Simplify memory usage tracking in CopiedSpace
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-03-23  Mark Hahnenberg  <mhahnenberg@apple.com>
2
3         Simplify memory usage tracking in CopiedSpace
4         https://bugs.webkit.org/show_bug.cgi?id=80705
5
6         Reviewed by Filip Pizlo.
7
8         * heap/CopiedAllocator.h:
9         (CopiedAllocator): Rename currentUtilization to currentSize.
10         (JSC::CopiedAllocator::currentCapacity):
11         * heap/CopiedBlock.h:
12         (CopiedBlock):
13         (JSC::CopiedBlock::payload): Move the implementation of payload() out of the class
14         declaration.
15         (JSC):
16         (JSC::CopiedBlock::size): Add new function to calculate the block's size.
17         (JSC::CopiedBlock::capacity): Ditto for capacity.
18         * heap/CopiedSpace.cpp:
19         (JSC::CopiedSpace::CopiedSpace): Remove old bogus memory stats fields and add a new
20         field for the water mark.
21         (JSC::CopiedSpace::init):
22         (JSC::CopiedSpace::tryAllocateSlowCase): When we fail to allocate from the current 
23         block, we need to update our current water mark with the size of the block.
24         (JSC::CopiedSpace::tryAllocateOversize): When we allocate a new oversize block, we 
25         need to update our current water mark with the size of the used portion of the block.
26         (JSC::CopiedSpace::tryReallocate): We don't need to update the water mark when 
27         reallocating because it will either get accounted for when we fill up the block later 
28         in the case of being able to reallocate in the current block or it will get picked up 
29         immediately because we'll have to get a new block.
30         (JSC::CopiedSpace::tryReallocateOversize): We do, however, need to update in when 
31         realloc-ing an oversize block because we deallocate the old block and allocate a brand 
32         new one.
33         (JSC::CopiedSpace::doneFillingBlock): Update the water mark as blocks are returned to 
34         the CopiedSpace by the SlotVisitors.
35         (JSC::CopiedSpace::doneCopying): Add in any pinned blocks to the water mark.
36         (JSC::CopiedSpace::getFreshBlock): We use the Heap's new function to tell us whether or 
37         not we should collect now instead of doing the calculation ourself.
38         (JSC::CopiedSpace::destroy):
39         (JSC):
40         (JSC::CopiedSpace::size): Manually calculate the size of the CopiedSpace, similar to how 
41         MarkedSpace does.
42         (JSC::CopiedSpace::capacity): Ditto for capacity.
43         * heap/CopiedSpace.h:
44         (JSC::CopiedSpace::waterMark):
45         (CopiedSpace):
46         * heap/CopiedSpaceInlineMethods.h:
47         (JSC::CopiedSpace::startedCopying): Reset water mark to 0 when we start copying during a 
48         collection.
49         (JSC::CopiedSpace::allocateNewBlock):
50         (JSC::CopiedSpace::fitsInBlock):
51         (JSC::CopiedSpace::allocateFromBlock):
52         * heap/Heap.cpp:
53         (JSC::Heap::size): Incorporate size of CopiedSpace into the total size of the Heap.
54         (JSC::Heap::capacity): Ditto for capacity.
55         (JSC::Heap::collect):
56         * heap/Heap.h:
57         (Heap):
58         (JSC::Heap::shouldCollect): New function for other sub-parts of the Heap to use to 
59         determine whether they should initiate a collection or continue to allocate new blocks.
60         (JSC):
61         (JSC::Heap::waterMark): Now is the sum of the water marks of the two sub-parts of the
62         Heap (MarkedSpace and CopiedSpace).
63         * heap/MarkedAllocator.cpp:
64         (JSC::MarkedAllocator::allocateSlowCase): Changed to use the Heap's new shouldCollect() function.
65
66 2012-03-23  Ryosuke Niwa  <rniwa@webkit.org>
67
68         BitVector::resizeOutOfLine doesn't memset when converting an inline buffer
69         https://bugs.webkit.org/show_bug.cgi?id=82012
70
71         Reviewed by Filip Pizlo.
72
73         Initialize out-of-line buffers while extending an inline buffer. Also export symbols to be used in WebCore.
74
75         * wtf/BitVector.cpp:
76         (WTF::BitVector::resizeOutOfLine):
77         * wtf/BitVector.h:
78         (BitVector):
79         (OutOfLineBits):
80
81 2012-03-22  Michael Saboff  <msaboff@apple.com>
82
83         ExecutableAllocator::memoryPressureMultiplier() might can return NaN
84         https://bugs.webkit.org/show_bug.cgi?id=82002
85
86         Reviewed by Filip Pizlo.
87
88         Guard against divide by zero and then make sure the return
89         value is >= 1.0.
90
91         * jit/ExecutableAllocator.cpp:
92         (JSC::ExecutableAllocator::memoryPressureMultiplier):
93         * jit/ExecutableAllocatorFixedVMPool.cpp:
94         (JSC::ExecutableAllocator::memoryPressureMultiplier):
95
96 2012-03-22  Jessie Berlin  <jberlin@apple.com>
97
98         Windows build fix after r111778.
99
100         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
101         Don't include and try to build files owned by WTF.
102         Also, let VS have its way with the vcproj in terms of file ordering.
103
104 2012-03-22  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
105
106         [CMake] Unreviewed build fix after r111778.
107
108         * CMakeLists.txt: Move ${WTF_DIR} after ${JAVASCRIPTCORE_DIR} in
109         the include paths so that the right config.h is used.
110
111 2012-03-22  Tony Chang  <tony@chromium.org>
112
113         Unreviewed, fix chromium build after wtf move.
114
115         Remove old wtf_config and wtf targets.
116
117         * JavaScriptCore.gyp/JavaScriptCore.gyp:
118
119 2012-03-22  Martin Robinson  <mrobinson@igalia.com>
120
121         Fixed the GTK+ WTF/JavaScriptCore build after r111778.
122
123         * GNUmakefile.list.am: Removed an extra trailing backslash.
124
125 2012-03-22  Mark Rowe  <mrowe@apple.com>
126
127         Fix the build.
128
129         * Configurations/JavaScriptCore.xcconfig: Tell the linker to pull in all members from static libraries
130         rather than only those that contain symbols that JavaScriptCore itself uses.
131         * JavaScriptCore.xcodeproj/project.pbxproj: Remove some bogus settings that crept in to the Xcode project.
132
133 2012-03-22  Filip Pizlo  <fpizlo@apple.com>
134
135         DFG NodeFlags has some duplicate code and naming issues
136         https://bugs.webkit.org/show_bug.cgi?id=81975
137
138         Reviewed by Gavin Barraclough.
139         
140         Removed most references to "ArithNodeFlags" since those are now just part
141         of the node flags. Fixed some renaming goofs (EdgedAsNum is once again
142         NodeUsedAsNum). Got rid of setArithNodeFlags() and mergeArithNodeFlags()
143         because the former was never called and the latter did the same things as
144         mergeFlags().
145
146         * dfg/DFGByteCodeParser.cpp:
147         (JSC::DFG::ByteCodeParser::makeSafe):
148         (JSC::DFG::ByteCodeParser::makeDivSafe):
149         (JSC::DFG::ByteCodeParser::handleIntrinsic):
150         * dfg/DFGGraph.cpp:
151         (JSC::DFG::Graph::dump):
152         * dfg/DFGNode.h:
153         (JSC::DFG::Node::arithNodeFlags):
154         (Node):
155         * dfg/DFGNodeFlags.cpp:
156         (JSC::DFG::nodeFlagsAsString):
157         * dfg/DFGNodeFlags.h:
158         (DFG):
159         (JSC::DFG::nodeUsedAsNumber):
160         * dfg/DFGPredictionPropagationPhase.cpp:
161         (JSC::DFG::PredictionPropagationPhase::propagate):
162         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
163
164 2012-03-22  Eric Seidel  <eric@webkit.org>
165
166         Actually move WTF files to their new home
167         https://bugs.webkit.org/show_bug.cgi?id=81844
168
169         Unreviewed.  The details of the port-specific changes
170         have been seen by contributors from those ports, but
171         the whole 5MB change isn't very reviewable as-is.
172
173         * GNUmakefile.am:
174         * GNUmakefile.list.am:
175         * JSCTypedArrayStubs.h:
176         * JavaScriptCore.gypi:
177         * JavaScriptCore.xcodeproj/project.pbxproj:
178         * jsc.cpp:
179
180 2012-03-22  Kevin Ollivier  <kevino@theolliviers.com>
181
182         [wx] Unreviewed. Adding Source/WTF to the build.
183
184         * wscript:
185
186 2012-03-22  Gavin Barraclough  <barraclough@apple.com>
187
188         Add JSValue::isFunction
189         https://bugs.webkit.org/show_bug.cgi?id=81935
190
191         Reviewed by Geoff Garen.
192
193         This would be useful in the WebCore bindings code.
194         Also, remove asFunction, replace with jsCast<JSFunction*>.
195
196         * API/JSContextRef.cpp:
197         * debugger/Debugger.cpp:
198         * debugger/DebuggerCallFrame.cpp:
199         (JSC::DebuggerCallFrame::functionName):
200         * dfg/DFGGraph.h:
201         (JSC::DFG::Graph::valueOfFunctionConstant):
202         * dfg/DFGOperations.cpp:
203         * interpreter/CallFrame.cpp:
204         (JSC::CallFrame::isInlineCallFrameSlow):
205         * interpreter/Interpreter.cpp:
206         (JSC::Interpreter::privateExecute):
207         * jit/JITStubs.cpp:
208         (JSC::DEFINE_STUB_FUNCTION):
209         (JSC::jitCompileFor):
210         (JSC::lazyLinkFor):
211         * llint/LLIntSlowPaths.cpp:
212         (JSC::LLInt::traceFunctionPrologue):
213         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
214         (JSC::LLInt::setUpCall):
215         * runtime/Arguments.h:
216         (JSC::Arguments::finishCreation):
217         * runtime/ArrayPrototype.cpp:
218         (JSC::arrayProtoFuncFilter):
219         (JSC::arrayProtoFuncMap):
220         (JSC::arrayProtoFuncEvery):
221         (JSC::arrayProtoFuncForEach):
222         (JSC::arrayProtoFuncSome):
223         (JSC::arrayProtoFuncReduce):
224         (JSC::arrayProtoFuncReduceRight):
225         * runtime/CommonSlowPaths.h:
226         (JSC::CommonSlowPaths::arityCheckFor):
227         * runtime/Executable.h:
228         (JSC::FunctionExecutable::compileFor):
229         (JSC::FunctionExecutable::compileOptimizedFor):
230         * runtime/FunctionPrototype.cpp:
231         (JSC::functionProtoFuncToString):
232         * runtime/JSArray.cpp:
233         (JSC::JSArray::sort):
234         * runtime/JSFunction.cpp:
235         (JSC::JSFunction::argumentsGetter):
236         (JSC::JSFunction::callerGetter):
237         (JSC::JSFunction::lengthGetter):
238         * runtime/JSFunction.h:
239         (JSC):
240         (JSC::asJSFunction):
241         (JSC::JSValue::isFunction):
242         * runtime/JSGlobalData.cpp:
243         (WTF::Recompiler::operator()):
244         (JSC::JSGlobalData::releaseExecutableMemory):
245         * runtime/JSValue.h:
246         * runtime/StringPrototype.cpp:
247         (JSC::replaceUsingRegExpSearch):
248
249 2012-03-21  Filip Pizlo  <fpizlo@apple.com>
250
251         DFG speculation on booleans should be rationalized
252         https://bugs.webkit.org/show_bug.cgi?id=81840
253
254         Reviewed by Gavin Barraclough.
255         
256         This removes isKnownBoolean() and replaces it with AbstractState-based
257         optimization, and cleans up the control flow in code gen methods for
258         Branch and LogicalNot. Also fixes a goof in Node::shouldSpeculateNumber,
259         and removes isKnownNotBoolean() since that method appeared to be a
260         helper used solely by 32_64's speculateBooleanOperation().
261         
262         This is performance-neutral.
263
264         * dfg/DFGAbstractState.cpp:
265         (JSC::DFG::AbstractState::execute):
266         * dfg/DFGNode.h:
267         (JSC::DFG::Node::shouldSpeculateNumber):
268         * dfg/DFGSpeculativeJIT.cpp:
269         (DFG):
270         * dfg/DFGSpeculativeJIT.h:
271         (SpeculativeJIT):
272         * dfg/DFGSpeculativeJIT32_64.cpp:
273         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
274         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
275         (JSC::DFG::SpeculativeJIT::emitBranch):
276         (JSC::DFG::SpeculativeJIT::compile):
277         * dfg/DFGSpeculativeJIT64.cpp:
278         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
279         (JSC::DFG::SpeculativeJIT::emitBranch):
280         (JSC::DFG::SpeculativeJIT::compile):
281
282 2012-03-21  Mark Rowe  <mrowe@apple.com>
283
284         Fix the build.
285
286         * wtf/MetaAllocator.h:
287         (MetaAllocator): Export the destructor.
288
289 2012-03-21  Eric Seidel  <eric@webkit.org>
290
291         Fix remaining WTF includes in JavaScriptCore in preparation for moving WTF headers out of JavaScriptCore
292         https://bugs.webkit.org/show_bug.cgi?id=81834
293
294         Reviewed by Adam Barth.
295
296         * jsc.cpp:
297         * os-win32/WinMain.cpp:
298         * runtime/JSDateMath.cpp:
299         * runtime/TimeoutChecker.cpp:
300         * testRegExp.cpp:
301         * tools/CodeProfiling.cpp:
302
303 2012-03-21  Eric Seidel  <eric@webkit.org>
304
305         WTF::MetaAllocator has a weak vtable (discovered when building wtf as a static library)
306         https://bugs.webkit.org/show_bug.cgi?id=81838
307
308         Reviewed by Geoffrey Garen.
309
310         My understanding is that weak vtables happen when the compiler/linker cannot
311         determine which compilation unit should constain the vtable.  In this case
312         because there were only pure virtual functions as well as an "inline"
313         virtual destructor (thus the virtual destructor was defined in many compilation
314         units).  Since you can't actually "inline" a virtual function (it still has to
315         bounce through the vtable), the "inline" on this virutal destructor doesn't
316         actually help performance, and is only serving to confuse the compiler here.
317         I've moved the destructor implementation to the .cpp file, thus making
318         it clear to the compiler where the vtable should be stored, and solving the error.
319
320         * wtf/MetaAllocator.cpp:
321         (WTF::MetaAllocator::~MetaAllocator):
322         (WTF):
323         * wtf/MetaAllocator.h:
324
325 2012-03-20  Gavin Barraclough  <barraclough@apple.com>
326
327         RegExpMatchesArray should not copy the ovector
328         https://bugs.webkit.org/show_bug.cgi?id=81742
329
330         Reviewed by Michael Saboff.
331
332         Currently, all RegExpMatchesArray object contain Vector<int, 32>, used to hold any sub-pattern results.
333         This makes allocation/construction/destruction of these objects more expensive. Instead, just store the
334         main match, and recreate the sub-pattern ranges only if necessary (these are often only used for grouping,
335         and the results never accessed).
336         If the main match (index 0) of the RegExpMatchesArray is accessed, reify that value alone.
337
338         * dfg/DFGOperations.cpp:
339             - RegExpObject match renamed back to test (test returns a bool).
340         * runtime/RegExpConstructor.cpp:
341         (JSC):
342             - Removed RegExpResult, RegExpMatchesArray constructor, destroy method.
343         (JSC::RegExpMatchesArray::finishCreation):
344             - Removed RegExpConstructorPrivate parameter.
345         (JSC::RegExpMatchesArray::reifyAllProperties):
346             - (Was fillArrayInstance) Reify all properties of the RegExpMatchesArray.
347             If there are sub-pattern properties, the RegExp is re-run to generate their values.
348         (JSC::RegExpMatchesArray::reifyMatchProperty):
349             - Reify just the match (index 0) property of the RegExpMatchesArray.
350         * runtime/RegExpConstructor.h:
351         (RegExpConstructor):
352         (JSC::RegExpConstructor::performMatch):
353             - performMatch now returns a MatchResult, rather than using out-parameters.
354         * runtime/RegExpMatchesArray.h:
355         (JSC::RegExpMatchesArray::RegExpMatchesArray):
356             - Moved from .cpp, stores the input/regExp/result to use when lazily reifying properties.
357         (RegExpMatchesArray):
358         (JSC::RegExpMatchesArray::create):
359             - Now passed the input string matched against, the RegExp, and the MatchResult.
360         (JSC::RegExpMatchesArray::reifyAllPropertiesIfNecessary):
361         (JSC::RegExpMatchesArray::reifyMatchPropertyIfNecessary):
362             - Helpers to conditionally reify properties.
363         (JSC::RegExpMatchesArray::getOwnPropertySlot):
364         (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
365         (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
366         (JSC::RegExpMatchesArray::put):
367         (JSC::RegExpMatchesArray::putByIndex):
368         (JSC::RegExpMatchesArray::deleteProperty):
369         (JSC::RegExpMatchesArray::deletePropertyByIndex):
370         (JSC::RegExpMatchesArray::getOwnPropertyNames):
371         (JSC::RegExpMatchesArray::defineOwnProperty):
372             - Changed to use reifyAllPropertiesIfNecessary/reifyMatchPropertyIfNecessary
373             (getOwnPropertySlotByIndex calls reifyMatchPropertyIfNecessary if index is 0).
374         * runtime/RegExpObject.cpp:
375         (JSC::RegExpObject::exec):
376         (JSC::RegExpObject::match):
377             - match now returns a MatchResult.
378         * runtime/RegExpObject.h:
379         (JSC::MatchResult::MatchResult):
380             - Added the result of a match is a start & end tuple.
381         (JSC::MatchResult::failed):
382             - A failure is indicated by (notFound, 0).
383         (JSC::MatchResult::operator bool):
384             - Evaluates to false if the match failed.
385         (JSC::MatchResult::empty):
386             - Evaluates to true if the match succeeded with length 0.
387         (JSC::RegExpObject::test):
388             - Now returns a bool.
389         * runtime/RegExpPrototype.cpp:
390         (JSC::regExpProtoFuncTest):
391             - RegExpObject match renamed back to test (test returns a bool).
392         * runtime/StringPrototype.cpp:
393         (JSC::removeUsingRegExpSearch):
394         (JSC::replaceUsingRegExpSearch):
395         (JSC::stringProtoFuncMatch):
396         (JSC::stringProtoFuncSearch):
397             - performMatch now returns a MatchResult, rather than using out-parameters.
398
399 2012-03-21  Hojong Han  <hojong.han@samsung.com>
400
401         Fix out of memory by allowing overcommit
402         https://bugs.webkit.org/show_bug.cgi?id=81743
403
404         Reviewed by Geoffrey Garen.
405
406         Garbage collection is not triggered and new blocks are added
407         because overcommit is allowed by MAP_NORESERVE flag when high water mark is big enough.
