE(DFG_JIT) guards and make it available to the whole system.
1978         This patch does that:
1979         
1980         - dfg/DFGRepatch becomes jit/Repatch.
1981         
1982         - The thunks used by the DFG IC go into jit/ThunkGenerators, instead of dfg/DFGThunks.
1983         
1984         - The operations used by the DFG IC go into jit/JITOperations, instead of
1985           dfg/DFGOperations.
1986         
1987         - The old JIT's thunk generators for calls are renamed to reduce confusion. Previously
1988           it was easy to know which generators belong to which JIT because the old JIT used
1989           JSC::virtualCallBlah and the DFG used JSC::DFG::virtualCallBlah, but that's not the
1990           case anymore. Note that the old JIT's thunk generators will die in a future patch.
1991         
1992         No functional changes beyond those moves.
1993
1994         * CMakeLists.txt:
1995         * GNUmakefile.list.am:
1996         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1997         * JavaScriptCore.xcodeproj/project.pbxproj:
1998         * Target.pri:
1999         * bytecode/CallLinkInfo.cpp:
2000         (JSC::CallLinkInfo::unlink):
2001         * bytecode/CodeBlock.cpp:
2002         (JSC::CodeBlock::resetStubInternal):
2003         * bytecode/StructureStubInfo.h:
2004         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
2005         (JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
2006         (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
2007         * dfg/DFGJITCompiler.h:
2008         * dfg/DFGOSRExitCompiler.h:
2009         * dfg/DFGOperations.cpp:
2010         (JSC::DFG::operationPutByValInternal):
2011         * dfg/DFGOperations.h:
2012         (JSC::DFG::operationNewTypedArrayWithSizeForType):
2013         (JSC::DFG::operationNewTypedArrayWithOneArgumentForType):
2014         * dfg/DFGRegisterSet.h: Removed.
2015         * dfg/DFGRepatch.cpp: Removed.
2016         * dfg/DFGRepatch.h: Removed.
2017         * dfg/DFGScratchRegisterAllocator.h: Removed.
2018         * dfg/DFGSpeculativeJIT.cpp:
2019         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
2020         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
2021         (JSC::DFG::SpeculativeJIT::compare):
2022         * dfg/DFGSpeculativeJIT.h:
2023         (JSC::DFG::SpeculativeJIT::callOperation):
2024         * dfg/DFGSpeculativeJIT32_64.cpp:
2025         (JSC::DFG::SpeculativeJIT::cachedPutById):
2026         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
2027         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
2028         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
2029         (JSC::DFG::SpeculativeJIT::compile):
2030         * dfg/DFGSpeculativeJIT64.cpp:
2031         (JSC::DFG::SpeculativeJIT::cachedPutById):
2032         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
2033         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
2034         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
2035         (JSC::DFG::SpeculativeJIT::compile):
2036         * dfg/DFGThunks.cpp:
2037         * dfg/DFGThunks.h:
2038         * ftl/FTLIntrinsicRepository.h:
2039         * ftl/FTLLowerDFGToLLVM.cpp:
2040         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
2041         * jit/AssemblyHelpers.h:
2042         (JSC::AssemblyHelpers::writeBarrier):
2043         * jit/JIT.cpp:
2044         (JSC::JIT::linkFor):
2045         (JSC::JIT::linkSlowCall):
2046         * jit/JITCall.cpp:
2047         (JSC::JIT::compileCallEval):
2048         (JSC::JIT::compileCallEvalSlowCase):
2049         (JSC::JIT::compileOpCallSlowCase):
2050         (JSC::JIT::privateCompileClosureCall):
2051         * jit/JITCall32_64.cpp:
2052         (JSC::JIT::compileCallEvalSlowCase):
2053         (JSC::JIT::compileOpCallSlowCase):
2054         (JSC::JIT::privateCompileClosureCall):
2055         * jit/JITOperationWrappers.h: Added.
2056         * jit/JITOperations.cpp: Added.
2057         * jit/JITOperations.h: Added.
2058         * jit/RegisterSet.h: Added.
2059         (JSC::RegisterSet::RegisterSet):
2060         (JSC::RegisterSet::asPOD):
2061         (JSC::RegisterSet::copyInfo):
2062         (JSC::RegisterSet::set):
2063         (JSC::RegisterSet::setGPRByIndex):
2064         (JSC::RegisterSet::clear):
2065         (JSC::RegisterSet::get):
2066         (JSC::RegisterSet::getGPRByIndex):
2067         (JSC::RegisterSet::getFreeGPR):
2068         (JSC::RegisterSet::setFPRByIndex):
2069         (JSC::RegisterSet::getFPRByIndex):
2070         (JSC::RegisterSet::setByIndex):
2071         (JSC::RegisterSet::getByIndex):
2072         (JSC::RegisterSet::numberOfSetGPRs):
2073         (JSC::RegisterSet::numberOfSetFPRs):
2074         (JSC::RegisterSet::numberOfSetRegisters):
2075         (JSC::RegisterSet::setBit):
2076         (JSC::RegisterSet::clearBit):
2077         (JSC::RegisterSet::getBit):
2078         * jit/Repatch.cpp: Added.
2079         (JSC::repatchCall):
2080         (JSC::repatchByIdSelfAccess):
2081         (JSC::addStructureTransitionCheck):
2082         (JSC::replaceWithJump):
2083         (JSC::emitRestoreScratch):
2084         (JSC::linkRestoreScratch):
2085         (JSC::generateProtoChainAccessStub):
2086         (JSC::tryCacheGetByID):
2087         (JSC::repatchGetByID):
2088         (JSC::getPolymorphicStructureList):
2089         (JSC::patchJumpToGetByIdStub):
2090         (JSC::tryBuildGetByIDList):
2091         (JSC::buildGetByIDList):
2092         (JSC::appropriateGenericPutByIdFunction):
2093         (JSC::appropriateListBuildingPutByIdFunction):
2094         (JSC::emitPutReplaceStub):
2095         (JSC::emitPutTransitionStub):
2096         (JSC::tryCachePutByID):
2097         (JSC::repatchPutByID):
2098         (JSC::tryBuildPutByIdList):
2099         (JSC::buildPutByIdList):
2100         (JSC::tryRepatchIn):
2101         (JSC::repatchIn):
2102         (JSC::linkSlowFor):
2103         (JSC::linkFor):
2104         (JSC::linkClosureCall):
2105         (JSC::resetGetByID):
2106         (JSC::resetPutByID):
2107         (JSC::resetIn):
2108         * jit/Repatch.h: Added.
2109         (JSC::resetGetByID):
2110         (JSC::resetPutByID):
2111         (JSC::resetIn):
2112         * jit/ScratchRegisterAllocator.h: Added.
2113         (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
2114         (JSC::ScratchRegisterAllocator::lock):
2115         (JSC::ScratchRegisterAllocator::allocateScratch):
2116         (JSC::ScratchRegisterAllocator::allocateScratchGPR):
2117         (JSC::ScratchRegisterAllocator::allocateScratchFPR):
2118         (JSC::ScratchRegisterAllocator::didReuseRegisters):
2119         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
2120         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
2121         (JSC::ScratchRegisterAllocator::desiredScratchBufferSize):
2122         (JSC::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
2123         (JSC::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
2124         * jit/ThunkGenerators.cpp:
2125         (JSC::oldStyleGenerateSlowCaseFor):
2126         (JSC::oldStyleLinkForGenerator):
2127         (JSC::oldStyleLinkCallGenerator):
2128         (JSC::oldStyleLinkConstructGenerator):
2129         (JSC::oldStyleLinkClosureCallGenerator):
2130         (JSC::oldStyleVirtualForGenerator):
2131         (JSC::oldStyleVirtualCallGenerator):
2132         (JSC::oldStyleVirtualConstructGenerator):
2133         (JSC::emitPointerValidation):
2134         (JSC::throwExceptionFromCallSlowPathGenerator):
2135         (JSC::slowPathFor):
2136         (JSC::linkForThunkGenerator):
2137         (JSC::linkCallThunkGenerator):
2138         (JSC::linkConstructThunkGenerator):
2139         (JSC::linkClosureCallThunkGenerator):
2140         (JSC::virtualForThunkGenerator):
2141         (JSC::virtualCallThunkGenerator):
2142         (JSC::virtualConstructThunkGenerator):
2143         * jit/ThunkGenerators.h:
2144
2145 2013-09-21  Anders Carlsson  <andersca@apple.com>
2146
2147         Fix the non-DFG build.
2148
2149         * interpreter/Interpreter.cpp:
2150         (JSC::unwindCallFrame):
2151         * interpreter/StackVisitor.cpp:
2152         (JSC::StackVisitor::Frame::r):
2153
2154 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
2155
2156         Get rid of IsInlinedCodeTag and its associated methods since it's unused
2157         https://bugs.webkit.org/show_bug.cgi?id=121737
2158
2159         Reviewed by Sam Weinig.
2160         
2161         This was meant to be easy, but I kept wondering if it was safe to remove the
2162         inline call frame check in Arguments::tearOff(). The check was clearly dead
2163         since the bit wasn't being set anywhere.
2164         
2165         It turns out that the unwindCallFrame() function was relying on tearOff()
2166         doing the right thing for inlined code, but it wasn't even passing it an
2167         inline call frame. I fixed this by having unwindCallFrame() inlining check,
2168         while also making sure that the code uses the right operand index for the
2169         arguments register.
