<rdar://problem/15114974> Assertion failure under -[JSObjCClassInfo allocateConstruct...
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-09-30  Dan Bernstein  <mitz@apple.com>
2
3         <rdar://problem/15114974> Assertion failure under -[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:] if no classes conform to JSExport
4         https://bugs.webkit.org/show_bug.cgi?id=122124
5
6         Reviewed by Darin Adler.
7
8         * API/JSWrapperMap.mm: Defined an empty class that conforms to the JSExport protocol, to
9         ensure that the protocol is always registered with the runtime by the time
10         getJSExportProtocol() is called.
11
12 2013-09-30  Benjamin Poulain  <benjamin@webkit.org>
13
14         Remove the code guarded by STYLE_SCOPED
15         https://bugs.webkit.org/show_bug.cgi?id=122123
16
17         Reviewed by Anders Carlsson.
18
19         * Configurations/FeatureDefines.xcconfig:
20
21 2013-09-30  Andreas Kling  <akling@apple.com>
22
23         Pass VM instead of ExecState to ObjectPrototype constructor.
24         <https://webkit.org/b/122116>
25
26         Reviewed by Geoffrey Garen.
27
28         The ObjectPrototype constructor was only using the ExecState to get
29         to the VM.
30
31 2013-09-30  Andreas Kling  <akling@apple.com>
32
33         Pass VM instead of JSGlobalObject to MathObject constructor.
34         <https://webkit.org/b/122119>
35
36         Reviewed by Geoffrey Garen.
37
38         The MathObject constructor was only using the global object to get
39         to the VM. finishCreation() still uses it to set up functions.
40
41 2013-09-30  Filip Pizlo  <fpizlo@apple.com>
42
43         Get rid of the AlreadyInJSStack recoveries since they are totally redundant with the DisplacedInJSStack recoveries
44         https://bugs.webkit.org/show_bug.cgi?id=122065
45
46         Reviewed by Mark Hahnenberg.
47         
48         This mostly just kills a bunch of code.
49         
50         But incidentaly while killing that code, I uncovered a bug in our FTL OSR entrypoint
51         creation phase. The phase inserts a sequence of SetLocal(ExtractOSREntryLocal) nodes.
52         If we hoist some type check into the local, then we might inject a conversion node
53         between the ExtractOSREntryLocal and the SetLocal - for example we might put in a
54         Int32ToDouble node. But currently the FixupPhase will make all conversion nodes placed
55         on an edge of a SetLocal use forward exit. This then confuses the OSR exit machinery.
56         When OSR exit sees a forward exit, it tries to "roll forward" execution from the exiting
57         node to the first node that has a different CodeOrigin. This only works if the nodes
58         after the forward exit are MovHints or other tnings that the OSR exit compiler can
59         forward-execute. But here, it will see a bunch of SetLocal and ExtractOSREntryLocal
60         nodes for the same bytecode index. Two possible solutions exist. We could teach the
61         forward-execution logic how to deal with multiple SetLocals and ExtractOSREntryLocals.
62         This would be a lot of complexity; right now it just needs to deal with exactly one
63         SetLocal-like operation. The alternative is to make sure that the conversion node that
64         we inject ends up exiting *backward* rather than forward.
65         
66         But making the conversion nodes exit backward is somewhat tricky. Before this patch,
67         conversion nodes always exit forward for SetLocals and backwards otherwise. It turns out
68         that the solution is to rationalize how we choose the speculation direciton for a
69         conversion node. The conversion node's speculation direction should be the same as the
70         speculation direction of the node for which it is doing a conversion. Since SetLocal's
71         already exit forward by default, this policy preserves our previous behavior. But it
72         also allows the OSR entrypoint creation phase to make its SetLocals exit backward
73         instead.
74         
75         Of course, if the SetLocal(ExtractOSREntryLocal) sequences exit backward, then we need
76         to make sure that the OSR exit machine knows that the local variables are indeed live.
77         Consider that if we have:
78         
79             a: ExtractOSREntryLocal(loc1)
80             b: SetLocal(@a, loc1)
81             c: ExtractOSRentryLocal(loc2)
82             d: SetLocal(@c, loc2)
83         
84         Without additional magic, the exit at @b will think that loc2 is dead and the OSR exit
85         compiler will clobber loc2 with Undefined. So we need to make sure that we actually
86         emit code like:
87         
88             a: ExtractOSREntryLocal(loc1)
89             b: ExtractOSREntryLocal(loc2)
90             c: SetLocal(@a, loc1)
91             d: SetLocal(@b, loc2)
92             e: SetLocal(@a, loc1)
93             f: SetLocal(@b, loc2)
94
95         * CMakeLists.txt:
96         * GNUmakefile.list.am:
97         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
98         * JavaScriptCore.xcodeproj/project.pbxproj:
99         * Target.pri:
100         * bytecode/CodeOrigin.h:
101         * bytecode/ValueRecovery.cpp: Added.
102         (JSC::ValueRecovery::recover):
103         (JSC::ValueRecovery::dumpInContext):
104         (JSC::ValueRecovery::dump):
105         * bytecode/ValueRecovery.h:
106         * dfg/DFGFixupPhase.cpp:
107         (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
108         (JSC::DFG::FixupPhase::fixEdge):
109         * dfg/DFGJITCode.cpp:
110         (JSC::DFG::JITCode::reconstruct):
111         * dfg/DFGNode.h:
112         (JSC::DFG::Node::speculationDirection):
113         (JSC::DFG::Node::setSpeculationDirection):
114         * dfg/DFGOSREntrypointCreationPhase.cpp:
115         (JSC::DFG::OSREntrypointCreationPhase::run):
116         * dfg/DFGOSRExitCompiler32_64.cpp:
117         (JSC::DFG::OSRExitCompiler::compileExit):
118         * dfg/DFGOSRExitCompiler64.cpp:
119         (JSC::DFG::OSRExitCompiler::compileExit):
120         * dfg/DFGSpeculativeJIT.cpp:
121         (JSC::DFG::SpeculativeJIT::compileInlineStart):
122         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
123         * dfg/DFGSpeculativeJIT.h:
124         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
125         * dfg/DFGValueSource.h:
126         (JSC::DFG::ValueSource::valueRecovery):
127         * dfg/DFGVariableEventStream.cpp:
128         (JSC::DFG::VariableEventStream::reconstruct):
129         * ftl/FTLLowerDFGToLLVM.cpp:
130         (JSC::FTL::LowerDFGToLLVM::speculate):
131         (JSC::FTL::LowerDFGToLLVM::speculateMachineInt):
132         * interpreter/Register.h:
133         (JSC::Register::unboxedStrictInt52):
134         * runtime/Arguments.cpp:
135         (JSC::Arguments::tearOff):
136         * runtime/Arguments.h:
137
138 2013-09-30  Alex Christensen  <alex.christensen@flexsim.com>
139
140         Win64 compile fix after r1256490.
141         https://bugs.webkit.org/show_bug.cgi?id=122117
142
143         Reviewed by Michael Saboff.
144
145         * jit/JITStubsMSVC64.asm:
146         Implemented getHostCallReturnValue for Windows x86_64 processors.
147
148 2013-09-30  Andreas Kling  <akling@apple.com>
149
150         Pass VM instead of JSGlobalObject to RegExp constructor.
151         <https://webkit.org/b/122113>
152
153         Reviewed by Darin Adler.
154
155         RegExps don't need anything from the global object during their
156         construction and only use it to get to the VM. Reduce loads by
157         simply passing the VM around instead.
158
159         JSC release binary size -= 120 bytes(!)
160
161 2013-09-30  Patrick Gansterer  <paroga@webkit.org>
162
163         Fix compilation for COMPILER(MSVC) && !CPU(X86) after r156490.
164         https://bugs.webkit.org/show_bug.cgi?id=122102
165
166         Reviewed by Geoffrey Garen.
167
168         _AddressOfReturnAddress() is supported for all platforms of
169         ths Microsoft compiler, so we can use it for !CPU(X86) too.
170
171         * jit/JITOperationWrappers.h:
172
173 2013-09-30  Gabor Rapcsanyi  <rgabor@webkit.org>
174
175         Unreviewed. Build fix for DEBUG_VERBOSE mode after r156511.
176
177         * dfg/DFGSpeculativeJIT.cpp:
178         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
179
180 2013-09-30  Gabor Rapcsanyi  <rgabor@webkit.org>
181
182         Unreviewed. Speculative build fix on ARMv7 Thumb2 after r156490.
183
184         * dfg/DFGSpeculativeJIT.cpp:
185         (JSC::DFG::fmodAsDFGOperation):
186
187 2013-09-29  Nadav Rotem  <nrotem@apple.com>
188
189         FTL: refactor compileAdd and compileArithSub into one function.
190         https://bugs.webkit.org/show_bug.cgi?id=122081
191
192         Reviewed by Geoffrey Garen.
193
194         * ftl/FTLLowerDFGToLLVM.cpp:
195         (JSC::FTL::LowerDFGToLLVM::compileNode):
196         (JSC::FTL::LowerDFGToLLVM::compileAddSub):
197
198 2013-09-29  Andreas Kling  <akling@apple.com>
199
200         Pass VM instead of JSGlobalObject to function constructors.
201         <https://webkit.org/b/122082>
202
203         Reviewed by Darin Adler.
204
205         Functions don't need anything from the global object during their
206         construction and only use it to get to the VM. Reduce loads by
207         simply passing the VM around instead.
208
209         This patch is mostly mechanical, I just changed the signature of
210         InternalFunction and worked my way from there until it built.
211
212         JSC release binary size -= 4840 bytes.
213
214 2013-09-29  Andreas Kling  <akling@apple.com>
215
216         Pass VM instead of JSGlobalObject to ArrayPrototype constructor.
217         <https://webkit.org/b/122079>
218
219         Reviewed by Geoffrey Garen.
220
221         ArrayPrototype doesn't need the global object for anything during
222         construction, so reduce the amount of loads by just passing the VM.
223
224 2013-09-29  Andreas Kling  <akling@apple.com>
225
226         Pass VM instead of ExecState to simple builtin constructors.
227         <https://webkit.org/b/122077>
228
229         Reviewed by Sam Weinig.
230
231         None of the simple builtins need the ExecState for anything during
232         their construction, so reduce the amount of loads by just passing
233         the VM around instead.
234
235 2013-09-29  Nadav Rotem  <nrotem@apple.com>
236
237         Refactor code for finding x86 scratch register.
238         https://bugs.webkit.org/show_bug.cgi?id=122072
239
240         Reviewed by Geoffrey Garen.
241
242         * assembler/MacroAssemblerX86Common.h:
243         (JSC::MacroAssemblerX86Common::getUnusedRegister):
244         (JSC::MacroAssemblerX86Common::store8):
245         (JSC::MacroAssemblerX86Common::store16):
246
247 2013-09-28  Mark Rowe  <mrowe@apple.com>
248
249         Take Xcode's advice and enable some extra warnings.
250
251         Reviewed by Sam Weinig.
252
253         * Configurations/Base.xcconfig:
254         * JavaScriptCore.xcodeproj/project.pbxproj:
255
256 2013-09-28  Andreas Kling  <akling@apple.com>
257
258         Pass VM instead of ExecState to JSFunction constructors.
259         <https://webkit.org/b/122014>
260
261         Reviewed by Geoffrey Garen.
262
263         JSFunction doesn't need the ExecState for anything during its
264         construction, so reduce the amount of loads by just passing the
265         VM around instead.
266
267         Factored out putDirectNonIndexAccessor() from the existing
268         putDirectAccessor() to avoid snowballing the patch (and because
269         it's kinda neat to avoid the extra branch.)
270
271         JSC release binary size -= 9680 bytes.
272
273 2013-09-28  Mark Rowe  <mrowe@apple.com>
274
275         JavaScriptCore fails to build with newer versions of clang.
276
277         Reviewed by Sam Weinig.
278
279         * interpreter/Interpreter.cpp: Remove an unused function.
280         * parser/SourceProvider.cpp: Ditto.
281         * runtime/GCActivityCallback.cpp: #if a constant that's only used on non-CF platforms.
282         * runtime/JSCJSValue.cpp: Remove an unused constant.
283         * runtime/JSString.cpp: Ditto.
284
285 2013-09-27  Filip Pizlo  <fpizlo@apple.com>
286
287         Get rid of SetMyScope/SetCallee; use normal variables for the scope and callee of inlined call frames of closures
288         https://bugs.webkit.org/show_bug.cgi?id=122047
289
290         Reviewed by Oliver Hunt.
291         
292         Currently we have the DFG reserve space for inline call frames at exactly the same stack
293         offsets that you would have gotten if the baseline interpreter/JIT had made the calls.
294         We need to get rid of that. One of the weirder parts of this is that we have special DFG
295         operations for accessing these inlined call frame headers. It's really hard for any
296         analysis of DFG IR to see what the liveness of any of those frame header "variables" is;
297         the liveness behaves like flushed arguments (it's all live until end of the inlinee) but
298         we don't have anything like a Flush node for those special variables.
299         
300         This patch gets rid of the special operations for accessing inline call frame headers.
301         GetMyScope and GetCallee still remain, and are only for accessing the machine call
302         frame's scope/callee entries. The inline call frame's scope/callee now behave like
303         normal variables, and have Flush behavior just like inline arguments.
304
305         * dfg/DFGAbstractInterpreterInlines.h:
306         (JSC::DFG::::executeEffects):
307         * dfg/DFGByteCodeParser.cpp:
308         (JSC::DFG::ByteCodeParser::getDirect):
309         (JSC::DFG::ByteCodeParser::get):
310         (JSC::DFG::ByteCodeParser::setDirect):
311         (JSC::DFG::ByteCodeParser::set):
312         (JSC::DFG::ByteCodeParser::setLocal):
313         (JSC::DFG::ByteCodeParser::setArgument):
314         (JSC::DFG::ByteCodeParser::flush):
315         (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
316         (JSC::DFG::ByteCodeParser::handleInlining):
317         (JSC::DFG::ByteCodeParser::getScope):
318         * dfg/DFGCSEPhase.cpp:
319         (JSC::DFG::CSEPhase::getCalleeLoadElimination):
320         (JSC::DFG::CSEPhase::getMyScopeLoadElimination):
321         (JSC::DFG::CSEPhase::performNodeCSE):
322         * dfg/DFGClobberize.h:
323         (JSC::DFG::clobberize):
324         * dfg/DFGFixupPhase.cpp:
325         (JSC::DFG::FixupPhase::fixupNode):
326         * dfg/DFGNodeType.h:
327         * dfg/DFGPredictionPropagationPhase.cpp:
328         (JSC::DFG::PredictionPropagationPhase::propagate):
329         * dfg/DFGSafeToExecute.h:
330         (JSC::DFG::safeToExecute):
331         * dfg/DFGSpeculativeJIT32_64.cpp:
332         (JSC::DFG::SpeculativeJIT::compile):
333         * dfg/DFGSpeculativeJIT64.cpp:
334         (JSC::DFG::SpeculativeJIT::compile):
335
336 2013-09-27  Filip Pizlo  <fpizlo@apple.com>
337
338         Deoptimize 32-bit deoptimization
339         https://bugs.webkit.org/show_bug.cgi?id=122025
340
341         Reviewed by Oliver Hunt.
342         
343         Just simplifying a bunch of code. I don't want the old, super-complicated,
344         deoptimization code to get in the way of changes I'll be making to DFG stack layout.
345
346         * bytecode/ValueRecovery.h:
347         (JSC::ValueRecovery::inGPR):
348         (JSC::ValueRecovery::isInRegisters):
349         (JSC::ValueRecovery::gpr):
350         (JSC::ValueRecovery::dumpInContext):
351         * dfg/DFGOSRExitCompiler32_64.cpp:
352         (JSC::DFG::OSRExitCompiler::compileExit):
353         * dfg/DFGOSRExitCompiler64.cpp:
354         (JSC::DFG::OSRExitCompiler::compileExit):
355
356 2013-09-27  Alex Christensen  <alex.christensen@flexsim.com>
357
358         Fixed Win64 build after r156184.
359         https://bugs.webkit.org/show_bug.cgi?id=121994
360
361         Reviewed by Oliver Hunt.
362
363         * jit/CCallHelpers.h:
364         (JSC::CCallHelpers::setupTwoStubArgsGPR):
365         (JSC::CCallHelpers::setupTwoStubArgsFPR):
366         Renamed from setupTwoStubArgs.
367         Visual Studio x64 compiler fails to see that this is an overloaded template function.
368         (JSC::CCallHelpers::setupStubArguments):
369         (JSC::CCallHelpers::setupArguments):
370         (JSC::CCallHelpers::setupArgumentsWithExecState):
371         Use setupTwoStubArgsGPR or setupTwoStubArgsFPR instead of setupTwoStubArgs.
372
373 2013-09-27  Gabor Rapcsanyi  <rgabor@webkit.org>
374
375         LLInt alignment problem on ARM in debug mode
376         https://bugs.webkit.org/show_bug.cgi?id=122012
377
378         Reviewed by Michael Saboff.
379
380         Force GCC to put the LLInt code to .text section.
381
382         * llint/LowLevelInterpreter.cpp:
383
384 2013-09-06  Jer Noble  <jer.noble@apple.com>
385
386         [Mac] Implement the media controls in JavaScript.
387         https://bugs.webkit.org/show_bug.cgi?id=120895
388
389         Reviewed by Dean Jackson.
390
391         Define and turn on ENABLE_MEDIA_CONTROLS_SCRIPT.
392
393         * Configurations/FeatureDefines.xcconfig:
394
395 2013-09-27  Andreas Kling  <akling@apple.com>
396
397         Pass VM instead of ExecState to JSDateMath functions.
398         <https://webkit.org/b/121997>
399
400         Reviewed by Geoffrey Garen.
401
402         The JSC date math functions only need the VM, so pass that from
403         callers instead of the whole ExecState.
404
405 2013-09-26  Andreas Kling  <akling@apple.com>
406
407         GetterSetter construction should take a VM instead of ExecState.
408         <https://webkit.org/b/121993>
409
410         Reviewed by Sam Weinig.
411
412         Pass VM& instead of ExecState* to GetterSetter. Updated surrounding
413         code at touched sites to cache VM in a local for fewer loads.
414
415         JSC release binary size -= 4120 bytes.
416
417 2013-09-26  Oliver Hunt  <oliver@apple.com>
418
419         Make GCC happy
420
421         * parser/Parser.h:
422
423 2013-09-25  Oliver Hunt  <oliver@apple.com>
424
425         Implement prefixed-destructuring assignment
426         https://bugs.webkit.org/show_bug.cgi?id=121930
427
428         Reviewed by Mark Hahnenberg.
429
430         Relanding with fix after rollout
431
432 2013-09-26  Michael Saboff  <msaboff@apple.com>
433
434         VirtualRegister should be a class
435         https://bugs.webkit.org/show_bug.cgi?id=121732
436
437         Reviewed by Geoffrey Garen.
438
439         This is a refactoring change.  Changed VirtualRegister from an enum to a class.
440         Moved Operands::operandIsArgument(), operandToArgument(), argumentToOperand()
441         and the similar functions for locals to VirtualRegister class.
442
443         This is in preparation for changing the offset for the first local register from
444         0 to -1.  This is needed since most native calling conventions have the architected
445         frame pointer (e.g. %rbp for X86) point at the slot that stores the previous frame
446         pointer.  Local values start below that address.