408
409         * wtf/OSAllocatorPosix.cpp:
410         (WTF::OSAllocator::reserveAndCommit):
411
412 2012-03-21  Jessie Berlin  <jberlin@apple.com>
413
414         More Windows build fixing.
415
416         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
417         Fix the order of the include directories to look in include/private first before looking
418         in include/private/JavaScriptCore.
419         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
420         Look in the Production output directory (where the wtf headers will be). This is the same
421         thing that is done for jsc and testRegExp in ReleasePGO.
422
423 2012-03-21  Jessie Berlin  <jberlin@apple.com>
424
425         WTF headers should be in $(ConfigurationBuildDir)\include\private\wtf, not
426         $(ConfigurationBuildDir)\include\private\JavaScriptCore\wtf.
427         https://bugs.webkit.org/show_bug.cgi?id=81739
428
429         Reviewed by Dan Bernstein.
430
431         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
432         Look for AtomicString.cpp, StringBuilder.cpp, StringImpl.cpp, and WTFString.cpp in the wtf
433         subdirectory of the build output, not the JavaScriptCore/wtf subdirectory.
434         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
435         Ditto.
436
437         * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops:
438         Get the headers for those 4 files from the wtf subdirectory of the build output, not the
439         JavaScriptCore/wtf subdirectory.
440         * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
441         Ditto.
442
443 2012-03-20  Eric Seidel  <eric@webkit.org>
444
445         Move wtf/Platform.h from JavaScriptCore to Source/WTF/wtf
446         https://bugs.webkit.org/show_bug.cgi?id=80911
447
448         Reviewed by Adam Barth.
449
450         Update the various build systems to depend on Source/WTF headers
451         as well as remove references to Platform.h (since it's now moved).
452
453         * CMakeLists.txt:
454         * JavaScriptCore.pri:
455         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
456         * JavaScriptCore.xcodeproj/project.pbxproj:
457         * wtf/CMakeLists.txt:
458
459 2012-03-20  Filip Pizlo  <fpizlo@apple.com>
460
461         op_mod fails on many interesting corner cases
462         https://bugs.webkit.org/show_bug.cgi?id=81648
463
464         Reviewed by Oliver Hunt.
465         
466         Removed most strength reduction for op_mod, and fixed the integer handling
467         to do the right thing for corner cases. Oddly, this revealed bugs in OSR,
468         which this patch also fixes.
469         
470         This patch is performance neutral on all of the major benchmarks we track.
471
472         * dfg/DFGOperations.cpp:
473         * dfg/DFGOperations.h:
474         * dfg/DFGSpeculativeJIT.cpp:
475         (DFG):
476         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
477         (JSC::DFG::SpeculativeJIT::compileArithMod):
478         * jit/JIT.h:
479         (JIT):
480         * jit/JITArithmetic.cpp:
481         (JSC):
482         (JSC::JIT::emit_op_mod):
483         (JSC::JIT::emitSlow_op_mod):
484         * jit/JITArithmetic32_64.cpp:
485         (JSC::JIT::emit_op_mod):
486         (JSC::JIT::emitSlow_op_mod):
487         * jit/JITOpcodes32_64.cpp:
488         (JSC::JIT::privateCompileCTIMachineTrampolines):
489         (JSC):
490         * jit/JITStubs.h:
491         (TrampolineStructure):
492         (JSC::JITThunks::ctiNativeConstruct):
493         * llint/LowLevelInterpreter64.asm:
494         * wtf/Platform.h:
495         * wtf/SimpleStats.h:
496         (WTF::SimpleStats::variance):
497
498 2012-03-20  Steve Falkenburg  <sfalken@apple.com>
499
500         Windows (make based) build fix.
501         <rdar://problem/11069015>
502
503         * JavaScriptCore.vcproj/JavaScriptCore.make: devenv /rebuild doesn't work with JavaScriptCore.vcproj. Use /clean and /build instead.
504
505 2012-03-20  Steve Falkenburg  <sfalken@apple.com>
506
507         Move WTF-related Windows project files out of JavaScriptCore
508         https://bugs.webkit.org/show_bug.cgi?id=80680
509
510         This change only moves the vcproj and related files from JavaScriptCore/JavaScriptCore.vcproj/WTF.
511         It does not move any source code. This is in preparation for the WTF source move out of
512         JavaScriptCore.
513
514         Reviewed by Jessie Berlin.
515
516         * JavaScriptCore.vcproj/JavaScriptCore.sln:
517         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
518         * JavaScriptCore.vcproj/WTF: Removed.
519         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed.
520         * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Removed.
521         * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Removed.
522         * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Removed.
523         * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Removed.
524         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Removed.
525         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Removed.
526         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Removed.
527         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Removed.
528         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Removed.
529         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Removed.
530         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Removed.
531         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Removed.
532         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Removed.
533         * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd: Removed.
534         * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd: Removed.
535         * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Removed.
536         * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Removed.
537         * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Removed.
538         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Removed.
539         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Removed.
540         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Removed.
541
542 2012-03-20  Benjamin Poulain  <bpoulain@apple.com>
543
544         Cache the type string of JavaScript object
545         https://bugs.webkit.org/show_bug.cgi?id=81446
546
547         Reviewed by Geoffrey Garen.
548
549         Instead of creating the JSString every time, we create
550         lazily the strings in JSGlobalData.
551
552         This avoid the construction of the StringImpl and of the JSString,
553         which gives some performance improvements.
554
555         * runtime/CommonIdentifiers.h:
556         * runtime/JSValue.cpp:
557         (JSC::JSValue::toStringSlowCase):
558         * runtime/Operations.cpp:
559         (JSC::jsTypeStringForValue):
560         * runtime/SmallStrings.cpp:
561         (JSC::SmallStrings::SmallStrings):
562         (JSC::SmallStrings::finalizeSmallStrings):
563         (JSC::SmallStrings::initialize):
564         (JSC):
565         * runtime/SmallStrings.h:
566         (SmallStrings):
567
568 2012-03-20  Oliver Hunt  <oliver@apple.com>
569
570         Allow LLINT to work even when executable allocation fails.
571         https://bugs.webkit.org/show_bug.cgi?id=81693
572
573         Reviewed by Gavin Barraclough.
574
575         Don't crash if executable allocation fails if we can fall back on LLINT
576
577         * jit/ExecutableAllocatorFixedVMPool.cpp:
578         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
579         * wtf/OSAllocatorPosix.cpp:
580         (WTF::OSAllocator::reserveAndCommit):
581
582 2012-03-20  Csaba Osztrogonác  <ossy@webkit.org>
583
584         Division optimizations fail to infer cases of truncated division and mishandle -2147483648/-1
585         https://bugs.webkit.org/show_bug.cgi?id=81428
586
587         32 bit buildfix after r111355.
588
589         2147483648 (2^31) isn't valid int literal in ISO C90, because 2147483647 (2^31-1) is the biggest int.
590         The smallest int is -2147483648 (-2^31) == -2147483647 - 1  == -INT32_MAX-1 == INT32_MIN (stdint.h).
591
592         Reviewed by Zoltan Herczeg.
593
594         * dfg/DFGSpeculativeJIT.cpp:
595         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
596
597 2012-03-19  Jochen Eisinger  <jochen@chromium.org>
598
599         Split WTFReportBacktrace into WTFReportBacktrace and WTFPrintBacktrace
600         https://bugs.webkit.org/show_bug.cgi?id=80983
601
602         Reviewed by Darin Adler.
603
604         This allows printing a backtrace acquired by an earlier WTFGetBacktrace
605         call which is useful for local debugging.
606
607         * wtf/Assertions.cpp:
608         * wtf/Assertions.h:
609
610 2012-03-19  Benjamin Poulain  <benjamin@webkit.org>
611
612         Do not copy the script source in the SourceProvider, just reference the existing string
613         https://bugs.webkit.org/show_bug.cgi?id=81466
614
615         Reviewed by Geoffrey Garen.
616
617         * parser/SourceCode.h: Remove the unused, and incorrect, function data().
618         * parser/SourceProvider.h: Add OVERRIDE for clarity.
619
620 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
621
622         Division optimizations fail to infer cases of truncated division and
623         mishandle -2147483648/-1
624         https://bugs.webkit.org/show_bug.cgi?id=81428
625         <rdar://problem/11067382>
626
627         Reviewed by Oliver Hunt.
628
629         If you're a division over integers and you're only used as an integer, then you're
630         an integer division and remainder checks become unnecessary. If you're dividing
631         -2147483648 by -1, don't crash.
632
633         * assembler/MacroAssemblerX86Common.h:
634         (MacroAssemblerX86Common):
635         (JSC::MacroAssemblerX86Common::add32):
636         * dfg/DFGSpeculativeJIT.cpp:
637         (DFG):
638         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
639         * dfg/DFGSpeculativeJIT.h:
640         (SpeculativeJIT):
641         * dfg/DFGSpeculativeJIT32_64.cpp:
642         (JSC::DFG::SpeculativeJIT::compile):
643         * dfg/DFGSpeculativeJIT64.cpp:
644         (JSC::DFG::SpeculativeJIT::compile):
645         * llint/LowLevelInterpreter64.asm:
646
647 2012-03-19  Benjamin Poulain  <bpoulain@apple.com>
648
649         Simplify SmallStrings
650         https://bugs.webkit.org/show_bug.cgi?id=81445
651
652         Reviewed by Gavin Barraclough.
653
654         SmallStrings had two methods that should not be public: count() and clear().
655
656         The method clear() is effectively replaced by finalizeSmallStrings(). The body
657         of the method was moved to the constructor since the code is obvious.
658
659         The method count() is unused.
660
661         * runtime/SmallStrings.cpp:
662         (JSC::SmallStrings::SmallStrings):
663         * runtime/SmallStrings.h:
664         (SmallStrings):
665
666 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
667
668         DFG can no longer compile V8-v4/regexp in debug mode
669         https://bugs.webkit.org/show_bug.cgi?id=81592
670
671         Reviewed by Gavin Barraclough.
672
673         * dfg/DFGSpeculativeJIT32_64.cpp:
674         (JSC::DFG::SpeculativeJIT::compile):
675         * dfg/DFGSpeculativeJIT64.cpp:
676         (JSC::DFG::SpeculativeJIT::compile):
677
678 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
679
680         Prediction propagation for UInt32ToNumber incorrectly assumes that outs outcome does not
681         change throughout the fixpoint
682         https://bugs.webkit.org/show_bug.cgi?id=81583
683
684         Reviewed by Michael Saboff.
685
686         * dfg/DFGPredictionPropagationPhase.cpp:
687         (JSC::DFG::PredictionPropagationPhase::propagate):
688
689 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
690
691         GC should not attempt to clear LLInt instruction inline caches for code blocks that are in
692         the process of being generated
693         https://bugs.webkit.org/show_bug.cgi?id=81565
694
695         Reviewed by Oliver Hunt.
696
697         * bytecode/CodeBlock.cpp:
698         (JSC::CodeBlock::finalizeUnconditionally):
699
700 2012-03-19  Eric Seidel  <eric@webkit.org>
701
702         Fix WTF header include discipline in Chromium WebKit
703         https://bugs.webkit.org/show_bug.cgi?id=81281
704
705         Reviewed by James Robinson.
706
707         * JavaScriptCore.gyp/JavaScriptCore.gyp:
708         * wtf/unicode/icu/CollatorICU.cpp:
709
710 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
711
712         DFG NodeUse should be called Edge and NodeReferenceBlob should be called AdjacencyList
713         https://bugs.webkit.org/show_bug.cgi?id=81556
714
715         Rubber stamped by Gavin Barraclough.
716
717         * GNUmakefile.list.am:
718         * JavaScriptCore.xcodeproj/project.pbxproj:
719         * dfg/DFGAbstractState.h:
720         (JSC::DFG::AbstractState::forNode):
721         * dfg/DFGAdjacencyList.h: Copied from Source/JavaScriptCore/dfg/DFGNodeReferenceBlob.h.
722         (JSC::DFG::AdjacencyList::AdjacencyList):
723         (JSC::DFG::AdjacencyList::child):
724         (JSC::DFG::AdjacencyList::setChild):
725         (JSC::DFG::AdjacencyList::child1):
726         (JSC::DFG::AdjacencyList::child2):
727         (JSC::DFG::AdjacencyList::child3):
728         (JSC::DFG::AdjacencyList::setChild1):
729         (JSC::DFG::AdjacencyList::setChild2):
730         (JSC::DFG::AdjacencyList::setChild3):
731         (JSC::DFG::AdjacencyList::child1Unchecked):
732         (JSC::DFG::AdjacencyList::initialize):
733         (AdjacencyList):
734         * dfg/DFGByteCodeParser.cpp:
735         (JSC::DFG::ByteCodeParser::addVarArgChild):
736         (JSC::DFG::ByteCodeParser::processPhiStack):
737         * dfg/DFGCSEPhase.cpp:
738         (JSC::DFG::CSEPhase::canonicalize):
739         (JSC::DFG::CSEPhase::performSubstitution):
740         * dfg/DFGEdge.h: Copied from Source/JavaScriptCore/dfg/DFGNodeUse.h.
741         (DFG):
742         (JSC::DFG::Edge::Edge):
743         (JSC::DFG::Edge::operator==):
744         (JSC::DFG::Edge::operator!=):
745         (Edge):
746         (JSC::DFG::operator==):
747         (JSC::DFG::operator!=):
748         * dfg/DFGGraph.h:
749         (JSC::DFG::Graph::operator[]):
750         (JSC::DFG::Graph::at):
751         (JSC::DFG::Graph::ref):
752         (JSC::DFG::Graph::deref):
753         (JSC::DFG::Graph::clearAndDerefChild1):
754         (JSC::DFG::Graph::clearAndDerefChild2):
755         (JSC::DFG::Graph::clearAndDerefChild3):
756         (Graph):
757         * dfg/DFGJITCompiler.h:
758         (JSC::DFG::JITCompiler::getPrediction):
759         * dfg/DFGNode.h:
760         (JSC::DFG::Node::Node):
761         (JSC::DFG::Node::child1):
762         (JSC::DFG::Node::child1Unchecked):
763         (JSC::DFG::Node::child2):
764         (JSC::DFG::Node::child3):
765         (Node):
766         * dfg/DFGNodeFlags.cpp:
767         (JSC::DFG::arithNodeFlagsAsString):
768         * dfg/DFGNodeFlags.h:
769         (DFG):
770         (JSC::DFG::nodeUsedAsNumber):
771         * dfg/DFGNodeReferenceBlob.h: Removed.
772         * dfg/DFGNodeUse.h: Removed.
773         * dfg/DFGPredictionPropagationPhase.cpp:
774         (JSC::DFG::PredictionPropagationPhase::propagate):
775         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
776         (JSC::DFG::PredictionPropagationPhase::vote):
777         (JSC::DFG::PredictionPropagationPhase::fixupNode):
778         * dfg/DFGScoreBoard.h:
779         (JSC::DFG::ScoreBoard::use):
780         * dfg/DFGSpeculativeJIT.cpp:
781         (JSC::DFG::SpeculativeJIT::useChildren):
782         (JSC::DFG::SpeculativeJIT::writeBarrier):
783         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
784         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
785         (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
786         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
787         * dfg/DFGSpeculativeJIT.h:
788         (JSC::DFG::SpeculativeJIT::at):
789         (JSC::DFG::SpeculativeJIT::canReuse):
790         (JSC::DFG::SpeculativeJIT::use):
791         (SpeculativeJIT):
792         (JSC::DFG::SpeculativeJIT::speculationCheck):
793         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
794         (JSC::DFG::IntegerOperand::IntegerOperand):
795         (JSC::DFG::DoubleOperand::DoubleOperand):
796         (JSC::DFG::JSValueOperand::JSValueOperand):
797         (JSC::DFG::StorageOperand::StorageOperand):
798         (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
799         (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
800         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
801         (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
802         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
803         * dfg/DFGSpeculativeJIT32_64.cpp:
804         (JSC::DFG::SpeculativeJIT::cachedPutById):
805         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
806         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
807         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
808         (JSC::DFG::SpeculativeJIT::emitCall):
809         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
810         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
811         * dfg/DFGSpeculativeJIT64.cpp:
812         (JSC::DFG::SpeculativeJIT::cachedPutById):
813         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
814         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
815         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
816         (JSC::DFG::SpeculativeJIT::emitCall):
817         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
818         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
819
820 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
821
822         Object.freeze broken on latest Nightly
823         https://bugs.webkit.org/show_bug.cgi?id=80577
824
825         Reviewed by Oliver Hunt.
826
827         * runtime/Arguments.cpp:
828         (JSC::Arguments::defineOwnProperty):
829             - defineOwnProperty was checking for correct behaviour, provided that length/callee hadn't
830             been overrridden. instead, just reify length/callee & rely on JSObject::defineOwnProperty.
831         * runtime/JSFunction.cpp:
832         (JSC::JSFunction::defineOwnProperty):
833             - for arguments/caller/length properties, defineOwnProperty was incorrectly asserting that
834             the object must be extensible; this is incorrect since these properties should already exist
835             on the object. In addition, it was asserting that the arguments/caller values must match the
836             corresponding magic data properties, but for strict mode function this is incorrect. Instead,
837             just reify the arguments/caller accessor & defer to JSObject::defineOwnProperty.
838
839 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
840
841         LLInt get_by_pname slow path incorrectly assumes that the operands are not constants
842         https://bugs.webkit.org/show_bug.cgi?id=81559
843
844         Reviewed by Michael Saboff.
845
846         * llint/LLIntSlowPaths.cpp:
847         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
848
849 2012-03-19  Yong Li  <yoli@rim.com>
850
851         [BlackBerry] Implement OSAllocator::commit/decommit in the correct way
852         https://bugs.webkit.org/show_bug.cgi?id=77013
853
854         We should use mmap(PROT_NONE, MAP_LAZY) instead of posix_madvise() to
855         implement memory decommitting for QNX.
856
857         Reviewed by Rob Buis.
858
859         * wtf/OSAllocatorPosix.cpp:
860         (WTF::OSAllocator::reserveUncommitted):
861         (WTF::OSAllocator::commit):
862         (WTF::OSAllocator::decommit):
863
864 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
865
866         Unreviewed - revent a couple of files accidentally committed.
867
868         * runtime/Arguments.cpp:
869         (JSC::Arguments::defineOwnProperty):
870         * runtime/JSFunction.cpp:
871         (JSC::JSFunction::defineOwnProperty):
872
873 2012-03-19  Jessie Berlin  <jberlin@apple.com>
874
875         Another Windows build fix after r111129.
876
877         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
878
879 2012-03-19  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
880
881         Cross-platform processor core counter: fix build on FreeBSD.
882         https://bugs.webkit.org/show_bug.cgi?id=81482
883
884         Reviewed by Zoltan Herczeg.
885
886         The documentation of sysctl(3) shows that <sys/types.h> should be
887         included before <sys/sysctl.h> (sys/types.h tends to be the first
888         included header in general).
