<http://webkit.org/b/91024> Build against the latest SDK when targeting older OS...
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-07-11  Mark Rowe  <mrowe@apple.com>
2
3         <http://webkit.org/b/91024> Build against the latest SDK when targeting older OS X versions.
4
5         Reviewed by Dan Bernstein.
6
7         The deployment target is already set to the version that we're targeting, and it's that setting
8         which determines which functionality from the SDK is available to us.
9
10         * Configurations/Base.xcconfig:
11
12 2012-07-11  Filip Pizlo  <fpizlo@apple.com>
13
14         DFG should have fast virtual calls
15         https://bugs.webkit.org/show_bug.cgi?id=90924
16
17         Reviewed by Gavin Barraclough.
18         
19         Implements virtual call support in the style of the old JIT, with the
20         caveat that we still use the same slow path for both InternalFunction
21         calls and JSFunction calls. Also rationalized the way that our
22         CodeOrigin indices tie into exception checks (previously it was a
23         strange one-to-one mapping with fairly limited assertions; now it's a
24         one-to-many mapping for CodeOrigins to exception checks, respectively).
25         I also took the opportunity to clean up
26         CallLinkInfo::callReturnLocation, which previously was either a Call or
27         a NearCall. Now it's just a NearCall. As well, exceptions during slow
28         path call resolution are now handled by returning an exception throwing
29         thunk rather than returning null. And finally, I made a few things
30         public that were previously private-with-lots-of-friends, because I
31         truly despise the thought of listing each thunk generating function as
32         a friend of JSValue and friends.
33         
34         * bytecode/CallLinkInfo.cpp:
35         (JSC::CallLinkInfo::unlink):
36         * bytecode/CallLinkInfo.h:
37         (CallLinkInfo):
38         * bytecode/CodeOrigin.h:
39         (JSC::CodeOrigin::CodeOrigin):
40         (JSC::CodeOrigin::isSet):
41         * dfg/DFGAssemblyHelpers.h:
42         (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
43         * dfg/DFGCCallHelpers.h:
44         (JSC::DFG::CCallHelpers::CCallHelpers):
45         * dfg/DFGGPRInfo.h:
46         (GPRInfo):
47         * dfg/DFGJITCompiler.cpp:
48         (JSC::DFG::JITCompiler::link):
49         (JSC::DFG::JITCompiler::compileFunction):
50         * dfg/DFGJITCompiler.h:
51         (JSC::DFG::CallBeginToken::CallBeginToken):
52         (JSC::DFG::CallBeginToken::~CallBeginToken):
53         (CallBeginToken):
54         (JSC::DFG::CallBeginToken::set):
55         (JSC::DFG::CallBeginToken::registerWithExceptionCheck):
56         (JSC::DFG::CallBeginToken::codeOrigin):
57         (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
58         (CallExceptionRecord):
59         (JSC::DFG::JITCompiler::currentCodeOriginIndex):
60         (JITCompiler):
61         (JSC::DFG::JITCompiler::beginCall):
62         (JSC::DFG::JITCompiler::notifyCall):
63         (JSC::DFG::JITCompiler::prepareForExceptionCheck):
64         (JSC::DFG::JITCompiler::addExceptionCheck):
65         (JSC::DFG::JITCompiler::addFastExceptionCheck):
66         * dfg/DFGOperations.cpp:
67         * dfg/DFGRepatch.cpp:
68         (JSC::DFG::dfgLinkFor):
69         * dfg/DFGSpeculativeJIT.h:
70         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
71         * dfg/DFGSpeculativeJIT32_64.cpp:
72         (JSC::DFG::SpeculativeJIT::emitCall):
73         * dfg/DFGSpeculativeJIT64.cpp:
74         (JSC::DFG::SpeculativeJIT::emitCall):
75         * dfg/DFGThunks.cpp:
76         (JSC::DFG::emitPointerValidation):
77         (DFG):
78         (JSC::DFG::throwExceptionFromCallSlowPathGenerator):
79         (JSC::DFG::slowPathFor):
80         (JSC::DFG::linkForThunkGenerator):
81         (JSC::DFG::linkCallThunkGenerator):
82         (JSC::DFG::linkConstructThunkGenerator):
83         (JSC::DFG::virtualForThunkGenerator):
84         (JSC::DFG::virtualCallThunkGenerator):
85         (JSC::DFG::virtualConstructThunkGenerator):
86         * dfg/DFGThunks.h:
87         (DFG):
88         * jit/JIT.cpp:
89         (JSC::JIT::privateCompile):
90         (JSC::JIT::linkFor):
91         * runtime/Executable.h:
92         (ExecutableBase):
93         (JSC::ExecutableBase::offsetOfJITCodeFor):
94         (JSC::ExecutableBase::offsetOfNumParametersFor):
95         * runtime/JSValue.h:
96         (JSValue):
97
98 2012-07-11  Filip Pizlo  <fpizlo@apple.com>
99
100         Accidentally used the wrong license (3-clause instead of 2-clause) in some
101         files I just committed.
102
103         Rubber stamped by Oliver Hunt.
104
105         * bytecode/Watchpoint.cpp:
106         * bytecode/Watchpoint.h:
107         * jit/JumpReplacementWatchpoint.cpp:
108         * jit/JumpReplacementWatchpoint.h:
109
110 2012-07-11  Filip Pizlo  <fpizlo@apple.com>
111
112         Watchpoints and jump replacement should be decoupled
113         https://bugs.webkit.org/show_bug.cgi?id=91016
114
115         Reviewed by Oliver Hunt.
116
117         * CMakeLists.txt:
118         * GNUmakefile.list.am:
119         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
120         * JavaScriptCore.xcodeproj/project.pbxproj:
121         * Target.pri:
122         * assembler/AbstractMacroAssembler.h:
123         (JSC):
124         (Label):
125         * bytecode/CodeBlock.h:
126         (JSC::CodeBlock::appendWatchpoint):
127         (JSC::CodeBlock::watchpoint):
128         (DFGData):
129         * bytecode/Watchpoint.cpp:
130         (JSC):
131         * bytecode/Watchpoint.h:
132         (JSC::Watchpoint::Watchpoint):
133         (Watchpoint):
134         (JSC::Watchpoint::fire):
135         * dfg/DFGSpeculativeJIT.h:
136         (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
137         * jit/JumpReplacementWatchpoint.cpp: Added.
138         (JSC):
139         (JSC::JumpReplacementWatchpoint::correctLabels):
140         (JSC::JumpReplacementWatchpoint::fireInternal):
141         * jit/JumpReplacementWatchpoint.h: Added.
142         (JSC):
143         (JumpReplacementWatchpoint):
144         (JSC::JumpReplacementWatchpoint::JumpReplacementWatchpoint):
145         (JSC::JumpReplacementWatchpoint::setDestination):
146
147 2012-07-11  Kevin Ollivier  <kevino@theolliviers.com>
148
149         [wx] Unreviewed build fix. Don't try to build udis86_itab.c since it's included by 
150         another file.
151
152         * wscript:
153
154 2012-07-11  Chao-ying Fu  <fu@mips.com>
155
156         Add MIPS convertibleLoadPtr and other functions
157         https://bugs.webkit.org/show_bug.cgi?id=90714
158
159         Reviewed by Oliver Hunt.
160
161         * assembler/MIPSAssembler.h:
162         (JSC::MIPSAssembler::labelIgnoringWatchpoints):
163         (MIPSAssembler):
164         (JSC::MIPSAssembler::replaceWithLoad):
165         (JSC::MIPSAssembler::replaceWithAddressComputation):
166         * assembler/MacroAssemblerMIPS.h:
167         (JSC::MacroAssemblerMIPS::convertibleLoadPtr):
168         (MacroAssemblerMIPS):
169
170 2012-07-11  Anders Carlsson  <andersca@apple.com>
171
172         Add -Wtautological-compare and -Wsign-compare warning flags
173         https://bugs.webkit.org/show_bug.cgi?id=90994
174
175         Reviewed by Mark Rowe.
176
177         * Configurations/Base.xcconfig:
178
179 2012-07-11  Benjamin Poulain  <bpoulain@apple.com>
180
181         Simplify the copying of JSC ARMv7's LinkRecord
182         https://bugs.webkit.org/show_bug.cgi?id=90930
183
184         Reviewed by Filip Pizlo.
185
186         The class LinkRecord is used by value everywhere in ARMv7Assembler. The compiler uses
187         memmove() to move the objects.
188
189         The problem is memmove() is overkill for this object, moving the value can be done with
190         3 load-store. This patch adds an operator= to the class doing more efficient copying.
191         This reduces the link time by 19%.
192
193         * assembler/ARMv7Assembler.h:
194         (JSC::ARMv7Assembler::LinkRecord::LinkRecord):
195         (JSC::ARMv7Assembler::LinkRecord::operator=):
196         (JSC::ARMv7Assembler::LinkRecord::from):
197         (JSC::ARMv7Assembler::LinkRecord::setFrom):
198         (JSC::ARMv7Assembler::LinkRecord::to):
199         (JSC::ARMv7Assembler::LinkRecord::type):
200         (JSC::ARMv7Assembler::LinkRecord::linkType):
201         (JSC::ARMv7Assembler::LinkRecord::setLinkType):
202         (JSC::ARMv7Assembler::LinkRecord::condition):
203
204 2012-07-11  Andy Wingo  <wingo@igalia.com>
205
206         jsc: Parse options before creating global data
207         https://bugs.webkit.org/show_bug.cgi?id=90975
208
209         Reviewed by Filip Pizlo.
210
211         This patch moves the options parsing in "jsc" before the creation
212         of the JSGlobalData, so that --useJIT=no has a chance to take
213         effect.
214
215         * jsc.cpp:
216         (CommandLine::parseArguments): Refactor to be a class, and take
217         argc and argv as constructor arguments.
218         (jscmain): Move arg parsing before JSGlobalData creation.
219
220 2012-07-10  Filip Pizlo  <fpizlo@apple.com>
221
222         REGRESSION(r122166): It made 170 tests crash on 32 bit platforms
223         https://bugs.webkit.org/show_bug.cgi?id=90852
224
225         Reviewed by Zoltan Herczeg.
226         
227         If we can't use the range filter, we should still make sure that the
228         address is remotely sane, otherwise the hashtables will assert.
229
230         * jit/JITStubRoutine.h:
231         (JSC::JITStubRoutine::passesFilter):
232
233 2012-07-10  Filip Pizlo  <fpizlo@apple.com>
234
235         DFG recompilation heuristics should be based on count, not rate
236         https://bugs.webkit.org/show_bug.cgi?id=90146
237
238         Reviewed by Oliver Hunt.
239         
240         Rolling r121511 back in after fixing the DFG's interpretation of op_div
241         profiling, with Gavin's rubber stamp.
242
243         This removes a bunch of code that was previously trying to prevent spurious
244         reoptimizations if a large enough majority of executions of a code block did
245         not result in OSR exit. It turns out that this code was purely harmful. This
246         patch removes all of that logic and replaces it with a dead-simple
247         heuristic: if you exit more than N times (where N is an exponential function
248         of the number of times the code block has already been recompiled) then we
249         will recompile.
250         
251         This appears to be a broad ~1% win on many benchmarks large and small.
252
253         * bytecode/CodeBlock.cpp:
254         (JSC::CodeBlock::CodeBlock):
255         * bytecode/CodeBlock.h:
256         (JSC::CodeBlock::couldTakeSpecialFastCase):
257         (CodeBlock):
258         (JSC::CodeBlock::osrExitCounter):
259         (JSC::CodeBlock::countOSRExit):
260         (JSC::CodeBlock::addressOfOSRExitCounter):
261         (JSC::CodeBlock::offsetOfOSRExitCounter):
262         (JSC::CodeBlock::adjustedExitCountThreshold):
263         (JSC::CodeBlock::exitCountThresholdForReoptimization):
264         (JSC::CodeBlock::exitCountThresholdForReoptimizationFromLoop):
265         (JSC::CodeBlock::shouldReoptimizeNow):
266         (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
267         * bytecode/ExecutionCounter.cpp:
268         (JSC::ExecutionCounter::setThreshold):
269         * bytecode/ExecutionCounter.h:
270         (ExecutionCounter):
271         (JSC::ExecutionCounter::clippedThreshold):
272         * dfg/DFGByteCodeParser.cpp:
273         (JSC::DFG::ByteCodeParser::makeDivSafe):
274         * dfg/DFGJITCompiler.cpp:
275         (JSC::DFG::JITCompiler::compileBody):
276         * dfg/DFGOSRExit.cpp:
277         (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
278         * dfg/DFGOSRExitCompiler.cpp:
279         (JSC::DFG::OSRExitCompiler::handleExitCounts):
280         * dfg/DFGOperations.cpp:
281         * jit/JITStubs.cpp:
282         (JSC::DEFINE_STUB_FUNCTION):
283         * runtime/Options.h:
284         (JSC):
285
286 2012-07-09  Matt Falkenhagen  <falken@chromium.org>
287
288         Add ENABLE_DIALOG_ELEMENT and skeleton files
289         https://bugs.webkit.org/show_bug.cgi?id=90521
290
291         Reviewed by Kent Tamura.
292
293         * Configurations/FeatureDefines.xcconfig:
294
295 2012-07-09  Filip Pizlo  <fpizlo@apple.com>
296
297         Unreviewed, roll out http://trac.webkit.org/changeset/121511
298         It made in-browser V8v7 10% slower.
299
300         * bytecode/CodeBlock.cpp:
301         (JSC::CodeBlock::CodeBlock):
302         * bytecode/CodeBlock.h:
303         (CodeBlock):
304         (JSC::CodeBlock::countSpeculationSuccess):
305         (JSC::CodeBlock::countSpeculationFailure):
306         (JSC::CodeBlock::speculativeSuccessCounter):
307         (JSC::CodeBlock::speculativeFailCounter):
308         (JSC::CodeBlock::forcedOSRExitCounter):
309         (JSC::CodeBlock::addressOfSpeculativeSuccessCounter):
310         (JSC::CodeBlock::addressOfSpeculativeFailCounter):
311         (JSC::CodeBlock::addressOfForcedOSRExitCounter):
312         (JSC::CodeBlock::offsetOfSpeculativeSuccessCounter):
313         (JSC::CodeBlock::offsetOfSpeculativeFailCounter):
314         (JSC::CodeBlock::offsetOfForcedOSRExitCounter):
315         (JSC::CodeBlock::largeFailCountThreshold):
316         (JSC::CodeBlock::largeFailCountThresholdForLoop):
317         (JSC::CodeBlock::shouldReoptimizeNow):
318         (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
319         * bytecode/ExecutionCounter.cpp:
320         (JSC::ExecutionCounter::setThreshold):
321         * bytecode/ExecutionCounter.h:
322         (ExecutionCounter):
323         * dfg/DFGJITCompiler.cpp:
324         (JSC::DFG::JITCompiler::compileBody):
325         * dfg/DFGOSRExit.cpp:
326         (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
327         * dfg/DFGOSRExitCompiler.cpp:
328         (JSC::DFG::OSRExitCompiler::handleExitCounts):
329         * dfg/DFGOperations.cpp:
330         * jit/JITStubs.cpp:
331         (JSC::DEFINE_STUB_FUNCTION):
332         * runtime/Options.h:
333         (JSC):
334
335 2012-07-09  Filip Pizlo  <fpizlo@apple.com>
336
337         DFG may get stuck in an infinite fix point if it constant folds a mispredicted node
338         https://bugs.webkit.org/show_bug.cgi?id=90829
339         <rdar://problem/11823843>
340
341         Reviewed by Oliver Hunt.
342         
343         If a node is shown to have been mispredicted during CFA, then don't allow constant
344         folding to make the graph even more degenerate. Instead, pull back on constant folding
345         and allow the normal OSR machinery to fix our profiling so that a future recompilation
346         doesn't see the same mistake.
347
348         * dfg/DFGAbstractState.cpp:
349         (JSC::DFG::AbstractState::execute):
350         * dfg/DFGAbstractState.h:
351         (JSC::DFG::AbstractState::trySetConstant):
352         (AbstractState):
353         * dfg/DFGPhase.h:
354         (JSC::DFG::Phase::name):
355         (Phase):
356         (JSC::DFG::runAndLog):
357         (DFG):
358         (JSC::DFG::runPhase):
359
360 2012-07-09  Filip Pizlo  <fpizlo@apple.com>
361
362         It should be possible to jettison JIT stub routines even if they are currently running
363         https://bugs.webkit.org/show_bug.cgi?id=90731
364
365         Reviewed by Gavin Barraclough.
366         
367         This gives the GC awareness of all JIT-generated stubs for inline caches. That
368         means that if you want to delete a JIT-generated stub, you don't have to worry
369         about whether or not it is currently running: if there is a chance that it might
370         be, the GC will kindly defer deletion until non-running-ness is proved.
371
372         * CMakeLists.txt:
373         * GNUmakefile.list.am:
374         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
375         * JavaScriptCore.xcodeproj/project.pbxproj:
376         * Target.pri:
377         * bytecode/Instruction.h:
378         (JSC):
379         (PolymorphicStubInfo):
380         (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
381         (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
382         * bytecode/PolymorphicPutByIdList.cpp:
383         (JSC::PutByIdAccess::fromStructureStubInfo):
384         * bytecode/PolymorphicPutByIdList.h:
385         (JSC::PutByIdAccess::transition):
386         (JSC::PutByIdAccess::replace):
387         (JSC::PutByIdAccess::stubRoutine):
388         (PutByIdAccess):
389         (JSC::PolymorphicPutByIdList::currentSlowPathTarget):
390         * bytecode/StructureStubInfo.h:
391         (JSC::StructureStubInfo::reset):
392         * dfg/DFGRepatch.cpp:
393         (JSC::DFG::generateProtoChainAccessStub):
394         (JSC::DFG::tryCacheGetByID):
395         (JSC::DFG::tryBuildGetByIDList):
396         (JSC::DFG::tryBuildGetByIDProtoList):
397         (JSC::DFG::emitPutReplaceStub):
398         (JSC::DFG::emitPutTransitionStub):
399         (JSC::DFG::tryCachePutByID):
400         (JSC::DFG::tryBuildPutByIdList):
401         * heap/ConservativeRoots.cpp:
402         (JSC):
403         (DummyMarkHook):
404         (JSC::DummyMarkHook::mark):
405         (JSC::ConservativeRoots::add):
406         (CompositeMarkHook):
407         (JSC::CompositeMarkHook::CompositeMarkHook):
408         (JSC::CompositeMarkHook::mark):
409         * heap/ConservativeRoots.h:
410         (JSC):
411         (ConservativeRoots):
412         * heap/Heap.cpp:
413         (JSC::Heap::markRoots):
414         (JSC::Heap::deleteUnmarkedCompiledCode):
415         * heap/Heap.h:
416         (JSC):
417         (Heap):
418         * heap/JITStubRoutineSet.cpp: Added.
419         (JSC):
420         (JSC::JITStubRoutineSet::JITStubRoutineSet):
421         (JSC::JITStubRoutineSet::~JITStubRoutineSet):
422         (JSC::JITStubRoutineSet::add):
423         (JSC::JITStubRoutineSet::clearMarks):
424         (JSC::JITStubRoutineSet::markSlow):
425         (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
426         (JSC::JITStubRoutineSet::traceMarkedStubRoutines):
427         * heap/JITStubRoutineSet.h: Added.
428         (JSC):
429         (JITStubRoutineSet):
430         (JSC::JITStubRoutineSet::mark):
431         * heap/MachineStackMarker.h:
432         (JSC):
433         * interpreter/RegisterFile.cpp:
434         (JSC::RegisterFile::gatherConservativeRoots):
435         * interpreter/RegisterFile.h:
436         (JSC):
437         * jit/ExecutableAllocator.cpp:
438         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
439         * jit/ExecutableAllocator.h:
440         (JSC):
441         * jit/ExecutableAllocatorFixedVMPool.cpp:
442         (JSC):
443         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
444         * jit/GCAwareJITStubRoutine.cpp: Added.