447
448         * bytecode/CodeBlock.cpp:
449         * bytecode/CodeBlock.h:
450         * bytecode/Instruction.h:
451         * bytecode/LazyOperandValueProfile.h:
452         * bytecode/MethodOfGettingAValueProfile.cpp:
453         * bytecode/Operands.h:
454         * bytecode/UnlinkedCodeBlock.cpp:
455         * bytecode/UnlinkedCodeBlock.h:
456         * bytecode/ValueRecovery.h:
457         * bytecode/VirtualRegister.h:
458         * bytecompiler/BytecodeGenerator.cpp:
459         * bytecompiler/BytecodeGenerator.h:
460         * bytecompiler/RegisterID.h:
461         * debugger/DebuggerCallFrame.cpp:
462         * dfg/DFGAbstractHeap.h:
463         * dfg/DFGAbstractInterpreterInlines.h:
464         * dfg/DFGArgumentPosition.h:
465         * dfg/DFGArgumentsSimplificationPhase.cpp:
466         * dfg/DFGByteCodeParser.cpp:
467         * dfg/DFGCFGSimplificationPhase.cpp:
468         * dfg/DFGCPSRethreadingPhase.cpp:
469         * dfg/DFGCapabilities.cpp:
470         * dfg/DFGConstantFoldingPhase.cpp:
471         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
472         * dfg/DFGGraph.cpp:
473         * dfg/DFGGraph.h:
474         * dfg/DFGJITCode.cpp:
475         * dfg/DFGNode.h:
476         * dfg/DFGOSREntry.cpp:
477         * dfg/DFGOSREntrypointCreationPhase.cpp:
478         * dfg/DFGOSRExit.h:
479         * dfg/DFGOSRExitCompiler32_64.cpp:
480         * dfg/DFGOSRExitCompiler64.cpp:
481         * dfg/DFGRegisterBank.h:
482         * dfg/DFGScoreBoard.h:
483         * dfg/DFGSpeculativeJIT.cpp:
484         * dfg/DFGSpeculativeJIT.h:
485         * dfg/DFGSpeculativeJIT32_64.cpp:
486         * dfg/DFGSpeculativeJIT64.cpp:
487         * dfg/DFGValidate.cpp:
488         * dfg/DFGValueRecoveryOverride.h:
489         * dfg/DFGVariableAccessData.h:
490         * dfg/DFGVariableEvent.h:
491         * dfg/DFGVariableEventStream.cpp:
492         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
493         * ftl/FTLExitArgumentForOperand.h:
494         * ftl/FTLLink.cpp:
495         * ftl/FTLLowerDFGToLLVM.cpp:
496         * ftl/FTLOSREntry.cpp:
497         * ftl/FTLOSRExit.cpp:
498         * ftl/FTLOSRExit.h:
499         * ftl/FTLOSRExitCompiler.cpp:
500         * interpreter/CallFrame.h:
501         * interpreter/Interpreter.cpp:
502         * jit/AssemblyHelpers.h:
503         * jit/JIT.h:
504         * jit/JITCall.cpp:
505         * jit/JITCall32_64.cpp:
506         * jit/JITInlines.h:
507         * jit/JITOpcodes.cpp:
508         * jit/JITOpcodes32_64.cpp:
509         * jit/JITPropertyAccess32_64.cpp:
510         * jit/JITStubs.cpp:
511         * llint/LLIntSlowPaths.cpp:
512         * profiler/ProfilerBytecodeSequence.cpp:
513         * runtime/CommonSlowPaths.cpp:
514         * runtime/JSActivation.cpp:
515
516 2013-09-26  Anders Carlsson  <andersca@apple.com>
517
518         Work around another MSVC bug.
519
520         * runtime/PrototypeMap.cpp:
521         (JSC::PrototypeMap::emptyObjectStructureForPrototype):
522
523 2013-09-26  Anders Carlsson  <andersca@apple.com>
524
525         Attempt to fix the FTL build.
526
527         * ftl/FTLAbstractHeap.cpp:
528         (JSC::FTL::IndexedAbstractHeap::atSlow):
529
530 2013-09-26  Andreas Kling  <akling@apple.com>
531
532         Pass VM instead of ExecState to many finishCreation() functions.
533         <https://webkit.org/b/121975>
534
535         Reviewed by Sam Weinig.
536
537         Reduce unnecessary loads by passing the VM to object creation
538         functions that don't need the ExecState.
539
540         There are tons of opportunities in this area, I'm just scratching
541         the surface.
542
543 2013-09-26  Commit Queue  <commit-queue@webkit.org>
544
545         Unreviewed, rolling out r156464 and r156480.
546         http://trac.webkit.org/changeset/156464
547         http://trac.webkit.org/changeset/156480
548         https://bugs.webkit.org/show_bug.cgi?id=121981
549
550         Leaking too much and killi\1cng buildbot. (Requested by xenon on
551         #webkit).
552
553         * bytecode/UnlinkedCodeBlock.cpp:
554         (JSC::UnlinkedFunctionExecutable::paramString):
555         * bytecompiler/BytecodeGenerator.cpp:
556         (JSC::BytecodeGenerator::BytecodeGenerator):
557         * bytecompiler/BytecodeGenerator.h:
558         (JSC::BytecodeGenerator::emitExpressionInfo):
559         * bytecompiler/NodesCodegen.cpp:
560         (JSC::ForInNode::emitBytecode):
561         (JSC::FuncExprNode::emitBytecode):
562         * parser/ASTBuilder.h:
563         (JSC::ASTBuilder::createFormalParameterList):
564         (JSC::ASTBuilder::createForInLoop):
565         (JSC::ASTBuilder::addVar):
566         * parser/NodeConstructors.h:
567         (JSC::CommaNode::CommaNode):
568         (JSC::ParameterNode::ParameterNode):
569         (JSC::ForInNode::ForInNode):
570         * parser/Nodes.cpp:
571         (JSC::FunctionParameters::create):
572         (JSC::FunctionParameters::FunctionParameters):
573         (JSC::FunctionParameters::~FunctionParameters):
574         * parser/Nodes.h:
575         (JSC::CommaNode::append):
576         (JSC::ParameterNode::ident):
577         (JSC::FunctionParameters::at):
578         (JSC::FunctionParameters::identifiers):
579         * parser/Parser.cpp:
580         (JSC::::Parser):
581         (JSC::::parseVarDeclaration):
582         (JSC::::parseVarDeclarationList):
583         (JSC::::parseForStatement):
584         (JSC::::parseFormalParameters):
585         (JSC::::parseAssignmentExpression):
586         * parser/Parser.h:
587         (JSC::Scope::declareParameter):
588         * parser/SyntaxChecker.h:
589         (JSC::SyntaxChecker::createFormalParameterList):
590         (JSC::SyntaxChecker::createForInLoop):
591         (JSC::SyntaxChecker::operatorStackPop):
592         * runtime/JSONObject.cpp:
593         * runtime/JSONObject.h:
594
595 2013-09-26  Anders Carlsson  <andersca@apple.com>
596
597         Try to fix the Windows build.
598
599         * jit/JITThunks.cpp:
600         (JSC::JITThunks::hostFunctionStub):
601         * jit/JITThunks.h:
602
603 2013-09-26  Anders Carlsson  <andersca@apple.com>
604
605         Change a couple of HashMap value types from OwnPtr to std::unique_ptr
606         https://bugs.webkit.org/show_bug.cgi?id=121973
607
608         Reviewed by Andreas Kling.
609
610         * API/JSClassRef.cpp:
611         (OpaqueJSClassContextData::OpaqueJSClassContextData):
612         (OpaqueJSClass::contextData):
613         * API/JSClassRef.h:
614         * bytecode/SamplingTool.h:
615         * ftl/FTLAbstractHeap.h:
616         * parser/Parser.cpp:
617         (JSC::::parseFunctionInfo):
618         * parser/SourceProviderCache.cpp:
619         (JSC::SourceProviderCache::add):
620         * parser/SourceProviderCache.h:
621         * parser/SourceProviderCacheItem.h:
622         (JSC::SourceProviderCacheItem::create):
623         * profiler/ProfilerCompilation.cpp:
624         (JSC::Profiler::Compilation::executionCounterFor):
625         (JSC::Profiler::Compilation::toJS):
626         * profiler/ProfilerCompilation.h:
627         * runtime/JSGlobalObject.h:
628
629 2013-09-26  Mark Lam  <mark.lam@apple.com>
630
631         Move DFG inline caching logic into jit/.
632         https://bugs.webkit.org/show_bug.cgi?id=121749.
633
634         Reviewed by Geoffrey Garen.
635
636         Relanding http://trac.webkit.org/changeset/156235 after rebasing to latest
637         revision and fixing build breakages on Windows.
638
639         * CMakeLists.txt:
640         * GNUmakefile.list.am:
641         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
642         * JavaScriptCore.xcodeproj/project.pbxproj:
643         * Target.pri:
644         * bytecode/CallLinkInfo.cpp:
645         (JSC::CallLinkInfo::unlink):
646         * bytecode/CodeBlock.cpp:
647         (JSC::CodeBlock::resetStubInternal):
648         * bytecode/StructureStubInfo.h:
649         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
650         (JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
651         (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
652         * dfg/DFGJITCompiler.h:
653         * dfg/DFGOSRExitCompiler.h:
654         * dfg/DFGOperations.cpp:
655         (JSC::DFG::operationPutByValInternal):
656         * dfg/DFGOperations.h:
657         (JSC::DFG::operationNewTypedArrayWithSizeForType):
658         (JSC::DFG::operationNewTypedArrayWithOneArgumentForType):
659         * dfg/DFGRegisterSet.h: Removed.
660         * dfg/DFGRepatch.cpp: Removed.
661         * dfg/DFGRepatch.h: Removed.
662         * dfg/DFGScratchRegisterAllocator.h: Removed.
663         * dfg/DFGSpeculativeJIT.cpp:
664         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
665         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
666         (JSC::DFG::SpeculativeJIT::compare):
667         * dfg/DFGSpeculativeJIT.h:
668         (JSC::DFG::SpeculativeJIT::callOperation):
669         * dfg/DFGSpeculativeJIT32_64.cpp:
670         (JSC::DFG::SpeculativeJIT::cachedPutById):
671         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
672         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
673         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
674         (JSC::DFG::SpeculativeJIT::compile):
675         * dfg/DFGSpeculativeJIT64.cpp:
676         (JSC::DFG::SpeculativeJIT::cachedPutById):
677         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
678         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
679         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
680         (JSC::DFG::SpeculativeJIT::compile):
681         * dfg/DFGThunks.cpp:
682         * dfg/DFGThunks.h:
683         * ftl/FTLIntrinsicRepository.h:
684         * ftl/FTLLowerDFGToLLVM.cpp:
685         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
686         * ftl/FTLOSRExitCompiler.h:
687         * jit/AssemblyHelpers.h:
688         (JSC::AssemblyHelpers::writeBarrier):
689         * jit/JIT.cpp:
690         (JSC::JIT::linkFor):
691         (JSC::JIT::linkSlowCall):
692         * jit/JITCall.cpp:
693         (JSC::JIT::compileCallEvalSlowCase):
694         (JSC::JIT::compileOpCallSlowCase):
695         (JSC::JIT::privateCompileClosureCall):
696         * jit/JITCall32_64.cpp:
697         (JSC::JIT::compileCallEvalSlowCase):
698         (JSC::JIT::compileOpCallSlowCase):
699         (JSC::JIT::privateCompileClosureCall):
700         * jit/JITOperationWrappers.h: Copied from Source/JavaScriptCore/jit/JITOperationWrappers.h.
701         * jit/JITOperations.cpp: Copied from Source/JavaScriptCore/jit/JITOperations.cpp.
702         (JSC::getHostCallReturnValueWithExecState):
703         * jit/JITOperations.h: Copied from Source/JavaScriptCore/jit/JITOperations.h.
704         * jit/RegisterSet.h: Copied from Source/JavaScriptCore/jit/RegisterSet.h.
705         * jit/Repatch.cpp: Copied from Source/JavaScriptCore/jit/Repatch.cpp.
706         (JSC::tryBuildGetByIDList):
707         * jit/Repatch.h: Copied from Source/JavaScriptCore/jit/Repatch.h.
708         * jit/ScratchRegisterAllocator.h: Copied from Source/JavaScriptCore/jit/ScratchRegisterAllocator.h.
709         * jit/ThunkGenerators.cpp:
710         (JSC::oldStyleGenerateSlowCaseFor):
711         (JSC::oldStyleLinkForGenerator):
712         (JSC::oldStyleLinkCallGenerator):
713         (JSC::oldStyleLinkConstructGenerator):
714         (JSC::oldStyleLinkClosureCallGenerator):
715         (JSC::oldStyleVirtualForGenerator):
716         (JSC::oldStyleVirtualCallGenerator):
717         (JSC::oldStyleVirtualConstructGenerator):
718         (JSC::emitPointerValidation):
719         (JSC::throwExceptionFromCallSlowPathGenerator):
720         (JSC::slowPathFor):
721         (JSC::linkForThunkGenerator):
722         (JSC::linkCallThunkGenerator):
723         (JSC::linkConstructThunkGenerator):
724         (JSC::linkClosureCallThunkGenerator):
725         (JSC::virtualForThunkGenerator):
726         (JSC::virtualCallThunkGenerator):
727         (JSC::virtualConstructThunkGenerator):
728         * jit/ThunkGenerators.h:
729
730 2013-09-26  Anders Carlsson  <andersca@apple.com>
731
732         Remove PassWeak.h
733         https://bugs.webkit.org/show_bug.cgi?id=121971
734
735         Reviewed by Geoffrey Garen.
736
737         * GNUmakefile.list.am:
738         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
739         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
740         * JavaScriptCore.xcodeproj/project.pbxproj:
741         * heap/PassWeak.h: Removed.
742         * heap/WeakInlines.h:
743
744 2013-09-26  Anders Carlsson  <andersca@apple.com>
745
746         Stop using PassWeak
747         https://bugs.webkit.org/show_bug.cgi?id=121968
748
749         Reviewed by Sam Weinig.
750
751         * heap/Weak.h:
752         Remove all knowledge of PassWeak.
753
754         (JSC::Weak::Weak):
755         These constructors don't need to be explicit.
756
757         * heap/WeakInlines.h:
758         (JSC::weakAdd):
759         Change Value to be an rvalue reference and use std::forward.
760
761         * jit/JITThunks.cpp:
762         (JSC::JITThunks::hostFunctionStub):
763         Remove PassWeak.
764
765         * runtime/RegExpCache.cpp:
766         (JSC::RegExpCache::lookupOrCreate):
767         Use Weak instead of PassWeak.
768
769         * runtime/SimpleTypedArrayController.cpp:
770         Change add and set to take Weak by value and std::move into place.
771
772         * runtime/WeakGCMap.h:
773         (JSC::WeakGCMap::get):
774         (JSC::WeakGCMap::set):
775         (JSC::WeakGCMap::add):
776
777 2013-09-26  Commit Queue  <commit-queue@webkit.org>
778
779         Unreviewed, rolling out r156474.
780         http://trac.webkit.org/changeset/156474
781         https://bugs.webkit.org/show_bug.cgi?id=121966
782
783         Broke the builds. (Requested by xenon on #webkit).
784
785         * bytecode/CodeBlock.cpp:
786         (JSC::CodeBlock::registerName):
787         (JSC::CodeBlock::dumpBytecode):
788         (JSC::CodeBlock::CodeBlock):
789         (JSC::CodeBlock::createActivation):
790         (JSC::CodeBlock::nameForRegister):
791         * bytecode/CodeBlock.h:
792         (JSC::unmodifiedArgumentsRegister):
793         (JSC::CodeBlock::isKnownNotImmediate):
794         (JSC::CodeBlock::setThisRegister):
795         (JSC::CodeBlock::thisRegister):
796         (JSC::CodeBlock::setArgumentsRegister):
797         (JSC::CodeBlock::argumentsRegister):
798         (JSC::CodeBlock::uncheckedArgumentsRegister):
799         (JSC::CodeBlock::setActivationRegister):
800         (JSC::CodeBlock::activationRegister):
801         (JSC::CodeBlock::uncheckedActivationRegister):
802         (JSC::CodeBlock::usesArguments):
803         (JSC::CodeBlock::isCaptured):
804         * bytecode/Instruction.h:
805         * bytecode/LazyOperandValueProfile.h:
806         (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey):
807         (JSC::LazyOperandValueProfileKey::operator!):
808         (JSC::LazyOperandValueProfileKey::hash):
809         (JSC::LazyOperandValueProfileKey::operand):
810         (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue):
811         (JSC::LazyOperandValueProfile::LazyOperandValueProfile):
812         * bytecode/MethodOfGettingAValueProfile.cpp:
813         (JSC::MethodOfGettingAValueProfile::fromLazyOperand):
814         (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
815         * bytecode/Operands.h:
816         (JSC::localToOperand):
817         (JSC::operandIsLocal):
818         (JSC::operandToLocal):
819         (JSC::operandIsArgument):
820         (JSC::operandToArgument):
821         (JSC::argumentToOperand):
822         (JSC::Operands::operand):
823         (JSC::Operands::hasOperand):
824         (JSC::Operands::setOperand):
825         (JSC::Operands::operandForIndex):
826         (JSC::Operands::setOperandFirstTime):
827         * bytecode/UnlinkedCodeBlock.cpp:
828         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
829         * bytecode/UnlinkedCodeBlock.h:
830         (JSC::UnlinkedCodeBlock::setThisRegister):
831         (JSC::UnlinkedCodeBlock::setActivationRegister):
832         (JSC::UnlinkedCodeBlock::setArgumentsRegister):
833         (JSC::UnlinkedCodeBlock::usesArguments):
834         (JSC::UnlinkedCodeBlock::argumentsRegister):
835         (JSC::UnlinkedCodeBlock::usesGlobalObject):
836         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister):
837         (JSC::UnlinkedCodeBlock::globalObjectRegister):
838         (JSC::UnlinkedCodeBlock::thisRegister):
839         (JSC::UnlinkedCodeBlock::activationRegister):
840         * bytecode/ValueRecovery.h:
841         (JSC::ValueRecovery::displacedInJSStack):
842         (JSC::ValueRecovery::virtualRegister):
843         (JSC::ValueRecovery::dumpInContext):
844         * bytecode/VirtualRegister.h:
845         (WTF::printInternal):
846         * bytecompiler/BytecodeGenerator.cpp:
847         (JSC::BytecodeGenerator::generate):
848         (JSC::BytecodeGenerator::addVar):
849         (JSC::BytecodeGenerator::BytecodeGenerator):
850         (JSC::BytecodeGenerator::createLazyRegisterIfNecessary):
851         (JSC::BytecodeGenerator::newRegister):
852         (JSC::BytecodeGenerator::emitLoadGlobalObject):
853         (JSC::BytecodeGenerator::emitGetArgumentsLength):
854         (JSC::BytecodeGenerator::emitGetArgumentByVal):
855         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
856         (JSC::BytecodeGenerator::emitReturn):
857         * bytecompiler/BytecodeGenerator.h:
858         (JSC::BytecodeGenerator::registerFor):
859         * bytecompiler/RegisterID.h:
860         (JSC::RegisterID::RegisterID):
861         (JSC::RegisterID::setIndex):
862         (JSC::RegisterID::index):
863         * debugger/DebuggerCallFrame.cpp:
864         (JSC::DebuggerCallFrame::thisObject):
865         * dfg/DFGAbstractHeap.h:
866         (JSC::DFG::AbstractHeap::Payload::Payload):
867         * dfg/DFGAbstractInterpreterInlines.h:
868         (JSC::DFG::::executeEffects):
869         (JSC::DFG::::clobberCapturedVars):
870         * dfg/DFGArgumentPosition.h:
871         (JSC::DFG::ArgumentPosition::dump):
872         * dfg/DFGArgumentsSimplificationPhase.cpp:
873         (JSC::DFG::ArgumentsSimplificationPhase::run):
874         (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
875         (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
876         * dfg/DFGByteCodeParser.cpp:
877         (JSC::DFG::ByteCodeParser::newVariableAccessData):
878         (JSC::DFG::ByteCodeParser::getDirect):
879         (JSC::DFG::ByteCodeParser::get):
880         (JSC::DFG::ByteCodeParser::setDirect):
881         (JSC::DFG::ByteCodeParser::set):
882         (JSC::DFG::ByteCodeParser::getLocal):
883         (JSC::DFG::ByteCodeParser::setLocal):
884         (JSC::DFG::ByteCodeParser::getArgument):
885         (JSC::DFG::ByteCodeParser::setArgument):
886         (JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
887         (JSC::DFG::ByteCodeParser::findArgumentPosition):
888         (JSC::DFG::ByteCodeParser::flush):
889         (JSC::DFG::ByteCodeParser::flushDirect):
890         (JSC::DFG::ByteCodeParser::getToInt32):
891         (JSC::DFG::ByteCodeParser::getThis):
892         (JSC::DFG::ByteCodeParser::addCall):
893         (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
894         (JSC::DFG::ByteCodeParser::handleCall):
895         (JSC::DFG::ByteCodeParser::emitFunctionChecks):
896         (JSC::DFG::ByteCodeParser::emitArgumentPhantoms):
897         (JSC::DFG::ByteCodeParser::handleInlining):
898         (JSC::DFG::ByteCodeParser::handleMinMax):
899         (JSC::DFG::ByteCodeParser::handleIntrinsic):
900         (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
901         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
902         (JSC::DFG::ByteCodeParser::handleGetByOffset):
903         (JSC::DFG::ByteCodeParser::handleGetById):
904         (JSC::DFG::ByteCodeParser::parseBlock):
905         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
906         (JSC::DFG::ByteCodeParser::parse):
907         * dfg/DFGCFGSimplificationPhase.cpp:
908         * dfg/DFGCPSRethreadingPhase.cpp:
909         (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocal):