889
890         This should fix the build on FreeBSD and other systems where
891         sysctl.h really depends on types defined in types.h.
892
893         * wtf/NumberOfCores.cpp:
894
895 2012-03-19  Jessie Berlin  <jberlin@apple.com>
896
897         Windows build fix after r111129.
898
899         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
900
901 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
902
903         JSCallbackFunction::toStringCallback/valueOfCallback do not handle 0 return value from convertToType
904         https://bugs.webkit.org/show_bug.cgi?id=81468 <rdar://problem/11034745>
905
906         Reviewed by Oliver Hunt.
907
908         The API specifies that convertToType may opt not to handle a conversion:
909             "@result The objects's converted value, or NULL if the object was not converted."
910         In which case, it would propagate first up the JSClass hierarchy, calling its superclass's
911         conversion functions, and failing that call the JSObject::defaultValue function.
912
913         Unfortunately this behaviour was removed in bug#69677/bug#69858, and instead we now rely on
914         the toStringCallback/valueOfCallback function introduced in bug#69156. Even after a fix in
915         bug#73368, these will return the result from the first convertToType they find, regardless
916         of whether this result is null, and if no convertToType method is found in the api class
917         hierarchy (possible if toStringCallback/valueOfCallback was accessed off the prototype
918         chain), they will also return a null pointer. This is unsafe.
919
920         It would be easy to make the approach based around toStringCallback/valueOfCallback continue
921         to walk the api class hierarchy, but making the fallback to defaultValue would be problematic
922         (since defaultValue calls toStringCallback/valueOfCallback, this would infinitely recurse).
923         Making the fallback work with toString/valueOf methods attached to api objects is probably
924         not the right thing to do – instead, we should just implement the defaultValue trap for api
925         objects.
926
927         In addition, this bug highlights that fact that JSCallbackFunction::call will allow a hard
928         null to be returned from C to JavaScript - this is not okay. Handle with an exception.
929
930         * API/JSCallbackFunction.cpp:
931         (JSC::JSCallbackFunction::call):
932             - Should be null checking the return value.
933         (JSC):
934             - Remove toStringCallback/valueOfCallback.
935         * API/JSCallbackFunction.h:
936         (JSCallbackFunction):
937             - Remove toStringCallback/valueOfCallback.
938         * API/JSCallbackObject.h:
939         (JSCallbackObject):
940             - Add defaultValue mthods to JSCallbackObject.
941         * API/JSCallbackObjectFunctions.h:
942         (JSC::::defaultValue):
943             - Add defaultValue mthods to JSCallbackObject.
944         * API/JSClassRef.cpp:
945         (OpaqueJSClass::prototype):
946             - Remove toStringCallback/valueOfCallback.
947         * API/tests/testapi.js:
948             - Revert this test, now we no longer artificially introduce a toString method onto the api object.
949
950 2012-03-18  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
951
952         [EFL] Include ICU_INCLUDE_DIRS when building.
953         https://bugs.webkit.org/show_bug.cgi?id=81483
954
955         Reviewed by Daniel Bates.
956
957         So far, only the ICU libraries were being included when building
958         JavaScriptCore, however the include path is also needed, otherwise the
959         build will fail when ICU is installed into a non-standard location.
960
961         * PlatformEfl.cmake: Include ${ICU_INCLUDE_DIRS}.
962
963 2012-03-17  Gavin Barraclough  <barraclough@apple.com>
964
965         Strength reduction, RegExp.exec -> RegExp.test
966         https://bugs.webkit.org/show_bug.cgi?id=81459
967
968         Reviewed by Sam Weinig.
969
970         RegExp.prototype.exec & RegExp.prototype.test can both be used to test a regular
971         expression for a match against a string - however exec is more expensive, since
972         it allocates a matches array object. In cases where the result is consumed in a
973         boolean context the allocation of the matches array can be trivially elided.
974
975         For example:
976             function f()
977             {
978                 for (i =0; i < 10000000; ++i)
979                     if(!/a/.exec("a"))
980                         err = true;
981             }
982
983         This is a 2.5x speedup on this example microbenchmark loop.
984
985         In a more advanced form of this optimization, we may be able to avoid allocating
986         the array where access to the array can be observed.
987
988         * create_hash_table:
989         * dfg/DFGAbstractState.cpp:
990         (JSC::DFG::AbstractState::execute):
991         * dfg/DFGByteCodeParser.cpp:
992         (JSC::DFG::ByteCodeParser::handleIntrinsic):
993         * dfg/DFGNode.h:
994         (JSC::DFG::Node::hasHeapPrediction):
995         * dfg/DFGNodeType.h:
996         (DFG):
997         * dfg/DFGOperations.cpp:
998         * dfg/DFGOperations.h:
999         * dfg/DFGPredictionPropagationPhase.cpp:
1000         (JSC::DFG::PredictionPropagationPhase::propagate):
1001         * dfg/DFGSpeculativeJIT.cpp:
1002         (JSC::DFG::SpeculativeJIT::compileRegExpExec):
1003         (DFG):
1004         * dfg/DFGSpeculativeJIT.h:
1005         (JSC::DFG::SpeculativeJIT::callOperation):
1006         * dfg/DFGSpeculativeJIT32_64.cpp:
1007         (JSC::DFG::SpeculativeJIT::compile):
1008         * dfg/DFGSpeculativeJIT64.cpp:
1009         (JSC::DFG::SpeculativeJIT::compile):
1010         * jsc.cpp:
1011         (GlobalObject::addConstructableFunction):
1012         * runtime/Intrinsic.h:
1013         * runtime/JSFunction.cpp:
1014         (JSC::JSFunction::create):
1015         (JSC):
1016         * runtime/JSFunction.h:
1017         (JSFunction):
1018         * runtime/Lookup.cpp:
1019         (JSC::setUpStaticFunctionSlot):
1020         * runtime/RegExpObject.cpp:
1021         (JSC::RegExpObject::exec):
1022         (JSC::RegExpObject::match):
1023         * runtime/RegExpObject.h:
1024         (RegExpObject):
1025         * runtime/RegExpPrototype.cpp:
1026         (JSC::regExpProtoFuncTest):
1027         (JSC::regExpProtoFuncExec):
1028
1029 2012-03-16  Michael Saboff  <msaboff@apple.com>
1030
1031         Improve diagnostic benefit of JSGlobalData::m_isInitializingObject
1032         https://bugs.webkit.org/show_bug.cgi?id=81244
1033
1034         Rubber stamped by Filip Pizlo.
1035
1036         Changed type and name of JSGlobalData::m_isInitializingObject to
1037         ClassInfo* and m_initializingObjectClass.
1038         Changed JSGlobalData::setInitializingObject to
1039         JSGlobalData::setInitializingObjectClass.  This pointer can be used within 
1040         the debugger to determine what type of object is being initialized.
1041         
1042         * runtime/JSCell.h:
1043         (JSC::JSCell::finishCreation):
1044         (JSC::allocateCell):
1045         * runtime/JSGlobalData.cpp:
1046         (JSC::JSGlobalData::JSGlobalData):
1047         * runtime/JSGlobalData.h:
1048         (JSGlobalData):
1049         (JSC::JSGlobalData::isInitializingObject):
1050         (JSC::JSGlobalData::setInitializingObjectClass):
1051         * runtime/Structure.h:
1052         (JSC::JSCell::finishCreation):
1053
1054 2012-03-16  Mark Rowe  <mrowe@apple.com>
1055
1056         Build fix. Do not preserve owner and group information when installing the WTF headers.
1057
1058         * JavaScriptCore.xcodeproj/project.pbxproj:
1059
1060 2012-03-15  David Dorwin  <ddorwin@chromium.org>
1061
1062         Make the array pointer parameters in the Typed Array create() methods const.
1063         https://bugs.webkit.org/show_bug.cgi?id=81147
1064
1065         Reviewed by Kenneth Russell.
1066
1067         This allows const arrays to be passed to these methods.
1068         They use PassRefPtr<Subclass> create(), which already has a const parameter.
1069
1070         * wtf/Int16Array.h:
1071         (Int16Array):
1072         (WTF::Int16Array::create):
1073         * wtf/Int32Array.h:
1074         (Int32Array):
1075         (WTF::Int32Array::create):
1076         * wtf/Int8Array.h:
1077         (Int8Array):
1078         (WTF::Int8Array::create):
1079         * wtf/Uint16Array.h:
1080         (Uint16Array):
1081         (WTF::Uint16Array::create):
1082         * wtf/Uint32Array.h:
1083         (Uint32Array):
1084         (WTF::Uint32Array::create):
1085         * wtf/Uint8Array.h:
1086         (Uint8Array):
1087         (WTF::Uint8Array::create):
1088         * wtf/Uint8ClampedArray.h:
1089         (Uint8ClampedArray):
1090         (WTF::Uint8ClampedArray::create):
1091
1092 2012-03-15  Myles Maxfield  <mmaxfield@google.com>
1093
1094         CopiedSpace::tryAllocateOversize assumes system page size
1095         https://bugs.webkit.org/show_bug.cgi?id=80615
1096
1097         Reviewed by Geoffrey Garen.
1098
1099         * heap/CopiedSpace.cpp:
1100         (JSC::CopiedSpace::tryAllocateOversize):
1101         * heap/CopiedSpace.h:
1102         (CopiedSpace):
1103         * heap/CopiedSpaceInlineMethods.h:
1104         (JSC::CopiedSpace::oversizeBlockFor):
1105         * wtf/BumpPointerAllocator.h:
1106         (WTF::BumpPointerPool::create):
1107         * wtf/StdLibExtras.h:
1108         (WTF::roundUpToMultipleOf):
1109
1110 2012-03-15  Mark Hahnenberg  <mhahnenberg@apple.com>
1111
1112         Fixing Windows build breakage
1113
1114         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1115
1116 2012-03-15  Patrick Gansterer  <paroga@webkit.org>
1117
1118         [EFL] Make zlib a general build requirement
1119         https://bugs.webkit.org/show_bug.cgi?id=80153
1120
1121         Reviewed by Hajime Morita.
1122
1123         After r109538 WebSocket module needs zlib to support deflate-frame extension.
1124
1125         * wtf/Platform.h:
1126
1127 2012-03-15  Benjamin Poulain  <bpoulain@apple.com>
1128
1129         NumericStrings should be inlined
1130         https://bugs.webkit.org/show_bug.cgi?id=81183
1131
1132         Reviewed by Gavin Barraclough.
1133
1134         NumericStrings is not always inlined. When it is not, the class is not faster
1135         than using UString::number() directly.
1136
1137         * runtime/NumericStrings.h:
1138         (JSC::NumericStrings::add):
1139         (JSC::NumericStrings::lookupSmallString):
1140
1141 2012-03-15  Andras Becsi  <andras.becsi@nokia.com>
1142
1143         Fix ARM build after r110792.
1144
1145         Unreviewed build fix.
1146
1147         * jit/ExecutableAllocator.h:
1148         (JSC::ExecutableAllocator::cacheFlush):
1149         Remove superfluous curly brackets.
1150
1151 2012-03-15  Gavin Barraclough  <barraclough@apple.com>
1152
1153         ARMv7: prefer vmov(gpr,gpr->double) over vmov(gpr->single)
1154         https://bugs.webkit.org/show_bug.cgi?id=81256
1155
1156         Reviewed by Oliver Hunt.
1157
1158         This is a 0.5% sunspider progression.
1159
1160         * assembler/MacroAssemblerARMv7.h:
1161         (JSC::MacroAssemblerARMv7::convertInt32ToDouble):
1162             - switch which form of vmov we use.
1163
1164 2012-03-15  YoungTaeck Song  <youngtaeck.song@samsung.com>
1165
1166         [EFL] Add OwnPtr specialization for Ecore_Timer.
1167         https://bugs.webkit.org/show_bug.cgi?id=80119
1168
1169         Reviewed by Hajime Morita.
1170
1171         Add an overload for deleteOwnedPtr(Ecore_Timer*) on EFL port.
1172
1173         * wtf/OwnPtrCommon.h:
1174         (WTF):
1175         * wtf/efl/OwnPtrEfl.cpp:
1176         (WTF::deleteOwnedPtr):
1177         (WTF):
1178
1179 2012-03-15  Hojong Han  <hojong.han@samsung.com>
1180
1181         Linux has madvise enough to support OSAllocator::commit/decommit
1182         https://bugs.webkit.org/show_bug.cgi?id=80505
1183
1184         Reviewed by Geoffrey Garen.
1185
1186         * wtf/OSAllocatorPosix.cpp:
1187         (WTF::OSAllocator::reserveUncommitted):
1188         (WTF::OSAllocator::commit):
1189         (WTF::OSAllocator::decommit):
1190
1191 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
1192
1193         Windows build fix.
1194
1195         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
1196         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
1197         * JavaScriptCore.vcproj/WTF/copy-files.cmd:
1198         * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
1199
1200 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
1201
1202         Windows build fix.
1203
1204         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
1205
1206 2012-03-15  Kevin Ollivier  <kevino@theolliviers.com>
1207
1208         Move wx port to using export macros
1209         https://bugs.webkit.org/show_bug.cgi?id=77279
1210
1211         Reviewed by Hajime Morita.
1212
1213         * wscript:
1214         * wtf/Platform.h:
1215
1216 2012-03-14  Benjamin Poulain  <bpoulain@apple.com>
1217
1218         Avoid StringImpl::getData16SlowCase() when sorting array
1219         https://bugs.webkit.org/show_bug.cgi?id=81070
1220
1221         Reviewed by Geoffrey Garen.
1222
1223         The function codePointCompare() is used intensively when sorting strings.
1224         This patch improves its performance by:
1225         -Avoiding character conversion.
1226         -Inlining the function.
1227
1228         This makes Peacekeeper's arrayCombined test 30% faster.
1229
1230         * wtf/text/StringImpl.cpp:
1231         * wtf/text/StringImpl.h:
1232         (WTF):
1233         (WTF::codePointCompare):
1234         (WTF::codePointCompare8):
1235         (WTF::codePointCompare16):
1236         (WTF::codePointCompare8To16):
1237
1238 2012-03-14  Hojong Han  <hojong.han@samsung.com>
1239
1240         Fix memory allocation failed by fastmalloc
1241         https://bugs.webkit.org/show_bug.cgi?id=79614
1242
1243         Reviewed by Geoffrey Garen.
1244
1245         Memory allocation failed even if the heap grows successfully.
1246         It is wrong to get the span only from the large list after the heap grows,
1247         because new span could be added in the normal list.
1248
1249         * wtf/FastMalloc.cpp:
1250         (WTF::TCMalloc_PageHeap::New):
1251
1252 2012-03-14  Hojong Han  <hojong.han@samsung.com>
1253
1254         Run cacheFlush page by page to assure of flushing all the requested ranges
1255         https://bugs.webkit.org/show_bug.cgi?id=77712
1256
1257         Reviewed by Geoffrey Garen.
1258
1259         Current MetaAllocator concept, always coalesces adjacent free spaces,
1260         doesn't meet memory management of Linux kernel.
1261         In a certain case Linux kernel doesn't regard contiguous virtual memory areas as one but two.
1262         Therefore cacheFlush page by page guarantees a flush-requested range.
1263
1264         * jit/ExecutableAllocator.h:
1265         (JSC::ExecutableAllocator::cacheFlush):
1266
1267 2012-03-14  Oliver Hunt  <oliver@apple.com>
1268
1269         Make ARMv7 work again
1270         https://bugs.webkit.org/show_bug.cgi?id=81157
1271
1272         Reviewed by Geoffrey Garen.
1273
1274         We were trying to use the ARMv7 dataRegister as a scratch register in a scenario
1275         where we the ARMv7MacroAssembler would also try to use dataRegister for its own
1276         nefarious purposes.
1277
1278         * assembler/MacroAssembler.h:
1279         (JSC::MacroAssembler::store32):
1280         * assembler/MacroAssemblerARMv7.h:
1281         (MacroAssemblerARMv7):
1282
1283 2012-03-14  Mark Hahnenberg  <mhahnenberg@apple.com>
1284
1285         Heap::destroy leaks CopiedSpace
1286         https://bugs.webkit.org/show_bug.cgi?id=81055
1287
1288         Reviewed by Geoffrey Garen.
1289
1290         Added a destroy() function to CopiedSpace that moves all normal size 
1291         CopiedBlocks from the CopiedSpace to the Heap's list of free blocks 
1292         as well as deallocates all of the oversize blocks in the CopiedSpace. 
1293         This function is now called in Heap::destroy().
1294
1295         * heap/CopiedSpace.cpp:
1296         (JSC::CopiedSpace::destroy):
1297         (JSC):
1298         * heap/CopiedSpace.h:
1299         (CopiedSpace):
1300         * heap/Heap.cpp:
1301         (JSC::Heap::destroy):
1302
1303 2012-03-14  Andrew Lo  <anlo@rim.com>
1304
1305         [BlackBerry] Implement REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR using AnimationFrameRateController
1306         https://bugs.webkit.org/show_bug.cgi?id=81000
1307
1308         Enable WTF_USE_REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for BlackBerry.
1309
1310         Reviewed by Antonio Gomes.
1311
1312         * wtf/Platform.h:
1313
1314 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1315
1316         ValueToInt32 speculation will cause OSR exits even when it does not have to
1317         https://bugs.webkit.org/show_bug.cgi?id=81068
1318         <rdar://problem/11043926>
1319
1320         Reviewed by Anders Carlsson.
1321         
1322         Two related changes:
1323         1) ValueToInt32 will now always just defer to the non-speculative path, instead
1324            of exiting, if it doesn't know what speculations to perform.
1325         2) ValueToInt32 will speculate boolean if it sees this to be profitable.
1326
1327         * dfg/DFGAbstractState.cpp:
1328         (JSC::DFG::AbstractState::execute):
1329         * dfg/DFGNode.h:
1330         (JSC::DFG::Node::shouldSpeculateBoolean):
1331         (Node):
1332         * dfg/DFGSpeculativeJIT.cpp:
1333         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
1334
1335 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
1336
1337         More Windows build fixing
1338
1339         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1340
1341 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
1342
1343         Windows build fix
1344
1345         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1346
1347 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
1348
1349         Type conversion of exponential part failed
1350         https://bugs.webkit.org/show_bug.cgi?id=80673
1351
1352         Reviewed by Geoffrey Garen.
1353
1354         * parser/Lexer.cpp:
1355         (JSC::::lex):
1356         * runtime/JSGlobalObjectFunctions.cpp:
1357         (JSC::parseInt):
1358         (JSC):
1359         (JSC::jsStrDecimalLiteral): Added another template argument that exposes whether or not
1360         we accept trailing junk to clients of jsStrDecimalLiteral. Also added additional template 
1361         parameter for strtod to allow trailing spaces.
1362         (JSC::toDouble):
1363         (JSC::parseFloat): Accept trailing junk, as per the ECMA 262 spec (15.1.2.3).
