84fda6774e48f903710e02d92ccac32f22379540
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-03-28  Gavin Barraclough  <barraclough@apple.com>
2
3         Build fix - some compiles generating NORETURN related warnings.
4
5         * yarr/YarrJIT.cpp:
6         (JSC::Yarr::YarrGenerator::setSubpatternStart):
7         (JSC::Yarr::YarrGenerator::setSubpatternEnd):
8         (JSC::Yarr::YarrGenerator::clearSubpatternStart):
9
10 2012-03-28  Kevin Ollivier  <kevino@theolliviers.com>
11
12         [wx] Unreviewed. Build fix, move WTF back into JSCore target
13         until issues with JSCore not linking in all WTF symbols are resolved.
14         
15         * wscript:
16
17 2012-03-28  Gavin Barraclough  <barraclough@apple.com>
18
19         Yarr: if we're not using the output array, don't populate it!
20         https://bugs.webkit.org/show_bug.cgi?id=82519
21
22         Reviewed by Sam Weinig.
23
24         * runtime/RegExp.cpp:
25         (JSC):
26             - Missed review comment! - didn't fully remove RegExpRepresentation.
27
28 2012-03-28  Gavin Barraclough  <barraclough@apple.com>
29
30         Yarr: if we're not using the output array, don't populate it!
31         https://bugs.webkit.org/show_bug.cgi?id=82519
32
33         Reviewed by Sam Weinig.
34
35         Add a new variant of the match method to RegExp that returns a MatchResult,
36         and modify YarrJIT to be able to compile code that doesn't use an output vector.
37
38         This is a 3% progression on v8-regexp.
39
40         * JavaScriptCore.xcodeproj/project.pbxproj:
41             - Moved MatchResult into its own header.
42         * assembler/AbstractMacroAssembler.h:
43             - Added missing include.
44         * runtime/MatchResult.h: Added.
45         (MatchResult::MatchResult):
46         (MatchResult):
47         (MatchResult::failed):
48         (MatchResult::operator bool):
49         (MatchResult::empty):
50             - Moved MatchResult into its own header.
51         * runtime/RegExp.cpp:
52         (JSC::RegExp::compile):
53         (JSC::RegExp::compileIfNecessary):
54         (JSC::RegExp::match):
55             - Changed due to execute & representation changes.
56         (JSC::RegExp::compileMatchOnly):
57         (JSC::RegExp::compileIfNecessaryMatchOnly):
58             - Added helper to compile MatchOnly code.
59         (JSC::RegExp::invalidateCode):
60         (JSC::RegExp::matchCompareWithInterpreter):
61         (JSC::RegExp::printTraceData):
62             - Changed due representation changes.
63         * runtime/RegExp.h:
64         (RegExp):
65         (JSC::RegExp::hasCode):
66             - Made YarrCodeBlock a member.
67         * runtime/RegExpConstructor.h:
68         (RegExpConstructor):
69         (JSC::RegExpConstructor::performMatch):
70             - Added no-ovector form.
71         * runtime/RegExpMatchesArray.cpp:
72         (JSC::RegExpMatchesArray::reifyAllProperties):
73             - Match now takes a reference to ovector, not a pointer.
74         * runtime/RegExpObject.h:
75         (JSC):
76             - Moved MatchResult into its own header.
77         * runtime/StringPrototype.cpp:
78         (JSC::stringProtoFuncSplit):
79             - Match now takes a reference to ovector, not a pointer.
80         * testRegExp.cpp:
81         (testOneRegExp):
82             - Match now takes a reference to ovector, not a pointer.
83         * yarr/YarrJIT.cpp:
84         (Yarr):
85         (YarrGenerator):
86         (JSC::Yarr::YarrGenerator::initCallFrame):
87         (JSC::Yarr::YarrGenerator::removeCallFrame):
88         (JSC::Yarr::YarrGenerator::setSubpatternStart):
89         (JSC::Yarr::YarrGenerator::setSubpatternEnd):
90         (JSC::Yarr::YarrGenerator::clearSubpatternStart):
91         (JSC::Yarr::YarrGenerator::setMatchStart):
92         (JSC::Yarr::YarrGenerator::getMatchStart):
93             - Added helper functions to intermediate access to output.
94         (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
95         (JSC::Yarr::YarrGenerator::generate):
96         (JSC::Yarr::YarrGenerator::backtrack):
97         (JSC::Yarr::YarrGenerator::generateEnter):
98         (JSC::Yarr::YarrGenerator::compile):
99             - Changed to use the new helpers, only generate subpatterns if IncludeSubpatterns.
100         (JSC::Yarr::jitCompile):
101             - Needs to template of MatchOnly or IncludeSubpatterns.
102         * yarr/YarrJIT.h:
103         (YarrCodeBlock):
104         (JSC::Yarr::YarrCodeBlock::set8BitCode):
105         (JSC::Yarr::YarrCodeBlock::set16BitCode):
106         (JSC::Yarr::YarrCodeBlock::has8BitCodeMatchOnly):
107         (JSC::Yarr::YarrCodeBlock::has16BitCodeMatchOnly):
108         (JSC::Yarr::YarrCodeBlock::set8BitCodeMatchOnly):
109         (JSC::Yarr::YarrCodeBlock::set16BitCodeMatchOnly):
110         (JSC::Yarr::YarrCodeBlock::execute):
111         (JSC::Yarr::YarrCodeBlock::clear):
112             - Added a second set of CodeRefs, so that we can compile RexExps with/without subpattern matching.
113
114 2012-03-27  Filip Pizlo  <fpizlo@apple.com>
115
116         DFG OSR exit should not generate an exit for variables of inlinees if the
117         inlinees are not in scope
118         https://bugs.webkit.org/show_bug.cgi?id=82312
119
120         Reviewed by Oliver Hunt.
121         
122         * bytecode/CodeBlock.h:
123         (JSC::baselineCodeBlockForInlineCallFrame):
124         (JSC):
125         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
126         * dfg/DFGOSRExit.cpp:
127         (JSC::DFG::computeNumVariablesForCodeOrigin):
128         (DFG):
129         (JSC::DFG::OSRExit::OSRExit):
130
131 2012-03-27  Matt Lilek  <mrl@apple.com>
132
133         Stop compiling Interpreter.cpp with -fno-var-tracking
134         https://bugs.webkit.org/show_bug.cgi?id=82299
135
136         Reviewed by Anders Carlsson.
137
138         * JavaScriptCore.xcodeproj/project.pbxproj:
139
140 2012-03-27  Pratik Solanki  <psolanki@apple.com>
141
142         Compiler warning when JIT is not enabled
143         https://bugs.webkit.org/show_bug.cgi?id=82352
144
145         Reviewed by Filip Pizlo.
146
147         * runtime/JSFunction.cpp:
148         (JSC::JSFunction::create):
149
150 2012-03-26  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
151
152         Unaligned userspace access for SH4 platforms
153         https://bugs.webkit.org/show_bug.cgi?id=79104
154
155         Reviewed by Gavin Barraclough.
156
157         * assembler/AbstractMacroAssembler.h:
158         (Jump):
159         (JSC::AbstractMacroAssembler::Jump::Jump):
160         (JSC::AbstractMacroAssembler::Jump::link):
161         * assembler/MacroAssemblerSH4.h:
162         (JSC::MacroAssemblerSH4::load16Unaligned):
163         (JSC::MacroAssemblerSH4::load32WithUnalignedHalfWords):
164         (JSC::MacroAssemblerSH4::branchDouble):
165         (JSC::MacroAssemblerSH4::branchTrue):
166         (JSC::MacroAssemblerSH4::branchFalse):
167         * assembler/SH4Assembler.h:
168         (JSC::SH4Assembler::extraInstrForBranch):
169         (SH4Assembler):
170         (JSC::SH4Assembler::bra):
171         (JSC::SH4Assembler::linkJump):
172         * jit/JIT.h:
173         (JIT):
174         * yarr/YarrJIT.cpp:
175         (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
176
177 2012-03-26  Ryosuke Niwa  <rniwa@webkit.org>
178
179         cssText should use shorthand notations
180         https://bugs.webkit.org/show_bug.cgi?id=81737
181
182         Reviewed by Enrica Casucci.
183
184         Export symbols of BitVector on Windows.
185
186         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
187
188 2012-03-26  Filip Pizlo  <fpizlo@apple.com>
189
190         DFG should assert that argument value recoveries can only be
191         AlreadyInRegisterFile or Constant
192         https://bugs.webkit.org/show_bug.cgi?id=82249
193
194         Reviewed by Michael Saboff.
195         
196         Made the assertions that the DFG makes for argument value recoveries match
197         what Arguments expects.
198
199         * bytecode/ValueRecovery.h:
200         (JSC::ValueRecovery::isConstant):
201         (ValueRecovery):
202         (JSC::ValueRecovery::isAlreadyInRegisterFile):
203         * dfg/DFGSpeculativeJIT.cpp:
204         (JSC::DFG::SpeculativeJIT::compile):
205
206 2012-03-26  Dan Bernstein  <mitz@apple.com>
207
208         Tried to fix the Windows build.
209
210         * yarr/YarrPattern.cpp:
211         (JSC::Yarr::CharacterClassConstructor::putRange):
212
213 2012-03-26  Gavin Barraclough  <barraclough@apple.com>
214
215         Unreviewed - speculative Windows build fix.
216
217         * yarr/YarrCanonicalizeUCS2.h:
218         (JSC::Yarr::getCanonicalPair):
219
220 2012-03-26  Dan Bernstein  <mitz@apple.com>
221
222         Fixed builds with assertions disabled.
223
224         * yarr/YarrCanonicalizeUCS2.h:
225         (JSC::Yarr::areCanonicallyEquivalent):
226
227 2012-03-26  Gavin Barraclough  <barraclough@apple.com>
228
229         Unreviewed - errk! - accidentally the whole pbxproj.
230
231         * JavaScriptCore.xcodeproj/project.pbxproj:
232
233 2012-03-25  Gavin Barraclough  <barraclough@apple.com>
234
235         Greek sigma is handled wrong in case independent regexp.
236         https://bugs.webkit.org/show_bug.cgi?id=82063
237
238         Reviewed by Oliver Hunt.
239
240         The bug here is that we assume that any given codepoint has at most one additional value it
241         should match under a case insensitive match, and that the pair of codepoints that match (if
242         a codepoint does not only match itself) can be determined by calling toUpper/toLower on the
243         given codepoint). Life is not that simple.
244
245         Instead, pre-calculate a set of tables mapping from a UCS2 codepoint to the set of characters
246         it may match, under the ES5.1 case-insensitive matching rules. Since unicode is fairly regular
247         we can pack this table quite nicely, and get it down to 364 entries. This means we can use a
248         simple binary search to find an entry in typically eight compares.
249
250         * CMakeLists.txt:
251         * GNUmakefile.list.am:
252         * JavaScriptCore.gypi:
253         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
254         * JavaScriptCore.xcodeproj/project.pbxproj:
255         * yarr/yarr.pri:
256             - Added new files to build systems.
257         * yarr/YarrCanonicalizeUCS2.cpp: Added.
258             - New - autogenerated, UCS2 canonicalized comparison tables.
259         * yarr/YarrCanonicalizeUCS2.h: Added.
260         (JSC::Yarr::rangeInfoFor):
261             - Look up the canonicalization info for a UCS2 character.
262         (JSC::Yarr::getCanonicalPair):
263             - For a UCS2 character with a single equivalent value, look it up.
264         (JSC::Yarr::isCanonicallyUnique):
265             - Returns true if no other UCS2 code points are canonically equal.
266         (JSC::Yarr::areCanonicallyEquivalent):
267             - Compare two values, under canonicalization rules.
268         * yarr/YarrCanonicalizeUCS2.js: Added.
269             - script used to generate YarrCanonicalizeUCS2.cpp.
270         * yarr/YarrInterpreter.cpp:
271         (JSC::Yarr::Interpreter::tryConsumeBackReference):
272             - Use isCanonicallyUnique, rather than Unicode toUpper/toLower.
273         * yarr/YarrJIT.cpp:
274         (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
275         (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
276         (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
277             - Use isCanonicallyUnique, rather than Unicode toUpper/toLower.
278         * yarr/YarrPattern.cpp:
279         (JSC::Yarr::CharacterClassConstructor::putChar):
280             - Updated to determine canonical equivalents correctly.
281         (JSC::Yarr::CharacterClassConstructor::putUnicodeIgnoreCase):
282             - Added, used to put a non-ascii, non-unique character in a case-insensitive match.
283         (JSC::Yarr::CharacterClassConstructor::putRange):
284             - Updated to determine canonical equivalents correctly.
285         (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
286             - Changed to call putUnicodeIgnoreCase, instead of putChar, avoid a double lookup of rangeInfo.
287
288 2012-03-26  Kevin Ollivier  <kevino@theolliviers.com>
289
290         [wx] Unreviewed build fix. Add the build outputs dir to the list of build dirs,
291         so we make sure it finds the API headers on all platforms.
292
293         * wscript:
294
295 2012-03-26  Patrick Gansterer  <paroga@webkit.org>
296
297         Build fix for WinCE after r112039.
298
299         * interpreter/Register.h:
300         (Register): Removed inline keyword from decleration since
301                     there is an ALWAYS_INLINE at the definition anyway.
302
303 2012-03-26  Carlos Garcia Campos  <cgarcia@igalia.com>
304
305         Unreviewed. Fix make distcheck.
306
307         * GNUmakefile.list.am: Add missing files.
308
309 2012-03-25  Kevin Ollivier  <kevino@theolliviers.com>
310
311         [wx] Unreviewed build fix. Move WTF to its own static lib build.
312
313         * wscript:
314
315 2012-03-25  Filip Pizlo  <fpizlo@apple.com>
316
317         DFG int-to-double conversion should be revealed to CSE
318         https://bugs.webkit.org/show_bug.cgi?id=82135
319
320         Reviewed by Oliver Hunt.
321         
322         This introduces the notion of an Int32ToDouble node, which is injected
323         into the graph anytime we know that we have a double use of a node that
324         was predicted integer. The Int32ToDouble simplifies double speculation
325         on integers by skipping the path that would unbox doubles, if we know
326         that the value is already proven to be an integer. It allows integer to
327         double conversions to be subjected to common subexpression elimination
328         (CSE) by allowing the CSE phase to see where these conversions are
329         occurring. Finally, it allows us to see when a constant is being used
330         as both a double and an integer. This is a bit odd, since it means that
331         sometimes a double use of a constant will not refer directly to the
332         constant. This should not cause problems, for now, but it may require
333         some canonizalization in the future if we want to support strength
334         reductions of double operations based on constants.
335         
336         To allow injection of nodes into the graph, this change introduces the
337         DFG::InsertionSet, which is a way of lazily inserting elements into a
338         list. This allows the FixupPhase to remain O(N) despite performing
339         multiple injections in a single basic block. Without the InsertionSet,
340         each injection would require performing an insertion into a vector,
341         which is O(N), leading to O(N^2) performance overall. With the
342         InsertionSet, each injection simply records what insertion would have
343         been performed, and all insertions are performed at once (via
344         InsertionSet::execute) after processing of a basic block is completed.
345
346         * JavaScriptCore.xcodeproj/project.pbxproj:
347         * bytecode/PredictedType.h:
348         (JSC::isActionableIntMutableArrayPrediction):
349         (JSC):
350         (JSC::isActionableFloatMutableArrayPrediction):
351         (JSC::isActionableTypedMutableArrayPrediction):
352         (JSC::isActionableMutableArrayPrediction):
353         * dfg/DFGAbstractState.cpp:
354         (JSC::DFG::AbstractState::execute):
355         * dfg/DFGCSEPhase.cpp:
356         (JSC::DFG::CSEPhase::performNodeCSE):
357         * dfg/DFGCommon.h:
358         (JSC::DFG::useKindToString):
359         (DFG):
360         * dfg/DFGFixupPhase.cpp:
361         (JSC::DFG::FixupPhase::run):
362         (JSC::DFG::FixupPhase::fixupBlock):
363         (FixupPhase):
364         (JSC::DFG::FixupPhase::fixupNode):
365         (JSC::DFG::FixupPhase::fixDoubleEdge):
366         * dfg/DFGGraph.cpp:
367         (JSC::DFG::Graph::dump):
368         * dfg/DFGInsertionSet.h: Added.
369         (DFG):
370         (Insertion):
371         (JSC::DFG::Insertion::Insertion):
372         (JSC::DFG::Insertion::index):
373         (JSC::DFG::Insertion::element):
374         (InsertionSet):
375         (JSC::DFG::InsertionSet::InsertionSet):
376         (JSC::DFG::InsertionSet::append):
377         (JSC::DFG::InsertionSet::execute):
378         * dfg/DFGNodeType.h:
379         (DFG):
380         * dfg/DFGPredictionPropagationPhase.cpp:
381         (JSC::DFG::PredictionPropagationPhase::propagate):
382         * dfg/DFGSpeculativeJIT.cpp:
383         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
384         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
385         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
386         (DFG):
387         * dfg/DFGSpeculativeJIT.h:
388         (SpeculativeJIT):
389         (JSC::DFG::IntegerOperand::IntegerOperand):
390         (JSC::DFG::DoubleOperand::DoubleOperand):
391         (JSC::DFG::JSValueOperand::JSValueOperand):
392         (JSC::DFG::StorageOperand::StorageOperand):
393         (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
394         (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
395         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
396         (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
397         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
398         * dfg/DFGSpeculativeJIT32_64.cpp:
399         (JSC::DFG::SpeculativeJIT::compile):
400         * dfg/DFGSpeculativeJIT64.cpp:
401         (JSC::DFG::SpeculativeJIT::compile):
402
403 2012-03-25  Filip Pizlo  <fpizlo@apple.com>
404
405         DFGOperands should be moved out of the DFG and into bytecode
406         https://bugs.webkit.org/show_bug.cgi?id=82151
407
408         Reviewed by Dan Bernstein.
409
410         * GNUmakefile.list.am:
411         * JavaScriptCore.xcodeproj/project.pbxproj:
412         * bytecode/Operands.h: Copied from Source/JavaScriptCore/dfg/DFGOperands.h.
413         * dfg/DFGBasicBlock.h:
414         * dfg/DFGNode.h:
415         * dfg/DFGOSREntry.h:
416         * dfg/DFGOSRExit.h:
417         * dfg/DFGOperands.h: Removed.
418         * dfg/DFGVariableAccessData.h:
419
420 2012-03-24  Filip Pizlo  <fpizlo@apple.com>
421
422         DFG 64-bit Branch implementation should not be creating a JSValueOperand that
423         it isn't going to use
424         https://bugs.webkit.org/show_bug.cgi?id=82136
425
426         Reviewed by Geoff Garen.
427
428         * dfg/DFGSpeculativeJIT64.cpp:
429         (JSC::DFG::SpeculativeJIT::emitBranch):
430
431 2012-03-24  Kevin Ollivier  <kevino@theolliviers.com>
432
433         [wx] Unreviewed. Fix the build after WTF move.
434
435         * wscript:
436
437 2012-03-23  Filip Pizlo  <fpizlo@apple.com>
438
439         DFG double voting may be overzealous in the case of variables that end up
440         being used as integers
441         https://bugs.webkit.org/show_bug.cgi?id=82008
442
443         Reviewed by Oliver Hunt.
444         
445         Cleaned up propagation, making the intent more explicit in most places.
446         Back-propagate NodeUsedAsInt for cases where a node was used in a context
447         that is known to strongly prefer integers.
448
449         * dfg/DFGByteCodeParser.cpp:
450         (JSC::DFG::ByteCodeParser::handleCall):
451         (JSC::DFG::ByteCodeParser::parseBlock):
452         * dfg/DFGGraph.cpp:
453         (JSC::DFG::Graph::dumpCodeOrigin):
454         (JSC::DFG::Graph::dump):
455         * dfg/DFGGraph.h:
456         (Graph):
457         * dfg/DFGNodeFlags.cpp:
458         (JSC::DFG::nodeFlagsAsString):
459         * dfg/DFGNodeFlags.h:
460         (DFG):
461         * dfg/DFGPredictionPropagationPhase.cpp:
462         (JSC::DFG::PredictionPropagationPhase::run):
463         (JSC::DFG::PredictionPropagationPhase::propagate):
464         (PredictionPropagationPhase):
465         (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags):
466         (JSC::DFG::PredictionPropagationPhase::vote):
467         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
468         (JSC::DFG::PredictionPropagationPhase::fixupNode):
469         * dfg/DFGVariableAccessData.h:
470         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
471
472 2012-03-24  Filip Pizlo  <fpizlo@apple.com>
473
474         DFG::Node::shouldNotSpeculateInteger() should be eliminated
475         https://bugs.webkit.org/show_bug.cgi?id=82123
476
477         Reviewed by Geoff Garen.
478
479         * dfg/DFGAbstractState.cpp:
480         (JSC::DFG::AbstractState::execute):
481         * dfg/DFGNode.h:
482         (Node):
483         * dfg/DFGSpeculativeJIT.cpp:
484         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
485         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
486
487 2012-03-24  Yong Li  <yoli@rim.com>
488
489         Increase getByIdSlowCase ConstantSpace/InstructionSpace for CPU(ARM_TRADITIONAL)
490         https://bugs.webkit.org/show_bug.cgi?id=81521
491
492         Increase sequenceGetByIdSlowCaseConstantSpace and sequenceGetByIdSlowCaseInstructionSpace
493         for CPU(ARM_TRADITIONAL) to fit actual need.
494
495         Reviewed by Oliver Hunt.
496
497         * jit/JIT.h:
498         (JIT):
499
500 2012-03-23  Filip Pizlo  <fpizlo@apple.com>
501
502         DFG Fixup should be able to short-circuit trivial ValueToInt32's
503         https://bugs.webkit.org/show_bug.cgi?id=82030
504
505         Reviewed by Michael Saboff.
506         
507         Takes the fixup() method of the prediction propagation phase and makes it
508         into its own phase. Adds the ability to short-circuit trivial ValueToInt32
509         nodes, and mark pure ValueToInt32's as such.