910         (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocal):
911         (JSC::DFG::CPSRethreadingPhase::canonicalizeSetArgument):
912         * dfg/DFGCapabilities.cpp:
913         (JSC::DFG::capabilityLevel):
914         * dfg/DFGConstantFoldingPhase.cpp:
915         (JSC::DFG::ConstantFoldingPhase::isCapturedAtOrAfter):
916         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
917         (JSC::DFG::FlushLivenessAnalysisPhase::setForNode):
918         * dfg/DFGGraph.cpp:
919         (JSC::DFG::Graph::dump):
920         * dfg/DFGGraph.h:
921         (JSC::DFG::Graph::argumentsRegisterFor):
922         (JSC::DFG::Graph::uncheckedArgumentsRegisterFor):
923         (JSC::DFG::Graph::uncheckedActivationRegisterFor):
924         (JSC::DFG::Graph::valueProfileFor):
925         * dfg/DFGJITCode.cpp:
926         (JSC::DFG::JITCode::reconstruct):
927         * dfg/DFGNode.h:
928         (JSC::DFG::Node::Node):
929         (JSC::DFG::Node::convertToGetLocalUnlinked):
930         (JSC::DFG::Node::hasVirtualRegister):
931         (JSC::DFG::Node::virtualRegister):
932         (JSC::DFG::Node::setVirtualRegister):
933         * dfg/DFGOSREntry.cpp:
934         (JSC::DFG::prepareOSREntry):
935         * dfg/DFGOSREntrypointCreationPhase.cpp:
936         (JSC::DFG::OSREntrypointCreationPhase::run):
937         * dfg/DFGOSRExit.h:
938         * dfg/DFGOSRExitCompiler32_64.cpp:
939         (JSC::DFG::OSRExitCompiler::compileExit):
940         * dfg/DFGOSRExitCompiler64.cpp:
941         (JSC::DFG::OSRExitCompiler::compileExit):
942         * dfg/DFGRegisterBank.h:
943         (JSC::DFG::RegisterBank::tryAllocate):
944         (JSC::DFG::RegisterBank::allocateSpecific):
945         (JSC::DFG::RegisterBank::retain):
946         (JSC::DFG::RegisterBank::isInUse):
947         (JSC::DFG::RegisterBank::dump):
948         (JSC::DFG::RegisterBank::releaseAtIndex):
949         (JSC::DFG::RegisterBank::allocateInternal):
950         (JSC::DFG::RegisterBank::MapEntry::MapEntry):
951         * dfg/DFGScoreBoard.h:
952         (JSC::DFG::ScoreBoard::allocate):
953         (JSC::DFG::ScoreBoard::use):
954         * dfg/DFGSpeculativeJIT.cpp:
955         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
956         (JSC::DFG::SpeculativeJIT::checkConsistency):
957         (JSC::DFG::SpeculativeJIT::compileMovHint):
958         (JSC::DFG::SpeculativeJIT::compileInlineStart):
959         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
960         * dfg/DFGSpeculativeJIT.h:
961         (JSC::DFG::SpeculativeJIT::allocate):
962         (JSC::DFG::SpeculativeJIT::fprAllocate):
963         (JSC::DFG::SpeculativeJIT::silentSpillAllRegistersImpl):
964         (JSC::DFG::SpeculativeJIT::flushRegisters):
965         (JSC::DFG::SpeculativeJIT::isFlushed):
966         (JSC::DFG::SpeculativeJIT::argumentSlot):
967         (JSC::DFG::SpeculativeJIT::argumentTagSlot):
968         (JSC::DFG::SpeculativeJIT::argumentPayloadSlot):
969         (JSC::DFG::SpeculativeJIT::valueSourceForOperand):
970         (JSC::DFG::SpeculativeJIT::setNodeForOperand):
971         (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand):
972         (JSC::DFG::SpeculativeJIT::recordSetLocal):
973         (JSC::DFG::SpeculativeJIT::generationInfoFromVirtualRegister):
974         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
975         * dfg/DFGSpeculativeJIT64.cpp:
976         (JSC::DFG::SpeculativeJIT::compile):
977         * dfg/DFGValidate.cpp:
978         (JSC::DFG::Validate::validate):
979         (JSC::DFG::Validate::validateCPS):
980         (JSC::DFG::Validate::checkOperand):
981         (JSC::DFG::Validate::reportValidationContext):
982         * dfg/DFGValueRecoveryOverride.h:
983         (JSC::DFG::ValueRecoveryOverride::ValueRecoveryOverride):
984         * dfg/DFGVariableAccessData.h:
985         (JSC::DFG::VariableAccessData::operand):
986         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
987         (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
988         (JSC::DFG::VariableAccessData::flushFormat):
989         * dfg/DFGVariableEvent.h:
990         (JSC::DFG::VariableEvent::spill):
991         (JSC::DFG::VariableEvent::setLocal):
992         * dfg/DFGVariableEventStream.cpp:
993         (JSC::DFG::VariableEventStream::reconstruct):
994         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
995         (JSC::DFG::VirtualRegisterAllocationPhase::run):
996         * ftl/FTLExitArgumentForOperand.h:
997         (JSC::FTL::ExitArgumentForOperand::ExitArgumentForOperand):
998         (JSC::FTL::ExitArgumentForOperand::operand):
999         * ftl/FTLLink.cpp:
1000         (JSC::FTL::link):
1001         * ftl/FTLLowerDFGToLLVM.cpp:
1002         (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
1003         (JSC::FTL::LowerDFGToLLVM::compileGetArgument):
1004         (JSC::FTL::LowerDFGToLLVM::compileExtractOSREntryLocal):
1005         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
1006         (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
1007         (JSC::FTL::LowerDFGToLLVM::observeMovHint):
1008         (JSC::FTL::LowerDFGToLLVM::addressFor):
1009         (JSC::FTL::LowerDFGToLLVM::payloadFor):
1010         (JSC::FTL::LowerDFGToLLVM::tagFor):
1011         * ftl/FTLOSREntry.cpp:
1012         (JSC::FTL::prepareOSREntry):
1013         * ftl/FTLOSRExit.cpp:
1014         (JSC::FTL::OSRExit::convertToForward):
1015         * ftl/FTLOSRExit.h:
1016         * ftl/FTLOSRExitCompiler.cpp:
1017         (JSC::FTL::compileStub):
1018         * interpreter/CallFrame.h:
1019         * interpreter/Interpreter.cpp:
1020         (JSC::Interpreter::dumpRegisters):
1021         (JSC::unwindCallFrame):
1022         (JSC::Interpreter::unwind):
1023         * jit/AssemblyHelpers.h:
1024         (JSC::AssemblyHelpers::addressFor):
1025         (JSC::AssemblyHelpers::tagFor):
1026         (JSC::AssemblyHelpers::payloadFor):
1027         (JSC::AssemblyHelpers::argumentsRegisterFor):
1028         * jit/JIT.h:
1029         * jit/JITCall.cpp:
1030         (JSC::JIT::compileLoadVarargs):
1031         * jit/JITInlines.h:
1032         (JSC::JIT::emitGetVirtualRegister):
1033         * jit/JITOpcodes.cpp:
1034         (JSC::JIT::emit_op_tear_off_arguments):
1035         (JSC::JIT::emit_op_get_pnames):
1036         (JSC::JIT::emit_op_enter):
1037         (JSC::JIT::emit_op_create_arguments):
1038         (JSC::JIT::emitSlow_op_get_argument_by_val):
1039         * jit/JITOpcodes32_64.cpp:
1040         (JSC::JIT::emit_op_enter):
1041         * jit/JITStubs.cpp:
1042         (JSC::DEFINE_STUB_FUNCTION):
1043         * llint/LLIntSlowPaths.cpp:
1044         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1045         * profiler/ProfilerBytecodeSequence.cpp:
1046         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
1047         * runtime/CommonSlowPaths.cpp:
1048         (JSC::SLOW_PATH_DECL):
1049         * runtime/JSActivation.cpp:
1050         (JSC::JSActivation::argumentsGetter):
1051
1052 2013-09-26  Oliver Hunt  <oliver@apple.com>
1053
1054         Attempt to fix MSVC build
1055
1056         * parser/Parser.cpp:
1057         (JSC::::createBindingPattern):
1058         (JSC::::parseDeconstructionPattern):
1059         * parser/Parser.h:
1060
1061 2013-09-26  Julien Brianceau  <jbriance@cisco.com>
1062
1063         [sh4] JSValue* exception is unused since r70703 in JITStackFrame.
1064         https://bugs.webkit.org/show_bug.cgi?id=121962
1065
1066         This is a cosmetic change, but it could avoid people reading sh4 part to
1067         waste time to understand why there is a JSValue* here.
1068
1069         Reviewed by Darin Adler.
1070
1071         * jit/JITStubs.h:
1072
1073 2013-09-26  Anders Carlsson  <andersca@apple.com>
1074
1075         WeakGCMap should not inherit from HashMap
1076         https://bugs.webkit.org/show_bug.cgi?id=121964
1077
1078         Reviewed by Geoffrey Garen.
1079
1080         Add the HashMap as a member variable instead and implement the missing member functions.
1081
1082         * runtime/WeakGCMap.h:
1083
1084 2013-09-25  Michael Saboff  <msaboff@apple.com>
1085
1086         VirtualRegister should be a class
1087         https://bugs.webkit.org/show_bug.cgi?id=121732
1088
1089         Reviewed by Geoffrey Garen.
1090
1091         This is a refactoring change.  Changed VirtualRegister from an enum to a class.
1092         Moved Operands::operandIsArgument(), operandToArgument(), argumentToOperand()
1093         and the similar functions for locals to VirtualRegister class.
1094
1095         This is in preparation for changing the offset for the first local register from
1096         0 to -1.  This is needed since most native calling conventions have the architected
1097         frame pointer (e.g. %rbp for X86) point at the slot that stores the previous frame
1098         pointer.  Local values start below that address.
1099
1100         * bytecode/CodeBlock.cpp:
1101         * bytecode/CodeBlock.h:
1102         * bytecode/Instruction.h:
1103         * bytecode/LazyOperandValueProfile.h:
1104         * bytecode/MethodOfGettingAValueProfile.cpp:
1105         * bytecode/Operands.h:
1106         * bytecode/UnlinkedCodeBlock.cpp:
1107         * bytecode/UnlinkedCodeBlock.h:
1108         * bytecode/ValueRecovery.h:
1109         * bytecode/VirtualRegister.h:
1110         * bytecompiler/BytecodeGenerator.cpp:
1111         * bytecompiler/BytecodeGenerator.h:
1112         * bytecompiler/RegisterID.h:
1113         * debugger/DebuggerCallFrame.cpp:
1114         * dfg/DFGAbstractHeap.h:
1115         * dfg/DFGAbstractInterpreterInlines.h:
1116         * dfg/DFGArgumentPosition.h:
1117         * dfg/DFGArgumentsSimplificationPhase.cpp:
1118         * dfg/DFGByteCodeParser.cpp:
1119         * dfg/DFGCFGSimplificationPhase.cpp:
1120         * dfg/DFGCPSRethreadingPhase.cpp:
1121         * dfg/DFGCapabilities.cpp:
1122         * dfg/DFGConstantFoldingPhase.cpp:
1123         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
1124         * dfg/DFGGraph.cpp:
1125         * dfg/DFGGraph.h:
1126         * dfg/DFGJITCode.cpp:
1127         * dfg/DFGNode.h:
1128         * dfg/DFGOSREntry.cpp:
1129         * dfg/DFGOSREntrypointCreationPhase.cpp:
1130         * dfg/DFGOSRExit.h:
1131         * dfg/DFGOSRExitCompiler32_64.cpp:
1132         * dfg/DFGOSRExitCompiler64.cpp:
1133         * dfg/DFGRegisterBank.h:
1134         * dfg/DFGScoreBoard.h:
1135         * dfg/DFGSpeculativeJIT.cpp:
1136         * dfg/DFGSpeculativeJIT.h:
1137         * dfg/DFGSpeculativeJIT64.cpp:
1138         * dfg/DFGValidate.cpp:
1139         * dfg/DFGValueRecoveryOverride.h:
1140         * dfg/DFGVariableAccessData.h:
1141         * dfg/DFGVariableEvent.h:
1142         * dfg/DFGVariableEventStream.cpp:
1143         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1144         * ftl/FTLExitArgumentForOperand.h:
1145         * ftl/FTLLink.cpp:
1146         * ftl/FTLLowerDFGToLLVM.cpp:
1147         * ftl/FTLOSREntry.cpp:
1148         * ftl/FTLOSRExit.cpp:
1149         * ftl/FTLOSRExit.h:
1150         * ftl/FTLOSRExitCompiler.cpp:
1151         * interpreter/CallFrame.h:
1152         * interpreter/Interpreter.cpp:
1153         * jit/AssemblyHelpers.h:
1154         * jit/JIT.h:
1155         * jit/JITCall.cpp:
1156         * jit/JITInlines.h:
1157         * jit/JITOpcodes.cpp:
1158         * jit/JITOpcodes32_64.cpp:
1159         * jit/JITStubs.cpp:
1160         * llint/LLIntSlowPaths.cpp:
1161         * profiler/ProfilerBytecodeSequence.cpp:
1162         * runtime/CommonSlowPaths.cpp:
1163         * runtime/JSActivation.cpp:
1164
1165 2013-09-26  Anders Carlsson  <andersca@apple.com>
1166
1167         Weak should have a move constructor and move assignment operator
1168         https://bugs.webkit.org/show_bug.cgi?id=121963
1169
1170         Reviewed by Oliver Hunt.
1171
1172         This is the first step towards getting rid of PassWeak.
1173
1174         * API/JSClassRef.cpp:
1175         (OpaqueJSClass::prototype):
1176         * heap/Weak.h:
1177         * heap/WeakInlines.h:
1178         (JSC::::Weak):
1179         (JSC::::leakImpl):
1180         * runtime/SimpleTypedArrayController.cpp:
1181         (JSC::SimpleTypedArrayController::toJS):
1182
1183 2013-09-26  Mark Hahnenberg  <mhahnenberg@apple.com>
1184
1185         op_to_this shouldn't use value profiling
1186         https://bugs.webkit.org/show_bug.cgi?id=121920
1187
1188         Reviewed by Geoffrey Garen.
1189
1190         Currently it's the only opcode that uses m_singletonValue, which is unnecessary. Our current plan is 
1191         to remove m_singletonValue so that GenGC can have a simpler story for handling CodeBlocks/FunctionExecutables 
1192         during nursery collections.
1193
1194         This patch adds an inline cache for the Structure of to_this so it no longer depends on the ValueProfile's
1195         m_singletonValue. Since nobody uses m_singletonValue now, this patch also removes m_singletonValue from
1196         ValueProfile.
1197
1198         * bytecode/CodeBlock.cpp:
1199         (JSC::CodeBlock::CodeBlock):
1200         (JSC::CodeBlock::finalizeUnconditionally):
1201         (JSC::CodeBlock::stronglyVisitStrongReferences):
1202         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
1203         (JSC::CodeBlock::updateAllValueProfilePredictions):
1204         (JSC::CodeBlock::updateAllPredictions):
1205         (JSC::CodeBlock::shouldOptimizeNow):
1206         * bytecode/CodeBlock.h:
1207         (JSC::CodeBlock::updateAllValueProfilePredictions):
1208         (JSC::CodeBlock::updateAllPredictions):
1209         * bytecode/LazyOperandValueProfile.cpp:
1210         (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
1211         * bytecode/LazyOperandValueProfile.h:
1212         * bytecode/ValueProfile.h:
1213         (JSC::ValueProfileBase::ValueProfileBase):
1214         (JSC::ValueProfileBase::briefDescription):
1215         (JSC::ValueProfileBase::dump):
1216         (JSC::ValueProfileBase::computeUpdatedPrediction):
1217         * bytecompiler/BytecodeGenerator.cpp:
1218         (JSC::BytecodeGenerator::BytecodeGenerator):
1219         * dfg/DFGByteCodeParser.cpp:
1220         (JSC::DFG::ByteCodeParser::parseBlock):
1221         * jit/JITOpcodes.cpp:
1222         (JSC::JIT::emit_op_to_this):
1223         (JSC::JIT::emitSlow_op_to_this):
1224         * jit/JITOpcodes32_64.cpp:
1225         (JSC::JIT::emit_op_to_this):
1226         (JSC::JIT::emitSlow_op_to_this):
1227         * llint/LowLevelInterpreter32_64.asm:
1228         * llint/LowLevelInterpreter64.asm:
1229         * runtime/CommonSlowPaths.cpp:
1230         (JSC::SLOW_PATH_DECL):
1231
1232 2013-09-25  Oliver Hunt  <oliver@apple.com>
1233
1234         Implement prefixed-destructuring assignment
1235         https://bugs.webkit.org/show_bug.cgi?id=121930
1236
1237         Reviewed by Mark Hahnenberg.
1238
1239         This is mostly simple - the semantics of deconstruction are already
1240         present in the language, so most of the complexity (if you call it
1241         that) is addition of new AST nodes, and parsing the syntax.
1242
1243         In order to get correct semantics for the parameter lists, FunctionParameters
1244         now needs to store refcounted references to the parameter patterns.
1245         There's also a little work to ensure that variable creation and assignment
1246         occurs in the correct order while the BytecodeGenerator is being constructed. 
1247
1248         * bytecode/UnlinkedCodeBlock.cpp:
1249         (JSC::UnlinkedFunctionExecutable::paramString):
1250         * bytecompiler/BytecodeGenerator.cpp:
1251         (JSC::BytecodeGenerator::BytecodeGenerator):
1252         * bytecompiler/BytecodeGenerator.h:
1253         (JSC::BytecodeGenerator::emitExpressionInfo):
1254         * bytecompiler/NodesCodegen.cpp:
1255         (JSC::ForInNode::emitBytecode):
1256         (JSC::DeconstructingAssignmentNode::emitBytecode):
1257         (JSC::DeconstructionPatternNode::~DeconstructionPatternNode):
1258         (JSC::ArrayPatternNode::emitBytecode):
1259         (JSC::ArrayPatternNode::emitDirectBinding):
1260         (JSC::ArrayPatternNode::toString):
1261         (JSC::ArrayPatternNode::collectBoundIdentifiers):
1262         (JSC::ObjectPatternNode::toString):
1263         (JSC::ObjectPatternNode::emitBytecode):
1264         (JSC::ObjectPatternNode::collectBoundIdentifiers):
1265         (JSC::BindingNode::emitBytecode):
1266         (JSC::BindingNode::toString):
1267         (JSC::BindingNode::collectBoundIdentifiers):
1268         * parser/ASTBuilder.h:
1269         (JSC::ASTBuilder::createFormalParameterList):
1270         (JSC::ASTBuilder::createForInLoop):
1271         (JSC::ASTBuilder::addVar):
1272         (JSC::ASTBuilder::createDeconstructingAssignment):
1273         (JSC::ASTBuilder::createArrayPattern):
1274         (JSC::ASTBuilder::appendArrayPatternSkipEntry):
1275         (JSC::ASTBuilder::appendArrayPatternEntry):
1276         (JSC::ASTBuilder::createObjectPattern):
1277         (JSC::ASTBuilder::appendObjectPatternEntry):
1278         (JSC::ASTBuilder::createBindingLocation):
1279         * parser/NodeConstructors.h:
1280         (JSC::CommaNode::CommaNode):
1281         (JSC::ParameterNode::ParameterNode):
1282         (JSC::ForInNode::ForInNode):
1283         (JSC::DeconstructionPatternNode::DeconstructionPatternNode):
1284         (JSC::ArrayPatternNode::ArrayPatternNode):
1285         (JSC::ArrayPatternNode::create):
1286         (JSC::ObjectPatternNode::ObjectPatternNode):
1287         (JSC::ObjectPatternNode::create):
1288         (JSC::BindingNode::create):
1289         (JSC::BindingNode::BindingNode):
1290         (JSC::DeconstructingAssignmentNode::DeconstructingAssignmentNode):
1291         * parser/Nodes.cpp:
1292         (JSC::FunctionParameters::create):
1293         (JSC::FunctionParameters::FunctionParameters):
1294         (JSC::FunctionParameters::~FunctionParameters):
1295         * parser/Nodes.h:
1296         (JSC::ExpressionNode::isDeconstructionNode):
1297         (JSC::ArrayNode::elements):
1298         (JSC::CommaNode::append):
1299         (JSC::ParameterNode::pattern):
1300         (JSC::FunctionParameters::at):
1301         (JSC::FunctionParameters::patterns):
1302         (JSC::DeconstructionPatternNode::isBindingNode):
1303         (JSC::DeconstructionPatternNode::emitDirectBinding):
1304         (JSC::ArrayPatternNode::appendIndex):
1305         (JSC::ObjectPatternNode::appendEntry):
1306         (JSC::ObjectPatternNode::Entry::Entry):
1307         (JSC::BindingNode::boundProperty):
1308         (JSC::BindingNode::isBindingNode):
1309         (JSC::DeconstructingAssignmentNode::bindings):
1310         (JSC::DeconstructingAssignmentNode::isLocation):
1311         (JSC::DeconstructingAssignmentNode::isDeconstructionNode):
1312         * parser/Parser.cpp:
1313         (JSC::::Parser):
1314         (JSC::::parseVarDeclaration):
1315         (JSC::::parseVarDeclarationList):
1316         (JSC::::createBindingPattern):
1317         (JSC::::parseDeconstructionPattern):
1318         (JSC::::parseForStatement):
1319         (JSC::::parseFormalParameters):
1320         (JSC::::parseAssignmentExpression):
1321         * parser/Parser.h:
1322         (JSC::Scope::declareBoundParameter):
1323         (JSC::Parser::declareBoundParameter):
1324         * parser/SyntaxChecker.h:
1325         (JSC::SyntaxChecker::createFormalParameterList):
1326         (JSC::SyntaxChecker::addVar):
1327         (JSC::SyntaxChecker::operatorStackPop):
1328         * runtime/JSONObject.cpp:
1329         (JSC::escapeStringToBuilder):
1330         * runtime/JSONObject.h:
1331
1332 2013-09-25  Brady Eidson  <beidson@apple.com>
1333
1334         Enable the IndexedDB build on Mac, but leave the feature non-functional
1335         https://bugs.webkit.org/show_bug.cgi?id=121918
1336
1337         Reviewed by Alexey Proskuryakov.
1338
1339         * Configurations/FeatureDefines.xcconfig:
1340
1341 2013-09-25  Commit Queue  <commit-queue@webkit.org>
1342
1343         Unreviewed, rolling out r156432.
1344         http://trac.webkit.org/changeset/156432
1345         https://bugs.webkit.org/show_bug.cgi?id=121932
1346
1347         some integer conversion things that need brady to fix
1348         (Requested by thorton on #webkit).
