94518d9fff90663b19d248d010ad672364b844ad
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-09-05  Patrick Gansterer  <paroga@webkit.org>
2
3         Unreviewed build fix for r94452.
4
5         Add config.h as the first header to the cc files as required by the coding style.
6         Reuse macros from Assertions.h instead of adding addional #ifdefs.
7
8         * wtf/dtoa/bignum-dtoa.cc:
9         * wtf/dtoa/bignum.cc:
10         * wtf/dtoa/cached-powers.cc:
11         * wtf/dtoa/diy-fp.cc:
12         * wtf/dtoa/double-conversion.cc:
13         * wtf/dtoa/fast-dtoa.cc:
14         * wtf/dtoa/fixed-dtoa.cc:
15         * wtf/dtoa/strtod.cc:
16         * wtf/dtoa/utils.h:
17
18 2011-09-05  Andras Becsi  <andras.becsi@nokia.com>
19
20         [Qt][WK2] Fix the build
21
22         Rubber-stamped by Csaba Osztrogon√°c.
23
24         * wtf/dtoa/double-conversion.cc: Remove dead variable in file added in r94452.
25         The variable fractional_part is only set but never used.
26
27 2011-09-04  Mark Hahnenberg  <mhahnenberg@apple.com>
28
29         REGRESSION (r94452): 20 http/tests tests failing on Qt Linux Release
30         https://bugs.webkit.org/show_bug.cgi?id=67562
31
32         Reviewed by Darin Adler.
33
34         Fixing the build (again which was broken by the dtoa patch.  Needed 
35         to make sure WTF::double_conversion::initialize() is called for Qt
36         as well as adding a check for WinCE in dtoa/utils.h
37
38         * runtime/InitializeThreading.cpp:
39         (JSC::initializeThreadingOnce):
40         * wtf/dtoa/cached-powers.cc:
41         * wtf/dtoa/utils.h:
42
43 2011-09-03  Filip Pizlo  <fpizlo@apple.com>
44
45         ThunkGenerators does not convert positive double zero into integer zero
46         https://bugs.webkit.org/show_bug.cgi?id=67553
47
48         Reviewed by Gavin Barraclough.
49         
50         This is an 0.5% speed-up on V8 and neutral elsewhere.
51
52         * jit/SpecializedThunkJIT.h:
53         (JSC::SpecializedThunkJIT::returnDouble):
54
55 2011-09-03  Kevin Ollivier  <kevino@theolliviers.com>
56
57         [wx] Unreviewed build fix. Add wtf/dtoa directory to build.
58
59         * wscript:
60
61 2011-09-03  Filip Pizlo  <fpizlo@apple.com>
62
63         DFG variable predictions only work for local variables, not temporaries
64         https://bugs.webkit.org/show_bug.cgi?id=67554
65
66         Reviewed by Gavin Barraclough.
67         
68         This appears to be a slight speed-up in Kraken (0.3% but significant)
69         and neutral elsewhere.
70
71         * dfg/DFGGraph.h:
72         (JSC::DFG::Graph::predict):
73
74 2011-09-02  Filip Pizlo  <fpizlo@apple.com>
75
76         DFG JIT speculation failure does recovery of additions in reverse and
77         doesn't rebox
78         https://bugs.webkit.org/show_bug.cgi?id=67551
79
80         Reviewed by Sam Weinig.
81
82         * dfg/DFGJITCompiler.cpp:
83         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
84
85 2011-09-02  Filip Pizlo  <fpizlo@apple.com>
86
87         ValueProfile does not make it safe to introspect cell values
88         after garbage collection
89         https://bugs.webkit.org/show_bug.cgi?id=67354
90
91         Reviewed by Gavin Barraclough.
92         
93         ValueProfile buckets are now weak references, implemented using a
94         light-weight weak reference mechanism that this patch also adds (the
95         WeakReferenceHarvester).  If a cell stored in a ValueProfile bucket
96         is not marked, then the bucket is transformed into a Structure
97         pointer.  If the Structure is not marked either, then it is turned
98         into a ClassInfo pointer.
99
100         * JavaScriptCore.xcodeproj/project.pbxproj:
101         * bytecode/CodeBlock.cpp:
102         (JSC::CodeBlock::~CodeBlock):
103         (JSC::CodeBlock::visitAggregate):
104         (JSC::CodeBlock::visitWeakReferences):
105         * bytecode/CodeBlock.h:
106         * bytecode/ValueProfile.h:
107         (JSC::ValueProfile::ValueProfile):
108         (JSC::ValueProfile::classInfo):
109         (JSC::ValueProfile::numberOfInt32s):
110         (JSC::ValueProfile::numberOfDoubles):
111         (JSC::ValueProfile::numberOfCells):
112         (JSC::ValueProfile::numberOfArrays):
113         (JSC::ValueProfile::probabilityOfArray):
114         (JSC::ValueProfile::WeakBucket::WeakBucket):
115         (JSC::ValueProfile::WeakBucket::operator!):
116         (JSC::ValueProfile::WeakBucket::isEmpty):
117         (JSC::ValueProfile::WeakBucket::isClassInfo):
118         (JSC::ValueProfile::WeakBucket::isStructure):
119         (JSC::ValueProfile::WeakBucket::asStructure):
120         (JSC::ValueProfile::WeakBucket::asClassInfo):
121         (JSC::ValueProfile::WeakBucket::getClassInfo):
122         * heap/Heap.cpp:
123         (JSC::Heap::harvestWeakReferences):
124         (JSC::Heap::markRoots):
125         * heap/Heap.h:
126         * heap/MarkStack.cpp:
127         (JSC::SlotVisitor::drain):
128         (JSC::SlotVisitor::harvestWeakReferences):
129         * heap/MarkStack.h:
130         (JSC::MarkStack::addWeakReferenceHarvester):
131         (JSC::MarkStack::MarkStack):
132         (JSC::MarkStack::appendUnbarrieredPointer):
133         * heap/SlotVisitor.h:
134         * heap/WeakReferenceHarvester.h: Added.
135         (JSC::WeakReferenceHarvester::WeakReferenceHarvester):
136         (JSC::WeakReferenceHarvester::~WeakReferenceHarvester):
137
138 2011-09-02  Michael Saboff  <msaboff@apple.com>
139
140         Replace local implementation of string equals() methods with UString versions
141         https://bugs.webkit.org/show_bug.cgi?id=67342
142
143         In preparation to allowing StringImpl to be backed by 8 bit 
144         characters when appropriate, we need to eliminate or change the
145         usage of StringImpl::characters(). Change the uses of characters()
146         that are used to implement redundant equals() methods.
147
148         Reviewed by Gavin Barraclough.
149
150         * runtime/Identifier.cpp:
151         (JSC::Identifier::equal):
152         * runtime/Identifier.h:
153         (JSC::Identifier::equal):
154         * wtf/text/AtomicString.cpp:
155         (WTF::CStringTranslator::equal): Moved an optimized method to here.
156         (WTF::operator==):
157         * wtf/text/StringImpl.cpp:
158         (WTF::equal):
159         * wtf/text/StringImpl.h:
160
161 2011-09-02  Michael Saboff  <msaboff@apple.com>
162
163         Add JSC:RegExp functional tests
164         https://bugs.webkit.org/show_bug.cgi?id=67339
165
166         Added new test driver program (testRegExp) and corresponding data file
167         along with build scripts changes.
168
169         Reviewed by Gavin Barraclough.
170
171         * JavaScriptCore.exp:
172         * JavaScriptCore.xcodeproj/project.pbxproj:
173         * testRegExp.cpp: Added.
174         (Options::Options):
175         (StopWatch::start):
176         (StopWatch::stop):
177         (StopWatch::getElapsedMS):
178         (RegExpTest::RegExpTest):
179         (GlobalObject::create):
180         (GlobalObject::className):
181         (GlobalObject::GlobalObject):
182         (main):
183         (cleanupGlobalData):
184         (testOneRegExp):
185         (scanString):
186         (parseRegExpLine):
187         (parseTestLine):
188         (runFromFiles):
189         (printUsageStatement):
190         (parseArguments):
191         (realMain):
192         * tests/regexp: Added.
193         * tests/regexp/RegExpTest.data: Added.
194
195 2011-09-02  Michael Saboff  <msaboff@apple.com>
196
197         Add JSC:RegExp functional test data generator
198         https://bugs.webkit.org/show_bug.cgi?id=67519
199
200         Add a data generator for regular expressions.  To enable, change the
201         #undef REGEXP_FUNC_TEST_DATA_GEN to #define.  Then compile and use
202         regular expressions.  The resulting data will be in /tmp/RegExpTestsData.
203
204         Reviewed by Gavin Barraclough.
205
206         * runtime/RegExp.cpp:
207         (JSC::regExpFlags):
208         (JSC::RegExpFunctionalTestCollector::clearRegExp):
209         (JSC::RegExpFunctionalTestCollector::get):
210         (JSC::RegExpFunctionalTestCollector::outputOneTest):
211         (JSC::RegExpFunctionalTestCollector::RegExpFunctionalTestCollector):
212         (JSC::RegExpFunctionalTestCollector::~RegExpFunctionalTestCollector):
213         (JSC::RegExpFunctionalTestCollector::outputEscapedUString):
214         (JSC::RegExp::~RegExp):
215         (JSC::RegExp::compile):
216         (JSC::RegExp::match):
217         (JSC::RegExp::matchCompareWithInterpreter):
218
219 2011-09-02  Mark Hahnenberg  <mhahnenberg@apple.com>
220
221         Fix the broken build due to dtoa patch
222         https://bugs.webkit.org/show_bug.cgi?id=67534
223
224         Reviewed by Oliver Hunt.
225
226         Fixing the build.
227
228         * GNUmakefile.list.am:
229         * wtf/dtoa/bignum.cc:
230         * wtf/dtoa/fast-dtoa.cc:
231         * wtf/dtoa/utils.h:
232
233 2011-09-02  Oliver Hunt  <oliver@apple.com>
234
235         Remove OldSpace classes
236         https://bugs.webkit.org/show_bug.cgi?id=67533
237
238         Reviewed by Gavin Barraclough.
239
240         Remove the unused OldSpace classes
241
242         * CMakeLists.txt:
243         * GNUmakefile.list.am:
244         * JavaScriptCore.gypi:
245         * JavaScriptCore.pro:
246         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
247         * JavaScriptCore.xcodeproj/project.pbxproj:
248         * heap/Heap.cpp:
249         (JSC::Heap::writeBarrierSlowCase):
250         * heap/MarkedBlock.h:
251         * heap/OldSpace.cpp: Removed.
252         * heap/OldSpace.h: Removed.
253
254 2011-09-02  James Robinson  <jamesr@chromium.org>
255
256         Compile fix for mac build.
257
258         * wtf/CheckedArithmetic.h:
259         (WTF::operator+):
260         (WTF::operator-):
261         (WTF::operator*):
262
263 2011-08-30  Matthew Delaney  <mdelaney@apple.com>
264
265         Read out of bounds in sUnpremultiplyData_RGBA8888 / ImageBufferData::getData
266         https://bugs.webkit.org/show_bug.cgi?id=65352
267
268         Reviewed by Simon Fraser.
269
270         New test: fast/canvas/canvas-getImageData-large-crash.html
271
272         This patch prevents overflows from happening in getImageData, createImageData, and canvas creation
273         calls that specify widths and heights that end up overflowing the ints that we store those values in
274         as well as derived values such as area and maxX / maxY of the bounding rects involved. Overflow of integer
275         arithmetic is detected via the use of the new Checked type that was introduced in r94207. The change to JSC
276         is just to add a new helper method described below.
277
278         * wtf/MathExtras.h:
279         (isWithinIntRange): Reports if a float's value is within the range expressible by an int.
280
281 2011-09-02  Mark Hahnenberg  <mhahnenberg@apple.com>
282
283         Incorporate newer, faster dtoa library
284         https://bugs.webkit.org/show_bug.cgi?id=66346
285
286         Reviewed by Oliver Hunt.
287
288         Added new dtoa library at http://code.google.com/p/double-conversion/.
289         Replaced old call to dtoa.  The new library is much faster than the old one.
290         We still use the old dtoa for some stuff in WebCore as well as the old strtod, 
291         but we can phase these out eventually as well.
292
293         * GNUmakefile.list.am:
294         * JavaScriptCore.exp:
295         * JavaScriptCore.gypi:
296         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
297         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
298         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
299         * JavaScriptCore.xcodeproj/project.pbxproj:
300         * runtime/InitializeThreading.cpp:
301         * runtime/NumberPrototype.cpp:
302         (JSC::numberProtoFuncToExponential):
303         (JSC::numberProtoFuncToFixed):
304         (JSC::numberProtoFuncToPrecision):
305         * runtime/UString.cpp:
306         (JSC::UString::number):
307         * wtf/CMakeLists.txt:
308         * wtf/ThreadingPthreads.cpp:
309         (WTF::initializeThreading):
310         * wtf/ThreadingWin.cpp:
311         (WTF::initializeThreading):
312         * wtf/dtoa.cpp:
313         (WTF::dtoa):
314         * wtf/dtoa.h:
315         * wtf/dtoa/COPYING: Added.
316         * wtf/dtoa/LICENSE: Added.
317         * wtf/dtoa/README: Added.
318         * wtf/dtoa/bignum-dtoa.cc: Added.
319         * wtf/dtoa/bignum-dtoa.h: Added.
320         * wtf/dtoa/bignum.cc: Added.
321         * wtf/dtoa/bignum.h: Added.
322         (WTF::double_conversion::Bignum::Times10):
323         (WTF::double_conversion::Bignum::Equal):
324         (WTF::double_conversion::Bignum::LessEqual):
325         (WTF::double_conversion::Bignum::Less):
326         (WTF::double_conversion::Bignum::PlusEqual):
327         (WTF::double_conversion::Bignum::PlusLessEqual):
328         (WTF::double_conversion::Bignum::PlusLess):
329         (WTF::double_conversion::Bignum::EnsureCapacity):
330         (WTF::double_conversion::Bignum::BigitLength):
331         * wtf/dtoa/cached-powers.cc: Added.
332         * wtf/dtoa/cached-powers.h: Added.
333         * wtf/dtoa/diy-fp.cc: Added.
334         * wtf/dtoa/diy-fp.h: Added.
335         (WTF::double_conversion::DiyFp::DiyFp):
336         (WTF::double_conversion::DiyFp::Subtract):
337         (WTF::double_conversion::DiyFp::Minus):
338         (WTF::double_conversion::DiyFp::Times):
339         (WTF::double_conversion::DiyFp::Normalize):
340         (WTF::double_conversion::DiyFp::f):
341         (WTF::double_conversion::DiyFp::e):
342         (WTF::double_conversion::DiyFp::set_f):
343         (WTF::double_conversion::DiyFp::set_e):
344         * wtf/dtoa/double-conversion.cc: Added.
345         * wtf/dtoa/double-conversion.h: Added.
346         (WTF::double_conversion::DoubleToStringConverter::DoubleToStringConverter):
347         (WTF::double_conversion::StringToDoubleConverter::StringToDoubleConverter):
348         * wtf/dtoa/double.h: Added.
349         (WTF::double_conversion::double_to_uint64):
350         (WTF::double_conversion::uint64_to_double):
351         (WTF::double_conversion::Double::Double):
352         (WTF::double_conversion::Double::AsDiyFp):
353         (WTF::double_conversion::Double::AsNormalizedDiyFp):
354         (WTF::double_conversion::Double::AsUint64):
355         (WTF::double_conversion::Double::NextDouble):
356         (WTF::double_conversion::Double::Exponent):
357         (WTF::double_conversion::Double::Significand):
358         (WTF::double_conversion::Double::IsDenormal):
359         (WTF::double_conversion::Double::IsSpecial):
360         (WTF::double_conversion::Double::IsNan):
361         (WTF::double_conversion::Double::IsInfinite):
362         (WTF::double_conversion::Double::Sign):
363         (WTF::double_conversion::Double::UpperBoundary):
364         (WTF::double_conversion::Double::NormalizedBoundaries):
365         (WTF::double_conversion::Double::value):
366         (WTF::double_conversion::Double::SignificandSizeForOrderOfMagnitude):
367         (WTF::double_conversion::Double::Infinity):
368         (WTF::double_conversion::Double::NaN):
369         (WTF::double_conversion::Double::DiyFpToUint64):
370         * wtf/dtoa/fast-dtoa.cc: Added.
371         * wtf/dtoa/fast-dtoa.h: Added.
372         * wtf/dtoa/fixed-dtoa.cc: Added.
373         * wtf/dtoa/fixed-dtoa.h: Added.
374         * wtf/dtoa/strtod.cc: Added.
375         * wtf/dtoa/strtod.h: Added.
376         * wtf/dtoa/utils.h: Added.
377         (WTF::double_conversion::Max):
378         (WTF::double_conversion::Min):
379         (WTF::double_conversion::StrLength):
380         (WTF::double_conversion::Vector::Vector):
381         (WTF::double_conversion::Vector::SubVector):
382         (WTF::double_conversion::Vector::length):
383         (WTF::double_conversion::Vector::is_empty):
384         (WTF::double_conversion::Vector::start):
385         (WTF::double_conversion::Vector::operator[]):
386         (WTF::double_conversion::Vector::first):
387         (WTF::double_conversion::Vector::last):
388         (WTF::double_conversion::StringBuilder::StringBuilder):
389         (WTF::double_conversion::StringBuilder::~StringBuilder):
390         (WTF::double_conversion::StringBuilder::size):
391         (WTF::double_conversion::StringBuilder::position):
392         (WTF::double_conversion::StringBuilder::Reset):
393         (WTF::double_conversion::StringBuilder::AddCharacter):
394         (WTF::double_conversion::StringBuilder::AddString):
395         (WTF::double_conversion::StringBuilder::AddSubstring):
396         (WTF::double_conversion::StringBuilder::AddPadding):
397         (WTF::double_conversion::StringBuilder::Finalize):
398         (WTF::double_conversion::StringBuilder::is_finalized):
399         (WTF::double_conversion::BitCast):
400         * wtf/wtf.pri:
401
402 2011-09-02  Filip Pizlo  <fpizlo@apple.com>
403
404         DFG graph has no way of distinguishing or reconciling between static
405         and dynamic predictions
406         https://bugs.webkit.org/show_bug.cgi?id=67343
407
408         Reviewed by Gavin Barraclough.
409         
410         PredictedType now stores the source of the prediction.  Merging predictions,
411         which was previously done with a bitwise or, is now done via the
412         mergePredictions (equivalent to |) and mergePrediction (equivalent to |=)
413         functions, which correctly handle combinations of static and dynamic.
414         
415         This is performance-neutral, since all predictions are currently static and
416         so the code has no visible effects.
417
418         * dfg/DFGByteCodeParser.cpp:
419         (JSC::DFG::ByteCodeParser::set):
420         (JSC::DFG::ByteCodeParser::staticallyPredictArray):
421         (JSC::DFG::ByteCodeParser::staticallyPredictInt32):
422         (JSC::DFG::ByteCodeParser::parseBlock):
423         * dfg/DFGGraph.h:
424         (JSC::DFG::Graph::predict):
425         (JSC::DFG::Graph::predictGlobalVar):
426         * dfg/DFGNode.h:
427         (JSC::DFG::isArrayPrediction):
428         (JSC::DFG::isInt32Prediction):
429         (JSC::DFG::isDoublePrediction):
430         (JSC::DFG::isDynamicPrediction):
431         (JSC::DFG::mergePredictions):
432         (JSC::DFG::mergePrediction):
433         (JSC::DFG::makePrediction):
434         (JSC::DFG::Node::predict):
435
436 2011-09-02  Oliver Hunt  <oliver@apple.com>
437
438         Fix 32bit build.
439
440         * heap/NewSpace.h:
441         (JSC::NewSpace::allocatePropertyStorage):
442         (JSC::NewSpace::inPropertyStorageNursery):
443
444 2011-09-02  Oliver Hunt  <oliver@apple.com>
445
446         Use bump allocator for initial property storage
447         https://bugs.webkit.org/show_bug.cgi?id=67494
448
449         Reviewed by Gavin Barraclough.
450
451         Switch to a bump allocator for the initial out of line
452         property storage.  This gives us slightly faster allocation
453         for short lived objects that need out of line storage at
454         the cost of an additional memcpy when the object survives
455         a GC pass.