2170
2171         * interpreter/CallFrame.h:
2172         * interpreter/CallFrameInlines.h:
2173         * interpreter/Interpreter.cpp:
2174         (JSC::unwindCallFrame):
2175         * interpreter/StackVisitor.cpp:
2176         (JSC::StackVisitor::Frame::r):
2177         * interpreter/StackVisitor.h:
2178         * runtime/Arguments.cpp:
2179         (JSC::Arguments::tearOff):
2180
2181 2013-09-20  Mark Hahnenberg  <mhahnenberg@apple.com>
2182
2183         (un)shiftCountWithAnyIndexingType will start over in the middle of copying if it sees a hole
2184         https://bugs.webkit.org/show_bug.cgi?id=121717
2185
2186         Reviewed by Oliver Hunt.
2187
2188         This bug caused the array to become corrupted. We now check for holes before we start moving things, 
2189         and start moving things only once we've determined that there are none.
2190
2191         * runtime/JSArray.cpp:
2192         (JSC::JSArray::shiftCountWithAnyIndexingType):
2193         (JSC::JSArray::unshiftCountWithAnyIndexingType):
2194
2195 2013-09-20  Filip Pizlo  <fpizlo@apple.com>
2196
2197         REGRESSION(r156047): WebCore hangs inside JSC::toInt32(double)
2198         https://bugs.webkit.org/show_bug.cgi?id=121648
2199
2200         Reviewed by Mark Hahnenberg.
2201         
2202         The Int52<->StrictInt52 conversion did the opposite fill() than what it was
2203         supposed to. For example when converting a Int52 to a StrictInt52 it would fill
2204         as Int52, and vice-versa.
2205
2206         * dfg/DFGSpeculativeJIT64.cpp:
2207         (JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
2208
2209 2013-09-20  Oliver Hunt  <oliver@apple.com>
2210
2211         REGRESSION(r153215): New iCloud site crashes
2212         https://bugs.webkit.org/show_bug.cgi?id=121710
2213
2214         Reviewed by Filip Pizlo.
2215
2216         Don't claim to be able to rely on the arguments structure, use the Arguments
2217         speculation type
2218
2219         * dfg/DFGAbstractInterpreterInlines.h:
2220         (JSC::DFG::::executeEffects):
2221
2222 2013-09-20  Mark Hahnenberg  <mhahnenberg@apple.com>
2223
2224         Clobberize phase forgets to indicate that it writes GCState for several node types
2225         https://bugs.webkit.org/show_bug.cgi?id=121702
2226
2227         Reviewed by Oliver Hunt.
2228
2229         Added read and write for GCState to the nodes that could end up allocating (and thereby
2230         cause a garbage collection).
2231
2232         * dfg/DFGClobberize.h:
2233         (JSC::DFG::clobberize):
2234
2235 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2236
2237         Move CCallHelpers and AssemblyHelpers into jit/ and have JSInterfaceJIT use them
2238         https://bugs.webkit.org/show_bug.cgi?id=121637
2239
2240         Rubber stamped by Michael Saboff.
2241         
2242         Also moved GPRInfo/FPRInfo into jit/. Rolling back in after fixing JIT-only build
2243         and tests.
2244
2245         * CMakeLists.txt:
2246         * GNUmakefile.list.am:
2247         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2248         * JavaScriptCore.xcodeproj/project.pbxproj:
2249         * Target.pri:
2250         * bytecode/ValueRecovery.h:
2251         (JSC::ValueRecovery::dumpInContext):
2252         * dfg/DFGAssemblyHelpers.cpp: Removed.
2253         * dfg/DFGAssemblyHelpers.h: Removed.
2254         * dfg/DFGBinarySwitch.h:
2255         * dfg/DFGByteCodeParser.cpp:
2256         * dfg/DFGCCallHelpers.h: Removed.
2257         * dfg/DFGDisassembler.cpp:
2258         * dfg/DFGFPRInfo.h: Removed.
2259         * dfg/DFGGPRInfo.h: Removed.
2260         * dfg/DFGGraph.cpp:
2261         * dfg/DFGGraph.h:
2262         * dfg/DFGJITCompiler.h:
2263         * dfg/DFGOSRExit.cpp:
2264         * dfg/DFGOSRExit.h:
2265         * dfg/DFGOSRExitCompiler.h:
2266         * dfg/DFGOSRExitCompilerCommon.h:
2267         * dfg/DFGRegisterBank.h:
2268         * dfg/DFGRegisterSet.h:
2269         * dfg/DFGRepatch.cpp:
2270         * dfg/DFGSilentRegisterSavePlan.h:
2271         * dfg/DFGThunks.cpp:
2272         * dfg/DFGVariableEvent.cpp:
2273         * ftl/FTLCArgumentGetter.h:
2274         (JSC::FTL::CArgumentGetter::CArgumentGetter):
2275         (JSC::FTL::CArgumentGetter::loadNext8):
2276         (JSC::FTL::CArgumentGetter::loadNext32):
2277         (JSC::FTL::CArgumentGetter::loadNext64):
2278         (JSC::FTL::CArgumentGetter::loadNextPtr):
2279         (JSC::FTL::CArgumentGetter::loadNextDouble):
2280         * ftl/FTLCompile.cpp:
2281         * ftl/FTLExitThunkGenerator.h:
2282         * ftl/FTLLink.cpp:
2283         * ftl/FTLThunks.cpp:
2284         * jit/AssemblyHelpers.cpp: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.cpp.
2285         * jit/AssemblyHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.h.
2286         (JSC::AssemblyHelpers::AssemblyHelpers):
2287         (JSC::AssemblyHelpers::debugCall):
2288         * jit/CCallHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGCCallHelpers.h.
2289         * jit/FPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGFPRInfo.h.
2290         (WTF::printInternal):
2291         * jit/GPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGGPRInfo.h.
2292         (WTF::printInternal):
2293         * jit/JIT.cpp:
2294         (JSC::JIT::JIT):
2295         * jit/JIT.h:
2296         * jit/JITPropertyAccess.cpp:
2297         (JSC::JIT::stringGetByValStubGenerator):
2298         * jit/JITPropertyAccess32_64.cpp:
2299         (JSC::JIT::stringGetByValStubGenerator):
2300         * jit/JSInterfaceJIT.h:
2301         (JSC::JSInterfaceJIT::JSInterfaceJIT):
2302         * jit/SpecializedThunkJIT.h:
2303         (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
2304         (JSC::SpecializedThunkJIT::finalize):
2305         * jit/ThunkGenerators.cpp:
2306         (JSC::linkForGenerator):
2307         (JSC::virtualForGenerator):
2308         (JSC::stringLengthTrampolineGenerator):
2309         (JSC::nativeForGenerator):
2310         (JSC::arityFixup):
2311         (JSC::charCodeAtThunkGenerator):
2312         (JSC::charAtThunkGenerator):
2313         (JSC::fromCharCodeThunkGenerator):
2314         (JSC::sqrtThunkGenerator):
2315         (JSC::floorThunkGenerator):
2316         (JSC::ceilThunkGenerator):
2317         (JSC::roundThunkGenerator):
2318         (JSC::expThunkGenerator):
2319         (JSC::logThunkGenerator):
2320         (JSC::absThunkGenerator):
2321         (JSC::powThunkGenerator):
2322         (JSC::imulThunkGenerator):
2323         * llint/LLIntThunks.cpp:
2324         (JSC::LLInt::generateThunkWithJumpTo):
2325         * runtime/JSCJSValue.h:
2326
2327 2013-09-20  Allan Sandfeld Jensen  <allan.jensen@digia.com>
2328
2329         Inline method exported
2330         https://bugs.webkit.org/show_bug.cgi?id=121664
2331
2332         Reviewed by Darin Adler.
2333
2334         WatchDog::didFire() is marked as an exported symbol eventhough it is
2335         defined inline. This breaks the build on MinGW since it results in dllimport
2336         being declared on a definition.
2337
2338         * runtime/Watchdog.h:
2339         (JSC::Watchdog::didFire):
2340
2341 2013-09-20  Patrick Gansterer  <paroga@webkit.org>
2342
2343         [CMake] Use COMPILE_DEFINITIONS target property for setting BUILDING_* defines
2344         https://bugs.webkit.org/show_bug.cgi?id=121672
2345
2346         Reviewed by Gyuyoung Kim.
2347
2348         Since the scope of add_definitions() is always a whole file, we need to use
2349         target properties instead to set definitions only for specific targets.
2350
2351         * CMakeLists.txt:
2352
2353 2013-09-19  Commit Queue  <commit-queue@webkit.org>
2354
2355         Unreviewed, rolling out r156120.
2356         http://trac.webkit.org/changeset/156120
2357         https://bugs.webkit.org/show_bug.cgi?id=121651
2358
2359         Broke windows runtime and all tests (Requested by bfulgham on
2360         #webkit).
2361
2362         * CMakeLists.txt:
2363         * GNUmakefile.list.am:
2364         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2365         * JavaScriptCore.xcodeproj/project.pbxproj:
2366         * Target.pri:
2367         * bytecode/ValueRecovery.h:
2368         (JSC::ValueRecovery::dumpInContext):
2369         * dfg/DFGAssemblyHelpers.cpp: Renamed from Source/JavaScriptCore/jit/AssemblyHelpers.cpp.