510
511         * CMakeLists.txt:
512         * GNUmakefile.list.am:
513         * JavaScriptCore.xcodeproj/project.pbxproj:
514         * Target.pri:
515         * dfg/DFGByteCodeParser.cpp:
516         (JSC::DFG::ByteCodeParser::makeSafe):
517         (JSC::DFG::ByteCodeParser::handleCall):
518         (JSC::DFG::ByteCodeParser::parseBlock):
519         * dfg/DFGCommon.h:
520         * dfg/DFGDriver.cpp:
521         (JSC::DFG::compile):
522         * dfg/DFGFixupPhase.cpp: Added.
523         (DFG):
524         (FixupPhase):
525         (JSC::DFG::FixupPhase::FixupPhase):
526         (JSC::DFG::FixupPhase::run):
527         (JSC::DFG::FixupPhase::fixupNode):
528         (JSC::DFG::FixupPhase::fixIntEdge):
529         (JSC::DFG::performFixup):
530         * dfg/DFGFixupPhase.h: Added.
531         (DFG):
532         * dfg/DFGPredictionPropagationPhase.cpp:
533         (JSC::DFG::PredictionPropagationPhase::run):
534         (PredictionPropagationPhase):
535
536 2012-03-23  Mark Hahnenberg  <mhahnenberg@apple.com>
537
538         tryReallocate could break the zero-ed memory invariant of CopiedBlocks
539         https://bugs.webkit.org/show_bug.cgi?id=82087
540
541         Reviewed by Filip Pizlo.
542
543         Removing this optimization turned out to be ~1% regression on kraken, so I simply 
544         undid the modification to the current block if we fail.
545
546         * heap/CopiedSpace.cpp:
547         (JSC::CopiedSpace::tryReallocate): Undid the reset in the CopiedAllocator if we fail 
548         to reallocate from the current block.
549
550 2012-03-23  Alexey Proskuryakov  <ap@apple.com>
551
552         [Mac] No need for platform-specific ENABLE_BLOB values
553         https://bugs.webkit.org/show_bug.cgi?id=82102
554
555         Reviewed by David Kilzer.
556
557         * Configurations/FeatureDefines.xcconfig:
558
559 2012-03-23  Michael Saboff  <msaboff@apple.com>
560
561         DFG::compileValueToInt32 Sometime Generates GPR to FPR reg back to GPR
562         https://bugs.webkit.org/show_bug.cgi?id=81805
563
564         Reviewed by Filip Pizlo.
565
566         Added SpeculativeJIT::checkGeneratedType() to determine the current format
567         of an operand.  Used that information in SpeculativeJIT::compileValueToInt32
568         to generate code that will use integer and JSValue types in integer
569         format directly without a conversion to double.
570
571         * JavaScriptCore.xcodeproj/project.pbxproj:
572         * dfg/DFGSpeculativeJIT.cpp:
573         (JSC::DFG::SpeculativeJIT::checkGeneratedType):
574         (DFG):
575         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
576         * dfg/DFGSpeculativeJIT.h:
577         (DFG):
578         (SpeculativeJIT):
579
580 2012-03-23  Steve Falkenburg  <sfalken@apple.com>
581
582         Update Apple Windows build files for WTF move
583         https://bugs.webkit.org/show_bug.cgi?id=82069
584
585         Reviewed by Jessie Berlin.
586
587         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed WTF and WTFGenerated.
588
589 2012-03-23  Dean Jackson  <dino@apple.com>
590
591         Disable CSS_SHADERS in Apple builds
592         https://bugs.webkit.org/show_bug.cgi?id=81996
593
594         Reviewed by Simon Fraser.
595
596         Remove ENABLE_CSS_SHADERS from FeatureDefines. It's now in Platform.h.
597
598         * Configurations/FeatureDefines.xcconfig:
599
600 2012-03-23  Gavin Barraclough  <barraclough@apple.com>
601
602         RexExp constructor last match properties should not rely on previous ovector
603         https://bugs.webkit.org/show_bug.cgi?id=82077
604
605         Reviewed by Oliver Hunt.
606
607         This change simplifies matching, and will enable subpattern results to be fully lazily generated in the future.
608
609         This patch changes the scheme used to lazily generate the last match properties of the RegExp object.
610         Instead of relying on the results in the ovector, we can instead lazily generate the subpatters using
611         a RegExpMatchesArray. To do so we just need to store the input, the regexp matched, and the match
612         location (the MatchResult). When the match is accessed or the input is set, we reify results. We use
613         a special value of setting the saved result to MatchResult::failed() to indicated that we're in a
614         reified state. This means that next time a match is performed, the store of the result will
615         automatically blow away the reified value.
616
617         * JavaScriptCore.xcodeproj/project.pbxproj:
618             - Added new files.
619         * runtime/RegExp.cpp:
620         (JSC::RegExpFunctionalTestCollector::outputOneTest):
621             - changed 'subPattern' -> 'subpattern' (there was a mix in JSC, 'subpattern' was more common).
622         * runtime/RegExpCachedResult.cpp: Added.
623         (JSC::RegExpCachedResult::visitChildren):
624         (JSC::RegExpCachedResult::lastResult):
625         (JSC::RegExpCachedResult::setInput):
626             - New methods, mark GC objects, lazily create the matches array, and record a user provided input (via assignment to RegExp.inupt).
627         * runtime/RegExpCachedResult.h: Added.
628         (RegExpCachedResult):
629             - Added new class.
630         (JSC::RegExpCachedResult::RegExpCachedResult):
631         (JSC::RegExpCachedResult::record):
632         (JSC::RegExpCachedResult::input):
633             - Initialize the object, record the result of a RegExp match, access the stored input property.
634         * runtime/RegExpConstructor.cpp:
635         (JSC::RegExpConstructor::RegExpConstructor):
636             - Initialize m_result/m_multiline properties.
637         (JSC::RegExpConstructor::visitChildren):
638             - Make sure the cached results (or lazy source for them) are marked.
639         (JSC::RegExpConstructor::getBackref):
640         (JSC::RegExpConstructor::getLastParen):
641         (JSC::RegExpConstructor::getLeftContext):
642         (JSC::RegExpConstructor::getRightContext):
643             - Moved from RegExpConstructor, moved to RegExpCachedResult, and using new caching scheme.
644         (JSC::regExpConstructorInput):
645         (JSC::setRegExpConstructorInput):
646             - Changed to use RegExpCachedResult.
647         * runtime/RegExpConstructor.h:
648         (JSC::RegExpConstructor::create):
649         (RegExpConstructor):
650         (JSC::RegExpConstructor::setMultiline):
651         (JSC::RegExpConstructor::multiline):
652             - Move multiline property onto the constructor object; it is not affected by the last match.
653         (JSC::RegExpConstructor::setInput):
654         (JSC::RegExpConstructor::input):
655             - These defer to RegExpCachedResult.
656         (JSC::RegExpConstructor::performMatch):
657         * runtime/RegExpMatchesArray.cpp: Added.
658         (JSC::RegExpMatchesArray::visitChildren):
659             - Eeeep! added missing visitChildren!
660         (JSC::RegExpMatchesArray::finishCreation):
661         (JSC::RegExpMatchesArray::reifyAllProperties):
662         (JSC::RegExpMatchesArray::reifyMatchProperty):
663             - Moved from RegExpConstructor.cpp.
664         (JSC::RegExpMatchesArray::leftContext):
665         (JSC::RegExpMatchesArray::rightContext):
666             - Since the match start/
667         * runtime/RegExpMatchesArray.h:
668         (RegExpMatchesArray):
669             - Declare new methods & structure flags.
670         * runtime/RegExpObject.cpp:
671         (JSC::RegExpObject::match):
672             - performMatch now requires the JSString input, to cache.
673         * runtime/StringPrototype.cpp:
674         (JSC::removeUsingRegExpSearch):
675         (JSC::replaceUsingRegExpSearch):
676         (JSC::stringProtoFuncMatch):
677         (JSC::stringProtoFuncSearch):
678             - performMatch now requires the JSString input, to cache.
679
680 2012-03-23  Tony Chang  <tony@chromium.org>
681
682         [chromium] rename newwtf target back to wtf
683         https://bugs.webkit.org/show_bug.cgi?id=82064
684
685         Reviewed by Adam Barth.
686
687         * JavaScriptCore.gyp/JavaScriptCore.gyp:
688
689 2012-03-23  Mark Hahnenberg  <mhahnenberg@apple.com>
690
691         Simplify memory usage tracking in CopiedSpace
692         https://bugs.webkit.org/show_bug.cgi?id=80705
693
694         Reviewed by Filip Pizlo.
695
696         * heap/CopiedAllocator.h:
697         (CopiedAllocator): Rename currentUtilization to currentSize.
698         (JSC::CopiedAllocator::currentCapacity):
699         * heap/CopiedBlock.h:
700         (CopiedBlock):
701         (JSC::CopiedBlock::payload): Move the implementation of payload() out of the class
702         declaration.
703         (JSC):
704         (JSC::CopiedBlock::size): Add new function to calculate the block's size.
705         (JSC::CopiedBlock::capacity): Ditto for capacity.
706         * heap/CopiedSpace.cpp:
707         (JSC::CopiedSpace::CopiedSpace): Remove old bogus memory stats fields and add a new
708         field for the water mark.
709         (JSC::CopiedSpace::init):
710         (JSC::CopiedSpace::tryAllocateSlowCase): When we fail to allocate from the current 
711         block, we need to update our current water mark with the size of the block.
712         (JSC::CopiedSpace::tryAllocateOversize): When we allocate a new oversize block, we 
713         need to update our current water mark with the size of the used portion of the block.
714         (JSC::CopiedSpace::tryReallocate): We don't need to update the water mark when 
715         reallocating because it will either get accounted for when we fill up the block later 
716         in the case of being able to reallocate in the current block or it will get picked up 
717         immediately because we'll have to get a new block.
718         (JSC::CopiedSpace::tryReallocateOversize): We do, however, need to update in when 
719         realloc-ing an oversize block because we deallocate the old block and allocate a brand 
720         new one.
721         (JSC::CopiedSpace::doneFillingBlock): Update the water mark as blocks are returned to 
722         the CopiedSpace by the SlotVisitors.
723         (JSC::CopiedSpace::doneCopying): Add in any pinned blocks to the water mark.
724         (JSC::CopiedSpace::getFreshBlock): We use the Heap's new function to tell us whether or 
725         not we should collect now instead of doing the calculation ourself.
726         (JSC::CopiedSpace::destroy):
727         (JSC):
728         (JSC::CopiedSpace::size): Manually calculate the size of the CopiedSpace, similar to how 
729         MarkedSpace does.
730         (JSC::CopiedSpace::capacity): Ditto for capacity.
731         * heap/CopiedSpace.h:
732         (JSC::CopiedSpace::waterMark):
733         (CopiedSpace):
734         * heap/CopiedSpaceInlineMethods.h:
735         (JSC::CopiedSpace::startedCopying): Reset water mark to 0 when we start copying during a 
736         collection.
737         (JSC::CopiedSpace::allocateNewBlock):
738         (JSC::CopiedSpace::fitsInBlock):
739         (JSC::CopiedSpace::allocateFromBlock):
740         * heap/Heap.cpp:
741         (JSC::Heap::size): Incorporate size of CopiedSpace into the total size of the Heap.
742         (JSC::Heap::capacity): Ditto for capacity.
743         (JSC::Heap::collect):
744         * heap/Heap.h:
745         (Heap):
746         (JSC::Heap::shouldCollect): New function for other sub-parts of the Heap to use to 
747         determine whether they should initiate a collection or continue to allocate new blocks.
748         (JSC):
749         (JSC::Heap::waterMark): Now is the sum of the water marks of the two sub-parts of the
750         Heap (MarkedSpace and CopiedSpace).
751         * heap/MarkedAllocator.cpp:
752         (JSC::MarkedAllocator::allocateSlowCase): Changed to use the Heap's new shouldCollect() function.
753
754 2012-03-23  Ryosuke Niwa  <rniwa@webkit.org>
755
756         BitVector::resizeOutOfLine doesn't memset when converting an inline buffer
757         https://bugs.webkit.org/show_bug.cgi?id=82012
758
759         Reviewed by Filip Pizlo.
760
761         Initialize out-of-line buffers while extending an inline buffer. Also export symbols to be used in WebCore.
762
763         * wtf/BitVector.cpp:
764         (WTF::BitVector::resizeOutOfLine):
765         * wtf/BitVector.h:
766         (BitVector):
767         (OutOfLineBits):
768
769 2012-03-22  Michael Saboff  <msaboff@apple.com>
770
771         ExecutableAllocator::memoryPressureMultiplier() might can return NaN
772         https://bugs.webkit.org/show_bug.cgi?id=82002
773
774         Reviewed by Filip Pizlo.
775
776         Guard against divide by zero and then make sure the return
777         value is >= 1.0.
778
779         * jit/ExecutableAllocator.cpp:
780         (JSC::ExecutableAllocator::memoryPressureMultiplier):
781         * jit/ExecutableAllocatorFixedVMPool.cpp:
782         (JSC::ExecutableAllocator::memoryPressureMultiplier):
783
784 2012-03-22  Jessie Berlin  <jberlin@apple.com>
785
786         Windows build fix after r111778.
787
788         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
789         Don't include and try to build files owned by WTF.
790         Also, let VS have its way with the vcproj in terms of file ordering.
791
792 2012-03-22  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
793
794         [CMake] Unreviewed build fix after r111778.
795
796         * CMakeLists.txt: Move ${WTF_DIR} after ${JAVASCRIPTCORE_DIR} in
797         the include paths so that the right config.h is used.
798
799 2012-03-22  Tony Chang  <tony@chromium.org>
800
801         Unreviewed, fix chromium build after wtf move.
802
803         Remove old wtf_config and wtf targets.
804
805         * JavaScriptCore.gyp/JavaScriptCore.gyp:
806
807 2012-03-22  Martin Robinson  <mrobinson@igalia.com>
808
809         Fixed the GTK+ WTF/JavaScriptCore build after r111778.
810
811         * GNUmakefile.list.am: Removed an extra trailing backslash.
812
813 2012-03-22  Mark Rowe  <mrowe@apple.com>
814
815         Fix the build.
816
817         * Configurations/JavaScriptCore.xcconfig: Tell the linker to pull in all members from static libraries
818         rather than only those that contain symbols that JavaScriptCore itself uses.
819         * JavaScriptCore.xcodeproj/project.pbxproj: Remove some bogus settings that crept in to the Xcode project.
820
821 2012-03-22  Filip Pizlo  <fpizlo@apple.com>
822
823         DFG NodeFlags has some duplicate code and naming issues
824         https://bugs.webkit.org/show_bug.cgi?id=81975
825
826         Reviewed by Gavin Barraclough.
827         
828         Removed most references to "ArithNodeFlags" since those are now just part
829         of the node flags. Fixed some renaming goofs (EdgedAsNum is once again
830         NodeUsedAsNum). Got rid of setArithNodeFlags() and mergeArithNodeFlags()
831         because the former was never called and the latter did the same things as
832         mergeFlags().
833
834         * dfg/DFGByteCodeParser.cpp:
835         (JSC::DFG::ByteCodeParser::makeSafe):
836         (JSC::DFG::ByteCodeParser::makeDivSafe):
837         (JSC::DFG::ByteCodeParser::handleIntrinsic):
838         * dfg/DFGGraph.cpp:
839         (JSC::DFG::Graph::dump):
840         * dfg/DFGNode.h:
841         (JSC::DFG::Node::arithNodeFlags):
842         (Node):
843         * dfg/DFGNodeFlags.cpp:
844         (JSC::DFG::nodeFlagsAsString):
845         * dfg/DFGNodeFlags.h:
846         (DFG):
847         (JSC::DFG::nodeUsedAsNumber):
848         * dfg/DFGPredictionPropagationPhase.cpp:
849         (JSC::DFG::PredictionPropagationPhase::propagate):
850         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
851
852 2012-03-22  Eric Seidel  <eric@webkit.org>
853
854         Actually move WTF files to their new home
855         https://bugs.webkit.org/show_bug.cgi?id=81844
856
857         Unreviewed.  The details of the port-specific changes
858         have been seen by contributors from those ports, but
859         the whole 5MB change isn't very reviewable as-is.
860
861         * GNUmakefile.am:
862         * GNUmakefile.list.am:
863         * JSCTypedArrayStubs.h:
864         * JavaScriptCore.gypi:
865         * JavaScriptCore.xcodeproj/project.pbxproj:
866         * jsc.cpp:
867
868 2012-03-22  Kevin Ollivier  <kevino@theolliviers.com>
869
870         [wx] Unreviewed. Adding Source/WTF to the build.
871
872         * wscript:
873
874 2012-03-22  Gavin Barraclough  <barraclough@apple.com>
875
876         Add JSValue::isFunction
877         https://bugs.webkit.org/show_bug.cgi?id=81935
878
879         Reviewed by Geoff Garen.
880
881         This would be useful in the WebCore bindings code.
882         Also, remove asFunction, replace with jsCast<JSFunction*>.
883
884         * API/JSContextRef.cpp:
885         * debugger/Debugger.cpp:
886         * debugger/DebuggerCallFrame.cpp:
887         (JSC::DebuggerCallFrame::functionName):
888         * dfg/DFGGraph.h:
889         (JSC::DFG::Graph::valueOfFunctionConstant):
890         * dfg/DFGOperations.cpp:
891         * interpreter/CallFrame.cpp:
892         (JSC::CallFrame::isInlineCallFrameSlow):
893         * interpreter/Interpreter.cpp:
894         (JSC::Interpreter::privateExecute):
895         * jit/JITStubs.cpp:
896         (JSC::DEFINE_STUB_FUNCTION):
897         (JSC::jitCompileFor):
898         (JSC::lazyLinkFor):
899         * llint/LLIntSlowPaths.cpp:
900         (JSC::LLInt::traceFunctionPrologue):
901         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
902         (JSC::LLInt::setUpCall):
903         * runtime/Arguments.h:
904         (JSC::Arguments::finishCreation):
905         * runtime/ArrayPrototype.cpp:
906         (JSC::arrayProtoFuncFilter):
907         (JSC::arrayProtoFuncMap):
908         (JSC::arrayProtoFuncEvery):
909         (JSC::arrayProtoFuncForEach):
910         (JSC::arrayProtoFuncSome):
911         (JSC::arrayProtoFuncReduce):
912         (JSC::arrayProtoFuncReduceRight):
913         * runtime/CommonSlowPaths.h:
914         (JSC::CommonSlowPaths::arityCheckFor):
915         * runtime/Executable.h:
916         (JSC::FunctionExecutable::compileFor):
917         (JSC::FunctionExecutable::compileOptimizedFor):
918         * runtime/FunctionPrototype.cpp:
919         (JSC::functionProtoFuncToString):
920         * runtime/JSArray.cpp:
921         (JSC::JSArray::sort):
922         * runtime/JSFunction.cpp:
923         (JSC::JSFunction::argumentsGetter):
924         (JSC::JSFunction::callerGetter):
925         (JSC::JSFunction::lengthGetter):
926         * runtime/JSFunction.h:
927         (JSC):
928         (JSC::asJSFunction):
929         (JSC::JSValue::isFunction):
930         * runtime/JSGlobalData.cpp:
931         (WTF::Recompiler::operator()):
932         (JSC::JSGlobalData::releaseExecutableMemory):
933         * runtime/JSValue.h:
934         * runtime/StringPrototype.cpp:
935         (JSC::replaceUsingRegExpSearch):
936
937 2012-03-21  Filip Pizlo  <fpizlo@apple.com>
938
939         DFG speculation on booleans should be rationalized
940         https://bugs.webkit.org/show_bug.cgi?id=81840
941
942         Reviewed by Gavin Barraclough.
943         
944         This removes isKnownBoolean() and replaces it with AbstractState-based
945         optimization, and cleans up the control flow in code gen methods for
946         Branch and LogicalNot. Also fixes a goof in Node::shouldSpeculateNumber,
947         and removes isKnownNotBoolean() since that method appeared to be a
948         helper used solely by 32_64's speculateBooleanOperation().
949         
950         This is performance-neutral.
951
952         * dfg/DFGAbstractState.cpp:
953         (JSC::DFG::AbstractState::execute):
954         * dfg/DFGNode.h:
955         (JSC::DFG::Node::shouldSpeculateNumber):
956         * dfg/DFGSpeculativeJIT.cpp:
957         (DFG):
958         * dfg/DFGSpeculativeJIT.h:
959         (SpeculativeJIT):
960         * dfg/DFGSpeculativeJIT32_64.cpp:
961         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
962         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
963         (JSC::DFG::SpeculativeJIT::emitBranch):
964         (JSC::DFG::SpeculativeJIT::compile):
965         * dfg/DFGSpeculativeJIT64.cpp:
966         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
967         (JSC::DFG::SpeculativeJIT::emitBranch):
968         (JSC::DFG::SpeculativeJIT::compile):
969
970 2012-03-21  Mark Rowe  <mrowe@apple.com>
971
972         Fix the build.
973
974         * wtf/MetaAllocator.h:
975         (MetaAllocator): Export the destructor.
976
977 2012-03-21  Eric Seidel  <eric@webkit.org>
978
979         Fix remaining WTF includes in JavaScriptCore in preparation for moving WTF headers out of JavaScriptCore
980         https://bugs.webkit.org/show_bug.cgi?id=81834
981
982         Reviewed by Adam Barth.
983
984         * jsc.cpp:
985         * os-win32/WinMain.cpp:
986         * runtime/JSDateMath.cpp:
987         * runtime/TimeoutChecker.cpp:
988         * testRegExp.cpp:
989         * tools/CodeProfiling.cpp:
990
991 2012-03-21  Eric Seidel  <eric@webkit.org>
992
993         WTF::MetaAllocator has a weak vtable (discovered when building wtf as a static library)
994         https://bugs.webkit.org/show_bug.cgi?id=81838
995
996         Reviewed by Geoffrey Garen.
997
998         My understanding is that weak vtables happen when the compiler/linker cannot
999         determine which compilation unit should constain the vtable.  In this case
1000         because there were only pure virtual functions as well as an "inline"
1001         virtual destructor (thus the virtual destructor was defined in many compilation
1002         units).  Since you can't actually "inline" a virtual function (it still has to
1003         bounce through the vtable), the "inline" on this virutal destructor doesn't
1004         actually help performance, and is only serving to confuse the compiler here.