445         (JSC):
446         (JSC::GCAwareJITStubRoutine::GCAwareJITStubRoutine):
447         (JSC::GCAwareJITStubRoutine::~GCAwareJITStubRoutine):
448         (JSC::GCAwareJITStubRoutine::observeZeroRefCount):
449         (JSC::GCAwareJITStubRoutine::deleteFromGC):
450         (JSC::GCAwareJITStubRoutine::markRequiredObjectsInternal):
451         (JSC::MarkingGCAwareJITStubRoutineWithOneObject::MarkingGCAwareJITStubRoutineWithOneObject):
452         (JSC::MarkingGCAwareJITStubRoutineWithOneObject::~MarkingGCAwareJITStubRoutineWithOneObject):
453         (JSC::MarkingGCAwareJITStubRoutineWithOneObject::markRequiredObjectsInternal):
454         (JSC::createJITStubRoutine):
455         * jit/GCAwareJITStubRoutine.h: Added.
456         (JSC):
457         (GCAwareJITStubRoutine):
458         (JSC::GCAwareJITStubRoutine::markRequiredObjects):
459         (MarkingGCAwareJITStubRoutineWithOneObject):
460         * jit/JITPropertyAccess.cpp:
461         (JSC::JIT::privateCompilePutByIdTransition):
462         (JSC::JIT::privateCompilePatchGetArrayLength):
463         (JSC::JIT::privateCompileGetByIdProto):
464         (JSC::JIT::privateCompileGetByIdSelfList):
465         (JSC::JIT::privateCompileGetByIdProtoList):
466         (JSC::JIT::privateCompileGetByIdChainList):
467         (JSC::JIT::privateCompileGetByIdChain):
468         * jit/JITPropertyAccess32_64.cpp:
469         (JSC::JIT::privateCompilePutByIdTransition):
470         (JSC::JIT::privateCompilePatchGetArrayLength):
471         (JSC::JIT::privateCompileGetByIdProto):
472         (JSC::JIT::privateCompileGetByIdSelfList):
473         (JSC::JIT::privateCompileGetByIdProtoList):
474         (JSC::JIT::privateCompileGetByIdChainList):
475         (JSC::JIT::privateCompileGetByIdChain):
476         * jit/JITStubRoutine.cpp: Added.
477         (JSC):
478         (JSC::JITStubRoutine::~JITStubRoutine):
479         (JSC::JITStubRoutine::observeZeroRefCount):
480         * jit/JITStubRoutine.h: Added.
481         (JSC):
482         (JITStubRoutine):
483         (JSC::JITStubRoutine::JITStubRoutine):
484         (JSC::JITStubRoutine::createSelfManagedRoutine):
485         (JSC::JITStubRoutine::code):
486         (JSC::JITStubRoutine::asCodePtr):
487         (JSC::JITStubRoutine::ref):
488         (JSC::JITStubRoutine::deref):
489         (JSC::JITStubRoutine::startAddress):
490         (JSC::JITStubRoutine::endAddress):
491         (JSC::JITStubRoutine::addressStep):
492         (JSC::JITStubRoutine::canPerformRangeFilter):
493         (JSC::JITStubRoutine::filteringStartAddress):
494         (JSC::JITStubRoutine::filteringExtentSize):
495         (JSC::JITStubRoutine::passesFilter):
496         * jit/JITStubs.cpp:
497         (JSC::DEFINE_STUB_FUNCTION):
498         (JSC::getPolymorphicAccessStructureListSlot):
499
500 2012-07-09  Sheriff Bot  <webkit.review.bot@gmail.com>
501
502         Unreviewed, rolling out r122107.
503         http://trac.webkit.org/changeset/122107
504         https://bugs.webkit.org/show_bug.cgi?id=90794
505
506         Build failure on Mac debug bots (Requested by falken_ on
507         #webkit).
508
509         * Configurations/FeatureDefines.xcconfig:
510
511 2012-07-09  Matt Falkenhagen  <falken@chromium.org>
512
513         Add ENABLE_DIALOG_ELEMENT and skeleton files
514         https://bugs.webkit.org/show_bug.cgi?id=90521
515
516         Reviewed by Kent Tamura.
517
518         * Configurations/FeatureDefines.xcconfig:
519
520 2012-07-08  Ryosuke Niwa  <rniwa@webkit.org>
521
522         gcc build fix after r121925.
523
524         * runtime/JSObject.h:
525         (JSC::JSFinalObject::finishCreation):
526
527 2012-07-08  Zoltan Herczeg  <zherczeg@webkit.org>
528
529         [Qt][ARM] Implementing missing macro assembler instructions after r121925
530         https://bugs.webkit.org/show_bug.cgi?id=90657
531
532         Reviewed by Csaba Osztrogonác.
533
534         Implementing convertibleLoadPtr, replaceWithLoad and
535         replaceWithAddressComputation.
536
537         * assembler/ARMAssembler.h:
538         (JSC::ARMAssembler::replaceWithLoad):
539         (ARMAssembler):
540         (JSC::ARMAssembler::replaceWithAddressComputation):
541         * assembler/MacroAssemblerARM.h:
542         (JSC::MacroAssemblerARM::convertibleLoadPtr):
543         (MacroAssemblerARM):
544
545 2012-07-06  Filip Pizlo  <fpizlo@apple.com>
546
547         WebKit Version 5.1.7 (6534.57.2, r121935): Double-click no longer works on OpenStreetMap
548         https://bugs.webkit.org/show_bug.cgi?id=90703
549
550         Reviewed by Michael Saboff.
551         
552         It turns out that in my object model refactoring, I managed to fix get_by_pname in all
553         execution engines except 64-bit baseline JIT.
554
555         * jit/JITPropertyAccess.cpp:
556         (JSC::JIT::emit_op_get_by_pname):
557
558 2012-07-06  Pravin D  <pravind.2k4@gmail.com>
559
560         Build Error on Qt Linux build
561         https://bugs.webkit.org/show_bug.cgi?id=90699
562
563         Reviewed by Laszlo Gombos.
564
565         * parser/Parser.cpp:
566         (JSC::::parseForStatement):
567         Removed unused boolean variable as this was causing build error on Qt Linux.
568
569 2012-07-06  Nuno Lopes  <nlopes@apple.com>
570
571         Fix build with recent clang.
572         https://bugs.webkit.org/show_bug.cgi?id=90634
573
574         Reviewed by Oliver Hunt.
575
576         * jit/SpecializedThunkJIT.h:
577         (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
578         (SpecializedThunkJIT):
579         * jit/ThunkGenerators.cpp:
580         (JSC::charCodeAtThunkGenerator):
581         (JSC::charAtThunkGenerator):
582         (JSC::fromCharCodeThunkGenerator):
583         (JSC::sqrtThunkGenerator):
584         (JSC::floorThunkGenerator):
585         (JSC::ceilThunkGenerator):
586         (JSC::roundThunkGenerator):
587         (JSC::expThunkGenerator):
588         (JSC::logThunkGenerator):
589         (JSC::absThunkGenerator):
590         (JSC::powThunkGenerator):
591         * parser/ASTBuilder.h:
592         (JSC::ASTBuilder::createAssignResolve):
593         (JSC::ASTBuilder::createForLoop):
594         (JSC::ASTBuilder::createForInLoop):
595         (JSC::ASTBuilder::makeAssignNode):
596         (JSC::ASTBuilder::makePrefixNode):
597         (JSC::ASTBuilder::makePostfixNode):
598         * parser/NodeConstructors.h:
599         (JSC::PostfixErrorNode::PostfixErrorNode):
600         (JSC::PrefixErrorNode::PrefixErrorNode):
601         (JSC::AssignResolveNode::AssignResolveNode):
602         (JSC::AssignErrorNode::AssignErrorNode):
603         (JSC::ForNode::ForNode):
604         (JSC::ForInNode::ForInNode):
605         * parser/Nodes.h:
606         (FunctionCallResolveNode):
607         (PostfixErrorNode):
608         (PrefixErrorNode):
609         (ReadModifyResolveNode):
610         (AssignResolveNode):
611         (AssignErrorNode):
612         (ForNode):
613         (ForInNode):
614         * parser/Parser.cpp:
615         (JSC::::parseVarDeclarationList):
616         (JSC::::parseForStatement):
617         * parser/SyntaxChecker.h:
618         (JSC::SyntaxChecker::createAssignResolve):
619         (JSC::SyntaxChecker::createForLoop):
620
621 2012-07-06  Zoltan Herczeg  <zherczeg@webkit.org>
622
623         [Qt][ARM] REGRESSION(r121885): It broke 30 jsc tests, 500+ layout tests
624         https://bugs.webkit.org/show_bug.cgi?id=90656
625
626         Reviewed by Csaba Osztrogonác.
627
628         Typo fixes.
629
630         * assembler/MacroAssemblerARM.cpp:
631         (JSC::MacroAssemblerARM::load32WithUnalignedHalfWords):
632         Rename getOp2Byte() -> getOp2Half()
633         * assembler/MacroAssemblerARMv7.h:
634         (JSC::MacroAssemblerARMv7::convertibleLoadPtr):
635         Add a necessary space.
636         * jit/JITStubs.cpp:
637         (JSC):
638         Revert INLINE_ARM_FUNCTION macro.
639
640 2012-07-05  Filip Pizlo  <fpizlo@apple.com>
641
642         REGRESSION(r121925): It broke 5 sputnik tests on x86 platforms
643         https://bugs.webkit.org/show_bug.cgi?id=90658
644
645         Reviewed by Zoltan Herczeg.
646         
647         Under the new object model, out-of-line property accesses such as those
648         in ResolveGlobal must account for the fact that the offset to the Kth
649         property is represented by K + inlineStorageCapacity. Hence, the property
650         loads in ResolveGlobal must have an additional -inlineStorageCapacity *
651         sizeof(JSValue) offset.
652
653         * dfg/DFGSpeculativeJIT32_64.cpp:
654         (JSC::DFG::SpeculativeJIT::compile):
655
656 2012-07-05  Csaba Osztrogonác  <ossy@webkit.org>
657
658         [Qt] Unreviewed 64 bit buildfix after r121925.
659
660         * bytecode/PutByIdStatus.cpp:
661         (JSC::PutByIdStatus::computeFromLLInt):
662
663 2012-07-05  Michael Saboff  <msaboff@apple.com>
664
665         JSString::tryHashConstLock() fails to get exclusive lock
666         https://bugs.webkit.org/show_bug.cgi?id=90639
667
668         Reviewed by Oliver Hunt.
669
670         Added check that the string is already locked even before compare and swap.
671
672         * heap/MarkStack.cpp:
673         (JSC::JSString::tryHashConstLock):
674
675 2012-07-04  Filip Pizlo  <fpizlo@apple.com>
676
677         Inline property storage should not be wasted when it is exhausted
678         https://bugs.webkit.org/show_bug.cgi?id=90347
679
680         Reviewed by Gavin Barraclough.
681         
682         Previously, if we switched an object from using inline storage to out-of-line
683         storage, we would abandon the inline storage. This would have two main implications:
684         (i) all accesses to the object, even for properties that were previously in inline
685         storage, must now take an extra indirection; and (ii) we waste a non-trivial amount
686         of space since we must allocate additional out-of-line storage to hold properties
687         that would have fit in the inline storage. There's also the copying cost when
688         switching to out-of-line storage - we must copy all inline properties into ouf-of-line
689         storage.
690         
691         This patch changes the way that object property storage works so that we can use both
692         inline and out-of-line storage concurrently. This is accomplished by introducing a
693         new notion of property offset. This PropertyOffset is a 32-bit signed integer and it
694         behaves as follows:
695         
696         offset == -1: invalid offset, indicating a property that does not exist.
697         
698         0 <= offset <= inlineStorageCapacity: offset into inline storage.
699         
700         inlineStorageCapacity < offset: offset into out-of-line storage.
701         
702         Because non-final objects don't have inline storage, the only valid PropertyOffsets
703         for those objects' properties are -1 or > inlineStorageCapacity.
704         
705         This now means that the decision to use inline or out-of-line storage for an access is
706         made based on the offset, rather than the structure. It also means that any access
707         where the offset is a variable must have an extra branch, unless the type of the
708         object is also known (if it's known to be a non-final object then we can just assert
709         that the offset is >= inlineStorageCapacity).
710         
711         This looks like a big Kraken speed-up and a slight V8 speed-up.
712
713         * GNUmakefile.list.am:
714         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
715         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
716         * JavaScriptCore.xcodeproj/project.pbxproj:
717         * assembler/ARMv7Assembler.h:
718         (ARMv7Assembler):
719         (JSC::ARMv7Assembler::ldrWide8BitImmediate):
720         (JSC::ARMv7Assembler::replaceWithLoad):
721         (JSC::ARMv7Assembler::replaceWithAddressComputation):
722         * assembler/AbstractMacroAssembler.h:
723         (AbstractMacroAssembler):
724         (ConvertibleLoadLabel):
725         (JSC::AbstractMacroAssembler::ConvertibleLoadLabel::ConvertibleLoadLabel):
726         (JSC::AbstractMacroAssembler::ConvertibleLoadLabel::isSet):
727         (JSC::AbstractMacroAssembler::labelIgnoringWatchpoints):
728         (JSC::AbstractMacroAssembler::replaceWithLoad):
729         (JSC::AbstractMacroAssembler::replaceWithAddressComputation):
730         * assembler/CodeLocation.h:
731         (JSC):
732         (CodeLocationCommon):
733         (CodeLocationConvertibleLoad):
734         (JSC::CodeLocationConvertibleLoad::CodeLocationConvertibleLoad):
735         (JSC::CodeLocationCommon::convertibleLoadAtOffset):
736         * assembler/LinkBuffer.cpp:
737         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
738         * assembler/LinkBuffer.h:
739         (LinkBuffer):
740         (JSC::LinkBuffer::locationOf):
741         * assembler/MacroAssemblerARMv7.h:
742         (MacroAssemblerARMv7):
743         (JSC::MacroAssemblerARMv7::convertibleLoadPtr):
744         * assembler/MacroAssemblerX86.h:
745         (JSC::MacroAssemblerX86::convertibleLoadPtr):
746         (MacroAssemblerX86):
747         * assembler/MacroAssemblerX86_64.h:
748         (JSC::MacroAssemblerX86_64::convertibleLoadPtr):
749         (MacroAssemblerX86_64):
750         * assembler/RepatchBuffer.h:
751         (RepatchBuffer):
752         (JSC::RepatchBuffer::replaceWithLoad):
753         (JSC::RepatchBuffer::replaceWithAddressComputation):
754         (JSC::RepatchBuffer::setLoadInstructionIsActive):
755         * assembler/X86Assembler.h:
756         (JSC::X86Assembler::replaceWithLoad):
757         (X86Assembler):
758         (JSC::X86Assembler::replaceWithAddressComputation):
759         * bytecode/CodeBlock.cpp:
760         (JSC::CodeBlock::printGetByIdOp):
761         (JSC::CodeBlock::dump):
762         (JSC::CodeBlock::finalizeUnconditionally):
763         * bytecode/GetByIdStatus.cpp:
764         (JSC::GetByIdStatus::computeFromLLInt):
765         (JSC::GetByIdStatus::computeForChain):
766         (JSC::GetByIdStatus::computeFor):
767         * bytecode/GetByIdStatus.h:
768         (JSC::GetByIdStatus::GetByIdStatus):
769         (JSC::GetByIdStatus::offset):
770         (GetByIdStatus):
771         * bytecode/Opcode.h:
772         (JSC):
773         (JSC::padOpcodeName):
774         * bytecode/PutByIdStatus.cpp:
775         (JSC::PutByIdStatus::computeFromLLInt):
776         (JSC::PutByIdStatus::computeFor):
777         * bytecode/PutByIdStatus.h:
778         (JSC::PutByIdStatus::PutByIdStatus):
779         (JSC::PutByIdStatus::offset):
780         (PutByIdStatus):
781         * bytecode/ResolveGlobalStatus.cpp:
782         (JSC):
783         (JSC::computeForStructure):
784         * bytecode/ResolveGlobalStatus.h:
785         (JSC::ResolveGlobalStatus::ResolveGlobalStatus):
786         (JSC::ResolveGlobalStatus::offset):
787         (ResolveGlobalStatus):
788         * bytecode/StructureSet.h:
789         (StructureSet):
790         * bytecode/StructureStubInfo.h:
791         * dfg/DFGByteCodeParser.cpp:
792         (ByteCodeParser):
793         (JSC::DFG::ByteCodeParser::handleGetByOffset):
794         (JSC::DFG::ByteCodeParser::handleGetById):
795         (JSC::DFG::ByteCodeParser::parseBlock):
796         * dfg/DFGCapabilities.h:
797         (JSC::DFG::canCompileOpcode):
798         * dfg/DFGJITCompiler.cpp:
799         (JSC::DFG::JITCompiler::link):
800         * dfg/DFGJITCompiler.h:
801         (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
802         (PropertyAccessRecord):
803         * dfg/DFGRepatch.cpp:
804         (JSC::DFG::dfgRepatchByIdSelfAccess):
805         (JSC::DFG::generateProtoChainAccessStub):
806         (JSC::DFG::tryCacheGetByID):
807         (JSC::DFG::tryBuildGetByIDList):
808         (JSC::DFG::tryBuildGetByIDProtoList):
809         (JSC::DFG::emitPutReplaceStub):
810         (JSC::DFG::emitPutTransitionStub):
811         (JSC::DFG::tryCachePutByID):
812         (JSC::DFG::tryBuildPutByIdList):
813         * dfg/DFGSpeculativeJIT.h:
814         (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
815         * dfg/DFGSpeculativeJIT32_64.cpp:
816         (JSC::DFG::SpeculativeJIT::cachedGetById):
817         (JSC::DFG::SpeculativeJIT::cachedPutById):
818         (JSC::DFG::SpeculativeJIT::compile):
819         * dfg/DFGSpeculativeJIT64.cpp:
820         (JSC::DFG::SpeculativeJIT::cachedGetById):
821         (JSC::DFG::SpeculativeJIT::cachedPutById):
822         (JSC::DFG::SpeculativeJIT::compile):
823         * heap/MarkStack.cpp:
824         (JSC::visitChildren):
825         * interpreter/Interpreter.cpp:
826         (JSC::Interpreter::tryCacheGetByID):
827         (JSC::Interpreter::privateExecute):
828         * jit/JIT.cpp:
829         (JSC::JIT::privateCompileMainPass):
830         (JSC::JIT::privateCompileSlowCases):
831         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
832         * jit/JIT.h:
833         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
834         (JSC::JIT::compileGetByIdProto):
835         (JSC::JIT::compileGetByIdSelfList):
836         (JSC::JIT::compileGetByIdProtoList):
837         (JSC::JIT::compileGetByIdChainList):
838         (JSC::JIT::compileGetByIdChain):
839         (JSC::JIT::compilePutByIdTransition):
840         (JIT):
841         * jit/JITInlineMethods.h:
842         (JSC::JIT::emitAllocateBasicJSObject):
843         * jit/JITOpcodes.cpp:
844         (JSC::JIT::emit_op_resolve_global):
845         * jit/JITOpcodes32_64.cpp:
846         (JSC::JIT::emit_op_resolve_global):
847         * jit/JITPropertyAccess.cpp:
848         (JSC::JIT::compileGetDirectOffset):
849         (JSC::JIT::emit_op_method_check):
850         (JSC::JIT::compileGetByIdHotPath):
851         (JSC::JIT::emit_op_put_by_id):
852         (JSC::JIT::compilePutDirectOffset):
853         (JSC::JIT::privateCompilePutByIdTransition):
854         (JSC::JIT::patchGetByIdSelf):
855         (JSC::JIT::patchPutByIdReplace):
856         (JSC::JIT::privateCompileGetByIdProto):
857         (JSC::JIT::privateCompileGetByIdSelfList):
858         (JSC::JIT::privateCompileGetByIdProtoList):
859         (JSC::JIT::privateCompileGetByIdChainList):
860         (JSC::JIT::privateCompileGetByIdChain):
861         * jit/JITPropertyAccess32_64.cpp:
862         (JSC::JIT::emit_op_method_check):
863         (JSC::JIT::compileGetByIdHotPath):
864         (JSC::JIT::emit_op_put_by_id):
865         (JSC::JIT::compilePutDirectOffset):
866         (JSC::JIT::compileGetDirectOffset):
867         (JSC::JIT::privateCompilePutByIdTransition):
868         (JSC::JIT::patchGetByIdSelf):
869         (JSC::JIT::patchPutByIdReplace):
870         (JSC::JIT::privateCompileGetByIdProto):
871         (JSC::JIT::privateCompileGetByIdSelfList):
872         (JSC::JIT::privateCompileGetByIdProtoList):
873         (JSC::JIT::privateCompileGetByIdChainList):
874         (JSC::JIT::privateCompileGetByIdChain):
875         (JSC::JIT::emit_op_get_by_pname):
876         * jit/JITStubs.cpp:
877         (JSC::JITThunks::tryCacheGetByID):
878         (JSC::DEFINE_STUB_FUNCTION):
879         * llint/LLIntSlowPaths.cpp:
880         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
881         * llint/LowLevelInterpreter.asm:
882         * llint/LowLevelInterpreter32_64.asm:
883         * llint/LowLevelInterpreter64.asm:
884         * offlineasm/x86.rb:
885         * runtime/JSGlobalObject.h:
886         (JSGlobalObject):
887         (JSC::JSGlobalObject::functionNameOffset):
888         * runtime/JSObject.cpp:
889         (JSC::JSObject::visitChildren):
890         (JSC):
891         (JSC::JSFinalObject::visitChildren):
892         (JSC::JSObject::put):
893         (JSC::JSObject::deleteProperty):
894         (JSC::JSObject::getPropertySpecificValue):
895         (JSC::JSObject::removeDirect):
896         (JSC::JSObject::growOutOfLineStorage):
897         (JSC::JSObject::getOwnPropertyDescriptor):
898         * runtime/JSObject.h:
899         (JSObject):
900         (JSC::JSObject::getDirect):
901         (JSC::JSObject::getDirectLocation):
902         (JSC::JSObject::hasInlineStorage):
903         (JSC::JSObject::inlineStorageUnsafe):
904         (JSC::JSObject::inlineStorage):
905         (JSC::JSObject::outOfLineStorage):
906         (JSC::JSObject::locationForOffset):
907         (JSC::JSObject::offsetForLocation):
908         (JSC::JSObject::getDirectOffset):
909         (JSC::JSObject::putDirectOffset):
910         (JSC::JSObject::putUndefinedAtDirectOffset):
911         (JSC::JSObject::addressOfOutOfLineStorage):
912         (JSC::JSObject::finishCreation):
913         (JSC::JSNonFinalObject::JSNonFinalObject):
914         (JSC::JSNonFinalObject::finishCreation):
915         (JSFinalObject):
916         (JSC::JSFinalObject::finishCreation):
917         (JSC::JSFinalObject::JSFinalObject):
918         (JSC::JSObject::offsetOfOutOfLineStorage):
919         (JSC::JSObject::setOutOfLineStorage):
920         (JSC::JSObject::JSObject):
921         (JSC):
922         (JSC::JSCell::fastGetOwnProperty):
923         (JSC::JSObject::putDirectInternal):
924         (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
925         (JSC::JSObject::putDirectWithoutTransition):
926         (JSC::offsetRelativeToPatchedStorage):
927         (JSC::indexRelativeToBase):
928         (JSC::offsetRelativeToBase):
929         * runtime/JSPropertyNameIterator.cpp:
930         (JSC::JSPropertyNameIterator::create):
931         * runtime/JSPropertyNameIterator.h:
932         (JSPropertyNameIterator):
933         (JSC::JSPropertyNameIterator::getOffset):
934         (JSC::JSPropertyNameIterator::finishCreation):
935         * runtime/JSValue.cpp:
936         (JSC::JSValue::putToPrimitive):
937         * runtime/Operations.h:
938         (JSC::normalizePrototypeChain):
939         * runtime/Options.cpp:
940         (JSC):
941         (JSC::Options::initialize):
942         * runtime/PropertyMapHashTable.h:
943         (PropertyMapEntry):
944         (JSC::PropertyMapEntry::PropertyMapEntry):
945         (PropertyTable):
946         (JSC::PropertyTable::PropertyTable):
947         (JSC::PropertyTable::getDeletedOffset):
948         (JSC::PropertyTable::addDeletedOffset):
949         (JSC::PropertyTable::nextOffset):
950         (JSC):
951         (JSC::PropertyTable::sizeInMemory):
952         * runtime/PropertyOffset.h: Added.