2370         (JSC::DFG::AssemblyHelpers::executableFor):
2371         (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
2372         (JSC::DFG::AssemblyHelpers::setSamplingFlag):
2373         (JSC::DFG::AssemblyHelpers::clearSamplingFlag):
2374         (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
2375         (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
2376         (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
2377         (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
2378         (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
2379         (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame):
2380         * dfg/DFGAssemblyHelpers.h: Renamed from Source/JavaScriptCore/jit/AssemblyHelpers.h.
2381         (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
2382         (JSC::DFG::AssemblyHelpers::codeBlock):
2383         (JSC::DFG::AssemblyHelpers::vm):
2384         (JSC::DFG::AssemblyHelpers::assembler):
2385         (JSC::DFG::AssemblyHelpers::preserveReturnAddressAfterCall):
2386         (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
2387         (JSC::DFG::AssemblyHelpers::emitGetFromCallFrameHeaderPtr):
2388         (JSC::DFG::AssemblyHelpers::emitPutToCallFrameHeader):
2389         (JSC::DFG::AssemblyHelpers::emitPutImmediateToCallFrameHeader):
2390         (JSC::DFG::AssemblyHelpers::branchIfNotCell):
2391         (JSC::DFG::AssemblyHelpers::addressFor):
2392         (JSC::DFG::AssemblyHelpers::tagFor):
2393         (JSC::DFG::AssemblyHelpers::payloadFor):
2394         (JSC::DFG::AssemblyHelpers::branchIfNotObject):
2395         (JSC::DFG::AssemblyHelpers::selectScratchGPR):
2396         (JSC::DFG::AssemblyHelpers::debugCall):
2397         (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
2398         (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
2399         (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
2400         (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
2401         (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
2402         (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame):
2403         (JSC::DFG::AssemblyHelpers::boxDouble):
2404         (JSC::DFG::AssemblyHelpers::unboxDouble):
2405         (JSC::DFG::AssemblyHelpers::boxInt52):
2406         (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
2407         (JSC::DFG::AssemblyHelpers::emitCount):
2408         (JSC::DFG::AssemblyHelpers::globalObjectFor):
2409         (JSC::DFG::AssemblyHelpers::strictModeFor):
2410         (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor):
2411         (JSC::DFG::AssemblyHelpers::baselineCodeBlock):
2412         (JSC::DFG::AssemblyHelpers::argumentsRegisterFor):
2413         (JSC::DFG::AssemblyHelpers::symbolTableFor):
2414         (JSC::DFG::AssemblyHelpers::offsetOfLocals):
2415         (JSC::DFG::AssemblyHelpers::offsetOfArgumentsIncludingThis):
2416         * dfg/DFGBinarySwitch.h:
2417         * dfg/DFGByteCodeParser.cpp:
2418         * dfg/DFGCCallHelpers.h: Renamed from Source/JavaScriptCore/jit/CCallHelpers.h.
2419         (JSC::DFG::CCallHelpers::CCallHelpers):
2420         (JSC::DFG::CCallHelpers::resetCallArguments):
2421         (JSC::DFG::CCallHelpers::addCallArgument):
2422         (JSC::DFG::CCallHelpers::setupArguments):
2423         (JSC::DFG::CCallHelpers::setupArgumentsExecState):
2424         (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
2425         (JSC::DFG::CCallHelpers::setupTwoStubArgs):
2426         (JSC::DFG::CCallHelpers::setupStubArguments):
2427         (JSC::DFG::CCallHelpers::setupResults):
2428         * dfg/DFGDisassembler.cpp:
2429         * dfg/DFGFPRInfo.h: Renamed from Source/JavaScriptCore/jit/FPRInfo.h.
2430         (JSC::DFG::FPRInfo::toRegister):
2431         (JSC::DFG::FPRInfo::toIndex):
2432         (JSC::DFG::FPRInfo::toArgumentRegister):
2433         (JSC::DFG::FPRInfo::debugName):
2434         * dfg/DFGGPRInfo.h: Renamed from Source/JavaScriptCore/jit/GPRInfo.h.
2435         (JSC::DFG::JSValueRegs::JSValueRegs):
2436         (JSC::DFG::JSValueRegs::payloadOnly):
2437         (JSC::DFG::JSValueRegs::operator!):
2438         (JSC::DFG::JSValueRegs::gpr):
2439         (JSC::DFG::JSValueRegs::payloadGPR):
2440         (JSC::DFG::JSValueSource::JSValueSource):
2441         (JSC::DFG::JSValueSource::unboxedCell):
2442         (JSC::DFG::JSValueSource::operator!):
2443         (JSC::DFG::JSValueSource::isAddress):
2444         (JSC::DFG::JSValueSource::offset):
2445         (JSC::DFG::JSValueSource::base):
2446         (JSC::DFG::JSValueSource::gpr):
2447         (JSC::DFG::JSValueSource::asAddress):
2448         (JSC::DFG::JSValueSource::notAddress):
2449         (JSC::DFG::JSValueRegs::tagGPR):
2450         (JSC::DFG::JSValueSource::tagGPR):
2451         (JSC::DFG::JSValueSource::payloadGPR):
2452         (JSC::DFG::JSValueSource::hasKnownTag):
2453         (JSC::DFG::JSValueSource::tag):
2454         (JSC::DFG::GPRInfo::toRegister):
2455         (JSC::DFG::GPRInfo::toIndex):
2456         (JSC::DFG::GPRInfo::debugName):
2457         (JSC::DFG::GPRInfo::toArgumentRegister):
2458         * dfg/DFGGraph.cpp:
2459         * dfg/DFGGraph.h:
2460         * dfg/DFGJITCompiler.h:
2461         * dfg/DFGOSRExit.cpp:
2462         * dfg/DFGOSRExit.h:
2463         * dfg/DFGOSRExitCompiler.h:
2464         * dfg/DFGOSRExitCompilerCommon.h:
2465         * dfg/DFGRegisterBank.h:
2466         * dfg/DFGRegisterSet.h:
2467         * dfg/DFGRepatch.cpp:
2468         * dfg/DFGSilentRegisterSavePlan.h:
2469         * dfg/DFGThunks.cpp:
2470         * dfg/DFGVariableEvent.cpp:
2471         * ftl/FTLCArgumentGetter.h:
2472         (JSC::FTL::CArgumentGetter::CArgumentGetter):
2473         (JSC::FTL::CArgumentGetter::loadNext8):
2474         (JSC::FTL::CArgumentGetter::loadNext32):
2475         (JSC::FTL::CArgumentGetter::loadNext64):
2476         (JSC::FTL::CArgumentGetter::loadNextPtr):
2477         (JSC::FTL::CArgumentGetter::loadNextDouble):
2478         * ftl/FTLCompile.cpp:
2479         * ftl/FTLExitThunkGenerator.h:
2480         * ftl/FTLLink.cpp:
2481         * ftl/FTLThunks.cpp:
2482         * jit/JIT.cpp:
2483         (JSC::JIT::JIT):
2484         * jit/JIT.h:
2485         * jit/JITPropertyAccess.cpp:
2486         (JSC::JIT::stringGetByValStubGenerator):
2487         * jit/JITPropertyAccess32_64.cpp:
2488         (JSC::JIT::stringGetByValStubGenerator):
2489         * jit/JSInterfaceJIT.h:
2490         (JSC::JSInterfaceJIT::preserveReturnAddressAfterCall):
2491         (JSC::JSInterfaceJIT::restoreReturnAddressBeforeReturn):
2492         * jit/SpecializedThunkJIT.h:
2493         (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
2494         (JSC::SpecializedThunkJIT::finalize):
2495         * jit/ThunkGenerators.cpp:
2496         (JSC::linkForGenerator):
2497         (JSC::virtualForGenerator):
2498         (JSC::stringLengthTrampolineGenerator):
2499         (JSC::nativeForGenerator):
2500         (JSC::arityFixup):
2501         (JSC::charCodeAtThunkGenerator):
2502         (JSC::charAtThunkGenerator):
2503         (JSC::fromCharCodeThunkGenerator):
2504         (JSC::sqrtThunkGenerator):
2505         (JSC::floorThunkGenerator):
2506         (JSC::ceilThunkGenerator):
2507         (JSC::roundThunkGenerator):
2508         (JSC::expThunkGenerator):
2509         (JSC::logThunkGenerator):
2510         (JSC::absThunkGenerator):
2511         (JSC::powThunkGenerator):
2512         (JSC::imulThunkGenerator):
2513         * llint/LLIntThunks.cpp:
2514         (JSC::LLInt::generateThunkWithJumpTo):
2515         * runtime/JSCJSValue.h:
2516
2517 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2518
2519         Unreviewed, fix Windows build part 2. m_jitCodeMap should always be there.
2520
2521         * bytecode/CodeBlock.h:
2522         (JSC::CodeBlock::jitCodeMap):