1005         I've moved the destructor implementation to the .cpp file, thus making
1006         it clear to the compiler where the vtable should be stored, and solving the error.
1007
1008         * wtf/MetaAllocator.cpp:
1009         (WTF::MetaAllocator::~MetaAllocator):
1010         (WTF):
1011         * wtf/MetaAllocator.h:
1012
1013 2012-03-20  Gavin Barraclough  <barraclough@apple.com>
1014
1015         RegExpMatchesArray should not copy the ovector
1016         https://bugs.webkit.org/show_bug.cgi?id=81742
1017
1018         Reviewed by Michael Saboff.
1019
1020         Currently, all RegExpMatchesArray object contain Vector<int, 32>, used to hold any sub-pattern results.
1021         This makes allocation/construction/destruction of these objects more expensive. Instead, just store the
1022         main match, and recreate the sub-pattern ranges only if necessary (these are often only used for grouping,
1023         and the results never accessed).
1024         If the main match (index 0) of the RegExpMatchesArray is accessed, reify that value alone.
1025
1026         * dfg/DFGOperations.cpp:
1027             - RegExpObject match renamed back to test (test returns a bool).
1028         * runtime/RegExpConstructor.cpp:
1029         (JSC):
1030             - Removed RegExpResult, RegExpMatchesArray constructor, destroy method.
1031         (JSC::RegExpMatchesArray::finishCreation):
1032             - Removed RegExpConstructorPrivate parameter.
1033         (JSC::RegExpMatchesArray::reifyAllProperties):
1034             - (Was fillArrayInstance) Reify all properties of the RegExpMatchesArray.
1035             If there are sub-pattern properties, the RegExp is re-run to generate their values.
1036         (JSC::RegExpMatchesArray::reifyMatchProperty):
1037             - Reify just the match (index 0) property of the RegExpMatchesArray.
1038         * runtime/RegExpConstructor.h:
1039         (RegExpConstructor):
1040         (JSC::RegExpConstructor::performMatch):
1041             - performMatch now returns a MatchResult, rather than using out-parameters.
1042         * runtime/RegExpMatchesArray.h:
1043         (JSC::RegExpMatchesArray::RegExpMatchesArray):
1044             - Moved from .cpp, stores the input/regExp/result to use when lazily reifying properties.
1045         (RegExpMatchesArray):
1046         (JSC::RegExpMatchesArray::create):
1047             - Now passed the input string matched against, the RegExp, and the MatchResult.
1048         (JSC::RegExpMatchesArray::reifyAllPropertiesIfNecessary):
1049         (JSC::RegExpMatchesArray::reifyMatchPropertyIfNecessary):
1050             - Helpers to conditionally reify properties.
1051         (JSC::RegExpMatchesArray::getOwnPropertySlot):
1052         (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
1053         (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
1054         (JSC::RegExpMatchesArray::put):
1055         (JSC::RegExpMatchesArray::putByIndex):
1056         (JSC::RegExpMatchesArray::deleteProperty):
1057         (JSC::RegExpMatchesArray::deletePropertyByIndex):
1058         (JSC::RegExpMatchesArray::getOwnPropertyNames):
1059         (JSC::RegExpMatchesArray::defineOwnProperty):
1060             - Changed to use reifyAllPropertiesIfNecessary/reifyMatchPropertyIfNecessary
1061             (getOwnPropertySlotByIndex calls reifyMatchPropertyIfNecessary if index is 0).
1062         * runtime/RegExpObject.cpp:
1063         (JSC::RegExpObject::exec):
1064         (JSC::RegExpObject::match):
1065             - match now returns a MatchResult.
1066         * runtime/RegExpObject.h:
1067         (JSC::MatchResult::MatchResult):
1068             - Added the result of a match is a start & end tuple.
1069         (JSC::MatchResult::failed):
1070             - A failure is indicated by (notFound, 0).
1071         (JSC::MatchResult::operator bool):
1072             - Evaluates to false if the match failed.
1073         (JSC::MatchResult::empty):
1074             - Evaluates to true if the match succeeded with length 0.
1075         (JSC::RegExpObject::test):
1076             - Now returns a bool.
1077         * runtime/RegExpPrototype.cpp:
1078         (JSC::regExpProtoFuncTest):
1079             - RegExpObject match renamed back to test (test returns a bool).
1080         * runtime/StringPrototype.cpp:
1081         (JSC::removeUsingRegExpSearch):
1082         (JSC::replaceUsingRegExpSearch):
1083         (JSC::stringProtoFuncMatch):
1084         (JSC::stringProtoFuncSearch):
1085             - performMatch now returns a MatchResult, rather than using out-parameters.
1086
1087 2012-03-21  Hojong Han  <hojong.han@samsung.com>
1088
1089         Fix out of memory by allowing overcommit
1090         https://bugs.webkit.org/show_bug.cgi?id=81743
1091
1092         Reviewed by Geoffrey Garen.
1093
1094         Garbage collection is not triggered and new blocks are added
1095         because overcommit is allowed by MAP_NORESERVE flag when high water mark is big enough.
1096
1097         * wtf/OSAllocatorPosix.cpp:
1098         (WTF::OSAllocator::reserveAndCommit):
1099
1100 2012-03-21  Jessie Berlin  <jberlin@apple.com>
1101
1102         More Windows build fixing.
1103
1104         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
1105         Fix the order of the include directories to look in include/private first before looking
1106         in include/private/JavaScriptCore.
1107         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
1108         Look in the Production output directory (where the wtf headers will be). This is the same
1109         thing that is done for jsc and testRegExp in ReleasePGO.
1110
1111 2012-03-21  Jessie Berlin  <jberlin@apple.com>
1112
1113         WTF headers should be in $(ConfigurationBuildDir)\include\private\wtf, not
1114         $(ConfigurationBuildDir)\include\private\JavaScriptCore\wtf.
1115         https://bugs.webkit.org/show_bug.cgi?id=81739
1116
1117         Reviewed by Dan Bernstein.
1118
1119         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
1120         Look for AtomicString.cpp, StringBuilder.cpp, StringImpl.cpp, and WTFString.cpp in the wtf
1121         subdirectory of the build output, not the JavaScriptCore/wtf subdirectory.
1122         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
1123         Ditto.
1124
1125         * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops:
1126         Get the headers for those 4 files from the wtf subdirectory of the build output, not the
1127         JavaScriptCore/wtf subdirectory.
1128         * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
1129         Ditto.
1130
1131 2012-03-20  Eric Seidel  <eric@webkit.org>
1132
1133         Move wtf/Platform.h from JavaScriptCore to Source/WTF/wtf
1134         https://bugs.webkit.org/show_bug.cgi?id=80911
1135
1136         Reviewed by Adam Barth.
1137
1138         Update the various build systems to depend on Source/WTF headers
1139         as well as remove references to Platform.h (since it's now moved).
1140
1141         * CMakeLists.txt:
1142         * JavaScriptCore.pri:
1143         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
1144         * JavaScriptCore.xcodeproj/project.pbxproj:
1145         * wtf/CMakeLists.txt:
1146
1147 2012-03-20  Filip Pizlo  <fpizlo@apple.com>
1148
1149         op_mod fails on many interesting corner cases
1150         https://bugs.webkit.org/show_bug.cgi?id=81648
1151
1152         Reviewed by Oliver Hunt.
1153         
1154         Removed most strength reduction for op_mod, and fixed the integer handling
1155         to do the right thing for corner cases. Oddly, this revealed bugs in OSR,
1156         which this patch also fixes.
1157         
1158         This patch is performance neutral on all of the major benchmarks we track.
1159
1160         * dfg/DFGOperations.cpp:
1161         * dfg/DFGOperations.h:
1162         * dfg/DFGSpeculativeJIT.cpp:
1163         (DFG):
1164         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
1165         (JSC::DFG::SpeculativeJIT::compileArithMod):
1166         * jit/JIT.h:
1167         (JIT):
1168         * jit/JITArithmetic.cpp:
1169         (JSC):
1170         (JSC::JIT::emit_op_mod):
1171         (JSC::JIT::emitSlow_op_mod):
1172         * jit/JITArithmetic32_64.cpp:
1173         (JSC::JIT::emit_op_mod):
1174         (JSC::JIT::emitSlow_op_mod):
1175         * jit/JITOpcodes32_64.cpp:
1176         (JSC::JIT::privateCompileCTIMachineTrampolines):
1177         (JSC):
1178         * jit/JITStubs.h:
1179         (TrampolineStructure):
1180         (JSC::JITThunks::ctiNativeConstruct):
1181         * llint/LowLevelInterpreter64.asm:
1182         * wtf/Platform.h:
1183         * wtf/SimpleStats.h:
1184         (WTF::SimpleStats::variance):
1185
1186 2012-03-20  Steve Falkenburg  <sfalken@apple.com>
1187
1188         Windows (make based) build fix.
1189         <rdar://problem/11069015>
1190
1191         * JavaScriptCore.vcproj/JavaScriptCore.make: devenv /rebuild doesn't work with JavaScriptCore.vcproj. Use /clean and /build instead.
1192
1193 2012-03-20  Steve Falkenburg  <sfalken@apple.com>
1194
1195         Move WTF-related Windows project files out of JavaScriptCore
1196         https://bugs.webkit.org/show_bug.cgi?id=80680
1197
1198         This change only moves the vcproj and related files from JavaScriptCore/JavaScriptCore.vcproj/WTF.
1199         It does not move any source code. This is in preparation for the WTF source move out of
1200         JavaScriptCore.
1201
1202         Reviewed by Jessie Berlin.
1203
1204         * JavaScriptCore.vcproj/JavaScriptCore.sln:
1205         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
1206         * JavaScriptCore.vcproj/WTF: Removed.
1207         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed.
1208         * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Removed.
1209         * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Removed.
1210         * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Removed.
1211         * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Removed.
1212         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Removed.
1213         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Removed.
1214         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Removed.
1215         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Removed.
1216         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Removed.
1217         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Removed.
1218         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Removed.
1219         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Removed.
1220         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Removed.
1221         * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd: Removed.
1222         * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd: Removed.
1223         * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Removed.
1224         * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Removed.
1225         * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Removed.
1226         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Removed.
1227         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Removed.
1228         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Removed.
1229
1230 2012-03-20  Benjamin Poulain  <bpoulain@apple.com>
1231
1232         Cache the type string of JavaScript object
1233         https://bugs.webkit.org/show_bug.cgi?id=81446
1234
1235         Reviewed by Geoffrey Garen.
1236
1237         Instead of creating the JSString every time, we create
1238         lazily the strings in JSGlobalData.
1239
1240         This avoid the construction of the StringImpl and of the JSString,
1241         which gives some performance improvements.
1242
1243         * runtime/CommonIdentifiers.h:
1244         * runtime/JSValue.cpp:
1245         (JSC::JSValue::toStringSlowCase):
1246         * runtime/Operations.cpp:
1247         (JSC::jsTypeStringForValue):
1248         * runtime/SmallStrings.cpp:
1249         (JSC::SmallStrings::SmallStrings):
1250         (JSC::SmallStrings::finalizeSmallStrings):
1251         (JSC::SmallStrings::initialize):
1252         (JSC):
1253         * runtime/SmallStrings.h:
1254         (SmallStrings):
1255
1256 2012-03-20  Oliver Hunt  <oliver@apple.com>
1257
1258         Allow LLINT to work even when executable allocation fails.
1259         https://bugs.webkit.org/show_bug.cgi?id=81693
1260
1261         Reviewed by Gavin Barraclough.
1262
1263         Don't crash if executable allocation fails if we can fall back on LLINT
1264
1265         * jit/ExecutableAllocatorFixedVMPool.cpp:
1266         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
1267         * wtf/OSAllocatorPosix.cpp:
1268         (WTF::OSAllocator::reserveAndCommit):
1269
1270 2012-03-20  Csaba Osztrogonác  <ossy@webkit.org>
1271
1272         Division optimizations fail to infer cases of truncated division and mishandle -2147483648/-1
1273         https://bugs.webkit.org/show_bug.cgi?id=81428
1274
1275         32 bit buildfix after r111355.
1276
1277         2147483648 (2^31) isn't valid int literal in ISO C90, because 2147483647 (2^31-1) is the biggest int.
1278         The smallest int is -2147483648 (-2^31) == -2147483647 - 1  == -INT32_MAX-1 == INT32_MIN (stdint.h).
1279
1280         Reviewed by Zoltan Herczeg.
1281
1282         * dfg/DFGSpeculativeJIT.cpp:
1283         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
1284
1285 2012-03-19  Jochen Eisinger  <jochen@chromium.org>
1286
1287         Split WTFReportBacktrace into WTFReportBacktrace and WTFPrintBacktrace
1288         https://bugs.webkit.org/show_bug.cgi?id=80983
1289
1290         Reviewed by Darin Adler.
1291
1292         This allows printing a backtrace acquired by an earlier WTFGetBacktrace
1293         call which is useful for local debugging.
1294
1295         * wtf/Assertions.cpp:
1296         * wtf/Assertions.h:
1297
1298 2012-03-19  Benjamin Poulain  <benjamin@webkit.org>
1299
1300         Do not copy the script source in the SourceProvider, just reference the existing string
1301         https://bugs.webkit.org/show_bug.cgi?id=81466
1302
1303         Reviewed by Geoffrey Garen.
1304
1305         * parser/SourceCode.h: Remove the unused, and incorrect, function data().
1306         * parser/SourceProvider.h: Add OVERRIDE for clarity.
1307
1308 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1309
1310         Division optimizations fail to infer cases of truncated division and
1311         mishandle -2147483648/-1
1312         https://bugs.webkit.org/show_bug.cgi?id=81428
1313         <rdar://problem/11067382>
1314
1315         Reviewed by Oliver Hunt.
1316
1317         If you're a division over integers and you're only used as an integer, then you're
1318         an integer division and remainder checks become unnecessary. If you're dividing
1319         -2147483648 by -1, don't crash.
1320
1321         * assembler/MacroAssemblerX86Common.h:
1322         (MacroAssemblerX86Common):
1323         (JSC::MacroAssemblerX86Common::add32):
1324         * dfg/DFGSpeculativeJIT.cpp:
1325         (DFG):
1326         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
1327         * dfg/DFGSpeculativeJIT.h:
1328         (SpeculativeJIT):
1329         * dfg/DFGSpeculativeJIT32_64.cpp:
1330         (JSC::DFG::SpeculativeJIT::compile):
1331         * dfg/DFGSpeculativeJIT64.cpp:
1332         (JSC::DFG::SpeculativeJIT::compile):
1333         * llint/LowLevelInterpreter64.asm:
1334
1335 2012-03-19  Benjamin Poulain  <bpoulain@apple.com>
1336
1337         Simplify SmallStrings
1338         https://bugs.webkit.org/show_bug.cgi?id=81445
1339
1340         Reviewed by Gavin Barraclough.
1341
1342         SmallStrings had two methods that should not be public: count() and clear().
1343
1344         The method clear() is effectively replaced by finalizeSmallStrings(). The body
1345         of the method was moved to the constructor since the code is obvious.
1346
1347         The method count() is unused.
1348
1349         * runtime/SmallStrings.cpp:
1350         (JSC::SmallStrings::SmallStrings):
1351         * runtime/SmallStrings.h:
1352         (SmallStrings):
1353
1354 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1355
1356         DFG can no longer compile V8-v4/regexp in debug mode
1357         https://bugs.webkit.org/show_bug.cgi?id=81592
1358
1359         Reviewed by Gavin Barraclough.
1360
1361         * dfg/DFGSpeculativeJIT32_64.cpp:
1362         (JSC::DFG::SpeculativeJIT::compile):
1363         * dfg/DFGSpeculativeJIT64.cpp:
1364         (JSC::DFG::SpeculativeJIT::compile):
1365
1366 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1367
1368         Prediction propagation for UInt32ToNumber incorrectly assumes that outs outcome does not
1369         change throughout the fixpoint
1370         https://bugs.webkit.org/show_bug.cgi?id=81583
1371
1372         Reviewed by Michael Saboff.
1373
1374         * dfg/DFGPredictionPropagationPhase.cpp:
1375         (JSC::DFG::PredictionPropagationPhase::propagate):
1376
1377 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1378
1379         GC should not attempt to clear LLInt instruction inline caches for code blocks that are in
1380         the process of being generated
1381         https://bugs.webkit.org/show_bug.cgi?id=81565
1382
1383         Reviewed by Oliver Hunt.
1384
1385         * bytecode/CodeBlock.cpp:
1386         (JSC::CodeBlock::finalizeUnconditionally):
1387
1388 2012-03-19  Eric Seidel  <eric@webkit.org>
1389
1390         Fix WTF header include discipline in Chromium WebKit
1391         https://bugs.webkit.org/show_bug.cgi?id=81281
1392
1393         Reviewed by James Robinson.
1394
1395         * JavaScriptCore.gyp/JavaScriptCore.gyp:
1396         * wtf/unicode/icu/CollatorICU.cpp:
1397
1398 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1399
1400         DFG NodeUse should be called Edge and NodeReferenceBlob should be called AdjacencyList
1401         https://bugs.webkit.org/show_bug.cgi?id=81556
1402
1403         Rubber stamped by Gavin Barraclough.
1404
1405         * GNUmakefile.list.am:
1406         * JavaScriptCore.xcodeproj/project.pbxproj:
1407         * dfg/DFGAbstractState.h:
1408         (JSC::DFG::AbstractState::forNode):
1409         * dfg/DFGAdjacencyList.h: Copied from Source/JavaScriptCore/dfg/DFGNodeReferenceBlob.h.
1410         (JSC::DFG::AdjacencyList::AdjacencyList):
1411         (JSC::DFG::AdjacencyList::child):
1412         (JSC::DFG::AdjacencyList::setChild):
1413         (JSC::DFG::AdjacencyList::child1):
1414         (JSC::DFG::AdjacencyList::child2):
1415         (JSC::DFG::AdjacencyList::child3):
1416         (JSC::DFG::AdjacencyList::setChild1):
1417         (JSC::DFG::AdjacencyList::setChild2):
1418         (JSC::DFG::AdjacencyList::setChild3):
1419         (JSC::DFG::AdjacencyList::child1Unchecked):
1420         (JSC::DFG::AdjacencyList::initialize):
1421         (AdjacencyList):
1422         * dfg/DFGByteCodeParser.cpp:
1423         (JSC::DFG::ByteCodeParser::addVarArgChild):
1424         (JSC::DFG::ByteCodeParser::processPhiStack):
1425         * dfg/DFGCSEPhase.cpp:
1426         (JSC::DFG::CSEPhase::canonicalize):
1427         (JSC::DFG::CSEPhase::performSubstitution):
1428         * dfg/DFGEdge.h: Copied from Source/JavaScriptCore/dfg/DFGNodeUse.h.
1429         (DFG):
1430         (JSC::DFG::Edge::Edge):
1431         (JSC::DFG::Edge::operator==):
1432         (JSC::DFG::Edge::operator!=):
1433         (Edge):
1434         (JSC::DFG::operator==):
1435         (JSC::DFG::operator!=):
1436         * dfg/DFGGraph.h:
1437         (JSC::DFG::Graph::operator[]):
1438         (JSC::DFG::Graph::at):
1439         (JSC::DFG::Graph::ref):
1440         (JSC::DFG::Graph::deref):
1441         (JSC::DFG::Graph::clearAndDerefChild1):
1442         (JSC::DFG::Graph::clearAndDerefChild2):
1443         (JSC::DFG::Graph::clearAndDerefChild3):
1444         (Graph):
1445         * dfg/DFGJITCompiler.h:
1446         (JSC::DFG::JITCompiler::getPrediction):
1447         * dfg/DFGNode.h:
1448         (JSC::DFG::Node::Node):
1449         (JSC::DFG::Node::child1):
1450         (JSC::DFG::Node::child1Unchecked):
1451         (JSC::DFG::Node::child2):
1452         (JSC::DFG::Node::child3):
1453         (Node):
1454         * dfg/DFGNodeFlags.cpp:
1455         (JSC::DFG::arithNodeFlagsAsString):
1456         * dfg/DFGNodeFlags.h:
1457         (DFG):
1458         (JSC::DFG::nodeUsedAsNumber):
1459         * dfg/DFGNodeReferenceBlob.h: Removed.
1460         * dfg/DFGNodeUse.h: Removed.
1461         * dfg/DFGPredictionPropagationPhase.cpp:
1462         (JSC::DFG::PredictionPropagationPhase::propagate):
1463         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
1464         (JSC::DFG::PredictionPropagationPhase::vote):
1465         (JSC::DFG::PredictionPropagationPhase::fixupNode):
1466         * dfg/DFGScoreBoard.h:
1467         (JSC::DFG::ScoreBoard::use):
1468         * dfg/DFGSpeculativeJIT.cpp:
1469         (JSC::DFG::SpeculativeJIT::useChildren):
1470         (JSC::DFG::SpeculativeJIT::writeBarrier):
1471         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
1472         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
1473         (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
1474         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
1475         * dfg/DFGSpeculativeJIT.h:
1476         (JSC::DFG::SpeculativeJIT::at):
1477         (JSC::DFG::SpeculativeJIT::canReuse):
1478         (JSC::DFG::SpeculativeJIT::use):
1479         (SpeculativeJIT):
1480         (JSC::DFG::SpeculativeJIT::speculationCheck):
1481         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
1482         (JSC::DFG::IntegerOperand::IntegerOperand):
1483         (JSC::DFG::DoubleOperand::DoubleOperand):
1484         (JSC::DFG::JSValueOperand::JSValueOperand):
1485         (JSC::DFG::StorageOperand::StorageOperand):
1486         (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
1487         (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
1488         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
1489         (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
1490         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
1491         * dfg/DFGSpeculativeJIT32_64.cpp:
1492         (JSC::DFG::SpeculativeJIT::cachedPutById):
1493         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1494         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1495         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
1496         (JSC::DFG::SpeculativeJIT::emitCall):
1497         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1498         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1499         * dfg/DFGSpeculativeJIT64.cpp:
1500         (JSC::DFG::SpeculativeJIT::cachedPutById):
1501         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1502         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1503         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
1504         (JSC::DFG::SpeculativeJIT::emitCall):
1505         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1506         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1507
1508 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1509
1510         Object.freeze broken on latest Nightly
1511         https://bugs.webkit.org/show_bug.cgi?id=80577
1512
1513         Reviewed by Oliver Hunt.
1514
1515         * runtime/Arguments.cpp:
1516         (JSC::Arguments::defineOwnProperty):
1517             - defineOwnProperty was checking for correct behaviour, provided that length/callee hadn't
1518             been overrridden. instead, just reify length/callee & rely on JSObject::defineOwnProperty.