1349
1350         * Configurations/FeatureDefines.xcconfig:
1351
1352 2013-09-25  Anders Carlsson  <andersca@apple.com>
1353
1354         Move KeyValuePairTraits inside HashMap
1355         https://bugs.webkit.org/show_bug.cgi?id=121931
1356
1357         Reviewed by Sam Weinig.
1358
1359         * tools/ProfileTreeNode.h:
1360
1361 2013-09-25  Brady Eidson  <beidson@apple.com>
1362
1363         Enable the IndexedDB build on Mac, but leave the feature non-functional
1364         https://bugs.webkit.org/show_bug.cgi?id=121918
1365
1366         Reviewed by Alexey Proskuryakov.
1367
1368         * Configurations/FeatureDefines.xcconfig:
1369
1370 2013-09-25  Brady Eidson  <beidson@apple.com>
1371
1372         FeatureDefine.xcconfig cleanup (They should all be identical).
1373         https://bugs.webkit.org/show_bug.cgi?id=121921
1374
1375         Reviewed by Mark Rowe.
1376
1377         * Configurations/FeatureDefines.xcconfig:
1378
1379 2013-09-25  Patrick Gansterer  <paroga@webkit.org>
1380
1381         Build fix for WinCE after r155098.
1382
1383         Windows CE does not support getenv().
1384
1385         * jsc.cpp:
1386         (main):
1387
1388 2013-09-24  Mark Hahnenberg  <mhahnenberg@apple.com>
1389
1390         op_get_callee shouldn't use value profiling
1391         https://bugs.webkit.org/show_bug.cgi?id=121821
1392
1393         Reviewed by Filip Pizlo.
1394
1395         Currently it's one of the two opcodes that uses m_singletonValue, which is unnecessary. 
1396         Our current plan is to remove m_singletonValue so that GenGC can have a simpler story 
1397         for handling CodeBlocks/FunctionExecutables during nursery collections.
1398
1399         Instead of using a ValueProfile op_get_callee now has a simple inline cache of the most 
1400         recent JSFunction that we saw.
1401
1402         * bytecode/CodeBlock.cpp:
1403         (JSC::CodeBlock::CodeBlock):
1404         (JSC::CodeBlock::finalizeUnconditionally):
1405         * bytecompiler/BytecodeGenerator.cpp:
1406         (JSC::BytecodeGenerator::emitCreateThis):
1407         * dfg/DFGByteCodeParser.cpp:
1408         (JSC::DFG::ByteCodeParser::parseBlock):
1409         * jit/JIT.cpp:
1410         (JSC::JIT::privateCompileSlowCases):
1411         * jit/JIT.h:
1412         * jit/JITOpcodes.cpp:
1413         (JSC::JIT::emit_op_get_callee):
1414         (JSC::JIT::emitSlow_op_get_callee):
1415         * jit/JITOpcodes32_64.cpp:
1416         (JSC::JIT::emit_op_get_callee):
1417         (JSC::JIT::emitSlow_op_get_callee):
1418         * llint/LowLevelInterpreter32_64.asm:
1419         * llint/LowLevelInterpreter64.asm:
1420         * runtime/CommonSlowPaths.cpp:
1421         (JSC::SLOW_PATH_DECL):
1422         * runtime/CommonSlowPaths.h:
1423
1424 2013-09-24  Mark Lam  <mark.lam@apple.com>
1425
1426         Change JSC debug hooks to pass a CallFrame* instead of a DebuggerCallFrame.
1427         https://bugs.webkit.org/show_bug.cgi?id=121867.
1428
1429         Reviewed by Geoffrey Garen.
1430
1431         1. Removed the need for passing the line and column info to the debug hook
1432            callbacks. We now get the line and column info from the CallFrame.
1433
1434         2. Simplify BytecodeGenerator::emitDebugHook() to only take 1 line number
1435            argument. The caller can determine whether to pass in the first or last
1436            line number of the block of source code as appropriate.
1437            Note: we still need to pass in the line and column info to emitDebugHook()
1438            because it uses this info to emit expression info which is later used by
1439            the StackVisitor to determine the line and column info for its "pc".
1440
1441         3. Pass the exceptionValue explicitly to the exception() debug hook
1442            callback. It should not be embedded in the CallFrame / DebuggerCallFrame.
1443
1444         4. Change the op_debug opcode size to 2 (from 5) since we've removing 3 arg
1445            values. Update the LLINT and JIT code to handle this.
1446
1447         * bytecode/CodeBlock.cpp:
1448         (JSC::CodeBlock::dumpBytecode):
1449         (JSC::CodeBlock::CodeBlock):
1450         * bytecode/Opcode.h:
1451         (JSC::padOpcodeName):
1452         * bytecompiler/BytecodeGenerator.cpp:
1453         (JSC::BytecodeGenerator::emitDebugHook):
1454         * bytecompiler/BytecodeGenerator.h:
1455         * bytecompiler/NodesCodegen.cpp:
1456         (JSC::ConstStatementNode::emitBytecode):
1457         (JSC::EmptyStatementNode::emitBytecode):
1458         (JSC::DebuggerStatementNode::emitBytecode):
1459         (JSC::ExprStatementNode::emitBytecode):
1460         (JSC::VarStatementNode::emitBytecode):
1461         (JSC::IfElseNode::emitBytecode):
1462         (JSC::DoWhileNode::emitBytecode):
1463         (JSC::WhileNode::emitBytecode):
1464         (JSC::ForNode::emitBytecode):
1465         (JSC::ForInNode::emitBytecode):
1466         (JSC::ContinueNode::emitBytecode):
1467         (JSC::BreakNode::emitBytecode):
1468         (JSC::ReturnNode::emitBytecode):
1469         (JSC::WithNode::emitBytecode):
1470         (JSC::SwitchNode::emitBytecode):
1471         (JSC::LabelNode::emitBytecode):
1472         (JSC::ThrowNode::emitBytecode):
1473         (JSC::TryNode::emitBytecode):
1474         (JSC::ProgramNode::emitBytecode):
1475         (JSC::EvalNode::emitBytecode):
1476         (JSC::FunctionBodyNode::emitBytecode):
1477         * debugger/Debugger.h:
1478         * debugger/DebuggerCallFrame.cpp:
1479         (JSC::LineAndColumnFunctor::operator()):
1480         (JSC::LineAndColumnFunctor::line):
1481         (JSC::LineAndColumnFunctor::column):
1482         (JSC::DebuggerCallFrame::DebuggerCallFrame):
1483         (JSC::DebuggerCallFrame::clear):
1484         * debugger/DebuggerCallFrame.h:
1485         (JSC::DebuggerCallFrame::line):
1486         (JSC::DebuggerCallFrame::column):
1487         * interpreter/Interpreter.cpp:
1488         (JSC::unwindCallFrame):
1489         (JSC::UnwindFunctor::UnwindFunctor):
1490         (JSC::UnwindFunctor::operator()):
1491         (JSC::Interpreter::unwind):
1492         (JSC::Interpreter::debug):
1493         * interpreter/Interpreter.h:
1494         * jit/JITOpcodes.cpp:
1495         (JSC::JIT::emit_op_debug):
1496         * jit/JITOpcodes32_64.cpp:
1497         (JSC::JIT::emit_op_debug):
1498         * jit/JITStubs.cpp:
1499         (JSC::DEFINE_STUB_FUNCTION):
1500         * llint/LLIntSlowPaths.cpp:
1501         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1502         * llint/LowLevelInterpreter.asm:
1503
1504 2013-09-24  Filip Pizlo  <fpizlo@apple.com>
1505
1506         Crashing under JSC::DFG::SpeculativeJIT::spill visiting citicards.com
1507         https://bugs.webkit.org/show_bug.cgi?id=121844
1508
1509         Reviewed by Mark Hahnenberg.
1510         
1511         Fix some int52 bugs that caused this.
1512
1513         * bytecode/ValueRecovery.h:
1514         (JSC::ValueRecovery::dumpInContext): There's no such thing as int53.
1515         * dfg/DFGSpeculativeJIT.h:
1516         (JSC::DFG::SpeculativeJIT::spill): Actually spill int52's, instead of hitting an assert and crashing.
1517         * dfg/DFGSpeculativeJIT64.cpp:
1518         (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal): Use the right format (from before when we clobber it).
1519
1520 2013-09-24  Mark Rowe  <mrowe@apple.com>
1521
1522         <rdar://problem/14971518> WebKit should build against the Xcode default toolchain when targeting OS X 10.8
1523
1524         Reviewed by Dan Bernstein.
1525
1526         * Configurations/Base.xcconfig:
1527
1528 2013-09-23  Patrick Gansterer  <paroga@webkit.org>
1529
1530         use NOMINMAX instead of #define min min
1531         https://bugs.webkit.org/show_bug.cgi?id=73563
1532
1533         Reviewed by Brent Fulgham.
1534
1535         Use NOMINMAX instead of #define min/max as a cleaner
1536         way of ensuring that Windows system header files don't
1537         define min/max as macro in the first place.
1538
1539         * config.h:
1540
1541 2013-09-23  Filip Pizlo  <fpizlo@apple.com>
1542
1543         Never use ReturnPC for exception handling and quit using exception check indices as a lame replica of the CodeOrigin index
1544         https://bugs.webkit.org/show_bug.cgi?id=121734
1545
1546         Reviewed by Mark Hahnenberg.
1547         
1548         Exception handling can deduce where the exception was thrown from by looking at the
1549         code origin that was stored into the call frame header. There is no need to pass any
1550         additional meta-data into the exception throwing logic. But the DFG was still doing it
1551         anyway.
1552         
1553         This removes all of the logic to pass extra meta-data into lookupExceptionHandler()
1554         and friends. It simplifies a lot of code.
1555
1556         * CMakeLists.txt:
1557         * GNUmakefile.list.am:
1558         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1559         * JavaScriptCore.xcodeproj/project.pbxproj:
1560         * Target.pri:
1561         * bytecode/CodeBlock.cpp:
1562         (JSC::CodeBlock::shrinkToFit):
1563         * bytecode/CodeBlock.h:
1564         (JSC::CodeBlock::codeOrigins):
1565         (JSC::CodeBlock::hasCodeOrigins):
1566         (JSC::CodeBlock::canGetCodeOrigin):
1567         (JSC::CodeBlock::codeOrigin):
1568         * bytecode/CodeOrigin.h:
1569         (JSC::InlineCallFrame::InlineCallFrame):
1570         * bytecode/InlineCallFrameSet.cpp: Added.
1571         (JSC::InlineCallFrameSet::InlineCallFrameSet):
1572         (JSC::InlineCallFrameSet::~InlineCallFrameSet):
1573         (JSC::InlineCallFrameSet::add):
1574         (JSC::InlineCallFrameSet::shrinkToFit):
1575         * bytecode/InlineCallFrameSet.h: Added.
1576         (JSC::InlineCallFrameSet::isEmpty):
1577         (JSC::InlineCallFrameSet::size):
1578         (JSC::InlineCallFrameSet::at):
1579         * dfg/DFGArgumentsSimplificationPhase.cpp:
1580         (JSC::DFG::ArgumentsSimplificationPhase::run):
1581         * dfg/DFGByteCodeParser.cpp:
1582         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1583         * dfg/DFGCommonData.cpp:
1584         (JSC::DFG::CommonData::addCodeOrigin):
1585         (JSC::DFG::CommonData::shrinkToFit):
1586         * dfg/DFGCommonData.h:
1587         * dfg/DFGDesiredWriteBarriers.cpp:
1588         (JSC::DFG::DesiredWriteBarrier::DesiredWriteBarrier):
1589         (JSC::DFG::DesiredWriteBarrier::trigger):
1590         * dfg/DFGDesiredWriteBarriers.h:
1591         (JSC::DFG::DesiredWriteBarriers::add):
1592         (JSC::DFG::initializeLazyWriteBarrierForInlineCallFrameExecutable):
1593         (JSC::DFG::initializeLazyWriteBarrierForInlineCallFrameCallee):
1594         * dfg/DFGGraph.cpp:
1595         (JSC::DFG::Graph::Graph):
1596         * dfg/DFGGraph.h:
1597         * dfg/DFGJITCompiler.cpp:
1598         (JSC::DFG::JITCompiler::JITCompiler):
1599         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1600         (JSC::DFG::JITCompiler::link):
1601         (JSC::DFG::JITCompiler::compileFunction):
1602         * dfg/DFGJITCompiler.h:
1603         (JSC::DFG::JITCompiler::emitStoreCodeOrigin):
1604         (JSC::DFG::JITCompiler::exceptionCheck):
1605         (JSC::DFG::JITCompiler::fastExceptionCheck):
1606         * dfg/DFGOperations.cpp:
1607         * dfg/DFGOperations.h:
1608         * dfg/DFGRepatch.cpp:
1609         (JSC::DFG::tryBuildGetByIDList):
1610         * dfg/DFGSpeculativeJIT.h:
1611         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
1612         (JSC::DFG::SpeculativeJIT::appendCallSetResult):
1613         (JSC::DFG::SpeculativeJIT::appendCall):
1614         * dfg/DFGSpeculativeJIT32_64.cpp:
1615         (JSC::DFG::SpeculativeJIT::emitCall):
1616         * dfg/DFGSpeculativeJIT64.cpp:
1617         (JSC::DFG::SpeculativeJIT::emitCall):
1618         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1619         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1620         * ftl/FTLLowerDFGToLLVM.cpp:
1621         (JSC::FTL::LowerDFGToLLVM::callPreflight):
1622         * jit/AssemblyHelpers.h:
1623         (JSC::AssemblyHelpers::emitExceptionCheck):
1624
1625 2013-09-23  Oliver Hunt  <oliver@apple.com>
1626
1627         CodeLoad performance regression
1628
1629         Reviewed by Filip Pizlo.
1630
1631         Temporarily remove the ExpressionInfo compression until we can
1632         work out how to make it not clobber performance.
1633
1634         * bytecode/UnlinkedCodeBlock.cpp:
1635         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset):
1636         (JSC::UnlinkedCodeBlock::addExpressionInfo):
1637         * bytecode/UnlinkedCodeBlock.h:
1638
1639 2013-09-23  Patrick Gansterer  <paroga@webkit.org>
1640
1641         Cleanup CMake files in JavaScriptCore
1642         https://bugs.webkit.org/show_bug.cgi?id=121762
1643
1644         Reviewed by Gyuyoung Kim.
1645
1646         Sort files and unify style.
1647
1648         * CMakeLists.txt:
1649         * shell/CMakeLists.txt:
1650         * shell/PlatformBlackBerry.cmake:
1651         * shell/PlatformEfl.cmake:
1652
1653 2013-09-22  Filip Pizlo  <fpizlo@apple.com>
1654
1655         Get rid of CodeBlock::RareData::callReturnIndexVector and most of the evil that it introduced
1656         https://bugs.webkit.org/show_bug.cgi?id=121766
1657
1658         Reviewed by Andreas Kling.
1659
1660         * bytecode/CodeBlock.cpp:
1661         (JSC::CodeBlock::shrinkToFit):
1662         * bytecode/CodeBlock.h:
1663         * dfg/DFGJITCompiler.cpp:
1664         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1665         (JSC::DFG::JITCompiler::link):
1666         * jit/JIT.cpp:
1667         (JSC::JIT::privateCompile):
1668
1669 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
1670
1671         Interpreter::unwind() has no need for the bytecodeOffset
1672         https://bugs.webkit.org/show_bug.cgi?id=121755
1673
1674         Reviewed by Oliver Hunt.
1675         
1676         It was only using the bytecodeOffset for some debugger stuff, but the debugger could
1677         just get the bytecodeOffset the same way the rest of the machinery does: by using the
1678         CallFrame's location.
1679         
1680         It turns out that a lot of really ugly code was in place just to supply this
1681         bytecodeOffset. This patch kills most of that code, and allows us to kill even more
1682         code in a future patch - though most likely that killage will involve further
1683         refactorings as well, see https://bugs.webkit.org/show_bug.cgi?id=121734.
1684
1685         * dfg/DFGOperations.cpp:
1686         * interpreter/CallFrame.cpp:
1687         (JSC::CallFrame::bytecodeOffset):
1688         (JSC::CallFrame::codeOrigin):
1689         * interpreter/CallFrame.h:
1690         * interpreter/Interpreter.cpp:
1691         (JSC::Interpreter::unwind):
1692         * interpreter/Interpreter.h:
1693         * jit/JITExceptions.cpp:
1694         (JSC::genericUnwind):
1695         * jit/JITExceptions.h:
1696         * jit/JITStubs.cpp:
1697         (JSC::DEFINE_STUB_FUNCTION):
1698         (JSC::cti_vm_handle_exception):
1699         * llint/LLIntExceptions.cpp:
1700         (JSC::LLInt::doThrow):
1701         (JSC::LLInt::returnToThrow):
1702         (JSC::LLInt::callToThrow):
1703         * llint/LLIntExceptions.h:
1704         * llint/LLIntSlowPaths.cpp:
1705         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1706         * runtime/CommonSlowPaths.cpp:
1707         (JSC::SLOW_PATH_DECL):
1708         * runtime/CommonSlowPathsExceptions.cpp:
1709         (JSC::CommonSlowPaths::interpreterThrowInCaller):
1710         * runtime/CommonSlowPathsExceptions.h:
1711
1712 2013-09-21  Darin Adler  <darin@apple.com>
1713
1714         Add ExecState::uncheckedArgument and use where possible to shrink a bit
1715         https://bugs.webkit.org/show_bug.cgi?id=121750
1716
1717         Reviewed by Andreas Kling.
1718
1719         * interpreter/CallFrame.h:
1720         (JSC::ExecState::uncheckedArgument): Added. Like argument, but with an
1721         assertion rather than a runtime check.
1722
1723         * API/APICallbackFunction.h:
1724         (JSC::APICallbackFunction::call): Use uncheckedArgument because we are
1725         already in a loop over arguments, so don't need a range check.
1726         * API/JSCallbackConstructor.cpp:
1727         (JSC::constructJSCallback): Ditto.
1728         * API/JSCallbackObjectFunctions.h:
1729         (JSC::JSCallbackObject::construct): Ditto.
1730         (JSC::JSCallbackObject::call): Ditto.
1731         * jsc.cpp:
1732         (functionPrint): Ditto.
1733         (functionRun): Ditto.
1734         (functionSetSamplingFlags): Ditto.
1735         (functionClearSamplingFlags): Ditto.
1736         * runtime/ArrayPrototype.cpp:
1737         (JSC::arrayProtoFuncConcat): Ditto.
1738         (JSC::arrayProtoFuncPush): Use uncheckedArgument because there is already
1739         code that explicitly checks argumentCount.
1740         (JSC::arrayProtoFuncSplice): Ditto.
1741         (JSC::arrayProtoFuncUnShift): Ditto.
1742         (JSC::arrayProtoFuncReduce): Ditto.
1743         (JSC::arrayProtoFuncReduceRight): Ditto.
1744         (JSC::arrayProtoFuncLastIndexOf): Ditto.
1745         * runtime/DatePrototype.cpp:
1746         (JSC::fillStructuresUsingTimeArgs): Ditto.
1747         (JSC::fillStructuresUsingDateArgs): Ditto.
1748         * runtime/JSArrayBufferConstructor.cpp:
1749         (JSC::constructArrayBuffer): Ditto.
1750         * runtime/JSArrayBufferPrototype.cpp:
1751         (JSC::arrayBufferProtoFuncSlice): Ditto.
1752         * runtime/JSBoundFunction.cpp:
1753         (JSC::boundFunctionCall): Ditto.
1754         (JSC::boundFunctionConstruct): Ditto.
1755         * runtime/JSDataViewPrototype.cpp:
1756         (JSC::getData): Ditto.
1757         (JSC::setData): Ditto.
1758         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
1759         (JSC::constructGenericTypedArrayView): Ditto.
1760         * runtime/JSGenericTypedArrayViewPrototypeInlines.h:
1761         (JSC::genericTypedArrayViewProtoFuncSet): Ditto.
1762         (JSC::genericTypedArrayViewProtoFuncSubarray): Ditto.
1763         * runtime/JSONObject.cpp:
1764         (JSC::JSONProtoFuncParse): Ditto.
1765         (JSC::JSONProtoFuncStringify): Ditto.
1766         * runtime/JSPromiseConstructor.cpp:
1767         (JSC::constructPromise): Ditto.