2523
2524 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2525
2526         Remove some of the tautologies in DFGRepatch function naming.
2527
2528         Rubber stamped by Mark Hahnenberg.
2529         
2530         For example change DFG::dfgLinkFor() to be DFG::linkFor().
2531
2532         * bytecode/CodeBlock.cpp:
2533         (JSC::CodeBlock::resetStubInternal):
2534         * dfg/DFGOperations.cpp:
2535         * dfg/DFGRepatch.cpp:
2536         (JSC::DFG::repatchCall):
2537         (JSC::DFG::repatchByIdSelfAccess):
2538         (JSC::DFG::tryCacheGetByID):
2539         (JSC::DFG::repatchGetByID):
2540         (JSC::DFG::buildGetByIDList):
2541         (JSC::DFG::tryCachePutByID):
2542         (JSC::DFG::repatchPutByID):
2543         (JSC::DFG::buildPutByIdList):
2544         (JSC::DFG::repatchIn):
2545         (JSC::DFG::linkFor):
2546         (JSC::DFG::linkSlowFor):
2547         (JSC::DFG::linkClosureCall):
2548         (JSC::DFG::resetGetByID):
2549         (JSC::DFG::resetPutByID):
2550         (JSC::DFG::resetIn):
2551         * dfg/DFGRepatch.h:
2552         (JSC::DFG::resetGetByID):
2553         (JSC::DFG::resetPutByID):
2554         (JSC::DFG::resetIn):
2555
2556 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2557
2558         Unreviewed, fix Windows build. ScratchBuffer should always be available regardless of
2559         ENABLE_DFG_JIT.
2560
2561         * runtime/VM.h:
2562
2563 2013-09-19  Daniel Bates  <dabates@apple.com>
2564
2565         [iOS] Add more iOS logic to the JavaScriptCore build configuration files
2566         https://bugs.webkit.org/show_bug.cgi?id=121635
2567
2568         Reviewed by Geoffrey Garen.
2569
2570         Towards building JavaScriptCore for both OS X and iOS using the same
2571         set of configuration files, add more iOS logic.
2572
2573         * Configurations/Base.xcconfig:
2574         * Configurations/JSC.xcconfig:
2575         * Configurations/JavaScriptCore.xcconfig:
2576         * Configurations/ToolExecutable.xcconfig:
2577
2578 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2579
2580         Move CCallHelpers and AssemblyHelpers into jit/ and have JSInterfaceJIT use them
2581         https://bugs.webkit.org/show_bug.cgi?id=121637
2582
2583         Rubber stamped by Michael Saboff.
2584         
2585         Also moved GPRInfo/FPRInfo into jit/.
2586
2587         * CMakeLists.txt:
2588         * GNUmakefile.list.am:
2589         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2590         * JavaScriptCore.xcodeproj/project.pbxproj:
2591         * Target.pri:
2592         * bytecode/ValueRecovery.h:
2593         (JSC::ValueRecovery::dumpInContext):
2594         * dfg/DFGAssemblyHelpers.cpp: Removed.
2595         * dfg/DFGAssemblyHelpers.h: Removed.
2596         * dfg/DFGBinarySwitch.h:
2597         * dfg/DFGByteCodeParser.cpp:
2598         * dfg/DFGCCallHelpers.h: Removed.
2599         * dfg/DFGDisassembler.cpp:
2600         * dfg/DFGFPRInfo.h: Removed.
2601         * dfg/DFGGPRInfo.h: Removed.
2602         * dfg/DFGGraph.cpp:
2603         * dfg/DFGGraph.h:
2604         * dfg/DFGJITCompiler.h:
2605         * dfg/DFGOSRExit.cpp:
2606         * dfg/DFGOSRExit.h:
2607         * dfg/DFGOSRExitCompiler.h:
2608         * dfg/DFGOSRExitCompilerCommon.h:
2609         * dfg/DFGRegisterBank.h:
2610         * dfg/DFGRegisterSet.h:
2611         * dfg/DFGRepatch.cpp:
2612         * dfg/DFGSilentRegisterSavePlan.h:
2613         * dfg/DFGThunks.cpp:
2614         * dfg/DFGVariableEvent.cpp:
2615         * ftl/FTLCArgumentGetter.h:
2616         (JSC::FTL::CArgumentGetter::CArgumentGetter):
2617         (JSC::FTL::CArgumentGetter::loadNext8):
2618         (JSC::FTL::CArgumentGetter::loadNext32):
2619         (JSC::FTL::CArgumentGetter::loadNext64):
2620         (JSC::FTL::CArgumentGetter::loadNextPtr):
2621         (JSC::FTL::CArgumentGetter::loadNextDouble):
2622         * ftl/FTLCompile.cpp:
2623         * ftl/FTLExitThunkGenerator.h:
2624         * ftl/FTLLink.cpp:
2625         * ftl/FTLThunks.cpp:
2626         * jit/AssemblyHelpers.cpp: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.cpp.
2627         * jit/AssemblyHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.h.
2628         (JSC::AssemblyHelpers::AssemblyHelpers):
2629         (JSC::AssemblyHelpers::debugCall):
2630         * jit/CCallHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGCCallHelpers.h.
2631         * jit/FPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGFPRInfo.h.
2632         (WTF::printInternal):
2633         * jit/GPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGGPRInfo.h.
2634         (WTF::printInternal):
2635         * jit/JIT.cpp:
2636         (JSC::JIT::JIT):
2637         * jit/JIT.h:
2638         * jit/JITPropertyAccess.cpp:
2639         (JSC::JIT::stringGetByValStubGenerator):
2640         * jit/JITPropertyAccess32_64.cpp:
2641         (JSC::JIT::stringGetByValStubGenerator):
2642         * jit/JSInterfaceJIT.h:
2643         (JSC::JSInterfaceJIT::JSInterfaceJIT):
2644         * jit/SpecializedThunkJIT.h:
2645         (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
2646         (JSC::SpecializedThunkJIT::finalize):
2647         * jit/ThunkGenerators.cpp:
2648         (JSC::linkForGenerator):
2649         (JSC::virtualForGenerator):
2650         (JSC::stringLengthTrampolineGenerator):
2651         (JSC::nativeForGenerator):
2652         (JSC::arityFixup):
2653         (JSC::charCodeAtThunkGenerator):
2654         (JSC::charAtThunkGenerator):
2655         (JSC::fromCharCodeThunkGenerator):
2656         (JSC::sqrtThunkGenerator):
2657         (JSC::floorThunkGenerator):
2658         (JSC::ceilThunkGenerator):
2659         (JSC::roundThunkGenerator):
2660         (JSC::expThunkGenerator):
2661         (JSC::logThunkGenerator):
2662         (JSC::absThunkGenerator):
2663         (JSC::powThunkGenerator):
2664         (JSC::imulThunkGenerator):
2665         * llint/LLIntThunks.cpp:
2666         (JSC::LLInt::generateThunkWithJumpTo):
2667         * runtime/JSCJSValue.h:
2668
2669 2013-09-19  Daniel Bates  <dabates@apple.com>
2670
2671         [iOS] Substitute UNREACHABLE_FOR_PLATFORM() for RELEASE_ASSERT_NOT_REACHED()
2672
2673         Rubber-stamped by Joseph Pecoraro.
2674
2675         Use UNREACHABLE_FOR_PLATFORM() instead of RELEASE_ASSERT_NOT_REACHED() in
2676         the non-x86/x86-64 variant of JIT::emitSlow_op_mod() so as to avoid a missing
2677         noreturn warning in Clang while simultaneously asserting unreachable code.
2678
2679         * jit/JITArithmetic.cpp:
2680         (JSC::JIT::emitSlow_op_mod):
2681
2682 2013-09-19  Michael Saboff  <msaboff@apple.com>
2683
2684         JSC: X86 disassembler shows 16, 32 and 64 bit displacements as unsigned
2685         https://bugs.webkit.org/show_bug.cgi?id=121625
2686
2687         Rubber-stamped by Filip Pizlo.
2688
2689         Chenged 16, 32 and 64 bit offsets to be signed.  Kept the original tab indented
2690         spacing to match the rest of the file.
2691
2692         * disassembler/udis86/udis86_syn-att.c:
2693         (gen_operand):
2694
2695 2013-09-19  Daniel Bates  <dabates@apple.com>
2696
2697         Remove names of unused arguments from the non-x86/x86-64 function prototype
2698         for JIT::emitSlow_op_mod()
2699
2700         Rubber-stamped by Ryosuke Niwa.
2701
2702         * jit/JITArithmetic.cpp:
2703         (JSC::JIT::emitSlow_op_mod):
2704
2705 2013-09-18  Sam Weinig  <sam@webkit.org>
2706
2707         Replace use of OwnArrayPtr<Foo> with std::unique_ptr<Foo[]> in JavaScriptCore
2708         https://bugs.webkit.org/show_bug.cgi?id=121583
2709
2710         Reviewed by Anders Carlsson.
2711
2712         * API/JSStringRefCF.cpp:
2713         (JSStringCreateWithCFString):
2714         * API/JSStringRefQt.cpp:
2715         * bytecompiler/BytecodeGenerator.cpp:
2716         (JSC::BytecodeGenerator::BytecodeGenerator):
2717         * dfg/DFGByteCodeParser.cpp:
2718         (JSC::DFG::ByteCodeParser::parseBlock):
2719         * dfg/DFGDisassembler.cpp:
2720         (JSC::DFG::Disassembler::dumpDisassembly):
2721         * runtime/Arguments.cpp:
2722         (JSC::Arguments::tearOff):
2723         * runtime/Arguments.h:
2724         (JSC::Arguments::isTornOff):
2725         (JSC::Arguments::allocateSlowArguments):
2726         * runtime/JSPropertyNameIterator.cpp:
2727         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
2728         * runtime/JSPropertyNameIterator.h:
2729         * runtime/JSSegmentedVariableObject.h:
2730         * runtime/JSVariableObject.h:
2731         * runtime/PropertyNameArray.h:
2732         * runtime/RegExp.cpp:
2733         * runtime/StructureChain.h:
2734         (JSC::StructureChain::finishCreation):
2735         * runtime/SymbolTable.h:
2736         (JSC::SharedSymbolTable::setSlowArguments):
2737
2738 2013-09-18  Brent Fulgham  <bfulgham@apple.com>
2739
2740         [Windows] Unreviewed build fix after r156064.