1364         * runtime/LiteralParser.cpp:
1365         (JSC::::Lexer::lexNumber):
1366         * tests/mozilla/expected.html: Update the expected page for run-javascriptcore-tests so that 
1367         we will run ecma/TypeConversion/9.3.1-3.js as a regression test now.
1368         * wtf/dtoa.cpp:
1369         (WTF):
1370         (WTF::strtod): We also needed to sometimes accept trailing spaces to pass a few other tests that were 
1371         broken by changing the default allowance of trailing junk in jsStrDecimalLiteral.
1372         * wtf/dtoa.h:
1373         * wtf/dtoa/double-conversion.cc: When the AdvanceToNonspace function was lifted out of the 
1374         Chromium codebase, the person porting it only thought to check for spaces when skipping whitespace.
1375         A few of our JSC tests check for other types of trailing whitespace, so I've added checks for those 
1376         here to cover those cases (horizontal tab, vertical tab, carriage return, form feed, and line feed).
1377         * wtf/text/WTFString.cpp:
1378         (WTF::toDoubleType): Disallow trailing spaces, as this breaks form input verification stuff.
1379
1380 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1381
1382         Unreviewed, build fix since is_pod<> includes some header that I didn't know about.
1383         Removing the assert for now.
1384
1385         * dfg/DFGOperations.h:
1386         * llint/LLIntSlowPaths.h:
1387
1388 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1389
1390         Functions with C linkage should return POD types
1391         https://bugs.webkit.org/show_bug.cgi?id=81061
1392
1393         Reviewed by Mark Rowe.
1394
1395         * dfg/DFGOperations.h:
1396         * llint/LLIntSlowPaths.h:
1397         (LLInt):
1398         (SlowPathReturnType):
1399         (JSC::LLInt::encodeResult):
1400
1401 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1402
1403         Loads from UInt32Arrays should not result in a double up-convert if it isn't necessary
1404         https://bugs.webkit.org/show_bug.cgi?id=80979
1405         <rdar://problem/11036848>
1406
1407         Reviewed by Oliver Hunt.
1408         
1409         Also improved DFG IR dumping to include type information in a somewhat more
1410         intuitive way.
1411
1412         * bytecode/PredictedType.cpp:
1413         (JSC::predictionToAbbreviatedString):
1414         (JSC):
1415         * bytecode/PredictedType.h:
1416         (JSC):
1417         * dfg/DFGAbstractState.cpp:
1418         (JSC::DFG::AbstractState::execute):
1419         * dfg/DFGGraph.cpp:
1420         (JSC::DFG::Graph::dump):
1421         * dfg/DFGPredictionPropagationPhase.cpp:
1422         (JSC::DFG::PredictionPropagationPhase::propagate):
1423         * dfg/DFGSpeculativeJIT.cpp:
1424         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
1425         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
1426         * dfg/DFGSpeculativeJIT.h:
1427         (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
1428
1429 2012-03-13  George Staikos  <staikos@webkit.org>
1430
1431         The callback is only used if SA_RESTART is defined.  Compile it out
1432         otherwise to avoid a warning.
1433         https://bugs.webkit.org/show_bug.cgi?id=80926
1434
1435         Reviewed by Alexey Proskuryakov.
1436
1437         * heap/MachineStackMarker.cpp:
1438         (JSC):
1439
1440 2012-03-13  Hojong Han  <hojong.han@samsung.com>
1441
1442         Dump the generated code for ARM_TRADITIONAL
1443         https://bugs.webkit.org/show_bug.cgi?id=80975
1444
1445         Reviewed by Gavin Barraclough.
1446
1447         * assembler/LinkBuffer.h:
1448         (JSC::LinkBuffer::dumpCode):
1449
1450 2012-03-13  Adam Barth  <abarth@webkit.org> && Benjamin Poulain  <bpoulain@apple.com>
1451
1452         Always enable ENABLE(CLIENT_BASED_GEOLOCATION)
1453         https://bugs.webkit.org/show_bug.cgi?id=78853
1454
1455         Reviewed by Adam Barth.
1456
1457         * Configurations/FeatureDefines.xcconfig:
1458         * wtf/Platform.h:
1459
1460 2012-03-13  Kwonjin Jeong  <gram@company100.net>
1461
1462         Remove SlotVisitor::copy() method.
1463         https://bugs.webkit.org/show_bug.cgi?id=80973
1464
1465         Reviewed by Geoffrey Garen.
1466
1467         SlotVisitor::copy() method isn't called anywhere.
1468
1469         * heap/MarkStack.cpp: Remove definition of SlotVisitor::copy() method.
1470         * heap/SlotVisitor.h: Remove declaration of SlotVisitor::copy() method.
1471
1472 2012-03-12  Hojong Han  <hojong.han@samsung.com>
1473
1474         Fix test cases for RegExp multiline
1475         https://bugs.webkit.org/show_bug.cgi?id=80822
1476
1477         Reviewed by Gavin Barraclough.
1478
1479         * tests/mozilla/js1_2/regexp/RegExp_multiline.js:
1480         * tests/mozilla/js1_2/regexp/RegExp_multiline_as_array.js:
1481         * tests/mozilla/js1_2/regexp/beginLine.js:
1482         * tests/mozilla/js1_2/regexp/endLine.js:
1483
1484 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
1485
1486         Arithmetic use inference should be procedure-global and should run in tandem
1487         with type propagation
1488         https://bugs.webkit.org/show_bug.cgi?id=80819
1489         <rdar://problem/11034006>
1490
1491         Reviewed by Gavin Barraclough.
1492         
1493         * CMakeLists.txt:
1494         * GNUmakefile.list.am:
1495         * JavaScriptCore.xcodeproj/project.pbxproj:
1496         * Target.pri:
1497         * dfg/DFGArithNodeFlagsInferencePhase.cpp: Removed.
1498         * dfg/DFGArithNodeFlagsInferencePhase.h: Removed.
1499         * dfg/DFGDriver.cpp:
1500         (JSC::DFG::compile):
1501         * dfg/DFGPredictionPropagationPhase.cpp:
1502         (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
1503         (PredictionPropagationPhase):
1504         (JSC::DFG::PredictionPropagationPhase::isNotZero):
1505         (JSC::DFG::PredictionPropagationPhase::propagate):
1506         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
1507         * dfg/DFGVariableAccessData.h:
1508         (JSC::DFG::VariableAccessData::VariableAccessData):
1509         (JSC::DFG::VariableAccessData::flags):
1510         (VariableAccessData):
1511         (JSC::DFG::VariableAccessData::mergeFlags):
1512
1513 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
1514
1515         Node::op and Node::flags should be private
1516         https://bugs.webkit.org/show_bug.cgi?id=80824
1517         <rdar://problem/11033435>
1518
1519         Reviewed by Gavin Barraclough.
1520
1521         * CMakeLists.txt:
1522         * GNUmakefile.list.am:
1523         * JavaScriptCore.xcodeproj/project.pbxproj:
1524         * Target.pri:
1525         * dfg/DFGAbstractState.cpp:
1526         (JSC::DFG::AbstractState::initialize):
1527         (JSC::DFG::AbstractState::execute):
1528         (JSC::DFG::AbstractState::mergeStateAtTail):
1529         (JSC::DFG::AbstractState::mergeToSuccessors):
1530         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
1531         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
1532         * dfg/DFGByteCodeParser.cpp:
1533         (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
1534         (JSC::DFG::ByteCodeParser::getLocal):
1535         (JSC::DFG::ByteCodeParser::getArgument):
1536         (JSC::DFG::ByteCodeParser::flushArgument):
1537         (JSC::DFG::ByteCodeParser::toInt32):
1538         (JSC::DFG::ByteCodeParser::isJSConstant):
1539         (JSC::DFG::ByteCodeParser::makeSafe):
1540         (JSC::DFG::ByteCodeParser::makeDivSafe):
1541         (JSC::DFG::ByteCodeParser::handleInlining):
1542         (JSC::DFG::ByteCodeParser::parseBlock):
1543         (JSC::DFG::ByteCodeParser::processPhiStack):
1544         (JSC::DFG::ByteCodeParser::linkBlock):
1545         * dfg/DFGCFAPhase.cpp:
1546         (JSC::DFG::CFAPhase::performBlockCFA):
1547         * dfg/DFGCSEPhase.cpp:
1548         (JSC::DFG::CSEPhase::canonicalize):
1549         (JSC::DFG::CSEPhase::endIndexForPureCSE):
1550         (JSC::DFG::CSEPhase::pureCSE):
1551         (JSC::DFG::CSEPhase::byValIsPure):
1552         (JSC::DFG::CSEPhase::clobbersWorld):
1553         (JSC::DFG::CSEPhase::impureCSE):
1554         (JSC::DFG::CSEPhase::globalVarLoadElimination):
1555         (JSC::DFG::CSEPhase::getByValLoadElimination):
1556         (JSC::DFG::CSEPhase::checkFunctionElimination):
1557         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
1558         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
1559         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
1560         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
1561         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
1562         (JSC::DFG::CSEPhase::performNodeCSE):
1563         * dfg/DFGGraph.cpp:
1564         (JSC::DFG::Graph::dump):
1565         (DFG):
1566         * dfg/DFGGraph.h:
1567         (JSC::DFG::Graph::addShouldSpeculateInteger):
1568         (JSC::DFG::Graph::negateShouldSpeculateInteger):
1569         (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
1570         * dfg/DFGNode.cpp: Removed.
1571         * dfg/DFGNode.h:
1572         (DFG):
1573         (JSC::DFG::Node::Node):
1574         (Node):
1575         (JSC::DFG::Node::op):
1576         (JSC::DFG::Node::flags):
1577         (JSC::DFG::Node::setOp):
1578         (JSC::DFG::Node::setFlags):
1579         (JSC::DFG::Node::mergeFlags):
1580         (JSC::DFG::Node::filterFlags):
1581         (JSC::DFG::Node::clearFlags):
1582         (JSC::DFG::Node::setOpAndDefaultFlags):
1583         (JSC::DFG::Node::mustGenerate):
1584         (JSC::DFG::Node::isConstant):
1585         (JSC::DFG::Node::isWeakConstant):
1586         (JSC::DFG::Node::valueOfJSConstant):
1587         (JSC::DFG::Node::hasVariableAccessData):
1588         (JSC::DFG::Node::hasIdentifier):
1589         (JSC::DFG::Node::resolveGlobalDataIndex):
1590         (JSC::DFG::Node::hasArithNodeFlags):
1591         (JSC::DFG::Node::arithNodeFlags):
1592         (JSC::DFG::Node::setArithNodeFlag):
1593         (JSC::DFG::Node::mergeArithNodeFlags):
1594         (JSC::DFG::Node::hasConstantBuffer):
1595         (JSC::DFG::Node::hasRegexpIndex):
1596         (JSC::DFG::Node::hasVarNumber):
1597         (JSC::DFG::Node::hasScopeChainDepth):
1598         (JSC::DFG::Node::hasResult):
1599         (JSC::DFG::Node::hasInt32Result):
1600         (JSC::DFG::Node::hasNumberResult):
1601         (JSC::DFG::Node::hasJSResult):
1602         (JSC::DFG::Node::hasBooleanResult):
1603         (JSC::DFG::Node::isJump):
1604         (JSC::DFG::Node::isBranch):
1605         (JSC::DFG::Node::isTerminal):
1606         (JSC::DFG::Node::hasHeapPrediction):
1607         (JSC::DFG::Node::hasFunctionCheckData):
1608         (JSC::DFG::Node::hasStructureTransitionData):
1609         (JSC::DFG::Node::hasStructureSet):
1610         (JSC::DFG::Node::hasStorageAccessData):
1611         (JSC::DFG::Node::hasFunctionDeclIndex):
1612         (JSC::DFG::Node::hasFunctionExprIndex):
1613         (JSC::DFG::Node::child1):
1614         (JSC::DFG::Node::child2):
1615         (JSC::DFG::Node::child3):
1616         (JSC::DFG::Node::firstChild):
1617         (JSC::DFG::Node::numChildren):
1618         * dfg/DFGNodeFlags.cpp: Copied from Source/JavaScriptCore/dfg/DFGNode.cpp.
1619         * dfg/DFGNodeFlags.h: Added.
1620         (DFG):
1621         (JSC::DFG::nodeUsedAsNumber):
1622         (JSC::DFG::nodeCanTruncateInteger):
1623         (JSC::DFG::nodeCanIgnoreNegativeZero):
1624         (JSC::DFG::nodeMayOverflow):
1625         (JSC::DFG::nodeCanSpeculateInteger):
1626         * dfg/DFGNodeType.h: Added.
1627         (DFG):
1628         (JSC::DFG::defaultFlags):
1629         * dfg/DFGPredictionPropagationPhase.cpp:
1630         (JSC::DFG::PredictionPropagationPhase::propagate):
1631         (JSC::DFG::PredictionPropagationPhase::vote):
1632         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
1633         (JSC::DFG::PredictionPropagationPhase::fixupNode):
1634         * dfg/DFGRedundantPhiEliminationPhase.cpp:
1635         (JSC::DFG::RedundantPhiEliminationPhase::run):
1636         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
1637         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
1638         * dfg/DFGSpeculativeJIT.cpp:
1639         (JSC::DFG::SpeculativeJIT::useChildren):
1640         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
1641         (JSC::DFG::SpeculativeJIT::compileMovHint):
1642         (JSC::DFG::SpeculativeJIT::compile):
1643         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
1644         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
1645         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
1646         (JSC::DFG::SpeculativeJIT::compileAdd):
1647         (JSC::DFG::SpeculativeJIT::compare):
1648         * dfg/DFGSpeculativeJIT.h:
1649         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
1650         * dfg/DFGSpeculativeJIT32_64.cpp:
1651         (JSC::DFG::SpeculativeJIT::emitCall):
1652         (JSC::DFG::SpeculativeJIT::compile):
1653         * dfg/DFGSpeculativeJIT64.cpp:
1654         (JSC::DFG::SpeculativeJIT::emitCall):
1655         (JSC::DFG::SpeculativeJIT::compile):
1656         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1657         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1658
1659 2012-03-12  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
1660
1661         Minor DataLog fixes
1662         https://bugs.webkit.org/show_bug.cgi?id=80826
1663
1664         Reviewed by Andreas Kling.
1665
1666         * bytecode/ExecutionCounter.cpp:
1667         Do not include DataLog.h, it is not used.
1668         
1669         * jit/ExecutableAllocator.cpp:
1670         Ditto.
1671
1672         * wtf/DataLog.cpp:
1673         (WTF::initializeLogFileOnce):
1674         Add missing semi-colon to the code path where DATA_LOG_FILENAME is defined.
1675
1676         * wtf/HashTable.cpp:
1677         Include DataLog as it is used.
1678
1679 2012-03-12  SangGyu Lee  <sg5.lee@samsung.com>
1680
1681         Integer overflow check code in arithmetic operation in classic interpreter
1682         https://bugs.webkit.org/show_bug.cgi?id=80465
1683
1684         Reviewed by Gavin Barraclough.
1685
1686         * interpreter/Interpreter.cpp:
1687         (JSC::Interpreter::privateExecute):
1688
1689 2012-03-12  Zeno Albisser  <zeno@webkit.org>
1690
1691         [Qt][Mac] Build fails after enabling LLINT when JIT is disabled (r109863)
1692         https://bugs.webkit.org/show_bug.cgi?id=80827
1693
1694         Qt on Mac uses OS(DARWIN) as well, but we do not want to enable LLINT.
1695
1696         Reviewed by Simon Hausmann.
1697
1698         * wtf/Platform.h:
1699
1700 2012-03-12  Simon Hausmann  <simon.hausmann@nokia.com>
1701
1702         Unreviewed prospective Qt/Mac build fix
1703
1704         * runtime/JSGlobalData.cpp: use #USE(CF) instead of PLATFORM(MAC) to determine
1705         whether to include CoreFoundation headers, used for JIT configuration in JSGlobalData
1706         constructor.
1707
1708 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
1709
1710         All DFG nodes should have a mutable set of flags
1711         https://bugs.webkit.org/show_bug.cgi?id=80779
1712         <rdar://problem/11026218>
1713
1714         Reviewed by Gavin Barraclough.
1715         
1716         Got rid of NodeId, and placed all of the flags that distinguished NodeId
1717         from NodeType into a separate Node::flags field. Combined what was previously
1718         ArithNodeFlags into Node::flags.
1719         
1720         In the process of debugging, I found that the debug support in the virtual
1721         register allocator was lacking, so I improved it. I also realized that the
1722         virtual register allocator was assuming that the nodes in a basic block were
1723         contiguous, which is no longer the case. So I fixed that. The fix also made
1724         it natural to have more extreme assertions, so I added them. I suspect this
1725         will make it easier to catch virtual register allocation bugs in the future.
1726         
1727         This is mostly performance neutral; if anything it looks like a slight
1728         speed-up.
1729         
1730         This patch does leave some work for future refactorings; for example, Node::op
1731         is unencapsulated. This was already the case, though now it feels even more
1732         like it should be. I avoided doing that because this patch has already grown
1733         way bigger than I wanted.
1734         
1735         Finally, this patch creates a DFGNode.cpp file and makes a slight effort to
1736         move some unnecessarily inline stuff out of DFGNode.h.
1737
1738         * CMakeLists.txt:
1739         * GNUmakefile.list.am:
1740         * JavaScriptCore.xcodeproj/project.pbxproj:
1741         * Target.pri:
1742         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
1743         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
1744         * dfg/DFGByteCodeParser.cpp:
1745         (JSC::DFG::ByteCodeParser::addToGraph):
1746         (JSC::DFG::ByteCodeParser::makeSafe):
1747         (JSC::DFG::ByteCodeParser::makeDivSafe):
1748         (JSC::DFG::ByteCodeParser::handleMinMax):
1749         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1750         (JSC::DFG::ByteCodeParser::parseBlock):
1751         * dfg/DFGCFAPhase.cpp:
1752         (JSC::DFG::CFAPhase::performBlockCFA):
1753         * dfg/DFGCSEPhase.cpp:
1754         (JSC::DFG::CSEPhase::endIndexForPureCSE):
1755         (JSC::DFG::CSEPhase::pureCSE):
1756         (JSC::DFG::CSEPhase::clobbersWorld):
1757         (JSC::DFG::CSEPhase::impureCSE):
1758         (JSC::DFG::CSEPhase::setReplacement):
1759         (JSC::DFG::CSEPhase::eliminate):
1760         (JSC::DFG::CSEPhase::performNodeCSE):
1761         (JSC::DFG::CSEPhase::performBlockCSE):
1762         (CSEPhase):
1763         * dfg/DFGGraph.cpp:
1764         (JSC::DFG::Graph::opName):
1765         (JSC::DFG::Graph::dump):
1766         (DFG):
1767         * dfg/DFGNode.cpp: Added.