1768         (JSC::JSPromiseConstructorFuncFulfill): Ditto.
1769         (JSC::JSPromiseConstructorFuncResolve): Ditto.
1770         (JSC::JSPromiseConstructorFuncReject): Ditto.
1771         * runtime/MathObject.cpp:
1772         (JSC::mathProtoFuncMax): Ditto.
1773         (JSC::mathProtoFuncMin): Ditto.
1774
1775         * runtime/NameConstructor.cpp:
1776         (JSC::constructPrivateName): Removed unneeded check of argumentCout
1777         that simply repeats what argument already does.
1778         * runtime/NativeErrorConstructor.cpp:
1779         (JSC::Interpreter::constructWithNativeErrorConstructor): Ditto.
1780         (JSC::Interpreter::callNativeErrorConstructor): Ditto.
1781
1782         * runtime/NumberConstructor.cpp:
1783         (JSC::constructWithNumberConstructor): Use uncheckedArgument since
1784         there is already code that explicitly checks argument count.
1785         (JSC::callNumberConstructor): Ditto.
1786
1787         * runtime/ObjectConstructor.cpp:
1788         (JSC::objectConstructorCreate): Small refactoring to not call argument(0)
1789         three times.
1790
1791         * runtime/SetConstructor.cpp:
1792         (JSC::constructSet): Use uncheckedArgument since we are already in a loop
1793         over arguments.
1794
1795         * runtime/StringConstructor.cpp:
1796         (JSC::stringFromCharCodeSlowCase): In a loop.
1797         (JSC::stringFromCharCode): Already checked count.
1798         (JSC::constructWithStringConstructor): Ditto.
1799         (JSC::callStringConstructor): Ditto.
1800         * runtime/StringPrototype.cpp:
1801         (JSC::stringProtoFuncConcat): Already checked count.
1802         * runtime/TestRunnerUtils.cpp:
1803         (JSC::numberOfDFGCompiles): Ditto.
1804         (JSC::setNeverInline): Ditto.
1805
1806 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
1807
1808         Remove the notion that a CallFrame can have a pointer to an InlineCallFrame, since that doesn't happen anymore
1809         https://bugs.webkit.org/show_bug.cgi?id=121753
1810
1811         Reviewed by Darin Adler.
1812
1813         * interpreter/CallFrame.cpp:
1814         (JSC::CallFrame::bytecodeOffsetFromCodeOriginIndex):
1815         * interpreter/CallFrame.h:
1816         * interpreter/Register.h:
1817
1818 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
1819
1820         Unreviewed, fix the revert.
1821
1822         * dfg/DFGRepatch.cpp:
1823
1824 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
1825
1826         Unreviewed, revert http://trac.webkit.org/changeset/156235. It won't work on Windows.
1827
1828         * CMakeLists.txt:
1829         * GNUmakefile.list.am:
1830         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1831         * JavaScriptCore.xcodeproj/project.pbxproj:
1832         * Target.pri:
1833         * bytecode/CallLinkInfo.cpp:
1834         (JSC::CallLinkInfo::unlink):
1835         * bytecode/CodeBlock.cpp:
1836         (JSC::CodeBlock::resetStubInternal):
1837         * bytecode/StructureStubInfo.h:
1838         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
1839         (JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
1840         (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
1841         * dfg/DFGJITCompiler.h:
1842         * dfg/DFGOSRExitCompiler.h:
1843         * dfg/DFGOperations.cpp:
1844         (JSC::DFG::operationPutByValInternal):
1845         * dfg/DFGOperations.h:
1846         (JSC::DFG::operationNewTypedArrayWithSizeForType):
1847         (JSC::DFG::operationNewTypedArrayWithOneArgumentForType):
1848         * dfg/DFGRegisterSet.h: Added.
1849         (JSC::DFG::RegisterSet::RegisterSet):
1850         (JSC::DFG::RegisterSet::asPOD):
1851         (JSC::DFG::RegisterSet::copyInfo):
1852         (JSC::DFG::RegisterSet::set):
1853         (JSC::DFG::RegisterSet::setGPRByIndex):
1854         (JSC::DFG::RegisterSet::clear):
1855         (JSC::DFG::RegisterSet::get):
1856         (JSC::DFG::RegisterSet::getGPRByIndex):
1857         (JSC::DFG::RegisterSet::getFreeGPR):
1858         (JSC::DFG::RegisterSet::setFPRByIndex):
1859         (JSC::DFG::RegisterSet::getFPRByIndex):
1860         (JSC::DFG::RegisterSet::setByIndex):
1861         (JSC::DFG::RegisterSet::getByIndex):
1862         (JSC::DFG::RegisterSet::numberOfSetGPRs):
1863         (JSC::DFG::RegisterSet::numberOfSetFPRs):
1864         (JSC::DFG::RegisterSet::numberOfSetRegisters):
1865         (JSC::DFG::RegisterSet::setBit):
1866         (JSC::DFG::RegisterSet::clearBit):
1867         (JSC::DFG::RegisterSet::getBit):
1868         * dfg/DFGRepatch.cpp: Added.
1869         (JSC::DFG::repatchCall):
1870         (JSC::DFG::repatchByIdSelfAccess):
1871         (JSC::DFG::addStructureTransitionCheck):
1872         (JSC::DFG::replaceWithJump):
1873         (JSC::DFG::emitRestoreScratch):
1874         (JSC::DFG::linkRestoreScratch):
1875         (JSC::DFG::generateProtoChainAccessStub):
1876         (JSC::DFG::tryCacheGetByID):
1877         (JSC::DFG::repatchGetByID):
1878         (JSC::DFG::getPolymorphicStructureList):
1879         (JSC::DFG::patchJumpToGetByIdStub):
1880         (JSC::DFG::tryBuildGetByIDList):
1881         (JSC::DFG::buildGetByIDList):
1882         (JSC::DFG::appropriateGenericPutByIdFunction):
1883         (JSC::DFG::appropriateListBuildingPutByIdFunction):
1884         (JSC::DFG::emitPutReplaceStub):
1885         (JSC::DFG::emitPutTransitionStub):
1886         (JSC::DFG::tryCachePutByID):
1887         (JSC::DFG::repatchPutByID):
1888         (JSC::DFG::tryBuildPutByIdList):
1889         (JSC::DFG::buildPutByIdList):
1890         (JSC::DFG::tryRepatchIn):
1891         (JSC::DFG::repatchIn):
1892         (JSC::DFG::linkSlowFor):
1893         (JSC::DFG::linkFor):
1894         (JSC::DFG::linkClosureCall):
1895         (JSC::DFG::resetGetByID):
1896         (JSC::DFG::resetPutByID):
1897         (JSC::DFG::resetIn):
1898         * dfg/DFGRepatch.h: Added.
1899         (JSC::DFG::resetGetByID):
1900         (JSC::DFG::resetPutByID):
1901         (JSC::DFG::resetIn):
1902         * dfg/DFGScratchRegisterAllocator.h: Added.
1903         (JSC::DFG::ScratchRegisterAllocator::ScratchRegisterAllocator):
1904         (JSC::DFG::ScratchRegisterAllocator::lock):
1905         (JSC::DFG::ScratchRegisterAllocator::allocateScratch):
1906         (JSC::DFG::ScratchRegisterAllocator::allocateScratchGPR):
1907         (JSC::DFG::ScratchRegisterAllocator::allocateScratchFPR):
1908         (JSC::DFG::ScratchRegisterAllocator::didReuseRegisters):
1909         (JSC::DFG::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
1910         (JSC::DFG::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
1911         (JSC::DFG::ScratchRegisterAllocator::desiredScratchBufferSize):
1912         (JSC::DFG::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
1913         (JSC::DFG::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
1914         * dfg/DFGSpeculativeJIT.cpp:
1915         (JSC::DFG::SpeculativeJIT::writeBarrier):
1916         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
1917         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
1918         (JSC::DFG::SpeculativeJIT::compare):
1919         * dfg/DFGSpeculativeJIT.h:
1920         (JSC::DFG::SpeculativeJIT::callOperation):
1921         * dfg/DFGSpeculativeJIT32_64.cpp:
1922         (JSC::DFG::SpeculativeJIT::cachedPutById):
1923         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
1924         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
1925         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
1926         (JSC::DFG::SpeculativeJIT::compile):
1927         * dfg/DFGSpeculativeJIT64.cpp:
1928         (JSC::DFG::SpeculativeJIT::cachedPutById):
1929         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
1930         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
1931         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
1932         (JSC::DFG::SpeculativeJIT::compile):
1933         * dfg/DFGThunks.cpp:
1934         (JSC::DFG::emitPointerValidation):
1935         (JSC::DFG::throwExceptionFromCallSlowPathGenerator):
1936         (JSC::DFG::slowPathFor):
1937         (JSC::DFG::linkForThunkGenerator):
1938         (JSC::DFG::linkCallThunkGenerator):
1939         (JSC::DFG::linkConstructThunkGenerator):
1940         (JSC::DFG::linkClosureCallThunkGenerator):
1941         (JSC::DFG::virtualForThunkGenerator):
1942         (JSC::DFG::virtualCallThunkGenerator):
1943         (JSC::DFG::virtualConstructThunkGenerator):
1944         * dfg/DFGThunks.h:
1945         * ftl/FTLIntrinsicRepository.h:
1946         * ftl/FTLLowerDFGToLLVM.cpp:
1947         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
1948         * ftl/FTLOSRExitCompiler.h:
1949         * jit/AssemblyHelpers.h:
1950         * jit/JIT.cpp:
1951         (JSC::JIT::linkFor):
1952         (JSC::JIT::linkSlowCall):
1953         * jit/JITCall.cpp:
1954         (JSC::JIT::compileCallEvalSlowCase):
1955         (JSC::JIT::compileOpCallSlowCase):
1956         (JSC::JIT::privateCompileClosureCall):
1957         * jit/JITCall32_64.cpp:
1958         (JSC::JIT::compileCallEvalSlowCase):
1959         (JSC::JIT::compileOpCallSlowCase):
1960         (JSC::JIT::privateCompileClosureCall):
1961         * jit/JITOperationWrappers.h: Removed.
1962         * jit/JITOperations.cpp: Removed.
1963         * jit/JITOperations.h: Removed.
1964         * jit/RegisterSet.h: Removed.
1965         * jit/Repatch.cpp: Removed.
1966         * jit/Repatch.h: Removed.
1967         * jit/ScratchRegisterAllocator.h: Removed.
1968         * jit/ThunkGenerators.cpp:
1969         (JSC::generateSlowCaseFor):
1970         (JSC::linkForGenerator):
1971         (JSC::linkCallGenerator):
1972         (JSC::linkConstructGenerator):
1973         (JSC::linkClosureCallGenerator):
1974         (JSC::virtualForGenerator):
1975         (JSC::virtualCallGenerator):
1976         (JSC::virtualConstructGenerator):
1977         * jit/ThunkGenerators.h:
1978
1979 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
1980
1981         Move DFG inline caching logic into jit/
1982         https://bugs.webkit.org/show_bug.cgi?id=121749
1983
1984         Rubber stamped by Sam Weinig.
1985         
1986         We want to get rid of the baseline JIT's inline caching machinery and have it use the
1987         DFG's instead. But before we do that we need to move the DFG's inline caching machine
1988         out from behind its ENABLE(DFG_JIT) guards and make it available to the whole system.
1989         This patch does that:
1990         
1991         - dfg/DFGRepatch becomes jit/Repatch.
1992         
1993         - The thunks used by the DFG IC go into jit/ThunkGenerators, instead of dfg/DFGThunks.
1994         
1995         - The operations used by the DFG IC go into jit/JITOperations, instead of
1996           dfg/DFGOperations.
1997         
1998         - The old JIT's thunk generators for calls are renamed to reduce confusion. Previously
1999           it was easy to know which generators belong to which JIT because the old JIT used
2000           JSC::virtualCallBlah and the DFG used JSC::DFG::virtualCallBlah, but that's not the
2001           case anymore. Note that the old JIT's thunk generators will die in a future patch.
2002         
2003         No functional changes beyond those moves.
2004
2005         * CMakeLists.txt:
2006         * GNUmakefile.list.am:
2007         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2008         * JavaScriptCore.xcodeproj/project.pbxproj:
2009         * Target.pri:
2010         * bytecode/CallLinkInfo.cpp:
2011         (JSC::CallLinkInfo::unlink):
2012         * bytecode/CodeBlock.cpp:
2013         (JSC::CodeBlock::resetStubInternal):
2014         * bytecode/StructureStubInfo.h:
2015         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
2016         (JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
2017         (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
2018         * dfg/DFGJITCompiler.h:
2019         * dfg/DFGOSRExitCompiler.h:
2020         * dfg/DFGOperations.cpp:
2021         (JSC::DFG::operationPutByValInternal):
2022         * dfg/DFGOperations.h:
2023         (JSC::DFG::operationNewTypedArrayWithSizeForType):
2024         (JSC::DFG::operationNewTypedArrayWithOneArgumentForType):
2025         * dfg/DFGRegisterSet.h: Removed.
2026         * dfg/DFGRepatch.cpp: Removed.
2027         * dfg/DFGRepatch.h: Removed.
2028         * dfg/DFGScratchRegisterAllocator.h: Removed.
2029         * dfg/DFGSpeculativeJIT.cpp:
2030         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
2031         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
2032         (JSC::DFG::SpeculativeJIT::compare):
2033         * dfg/DFGSpeculativeJIT.h:
2034         (JSC::DFG::SpeculativeJIT::callOperation):
2035         * dfg/DFGSpeculativeJIT32_64.cpp:
2036         (JSC::DFG::SpeculativeJIT::cachedPutById):
2037         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
2038         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
2039         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
2040         (JSC::DFG::SpeculativeJIT::compile):
2041         * dfg/DFGSpeculativeJIT64.cpp:
2042         (JSC::DFG::SpeculativeJIT::cachedPutById):
2043         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
2044         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
2045         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
2046         (JSC::DFG::SpeculativeJIT::compile):
2047         * dfg/DFGThunks.cpp:
2048         * dfg/DFGThunks.h:
2049         * ftl/FTLIntrinsicRepository.h:
2050         * ftl/FTLLowerDFGToLLVM.cpp:
2051         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
2052         * jit/AssemblyHelpers.h:
2053         (JSC::AssemblyHelpers::writeBarrier):
2054         * jit/JIT.cpp:
2055         (JSC::JIT::linkFor):
2056         (JSC::JIT::linkSlowCall):
2057         * jit/JITCall.cpp:
2058         (JSC::JIT::compileCallEval):
2059         (JSC::JIT::compileCallEvalSlowCase):
2060         (JSC::JIT::compileOpCallSlowCase):
2061         (JSC::JIT::privateCompileClosureCall):
2062         * jit/JITCall32_64.cpp:
2063         (JSC::JIT::compileCallEvalSlowCase):
2064         (JSC::JIT::compileOpCallSlowCase):
2065         (JSC::JIT::privateCompileClosureCall):
2066         * jit/JITOperationWrappers.h: Added.
2067         * jit/JITOperations.cpp: Added.
2068         * jit/JITOperations.h: Added.
2069         * jit/RegisterSet.h: Added.
2070         (JSC::RegisterSet::RegisterSet):
2071         (JSC::RegisterSet::asPOD):
2072         (JSC::RegisterSet::copyInfo):
2073         (JSC::RegisterSet::set):
2074         (JSC::RegisterSet::setGPRByIndex):
2075         (JSC::RegisterSet::clear):
2076         (JSC::RegisterSet::get):
2077         (JSC::RegisterSet::getGPRByIndex):
2078         (JSC::RegisterSet::getFreeGPR):
2079         (JSC::RegisterSet::setFPRByIndex):
2080         (JSC::RegisterSet::getFPRByIndex):
2081         (JSC::RegisterSet::setByIndex):
2082         (JSC::RegisterSet::getByIndex):
2083         (JSC::RegisterSet::numberOfSetGPRs):
2084         (JSC::RegisterSet::numberOfSetFPRs):
2085         (JSC::RegisterSet::numberOfSetRegisters):
2086         (JSC::RegisterSet::setBit):
2087         (JSC::RegisterSet::clearBit):
2088         (JSC::RegisterSet::getBit):
2089         * jit/Repatch.cpp: Added.
2090         (JSC::repatchCall):
2091         (JSC::repatchByIdSelfAccess):
2092         (JSC::addStructureTransitionCheck):
2093         (JSC::replaceWithJump):
2094         (JSC::emitRestoreScratch):
2095         (JSC::linkRestoreScratch):
2096         (JSC::generateProtoChainAccessStub):
2097         (JSC::tryCacheGetByID):
2098         (JSC::repatchGetByID):
2099         (JSC::getPolymorphicStructureList):
2100         (JSC::patchJumpToGetByIdStub):
2101         (JSC::tryBuildGetByIDList):
2102         (JSC::buildGetByIDList):
2103         (JSC::appropriateGenericPutByIdFunction):
2104         (JSC::appropriateListBuildingPutByIdFunction):
2105         (JSC::emitPutReplaceStub):
2106         (JSC::emitPutTransitionStub):
2107         (JSC::tryCachePutByID):
2108         (JSC::repatchPutByID):
2109         (JSC::tryBuildPutByIdList):
2110         (JSC::buildPutByIdList):
2111         (JSC::tryRepatchIn):
2112         (JSC::repatchIn):
2113         (JSC::linkSlowFor):
2114         (JSC::linkFor):
2115         (JSC::linkClosureCall):
2116         (JSC::resetGetByID):
2117         (JSC::resetPutByID):
2118         (JSC::resetIn):
2119         * jit/Repatch.h: Added.
2120         (JSC::resetGetByID):
2121         (JSC::resetPutByID):
2122         (JSC::resetIn):
2123         * jit/ScratchRegisterAllocator.h: Added.
2124         (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
2125         (JSC::ScratchRegisterAllocator::lock):
2126         (JSC::ScratchRegisterAllocator::allocateScratch):
2127         (JSC::ScratchRegisterAllocator::allocateScratchGPR):
2128         (JSC::ScratchRegisterAllocator::allocateScratchFPR):
2129         (JSC::ScratchRegisterAllocator::didReuseRegisters):
2130         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
2131         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
2132         (JSC::ScratchRegisterAllocator::desiredScratchBufferSize):
2133         (JSC::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
2134         (JSC::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
2135         * jit/ThunkGenerators.cpp:
2136         (JSC::oldStyleGenerateSlowCaseFor):
2137         (JSC::oldStyleLinkForGenerator):
2138         (JSC::oldStyleLinkCallGenerator):
2139         (JSC::oldStyleLinkConstructGenerator):
2140         (JSC::oldStyleLinkClosureCallGenerator):
2141         (JSC::oldStyleVirtualForGenerator):
2142         (JSC::oldStyleVirtualCallGenerator):
2143         (JSC::oldStyleVirtualConstructGenerator):
2144         (JSC::emitPointerValidation):
2145         (JSC::throwExceptionFromCallSlowPathGenerator):
2146         (JSC::slowPathFor):
2147         (JSC::linkForThunkGenerator):
2148         (JSC::linkCallThunkGenerator):
2149         (JSC::linkConstructThunkGenerator):
2150         (JSC::linkClosureCallThunkGenerator):
2151         (JSC::virtualForThunkGenerator):
2152         (JSC::virtualCallThunkGenerator):
2153         (JSC::virtualConstructThunkGenerator):
2154         * jit/ThunkGenerators.h:
2155
2156 2013-09-21  Anders Carlsson  <andersca@apple.com>
2157
2158         Fix the non-DFG build.
2159
2160         * interpreter/Interpreter.cpp:
2161         (JSC::unwindCallFrame):
2162         * interpreter/StackVisitor.cpp:
2163         (JSC::StackVisitor::Frame::r):
2164
2165 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
2166
2167         Get rid of IsInlinedCodeTag and its associated methods since it's unused
2168         https://bugs.webkit.org/show_bug.cgi?id=121737
2169
2170         Reviewed by Sam Weinig.
2171         
2172         This was meant to be easy, but I kept wondering if it was safe to remove the
2173         inline call frame check in Arguments::tearOff(). The check was clearly dead
2174         since the bit wasn't being set anywhere.
2175         
2176         It turns out that the unwindCallFrame() function was relying on tearOff()
2177         doing the right thing for inlined code, but it wasn't even passing it an
2178         inline call frame. I fixed this by having unwindCallFrame() inlining check,
2179         while also making sure that the code uses the right operand index for the
2180         arguments register.
2181
2182         * interpreter/CallFrame.h:
2183         * interpreter/CallFrameInlines.h:
2184         * interpreter/Interpreter.cpp:
2185         (JSC::unwindCallFrame):
2186         * interpreter/StackVisitor.cpp:
2187         (JSC::StackVisitor::Frame::r):
2188         * interpreter/StackVisitor.h:
2189         * runtime/Arguments.cpp:
2190         (JSC::Arguments::tearOff):
2191
2192 2013-09-20  Mark Hahnenberg  <mhahnenberg@apple.com>
2193
2194         (un)shiftCountWithAnyIndexingType will start over in the middle of copying if it sees a hole
2195         https://bugs.webkit.org/show_bug.cgi?id=121717
2196
2197         Reviewed by Oliver Hunt.
2198
2199         This bug caused the array to become corrupted. We now check for holes before we start moving things, 
2200         and start moving things only once we've determined that there are none.