1519         * runtime/JSFunction.cpp:
1520         (JSC::JSFunction::defineOwnProperty):
1521             - for arguments/caller/length properties, defineOwnProperty was incorrectly asserting that
1522             the object must be extensible; this is incorrect since these properties should already exist
1523             on the object. In addition, it was asserting that the arguments/caller values must match the
1524             corresponding magic data properties, but for strict mode function this is incorrect. Instead,
1525             just reify the arguments/caller accessor & defer to JSObject::defineOwnProperty.
1526
1527 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1528
1529         LLInt get_by_pname slow path incorrectly assumes that the operands are not constants
1530         https://bugs.webkit.org/show_bug.cgi?id=81559
1531
1532         Reviewed by Michael Saboff.
1533
1534         * llint/LLIntSlowPaths.cpp:
1535         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1536
1537 2012-03-19  Yong Li  <yoli@rim.com>
1538
1539         [BlackBerry] Implement OSAllocator::commit/decommit in the correct way
1540         https://bugs.webkit.org/show_bug.cgi?id=77013
1541
1542         We should use mmap(PROT_NONE, MAP_LAZY) instead of posix_madvise() to
1543         implement memory decommitting for QNX.
1544
1545         Reviewed by Rob Buis.
1546
1547         * wtf/OSAllocatorPosix.cpp:
1548         (WTF::OSAllocator::reserveUncommitted):
1549         (WTF::OSAllocator::commit):
1550         (WTF::OSAllocator::decommit):
1551
1552 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1553
1554         Unreviewed - revent a couple of files accidentally committed.
1555
1556         * runtime/Arguments.cpp:
1557         (JSC::Arguments::defineOwnProperty):
1558         * runtime/JSFunction.cpp:
1559         (JSC::JSFunction::defineOwnProperty):
1560
1561 2012-03-19  Jessie Berlin  <jberlin@apple.com>
1562
1563         Another Windows build fix after r111129.
1564
1565         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1566
1567 2012-03-19  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
1568
1569         Cross-platform processor core counter: fix build on FreeBSD.
1570         https://bugs.webkit.org/show_bug.cgi?id=81482
1571
1572         Reviewed by Zoltan Herczeg.
1573
1574         The documentation of sysctl(3) shows that <sys/types.h> should be
1575         included before <sys/sysctl.h> (sys/types.h tends to be the first
1576         included header in general).
1577
1578         This should fix the build on FreeBSD and other systems where
1579         sysctl.h really depends on types defined in types.h.
1580
1581         * wtf/NumberOfCores.cpp:
1582
1583 2012-03-19  Jessie Berlin  <jberlin@apple.com>
1584
1585         Windows build fix after r111129.
1586
1587         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1588
1589 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1590
1591         JSCallbackFunction::toStringCallback/valueOfCallback do not handle 0 return value from convertToType
1592         https://bugs.webkit.org/show_bug.cgi?id=81468 <rdar://problem/11034745>
1593
1594         Reviewed by Oliver Hunt.
1595
1596         The API specifies that convertToType may opt not to handle a conversion:
1597             "@result The objects's converted value, or NULL if the object was not converted."
1598         In which case, it would propagate first up the JSClass hierarchy, calling its superclass's
1599         conversion functions, and failing that call the JSObject::defaultValue function.
1600
1601         Unfortunately this behaviour was removed in bug#69677/bug#69858, and instead we now rely on
1602         the toStringCallback/valueOfCallback function introduced in bug#69156. Even after a fix in
1603         bug#73368, these will return the result from the first convertToType they find, regardless
1604         of whether this result is null, and if no convertToType method is found in the api class
1605         hierarchy (possible if toStringCallback/valueOfCallback was accessed off the prototype
1606         chain), they will also return a null pointer. This is unsafe.
1607
1608         It would be easy to make the approach based around toStringCallback/valueOfCallback continue
1609         to walk the api class hierarchy, but making the fallback to defaultValue would be problematic
1610         (since defaultValue calls toStringCallback/valueOfCallback, this would infinitely recurse).
1611         Making the fallback work with toString/valueOf methods attached to api objects is probably
1612         not the right thing to do – instead, we should just implement the defaultValue trap for api
1613         objects.
1614
1615         In addition, this bug highlights that fact that JSCallbackFunction::call will allow a hard
1616         null to be returned from C to JavaScript - this is not okay. Handle with an exception.
1617
1618         * API/JSCallbackFunction.cpp:
1619         (JSC::JSCallbackFunction::call):
1620             - Should be null checking the return value.
1621         (JSC):
1622             - Remove toStringCallback/valueOfCallback.
1623         * API/JSCallbackFunction.h:
1624         (JSCallbackFunction):
1625             - Remove toStringCallback/valueOfCallback.
1626         * API/JSCallbackObject.h:
1627         (JSCallbackObject):
1628             - Add defaultValue mthods to JSCallbackObject.
1629         * API/JSCallbackObjectFunctions.h:
1630         (JSC::::defaultValue):
1631             - Add defaultValue mthods to JSCallbackObject.
1632         * API/JSClassRef.cpp:
1633         (OpaqueJSClass::prototype):
1634             - Remove toStringCallback/valueOfCallback.
1635         * API/tests/testapi.js:
1636             - Revert this test, now we no longer artificially introduce a toString method onto the api object.
1637
1638 2012-03-18  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
1639
1640         [EFL] Include ICU_INCLUDE_DIRS when building.
1641         https://bugs.webkit.org/show_bug.cgi?id=81483
1642
1643         Reviewed by Daniel Bates.
1644
1645         So far, only the ICU libraries were being included when building
1646         JavaScriptCore, however the include path is also needed, otherwise the
1647         build will fail when ICU is installed into a non-standard location.
1648
1649         * PlatformEfl.cmake: Include ${ICU_INCLUDE_DIRS}.
1650
1651 2012-03-17  Gavin Barraclough  <barraclough@apple.com>
1652
1653         Strength reduction, RegExp.exec -> RegExp.test
1654         https://bugs.webkit.org/show_bug.cgi?id=81459
1655
1656         Reviewed by Sam Weinig.
1657
1658         RegExp.prototype.exec & RegExp.prototype.test can both be used to test a regular
1659         expression for a match against a string - however exec is more expensive, since
1660         it allocates a matches array object. In cases where the result is consumed in a
1661         boolean context the allocation of the matches array can be trivially elided.
1662
1663         For example:
1664             function f()
1665             {
1666                 for (i =0; i < 10000000; ++i)
1667                     if(!/a/.exec("a"))
1668                         err = true;
1669             }
1670
1671         This is a 2.5x speedup on this example microbenchmark loop.
1672
1673         In a more advanced form of this optimization, we may be able to avoid allocating
1674         the array where access to the array can be observed.
1675
1676         * create_hash_table:
1677         * dfg/DFGAbstractState.cpp:
1678         (JSC::DFG::AbstractState::execute):
1679         * dfg/DFGByteCodeParser.cpp:
1680         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1681         * dfg/DFGNode.h:
1682         (JSC::DFG::Node::hasHeapPrediction):
1683         * dfg/DFGNodeType.h:
1684         (DFG):
1685         * dfg/DFGOperations.cpp:
1686         * dfg/DFGOperations.h:
1687         * dfg/DFGPredictionPropagationPhase.cpp:
1688         (JSC::DFG::PredictionPropagationPhase::propagate):
1689         * dfg/DFGSpeculativeJIT.cpp:
1690         (JSC::DFG::SpeculativeJIT::compileRegExpExec):
1691         (DFG):
1692         * dfg/DFGSpeculativeJIT.h:
1693         (JSC::DFG::SpeculativeJIT::callOperation):
1694         * dfg/DFGSpeculativeJIT32_64.cpp:
1695         (JSC::DFG::SpeculativeJIT::compile):
1696         * dfg/DFGSpeculativeJIT64.cpp:
1697         (JSC::DFG::SpeculativeJIT::compile):
1698         * jsc.cpp:
1699         (GlobalObject::addConstructableFunction):
1700         * runtime/Intrinsic.h:
1701         * runtime/JSFunction.cpp:
1702         (JSC::JSFunction::create):
1703         (JSC):
1704         * runtime/JSFunction.h:
1705         (JSFunction):
1706         * runtime/Lookup.cpp:
1707         (JSC::setUpStaticFunctionSlot):
1708         * runtime/RegExpObject.cpp:
1709         (JSC::RegExpObject::exec):
1710         (JSC::RegExpObject::match):
1711         * runtime/RegExpObject.h:
1712         (RegExpObject):
1713         * runtime/RegExpPrototype.cpp:
1714         (JSC::regExpProtoFuncTest):
1715         (JSC::regExpProtoFuncExec):
1716
1717 2012-03-16  Michael Saboff  <msaboff@apple.com>
1718
1719         Improve diagnostic benefit of JSGlobalData::m_isInitializingObject
1720         https://bugs.webkit.org/show_bug.cgi?id=81244
1721
1722         Rubber stamped by Filip Pizlo.
1723
1724         Changed type and name of JSGlobalData::m_isInitializingObject to
1725         ClassInfo* and m_initializingObjectClass.
1726         Changed JSGlobalData::setInitializingObject to
1727         JSGlobalData::setInitializingObjectClass.  This pointer can be used within 
1728         the debugger to determine what type of object is being initialized.
1729         
1730         * runtime/JSCell.h:
1731         (JSC::JSCell::finishCreation):
1732         (JSC::allocateCell):
1733         * runtime/JSGlobalData.cpp:
1734         (JSC::JSGlobalData::JSGlobalData):
1735         * runtime/JSGlobalData.h:
1736         (JSGlobalData):
1737         (JSC::JSGlobalData::isInitializingObject):
1738         (JSC::JSGlobalData::setInitializingObjectClass):
1739         * runtime/Structure.h:
1740         (JSC::JSCell::finishCreation):
1741
1742 2012-03-16  Mark Rowe  <mrowe@apple.com>
1743
1744         Build fix. Do not preserve owner and group information when installing the WTF headers.
1745
1746         * JavaScriptCore.xcodeproj/project.pbxproj:
1747
1748 2012-03-15  David Dorwin  <ddorwin@chromium.org>
1749
1750         Make the array pointer parameters in the Typed Array create() methods const.
1751         https://bugs.webkit.org/show_bug.cgi?id=81147
1752
1753         Reviewed by Kenneth Russell.
1754
1755         This allows const arrays to be passed to these methods.
1756         They use PassRefPtr<Subclass> create(), which already has a const parameter.
1757
1758         * wtf/Int16Array.h:
1759         (Int16Array):
1760         (WTF::Int16Array::create):
1761         * wtf/Int32Array.h:
1762         (Int32Array):
1763         (WTF::Int32Array::create):
1764         * wtf/Int8Array.h:
1765         (Int8Array):
1766         (WTF::Int8Array::create):
1767         * wtf/Uint16Array.h:
1768         (Uint16Array):
1769         (WTF::Uint16Array::create):
1770         * wtf/Uint32Array.h:
1771         (Uint32Array):
1772         (WTF::Uint32Array::create):
1773         * wtf/Uint8Array.h:
1774         (Uint8Array):
1775         (WTF::Uint8Array::create):
1776         * wtf/Uint8ClampedArray.h:
1777         (Uint8ClampedArray):
1778         (WTF::Uint8ClampedArray::create):
1779
1780 2012-03-15  Myles Maxfield  <mmaxfield@google.com>
1781
1782         CopiedSpace::tryAllocateOversize assumes system page size
1783         https://bugs.webkit.org/show_bug.cgi?id=80615
1784
1785         Reviewed by Geoffrey Garen.
1786
1787         * heap/CopiedSpace.cpp:
1788         (JSC::CopiedSpace::tryAllocateOversize):
1789         * heap/CopiedSpace.h:
1790         (CopiedSpace):
1791         * heap/CopiedSpaceInlineMethods.h:
1792         (JSC::CopiedSpace::oversizeBlockFor):
1793         * wtf/BumpPointerAllocator.h:
1794         (WTF::BumpPointerPool::create):
1795         * wtf/StdLibExtras.h:
1796         (WTF::roundUpToMultipleOf):
1797
1798 2012-03-15  Mark Hahnenberg  <mhahnenberg@apple.com>
1799
1800         Fixing Windows build breakage
1801
1802         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1803
1804 2012-03-15  Patrick Gansterer  <paroga@webkit.org>
1805
1806         [EFL] Make zlib a general build requirement
1807         https://bugs.webkit.org/show_bug.cgi?id=80153
1808
1809         Reviewed by Hajime Morita.
1810
1811         After r109538 WebSocket module needs zlib to support deflate-frame extension.
1812
1813         * wtf/Platform.h:
1814
1815 2012-03-15  Benjamin Poulain  <bpoulain@apple.com>
1816
1817         NumericStrings should be inlined
1818         https://bugs.webkit.org/show_bug.cgi?id=81183
1819
1820         Reviewed by Gavin Barraclough.
1821
1822         NumericStrings is not always inlined. When it is not, the class is not faster
1823         than using UString::number() directly.
1824
1825         * runtime/NumericStrings.h:
1826         (JSC::NumericStrings::add):
1827         (JSC::NumericStrings::lookupSmallString):
1828
1829 2012-03-15  Andras Becsi  <andras.becsi@nokia.com>
1830
1831         Fix ARM build after r110792.
1832
1833         Unreviewed build fix.
1834
1835         * jit/ExecutableAllocator.h:
1836         (JSC::ExecutableAllocator::cacheFlush):
1837         Remove superfluous curly brackets.
1838
1839 2012-03-15  Gavin Barraclough  <barraclough@apple.com>
1840
1841         ARMv7: prefer vmov(gpr,gpr->double) over vmov(gpr->single)
1842         https://bugs.webkit.org/show_bug.cgi?id=81256
1843
1844         Reviewed by Oliver Hunt.
1845
1846         This is a 0.5% sunspider progression.
1847
1848         * assembler/MacroAssemblerARMv7.h:
1849         (JSC::MacroAssemblerARMv7::convertInt32ToDouble):
1850             - switch which form of vmov we use.
1851
1852 2012-03-15  YoungTaeck Song  <youngtaeck.song@samsung.com>
1853
1854         [EFL] Add OwnPtr specialization for Ecore_Timer.
1855         https://bugs.webkit.org/show_bug.cgi?id=80119
1856
1857         Reviewed by Hajime Morita.
1858
1859         Add an overload for deleteOwnedPtr(Ecore_Timer*) on EFL port.
1860
1861         * wtf/OwnPtrCommon.h:
1862         (WTF):
1863         * wtf/efl/OwnPtrEfl.cpp:
1864         (WTF::deleteOwnedPtr):
1865         (WTF):
1866
1867 2012-03-15  Hojong Han  <hojong.han@samsung.com>
1868
1869         Linux has madvise enough to support OSAllocator::commit/decommit
1870         https://bugs.webkit.org/show_bug.cgi?id=80505
1871
1872         Reviewed by Geoffrey Garen.
1873
1874         * wtf/OSAllocatorPosix.cpp:
1875         (WTF::OSAllocator::reserveUncommitted):
1876         (WTF::OSAllocator::commit):
1877         (WTF::OSAllocator::decommit):
1878
1879 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
1880
1881         Windows build fix.
1882
1883         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
1884         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
1885         * JavaScriptCore.vcproj/WTF/copy-files.cmd:
1886         * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
1887
1888 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
1889
1890         Windows build fix.
1891
1892         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
1893
1894 2012-03-15  Kevin Ollivier  <kevino@theolliviers.com>
1895
1896         Move wx port to using export macros
1897         https://bugs.webkit.org/show_bug.cgi?id=77279
1898
1899         Reviewed by Hajime Morita.
1900
1901         * wscript:
1902         * wtf/Platform.h:
1903
1904 2012-03-14  Benjamin Poulain  <bpoulain@apple.com>
1905
1906         Avoid StringImpl::getData16SlowCase() when sorting array
1907         https://bugs.webkit.org/show_bug.cgi?id=81070
1908
1909         Reviewed by Geoffrey Garen.
1910
1911         The function codePointCompare() is used intensively when sorting strings.
1912         This patch improves its performance by:
1913         -Avoiding character conversion.
1914         -Inlining the function.
1915
1916         This makes Peacekeeper's arrayCombined test 30% faster.
1917
1918         * wtf/text/StringImpl.cpp:
1919         * wtf/text/StringImpl.h:
1920         (WTF):
1921         (WTF::codePointCompare):
1922         (WTF::codePointCompare8):
1923         (WTF::codePointCompare16):
1924         (WTF::codePointCompare8To16):
1925
1926 2012-03-14  Hojong Han  <hojong.han@samsung.com>
1927
1928         Fix memory allocation failed by fastmalloc
1929         https://bugs.webkit.org/show_bug.cgi?id=79614
1930
1931         Reviewed by Geoffrey Garen.
1932
1933         Memory allocation failed even if the heap grows successfully.
1934         It is wrong to get the span only from the large list after the heap grows,
1935         because new span could be added in the normal list.
1936
1937         * wtf/FastMalloc.cpp:
1938         (WTF::TCMalloc_PageHeap::New):
1939
1940 2012-03-14  Hojong Han  <hojong.han@samsung.com>
1941
1942         Run cacheFlush page by page to assure of flushing all the requested ranges
1943         https://bugs.webkit.org/show_bug.cgi?id=77712
1944
1945         Reviewed by Geoffrey Garen.
1946
1947         Current MetaAllocator concept, always coalesces adjacent free spaces,
1948         doesn't meet memory management of Linux kernel.
1949         In a certain case Linux kernel doesn't regard contiguous virtual memory areas as one but two.
1950         Therefore cacheFlush page by page guarantees a flush-requested range.
1951
1952         * jit/ExecutableAllocator.h:
1953         (JSC::ExecutableAllocator::cacheFlush):
1954
1955 2012-03-14  Oliver Hunt  <oliver@apple.com>
1956
1957         Make ARMv7 work again
1958         https://bugs.webkit.org/show_bug.cgi?id=81157
1959
1960         Reviewed by Geoffrey Garen.
1961
1962         We were trying to use the ARMv7 dataRegister as a scratch register in a scenario
1963         where we the ARMv7MacroAssembler would also try to use dataRegister for its own
1964         nefarious purposes.
1965
1966         * assembler/MacroAssembler.h:
1967         (JSC::MacroAssembler::store32):
1968         * assembler/MacroAssemblerARMv7.h:
1969         (MacroAssemblerARMv7):
1970
1971 2012-03-14  Mark Hahnenberg  <mhahnenberg@apple.com>
1972
1973         Heap::destroy leaks CopiedSpace
1974         https://bugs.webkit.org/show_bug.cgi?id=81055
1975
1976         Reviewed by Geoffrey Garen.
1977
1978         Added a destroy() function to CopiedSpace that moves all normal size 
1979         CopiedBlocks from the CopiedSpace to the Heap's list of free blocks 
1980         as well as deallocates all of the oversize blocks in the CopiedSpace. 
1981         This function is now called in Heap::destroy().
1982
1983         * heap/CopiedSpace.cpp:
1984         (JSC::CopiedSpace::destroy):
1985         (JSC):
1986         * heap/CopiedSpace.h:
1987         (CopiedSpace):
1988         * heap/Heap.cpp:
1989         (JSC::Heap::destroy):
1990
1991 2012-03-14  Andrew Lo  <anlo@rim.com>
1992
1993         [BlackBerry] Implement REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR using AnimationFrameRateController
1994         https://bugs.webkit.org/show_bug.cgi?id=81000
1995
1996         Enable WTF_USE_REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for BlackBerry.
1997
1998         Reviewed by Antonio Gomes.
1999
2000         * wtf/Platform.h:
2001
2002 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
2003
2004         ValueToInt32 speculation will cause OSR exits even when it does not have to
2005         https://bugs.webkit.org/show_bug.cgi?id=81068
2006         <rdar://problem/11043926>
2007
2008         Reviewed by Anders Carlsson.
2009         
2010         Two related changes:
2011         1) ValueToInt32 will now always just defer to the non-speculative path, instead
2012            of exiting, if it doesn't know what speculations to perform.
2013         2) ValueToInt32 will speculate boolean if it sees this to be profitable.
2014
2015         * dfg/DFGAbstractState.cpp:
2016         (JSC::DFG::AbstractState::execute):
2017         * dfg/DFGNode.h:
2018         (JSC::DFG::Node::shouldSpeculateBoolean):
2019         (Node):
2020         * dfg/DFGSpeculativeJIT.cpp:
2021         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
2022
2023 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
2024
2025         More Windows build fixing
2026
2027         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2028
2029 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
2030
2031         Windows build fix
2032
2033         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2034
2035 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
2036
2037         Type conversion of exponential part failed
2038         https://bugs.webkit.org/show_bug.cgi?id=80673
2039
2040         Reviewed by Geoffrey Garen.
2041
2042         * parser/Lexer.cpp:
2043         (JSC::::lex):
2044         * runtime/JSGlobalObjectFunctions.cpp:
2045         (JSC::parseInt):
2046         (JSC):
2047         (JSC::jsStrDecimalLiteral): Added another template argument that exposes whether or not
2048         we accept trailing junk to clients of jsStrDecimalLiteral. Also added additional template 
2049         parameter for strtod to allow trailing spaces.
2050         (JSC::toDouble):
2051         (JSC::parseFloat): Accept trailing junk, as per the ECMA 262 spec (15.1.2.3).
2052         * runtime/LiteralParser.cpp:
2053         (JSC::::Lexer::lexNumber):
2054         * tests/mozilla/expected.html: Update the expected page for run-javascriptcore-tests so that 
2055         we will run ecma/TypeConversion/9.3.1-3.js as a regression test now.