2741
2742         * jsc.cpp:
2743         (jscmain): Need a temporary to perform '&' in VS2010.
2744
2745 2013-09-18  Filip Pizlo  <fpizlo@apple.com>
2746
2747         Give 'jsc' commandline an option to disable deleting the VM.
2748
2749         Reviewed by Mark Hahnenberg.
2750
2751         * jsc.cpp:
2752         (jscmain):
2753         * runtime/Options.h:
2754
2755 2013-09-18  Anders Carlsson  <andersca@apple.com>
2756
2757         RefPtrHashMap should work with move only types
2758         https://bugs.webkit.org/show_bug.cgi?id=121564
2759
2760         Reviewed by Andreas Kling.
2761
2762         * runtime/VM.cpp:
2763         (JSC::VM::addSourceProviderCache):
2764
2765 2013-09-17  Mark Hahnenberg  <mhahnenberg@apple.com>
2766
2767         Rename OperationInProgress to HeapOperation and move it out of Heap.h into its own header
2768         https://bugs.webkit.org/show_bug.cgi?id=121534
2769
2770         Reviewed by Geoffrey Garen.
2771
2772         OperationInProgress is a silly name. 
2773
2774         Many parts of the Heap would like to know what HeapOperation is currently underway, but 
2775         since they are included in Heap.h they can't directly reference HeapOperation if it also 
2776         lives in Heap.h. The simplest thing to do is to give HeapOperation its own header. While 
2777         a bit overkill, it simplifies including it wherever its needed.
2778
2779         * JavaScriptCore.xcodeproj/project.pbxproj:
2780         * bytecode/CodeBlock.cpp:
2781         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
2782         (JSC::CodeBlock::updateAllValueProfilePredictions):
2783         (JSC::CodeBlock::updateAllPredictions):
2784         * bytecode/CodeBlock.h:
2785         (JSC::CodeBlock::updateAllValueProfilePredictions):
2786         (JSC::CodeBlock::updateAllPredictions):
2787         * bytecode/LazyOperandValueProfile.cpp:
2788         (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
2789         * bytecode/LazyOperandValueProfile.h:
2790         * bytecode/ValueProfile.h:
2791         (JSC::ValueProfileBase::computeUpdatedPrediction):
2792         * heap/Heap.h:
2793         * heap/HeapOperation.h: Added.
2794
2795 2013-09-18  Filip Pizlo  <fpizlo@apple.com>
2796
2797         DFG should support Int52 for local variables
2798         https://bugs.webkit.org/show_bug.cgi?id=121064
2799
2800         Reviewed by Oliver Hunt.
2801         
2802         This adds Int52 support for local variables to the DFG and FTL. It's a speed-up on
2803         programs that have local int32 overflows but where a larger int representation can
2804         prevent us from having to convert all the way up to double.
2805         
2806         It's a small speed-up for now. But we're just supporting Int52 for a handful of
2807         operations (add, sub, mul, neg, compare, bitops, typed array access) and this lays
2808         the groundwork for adding Int52 to JSValue, which will probably be a bigger
2809         speed-up.
2810         
2811         The basic approach is:
2812         
2813         - We have a notion of Int52 in our typesystem. Int52 doesn't belong to BytecodeTop
2814           or HeapTop - i.e. it doesn't arise from JSValues.
2815         
2816         - DFG treats Int52 as being part of its FullTop and will treat it as being a
2817           subtype of double unless instructed otherwise.
2818         
2819         - Prediction propagator creates Int52s whenever we have a node going doubly but due
2820           to large values rather than fractional values, and that node is known to be able
2821           to produce Int52 natively in the DFG backend.
2822         
2823         - Fixup phase converts edges to MachineIntUses in nodes that are known to be able
2824           to deal with Int52, and where we have a subtype of Int32|Int52 as the predicted
2825           input.
2826         
2827         - The DFG backend and FTL LLVM IR lowering have two notions of Int52s - ones that
2828           are left-shifted by 16 (great for overflow checks) and ones that are
2829           sign-extended. Both backends know how to convert between Int52s and the other
2830           representations.
2831
2832         * assembler/MacroAssemblerX86_64.h:
2833         (JSC::MacroAssemblerX86_64::rshift64):
2834         (JSC::MacroAssemblerX86_64::mul64):
2835         (JSC::MacroAssemblerX86_64::branchMul64):
2836         (JSC::MacroAssemblerX86_64::branchNeg64):
2837         (JSC::MacroAssemblerX86_64::convertInt64ToDouble):
2838         * assembler/X86Assembler.h:
2839         (JSC::X86Assembler::imulq_rr):
2840         (JSC::X86Assembler::cvtsi2sdq_rr):
2841         * bytecode/DataFormat.h:
2842         (JSC::dataFormatToString):
2843         * bytecode/ExitKind.cpp:
2844         (JSC::exitKindToString):
2845         * bytecode/ExitKind.h:
2846         * bytecode/OperandsInlines.h:
2847         (JSC::::dumpInContext):
2848         * bytecode/SpeculatedType.cpp:
2849         (JSC::dumpSpeculation):
2850         (JSC::speculationToAbbreviatedString):
2851         (JSC::speculationFromValue):
2852         * bytecode/SpeculatedType.h:
2853         (JSC::isInt32SpeculationForArithmetic):
2854         (JSC::isInt52Speculation):
2855         (JSC::isMachineIntSpeculationForArithmetic):
2856         (JSC::isInt52AsDoubleSpeculation):
2857         (JSC::isBytecodeRealNumberSpeculation):
2858         (JSC::isFullRealNumberSpeculation):
2859         (JSC::isBytecodeNumberSpeculation):
2860         (JSC::isFullNumberSpeculation):
2861         (JSC::isBytecodeNumberSpeculationExpectingDefined):
2862         (JSC::isFullNumberSpeculationExpectingDefined):
2863         * bytecode/ValueRecovery.h:
2864         (JSC::ValueRecovery::alreadyInJSStackAsUnboxedInt52):
2865         (JSC::ValueRecovery::inGPR):
2866         (JSC::ValueRecovery::displacedInJSStack):
2867         (JSC::ValueRecovery::isAlreadyInJSStack):
2868         (JSC::ValueRecovery::gpr):
2869         (JSC::ValueRecovery::virtualRegister):
2870         (JSC::ValueRecovery::dumpInContext):
2871         * dfg/DFGAbstractInterpreter.h:
2872         (JSC::DFG::AbstractInterpreter::needsTypeCheck):
2873         (JSC::DFG::AbstractInterpreter::filterByType):
2874         * dfg/DFGAbstractInterpreterInlines.h:
2875         (JSC::DFG::::executeEffects):
2876         * dfg/DFGAbstractValue.cpp:
2877         (JSC::DFG::AbstractValue::set):
2878         (JSC::DFG::AbstractValue::checkConsistency):
2879         * dfg/DFGAbstractValue.h:
2880         (JSC::DFG::AbstractValue::couldBeType):
2881         (JSC::DFG::AbstractValue::isType):
2882         (JSC::DFG::AbstractValue::checkConsistency):
2883         (JSC::DFG::AbstractValue::validateType):
2884         * dfg/DFGArrayMode.cpp:
2885         (JSC::DFG::ArrayMode::refine):
2886         * dfg/DFGAssemblyHelpers.h:
2887         (JSC::DFG::AssemblyHelpers::boxInt52):
2888         * dfg/DFGByteCodeParser.cpp:
2889         (JSC::DFG::ByteCodeParser::makeSafe):
2890         * dfg/DFGCSEPhase.cpp:
2891         (JSC::DFG::CSEPhase::pureCSE):
2892         (JSC::DFG::CSEPhase::getByValLoadElimination):
2893         (JSC::DFG::CSEPhase::performNodeCSE):
2894         * dfg/DFGClobberize.h:
2895         (JSC::DFG::clobberize):
2896         * dfg/DFGCommon.h:
2897         (JSC::DFG::enableInt52):
2898         * dfg/DFGDCEPhase.cpp:
2899         (JSC::DFG::DCEPhase::fixupBlock):
2900         * dfg/DFGFixupPhase.cpp:
2901         (JSC::DFG::FixupPhase::run):
2902         (JSC::DFG::FixupPhase::fixupNode):
2903         (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
2904         (JSC::DFG::FixupPhase::fixupUntypedSetLocalsInBlock):
2905         (JSC::DFG::FixupPhase::observeUseKindOnNode):
2906         (JSC::DFG::FixupPhase::fixEdge):
2907         (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
2908         (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
2909         * dfg/DFGFlushFormat.cpp:
2910         (WTF::printInternal):
2911         * dfg/DFGFlushFormat.h:
2912         (JSC::DFG::resultFor):
2913         (JSC::DFG::useKindFor):
2914         * dfg/DFGGenerationInfo.h:
2915         (JSC::DFG::GenerationInfo::initInt52):
2916         (JSC::DFG::GenerationInfo::initStrictInt52):
2917         (JSC::DFG::GenerationInfo::isFormat):
2918         (JSC::DFG::GenerationInfo::isInt52):
2919         (JSC::DFG::GenerationInfo::isStrictInt52):