456
457         No performance impact.
458
459         * JavaScriptCore.exp:
460         * heap/Heap.cpp:
461         (JSC::Heap::collect):
462         * heap/Heap.h:
463         (JSC::Heap::allocatePropertyStorage):
464         (JSC::Heap::inPropertyStorageNursary):
465         * heap/NewSpace.cpp:
466         (JSC::NewSpace::NewSpace):
467         * heap/NewSpace.h:
468         (JSC::NewSpace::resetPropertyStorageNursary):
469         (JSC::NewSpace::allocatePropertyStorage):
470         (JSC::NewSpace::inPropertyStorageNursary):
471         * jit/JITStubs.cpp:
472         (JSC::DEFINE_STUB_FUNCTION):
473         * runtime/JSObject.cpp:
474         (JSC::JSObject::allocatePropertyStorage):
475         * runtime/JSObject.h:
476         (JSC::JSObject::~JSObject):
477         (JSC::JSObject::putDirectInternal):
478         (JSC::JSObject::putDirectWithoutTransition):
479         (JSC::JSObject::putDirectFunctionWithoutTransition):
480         (JSC::JSObject::transitionTo):
481         (JSC::JSObject::visitChildrenDirect):
482
483 2011-09-01  Mark Rowe  <mrowe@apple.com>
484
485         Fix the build.
486
487         * JavaScriptCore.JSVALUE32_64only.exp:
488         * JavaScriptCore.JSVALUE64only.exp:
489         * JavaScriptCore.exp:
490
491 2011-09-01  Mark Hahnenberg  <mhahnenberg@apple.com>
492
493         Unzip initialization lists and constructors in JSCell hierarchy (4/7)
494         https://bugs.webkit.org/show_bug.cgi?id=67174
495
496         Reviewed by Oliver Hunt.
497
498         Completed the fourth level of the refactoring to add finishCreation() 
499         methods to all classes within the JSCell hierarchy with non-trivial 
500         constructor bodies.
501
502         This primarily consists of pushing the calls to finishCreation() down 
503         into the constructors of the subclasses of the second level of the hierarchy 
504         as well as pulling the finishCreation() calls out into the class's corresponding
505         create() method if it has one.  Doing both simultaneously allows us to 
506         maintain the invariant that the finishCreation() method chain is called exactly 
507         once during the creation of an object, since calling it any other number of 
508         times (0, 2, or more) will cause an assertion failure.
509
510         * API/JSCallbackConstructor.cpp:
511         (JSC::JSCallbackConstructor::JSCallbackConstructor):
512         (JSC::JSCallbackConstructor::finishCreation):
513         * API/JSCallbackConstructor.h:
514         * API/JSCallbackObject.h:
515         (JSC::JSCallbackObject::create):
516         * API/JSCallbackObjectFunctions.h:
517         (JSC::::JSCallbackObject):
518         (JSC::::finishCreation):
519         * JavaScriptCore.JSVALUE64only.exp:
520         * JavaScriptCore.exp:
521         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
522         * debugger/DebuggerActivation.cpp:
523         (JSC::DebuggerActivation::DebuggerActivation):
524         (JSC::DebuggerActivation::create):
525         * debugger/DebuggerActivation.h:
526         * runtime/Arguments.h:
527         (JSC::Arguments::create):
528         (JSC::Arguments::createNoParameters):
529         (JSC::Arguments::Arguments):
530         * runtime/ArrayPrototype.cpp:
531         (JSC::ArrayPrototype::ArrayPrototype):
532         (JSC::ArrayPrototype::finishCreation):
533         * runtime/ArrayPrototype.h:
534         * runtime/BooleanObject.cpp:
535         (JSC::BooleanObject::BooleanObject):
536         (JSC::BooleanObject::finishCreation):
537         * runtime/BooleanObject.h:
538         * runtime/DateInstance.cpp:
539         (JSC::DateInstance::DateInstance):
540         (JSC::DateInstance::finishCreation):
541         * runtime/DateInstance.h:
542         * runtime/ErrorInstance.cpp:
543         (JSC::ErrorInstance::ErrorInstance):
544         * runtime/ErrorInstance.h:
545         (JSC::ErrorInstance::create):
546         * runtime/ErrorPrototype.cpp:
547         (JSC::ErrorPrototype::ErrorPrototype):
548         (JSC::ErrorPrototype::finishCreation):
549         * runtime/ErrorPrototype.h:
550         * runtime/ExceptionHelpers.cpp:
551         (JSC::InterruptedExecutionError::InterruptedExecutionError):
552         (JSC::InterruptedExecutionError::create):
553         (JSC::TerminatedExecutionError::TerminatedExecutionError):
554         (JSC::TerminatedExecutionError::create):
555         * runtime/Executable.cpp:
556         (JSC::EvalExecutable::EvalExecutable):
557         (JSC::ProgramExecutable::ProgramExecutable):
558         (JSC::FunctionExecutable::FunctionExecutable):
559         * runtime/Executable.h:
560         (JSC::NativeExecutable::create):
561         (JSC::NativeExecutable::NativeExecutable):
562         (JSC::EvalExecutable::create):
563         (JSC::ProgramExecutable::create):
564         (JSC::FunctionExecutable::create):
565         * runtime/InternalFunction.cpp:
566         (JSC::InternalFunction::InternalFunction):
567         (JSC::InternalFunction::finishCreation):
568         * runtime/InternalFunction.h:
569         * runtime/JSActivation.cpp:
570         (JSC::JSActivation::JSActivation):
571         (JSC::JSActivation::finishCreation):
572         * runtime/JSActivation.h:
573         * runtime/JSArray.cpp:
574         (JSC::JSArray::JSArray):
575         * runtime/JSArray.h:
576         (JSC::JSArray::create):
577         * runtime/JSByteArray.cpp:
578         (JSC::JSByteArray::JSByteArray):
579         * runtime/JSByteArray.h:
580         (JSC::JSByteArray::create):
581         * runtime/JSFunction.cpp:
582         (JSC::JSFunction::JSFunction):
583         (JSC::JSFunction::finishCreation):
584         * runtime/JSFunction.h:
585         (JSC::JSFunction::create):
586         * runtime/JSGlobalObject.h:
587         (JSC::JSGlobalObject::JSGlobalObject):
588         (JSC::JSGlobalObject::finishCreation):
589         * runtime/JSNotAnObject.h:
590         (JSC::JSNotAnObject::JSNotAnObject):
591         (JSC::JSNotAnObject::create):
592         * runtime/JSONObject.cpp:
593         (JSC::JSONObject::JSONObject):
594         (JSC::JSONObject::finishCreation):
595         * runtime/JSONObject.h:
596         * runtime/JSObjectWithGlobalObject.cpp:
597         (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
598         * runtime/JSObjectWithGlobalObject.h:
599         * runtime/JSStaticScopeObject.h:
600         (JSC::JSStaticScopeObject::create):
601         (JSC::JSStaticScopeObject::finishCreation):
602         (JSC::JSStaticScopeObject::JSStaticScopeObject):
603         * runtime/JSVariableObject.h:
604         (JSC::JSVariableObject::JSVariableObject):
605         * runtime/JSWrapperObject.h:
606         (JSC::JSWrapperObject::JSWrapperObject):
607         * runtime/MathObject.cpp:
608         (JSC::MathObject::MathObject):
609         (JSC::MathObject::finishCreation):
610         * runtime/MathObject.h:
611         * runtime/NumberObject.cpp:
612         (JSC::NumberObject::NumberObject):
613         (JSC::NumberObject::finishCreation):
614         * runtime/NumberObject.h:
615         * runtime/ObjectPrototype.cpp:
616         (JSC::ObjectPrototype::ObjectPrototype):
617         * runtime/ObjectPrototype.h:
618         (JSC::ObjectPrototype::create):
619         * runtime/RegExpConstructor.cpp:
620         (JSC::RegExpMatchesArray::RegExpMatchesArray):
621         (JSC::RegExpMatchesArray::finishCreation):
622         * runtime/RegExpMatchesArray.h:
623         * runtime/RegExpObject.cpp:
624         (JSC::RegExpObject::RegExpObject):
625         (JSC::RegExpObject::finishCreation):
626         * runtime/RegExpObject.h:
627         * runtime/StrictEvalActivation.cpp:
628         (JSC::StrictEvalActivation::StrictEvalActivation):
629         * runtime/StrictEvalActivation.h:
630         (JSC::StrictEvalActivation::create):
631         * runtime/StringObject.cpp:
632         (JSC::StringObject::StringObject):
633         (JSC::StringObject::finishCreation):
634         * runtime/StringObject.h:
635
636 2011-09-01  Daniel Bates  <dbates@rim.com>
637
638         QNX GCC distribution doesn't support vasprintf()
639         https://bugs.webkit.org/show_bug.cgi?id=67423
640
641         Reviewed by Antonio Gomes.
642
643         * wtf/Platform.h: Don't enable HAVE_VASPRINTF when building with GCC on QNX.
644
645 2011-09-01  Michael Saboff  <msaboff@apple.com>
646
647         Remove simple usage of UString::characters() from JavaScriptCore
648         https://bugs.webkit.org/show_bug.cgi?id=67340
649
650         In preparation to allowing StringImpl to be backed by 8 bit 
651         characters when appropriate, we need to eliminate or change the
652         usage of StringImpl::characters().  Most of the changes below
653         change s->characters()[0] to s[0].
654
655         Reviewed by Geoffrey Garen.
656
657         * bytecompiler/BytecodeGenerator.cpp:
658         (JSC::keyForCharacterSwitch):
659         * bytecompiler/NodesCodegen.cpp:
660         (JSC::processClauseList):
661         * interpreter/Interpreter.cpp:
662         (JSC::Interpreter::privateExecute):
663         * jit/JITStubs.cpp:
664         (JSC::DEFINE_STUB_FUNCTION):
665         * runtime/Identifier.cpp:
666         (JSC::Identifier::addSlowCase):
667         * runtime/JSGlobalObjectFunctions.cpp:
668         (JSC::jsToNumber):
669         (JSC::parseFloat):
670         * runtime/JSString.cpp:
671         (JSC::JSString::substringFromRope):
672         * runtime/JSString.h:
673         (JSC::jsSingleCharacterSubstring):
674         (JSC::jsString):
675         (JSC::jsSubstring):
676         (JSC::jsOwnedString):
677         * runtime/RegExp.cpp:
678         (JSC::regExpFlags):
679         * wtf/text/StringBuilder.h:
680         (WTF::StringBuilder::operator[]):
681
682 2011-09-01  Ada Chan  <adachan@apple.com>
683
684         Export fastMallocStatistics and Heap::objectTypeCounts for https://bugs.webkit.org/show_bug.cgi?id=67160.
685
686         Reviewed by Darin Adler.
687
688         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
689
690 2011-09-01  Hao Zheng  <zhenghao@chromium.org>
691
692         Define PTHREAD_KEYS_MAX to fix Android port build.
693         https://bugs.webkit.org/show_bug.cgi?id=67362
694
695         Reviewed by Adam Barth.
696
697         PTHREAD_KEYS_MAX is not defined in bionic, so explicitly define it.
698
699         * wtf/ThreadIdentifierDataPthreads.cpp:
700
701 2011-08-31  Oliver Hunt  <oliver@apple.com>
702
703         Fix build.
704
705         * wtf/CheckedArithmetic.h:
706         (WTF::Checked::Checked):
707         (WTF::Checked::operator=):
708
709 2011-08-31  Oliver Hunt  <oliver@apple.com>
710
711         fast/regex/overflow.html asserts in debug builds
712         https://bugs.webkit.org/show_bug.cgi?id=67326
713
714         Reviewed by Gavin Barraclough.
715
716         The deliberate overflows in these expressions don't interact nicely
717         with Checked<32bit-type> so we just bump up to Checked<int64_t> for the
718         intermediate calculations.
719
720         * yarr/YarrJIT.cpp:
721         (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
722         (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
723
724 2011-08-31  Jeff Miller  <jeffm@apple.com>
725
726         REGRESSION(92210): AVFoundation media engine is disabled on OS X
727         https://bugs.webkit.org/show_bug.cgi?id=67316
728
729         Move the definition of WTF_USE_AVFOUNDATION on the Mac back to JavaScriptCore/wtf/Platform.h,
730         since WebKit2 doesn't have access to WebCore/config.h on this platform. This reverts the
731         changes that were made in r92210.
732
733         Reviewed by Darin Adler.
734
735         * wtf/Platform.h: Added definition of WTF_USE_AVFOUNDATION on the Mac.
736
737 2011-08-31  Peter Beverloo  <peter@chromium.org>
738
739         Add Android's platform specification and the right atomic functions.
740         https://bugs.webkit.org/show_bug.cgi?id=66687
741
742         Reviewed by Adam Barth.
743
744         * wtf/Atomics.h:
745         (WTF::atomicIncrement):
746         (WTF::atomicDecrement):
747         * wtf/Platform.h:
748
749 2011-08-30  Oliver Hunt  <oliver@apple.com>
750
751         Add support for checked arithmetic
752         https://bugs.webkit.org/show_bug.cgi?id=67095
753
754         Reviewed by Sam Weinig.
755
756         Add a checked arithmetic class Checked<T> that provides overflow-safe
757         arithmetic over all integral types.  Checked<T> supports addition, subtraction
758         and multiplication, along with "bool" conversions and equality operators.
759
760         Checked<> can be used in either CRASH() on overflow or delayed failure modes,
761         although the default is to CRASH().
762
763         To ensure the code is actually in use (rather than checking in dead code) I've
764         made a couple of properties in YARR use Checked<int> and Checked<unsigned>
765         instead of raw value arithmetic.  This has resulted in a moderate set of changes,
766         to YARR - mostly adding .get() calls, but a couple of casts from unsigned long
767         to unsigned for some uses of sizeof, as Checked<> currently does not support
768         mixed signed-ness of types wider that 32 bits.
769
770         Happily the increased type safety of Checked<> means that it's not possible to
771         accidentally assign away precision, nor accidentally call integer overload of
772         a function instead of the bool version.
773
774         No measurable regression in performance, and SunSpider claims this patch to be
775         a progression of 0.3%.
776
777         * GNUmakefile.list.am:
778         * JavaScriptCore.gypi:
779         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
780         * JavaScriptCore.xcodeproj/project.pbxproj:
781         * wtf/CheckedArithmetic.h: Added.
782         (WTF::CrashOnOverflow::overflowed):
783         (WTF::CrashOnOverflow::clearOverflow):
784         (WTF::CrashOnOverflow::hasOverflowed):
785         (WTF::RecordOverflow::RecordOverflow):
786         (WTF::RecordOverflow::overflowed):
787         (WTF::RecordOverflow::clearOverflow):
788         (WTF::RecordOverflow::hasOverflowed):
789         (WTF::isInBounds):
790         (WTF::safeAdd):
791         (WTF::safeSub):
792         (WTF::safeMultiply):
793         (WTF::safeEquals):
794         (WTF::workAroundClangBug):
795         (WTF::Checked::Checked):
796         (WTF::Checked::operator=):
797         (WTF::Checked::operator++):
798         (WTF::Checked::operator--):
799         (WTF::Checked::operator!):
800         (WTF::Checked::operator UnspecifiedBoolType*):
801         (WTF::Checked::get):
802         (WTF::Checked::operator+=):
803         (WTF::Checked::operator-=):
804         (WTF::Checked::operator*=):
805         (WTF::Checked::operator==):
806         (WTF::Checked::operator!=):
807         (WTF::operator+):
808         (WTF::operator-):
809         (WTF::operator*):
810         * yarr/YarrInterpreter.cpp:
811         (JSC::Yarr::ByteCompiler::atomPatternCharacter):
812         (JSC::Yarr::ByteCompiler::atomCharacterClass):
813         (JSC::Yarr::ByteCompiler::atomBackReference):
814         (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
815         (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
816         (JSC::Yarr::ByteCompiler::atomParenthesesOnceEnd):
817         (JSC::Yarr::ByteCompiler::atomParenthesesTerminalEnd):
818         * yarr/YarrInterpreter.h:
819         (JSC::Yarr::ByteTerm::ByteTerm):
820         (JSC::Yarr::ByteTerm::CheckInput):
821         (JSC::Yarr::ByteTerm::UncheckInput):
822         * yarr/YarrJIT.cpp:
823         (JSC::Yarr::YarrGenerator::generateAssertionEOL):
824         (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
825         (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
826         (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
827         (JSC::Yarr::YarrGenerator::generateCharacterClassOnce):
828         (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
829         (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
830         (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
831         * yarr/YarrPattern.cpp:
832         (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
833         * yarr/YarrPattern.h:
834
835 2011-08-31  Andrei Popescu  <andreip@google.com>
836
837         Investigate current uses of OS(ANDROID)
838         https://bugs.webkit.org/show_bug.cgi?id=66761
839
840         Unreviewed, build fix for ARM platforms.
841
842         * wtf/Platform.h:
843
844 2011-08-31  Andrei Popescu  <andreip@google.com>
845
846         Investigate current uses of OS(ANDROID)
847         https://bugs.webkit.org/show_bug.cgi?id=66761
848
849         Reviewed by Darin Adler.
850
851         Remove the last legacy Android code.
852
853         No new tests needed as the code wasn't tested in the first place.
854
855         * wtf/Atomics.h:
856         * wtf/Platform.h:
857         * wtf/ThreadingPthreads.cpp:
858         (WTF::createThreadInternal):
859
860 2011-08-30  Aaron Colwell  <acolwell@chromium.org>
861
862         Add MediaSource API to HTMLMediaElement
863         https://bugs.webkit.org/show_bug.cgi?id=64731
864
865         Reviewed by Eric Carlson.
866
867         * Configurations/FeatureDefines.xcconfig:
868
869 2011-08-30  Oliver Hunt  <oliver@apple.com>
870
871         TypedArrays don't ensure that denormalised values are normalised
872         https://bugs.webkit.org/show_bug.cgi?id=67178
873
874         Reviewed by Gavin Barraclough.
875
876         Add a couple of assertions to jsNumber() to ensure that
877         we block signaling NaNs
878
879         * runtime/JSValue.h:
880         (JSC::jsDoubleNumber):
881         (JSC::jsNumber):
882
883 2011-08-30  Ademar de Souza Reis Jr.  <ademar.reis@openbossa.org>
884
885         [Qt] Do not unconditionally use pkg-config in .pro files
886         https://bugs.webkit.org/show_bug.cgi?id=67055
887
888         Reviewed by Andreas Kling.
889
890         Original patch from Rohan McGovern <rohan.mcgovern@nokia.com>
891
892         Using the first pkg-config in PATH is prone to errors when cross
893         compiling inside the Qt repository (using Qt's build-system).
894
895         This patch protect calls for pkg-config with
896         !contains(QT_CONFIG, no-pkg-config). no-pkg-config is added to
897         QT_CONFIG by Qt's 'configure' when cross-compiling on systems
898         without pkg-config.
899
900         The respective change in Qt's configure has been submited already.
901
902         No new tests as this is just a build change.
903
904         * wtf/wtf.pri: protect pkg-config calls
905
906 2011-08-29  Daniel Bates  <dbates@webkit.org>
907
908         Add HAVE(VASPRINTF) macro to test for vasprintf() support
909         https://bugs.webkit.org/show_bug.cgi?id=67156
910
911         Reviewed by Darin Adler.
912
913         Encapsulate testing of vasprintf() support in a HAVE macro
914         instead of hardcoding the list of supported/unsupported
915         compilers at the call site.
916
917         * wtf/Platform.h:
918
919 2011-08-29  Mark Hahnenberg  <mhahnenberg@apple.com>
920
921         Unzip initialization lists and constructors in JSCell hierarchy (3/7)
922         https://bugs.webkit.org/show_bug.cgi?id=67064
923
924         Reviewed by Darin Adler.
925
926         Completed the third level of the refactoring to add finishCreation() 
927         methods to all classes within the JSCell hierarchy with non-trivial 
928         constructor bodies.
929
930         This primarily consists of pushing the calls to finishCreation() down 
931         into the constructors of the subclasses of the second level of the hierarchy 
932         as well as pulling the finishCreation() calls out into the class's corresponding
933         create() method if it has one.  Doing both simultaneously allows us to 
934         maintain the invariant that the finishCreation() method chain is called exactly 
935         once during the creation of an object, since calling it any other number of 
936         times (0, 2, or more) will cause an assertion failure.