953         (JSC):
954         (JSC::checkOffset):
955         (JSC::validateOffset):
956         (JSC::isValidOffset):
957         (JSC::isInlineOffset):
958         (JSC::isOutOfLineOffset):
959         (JSC::offsetInInlineStorage):
960         (JSC::offsetInOutOfLineStorage):
961         (JSC::offsetInRespectiveStorage):
962         (JSC::numberOfOutOfLineSlotsForLastOffset):
963         (JSC::numberOfSlotsForLastOffset):
964         (JSC::nextPropertyOffsetFor):
965         (JSC::firstPropertyOffsetFor):
966         * runtime/PropertySlot.h:
967         (JSC::PropertySlot::cachedOffset):
968         (JSC::PropertySlot::setValue):
969         (JSC::PropertySlot::setCacheableGetterSlot):
970         (JSC::PropertySlot::clearOffset):
971         * runtime/PutPropertySlot.h:
972         (JSC::PutPropertySlot::setExistingProperty):
973         (JSC::PutPropertySlot::setNewProperty):
974         (JSC::PutPropertySlot::cachedOffset):
975         (PutPropertySlot):
976         * runtime/Structure.cpp:
977         (JSC::Structure::Structure):
978         (JSC::Structure::materializePropertyMap):
979         (JSC::nextOutOfLineStorageCapacity):
980         (JSC::Structure::growOutOfLineCapacity):
981         (JSC::Structure::suggestedNewOutOfLineStorageCapacity):
982         (JSC::Structure::addPropertyTransitionToExistingStructure):
983         (JSC::Structure::addPropertyTransition):
984         (JSC::Structure::removePropertyTransition):
985         (JSC::Structure::flattenDictionaryStructure):
986         (JSC::Structure::addPropertyWithoutTransition):
987         (JSC::Structure::removePropertyWithoutTransition):
988         (JSC::Structure::copyPropertyTableForPinning):
989         (JSC::Structure::get):
990         (JSC::Structure::putSpecificValue):
991         (JSC::Structure::remove):
992         * runtime/Structure.h:
993         (Structure):
994         (JSC::Structure::putWillGrowOutOfLineStorage):
995         (JSC::Structure::previousID):
996         (JSC::Structure::outOfLineCapacity):
997         (JSC::Structure::outOfLineSizeForKnownFinalObject):
998         (JSC::Structure::outOfLineSizeForKnownNonFinalObject):
999         (JSC::Structure::outOfLineSize):
1000         (JSC::Structure::hasInlineStorage):
1001         (JSC::Structure::inlineCapacity):
1002         (JSC::Structure::inlineSizeForKnownFinalObject):
1003         (JSC::Structure::inlineSize):
1004         (JSC::Structure::totalStorageSize):
1005         (JSC::Structure::totalStorageCapacity):
1006         (JSC::Structure::firstValidOffset):
1007         (JSC::Structure::lastValidOffset):
1008         (JSC::Structure::isValidOffset):
1009         (JSC::Structure::isEmpty):
1010         (JSC::Structure::transitionCount):
1011         (JSC::Structure::get):
1012
1013 2012-07-05  Oliver Hunt  <oliver@apple.com>
1014
1015         JSObjectCallAsFunction should thisConvert the provided thisObject
1016         https://bugs.webkit.org/show_bug.cgi?id=90628
1017
1018         Reviewed by Gavin Barraclough.
1019
1020         Perform this conversion on the provided this object.
1021
1022         * API/JSObjectRef.cpp:
1023         (JSObjectCallAsFunction):
1024
1025 2012-07-05  Zoltan Herczeg  <zherczeg@webkit.org>
1026
1027         [Qt] Unreviewed buildfix after r121886. Typo fix.
1028
1029         * assembler/MacroAssemblerARM.cpp:
1030         (JSC::MacroAssemblerARM::load32WithUnalignedHalfWords):
1031
1032 2012-07-05  Zoltan Herczeg  <zherczeg@webkit.org>
1033
1034         Port DFG JIT to traditional ARM
1035         https://bugs.webkit.org/show_bug.cgi?id=90198
1036
1037         Reviewed by Filip Pizlo.
1038
1039         This patch contains the macro assembler part of the
1040         DFG JIT support on ARM systems with fixed 32 bit instruction
1041         width. A large amount of old code was refactored, and the ARMv4
1042         or lower support is removed from the macro assembler.
1043
1044         Sunspider is improved by 8%, and V8 is 92%.
1045
1046         * assembler/ARMAssembler.cpp:
1047         (JSC::ARMAssembler::dataTransfer32):
1048         (JSC::ARMAssembler::baseIndexTransfer32):
1049         (JSC):
1050         (JSC::ARMAssembler::dataTransfer16):
1051         (JSC::ARMAssembler::baseIndexTransfer16):
1052         (JSC::ARMAssembler::dataTransferFloat):
1053         (JSC::ARMAssembler::baseIndexTransferFloat):
1054         (JSC::ARMAssembler::executableCopy):
1055         * assembler/ARMAssembler.h:
1056         (JSC::ARMAssembler::ARMAssembler):
1057         (JSC::ARMAssembler::emitInst):
1058         (JSC::ARMAssembler::vmov_f64_r):
1059         (ARMAssembler):
1060         (JSC::ARMAssembler::vabs_f64_r):
1061         (JSC::ARMAssembler::vneg_f64_r):
1062         (JSC::ARMAssembler::ldr_imm):
1063         (JSC::ARMAssembler::ldr_un_imm):
1064         (JSC::ARMAssembler::dtr_u):
1065         (JSC::ARMAssembler::dtr_ur):
1066         (JSC::ARMAssembler::dtr_d):
1067         (JSC::ARMAssembler::dtr_dr):
1068         (JSC::ARMAssembler::dtrh_u):
1069         (JSC::ARMAssembler::dtrh_ur):
1070         (JSC::ARMAssembler::dtrh_d):
1071         (JSC::ARMAssembler::dtrh_dr):
1072         (JSC::ARMAssembler::fdtr_u):
1073         (JSC::ARMAssembler::fdtr_d):
1074         (JSC::ARMAssembler::push_r):
1075         (JSC::ARMAssembler::pop_r):
1076         (JSC::ARMAssembler::poke_r):
1077         (JSC::ARMAssembler::peek_r):
1078         (JSC::ARMAssembler::vmov_vfp64_r):
1079         (JSC::ARMAssembler::vmov_arm64_r):
1080         (JSC::ARMAssembler::vmov_vfp32_r):
1081         (JSC::ARMAssembler::vmov_arm32_r):
1082         (JSC::ARMAssembler::vcvt_u32_f64_r):
1083         (JSC::ARMAssembler::vcvt_f64_f32_r):
1084         (JSC::ARMAssembler::vcvt_f32_f64_r):
1085         (JSC::ARMAssembler::clz_r):
1086         (JSC::ARMAssembler::bkpt):
1087         (JSC::ARMAssembler::bx):
1088         (JSC::ARMAssembler::blx):
1089         (JSC::ARMAssembler::labelIgnoringWatchpoints):
1090         (JSC::ARMAssembler::labelForWatchpoint):
1091         (JSC::ARMAssembler::label):
1092         (JSC::ARMAssembler::getLdrImmAddress):
1093         (JSC::ARMAssembler::replaceWithJump):
1094         (JSC::ARMAssembler::maxJumpReplacementSize):
1095         (JSC::ARMAssembler::getOp2Byte):
1096         (JSC::ARMAssembler::getOp2Half):
1097         (JSC::ARMAssembler::RM):
1098         (JSC::ARMAssembler::RS):
1099         (JSC::ARMAssembler::RD):
1100         (JSC::ARMAssembler::RN):
1101         * assembler/AssemblerBufferWithConstantPool.h:
1102         (JSC::AssemblerBufferWithConstantPool::ensureSpaceForAnyInstruction):
1103         * assembler/MacroAssemblerARM.cpp:
1104         (JSC::MacroAssemblerARM::load32WithUnalignedHalfWords):
1105         * assembler/MacroAssemblerARM.h:
1106         (JSC::MacroAssemblerARM::add32):
1107         (MacroAssemblerARM):
1108         (JSC::MacroAssemblerARM::and32):
1109         (JSC::MacroAssemblerARM::lshift32):
1110         (JSC::MacroAssemblerARM::mul32):
1111         (JSC::MacroAssemblerARM::neg32):
1112         (JSC::MacroAssemblerARM::rshift32):
1113         (JSC::MacroAssemblerARM::urshift32):
1114         (JSC::MacroAssemblerARM::xor32):
1115         (JSC::MacroAssemblerARM::load8):
1116         (JSC::MacroAssemblerARM::load8Signed):
1117         (JSC::MacroAssemblerARM::load16):
1118         (JSC::MacroAssemblerARM::load16Signed):
1119         (JSC::MacroAssemblerARM::load32):
1120         (JSC::MacroAssemblerARM::load32WithAddressOffsetPatch):
1121         (JSC::MacroAssemblerARM::store32WithAddressOffsetPatch):
1122         (JSC::MacroAssemblerARM::store8):
1123         (JSC::MacroAssemblerARM::store16):
1124         (JSC::MacroAssemblerARM::store32):
1125         (JSC::MacroAssemblerARM::move):
1126         (JSC::MacroAssemblerARM::jump):
1127         (JSC::MacroAssemblerARM::branchAdd32):
1128         (JSC::MacroAssemblerARM::mull32):
1129         (JSC::MacroAssemblerARM::branchMul32):
1130         (JSC::MacroAssemblerARM::nearCall):
1131         (JSC::MacroAssemblerARM::compare32):
1132         (JSC::MacroAssemblerARM::test32):
1133         (JSC::MacroAssemblerARM::sub32):
1134         (JSC::MacroAssemblerARM::call):
1135         (JSC::MacroAssemblerARM::loadFloat):
1136         (JSC::MacroAssemblerARM::loadDouble):
1137         (JSC::MacroAssemblerARM::storeFloat):
1138         (JSC::MacroAssemblerARM::storeDouble):
1139         (JSC::MacroAssemblerARM::moveDouble):
1140         (JSC::MacroAssemblerARM::addDouble):
1141         (JSC::MacroAssemblerARM::divDouble):
1142         (JSC::MacroAssemblerARM::subDouble):
1143         (JSC::MacroAssemblerARM::mulDouble):
1144         (JSC::MacroAssemblerARM::absDouble):
1145         (JSC::MacroAssemblerARM::negateDouble):
1146         (JSC::MacroAssemblerARM::convertInt32ToDouble):
1147         (JSC::MacroAssemblerARM::convertFloatToDouble):
1148         (JSC::MacroAssemblerARM::convertDoubleToFloat):
1149         (JSC::MacroAssemblerARM::branchTruncateDoubleToInt32):
1150         (JSC::MacroAssemblerARM::branchTruncateDoubleToUint32):
1151         (JSC::MacroAssemblerARM::truncateDoubleToInt32):
1152         (JSC::MacroAssemblerARM::truncateDoubleToUint32):
1153         (JSC::MacroAssemblerARM::branchConvertDoubleToInt32):
1154         (JSC::MacroAssemblerARM::branchDoubleNonZero):
1155         (JSC::MacroAssemblerARM::branchDoubleZeroOrNaN):
1156         (JSC::MacroAssemblerARM::invert):
1157         (JSC::MacroAssemblerARM::replaceWithJump):
1158         (JSC::MacroAssemblerARM::maxJumpReplacementSize):
1159         (JSC::MacroAssemblerARM::call32):
1160         * assembler/SH4Assembler.h:
1161         (JSC::SH4Assembler::label):
1162         * dfg/DFGAssemblyHelpers.h:
1163         (JSC::DFG::AssemblyHelpers::debugCall):
1164         (JSC::DFG::AssemblyHelpers::boxDouble):
1165         (JSC::DFG::AssemblyHelpers::unboxDouble):
1166         * dfg/DFGCCallHelpers.h:
1167         (CCallHelpers):
1168         (JSC::DFG::CCallHelpers::setupArguments):
1169         * dfg/DFGFPRInfo.h:
1170         (DFG):
1171         * dfg/DFGGPRInfo.h:
1172         (DFG):
1173         (GPRInfo):
1174         * dfg/DFGOperations.cpp:
1175         (JSC):
1176         * dfg/DFGSpeculativeJIT.h:
1177         (SpeculativeJIT):
1178         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
1179         (JSC::DFG::SpeculativeJIT::appendCallSetResult):
1180         * jit/JITStubs.cpp:
1181         (JSC):
1182         * jit/JITStubs.h:
1183         (JITStackFrame):
1184         * jit/JSInterfaceJIT.h:
1185         (JSInterfaceJIT):
1186
1187 2012-07-04  Anthony Scian  <ascian@rim.com>
1188
1189         Web Inspector [JSC]: Implement ScriptCallStack::stackTrace
1190         https://bugs.webkit.org/show_bug.cgi?id=40118
1191
1192         Reviewed by Yong Li.
1193
1194         Added member functions to expose function name, urlString, and line #.
1195         Refactored toString to make use of these member functions to reduce
1196         duplicated code for future maintenance.
1197
1198         Manually tested refactoring of toString by tracing thrown exceptions.
1199
1200         * interpreter/Interpreter.h:
1201         (JSC::StackFrame::toString):
1202         (JSC::StackFrame::friendlySourceURL):
1203         (JSC::StackFrame::friendlyFunctionName):
1204         (JSC::StackFrame::friendlyLineNumber):
1205
1206 2012-07-04  Andy Wingo  <wingo@igalia.com>
1207
1208         [GTK] Enable parallel GC
1209         https://bugs.webkit.org/show_bug.cgi?id=90568
1210
1211         Reviewed by Martin Robinson.
1212
1213         * runtime/Options.cpp: Include <algorithm.h> for std::min.
1214
1215 2012-07-04  John Mellor  <johnme@chromium.org>
1216
1217         Text Autosizing: Add compile flag and runtime setting
1218         https://bugs.webkit.org/show_bug.cgi?id=87394
1219
1220         This patch renames Font Boosting to Text Autosizing.
1221
1222         Reviewed by Adam Barth.
1223
1224         * Configurations/FeatureDefines.xcconfig:
1225
1226 2012-07-03  Michael Saboff  <msaboff@apple.com>
1227
1228         Enh: Hash Const JSString in Backing Stores to Save Memory
1229         https://bugs.webkit.org/show_bug.cgi?id=86024
1230
1231         Reviewed by Oliver Hunt.
1232
1233         During garbage collection, each marking thread keeps a HashMap of
1234         strings.  While visiting via MarkStack::copyAndAppend(), we check to
1235         see if the string we are visiting is already in the HashMap.  If not
1236         we add it. If so, we change the reference to the current string we're
1237         visiting to the prior string.
1238
1239         To reduce the performance impact of this change, two throttles have
1240         ben added.  1) We only try hash consting if a significant number of new 
1241         strings have been created since the last hash const.  Currently this is
1242         set at 100 strings.  2) If a string is unique at the end of a marking
1243         it will not be checked during further GC phases. In some cases this
1244         won't catch all duplicates, but we are trying to catch the growth of
1245         duplicate strings.
1246
1247         * heap/Heap.cpp:
1248         (JSC::Heap::markRoots):
1249         * heap/MarkStack.cpp:
1250         (JSC::MarkStackThreadSharedData::resetChildren):
1251         (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
1252         (JSC::MarkStackThreadSharedData::reset):
1253         (JSC::MarkStack::setup): Check to see if enough strings have been created
1254         to hash const.
1255         (JSC::MarkStack::reset): Added call to clear m_uniqueStrings.
1256         (JSC::JSString::tryHashConstLock): New method to lock JSString for
1257         hash consting.
1258         (JSC::JSString::releaseHashConstLock): New unlock method.
1259         (JSC::JSString::shouldTryHashConst): Set of checks to see if we should
1260         try to hash const the string.
1261         (JSC::MarkStack::internalAppend): New method that performs the hash consting.
1262         (JSC::SlotVisitor::copyAndAppend): Changed to call the new hash
1263         consting internalAppend().