1768         (DFG):
1769         (JSC::DFG::arithNodeFlagsAsString):
1770         * dfg/DFGNode.h:
1771         (DFG):
1772         (JSC::DFG::nodeUsedAsNumber):
1773         (JSC::DFG::nodeCanTruncateInteger):
1774         (JSC::DFG::nodeCanIgnoreNegativeZero):
1775         (JSC::DFG::nodeMayOverflow):
1776         (JSC::DFG::nodeCanSpeculateInteger):
1777         (JSC::DFG::defaultFlags):
1778         (JSC::DFG::Node::Node):
1779         (Node):
1780         (JSC::DFG::Node::setOpAndDefaultFlags):
1781         (JSC::DFG::Node::mustGenerate):
1782         (JSC::DFG::Node::arithNodeFlags):
1783         (JSC::DFG::Node::setArithNodeFlag):
1784         (JSC::DFG::Node::mergeArithNodeFlags):
1785         (JSC::DFG::Node::hasResult):
1786         (JSC::DFG::Node::hasInt32Result):
1787         (JSC::DFG::Node::hasNumberResult):
1788         (JSC::DFG::Node::hasJSResult):
1789         (JSC::DFG::Node::hasBooleanResult):
1790         (JSC::DFG::Node::isJump):
1791         (JSC::DFG::Node::isBranch):
1792         (JSC::DFG::Node::isTerminal):
1793         (JSC::DFG::Node::child1):
1794         (JSC::DFG::Node::child2):
1795         (JSC::DFG::Node::child3):
1796         (JSC::DFG::Node::firstChild):
1797         (JSC::DFG::Node::numChildren):
1798         * dfg/DFGPredictionPropagationPhase.cpp:
1799         (JSC::DFG::PredictionPropagationPhase::propagate):
1800         (JSC::DFG::PredictionPropagationPhase::vote):
1801         (JSC::DFG::PredictionPropagationPhase::fixupNode):
1802         * dfg/DFGScoreBoard.h:
1803         (ScoreBoard):
1804         (JSC::DFG::ScoreBoard::~ScoreBoard):
1805         (JSC::DFG::ScoreBoard::assertClear):
1806         (JSC::DFG::ScoreBoard::use):
1807         * dfg/DFGSpeculativeJIT.cpp:
1808         (JSC::DFG::SpeculativeJIT::useChildren):
1809         * dfg/DFGSpeculativeJIT32_64.cpp:
1810         (JSC::DFG::SpeculativeJIT::compile):
1811         * dfg/DFGSpeculativeJIT64.cpp:
1812         (JSC::DFG::SpeculativeJIT::compile):
1813         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1814         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1815
1816 2012-03-10  Filip Pizlo  <fpizlo@apple.com>
1817
1818         LLInt should support JSVALUE64
1819         https://bugs.webkit.org/show_bug.cgi?id=79609
1820         <rdar://problem/10063437>
1821
1822         Reviewed by Gavin Barraclough and Oliver Hunt.
1823         
1824         Ported the LLInt, which previously only worked on 32-bit, to 64-bit. This
1825         patch moves a fair bit of code from LowLevelInterpreter32_64.asm to the common
1826         file, LowLevelInterpreter.asm. About 1/3 of the LLInt did not have to be
1827         specialized for value representation.
1828         
1829         Also made some minor changes to offlineasm and the slow-paths.
1830
1831         * llint/LLIntData.cpp:
1832         (JSC::LLInt::Data::performAssertions):
1833         * llint/LLIntEntrypoints.cpp:
1834         * llint/LLIntSlowPaths.cpp:
1835         (LLInt):
1836         (JSC::LLInt::llint_trace_value):
1837         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1838         (JSC::LLInt::jitCompileAndSetHeuristics):
1839         * llint/LLIntSlowPaths.h:
1840         (LLInt):
1841         (SlowPathReturnType):
1842         (JSC::LLInt::SlowPathReturnType::SlowPathReturnType):
1843         (JSC::LLInt::encodeResult):
1844         * llint/LLIntThunks.cpp:
1845         * llint/LowLevelInterpreter.asm:
1846         * llint/LowLevelInterpreter32_64.asm:
1847         * llint/LowLevelInterpreter64.asm:
1848         * offlineasm/armv7.rb:
1849         * offlineasm/asm.rb:
1850         * offlineasm/ast.rb:
1851         * offlineasm/backends.rb:
1852         * offlineasm/instructions.rb:
1853         * offlineasm/parser.rb:
1854         * offlineasm/registers.rb:
1855         * offlineasm/transform.rb:
1856         * offlineasm/x86.rb:
1857         * wtf/Platform.h:
1858
1859 2012-03-10  Yong Li  <yoli@rim.com>
1860
1861         Web Worker crashes with WX_EXCLUSIVE
1862         https://bugs.webkit.org/show_bug.cgi?id=80532
1863
1864         Let each JS global object own a meta allocator
1865         for WX_EXCLUSIVE to avoid conflicts from Web Worker.
1866         Also fix a mutex leak in MetaAllocator's dtor.
1867
1868         Reviewed by Filip Pizlo.
1869
1870         * jit/ExecutableAllocator.cpp:
1871         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
1872         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
1873         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
1874         (DemandExecutableAllocator):
1875         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
1876         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
1877         (JSC::DemandExecutableAllocator::allocateNewSpace):
1878         (JSC::DemandExecutableAllocator::allocators):
1879         (JSC::DemandExecutableAllocator::allocatorsMutex):
1880         (JSC):
1881         (JSC::ExecutableAllocator::initializeAllocator):
1882         (JSC::ExecutableAllocator::ExecutableAllocator):
1883         (JSC::ExecutableAllocator::underMemoryPressure):
1884         (JSC::ExecutableAllocator::memoryPressureMultiplier):
1885         (JSC::ExecutableAllocator::allocate):
1886         (JSC::ExecutableAllocator::committedByteCount):
1887         (JSC::ExecutableAllocator::dumpProfile):
1888         * jit/ExecutableAllocator.h:
1889         (JSC):
1890         (ExecutableAllocator):
1891         (JSC::ExecutableAllocator::allocator):
1892         * wtf/MetaAllocator.h:
1893         (WTF::MetaAllocator::~MetaAllocator): Finalize the spin lock.
1894         * wtf/TCSpinLock.h:
1895         (TCMalloc_SpinLock::Finalize): Add empty Finalize() to some implementations.
1896
1897 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
1898
1899         Object.freeze broken on latest Nightly
1900         https://bugs.webkit.org/show_bug.cgi?id=80577
1901
1902         Reviewed by Oliver Hunt.
1903
1904         The problem here is that deleteProperty rejects deletion of prototype.
1905         This is correct in most cases, however defineOwnPropery is presently
1906         implemented internally to ensure the attributes change by deleting the
1907         old property, and creating a new one.
1908
1909         * runtime/JSFunction.cpp:
1910         (JSC::JSFunction::deleteProperty):
1911             - If deletePropery is called via defineOwnPropery, allow old prototype to be removed.
1912
1913 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
1914
1915         Array.prototype.toLocaleString visits elements in wrong order under certain conditions
1916         https://bugs.webkit.org/show_bug.cgi?id=80663
1917
1918         Reviewed by Michael Saboff.
1919
1920         The bug here is actually that we're continuing to process the array after an exception
1921         has been thrown, and that the second value throw is overriding the first.
1922
1923         * runtime/ArrayPrototype.cpp:
1924         (JSC::arrayProtoFuncToLocaleString):
1925
1926 2012-03-09  Ryosuke Niwa  <rniwa@webkit.org>
1927
1928         WebKit compiled by gcc (Xcode 3.2.6) hangs while running DOM/Accessors.html
1929         https://bugs.webkit.org/show_bug.cgi?id=80080
1930
1931         Reviewed by Filip Pizlo.
1932
1933         * bytecode/SamplingTool.cpp:
1934         (JSC::SamplingRegion::Locker::Locker):
1935         (JSC::SamplingRegion::Locker::~Locker):
1936         * bytecode/SamplingTool.h:
1937         (JSC::SamplingRegion::exchangeCurrent):
1938         * wtf/Atomics.h:
1939         (WTF):
1940         (WTF::weakCompareAndSwap):
1941         (WTF::weakCompareAndSwapUIntPtr):
1942
1943 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
1944
1945         REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN
1946         https://bugs.webkit.org/show_bug.cgi?id=49989
1947
1948         Reviewed by Oliver Hunt.
1949
1950         Patch originally by chris reiss <christopher.reiss@nokia.com>,
1951         allow the year to appear before the timezone in date strings.
1952
1953         * wtf/DateMath.cpp:
1954         (WTF::parseDateFromNullTerminatedCharacters):
1955
1956 2012-03-09  Mark Rowe  <mrowe@apple.com>
1957
1958         Ensure that the WTF headers are copied at installhdrs time.
1959
1960         Reviewed by Dan Bernstein and Jessie Berlin.
1961
1962         * Configurations/JavaScriptCore.xcconfig: Set INSTALLHDRS_SCRIPT_PHASE = YES
1963         so that our script phases are invoked at installhdrs time. The only one that
1964         does any useful work at that time is the one that installs WTF headers.
1965
1966 2012-03-09  Jon Lee  <jonlee@apple.com>
1967
1968         Add support for ENABLE(LEGACY_NOTIFICATIONS)
1969         https://bugs.webkit.org/show_bug.cgi?id=80497
1970
1971         Reviewed by Adam Barth.
1972
1973         Prep for b80472: Update API for Web Notifications
1974         * Configurations/FeatureDefines.xcconfig:
1975
1976 2012-03-09  Ashod Nakashian  <ashodnakashian@yahoo.com>
1977
1978         Bash scripts should support LF endings only
1979         https://bugs.webkit.org/show_bug.cgi?id=79509
1980
1981         Reviewed by David Kilzer.
1982
1983         * gyp/generate-derived-sources.sh: Added property svn:eol-style.
1984         * gyp/run-if-exists.sh: Added property svn:eol-style.
1985         * gyp/update-info-plist.sh: Added property svn:eol-style.
1986
1987 2012-03-09  Jessie Berlin  <jberlin@apple.com>
1988
1989         Windows debug build fix.
1990
1991         * assembler/MacroAssembler.h:
1992         (JSC::MacroAssembler::shouldBlind):
1993         Fix unreachable code warnings (which we treat as errors).
1994
1995 2012-03-09  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
1996
1997         Reviewed by Zoltan Herczeg.
1998
1999         [Qt] Fix the SH4 build after r109834
2000         https://bugs.webkit.org/show_bug.cgi?id=80492
2001
2002         * assembler/MacroAssemblerSH4.h:
2003         (JSC::MacroAssemblerSH4::branchAdd32):
2004         (JSC::MacroAssemblerSH4::branchSub32):
2005
2006 2012-03-09  Andy Wingo  <wingo@igalia.com>
2007
2008         Refactor code feature analysis in the parser
2009         https://bugs.webkit.org/show_bug.cgi?id=79112
2010
2011         Reviewed by Geoffrey Garen.
2012
2013         This commit refactors the parser to more uniformly propagate flag
2014         bits down and up the parse process, as the parser descends and
2015         returns into nested blocks.  Some flags get passed town to
2016         subscopes, some apply to specific scopes only, and some get
2017         unioned up after parsing subscopes.
2018
2019         The goal is to eventually be very precise with scoping
2020         information, once we have block scopes: one block scope might use
2021         `eval', which would require the emission of a symbol table within
2022         that block and containing blocks, whereas another block in the
2023         same function might not, allowing us to not emit a symbol table.
2024
2025         * parser/Nodes.h:
2026         (JSC::ScopeFlags): Rename from CodeFeatures.
2027         (JSC::ScopeNode::addScopeFlags):
2028         (JSC::ScopeNode::scopeFlags): New accessors for m_scopeFlags.
2029         (JSC::ScopeNode::isStrictMode):
2030         (JSC::ScopeNode::usesEval):
2031         (JSC::ScopeNode::usesArguments):
2032         (JSC::ScopeNode::setUsesArguments):
2033         (JSC::ScopeNode::usesThis):
2034         (JSC::ScopeNode::needsActivationForMoreThanVariables):
2035         (JSC::ScopeNode::needsActivation): Refactor these accessors to
2036         operate on the m_scopeFlags member.
2037         (JSC::ScopeNode::source):
2038         (JSC::ScopeNode::sourceURL):
2039         (JSC::ScopeNode::sourceID): Shuffle these definitions around; no
2040         semantic change.
2041         (JSC::ScopeNode::ScopeNode)
2042         (JSC::ProgramNode::ProgramNode)
2043         (JSC::EvalNode::EvalNode)
2044         (JSC::FunctionBodyNode::FunctionBodyNode): Have these constructors
2045         take a ScopeFlags as an argument, instead of a bool inStrictContext.
2046
2047         * parser/Nodes.cpp:
2048         (JSC::ScopeNode::ScopeNode):
2049         (JSC::ProgramNode::ProgramNode):
2050         (JSC::ProgramNode::create):
2051         (JSC::EvalNode::EvalNode):
2052         (JSC::EvalNode::create):
2053         (JSC::FunctionBodyNode::FunctionBodyNode):
2054         (JSC::FunctionBodyNode::create): Adapt constructors to change.
2055
2056         * parser/ASTBuilder.h:
2057         (JSC::ASTBuilder::ASTBuilder):
2058         (JSC::ASTBuilder::thisExpr):
2059         (JSC::ASTBuilder::createResolve):
2060         (JSC::ASTBuilder::createFunctionBody):
2061         (JSC::ASTBuilder::createFuncDeclStatement):
2062         (JSC::ASTBuilder::createTryStatement):
2063         (JSC::ASTBuilder::createWithStatement):
2064         (JSC::ASTBuilder::addVar):
2065         (JSC::ASTBuilder::Scope::Scope):
2066         (Scope):
2067         (ASTBuilder):
2068         (JSC::ASTBuilder::makeFunctionCallNode): Don't track scope
2069         features here.  Instead rely on the base Parser mechanism to track
2070         features.
2071
2072         * parser/NodeInfo.h (NodeInfo, NodeDeclarationInfo): "ScopeFlags".
2073
2074         * parser/Parser.h:
2075         (JSC::Scope::Scope): Manage scope through flags, not
2076         bit-booleans.  This lets us uniformly propagate them up and down.
2077         (JSC::Scope::declareWrite):
2078         (JSC::Scope::declareParameter):
2079         (JSC::Scope::useVariable):
2080         (JSC::Scope::collectFreeVariables):
2081         (JSC::Scope::getCapturedVariables):
2082         (JSC::Scope::saveFunctionInfo):
2083         (JSC::Scope::restoreFunctionInfo):
2084         (JSC::Parser::pushScope): Adapt to use scope flags and their
2085         accessors instead of bit-booleans.
2086         * parser/Parser.cpp:
2087         (JSC::::Parser):
2088         (JSC::::parseInner):
2089         (JSC::::didFinishParsing):
2090         (JSC::::parseSourceElements):
2091         (JSC::::parseVarDeclarationList):
2092         (JSC::::parseConstDeclarationList):
2093         (JSC::::parseWithStatement):
2094         (JSC::::parseTryStatement):
2095         (JSC::::parseFunctionBody):
2096         (JSC::::parseFunctionInfo):
2097         (JSC::::parseFunctionDeclaration):
2098         (JSC::::parsePrimaryExpression): Hoist some of the flag handling
2099         out of the "context" (ASTBuilder or SyntaxChecker) and to here.
2100         Does not seem to have a performance impact.
2101
2102         * parser/SourceProviderCacheItem.h (SourceProviderCacheItem):
2103         Cache the scopeflags.
2104         * parser/SyntaxChecker.h: Remove evalCount() decl.
2105
2106         * runtime/Executable.cpp:
2107         (JSC::EvalExecutable::compileInternal):
2108         (JSC::ProgramExecutable::compileInternal):
2109         (JSC::FunctionExecutable::produceCodeBlockFor):
2110         * runtime/Executable.h:
2111         (JSC::ScriptExecutable::ScriptExecutable):
2112         (JSC::ScriptExecutable::usesEval):
2113         (JSC::ScriptExecutable::usesArguments):
2114         (JSC::ScriptExecutable::needsActivation):
2115         (JSC::ScriptExecutable::isStrictMode):
2116         (JSC::ScriptExecutable::recordParse):
2117         (ScriptExecutable): ScopeFlags, not features.
2118
2119 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
2120
2121         Build fix for MSVC after r110266
2122
2123         Unreviewed. A #ifdef for MSVC was left over in r110266.
2124
2125         * runtime/RegExpObject.h:
2126         (RegExpObject):
2127
2128 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
2129
2130         Allocate the RegExpObject's data with the Cell
2131         https://bugs.webkit.org/show_bug.cgi?id=80654
2132
2133         Reviewed by Gavin Barraclough.
2134
2135         This patch removes the creation of RegExpObject's data to avoid the overhead
2136         create by the allocation and destruction.
2137
2138         We RegExp are created repeatedly, this provides some performance improvment.
2139         The PeaceKeeper test stringDetectBrowser improves by 10%.
2140
2141         * runtime/RegExpObject.cpp:
2142         (JSC::RegExpObject::RegExpObject):
2143         (JSC::RegExpObject::visitChildren):
2144         (JSC::RegExpObject::getOwnPropertyDescriptor):
2145         (JSC::RegExpObject::defineOwnProperty):
2146         (JSC::RegExpObject::match):
2147         * runtime/RegExpObject.h:
2148         (JSC::RegExpObject::setRegExp):
2149         (JSC::RegExpObject::regExp):
2150         (JSC::RegExpObject::setLastIndex):
2151         (JSC::RegExpObject::getLastIndex):
2152         (RegExpObject):
2153
2154 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
2155
2156         Separate WTF parts of JavaScriptCoreGenerated into WTFGenerated for Windows build
2157         https://bugs.webkit.org/show_bug.cgi?id=80657
2158         
2159         Preparation for WTF separation from JavaScriptCore.
2160         The "Generated" vcproj files on Windows are necessary so Visual Studio can calculate correct
2161         dependencies for generated files.
2162         
2163         This also removes the PGO build targets from the WTF code, since we can't build instrumentation/optimization
2164         versions of the WTF code independent of the JavaScriptCore code.
2165
2166         Reviewed by Jessie Berlin.
2167
2168         * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WTFGenerated, update dependent projects.
2169         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed WTF specific parts.
2170         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed WTF specific parts.
2171         * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed WTF specific parts.
2172         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed WTF specific parts.
2173         * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Removed.
2174         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Add WTFGenerated, update dependent projects.
2175         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Remove PGO targets from WTF.
2176         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make.
2177         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj.
2178         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops.
2179         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops.
2180         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops.
2181         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops.
2182         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops.
2183         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops.
2184         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops.
2185         * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Removed.
2186         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh.
2187         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd.
2188         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py.