2920         (JSC::DFG::GenerationInfo::fillInt52):
2921         (JSC::DFG::GenerationInfo::fillStrictInt52):
2922         * dfg/DFGGraph.cpp:
2923         (JSC::DFG::Graph::dump):
2924         * dfg/DFGGraph.h:
2925         (JSC::DFG::Graph::addShouldSpeculateMachineInt):
2926         (JSC::DFG::Graph::mulShouldSpeculateMachineInt):
2927         (JSC::DFG::Graph::negateShouldSpeculateMachineInt):
2928         * dfg/DFGInPlaceAbstractState.cpp:
2929         (JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
2930         * dfg/DFGJITCode.cpp:
2931         (JSC::DFG::JITCode::reconstruct):
2932         * dfg/DFGJITCompiler.h:
2933         (JSC::DFG::JITCompiler::noticeOSREntry):
2934         * dfg/DFGMinifiedNode.h:
2935         (JSC::DFG::belongsInMinifiedGraph):
2936         (JSC::DFG::MinifiedNode::hasChild):
2937         * dfg/DFGNode.h:
2938         (JSC::DFG::Node::shouldSpeculateNumber):
2939         (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
2940         (JSC::DFG::Node::canSpeculateInt52):
2941         * dfg/DFGNodeFlags.h:
2942         (JSC::DFG::nodeCanSpeculateInt52):
2943         * dfg/DFGNodeType.h:
2944         (JSC::DFG::permitsOSRBackwardRewiring):
2945         (JSC::DFG::forwardRewiringSelectionScore):
2946         * dfg/DFGOSREntry.cpp:
2947         (JSC::DFG::prepareOSREntry):
2948         * dfg/DFGOSREntry.h:
2949         * dfg/DFGOSRExitCompiler.cpp:
2950         * dfg/DFGOSRExitCompiler64.cpp:
2951         (JSC::DFG::OSRExitCompiler::compileExit):
2952         * dfg/DFGPredictionPropagationPhase.cpp:
2953         (JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPrediction):
2954         (JSC::DFG::PredictionPropagationPhase::propagate):
2955         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
2956         * dfg/DFGSafeToExecute.h:
2957         (JSC::DFG::SafeToExecuteEdge::operator()):
2958         (JSC::DFG::safeToExecute):
2959         * dfg/DFGSilentRegisterSavePlan.h:
2960         * dfg/DFGSpeculativeJIT.cpp:
2961         (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
2962         (JSC::DFG::SpeculativeJIT::silentFill):
2963         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
2964         (JSC::DFG::SpeculativeJIT::compileInlineStart):
2965         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
2966         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
2967         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
2968         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
2969         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
2970         (JSC::DFG::SpeculativeJIT::compileAdd):
2971         (JSC::DFG::SpeculativeJIT::compileArithSub):
2972         (JSC::DFG::SpeculativeJIT::compileArithNegate):
2973         (JSC::DFG::SpeculativeJIT::compileArithMul):
2974         (JSC::DFG::SpeculativeJIT::compare):
2975         (JSC::DFG::SpeculativeJIT::compileStrictEq):
2976         (JSC::DFG::SpeculativeJIT::speculateMachineInt):
2977         (JSC::DFG::SpeculativeJIT::speculateNumber):
2978         (JSC::DFG::SpeculativeJIT::speculateRealNumber):
2979         (JSC::DFG::SpeculativeJIT::speculate):
2980         * dfg/DFGSpeculativeJIT.h:
2981         (JSC::DFG::SpeculativeJIT::canReuse):
2982         (JSC::DFG::SpeculativeJIT::isFilled):
2983         (JSC::DFG::SpeculativeJIT::isFilledDouble):
2984         (JSC::DFG::SpeculativeJIT::use):
2985         (JSC::DFG::SpeculativeJIT::isKnownInteger):
2986         (JSC::DFG::SpeculativeJIT::isKnownCell):
2987         (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
2988         (JSC::DFG::SpeculativeJIT::int52Result):
2989         (JSC::DFG::SpeculativeJIT::strictInt52Result):
2990         (JSC::DFG::SpeculativeJIT::initConstantInfo):
2991         (JSC::DFG::SpeculativeJIT::isInteger):
2992         (JSC::DFG::SpeculativeJIT::betterUseStrictInt52):
2993         (JSC::DFG::SpeculativeJIT::generationInfo):
2994         (JSC::DFG::SpeculateInt52Operand::SpeculateInt52Operand):
2995         (JSC::DFG::SpeculateInt52Operand::~SpeculateInt52Operand):
2996         (JSC::DFG::SpeculateInt52Operand::edge):
2997         (JSC::DFG::SpeculateInt52Operand::node):
2998         (JSC::DFG::SpeculateInt52Operand::gpr):
2999         (JSC::DFG::SpeculateInt52Operand::use):
3000         (JSC::DFG::SpeculateStrictInt52Operand::SpeculateStrictInt52Operand):
3001         (JSC::DFG::SpeculateStrictInt52Operand::~SpeculateStrictInt52Operand):
3002         (JSC::DFG::SpeculateStrictInt52Operand::edge):
3003         (JSC::DFG::SpeculateStrictInt52Operand::node):
3004         (JSC::DFG::SpeculateStrictInt52Operand::gpr):
3005         (JSC::DFG::SpeculateStrictInt52Operand::use):
3006         (JSC::DFG::SpeculateWhicheverInt52Operand::SpeculateWhicheverInt52Operand):
3007         (JSC::DFG::SpeculateWhicheverInt52Operand::~SpeculateWhicheverInt52Operand):
3008         (JSC::DFG::SpeculateWhicheverInt52Operand::edge):
3009         (JSC::DFG::SpeculateWhicheverInt52Operand::node):
3010         (JSC::DFG::SpeculateWhicheverInt52Operand::gpr):
3011         (JSC::DFG::SpeculateWhicheverInt52Operand::use):
3012         (JSC::DFG::SpeculateWhicheverInt52Operand::format):
3013         * dfg/DFGSpeculativeJIT32_64.cpp:
3014         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3015         (JSC::DFG::SpeculativeJIT::compile):
3016         * dfg/DFGSpeculativeJIT64.cpp:
3017         (JSC::DFG::SpeculativeJIT::boxInt52):
3018         (JSC::DFG::SpeculativeJIT::fillJSValue):
3019         (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
3020         (JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
3021         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3022         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
3023         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
3024         (JSC::DFG::SpeculativeJIT::compileInt52Compare):
3025         (JSC::DFG::SpeculativeJIT::compilePeepHoleInt52Branch):
3026         (JSC::DFG::SpeculativeJIT::compile):
3027         * dfg/DFGUseKind.cpp:
3028         (WTF::printInternal):
3029         * dfg/DFGUseKind.h:
3030         (JSC::DFG::typeFilterFor):
3031         (JSC::DFG::isNumerical):
3032         * dfg/DFGValueSource.cpp:
3033         (JSC::DFG::ValueSource::dump):
3034         * dfg/DFGValueSource.h:
3035         (JSC::DFG::dataFormatToValueSourceKind):
3036         (JSC::DFG::valueSourceKindToDataFormat):
3037         (JSC::DFG::ValueSource::forFlushFormat):
3038         (JSC::DFG::ValueSource::valueRecovery):
3039         * dfg/DFGVariableAccessData.h:
3040         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
3041         (JSC::DFG::VariableAccessData::flushFormat):
3042         * ftl/FTLCArgumentGetter.cpp:
3043         (JSC::FTL::CArgumentGetter::loadNextAndBox):
3044         * ftl/FTLCArgumentGetter.h:
3045         * ftl/FTLCapabilities.cpp:
3046         (JSC::FTL::canCompile):
3047         * ftl/FTLExitValue.cpp:
3048         (JSC::FTL::ExitValue::dumpInContext):
3049         * ftl/FTLExitValue.h:
3050         (JSC::FTL::ExitValue::inJSStackAsInt52):
3051         * ftl/FTLIntrinsicRepository.h:
3052         * ftl/FTLLowerDFGToLLVM.cpp:
3053         (JSC::FTL::LowerDFGToLLVM::createPhiVariables):
3054         (JSC::FTL::LowerDFGToLLVM::compileNode):
3055         (JSC::FTL::LowerDFGToLLVM::compileUpsilon):
3056         (JSC::FTL::LowerDFGToLLVM::compilePhi):
3057         (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
3058         (JSC::FTL::LowerDFGToLLVM::compileAdd):
3059         (JSC::FTL::LowerDFGToLLVM::compileArithSub):
3060         (JSC::FTL::LowerDFGToLLVM::compileArithMul):
3061         (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
3062         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
3063         (JSC::FTL::LowerDFGToLLVM::compileCompareEq):
3064         (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
3065         (JSC::FTL::LowerDFGToLLVM::compileCompareLess):
3066         (JSC::FTL::LowerDFGToLLVM::compileCompareLessEq):
3067         (JSC::FTL::LowerDFGToLLVM::compileCompareGreater):
3068         (JSC::FTL::LowerDFGToLLVM::compileCompareGreaterEq):
3069         (JSC::FTL::LowerDFGToLLVM::lowInt32):
3070         (JSC::FTL::LowerDFGToLLVM::lowInt52):
3071         (JSC::FTL::LowerDFGToLLVM::lowStrictInt52):
3072         (JSC::FTL::LowerDFGToLLVM::betterUseStrictInt52):