2201
2202         * runtime/JSArray.cpp:
2203         (JSC::JSArray::shiftCountWithAnyIndexingType):
2204         (JSC::JSArray::unshiftCountWithAnyIndexingType):
2205
2206 2013-09-20  Filip Pizlo  <fpizlo@apple.com>
2207
2208         REGRESSION(r156047): WebCore hangs inside JSC::toInt32(double)
2209         https://bugs.webkit.org/show_bug.cgi?id=121648
2210
2211         Reviewed by Mark Hahnenberg.
2212         
2213         The Int52<->StrictInt52 conversion did the opposite fill() than what it was
2214         supposed to. For example when converting a Int52 to a StrictInt52 it would fill
2215         as Int52, and vice-versa.
2216
2217         * dfg/DFGSpeculativeJIT64.cpp:
2218         (JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
2219
2220 2013-09-20  Oliver Hunt  <oliver@apple.com>
2221
2222         REGRESSION(r153215): New iCloud site crashes
2223         https://bugs.webkit.org/show_bug.cgi?id=121710
2224
2225         Reviewed by Filip Pizlo.
2226
2227         Don't claim to be able to rely on the arguments structure, use the Arguments
2228         speculation type
2229
2230         * dfg/DFGAbstractInterpreterInlines.h:
2231         (JSC::DFG::::executeEffects):
2232
2233 2013-09-20  Mark Hahnenberg  <mhahnenberg@apple.com>
2234
2235         Clobberize phase forgets to indicate that it writes GCState for several node types
2236         https://bugs.webkit.org/show_bug.cgi?id=121702
2237
2238         Reviewed by Oliver Hunt.
2239
2240         Added read and write for GCState to the nodes that could end up allocating (and thereby
2241         cause a garbage collection).
2242
2243         * dfg/DFGClobberize.h:
2244         (JSC::DFG::clobberize):
2245
2246 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2247
2248         Move CCallHelpers and AssemblyHelpers into jit/ and have JSInterfaceJIT use them
2249         https://bugs.webkit.org/show_bug.cgi?id=121637
2250
2251         Rubber stamped by Michael Saboff.
2252         
2253         Also moved GPRInfo/FPRInfo into jit/. Rolling back in after fixing JIT-only build
2254         and tests.
2255
2256         * CMakeLists.txt:
2257         * GNUmakefile.list.am:
2258         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2259         * JavaScriptCore.xcodeproj/project.pbxproj:
2260         * Target.pri:
2261         * bytecode/ValueRecovery.h:
2262         (JSC::ValueRecovery::dumpInContext):
2263         * dfg/DFGAssemblyHelpers.cpp: Removed.
2264         * dfg/DFGAssemblyHelpers.h: Removed.
2265         * dfg/DFGBinarySwitch.h:
2266         * dfg/DFGByteCodeParser.cpp:
2267         * dfg/DFGCCallHelpers.h: Removed.
2268         * dfg/DFGDisassembler.cpp:
2269         * dfg/DFGFPRInfo.h: Removed.
2270         * dfg/DFGGPRInfo.h: Removed.
2271         * dfg/DFGGraph.cpp:
2272         * dfg/DFGGraph.h:
2273         * dfg/DFGJITCompiler.h:
2274         * dfg/DFGOSRExit.cpp:
2275         * dfg/DFGOSRExit.h:
2276         * dfg/DFGOSRExitCompiler.h:
2277         * dfg/DFGOSRExitCompilerCommon.h:
2278         * dfg/DFGRegisterBank.h:
2279         * dfg/DFGRegisterSet.h:
2280         * dfg/DFGRepatch.cpp:
2281         * dfg/DFGSilentRegisterSavePlan.h:
2282         * dfg/DFGThunks.cpp:
2283         * dfg/DFGVariableEvent.cpp:
2284         * ftl/FTLCArgumentGetter.h:
2285         (JSC::FTL::CArgumentGetter::CArgumentGetter):
2286         (JSC::FTL::CArgumentGetter::loadNext8):
2287         (JSC::FTL::CArgumentGetter::loadNext32):
2288         (JSC::FTL::CArgumentGetter::loadNext64):
2289         (JSC::FTL::CArgumentGetter::loadNextPtr):
2290         (JSC::FTL::CArgumentGetter::loadNextDouble):
2291         * ftl/FTLCompile.cpp:
2292         * ftl/FTLExitThunkGenerator.h:
2293         * ftl/FTLLink.cpp:
2294         * ftl/FTLThunks.cpp:
2295         * jit/AssemblyHelpers.cpp: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.cpp.
2296         * jit/AssemblyHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.h.
2297         (JSC::AssemblyHelpers::AssemblyHelpers):
2298         (JSC::AssemblyHelpers::debugCall):
2299         * jit/CCallHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGCCallHelpers.h.
2300         * jit/FPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGFPRInfo.h.
2301         (WTF::printInternal):
2302         * jit/GPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGGPRInfo.h.
2303         (WTF::printInternal):
2304         * jit/JIT.cpp:
2305         (JSC::JIT::JIT):
2306         * jit/JIT.h:
2307         * jit/JITPropertyAccess.cpp:
2308         (JSC::JIT::stringGetByValStubGenerator):
2309         * jit/JITPropertyAccess32_64.cpp:
2310         (JSC::JIT::stringGetByValStubGenerator):
2311         * jit/JSInterfaceJIT.h:
2312         (JSC::JSInterfaceJIT::JSInterfaceJIT):
2313         * jit/SpecializedThunkJIT.h:
2314         (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
2315         (JSC::SpecializedThunkJIT::finalize):
2316         * jit/ThunkGenerators.cpp:
2317         (JSC::linkForGenerator):
2318         (JSC::virtualForGenerator):
2319         (JSC::stringLengthTrampolineGenerator):
2320         (JSC::nativeForGenerator):
2321         (JSC::arityFixup):
2322         (JSC::charCodeAtThunkGenerator):
2323         (JSC::charAtThunkGenerator):
2324         (JSC::fromCharCodeThunkGenerator):
2325         (JSC::sqrtThunkGenerator):
2326         (JSC::floorThunkGenerator):
2327         (JSC::ceilThunkGenerator):
2328         (JSC::roundThunkGenerator):
2329         (JSC::expThunkGenerator):
2330         (JSC::logThunkGenerator):
2331         (JSC::absThunkGenerator):
2332         (JSC::powThunkGenerator):
2333         (JSC::imulThunkGenerator):
2334         * llint/LLIntThunks.cpp:
2335         (JSC::LLInt::generateThunkWithJumpTo):
2336         * runtime/JSCJSValue.h:
2337
2338 2013-09-20  Allan Sandfeld Jensen  <allan.jensen@digia.com>
2339
2340         Inline method exported
2341         https://bugs.webkit.org/show_bug.cgi?id=121664
2342
2343         Reviewed by Darin Adler.
2344
2345         WatchDog::didFire() is marked as an exported symbol eventhough it is
2346         defined inline. This breaks the build on MinGW since it results in dllimport
2347         being declared on a definition.
2348
2349         * runtime/Watchdog.h:
2350         (JSC::Watchdog::didFire):
2351
2352 2013-09-20  Patrick Gansterer  <paroga@webkit.org>
2353
2354         [CMake] Use COMPILE_DEFINITIONS target property for setting BUILDING_* defines
2355         https://bugs.webkit.org/show_bug.cgi?id=121672
2356
2357         Reviewed by Gyuyoung Kim.
2358
2359         Since the scope of add_definitions() is always a whole file, we need to use
2360         target properties instead to set definitions only for specific targets.
2361
2362         * CMakeLists.txt:
2363
2364 2013-09-19  Commit Queue  <commit-queue@webkit.org>
2365
2366         Unreviewed, rolling out r156120.
2367         http://trac.webkit.org/changeset/156120
2368         https://bugs.webkit.org/show_bug.cgi?id=121651
2369
2370         Broke windows runtime and all tests (Requested by bfulgham on
2371         #webkit).
2372
2373         * CMakeLists.txt:
2374         * GNUmakefile.list.am:
2375         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2376         * JavaScriptCore.xcodeproj/project.pbxproj:
2377         * Target.pri:
2378         * bytecode/ValueRecovery.h:
2379         (JSC::ValueRecovery::dumpInContext):
2380         * dfg/DFGAssemblyHelpers.cpp: Renamed from Source/JavaScriptCore/jit/AssemblyHelpers.cpp.
2381         (JSC::DFG::AssemblyHelpers::executableFor):
2382         (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
2383         (JSC::DFG::AssemblyHelpers::setSamplingFlag):
2384         (JSC::DFG::AssemblyHelpers::clearSamplingFlag):
2385         (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
2386         (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
2387         (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
2388         (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
2389         (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
2390         (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame):
2391         * dfg/DFGAssemblyHelpers.h: Renamed from Source/JavaScriptCore/jit/AssemblyHelpers.h.
2392         (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
2393         (JSC::DFG::AssemblyHelpers::codeBlock):
2394         (JSC::DFG::AssemblyHelpers::vm):
2395         (JSC::DFG::AssemblyHelpers::assembler):
2396         (JSC::DFG::AssemblyHelpers::preserveReturnAddressAfterCall):
2397         (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
2398         (JSC::DFG::AssemblyHelpers::emitGetFromCallFrameHeaderPtr):
2399         (JSC::DFG::AssemblyHelpers::emitPutToCallFrameHeader):
2400         (JSC::DFG::AssemblyHelpers::emitPutImmediateToCallFrameHeader):
2401         (JSC::DFG::AssemblyHelpers::branchIfNotCell):
2402         (JSC::DFG::AssemblyHelpers::addressFor):
2403         (JSC::DFG::AssemblyHelpers::tagFor):
2404         (JSC::DFG::AssemblyHelpers::payloadFor):
2405         (JSC::DFG::AssemblyHelpers::branchIfNotObject):
2406         (JSC::DFG::AssemblyHelpers::selectScratchGPR):
2407         (JSC::DFG::AssemblyHelpers::debugCall):
2408         (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
2409         (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
2410         (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
2411         (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
2412         (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
2413         (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame):
2414         (JSC::DFG::AssemblyHelpers::boxDouble):
2415         (JSC::DFG::AssemblyHelpers::unboxDouble):
2416         (JSC::DFG::AssemblyHelpers::boxInt52):
2417         (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
2418         (JSC::DFG::AssemblyHelpers::emitCount):
2419         (JSC::DFG::AssemblyHelpers::globalObjectFor):
2420         (JSC::DFG::AssemblyHelpers::strictModeFor):
2421         (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor):
2422         (JSC::DFG::AssemblyHelpers::baselineCodeBlock):
2423         (JSC::DFG::AssemblyHelpers::argumentsRegisterFor):
2424         (JSC::DFG::AssemblyHelpers::symbolTableFor):
2425         (JSC::DFG::AssemblyHelpers::offsetOfLocals):
2426         (JSC::DFG::AssemblyHelpers::offsetOfArgumentsIncludingThis):
2427         * dfg/DFGBinarySwitch.h:
2428         * dfg/DFGByteCodeParser.cpp:
2429         * dfg/DFGCCallHelpers.h: Renamed from Source/JavaScriptCore/jit/CCallHelpers.h.
2430         (JSC::DFG::CCallHelpers::CCallHelpers):
2431         (JSC::DFG::CCallHelpers::resetCallArguments):
2432         (JSC::DFG::CCallHelpers::addCallArgument):
2433         (JSC::DFG::CCallHelpers::setupArguments):
2434         (JSC::DFG::CCallHelpers::setupArgumentsExecState):
2435         (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
2436         (JSC::DFG::CCallHelpers::setupTwoStubArgs):
2437         (JSC::DFG::CCallHelpers::setupStubArguments):
2438         (JSC::DFG::CCallHelpers::setupResults):
2439         * dfg/DFGDisassembler.cpp:
2440         * dfg/DFGFPRInfo.h: Renamed from Source/JavaScriptCore/jit/FPRInfo.h.
2441         (JSC::DFG::FPRInfo::toRegister):
2442         (JSC::DFG::FPRInfo::toIndex):
2443         (JSC::DFG::FPRInfo::toArgumentRegister):
2444         (JSC::DFG::FPRInfo::debugName):
2445         * dfg/DFGGPRInfo.h: Renamed from Source/JavaScriptCore/jit/GPRInfo.h.
2446         (JSC::DFG::JSValueRegs::JSValueRegs):
2447         (JSC::DFG::JSValueRegs::payloadOnly):
2448         (JSC::DFG::JSValueRegs::operator!):
2449         (JSC::DFG::JSValueRegs::gpr):
2450         (JSC::DFG::JSValueRegs::payloadGPR):
2451         (JSC::DFG::JSValueSource::JSValueSource):
2452         (JSC::DFG::JSValueSource::unboxedCell):
2453         (JSC::DFG::JSValueSource::operator!):
2454         (JSC::DFG::JSValueSource::isAddress):
2455         (JSC::DFG::JSValueSource::offset):
2456         (JSC::DFG::JSValueSource::base):
2457         (JSC::DFG::JSValueSource::gpr):
2458         (JSC::DFG::JSValueSource::asAddress):
2459         (JSC::DFG::JSValueSource::notAddress):
2460         (JSC::DFG::JSValueRegs::tagGPR):
2461         (JSC::DFG::JSValueSource::tagGPR):
2462         (JSC::DFG::JSValueSource::payloadGPR):
2463         (JSC::DFG::JSValueSource::hasKnownTag):
2464         (JSC::DFG::JSValueSource::tag):
2465         (JSC::DFG::GPRInfo::toRegister):
2466         (JSC::DFG::GPRInfo::toIndex):
2467         (JSC::DFG::GPRInfo::debugName):
2468         (JSC::DFG::GPRInfo::toArgumentRegister):
2469         * dfg/DFGGraph.cpp:
2470         * dfg/DFGGraph.h:
2471         * dfg/DFGJITCompiler.h:
2472         * dfg/DFGOSRExit.cpp:
2473         * dfg/DFGOSRExit.h:
2474         * dfg/DFGOSRExitCompiler.h:
2475         * dfg/DFGOSRExitCompilerCommon.h:
2476         * dfg/DFGRegisterBank.h:
2477         * dfg/DFGRegisterSet.h:
2478         * dfg/DFGRepatch.cpp:
2479         * dfg/DFGSilentRegisterSavePlan.h:
2480         * dfg/DFGThunks.cpp:
2481         * dfg/DFGVariableEvent.cpp:
2482         * ftl/FTLCArgumentGetter.h:
2483         (JSC::FTL::CArgumentGetter::CArgumentGetter):
2484         (JSC::FTL::CArgumentGetter::loadNext8):
2485         (JSC::FTL::CArgumentGetter::loadNext32):
2486         (JSC::FTL::CArgumentGetter::loadNext64):
2487         (JSC::FTL::CArgumentGetter::loadNextPtr):
2488         (JSC::FTL::CArgumentGetter::loadNextDouble):
2489         * ftl/FTLCompile.cpp:
2490         * ftl/FTLExitThunkGenerator.h:
2491         * ftl/FTLLink.cpp:
2492         * ftl/FTLThunks.cpp:
2493         * jit/JIT.cpp:
2494         (JSC::JIT::JIT):
2495         * jit/JIT.h:
2496         * jit/JITPropertyAccess.cpp:
2497         (JSC::JIT::stringGetByValStubGenerator):
2498         * jit/JITPropertyAccess32_64.cpp:
2499         (JSC::JIT::stringGetByValStubGenerator):
2500         * jit/JSInterfaceJIT.h:
2501         (JSC::JSInterfaceJIT::preserveReturnAddressAfterCall):
2502         (JSC::JSInterfaceJIT::restoreReturnAddressBeforeReturn):
2503         * jit/SpecializedThunkJIT.h:
2504         (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
2505         (JSC::SpecializedThunkJIT::finalize):
2506         * jit/ThunkGenerators.cpp:
2507         (JSC::linkForGenerator):
2508         (JSC::virtualForGenerator):
2509         (JSC::stringLengthTrampolineGenerator):
2510         (JSC::nativeForGenerator):
2511         (JSC::arityFixup):
2512         (JSC::charCodeAtThunkGenerator):
2513         (JSC::charAtThunkGenerator):
2514         (JSC::fromCharCodeThunkGenerator):
2515         (JSC::sqrtThunkGenerator):
2516         (JSC::floorThunkGenerator):
2517         (JSC::ceilThunkGenerator):
2518         (JSC::roundThunkGenerator):
2519         (JSC::expThunkGenerator):
2520         (JSC::logThunkGenerator):
2521         (JSC::absThunkGenerator):
2522         (JSC::powThunkGenerator):
2523         (JSC::imulThunkGenerator):
2524         * llint/LLIntThunks.cpp:
2525         (JSC::LLInt::generateThunkWithJumpTo):
2526         * runtime/JSCJSValue.h:
2527
2528 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2529
2530         Unreviewed, fix Windows build part 2. m_jitCodeMap should always be there.
2531
2532         * bytecode/CodeBlock.h:
2533         (JSC::CodeBlock::jitCodeMap):
2534
2535 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2536
2537         Remove some of the tautologies in DFGRepatch function naming.
2538
2539         Rubber stamped by Mark Hahnenberg.
2540         
2541         For example change DFG::dfgLinkFor() to be DFG::linkFor().
2542
2543         * bytecode/CodeBlock.cpp:
2544         (JSC::CodeBlock::resetStubInternal):
2545         * dfg/DFGOperations.cpp:
2546         * dfg/DFGRepatch.cpp:
2547         (JSC::DFG::repatchCall):
2548         (JSC::DFG::repatchByIdSelfAccess):
2549         (JSC::DFG::tryCacheGetByID):
2550         (JSC::DFG::repatchGetByID):
2551         (JSC::DFG::buildGetByIDList):
2552         (JSC::DFG::tryCachePutByID):
2553         (JSC::DFG::repatchPutByID):
2554         (JSC::DFG::buildPutByIdList):
2555         (JSC::DFG::repatchIn):
2556         (JSC::DFG::linkFor):
2557         (JSC::DFG::linkSlowFor):
2558         (JSC::DFG::linkClosureCall):
2559         (JSC::DFG::resetGetByID):
2560         (JSC::DFG::resetPutByID):
2561         (JSC::DFG::resetIn):
2562         * dfg/DFGRepatch.h:
2563         (JSC::DFG::resetGetByID):
2564         (JSC::DFG::resetPutByID):
2565         (JSC::DFG::resetIn):
2566
2567 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2568
2569         Unreviewed, fix Windows build. ScratchBuffer should always be available regardless of
2570         ENABLE_DFG_JIT.
2571
2572         * runtime/VM.h:
2573
2574 2013-09-19  Daniel Bates  <dabates@apple.com>
2575
2576         [iOS] Add more iOS logic to the JavaScriptCore build configuration files
2577         https://bugs.webkit.org/show_bug.cgi?id=121635
2578
2579         Reviewed by Geoffrey Garen.
2580
2581         Towards building JavaScriptCore for both OS X and iOS using the same
2582         set of configuration files, add more iOS logic.
2583
2584         * Configurations/Base.xcconfig:
2585         * Configurations/JSC.xcconfig:
2586         * Configurations/JavaScriptCore.xcconfig:
2587         * Configurations/ToolExecutable.xcconfig:
2588
2589 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2590
2591         Move CCallHelpers and AssemblyHelpers into jit/ and have JSInterfaceJIT use them
2592         https://bugs.webkit.org/show_bug.cgi?id=121637
2593
2594         Rubber stamped by Michael Saboff.
2595         
2596         Also moved GPRInfo/FPRInfo into jit/.
2597
2598         * CMakeLists.txt:
2599         * GNUmakefile.list.am:
2600         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2601         * JavaScriptCore.xcodeproj/project.pbxproj:
2602         * Target.pri:
2603         * bytecode/ValueRecovery.h:
2604         (JSC::ValueRecovery::dumpInContext):
2605         * dfg/DFGAssemblyHelpers.cpp: Removed.
2606         * dfg/DFGAssemblyHelpers.h: Removed.
2607         * dfg/DFGBinarySwitch.h:
2608         * dfg/DFGByteCodeParser.cpp:
2609         * dfg/DFGCCallHelpers.h: Removed.
2610         * dfg/DFGDisassembler.cpp:
2611         * dfg/DFGFPRInfo.h: Removed.
2612         * dfg/DFGGPRInfo.h: Removed.