2189
2190 2012-03-08  Benjamin Poulain  <benjamin@webkit.org>
2191
2192         Fix the build of WebKit with WTFURL following the removal of ForwardingHeaders/wtf
2193         https://bugs.webkit.org/show_bug.cgi?id=80652
2194
2195         Reviewed by Eric Seidel.
2196
2197         Fix the header, URLSegments.h is not part of the API.
2198
2199         * wtf/url/api/ParsedURL.h:
2200
2201 2012-03-08  Ryosuke Niwa  <rniwa@webkit.org>
2202
2203         Mac build fix for micro data API.
2204
2205         * Configurations/FeatureDefines.xcconfig:
2206
2207 2012-03-08  Gavin Barraclough  <barraclough@apple.com>
2208
2209         String.prototype.match and replace do not clear global regexp lastIndex per ES5.1 15.5.4.10
2210         https://bugs.webkit.org/show_bug.cgi?id=26890
2211
2212         Reviewed by Oliver Hunt.
2213
2214         Per 15.10.6.2 step 9.a.1 called via the action of the last iteration of 15.5.4.10 8.f.i.
2215
2216         * runtime/StringPrototype.cpp:
2217         (JSC::replaceUsingRegExpSearch):
2218         (JSC::stringProtoFuncMatch):
2219             - added calls to setLastIndex.
2220
2221 2012-03-08  Matt Lilek  <mrl@apple.com>
2222
2223         Don't enable VIDEO_TRACK on all OS X platforms
2224         https://bugs.webkit.org/show_bug.cgi?id=80635
2225
2226         Reviewed by Eric Carlson.
2227
2228         * Configurations/FeatureDefines.xcconfig:
2229
2230 2012-03-08  Oliver Hunt  <oliver@apple.com>
2231
2232         Build fix.  That day is not today.
2233
2234         * assembler/MacroAssembler.h:
2235         (JSC::MacroAssembler::shouldBlind):
2236         * assembler/MacroAssemblerX86Common.h:
2237         (MacroAssemblerX86Common):
2238         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2239
2240 2012-03-08  Oliver Hunt  <oliver@apple.com>
2241
2242         Build fix. One of these days I'll manage to commit something that works everywhere.
2243
2244         * assembler/AbstractMacroAssembler.h:
2245         (AbstractMacroAssembler):
2246         * assembler/MacroAssemblerARMv7.h:
2247         (MacroAssemblerARMv7):
2248         * assembler/MacroAssemblerX86Common.h:
2249         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2250         (MacroAssemblerX86Common):
2251
2252 2012-03-08  Chao-ying Fu  <fu@mips.com>
2253
2254         Update MIPS patchOffsetGetByIdSlowCaseCall
2255         https://bugs.webkit.org/show_bug.cgi?id=80302
2256
2257         Reviewed by Oliver Hunt.
2258
2259         * jit/JIT.h:
2260         (JIT):
2261
2262 2012-03-08  Oliver Hunt  <oliver@apple.com>
2263
2264         Missing some places where we should be blinding 64bit values (and blinding something we shouldn't)
2265         https://bugs.webkit.org/show_bug.cgi?id=80633
2266
2267         Reviewed by Gavin Barraclough.
2268
2269         Add 64-bit trap for shouldBlindForSpecificArch, so that we always blind
2270         if there isn't a machine specific implementation (otherwise the 64bit value
2271         got truncated and 32bit checks were used -- leaving 32bits untested).
2272         Also add a bit of logic to ensure that we don't try to blind a few common
2273         constants that go through the ImmPtr paths -- encoded numeric JSValues and
2274         unencoded doubles with common "safe" values.
2275
2276         * assembler/AbstractMacroAssembler.h:
2277         (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
2278         * assembler/MacroAssembler.h:
2279         (JSC::MacroAssembler::shouldBlindDouble):
2280         (MacroAssembler):
2281         (JSC::MacroAssembler::shouldBlind):
2282         * assembler/MacroAssemblerX86Common.h:
2283         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2284
2285 2012-03-08  Mark Rowe  <mrowe@apple.com>
2286
2287         <rdar://problem/11012572> Ensure that the staged frameworks path is in the search path for JavaScriptCore
2288
2289         Reviewed by Dan Bernstein.
2290
2291         * Configurations/Base.xcconfig:
2292
2293 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
2294
2295         Fix line endings for copy-files.cmd.
2296         
2297         If a cmd file doesn't have Windows line endings, it doesn't work properly.
2298         In this case, the label :clean wasn't found, breaking the clean build.
2299         
2300         Reviewed by Jessie Berlin.
2301
2302         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2303
2304 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
2305
2306         DFG CFA incorrectly handles ValueToInt32
2307         https://bugs.webkit.org/show_bug.cgi?id=80568
2308
2309         Reviewed by Gavin Barraclough.
2310         
2311         Changed it match exactly the decision pattern used in
2312         DFG::SpeculativeJIT::compileValueToInt32
2313
2314         * dfg/DFGAbstractState.cpp:
2315         (JSC::DFG::AbstractState::execute):
2316
2317 2012-03-08  Viatcheslav Ostapenko  <ostapenko.viatcheslav@nokia.com>
2318
2319         [Qt] [WK2] Webkit fails to link when compiled with force_static_libs_as_shared
2320         https://bugs.webkit.org/show_bug.cgi?id=80524
2321
2322         Reviewed by Simon Hausmann.
2323
2324         Move IdentifierTable methods defintion to WTFThreadData.cpp to fix linking 
2325         of WTF library.
2326
2327         * runtime/Identifier.cpp:
2328         * wtf/WTFThreadData.cpp:
2329         (JSC):
2330         (JSC::IdentifierTable::~IdentifierTable):
2331         (JSC::IdentifierTable::add):
2332
2333 2012-03-08  Filip Pizlo  <fpizlo@apple.com>
2334
2335         DFG instruction count threshold should be lifted to 10000
2336         https://bugs.webkit.org/show_bug.cgi?id=80579
2337
2338         Reviewed by Gavin Barraclough.
2339
2340         * runtime/Options.cpp:
2341         (JSC::Options::initializeOptions):
2342
2343 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
2344
2345         Incorrect tracking of abstract values of variables forced double
2346         https://bugs.webkit.org/show_bug.cgi?id=80566
2347         <rdar://problem/11001442>
2348
2349         Reviewed by Gavin Barraclough.
2350
2351         * dfg/DFGAbstractState.cpp:
2352         (JSC::DFG::AbstractState::mergeStateAtTail):
2353
2354 2012-03-07  Chao-yng Fu  <fu@mips.com>
2355
2356         [Qt] Fix the MIPS/SH4 build after r109834
2357         https://bugs.webkit.org/show_bug.cgi?id=80492
2358
2359         Reviewed by Oliver Hunt.
2360
2361         Implement three-argument branch(Add,Sub)32.
2362
2363         * assembler/MacroAssemblerMIPS.h:
2364         (JSC::MacroAssemblerMIPS::add32):
2365         (MacroAssemblerMIPS):
2366         (JSC::MacroAssemblerMIPS::sub32):
2367         (JSC::MacroAssemblerMIPS::branchAdd32):
2368         (JSC::MacroAssemblerMIPS::branchSub32):
2369
2370 2012-03-07  Sheriff Bot  <webkit.review.bot@gmail.com>
2371
2372         Unreviewed, rolling out r110127.
2373         http://trac.webkit.org/changeset/110127
2374         https://bugs.webkit.org/show_bug.cgi?id=80562
2375
2376         compile failed on AppleWin (Requested by ukai on #webkit).
2377
2378         * heap/Heap.cpp:
2379         (JSC::Heap::collectAllGarbage):
2380         * heap/Heap.h:
2381         (JSC):
2382         (Heap):
2383         * runtime/Executable.cpp:
2384         (JSC::FunctionExecutable::FunctionExecutable):
2385         (JSC::FunctionExecutable::finalize):
2386         * runtime/Executable.h:
2387         (FunctionExecutable):
2388         (JSC::FunctionExecutable::create):
2389         * runtime/JSGlobalData.cpp:
2390         (WTF):
2391         (Recompiler):
2392         (WTF::Recompiler::operator()):
2393         (JSC::JSGlobalData::recompileAllJSFunctions):
2394         (JSC):
2395         * runtime/JSGlobalData.h:
2396         (JSGlobalData):
2397         * runtime/JSGlobalObject.cpp:
2398         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
2399
2400 2012-03-07  Hojong Han  <hojong.han@samsung.com>
2401
2402         The end atom of the marked block considered to filter invalid cells
2403         https://bugs.webkit.org/show_bug.cgi?id=79191
2404
2405         Reviewed by Geoffrey Garen.
2406
2407         Register file could have stale pointers beyond the end atom of marked block.
2408         Those pointers can weasel out of filtering in-middle-of-cell pointer.
2409
2410         * heap/MarkedBlock.h:
2411         (JSC::MarkedBlock::isLiveCell):
2412
2413 2012-03-07  Jessie Berlin  <jberlin@apple.com>
2414
2415         Clean Windows build fails after r110033
2416         https://bugs.webkit.org/show_bug.cgi?id=80553
2417
2418         Rubber-stamped by Jon Honeycutt and Eric Seidel.
2419
2420         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2421         Place the implementation files next to their header files in the wtf/text subdirectory.
2422         Use echo -F to tell xcopy that these are files (since there is apparently no flag).
2423         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
2424         Update the path to those implementation files.
2425         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
2426         Ditto.
2427
2428 2012-03-07  Yuqiang Xian  <yuqiang.xian@intel.com>
2429
2430         Eliminate redundant Phis in DFG
2431         https://bugs.webkit.org/show_bug.cgi?id=80415
2432
2433         Reviewed by Filip Pizlo.
2434
2435         Although this may not have any advantage at current stage, this is towards
2436         minimal SSA to make more high level optimizations (like bug 76770) easier.
2437         We have the choices either to build minimal SSA from scratch or to
2438         keep current simple Phi insertion mechanism and remove the redundancy
2439         in another phase. Currently we choose the latter because the change
2440         could be smaller.
2441
2442         * CMakeLists.txt:
2443         * GNUmakefile.list.am:
2444         * JavaScriptCore.xcodeproj/project.pbxproj:
2445         * Target.pri:
2446         * dfg/DFGDriver.cpp:
2447         (JSC::DFG::compile):
2448         * dfg/DFGGraph.cpp:
2449         (JSC::DFG::Graph::dump):
2450         * dfg/DFGRedundantPhiEliminationPhase.cpp: Added.
2451         (DFG):
2452         (RedundantPhiEliminationPhase):
2453         (JSC::DFG::RedundantPhiEliminationPhase::RedundantPhiEliminationPhase):
2454         (JSC::DFG::RedundantPhiEliminationPhase::run):
2455         (JSC::DFG::RedundantPhiEliminationPhase::getRedundantReplacement):
2456         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
2457         (JSC::DFG::RedundantPhiEliminationPhase::fixupPhis):
2458         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
2459         (JSC::DFG::performRedundantPhiElimination):
2460         * dfg/DFGRedundantPhiEliminationPhase.h: Added.
2461         (DFG):
2462
2463 2012-03-07  Mark Hahnenberg  <mhahnenberg@apple.com>
2464
2465         Refactor recompileAllJSFunctions() to be less expensive
2466         https://bugs.webkit.org/show_bug.cgi?id=80330
2467
2468         Reviewed by Geoffrey Garen.
2469
2470         This change is performance neutral on the JS benchmarks we track. It's mostly to improve page 
2471         load performance, which currently does at least a couple full GCs per navigation.
2472
2473         * heap/Heap.cpp:
2474         (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode 
2475         because the function doesn't actually recompile anything (and never did); it simply throws code
2476         away for it to be recompiled later if we determine we should do so.
2477         (JSC):
2478         (JSC::Heap::collectAllGarbage):
2479         (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list.
2480         (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list.
2481         * heap/Heap.h:
2482         (JSC):
2483         (Heap):
2484         * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can 
2485         be used in DoublyLinkedLists.
2486         (JSC::FunctionExecutable::FunctionExecutable):
2487         (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list.
2488         * runtime/Executable.h:
2489         (FunctionExecutable):
2490         (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list.
2491         * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage 
2492         the list of FunctionExecutables.
2493         * runtime/JSGlobalData.h:
2494         (JSGlobalData):
2495         * runtime/JSGlobalObject.cpp:
2496         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode.
2497
2498 2012-03-06  Oliver Hunt  <oliver@apple.com>
2499
2500         Further harden 64-bit JIT
2501         https://bugs.webkit.org/show_bug.cgi?id=80457
2502
2503         Reviewed by Filip Pizlo.
2504
2505         This patch implements blinding for ImmPtr.  Rather than xor based blinding
2506         we perform randomised pointer rotations in order to avoid the significant
2507         cost in executable memory that would otherwise be necessary (and to avoid
2508         the need for an additional scratch register in some cases).
2509
2510         As with the prior blinding patch there's a moderate amount of noise as we
2511         correct the use of ImmPtr vs. TrustedImmPtr.
2512
2513         * assembler/AbstractMacroAssembler.h:
2514         (ImmPtr):
2515         (JSC::AbstractMacroAssembler::ImmPtr::asTrustedImmPtr):
2516         * assembler/MacroAssembler.h:
2517         (MacroAssembler):
2518         (JSC::MacroAssembler::storePtr):
2519         (JSC::MacroAssembler::branchPtr):
2520         (JSC::MacroAssembler::shouldBlind):
2521         (JSC::MacroAssembler::RotatedImmPtr::RotatedImmPtr):
2522         (RotatedImmPtr):
2523         (JSC::MacroAssembler::rotationBlindConstant):
2524         (JSC::MacroAssembler::loadRotationBlindedConstant):
2525         (JSC::MacroAssembler::convertInt32ToDouble):
2526         (JSC::MacroAssembler::move):
2527         (JSC::MacroAssembler::poke):
2528         * assembler/MacroAssemblerARMv7.h:
2529         (JSC::MacroAssemblerARMv7::storeDouble):
2530         (JSC::MacroAssemblerARMv7::branchAdd32):
2531         * assembler/MacroAssemblerX86_64.h:
2532         (MacroAssemblerX86_64):
2533         (JSC::MacroAssemblerX86_64::rotateRightPtr):
2534         (JSC::MacroAssemblerX86_64::xorPtr):
2535         * assembler/X86Assembler.h:
2536         (X86Assembler):
2537         (JSC::X86Assembler::xorq_rm):
2538         (JSC::X86Assembler::rorq_i8r):
2539         * dfg/DFGCCallHelpers.h:
2540         (CCallHelpers):
2541         (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
2542         * dfg/DFGOSRExitCompiler32_64.cpp:
2543         (JSC::DFG::OSRExitCompiler::compileExit):
2544         * dfg/DFGOSRExitCompiler64.cpp:
2545         (JSC::DFG::OSRExitCompiler::compileExit):
2546         * dfg/DFGSpeculativeJIT.cpp:
2547         (JSC::DFG::SpeculativeJIT::createOSREntries):
2548         * dfg/DFGSpeculativeJIT.h:
2549         (JSC::DFG::SpeculativeJIT::silentFillGPR):
2550         (JSC::DFG::SpeculativeJIT::callOperation):
2551         (JSC::DFG::SpeculativeJIT::emitEdgeCode):
2552         * dfg/DFGSpeculativeJIT32_64.cpp:
2553         (JSC::DFG::SpeculativeJIT::compile):
2554         * dfg/DFGSpeculativeJIT64.cpp:
2555         (JSC::DFG::SpeculativeJIT::fillInteger):
2556         (JSC::DFG::SpeculativeJIT::fillDouble):
2557         (JSC::DFG::SpeculativeJIT::fillJSValue):
2558         (JSC::DFG::SpeculativeJIT::emitCall):
2559         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
2560         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
2561         (JSC::DFG::SpeculativeJIT::emitBranch):
2562         * jit/JIT.cpp:
2563         (JSC::JIT::emitOptimizationCheck):
2564         * jit/JITArithmetic32_64.cpp:
2565         (JSC::JIT::emitSlow_op_post_inc):
2566         * jit/JITInlineMethods.h:
2567         (JSC::JIT::emitValueProfilingSite):
2568         (JSC::JIT::emitGetVirtualRegister):
2569         * jit/JITOpcodes.cpp:
2570         (JSC::JIT::emit_op_mov):
2571         (JSC::JIT::emit_op_new_object):
2572         (JSC::JIT::emit_op_strcat):
2573         (JSC::JIT::emit_op_ensure_property_exists):
2574         (JSC::JIT::emit_op_resolve_skip):
2575         (JSC::JIT::emitSlow_op_resolve_global):
2576         (JSC::JIT::emit_op_resolve_with_base):
2577         (JSC::JIT::emit_op_resolve_with_this):
2578         (JSC::JIT::emit_op_jmp_scopes):
2579         (JSC::JIT::emit_op_switch_imm):
2580         (JSC::JIT::emit_op_switch_char):
2581         (JSC::JIT::emit_op_switch_string):
2582         (JSC::JIT::emit_op_throw_reference_error):
2583         (JSC::JIT::emit_op_debug):
2584         (JSC::JIT::emitSlow_op_resolve_global_dynamic):
2585         (JSC::JIT::emit_op_new_array):
2586         (JSC::JIT::emitSlow_op_new_array):
2587         (JSC::JIT::emit_op_new_array_buffer):
2588         * jit/JITOpcodes32_64.cpp:
2589         (JSC::JIT::emit_op_new_object):
2590         (JSC::JIT::emit_op_strcat):
2591         (JSC::JIT::emit_op_ensure_property_exists):
2592         (JSC::JIT::emit_op_resolve_skip):
2593         (JSC::JIT::emitSlow_op_resolve_global):
2594         (JSC::JIT::emit_op_resolve_with_base):
2595         (JSC::JIT::emit_op_resolve_with_this):
2596         (JSC::JIT::emit_op_jmp_scopes):
2597         (JSC::JIT::emit_op_switch_imm):
2598         (JSC::JIT::emit_op_switch_char):
2599         (JSC::JIT::emit_op_switch_string):
2600         * jit/JITPropertyAccess32_64.cpp:
2601         (JSC::JIT::emit_op_put_by_index):
2602         * jit/JITStubCall.h:
2603         (JITStubCall):
2604         (JSC::JITStubCall::addArgument):
2605
2606 2012-03-07  Simon Hausmann  <simon.hausmann@nokia.com>
2607
2608         ARM build fix.
2609
2610         Reviewed by Zoltan Herczeg.
2611
2612         Implement three-argument branch(Add,Sub)32.
2613
2614         * assembler/MacroAssemblerARM.h:
2615         (JSC::MacroAssemblerARM::add32):
2616         (MacroAssemblerARM):
2617         (JSC::MacroAssemblerARM::sub32):
2618         (JSC::MacroAssemblerARM::branchAdd32):
2619         (JSC::MacroAssemblerARM::branchSub32):
2620
2621 2012-03-07  Andy Wingo  <wingo@igalia.com>
2622
2623         Parser: Inline ScopeNodeData into ScopeNode
2624         https://bugs.webkit.org/show_bug.cgi?id=79776
2625
2626         Reviewed by Geoffrey Garen.
2627
2628         It used to be that some ScopeNode members were kept in a separate
2629         structure because sometimes they wouldn't be needed, and
2630         allocating a ParserArena was expensive.  This patch makes
2631         ParserArena lazily allocate its IdentifierArena, allowing the
2632         members to be included directly, which is simpler and easier to
2633         reason about.