2056         * wtf/dtoa.cpp:
2057         (WTF):
2058         (WTF::strtod): We also needed to sometimes accept trailing spaces to pass a few other tests that were 
2059         broken by changing the default allowance of trailing junk in jsStrDecimalLiteral.
2060         * wtf/dtoa.h:
2061         * wtf/dtoa/double-conversion.cc: When the AdvanceToNonspace function was lifted out of the 
2062         Chromium codebase, the person porting it only thought to check for spaces when skipping whitespace.
2063         A few of our JSC tests check for other types of trailing whitespace, so I've added checks for those 
2064         here to cover those cases (horizontal tab, vertical tab, carriage return, form feed, and line feed).
2065         * wtf/text/WTFString.cpp:
2066         (WTF::toDoubleType): Disallow trailing spaces, as this breaks form input verification stuff.
2067
2068 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
2069
2070         Unreviewed, build fix since is_pod<> includes some header that I didn't know about.
2071         Removing the assert for now.
2072
2073         * dfg/DFGOperations.h:
2074         * llint/LLIntSlowPaths.h:
2075
2076 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
2077
2078         Functions with C linkage should return POD types
2079         https://bugs.webkit.org/show_bug.cgi?id=81061
2080
2081         Reviewed by Mark Rowe.
2082
2083         * dfg/DFGOperations.h:
2084         * llint/LLIntSlowPaths.h:
2085         (LLInt):
2086         (SlowPathReturnType):
2087         (JSC::LLInt::encodeResult):
2088
2089 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
2090
2091         Loads from UInt32Arrays should not result in a double up-convert if it isn't necessary
2092         https://bugs.webkit.org/show_bug.cgi?id=80979
2093         <rdar://problem/11036848>
2094
2095         Reviewed by Oliver Hunt.
2096         
2097         Also improved DFG IR dumping to include type information in a somewhat more
2098         intuitive way.
2099
2100         * bytecode/PredictedType.cpp:
2101         (JSC::predictionToAbbreviatedString):
2102         (JSC):
2103         * bytecode/PredictedType.h:
2104         (JSC):
2105         * dfg/DFGAbstractState.cpp:
2106         (JSC::DFG::AbstractState::execute):
2107         * dfg/DFGGraph.cpp:
2108         (JSC::DFG::Graph::dump):
2109         * dfg/DFGPredictionPropagationPhase.cpp:
2110         (JSC::DFG::PredictionPropagationPhase::propagate):
2111         * dfg/DFGSpeculativeJIT.cpp:
2112         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
2113         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
2114         * dfg/DFGSpeculativeJIT.h:
2115         (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
2116
2117 2012-03-13  George Staikos  <staikos@webkit.org>
2118
2119         The callback is only used if SA_RESTART is defined.  Compile it out
2120         otherwise to avoid a warning.
2121         https://bugs.webkit.org/show_bug.cgi?id=80926
2122
2123         Reviewed by Alexey Proskuryakov.
2124
2125         * heap/MachineStackMarker.cpp:
2126         (JSC):
2127
2128 2012-03-13  Hojong Han  <hojong.han@samsung.com>
2129
2130         Dump the generated code for ARM_TRADITIONAL
2131         https://bugs.webkit.org/show_bug.cgi?id=80975
2132
2133         Reviewed by Gavin Barraclough.
2134
2135         * assembler/LinkBuffer.h:
2136         (JSC::LinkBuffer::dumpCode):
2137
2138 2012-03-13  Adam Barth  <abarth@webkit.org> && Benjamin Poulain  <bpoulain@apple.com>
2139
2140         Always enable ENABLE(CLIENT_BASED_GEOLOCATION)
2141         https://bugs.webkit.org/show_bug.cgi?id=78853
2142
2143         Reviewed by Adam Barth.
2144
2145         * Configurations/FeatureDefines.xcconfig:
2146         * wtf/Platform.h:
2147
2148 2012-03-13  Kwonjin Jeong  <gram@company100.net>
2149
2150         Remove SlotVisitor::copy() method.
2151         https://bugs.webkit.org/show_bug.cgi?id=80973
2152
2153         Reviewed by Geoffrey Garen.
2154
2155         SlotVisitor::copy() method isn't called anywhere.
2156
2157         * heap/MarkStack.cpp: Remove definition of SlotVisitor::copy() method.
2158         * heap/SlotVisitor.h: Remove declaration of SlotVisitor::copy() method.
2159
2160 2012-03-12  Hojong Han  <hojong.han@samsung.com>
2161
2162         Fix test cases for RegExp multiline
2163         https://bugs.webkit.org/show_bug.cgi?id=80822
2164
2165         Reviewed by Gavin Barraclough.
2166
2167         * tests/mozilla/js1_2/regexp/RegExp_multiline.js:
2168         * tests/mozilla/js1_2/regexp/RegExp_multiline_as_array.js:
2169         * tests/mozilla/js1_2/regexp/beginLine.js:
2170         * tests/mozilla/js1_2/regexp/endLine.js:
2171
2172 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
2173
2174         Arithmetic use inference should be procedure-global and should run in tandem
2175         with type propagation
2176         https://bugs.webkit.org/show_bug.cgi?id=80819
2177         <rdar://problem/11034006>
2178
2179         Reviewed by Gavin Barraclough.
2180         
2181         * CMakeLists.txt:
2182         * GNUmakefile.list.am:
2183         * JavaScriptCore.xcodeproj/project.pbxproj:
2184         * Target.pri:
2185         * dfg/DFGArithNodeFlagsInferencePhase.cpp: Removed.
2186         * dfg/DFGArithNodeFlagsInferencePhase.h: Removed.
2187         * dfg/DFGDriver.cpp:
2188         (JSC::DFG::compile):
2189         * dfg/DFGPredictionPropagationPhase.cpp:
2190         (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
2191         (PredictionPropagationPhase):
2192         (JSC::DFG::PredictionPropagationPhase::isNotZero):
2193         (JSC::DFG::PredictionPropagationPhase::propagate):
2194         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
2195         * dfg/DFGVariableAccessData.h:
2196         (JSC::DFG::VariableAccessData::VariableAccessData):
2197         (JSC::DFG::VariableAccessData::flags):
2198         (VariableAccessData):
2199         (JSC::DFG::VariableAccessData::mergeFlags):
2200
2201 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
2202
2203         Node::op and Node::flags should be private
2204         https://bugs.webkit.org/show_bug.cgi?id=80824
2205         <rdar://problem/11033435>
2206
2207         Reviewed by Gavin Barraclough.
2208
2209         * CMakeLists.txt:
2210         * GNUmakefile.list.am:
2211         * JavaScriptCore.xcodeproj/project.pbxproj:
2212         * Target.pri:
2213         * dfg/DFGAbstractState.cpp:
2214         (JSC::DFG::AbstractState::initialize):
2215         (JSC::DFG::AbstractState::execute):
2216         (JSC::DFG::AbstractState::mergeStateAtTail):
2217         (JSC::DFG::AbstractState::mergeToSuccessors):
2218         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
2219         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
2220         * dfg/DFGByteCodeParser.cpp:
2221         (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
2222         (JSC::DFG::ByteCodeParser::getLocal):
2223         (JSC::DFG::ByteCodeParser::getArgument):
2224         (JSC::DFG::ByteCodeParser::flushArgument):
2225         (JSC::DFG::ByteCodeParser::toInt32):
2226         (JSC::DFG::ByteCodeParser::isJSConstant):
2227         (JSC::DFG::ByteCodeParser::makeSafe):
2228         (JSC::DFG::ByteCodeParser::makeDivSafe):
2229         (JSC::DFG::ByteCodeParser::handleInlining):
2230         (JSC::DFG::ByteCodeParser::parseBlock):
2231         (JSC::DFG::ByteCodeParser::processPhiStack):
2232         (JSC::DFG::ByteCodeParser::linkBlock):
2233         * dfg/DFGCFAPhase.cpp:
2234         (JSC::DFG::CFAPhase::performBlockCFA):
2235         * dfg/DFGCSEPhase.cpp:
2236         (JSC::DFG::CSEPhase::canonicalize):
2237         (JSC::DFG::CSEPhase::endIndexForPureCSE):
2238         (JSC::DFG::CSEPhase::pureCSE):
2239         (JSC::DFG::CSEPhase::byValIsPure):
2240         (JSC::DFG::CSEPhase::clobbersWorld):
2241         (JSC::DFG::CSEPhase::impureCSE):
2242         (JSC::DFG::CSEPhase::globalVarLoadElimination):
2243         (JSC::DFG::CSEPhase::getByValLoadElimination):
2244         (JSC::DFG::CSEPhase::checkFunctionElimination):
2245         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
2246         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
2247         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
2248         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
2249         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
2250         (JSC::DFG::CSEPhase::performNodeCSE):
2251         * dfg/DFGGraph.cpp:
2252         (JSC::DFG::Graph::dump):
2253         (DFG):
2254         * dfg/DFGGraph.h:
2255         (JSC::DFG::Graph::addShouldSpeculateInteger):
2256         (JSC::DFG::Graph::negateShouldSpeculateInteger):
2257         (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
2258         * dfg/DFGNode.cpp: Removed.
2259         * dfg/DFGNode.h:
2260         (DFG):
2261         (JSC::DFG::Node::Node):
2262         (Node):
2263         (JSC::DFG::Node::op):
2264         (JSC::DFG::Node::flags):
2265         (JSC::DFG::Node::setOp):
2266         (JSC::DFG::Node::setFlags):
2267         (JSC::DFG::Node::mergeFlags):
2268         (JSC::DFG::Node::filterFlags):
2269         (JSC::DFG::Node::clearFlags):
2270         (JSC::DFG::Node::setOpAndDefaultFlags):
2271         (JSC::DFG::Node::mustGenerate):
2272         (JSC::DFG::Node::isConstant):
2273         (JSC::DFG::Node::isWeakConstant):
2274         (JSC::DFG::Node::valueOfJSConstant):
2275         (JSC::DFG::Node::hasVariableAccessData):
2276         (JSC::DFG::Node::hasIdentifier):
2277         (JSC::DFG::Node::resolveGlobalDataIndex):
2278         (JSC::DFG::Node::hasArithNodeFlags):
2279         (JSC::DFG::Node::arithNodeFlags):
2280         (JSC::DFG::Node::setArithNodeFlag):
2281         (JSC::DFG::Node::mergeArithNodeFlags):
2282         (JSC::DFG::Node::hasConstantBuffer):
2283         (JSC::DFG::Node::hasRegexpIndex):
2284         (JSC::DFG::Node::hasVarNumber):
2285         (JSC::DFG::Node::hasScopeChainDepth):
2286         (JSC::DFG::Node::hasResult):
2287         (JSC::DFG::Node::hasInt32Result):
2288         (JSC::DFG::Node::hasNumberResult):
2289         (JSC::DFG::Node::hasJSResult):
2290         (JSC::DFG::Node::hasBooleanResult):
2291         (JSC::DFG::Node::isJump):
2292         (JSC::DFG::Node::isBranch):
2293         (JSC::DFG::Node::isTerminal):
2294         (JSC::DFG::Node::hasHeapPrediction):
2295         (JSC::DFG::Node::hasFunctionCheckData):
2296         (JSC::DFG::Node::hasStructureTransitionData):
2297         (JSC::DFG::Node::hasStructureSet):
2298         (JSC::DFG::Node::hasStorageAccessData):
2299         (JSC::DFG::Node::hasFunctionDeclIndex):
2300         (JSC::DFG::Node::hasFunctionExprIndex):
2301         (JSC::DFG::Node::child1):
2302         (JSC::DFG::Node::child2):
2303         (JSC::DFG::Node::child3):
2304         (JSC::DFG::Node::firstChild):
2305         (JSC::DFG::Node::numChildren):
2306         * dfg/DFGNodeFlags.cpp: Copied from Source/JavaScriptCore/dfg/DFGNode.cpp.
2307         * dfg/DFGNodeFlags.h: Added.
2308         (DFG):
2309         (JSC::DFG::nodeUsedAsNumber):
2310         (JSC::DFG::nodeCanTruncateInteger):
2311         (JSC::DFG::nodeCanIgnoreNegativeZero):
2312         (JSC::DFG::nodeMayOverflow):
2313         (JSC::DFG::nodeCanSpeculateInteger):
2314         * dfg/DFGNodeType.h: Added.
2315         (DFG):
2316         (JSC::DFG::defaultFlags):
2317         * dfg/DFGPredictionPropagationPhase.cpp:
2318         (JSC::DFG::PredictionPropagationPhase::propagate):
2319         (JSC::DFG::PredictionPropagationPhase::vote):
2320         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
2321         (JSC::DFG::PredictionPropagationPhase::fixupNode):
2322         * dfg/DFGRedundantPhiEliminationPhase.cpp:
2323         (JSC::DFG::RedundantPhiEliminationPhase::run):
2324         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
2325         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
2326         * dfg/DFGSpeculativeJIT.cpp:
2327         (JSC::DFG::SpeculativeJIT::useChildren):
2328         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
2329         (JSC::DFG::SpeculativeJIT::compileMovHint):
2330         (JSC::DFG::SpeculativeJIT::compile):
2331         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2332         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
2333         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
2334         (JSC::DFG::SpeculativeJIT::compileAdd):
2335         (JSC::DFG::SpeculativeJIT::compare):
2336         * dfg/DFGSpeculativeJIT.h:
2337         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
2338         * dfg/DFGSpeculativeJIT32_64.cpp:
2339         (JSC::DFG::SpeculativeJIT::emitCall):
2340         (JSC::DFG::SpeculativeJIT::compile):
2341         * dfg/DFGSpeculativeJIT64.cpp:
2342         (JSC::DFG::SpeculativeJIT::emitCall):
2343         (JSC::DFG::SpeculativeJIT::compile):
2344         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2345         (JSC::DFG::VirtualRegisterAllocationPhase::run):
2346
2347 2012-03-12  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
2348
2349         Minor DataLog fixes
2350         https://bugs.webkit.org/show_bug.cgi?id=80826
2351
2352         Reviewed by Andreas Kling.
2353
2354         * bytecode/ExecutionCounter.cpp:
2355         Do not include DataLog.h, it is not used.
2356         
2357         * jit/ExecutableAllocator.cpp:
2358         Ditto.
2359
2360         * wtf/DataLog.cpp:
2361         (WTF::initializeLogFileOnce):
2362         Add missing semi-colon to the code path where DATA_LOG_FILENAME is defined.
2363
2364         * wtf/HashTable.cpp:
2365         Include DataLog as it is used.
2366
2367 2012-03-12  SangGyu Lee  <sg5.lee@samsung.com>
2368
2369         Integer overflow check code in arithmetic operation in classic interpreter
2370         https://bugs.webkit.org/show_bug.cgi?id=80465
2371
2372         Reviewed by Gavin Barraclough.
2373
2374         * interpreter/Interpreter.cpp:
2375         (JSC::Interpreter::privateExecute):
2376
2377 2012-03-12  Zeno Albisser  <zeno@webkit.org>
2378
2379         [Qt][Mac] Build fails after enabling LLINT when JIT is disabled (r109863)
2380         https://bugs.webkit.org/show_bug.cgi?id=80827
2381
2382         Qt on Mac uses OS(DARWIN) as well, but we do not want to enable LLINT.
2383
2384         Reviewed by Simon Hausmann.
2385
2386         * wtf/Platform.h:
2387
2388 2012-03-12  Simon Hausmann  <simon.hausmann@nokia.com>
2389
2390         Unreviewed prospective Qt/Mac build fix
2391
2392         * runtime/JSGlobalData.cpp: use #USE(CF) instead of PLATFORM(MAC) to determine
2393         whether to include CoreFoundation headers, used for JIT configuration in JSGlobalData
2394         constructor.
2395
2396 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
2397
2398         All DFG nodes should have a mutable set of flags
2399         https://bugs.webkit.org/show_bug.cgi?id=80779
2400         <rdar://problem/11026218>
2401
2402         Reviewed by Gavin Barraclough.
2403         
2404         Got rid of NodeId, and placed all of the flags that distinguished NodeId
2405         from NodeType into a separate Node::flags field. Combined what was previously
2406         ArithNodeFlags into Node::flags.
2407         
2408         In the process of debugging, I found that the debug support in the virtual
2409         register allocator was lacking, so I improved it. I also realized that the
2410         virtual register allocator was assuming that the nodes in a basic block were
2411         contiguous, which is no longer the case. So I fixed that. The fix also made
2412         it natural to have more extreme assertions, so I added them. I suspect this
2413         will make it easier to catch virtual register allocation bugs in the future.
2414         
2415         This is mostly performance neutral; if anything it looks like a slight
2416         speed-up.
2417         
2418         This patch does leave some work for future refactorings; for example, Node::op
2419         is unencapsulated. This was already the case, though now it feels even more
2420         like it should be. I avoided doing that because this patch has already grown
2421         way bigger than I wanted.
2422         
2423         Finally, this patch creates a DFGNode.cpp file and makes a slight effort to
2424         move some unnecessarily inline stuff out of DFGNode.h.
2425
2426         * CMakeLists.txt:
2427         * GNUmakefile.list.am:
2428         * JavaScriptCore.xcodeproj/project.pbxproj:
2429         * Target.pri:
2430         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
2431         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
2432         * dfg/DFGByteCodeParser.cpp:
2433         (JSC::DFG::ByteCodeParser::addToGraph):
2434         (JSC::DFG::ByteCodeParser::makeSafe):
2435         (JSC::DFG::ByteCodeParser::makeDivSafe):
2436         (JSC::DFG::ByteCodeParser::handleMinMax):
2437         (JSC::DFG::ByteCodeParser::handleIntrinsic):
2438         (JSC::DFG::ByteCodeParser::parseBlock):
2439         * dfg/DFGCFAPhase.cpp:
2440         (JSC::DFG::CFAPhase::performBlockCFA):
2441         * dfg/DFGCSEPhase.cpp:
2442         (JSC::DFG::CSEPhase::endIndexForPureCSE):
2443         (JSC::DFG::CSEPhase::pureCSE):
2444         (JSC::DFG::CSEPhase::clobbersWorld):
2445         (JSC::DFG::CSEPhase::impureCSE):
2446         (JSC::DFG::CSEPhase::setReplacement):
2447         (JSC::DFG::CSEPhase::eliminate):
2448         (JSC::DFG::CSEPhase::performNodeCSE):
2449         (JSC::DFG::CSEPhase::performBlockCSE):
2450         (CSEPhase):
2451         * dfg/DFGGraph.cpp:
2452         (JSC::DFG::Graph::opName):
2453         (JSC::DFG::Graph::dump):
2454         (DFG):
2455         * dfg/DFGNode.cpp: Added.
2456         (DFG):
2457         (JSC::DFG::arithNodeFlagsAsString):
2458         * dfg/DFGNode.h:
2459         (DFG):
2460         (JSC::DFG::nodeUsedAsNumber):
2461         (JSC::DFG::nodeCanTruncateInteger):
2462         (JSC::DFG::nodeCanIgnoreNegativeZero):
2463         (JSC::DFG::nodeMayOverflow):
2464         (JSC::DFG::nodeCanSpeculateInteger):
2465         (JSC::DFG::defaultFlags):
2466         (JSC::DFG::Node::Node):
2467         (Node):
2468         (JSC::DFG::Node::setOpAndDefaultFlags):
2469         (JSC::DFG::Node::mustGenerate):
2470         (JSC::DFG::Node::arithNodeFlags):
2471         (JSC::DFG::Node::setArithNodeFlag):
2472         (JSC::DFG::Node::mergeArithNodeFlags):
2473         (JSC::DFG::Node::hasResult):
2474         (JSC::DFG::Node::hasInt32Result):
2475         (JSC::DFG::Node::hasNumberResult):
2476         (JSC::DFG::Node::hasJSResult):
2477         (JSC::DFG::Node::hasBooleanResult):
2478         (JSC::DFG::Node::isJump):
2479         (JSC::DFG::Node::isBranch):
2480         (JSC::DFG::Node::isTerminal):
2481         (JSC::DFG::Node::child1):
2482         (JSC::DFG::Node::child2):
2483         (JSC::DFG::Node::child3):
2484         (JSC::DFG::Node::firstChild):
2485         (JSC::DFG::Node::numChildren):
2486         * dfg/DFGPredictionPropagationPhase.cpp:
2487         (JSC::DFG::PredictionPropagationPhase::propagate):
2488         (JSC::DFG::PredictionPropagationPhase::vote):
2489         (JSC::DFG::PredictionPropagationPhase::fixupNode):
2490         * dfg/DFGScoreBoard.h:
2491         (ScoreBoard):
2492         (JSC::DFG::ScoreBoard::~ScoreBoard):
2493         (JSC::DFG::ScoreBoard::assertClear):
2494         (JSC::DFG::ScoreBoard::use):
2495         * dfg/DFGSpeculativeJIT.cpp:
2496         (JSC::DFG::SpeculativeJIT::useChildren):
2497         * dfg/DFGSpeculativeJIT32_64.cpp:
2498         (JSC::DFG::SpeculativeJIT::compile):
2499         * dfg/DFGSpeculativeJIT64.cpp:
2500         (JSC::DFG::SpeculativeJIT::compile):
2501         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2502         (JSC::DFG::VirtualRegisterAllocationPhase::run):
2503
2504 2012-03-10  Filip Pizlo  <fpizlo@apple.com>
2505
2506         LLInt should support JSVALUE64
2507         https://bugs.webkit.org/show_bug.cgi?id=79609
2508         <rdar://problem/10063437>
2509
2510         Reviewed by Gavin Barraclough and Oliver Hunt.
2511         
2512         Ported the LLInt, which previously only worked on 32-bit, to 64-bit. This
2513         patch moves a fair bit of code from LowLevelInterpreter32_64.asm to the common
2514         file, LowLevelInterpreter.asm. About 1/3 of the LLInt did not have to be
2515         specialized for value representation.