2613         * dfg/DFGGraph.cpp:
2614         * dfg/DFGGraph.h:
2615         * dfg/DFGJITCompiler.h:
2616         * dfg/DFGOSRExit.cpp:
2617         * dfg/DFGOSRExit.h:
2618         * dfg/DFGOSRExitCompiler.h:
2619         * dfg/DFGOSRExitCompilerCommon.h:
2620         * dfg/DFGRegisterBank.h:
2621         * dfg/DFGRegisterSet.h:
2622         * dfg/DFGRepatch.cpp:
2623         * dfg/DFGSilentRegisterSavePlan.h:
2624         * dfg/DFGThunks.cpp:
2625         * dfg/DFGVariableEvent.cpp:
2626         * ftl/FTLCArgumentGetter.h:
2627         (JSC::FTL::CArgumentGetter::CArgumentGetter):
2628         (JSC::FTL::CArgumentGetter::loadNext8):
2629         (JSC::FTL::CArgumentGetter::loadNext32):
2630         (JSC::FTL::CArgumentGetter::loadNext64):
2631         (JSC::FTL::CArgumentGetter::loadNextPtr):
2632         (JSC::FTL::CArgumentGetter::loadNextDouble):
2633         * ftl/FTLCompile.cpp:
2634         * ftl/FTLExitThunkGenerator.h:
2635         * ftl/FTLLink.cpp:
2636         * ftl/FTLThunks.cpp:
2637         * jit/AssemblyHelpers.cpp: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.cpp.
2638         * jit/AssemblyHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.h.
2639         (JSC::AssemblyHelpers::AssemblyHelpers):
2640         (JSC::AssemblyHelpers::debugCall):
2641         * jit/CCallHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGCCallHelpers.h.
2642         * jit/FPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGFPRInfo.h.
2643         (WTF::printInternal):
2644         * jit/GPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGGPRInfo.h.
2645         (WTF::printInternal):
2646         * jit/JIT.cpp:
2647         (JSC::JIT::JIT):
2648         * jit/JIT.h:
2649         * jit/JITPropertyAccess.cpp:
2650         (JSC::JIT::stringGetByValStubGenerator):
2651         * jit/JITPropertyAccess32_64.cpp:
2652         (JSC::JIT::stringGetByValStubGenerator):
2653         * jit/JSInterfaceJIT.h:
2654         (JSC::JSInterfaceJIT::JSInterfaceJIT):
2655         * jit/SpecializedThunkJIT.h:
2656         (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
2657         (JSC::SpecializedThunkJIT::finalize):
2658         * jit/ThunkGenerators.cpp:
2659         (JSC::linkForGenerator):
2660         (JSC::virtualForGenerator):
2661         (JSC::stringLengthTrampolineGenerator):
2662         (JSC::nativeForGenerator):
2663         (JSC::arityFixup):
2664         (JSC::charCodeAtThunkGenerator):
2665         (JSC::charAtThunkGenerator):
2666         (JSC::fromCharCodeThunkGenerator):
2667         (JSC::sqrtThunkGenerator):
2668         (JSC::floorThunkGenerator):
2669         (JSC::ceilThunkGenerator):
2670         (JSC::roundThunkGenerator):
2671         (JSC::expThunkGenerator):
2672         (JSC::logThunkGenerator):
2673         (JSC::absThunkGenerator):
2674         (JSC::powThunkGenerator):
2675         (JSC::imulThunkGenerator):
2676         * llint/LLIntThunks.cpp:
2677         (JSC::LLInt::generateThunkWithJumpTo):
2678         * runtime/JSCJSValue.h:
2679
2680 2013-09-19  Daniel Bates  <dabates@apple.com>
2681
2682         [iOS] Substitute UNREACHABLE_FOR_PLATFORM() for RELEASE_ASSERT_NOT_REACHED()
2683
2684         Rubber-stamped by Joseph Pecoraro.
2685
2686         Use UNREACHABLE_FOR_PLATFORM() instead of RELEASE_ASSERT_NOT_REACHED() in
2687         the non-x86/x86-64 variant of JIT::emitSlow_op_mod() so as to avoid a missing
2688         noreturn warning in Clang while simultaneously asserting unreachable code.
2689
2690         * jit/JITArithmetic.cpp:
2691         (JSC::JIT::emitSlow_op_mod):
2692
2693 2013-09-19  Michael Saboff  <msaboff@apple.com>
2694
2695         JSC: X86 disassembler shows 16, 32 and 64 bit displacements as unsigned
2696         https://bugs.webkit.org/show_bug.cgi?id=121625
2697
2698         Rubber-stamped by Filip Pizlo.
2699
2700         Chenged 16, 32 and 64 bit offsets to be signed.  Kept the original tab indented
2701         spacing to match the rest of the file.
2702
2703         * disassembler/udis86/udis86_syn-att.c:
2704         (gen_operand):
2705
2706 2013-09-19  Daniel Bates  <dabates@apple.com>
2707
2708         Remove names of unused arguments from the non-x86/x86-64 function prototype
2709         for JIT::emitSlow_op_mod()
2710
2711         Rubber-stamped by Ryosuke Niwa.
2712
2713         * jit/JITArithmetic.cpp:
2714         (JSC::JIT::emitSlow_op_mod):
2715
2716 2013-09-18  Sam Weinig  <sam@webkit.org>
2717
2718         Replace use of OwnArrayPtr<Foo> with std::unique_ptr<Foo[]> in JavaScriptCore
2719         https://bugs.webkit.org/show_bug.cgi?id=121583
2720
2721         Reviewed by Anders Carlsson.
2722
2723         * API/JSStringRefCF.cpp:
2724         (JSStringCreateWithCFString):
2725         * API/JSStringRefQt.cpp:
2726         * bytecompiler/BytecodeGenerator.cpp:
2727         (JSC::BytecodeGenerator::BytecodeGenerator):
2728         * dfg/DFGByteCodeParser.cpp:
2729         (JSC::DFG::ByteCodeParser::parseBlock):
2730         * dfg/DFGDisassembler.cpp:
2731         (JSC::DFG::Disassembler::dumpDisassembly):
2732         * runtime/Arguments.cpp:
2733         (JSC::Arguments::tearOff):
2734         * runtime/Arguments.h:
2735         (JSC::Arguments::isTornOff):
2736         (JSC::Arguments::allocateSlowArguments):
2737         * runtime/JSPropertyNameIterator.cpp:
2738         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
2739         * runtime/JSPropertyNameIterator.h:
2740         * runtime/JSSegmentedVariableObject.h:
2741         * runtime/JSVariableObject.h:
2742         * runtime/PropertyNameArray.h:
2743         * runtime/RegExp.cpp:
2744         * runtime/StructureChain.h:
2745         (JSC::StructureChain::finishCreation):
2746         * runtime/SymbolTable.h:
2747         (JSC::SharedSymbolTable::setSlowArguments):
2748
2749 2013-09-18  Brent Fulgham  <bfulgham@apple.com>
2750
2751         [Windows] Unreviewed build fix after r156064.
2752
2753         * jsc.cpp:
2754         (jscmain): Need a temporary to perform '&' in VS2010.
2755
2756 2013-09-18  Filip Pizlo  <fpizlo@apple.com>
2757
2758         Give 'jsc' commandline an option to disable deleting the VM.
2759
2760         Reviewed by Mark Hahnenberg.
2761
2762         * jsc.cpp:
2763         (jscmain):
2764         * runtime/Options.h:
2765
2766 2013-09-18  Anders Carlsson  <andersca@apple.com>
2767
2768         RefPtrHashMap should work with move only types
2769         https://bugs.webkit.org/show_bug.cgi?id=121564
2770
2771         Reviewed by Andreas Kling.
2772
2773         * runtime/VM.cpp:
2774         (JSC::VM::addSourceProviderCache):
2775
2776 2013-09-17  Mark Hahnenberg  <mhahnenberg@apple.com>
2777
2778         Rename OperationInProgress to HeapOperation and move it out of Heap.h into its own header
2779         https://bugs.webkit.org/show_bug.cgi?id=121534
2780
2781         Reviewed by Geoffrey Garen.
2782
2783         OperationInProgress is a silly name. 
2784
2785         Many parts of the Heap would like to know what HeapOperation is currently underway, but 
2786         since they are included in Heap.h they can't directly reference HeapOperation if it also 
2787         lives in Heap.h. The simplest thing to do is to give HeapOperation its own header. While 
2788         a bit overkill, it simplifies including it wherever its needed.
2789
2790         * JavaScriptCore.xcodeproj/project.pbxproj:
2791         * bytecode/CodeBlock.cpp:
2792         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
2793         (JSC::CodeBlock::updateAllValueProfilePredictions):
2794         (JSC::CodeBlock::updateAllPredictions):
2795         * bytecode/CodeBlock.h:
2796         (JSC::CodeBlock::updateAllValueProfilePredictions):
2797         (JSC::CodeBlock::updateAllPredictions):
2798         * bytecode/LazyOperandValueProfile.cpp:
2799         (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
2800         * bytecode/LazyOperandValueProfile.h:
2801         * bytecode/ValueProfile.h:
2802         (JSC::ValueProfileBase::computeUpdatedPrediction):
2803         * heap/Heap.h:
2804         * heap/HeapOperation.h: Added.
2805
2806 2013-09-18  Filip Pizlo  <fpizlo@apple.com>
2807
2808         DFG should support Int52 for local variables
2809         https://bugs.webkit.org/show_bug.cgi?id=121064
2810
2811         Reviewed by Oliver Hunt.
2812         
2813         This adds Int52 support for local variables to the DFG and FTL. It's a speed-up on
2814         programs that have local int32 overflows but where a larger int representation can
2815         prevent us from having to convert all the way up to double.
2816         
2817         It's a small speed-up for now. But we're just supporting Int52 for a handful of
2818         operations (add, sub, mul, neg, compare, bitops, typed array access) and this lays
2819         the groundwork for adding Int52 to JSValue, which will probably be a bigger
2820         speed-up.
2821         
2822         The basic approach is:
2823         
2824         - We have a notion of Int52 in our typesystem. Int52 doesn't belong to BytecodeTop
2825           or HeapTop - i.e. it doesn't arise from JSValues.
2826         
2827         - DFG treats Int52 as being part of its FullTop and will treat it as being a
2828           subtype of double unless instructed otherwise.
2829         
2830         - Prediction propagator creates Int52s whenever we have a node going doubly but due
2831           to large values rather than fractional values, and that node is known to be able
2832           to produce Int52 natively in the DFG backend.
2833         
2834         - Fixup phase converts edges to MachineIntUses in nodes that are known to be able
2835           to deal with Int52, and where we have a subtype of Int32|Int52 as the predicted
2836           input.
2837         
2838         - The DFG backend and FTL LLVM IR lowering have two notions of Int52s - ones that
2839           are left-shifted by 16 (great for overflow checks) and ones that are
2840           sign-extended. Both backends know how to convert between Int52s and the other
2841           representations.
2842
2843         * assembler/MacroAssemblerX86_64.h:
2844         (JSC::MacroAssemblerX86_64::rshift64):
2845         (JSC::MacroAssemblerX86_64::mul64):
2846         (JSC::MacroAssemblerX86_64::branchMul64):
2847         (JSC::MacroAssemblerX86_64::branchNeg64):
2848         (JSC::MacroAssemblerX86_64::convertInt64ToDouble):
2849         * assembler/X86Assembler.h:
2850         (JSC::X86Assembler::imulq_rr):
2851         (JSC::X86Assembler::cvtsi2sdq_rr):
2852         * bytecode/DataFormat.h:
2853         (JSC::dataFormatToString):
2854         * bytecode/ExitKind.cpp:
2855         (JSC::exitKindToString):
2856         * bytecode/ExitKind.h:
2857         * bytecode/OperandsInlines.h:
2858         (JSC::::dumpInContext):
2859         * bytecode/SpeculatedType.cpp:
2860         (JSC::dumpSpeculation):
2861         (JSC::speculationToAbbreviatedString):
2862         (JSC::speculationFromValue):
2863         * bytecode/SpeculatedType.h:
2864         (JSC::isInt32SpeculationForArithmetic):
2865         (JSC::isInt52Speculation):
2866         (JSC::isMachineIntSpeculationForArithmetic):
2867         (JSC::isInt52AsDoubleSpeculation):
2868         (JSC::isBytecodeRealNumberSpeculation):
2869         (JSC::isFullRealNumberSpeculation):
2870         (JSC::isBytecodeNumberSpeculation):
2871         (JSC::isFullNumberSpeculation):
2872         (JSC::isBytecodeNumberSpeculationExpectingDefined):
2873         (JSC::isFullNumberSpeculationExpectingDefined):
2874         * bytecode/ValueRecovery.h:
2875         (JSC::ValueRecovery::alreadyInJSStackAsUnboxedInt52):
2876         (JSC::ValueRecovery::inGPR):
2877         (JSC::ValueRecovery::displacedInJSStack):
2878         (JSC::ValueRecovery::isAlreadyInJSStack):
2879         (JSC::ValueRecovery::gpr):
2880         (JSC::ValueRecovery::virtualRegister):
2881         (JSC::ValueRecovery::dumpInContext):
2882         * dfg/DFGAbstractInterpreter.h:
2883         (JSC::DFG::AbstractInterpreter::needsTypeCheck):
2884         (JSC::DFG::AbstractInterpreter::filterByType):
2885         * dfg/DFGAbstractInterpreterInlines.h:
2886         (JSC::DFG::::executeEffects):
2887         * dfg/DFGAbstractValue.cpp:
2888         (JSC::DFG::AbstractValue::set):
2889         (JSC::DFG::AbstractValue::checkConsistency):
2890         * dfg/DFGAbstractValue.h:
2891         (JSC::DFG::AbstractValue::couldBeType):
2892         (JSC::DFG::AbstractValue::isType):
2893         (JSC::DFG::AbstractValue::checkConsistency):
2894         (JSC::DFG::AbstractValue::validateType):
2895         * dfg/DFGArrayMode.cpp:
2896         (JSC::DFG::ArrayMode::refine):
2897         * dfg/DFGAssemblyHelpers.h:
2898         (JSC::DFG::AssemblyHelpers::boxInt52):
2899         * dfg/DFGByteCodeParser.cpp:
2900         (JSC::DFG::ByteCodeParser::makeSafe):
2901         * dfg/DFGCSEPhase.cpp:
2902         (JSC::DFG::CSEPhase::pureCSE):
2903         (JSC::DFG::CSEPhase::getByValLoadElimination):
2904         (JSC::DFG::CSEPhase::performNodeCSE):
2905         * dfg/DFGClobberize.h:
2906         (JSC::DFG::clobberize):
2907         * dfg/DFGCommon.h:
2908         (JSC::DFG::enableInt52):
2909         * dfg/DFGDCEPhase.cpp:
2910         (JSC::DFG::DCEPhase::fixupBlock):
2911         * dfg/DFGFixupPhase.cpp:
2912         (JSC::DFG::FixupPhase::run):
2913         (JSC::DFG::FixupPhase::fixupNode):
2914         (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
2915         (JSC::DFG::FixupPhase::fixupUntypedSetLocalsInBlock):
2916         (JSC::DFG::FixupPhase::observeUseKindOnNode):
2917         (JSC::DFG::FixupPhase::fixEdge):
2918         (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
2919         (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
2920         * dfg/DFGFlushFormat.cpp:
2921         (WTF::printInternal):
2922         * dfg/DFGFlushFormat.h:
2923         (JSC::DFG::resultFor):
2924         (JSC::DFG::useKindFor):
2925         * dfg/DFGGenerationInfo.h:
2926         (JSC::DFG::GenerationInfo::initInt52):
2927         (JSC::DFG::GenerationInfo::initStrictInt52):
2928         (JSC::DFG::GenerationInfo::isFormat):
2929         (JSC::DFG::GenerationInfo::isInt52):
2930         (JSC::DFG::GenerationInfo::isStrictInt52):
2931         (JSC::DFG::GenerationInfo::fillInt52):
2932         (JSC::DFG::GenerationInfo::fillStrictInt52):
2933         * dfg/DFGGraph.cpp:
2934         (JSC::DFG::Graph::dump):
2935         * dfg/DFGGraph.h:
2936         (JSC::DFG::Graph::addShouldSpeculateMachineInt):
2937         (JSC::DFG::Graph::mulShouldSpeculateMachineInt):
2938         (JSC::DFG::Graph::negateShouldSpeculateMachineInt):
2939         * dfg/DFGInPlaceAbstractState.cpp:
2940         (JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
2941         * dfg/DFGJITCode.cpp:
2942         (JSC::DFG::JITCode::reconstruct):
2943         * dfg/DFGJITCompiler.h:
2944         (JSC::DFG::JITCompiler::noticeOSREntry):
2945         * dfg/DFGMinifiedNode.h:
2946         (JSC::DFG::belongsInMinifiedGraph):
2947         (JSC::DFG::MinifiedNode::hasChild):
2948         * dfg/DFGNode.h:
2949         (JSC::DFG::Node::shouldSpeculateNumber):
2950         (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
2951         (JSC::DFG::Node::canSpeculateInt52):
2952         * dfg/DFGNodeFlags.h:
2953         (JSC::DFG::nodeCanSpeculateInt52):
2954         * dfg/DFGNodeType.h:
2955         (JSC::DFG::permitsOSRBackwardRewiring):
2956         (JSC::DFG::forwardRewiringSelectionScore):
2957         * dfg/DFGOSREntry.cpp:
2958         (JSC::DFG::prepareOSREntry):
2959         * dfg/DFGOSREntry.h:
2960         * dfg/DFGOSRExitCompiler.cpp:
2961         * dfg/DFGOSRExitCompiler64.cpp:
2962         (JSC::DFG::OSRExitCompiler::compileExit):
2963         * dfg/DFGPredictionPropagationPhase.cpp:
2964         (JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPrediction):
2965         (JSC::DFG::PredictionPropagationPhase::propagate):
2966         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
2967         * dfg/DFGSafeToExecute.h:
2968         (JSC::DFG::SafeToExecuteEdge::operator()):
2969         (JSC::DFG::safeToExecute):
2970         * dfg/DFGSilentRegisterSavePlan.h:
2971         * dfg/DFGSpeculativeJIT.cpp:
2972         (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
2973         (JSC::DFG::SpeculativeJIT::silentFill):
2974         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
2975         (JSC::DFG::SpeculativeJIT::compileInlineStart):
2976         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
2977         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
2978         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
2979         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
2980         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
2981         (JSC::DFG::SpeculativeJIT::compileAdd):
2982         (JSC::DFG::SpeculativeJIT::compileArithSub):
2983         (JSC::DFG::SpeculativeJIT::compileArithNegate):
2984         (JSC::DFG::SpeculativeJIT::compileArithMul):
2985         (JSC::DFG::SpeculativeJIT::compare):
2986         (JSC::DFG::SpeculativeJIT::compileStrictEq):
2987         (JSC::DFG::SpeculativeJIT::speculateMachineInt):
2988         (JSC::DFG::SpeculativeJIT::speculateNumber):
2989         (JSC::DFG::SpeculativeJIT::speculateRealNumber):
2990         (JSC::DFG::SpeculativeJIT::speculate):
2991         * dfg/DFGSpeculativeJIT.h:
2992         (JSC::DFG::SpeculativeJIT::canReuse):
2993         (JSC::DFG::SpeculativeJIT::isFilled):
2994         (JSC::DFG::SpeculativeJIT::isFilledDouble):
2995         (JSC::DFG::SpeculativeJIT::use):
2996         (JSC::DFG::SpeculativeJIT::isKnownInteger):
2997         (JSC::DFG::SpeculativeJIT::isKnownCell):
2998         (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
2999         (JSC::DFG::SpeculativeJIT::int52Result):
3000         (JSC::DFG::SpeculativeJIT::strictInt52Result):
3001         (JSC::DFG::SpeculativeJIT::initConstantInfo):
3002         (JSC::DFG::SpeculativeJIT::isInteger):
3003         (JSC::DFG::SpeculativeJIT::betterUseStrictInt52):
3004         (JSC::DFG::SpeculativeJIT::generationInfo):
3005         (JSC::DFG::SpeculateInt52Operand::SpeculateInt52Operand):
3006         (JSC::DFG::SpeculateInt52Operand::~SpeculateInt52Operand):
3007         (JSC::DFG::SpeculateInt52Operand::edge):
3008         (JSC::DFG::SpeculateInt52Operand::node):
3009         (JSC::DFG::SpeculateInt52Operand::gpr):
3010         (JSC::DFG::SpeculateInt52Operand::use):
3011         (JSC::DFG::SpeculateStrictInt52Operand::SpeculateStrictInt52Operand):
3012         (JSC::DFG::SpeculateStrictInt52Operand::~SpeculateStrictInt52Operand):
3013         (JSC::DFG::SpeculateStrictInt52Operand::edge):
3014         (JSC::DFG::SpeculateStrictInt52Operand::node):
3015         (JSC::DFG::SpeculateStrictInt52Operand::gpr):
3016         (JSC::DFG::SpeculateStrictInt52Operand::use):
3017         (JSC::DFG::SpeculateWhicheverInt52Operand::SpeculateWhicheverInt52Operand):
3018         (JSC::DFG::SpeculateWhicheverInt52Operand::~SpeculateWhicheverInt52Operand):
3019         (JSC::DFG::SpeculateWhicheverInt52Operand::edge):
3020         (JSC::DFG::SpeculateWhicheverInt52Operand::node):
3021         (JSC::DFG::SpeculateWhicheverInt52Operand::gpr):
3022         (JSC::DFG::SpeculateWhicheverInt52Operand::use):