937
938         * debugger/DebuggerActivation.cpp:
939         (JSC::DebuggerActivation::DebuggerActivation):
940         (JSC::DebuggerActivation::finishCreation):
941         * debugger/DebuggerActivation.h:
942         (JSC::DebuggerActivation::create):
943         * runtime/Arguments.h:
944         (JSC::Arguments::create):
945         (JSC::Arguments::createNoParameters):
946         (JSC::Arguments::Arguments):
947         (JSC::Arguments::finishCreation):
948         * runtime/ErrorInstance.cpp:
949         (JSC::ErrorInstance::ErrorInstance):
950         * runtime/ErrorInstance.h:
951         (JSC::ErrorInstance::finishCreation):
952         * runtime/ExceptionHelpers.cpp:
953         (JSC::InterruptedExecutionError::InterruptedExecutionError):
954         (JSC::TerminatedExecutionError::TerminatedExecutionError):
955         * runtime/Executable.cpp:
956         (JSC::EvalExecutable::EvalExecutable):
957         (JSC::ProgramExecutable::ProgramExecutable):
958         (JSC::FunctionExecutable::FunctionExecutable):
959         Moved the assignment of m_firstLine and m_lastLine into the 
960         FunctionExecutable::finishCreation() method in Executable.h
961         * runtime/Executable.h:
962         (JSC::ScriptExecutable::ScriptExecutable):
963         (JSC::EvalExecutable::create):
964         (JSC::ProgramExecutable::create):
965         (JSC::FunctionExecutable::create):
966         (JSC::FunctionExecutable::finishCreation):
967         * runtime/JSArray.cpp:
968         (JSC::JSArray::JSArray):
969         (JSC::JSArray::finishCreation):
970         * runtime/JSArray.h:
971         * runtime/JSByteArray.cpp:
972         (JSC::JSByteArray::JSByteArray):
973         * runtime/JSByteArray.h:
974         (JSC::JSByteArray::finishCreation):
975         * runtime/JSNotAnObject.h:
976         (JSC::JSNotAnObject::JSNotAnObject):
977         * runtime/JSObject.h:
978         (JSC::JSNonFinalObject::JSNonFinalObject):
979         * runtime/JSObjectWithGlobalObject.cpp:
980         (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
981         (JSC::JSObjectWithGlobalObject::finishCreation):
982         * runtime/JSObjectWithGlobalObject.h:
983         * runtime/JSVariableObject.h:
984         (JSC::JSVariableObject::JSVariableObject):
985         (JSC::JSVariableObject::finishCreation):
986         * runtime/JSWrapperObject.h:
987         (JSC::JSWrapperObject::JSWrapperObject):
988         * runtime/ObjectPrototype.cpp:
989         (JSC::ObjectPrototype::ObjectPrototype):
990         (JSC::ObjectPrototype::finishCreation):
991         * runtime/ObjectPrototype.h:
992         * runtime/StrictEvalActivation.cpp:
993         (JSC::StrictEvalActivation::StrictEvalActivation):
994
995 2011-08-29  Andreas Kling  <kling@webkit.org>
996
997         Unreviewed build fix after r93990.
998
999         * wtf/HashTable.h:
1000
1001 2011-08-29  Andreas Kling  <kling@webkit.org>
1002
1003         Viewing a post on reddit.com wastes a lot of memory on event listeners.
1004         https://bugs.webkit.org/show_bug.cgi?id=67133
1005
1006         Reviewed by Darin Adler.
1007
1008         Add a minimum table size to the HashTraits, instead of having it hard coded.
1009         The default value remains at 64, but can now be specialized.
1010
1011         * runtime/StructureTransitionTable.h:
1012         * wtf/HashTable.h:
1013         (WTF::HashTable::shouldShrink):
1014         (WTF::::expand):
1015         (WTF::::checkTableConsistencyExceptSize):
1016         * wtf/HashTraits.h:
1017
1018 2011-08-28  Jonathan Liu  <net147@gmail.com>
1019
1020         Fix build error when compiling with MinGW-w64 by disabling JIT
1021         on Windows 64-bit
1022         https://bugs.webkit.org/show_bug.cgi?id=61235
1023
1024         Reviewed by Gavin Barraclough.
1025
1026         The fixed mmap executable allocator for JIT on x86_64 requires
1027         sys/mman.h which is not available on Windows.
1028
1029         * wtf/Platform.h:
1030
1031 2011-08-27  Filip Pizlo  <fpizlo@apple.com>
1032
1033         JSC::Executable is inconsistent about using weak handle finalizers
1034         and destructors for releasing memory
1035         https://bugs.webkit.org/show_bug.cgi?id=67072
1036
1037         Reviewed by Darin Adler.
1038         
1039         Moved more of the destruction of Executable state into the finalizer,
1040         which also resulted in an opportunity to mostly combine this with
1041         discardCode().  This also means that the finalizer is now enabled even
1042         when the JIT is turned off.  This is performance neutral on SunSpider,
1043         V8, and Kraken.
1044
1045         * runtime/Executable.cpp:
1046         (JSC::ExecutableBase::clearCode):
1047         (JSC::ExecutableFinalizer::finalize):
1048         (JSC::EvalExecutable::clearCode):
1049         (JSC::ProgramExecutable::clearCode):
1050         (JSC::FunctionExecutable::discardCode):
1051         (JSC::FunctionExecutable::clearCode):
1052         * runtime/Executable.h:
1053         (JSC::ExecutableBase::finishCreation):
1054
1055 2011-08-26  Gavin Barraclough  <barraclough@apple.com>
1056
1057         DFG JIT - ArithMod may clobber operands.
1058         https://bugs.webkit.org/show_bug.cgi?id=67085
1059
1060         Reviewed by Sam Weinig.
1061
1062         unboxDouble must be called on a temporary.
1063
1064         * dfg/DFGJITCodeGenerator.cpp:
1065         (JSC::DFG::JITCodeGenerator::fillDouble):
1066         * dfg/DFGJITCodeGenerator.h:
1067         (JSC::DFG::JITCodeGenerator::boxDouble):
1068         * dfg/DFGNonSpeculativeJIT.cpp:
1069         (JSC::DFG::NonSpeculativeJIT::compile):
1070         * dfg/DFGSpeculativeJIT.cpp:
1071         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1072
1073 2011-08-26  Mark Hahnenberg  <mhahnenberg@apple.com>
1074
1075         Unzip initialization lists and constructors in JSCell hierarchy (2/7)
1076         https://bugs.webkit.org/show_bug.cgi?id=66957
1077
1078         Reviewed by Darin Adler.
1079
1080         Completed the second level of the refactoring to add finishCreation()
1081         methods to all classes within the JSCell hierarchy with non-trivial 
1082         constructor bodies.
1083
1084         * runtime/Executable.h:
1085         (JSC::ExecutableBase::ExecutableBase):
1086         (JSC::ExecutableBase::create):
1087         (JSC::NativeExecutable::create):
1088         (JSC::NativeExecutable::finishCreation):
1089         (JSC::NativeExecutable::NativeExecutable):
1090         (JSC::ScriptExecutable::ScriptExecutable):
1091         (JSC::ScriptExecutable::finishCreation):
1092         * runtime/GetterSetter.h:
1093         (JSC::GetterSetter::GetterSetter):
1094         (JSC::GetterSetter::create):
1095         * runtime/JSAPIValueWrapper.h:
1096         (JSC::JSAPIValueWrapper::create):
1097         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
1098         * runtime/JSObject.h:
1099         (JSC::JSNonFinalObject::JSNonFinalObject):
1100         (JSC::JSNonFinalObject::finishCreation):
1101         (JSC::JSFinalObject::create):
1102         (JSC::JSFinalObject::finishCreation):
1103         (JSC::JSFinalObject::JSFinalObject):
1104         (JSC::JSObject::JSObject):
1105         * runtime/JSPropertyNameIterator.cpp:
1106         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
1107         (JSC::JSPropertyNameIterator::create):
1108         * runtime/JSPropertyNameIterator.h:
1109         (JSC::JSPropertyNameIterator::create):
1110         * runtime/RegExp.cpp:
1111         (JSC::RegExp::RegExp):
1112         (JSC::RegExp::createWithoutCaching):
1113         * runtime/ScopeChain.h:
1114         (JSC::ScopeChainNode::ScopeChainNode):
1115         (JSC::ScopeChainNode::create):
1116         * runtime/Structure.cpp:
1117         (JSC::Structure::Structure):
1118         * runtime/Structure.h:
1119         (JSC::Structure::create):
1120         (JSC::Structure::finishCreation):
1121         (JSC::Structure::createStructure):
1122         * runtime/StructureChain.cpp:
1123         (JSC::StructureChain::StructureChain):
1124         * runtime/StructureChain.h:
1125         (JSC::StructureChain::create):
1126
1127 2011-08-26  Filip Pizlo  <fpizlo@apple.com>
1128
1129         The GC does not have a facility for profiling the kinds of objects
1130         that occupy the heap
1131         https://bugs.webkit.org/show_bug.cgi?id=66849
1132
1133         Reviewed by Geoffrey Garen.
1134         
1135         Destructor calls and object scans are now optionally counted, per
1136         vtable. When the heap is destroyed and profiling is enabled, the
1137         counts are dumped, with care taken to print the names of classes
1138         (modulo C++ mangling) sorted in descending commonality.
1139
1140         * GNUmakefile.list.am:
1141         * JavaScriptCore.exp:
1142         * JavaScriptCore.pro:
1143         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1144         * JavaScriptCore.xcodeproj/project.pbxproj:
1145         * heap/Heap.cpp:
1146         (JSC::Heap::destroy):
1147         * heap/Heap.h:
1148         * heap/MarkStack.cpp:
1149         (JSC::SlotVisitor::visitChildren):
1150         (JSC::SlotVisitor::drain):
1151         * heap/MarkStack.h:
1152         * heap/MarkedBlock.cpp:
1153         (JSC::MarkedBlock::callDestructor):
1154         * heap/MarkedBlock.h:
1155         * heap/VTableSpectrum.cpp: Added.
1156         (JSC::VTableSpectrum::VTableSpectrum):
1157         (JSC::VTableSpectrum::~VTableSpectrum):
1158         (JSC::VTableSpectrum::countVPtr):
1159         (JSC::VTableSpectrum::count):
1160         (JSC::VTableAndCount::VTableAndCount):
1161         (JSC::VTableAndCount::operator<):
1162         (JSC::VTableSpectrum::dump):
1163         * heap/VTableSpectrum.h: Added.
1164         * wtf/Platform.h:
1165
1166 2011-08-26  Juan C. Montemayor  <jmont@apple.com>
1167
1168         Update topCallFrame when calling host functions in the JIT
1169         https://bugs.webkit.org/show_bug.cgi?id=67010
1170
1171         Reviewed by Oliver Hunt.
1172         
1173         The topCallFrame is not being updated when a host function is
1174         called by the JIT. This causes problems when trying to create a
1175         stack trace (https://bugs.webkit.org/show_bug.cgi?id=66994).
1176
1177         * jit/JITOpcodes.cpp:
1178         (JSC::JIT::privateCompileCTIMachineTrampolines):
1179         (JSC::JIT::privateCompileCTINativeCall):
1180
1181 2011-08-26  Alexey Proskuryakov  <ap@apple.com>
1182
1183         Get rid of frame life support timer
1184         https://bugs.webkit.org/show_bug.cgi?id=66874
1185
1186         Reviewed by Geoff Garen.
1187
1188         * runtime/JSGlobalObject.h:
1189         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1190         globalExec() no longer needs to be virtual, its only override was in JSDOMWindowBase.
1191
1192 2011-08-26  Chao-ying Fu  <fu@mips.com>
1193
1194         Fix MIPS patchOffsetGetByIdSlowCaseCall
1195         https://bugs.webkit.org/show_bug.cgi?id=67046
1196
1197         Reviewed by Gavin Barraclough.
1198
1199         * jit/JIT.h:
1200
1201 2011-08-25  Mark Hahnenberg  <mhahnenberg@apple.com>
1202
1203         Fixing broken build due to unused variables in release mode
1204         https://bugs.webkit.org/show_bug.cgi?id=67004
1205
1206         Unreviewed, release build fix.
1207
1208         Fixing broken build due to unused variables in ASSERTs in release build.
1209
1210         * runtime/JSObject.h:
1211         (JSC::JSObject::finishCreation):
1212         * runtime/JSString.h:
1213         (JSC::RopeBuilder::finishCreation):
1214         * runtime/ScopeChain.h:
1215         (JSC::ScopeChainNode::finishCreation):
1216
1217 2011-08-25  Mark Hahnenberg  <mhahnenberg@apple.com>
1218
1219         Unzip initialization lists and constructors in JSCell hierarchy (1/7)
1220         https://bugs.webkit.org/show_bug.cgi?id=66827
1221
1222         Reviewed by Geoffrey Garen.
1223
1224         Added finishCreation() methods to all immediately subclasses of JSCell with
1225         non-empty constructors.  Part of a larger refactoring to "unzip" initialization
1226         lists and constructor bodies.  Also renamed JSCell's constructorBody() method
1227         to finishCreation().
1228
1229         * runtime/Executable.h:
1230         (JSC::ExecutableBase::ExecutableBase):
1231         (JSC::ExecutableBase::constructorBody):
1232         * runtime/GetterSetter.h:
1233         (JSC::GetterSetter::GetterSetter):
1234         * runtime/JSAPIValueWrapper.h:
1235         (JSC::JSAPIValueWrapper::constructorBody):
1236         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
1237         * runtime/JSCell.h:
1238         (JSC::JSCell::JSCell::JSCell):
1239         (JSC::JSCell::JSCell::constructorBody):
1240         * runtime/JSObject.h:
1241         (JSC::JSObject::constructorBody):
1242         (JSC::JSObject::JSObject):
1243         * runtime/JSPropertyNameIterator.h:
1244         (JSC::JSPropertyNameIterator::constructorBody):
1245         * runtime/JSString.h:
1246         (JSC::RopeBuilder::JSString):
1247         (JSC::RopeBuilder::constructorBody):
1248         * runtime/RegExp.cpp:
1249         (JSC::RegExp::RegExp):
1250         (JSC::RegExp::constructorBody):
1251         * runtime/RegExp.h:
1252         * runtime/ScopeChain.h:
1253         (JSC::ScopeChainNode::ScopeChainNode):
1254         (JSC::ScopeChainNode::constructorBody):
1255         * runtime/Structure.cpp:
1256         (JSC::Structure::Structure):
1257         * runtime/StructureChain.cpp:
1258         (JSC::StructureChain::StructureChain):
1259         * runtime/StructureChain.h:
1260         (JSC::StructureChain::create):
1261         (JSC::StructureChain::constructorBody):
1262
1263 2011-08-25  Gabor Loki  <loki@webkit.org>
1264
1265         REGRESSION(r93755): It made 14 jsc test and ~500 layout test fail on Qt-ARM bot
1266         https://bugs.webkit.org/show_bug.cgi?id=66956
1267
1268         Rebaseline constants for patching GetByIdSlowCaseCall on ARM.
1269
1270         Reviewed by Oliver Hunt.
1271
1272         * jit/JIT.h:
1273
1274 2011-08-24  Juan C. Montemayor  <jmont@apple.com>
1275
1276         Keep track of topCallFrame for Stack traces
1277         https://bugs.webkit.org/show_bug.cgi?id=66571
1278
1279         Reviewed by Geoffrey Garen.
1280
1281         This patch adds a TopCallFrame to JSC in order to have that information
1282         when an error is thrown to create a stack trace. The TopCallFrame is
1283         updated throughout select points in the Interpreter and the JSC.
1284
1285         * interpreter/Interpreter.cpp:
1286         (JSC::Interpreter::unwindCallFrame):
1287         (JSC::Interpreter::throwException):
1288         (JSC::Interpreter::execute):
1289         (JSC::Interpreter::executeCall):
1290         (JSC::Interpreter::executeConstruct):
1291         (JSC::Interpreter::privateExecute):
1292         * interpreter/Interpreter.h:
1293         (JSC::TopCallFrameSetter::TopCallFrameSetter):
1294         (JSC::TopCallFrameSetter::~TopCallFrameSetter):
1295         * jit/JIT.h:
1296         * jit/JITInlineMethods.h:
1297         (JSC::JIT::updateTopCallFrame):
1298         * jit/JITStubCall.h:
1299         (JSC::JITStubCall::call):
1300         * jit/JITStubs.cpp:
1301         (JSC::throwExceptionFromOpCall):
1302         (JSC::DEFINE_STUB_FUNCTION):
1303         (JSC::arityCheckFor):
1304         * runtime/JSGlobalData.cpp:
1305         (JSC::JSGlobalData::JSGlobalData):
1306         * runtime/JSGlobalData.h:
1307
1308 2011-08-24  Filip Pizlo  <fpizlo@apple.com>
1309
1310         ErrorInstance::create sometimes has two heap object constructions
1311         in flight at once
1312         https://bugs.webkit.org/show_bug.cgi?id=66845
1313
1314         Reviewed by Darin Adler.
1315         
1316         The fix is simple since there is already a second create() method
1317         that takes a UString.
1318
1319         * runtime/ErrorInstance.cpp:
1320         (JSC::ErrorInstance::create):
1321
1322 2011-08-24  Filip Pizlo  <fpizlo@apple.com>
1323
1324         There is no facility for profiling how the write barrier is used
1325         https://bugs.webkit.org/show_bug.cgi?id=66747
1326
1327         Reviewed by Geoffrey Garen.
1328         
1329         Added facilities for the JIT to specify the kind of write barrier
1330         being executed.  Added code for profiling the number of each kind
1331         of barrier encountered.
1332
1333         * GNUmakefile.list.am:
1334         * JavaScriptCore.exp:
1335         * JavaScriptCore.pro:
1336         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1337         * JavaScriptCore.xcodeproj/project.pbxproj:
1338         * dfg/DFGJITCodeGenerator.cpp:
1339         (JSC::DFG::JITCodeGenerator::writeBarrier):
1340         (JSC::DFG::JITCodeGenerator::cachedPutById):
1341         * dfg/DFGJITCodeGenerator.h:
1342         * dfg/DFGJITCompiler.cpp:
1343         (JSC::DFG::JITCompiler::emitCount):
1344         * dfg/DFGJITCompiler.h:
1345         (JSC::DFG::JITCompiler::emitCount):
1346         * dfg/DFGNonSpeculativeJIT.cpp:
1347         (JSC::DFG::NonSpeculativeJIT::compile):
1348         * dfg/DFGRepatch.cpp:
1349         (JSC::DFG::tryCachePutByID):
1350         * dfg/DFGSpeculativeJIT.cpp:
1351         (JSC::DFG::SpeculativeJIT::compile):
1352         * heap/Heap.h:
1353         (JSC::Heap::writeBarrier):
1354         * heap/WriteBarrierSupport.cpp: Added.
1355         (JSC::WriteBarrierCounters::initialize):
1356         * heap/WriteBarrierSupport.h: Added.
1357         (JSC::WriteBarrierCounters::WriteBarrierCounters):
1358         (JSC::WriteBarrierCounters::jitCounterFor):
1359         (JSC::WriteBarrierCounters::countWriteBarrier):
1360         * jit/JIT.h:
1361         * jit/JITPropertyAccess.cpp:
1362         (JSC::JIT::emit_op_put_by_id):
1363         (JSC::JIT::privateCompilePutByIdTransition):
1364         (JSC::JIT::emit_op_put_scoped_var):
1365         (JSC::JIT::emit_op_put_global_var):
1366         (JSC::JIT::emitWriteBarrier):
1367         * jit/JITPropertyAccess32_64.cpp:
1368         (JSC::JIT::emit_op_put_by_val):
1369         (JSC::JIT::emit_op_put_by_id):
1370         (JSC::JIT::privateCompilePutByIdTransition):
1371         (JSC::JIT::emit_op_put_scoped_var):
1372         (JSC::JIT::emit_op_put_global_var):
1373         (JSC::JIT::emitWriteBarrier):
1374         * runtime/InitializeThreading.cpp:
1375         (JSC::initializeThreadingOnce):
1376         * runtime/WriteBarrier.h:
1377         (JSC::WriteBarrierBase::setWithoutWriteBarrier):
1378
1379 2011-08-23  Mark Hahnenberg  <mhahnenberg@apple.com>
1380
1381         Add checks to ensure allocation does not take place during initialization of GC-managed objects
1382         https://bugs.webkit.org/show_bug.cgi?id=65288
1383
1384         Reviewed by Darin Adler.
1385
1386         Adding the new validation functionality.  In its current state, it will performs checks, 
1387         but they don't fail unless you do allocation in the arguments to the parent constructor in the 
1388         initialization list of a class.  The allocateCell() method turns on the global flag disallowing any new 
1389         allocations, and the constructorBody() method in JSCell turns it off.  This way, allocation is still 
1390         allowed in constructor bodies while other refactoring efforts continue.