2516         
2517         Also made some minor changes to offlineasm and the slow-paths.
2518
2519         * llint/LLIntData.cpp:
2520         (JSC::LLInt::Data::performAssertions):
2521         * llint/LLIntEntrypoints.cpp:
2522         * llint/LLIntSlowPaths.cpp:
2523         (LLInt):
2524         (JSC::LLInt::llint_trace_value):
2525         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2526         (JSC::LLInt::jitCompileAndSetHeuristics):
2527         * llint/LLIntSlowPaths.h:
2528         (LLInt):
2529         (SlowPathReturnType):
2530         (JSC::LLInt::SlowPathReturnType::SlowPathReturnType):
2531         (JSC::LLInt::encodeResult):
2532         * llint/LLIntThunks.cpp:
2533         * llint/LowLevelInterpreter.asm:
2534         * llint/LowLevelInterpreter32_64.asm:
2535         * llint/LowLevelInterpreter64.asm:
2536         * offlineasm/armv7.rb:
2537         * offlineasm/asm.rb:
2538         * offlineasm/ast.rb:
2539         * offlineasm/backends.rb:
2540         * offlineasm/instructions.rb:
2541         * offlineasm/parser.rb:
2542         * offlineasm/registers.rb:
2543         * offlineasm/transform.rb:
2544         * offlineasm/x86.rb:
2545         * wtf/Platform.h:
2546
2547 2012-03-10  Yong Li  <yoli@rim.com>
2548
2549         Web Worker crashes with WX_EXCLUSIVE
2550         https://bugs.webkit.org/show_bug.cgi?id=80532
2551
2552         Let each JS global object own a meta allocator
2553         for WX_EXCLUSIVE to avoid conflicts from Web Worker.
2554         Also fix a mutex leak in MetaAllocator's dtor.
2555
2556         Reviewed by Filip Pizlo.
2557
2558         * jit/ExecutableAllocator.cpp:
2559         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
2560         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
2561         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
2562         (DemandExecutableAllocator):
2563         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
2564         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
2565         (JSC::DemandExecutableAllocator::allocateNewSpace):
2566         (JSC::DemandExecutableAllocator::allocators):
2567         (JSC::DemandExecutableAllocator::allocatorsMutex):
2568         (JSC):
2569         (JSC::ExecutableAllocator::initializeAllocator):
2570         (JSC::ExecutableAllocator::ExecutableAllocator):
2571         (JSC::ExecutableAllocator::underMemoryPressure):
2572         (JSC::ExecutableAllocator::memoryPressureMultiplier):
2573         (JSC::ExecutableAllocator::allocate):
2574         (JSC::ExecutableAllocator::committedByteCount):
2575         (JSC::ExecutableAllocator::dumpProfile):
2576         * jit/ExecutableAllocator.h:
2577         (JSC):
2578         (ExecutableAllocator):
2579         (JSC::ExecutableAllocator::allocator):
2580         * wtf/MetaAllocator.h:
2581         (WTF::MetaAllocator::~MetaAllocator): Finalize the spin lock.
2582         * wtf/TCSpinLock.h:
2583         (TCMalloc_SpinLock::Finalize): Add empty Finalize() to some implementations.
2584
2585 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2586
2587         Object.freeze broken on latest Nightly
2588         https://bugs.webkit.org/show_bug.cgi?id=80577
2589
2590         Reviewed by Oliver Hunt.
2591
2592         The problem here is that deleteProperty rejects deletion of prototype.
2593         This is correct in most cases, however defineOwnPropery is presently
2594         implemented internally to ensure the attributes change by deleting the
2595         old property, and creating a new one.
2596
2597         * runtime/JSFunction.cpp:
2598         (JSC::JSFunction::deleteProperty):
2599             - If deletePropery is called via defineOwnPropery, allow old prototype to be removed.
2600
2601 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2602
2603         Array.prototype.toLocaleString visits elements in wrong order under certain conditions
2604         https://bugs.webkit.org/show_bug.cgi?id=80663
2605
2606         Reviewed by Michael Saboff.
2607
2608         The bug here is actually that we're continuing to process the array after an exception
2609         has been thrown, and that the second value throw is overriding the first.
2610
2611         * runtime/ArrayPrototype.cpp:
2612         (JSC::arrayProtoFuncToLocaleString):
2613
2614 2012-03-09  Ryosuke Niwa  <rniwa@webkit.org>
2615
2616         WebKit compiled by gcc (Xcode 3.2.6) hangs while running DOM/Accessors.html
2617         https://bugs.webkit.org/show_bug.cgi?id=80080
2618
2619         Reviewed by Filip Pizlo.
2620
2621         * bytecode/SamplingTool.cpp:
2622         (JSC::SamplingRegion::Locker::Locker):
2623         (JSC::SamplingRegion::Locker::~Locker):
2624         * bytecode/SamplingTool.h:
2625         (JSC::SamplingRegion::exchangeCurrent):
2626         * wtf/Atomics.h:
2627         (WTF):
2628         (WTF::weakCompareAndSwap):
2629         (WTF::weakCompareAndSwapUIntPtr):
2630
2631 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2632
2633         REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN
2634         https://bugs.webkit.org/show_bug.cgi?id=49989
2635
2636         Reviewed by Oliver Hunt.
2637
2638         Patch originally by chris reiss <christopher.reiss@nokia.com>,
2639         allow the year to appear before the timezone in date strings.
2640
2641         * wtf/DateMath.cpp:
2642         (WTF::parseDateFromNullTerminatedCharacters):
2643
2644 2012-03-09  Mark Rowe  <mrowe@apple.com>
2645
2646         Ensure that the WTF headers are copied at installhdrs time.
2647
2648         Reviewed by Dan Bernstein and Jessie Berlin.
2649
2650         * Configurations/JavaScriptCore.xcconfig: Set INSTALLHDRS_SCRIPT_PHASE = YES
2651         so that our script phases are invoked at installhdrs time. The only one that
2652         does any useful work at that time is the one that installs WTF headers.
2653
2654 2012-03-09  Jon Lee  <jonlee@apple.com>
2655
2656         Add support for ENABLE(LEGACY_NOTIFICATIONS)
2657         https://bugs.webkit.org/show_bug.cgi?id=80497
2658
2659         Reviewed by Adam Barth.
2660
2661         Prep for b80472: Update API for Web Notifications
2662         * Configurations/FeatureDefines.xcconfig:
2663
2664 2012-03-09  Ashod Nakashian  <ashodnakashian@yahoo.com>
2665
2666         Bash scripts should support LF endings only
2667         https://bugs.webkit.org/show_bug.cgi?id=79509
2668
2669         Reviewed by David Kilzer.
2670
2671         * gyp/generate-derived-sources.sh: Added property svn:eol-style.
2672         * gyp/run-if-exists.sh: Added property svn:eol-style.
2673         * gyp/update-info-plist.sh: Added property svn:eol-style.
2674
2675 2012-03-09  Jessie Berlin  <jberlin@apple.com>
2676
2677         Windows debug build fix.
2678
2679         * assembler/MacroAssembler.h:
2680         (JSC::MacroAssembler::shouldBlind):
2681         Fix unreachable code warnings (which we treat as errors).
2682
2683 2012-03-09  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
2684
2685         Reviewed by Zoltan Herczeg.
2686
2687         [Qt] Fix the SH4 build after r109834
2688         https://bugs.webkit.org/show_bug.cgi?id=80492
2689
2690         * assembler/MacroAssemblerSH4.h:
2691         (JSC::MacroAssemblerSH4::branchAdd32):
2692         (JSC::MacroAssemblerSH4::branchSub32):
2693
2694 2012-03-09  Andy Wingo  <wingo@igalia.com>
2695
2696         Refactor code feature analysis in the parser
2697         https://bugs.webkit.org/show_bug.cgi?id=79112
2698
2699         Reviewed by Geoffrey Garen.
2700
2701         This commit refactors the parser to more uniformly propagate flag
2702         bits down and up the parse process, as the parser descends and
2703         returns into nested blocks.  Some flags get passed town to
2704         subscopes, some apply to specific scopes only, and some get
2705         unioned up after parsing subscopes.
2706
2707         The goal is to eventually be very precise with scoping
2708         information, once we have block scopes: one block scope might use
2709         `eval', which would require the emission of a symbol table within
2710         that block and containing blocks, whereas another block in the
2711         same function might not, allowing us to not emit a symbol table.
2712
2713         * parser/Nodes.h:
2714         (JSC::ScopeFlags): Rename from CodeFeatures.
2715         (JSC::ScopeNode::addScopeFlags):
2716         (JSC::ScopeNode::scopeFlags): New accessors for m_scopeFlags.
2717         (JSC::ScopeNode::isStrictMode):
2718         (JSC::ScopeNode::usesEval):
2719         (JSC::ScopeNode::usesArguments):
2720         (JSC::ScopeNode::setUsesArguments):
2721         (JSC::ScopeNode::usesThis):
2722         (JSC::ScopeNode::needsActivationForMoreThanVariables):
2723         (JSC::ScopeNode::needsActivation): Refactor these accessors to
2724         operate on the m_scopeFlags member.
2725         (JSC::ScopeNode::source):
2726         (JSC::ScopeNode::sourceURL):
2727         (JSC::ScopeNode::sourceID): Shuffle these definitions around; no
2728         semantic change.
2729         (JSC::ScopeNode::ScopeNode)
2730         (JSC::ProgramNode::ProgramNode)
2731         (JSC::EvalNode::EvalNode)
2732         (JSC::FunctionBodyNode::FunctionBodyNode): Have these constructors
2733         take a ScopeFlags as an argument, instead of a bool inStrictContext.
2734
2735         * parser/Nodes.cpp:
2736         (JSC::ScopeNode::ScopeNode):
2737         (JSC::ProgramNode::ProgramNode):
2738         (JSC::ProgramNode::create):
2739         (JSC::EvalNode::EvalNode):
2740         (JSC::EvalNode::create):
2741         (JSC::FunctionBodyNode::FunctionBodyNode):
2742         (JSC::FunctionBodyNode::create): Adapt constructors to change.
2743
2744         * parser/ASTBuilder.h:
2745         (JSC::ASTBuilder::ASTBuilder):
2746         (JSC::ASTBuilder::thisExpr):
2747         (JSC::ASTBuilder::createResolve):
2748         (JSC::ASTBuilder::createFunctionBody):
2749         (JSC::ASTBuilder::createFuncDeclStatement):
2750         (JSC::ASTBuilder::createTryStatement):
2751         (JSC::ASTBuilder::createWithStatement):
2752         (JSC::ASTBuilder::addVar):
2753         (JSC::ASTBuilder::Scope::Scope):
2754         (Scope):
2755         (ASTBuilder):
2756         (JSC::ASTBuilder::makeFunctionCallNode): Don't track scope
2757         features here.  Instead rely on the base Parser mechanism to track
2758         features.
2759
2760         * parser/NodeInfo.h (NodeInfo, NodeDeclarationInfo): "ScopeFlags".
2761
2762         * parser/Parser.h:
2763         (JSC::Scope::Scope): Manage scope through flags, not
2764         bit-booleans.  This lets us uniformly propagate them up and down.
2765         (JSC::Scope::declareWrite):
2766         (JSC::Scope::declareParameter):
2767         (JSC::Scope::useVariable):
2768         (JSC::Scope::collectFreeVariables):
2769         (JSC::Scope::getCapturedVariables):
2770         (JSC::Scope::saveFunctionInfo):
2771         (JSC::Scope::restoreFunctionInfo):
2772         (JSC::Parser::pushScope): Adapt to use scope flags and their
2773         accessors instead of bit-booleans.
2774         * parser/Parser.cpp:
2775         (JSC::::Parser):
2776         (JSC::::parseInner):
2777         (JSC::::didFinishParsing):
2778         (JSC::::parseSourceElements):
2779         (JSC::::parseVarDeclarationList):
2780         (JSC::::parseConstDeclarationList):
2781         (JSC::::parseWithStatement):
2782         (JSC::::parseTryStatement):
2783         (JSC::::parseFunctionBody):
2784         (JSC::::parseFunctionInfo):
2785         (JSC::::parseFunctionDeclaration):
2786         (JSC::::parsePrimaryExpression): Hoist some of the flag handling
2787         out of the "context" (ASTBuilder or SyntaxChecker) and to here.
2788         Does not seem to have a performance impact.
2789
2790         * parser/SourceProviderCacheItem.h (SourceProviderCacheItem):
2791         Cache the scopeflags.
2792         * parser/SyntaxChecker.h: Remove evalCount() decl.
2793
2794         * runtime/Executable.cpp:
2795         (JSC::EvalExecutable::compileInternal):
2796         (JSC::ProgramExecutable::compileInternal):
2797         (JSC::FunctionExecutable::produceCodeBlockFor):
2798         * runtime/Executable.h:
2799         (JSC::ScriptExecutable::ScriptExecutable):
2800         (JSC::ScriptExecutable::usesEval):
2801         (JSC::ScriptExecutable::usesArguments):
2802         (JSC::ScriptExecutable::needsActivation):
2803         (JSC::ScriptExecutable::isStrictMode):
2804         (JSC::ScriptExecutable::recordParse):
2805         (ScriptExecutable): ScopeFlags, not features.
2806
2807 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
2808
2809         Build fix for MSVC after r110266
2810
2811         Unreviewed. A #ifdef for MSVC was left over in r110266.
2812
2813         * runtime/RegExpObject.h:
2814         (RegExpObject):
2815
2816 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
2817
2818         Allocate the RegExpObject's data with the Cell
2819         https://bugs.webkit.org/show_bug.cgi?id=80654
2820
2821         Reviewed by Gavin Barraclough.
2822
2823         This patch removes the creation of RegExpObject's data to avoid the overhead
2824         create by the allocation and destruction.
2825
2826         We RegExp are created repeatedly, this provides some performance improvment.
2827         The PeaceKeeper test stringDetectBrowser improves by 10%.
2828
2829         * runtime/RegExpObject.cpp:
2830         (JSC::RegExpObject::RegExpObject):
2831         (JSC::RegExpObject::visitChildren):
2832         (JSC::RegExpObject::getOwnPropertyDescriptor):
2833         (JSC::RegExpObject::defineOwnProperty):
2834         (JSC::RegExpObject::match):
2835         * runtime/RegExpObject.h:
2836         (JSC::RegExpObject::setRegExp):
2837         (JSC::RegExpObject::regExp):
2838         (JSC::RegExpObject::setLastIndex):
2839         (JSC::RegExpObject::getLastIndex):
2840         (RegExpObject):
2841
2842 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
2843
2844         Separate WTF parts of JavaScriptCoreGenerated into WTFGenerated for Windows build
2845         https://bugs.webkit.org/show_bug.cgi?id=80657
2846         
2847         Preparation for WTF separation from JavaScriptCore.
2848         The "Generated" vcproj files on Windows are necessary so Visual Studio can calculate correct
2849         dependencies for generated files.
2850         
2851         This also removes the PGO build targets from the WTF code, since we can't build instrumentation/optimization
2852         versions of the WTF code independent of the JavaScriptCore code.
2853
2854         Reviewed by Jessie Berlin.
2855
2856         * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WTFGenerated, update dependent projects.
2857         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed WTF specific parts.
2858         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed WTF specific parts.
2859         * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed WTF specific parts.
2860         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed WTF specific parts.
2861         * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Removed.
2862         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Add WTFGenerated, update dependent projects.
2863         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Remove PGO targets from WTF.
2864         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make.
2865         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj.
2866         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops.
2867         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops.
2868         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops.
2869         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops.
2870         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops.
2871         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops.
2872         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops.
2873         * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Removed.
2874         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh.
2875         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd.
2876         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py.
2877
2878 2012-03-08  Benjamin Poulain  <benjamin@webkit.org>
2879
2880         Fix the build of WebKit with WTFURL following the removal of ForwardingHeaders/wtf
2881         https://bugs.webkit.org/show_bug.cgi?id=80652
2882
2883         Reviewed by Eric Seidel.
2884
2885         Fix the header, URLSegments.h is not part of the API.
2886
2887         * wtf/url/api/ParsedURL.h:
2888
2889 2012-03-08  Ryosuke Niwa  <rniwa@webkit.org>
2890
2891         Mac build fix for micro data API.
2892
2893         * Configurations/FeatureDefines.xcconfig:
2894
2895 2012-03-08  Gavin Barraclough  <barraclough@apple.com>
2896
2897         String.prototype.match and replace do not clear global regexp lastIndex per ES5.1 15.5.4.10
2898         https://bugs.webkit.org/show_bug.cgi?id=26890
2899
2900         Reviewed by Oliver Hunt.
2901
2902         Per 15.10.6.2 step 9.a.1 called via the action of the last iteration of 15.5.4.10 8.f.i.
2903
2904         * runtime/StringPrototype.cpp:
2905         (JSC::replaceUsingRegExpSearch):
2906         (JSC::stringProtoFuncMatch):
2907             - added calls to setLastIndex.
2908
2909 2012-03-08  Matt Lilek  <mrl@apple.com>
2910
2911         Don't enable VIDEO_TRACK on all OS X platforms
2912         https://bugs.webkit.org/show_bug.cgi?id=80635
2913
2914         Reviewed by Eric Carlson.
2915
2916         * Configurations/FeatureDefines.xcconfig:
2917
2918 2012-03-08  Oliver Hunt  <oliver@apple.com>
2919
2920         Build fix.  That day is not today.
2921
2922         * assembler/MacroAssembler.h:
2923         (JSC::MacroAssembler::shouldBlind):
2924         * assembler/MacroAssemblerX86Common.h:
2925         (MacroAssemblerX86Common):
2926         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2927
2928 2012-03-08  Oliver Hunt  <oliver@apple.com>
2929
2930         Build fix. One of these days I'll manage to commit something that works everywhere.
2931
2932         * assembler/AbstractMacroAssembler.h:
2933         (AbstractMacroAssembler):
2934         * assembler/MacroAssemblerARMv7.h:
2935         (MacroAssemblerARMv7):
2936         * assembler/MacroAssemblerX86Common.h:
2937         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2938         (MacroAssemblerX86Common):
2939
2940 2012-03-08  Chao-ying Fu  <fu@mips.com>
2941
2942         Update MIPS patchOffsetGetByIdSlowCaseCall
2943         https://bugs.webkit.org/show_bug.cgi?id=80302
2944
2945         Reviewed by Oliver Hunt.
2946
2947         * jit/JIT.h:
2948         (JIT):
2949
2950 2012-03-08  Oliver Hunt  <oliver@apple.com>
2951
2952         Missing some places where we should be blinding 64bit values (and blinding something we shouldn't)
2953         https://bugs.webkit.org/show_bug.cgi?id=80633
2954
2955         Reviewed by Gavin Barraclough.
2956
2957         Add 64-bit trap for shouldBlindForSpecificArch, so that we always blind
2958         if there isn't a machine specific implementation (otherwise the 64bit value
2959         got truncated and 32bit checks were used -- leaving 32bits untested).
2960         Also add a bit of logic to ensure that we don't try to blind a few common
2961         constants that go through the ImmPtr paths -- encoded numeric JSValues and
2962         unencoded doubles with common "safe" values.
2963
2964         * assembler/AbstractMacroAssembler.h:
2965         (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
2966         * assembler/MacroAssembler.h:
2967         (JSC::MacroAssembler::shouldBlindDouble):
2968         (MacroAssembler):
2969         (JSC::MacroAssembler::shouldBlind):
2970         * assembler/MacroAssemblerX86Common.h:
2971         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2972
2973 2012-03-08  Mark Rowe  <mrowe@apple.com>
2974
2975         <rdar://problem/11012572> Ensure that the staged frameworks path is in the search path for JavaScriptCore
2976
2977         Reviewed by Dan Bernstein.
2978
2979         * Configurations/Base.xcconfig:
2980
2981 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
2982
2983         Fix line endings for copy-files.cmd.
2984         
2985         If a cmd file doesn't have Windows line endings, it doesn't work properly.
2986         In this case, the label :clean wasn't found, breaking the clean build.
2987         
2988         Reviewed by Jessie Berlin.
2989
2990         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2991
2992 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
2993
2994         DFG CFA incorrectly handles ValueToInt32
2995         https://bugs.webkit.org/show_bug.cgi?id=80568
2996
2997         Reviewed by Gavin Barraclough.
2998         
2999         Changed it match exactly the decision pattern used in
3000         DFG::SpeculativeJIT::compileValueToInt32
3001
3002         * dfg/DFGAbstractState.cpp:
3003         (JSC::DFG::AbstractState::execute):
3004
3005 2012-03-08  Viatcheslav Ostapenko  <ostapenko.viatcheslav@nokia.com>
3006
3007         [Qt] [WK2] Webkit fails to link when compiled with force_static_libs_as_shared
3008         https://bugs.webkit.org/show_bug.cgi?id=80524
3009
3010         Reviewed by Simon Hausmann.
3011
3012         Move IdentifierTable methods defintion to WTFThreadData.cpp to fix linking 
3013         of WTF library.
3014
3015         * runtime/Identifier.cpp:
3016         * wtf/WTFThreadData.cpp:
3017         (JSC):
3018         (JSC::IdentifierTable::~IdentifierTable):
3019         (JSC::IdentifierTable::add):
3020
3021 2012-03-08  Filip Pizlo  <fpizlo@apple.com>
3022
3023         DFG instruction count threshold should be lifted to 10000
3024         https://bugs.webkit.org/show_bug.cgi?id=80579
3025
3026         Reviewed by Gavin Barraclough.
3027
3028         * runtime/Options.cpp:
3029         (JSC::Options::initializeOptions):
3030
3031 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
3032
3033         Incorrect tracking of abstract values of variables forced double
3034         https://bugs.webkit.org/show_bug.cgi?id=80566
3035         <rdar://problem/11001442>
3036
3037         Reviewed by Gavin Barraclough.
3038
3039         * dfg/DFGAbstractState.cpp:
3040         (JSC::DFG::AbstractState::mergeStateAtTail):
3041
3042 2012-03-07  Chao-yng Fu  <fu@mips.com>
3043
3044         [Qt] Fix the MIPS/SH4 build after r109834
3045         https://bugs.webkit.org/show_bug.cgi?id=80492
3046
3047         Reviewed by Oliver Hunt.
3048
3049         Implement three-argument branch(Add,Sub)32.
3050
3051         * assembler/MacroAssemblerMIPS.h:
3052         (JSC::MacroAssemblerMIPS::add32):
3053         (MacroAssemblerMIPS):
3054         (JSC::MacroAssemblerMIPS::sub32):
3055         (JSC::MacroAssemblerMIPS::branchAdd32):
3056         (JSC::MacroAssemblerMIPS::branchSub32):
3057
3058 2012-03-07  Sheriff Bot  <webkit.review.bot@gmail.com>
3059
3060         Unreviewed, rolling out r110127.
3061         http://trac.webkit.org/changeset/110127
3062         https://bugs.webkit.org/show_bug.cgi?id=80562
3063
3064         compile failed on AppleWin (Requested by ukai on #webkit).