1264         * heap/MarkStack.h:
1265         (MarkStackThreadSharedData):
1266         (MarkStack):
1267         * runtime/JSGlobalData.cpp:
1268         (JSC::JSGlobalData::JSGlobalData):
1269         * runtime/JSGlobalData.h:
1270         (JSGlobalData):
1271         (JSC::JSGlobalData::haveEnoughNewStringsToHashConst):
1272         (JSC::JSGlobalData::resetNewStringsSinceLastHashConst):
1273         * runtime/JSString.h:
1274         (JSString): Changed from using bool flags to using an unsigned
1275         m_flags field.  This works better with the weakCompareAndSwap in
1276         JSString::tryHashConstLock(). Changed the 8bitness setting and
1277         checking to use new accessors.
1278         (JSC::JSString::JSString):
1279         (JSC::JSString::finishCreation):
1280         (JSC::JSString::is8Bit): Updated for new m_flags.
1281         (JSC::JSString::setIs8Bit): New setter.
1282         New hash const flags accessors:
1283         (JSC::JSString::isHashConstSingleton):
1284         (JSC::JSString::clearHashConstSingleton):
1285         (JSC::JSString::setHashConstSingleton):
1286         (JSC::JSRopeString::finishCreation):
1287         (JSC::JSRopeString::append):
1288
1289 2012-07-03  Tony Chang  <tony@chromium.org>
1290
1291         [chromium] Unreviewed, update .gitignore to handle VS2010 files.
1292
1293         * JavaScriptCore.gyp/.gitignore:
1294
1295 2012-07-03  Mark Lam  <mark.lam@apple.com>
1296
1297         Add ability to symbolically set and dump JSC VM options.
1298         See comments in runtime/Options.h for details on how the options work.
1299         https://bugs.webkit.org/show_bug.cgi?id=90420
1300
1301         Reviewed by Filip Pizlo.
1302
1303         * assembler/LinkBuffer.cpp:
1304         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
1305         * assembler/LinkBuffer.h:
1306         (JSC):
1307         * bytecode/CodeBlock.cpp:
1308         (JSC::CodeBlock::shouldOptimizeNow):
1309         * bytecode/CodeBlock.h:
1310         (JSC::CodeBlock::likelyToTakeSlowCase):
1311         (JSC::CodeBlock::couldTakeSlowCase):
1312         (JSC::CodeBlock::likelyToTakeSpecialFastCase):
1313         (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
1314         (JSC::CodeBlock::likelyToTakeAnySlowCase):
1315         (JSC::CodeBlock::jitAfterWarmUp):
1316         (JSC::CodeBlock::jitSoon):
1317         (JSC::CodeBlock::reoptimizationRetryCounter):
1318         (JSC::CodeBlock::countReoptimization):
1319         (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
1320         (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
1321         (JSC::CodeBlock::optimizeSoon):
1322         (JSC::CodeBlock::exitCountThresholdForReoptimization):
1323         (JSC::CodeBlock::exitCountThresholdForReoptimizationFromLoop):
1324         * bytecode/ExecutionCounter.h:
1325         (JSC::ExecutionCounter::clippedThreshold):
1326         * dfg/DFGByteCodeParser.cpp:
1327         (JSC::DFG::ByteCodeParser::handleInlining):
1328         * dfg/DFGCapabilities.h:
1329         (JSC::DFG::mightCompileEval):
1330         (JSC::DFG::mightCompileProgram):
1331         (JSC::DFG::mightCompileFunctionForCall):
1332         (JSC::DFG::mightCompileFunctionForConstruct):
1333         (JSC::DFG::mightInlineFunctionForCall):
1334         (JSC::DFG::mightInlineFunctionForConstruct):
1335         * dfg/DFGCommon.h:
1336         (JSC::DFG::shouldShowDisassembly):
1337         * dfg/DFGDriver.cpp:
1338         (JSC::DFG::compile):
1339         * dfg/DFGOSRExit.cpp:
1340         (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
1341         * dfg/DFGVariableAccessData.h:
1342         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
1343         * heap/MarkStack.cpp:
1344         (JSC::MarkStackSegmentAllocator::allocate):
1345         (JSC::MarkStackSegmentAllocator::shrinkReserve):
1346         (JSC::MarkStackArray::MarkStackArray):
1347         (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
1348         (JSC::SlotVisitor::donateKnownParallel):
1349         (JSC::SlotVisitor::drain):
1350         (JSC::SlotVisitor::drainFromShared):
1351         * heap/MarkStack.h:
1352         (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
1353         (JSC::MarkStack::addOpaqueRoot):
1354         * heap/SlotVisitor.h:
1355         (JSC::SlotVisitor::donate):
1356         * jit/JIT.cpp:
1357         (JSC::JIT::emitOptimizationCheck):
1358         * jsc.cpp:
1359         (printUsageStatement):
1360         (parseArguments):
1361         * runtime/InitializeThreading.cpp:
1362         (JSC::initializeThreadingOnce):
1363         * runtime/JSGlobalData.cpp:
1364         (JSC::enableAssembler):
1365         * runtime/JSGlobalObject.cpp:
1366         (JSC::JSGlobalObject::JSGlobalObject):
1367         * runtime/Options.cpp:
1368         (JSC):
1369         (JSC::overrideOptionWithHeuristic):
1370         (JSC::Options::initialize):
1371         (JSC::Options::setOption):
1372         (JSC::Options::dumpAllOptions):
1373         (JSC::Options::dumpOption):
1374         * runtime/Options.h:
1375         (JSC):
1376         (Options):
1377         (EntryInfo):
1378
1379 2012-07-03  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>  Joel Dillon <joel.dillon@codethink.co.uk>
1380
1381         [Qt][Win] Fix broken QtWebKit5.lib linking
1382         https://bugs.webkit.org/show_bug.cgi?id=88321
1383
1384         Reviewed by Kenneth Rohde Christiansen.
1385
1386         The goal is to have different ports build systems define STATICALLY_LINKED_WITH_WTF
1387         when building JavaScriptCore, if both are packaged in the same DLL, instead
1388         of relying on the code to handle this.
1389         The effects of BUILDING_* and STATICALLY_LINKED_WITH_* are currently the same
1390         except for a check in Source/JavaScriptCore/config.h.
1391
1392         Keeping the old way for the WX port as requested by the port's contributors.
1393         For non-Windows ports there is no difference between IMPORT and EXPORT, no
1394         change is needed.
1395
1396         * API/JSBase.h:
1397           JS symbols shouldn't be included by WTF objects anymore. Remove the export when BUILDING_WTF.
1398         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
1399           Make sure that JavaScriptCore uses import symbols of WTF for the Win port.
1400         * runtime/JSExportMacros.h:
1401
1402 2012-07-02  Filip Pizlo  <fpizlo@apple.com>
1403
1404         DFG OSR exit value recoveries should be computed lazily
1405         https://bugs.webkit.org/show_bug.cgi?id=82155
1406
1407         Reviewed by Gavin Barraclough.
1408         
1409         This change aims to reduce one aspect of DFG compile times: the fact
1410         that we currently compute the value recoveries for each local and
1411         argument on every speculation check. We compile many speculation checks,
1412         so this can add up quick. The strategy that this change takes is to
1413         have the DFG save just enough information about how the compiler is
1414         choosing to represent state, that the DFG::OSRExitCompiler can reify
1415         the value recoveries lazily.
1416         
1417         This appears to be an 0.3% SunSpider speed-up and is neutral elsewhere.
1418         
1419         I also took the opportunity to fix the sampling regions profiler (it
1420         was missing an export macro) and to put in more sampling regions in
1421         the DFG (which are disabled so long as ENABLE(SAMPLING_REGIONS) is
1422         false).
1423         
1424         * CMakeLists.txt:
1425         * GNUmakefile.list.am:
1426         * JavaScriptCore.xcodeproj/project.pbxproj:
1427         * Target.pri:
1428         * bytecode/CodeBlock.cpp:
1429         (JSC):
1430         (JSC::CodeBlock::shrinkDFGDataToFit):
1431         * bytecode/CodeBlock.h:
1432         (CodeBlock):
1433         (JSC::CodeBlock::minifiedDFG):
1434         (JSC::CodeBlock::variableEventStream):
1435         (DFGData):
1436         * bytecode/Operands.h:
1437         (JSC::Operands::hasOperand):
1438         (Operands):
1439         (JSC::Operands::size):
1440         (JSC::Operands::at):
1441         (JSC::Operands::operator[]):
1442         (JSC::Operands::isArgument):
1443         (JSC::Operands::isVariable):
1444         (JSC::Operands::argumentForIndex):
1445         (JSC::Operands::variableForIndex):
1446         (JSC::Operands::operandForIndex):
1447         (JSC):
1448         (JSC::dumpOperands):
1449         * bytecode/SamplingTool.h:
1450         (SamplingRegion):
1451         * dfg/DFGByteCodeParser.cpp:
1452         (JSC::DFG::parse):
1453         * dfg/DFGCFAPhase.cpp:
1454         (JSC::DFG::performCFA):
1455         * dfg/DFGCSEPhase.cpp:
1456         (JSC::DFG::performCSE):
1457         * dfg/DFGFixupPhase.cpp:
1458         (JSC::DFG::performFixup):
1459         * dfg/DFGGenerationInfo.h:
1460         (JSC::DFG::GenerationInfo::GenerationInfo):
1461         (JSC::DFG::GenerationInfo::initConstant):
1462         (JSC::DFG::GenerationInfo::initInteger):
1463         (JSC::DFG::GenerationInfo::initJSValue):
1464         (JSC::DFG::GenerationInfo::initCell):
1465         (JSC::DFG::GenerationInfo::initBoolean):
1466         (JSC::DFG::GenerationInfo::initDouble):
1467         (JSC::DFG::GenerationInfo::initStorage):
1468         (GenerationInfo):
1469         (JSC::DFG::GenerationInfo::noticeOSRBirth):
1470         (JSC::DFG::GenerationInfo::use):
1471         (JSC::DFG::GenerationInfo::spill):
1472         (JSC::DFG::GenerationInfo::setSpilled):
1473         (JSC::DFG::GenerationInfo::fillJSValue):
1474         (JSC::DFG::GenerationInfo::fillCell):
1475         (JSC::DFG::GenerationInfo::fillInteger):
1476         (JSC::DFG::GenerationInfo::fillBoolean):
1477         (JSC::DFG::GenerationInfo::fillDouble):
1478         (JSC::DFG::GenerationInfo::fillStorage):
1479         (JSC::DFG::GenerationInfo::appendFill):
1480         (JSC::DFG::GenerationInfo::appendSpill):
1481         * dfg/DFGJITCompiler.cpp:
1482         (JSC::DFG::JITCompiler::link):
1483         (JSC::DFG::JITCompiler::compile):
1484         (JSC::DFG::JITCompiler::compileFunction):
1485         * dfg/DFGMinifiedGraph.h: Added.
1486         (DFG):
1487         (MinifiedGraph):
1488         (JSC::DFG::MinifiedGraph::MinifiedGraph):
1489         (JSC::DFG::MinifiedGraph::at):
1490         (JSC::DFG::MinifiedGraph::append):
1491         (JSC::DFG::MinifiedGraph::prepareAndShrink):
1492         (JSC::DFG::MinifiedGraph::setOriginalGraphSize):
1493         (JSC::DFG::MinifiedGraph::originalGraphSize):
1494         * dfg/DFGMinifiedNode.cpp: Added.
1495         (DFG):
1496         (JSC::DFG::MinifiedNode::fromNode):
1497         * dfg/DFGMinifiedNode.h: Added.
1498         (DFG):
1499         (JSC::DFG::belongsInMinifiedGraph):
1500         (MinifiedNode):
1501         (JSC::DFG::MinifiedNode::MinifiedNode):
1502         (JSC::DFG::MinifiedNode::index):
1503         (JSC::DFG::MinifiedNode::op):
1504         (JSC::DFG::MinifiedNode::hasChild1):
1505         (JSC::DFG::MinifiedNode::child1):
1506         (JSC::DFG::MinifiedNode::hasConstant):
1507         (JSC::DFG::MinifiedNode::hasConstantNumber):
1508         (JSC::DFG::MinifiedNode::constantNumber):
1509         (JSC::DFG::MinifiedNode::hasWeakConstant):
1510         (JSC::DFG::MinifiedNode::weakConstant):
1511         (JSC::DFG::MinifiedNode::getIndex):
1512         (JSC::DFG::MinifiedNode::compareByNodeIndex):
1513         (JSC::DFG::MinifiedNode::hasChild):
1514         * dfg/DFGNode.h:
1515         (Node):
1516         * dfg/DFGOSRExit.cpp:
1517         (JSC::DFG::OSRExit::OSRExit):
1518         * dfg/DFGOSRExit.h:
1519         (OSRExit):
1520         * dfg/DFGOSRExitCompiler.cpp:
1521         * dfg/DFGOSRExitCompiler.h:
1522         (OSRExitCompiler):
1523         * dfg/DFGOSRExitCompiler32_64.cpp:
1524         (JSC::DFG::OSRExitCompiler::compileExit):
1525         * dfg/DFGOSRExitCompiler64.cpp:
1526         (JSC::DFG::OSRExitCompiler::compileExit):
1527         * dfg/DFGPredictionPropagationPhase.cpp:
1528         (JSC::DFG::performPredictionPropagation):
1529         * dfg/DFGRedundantPhiEliminationPhase.cpp:
1530         (JSC::DFG::performRedundantPhiElimination):
1531         * dfg/DFGSpeculativeJIT.cpp:
1532         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
1533         (DFG):
1534         (JSC::DFG::SpeculativeJIT::fillStorage):
1535         (JSC::DFG::SpeculativeJIT::noticeOSRBirth):
1536         (JSC::DFG::SpeculativeJIT::compileMovHint):
1537         (JSC::DFG::SpeculativeJIT::compile):
1538         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
1539         * dfg/DFGSpeculativeJIT.h:
1540         (DFG):
1541         (JSC::DFG::SpeculativeJIT::use):
1542         (SpeculativeJIT):
1543         (JSC::DFG::SpeculativeJIT::spill):
1544         (JSC::DFG::SpeculativeJIT::speculationCheck):
1545         (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
1546         (JSC::DFG::SpeculativeJIT::recordSetLocal):
1547         * dfg/DFGSpeculativeJIT32_64.cpp:
1548         (JSC::DFG::SpeculativeJIT::fillInteger):
1549         (JSC::DFG::SpeculativeJIT::fillDouble):
1550         (JSC::DFG::SpeculativeJIT::fillJSValue):
1551         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1552         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1553         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1554         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1555         (JSC::DFG::SpeculativeJIT::compile):
1556         * dfg/DFGSpeculativeJIT64.cpp:
1557         (JSC::DFG::SpeculativeJIT::fillInteger):
1558         (JSC::DFG::SpeculativeJIT::fillDouble):
1559         (JSC::DFG::SpeculativeJIT::fillJSValue):
1560         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1561         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1562         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1563         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1564         (JSC::DFG::SpeculativeJIT::compile):
1565         * dfg/DFGValueRecoveryOverride.h: Added.
1566         (DFG):
1567         (ValueRecoveryOverride):
1568         (JSC::DFG::ValueRecoveryOverride::ValueRecoveryOverride):
1569         * dfg/DFGValueSource.cpp: Added.
1570         (DFG):
1571         (JSC::DFG::ValueSource::dump):
1572         * dfg/DFGValueSource.h: Added.
1573         (DFG):
1574         (JSC::DFG::dataFormatToValueSourceKind):
1575         (JSC::DFG::valueSourceKindToDataFormat):
1576         (JSC::DFG::isInRegisterFile):
1577         (ValueSource):
1578         (JSC::DFG::ValueSource::ValueSource):
1579         (JSC::DFG::ValueSource::forPrediction):
1580         (JSC::DFG::ValueSource::forDataFormat):
1581         (JSC::DFG::ValueSource::isSet):
1582         (JSC::DFG::ValueSource::kind):
1583         (JSC::DFG::ValueSource::isInRegisterFile):
1584         (JSC::DFG::ValueSource::dataFormat):
1585         (JSC::DFG::ValueSource::valueRecovery):
1586         (JSC::DFG::ValueSource::nodeIndex):
1587         (JSC::DFG::ValueSource::nodeIndexFromKind):
1588         (JSC::DFG::ValueSource::kindFromNodeIndex):
1589         * dfg/DFGVariableEvent.cpp: Added.
1590         (DFG):
1591         (JSC::DFG::VariableEvent::dump):
1592         (JSC::DFG::VariableEvent::dumpFillInfo):
1593         (JSC::DFG::VariableEvent::dumpSpillInfo):
1594         * dfg/DFGVariableEvent.h: Added.
1595         (DFG):
1596         (VariableEvent):
1597         (JSC::DFG::VariableEvent::VariableEvent):
1598         (JSC::DFG::VariableEvent::reset):
1599         (JSC::DFG::VariableEvent::fillGPR):
1600         (JSC::DFG::VariableEvent::fillPair):
1601         (JSC::DFG::VariableEvent::fillFPR):
1602         (JSC::DFG::VariableEvent::spill):
1603         (JSC::DFG::VariableEvent::death):
1604         (JSC::DFG::VariableEvent::setLocal):
1605         (JSC::DFG::VariableEvent::movHint):
1606         (JSC::DFG::VariableEvent::kind):
1607         (JSC::DFG::VariableEvent::nodeIndex):
1608         (JSC::DFG::VariableEvent::dataFormat):
1609         (JSC::DFG::VariableEvent::gpr):
1610         (JSC::DFG::VariableEvent::tagGPR):
1611         (JSC::DFG::VariableEvent::payloadGPR):
1612         (JSC::DFG::VariableEvent::fpr):
1613         (JSC::DFG::VariableEvent::virtualRegister):
1614         (JSC::DFG::VariableEvent::operand):
1615         (JSC::DFG::VariableEvent::variableRepresentation):
1616         * dfg/DFGVariableEventStream.cpp: Added.
1617         (DFG):
1618         (JSC::DFG::VariableEventStream::logEvent):
1619         (MinifiedGenerationInfo):
1620         (JSC::DFG::MinifiedGenerationInfo::MinifiedGenerationInfo):
1621         (JSC::DFG::MinifiedGenerationInfo::update):
1622         (JSC::DFG::VariableEventStream::reconstruct):
1623         * dfg/DFGVariableEventStream.h: Added.
1624         (DFG):
1625         (VariableEventStream):
1626         (JSC::DFG::VariableEventStream::appendAndLog):
1627         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1628         (JSC::DFG::performVirtualRegisterAllocation):
1629
1630 2012-07-02  Filip Pizlo  <fpizlo@apple.com>
1631
1632         DFG::ArgumentsSimplificationPhase should assert that the PhantomArguments nodes it creates are not shouldGenerate()
1633         https://bugs.webkit.org/show_bug.cgi?id=90407
1634
1635         Reviewed by Mark Hahnenberg.
1636
1637         * dfg/DFGArgumentsSimplificationPhase.cpp:
1638         (JSC::DFG::ArgumentsSimplificationPhase::run):
1639
1640 2012-07-02  Gavin Barraclough  <barraclough@apple.com>
1641
1642         Array.prototype.pop should throw if property is not configurable
1643         https://bugs.webkit.org/show_bug.cgi?id=75788
1644
1645         Rubber Stamped by Oliver Hunt.
1646
1647         No real bug here any more, but the error we throw sometimes has a misleading message.
1648  
1649         * runtime/JSArray.cpp:
1650         (JSC::JSArray::pop):
1651
1652 2012-06-29  Filip Pizlo  <fpizlo@apple.com>
1653
1654         JSObject wastes too much memory on unused property slots
1655         https://bugs.webkit.org/show_bug.cgi?id=90255
1656
1657         Reviewed by Mark Hahnenberg.
1658         
1659         Rolling back in after applying a simple fix: it appears that
1660         JSObject::setStructureAndReallocateStorageIfNecessary() was allocating more
1661         property storage than necessary. Fixing this appears to resolve the crash.
1662         
1663         This does a few things:
1664         
1665         - JSNonFinalObject no longer has inline property storage.
1666         
1667         - Initial out-of-line property storage size is 4 slots for JSNonFinalObject,
1668           or 2x the inline storage for JSFinalObject.
1669         
1670         - Property storage is only reallocated if it needs to be. Previously, we
1671           would reallocate the property storage on any transition where the original
1672           structure said shouldGrowProperyStorage(), but this led to spurious
1673           reallocations when doing transitionless property adds and there are
1674           deleted property slots available. That in turn led to crashes, because we
1675           would switch to out-of-line storage even if the capacity matched the
1676           criteria for inline storage.