1391
1392         * runtime/JSCell.h:
1393         (JSC::JSCell::JSCell::constructorBody):
1394         (JSC::JSCell::JSCell::JSCell):
1395         (JSC::JSCell::allocateCell):
1396         * runtime/JSGlobalData.cpp:
1397         (JSC::JSGlobalData::JSGlobalData):
1398         * runtime/JSGlobalData.h:
1399         (JSC::JSGlobalData::isInitializingObject):
1400         (JSC::JSGlobalData::setInitializingObject):
1401         * runtime/StringObjectThatMasqueradesAsUndefined.h:
1402         (JSC::StringObjectThatMasqueradesAsUndefined::create):
1403
1404 2011-08-23  Gavin Barraclough  <barraclough@apple.com>
1405
1406         https://bugs.webkit.org/show_bug.cgi?id=55347
1407         "name" and "message" enumerable on *Error.prototype
1408
1409         Reviewed by Sam Weinig.
1410
1411         The default value of a NativeErrorPrototype's message
1412         property is "", not the name of the error.
1413
1414         * runtime/NativeErrorConstructor.cpp:
1415         (JSC::NativeErrorConstructor::NativeErrorConstructor):
1416         * runtime/NativeErrorConstructor.h:
1417         (JSC::NativeErrorConstructor::create):
1418         (JSC::NativeErrorConstructor::constructorBody):
1419         * runtime/NativeErrorPrototype.cpp:
1420         (JSC::NativeErrorPrototype::NativeErrorPrototype):
1421         (JSC::NativeErrorPrototype::constructorBody):
1422         * runtime/NativeErrorPrototype.h:
1423         (JSC::NativeErrorPrototype::create):
1424         * runtime/StringPrototype.cpp:
1425         (JSC::StringPrototype::StringPrototype):
1426         * runtime/StringPrototype.h:
1427         (JSC::StringPrototype::create):
1428
1429 2011-08-23  Steve Block  <steveblock@google.com>
1430
1431         Remove last occurrences of PLATFORM(ANDROID)
1432         https://bugs.webkit.org/show_bug.cgi?id=66763
1433
1434         Reviewed by Tony Gentilcore.
1435
1436         * wtf/Platform.h:
1437
1438 2011-08-23  Steve Block  <steveblock@google.com>
1439
1440         Remove all mention of removed Android files from build scripts
1441         https://bugs.webkit.org/show_bug.cgi?id=66755
1442
1443         Reviewed by Tony Gentilcore.
1444
1445         * JavaScriptCore.gyp/JavaScriptCore.gyp:
1446         * JavaScriptCore.gypi:
1447         * gyp/JavaScriptCore.gyp:
1448
1449 2011-08-23  Adam Barth  <abarth@webkit.org>
1450
1451         Remove WebCore/editing/android and other Android-specific directories
1452         https://bugs.webkit.org/show_bug.cgi?id=66739
1453
1454         Reviewed by Steve Block.
1455
1456         Now that Android shares more code with Chromium, we don't need these
1457         Android-specific files.
1458
1459         * wtf/android: Removed.
1460         * wtf/android/AndroidThreading.h: Removed.
1461         * wtf/android/MainThreadAndroid.cpp: Removed.
1462
1463 2011-08-23  Ilya Tikhonovsky  <loislo@chromium.org>
1464
1465         Unreviewed build fix for compile error on Windows for r93560.
1466
1467         * runtime/SamplingCounter.h:
1468
1469 2011-08-22  Filip Pizlo  <fpizlo@apple.com>
1470
1471         Sampling counter support is in the bytecode directory
1472         https://bugs.webkit.org/show_bug.cgi?id=66724
1473
1474         Reviewed by Darin Adler.
1475         
1476         Moved SamplingCounter to a separate header in runtime/.
1477
1478         * GNUmakefile.list.am:
1479         * JavaScriptCore.pro:
1480         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1481         * JavaScriptCore.xcodeproj/project.pbxproj:
1482         * bytecode/SamplingTool.cpp:
1483         * bytecode/SamplingTool.h:
1484         * runtime/SamplingCounter.cpp: Added.
1485         (JSC::AbstractSamplingCounter::dump):
1486         * runtime/SamplingCounter.h: Added.
1487         (JSC::AbstractSamplingCounter::count):
1488         (JSC::AbstractSamplingCounter::addressOfCounter):
1489         (JSC::AbstractSamplingCounter::init):
1490         (JSC::SamplingCounter::SamplingCounter):
1491         (JSC::GlobalSamplingCounter::name):
1492         (JSC::DeletableSamplingCounter::DeletableSamplingCounter):
1493         (JSC::DeletableSamplingCounter::~DeletableSamplingCounter):
1494
1495 2011-08-21  Martin Robinson  <mrobinson@igalia.com>
1496
1497         Fix 'make dist' for WebKitGTK+.
1498
1499         * GNUmakefile.list.am: Add a missing header to the sources list.
1500
1501 2011-08-20  Filip Pizlo  <fpizlo@apple.com>
1502
1503         JavaScriptCore bytecompiler does not compute scope depth correctly
1504         in the case of constant declarations
1505         https://bugs.webkit.org/show_bug.cgi?id=66572
1506
1507         Reviewed by Oliver Hunt.
1508         
1509         Changed the handling of const to add the dynamic scope depth.
1510
1511         * bytecompiler/NodesCodegen.cpp:
1512         (JSC::ConstDeclNode::emitCodeSingle):
1513
1514 2011-08-19  Daniel Bates  <dbates@webkit.org>
1515
1516         Only #include <signal.h> and require SA_RESTART when building with JSC_MULTIPLE_THREADS
1517         https://bugs.webkit.org/show_bug.cgi?id=66617
1518
1519         Both <signal.h> and SA_RESTART usage are guarded behind ENABLE(JSC_MULTIPLE_THREADS).
1520         But we cause a compile error if the platform doesn't support SA_RESTART regardless of
1521         whether JSC_MULTIPLE_THREADS is enabled for the port. Instead, we shouldn't require
1522         SA_RESTART support unless we are building with JSC_MULTIPLE_THREADS enabled.
1523
1524         Reviewed by Antonio Gomes.
1525
1526         * heap/MachineStackMarker.cpp:
1527
1528 2011-08-19  Filip Pizlo  <fpizlo@apple.com>
1529
1530         The JSC JIT currently has no facility to profile and report
1531         the types of values
1532         https://bugs.webkit.org/show_bug.cgi?id=65901
1533
1534         Reviewed by Gavin Barraclough.
1535         
1536         Added the ability to profile the values seen at function calls (both
1537         arguments and results) and heap loads.  This is done with emphasis
1538         on performance.  A value profiling site consists of: add, and,
1539         move, and store; no branching is necessary.  Each value profiling
1540         site (called a ValueProfile) has a ring buffer of 8 recently-seen
1541         values.  ValueProfiles are stored in the CodeBlock; there will be
1542         one for each argument (excluding this) and each heap load or callsite.
1543         Each time a value profiling site executes, it stores the value into
1544         a pseudo-random element in the ValueProfile buffer.  The point is
1545         that for frequently executed code, we will have 8 somewhat recent
1546         values in the buffer and will be able to not only figure out what
1547         type it is, but also to be able to reason about the actual values
1548         if we wish to do so.
1549         
1550         This feature is currently disabled by default.  When enabled, it
1551         results in a 3.7% slow-down on SunSpider.
1552
1553         * JavaScriptCore.xcodeproj/project.pbxproj:
1554         * bytecode/CodeBlock.cpp:
1555         (JSC::CodeBlock::~CodeBlock):
1556         * bytecode/CodeBlock.h:
1557         (JSC::CodeBlock::addValueProfile):
1558         (JSC::CodeBlock::numberOfValueProfiles):
1559         (JSC::CodeBlock::valueProfile):
1560         (JSC::CodeBlock::valueProfileForBytecodeOffset):
1561         * bytecode/ValueProfile.h: Added.
1562         (JSC::ValueProfile::ValueProfile):
1563         (JSC::ValueProfile::numberOfSamples):
1564         (JSC::ValueProfile::computeProbability):
1565         (JSC::ValueProfile::numberOfInt32s):
1566         (JSC::ValueProfile::numberOfDoubles):
1567         (JSC::ValueProfile::numberOfCells):
1568         (JSC::ValueProfile::probabilityOfInt32):
1569         (JSC::ValueProfile::probabilityOfDouble):
1570         (JSC::ValueProfile::probabilityOfCell):
1571         (JSC::getValueProfileBytecodeOffset):
1572         * jit/JIT.cpp:
1573         (JSC::JIT::privateCompileSlowCases):
1574         (JSC::JIT::privateCompile):
1575         * jit/JIT.h:
1576         (JSC::JIT::emitValueProfilingSite):
1577         * jit/JITCall.cpp:
1578         (JSC::JIT::emit_op_call_put_result):
1579         * jit/JITInlineMethods.h:
1580         (JSC::JIT::emitValueProfilingSite):
1581         * jit/JITPropertyAccess.cpp:
1582         (JSC::JIT::emit_op_get_by_val):
1583         (JSC::JIT::emitSlow_op_get_by_val):
1584         (JSC::JIT::emit_op_method_check):
1585         (JSC::JIT::emit_op_get_by_id):
1586         (JSC::JIT::emitSlow_op_get_by_id):
1587         * jit/JSInterfaceJIT.h:
1588         * wtf/Platform.h:
1589         * wtf/StdLibExtras.h:
1590         (WTF::binarySearch):
1591         (WTF::genericBinarySearch):
1592
1593 2011-08-19  Daniel Bates  <dbates@webkit.org>
1594
1595         Don't include DisallowCType.h when building on QNX
1596         https://bugs.webkit.org/show_bug.cgi?id=66616
1597
1598         Reviewed by Antonio Gomes.
1599
1600         * config.h:
1601
1602 2011-08-19  Daniel Bates  <dbates@webkit.org>
1603
1604         Implement ExecutableAllocator::cacheFlush() for QNX
1605         https://bugs.webkit.org/show_bug.cgi?id=66611
1606
1607         Reviewed by Antonio Gomes.
1608
1609         * jit/ExecutableAllocator.h:
1610         (JSC::ExecutableAllocator::cacheFlush):
1611
1612 2011-08-19  Daniel Bates  <dbates@webkit.org>
1613
1614         Implement WTF::atomic{Increment, Decrement}() for QNX
1615         https://bugs.webkit.org/show_bug.cgi?id=66605
1616
1617         Reviewed by Darin Adler.
1618
1619         * wtf/Atomics.h:
1620         (WTF::atomicIncrement):
1621         (WTF::atomicDecrement):
1622
1623 2011-08-19  Beth Dakin  <bdakin@apple.com>
1624
1625         https://bugs.webkit.org/show_bug.cgi?id=66590
1626         Re-name scrollbar painter types
1627
1628         Reviewed by Sam Weinig.
1629
1630         WTF_USE_WK_SCROLLBAR_PAINTER is now WTF_USE_SCROLLBAR_PAINTER since WK no longer 
1631         applies.
1632         * wtf/Platform.h:
1633
1634 2011-08-18  Mark Hahnenberg  <mhahnenberg@apple.com>
1635
1636         Move allocation in constructors into separate constructorBody() methods
1637         https://bugs.webkit.org/show_bug.cgi?id=66265
1638
1639         Reviewed by Oliver Hunt.
1640
1641         Refactoring to put all allocations that need to be done after the object's 
1642         initialization list has executed but before the object is ready for use 
1643         into a separate constructorBody() method.  This method is still called by the constructor, 
1644         so the patch doesn't resolve any potential issues, it's just to set up the code for further refactoring.
1645
1646         * JavaScriptCore.exp:
1647         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1648         * jsc.cpp:
1649         (GlobalObject::constructorBody):
1650         (GlobalObject::GlobalObject):
1651         * runtime/ErrorInstance.cpp:
1652         (JSC::ErrorInstance::ErrorInstance):
1653         * runtime/ErrorInstance.h:
1654         (JSC::ErrorInstance::constructorBody):
1655         * runtime/ErrorPrototype.cpp:
1656         (JSC::ErrorPrototype::ErrorPrototype):
1657         (JSC::ErrorPrototype::constructorBody):
1658         * runtime/ErrorPrototype.h:
1659         * runtime/Executable.cpp:
1660         (JSC::FunctionExecutable::FunctionExecutable):
1661         * runtime/Executable.h:
1662         (JSC::FunctionExecutable::constructorBody):
1663         * runtime/InternalFunction.cpp:
1664         (JSC::InternalFunction::InternalFunction):
1665         * runtime/InternalFunction.h:
1666         (JSC::InternalFunction::constructorBody):
1667         * runtime/JSByteArray.cpp:
1668         (JSC::JSByteArray::JSByteArray):
1669         * runtime/JSByteArray.h:
1670         (JSC::JSByteArray::constructorBody):
1671         * runtime/JSFunction.cpp:
1672         (JSC::JSFunction::JSFunction):
1673         (JSC::JSFunction::constructorBody):
1674         * runtime/JSFunction.h:
1675         * runtime/JSGlobalObject.h:
1676         (JSC::JSGlobalObject::JSGlobalObject):
1677         (JSC::JSGlobalObject::constructorBody):
1678         * runtime/JSPropertyNameIterator.cpp:
1679         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
1680         * runtime/JSPropertyNameIterator.h:
1681         (JSC::JSPropertyNameIterator::constructorBody):
1682         * runtime/JSString.h:
1683         (JSC::RopeBuilder::JSString):
1684         (JSC::RopeBuilder::constructorBody):
1685         * runtime/NativeErrorConstructor.cpp:
1686         (JSC::NativeErrorConstructor::NativeErrorConstructor):
1687         * runtime/NativeErrorConstructor.h:
1688         (JSC::NativeErrorConstructor::constructorBody):
1689         * runtime/NativeErrorPrototype.cpp:
1690         (JSC::NativeErrorPrototype::NativeErrorPrototype):
1691         (JSC::NativeErrorPrototype::constructorBody):
1692         * runtime/NativeErrorPrototype.h:
1693         * runtime/StringObject.cpp:
1694         * runtime/StringObject.h:
1695         (JSC::StringObject::create):
1696         * runtime/StringObjectThatMasqueradesAsUndefined.h:
1697         (JSC::StringObjectThatMasqueradesAsUndefined::create):
1698         (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
1699         * runtime/StringPrototype.cpp:
1700         (JSC::StringPrototype::StringPrototype):
1701         * runtime/StringPrototype.h:
1702         (JSC::StringPrototype::create):
1703
1704 2011-08-10  Filip Pizlo  <fpizlo@apple.com>
1705
1706         DFG non-speculative JIT does not inline the double case of ValueAdd
1707         https://bugs.webkit.org/show_bug.cgi?id=66025
1708
1709         Reviewed by Gavin Barraclough.
1710         
1711         This is a 1.3% win on Kraken overall, with >=8% speed-ups on a few
1712         benchmarks (imaging-darkroom, stanford-crypto-pbkdf2,
1713         stanford-crypto-sha256-iterative).  It looks like it might have
1714         a speed-up in SunSpider (though not statistically significant or
1715         particularly reproducible) and a slight slow-down in V8 (0.14%,
1716         not statistically significant).  It does slow down v8-crypto by
1717         1.5%.
1718
1719         * dfg/DFGJITCodeGenerator.cpp:
1720         (JSC::DFG::JITCodeGenerator::isKnownInteger):
1721         (JSC::DFG::JITCodeGenerator::isKnownNumeric):
1722         * dfg/DFGNonSpeculativeJIT.cpp:
1723         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1724         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1725         * dfg/DFGOperations.cpp:
1726
1727 2011-08-18  Filip Pizlo  <fpizlo@apple.com>
1728
1729         [jsfunfuzz] DFG speculative JIT does divide-by-zero checks incorrectly
1730         https://bugs.webkit.org/show_bug.cgi?id=66426
1731
1732         Reviewed by Oliver Hunt.
1733         
1734         Changed the branchTestPtr to branchTest32.
1735
1736         * dfg/DFGSpeculativeJIT.cpp:
1737         (JSC::DFG::SpeculativeJIT::compile):
1738
1739 2011-08-17  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
1740
1741         https://bugs.webkit.org/show_bug.cgi?id=66379
1742         implements load32WithCompactAddressOffsetPatch function 
1743         and fixes store32 and moveWithPatch functions for SH4 platforms.
1744
1745         Reviewed by Gavin Barraclough.
1746
1747         * assembler/MacroAssemblerSH4.h:
1748         (JSC::MacroAssemblerSH4::rshift32):
1749         (JSC::MacroAssemblerSH4::store32):
1750         (JSC::MacroAssemblerSH4::load32WithCompactAddressOffsetPatch):
1751         (JSC::MacroAssemblerSH4::moveWithPatch):
1752         * assembler/SH4Assembler.h:
1753         (JSC::SH4Assembler::movlMemRegCompact):
1754         (JSC::SH4Assembler::readPointer):
1755         (JSC::SH4Assembler::repatchCompact):
1756         * jit/JIT.h:
1757
1758 2011-08-17  Filip Pizlo  <fpizlo@apple.com>
1759
1760         JSC verbose debugging output sometimes doesn't work as expected.
1761         https://bugs.webkit.org/show_bug.cgi?id=66107
1762
1763         Reviewed by Gavin Barraclough.
1764         
1765         Hardened the CodeBlock::dump() code so that it no longer crashes.  Improved
1766         the DFG verbose code so that it prints slightly more useful information.
1767
1768         * assembler/LinkBuffer.h:
1769         (JSC::LinkBuffer::debugSize):
1770         * bytecode/CodeBlock.cpp:
1771         (JSC::valueToSourceString):
1772         (JSC::CodeBlock::dump):
1773         * bytecode/CodeBlock.h:
1774         (JSC::CodeBlock::numberOfRegExps):
1775         * dfg/DFGJITCompiler.cpp:
1776         (JSC::DFG::JITCompiler::link):
1777
1778 2011-08-16  Michael Saboff  <msaboff@apple.com>
1779
1780         Crash in Structure::visitChildren running iAd.js regression test suite under memory pressure
1781         https://bugs.webkit.org/show_bug.cgi?id=66351
1782
1783         JIT::privateCompilePutByIdTransition expects that regT0 and regT1
1784         have the basePayload and baseTag respectively.  In some cases,
1785         we may get to this generated code with one or both of these
1786         registers trash.  One know case is that regT0 on ARM may be
1787         trashed as regT0 (r0) is also arg0 and can be overrun with sp due
1788         to calls to JIT::restoreReturnAddress().  This patch uses the
1789         values on the stack.  A longer term solution is to work out all
1790         cases so that the register entry assumptions can assured.
1791
1792         While fixing this, also determined that the additional stack offset
1793         of sizeof(void*) is not needed for ARM.
1794
1795         Reviewed by Gavin Barraclough.
1796
1797         * jit/JITPropertyAccess32_64.cpp:
1798         (JSC::JIT::privateCompilePutByIdTransition):
1799
1800 2011-08-15  Gavin Barraclough  <barraclough@apple.com>
1801
1802         https://bugs.webkit.org/show_bug.cgi?id=66263
1803         DFG JIT does not always zero extend boolean result of DFG operations
1804
1805         Reviewed by Sam Weinig.
1806
1807         * dfg/DFGOperations.cpp:
1808         * dfg/DFGOperations.h:
1809             - Change bool return values to a 64-bit type.
1810
1811 2011-08-15  Gavin Barraclough  <barraclough@apple.com>
1812
1813         Crash accessing static property on sealed object
1814         https://bugs.webkit.org/show_bug.cgi?id=66242
1815
1816         Reviewed by Sam Weinig.
1817
1818         * runtime/JSObject.h:
1819         (JSC::JSObject::putDirectInternal):
1820             - should only check isExtensible if checkReadOnly.