3065
3066         * heap/Heap.cpp:
3067         (JSC::Heap::collectAllGarbage):
3068         * heap/Heap.h:
3069         (JSC):
3070         (Heap):
3071         * runtime/Executable.cpp:
3072         (JSC::FunctionExecutable::FunctionExecutable):
3073         (JSC::FunctionExecutable::finalize):
3074         * runtime/Executable.h:
3075         (FunctionExecutable):
3076         (JSC::FunctionExecutable::create):
3077         * runtime/JSGlobalData.cpp:
3078         (WTF):
3079         (Recompiler):
3080         (WTF::Recompiler::operator()):
3081         (JSC::JSGlobalData::recompileAllJSFunctions):
3082         (JSC):
3083         * runtime/JSGlobalData.h:
3084         (JSGlobalData):
3085         * runtime/JSGlobalObject.cpp:
3086         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
3087
3088 2012-03-07  Hojong Han  <hojong.han@samsung.com>
3089
3090         The end atom of the marked block considered to filter invalid cells
3091         https://bugs.webkit.org/show_bug.cgi?id=79191
3092
3093         Reviewed by Geoffrey Garen.
3094
3095         Register file could have stale pointers beyond the end atom of marked block.
3096         Those pointers can weasel out of filtering in-middle-of-cell pointer.
3097
3098         * heap/MarkedBlock.h:
3099         (JSC::MarkedBlock::isLiveCell):
3100
3101 2012-03-07  Jessie Berlin  <jberlin@apple.com>
3102
3103         Clean Windows build fails after r110033
3104         https://bugs.webkit.org/show_bug.cgi?id=80553
3105
3106         Rubber-stamped by Jon Honeycutt and Eric Seidel.
3107
3108         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
3109         Place the implementation files next to their header files in the wtf/text subdirectory.
3110         Use echo -F to tell xcopy that these are files (since there is apparently no flag).
3111         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
3112         Update the path to those implementation files.
3113         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
3114         Ditto.
3115
3116 2012-03-07  Yuqiang Xian  <yuqiang.xian@intel.com>
3117
3118         Eliminate redundant Phis in DFG
3119         https://bugs.webkit.org/show_bug.cgi?id=80415
3120
3121         Reviewed by Filip Pizlo.
3122
3123         Although this may not have any advantage at current stage, this is towards
3124         minimal SSA to make more high level optimizations (like bug 76770) easier.
3125         We have the choices either to build minimal SSA from scratch or to
3126         keep current simple Phi insertion mechanism and remove the redundancy
3127         in another phase. Currently we choose the latter because the change
3128         could be smaller.
3129
3130         * CMakeLists.txt:
3131         * GNUmakefile.list.am:
3132         * JavaScriptCore.xcodeproj/project.pbxproj:
3133         * Target.pri:
3134         * dfg/DFGDriver.cpp:
3135         (JSC::DFG::compile):
3136         * dfg/DFGGraph.cpp:
3137         (JSC::DFG::Graph::dump):
3138         * dfg/DFGRedundantPhiEliminationPhase.cpp: Added.
3139         (DFG):
3140         (RedundantPhiEliminationPhase):
3141         (JSC::DFG::RedundantPhiEliminationPhase::RedundantPhiEliminationPhase):
3142         (JSC::DFG::RedundantPhiEliminationPhase::run):
3143         (JSC::DFG::RedundantPhiEliminationPhase::getRedundantReplacement):
3144         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
3145         (JSC::DFG::RedundantPhiEliminationPhase::fixupPhis):
3146         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
3147         (JSC::DFG::performRedundantPhiElimination):
3148         * dfg/DFGRedundantPhiEliminationPhase.h: Added.
3149         (DFG):
3150
3151 2012-03-07  Mark Hahnenberg  <mhahnenberg@apple.com>
3152
3153         Refactor recompileAllJSFunctions() to be less expensive
3154         https://bugs.webkit.org/show_bug.cgi?id=80330
3155
3156         Reviewed by Geoffrey Garen.
3157
3158         This change is performance neutral on the JS benchmarks we track. It's mostly to improve page 
3159         load performance, which currently does at least a couple full GCs per navigation.
3160
3161         * heap/Heap.cpp:
3162         (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode 
3163         because the function doesn't actually recompile anything (and never did); it simply throws code
3164         away for it to be recompiled later if we determine we should do so.
3165         (JSC):
3166         (JSC::Heap::collectAllGarbage):
3167         (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list.
3168         (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list.
3169         * heap/Heap.h:
3170         (JSC):
3171         (Heap):
3172         * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can 
3173         be used in DoublyLinkedLists.
3174         (JSC::FunctionExecutable::FunctionExecutable):
3175         (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list.
3176         * runtime/Executable.h:
3177         (FunctionExecutable):
3178         (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list.
3179         * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage 
3180         the list of FunctionExecutables.
3181         * runtime/JSGlobalData.h:
3182         (JSGlobalData):
3183         * runtime/JSGlobalObject.cpp:
3184         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode.
3185
3186 2012-03-06  Oliver Hunt  <oliver@apple.com>
3187
3188         Further harden 64-bit JIT
3189         https://bugs.webkit.org/show_bug.cgi?id=80457
3190
3191         Reviewed by Filip Pizlo.
3192
3193         This patch implements blinding for ImmPtr.  Rather than xor based blinding
3194         we perform randomised pointer rotations in order to avoid the significant
3195         cost in executable memory that would otherwise be necessary (and to avoid
3196         the need for an additional scratch register in some cases).
3197
3198         As with the prior blinding patch there's a moderate amount of noise as we
3199         correct the use of ImmPtr vs. TrustedImmPtr.
3200
3201         * assembler/AbstractMacroAssembler.h:
3202         (ImmPtr):
3203         (JSC::AbstractMacroAssembler::ImmPtr::asTrustedImmPtr):
3204         * assembler/MacroAssembler.h:
3205         (MacroAssembler):
3206         (JSC::MacroAssembler::storePtr):
3207         (JSC::MacroAssembler::branchPtr):
3208         (JSC::MacroAssembler::shouldBlind):
3209         (JSC::MacroAssembler::RotatedImmPtr::RotatedImmPtr):
3210         (RotatedImmPtr):
3211         (JSC::MacroAssembler::rotationBlindConstant):
3212         (JSC::MacroAssembler::loadRotationBlindedConstant):
3213         (JSC::MacroAssembler::convertInt32ToDouble):
3214         (JSC::MacroAssembler::move):
3215         (JSC::MacroAssembler::poke):
3216         * assembler/MacroAssemblerARMv7.h:
3217         (JSC::MacroAssemblerARMv7::storeDouble):
3218         (JSC::MacroAssemblerARMv7::branchAdd32):
3219         * assembler/MacroAssemblerX86_64.h:
3220         (MacroAssemblerX86_64):
3221         (JSC::MacroAssemblerX86_64::rotateRightPtr):
3222         (JSC::MacroAssemblerX86_64::xorPtr):
3223         * assembler/X86Assembler.h:
3224         (X86Assembler):
3225         (JSC::X86Assembler::xorq_rm):
3226         (JSC::X86Assembler::rorq_i8r):
3227         * dfg/DFGCCallHelpers.h:
3228         (CCallHelpers):
3229         (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
3230         * dfg/DFGOSRExitCompiler32_64.cpp:
3231         (JSC::DFG::OSRExitCompiler::compileExit):
3232         * dfg/DFGOSRExitCompiler64.cpp:
3233         (JSC::DFG::OSRExitCompiler::compileExit):
3234         * dfg/DFGSpeculativeJIT.cpp:
3235         (JSC::DFG::SpeculativeJIT::createOSREntries):
3236         * dfg/DFGSpeculativeJIT.h:
3237         (JSC::DFG::SpeculativeJIT::silentFillGPR):
3238         (JSC::DFG::SpeculativeJIT::callOperation):
3239         (JSC::DFG::SpeculativeJIT::emitEdgeCode):
3240         * dfg/DFGSpeculativeJIT32_64.cpp:
3241         (JSC::DFG::SpeculativeJIT::compile):
3242         * dfg/DFGSpeculativeJIT64.cpp:
3243         (JSC::DFG::SpeculativeJIT::fillInteger):
3244         (JSC::DFG::SpeculativeJIT::fillDouble):
3245         (JSC::DFG::SpeculativeJIT::fillJSValue):
3246         (JSC::DFG::SpeculativeJIT::emitCall):
3247         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
3248         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
3249         (JSC::DFG::SpeculativeJIT::emitBranch):
3250         * jit/JIT.cpp:
3251         (JSC::JIT::emitOptimizationCheck):
3252         * jit/JITArithmetic32_64.cpp:
3253         (JSC::JIT::emitSlow_op_post_inc):
3254         * jit/JITInlineMethods.h:
3255         (JSC::JIT::emitValueProfilingSite):
3256         (JSC::JIT::emitGetVirtualRegister):
3257         * jit/JITOpcodes.cpp:
3258         (JSC::JIT::emit_op_mov):
3259         (JSC::JIT::emit_op_new_object):
3260         (JSC::JIT::emit_op_strcat):
3261         (JSC::JIT::emit_op_ensure_property_exists):
3262         (JSC::JIT::emit_op_resolve_skip):
3263         (JSC::JIT::emitSlow_op_resolve_global):
3264         (JSC::JIT::emit_op_resolve_with_base):
3265         (JSC::JIT::emit_op_resolve_with_this):
3266         (JSC::JIT::emit_op_jmp_scopes):
3267         (JSC::JIT::emit_op_switch_imm):
3268         (JSC::JIT::emit_op_switch_char):
3269         (JSC::JIT::emit_op_switch_string):
3270         (JSC::JIT::emit_op_throw_reference_error):
3271         (JSC::JIT::emit_op_debug):
3272         (JSC::JIT::emitSlow_op_resolve_global_dynamic):
3273         (JSC::JIT::emit_op_new_array):
3274         (JSC::JIT::emitSlow_op_new_array):
3275         (JSC::JIT::emit_op_new_array_buffer):
3276         * jit/JITOpcodes32_64.cpp:
3277         (JSC::JIT::emit_op_new_object):
3278         (JSC::JIT::emit_op_strcat):
3279         (JSC::JIT::emit_op_ensure_property_exists):
3280         (JSC::JIT::emit_op_resolve_skip):
3281         (JSC::JIT::emitSlow_op_resolve_global):
3282         (JSC::JIT::emit_op_resolve_with_base):
3283         (JSC::JIT::emit_op_resolve_with_this):
3284         (JSC::JIT::emit_op_jmp_scopes):
3285         (JSC::JIT::emit_op_switch_imm):
3286         (JSC::JIT::emit_op_switch_char):
3287         (JSC::JIT::emit_op_switch_string):
3288         * jit/JITPropertyAccess32_64.cpp:
3289         (JSC::JIT::emit_op_put_by_index):
3290         * jit/JITStubCall.h:
3291         (JITStubCall):
3292         (JSC::JITStubCall::addArgument):
3293
3294 2012-03-07  Simon Hausmann  <simon.hausmann@nokia.com>
3295
3296         ARM build fix.
3297
3298         Reviewed by Zoltan Herczeg.
3299
3300         Implement three-argument branch(Add,Sub)32.
3301
3302         * assembler/MacroAssemblerARM.h:
3303         (JSC::MacroAssemblerARM::add32):
3304         (MacroAssemblerARM):
3305         (JSC::MacroAssemblerARM::sub32):
3306         (JSC::MacroAssemblerARM::branchAdd32):
3307         (JSC::MacroAssemblerARM::branchSub32):
3308
3309 2012-03-07  Andy Wingo  <wingo@igalia.com>
3310
3311         Parser: Inline ScopeNodeData into ScopeNode
3312         https://bugs.webkit.org/show_bug.cgi?id=79776
3313
3314         Reviewed by Geoffrey Garen.
3315
3316         It used to be that some ScopeNode members were kept in a separate
3317         structure because sometimes they wouldn't be needed, and
3318         allocating a ParserArena was expensive.  This patch makes
3319         ParserArena lazily allocate its IdentifierArena, allowing the
3320         members to be included directly, which is simpler and easier to
3321         reason about.
3322
3323         * parser/ParserArena.cpp:
3324         (JSC::ParserArena::ParserArena):
3325         (JSC::ParserArena::reset):
3326         (JSC::ParserArena::isEmpty):
3327         * parser/ParserArena.h:
3328         (JSC::ParserArena::identifierArena): Lazily allocate the
3329         IdentifierArena.
3330
3331         * parser/Nodes.cpp:
3332         (JSC::ScopeNode::ScopeNode):
3333         (JSC::ScopeNode::singleStatement):
3334         (JSC::ProgramNode::create):
3335         (JSC::EvalNode::create):
3336         (JSC::FunctionBodyNode::create):
3337         * parser/Nodes.h:
3338         (JSC::ScopeNode::destroyData):
3339         (JSC::ScopeNode::needsActivationForMoreThanVariables):
3340         (JSC::ScopeNode::needsActivation):
3341         (JSC::ScopeNode::hasCapturedVariables):
3342         (JSC::ScopeNode::capturedVariableCount):
3343         (JSC::ScopeNode::captures):
3344         (JSC::ScopeNode::varStack):
3345         (JSC::ScopeNode::functionStack):
3346         (JSC::ScopeNode::neededConstants):
3347         (ScopeNode):
3348         * bytecompiler/NodesCodegen.cpp:
3349         (JSC::ScopeNode::emitStatementsBytecode): Inline ScopeNodeData
3350         into ScopeNode.  Adapt accessors.
3351
3352 2012-03-06  Eric Seidel  <eric@webkit.org>
3353
3354         Make WTF public headers use fully-qualified include paths and remove ForwardingHeaders/wtf
3355         https://bugs.webkit.org/show_bug.cgi?id=80363
3356
3357         Reviewed by Mark Rowe.
3358
3359         Historically WTF has been part of JavaScriptCore, and on Mac and Windows
3360         its headers have appeared as part of the "private" headers exported by
3361         JavaScriptCore.  All of the WTF headers there are "flattened" into a single
3362         private headers directory, and WebCore, WebKit and WebKit2 have used "ForwardingHeaders"
3363         to re-map fully-qualified <wtf/text/Foo.h> includes to simple <JavaScriptCore/Foo.h> includes.
3364
3365         However, very soon, we are moving the WTF source code out of JavaScriptCore into its
3366         own directory and project.  As part of such, the WTF headers will no longer be part of
3367         the JavaScriptCore private interfaces.
3368         In preparation for that, this change makes both the Mac and Win builds export
3369         WTF headers in a non-flattened manner.  On Mac, that means into usr/local/include/wtf
3370         (and subdirectories), on Windows for now that means JavaScriptCore/wtf (and subdirectories).
3371
3372         There are 5 parts to this change.
3373         1.  Updates the JavaScriptCore XCode and VCProj files to actually install these headers
3374             (and header directories) into the appropriate places in the build directory.
3375         2.  Updates JavaScriptCore.xcodeproj to look for these WTF headers in this install location
3376             (WebCore, WebKit, etc. had already been taught to look in previous patches).
3377         3.  Fixes all JavaScriptCore source files, and WTF headers to include WTF headers
3378             using fully qualified paths.
3379         4.  Stops the Mac and Win builds from installing these WTF headers in their old "flattened" location.
3380         5.  Removes WebCore and WebKit ForwardingHeaders/wtf directories now that the flattened headers no longer exist.
3381
3382         Unfortunately we see no way to do this change in smaller parts, since all of these steps are interdependant.
3383         It is possible there are internal Apple projects which depend on JavaScriptCore/Foo.h working for WTF
3384         headers, those will have to be updated to use <wtf/Foo.h> after this change.
3385         I've discussed this proposed change at length with Mark Rowe, and my understanding is they
3386         are ready for (and interested in) this change happening.
3387
3388         * API/tests/JSNode.c:
3389         * API/tests/JSNodeList.c:
3390         * Configurations/Base.xcconfig:
3391         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
3392         * JavaScriptCore.xcodeproj/project.pbxproj:
3393         * assembler/MacroAssemblerCodeRef.h:
3394         * bytecompiler/BytecodeGenerator.h:
3395         * dfg/DFGOperations.cpp:
3396         * heap/GCAssertions.h:
3397         * heap/HandleHeap.h:
3398         * heap/HandleStack.h:
3399         * heap/MarkedSpace.h:
3400         * heap/PassWeak.h:
3401         * heap/Strong.h:
3402         * heap/Weak.h:
3403         * jit/HostCallReturnValue.cpp:
3404         * jit/JIT.cpp:
3405         * jit/JITStubs.cpp:
3406         * jit/ThunkGenerators.cpp:
3407         * parser/Lexer.cpp:
3408         * runtime/Completion.cpp:
3409         * runtime/Executable.cpp:
3410         * runtime/Identifier.h:
3411         * runtime/InitializeThreading.cpp:
3412         * runtime/JSDateMath.cpp:
3413         * runtime/JSGlobalObjectFunctions.cpp:
3414         * runtime/JSStringBuilder.h:
3415         * runtime/JSVariableObject.h:
3416         * runtime/NumberPrototype.cpp:
3417         * runtime/WriteBarrier.h:
3418         * tools/CodeProfile.cpp:
3419         * tools/TieredMMapArray.h:
3420         * wtf/AVLTree.h:
3421         * wtf/Alignment.h:
3422         * wtf/AlwaysInline.h:
3423         * wtf/ArrayBufferView.h:
3424         * wtf/Assertions.h:
3425         * wtf/Atomics.h:
3426         * wtf/Bitmap.h:
3427         * wtf/BoundsCheckedPointer.h:
3428         * wtf/CheckedArithmetic.h:
3429         * wtf/Deque.h:
3430         * wtf/ExportMacros.h:
3431         * wtf/FastAllocBase.h:
3432         * wtf/FastMalloc.h:
3433         * wtf/Float32Array.h:
3434         * wtf/Float64Array.h:
3435         * wtf/Functional.h:
3436         * wtf/HashCountedSet.h:
3437         * wtf/HashFunctions.h:
3438         * wtf/HashMap.h:
3439         * wtf/HashSet.h:
3440         * wtf/HashTable.h:
3441         * wtf/HashTraits.h:
3442         * wtf/Int16Array.h:
3443         * wtf/Int32Array.h:
3444         * wtf/Int8Array.h:
3445         * wtf/IntegralTypedArrayBase.h:
3446         * wtf/ListHashSet.h:
3447         * wtf/MainThread.h:
3448         * wtf/MetaAllocator.h:
3449         * wtf/Noncopyable.h:
3450         * wtf/OwnArrayPtr.h:
3451         * wtf/OwnPtr.h:
3452         * wtf/PackedIntVector.h:
3453         * wtf/ParallelJobs.h:
3454         * wtf/PassOwnArrayPtr.h:
3455         * wtf/PassOwnPtr.h:
3456         * wtf/PassRefPtr.h:
3457         * wtf/PassTraits.h:
3458         * wtf/Platform.h:
3459         * wtf/PossiblyNull.h:
3460         * wtf/RefCounted.h:
3461         * wtf/RefCountedLeakCounter.h:
3462         * wtf/RefPtr.h:
3463         * wtf/RetainPtr.h:
3464         * wtf/SimpleStats.h:
3465         * wtf/Spectrum.h:
3466         * wtf/StdLibExtras.h:
3467         * wtf/TCPageMap.h:
3468         * wtf/TemporaryChange.h:
3469         * wtf/ThreadSafeRefCounted.h:
3470         * wtf/Threading.h:
3471         * wtf/ThreadingPrimitives.h:
3472         * wtf/TypeTraits.h:
3473         * wtf/TypedArrayBase.h:
3474         * wtf/Uint16Array.h:
3475         * wtf/Uint32Array.h:
3476         * wtf/Uint8Array.h:
3477         * wtf/Uint8ClampedArray.h:
3478         * wtf/UnusedParam.h:
3479         * wtf/Vector.h:
3480         * wtf/VectorTraits.h:
3481         * wtf/dtoa/double-conversion.h:
3482         * wtf/dtoa/utils.h:
3483         * wtf/gobject/GRefPtr.h:
3484         * wtf/gobject/GlibUtilities.h:
3485         * wtf/text/AtomicString.h:
3486         * wtf/text/AtomicStringImpl.h:
3487         * wtf/text/CString.h:
3488         * wtf/text/StringConcatenate.h:
3489         * wtf/text/StringHash.h:
3490         * wtf/text/WTFString.h:
3491         * wtf/unicode/CharacterNames.h:
3492         * wtf/unicode/UTF8.h:
3493         * wtf/unicode/glib/UnicodeGLib.h:
3494         * wtf/unicode/qt4/UnicodeQt4.h:
3495         * wtf/unicode/wince/UnicodeWinCE.h:
3496         * wtf/url/api/ParsedURL.h:
3497         * wtf/url/api/URLString.h:
3498         * wtf/wince/FastMallocWinCE.h:
3499         * yarr/YarrJIT.cpp:
3500
3501 2012-03-06  Gavin Barraclough  <barraclough@apple.com>
3502
3503         Array.prototype functions should throw if delete fails
3504         https://bugs.webkit.org/show_bug.cgi?id=80467
3505
3506         Reviewed by Oliver Hunt.
3507
3508         All calls to [[Delete]] from Array.prototype are specified to pass 'true' as the value of Throw.
3509         In the case of shift/unshift, these are also missing a throw from the 'put' in the implementations
3510         in JSArray.cpp. There are effectively three copies of each of the generic shift/unshift routines,
3511         one in splice, one in ArrayPrototype's shift/unshift methods, and one in JSArray's shift/unshift
3512         routines, for handling arrays with holes. These three copies should be unified.