1677         
1678         - Inline JSFunction allocation is killed off because we don't have a good
1679           way of inlining property storage allocation. This didn't hurt performance.
1680           Killing off code is better than fixing it if that code wasn't doing any
1681           good.
1682         
1683         This looks like a 1% progression on V8.
1684
1685         * interpreter/Interpreter.cpp:
1686         (JSC::Interpreter::privateExecute):
1687         * jit/JIT.cpp:
1688         (JSC::JIT::privateCompileSlowCases):
1689         * jit/JIT.h:
1690         * jit/JITInlineMethods.h:
1691         (JSC::JIT::emitAllocateBasicJSObject):
1692         (JSC):
1693         * jit/JITOpcodes.cpp:
1694         (JSC::JIT::emit_op_new_func):
1695         (JSC):
1696         (JSC::JIT::emit_op_new_func_exp):
1697         * runtime/JSFunction.cpp:
1698         (JSC::JSFunction::finishCreation):
1699         * runtime/JSObject.h:
1700         (JSC::JSObject::isUsingInlineStorage):
1701         (JSObject):
1702         (JSC::JSObject::finishCreation):
1703         (JSC):
1704         (JSC::JSNonFinalObject::hasInlineStorage):
1705         (JSNonFinalObject):
1706         (JSC::JSNonFinalObject::JSNonFinalObject):
1707         (JSC::JSNonFinalObject::finishCreation):
1708         (JSC::JSFinalObject::hasInlineStorage):
1709         (JSC::JSFinalObject::finishCreation):
1710         (JSC::JSObject::offsetOfInlineStorage):
1711         (JSC::JSObject::setPropertyStorage):
1712         (JSC::Structure::inlineStorageCapacity):
1713         (JSC::Structure::isUsingInlineStorage):
1714         (JSC::JSObject::putDirectInternal):
1715         (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
1716         (JSC::JSObject::putDirectWithoutTransition):
1717         * runtime/Structure.cpp:
1718         (JSC::Structure::Structure):
1719         (JSC::nextPropertyStorageCapacity):
1720         (JSC):
1721         (JSC::Structure::growPropertyStorageCapacity):
1722         (JSC::Structure::suggestedNewPropertyStorageSize):
1723         * runtime/Structure.h:
1724         (JSC::Structure::putWillGrowPropertyStorage):
1725         (Structure):
1726
1727 2012-06-29  Filip Pizlo  <fpizlo@apple.com>
1728
1729         Webkit crashes in DFG on Google Docs when creating a new document
1730         https://bugs.webkit.org/show_bug.cgi?id=90209
1731
1732         Reviewed by Gavin Barraclough.
1733         
1734         Don't attempt to short-circuit Phantom(GetLocal) if the GetLocal is for a
1735         captured variable.
1736
1737         * dfg/DFGCFGSimplificationPhase.cpp:
1738         (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
1739
1740 2012-06-30  Zan Dobersek  <zandobersek@gmail.com>
1741
1742         Unreviewed, rolling out r121605.
1743         http://trac.webkit.org/changeset/121605
1744         https://bugs.webkit.org/show_bug.cgi?id=90336
1745
1746         Changes caused flaky crashes in sputnik/Unicode tests on Apple
1747         WK1 and GTK Linux builders
1748
1749         * interpreter/Interpreter.cpp:
1750         (JSC::Interpreter::privateExecute):
1751         * jit/JIT.cpp:
1752         (JSC::JIT::privateCompileSlowCases):
1753         * jit/JIT.h:
1754         * jit/JITInlineMethods.h:
1755         (JSC::JIT::emitAllocateBasicJSObject):
1756         (JSC::JIT::emitAllocateJSFinalObject):
1757         (JSC):
1758         (JSC::JIT::emitAllocateJSFunction):
1759         * jit/JITOpcodes.cpp:
1760         (JSC::JIT::emit_op_new_func):
1761         (JSC::JIT::emitSlow_op_new_func):
1762         (JSC):
1763         (JSC::JIT::emit_op_new_func_exp):
1764         (JSC::JIT::emitSlow_op_new_func_exp):
1765         * runtime/JSFunction.cpp:
1766         (JSC::JSFunction::finishCreation):
1767         * runtime/JSObject.h:
1768         (JSC::JSObject::isUsingInlineStorage):
1769         (JSObject):
1770         (JSC::JSObject::finishCreation):
1771         (JSC):
1772         (JSNonFinalObject):
1773         (JSC::JSNonFinalObject::JSNonFinalObject):
1774         (JSC::JSNonFinalObject::finishCreation):
1775         (JSFinalObject):
1776         (JSC::JSFinalObject::finishCreation):
1777         (JSC::JSObject::offsetOfInlineStorage):
1778         (JSC::JSObject::setPropertyStorage):
1779         (JSC::Structure::isUsingInlineStorage):
1780         (JSC::JSObject::putDirectInternal):
1781         (JSC::JSObject::putDirectWithoutTransition):
1782         (JSC::JSObject::transitionTo):
1783         * runtime/Structure.cpp:
1784         (JSC::Structure::Structure):
1785         (JSC):
1786         (JSC::Structure::growPropertyStorageCapacity):
1787         (JSC::Structure::suggestedNewPropertyStorageSize):
1788         * runtime/Structure.h:
1789         (JSC::Structure::shouldGrowPropertyStorage):
1790         (JSC::Structure::propertyStorageSize):
1791
1792 2012-06-29  Mark Hahnenberg  <mhahnenberg@apple.com>
1793
1794         Remove warning about protected values when the Heap is being destroyed
1795         https://bugs.webkit.org/show_bug.cgi?id=90302
1796
1797         Reviewed by Geoffrey Garen.
1798
1799         Having to do book-keeping about whether values allocated from a certain 
1800         VM are or are not protected makes the JSC API much more difficult to use 
1801         correctly. Clients should be able to throw an entire VM away and not have 
1802         to worry about unprotecting all of the values that they protected earlier.
1803
1804         * heap/Heap.cpp:
1805         (JSC::Heap::lastChanceToFinalize):
1806
1807 2012-06-29  Filip Pizlo  <fpizlo@apple.com>
1808
1809         JSObject wastes too much memory on unused property slots
1810         https://bugs.webkit.org/show_bug.cgi?id=90255
1811
1812         Reviewed by Mark Hahnenberg.
1813         
1814         This does a few things:
1815         
1816         - JSNonFinalObject no longer has inline property storage.
1817         
1818         - Initial out-of-line property storage size is 4 slots for JSNonFinalObject,
1819           or 2x the inline storage for JSFinalObject.
1820         
1821         - Property storage is only reallocated if it needs to be. Previously, we
1822           would reallocate the property storage on any transition where the original
1823           structure said shouldGrowProperyStorage(), but this led to spurious
1824           reallocations when doing transitionless property adds and there are
1825           deleted property slots available. That in turn led to crashes, because we
1826           would switch to out-of-line storage even if the capacity matched the
1827           criteria for inline storage.
1828         
1829         - Inline JSFunction allocation is killed off because we don't have a good
1830           way of inlining property storage allocation. This didn't hurt performance.
1831           Killing off code is better than fixing it if that code wasn't doing any
1832           good.
1833         
1834         This looks like a 1% progression on V8.
1835
1836         * interpreter/Interpreter.cpp:
1837         (JSC::Interpreter::privateExecute):
1838         * jit/JIT.cpp:
1839         (JSC::JIT::privateCompileSlowCases):
1840         * jit/JIT.h:
1841         * jit/JITInlineMethods.h:
1842         (JSC::JIT::emitAllocateBasicJSObject):
1843         (JSC):
1844         * jit/JITOpcodes.cpp:
1845         (JSC::JIT::emit_op_new_func):
1846         (JSC):
1847         (JSC::JIT::emit_op_new_func_exp):
1848         * runtime/JSFunction.cpp:
1849         (JSC::JSFunction::finishCreation):
1850         * runtime/JSObject.h:
1851         (JSC::JSObject::isUsingInlineStorage):
1852         (JSObject):
1853         (JSC::JSObject::finishCreation):
1854         (JSC):
1855         (JSC::JSNonFinalObject::hasInlineStorage):
1856         (JSNonFinalObject):
1857         (JSC::JSNonFinalObject::JSNonFinalObject):
1858         (JSC::JSNonFinalObject::finishCreation):
1859         (JSC::JSFinalObject::hasInlineStorage):
1860         (JSC::JSFinalObject::finishCreation):
1861         (JSC::JSObject::offsetOfInlineStorage):
1862         (JSC::JSObject::setPropertyStorage):
1863         (JSC::Structure::inlineStorageCapacity):
1864         (JSC::Structure::isUsingInlineStorage):
1865         (JSC::JSObject::putDirectInternal):
1866         (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
1867         (JSC::JSObject::putDirectWithoutTransition):
1868         * runtime/Structure.cpp:
1869         (JSC::Structure::Structure):
1870         (JSC::nextPropertyStorageCapacity):
1871         (JSC):
1872         (JSC::Structure::growPropertyStorageCapacity):
1873         (JSC::Structure::suggestedNewPropertyStorageSize):
1874         * runtime/Structure.h:
1875         (JSC::Structure::putWillGrowPropertyStorage):
1876         (Structure):
1877
1878 2012-06-28  Filip Pizlo  <fpizlo@apple.com>
1879
1880         DFG recompilation heuristics should be based on count, not rate
1881         https://bugs.webkit.org/show_bug.cgi?id=90146
1882
1883         Reviewed by Oliver Hunt.
1884         
1885         This removes a bunch of code that was previously trying to prevent spurious
1886         reoptimizations if a large enough majority of executions of a code block did
1887         not result in OSR exit. It turns out that this code was purely harmful. This
1888         patch removes all of that logic and replaces it with a dead-simple
1889         heuristic: if you exit more than N times (where N is an exponential function
1890         of the number of times the code block has already been recompiled) then we
1891         will recompile.
1892         
1893         This appears to be a broad ~1% win on many benchmarks large and small.
1894
1895         * bytecode/CodeBlock.cpp:
1896         (JSC::CodeBlock::CodeBlock):
1897         * bytecode/CodeBlock.h:
1898         (JSC::CodeBlock::osrExitCounter):
1899         (JSC::CodeBlock::countOSRExit):
1900         (CodeBlock):
1901         (JSC::CodeBlock::addressOfOSRExitCounter):
1902         (JSC::CodeBlock::offsetOfOSRExitCounter):
1903         (JSC::CodeBlock::adjustedExitCountThreshold):
1904         (JSC::CodeBlock::exitCountThresholdForReoptimization):
1905         (JSC::CodeBlock::exitCountThresholdForReoptimizationFromLoop):
1906         (JSC::CodeBlock::shouldReoptimizeNow):
1907         (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
1908         * bytecode/ExecutionCounter.cpp:
1909         (JSC::ExecutionCounter::setThreshold):
1910         * bytecode/ExecutionCounter.h:
1911         (ExecutionCounter):
1912         (JSC::ExecutionCounter::clippedThreshold):
1913         * dfg/DFGJITCompiler.cpp:
1914         (JSC::DFG::JITCompiler::compileBody):
1915         * dfg/DFGOSRExit.cpp:
1916         (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
1917         * dfg/DFGOSRExitCompiler.cpp:
1918         (JSC::DFG::OSRExitCompiler::handleExitCounts):
1919         * dfg/DFGOperations.cpp:
1920         * jit/JITStubs.cpp:
1921         (JSC::DEFINE_STUB_FUNCTION):
1922         * runtime/Options.cpp:
1923         (Options):
1924         (JSC::Options::initializeOptions):
1925         * runtime/Options.h:
1926         (Options):
1927
1928 2012-06-28  Mark Lam  <mark.lam@apple.com>
1929
1930         Adding a commenting utility to record BytecodeGenerator comments
1931         with opcodes that are emitted.  Presently, the comments can only
1932         be constant strings.  Adding comments for opcodes is optional.
1933         If a comment is added, the comment will be printed following the
1934         opcode when CodeBlock::dump() is called.
1935
1936         This utility is disabled by default, and is only meant for VM
1937         development purposes.  It should not be enabled for product builds.
1938
1939         To enable this utility, set ENABLE_BYTECODE_COMMENTS in CodeBlock.h
1940         to 1.
1941
1942         https://bugs.webkit.org/show_bug.cgi?id=90095
1943
1944         Reviewed by Geoffrey Garen.
1945
1946         * GNUmakefile.list.am:
1947         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1948         * JavaScriptCore.xcodeproj/project.pbxproj:
1949         * bytecode/CodeBlock.cpp:
1950         (JSC::CodeBlock::dumpBytecodeCommentAndNewLine): Dumps the comment.
1951         (JSC):
1952         (JSC::CodeBlock::printUnaryOp): Add comment dumps.
1953         (JSC::CodeBlock::printBinaryOp): Add comment dumps.
1954         (JSC::CodeBlock::printConditionalJump): Add comment dumps.
1955         (JSC::CodeBlock::printCallOp): Add comment dumps.
1956         (JSC::CodeBlock::printPutByIdOp): Add comment dumps.
1957         (JSC::CodeBlock::dump): Add comment dumps.
1958         (JSC::CodeBlock::CodeBlock):
1959         (JSC::CodeBlock::commentForBytecodeOffset):
1960             Finds the comment for an opcode if available.
1961         (JSC::CodeBlock::dumpBytecodeComments):
1962             For debugging whether comments are collected.
1963             It is not being called anywhere.
1964         * bytecode/CodeBlock.h:
1965         (CodeBlock):
1966         (JSC::CodeBlock::bytecodeComments):
1967         * bytecode/Comment.h: Added.
1968         (JSC):
1969         (Comment):
1970         * bytecompiler/BytecodeGenerator.cpp:
1971         (JSC::BytecodeGenerator::BytecodeGenerator):
1972         (JSC::BytecodeGenerator::emitOpcode): Calls emitComment().
1973         (JSC):
1974         (JSC::BytecodeGenerator::emitComment): Adds comment to CodeBlock.
1975         (JSC::BytecodeGenerator::prependComment):
1976             Registers a comment for emitComemnt() to use later.
1977         * bytecompiler/BytecodeGenerator.h:
1978         (BytecodeGenerator):
1979         (JSC::BytecodeGenerator::emitComment):
1980         (JSC::BytecodeGenerator::prependComment):
1981             These are inlined versions of these functions that nullify them
1982             when ENABLE_BYTECODE_COMMENTS is 0.
1983         (JSC::BytecodeGenerator::comments):
1984
1985 2012-06-28  Oliver Hunt  <oliver@apple.com>
1986
1987         32bit DFG incorrectly claims an fpr is fillable even if it has not been proven double
1988         https://bugs.webkit.org/show_bug.cgi?id=90127
1989
1990         Reviewed by Filip Pizlo.
1991
1992         The 32-bit version of fillSpeculateDouble doesn't handle Number->fpr loads
1993         correctly.  This patch fixes this by killing the fill info in the GenerationInfo
1994         when the spillFormat doesn't guarantee the value is a double.
1995
1996         * dfg/DFGSpeculativeJIT32_64.cpp:
1997         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1998
1999 2012-06-28  Kent Tamura  <tkent@chromium.org>
2000
2001         Classify form control states by their owner forms
2002         https://bugs.webkit.org/show_bug.cgi?id=89950
2003
2004         Reviewed by Hajime Morita.
2005
2006         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2007         Expose WTF::StringBuilder::canShrink()
2008
2009 2012-06-27  Michael Saboff  <msaboff@apple.com>
2010
2011         [Win] jscore-tests flakey
2012         https://bugs.webkit.org/show_bug.cgi?id=88118
2013
2014         Reviewed by Jessie Berlin.
2015
2016         jsDriver.pl on windows intermittently doesn't get the returned value from jsc,
2017         instead it gets 126.  Added a new option to jsc (-x) which prints the exit
2018         code before exiting.  jsDriver.pl uses this option on Windows and parses the
2019         exit code output for the exit code, removing it before comparing the actual
2020         and expected outputs.  Filed a follow on "FIXME" defect:
2021         [WIN] Intermittent failure for jsc return value to propagate through jsDriver.pl
2022         https://bugs.webkit.org/show_bug.cgi?id=90119
2023
2024         * jsc.cpp:
2025         (CommandLine::CommandLine):
2026         (CommandLine):
2027         (printUsageStatement):
2028         (parseArguments):
2029         (jscmain):
2030         * tests/mozilla/jsDriver.pl:
2031         (execute_tests):
2032
2033 2012-06-27  Sheriff Bot  <webkit.review.bot@gmail.com>
2034
2035         Unreviewed, rolling out r121359.
2036         http://trac.webkit.org/changeset/121359
2037         https://bugs.webkit.org/show_bug.cgi?id=90115
2038
2039         Broke many inspector tests (Requested by jpfau on #webkit).
2040
2041         * interpreter/Interpreter.h:
2042         (JSC::StackFrame::toString):
2043
2044 2012-06-27  Filip Pizlo  <fpizlo@apple.com>
2045
2046         Javascript SHA-512 gives wrong hash on second and subsequent runs unless Web Inspector Javascript Debugging is on
2047         https://bugs.webkit.org/show_bug.cgi?id=90053
2048         <rdar://problem/11764613>
2049
2050         Reviewed by Mark Hahnenberg.
2051         
2052         The problem is that the code was assuming that the recovery should be Undefined if the source of
2053         the SetLocal was !shouldGenerate(). But that's wrong, since the DFG optimizer may skip around a
2054         UInt32ToNumber node (hence making it !shouldGenerate()) and keep the source of that node alive.
2055         In that case we should base the recovery on the source of the UInt32ToNumber. The logic for this
2056         was already in place but the fast check for !shouldGenerate() broke it.
2057
2058         * dfg/DFGSpeculativeJIT.cpp:
2059         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
2060
2061 2012-06-27  Filip Pizlo  <fpizlo@apple.com>
2062
2063         DFG disassembly should be easier to read
2064         https://bugs.webkit.org/show_bug.cgi?id=90106
2065
2066         Reviewed by Mark Hahnenberg.
2067         
2068         Did a few things:
2069         
2070         - Options::showDFGDisassembly now shows OSR exit disassembly as well.
2071         
2072         - Phi node dumping doesn't attempt to do line wrapping since it just made the dump harder
2073           to read.
2074         
2075         - DFG graph disassembly view shows a few additional node types that turn out to be
2076           essential for understanding OSR exits.
2077         
2078         Put together, these changes reinforce the philosophy that anything needed for computing
2079         OSR exit is just as important as the machine code itself. Of course, we still don't take
2080         that philosophy to its full extreme - for example Phantom nodes are not dumped. We may
2081         revisit that in the future.
2082
2083         * assembler/LinkBuffer.cpp:
2084         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
2085         * assembler/LinkBuffer.h:
2086         (JSC):
2087         * dfg/DFGDisassembler.cpp:
2088         (JSC::DFG::Disassembler::dump):
2089         * dfg/DFGGraph.cpp:
2090         (JSC::DFG::Graph::dumpBlockHeader):
2091         * dfg/DFGNode.h:
2092         (JSC::DFG::Node::willHaveCodeGenOrOSR):
2093         * dfg/DFGOSRExitCompiler.cpp:
2094         * jit/JIT.cpp:
2095         (JSC::JIT::privateCompile):
2096
2097 2012-06-25  Mark Hahnenberg  <mhahnenberg@apple.com>
2098
2099         JSLock should be per-JSGlobalData
2100         https://bugs.webkit.org/show_bug.cgi?id=89123
2101
2102         Reviewed by Geoffrey Garen.
2103
2104         * API/APIShims.h:
2105         (APIEntryShimWithoutLock):
2106         (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): Added an extra parameter to the constructor to 
2107         determine whether we should ref the JSGlobalData or not. We want to ref all the time except for in the 
2108         HeapTimer class because timerDidFire could run after somebody has started to tear down that particular 
2109         JSGlobalData, so we wouldn't want to resurrect the ref count of that JSGlobalData from 0 back to 1 after 
2110         its destruction has begun. 
2111         (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
2112         (JSC::APIEntryShim::APIEntryShim):
2113         (APIEntryShim):
2114         (JSC::APIEntryShim::~APIEntryShim):
2115         (JSC::APIEntryShim::init): Factored out common initialization code for the various APIEntryShim constructors.