3023         (JSC::DFG::SpeculateWhicheverInt52Operand::format):
3024         * dfg/DFGSpeculativeJIT32_64.cpp:
3025         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3026         (JSC::DFG::SpeculativeJIT::compile):
3027         * dfg/DFGSpeculativeJIT64.cpp:
3028         (JSC::DFG::SpeculativeJIT::boxInt52):
3029         (JSC::DFG::SpeculativeJIT::fillJSValue):
3030         (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
3031         (JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
3032         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3033         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
3034         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
3035         (JSC::DFG::SpeculativeJIT::compileInt52Compare):
3036         (JSC::DFG::SpeculativeJIT::compilePeepHoleInt52Branch):
3037         (JSC::DFG::SpeculativeJIT::compile):
3038         * dfg/DFGUseKind.cpp:
3039         (WTF::printInternal):
3040         * dfg/DFGUseKind.h:
3041         (JSC::DFG::typeFilterFor):
3042         (JSC::DFG::isNumerical):
3043         * dfg/DFGValueSource.cpp:
3044         (JSC::DFG::ValueSource::dump):
3045         * dfg/DFGValueSource.h:
3046         (JSC::DFG::dataFormatToValueSourceKind):
3047         (JSC::DFG::valueSourceKindToDataFormat):
3048         (JSC::DFG::ValueSource::forFlushFormat):
3049         (JSC::DFG::ValueSource::valueRecovery):
3050         * dfg/DFGVariableAccessData.h:
3051         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
3052         (JSC::DFG::VariableAccessData::flushFormat):
3053         * ftl/FTLCArgumentGetter.cpp:
3054         (JSC::FTL::CArgumentGetter::loadNextAndBox):
3055         * ftl/FTLCArgumentGetter.h:
3056         * ftl/FTLCapabilities.cpp:
3057         (JSC::FTL::canCompile):
3058         * ftl/FTLExitValue.cpp:
3059         (JSC::FTL::ExitValue::dumpInContext):
3060         * ftl/FTLExitValue.h:
3061         (JSC::FTL::ExitValue::inJSStackAsInt52):
3062         * ftl/FTLIntrinsicRepository.h:
3063         * ftl/FTLLowerDFGToLLVM.cpp:
3064         (JSC::FTL::LowerDFGToLLVM::createPhiVariables):
3065         (JSC::FTL::LowerDFGToLLVM::compileNode):
3066         (JSC::FTL::LowerDFGToLLVM::compileUpsilon):
3067         (JSC::FTL::LowerDFGToLLVM::compilePhi):
3068         (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
3069         (JSC::FTL::LowerDFGToLLVM::compileAdd):
3070         (JSC::FTL::LowerDFGToLLVM::compileArithSub):
3071         (JSC::FTL::LowerDFGToLLVM::compileArithMul):
3072         (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
3073         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
3074         (JSC::FTL::LowerDFGToLLVM::compileCompareEq):
3075         (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
3076         (JSC::FTL::LowerDFGToLLVM::compileCompareLess):
3077         (JSC::FTL::LowerDFGToLLVM::compileCompareLessEq):
3078         (JSC::FTL::LowerDFGToLLVM::compileCompareGreater):
3079         (JSC::FTL::LowerDFGToLLVM::compileCompareGreaterEq):
3080         (JSC::FTL::LowerDFGToLLVM::lowInt32):
3081         (JSC::FTL::LowerDFGToLLVM::lowInt52):
3082         (JSC::FTL::LowerDFGToLLVM::lowStrictInt52):
3083         (JSC::FTL::LowerDFGToLLVM::betterUseStrictInt52):
3084         (JSC::FTL::LowerDFGToLLVM::bestInt52Kind):
3085         (JSC::FTL::LowerDFGToLLVM::opposite):
3086         (JSC::FTL::LowerDFGToLLVM::lowWhicheverInt52):
3087         (JSC::FTL::LowerDFGToLLVM::lowCell):
3088         (JSC::FTL::LowerDFGToLLVM::lowBoolean):
3089         (JSC::FTL::LowerDFGToLLVM::lowDouble):
3090         (JSC::FTL::LowerDFGToLLVM::lowJSValue):
3091         (JSC::FTL::LowerDFGToLLVM::strictInt52ToInt32):
3092         (JSC::FTL::LowerDFGToLLVM::strictInt52ToDouble):
3093         (JSC::FTL::LowerDFGToLLVM::strictInt52ToJSValue):
3094         (JSC::FTL::LowerDFGToLLVM::setInt52WithStrictValue):
3095         (JSC::FTL::LowerDFGToLLVM::strictInt52ToInt52):
3096         (JSC::FTL::LowerDFGToLLVM::int52ToStrictInt52):
3097         (JSC::FTL::LowerDFGToLLVM::speculateRealNumber):
3098         (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
3099         (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
3100         (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
3101         (JSC::FTL::LowerDFGToLLVM::setInt52):
3102         (JSC::FTL::LowerDFGToLLVM::setStrictInt52):
3103         * ftl/FTLOSRExitCompiler.cpp:
3104         (JSC::FTL::compileStub):
3105         * ftl/FTLOutput.h:
3106         (JSC::FTL::Output::addWithOverflow64):
3107         (JSC::FTL::Output::subWithOverflow64):
3108         (JSC::FTL::Output::mulWithOverflow64):
3109         * ftl/FTLValueFormat.cpp:
3110         (WTF::printInternal):
3111         * ftl/FTLValueFormat.h:
3112         * ftl/FTLValueSource.cpp:
3113         (JSC::FTL::ValueSource::dump):
3114         * ftl/FTLValueSource.h:
3115         * interpreter/Register.h:
3116         (JSC::Register::unboxedInt52):
3117         * runtime/Arguments.cpp:
3118         (JSC::Arguments::tearOffForInlineCallFrame):
3119         * runtime/IndexingType.cpp:
3120         (JSC::leastUpperBoundOfIndexingTypeAndType):
3121         * runtime/JSCJSValue.h:
3122         * runtime/JSCJSValueInlines.h:
3123         (JSC::JSValue::isMachineInt):
3124         (JSC::JSValue::asMachineInt):
3125
3126 2013-09-17  Michael Saboff  <msaboff@apple.com>
3127
3128         REGRESSION(r155771): js/stack-overflow-arrity-catch.html is crashing on non-Mac platforms
3129         https://bugs.webkit.org/show_bug.cgi?id=121376
3130
3131         Reviewed by Oliver Hunt.
3132
3133         Fix stack grow() call for stack growing down.  This should catch running out of stack space before
3134         we try to move the frame down due to arity mismatch.
3135
3136         * runtime/CommonSlowPaths.h:
3137         (JSC::CommonSlowPaths::arityCheckFor):
3138
3139 2013-09-18  Andreas Kling  <akling@apple.com>
3140
3141         YARR: Put UCS2 canonicalization tables in read-only memory.
3142         <https://webkit.org/b/121547>
3143
3144         Reviewed by Sam Weinig.
3145
3146         These tables never mutate so mark them const.
3147
3148 2013-09-18  Commit Queue  <commit-queue@webkit.org>
3149
3150         Unreviewed, rolling out r156019 and r156020.
3151         http://trac.webkit.org/changeset/156019
3152         http://trac.webkit.org/changeset/156020
3153         https://bugs.webkit.org/show_bug.cgi?id=121540
3154
3155         Broke tests (Requested by ap on #webkit).
3156
3157         * assembler/MacroAssemblerX86_64.h:
3158         * assembler/X86Assembler.h:
3159         * bytecode/DataFormat.h:
3160         (JSC::dataFormatToString):
3161         * bytecode/ExitKind.cpp:
3162         (JSC::exitKindToString):
3163         * bytecode/ExitKind.h:
3164         * bytecode/OperandsInlines.h:
3165         (JSC::::dumpInContext):
3166         * bytecode/SpeculatedType.cpp:
3167         (JSC::dumpSpeculation):
3168         (JSC::speculationToAbbreviatedString):
3169         (JSC::speculationFromValue):
3170         * bytecode/SpeculatedType.h:
3171         (JSC::isInt32SpeculationForArithmetic):
3172         (JSC::isInt48Speculation):
3173         (JSC::isMachineIntSpeculationForArithmetic):
3174         (JSC::isInt48AsDoubleSpeculation):
3175         (JSC::isRealNumberSpeculation):
3176         (JSC::isNumberSpeculation):
3177         (JSC::isNumberSpeculationExpectingDefined):
3178         * bytecode/ValueRecovery.h:
3179         (JSC::ValueRecovery::inGPR):
3180         (JSC::ValueRecovery::displacedInJSStack):
3181         (JSC::ValueRecovery::isAlreadyInJSStack):
3182         (JSC::ValueRecovery::gpr):
3183         (JSC::ValueRecovery::virtualRegister):
3184         (JSC::ValueRecovery::dumpInContext):
3185         * dfg/DFGAbstractInterpreter.h:
3186         (JSC::DFG::AbstractInterpreter::needsTypeCheck):
3187         (JSC::DFG::AbstractInterpreter::filterByType):
3188         * dfg/DFGAbstractInterpreterInlines.h:
3189         (JSC::DFG::::executeEffects):
3190         * dfg/DFGAbstractValue.cpp:
3191         (JSC::DFG::AbstractValue::set):
3192         (JSC::DFG::AbstractValue::checkConsistency):
3193         * dfg/DFGAbstractValue.h:
3194         (JSC::DFG::AbstractValue::validateType):
3195         * dfg/DFGArrayMode.cpp:
3196         (JSC::DFG::ArrayMode::refine):
3197         * dfg/DFGAssemblyHelpers.h:
3198         (JSC::DFG::AssemblyHelpers::unboxDouble):
3199         * dfg/DFGByteCodeParser.cpp:
3200         (JSC::DFG::ByteCodeParser::makeSafe):
3201         * dfg/DFGCSEPhase.cpp:
3202         (JSC::DFG::CSEPhase::canonicalize):
3203         (JSC::DFG::CSEPhase::pureCSE):
3204         (JSC::DFG::CSEPhase::getByValLoadElimination):
3205         (JSC::DFG::CSEPhase::performNodeCSE):
3206         * dfg/DFGClobberize.h:
3207         (JSC::DFG::clobberize):
3208         * dfg/DFGCommon.h:
3209         * dfg/DFGFixupPhase.cpp:
3210         (JSC::DFG::FixupPhase::run):
3211         (JSC::DFG::FixupPhase::fixupNode):
3212         (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
3213         (JSC::DFG::FixupPhase::observeUseKindOnNode):
3214         (JSC::DFG::FixupPhase::fixEdge):
3215         (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
3216         (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
3217         * dfg/DFGFlushFormat.cpp:
3218         (WTF::printInternal):
3219         * dfg/DFGFlushFormat.h:
3220         (JSC::DFG::resultFor):
3221         (JSC::DFG::useKindFor):
3222         * dfg/DFGGenerationInfo.h:
3223         (JSC::DFG::GenerationInfo::initInt32):
3224         (JSC::DFG::GenerationInfo::fillInt32):
3225         * dfg/DFGGraph.cpp:
3226         (JSC::DFG::Graph::dump):
3227         * dfg/DFGGraph.h:
3228         (JSC::DFG::Graph::addShouldSpeculateMachineInt):
3229         (JSC::DFG::Graph::mulShouldSpeculateMachineInt):
3230         (JSC::DFG::Graph::negateShouldSpeculateMachineInt):
3231         * dfg/DFGInPlaceAbstractState.cpp:
3232         (JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
3233         * dfg/DFGJITCode.cpp:
3234         (JSC::DFG::JITCode::reconstruct):
3235         * dfg/DFGMinifiedNode.h:
3236         (JSC::DFG::belongsInMinifiedGraph):
3237         (JSC::DFG::MinifiedNode::hasChild):
3238         * dfg/DFGNode.h:
3239         (JSC::DFG::Node::shouldSpeculateNumber):
3240         (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
3241         (JSC::DFG::Node::canSpeculateInt48):
3242         * dfg/DFGNodeFlags.h:
3243         (JSC::DFG::nodeCanSpeculateInt48):
3244         * dfg/DFGNodeType.h:
3245         (JSC::DFG::forwardRewiringSelectionScore):
3246         * dfg/DFGOSRExitCompiler.cpp:
3247         (JSC::DFG::shortOperandsDump):
3248         * dfg/DFGOSRExitCompiler64.cpp:
3249         (JSC::DFG::OSRExitCompiler::compileExit):
3250         * dfg/DFGPredictionPropagationPhase.cpp:
3251         (JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPrediction):
3252         (JSC::DFG::PredictionPropagationPhase::propagate):
3253         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
3254         * dfg/DFGSafeToExecute.h:
3255         (JSC::DFG::SafeToExecuteEdge::operator()):
3256         (JSC::DFG::safeToExecute):
3257         * dfg/DFGSilentRegisterSavePlan.h:
3258         * dfg/DFGSpeculativeJIT.cpp:
3259         (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
3260         (JSC::DFG::SpeculativeJIT::silentFill):
3261         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
3262         (JSC::DFG::SpeculativeJIT::compileInlineStart):
3263         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
3264         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
3265         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
3266         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
3267         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
3268         (JSC::DFG::SpeculativeJIT::compileAdd):
3269         (JSC::DFG::SpeculativeJIT::compileArithSub):
3270         (JSC::DFG::SpeculativeJIT::compileArithNegate):
3271         (JSC::DFG::SpeculativeJIT::compileArithMul):
3272         (JSC::DFG::SpeculativeJIT::compare):
3273         (JSC::DFG::SpeculativeJIT::compileStrictEq):
3274         (JSC::DFG::SpeculativeJIT::speculateNumber):
3275         (JSC::DFG::SpeculativeJIT::speculateRealNumber):
3276         (JSC::DFG::SpeculativeJIT::speculate):
3277         * dfg/DFGSpeculativeJIT.h:
3278         (JSC::DFG::SpeculativeJIT::canReuse):
3279         (JSC::DFG::SpeculativeJIT::isFilled):
3280         (JSC::DFG::SpeculativeJIT::isFilledDouble):
3281         (JSC::DFG::SpeculativeJIT::use):
3282         (JSC::DFG::SpeculativeJIT::boxDouble):
3283         (JSC::DFG::SpeculativeJIT::isKnownInteger):
3284         (JSC::DFG::SpeculativeJIT::isKnownCell):
3285         (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
3286         (JSC::DFG::SpeculativeJIT::int32Result):
3287         (JSC::DFG::SpeculativeJIT::initConstantInfo):
3288         (JSC::DFG::SpeculativeJIT::isInteger):
3289         (JSC::DFG::SpeculativeJIT::generationInfoFromVirtualRegister):
3290         * dfg/DFGSpeculativeJIT32_64.cpp:
3291         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3292         (JSC::DFG::SpeculativeJIT::compile):
3293         * dfg/DFGSpeculativeJIT64.cpp:
3294         (JSC::DFG::SpeculativeJIT::fillJSValue):
3295         (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
3296         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3297         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
3298         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
3299         (JSC::DFG::SpeculativeJIT::compile):
3300         * dfg/DFGUseKind.cpp:
3301         (WTF::printInternal):
3302         * dfg/DFGUseKind.h:
3303         (JSC::DFG::typeFilterFor):
3304         (JSC::DFG::isNumerical):
3305         * dfg/DFGValueSource.cpp:
3306         (JSC::DFG::ValueSource::dump):
3307         * dfg/DFGValueSource.h:
3308         (JSC::DFG::dataFormatToValueSourceKind):
3309         (JSC::DFG::valueSourceKindToDataFormat):
3310         (JSC::DFG::ValueSource::forFlushFormat):
3311         (JSC::DFG::ValueSource::valueRecovery):
3312         * dfg/DFGVariableAccessData.h:
3313         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
3314         (JSC::DFG::VariableAccessData::flushFormat):
3315         * ftl/FTLCArgumentGetter.cpp:
3316         (JSC::FTL::CArgumentGetter::loadNextAndBox):
3317         * ftl/FTLCArgumentGetter.h:
3318         * ftl/FTLCapabilities.cpp:
3319         (JSC::FTL::canCompile):
3320         * ftl/FTLExitValue.cpp:
3321         (JSC::FTL::ExitValue::dumpInContext):
3322         * ftl/FTLExitValue.h:
3323         * ftl/FTLIntrinsicRepository.h:
3324         * ftl/FTLLowerDFGToLLVM.cpp:
3325         (JSC::FTL::LowerDFGToLLVM::createPhiVariables):
3326         (JSC::FTL::LowerDFGToLLVM::compileNode):
3327         (JSC::FTL::LowerDFGToLLVM::compileUpsilon):
3328         (JSC::FTL::LowerDFGToLLVM::compilePhi):
3329         (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
3330         (JSC::FTL::LowerDFGToLLVM::compileAdd):
3331         (JSC::FTL::LowerDFGToLLVM::compileArithSub):
3332         (JSC::FTL::LowerDFGToLLVM::compileArithMul):
3333         (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
3334         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
3335         (JSC::FTL::LowerDFGToLLVM::compileCompareEq):
3336         (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
3337         (JSC::FTL::LowerDFGToLLVM::compileCompareLess):
3338         (JSC::FTL::LowerDFGToLLVM::compileCompareLessEq):
3339         (JSC::FTL::LowerDFGToLLVM::compileCompareGreater):
3340         (JSC::FTL::LowerDFGToLLVM::compileCompareGreaterEq):
3341         (JSC::FTL::LowerDFGToLLVM::lowInt32):
3342         (JSC::FTL::LowerDFGToLLVM::lowCell):
3343         (JSC::FTL::LowerDFGToLLVM::lowBoolean):
3344         (JSC::FTL::LowerDFGToLLVM::lowDouble):
3345         (JSC::FTL::LowerDFGToLLVM::lowJSValue):
3346         (JSC::FTL::LowerDFGToLLVM::speculateRealNumber):
3347         (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
3348         (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
3349         (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
3350         (JSC::FTL::LowerDFGToLLVM::setInt32):
3351         * ftl/FTLOSRExitCompiler.cpp:
3352         (JSC::FTL::compileStub):
3353         * ftl/FTLOutput.h:
3354         (JSC::FTL::Output::mulWithOverflow32):
3355         * ftl/FTLValueFormat.cpp:
3356         (WTF::printInternal):
3357         * ftl/FTLValueFormat.h:
3358         * ftl/FTLValueSource.cpp:
3359         (JSC::FTL::ValueSource::dump):
3360         * ftl/FTLValueSource.h:
3361         * interpreter/Register.h:
3362         * runtime/Arguments.cpp:
3363         (JSC::Arguments::tearOffForInlineCallFrame):
3364         * runtime/IndexingType.cpp:
3365         (JSC::leastUpperBoundOfIndexingTypeAndType):
3366         * runtime/JSCJSValue.h:
3367         * runtime/JSCJSValueInlines.h:
3368
3369 2013-09-17  Filip Pizlo  <fpizlo@apple.com>
3370
3371         Unreviewed, fix 32-bit build.
3372
3373         * runtime/JSCJSValue.h:
3374
3375 2013-09-16  Filip Pizlo  <fpizlo@apple.com>
3376
3377         DFG should support Int52 for local variables
3378         https://bugs.webkit.org/show_bug.cgi?id=121064
3379
3380         Reviewed by Oliver Hunt.
3381         
3382         This adds Int52 support for local variables to the DFG and FTL. It's a speed-up on
3383         programs that have local int32 overflows but where a larger int representation can
3384         prevent us from having to convert all the way up to double.
3385         
3386         It's a small speed-up for now. But we're just supporting Int52 for a handful of
3387         operations (add, sub, mul, neg, compare, bitops, typed array access) and this lays
3388         the groundwork for adding Int52 to JSValue, which will probably be a bigger
3389         speed-up.
3390         
3391         The basic approach is:
3392         
3393         - We have a notion of Int52 in our typesystem. Int52 doesn't belong to BytecodeTop
3394           or HeapTop - i.e. it doesn't arise from JSValues.
3395         
3396         - DFG treats Int52 as being part of its FullTop and will treat it as being a
3397           subtype of double unless instructed otherwise.
3398         
3399         - Prediction propagator creates Int52s whenever we have a node going doubly but due
3400           to large values rather than fractional values, and that node is known to be able
3401           to produce Int52 natively in the DFG backend.
3402         
3403         - Fixup phase converts edges to MachineIntUses in nodes that are known to be able
3404           to deal with Int52, and where we have a subtype of Int32|Int52 as the predicted
3405           input.
3406         
3407         - The DFG backend and FTL LLVM IR lowering have two notions of Int52s - ones that
3408           are left-shifted by 16 (great for overflow checks) and ones that are
3409           sign-extended. Both backends know how to convert between Int52s and the other
3410           representations.
3411
3412         * assembler/MacroAssemblerX86_64.h:
3413         (JSC::MacroAssemblerX86_64::rshift64):
3414         (JSC::MacroAssemblerX86_64::mul64):
3415         (JSC::MacroAssemblerX86_64::branchMul64):
3416         (JSC::MacroAssemblerX86_64::branchNeg64):