3073         (JSC::FTL::LowerDFGToLLVM::bestInt52Kind):
3074         (JSC::FTL::LowerDFGToLLVM::opposite):
3075         (JSC::FTL::LowerDFGToLLVM::lowWhicheverInt52):
3076         (JSC::FTL::LowerDFGToLLVM::lowCell):
3077         (JSC::FTL::LowerDFGToLLVM::lowBoolean):
3078         (JSC::FTL::LowerDFGToLLVM::lowDouble):
3079         (JSC::FTL::LowerDFGToLLVM::lowJSValue):
3080         (JSC::FTL::LowerDFGToLLVM::strictInt52ToInt32):
3081         (JSC::FTL::LowerDFGToLLVM::strictInt52ToDouble):
3082         (JSC::FTL::LowerDFGToLLVM::strictInt52ToJSValue):
3083         (JSC::FTL::LowerDFGToLLVM::setInt52WithStrictValue):
3084         (JSC::FTL::LowerDFGToLLVM::strictInt52ToInt52):
3085         (JSC::FTL::LowerDFGToLLVM::int52ToStrictInt52):
3086         (JSC::FTL::LowerDFGToLLVM::speculateRealNumber):
3087         (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
3088         (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
3089         (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
3090         (JSC::FTL::LowerDFGToLLVM::setInt52):
3091         (JSC::FTL::LowerDFGToLLVM::setStrictInt52):
3092         * ftl/FTLOSRExitCompiler.cpp:
3093         (JSC::FTL::compileStub):
3094         * ftl/FTLOutput.h:
3095         (JSC::FTL::Output::addWithOverflow64):
3096         (JSC::FTL::Output::subWithOverflow64):
3097         (JSC::FTL::Output::mulWithOverflow64):
3098         * ftl/FTLValueFormat.cpp:
3099         (WTF::printInternal):
3100         * ftl/FTLValueFormat.h:
3101         * ftl/FTLValueSource.cpp:
3102         (JSC::FTL::ValueSource::dump):
3103         * ftl/FTLValueSource.h:
3104         * interpreter/Register.h:
3105         (JSC::Register::unboxedInt52):
3106         * runtime/Arguments.cpp:
3107         (JSC::Arguments::tearOffForInlineCallFrame):
3108         * runtime/IndexingType.cpp:
3109         (JSC::leastUpperBoundOfIndexingTypeAndType):
3110         * runtime/JSCJSValue.h:
3111         * runtime/JSCJSValueInlines.h:
3112         (JSC::JSValue::isMachineInt):
3113         (JSC::JSValue::asMachineInt):
3114
3115 2013-09-17  Michael Saboff  <msaboff@apple.com>
3116
3117         REGRESSION(r155771): js/stack-overflow-arrity-catch.html is crashing on non-Mac platforms
3118         https://bugs.webkit.org/show_bug.cgi?id=121376
3119
3120         Reviewed by Oliver Hunt.
3121
3122         Fix stack grow() call for stack growing down.  This should catch running out of stack space before
3123         we try to move the frame down due to arity mismatch.
3124
3125         * runtime/CommonSlowPaths.h:
3126         (JSC::CommonSlowPaths::arityCheckFor):
3127
3128 2013-09-18  Andreas Kling  <akling@apple.com>
3129
3130         YARR: Put UCS2 canonicalization tables in read-only memory.
3131         <https://webkit.org/b/121547>
3132
3133         Reviewed by Sam Weinig.
3134
3135         These tables never mutate so mark them const.
3136
3137 2013-09-18  Commit Queue  <commit-queue@webkit.org>
3138
3139         Unreviewed, rolling out r156019 and r156020.
3140         http://trac.webkit.org/changeset/156019
3141         http://trac.webkit.org/changeset/156020
3142         https://bugs.webkit.org/show_bug.cgi?id=121540
3143
3144         Broke tests (Requested by ap on #webkit).
3145
3146         * assembler/MacroAssemblerX86_64.h:
3147         * assembler/X86Assembler.h:
3148         * bytecode/DataFormat.h:
3149         (JSC::dataFormatToString):
3150         * bytecode/ExitKind.cpp:
3151         (JSC::exitKindToString):
3152         * bytecode/ExitKind.h:
3153         * bytecode/OperandsInlines.h:
3154         (JSC::::dumpInContext):
3155         * bytecode/SpeculatedType.cpp:
3156         (JSC::dumpSpeculation):
3157         (JSC::speculationToAbbreviatedString):
3158         (JSC::speculationFromValue):
3159         * bytecode/SpeculatedType.h:
3160         (JSC::isInt32SpeculationForArithmetic):
3161         (JSC::isInt48Speculation):
3162         (JSC::isMachineIntSpeculationForArithmetic):
3163         (JSC::isInt48AsDoubleSpeculation):
3164         (JSC::isRealNumberSpeculation):
3165         (JSC::isNumberSpeculation):
3166         (JSC::isNumberSpeculationExpectingDefined):
3167         * bytecode/ValueRecovery.h:
3168         (JSC::ValueRecovery::inGPR):
3169         (JSC::ValueRecovery::displacedInJSStack):
3170         (JSC::ValueRecovery::isAlreadyInJSStack):
3171         (JSC::ValueRecovery::gpr):
3172         (JSC::ValueRecovery::virtualRegister):
3173         (JSC::ValueRecovery::dumpInContext):
3174         * dfg/DFGAbstractInterpreter.h:
3175         (JSC::DFG::AbstractInterpreter::needsTypeCheck):
3176         (JSC::DFG::AbstractInterpreter::filterByType):
3177         * dfg/DFGAbstractInterpreterInlines.h:
3178         (JSC::DFG::::executeEffects):
3179         * dfg/DFGAbstractValue.cpp:
3180         (JSC::DFG::AbstractValue::set):
3181         (JSC::DFG::AbstractValue::checkConsistency):
3182         * dfg/DFGAbstractValue.h:
3183         (JSC::DFG::AbstractValue::validateType):
3184         * dfg/DFGArrayMode.cpp:
3185         (JSC::DFG::ArrayMode::refine):
3186         * dfg/DFGAssemblyHelpers.h:
3187         (JSC::DFG::AssemblyHelpers::unboxDouble):
3188         * dfg/DFGByteCodeParser.cpp:
3189         (JSC::DFG::ByteCodeParser::makeSafe):
3190         * dfg/DFGCSEPhase.cpp:
3191         (JSC::DFG::CSEPhase::canonicalize):
3192         (JSC::DFG::CSEPhase::pureCSE):
3193         (JSC::DFG::CSEPhase::getByValLoadElimination):
3194         (JSC::DFG::CSEPhase::performNodeCSE):
3195         * dfg/DFGClobberize.h:
3196         (JSC::DFG::clobberize):
3197         * dfg/DFGCommon.h:
3198         * dfg/DFGFixupPhase.cpp:
3199         (JSC::DFG::FixupPhase::run):
3200         (JSC::DFG::FixupPhase::fixupNode):
3201         (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
3202         (JSC::DFG::FixupPhase::observeUseKindOnNode):
3203         (JSC::DFG::FixupPhase::fixEdge):
3204         (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
3205         (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
3206         * dfg/DFGFlushFormat.cpp:
3207         (WTF::printInternal):
3208         * dfg/DFGFlushFormat.h:
3209         (JSC::DFG::resultFor):
3210         (JSC::DFG::useKindFor):
3211         * dfg/DFGGenerationInfo.h:
3212         (JSC::DFG::GenerationInfo::initInt32):
3213         (JSC::DFG::GenerationInfo::fillInt32):
3214         * dfg/DFGGraph.cpp:
3215         (JSC::DFG::Graph::dump):
3216         * dfg/DFGGraph.h:
3217         (JSC::DFG::Graph::addShouldSpeculateMachineInt):
3218         (JSC::DFG::Graph::mulShouldSpeculateMachineInt):
3219         (JSC::DFG::Graph::negateShouldSpeculateMachineInt):
3220         * dfg/DFGInPlaceAbstractState.cpp:
3221         (JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
3222         * dfg/DFGJITCode.cpp:
3223         (JSC::DFG::JITCode::reconstruct):
3224         * dfg/DFGMinifiedNode.h:
3225         (JSC::DFG::belongsInMinifiedGraph):
3226         (JSC::DFG::MinifiedNode::hasChild):
3227         * dfg/DFGNode.h:
3228         (JSC::DFG::Node::shouldSpeculateNumber):
3229         (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
3230         (JSC::DFG::Node::canSpeculateInt48):
3231         * dfg/DFGNodeFlags.h:
3232         (JSC::DFG::nodeCanSpeculateInt48):
3233         * dfg/DFGNodeType.h:
3234         (JSC::DFG::forwardRewiringSelectionScore):
3235         * dfg/DFGOSRExitCompiler.cpp:
3236         (JSC::DFG::shortOperandsDump):
3237         * dfg/DFGOSRExitCompiler64.cpp:
3238         (JSC::DFG::OSRExitCompiler::compileExit):
3239         * dfg/DFGPredictionPropagationPhase.cpp:
3240         (JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPrediction):
3241         (JSC::DFG::PredictionPropagationPhase::propagate):
3242         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
3243         * dfg/DFGSafeToExecute.h:
3244         (JSC::DFG::SafeToExecuteEdge::operator()):
3245         (JSC::DFG::safeToExecute):
3246         * dfg/DFGSilentRegisterSavePlan.h:
3247         * dfg/DFGSpeculativeJIT.cpp:
3248         (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
3249         (JSC::DFG::SpeculativeJIT::silentFill):
3250         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
3251         (JSC::DFG::SpeculativeJIT::compileInlineStart):
3252         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