2116         Also moved the timeoutChecker stop and start here because we need to start after we've grabbed the API lock
2117         and before we've released it, which can only done in APIEntryShim.
2118         (JSC::APICallbackShim::~APICallbackShim): We no longer need to synchronize here.
2119         * API/JSContextRef.cpp:
2120         (JSGlobalContextCreate):
2121         (JSGlobalContextCreateInGroup):
2122         (JSGlobalContextRelease):
2123         (JSContextCreateBacktrace):
2124         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2125         * heap/CopiedSpace.cpp:
2126         (JSC::CopiedSpace::tryAllocateSlowCase):
2127         * heap/Heap.cpp:
2128         (JSC::Heap::protect):
2129         (JSC::Heap::unprotect):
2130         (JSC::Heap::collect):
2131         (JSC::Heap::setActivityCallback):
2132         (JSC::Heap::activityCallback):
2133         (JSC::Heap::sweeper):
2134         * heap/Heap.h: Changed m_activityCallback and m_sweeper to be raw pointers rather than OwnPtrs because they 
2135         are now responsible for their own lifetime. Also changed the order of declaration of the GCActivityCallback
2136         and the IncrementalSweeper to make sure they're the last things that get initialized during construction to 
2137         prevent any issues with uninitialized memory in the JSGlobalData/Heap they might care about.
2138         (Heap):
2139         * heap/HeapTimer.cpp: Refactored to allow for thread-safe operation and shutdown.
2140         (JSC::HeapTimer::~HeapTimer):
2141         (JSC::HeapTimer::invalidate):
2142         (JSC):
2143         (JSC::HeapTimer::didStartVMShutdown): Called at the beginning of ~JSGlobalData. If we're on the same thread 
2144         that the HeapTimer is running on, we kill the HeapTimer ourselves. If not, then we set some state in the 
2145         HeapTimer and schedule it to fire immediately so that it can notice and kill itself.
2146         (JSC::HeapTimer::timerDidFire): We grab our mutex and check our JSGlobalData pointer. If it has been zero-ed
2147         out, then we know the VM has started to shutdown and we should kill ourselves. Otherwise, grab the APIEntryShim,
2148         but without ref-ing the JSGlobalData (we don't want to bring the JSGlobalData's ref-count from 0 to 1) in case 
2149         we were interrupted between releasing our mutex and trying to grab the APILock.
2150         * heap/HeapTimer.h:
2151         (HeapTimer):
2152         * heap/IncrementalSweeper.cpp:
2153         (JSC::IncrementalSweeper::doWork): We no longer need the API shim here since HeapTimer::timerDidFire handles 
2154         all of that for us. 
2155         (JSC::IncrementalSweeper::create):
2156         * heap/IncrementalSweeper.h:
2157         (IncrementalSweeper):
2158         * heap/MarkedAllocator.cpp:
2159         (JSC::MarkedAllocator::allocateSlowCase):
2160         * heap/WeakBlock.cpp:
2161         (JSC::WeakBlock::reap):
2162         * jsc.cpp:
2163         (functionGC):
2164         (functionReleaseExecutableMemory):
2165         (jscmain):
2166         * runtime/Completion.cpp:
2167         (JSC::checkSyntax):
2168         (JSC::evaluate):
2169         * runtime/GCActivityCallback.h:
2170         (DefaultGCActivityCallback):
2171         (JSC::DefaultGCActivityCallback::create):
2172         * runtime/JSGlobalData.cpp:
2173         (JSC::JSGlobalData::JSGlobalData):
2174         (JSC::JSGlobalData::~JSGlobalData): Signals to the two HeapTimers (GCActivityCallback and IncrementalSweeper)
2175         that the VM has started shutting down. It then waits until the HeapTimer is done with whatever activity 
2176         it needs to do before continuing with any further destruction. Also asserts that we do not currently hold the 
2177         APILock because this could potentially cause deadlock when we try to signal to the HeapTimers using their mutexes.
2178         (JSC::JSGlobalData::sharedInstance): Protect the initialization for the shared instance with the GlobalJSLock.
2179         (JSC::JSGlobalData::sharedInstanceInternal):
2180         * runtime/JSGlobalData.h: Change to be ThreadSafeRefCounted so that we don't have to worry about refing and 
2181         de-refing JSGlobalDatas on separate threads since we don't do it that often anyways.
2182         (JSGlobalData):
2183         (JSC::JSGlobalData::apiLock):
2184         * runtime/JSGlobalObject.cpp:
2185         (JSC::JSGlobalObject::~JSGlobalObject):
2186         (JSC::JSGlobalObject::init):
2187         * runtime/JSLock.cpp:
2188         (JSC):
2189         (JSC::GlobalJSLock::GlobalJSLock): For accessing the shared instance.
2190         (JSC::GlobalJSLock::~GlobalJSLock):
2191         (JSC::JSLockHolder::JSLockHolder): MutexLocker for JSLock. Also refs the JSGlobalData to keep it alive so that 
2192         it can successfully unlock it later without it disappearing from underneath it.
2193         (JSC::JSLockHolder::~JSLockHolder):
2194         (JSC::JSLock::JSLock):
2195         (JSC::JSLock::~JSLock):
2196         (JSC::JSLock::lock): Uses the spin lock for guarding the lock count and owner thread fields. Uses the mutex for 
2197         actually waiting for long periods. 
2198         (JSC::JSLock::unlock):
2199         (JSC::JSLock::currentThreadIsHoldingLock):
2200         (JSC::JSLock::dropAllLocks):
2201         (JSC::JSLock::dropAllLocksUnconditionally):
2202         (JSC::JSLock::grabAllLocks):
2203         (JSC::JSLock::DropAllLocks::DropAllLocks):
2204         (JSC::JSLock::DropAllLocks::~DropAllLocks):
2205         * runtime/JSLock.h:
2206         (JSC):
2207         (GlobalJSLock):
2208         (JSLockHolder):
2209         (JSLock):
2210         (DropAllLocks):
2211         * runtime/WeakGCMap.h:
2212         (JSC::WeakGCMap::set):
2213         * testRegExp.cpp:
2214         (realMain):
2215
2216 2012-06-27  Filip Pizlo  <fpizlo@apple.com>
2217
2218         x86 disassembler confuses immediates with addresses
2219         https://bugs.webkit.org/show_bug.cgi?id=90099
2220
2221         Reviewed by Mark Hahnenberg.
2222         
2223         Prepend "$" to immediates to disambiguate between immediates and addresses. This is in
2224         accordance with the gas and AT&T syntax.
2225
2226         * disassembler/udis86/udis86_syn-att.c:
2227         (gen_operand):
2228
2229 2012-06-27  Filip Pizlo  <fpizlo@apple.com>
2230
2231         Add a comment clarifying Options::showDisassembly versus Options::showDFGDisassembly.
2232
2233         Rubber stamped by Mark Hahnenberg.
2234
2235         * runtime/Options.cpp:
2236         (JSC::Options::initializeOptions):
2237
2238 2012-06-27  Anthony Scian  <ascian@rim.com>
2239
2240         Web Inspector [JSC]: Implement ScriptCallStack::stackTrace
2241         https://bugs.webkit.org/show_bug.cgi?id=40118
2242
2243         Reviewed by Yong Li.
2244
2245         Added member functions to expose function name, urlString, and line #.
2246         Refactored toString to make use of these member functions to reduce
2247         duplicated code for future maintenance.
2248
2249         Manually tested refactoring of toString by tracing thrown exceptions.
2250
2251         * interpreter/Interpreter.h:
2252         (StackFrame):
2253         (JSC::StackFrame::toString):
2254         (JSC::StackFrame::friendlySourceURL):
2255         (JSC::StackFrame::friendlyFunctionName):
2256         (JSC::StackFrame::friendlyLineNumber):
2257
2258 2012-06-27  Oswald Buddenhagen  <oswald.buddenhagen@nokia.com>
2259
2260         [Qt] Remove redundant c++11 warning suppression code
2261
2262         This is already handled in default_post.
2263
2264         Reviewed by Tor Arne Vestbø.
2265
2266         * Target.pri:
2267
2268 2012-06-26  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
2269
2270         [Qt] Add missing heades to HEADERS
2271
2272         For JavaScriptCore there aren't any Qt specific files, so we include all
2273         headers for easy editing in Qt Creator.
2274
2275         Reviewed by Simon Hausmann.
2276
2277         * Target.pri:
2278
2279 2012-06-26  Dominic Cooney  <dominicc@chromium.org>
2280
2281         [Chromium] Remove unused build scripts and empty folders for JavaScriptCore w/ gyp
2282         https://bugs.webkit.org/show_bug.cgi?id=90029
2283
2284         Reviewed by Adam Barth.
2285
2286         * gyp: Removed.
2287         * gyp/generate-derived-sources.sh: Removed.
2288         * gyp/generate-dtrace-header.sh: Removed.
2289         * gyp/run-if-exists.sh: Removed.
2290         * gyp/update-info-plist.sh: Removed.
2291
2292 2012-06-26  Geoffrey Garen  <ggaren@apple.com>
2293
2294         Reduced (but did not eliminate) use of "berzerker GC"
2295         https://bugs.webkit.org/show_bug.cgi?id=89237
2296
2297         Reviewed by Gavin Barraclough.
2298
2299         (PART 2)
2300
2301         This part turns off "berzerker GC" and turns on incremental shrinking.
2302
2303         * heap/IncrementalSweeper.cpp:
2304         (JSC::IncrementalSweeper::doSweep): Free or shrink after sweeping to
2305         maintain the behavior we used to get from the occasional berzerker GC,
2306         which would run all finalizers and then free or shrink all blocks
2307         synchronously.
2308
2309         * heap/MarkedBlock.h:
2310         (JSC::MarkedBlock::needsSweeping): Sweep zapped blocks, too. It's always
2311         safe to sweep a zapped block (that's the point of zapping), and it's
2312         sometimes profitable. For example, consider this case: Block A does some
2313         allocation (transitioning Block A from Marked to FreeListed), then GC
2314         happens (transitioning Block A to Zapped), then all objects in Block A
2315         are free, then the incremental sweeper visits Block A. If we skipped
2316         Zapped blocks, we'd skip Block A, even though it would be profitable to
2317         run its destructors and free its memory.
2318
2319         * runtime/GCActivityCallback.cpp:
2320         (JSC::DefaultGCActivityCallback::doWork): Don't sweep eagerly; we'll do
2321         this incrementally.
2322
2323 2012-06-26  Filip Pizlo  <fpizlo@apple.com>
2324
2325         DFG PutByValAlias is too aggressive
2326         https://bugs.webkit.org/show_bug.cgi?id=90026
2327         <rdar://problem/11751830>
2328
2329         Reviewed by Gavin Barraclough.
2330         
2331         For CSE on normal arrays, we now treat PutByVal as impure. This does not appear to affect
2332         performance by much.
2333         
2334         For CSE on typed arrays, we fix PutByValAlias by making GetByVal speculate that the access
2335         is within bounds. This also has the effect of making our out-of-bounds handling consistent
2336         with WebCore.
2337
2338         * dfg/DFGCSEPhase.cpp:
2339         (JSC::DFG::CSEPhase::performNodeCSE):
2340         * dfg/DFGGraph.h:
2341         (JSC::DFG::Graph::byValIsPure):
2342         (JSC::DFG::Graph::clobbersWorld):
2343         * dfg/DFGNodeType.h:
2344         (DFG):
2345         * dfg/DFGSpeculativeJIT.cpp:
2346         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
2347         (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
2348
2349 2012-06-26  Yong Li  <yoli@rim.com>
2350
2351         [BlackBerry] Add JSC statistics into about:memory
2352         https://bugs.webkit.org/show_bug.cgi?id=89779
2353
2354         Reviewed by Rob Buis.
2355
2356         Fix non-JIT build on BlackBerry broken by r121196.
2357
2358         * runtime/MemoryStatistics.cpp:
2359         (JSC::globalMemoryStatistics):
2360
2361 2012-06-25  Filip Pizlo  <fpizlo@apple.com>
2362
2363         DFG::operationNewArray is unnecessarily slow, and may use the wrong array
2364         prototype when inlined
2365         https://bugs.webkit.org/show_bug.cgi?id=89821
2366
2367         Reviewed by Geoffrey Garen.
2368         
2369         Fixes all array allocations to use the right structure, and hence the right prototype. Adds
2370         inlining of new Array(...) with a non-zero number of arguments. Optimizes allocations of
2371         empty arrays.
2372
2373         * dfg/DFGAbstractState.cpp:
2374         (JSC::DFG::AbstractState::execute):
2375         * dfg/DFGByteCodeParser.cpp:
2376         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
2377         * dfg/DFGCCallHelpers.h:
2378         (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
2379         (CCallHelpers):
2380         * dfg/DFGNodeType.h:
2381         (DFG):
2382         * dfg/DFGOperations.cpp:
2383         * dfg/DFGOperations.h:
2384         * dfg/DFGPredictionPropagationPhase.cpp:
2385         (JSC::DFG::PredictionPropagationPhase::propagate):
2386         * dfg/DFGSpeculativeJIT.h:
2387         (JSC::DFG::SpeculativeJIT::callOperation):
2388         * dfg/DFGSpeculativeJIT32_64.cpp:
2389         (JSC::DFG::SpeculativeJIT::compile):
2390         * dfg/DFGSpeculativeJIT64.cpp:
2391         (JSC::DFG::SpeculativeJIT::compile):
2392         * runtime/JSArray.h:
2393         (JSC):
2394         (JSC::constructArray):
2395         * runtime/JSGlobalObject.h:
2396         (JSC):
2397         (JSC::constructArray):
2398
2399 2012-06-26  Filip Pizlo  <fpizlo@apple.com>
2400
2401         New fast/js/dfg-store-unexpected-value-into-argument-and-osr-exit.html fails on 32 bit
2402         https://bugs.webkit.org/show_bug.cgi?id=89953
2403
2404         Reviewed by Zoltan Herczeg.
2405         
2406         DFG 32-bit JIT was confused about the difference between a predicted type and a
2407         proven type. This is easy to get confused about, since a local that is predicted int32
2408         almost always means that the local must be an int32 since speculations are hoisted to
2409         stores to locals. But that is less likely to be the case for arguments, where there is
2410         an additional least-upper-bounding step: any store to an argument with a weird type
2411         may force the argument to be any type.
2412         
2413         This patch basically duplicates the functionality in DFGSpeculativeJIT64.cpp for
2414         GetLocal: the decision of whether to load a local as an int32 (or as an array, or as
2415         a boolean) is made based on the AbstractValue::m_type, which is a type proof, rather
2416         than the VariableAccessData::prediction(), which is a predicted type.
2417
2418         * dfg/DFGSpeculativeJIT32_64.cpp:
2419         (JSC::DFG::SpeculativeJIT::compile):
2420
2421 2012-06-25  Filip Pizlo  <fpizlo@apple.com>
2422
2423         JSC should try to make profiling deterministic because otherwise reproducing failures is
2424         nearly impossible
2425         https://bugs.webkit.org/show_bug.cgi?id=89940
2426
2427         Rubber stamped by Gavin Barraclough.
2428         
2429         This rolls out the part of http://trac.webkit.org/changeset/121215 that introduced randomness
2430         into the system. Now, instead of randomizing the tier-up threshold, we always set it to an
2431         artificially low (and statically predetermined!) value. This gives most of the benefit of
2432         threshold randomization without actually making the system behave completely differently on
2433         each invocation.
2434
2435         * bytecode/ExecutionCounter.cpp:
2436         (JSC::ExecutionCounter::setThreshold):
2437         * runtime/Options.cpp:
2438         (Options):
2439         (JSC::Options::initializeOptions):
2440         * runtime/Options.h:
2441         (Options):
2442
2443 2012-06-22  Filip Pizlo  <fpizlo@apple.com>
2444
2445         Value profiling should use tier-up threshold randomization to get more coverage
2446         https://bugs.webkit.org/show_bug.cgi?id=89802
2447
2448         Reviewed by Gavin Barraclough.
2449         
2450         This patch causes both LLInt and Baseline JIT code to take the OSR slow path several
2451         times before actually doing OSR. If we take the OSR slow path before the execution
2452         count threshold is reached, then we just call CodeBlock::updateAllPredictions() to
2453         compute the current latest least-upper-bound SpecType of all values seen in each
2454         ValueProfile.
2455
2456         * bytecode/CodeBlock.cpp:
2457         (JSC::CodeBlock::stronglyVisitStrongReferences):
2458         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
2459         (JSC):
2460         (JSC::CodeBlock::updateAllPredictions):
2461         (JSC::CodeBlock::shouldOptimizeNow):
2462         * bytecode/CodeBlock.h:
2463         (JSC::CodeBlock::llintExecuteCounter):
2464         (JSC::CodeBlock::jitExecuteCounter):
2465         (CodeBlock):
2466         (JSC::CodeBlock::updateAllPredictions):
2467         * bytecode/ExecutionCounter.cpp:
2468         (JSC::ExecutionCounter::setThreshold):
2469         (JSC::ExecutionCounter::status):
2470         (JSC):
2471         * bytecode/ExecutionCounter.h:
2472         (JSC::ExecutionCounter::count):
2473         (ExecutionCounter):
2474         * dfg/DFGAbstractState.cpp:
2475         (JSC::DFG::AbstractState::execute):
2476         * dfg/DFGOperations.cpp:
2477         * dfg/DFGSpeculativeJIT.cpp:
2478         (JSC::DFG::SpeculativeJIT::compile):
2479         * jit/JITStubs.cpp:
2480         (JSC::DEFINE_STUB_FUNCTION):
2481         * llint/LLIntSlowPaths.cpp:
2482         (JSC::LLInt::jitCompileAndSetHeuristics):
2483         (JSC::LLInt::entryOSR):
2484         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2485         * runtime/JSGlobalObject.cpp:
2486         (JSC::JSGlobalObject::JSGlobalObject):
2487         (JSC):
2488         * runtime/JSGlobalObject.h:
2489         (JSGlobalObject):
2490         (JSC::JSGlobalObject::weakRandomInteger):
2491         * runtime/Options.cpp:
2492         (Options):
2493         (JSC::Options::initializeOptions):
2494         * runtime/Options.h:
2495         (Options):
2496         * runtime/WeakRandom.h:
2497         (WeakRandom):
2498         (JSC::WeakRandom::seedUnsafe):
2499
2500 2012-06-25  Yong Li  <yoli@rim.com>
2501
2502         [BlackBerry] Add JSC statistics into about:memory
2503         https://bugs.webkit.org/show_bug.cgi?id=89779
2504
2505         Reviewed by Rob Buis.
2506
2507         Add MemoryStatistics.cpp into build, and fill JITBytes for BlackBerry port.
2508
2509         * PlatformBlackBerry.cmake:
2510         * runtime/MemoryStatistics.cpp:
2511         (JSC::globalMemoryStatistics):
2512
2513 2012-06-23  Sheriff Bot  <webkit.review.bot@gmail.com>
2514
2515         Unreviewed, rolling out r121058.
2516         http://trac.webkit.org/changeset/121058
2517         https://bugs.webkit.org/show_bug.cgi?id=89809
2518
2519         Patch causes plugins tests to crash in GTK debug builds
2520         (Requested by zdobersek on #webkit).