2634
2635         * parser/ParserArena.cpp:
2636         (JSC::ParserArena::ParserArena):
2637         (JSC::ParserArena::reset):
2638         (JSC::ParserArena::isEmpty):
2639         * parser/ParserArena.h:
2640         (JSC::ParserArena::identifierArena): Lazily allocate the
2641         IdentifierArena.
2642
2643         * parser/Nodes.cpp:
2644         (JSC::ScopeNode::ScopeNode):
2645         (JSC::ScopeNode::singleStatement):
2646         (JSC::ProgramNode::create):
2647         (JSC::EvalNode::create):
2648         (JSC::FunctionBodyNode::create):
2649         * parser/Nodes.h:
2650         (JSC::ScopeNode::destroyData):
2651         (JSC::ScopeNode::needsActivationForMoreThanVariables):
2652         (JSC::ScopeNode::needsActivation):
2653         (JSC::ScopeNode::hasCapturedVariables):
2654         (JSC::ScopeNode::capturedVariableCount):
2655         (JSC::ScopeNode::captures):
2656         (JSC::ScopeNode::varStack):
2657         (JSC::ScopeNode::functionStack):
2658         (JSC::ScopeNode::neededConstants):
2659         (ScopeNode):
2660         * bytecompiler/NodesCodegen.cpp:
2661         (JSC::ScopeNode::emitStatementsBytecode): Inline ScopeNodeData
2662         into ScopeNode.  Adapt accessors.
2663
2664 2012-03-06  Eric Seidel  <eric@webkit.org>
2665
2666         Make WTF public headers use fully-qualified include paths and remove ForwardingHeaders/wtf
2667         https://bugs.webkit.org/show_bug.cgi?id=80363
2668
2669         Reviewed by Mark Rowe.
2670
2671         Historically WTF has been part of JavaScriptCore, and on Mac and Windows
2672         its headers have appeared as part of the "private" headers exported by
2673         JavaScriptCore.  All of the WTF headers there are "flattened" into a single
2674         private headers directory, and WebCore, WebKit and WebKit2 have used "ForwardingHeaders"
2675         to re-map fully-qualified <wtf/text/Foo.h> includes to simple <JavaScriptCore/Foo.h> includes.
2676
2677         However, very soon, we are moving the WTF source code out of JavaScriptCore into its
2678         own directory and project.  As part of such, the WTF headers will no longer be part of
2679         the JavaScriptCore private interfaces.
2680         In preparation for that, this change makes both the Mac and Win builds export
2681         WTF headers in a non-flattened manner.  On Mac, that means into usr/local/include/wtf
2682         (and subdirectories), on Windows for now that means JavaScriptCore/wtf (and subdirectories).
2683
2684         There are 5 parts to this change.
2685         1.  Updates the JavaScriptCore XCode and VCProj files to actually install these headers
2686             (and header directories) into the appropriate places in the build directory.
2687         2.  Updates JavaScriptCore.xcodeproj to look for these WTF headers in this install location
2688             (WebCore, WebKit, etc. had already been taught to look in previous patches).
2689         3.  Fixes all JavaScriptCore source files, and WTF headers to include WTF headers
2690             using fully qualified paths.
2691         4.  Stops the Mac and Win builds from installing these WTF headers in their old "flattened" location.
2692         5.  Removes WebCore and WebKit ForwardingHeaders/wtf directories now that the flattened headers no longer exist.
2693
2694         Unfortunately we see no way to do this change in smaller parts, since all of these steps are interdependant.
2695         It is possible there are internal Apple projects which depend on JavaScriptCore/Foo.h working for WTF
2696         headers, those will have to be updated to use <wtf/Foo.h> after this change.
2697         I've discussed this proposed change at length with Mark Rowe, and my understanding is they
2698         are ready for (and interested in) this change happening.
2699
2700         * API/tests/JSNode.c:
2701         * API/tests/JSNodeList.c:
2702         * Configurations/Base.xcconfig:
2703         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2704         * JavaScriptCore.xcodeproj/project.pbxproj:
2705         * assembler/MacroAssemblerCodeRef.h:
2706         * bytecompiler/BytecodeGenerator.h:
2707         * dfg/DFGOperations.cpp:
2708         * heap/GCAssertions.h:
2709         * heap/HandleHeap.h:
2710         * heap/HandleStack.h:
2711         * heap/MarkedSpace.h:
2712         * heap/PassWeak.h:
2713         * heap/Strong.h:
2714         * heap/Weak.h:
2715         * jit/HostCallReturnValue.cpp:
2716         * jit/JIT.cpp:
2717         * jit/JITStubs.cpp:
2718         * jit/ThunkGenerators.cpp:
2719         * parser/Lexer.cpp:
2720         * runtime/Completion.cpp:
2721         * runtime/Executable.cpp:
2722         * runtime/Identifier.h:
2723         * runtime/InitializeThreading.cpp:
2724         * runtime/JSDateMath.cpp:
2725         * runtime/JSGlobalObjectFunctions.cpp:
2726         * runtime/JSStringBuilder.h:
2727         * runtime/JSVariableObject.h:
2728         * runtime/NumberPrototype.cpp:
2729         * runtime/WriteBarrier.h:
2730         * tools/CodeProfile.cpp:
2731         * tools/TieredMMapArray.h:
2732         * wtf/AVLTree.h:
2733         * wtf/Alignment.h:
2734         * wtf/AlwaysInline.h:
2735         * wtf/ArrayBufferView.h:
2736         * wtf/Assertions.h:
2737         * wtf/Atomics.h:
2738         * wtf/Bitmap.h:
2739         * wtf/BoundsCheckedPointer.h:
2740         * wtf/CheckedArithmetic.h:
2741         * wtf/Deque.h:
2742         * wtf/ExportMacros.h:
2743         * wtf/FastAllocBase.h:
2744         * wtf/FastMalloc.h:
2745         * wtf/Float32Array.h:
2746         * wtf/Float64Array.h:
2747         * wtf/Functional.h:
2748         * wtf/HashCountedSet.h:
2749         * wtf/HashFunctions.h:
2750         * wtf/HashMap.h:
2751         * wtf/HashSet.h:
2752         * wtf/HashTable.h:
2753         * wtf/HashTraits.h:
2754         * wtf/Int16Array.h:
2755         * wtf/Int32Array.h:
2756         * wtf/Int8Array.h:
2757         * wtf/IntegralTypedArrayBase.h:
2758         * wtf/ListHashSet.h:
2759         * wtf/MainThread.h:
2760         * wtf/MetaAllocator.h:
2761         * wtf/Noncopyable.h:
2762         * wtf/OwnArrayPtr.h:
2763         * wtf/OwnPtr.h:
2764         * wtf/PackedIntVector.h:
2765         * wtf/ParallelJobs.h:
2766         * wtf/PassOwnArrayPtr.h:
2767         * wtf/PassOwnPtr.h:
2768         * wtf/PassRefPtr.h:
2769         * wtf/PassTraits.h:
2770         * wtf/Platform.h:
2771         * wtf/PossiblyNull.h:
2772         * wtf/RefCounted.h:
2773         * wtf/RefCountedLeakCounter.h:
2774         * wtf/RefPtr.h:
2775         * wtf/RetainPtr.h:
2776         * wtf/SimpleStats.h:
2777         * wtf/Spectrum.h:
2778         * wtf/StdLibExtras.h:
2779         * wtf/TCPageMap.h:
2780         * wtf/TemporaryChange.h:
2781         * wtf/ThreadSafeRefCounted.h:
2782         * wtf/Threading.h:
2783         * wtf/ThreadingPrimitives.h:
2784         * wtf/TypeTraits.h:
2785         * wtf/TypedArrayBase.h:
2786         * wtf/Uint16Array.h:
2787         * wtf/Uint32Array.h:
2788         * wtf/Uint8Array.h:
2789         * wtf/Uint8ClampedArray.h:
2790         * wtf/UnusedParam.h:
2791         * wtf/Vector.h:
2792         * wtf/VectorTraits.h:
2793         * wtf/dtoa/double-conversion.h:
2794         * wtf/dtoa/utils.h:
2795         * wtf/gobject/GRefPtr.h:
2796         * wtf/gobject/GlibUtilities.h:
2797         * wtf/text/AtomicString.h:
2798         * wtf/text/AtomicStringImpl.h:
2799         * wtf/text/CString.h:
2800         * wtf/text/StringConcatenate.h:
2801         * wtf/text/StringHash.h:
2802         * wtf/text/WTFString.h:
2803         * wtf/unicode/CharacterNames.h:
2804         * wtf/unicode/UTF8.h:
2805         * wtf/unicode/glib/UnicodeGLib.h:
2806         * wtf/unicode/qt4/UnicodeQt4.h:
2807         * wtf/unicode/wince/UnicodeWinCE.h:
2808         * wtf/url/api/ParsedURL.h:
2809         * wtf/url/api/URLString.h:
2810         * wtf/wince/FastMallocWinCE.h:
2811         * yarr/YarrJIT.cpp:
2812
2813 2012-03-06  Gavin Barraclough  <barraclough@apple.com>
2814
2815         Array.prototype functions should throw if delete fails
2816         https://bugs.webkit.org/show_bug.cgi?id=80467
2817
2818         Reviewed by Oliver Hunt.
2819
2820         All calls to [[Delete]] from Array.prototype are specified to pass 'true' as the value of Throw.
2821         In the case of shift/unshift, these are also missing a throw from the 'put' in the implementations
2822         in JSArray.cpp. There are effectively three copies of each of the generic shift/unshift routines,
2823         one in splice, one in ArrayPrototype's shift/unshift methods, and one in JSArray's shift/unshift
2824         routines, for handling arrays with holes. These three copies should be unified.
2825
2826         * runtime/ArrayPrototype.cpp:
2827         (JSC::shift):
2828         (JSC::unshift):
2829             - Added - shared copies of the shift/unshift functionality.
2830         (JSC::arrayProtoFuncPop):
2831             - should throw if the delete fails.
2832         (JSC::arrayProtoFuncReverse):
2833             - should throw if the delete fails.
2834         (JSC::arrayProtoFuncShift):
2835         (JSC::arrayProtoFuncSplice):
2836         (JSC::arrayProtoFuncUnShift):
2837             - use shift/unshift.
2838         * runtime/JSArray.cpp:
2839         (JSC::JSArray::shiftCount):
2840         (JSC::JSArray::unshiftCount):
2841             - Don't try to handle arrays with holes; return a value indicating
2842               the generic routine should be used instead.
2843         * runtime/JSArray.h:
2844             - declaration for shiftCount/unshiftCount changed.
2845         * tests/mozilla/js1_6/Array/regress-304828.js:
2846             - this was asserting incorrect behaviour.
2847
2848 2012-03-06  Raphael Kubo da Costa  <kubo@profusion.mobi>
2849
2850         [CMake] Make the removal of transitive library dependencies work with CMake < 2.8.7.
2851         https://bugs.webkit.org/show_bug.cgi?id=80469
2852
2853         Reviewed by Antonio Gomes.
2854
2855         * CMakeLists.txt: Manually set the LINK_INTERFACE_LIBRARIES target
2856         property on the library being created.
2857
2858 2012-03-06  Yuqiang Xian  <yuqiang.xian@intel.com>
2859
2860         DFG BasicBlock should group the Phi nodes together and separate them
2861         from the other nodes
2862         https://bugs.webkit.org/show_bug.cgi?id=80361
2863
2864         Reviewed by Filip Pizlo.
2865
2866         This would make it more efficient to remove the redundant Phi nodes or
2867         insert new Phi nodes for SSA, besides providing a cleaner BasicBlock structure.
2868         This is performance neutral on SunSpider, V8 and Kraken.
2869
2870         * dfg/DFGAbstractState.cpp:
2871         (JSC::DFG::AbstractState::clobberStructures):
2872         (JSC::DFG::AbstractState::dump):
2873         * dfg/DFGBasicBlock.h:
2874         (JSC::DFG::BasicBlock::BasicBlock):
2875         (BasicBlock):
2876         * dfg/DFGByteCodeParser.cpp:
2877         (JSC::DFG::ByteCodeParser::addToGraph):
2878         (JSC::DFG::ByteCodeParser::insertPhiNode):
2879         * dfg/DFGCFAPhase.cpp:
2880         (JSC::DFG::CFAPhase::performBlockCFA):
2881         * dfg/DFGCSEPhase.cpp:
2882         (JSC::DFG::CSEPhase::pureCSE):
2883         (JSC::DFG::CSEPhase::impureCSE):
2884         (JSC::DFG::CSEPhase::globalVarLoadElimination):
2885         (JSC::DFG::CSEPhase::getByValLoadElimination):
2886         (JSC::DFG::CSEPhase::checkFunctionElimination):
2887         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
2888         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
2889         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
2890         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
2891         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
2892         (JSC::DFG::CSEPhase::performBlockCSE):
2893         * dfg/DFGGraph.cpp:
2894         (JSC::DFG::Graph::dump):
2895         * dfg/DFGSpeculativeJIT.cpp:
2896         (JSC::DFG::SpeculativeJIT::compile):
2897
2898 2012-03-06  Mark Hahnenberg  <mhahnenberg@apple.com>
2899
2900         GCActivityCallback timer should vary with the length of the previous GC
2901         https://bugs.webkit.org/show_bug.cgi?id=80344
2902
2903         Reviewed by Geoffrey Garen.
2904
2905         * heap/Heap.cpp: Gave Heap the ability to keep track of the length of its last 
2906         GC length so that the GC Activity Callback can use it.
2907         (JSC::Heap::Heap):
2908         (JSC::Heap::collect):
2909         * heap/Heap.h:
2910         (JSC::Heap::lastGCLength):
2911         (Heap):
2912         * runtime/GCActivityCallbackCF.cpp:
2913         (JSC):
2914         (JSC::DefaultGCActivityCallback::operator()): Use the length of the Heap's last 
2915         GC to determine the length of our timer trigger (currently set at 100x the duration 
2916         of the last GC).
2917
2918 2012-03-06  Rob Buis  <rbuis@rim.com>
2919
2920         BlackBerry] Fix cast-align gcc warnings when compiling JSC
2921         https://bugs.webkit.org/show_bug.cgi?id=80420
2922
2923         Reviewed by Gavin Barraclough.
2924
2925         Fix warnings given in Blackberry build.
2926
2927         * heap/CopiedBlock.h:
2928         (JSC::CopiedBlock::CopiedBlock):
2929         * wtf/RefCountedArray.h:
2930         (WTF::RefCountedArray::Header::fromPayload):
2931
2932 2012-03-06  Gavin Barraclough  <barraclough@apple.com>
2933
2934         writable/configurable not respected for some properties of Function/String/Arguments
2935         https://bugs.webkit.org/show_bug.cgi?id=80436
2936
2937         Reviewed by Oliver Hunt.
2938
2939         Special properties should behave like regular properties.
2940
2941         * runtime/Arguments.cpp:
2942         (JSC::Arguments::defineOwnProperty):
2943             - Mis-nested logic for making read-only properties non-live.
2944         * runtime/JSFunction.cpp:
2945         (JSC::JSFunction::put):
2946             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
2947         (JSC::JSFunction::deleteProperty):
2948             - Attempting to delete prototype/caller should fail.
2949         (JSC::JSFunction::defineOwnProperty):
2950             - Ensure prototype is reified on attempt to reify it.
2951             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
2952         * runtime/JSFunction.h:
2953             - added declaration for defineOwnProperty.
2954         (JSFunction):
2955         * runtime/StringObject.cpp:
2956         (JSC::StringObject::put):
2957             - length is non-writable, non-configurable - reject appropriately.
2958
2959 2012-03-06  Ulan Degenbaev  <ulan@chromium.org>
2960
2961         TypedArray subarray call for subarray does not clamp the end index parameter properly
2962         https://bugs.webkit.org/show_bug.cgi?id=80285
2963
2964         Reviewed by Kenneth Russell.
2965
2966         * wtf/ArrayBufferView.h:
2967         (WTF::ArrayBufferView::calculateOffsetAndLength):
2968
2969 2012-03-06  Sheriff Bot  <webkit.review.bot@gmail.com>
2970
2971         Unreviewed, rolling out r109837.
2972         http://trac.webkit.org/changeset/109837
2973         https://bugs.webkit.org/show_bug.cgi?id=80399
2974
2975         breaks Mac Productions builds, too late to try and fix it
2976         tonight (Requested by eseidel on #webkit).
2977
2978         * API/tests/JSNode.c:
2979         * API/tests/JSNodeList.c:
2980         * Configurations/Base.xcconfig:
2981         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2982         * JavaScriptCore.xcodeproj/project.pbxproj:
2983         * assembler/MacroAssemblerCodeRef.h:
2984         * bytecompiler/BytecodeGenerator.h:
2985         * dfg/DFGOperations.cpp:
2986         * heap/GCAssertions.h:
2987         * heap/HandleHeap.h:
2988         * heap/HandleStack.h:
2989         * heap/MarkedSpace.h:
2990         * heap/PassWeak.h:
2991         * heap/Strong.h:
2992         * heap/Weak.h:
2993         * jit/HostCallReturnValue.cpp:
2994         * jit/JIT.cpp:
2995         * jit/JITStubs.cpp:
2996         * jit/ThunkGenerators.cpp:
2997         * parser/Lexer.cpp:
2998         * runtime/Completion.cpp:
2999         * runtime/Executable.cpp:
3000         * runtime/Identifier.h:
3001         * runtime/InitializeThreading.cpp:
3002         * runtime/JSDateMath.cpp:
3003         * runtime/JSGlobalObjectFunctions.cpp:
3004         * runtime/JSStringBuilder.h:
3005         * runtime/JSVariableObject.h:
3006         * runtime/NumberPrototype.cpp:
3007         * runtime/WriteBarrier.h:
3008         * tools/CodeProfile.cpp:
3009         * tools/TieredMMapArray.h:
3010         * yarr/YarrJIT.cpp:
3011
3012 2012-03-06  Zoltan Herczeg  <zherczeg@webkit.org>
3013
3014         [Qt][ARM] Speculative buildfix after r109834.
3015
3016         Reviewed by Csaba Osztrogonác.
3017
3018         * assembler/MacroAssemblerARM.h:
3019         (JSC::MacroAssemblerARM::and32):
3020         (MacroAssemblerARM):
3021
3022 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3023
3024         Unreviewed windows build fix pt 2.
3025
3026         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3027
3028 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3029
3030         Unreviewed windows build fix pt 1.
3031
3032         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3033
3034 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3035
3036         putByIndex should throw in strict mode
3037         https://bugs.webkit.org/show_bug.cgi?id=80335
3038
3039         Reviewed by Filip Pizlo.
3040
3041         Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter.