3253         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
3254         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
3255         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
3256         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
3257         (JSC::DFG::SpeculativeJIT::compileAdd):
3258         (JSC::DFG::SpeculativeJIT::compileArithSub):
3259         (JSC::DFG::SpeculativeJIT::compileArithNegate):
3260         (JSC::DFG::SpeculativeJIT::compileArithMul):
3261         (JSC::DFG::SpeculativeJIT::compare):
3262         (JSC::DFG::SpeculativeJIT::compileStrictEq):
3263         (JSC::DFG::SpeculativeJIT::speculateNumber):
3264         (JSC::DFG::SpeculativeJIT::speculateRealNumber):
3265         (JSC::DFG::SpeculativeJIT::speculate):
3266         * dfg/DFGSpeculativeJIT.h:
3267         (JSC::DFG::SpeculativeJIT::canReuse):
3268         (JSC::DFG::SpeculativeJIT::isFilled):
3269         (JSC::DFG::SpeculativeJIT::isFilledDouble):
3270         (JSC::DFG::SpeculativeJIT::use):
3271         (JSC::DFG::SpeculativeJIT::boxDouble):
3272         (JSC::DFG::SpeculativeJIT::isKnownInteger):
3273         (JSC::DFG::SpeculativeJIT::isKnownCell):
3274         (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
3275         (JSC::DFG::SpeculativeJIT::int32Result):
3276         (JSC::DFG::SpeculativeJIT::initConstantInfo):
3277         (JSC::DFG::SpeculativeJIT::isInteger):
3278         (JSC::DFG::SpeculativeJIT::generationInfoFromVirtualRegister):
3279         * dfg/DFGSpeculativeJIT32_64.cpp:
3280         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3281         (JSC::DFG::SpeculativeJIT::compile):
3282         * dfg/DFGSpeculativeJIT64.cpp:
3283         (JSC::DFG::SpeculativeJIT::fillJSValue):
3284         (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
3285         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3286         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
3287         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
3288         (JSC::DFG::SpeculativeJIT::compile):
3289         * dfg/DFGUseKind.cpp:
3290         (WTF::printInternal):
3291         * dfg/DFGUseKind.h:
3292         (JSC::DFG::typeFilterFor):
3293         (JSC::DFG::isNumerical):
3294         * dfg/DFGValueSource.cpp:
3295         (JSC::DFG::ValueSource::dump):
3296         * dfg/DFGValueSource.h:
3297         (JSC::DFG::dataFormatToValueSourceKind):
3298         (JSC::DFG::valueSourceKindToDataFormat):
3299         (JSC::DFG::ValueSource::forFlushFormat):
3300         (JSC::DFG::ValueSource::valueRecovery):
3301         * dfg/DFGVariableAccessData.h:
3302         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
3303         (JSC::DFG::VariableAccessData::flushFormat):
3304         * ftl/FTLCArgumentGetter.cpp:
3305         (JSC::FTL::CArgumentGetter::loadNextAndBox):
3306         * ftl/FTLCArgumentGetter.h:
3307         * ftl/FTLCapabilities.cpp:
3308         (JSC::FTL::canCompile):
3309         * ftl/FTLExitValue.cpp:
3310         (JSC::FTL::ExitValue::dumpInContext):
3311         * ftl/FTLExitValue.h:
3312         * ftl/FTLIntrinsicRepository.h:
3313         * ftl/FTLLowerDFGToLLVM.cpp:
3314         (JSC::FTL::LowerDFGToLLVM::createPhiVariables):
3315         (JSC::FTL::LowerDFGToLLVM::compileNode):
3316         (JSC::FTL::LowerDFGToLLVM::compileUpsilon):
3317         (JSC::FTL::LowerDFGToLLVM::compilePhi):
3318         (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
3319         (JSC::FTL::LowerDFGToLLVM::compileAdd):
3320         (JSC::FTL::LowerDFGToLLVM::compileArithSub):
3321         (JSC::FTL::LowerDFGToLLVM::compileArithMul):
3322         (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
3323         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
3324         (JSC::FTL::LowerDFGToLLVM::compileCompareEq):
3325         (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
3326         (JSC::FTL::LowerDFGToLLVM::compileCompareLess):
3327         (JSC::FTL::LowerDFGToLLVM::compileCompareLessEq):
3328         (JSC::FTL::LowerDFGToLLVM::compileCompareGreater):
3329         (JSC::FTL::LowerDFGToLLVM::compileCompareGreaterEq):
3330         (JSC::FTL::LowerDFGToLLVM::lowInt32):
3331         (JSC::FTL::LowerDFGToLLVM::lowCell):
3332         (JSC::FTL::LowerDFGToLLVM::lowBoolean):
3333         (JSC::FTL::LowerDFGToLLVM::lowDouble):
3334         (JSC::FTL::LowerDFGToLLVM::lowJSValue):
3335         (JSC::FTL::LowerDFGToLLVM::speculateRealNumber):
3336         (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
3337         (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
3338         (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
3339         (JSC::FTL::LowerDFGToLLVM::setInt32):
3340         * ftl/FTLOSRExitCompiler.cpp:
3341         (JSC::FTL::compileStub):
3342         * ftl/FTLOutput.h:
3343         (JSC::FTL::Output::mulWithOverflow32):
3344         * ftl/FTLValueFormat.cpp:
3345         (WTF::printInternal):
3346         * ftl/FTLValueFormat.h:
3347         * ftl/FTLValueSource.cpp:
3348         (JSC::FTL::ValueSource::dump):
3349         * ftl/FTLValueSource.h:
3350         * interpreter/Register.h:
3351         * runtime/Arguments.cpp:
3352         (JSC::Arguments::tearOffForInlineCallFrame):
3353         * runtime/IndexingType.cpp:
3354         (JSC::leastUpperBoundOfIndexingTypeAndType):
3355         * runtime/JSCJSValue.h:
3356         * runtime/JSCJSValueInlines.h:
3357
3358 2013-09-17  Filip Pizlo  <fpizlo@apple.com>
3359
3360         Unreviewed, fix 32-bit build.
3361
3362         * runtime/JSCJSValue.h:
3363
3364 2013-09-16  Filip Pizlo  <fpizlo@apple.com>
3365
3366         DFG should support Int52 for local variables
3367         https://bugs.webkit.org/show_bug.cgi?id=121064
3368
3369         Reviewed by Oliver Hunt.
3370         
3371         This adds Int52 support for local variables to the DFG and FTL. It's a speed-up on
3372         programs that have local int32 overflows but where a larger int representation can
3373         prevent us from having to convert all the way up to double.
3374         
3375         It's a small speed-up for now. But we're just supporting Int52 for a handful of
3376         operations (add, sub, mul, neg, compare, bitops, typed array access) and this lays
3377         the groundwork for adding Int52 to JSValue, which will probably be a bigger
3378         speed-up.
3379         
3380         The basic approach is:
3381         
3382         - We have a notion of Int52 in our typesystem. Int52 doesn't belong to BytecodeTop
3383           or HeapTop - i.e. it doesn't arise from JSValues.
3384         
3385         - DFG treats Int52 as being part of its FullTop and will treat it as being a
3386           subtype of double unless instructed otherwise.
3387         
3388         - Prediction propagator creates Int52s whenever we have a node going doubly but due
3389           to large values rather than fractional values, and that node is known to be able
3390           to produce Int52 natively in the DFG backend.
3391         
3392         - Fixup phase converts edges to MachineIntUses in nodes that are known to be able
3393           to deal with Int52, and where we have a subtype of Int32|Int52 as the predicted
3394           input.
3395         
3396         - The DFG backend and FTL LLVM IR lowering have two notions of Int52s - ones that
3397           are left-shifted by 16 (great for overflow checks) and ones that are
3398           sign-extended. Both backends know how to convert between Int52s and the other
3399           representations.
3400
3401         * assembler/MacroAssemblerX86_64.h:
3402         (JSC::MacroAssemblerX86_64::rshift64):
3403         (JSC::MacroAssemblerX86_64::mul64):
3404         (JSC::MacroAssemblerX86_64::branchMul64):
3405         (JSC::MacroAssemblerX86_64::branchNeg64):
3406         (JSC::MacroAssemblerX86_64::convertInt64ToDouble):
3407         * assembler/X86Assembler.h:
3408         (JSC::X86Assembler::imulq_rr):
3409         (JSC::X86Assembler::cvtsi2sdq_rr):
3410         * bytecode/DataFormat.h:
3411         (JSC::dataFormatToString):
3412         * bytecode/OperandsInlines.h:
3413         (JSC::::dumpInContext):
3414         * bytecode/SpeculatedType.cpp:
3415         (JSC::dumpSpeculation):
3416         (JSC::speculationToAbbreviatedString):
3417         (JSC::speculationFromValue):