2521
2522         * API/APIShims.h:
2523         (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
2524         (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
2525         (APIEntryShimWithoutLock):
2526         (JSC::APIEntryShim::APIEntryShim):
2527         (APIEntryShim):
2528         (JSC::APICallbackShim::~APICallbackShim):
2529         * API/JSContextRef.cpp:
2530         (JSGlobalContextCreate):
2531         (JSGlobalContextCreateInGroup):
2532         (JSGlobalContextRelease):
2533         (JSContextCreateBacktrace):
2534         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2535         * heap/CopiedSpace.cpp:
2536         (JSC::CopiedSpace::tryAllocateSlowCase):
2537         * heap/Heap.cpp:
2538         (JSC::Heap::protect):
2539         (JSC::Heap::unprotect):
2540         (JSC::Heap::collect):
2541         (JSC::Heap::setActivityCallback):
2542         (JSC::Heap::activityCallback):
2543         (JSC::Heap::sweeper):
2544         * heap/Heap.h:
2545         (Heap):
2546         * heap/HeapTimer.cpp:
2547         (JSC::HeapTimer::~HeapTimer):
2548         (JSC::HeapTimer::invalidate):
2549         (JSC::HeapTimer::timerDidFire):
2550         (JSC):
2551         * heap/HeapTimer.h:
2552         (HeapTimer):
2553         * heap/IncrementalSweeper.cpp:
2554         (JSC::IncrementalSweeper::doWork):
2555         (JSC::IncrementalSweeper::create):
2556         * heap/IncrementalSweeper.h:
2557         (IncrementalSweeper):
2558         * heap/MarkedAllocator.cpp:
2559         (JSC::MarkedAllocator::allocateSlowCase):
2560         * heap/WeakBlock.cpp:
2561         (JSC::WeakBlock::reap):
2562         * jsc.cpp:
2563         (functionGC):
2564         (functionReleaseExecutableMemory):
2565         (jscmain):
2566         * runtime/Completion.cpp:
2567         (JSC::checkSyntax):
2568         (JSC::evaluate):
2569         * runtime/GCActivityCallback.h:
2570         (DefaultGCActivityCallback):
2571         (JSC::DefaultGCActivityCallback::create):
2572         * runtime/JSGlobalData.cpp:
2573         (JSC::JSGlobalData::JSGlobalData):
2574         (JSC::JSGlobalData::~JSGlobalData):
2575         (JSC::JSGlobalData::sharedInstance):
2576         (JSC::JSGlobalData::sharedInstanceInternal):
2577         * runtime/JSGlobalData.h:
2578         (JSGlobalData):
2579         * runtime/JSGlobalObject.cpp:
2580         (JSC::JSGlobalObject::~JSGlobalObject):
2581         (JSC::JSGlobalObject::init):
2582         * runtime/JSLock.cpp:
2583         (JSC):
2584         (JSC::createJSLockCount):
2585         (JSC::JSLock::lockCount):
2586         (JSC::setLockCount):
2587         (JSC::JSLock::JSLock):
2588         (JSC::JSLock::lock):
2589         (JSC::JSLock::unlock):
2590         (JSC::JSLock::currentThreadIsHoldingLock):
2591         (JSC::JSLock::DropAllLocks::DropAllLocks):
2592         (JSC::JSLock::DropAllLocks::~DropAllLocks):
2593         * runtime/JSLock.h:
2594         (JSC):
2595         (JSLock):
2596         (JSC::JSLock::JSLock):
2597         (JSC::JSLock::~JSLock):
2598         (DropAllLocks):
2599         * runtime/WeakGCMap.h:
2600         (JSC::WeakGCMap::set):
2601         * testRegExp.cpp:
2602         (realMain):
2603
2604 2012-06-22  Alexandru Chiculita  <achicu@adobe.com>
2605
2606         [CSS Shaders] Re-enable the CSS Shaders compile time flag on Safari Mac
2607         https://bugs.webkit.org/show_bug.cgi?id=89781
2608
2609         Reviewed by Dean Jackson.
2610
2611         Added ENABLE_CSS_SHADERS flag as enabled by default on Safari for Mac.
2612
2613         * Configurations/FeatureDefines.xcconfig:
2614
2615 2012-06-22  Filip Pizlo  <fpizlo@apple.com>
2616
2617         DFG tier-up should happen in prologues, not epilogues
2618         https://bugs.webkit.org/show_bug.cgi?id=89752
2619
2620         Reviewed by Geoffrey Garen.
2621
2622         This change has two outcomes:
2623         
2624         1) Slightly reduces the likelihood that a function will be optimized both
2625         standalone and via inlining.  Previously, if you had a call sequence like foo() 
2626         calls bar() exactly once, and nobody else calls bar(), then bar() would get
2627         optimized first (because it returns first) and then foo() gets optimized.  If foo()
2628         can inline bar() then that means that bar() gets optimized twice.  But now, if we
2629         optimize in prologues, then foo() will be optimized first.  If it inlines bar(),
2630         that means that there will no longer be any calls to bar().
2631         
2632         2) It lets us kill some code in JITStubs.  Epilogue tier-up was very different from
2633         loop tier-up, since epilogue tier-up should not attempt OSR.  But prologue tier-up
2634         requires OSR (albeit really easy OSR since it's the top of the compilation unit),
2635         so it becomes just like loop tier-up.  As a result, we now have one optimization
2636         hook (cti_optimize) instead of two (cti_optimize_from_loop and
2637         cti_optimize_from_ret).
2638         
2639         As a consequence of not having an optimization check in epilogues, the OSR exit
2640         code must now trigger reoptimization itself instead of just signaling the epilogue
2641         check to fire.
2642         
2643         This also adds the ability to count the number of DFG compilations, which was
2644         useful for debugging this patch and might be useful for other things in the future.
2645
2646         * bytecode/CodeBlock.cpp:
2647         (JSC::CodeBlock::reoptimize):
2648         (JSC):
2649         * bytecode/CodeBlock.h:
2650         (CodeBlock):
2651         * dfg/DFGByteCodeParser.cpp:
2652         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2653         * dfg/DFGDriver.cpp:
2654         (DFG):
2655         (JSC::DFG::getNumCompilations):
2656         (JSC::DFG::compile):
2657         * dfg/DFGDriver.h:
2658         (DFG):
2659         * dfg/DFGOSRExitCompiler.cpp:
2660         (JSC::DFG::OSRExitCompiler::handleExitCounts):
2661         * dfg/DFGOperations.cpp:
2662         * dfg/DFGOperations.h:
2663         * jit/JIT.cpp:
2664         (JSC::JIT::emitOptimizationCheck):
2665         * jit/JIT.h:
2666         * jit/JITCall32_64.cpp:
2667         (JSC::JIT::emit_op_ret):
2668         (JSC::JIT::emit_op_ret_object_or_this):
2669         * jit/JITOpcodes.cpp:
2670         (JSC::JIT::emit_op_ret):
2671         (JSC::JIT::emit_op_ret_object_or_this):
2672         (JSC::JIT::emit_op_enter):
2673         * jit/JITOpcodes32_64.cpp:
2674         (JSC::JIT::emit_op_enter):
2675         * jit/JITStubs.cpp:
2676         (JSC::DEFINE_STUB_FUNCTION):
2677         * jit/JITStubs.h:
2678
2679 2012-06-20  Mark Hahnenberg  <mhahnenberg@apple.com>
2680
2681         JSLock should be per-JSGlobalData
2682         https://bugs.webkit.org/show_bug.cgi?id=89123
2683
2684         Reviewed by Gavin Barraclough.
2685
2686         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2687         * API/APIShims.h:
2688         (APIEntryShimWithoutLock):
2689         (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): Added an extra parameter to the constructor to 
2690         determine whether we should ref the JSGlobalData or not. We want to ref all the time except for in the 
2691         HeapTimer class because timerDidFire could run after somebody has started to tear down that particular 
2692         JSGlobalData, so we wouldn't want to resurrect the ref count of that JSGlobalData from 0 back to 1 after 
2693         its destruction has begun. 
2694         (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock): Now derefs if it also refed.
2695         (JSC::APIEntryShim::APIEntryShim):
2696         (APIEntryShim):
2697         (JSC::APIEntryShim::~APIEntryShim):
2698         (JSC::APIEntryShim::init): Factored out common initialization code for the various APIEntryShim constructors.
2699         Also moved the timeoutChecker stop and start here because we need to start after we've grabbed the API lock
2700         and before we've released it, which can only done in APIEntryShim.
2701         (JSC::APICallbackShim::~APICallbackShim): We no longer need to synchronize here.
2702         * API/JSContextRef.cpp:
2703         (JSGlobalContextCreate):
2704         (JSGlobalContextCreateInGroup):
2705         (JSGlobalContextRelease):
2706         (JSContextCreateBacktrace):
2707         * heap/CopiedSpace.cpp:
2708         (JSC::CopiedSpace::tryAllocateSlowCase):
2709         * heap/Heap.cpp:
2710         (JSC::Heap::protect):
2711         (JSC::Heap::unprotect):
2712         (JSC::Heap::collect):
2713         (JSC::Heap::setActivityCallback):
2714         (JSC::Heap::activityCallback):
2715         (JSC::Heap::sweeper):
2716         * heap/Heap.h: Changed m_activityCallback and m_sweeper to be raw pointers rather than OwnPtrs because they 
2717         are now responsible for their own lifetime. Also changed the order of declaration of the GCActivityCallback
2718         and the IncrementalSweeper to make sure they're the last things that get initialized during construction to 
2719         prevent any issues with uninitialized memory in the JSGlobalData/Heap they might care about.
2720         (Heap):
2721         * heap/HeapTimer.cpp: Refactored to allow for thread-safe operation and shutdown.
2722         (JSC::HeapTimer::~HeapTimer):
2723         (JSC::HeapTimer::invalidate):
2724         (JSC):
2725         (JSC::HeapTimer::didStartVMShutdown): Called at the beginning of ~JSGlobalData. If we're on the same thread 
2726         that the HeapTimer is running on, we kill the HeapTimer ourselves. If not, then we set some state in the 
2727         HeapTimer and schedule it to fire immediately so that it can notice and kill itself.
2728         (JSC::HeapTimer::timerDidFire): We grab our mutex and check our JSGlobalData pointer. If it has been zero-ed
2729         out, then we know the VM has started to shutdown and we should kill ourselves. Otherwise, grab the APIEntryShim,
2730         but without ref-ing the JSGlobalData (we don't want to bring the JSGlobalData's ref-count from 0 to 1) in case 
2731         we were interrupted between releasing our mutex and trying to grab the APILock.
2732         * heap/HeapTimer.h: 
2733         (HeapTimer):
2734         * heap/IncrementalSweeper.cpp:
2735         (JSC::IncrementalSweeper::doWork): We no longer need the API shim here since HeapTimer::timerDidFire handles 
2736         all of that for us. 
2737         (JSC::IncrementalSweeper::create):
2738         * heap/IncrementalSweeper.h:
2739         (IncrementalSweeper):
2740         * heap/MarkedAllocator.cpp:
2741         (JSC::MarkedAllocator::allocateSlowCase):
2742         * heap/WeakBlock.cpp:
2743         (JSC::WeakBlock::reap):
2744         * jsc.cpp:
2745         (functionGC):
2746         (functionReleaseExecutableMemory):
2747         (jscmain):
2748         * runtime/Completion.cpp:
2749         (JSC::checkSyntax):
2750         (JSC::evaluate):
2751         * runtime/GCActivityCallback.h:
2752         (DefaultGCActivityCallback):
2753         (JSC::DefaultGCActivityCallback::create):
2754         * runtime/JSGlobalData.cpp:
2755         (JSC::JSGlobalData::JSGlobalData):
2756         (JSC::JSGlobalData::~JSGlobalData): Signals to the two HeapTimers (GCActivityCallback and IncrementalSweeper)
2757         that the VM has started shutting down. It then waits until the HeapTimer is done with whatever activity 
2758         it needs to do before continuing with any further destruction. Also asserts that we do not currently hold the 
2759         APILock because this could potentially cause deadlock when we try to signal to the HeapTimers using their mutexes.
2760         (JSC::JSGlobalData::sharedInstance): Protect the initialization for the shared instance with the GlobalJSLock.
2761         (JSC::JSGlobalData::sharedInstanceInternal):
2762         * runtime/JSGlobalData.h: Change to be ThreadSafeRefCounted so that we don't have to worry about refing and 
2763         de-refing JSGlobalDatas on separate threads since we don't do it that often anyways.
2764         (JSGlobalData):
2765         (JSC::JSGlobalData::apiLock):
2766         * runtime/JSGlobalObject.cpp:
2767         (JSC::JSGlobalObject::~JSGlobalObject):
2768         (JSC::JSGlobalObject::init):
2769         * runtime/JSLock.cpp:
2770         (JSC):
2771         (JSC::GlobalJSLock::GlobalJSLock): For accessing the shared instance.
2772         (JSC::GlobalJSLock::~GlobalJSLock):
2773         (JSC::JSLockHolder::JSLockHolder): MutexLocker for JSLock. Also refs the JSGlobalData to keep it alive so that 
2774         it can successfully unlock it later without it disappearing from underneath it.
2775         (JSC::JSLockHolder::~JSLockHolder):
2776         (JSC::JSLock::JSLock):
2777         (JSC::JSLock::~JSLock):
2778         (JSC::JSLock::lock): Uses the spin lock for guarding the lock count and owner thread fields. Uses the mutex for 
2779         actually waiting for long periods. 
2780         (JSC::JSLock::unlock):
2781         (JSC::JSLock::currentThreadIsHoldingLock): 
2782         (JSC::JSLock::dropAllLocks):
2783         (JSC::JSLock::dropAllLocksUnconditionally):
2784         (JSC::JSLock::grabAllLocks):
2785         (JSC::JSLock::DropAllLocks::DropAllLocks):
2786         (JSC::JSLock::DropAllLocks::~DropAllLocks):
2787         * runtime/JSLock.h:
2788         (JSC):
2789         (GlobalJSLock):
2790         (JSLockHolder):
2791         (JSLock):
2792         (DropAllLocks):
2793         * runtime/WeakGCMap.h:
2794         (JSC::WeakGCMap::set):
2795         * testRegExp.cpp:
2796         (realMain):
2797
2798 2012-06-22  Peter Beverloo  <peter@chromium.org>
2799
2800         [Chromium] Disable c++0x compatibility warnings in JavaScriptCore.gyp when building for Android
2801         https://bugs.webkit.org/show_bug.cgi?id=88853
2802
2803         Reviewed by Steve Block.
2804
2805         The Android exclusions were necessary to fix a gyp generation error, as
2806         the gcc_version variable wasn't being defined for Android. Remove these
2807         exceptions when Chromium is able to define the gcc_version variable.
2808
2809         * JavaScriptCore.gyp/JavaScriptCore.gyp:
2810
2811 2012-06-21  Filip Pizlo  <fpizlo@apple.com>
2812
2813         op_resolve_global should not prevent DFG inlining
2814         https://bugs.webkit.org/show_bug.cgi?id=89726
2815
2816         Reviewed by Gavin Barraclough.
2817
2818         * bytecode/CodeBlock.cpp:
2819         (JSC::CodeBlock::CodeBlock):
2820         (JSC::CodeBlock::shrinkToFit):
2821         * bytecode/GlobalResolveInfo.h:
2822         (JSC::GlobalResolveInfo::GlobalResolveInfo):
2823         (GlobalResolveInfo):
2824         * dfg/DFGByteCodeParser.cpp:
2825         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2826         * dfg/DFGCapabilities.h:
2827         (JSC::DFG::canInlineOpcode):
2828         * dfg/DFGOperations.cpp:
2829         * dfg/DFGOperations.h:
2830         * dfg/DFGSpeculativeJIT.h:
2831         (JSC::DFG::SpeculativeJIT::callOperation):
2832         * dfg/DFGSpeculativeJIT32_64.cpp:
2833         (JSC::DFG::SpeculativeJIT::compile):
2834         * dfg/DFGSpeculativeJIT64.cpp:
2835         (JSC::DFG::SpeculativeJIT::compile):
2836
2837 2012-06-20  Filip Pizlo  <fpizlo@apple.com>
2838
2839         DFG should inline 'new Array()'
2840         https://bugs.webkit.org/show_bug.cgi?id=89632
2841
2842         Reviewed by Geoffrey Garen.
2843         
2844         This adds support for treating InternalFunction like intrinsics. The code
2845         to do so is actually quite clean, so I don't feel bad about perpetuating
2846         the InternalFunction vs. JSFunction-with-NativeExecutable dichotomy.
2847         
2848         Currently this newfound power is only used to inline 'new Array()'.
2849         
2850         * dfg/DFGByteCodeParser.cpp:
2851         (ByteCodeParser):
2852         (JSC::DFG::ByteCodeParser::handleCall):
2853         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
2854         (DFG):
2855         * dfg/DFGGraph.h:
2856         (JSC::DFG::Graph::isInternalFunctionConstant):
2857         (JSC::DFG::Graph::valueOfInternalFunctionConstant):
2858
2859 2012-06-21  Mark Hahnenberg  <mhahnenberg@apple.com>
2860
2861         Adding copyrights to new files.
2862
2863         * heap/HeapTimer.cpp:
2864         * heap/HeapTimer.h:
2865         * heap/IncrementalSweeper.cpp:
2866         * heap/IncrementalSweeper.h:
2867
2868 2012-06-21  Arnaud Renevier  <arno@renevier.net>
2869
2870         make sure headers are included only once per file
2871         https://bugs.webkit.org/show_bug.cgi?id=88922
2872
2873         Reviewed by Alexey Proskuryakov.
2874
2875         * bytecode/CodeBlock.h:
2876         * heap/MachineStackMarker.cpp:
2877         * runtime/JSVariableObject.h:
2878
2879 2012-06-21  Ryuan Choi  <ryuan.choi@gmail.com>
2880
2881         [EFL][WK2] Make WebKit2/Efl headers and resources installable.
2882         https://bugs.webkit.org/show_bug.cgi?id=88207
2883
2884         Reviewed by Chang Shu.
2885
2886         * shell/CMakeLists.txt: Use ${EXEC_INSTALL_DIR} instead of hardcoding "bin"
2887
2888 2012-06-20  Geoffrey Garen  <ggaren@apple.com>
2889
2890         Reduced (but did not eliminate) use of "berzerker GC"
2891         https://bugs.webkit.org/show_bug.cgi?id=89237
2892
2893         Reviewed by Gavin Barraclough.
2894
2895         (PART 1)
2896
2897         This patch turned out to be crashy, so I'm landing the non-crashy bits
2898         first.
2899
2900         This part is pre-requisite refactoring. I didn't actually turn off
2901         "berzerker GC" or turn on incremental shrinking.
2902
2903         * heap/MarkedAllocator.cpp:
2904         (JSC::MarkedAllocator::removeBlock): Make sure to clear the free list when
2905         we throw away the block we're currently allocating out of. Otherwise, we'll
2906         allocate out of a stale free list.
2907
2908         * heap/MarkedSpace.cpp:
2909         (JSC::Free::Free):
2910         (JSC::Free::operator()):
2911         (JSC::Free::returnValue): Refactored this functor to use a shared helper
2912         function, so we can share our implementation with the incremental sweeper.
2913
2914         Also changed to freeing individual blocks immediately instead of linking
2915         them into a list for later freeing. This makes the programming interface
2916         simpler, and it's slightly more efficient to boot.
2917
2918         (JSC::MarkedSpace::~MarkedSpace): Updated for rename.
2919
2920         (JSC::MarkedSpace::freeBlock):
2921         (JSC::MarkedSpace::freeOrShrinkBlock): New helper functions to share behavior
2922         with the incremental sweeper.
2923
2924         (JSC::MarkedSpace::shrink): Updated for new functor behavior.
2925
2926         * heap/MarkedSpace.h: Statically typed languages are awesome.
2927
2928 2012-06-20  Filip Pizlo  <fpizlo@apple.com>
2929
2930         DFG should optimize ResolveGlobal
2931         https://bugs.webkit.org/show_bug.cgi?id=89617
2932
2933         Reviewed by Oliver Hunt.
2934         
2935         This adds inlining of ResolveGlobal accesses that are known monomorphic. It also
2936         adds the specific function optimization to ResolveGlobal, when it is inlined. And,
2937         it makes internal functions act like specific functions, since that will be the
2938         most common use-case of this optimization.
2939         
2940         This is only a slighy speed-up (sub 1%), since we don't yet do the obvious thing
2941         with this optimization, which is to completely inline common "globally resolved"
2942         function and constructor calls, like "new Array()".
2943
2944         * CMakeLists.txt:
2945         * GNUmakefile.list.am:
2946         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2947         * JavaScriptCore.xcodeproj/project.pbxproj:
2948         * Target.pri:
2949         * bytecode/CodeBlock.cpp:
2950         (JSC::CodeBlock::globalResolveInfoForBytecodeOffset):
2951         * bytecode/CodeBlock.h:
2952         (CodeBlock):
2953         (JSC::CodeBlock::numberOfGlobalResolveInfos):
2954         * bytecode/GlobalResolveInfo.h:
2955         (JSC::getGlobalResolveInfoBytecodeOffset):
2956         (JSC):
2957         * bytecode/ResolveGlobalStatus.cpp: Added.
2958         (JSC):
2959         (JSC::computeForStructure):
2960         (JSC::computeForLLInt):
2961         (JSC::ResolveGlobalStatus::computeFor):
2962         * bytecode/ResolveGlobalStatus.h: Added.