1821
1822 2011-08-15  Sam Weinig  <sam@webkit.org>
1823
1824         Fix release build when building with Clang.
1825
1826         Reviewed by Anders Carlsson.
1827
1828         * runtime/Identifier.cpp:
1829         (JSC::Identifier::checkCurrentIdentifierTable):
1830         Add NO_RETURN_DUE_TO_CRASH.
1831
1832 2011-08-15  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
1833
1834         Reviewed by Nikolas Zimmermann.
1835
1836         Speed up SVGSMILElement::findInstanceTime.
1837         https://bugs.webkit.org/show_bug.cgi?id=61025
1838
1839         Add a new parameter to StdlibExtras.h::binarySerarch function
1840         to also handle cases when the array does not contain the key value.
1841         This is needed for an svg function.
1842
1843         * wtf/StdLibExtras.h:
1844         (WTF::binarySearch):
1845
1846 2011-08-13  Sam Weinig  <sam@webkit.org>
1847
1848         Add back 0xbbadbeef to CRASH to allow for old habits
1849         https://bugs.webkit.org/show_bug.cgi?id=66190
1850
1851         Reviewed by David Kilzer.
1852
1853         * wtf/Assertions.h:
1854         Add back the assignment to the memory address 0xbbadbeef in the CRASH
1855         macro, as it does not cause issue in the clang static analyzer and many
1856         people use its presence in crash reports to easily identify ASSERTs. 
1857
1858 2011-08-13  Sam Weinig  <sam@webkit.org>
1859
1860         Fix a bunch of minor bugs caught by the clang static analyzer in JavaScriptCore
1861         https://bugs.webkit.org/show_bug.cgi?id=66182
1862
1863         Reviewed by Dan Bernstein.
1864
1865         Fixes 10 warnings in JavaScriptCore and 2 in testapi.
1866
1867         * API/tests/testapi.c:
1868         (main):
1869         Remove dead variables.
1870
1871         * dfg/DFGGraph.cpp:
1872         (JSC::DFG::Graph::dump):
1873         Initialize hasPrinted and silence an unused warning by casting to void (Ok here
1874         since it is debug code and I want to keep it clear that if other cases are added,
1875         the hasPrinted flag would be needed).
1876
1877         * wtf/dtoa.cpp:
1878         (WTF::d2b):
1879         The variable "de" in the else block is always zero, so there is no reason to
1880         use it.
1881
1882 2011-08-12  Sam Weinig  <sam@webkit.org>
1883
1884         Use __builtin_trap() for CRASH when building with clang
1885         https://bugs.webkit.org/show_bug.cgi?id=66152
1886
1887         Reviewed by Anders Carlsson.
1888
1889         * wtf/Assertions.h:
1890         Add Clang specific CRASH macro that calls __builtin_trap() instead
1891         of silly techniques to crash. This allows the static analyzer to understand
1892         that we are intentionally crashing. As a result, we need to mark some functions
1893         as not returning.
1894
1895         Also adds a macros that annotates a function as never returning due to ASSERT or CRASH.
1896
1897         * wtf/Compiler.h:
1898         Add COMPILIER(CLANG) and fix some formatting and spelling mistakes.
1899
1900         * wtf/FastMalloc.cpp:
1901         (WTF::Internal::fastMallocMatchFailed):
1902         Add NO_RETURN_DUE_TO_CRASH.
1903
1904         * yarr/YarrParser.h:
1905         (JSC::Yarr::Parser::CharacterClassParserDelegate::assertionWordBoundary):
1906         (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBackReference):
1907         Add NO_RETURN_DUE_TO_ASSERT.
1908
1909 2011-08-12  Filip Pizlo  <fpizlo@apple.com>
1910
1911         DFG JIT has inconsistent use of boxDouble and unboxDouble,
1912         inconsistent use of assertions regarding doubles, and those
1913         assertions are not turned on in debug builds
1914         https://bugs.webkit.org/show_bug.cgi?id=66160
1915
1916         Reviewed by Gavin Barraclough.
1917         
1918         JIT assertions are now turned on in debug builds.  JIT
1919         assertions are now used for boxing and unboxing doubles, and boxing
1920         and unboxing no longer involves code duplication.
1921
1922         * dfg/DFGJITCodeGenerator.cpp:
1923         (JSC::DFG::JITCodeGenerator::fillDouble):
1924         * dfg/DFGJITCodeGenerator.h:
1925         (JSC::DFG::JITCodeGenerator::boxDouble):
1926         (JSC::DFG::JITCodeGenerator::unboxDouble):
1927         * dfg/DFGJITCompiler.cpp:
1928         (JSC::DFG::JITCompiler::fillNumericToDouble):
1929         (JSC::DFG::GeneralizedRegister::moveTo):
1930         (JSC::DFG::GeneralizedRegister::swapWith):
1931         * dfg/DFGJITCompiler.h:
1932         (JSC::DFG::JITCompiler::boxDouble):
1933         (JSC::DFG::JITCompiler::unboxDouble):
1934         * dfg/DFGNode.h:
1935         * dfg/DFGNonSpeculativeJIT.cpp:
1936         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1937         (JSC::DFG::NonSpeculativeJIT::compile):
1938         * dfg/DFGSpeculativeJIT.cpp:
1939         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1940         (JSC::DFG::SpeculativeJIT::convertToDouble):
1941
1942 2011-08-12  Mark Rowe  <mrowe@apple.com>
1943
1944         Be more forward-looking in the choice of compiler.
1945
1946         Rubber-stamped by Jon Honeycutt.
1947
1948         * Configurations/CompilerVersion.xcconfig:
1949
1950 2011-08-12  Kalev Lember  <kalevlember@gmail.com>
1951
1952         [GTK] Fix non-pthreads build after r91906.
1953         https://bugs.webkit.org/show_bug.cgi?id=66151
1954
1955         Reviewed by David Levin.
1956
1957         r91906 broke the non-pthreads GTK+ build by including a header which
1958         doesn't exist. Fix it by including DateMath.h instead of DateMap.h.
1959
1960         * wtf/gtk/ThreadingGtk.cpp:
1961
1962 2011-08-12  Mark Rowe  <mrowe@apple.com>
1963
1964         Update some configuration settings that were missed back in r92432.
1965
1966         * Configurations/CompilerVersion.xcconfig:
1967
1968 2011-08-12  Filip Pizlo  <fpizlo@apple.com>
1969
1970         REGRESSION (r91610?): Bing Maps fail to initialize (InvalidOperation:
1971         Matrix3D.invert)
1972         https://bugs.webkit.org/show_bug.cgi?id=66038
1973
1974         Reviewed by Gavin Barraclough.
1975         
1976         Simplest and lowest-impact fix for the case where the spilled format
1977         of a DFG node differs from the register format: if the format is
1978         converted then indicate that the spilled value is no longer valid
1979         ("kill the spill").
1980
1981         * dfg/DFGGenerationInfo.h:
1982         (JSC::DFG::GenerationInfo::killSpilled):
1983         * dfg/DFGJITCodeGenerator.cpp:
1984         (JSC::DFG::JITCodeGenerator::fillDouble):
1985         * dfg/DFGSpeculativeJIT.cpp:
1986         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1987
1988 2011-08-12  Sam Weinig  <sam@webkit.org>
1989
1990         Move compiler specific macros to their own header
1991         https://bugs.webkit.org/show_bug.cgi?id=66119
1992
1993         Reviewed by Anders Carlsson.
1994
1995         * JavaScriptCore.gypi:
1996         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
1997         * JavaScriptCore.xcodeproj/project.pbxproj:
1998         * wtf/CMakeLists.txt:
1999         Add Compiler.h
2000
2001         * wtf/AlwaysInline.h:
2002         Move the contents of this file (which no longer was just about ALWAYS_INLINE) to
2003         Compiler.h.  We can remove this file in a later commit.
2004
2005         * wtf/Compiler.h: Added.
2006         Put all compiler specific checks and features in this file.
2007
2008         * wtf/Platform.h:
2009         Move COMPILER macro and definitions (and the odd WARN_UNUSED_RETURN compiler feature)
2010         to Compiler.h.  Include Compiler.h since it is necessary.
2011
2012 2011-08-11  Filip Pizlo  <fpizlo@apple.com>
2013
2014         DFG JIT-specific structure stub info code offset fields are signed
2015         8-bit, but it is possible for the offsets to be greater than 127
2016         https://bugs.webkit.org/show_bug.cgi?id=66122
2017
2018         Reviewed by Gavin Barraclough.
2019
2020         * bytecode/StructureStubInfo.h:
2021         * dfg/DFGJITCodeGenerator.cpp:
2022         (JSC::DFG::JITCodeGenerator::cachedGetById):
2023         (JSC::DFG::JITCodeGenerator::cachedPutById):
2024
2025 2011-08-11  Filip Pizlo  <fpizlo@apple.com>
2026
2027         DFG JIT speculation failure code sometimes picks the wrong register
2028         as a scratch register.
2029         https://bugs.webkit.org/show_bug.cgi?id=66104
2030
2031         Reviewed by Gavin Barraclough.
2032         
2033         Hardened the code with more assertions and fixed the bug.  Now a
2034         spilled register is only used for scratch if it also isn't being
2035         used for shuffling.
2036
2037         * dfg/DFGJITCompiler.cpp:
2038         (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
2039         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
2040
2041 2011-08-11  Sheriff Bot  <webkit.review.bot@gmail.com>
2042
2043         Unreviewed, rolling out r92880.
2044         http://trac.webkit.org/changeset/92880
2045         https://bugs.webkit.org/show_bug.cgi?id=66123
2046
2047         Breaks compile in VS2010 (Requested by jamesr_ on #webkit).
2048
2049         * wtf/PassRefPtr.h:
2050
2051 2011-08-11  Mark Rowe  <mrowe@apple.com>
2052
2053         Don't conditionalize the use of -fomit-frame-pointer on compiler version as
2054         all of our supported compilers are now new enough to have the same, sane behavior.
2055
2056         Rubber-stamped by Sam Weinig.
2057
2058         * Configurations/JavaScriptCore.xcconfig:
2059
2060 2011-08-11  Filip Pizlo  <fpizlo@apple.com>
2061
2062         DFG JIT verbose mode does not report the generated types of nodes
2063         https://bugs.webkit.org/show_bug.cgi?id=65830
2064
2065         Reviewed by Sam Weinig.
2066         
2067         Added code that prints the type selected for each node's result.
2068
2069         * dfg/DFGGenerationInfo.h:
2070         (JSC::DFG::dataFormatToString):
2071         * dfg/DFGNonSpeculativeJIT.cpp:
2072         (JSC::DFG::NonSpeculativeJIT::compile):
2073         * dfg/DFGSpeculativeJIT.cpp:
2074         (JSC::DFG::SpeculativeJIT::compile):
2075
2076 2011-08-11  James Robinson  <jamesr@chromium.org>
2077
2078         nullptr can't be used for PassRefPtr
2079         https://bugs.webkit.org/show_bug.cgi?id=66024
2080
2081         Reviewed by Anders Carlsson.
2082
2083         * wtf/PassRefPtr.h:
2084         (WTF::PassRefPtr::PassRefPtr):
2085
2086 2011-08-11  Daniel Bates  <dbates@rim.com>
2087
2088         Removed unused variable in StackBounds::initialize() to resolve
2089         compiler warning when building on QNX.
2090         https://bugs.webkit.org/show_bug.cgi?id=66072
2091
2092         Reviewed by Antonio Gomes.
2093
2094         * wtf/StackBounds.cpp:
2095         (WTF::StackBounds::initialize):
2096
2097 2011-08-11  Devdatta Deshpande  <pwjd73@motorola.com>
2098
2099         Implementation of monotonically increasing clock on GTK
2100         https://bugs.webkit.org/show_bug.cgi?id=62175
2101
2102         Reviewed by Martin Robinson.
2103
2104         * wtf/CurrentTime.cpp:
2105         (WTF::monotonicallyIncreasingTime):
2106         The default implementation of monotonicallyIncreasingTime only
2107         guarantees the result to be non-decreasing.
2108         If the system time is changed to past then default implementation will
2109         still fail and WebCore timers will not fire.
2110
2111 2011-08-10  Geoffrey Garen  <ggaren@apple.com>
2112
2113         Removed some incorrect code that was dead.
2114
2115         Reviewed by Oliver Hunt.
2116
2117         clearSingleTransition() wasn't resetting m_data. Luckily,
2118         no one cares, because its caller was unused. Removed both.
2119
2120         * runtime/Structure.cpp:
2121         * runtime/StructureTransitionTable.h:
2122         (JSC::StructureTransitionTable::~StructureTransitionTable):
2123
2124 2011-08-10  Filip Pizlo  <fpizlo@apple.com>
2125
2126         REGRESSION(r92670-r92744): WebKit crashes when opening Gmail
2127         https://bugs.webkit.org/show_bug.cgi?id=66010
2128
2129         Reviewed by Oliver Hunt.
2130         
2131         Made sure that Construct calls use() on the this argument.
2132
2133         * dfg/DFGJITCodeGenerator.cpp:
2134         (JSC::DFG::JITCodeGenerator::emitCall):
2135
2136 2011-08-10  Mark Hahnenberg  <mhahnenberg@apple.com>
2137
2138         JSC should always throw when function arg list is too long
2139         https://bugs.webkit.org/show_bug.cgi?id=65869
2140
2141         Reviewed by Oliver Hunt.
2142
2143         Changed the behavior of the interpreter and JIT to throw an exception 
2144         when too many arguments are passed rather than truncating the list.  Added 
2145         a new method to create a "Too many arguments." exception used by this 
2146         new functionality.
2147
2148         * interpreter/Interpreter.cpp:
2149         (JSC::Interpreter::privateExecute):
2150         * jit/JITStubs.cpp:
2151         (JSC::DEFINE_STUB_FUNCTION):
2152         * runtime/ExceptionHelpers.cpp:
2153         (JSC::createTooManyParamsError):
2154         * runtime/ExceptionHelpers.h:
2155
2156 2011-08-10  Oliver Hunt  <oliver@apple.com>
2157
2158         Make GC checks more aggressive in release builds
2159         https://bugs.webkit.org/show_bug.cgi?id=66001
2160
2161         Reviewed by Gavin Barraclough.
2162
2163         * heap/HandleHeap.cpp:
2164         (JSC::HandleHeap::visitStrongHandles):
2165         (JSC::HandleHeap::visitWeakHandles):
2166         (JSC::HandleHeap::finalizeWeakHandles):
2167         (JSC::HandleHeap::writeBarrier):
2168         (JSC::HandleHeap::isLiveNode):
2169         (JSC::HandleHeap::isValidWeakNode):
2170            Increase handle heap validation logic, and make some of
2171            the crashes trigger in release builds as well as debug.
2172         * heap/HandleHeap.h:
2173         (JSC::HandleHeap::allocate):
2174         (JSC::HandleHeap::makeWeak):
2175            Ditto
2176         * runtime/JSGlobalData.cpp:
2177         (WTF::Recompiler::operator()):
2178         * runtime/JSGlobalObject.cpp:
2179         (JSC::JSGlobalObject::visitChildren):
2180            Fix GC bugs found while testing this patch
2181
2182 2011-08-10  Oliver Hunt  <oliver@apple.com>
2183
2184         JSEvaluteScript does not return the correct object when given JSONP data
2185         https://bugs.webkit.org/show_bug.cgi?id=66003
2186
2187         Reviewed by Gavin Barraclough.
2188
2189         Make sure we propagate the result of the function call rather than the
2190         argument.
2191
2192         * interpreter/Interpreter.cpp:
2193         (JSC::Interpreter::execute):
2194
2195 2011-08-10  Filip Pizlo  <fpizlo@apple.com>
2196
2197         DFG JIT heap prediction causes regressions when combined with
2198         aggressive integer prediction
2199         https://bugs.webkit.org/show_bug.cgi?id=65954
2200
2201         Reviewed by Gavin Barraclough.
2202         
2203         Disabled heap prediction, but did not remove the capability.
2204         This improves V8 crypto performance by 20%.
2205
2206         * dfg/DFGGraph.h:
2207         (JSC::DFG::Graph::predict):
2208
2209 2011-08-09  Filip Pizlo  <fpizlo@apple.com>
2210
2211         DFG JIT does not speculative integers as aggressively as it should
2212         https://bugs.webkit.org/show_bug.cgi?id=65949
2213
2214         Reviewed by Gavin Barraclough.
2215         
2216         Added a tree walk to propagate integer predictions through arithmetic
2217         expressions.
2218         
2219         This is a 71% speed-up on Kraken's imaging-gaussian-blur, which
2220         translates to a 19% speed-up on Kraken overall.  It's neutral on
2221         other benchmarks.
2222
2223         * dfg/DFGByteCodeParser.cpp:
2224         (JSC::DFG::ByteCodeParser::predictInt32):
2225
2226 2011-08-09  Filip Pizlo  <fpizlo@apple.com>
2227
2228         DFG JIT has no way of propagating predictions to loads and calls
2229         https://bugs.webkit.org/show_bug.cgi?id=65883
2230
2231         Reviewed by Gavin Barraclough.
2232         
2233         This introduces the capability to store predictions on graph
2234         nodes.  To save space while being somewhat consistent, the
2235         prediction is always stored in the second OpInfo slot (since
2236         a GetById will use the first one for the identifier).  This
2237         change is a natural extension of r92593 (global variable
2238         prediction).
2239         
2240         This is a 1.5% win on V8 in the arithmetic mean, and a 0.6%
2241         win on V8 in the geometric mean.  It is neutral on SunSpider
2242         and Kraken.  Interestingly, on V8 it regresses crypto by 3%
2243         while progressing deltablue and richards by 2.6% and 4.3%,
2244         respectively.
2245
2246         * dfg/DFGByteCodeParser.cpp:
2247         (JSC::DFG::ByteCodeParser::addToGraph):
2248         (JSC::DFG::ByteCodeParser::addCall):
2249         (JSC::DFG::ByteCodeParser::parseBlock):
2250         * dfg/DFGGraph.cpp:
2251         (JSC::DFG::Graph::dump):
2252         * dfg/DFGGraph.h:
2253         (JSC::DFG::Graph::predict):
2254         (JSC::DFG::Graph::getPrediction):
2255         * dfg/DFGNode.h:
2256         (JSC::DFG::isCellPrediction):
2257         (JSC::DFG::isArrayPrediction):
2258         (JSC::DFG::isInt32Prediction):
2259         (JSC::DFG::isDoublePrediction):
2260         (JSC::DFG::isNumberPrediction):
2261         (JSC::DFG::predictionToString):
2262         (JSC::DFG::Node::Node):
2263         (JSC::DFG::Node::hasPrediction):
2264         (JSC::DFG::Node::getPrediction):
2265         (JSC::DFG::Node::predict):
2266
2267 2011-08-09  Filip Pizlo  <fpizlo@apple.com>
2268
2269         DFG JIT passes the this argument to constructors even though
2270         it's not necessary
2271         https://bugs.webkit.org/show_bug.cgi?id=65943
2272
2273         Reviewed by Gavin Barraclough.
2274
2275         * dfg/DFGJITCodeGenerator.cpp:
2276         (JSC::DFG::JITCodeGenerator::emitCall):
2277
2278 2011-08-09  Chao-ying Fu  <fu@mips.com>
2279
2280         Fix one MIPS instruction to call JITStubThunked_##op
2281         https://bugs.webkit.org/show_bug.cgi?id=65942
2282
2283         Reviewed by Gavin Barraclough.
2284
2285         Changed "bal" to "jalr" for a possible processor mode change from
2286         MIPS32 to MIPS16.
2287
2288         * jit/JITStubs.cpp:
2289
2290 2011-08-09  Filip Pizlo  <fpizlo@apple.com>
2291
2292         DFG JIT failure loading web site
2293         https://bugs.webkit.org/show_bug.cgi?id=65930
2294
2295         Reviewed by Oliver Hunt.
2296         
2297         Put the use() call after the fpr()/gpr() calls, since doing otherwise
2298         breaks the register allocator.
2299
2300         * dfg/DFGNonSpeculativeJIT.cpp:
2301         (JSC::DFG::NonSpeculativeJIT::compile):
2302
2303 2011-08-09  Mark Hahnenberg  <mhahnenberg@apple.com>
2304
2305         Add ParentClass typedef in all JSC classes
2306         https://bugs.webkit.org/show_bug.cgi?id=65731
2307
2308         Reviewed by Oliver Hunt.
2309
2310         Just added the Base typedefs in all the classes that are a subclass of JSCell 
2311         to point at their parent classes.  This is a change to support future changes to the way
2312         constructors and destructors are implemented in JS objects, among other things.