3513
3514         * runtime/ArrayPrototype.cpp:
3515         (JSC::shift):
3516         (JSC::unshift):
3517             - Added - shared copies of the shift/unshift functionality.
3518         (JSC::arrayProtoFuncPop):
3519             - should throw if the delete fails.
3520         (JSC::arrayProtoFuncReverse):
3521             - should throw if the delete fails.
3522         (JSC::arrayProtoFuncShift):
3523         (JSC::arrayProtoFuncSplice):
3524         (JSC::arrayProtoFuncUnShift):
3525             - use shift/unshift.
3526         * runtime/JSArray.cpp:
3527         (JSC::JSArray::shiftCount):
3528         (JSC::JSArray::unshiftCount):
3529             - Don't try to handle arrays with holes; return a value indicating
3530               the generic routine should be used instead.
3531         * runtime/JSArray.h:
3532             - declaration for shiftCount/unshiftCount changed.
3533         * tests/mozilla/js1_6/Array/regress-304828.js:
3534             - this was asserting incorrect behaviour.
3535
3536 2012-03-06  Raphael Kubo da Costa  <kubo@profusion.mobi>
3537
3538         [CMake] Make the removal of transitive library dependencies work with CMake < 2.8.7.
3539         https://bugs.webkit.org/show_bug.cgi?id=80469
3540
3541         Reviewed by Antonio Gomes.
3542
3543         * CMakeLists.txt: Manually set the LINK_INTERFACE_LIBRARIES target
3544         property on the library being created.
3545
3546 2012-03-06  Yuqiang Xian  <yuqiang.xian@intel.com>
3547
3548         DFG BasicBlock should group the Phi nodes together and separate them
3549         from the other nodes
3550         https://bugs.webkit.org/show_bug.cgi?id=80361
3551
3552         Reviewed by Filip Pizlo.
3553
3554         This would make it more efficient to remove the redundant Phi nodes or
3555         insert new Phi nodes for SSA, besides providing a cleaner BasicBlock structure.
3556         This is performance neutral on SunSpider, V8 and Kraken.
3557
3558         * dfg/DFGAbstractState.cpp:
3559         (JSC::DFG::AbstractState::clobberStructures):
3560         (JSC::DFG::AbstractState::dump):
3561         * dfg/DFGBasicBlock.h:
3562         (JSC::DFG::BasicBlock::BasicBlock):
3563         (BasicBlock):
3564         * dfg/DFGByteCodeParser.cpp:
3565         (JSC::DFG::ByteCodeParser::addToGraph):
3566         (JSC::DFG::ByteCodeParser::insertPhiNode):
3567         * dfg/DFGCFAPhase.cpp:
3568         (JSC::DFG::CFAPhase::performBlockCFA):
3569         * dfg/DFGCSEPhase.cpp:
3570         (JSC::DFG::CSEPhase::pureCSE):
3571         (JSC::DFG::CSEPhase::impureCSE):
3572         (JSC::DFG::CSEPhase::globalVarLoadElimination):
3573         (JSC::DFG::CSEPhase::getByValLoadElimination):
3574         (JSC::DFG::CSEPhase::checkFunctionElimination):
3575         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
3576         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
3577         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
3578         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
3579         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
3580         (JSC::DFG::CSEPhase::performBlockCSE):
3581         * dfg/DFGGraph.cpp:
3582         (JSC::DFG::Graph::dump):
3583         * dfg/DFGSpeculativeJIT.cpp:
3584         (JSC::DFG::SpeculativeJIT::compile):
3585
3586 2012-03-06  Mark Hahnenberg  <mhahnenberg@apple.com>
3587
3588         GCActivityCallback timer should vary with the length of the previous GC
3589         https://bugs.webkit.org/show_bug.cgi?id=80344
3590
3591         Reviewed by Geoffrey Garen.
3592
3593         * heap/Heap.cpp: Gave Heap the ability to keep track of the length of its last 
3594         GC length so that the GC Activity Callback can use it.
3595         (JSC::Heap::Heap):
3596         (JSC::Heap::collect):
3597         * heap/Heap.h:
3598         (JSC::Heap::lastGCLength):
3599         (Heap):
3600         * runtime/GCActivityCallbackCF.cpp:
3601         (JSC):
3602         (JSC::DefaultGCActivityCallback::operator()): Use the length of the Heap's last 
3603         GC to determine the length of our timer trigger (currently set at 100x the duration 
3604         of the last GC).
3605
3606 2012-03-06  Rob Buis  <rbuis@rim.com>
3607
3608         BlackBerry] Fix cast-align gcc warnings when compiling JSC
3609         https://bugs.webkit.org/show_bug.cgi?id=80420
3610
3611         Reviewed by Gavin Barraclough.
3612
3613         Fix warnings given in Blackberry build.
3614
3615         * heap/CopiedBlock.h:
3616         (JSC::CopiedBlock::CopiedBlock):
3617         * wtf/RefCountedArray.h:
3618         (WTF::RefCountedArray::Header::fromPayload):
3619
3620 2012-03-06  Gavin Barraclough  <barraclough@apple.com>
3621
3622         writable/configurable not respected for some properties of Function/String/Arguments
3623         https://bugs.webkit.org/show_bug.cgi?id=80436
3624
3625         Reviewed by Oliver Hunt.
3626
3627         Special properties should behave like regular properties.
3628
3629         * runtime/Arguments.cpp:
3630         (JSC::Arguments::defineOwnProperty):
3631             - Mis-nested logic for making read-only properties non-live.
3632         * runtime/JSFunction.cpp:
3633         (JSC::JSFunction::put):
3634             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
3635         (JSC::JSFunction::deleteProperty):
3636             - Attempting to delete prototype/caller should fail.
3637         (JSC::JSFunction::defineOwnProperty):
3638             - Ensure prototype is reified on attempt to reify it.
3639             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
3640         * runtime/JSFunction.h:
3641             - added declaration for defineOwnProperty.
3642         (JSFunction):
3643         * runtime/StringObject.cpp:
3644         (JSC::StringObject::put):
3645             - length is non-writable, non-configurable - reject appropriately.
3646
3647 2012-03-06  Ulan Degenbaev  <ulan@chromium.org>
3648
3649         TypedArray subarray call for subarray does not clamp the end index parameter properly
3650         https://bugs.webkit.org/show_bug.cgi?id=80285
3651
3652         Reviewed by Kenneth Russell.
3653
3654         * wtf/ArrayBufferView.h:
3655         (WTF::ArrayBufferView::calculateOffsetAndLength):
3656
3657 2012-03-06  Sheriff Bot  <webkit.review.bot@gmail.com>
3658
3659         Unreviewed, rolling out r109837.
3660         http://trac.webkit.org/changeset/109837
3661         https://bugs.webkit.org/show_bug.cgi?id=80399
3662
3663         breaks Mac Productions builds, too late to try and fix it
3664         tonight (Requested by eseidel on #webkit).
3665
3666         * API/tests/JSNode.c:
3667         * API/tests/JSNodeList.c:
3668         * Configurations/Base.xcconfig:
3669         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
3670         * JavaScriptCore.xcodeproj/project.pbxproj:
3671         * assembler/MacroAssemblerCodeRef.h:
3672         * bytecompiler/BytecodeGenerator.h:
3673         * dfg/DFGOperations.cpp:
3674         * heap/GCAssertions.h:
3675         * heap/HandleHeap.h:
3676         * heap/HandleStack.h:
3677         * heap/MarkedSpace.h:
3678         * heap/PassWeak.h:
3679         * heap/Strong.h:
3680         * heap/Weak.h:
3681         * jit/HostCallReturnValue.cpp:
3682         * jit/JIT.cpp:
3683         * jit/JITStubs.cpp:
3684         * jit/ThunkGenerators.cpp:
3685         * parser/Lexer.cpp:
3686         * runtime/Completion.cpp:
3687         * runtime/Executable.cpp:
3688         * runtime/Identifier.h:
3689         * runtime/InitializeThreading.cpp:
3690         * runtime/JSDateMath.cpp:
3691         * runtime/JSGlobalObjectFunctions.cpp:
3692         * runtime/JSStringBuilder.h:
3693         * runtime/JSVariableObject.h:
3694         * runtime/NumberPrototype.cpp:
3695         * runtime/WriteBarrier.h:
3696         * tools/CodeProfile.cpp:
3697         * tools/TieredMMapArray.h:
3698         * yarr/YarrJIT.cpp:
3699
3700 2012-03-06  Zoltan Herczeg  <zherczeg@webkit.org>
3701
3702         [Qt][ARM] Speculative buildfix after r109834.
3703
3704         Reviewed by Csaba Osztrogonác.
3705
3706         * assembler/MacroAssemblerARM.h:
3707         (JSC::MacroAssemblerARM::and32):
3708         (MacroAssemblerARM):
3709
3710 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3711
3712         Unreviewed windows build fix pt 2.
3713
3714         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3715
3716 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3717
3718         Unreviewed windows build fix pt 1.
3719
3720         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3721
3722 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3723
3724         putByIndex should throw in strict mode
3725         https://bugs.webkit.org/show_bug.cgi?id=80335
3726
3727         Reviewed by Filip Pizlo.
3728
3729         Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter.
3730
3731         This is a largely mechanical change, simply adding an extra parameter to a number
3732         of functions. Some call sites need perform additional exception checks, and
3733         operationPutByValBeyondArrayBounds needs to know whether it is strict or not.
3734
3735         This patch doesn't fix a missing throw from some cases of shift/unshift (this is
3736         an existing bug), I'll follow up with a third patch to handle that.
3737
3738         * API/JSObjectRef.cpp:
3739         (JSObjectSetPropertyAtIndex):
3740         * JSCTypedArrayStubs.h:
3741         (JSC):
3742         * dfg/DFGOperations.cpp:
3743         (JSC::DFG::putByVal):
3744         * dfg/DFGOperations.h:
3745         * dfg/DFGSpeculativeJIT32_64.cpp:
3746         (JSC::DFG::SpeculativeJIT::compile):
3747         * dfg/DFGSpeculativeJIT64.cpp:
3748         (JSC::DFG::SpeculativeJIT::compile):
3749         * interpreter/Interpreter.cpp:
3750         (JSC::Interpreter::privateExecute):
3751         * jit/JITStubs.cpp:
3752         (JSC::DEFINE_STUB_FUNCTION):
3753         * jsc.cpp:
3754         (GlobalObject::finishCreation):
3755         * llint/LLIntSlowPaths.cpp:
3756         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3757         * runtime/Arguments.cpp:
3758         (JSC::Arguments::putByIndex):
3759         * runtime/Arguments.h:
3760         (Arguments):
3761         * runtime/ArrayPrototype.cpp:
3762         (JSC::arrayProtoFuncPush):
3763         (JSC::arrayProtoFuncReverse):
3764         (JSC::arrayProtoFuncShift):
3765         (JSC::arrayProtoFuncSort):
3766         (JSC::arrayProtoFuncSplice):
3767         (JSC::arrayProtoFuncUnShift):
3768         * runtime/ClassInfo.h:
3769         (MethodTable):
3770         * runtime/JSArray.cpp:
3771         (JSC::SparseArrayValueMap::put):
3772         (JSC::JSArray::put):
3773         (JSC::JSArray::putByIndex):
3774         (JSC::JSArray::putByIndexBeyondVectorLength):
3775         (JSC::JSArray::push):
3776         (JSC::JSArray::shiftCount):
3777         (JSC::JSArray::unshiftCount):
3778         * runtime/JSArray.h:
3779         (SparseArrayValueMap):
3780         (JSArray):
3781         * runtime/JSByteArray.cpp:
3782         (JSC::JSByteArray::putByIndex):
3783         * runtime/JSByteArray.h:
3784         (JSByteArray):
3785         * runtime/JSCell.cpp:
3786         (JSC::JSCell::putByIndex):
3787         * runtime/JSCell.h:
3788         (JSCell):
3789         * runtime/JSNotAnObject.cpp:
3790         (JSC::JSNotAnObject::putByIndex):
3791         * runtime/JSNotAnObject.h:
3792         (JSNotAnObject):
3793         * runtime/JSONObject.cpp:
3794         (JSC::Walker::walk):
3795         * runtime/JSObject.cpp:
3796         (JSC::JSObject::putByIndex):
3797         * runtime/JSObject.h:
3798         (JSC::JSValue::putByIndex):
3799         * runtime/RegExpConstructor.cpp:
3800         (JSC::RegExpMatchesArray::fillArrayInstance):
3801         * runtime/RegExpMatchesArray.h:
3802         (JSC::RegExpMatchesArray::putByIndex):
3803         * runtime/StringPrototype.cpp:
3804         (JSC::stringProtoFuncSplit):
3805
3806 2012-03-05  Yuqiang Xian  <yuqiang.xian@intel.com>
3807
3808         PredictNone is incorrectly treated as isDoublePrediction
3809         https://bugs.webkit.org/show_bug.cgi?id=80365
3810
3811         Reviewed by Filip Pizlo.
3812
3813         Also it is incorrectly treated as isFixedIndexedStorageObjectPrediction.
3814
3815         * bytecode/PredictedType.h:
3816         (JSC::isFixedIndexedStorageObjectPrediction):
3817         (JSC::isDoublePrediction):
3818
3819 2012-03-05  Filip Pizlo  <fpizlo@apple.com>
3820
3821         The LLInt should work even when the JIT is disabled
3822         https://bugs.webkit.org/show_bug.cgi?id=80340
3823         <rdar://problem/10922235>
3824
3825         Reviewed by Gavin Barraclough.
3826
3827         * assembler/MacroAssemblerCodeRef.h:
3828         (JSC::MacroAssemblerCodePtr::createLLIntCodePtr):
3829         (MacroAssemblerCodeRef):
3830         (JSC::MacroAssemblerCodeRef::createLLIntCodeRef):
3831         * interpreter/Interpreter.cpp:
3832         (JSC::Interpreter::initialize):
3833         (JSC::Interpreter::execute):
3834         (JSC::Interpreter::executeCall):
3835         (JSC::Interpreter::executeConstruct):
3836         * jit/JIT.h:
3837         (JSC::JIT::compileCTINativeCall):
3838         * jit/JITStubs.h:
3839         (JSC::JITThunks::ctiNativeCall):
3840         (JSC::JITThunks::ctiNativeConstruct):
3841         * llint/LLIntEntrypoints.cpp:
3842         (JSC::LLInt::getFunctionEntrypoint):
3843         (JSC::LLInt::getEvalEntrypoint):
3844         (JSC::LLInt::getProgramEntrypoint):
3845         * llint/LLIntSlowPaths.cpp:
3846         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3847         (LLInt):
3848         * llint/LLIntSlowPaths.h:
3849         (LLInt):
3850         * llint/LowLevelInterpreter.h:
3851         * llint/LowLevelInterpreter32_64.asm:
3852         * runtime/Executable.h:
3853         (NativeExecutable):
3854         (JSC::NativeExecutable::create):
3855         (JSC::NativeExecutable::finishCreation):
3856         * runtime/JSGlobalData.cpp:
3857         (JSC::JSGlobalData::JSGlobalData):
3858         * runtime/JSGlobalData.h:
3859         (JSGlobalData):
3860         * runtime/Options.cpp:
3861         (Options):
3862         (JSC::Options::parse):
3863         (JSC::Options::initializeOptions):
3864         * runtime/Options.h:
3865         (Options):
3866         * wtf/Platform.h:
3867
3868 2012-03-05  Yuqiang Xian  <yuqiang.xian@intel.com>
3869
3870         Checks for dead variables are not sufficient when fixing the expected
3871         values in DFG OSR entry
3872         https://bugs.webkit.org/show_bug.cgi?id=80371
3873
3874         Reviewed by Filip Pizlo.
3875
3876         A dead variable should be identified when there's no node referencing it.
3877         But we currently failed to catch the case where there are some nodes
3878         referencing a variable but those nodes are actually not referenced by
3879         others so will be ignored in code generation. In such case we should
3880         also consider that variable to be a dead variable in the block and fix
3881         the expected values.
3882         This is performance neutral on SunSpider, V8 and Kraken.
3883
3884         * dfg/DFGJITCompiler.h:
3885         (JSC::DFG::JITCompiler::noticeOSREntry):
3886
3887 2012-03-05  Oliver Hunt  <oliver@apple.com>
3888
3889         Fix Qt build.
3890
3891         * assembler/AbstractMacroAssembler.h:
3892         * assembler/MacroAssembler.h:
3893         (MacroAssembler):
3894         * dfg/DFGSpeculativeJIT.cpp:
3895         (JSC::DFG::SpeculativeJIT::compileArithSub):
3896         * jit/JITArithmetic32_64.cpp:
3897         (JSC::JIT::emitSub32Constant):
3898
3899 2012-03-05  Eric Seidel  <eric@webkit.org>
3900
3901         Update JavaScriptCore files to use fully-qualified WTF include paths
3902         https://bugs.webkit.org/show_bug.cgi?id=79960
3903
3904         Reviewed by Adam Barth.
3905
3906         This change does 5 small/related things:
3907          1. Updates JavaScriptCore.xcodeproj to install WTF headers into $BUILD/usr/local/include
3908             (WebCore, WebKit were already setup to look there, but JavaScriptCore.xcodeproj
3909             was not installing headers there.)
3910          2. Makes JavaScriptCore targets include $BUILD/usr/local/include in their
3911             header search path, as that's where the WTF headers will be installed.
3912          3. Similarly updates JavaScriptCore.vcproj/copy-files.cmd to copy WTF headers to PrivateHeaders/wtf/*
3913             in addition to the current behavior of flattening all headers to PrivateHeaders/*.h.
3914          4. Updates a bunch of JSC files to use #include <wtf/Foo.h> instead of #include "Foo.h"
3915             since soon the WTF headers will not be part of the JavaScriptCore Xcode project.
3916          5. Makes build-webkit build the WTF XCode project by default.
3917
3918         * API/tests/JSNode.c:
3919         * API/tests/JSNodeList.c:
3920         * Configurations/Base.xcconfig:
3921         * assembler/MacroAssemblerCodeRef.h:
3922         * bytecompiler/BytecodeGenerator.h:
3923         * dfg/DFGOperations.cpp:
3924         * heap/GCAssertions.h:
3925         * heap/HandleHeap.h:
3926         * heap/HandleStack.h:
3927         * heap/MarkedSpace.h:
3928         * heap/PassWeak.h:
3929         * heap/Strong.h:
3930         * heap/Weak.h:
3931         * jit/HostCallReturnValue.cpp:
3932         * jit/JIT.cpp:
3933         * jit/JITStubs.cpp:
3934         * jit/ThunkGenerators.cpp:
3935         * parser/Lexer.cpp:
3936         * runtime/Completion.cpp:
3937         * runtime/Executable.cpp:
3938         * runtime/Identifier.h:
3939         * runtime/InitializeThreading.cpp:
3940         * runtime/JSDateMath.cpp:
3941         * runtime/JSGlobalObjectFunctions.cpp:
3942         * runtime/JSStringBuilder.h:
3943         * runtime/JSVariableObject.h:
3944         * runtime/NumberPrototype.cpp:
3945         * runtime/WriteBarrier.h:
3946         * tools/CodeProfile.cpp:
3947         * tools/TieredMMapArray.h:
3948         * yarr/YarrJIT.cpp:
3949
3950 2012-03-05  Oliver Hunt  <oliver@apple.com>
3951
3952         Add basic support for constant blinding to the JIT
3953         https://bugs.webkit.org/show_bug.cgi?id=80354
3954
3955         Reviewed by Filip Pizlo.
3956
3957         This patch adds basic constant blinding support to the JIT, at the
3958         MacroAssembler level.  This means all JITs in JSC (Yarr, baseline, and DFG)
3959         get constant blinding.  Woo!
3960
3961         This patch only introduces blinding for Imm32, a later patch will do similar
3962         for ImmPtr.  In order to make misuse of Imm32 as a trusted type essentially
3963         impossible, we make TrustedImm32 a private parent of Imm32 and add an explicit
3964         accessor that's needed to access the actual value.  This also means you cannot
3965         accidentally pass an untrusted value to a function that does not perform
3966         blinding.
3967
3968         To make everything work sensibly, this patch also corrects some code that was using
3969         Imm32 when TrustedImm32 could be used, and refactors a few callers that use
3970         untrusted immediates, so that they call slightly different varaints of the functions
3971         that they used previously.  This is largely necessary to deal with x86-32 not having
3972         sufficient registers to handle the additional work required when we choose to blind
3973         a constant.
3974
3975         * assembler/AbstractMacroAssembler.h:
3976         (JSC::AbstractMacroAssembler::Imm32::asTrustedImm32):
3977         (Imm32):
3978         (JSC::AbstractMacroAssembler::beginUninterruptedSequence):
3979         (JSC::AbstractMacroAssembler::endUninterruptedSequence):
3980         (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
3981         (AbstractMacroAssembler):
3982         (JSC::AbstractMacroAssembler::inUninterruptedSequence):
3983         (JSC::AbstractMacroAssembler::random):
3984         (JSC::AbstractMacroAssembler::scratchRegisterForBlinding):
3985         (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
3986         * assembler/MacroAssembler.h:
3987         (JSC::MacroAssembler::addressForPoke):
3988         (MacroAssembler):
3989         (JSC::MacroAssembler::poke):
3990         (JSC::MacroAssembler::branchPtr):
3991         (JSC::MacroAssembler::branch32):
3992         (JSC::MacroAssembler::convertInt32ToDouble):
3993         (JSC::MacroAssembler::shouldBlind):
3994         (JSC::MacroAssembler::BlindedImm32::BlindedImm32):
3995         (BlindedImm32):
3996         (JSC::MacroAssembler::keyForConstant):
3997         (JSC::MacroAssembler::xorBlindConstant):
3998         (JSC::MacroAssembler::additionBlindedConstant):
3999         (JSC::MacroAssembler::andBlindedConstant):
4000         (JSC::MacroAssembler::orBlindedConstant):
4001         (JSC::MacroAssembler::loadXorBlindedConstant):
4002         (JSC::MacroAssembler::add32):
4003         (JSC::MacroAssembler::addPtr):
4004         (JSC::MacroAssembler::and32):
4005         (JSC::MacroAssembler::andPtr):