2963         (JSC):
2964         (ResolveGlobalStatus):
2965         (JSC::ResolveGlobalStatus::ResolveGlobalStatus):
2966         (JSC::ResolveGlobalStatus::state):
2967         (JSC::ResolveGlobalStatus::isSet):
2968         (JSC::ResolveGlobalStatus::operator!):
2969         (JSC::ResolveGlobalStatus::isSimple):
2970         (JSC::ResolveGlobalStatus::takesSlowPath):
2971         (JSC::ResolveGlobalStatus::structure):
2972         (JSC::ResolveGlobalStatus::offset):
2973         (JSC::ResolveGlobalStatus::specificValue):
2974         * dfg/DFGByteCodeParser.cpp:
2975         (ByteCodeParser):
2976         (JSC::DFG::ByteCodeParser::handleGetByOffset):
2977         (DFG):
2978         (JSC::DFG::ByteCodeParser::handleGetById):
2979         (JSC::DFG::ByteCodeParser::parseBlock):
2980         * runtime/JSObject.cpp:
2981         (JSC::getCallableObjectSlow):
2982         (JSC):
2983         (JSC::JSObject::put):
2984         (JSC::JSObject::putDirectVirtual):
2985         (JSC::JSObject::putDirectAccessor):
2986         * runtime/JSObject.h:
2987         (JSC):
2988         (JSC::getCallableObject):
2989         (JSC::JSObject::putOwnDataProperty):
2990         (JSC::JSObject::putDirect):
2991         (JSC::JSObject::putDirectWithoutTransition):
2992
2993 2012-06-20  Filip Pizlo  <fpizlo@apple.com>
2994
2995         Functions on global objects should be specializable
2996         https://bugs.webkit.org/show_bug.cgi?id=89615
2997
2998         Reviewed by Oliver Hunt.
2999         
3000         I tested to see if this brought back the bug in https://bugs.webkit.org/show_bug.cgi?id=33343,
3001         and it didn't. Bug 33343 was the reason why we disabled global object function specialization
3002         to begin with. So I'm guessing this is safe.
3003
3004         * runtime/JSGlobalObject.cpp:
3005         (JSC::JSGlobalObject::init):
3006
3007 2012-06-20  Filip Pizlo  <fpizlo@apple.com>
3008
3009         build-webkit failure due to illegal 32-bit integer constants in code
3010         generated by offlineasm
3011         https://bugs.webkit.org/show_bug.cgi?id=89347
3012
3013         Reviewed by Geoffrey Garen.
3014         
3015         The offending constants are the magic numbers used by offlineasm to find
3016         offsets in the generated machine code. Added code to turn them into what
3017         the C++ compiler will believe to be valid 32-bit values.
3018
3019         * offlineasm/offsets.rb:
3020
3021 2012-06-19  Geoffrey Garen  <ggaren@apple.com>
3022
3023         Made the incremental sweeper more aggressive
3024         https://bugs.webkit.org/show_bug.cgi?id=89527
3025
3026         Reviewed by Oliver Hunt.
3027
3028         This is a pre-requisite to getting rid of "berzerker GC" because we need
3029         the sweeper to reclaim memory in a timely fashion, or we'll see a memory
3030         footprint regression.
3031
3032         * heap/IncrementalSweeper.h:
3033         * heap/IncrementalSweeper.cpp:
3034         (JSC::IncrementalSweeper::scheduleTimer): Since the time slice is predictable,
3035         no need to use a data member to record it.
3036
3037         (JSC::IncrementalSweeper::doSweep): Sweep as many blocks as we can in a
3038         small time slice. This is better than sweeping only one block per timer
3039         fire because that strategy has a heavy timer overhead, and artificially
3040         delays memory reclamation.
3041
3042 2012-06-20  Filip Pizlo  <fpizlo@apple.com>
3043
3044         DFG should be able to print disassembly interleaved with the IR
3045         https://bugs.webkit.org/show_bug.cgi?id=89551
3046
3047         Reviewed by Geoffrey Garen.
3048         
3049         This change also removes running Dominators unconditionally on every DFG
3050         compile. Dominators are designed to be computed on-demand, and currently
3051         the only demand is graph dumps.
3052
3053         * CMakeLists.txt:
3054         * GNUmakefile.list.am:
3055         * JavaScriptCore.xcodeproj/project.pbxproj:
3056         * Target.pri:
3057         * assembler/ARMv7Assembler.h:
3058         (JSC::ARMv7Assembler::labelIgnoringWatchpoints):
3059         (ARMv7Assembler):
3060         * assembler/AbstractMacroAssembler.h:
3061         (AbstractMacroAssembler):
3062         (JSC::AbstractMacroAssembler::labelIgnoringWatchpoints):
3063         * assembler/X86Assembler.h:
3064         (X86Assembler):
3065         (JSC::X86Assembler::labelIgnoringWatchpoints):
3066         * dfg/DFGCommon.h:
3067         (JSC::DFG::shouldShowDisassembly):
3068         (DFG):
3069         * dfg/DFGDisassembler.cpp: Added.
3070         (DFG):
3071         (JSC::DFG::Disassembler::Disassembler):
3072         (JSC::DFG::Disassembler::dump):
3073         (JSC::DFG::Disassembler::dumpDisassembly):
3074         * dfg/DFGDisassembler.h: Added.
3075         (DFG):
3076         (Disassembler):
3077         (JSC::DFG::Disassembler::setStartOfCode):
3078         (JSC::DFG::Disassembler::setForBlock):
3079         (JSC::DFG::Disassembler::setForNode):
3080         (JSC::DFG::Disassembler::setEndOfMainPath):
3081         (JSC::DFG::Disassembler::setEndOfCode):
3082         * dfg/DFGDriver.cpp:
3083         (JSC::DFG::compile):
3084         * dfg/DFGGraph.cpp:
3085         (JSC::DFG::Graph::dumpCodeOrigin):
3086         (JSC::DFG::Graph::amountOfNodeWhiteSpace):
3087         (DFG):
3088         (JSC::DFG::Graph::printNodeWhiteSpace):
3089         (JSC::DFG::Graph::dump):
3090         (JSC::DFG::Graph::dumpBlockHeader):
3091         * dfg/DFGGraph.h:
3092         * dfg/DFGJITCompiler.cpp:
3093         (JSC::DFG::JITCompiler::JITCompiler):
3094         (DFG):
3095         (JSC::DFG::JITCompiler::compile):
3096         (JSC::DFG::JITCompiler::compileFunction):
3097         * dfg/DFGJITCompiler.h:
3098         (JITCompiler):
3099         (JSC::DFG::JITCompiler::setStartOfCode):
3100         (JSC::DFG::JITCompiler::setForBlock):
3101         (JSC::DFG::JITCompiler::setForNode):
3102         (JSC::DFG::JITCompiler::setEndOfMainPath):
3103         (JSC::DFG::JITCompiler::setEndOfCode):
3104         * dfg/DFGNode.h:
3105         (Node):
3106         (JSC::DFG::Node::willHaveCodeGen):
3107         * dfg/DFGNodeFlags.cpp:
3108         (JSC::DFG::nodeFlagsAsString):
3109         * dfg/DFGSpeculativeJIT.cpp:
3110         (JSC::DFG::SpeculativeJIT::compile):
3111         * dfg/DFGSpeculativeJIT.h:
3112         (SpeculativeJIT):
3113         * runtime/Options.cpp:
3114         (Options):
3115         (JSC::Options::initializeOptions):
3116         * runtime/Options.h:
3117         (Options):
3118
3119 2012-06-19  Filip Pizlo  <fpizlo@apple.com>
3120
3121         JSC should be able to show disassembly for all generated JIT code
3122         https://bugs.webkit.org/show_bug.cgi?id=89536
3123
3124         Reviewed by Gavin Barraclough.
3125         
3126         Now instead of doing linkBuffer.finalizeCode(), you do
3127         FINALIZE_CODE(linkBuffer, (... explanation ...)). FINALIZE_CODE() then
3128         prints your explanation and the disassembled code, if
3129         Options::showDisassembly is set to true.
3130
3131         * CMakeLists.txt:
3132         * GNUmakefile.list.am:
3133         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3134         * JavaScriptCore.xcodeproj/project.pbxproj:
3135         * Target.pri:
3136         * assembler/LinkBuffer.cpp: Added.
3137         (JSC):
3138         (JSC::LinkBuffer::finalizeCodeWithoutDisassembly):
3139         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
3140         (JSC::LinkBuffer::linkCode):
3141         (JSC::LinkBuffer::performFinalization):
3142         (JSC::LinkBuffer::dumpLinkStatistics):
3143         (JSC::LinkBuffer::dumpCode):
3144         * assembler/LinkBuffer.h:
3145         (LinkBuffer):
3146         (JSC):
3147         * assembler/MacroAssemblerCodeRef.h:
3148         (JSC::MacroAssemblerCodeRef::tryToDisassemble):
3149         (MacroAssemblerCodeRef):
3150         * dfg/DFGJITCompiler.cpp:
3151         (JSC::DFG::JITCompiler::compile):
3152         (JSC::DFG::JITCompiler::compileFunction):
3153         * dfg/DFGOSRExitCompiler.cpp:
3154         * dfg/DFGRepatch.cpp:
3155         (JSC::DFG::generateProtoChainAccessStub):
3156         (JSC::DFG::tryCacheGetByID):
3157         (JSC::DFG::tryBuildGetByIDList):
3158         (JSC::DFG::emitPutReplaceStub):
3159         (JSC::DFG::emitPutTransitionStub):
3160         * dfg/DFGThunks.cpp:
3161         (JSC::DFG::osrExitGenerationThunkGenerator):
3162         * disassembler/Disassembler.h:
3163         (JSC):
3164         (JSC::tryToDisassemble):
3165         * disassembler/UDis86Disassembler.cpp:
3166         (JSC::tryToDisassemble):
3167         * jit/JIT.cpp:
3168         (JSC::JIT::privateCompile):
3169         * jit/JITCode.h:
3170         (JSC::JITCode::tryToDisassemble):
3171         * jit/JITOpcodes.cpp:
3172         (JSC::JIT::privateCompileCTIMachineTrampolines):
3173         * jit/JITOpcodes32_64.cpp:
3174         (JSC::JIT::privateCompileCTIMachineTrampolines):
3175         (JSC::JIT::privateCompileCTINativeCall):
3176         * jit/JITPropertyAccess.cpp:
3177         (JSC::JIT::stringGetByValStubGenerator):
3178         (JSC::JIT::privateCompilePutByIdTransition):
3179         (JSC::JIT::privateCompilePatchGetArrayLength):
3180         (JSC::JIT::privateCompileGetByIdProto):
3181         (JSC::JIT::privateCompileGetByIdSelfList):
3182         (JSC::JIT::privateCompileGetByIdProtoList):
3183         (JSC::JIT::privateCompileGetByIdChainList):
3184         (JSC::JIT::privateCompileGetByIdChain):
3185         * jit/JITPropertyAccess32_64.cpp:
3186         (JSC::JIT::stringGetByValStubGenerator):
3187         (JSC::JIT::privateCompilePutByIdTransition):
3188         (JSC::JIT::privateCompilePatchGetArrayLength):
3189         (JSC::JIT::privateCompileGetByIdProto):
3190         (JSC::JIT::privateCompileGetByIdSelfList):
3191         (JSC::JIT::privateCompileGetByIdProtoList):
3192         (JSC::JIT::privateCompileGetByIdChainList):
3193         (JSC::JIT::privateCompileGetByIdChain):
3194         * jit/SpecializedThunkJIT.h:
3195         (JSC::SpecializedThunkJIT::finalize):
3196         * jit/ThunkGenerators.cpp:
3197         (JSC::charCodeAtThunkGenerator):
3198         (JSC::charAtThunkGenerator):
3199         (JSC::fromCharCodeThunkGenerator):
3200         (JSC::sqrtThunkGenerator):
3201         (JSC::floorThunkGenerator):
3202         (JSC::ceilThunkGenerator):
3203         (JSC::roundThunkGenerator):
3204         (JSC::expThunkGenerator):
3205         (JSC::logThunkGenerator):
3206         (JSC::absThunkGenerator):
3207         (JSC::powThunkGenerator):
3208         * llint/LLIntThunks.cpp:
3209         (JSC::LLInt::generateThunkWithJumpTo):
3210         (JSC::LLInt::functionForCallEntryThunkGenerator):
3211         (JSC::LLInt::functionForConstructEntryThunkGenerator):
3212         (JSC::LLInt::functionForCallArityCheckThunkGenerator):
3213         (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
3214         (JSC::LLInt::evalEntryThunkGenerator):
3215         (JSC::LLInt::programEntryThunkGenerator):
3216         * runtime/Options.cpp:
3217         (Options):
3218         (JSC::Options::initializeOptions):
3219         * runtime/Options.h:
3220         (Options):
3221         * yarr/YarrJIT.cpp:
3222         (JSC::Yarr::YarrGenerator::compile):
3223
3224 2012-06-19  Mark Hahnenberg  <mhahnenberg@apple.com>
3225
3226         [Qt][Mac] REGRESSION(r120742): It broke the build
3227         https://bugs.webkit.org/show_bug.cgi?id=89516
3228
3229         Reviewed by Geoffrey Garen.
3230
3231         Removing GCActivityCallbackCF.cpp because it doesn't mesh well with cross-platform 
3232         code on Darwin (e.g. Qt). We now use plain ol' vanilla ifdefs to handle platforms 
3233         without CF support. These if-defs will probably disappear in the future when we 
3234         use cross-platform timers in HeapTimer.
3235
3236         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3237         * JavaScriptCore.xcodeproj/project.pbxproj:
3238         * runtime/GCActivityCallback.cpp:
3239         (JSC):
3240         (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
3241         (JSC::DefaultGCActivityCallback::doWork):
3242         (JSC::DefaultGCActivityCallback::scheduleTimer):
3243         (JSC::DefaultGCActivityCallback::cancelTimer):
3244         (JSC::DefaultGCActivityCallback::didAllocate):
3245         (JSC::DefaultGCActivityCallback::willCollect):
3246         (JSC::DefaultGCActivityCallback::cancel):
3247         * runtime/GCActivityCallbackCF.cpp: Removed.
3248
3249 2012-06-19  Filip Pizlo  <fpizlo@apple.com>
3250
3251         DFG CFA forgets to notify subsequent phases of found constants if it proves LogicalNot to be a constant
3252         https://bugs.webkit.org/show_bug.cgi?id=89511
3253         <rdar://problem/11700089>
3254
3255         Reviewed by Geoffrey Garen.
3256
3257         * dfg/DFGAbstractState.cpp:
3258         (JSC::DFG::AbstractState::execute):
3259
3260 2012-06-19  Mark Lam  <mark.lam@apple.com>
3261
3262         CodeBlock::needsCallReturnIndices() is no longer needed.
3263         https://bugs.webkit.org/show_bug.cgi?id=89490
3264
3265         Reviewed by Geoffrey Garen.
3266
3267         * bytecode/CodeBlock.h:
3268         (JSC::CodeBlock::needsCallReturnIndices): removed.
3269         * dfg/DFGJITCompiler.cpp:
3270         (JSC::DFG::JITCompiler::link):
3271         * jit/JIT.cpp:
3272         (JSC::JIT::privateCompile):
3273
3274 2012-06-19  Filip Pizlo  <fpizlo@apple.com>
3275
3276         Unreviewed, try to fix Windows build.
3277
3278         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
3279
3280 2012-06-17  Filip Pizlo  <fpizlo@apple.com>
3281
3282         It should be possible to look at disassembly
3283         https://bugs.webkit.org/show_bug.cgi?id=89319
3284
3285         Reviewed by Sam Weinig.
3286         
3287         This imports the udis86 disassembler library. The library is placed
3288         behind an abstraction in disassembler/Disassembler.h, so that we can
3289         in the future use other disassemblers (for other platforms) whenever
3290         appropriate. As a first step, the disassembler is being invoked for
3291         DFG verbose dumps.
3292         
3293         If we ever want to merge a new version of udis86 in the future, I've
3294         made notes about changes I made to the library in
3295         disassembler/udis86/differences.txt.
3296
3297         * CMakeLists.txt:
3298         * DerivedSources.make:
3299         * GNUmakefile.list.am:
3300         * JavaScriptCore.pri:
3301         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3302         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
3303         * JavaScriptCore.xcodeproj/project.pbxproj:
3304         * dfg/DFGJITCompiler.cpp:
3305         (JSC::DFG::JITCompiler::compile):
3306         (JSC::DFG::JITCompiler::compileFunction):
3307         * disassembler: Added.
3308         * disassembler/Disassembler.h: Added.
3309         (JSC):
3310         (JSC::tryToDisassemble):
3311         * disassembler/UDis86Disassembler.cpp: Added.
3312         (JSC):
3313         (JSC::tryToDisassemble):
3314         * disassembler/udis86: Added.
3315         * disassembler/udis86/differences.txt: Added.
3316         * disassembler/udis86/itab.py: Added.
3317         (UdItabGenerator):
3318         (UdItabGenerator.__init__):
3319         (UdItabGenerator.toGroupId):
3320         (UdItabGenerator.genLookupTable):
3321         (UdItabGenerator.genLookupTableList):
3322         (UdItabGenerator.genInsnTable):
3323         (genItabH):
3324         (genItabH.UD_ITAB_H):
3325         (genItabC):
3326         (genItab):
3327         (main):
3328         * disassembler/udis86/optable.xml: Added.
3329         * disassembler/udis86/ud_opcode.py: Added.
3330         (UdOpcodeTables):
3331         (UdOpcodeTables.sizeOfTable):
3332         (UdOpcodeTables.nameOfTable):
3333         (UdOpcodeTables.updateTable):
3334         (UdOpcodeTables.Insn):
3335         (UdOpcodeTables.Insn.__init__):
3336         (UdOpcodeTables.Insn.__init__.opcode):
3337         (UdOpcodeTables.parse):
3338         (UdOpcodeTables.addInsnDef):
3339         (UdOpcodeTables.print_table):
3340         (UdOpcodeTables.print_tree):
3341         * disassembler/udis86/ud_optable.py: Added.
3342         (UdOptableXmlParser):
3343         (UdOptableXmlParser.parseDef):
3344         (UdOptableXmlParser.parse):
3345         (printFn):
3346         (parse):
3347         (main):
3348         * disassembler/udis86/udis86.c: Added.
3349         (ud_init):
3350         (ud_disassemble):
3351         (ud_set_mode):
3352         (ud_set_vendor):
3353         (ud_set_pc):
3354         (ud):
3355         (ud_insn_asm):
3356         (ud_insn_off):
3357         (ud_insn_hex):
3358         (ud_insn_ptr):
3359         (ud_insn_len):
3360         * disassembler/udis86/udis86.h: Added.
3361         * disassembler/udis86/udis86_decode.c: Added.
3362         (eff_adr_mode):
3363         (ud_lookup_mnemonic):
3364         (decode_prefixes):
3365         (modrm):
3366         (resolve_operand_size):
3367         (resolve_mnemonic):
3368         (decode_a):
3369         (decode_gpr):
3370         (resolve_gpr64):
3371         (resolve_gpr32):
3372         (resolve_reg):
3373         (decode_imm):
3374         (decode_modrm_reg):
3375         (decode_modrm_rm):
3376         (decode_o):
3377         (decode_operand):
3378         (decode_operands):
3379         (clear_insn):
3380         (resolve_mode):
3381         (gen_hex):
3382         (decode_insn):
3383         (decode_3dnow):
3384         (decode_ssepfx):
3385         (decode_ext):
3386         (decode_opcode):
3387         (ud_decode):
3388         * disassembler/udis86/udis86_decode.h: Added.
3389         (ud_itab_entry_operand):
3390         (ud_itab_entry):
3391         (ud_lookup_table_list_entry):
3392         (sse_pfx_idx):
3393         (mode_idx):
3394         (modrm_mod_idx):
3395         (vendor_idx):
3396         (is_group_ptr):
3397         (group_idx):
3398         * disassembler/udis86/udis86_extern.h: Added.
3399         * disassembler/udis86/udis86_input.c: Added.
3400         (inp_buff_hook):
3401         (inp_file_hook):
3402         (ud):
3403         (ud_set_user_opaque_data):