2313
2314         * API/JSCallbackConstructor.h:
2315         * API/JSCallbackFunction.h:
2316         * API/JSCallbackObject.h:
2317         (JSC::JSCallbackObject::createStructure):
2318         (JSC::JSCallbackObject::visitChildren):
2319         * API/JSCallbackObjectFunctions.h:
2320         (JSC::::asCallbackObject):
2321         (JSC::::JSCallbackObject):
2322         (JSC::::init):
2323         (JSC::::className):
2324         (JSC::::getOwnPropertySlot):
2325         (JSC::::getOwnPropertyDescriptor):
2326         (JSC::::put):
2327         (JSC::::deleteProperty):
2328         (JSC::::getConstructData):
2329         (JSC::::construct):
2330         (JSC::::hasInstance):
2331         (JSC::::getCallData):
2332         (JSC::::call):
2333         (JSC::::getOwnPropertyNames):
2334         (JSC::::toNumber):
2335         (JSC::::toString):
2336         (JSC::::setPrivate):
2337         (JSC::::getPrivate):
2338         (JSC::::inherits):
2339         (JSC::::getStaticValue):
2340         (JSC::::staticFunctionGetter):
2341         (JSC::::callbackGetter):
2342         * debugger/DebuggerActivation.h:
2343         * jsc.cpp:
2344         * runtime/Arguments.h:
2345         * runtime/ArrayConstructor.h:
2346         * runtime/ArrayPrototype.h:
2347         * runtime/BooleanConstructor.h:
2348         * runtime/BooleanObject.h:
2349         * runtime/BooleanPrototype.h:
2350         * runtime/DateConstructor.h:
2351         * runtime/DateInstance.h:
2352         * runtime/DatePrototype.h:
2353         * runtime/Error.cpp:
2354         * runtime/ErrorConstructor.h:
2355         * runtime/ErrorInstance.h:
2356         * runtime/ErrorPrototype.h:
2357         * runtime/ExceptionHelpers.cpp:
2358         * runtime/Executable.h:
2359         * runtime/FunctionConstructor.h:
2360         * runtime/FunctionPrototype.h:
2361         * runtime/GetterSetter.h:
2362         * runtime/InternalFunction.h:
2363         * runtime/JSAPIValueWrapper.h:
2364         * runtime/JSActivation.h:
2365         * runtime/JSArray.h:
2366         * runtime/JSFunction.h:
2367         * runtime/JSGlobalObject.h:
2368         * runtime/JSNotAnObject.h:
2369         * runtime/JSONObject.h:
2370         * runtime/JSObject.h:
2371         * runtime/JSPropertyNameIterator.h:
2372         * runtime/JSStaticScopeObject.h:
2373         * runtime/JSString.h:
2374         * runtime/JSVariableObject.h:
2375         * runtime/JSWrapperObject.h:
2376         * runtime/MathObject.h:
2377         * runtime/NativeErrorConstructor.h:
2378         * runtime/NativeErrorPrototype.h:
2379         * runtime/NumberConstructor.h:
2380         * runtime/NumberObject.h:
2381         * runtime/NumberPrototype.h:
2382         * runtime/ObjectConstructor.h:
2383         * runtime/ObjectPrototype.h:
2384         * runtime/RegExp.h:
2385         * runtime/RegExpConstructor.h:
2386         * runtime/RegExpMatchesArray.h:
2387         * runtime/RegExpObject.h:
2388         (JSC::RegExpObject::create):
2389         * runtime/RegExpPrototype.h:
2390         * runtime/ScopeChain.h:
2391         * runtime/StrictEvalActivation.h:
2392         * runtime/StringConstructor.h:
2393         * runtime/StringObject.h:
2394         * runtime/StringObjectThatMasqueradesAsUndefined.h:
2395         * runtime/StringPrototype.h:
2396         * runtime/Structure.h:
2397         * runtime/StructureChain.h:
2398
2399 2011-08-08  Oliver Hunt  <oliver@apple.com>
2400
2401         Using mprotect to create guard pages breaks our use of madvise to release executable memory
2402         https://bugs.webkit.org/show_bug.cgi?id=65870
2403
2404         Reviewed by Gavin Barraclough.
2405
2406         Use mmap rather than mprotect to clear guard page permissions.
2407
2408         * wtf/OSAllocatorPosix.cpp:
2409         (WTF::OSAllocator::reserveAndCommit):
2410
2411 2011-08-08  Oliver Hunt  <oliver@apple.com>
2412
2413         Non-extensibility does not prevent mutating [[Prototype]]
2414         https://bugs.webkit.org/show_bug.cgi?id=65832
2415
2416         Reviewed by Gavin Barraclough.
2417
2418         Disallow mutation of __proto__ on objects that are not extensible.
2419
2420         * runtime/JSObject.cpp:
2421         (JSC::JSObject::put):
2422
2423 2011-08-08  Filip Pizlo  <fpizlo@apple.com>
2424
2425         DFG JIT does not track speculation decisions for global variables
2426         https://bugs.webkit.org/show_bug.cgi?id=65825
2427
2428         Reviewed by Gavin Barraclough.
2429         
2430         Added the capability to track predictions for global variables, and
2431         ensured that code can abstract over the source of prediction (local
2432         versus global variable) wherever it is appropriate to do so.  Also
2433         cleaned up the code in SpeculativeJIT that decides how to speculate
2434         based on recorded predictions (for example instead of using isInteger,
2435         which makes sense for local predictions where the GetLocal would
2436         return an integer value, we now tend to use shouldSpeculateInteger,
2437         which checks if the value is either already an integer or should be
2438         speculated to be an integer).
2439         
2440         This is an 0.8% win on SunSpider, almost entirely thanks to a 25%
2441         win on controlflow-recursive.  It's also a 4.8% win on v8-crypto.
2442
2443         * dfg/DFGByteCodeParser.cpp:
2444         (JSC::DFG::ByteCodeParser::predictArray):
2445         (JSC::DFG::ByteCodeParser::predictInt32):
2446         (JSC::DFG::ByteCodeParser::parseBlock):
2447         * dfg/DFGGraph.cpp:
2448         (JSC::DFG::Graph::dump):
2449         * dfg/DFGGraph.h:
2450         (JSC::DFG::Graph::predictGlobalVar):
2451         (JSC::DFG::Graph::predict):
2452         (JSC::DFG::Graph::getGlobalVarPrediction):
2453         (JSC::DFG::Graph::getPrediction):
2454         * dfg/DFGSpeculativeJIT.cpp:
2455         (JSC::DFG::SpeculativeJIT::compile):
2456         * dfg/DFGSpeculativeJIT.h:
2457         (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
2458         (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
2459
2460 2011-08-07  Martin Robinson  <mrobinson@igalia.com>
2461
2462         Distribution fix for GTK+.
2463
2464         * GNUmakefile.list.am: Strip removed files from the source list.
2465
2466 2011-08-06  Gavin Barraclough  <barraclough@apple.com>
2467
2468         https://bugs.webkit.org/show_bug.cgi?id=65821
2469         Don't form identifiers the first time a string is used as a property name.
2470
2471         Reviewed by Oliver Hunt.
2472
2473         This is a 1% win on SunSpider.
2474
2475         * dfg/DFGOperations.cpp:
2476             - Use fastGetOwnProperty.
2477         * jit/JITStubs.cpp:
2478         (JSC::DEFINE_STUB_FUNCTION):
2479             - Use fastGetOwnProperty.
2480         * runtime/JSCell.h:
2481         * runtime/JSObject.h:
2482         (JSC::JSCell::fastGetOwnProperty):
2483             - Fast call to get a property without creating an identifier the first time.
2484         * runtime/PropertyMapHashTable.h:
2485         (JSC::PropertyTable::find):
2486         (JSC::PropertyTable::findWithString):
2487             - Add interface to look up by either strinsg or identifiers.
2488         * runtime/Structure.h:
2489         (JSC::Structure::get):
2490             - Add a get() call that takes a UString, not an Identifier.
2491         * wtf/text/StringImpl.h:
2492         (WTF::StringImpl::hasHash):
2493             - Add a call to check if the has has been set (to detect the first use as a property name).
2494
2495 2011-08-06  Aron Rosenberg  <arosenberg@logitech.com>
2496
2497         Reviewed by Benjamin Poulain.
2498
2499         [Qt] Fix build with Intel compiler on Windows
2500         https://bugs.webkit.org/show_bug.cgi?id=65088
2501
2502         Intel compiler needs .lib suffixes instead of .a
2503         Intel compiler doesn't support nullptr
2504         Intel compiler supports unsized arrays
2505
2506         * JavaScriptCore.pri:
2507         * jsc.cpp:
2508         * wtf/ByteArray.h:
2509         * wtf/NullPtr.h:
2510
2511 2011-08-05  Gavin Barraclough  <barraclough@apple.com>
2512
2513         String replace with the empty string means string removal
2514         https://bugs.webkit.org/show_bug.cgi?id=65799
2515
2516         Reviewed by Sam Weinig.
2517
2518         Optimization for String.prototype.replace([RegExp], ""), this improves v8-regexp by ~3%.
2519
2520         * runtime/StringPrototype.cpp:
2521         (JSC::jsSpliceSubstrings):
2522         (JSC::stringProtoFuncReplace):
2523
2524 2011-08-05  Noel Gordon  <noel.gordon@gmail.com>
2525
2526         [Chromium] Remove JSZombie references from gyp project files.
2527         https://bugs.webkit.org/show_bug.cgi?id=65798
2528
2529         JSC runtime/JSZombie.{cpp,h} were removed in r92046.  Remove references to these
2530         file names from the gyp projects.
2531
2532         Reviewed by Darin Adler.
2533
2534         * JavaScriptCore.gypi: zombies be gone.
2535
2536 2011-08-05  Mark Rowe  <mrowe@apple.com>
2537
2538         <http://webkit.org/b/65785> ThreadRestrictionVerifier needs a mode where an object
2539         is tied to a particular dispatch queue
2540
2541         A RefCounted object can be opted in to this mode by calling setDispatchQueueForVerifier
2542         with the dispatch queue it will be tied to. This will cause ThreadRestrictionVerifier
2543         to ensure that all operations are performed on the given dispatch queue.
2544
2545         Reviewed by Anders Carlsson.
2546
2547         * wtf/RefCounted.h:
2548         (WTF::RefCountedBase::setDispatchQueueForVerifier):
2549         * wtf/ThreadRestrictionVerifier.h:
2550         (WTF::ThreadRestrictionVerifier::ThreadRestrictionVerifier):
2551         (WTF::ThreadRestrictionVerifier::~ThreadRestrictionVerifier):
2552         (WTF::ThreadRestrictionVerifier::setDispatchQueueMode):
2553         (WTF::ThreadRestrictionVerifier::setShared):
2554         (WTF::ThreadRestrictionVerifier::isSafeToUse):
2555
2556 2011-08-05  Oliver Hunt  <oliver@apple.com>
2557
2558         Inline allocation of function objects
2559         https://bugs.webkit.org/show_bug.cgi?id=65779
2560
2561         Reviewed by Gavin Barraclough.
2562
2563         Inline allocation and initilisation of function objects
2564         in generated code.  This ended up being a 60-70% improvement
2565         in function allocation performance.  This improvement shows
2566         up as a ~2% improvement in 32bit sunspider and V8, but is a
2567         wash on 64-bit.
2568
2569         We currently don't inline the allocation of named function
2570         expressions, as that requires being able to gc allocate a
2571         variable object.
2572
2573         * jit/JIT.cpp:
2574         (JSC::JIT::privateCompileSlowCases):
2575         * jit/JIT.h:
2576         (JSC::JIT::emitStoreCell):
2577         * jit/JITInlineMethods.h:
2578         (JSC::JIT::emitAllocateBasicJSObject):
2579         (JSC::JIT::emitAllocateJSFinalObject):
2580         (JSC::JIT::emitAllocateJSFunction):
2581         * jit/JITOpcodes.cpp:
2582         (JSC::JIT::emit_op_new_func):
2583         (JSC::JIT::emitSlow_op_new_func):
2584         (JSC::JIT::emit_op_new_func_exp):
2585         (JSC::JIT::emitSlow_op_new_func_exp):
2586         * jit/JITOpcodes32_64.cpp:
2587             Removed duplicate implementation of op_new_func and op_new_func_exp
2588         * runtime/JSFunction.h:
2589         (JSC::JSFunction::offsetOfScopeChain):
2590         (JSC::JSFunction::offsetOfExecutable):
2591
2592 2011-08-04  David Levin  <levin@chromium.org>
2593
2594         CStringBuffer should have thread safety checks turned on.
2595         https://bugs.webkit.org/show_bug.cgi?id=58093
2596
2597         Reviewed by Dmitry Titov.
2598
2599         * wtf/text/CString.h:
2600         (WTF::CStringBuffer::CStringBuffer): Removed the ifdef that
2601         turned this off for Chromium.
2602
2603 2011-08-04  Mark Rowe  <mrowe@apple.com>
2604
2605         Future-proof Xcode configuration settings.
2606
2607         * Configurations/Base.xcconfig:
2608         * Configurations/DebugRelease.xcconfig:
2609         * Configurations/JavaScriptCore.xcconfig:
2610         * Configurations/Version.xcconfig:
2611
2612 2011-08-04  Mark Hahnenberg  <mhahnenberg@apple.com>
2613
2614         Interpreter can potentially GC in the middle of initializing a structure chain
2615         https://bugs.webkit.org/show_bug.cgi?id=65638
2616
2617         Reviewed by Oliver Hunt.
2618
2619         Moved the allocation of a prototype StructureChain before the initialization of 
2620         the structure chain within the interpreter that was causing intermittent GC crashes.
2621
2622         * interpreter/Interpreter.cpp:
2623         (JSC::Interpreter::tryCachePutByID):
2624         * wtf/Platform.h:
2625
2626 2011-08-04  Filip Pizlo  <fpizlo@apple.com>
2627
2628         Eval handling attempts literal parsing even when the eval
2629         string is in the cache
2630         https://bugs.webkit.org/show_bug.cgi?id=65675
2631
2632         Reviewed by Oliver Hunt.
2633         
2634         This is a 25% speed-up on date-format-tofte and a 1.5% speed-up overall
2635         in SunSpider.  It's neutral on V8.
2636
2637         * bytecode/EvalCodeCache.h:
2638         (JSC::EvalCodeCache::tryGet):
2639         (JSC::EvalCodeCache::getSlow):
2640         (JSC::EvalCodeCache::get):
2641         * interpreter/Interpreter.cpp:
2642         (JSC::Interpreter::callEval):
2643
2644 2011-08-03  Mark Rowe  <mrowe@apple.com>
2645
2646         Bring some order to FeatureDefines.xcconfig to make it easier to follow.
2647
2648         Reviewed by Sam Weinig.
2649
2650         * Configurations/FeatureDefines.xcconfig:
2651
2652 2011-08-03  Mark Rowe  <mrowe@apple.com>
2653
2654         Clean up FeatureDefines.xcconfig to remove some unnecessary conditional settings
2655
2656         Reviewed by Dave Kilzer.
2657
2658         * Configurations/FeatureDefines.xcconfig:
2659
2660 2011-08-03  Filip Pizlo  <fpizlo@apple.com>
2661
2662         JSC GC heap size improvement breaks build on some platforms due to
2663         unused parameter
2664         https://bugs.webkit.org/show_bug.cgi?id=65641
2665
2666         Reviewed by Darin Adler.
2667         
2668         Fix build on non-x86 platforms, by ensuring that the relevant
2669         parameter always appears to be used even when it isn't.
2670
2671         * heap/Heap.cpp:
2672
2673 2011-08-03  Carlos Garcia Campos  <cgarcia@igalia.com>
2674
2675         [GTK] Reorganize pkg-config files
2676         https://bugs.webkit.org/show_bug.cgi?id=65548
2677
2678         Reviewed by Martin Robinson.
2679
2680         * GNUmakefile.am:
2681         * javascriptcoregtk.pc.in: Renamed from Source/WebKit/gtk/javascriptcoregtk.pc.in.
2682
2683 2011-08-01  David Levin  <levin@chromium.org>
2684
2685         Add asserts to RefCounted to make sure ref/deref happens on the right thread.
2686         https://bugs.webkit.org/show_bug.cgi?id=31639
2687
2688         Reviewed by Dmitry Titov.
2689
2690         * GNUmakefile.list.am: Added new files to the build.
2691         * JavaScriptCore.gypi: Ditto.
2692         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
2693         * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
2694         * jit/ExecutableAllocator.h:
2695         (JSC::ExecutablePool::ExecutablePool): Turned off checks for this
2696         due to not being able to figure out what was guarding it (bug 58091).
2697         * parser/SourceProvider.h:
2698         (JSC::SourceProvider::SourceProvider): Ditto.
2699         * wtf/CMakeLists.txt: Added new files to the build.
2700         * wtf/ThreadRestrictionVerifier.h: Added.
2701         Everything is done in the header to avoid the issue with exports
2702         that are only useful in debug but still needing to export them.
2703         * wtf/RefCounted.h:
2704         (WTF::RefCountedBase::ref): Added checks using the non thread safe verifier.
2705         and filed bug 58171 about making it stricter.
2706         (WTF::RefCountedBase::hasOneRef): Ditto.
2707         (WTF::RefCountedBase::refCount): Ditto.
2708         (WTF::RefCountedBase::setMutexForVerifier): Expose a way to change the checks to be based
2709         on a mutex. This is in the header to avoid adding more exports from JavaScriptCore.
2710         (WTF::RefCountedBase::deprecatedTurnOffVerifier): Temporary way to turn off verification.
2711         Filed bug 58174 to remove this method.
2712         (WTF::RefCountedBase::derefBase):
2713         * wtf/SizeLimits.cpp: Adjusted the debug size check for RefCounted.
2714         * wtf/text/CString.h:
2715         (WTF::CStringBuffer::CStringBuffer): Turned off checks for this while a fix is being
2716         done in Chromium (bug 58093).
2717
2718 2011-08-02  Filip Pizlo  <fpizlo@apple.com>
2719
2720         JSC GC may not be able to reuse partially-free blocks after a
2721         full collection
2722         https://bugs.webkit.org/show_bug.cgi?id=65585
2723
2724         Reviewed by Darin Adler.
2725         
2726         This fixes the linked list management bug.  This fix is performance
2727         neutral on SunSpider.
2728
2729         * heap/NewSpace.cpp:
2730         (JSC::NewSpace::removeBlock):
2731
2732 2011-07-30  Oliver Hunt  <oliver@apple.com>
2733
2734         Simplify JSFunction creation for functions written in JS
2735         https://bugs.webkit.org/show_bug.cgi?id=65422
2736
2737         Reviewed by Gavin Barraclough.
2738
2739         Remove hash lookups used to write name property and transition
2740         function structure by caching the resultant structure and property
2741         offset in JSGlobalObject.  This doesn't impact performance, but
2742         we can use this change to make other improvements later.
2743
2744         * runtime/Executable.cpp:
2745         (JSC::FunctionExecutable::FunctionExecutable):
2746         * runtime/Executable.h:
2747         (JSC::ScriptExecutable::ScriptExecutable):
2748         (JSC::FunctionExecutable::jsName):
2749         * runtime/JSFunction.cpp:
2750         (JSC::JSFunction::JSFunction):
2751         * runtime/JSGlobalObject.cpp:
2752         (JSC::JSGlobalObject::reset):
2753         * runtime/JSGlobalObject.h:
2754         (JSC::JSGlobalObject::namedFunctionStructure):
2755         (JSC::JSGlobalObject::functionNameOffset):
2756
2757 2011-08-02  Filip Pizlo  <fpizlo@apple.com>
2758
2759         JSC GC uses dummy cells to avoid having to remember which cells
2760         it has already destroyed
2761         https://bugs.webkit.org/show_bug.cgi?id=65556
2762
2763         Reviewed by Oliver Hunt.
2764         
2765         This gets rid of dummy cells, and ensures that it's not necessary
2766         to invoke a destructor on cells that have already been swept.  In
2767         the common case, a block knows that either all of its free cells
2768         still need to have destructors called, or none of them do, which
2769         minimizes the amount of branching that needs to happen per cell
2770         when performing a sweep.
2771         
2772         This is performance neutral on SunSpider and V8.  It is meant as
2773         a stepping stone to simplify the implementation of more
2774         sophisticated sweeping algorithms.