3042
3043         This is a largely mechanical change, simply adding an extra parameter to a number
3044         of functions. Some call sites need perform additional exception checks, and
3045         operationPutByValBeyondArrayBounds needs to know whether it is strict or not.
3046
3047         This patch doesn't fix a missing throw from some cases of shift/unshift (this is
3048         an existing bug), I'll follow up with a third patch to handle that.
3049
3050         * API/JSObjectRef.cpp:
3051         (JSObjectSetPropertyAtIndex):
3052         * JSCTypedArrayStubs.h:
3053         (JSC):
3054         * dfg/DFGOperations.cpp:
3055         (JSC::DFG::putByVal):
3056         * dfg/DFGOperations.h:
3057         * dfg/DFGSpeculativeJIT32_64.cpp:
3058         (JSC::DFG::SpeculativeJIT::compile):
3059         * dfg/DFGSpeculativeJIT64.cpp:
3060         (JSC::DFG::SpeculativeJIT::compile):
3061         * interpreter/Interpreter.cpp:
3062         (JSC::Interpreter::privateExecute):
3063         * jit/JITStubs.cpp:
3064         (JSC::DEFINE_STUB_FUNCTION):
3065         * jsc.cpp:
3066         (GlobalObject::finishCreation):
3067         * llint/LLIntSlowPaths.cpp:
3068         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3069         * runtime/Arguments.cpp:
3070         (JSC::Arguments::putByIndex):
3071         * runtime/Arguments.h:
3072         (Arguments):
3073         * runtime/ArrayPrototype.cpp:
3074         (JSC::arrayProtoFuncPush):
3075         (JSC::arrayProtoFuncReverse):
3076         (JSC::arrayProtoFuncShift):
3077         (JSC::arrayProtoFuncSort):
3078         (JSC::arrayProtoFuncSplice):
3079         (JSC::arrayProtoFuncUnShift):
3080         * runtime/ClassInfo.h:
3081         (MethodTable):
3082         * runtime/JSArray.cpp:
3083         (JSC::SparseArrayValueMap::put):
3084         (JSC::JSArray::put):
3085         (JSC::JSArray::putByIndex):
3086         (JSC::JSArray::putByIndexBeyondVectorLength):
3087         (JSC::JSArray::push):
3088         (JSC::JSArray::shiftCount):
3089         (JSC::JSArray::unshiftCount):
3090         * runtime/JSArray.h:
3091         (SparseArrayValueMap):
3092         (JSArray):
3093         * runtime/JSByteArray.cpp:
3094         (JSC::JSByteArray::putByIndex):
3095         * runtime/JSByteArray.h:
3096         (JSByteArray):
3097         * runtime/JSCell.cpp:
3098         (JSC::JSCell::putByIndex):
3099         * runtime/JSCell.h:
3100         (JSCell):
3101         * runtime/JSNotAnObject.cpp:
3102         (JSC::JSNotAnObject::putByIndex):
3103         * runtime/JSNotAnObject.h:
3104         (JSNotAnObject):
3105         * runtime/JSONObject.cpp:
3106         (JSC::Walker::walk):
3107         * runtime/JSObject.cpp:
3108         (JSC::JSObject::putByIndex):
3109         * runtime/JSObject.h:
3110         (JSC::JSValue::putByIndex):
3111         * runtime/RegExpConstructor.cpp:
3112         (JSC::RegExpMatchesArray::fillArrayInstance):
3113         * runtime/RegExpMatchesArray.h:
3114         (JSC::RegExpMatchesArray::putByIndex):
3115         * runtime/StringPrototype.cpp:
3116         (JSC::stringProtoFuncSplit):
3117
3118 2012-03-05  Yuqiang Xian  <yuqiang.xian@intel.com>
3119
3120         PredictNone is incorrectly treated as isDoublePrediction
3121         https://bugs.webkit.org/show_bug.cgi?id=80365
3122
3123         Reviewed by Filip Pizlo.
3124
3125         Also it is incorrectly treated as isFixedIndexedStorageObjectPrediction.
3126
3127         * bytecode/PredictedType.h:
3128         (JSC::isFixedIndexedStorageObjectPrediction):
3129         (JSC::isDoublePrediction):
3130
3131 2012-03-05  Filip Pizlo  <fpizlo@apple.com>
3132
3133         The LLInt should work even when the JIT is disabled
3134         https://bugs.webkit.org/show_bug.cgi?id=80340
3135         <rdar://problem/10922235>
3136
3137         Reviewed by Gavin Barraclough.
3138
3139         * assembler/MacroAssemblerCodeRef.h:
3140         (JSC::MacroAssemblerCodePtr::createLLIntCodePtr):
3141         (MacroAssemblerCodeRef):
3142         (JSC::MacroAssemblerCodeRef::createLLIntCodeRef):
3143         * interpreter/Interpreter.cpp:
3144         (JSC::Interpreter::initialize):
3145         (JSC::Interpreter::execute):
3146         (JSC::Interpreter::executeCall):
3147         (JSC::Interpreter::executeConstruct):
3148         * jit/JIT.h:
3149         (JSC::JIT::compileCTINativeCall):
3150         * jit/JITStubs.h:
3151         (JSC::JITThunks::ctiNativeCall):
3152         (JSC::JITThunks::ctiNativeConstruct):
3153         * llint/LLIntEntrypoints.cpp:
3154         (JSC::LLInt::getFunctionEntrypoint):
3155         (JSC::LLInt::getEvalEntrypoint):
3156         (JSC::LLInt::getProgramEntrypoint):
3157         * llint/LLIntSlowPaths.cpp:
3158         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3159         (LLInt):
3160         * llint/LLIntSlowPaths.h:
3161         (LLInt):
3162         * llint/LowLevelInterpreter.h:
3163         * llint/LowLevelInterpreter32_64.asm:
3164         * runtime/Executable.h:
3165         (NativeExecutable):
3166         (JSC::NativeExecutable::create):
3167         (JSC::NativeExecutable::finishCreation):
3168         * runtime/JSGlobalData.cpp:
3169         (JSC::JSGlobalData::JSGlobalData):
3170         * runtime/JSGlobalData.h:
3171         (JSGlobalData):
3172         * runtime/Options.cpp:
3173         (Options):
3174         (JSC::Options::parse):
3175         (JSC::Options::initializeOptions):
3176         * runtime/Options.h:
3177         (Options):
3178         * wtf/Platform.h:
3179
3180 2012-03-05  Yuqiang Xian  <yuqiang.xian@intel.com>
3181
3182         Checks for dead variables are not sufficient when fixing the expected
3183         values in DFG OSR entry
3184         https://bugs.webkit.org/show_bug.cgi?id=80371
3185
3186         Reviewed by Filip Pizlo.
3187
3188         A dead variable should be identified when there's no node referencing it.
3189         But we currently failed to catch the case where there are some nodes
3190         referencing a variable but those nodes are actually not referenced by
3191         others so will be ignored in code generation. In such case we should
3192         also consider that variable to be a dead variable in the block and fix
3193         the expected values.
3194         This is performance neutral on SunSpider, V8 and Kraken.
3195
3196         * dfg/DFGJITCompiler.h:
3197         (JSC::DFG::JITCompiler::noticeOSREntry):
3198
3199 2012-03-05  Oliver Hunt  <oliver@apple.com>
3200
3201         Fix Qt build.
3202
3203         * assembler/AbstractMacroAssembler.h:
3204         * assembler/MacroAssembler.h:
3205         (MacroAssembler):
3206         * dfg/DFGSpeculativeJIT.cpp:
3207         (JSC::DFG::SpeculativeJIT::compileArithSub):
3208         * jit/JITArithmetic32_64.cpp:
3209         (JSC::JIT::emitSub32Constant):
3210
3211 2012-03-05  Eric Seidel  <eric@webkit.org>
3212
3213         Update JavaScriptCore files to use fully-qualified WTF include paths
3214         https://bugs.webkit.org/show_bug.cgi?id=79960
3215
3216         Reviewed by Adam Barth.
3217
3218         This change does 5 small/related things:
3219          1. Updates JavaScriptCore.xcodeproj to install WTF headers into $BUILD/usr/local/include
3220             (WebCore, WebKit were already setup to look there, but JavaScriptCore.xcodeproj
3221             was not installing headers there.)
3222          2. Makes JavaScriptCore targets include $BUILD/usr/local/include in their
3223             header search path, as that's where the WTF headers will be installed.
3224          3. Similarly updates JavaScriptCore.vcproj/copy-files.cmd to copy WTF headers to PrivateHeaders/wtf/*
3225             in addition to the current behavior of flattening all headers to PrivateHeaders/*.h.
3226          4. Updates a bunch of JSC files to use #include <wtf/Foo.h> instead of #include "Foo.h"
3227             since soon the WTF headers will not be part of the JavaScriptCore Xcode project.
3228          5. Makes build-webkit build the WTF XCode project by default.
3229
3230         * API/tests/JSNode.c:
3231         * API/tests/JSNodeList.c:
3232         * Configurations/Base.xcconfig:
3233         * assembler/MacroAssemblerCodeRef.h:
3234         * bytecompiler/BytecodeGenerator.h:
3235         * dfg/DFGOperations.cpp:
3236         * heap/GCAssertions.h:
3237         * heap/HandleHeap.h:
3238         * heap/HandleStack.h:
3239         * heap/MarkedSpace.h:
3240         * heap/PassWeak.h:
3241         * heap/Strong.h:
3242         * heap/Weak.h:
3243         * jit/HostCallReturnValue.cpp:
3244         * jit/JIT.cpp:
3245         * jit/JITStubs.cpp:
3246         * jit/ThunkGenerators.cpp:
3247         * parser/Lexer.cpp:
3248         * runtime/Completion.cpp:
3249         * runtime/Executable.cpp:
3250         * runtime/Identifier.h:
3251         * runtime/InitializeThreading.cpp:
3252         * runtime/JSDateMath.cpp:
3253         * runtime/JSGlobalObjectFunctions.cpp:
3254         * runtime/JSStringBuilder.h:
3255         * runtime/JSVariableObject.h:
3256         * runtime/NumberPrototype.cpp:
3257         * runtime/WriteBarrier.h:
3258         * tools/CodeProfile.cpp:
3259         * tools/TieredMMapArray.h:
3260         * yarr/YarrJIT.cpp:
3261
3262 2012-03-05  Oliver Hunt  <oliver@apple.com>
3263
3264         Add basic support for constant blinding to the JIT
3265         https://bugs.webkit.org/show_bug.cgi?id=80354
3266
3267         Reviewed by Filip Pizlo.
3268
3269         This patch adds basic constant blinding support to the JIT, at the
3270         MacroAssembler level.  This means all JITs in JSC (Yarr, baseline, and DFG)
3271         get constant blinding.  Woo!
3272
3273         This patch only introduces blinding for Imm32, a later patch will do similar
3274         for ImmPtr.  In order to make misuse of Imm32 as a trusted type essentially
3275         impossible, we make TrustedImm32 a private parent of Imm32 and add an explicit
3276         accessor that's needed to access the actual value.  This also means you cannot
3277         accidentally pass an untrusted value to a function that does not perform
3278         blinding.
3279
3280         To make everything work sensibly, this patch also corrects some code that was using
3281         Imm32 when TrustedImm32 could be used, and refactors a few callers that use
3282         untrusted immediates, so that they call slightly different varaints of the functions
3283         that they used previously.  This is largely necessary to deal with x86-32 not having
3284         sufficient registers to handle the additional work required when we choose to blind
3285         a constant.
3286
3287         * assembler/AbstractMacroAssembler.h:
3288         (JSC::AbstractMacroAssembler::Imm32::asTrustedImm32):
3289         (Imm32):
3290         (JSC::AbstractMacroAssembler::beginUninterruptedSequence):
3291         (JSC::AbstractMacroAssembler::endUninterruptedSequence):
3292         (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
3293         (AbstractMacroAssembler):
3294         (JSC::AbstractMacroAssembler::inUninterruptedSequence):
3295         (JSC::AbstractMacroAssembler::random):
3296         (JSC::AbstractMacroAssembler::scratchRegisterForBlinding):
3297         (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
3298         * assembler/MacroAssembler.h:
3299         (JSC::MacroAssembler::addressForPoke):
3300         (MacroAssembler):
3301         (JSC::MacroAssembler::poke):
3302         (JSC::MacroAssembler::branchPtr):
3303         (JSC::MacroAssembler::branch32):
3304         (JSC::MacroAssembler::convertInt32ToDouble):
3305         (JSC::MacroAssembler::shouldBlind):
3306         (JSC::MacroAssembler::BlindedImm32::BlindedImm32):
3307         (BlindedImm32):
3308         (JSC::MacroAssembler::keyForConstant):
3309         (JSC::MacroAssembler::xorBlindConstant):
3310         (JSC::MacroAssembler::additionBlindedConstant):
3311         (JSC::MacroAssembler::andBlindedConstant):
3312         (JSC::MacroAssembler::orBlindedConstant):
3313         (JSC::MacroAssembler::loadXorBlindedConstant):
3314         (JSC::MacroAssembler::add32):
3315         (JSC::MacroAssembler::addPtr):
3316         (JSC::MacroAssembler::and32):
3317         (JSC::MacroAssembler::andPtr):
3318         (JSC::MacroAssembler::move):
3319         (JSC::MacroAssembler::or32):
3320         (JSC::MacroAssembler::store32):
3321         (JSC::MacroAssembler::sub32):
3322         (JSC::MacroAssembler::subPtr):
3323         (JSC::MacroAssembler::xor32):
3324         (JSC::MacroAssembler::branchAdd32):
3325         (JSC::MacroAssembler::branchMul32):
3326         (JSC::MacroAssembler::branchSub32):
3327         (JSC::MacroAssembler::trustedImm32ForShift):
3328         (JSC::MacroAssembler::lshift32):
3329         (JSC::MacroAssembler::rshift32):
3330         (JSC::MacroAssembler::urshift32):
3331         * assembler/MacroAssemblerARMv7.h:
3332         (MacroAssemblerARMv7):
3333         (JSC::MacroAssemblerARMv7::scratchRegisterForBlinding):
3334         (JSC::MacroAssemblerARMv7::shouldBlindForSpecificArch):
3335         * assembler/MacroAssemblerX86_64.h:
3336         (JSC::MacroAssemblerX86_64::branchSubPtr):
3337         (MacroAssemblerX86_64):
3338         (JSC::MacroAssemblerX86_64::scratchRegisterForBlinding):
3339         * dfg/DFGJITCompiler.cpp:
3340         (JSC::DFG::JITCompiler::linkOSRExits):
3341         (JSC::DFG::JITCompiler::compileBody):
3342         (JSC::DFG::JITCompiler::compileFunction):
3343         * dfg/DFGOSRExitCompiler32_64.cpp:
3344         (JSC::DFG::OSRExitCompiler::compileExit):
3345         * dfg/DFGOSRExitCompiler64.cpp:
3346         (JSC::DFG::OSRExitCompiler::compileExit):
3347         * dfg/DFGSpeculativeJIT.cpp:
3348         (JSC::DFG::SpeculativeJIT::compile):
3349         (JSC::DFG::SpeculativeJIT::compileArithSub):
3350         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
3351         * dfg/DFGSpeculativeJIT.h:
3352         (JSC::DFG::SpeculativeJIT::callOperation):
3353         * dfg/DFGSpeculativeJIT32_64.cpp:
3354         (JSC::DFG::SpeculativeJIT::emitCall):
3355         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
3356         (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
3357         (JSC::DFG::SpeculativeJIT::compile):
3358         * dfg/DFGSpeculativeJIT64.cpp:
3359         (JSC::DFG::SpeculativeJIT::emitCall):
3360         (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
3361         (JSC::DFG::SpeculativeJIT::compile):
3362         * jit/JIT.cpp:
3363         (JSC::JIT::privateCompileSlowCases):
3364         (JSC::JIT::privateCompile):
3365         * jit/JITArithmetic.cpp:
3366         (JSC::JIT::compileBinaryArithOp):
3367         (JSC::JIT::emit_op_add):
3368         (JSC::JIT::emit_op_mul):
3369         (JSC::JIT::emit_op_div):
3370         * jit/JITArithmetic32_64.cpp:
3371         (JSC::JIT::emitAdd32Constant):
3372         (JSC::JIT::emitSub32Constant):
3373         (JSC::JIT::emitBinaryDoubleOp):
3374         (JSC::JIT::emitSlow_op_mul):
3375         (JSC::JIT::emit_op_div):
3376         * jit/JITCall.cpp:
3377         (JSC::JIT::compileLoadVarargs):
3378         * jit/JITCall32_64.cpp:
3379         (JSC::JIT::compileLoadVarargs):
3380         * jit/JITInlineMethods.h:
3381         (JSC::JIT::updateTopCallFrame):
3382         (JSC::JIT::emitValueProfilingSite):
3383         * jit/JITOpcodes32_64.cpp:
3384         (JSC::JIT::emitSlow_op_jfalse):
3385         (JSC::JIT::emitSlow_op_jtrue):
3386         * jit/JITStubCall.h:
3387         (JITStubCall):
3388         (JSC::JITStubCall::addArgument):
3389         * yarr/YarrJIT.cpp:
3390         (JSC::Yarr::YarrGenerator::backtrack):
3391
3392 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3393
3394         putByIndex should throw in strict mode
3395         https://bugs.webkit.org/show_bug.cgi?id=80335
3396
3397         Reviewed by Filip Pizlo.
3398
3399         We'll need to pass an additional parameter.
3400
3401         Part 1 - rename JSValue::put() for integer indices to JSValue::putByIndex()
3402         to match the method in the MethodTable, make this take a parameter indicating
3403         whether the put should throw. This fixes the cases where the base of the put
3404         is a primitive.
3405
3406         * dfg/DFGOperations.cpp:
3407         (DFG):
3408         (JSC::DFG::putByVal):
3409         (JSC::DFG::operationPutByValInternal):
3410         * interpreter/Interpreter.cpp:
3411         (JSC::Interpreter::execute):
3412         (JSC::Interpreter::privateExecute):
3413         * jit/JITStubs.cpp:
3414         (JSC::DEFINE_STUB_FUNCTION):
3415         * llint/LLIntSlowPaths.cpp:
3416         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3417         * runtime/JSObject.h:
3418         (JSC::JSValue::putByIndex):
3419         * runtime/JSValue.cpp:
3420         (JSC):
3421         * runtime/JSValue.h:
3422         (JSValue):
3423
3424 2012-03-05  Sam Weinig  <sam@webkit.org>
3425
3426         Add support for hosting layers in the window server in WebKit2
3427         <rdar://problem/10400246>
3428         https://bugs.webkit.org/show_bug.cgi?id=80310
3429
3430         Reviewed by Anders Carlsson.