2775
2776         * heap/Heap.cpp:
2777         (JSC::CountFunctor::ClearMarks::operator()):
2778         * heap/MarkedBlock.cpp:
2779         (JSC::MarkedBlock::initForCellSize):
2780         (JSC::MarkedBlock::callDestructor):
2781         (JSC::MarkedBlock::specializedReset):
2782         (JSC::MarkedBlock::reset):
2783         (JSC::MarkedBlock::specializedSweep):
2784         (JSC::MarkedBlock::sweep):
2785         (JSC::MarkedBlock::produceFreeList):
2786         (JSC::MarkedBlock::lazySweep):
2787         (JSC::MarkedBlock::blessNewBlockForFastPath):
2788         (JSC::MarkedBlock::blessNewBlockForSlowPath):
2789         (JSC::MarkedBlock::canonicalizeBlock):
2790         * heap/MarkedBlock.h:
2791         (JSC::MarkedBlock::FreeCell::setNoObject):
2792         (JSC::MarkedBlock::setDestructorState):
2793         (JSC::MarkedBlock::destructorState):
2794         (JSC::MarkedBlock::notifyMayHaveFreshFreeCells):
2795         * runtime/JSCell.cpp:
2796         * runtime/JSCell.h:
2797         (JSC::JSCell::JSCell::JSCell):
2798         * runtime/JSGlobalData.cpp:
2799         (JSC::JSGlobalData::JSGlobalData):
2800         (JSC::JSGlobalData::clearBuiltinStructures):
2801         * runtime/JSGlobalData.h:
2802         * runtime/Structure.h:
2803
2804 2011-08-01  Michael Saboff  <msaboff@apple.com>
2805
2806         Virtual copying of FastMalloc allocated memory causes madvise MADV_FREE_REUSABLE errors
2807         https://bugs.webkit.org/show_bug.cgi?id=65502
2808
2809         Reviewed by Anders Carlsson.
2810
2811         With the fix of the issues causing madvise MADV_FREE_REUSABLE to fail,
2812         added an assert to the return code of madvise to catch any regressions.
2813
2814         * wtf/TCSystemAlloc.cpp:
2815         (TCMalloc_SystemRelease):
2816
2817 2011-08-02  Anders Carlsson  <andersca@apple.com>
2818
2819         Fix Windows build.
2820
2821         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2822
2823 2011-08-02  Anders Carlsson  <andersca@apple.com>
2824
2825         Fix a Windows build error.
2826
2827         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2828
2829 2011-08-02  Filip Pizlo  <fpizlo@apple.com>
2830
2831         JSC GC is far too conservative about growing the heap size, particularly
2832         on desktop platforms
2833         https://bugs.webkit.org/show_bug.cgi?id=65438
2834
2835         Reviewed by Oliver Hunt.
2836
2837         The minimum heap size is now 16MB instead of 512KB, provided all of the
2838         following are true:
2839         a) ENABLE(LARGE_HEAP) is set, which currently only happens on
2840            x86 targets, but could reasonably happen on any platform that is
2841            known to have a decent amount of RAM.
2842         b) JSGlobalData is initialized with HeapSize = LargeHeap, which
2843            currently only happens when it's the JSDOMWindowBase in WebCore or
2844            in the jsc command-line tool.
2845            
2846         This is a 4.1% speed-up on SunSpider.
2847
2848         * JavaScriptCore.exp:
2849         * heap/Heap.cpp:
2850         (JSC::Heap::Heap):
2851         (JSC::Heap::collect):
2852         * heap/Heap.h:
2853         * jsc.cpp:
2854         (main):
2855         * runtime/JSGlobalData.cpp:
2856         (JSC::JSGlobalData::JSGlobalData):
2857         (JSC::JSGlobalData::createContextGroup):
2858         (JSC::JSGlobalData::create):
2859         (JSC::JSGlobalData::createLeaked):
2860         (JSC::JSGlobalData::sharedInstance):
2861         * runtime/JSGlobalData.h:
2862         * wtf/Platform.h:
2863
2864 2011-08-02  Filip Pizlo  <fpizlo@apple.com>
2865
2866         JSC does a GC even when the heap still has free pages
2867         https://bugs.webkit.org/show_bug.cgi?id=65445
2868
2869         Reviewed by Oliver Hunt.
2870         
2871         If the high watermark is not reached, then we allocate new blocks as
2872         before.  If the current watermark does reach (or exceed) the high
2873         watermark, then we check if there is a block on the free block pool.
2874         If there is, we simply allocation from it.  If there isn't, we
2875         invoke a collectin as before.  This effectively couples the elastic
2876         scavenging to the collector's decision function.  That is, if an
2877         application rapidly varies its heap usage (sometimes using more and
2878         sometimes less) then the collector will not thrash as it used to.
2879         But if heap usage drops and stays low then the scavenger thread and
2880         the GC will eventually reach a kind of consensus: the GC will set
2881         the watermark low because of low heap usage, and the scavenger thread
2882         will steadily eliminate pages from the free page pool, until the size
2883         of the free pool is below the high watermark.
2884         
2885         On command-line, this is neutral on SunSpider and Kraken and a 3% win
2886         on V8.  In browser, this is a 1% win on V8 and neutral on the other
2887         two.
2888
2889         * heap/Heap.cpp:
2890         (JSC::Heap::allocateSlowCase):
2891         (JSC::Heap::allocateBlock):
2892         * heap/Heap.h:
2893
2894 2011-08-02  Jeff Miller  <jeffm@apple.com>
2895
2896         Move WTF_USE_AVFOUNDATION from JavaScriptCore/wtf/platform.h to WebCore/config.h
2897         https://bugs.webkit.org/show_bug.cgi?id=65552
2898         
2899         Since this is a WebCore feature, there's no need to define it in JavaScriptCore/wtf/platform.h.
2900
2901         Reviewed by Adam Roben.
2902
2903         * wtf/Platform.h: Removed WTF_USE_AVFOUNDATION.
2904
2905 2011-08-01  Jean-luc Brouillet  <jeanluc@chromium.org>
2906
2907         Removing old source files in gyp files that slow build
2908         https://bugs.webkit.org/show_bug.cgi?id=65503
2909
2910         Reviewed by Adam Barth.
2911
2912         A number of stale files are listed in the gyp files. These slow the
2913         build on Visual Studio 2010. Removing them.
2914
2915         * JavaScriptCore.gypi:
2916
2917 2011-07-14  David Levin  <levin@chromium.org>
2918
2919         currentThread is too slow!
2920         https://bugs.webkit.org/show_bug.cgi?id=64577
2921
2922         Reviewed by Darin Adler and Dmitry Titov.
2923
2924         The problem is that currentThread results in a pthread_once call which always takes a lock.
2925         With this change, currentThread is 10% faster than isMainThread in release mode and only
2926         5% slower than isMainThread in debug.
2927
2928         * wtf/ThreadIdentifierDataPthreads.cpp:
2929         (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
2930         which is no longer needed because this is called from initializeThreading().
2931         (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
2932         intialization of the pthread key should already be done.
2933         (WTF::ThreadIdentifierData::initialize): Ditto.
2934         * wtf/ThreadIdentifierDataPthreads.h:
2935         * wtf/ThreadingPthreads.cpp:
2936         (WTF::initializeThreading): Acquire the pthread key here.
2937
2938 2011-08-01  Filip Pizlo  <fpizlo@apple.com>
2939
2940         DFG JIT sometimes creates speculation check data structures that have
2941         invalid information about the format of a register
2942         https://bugs.webkit.org/show_bug.cgi?id=65490
2943
2944         Reviewed by Gavin Barraclough.
2945         
2946         The code now makes sure to (1) always have correct and up-to-date
2947         information about register format at the time that a speculation
2948         check is emitted, (2) assert that speculation data is correct
2949         inside the speculation check implementation, and (3) avoid creating
2950         speculation data altogether if compilation has already failed, since
2951         at that point the format data is almost guaranteed to be bogus.
2952
2953         * dfg/DFGNonSpeculativeJIT.cpp:
2954         (JSC::DFG::EntryLocation::EntryLocation):
2955         * dfg/DFGSpeculativeJIT.cpp:
2956         (JSC::DFG::SpeculationCheck::SpeculationCheck):
2957         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2958         (JSC::DFG::SpeculativeJIT::compile):
2959         * dfg/DFGSpeculativeJIT.h:
2960         (JSC::DFG::SpeculativeJIT::speculationCheck):
2961
2962 2011-08-01  Filip Pizlo  <fpizlo@apple.com>
2963
2964         REGRESSION(r92092): Build fails on 64 bit
2965         https://bugs.webkit.org/show_bug.cgi?id=65458
2966
2967         Reviewed by Oliver Hunt.
2968         
2969         The build was broken because some compilers were smart enough to see
2970         an array index out of bounds due to the decision fuction for when to
2971         go from precise size classes to imprecise size classes being broken:
2972         it would assume that sizes in the range 97..128 belonged to a precise
2973         size class when in fact they belonged to an imprecise one.
2974         
2975         In fact, the code would have run correctly, by way of a fluke, because
2976         though the 4th precise size class (for 97..128) didn't exist, the next
2977         array over from m_preciseSizeClasses was m_impreciseSizeClasses, and
2978         its first entry would have been a size class that is appropriate for
2979         allocations in the range 97..128.  However, this relies on specific
2980         ordering of fields in NewSpace, so it's still a bug.
2981         
2982         This fixes the bug by ensuring that allocations larger than 96 use
2983         the imprecise size classes.
2984
2985         * heap/NewSpace.h:
2986         (JSC::NewSpace::sizeClassFor):
2987
2988 2011-07-31  Gavin Barraclough  <barraclough@apple.com>
2989
2990         https://bugs.webkit.org/show_bug.cgi?id=64679
2991         Fix bugs in Array.prototype this handling.
2992
2993         Unreviewed - rolling out r91290.
2994
2995         Looks like the wild wild web isn't ready for this yet.
2996
2997         This change broke http://slides.html5rocks.com/#landing-slide.
2998         Interestingly, this might only be due to our lack of bind support -
2999         it looks like this site is calling  Array.prototype.slice as a part
3000         of its bind implementation.
3001
3002         * runtime/ArrayPrototype.cpp:
3003         (JSC::arrayProtoFuncJoin):
3004         (JSC::arrayProtoFuncConcat):
3005         (JSC::arrayProtoFuncPop):
3006         (JSC::arrayProtoFuncPush):
3007         (JSC::arrayProtoFuncReverse):
3008         (JSC::arrayProtoFuncShift):
3009         (JSC::arrayProtoFuncSlice):
3010         (JSC::arrayProtoFuncSort):
3011         (JSC::arrayProtoFuncSplice):
3012         (JSC::arrayProtoFuncUnShift):
3013         (JSC::arrayProtoFuncFilter):
3014         (JSC::arrayProtoFuncMap):
3015         (JSC::arrayProtoFuncEvery):
3016         (JSC::arrayProtoFuncForEach):
3017         (JSC::arrayProtoFuncSome):
3018         (JSC::arrayProtoFuncReduce):
3019         (JSC::arrayProtoFuncReduceRight):
3020         (JSC::arrayProtoFuncIndexOf):
3021         (JSC::arrayProtoFuncLastIndexOf):
3022
3023 2011-07-31  Filip Pizlo  <fpizlo@apple.com>
3024
3025         JSC GC lays out size classes under wrong assumptions about expected
3026         object size.
3027         https://bugs.webkit.org/show_bug.cgi?id=65437
3028
3029         Reviewed by Oliver Hunt.
3030         
3031         Changed the atom size - which is both the smallest allocation size and
3032         the smallest possible stepping unit for size class spacing - from
3033         8 bytes to 4 pointer-size words.  This is a 1% win on SunSpider.
3034
3035         * heap/MarkedBlock.h:
3036
3037 2011-07-31  Filip Pizlo  <fpizlo@apple.com>
3038
3039         DFG non-speculative JIT does not optimize PutByVal
3040         https://bugs.webkit.org/show_bug.cgi?id=65424
3041
3042         Reviewed by Gavin Barraclough.
3043         
3044         Added code to emit PutByVal inline fast path.
3045
3046         * dfg/DFGNonSpeculativeJIT.cpp:
3047         (JSC::DFG::NonSpeculativeJIT::compile):
3048
3049 2011-07-31  Filip Pizlo  <fpizlo@apple.com>
3050
3051         The JSC garbage collector returns memory to the operating system too
3052         eagerly.
3053         https://bugs.webkit.org/show_bug.cgi?id=65382
3054
3055         Reviewed by Oliver Hunt.
3056         
3057         This introduces a memory reuse model similar to the one in FastMalloc.
3058         A periodic scavenger thread runs in the background and returns half the
3059         free memory to the OS on each timer fire.  New block allocations first
3060         attempt to get the memory from the collector's internal pool, reverting
3061         to OS allocation only when this pool is empty.
3062
3063         * heap/Heap.cpp:
3064         (JSC::Heap::Heap):
3065         (JSC::Heap::~Heap):
3066         (JSC::Heap::destroy):
3067         (JSC::Heap::waitForRelativeTimeWhileHoldingLock):
3068         (JSC::Heap::waitForRelativeTime):
3069         (JSC::Heap::blockFreeingThreadStartFunc):
3070         (JSC::Heap::blockFreeingThreadMain):
3071         (JSC::Heap::allocateBlock):
3072         (JSC::Heap::freeBlocks):
3073         (JSC::Heap::releaseFreeBlocks):
3074         * heap/Heap.h:
3075         * heap/MarkedBlock.cpp:
3076         (JSC::MarkedBlock::destroy):
3077         (JSC::MarkedBlock::MarkedBlock):
3078         (JSC::MarkedBlock::initForCellSize):
3079         (JSC::MarkedBlock::reset):
3080         * heap/MarkedBlock.h:
3081         * wtf/Platform.h:
3082
3083 2011-07-30  Filip Pizlo  <fpizlo@apple.com>
3084
3085         DFG JIT speculation failure pass sometimes forgets to emit code to
3086         move certain registers.
3087         https://bugs.webkit.org/show_bug.cgi?id=65421
3088
3089         Reviewed by Oliver Hunt.
3090         
3091         Restructured the offending loops (for gprs and fprs).  It's once again
3092         possible to use spreadsheets on docs.google.com.
3093
3094         * dfg/DFGJITCompiler.cpp:
3095         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
3096
3097 2011-07-30  Patrick Gansterer  <paroga@webkit.org>
3098
3099         Remove inclusion of MainThread.h from Threading.h
3100         https://bugs.webkit.org/show_bug.cgi?id=65081
3101
3102         Reviewed by Darin Adler.
3103
3104         Add missing and remove unneeded include statements for MainThread.
3105
3106         * wtf/CryptographicallyRandomNumber.cpp:
3107         * wtf/Threading.h:
3108         * wtf/ThreadingPthreads.cpp:
3109         * wtf/text/StringStatics.cpp:
3110
3111 2011-07-30  Oliver Hunt  <oliver@apple.com>
3112
3113         Reduce the size of JSGlobalObject slightly
3114         https://bugs.webkit.org/show_bug.cgi?id=65417
3115
3116         Reviewed by Dan Bernstein.
3117
3118         Push a few members that either aren't commonly used,
3119         or aren't frequently accessed into a separate struct.
3120
3121         * runtime/JSGlobalObject.cpp:
3122         (JSC::JSGlobalObject::init):
3123         (JSC::JSGlobalObject::WeakMapsFinalizer::finalize):
3124         * runtime/JSGlobalObject.h:
3125         (JSC::JSGlobalObject::JSGlobalObjectRareData::JSGlobalObjectRareData):
3126         (JSC::JSGlobalObject::createRareDataIfNeeded):
3127         (JSC::JSGlobalObject::setProfileGroup):
3128         (JSC::JSGlobalObject::profileGroup):
3129         (JSC::JSGlobalObject::registerWeakMap):
3130         (JSC::JSGlobalObject::deregisterWeakMap):
3131
3132 2011-07-30  Balazs Kelemen  <kbalazs@webkit.org>
3133
3134         MessageQueue::waitForMessageFilteredWithTimeout can triggers an assertion
3135         https://bugs.webkit.org/show_bug.cgi?id=65263
3136
3137         Reviewed by Dmitry Titov.
3138
3139         * wtf/Deque.h:
3140         (WTF::::operator): Don't check the validity of an iterator
3141         that will be reassigned right now.
3142         * wtf/MessageQueue.h:
3143         (WTF::::removeIf): Revert r51198 as I beleave this is the better
3144         solution for the problem that was solved by that.
3145
3146 2011-07-29  Filip Pizlo  <fpizlo@apple.com>
3147
3148         JSC GC zombie support no longer works, and is likely no longer needed.
3149         https://bugs.webkit.org/show_bug.cgi?id=65404
3150
3151         Reviewed by Darin Adler.
3152         
3153         This removes zombies, because they no longer work, are not tested, are
3154         probably not needed, and are getting in the way of GC optimization
3155         work.
3156
3157         * JavaScriptCore.xcodeproj/project.pbxproj:
3158         * heap/Handle.h:
3159         (JSC::HandleConverter::operator->):
3160         (JSC::HandleConverter::operator*):
3161         * heap/HandleHeap.cpp:
3162         (JSC::HandleHeap::isValidWeakNode):
3163         * heap/Heap.cpp:
3164         (JSC::Heap::destroy):
3165         (JSC::Heap::collect):
3166         * heap/MarkedBlock.cpp:
3167         (JSC::MarkedBlock::sweep):
3168         * heap/MarkedBlock.h:
3169         (JSC::MarkedBlock::clearMarks):
3170         * interpreter/Register.h:
3171         (JSC::Register::Register):
3172         (JSC::Register::operator=):
3173         * runtime/ArgList.h:
3174         (JSC::MarkedArgumentBuffer::append):
3175         (JSC::ArgList::ArgList):
3176         * runtime/JSCell.cpp:
3177         (JSC::isZombie):
3178         * runtime/JSCell.h:
3179         * runtime/JSGlobalData.cpp:
3180         (JSC::JSGlobalData::JSGlobalData):
3181         (JSC::JSGlobalData::clearBuiltinStructures):
3182         * runtime/JSGlobalData.h:
3183         * runtime/JSValue.h:
3184         * runtime/JSValueInlineMethods.h:
3185         (JSC::JSValue::JSValue):
3186         * runtime/JSZombie.cpp: Removed.
3187         * runtime/JSZombie.h: Removed.
3188         * runtime/WriteBarrier.h:
3189         (JSC::WriteBarrierBase::setEarlyValue):
3190         (JSC::WriteBarrierBase::operator*):
3191         (JSC::WriteBarrierBase::setWithoutWriteBarrier):
3192         * wtf/Platform.h:
3193
3194 2011-07-29  Filip Pizlo  <fpizlo@apple.com>
3195
3196         DFG JIT verbose mode provides no details about predictions
3197         https://bugs.webkit.org/show_bug.cgi?id=65389
3198
3199         Reviewed by Darin Adler.
3200         
3201         Added a print-out of the predictions to the IR dump, with names as follows:
3202         "p-bottom" = the parser made no predictions
3203         "p-int32" = the parser predicted int32
3204         ... (same for array, cell, double, number)
3205         "p-top" = the parser made conflicting predictions which will be ignored.
3206
3207         * dfg/DFGGraph.cpp:
3208         (JSC::DFG::Graph::dump):
3209         * dfg/DFGGraph.h:
3210         (JSC::DFG::predictionToString):
3211
3212 2011-07-29  Filip Pizlo  <fpizlo@apple.com>
3213
3214         DFG JIT does not have any way of undoing double speculation.
3215         https://bugs.webkit.org/show_bug.cgi?id=65334
3216
3217         Reviewed by Gavin Barraclough.
3218         
3219         This adds code to do a branchConvertDoubleToInt on specualtion failure.
3220         This is performance-neutral on most benchmarks but does result in
3221         a slight improvement in Kraken.
3222
3223         * dfg/DFGJITCompiler.cpp:
3224         (JSC::DFG::GeneralizedRegister::moveTo):
3225         (JSC::DFG::GeneralizedRegister::swapWith):
3226         (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
3227         (JSC::DFG::ShuffledRegister::handleCyclingPermutation):
3228         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
3229
3230 2011-07-29  Filip Pizlo  <fpizlo@apple.com>
3231
3232         Crash when opening docs.google.com
3233         https://bugs.webkit.org/show_bug.cgi?id=65327
3234
3235         Reviewed by Gavin Barraclough.
3236         
3237         The speculative JIT was only checking whether a value is an array when
3238         we had already checked that it was, rather then when we hadn't.
3239
3240         * dfg/DFGSpeculativeJIT.cpp:
3241         (JSC::DFG::SpeculativeJIT::compile):
3242
3243 2011-07-28  Oliver Hunt  <oliver@apple.com>
3244
3245         *_list instructions are only used in one place, where the code is wrong.
3246         https://bugs.webkit.org/show_bug.cgi?id=65348
3247
3248         Reviewed by Darin Adler.
3249
3250         Simply remove the instructions and all users.  Speeds up the interpreter
3251         slightly due to code motion, but otherwise has no effect (because none
3252         of the _list instructions are ever used).
3253
3254         * bytecode/CodeBlock.cpp:
3255         (JSC::isPropertyAccess):
3256         (JSC::CodeBlock::dump):
3257         (JSC::CodeBlock::visitStructures):
3258         * bytecode/Instruction.h:
3259         * bytecode/Opcode.h:
3260         * interpreter/Interpreter.cpp:
3261         (JSC::Interpreter::privateExecute):
3262         * jit/JIT.cpp:
3263         (JSC::JIT::privateCompileMainPass):
3264
3265 2011-07-28  Gavin Barraclough  <barraclough@apple.com>
3266
3267         https://bugs.webkit.org/show_bug.cgi?id=65325
3268         Performance tweak to parseInt
3269
3270         Reviewed by Oliver Hunt.
3271
3272         * runtime/JSGlobalObjectFunctions.cpp:
3273         (JSC::globalFuncParseInt):
3274             - This change may an existing optimization redundant,
3275               cleanup from Darin's comments, plus fix existing bugs.
3276
3277 2011-07-28  Gavin Barraclough  <barraclough@apple.com>
3278
3279         https://bugs.webkit.org/show_bug.cgi?id=65325
3280         Performance tweak to parseInt
3281
3282         Reviewed by Oliver Hunt.
3283
3284         * runtime/JSGlobalObjectFunctions.cpp:
3285         (JSC::globalFuncParseInt):
3286             - parseInt applied to small positive numbers = floor.
3287
3288 2011-07-28  Dan Bernstein  <mitz@apple.com>
3289
3290         Build fix.
3291
3292         * runtime/Executable.cpp:
3293         (JSC::FunctionExecutable::compileForCallInternal):
3294
3295 2011-07-28  Kent Tamura  <tkent@chromium.org>
3296
3297         Improve StringImpl::stripWhiteSpace() and simplifyWhiteSpace().
3298         https://bugs.webkit.org/show_bug.cgi?id=65300
3299
3300         Reviewed by Darin Adler.
3301
3302         r91837 had performance regression of StringImpl::stripWhiteSpace()
3303         and simplifyWhiteSpace(). This changes the code so that compilers
3304         generates code equivalent to r91836 or piror.
3305
3306         * wtf/text/StringImpl.cpp:
3307         (WTF::StringImpl::stripMatchedCharacters):
3308         A template member function for stripWhiteSpace(). This function takes a functor.
3309         (WTF::UCharPredicate):
3310         A functor for generic predicate for single UChar argument.
3311         (WTF::SpaceOrNewlinePredicate):
3312         A special functor for isSpaceOrNewline().
3313         (WTF::StringImpl::stripWhiteSpace):
3314         Use stripmatchedCharacters().
3315         (WTF::StringImpl::simplifyMatchedCharactersToSpace):
3316         A template member function for simplifyWhiteSpace().
3317         (WTF::StringImpl::simplifyWhiteSpace):
3318         Use simplifyMatchedCharactersToSpace().
3319         * wtf/text/StringImpl.h:
3320
3321 2011-07-27  Dmitry Lomov  <dslomov@google.com>
3322
3323         [chromium] Turn on WTF_MULTIPLE_THREADS.
3324         https://bugs.webkit.org/show_bug.cgi?id=61017
3325         The patch turns on WTF_MULTIPLE_THREADS in chromium and 
3326         pushes some relevant initializations from JSC::initializeThreading
3327         to WTF::initializeThreading.
3328
3329         Reviewed by David Levin.
3330
3331         * runtime/InitializeThreading.cpp:
3332         (JSC::initializeThreadingOnce):
3333         * wtf/FastMalloc.cpp:
3334         (WTF::isForbidden):
3335         (WTF::fastMallocForbid):
3336         (WTF::fastMallocAllow):
3337         * wtf/Platform.h:
3338         * wtf/ThreadingPthreads.cpp:
3339         (WTF::initializeThreading):
3340         * wtf/ThreadingWin.cpp:
3341         (WTF::initializeThreading):
3342         * wtf/gtk/ThreadingGtk.cpp:
3343         (WTF::initializeThreading):
3344         * wtf/qt/ThreadingQt.cpp:
3345         (WTF::initializeThreading):
3346
3347 2011-07-27  Mark Hahnenberg  <mhahnenberg@apple.com>
3348
3349         Remove operator new from JSCell
3350         https://bugs.webkit.org/show_bug.cgi?id=64999
3351
3352         Reviewed by Oliver Hunt.
3353
3354         Removed the implementation of operator new in JSCell, so any further uses
3355         will not successfully link.  Also removed any remaining uses of operator new.
3356
3357         * API/JSContextRef.cpp:
3358         * debugger/DebuggerActivation.h:
3359         (JSC::DebuggerActivation::create):
3360         * interpreter/Interpreter.cpp:
3361         (JSC::Interpreter::execute):
3362         (JSC::Interpreter::createExceptionScope):
3363         (JSC::Interpreter::privateExecute):
3364         * jit/JITStubs.cpp:
3365         (JSC::DEFINE_STUB_FUNCTION):
3366         * runtime/JSCell.h:
3367         * runtime/JSGlobalObject.h:
3368         (JSC::JSGlobalObject::create):
3369         * runtime/JSStaticScopeObject.h:
3370         (JSC::JSStaticScopeObject::create):
3371         (JSC::JSStaticScopeObject::JSStaticScopeObject):
3372         * runtime/StrictEvalActivation.h:
3373         (JSC::StrictEvalActivation::create):
3374
3375 2011-07-27  Filip Pizlo  <fpizlo@apple.com>
3376
3377         DFG graph has no notion of double prediction.
3378         https://bugs.webkit.org/show_bug.cgi?id=65234
3379
3380         Reviewed by Gavin Barraclough.
3381         
3382         Added the notion of PredictDouble, and PredictNumber, which is the least
3383         upper bound of PredictInt32 and PredictDouble.  Least upper bound is
3384         defined as the bitwise-or of two predictions.  Bottom is defined as 0,
3385         and Top is defined as all bits being set.  Added the ability to explicitly
3386         distinguish between a node having had a prediction associated with it,
3387         and that prediction still being valid (i.e. no conflicting predictions
3388         have also been added).  Used this to guard the speculative JIT from
3389         speculating Int32 in cases where the graph knows that the value is
3390         double, which currently only happens for GetLocal nodes on arguments
3391         which were double at compile-time.
3392
3393         * dfg/DFGGraph.cpp:
3394         (JSC::DFG::Graph::predictArgumentTypes):
3395         * dfg/DFGGraph.h:
3396         (JSC::DFG::isCellPrediction):
3397         (JSC::DFG::isArrayPrediction):
3398         (JSC::DFG::isInt32Prediction):
3399         (JSC::DFG::isDoublePrediction):
3400         (JSC::DFG::isNumberPrediction):
3401         * dfg/DFGSpeculativeJIT.cpp:
3402         (JSC::DFG::SpeculativeJIT::compile):
3403         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
3404         (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
3405         * dfg/DFGSpeculativeJIT.h:
3406         (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
3407
3408 2011-07-27  Gavin Barraclough  <barraclough@apple.com>
3409
3410         https://bugs.webkit.org/show_bug.cgi?id=65294
3411         DFG JIT - may speculate based on wrong arguments.
3412
3413         Reviewed by Oliver Hunt
3414
3415         In the case of a DFG compiled function calling to and compiling a second function that
3416         also compiles through the DFG JIT (i.e. compilation triggered with DFGOperations.cpp),
3417         we call compileFor passing the caller functions exec state, rather than the callee's.
3418         This may lead to mis-optimization, since the DFG compiler will example the exec state's
3419         arguments on the assumption that these will be passed to the callee - it is wanting the
3420         callee exec state, not the caller's exec state.
3421
3422         Fixing this for all cases of compilation is tricksy, due to the way the numeric sort
3423         function is compiled, & the structure of the calls in the Interpreter::execute methods.
3424         Only fix for compilation from the JIT, in other calls don't speculate based on arguments
3425         for now.
3426
3427         * dfg/DFGOperations.cpp:
3428         * runtime/Executable.cpp:
3429         (JSC::tryDFGCompile):
3430         (JSC::tryDFGCompileFunction):
3431         (JSC::FunctionExecutable::compileForCallInternal):
3432         * runtime/Executable.h:
3433         (JSC::FunctionExecutable::compileForCall):
3434         (JSC::FunctionExecutable::compileFor):
3435
3436 2011-07-27  Oliver Hunt  <oliver@apple.com>
3437
3438         Handle callback oriented JSONP
3439         https://bugs.webkit.org/show_bug.cgi?id=65271
3440
3441         Reviewed by Gavin Barraclough.
3442
3443         Handle the callback oriented versions of JSONP.  The Literal parser
3444         now handles <Identifier> (. <Identifier>)* (jsonData).
3445
3446         * interpreter/Interpreter.cpp:
3447         (JSC::Interpreter::execute):
3448         * runtime/LiteralParser.cpp:
3449         (JSC::LiteralParser::tryJSONPParse):
3450         (JSC::LiteralParser::Lexer::lex):
3451         * runtime/LiteralParser.h:
3452
3453 2011-07-27  Stephanie Lewis  <slewis@apple.com>
3454
3455         Revert http://trac.webkit.org/changeset/90415.
3456         Caused a 5% sunspider regression in-browser.
3457
3458         Unreviewed rollout.
3459
3460         * bytecode/CodeBlock.cpp:
3461         (JSC::CodeBlock::visitAggregate):
3462         * heap/Heap.cpp:
3463         (JSC::Heap::collectAllGarbage):
3464         * heap/MarkStack.h:
3465         (JSC::MarkStack::MarkStack):
3466         * runtime/JSGlobalData.cpp:
3467         (JSC::JSGlobalData::releaseExecutableMemory):
3468         * runtime/RegExp.cpp:
3469         (JSC::RegExp::compile):
3470         (JSC::RegExp::invalidateCode):
3471         * runtime/RegExp.h:
3472
3473 2011-07-27  Shinya Kawanaka  <shinyak@google.com>
3474
3475         Added an interface to take IsWhiteSpaceFunctionPtr.
3476         https://bugs.webkit.org/show_bug.cgi?id=57746
3477
3478         Reviewed by Kent Tamura.
3479
3480         * wtf/text/StringImpl.cpp:
3481         (WTF::StringImpl::stripWhiteSpace):
3482           Added an interface to take IsWhiteSpaceFunctionPtr.
3483         (WTF::StringImpl::simplifyWhiteSpace): ditto.
3484         * wtf/text/StringImpl.h:
3485         * wtf/text/WTFString.cpp:
3486         (WTF::String::stripWhiteSpace): ditto.
3487         (WTF::String::simplifyWhiteSpace): ditto.
3488         * wtf/text/WTFString.h:
3489
3490 2011-07-27  Filip Pizlo  <fpizlo@apple.com>
3491
3492         DFG JIT speculation failure code performs incorrect conversions in
3493         the case where two registers need to be swapped.
3494         https://bugs.webkit.org/show_bug.cgi?id=65233
3495
3496         Reviewed by Gavin Barraclough.
3497         
3498         * dfg/DFGJITCompiler.cpp:
3499         (JSC::DFG::GeneralizedRegister::swapWith):
3500
3501 2011-07-26  Mark Hahnenberg  <mhahnenberg@apple.com>
3502
3503         reduce and reduceRight bind callback's this to null rather than undefined
3504         https://bugs.webkit.org/show_bug.cgi?id=62264
3505
3506         Reviewed by Oliver Hunt.
3507
3508         Fixed Array.prototype.reduce and Array.prototype.reduceRight so that they behave correctly
3509         when calling the callback function without an argument for this, which means it should 
3510         be undefined according to ES 15.4.4.21 and 15.4.4.22.
3511
3512         * runtime/ArrayPrototype.cpp:
3513         (JSC::arrayProtoFuncReduce):
3514         (JSC::arrayProtoFuncReduceRight):
3515
3516 2011-07-26  Filip Pizlo  <fpizlo@apple.com>
3517
3518         JSC command-line tool does not come with any facility for
3519         measuring time precisely.
3520         https://bugs.webkit.org/show_bug.cgi?id=65223
3521
3522         Reviewed by Gavin Barraclough.
3523         
3524         Exposed WTF::currentTime() as currentTimePrecise().
3525
3526         * jsc.cpp:
3527         (GlobalObject::GlobalObject):
3528         (functionPreciseTime):
3529
3530 2011-07-26  Filip Pizlo  <fpizlo@apple.com>
3531
3532         DFG speculative JIT never emits inline double comparisons, even when it
3533         would be obvious more efficient to do so.
3534         https://bugs.webkit.org/show_bug.cgi?id=65212
3535
3536         Reviewed by Gavin Barraclough.
3537         
3538         This handles the obvious case of inlining double comparisons: it only addresses
3539         the speculative JIT, and only for fused compare/branch sequences.  But it does
3540         handle the case where both operands are double (and there is no slow path),
3541         or where one operand is double and the other is unknown type (in which case it
3542         attempts to unbox the double, otherwise taking slow path).  This is an 0.8%
3543         speed-up on SunSpider.
3544
3545         * dfg/DFGSpeculativeJIT.cpp:
3546         (JSC::DFG::SpeculativeJIT::convertToDouble):
3547         (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
3548         (JSC::DFG::SpeculativeJIT::compare):
3549         (JSC::DFG::SpeculativeJIT::compile):
3550         * dfg/DFGSpeculativeJIT.h:
3551         (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
3552         (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
3553
3554 2011-07-26  Filip Pizlo  <fpizlo@apple.com>
3555
3556         https://bugs.webkit.org/show_bug.cgi?id=64969
3557         DFG JIT generates inefficient code for speculation failures.
3558
3559         Reviewed by Gavin Barraclough.
3560         
3561         This implements a speculation failure strategy where (1) values spilled on
3562         non-speculative but not spilled on speculative are spilled, (2) values that
3563         are in registers on both paths are rearranged without ever touching memory,
3564         and (3) values spilled on speculative but not spilled on non-speculative are
3565         filled.
3566         
3567         The register shuffling is the most interesting part of this patch.  It
3568         constructs a permutation graph for registers.  Each node represents a
3569         register, and each directed edge corresponds to the register's value having
3570         to be moved to a different register as part of the shuffling.  This is a
3571         directed graph where each node may only have 0 or 1 incoming edges, and
3572         0 or 1 outgoing edges.  The algorithm then first finds maximal non-cyclic
3573         subgraphs where all nodes in the subgraph are reachable from a start node.
3574         Such subgraphs always resemble linked lists, and correspond to simply
3575         moving the value in the second-to-last register into the last register, and
3576         then moving the value in the third-to-last register into the second-to-last
3577         register, and so on.  Once these subgraphs are taken care of, the remaining
3578         subgraphs are cycles, and are handled using either (a) conversion or no-op
3579         if the cycle involves one node, (b) swap if it involves two nodes, or (c)
3580         a cyclic shuffle involving a scratch register if there are three or more
3581         nodes.
3582         
3583         * dfg/DFGGenerationInfo.h:
3584         (JSC::DFG::needDataFormatConversion):
3585         * dfg/DFGJITCompiler.cpp:
3586         (JSC::DFG::GeneralizedRegister::GeneralizedRegister):
3587         (JSC::DFG::GeneralizedRegister::createGPR):
3588         (JSC::DFG::GeneralizedRegister::createFPR):
3589         (JSC::DFG::GeneralizedRegister::dump):
3590         (JSC::DFG::GeneralizedRegister::findInSpeculationCheck):
3591         (JSC::DFG::GeneralizedRegister::findInEntryLocation):
3592         (JSC::DFG::GeneralizedRegister::previousDataFormat):
3593         (JSC::DFG::GeneralizedRegister::nextDataFormat):
3594         (JSC::DFG::GeneralizedRegister::convert):
3595         (JSC::DFG::GeneralizedRegister::moveTo):
3596         (JSC::DFG::GeneralizedRegister::swapWith):
3597         (JSC::DFG::ShuffledRegister::ShuffledRegister):
3598         (JSC::DFG::ShuffledRegister::isEndOfNonCyclingPermutation):
3599         (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
3600         (JSC::DFG::ShuffledRegister::handleCyclingPermutation):
3601         (JSC::DFG::ShuffledRegister::lookup):
3602         (JSC::DFG::lookupForRegister):
3603         (JSC::DFG::NodeToRegisterMap::Tuple::Tuple):
3604         (JSC::DFG::NodeToRegisterMap::NodeToRegisterMap):
3605         (JSC::DFG::NodeToRegisterMap::set):
3606         (JSC::DFG::NodeToRegisterMap::end):
3607         (JSC::DFG::NodeToRegisterMap::find):
3608         (JSC::DFG::NodeToRegisterMap::clear):
3609         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
3610         (JSC::DFG::JITCompiler::linkSpeculationChecks):
3611         * dfg/DFGJITCompiler.h:
3612         * dfg/DFGNonSpeculativeJIT.cpp:
3613         (JSC::DFG::EntryLocation::EntryLocation):
3614         * dfg/DFGNonSpeculativeJIT.h:
3615         * dfg/DFGSpeculativeJIT.cpp:
3616         (JSC::DFG::SpeculationCheck::SpeculationCheck):
3617         * dfg/DFGSpeculativeJIT.h:
3618
3619 2011-07-26  Oliver Hunt  <oliver@apple.com>
3620
3621         Buffer overflow creating error messages for JSON.parse
3622         https://bugs.webkit.org/show_bug.cgi?id=65211
3623
3624         Reviewed by Darin Adler.
3625
3626         Parse string length to the UString constructor.
3627
3628         * runtime/LiteralParser.cpp:
3629         (JSC::LiteralParser::parse):
3630
3631 2011-07-26  Mark Hahnenberg  <mhahnenberg@apple.com>
3632
3633         Refactor automatically generated JS DOM bindings to replace operator new with static create methods
3634         https://bugs.webkit.org/show_bug.cgi?id=64732
3635
3636         Reviewed by Oliver Hunt.
3637
3638         Replacing the public constructors in the automatically generated JS DOM bindings with static 
3639         create methods.  JSByteArray is used by several of these bindings in WebCore.
3640
3641         * JavaScriptCore.exp:
3642         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3643         * runtime/JSByteArray.cpp:
3644         (JSC::JSByteArray::create):
3645         * runtime/JSByteArray.h:
3646
3647 2011-07-26  Alexis Menard  <alexis.menard@openbossa.org>
3648
3649         Unreviewed build fix for Qt/Linux.
3650
3651         On platforms with no glib and gstreamer we should not build javascriptcore
3652         with the Glib support. This is related to http://trac.webkit.org/changeset/91752.
3653
3654         * wtf/wtf.pri:
3655
3656 2011-07-26  Juan C. Montemayor  <jmont@apple.com>
3657
3658         JSON errors should be informative
3659         https://bugs.webkit.org/show_bug.cgi?id=63339
3660
3661         Added error messages to the JSON Parser.
3662
3663         Reviewed by Oliver Hunt.
3664
3665         * runtime/JSONObject.cpp:
3666         (JSC::JSONProtoFuncParse):
3667         * runtime/LiteralParser.cpp:
3668         (JSC::LiteralParser::Lexer::lex):
3669         (JSC::LiteralParser::Lexer::lexString):
3670         (JSC::LiteralParser::Lexer::lexNumber):
3671         (JSC::LiteralParser::parse):
3672         * runtime/LiteralParser.h:
3673         (JSC::LiteralParser::getErrorMessage):
3674         (JSC::LiteralParser::Lexer::sawError):
3675         (JSC::LiteralParser::Lexer::getErrorMessage):
3676
3677 2011-07-26  Sheriff Bot  <webkit.review.bot@gmail.com>
3678
3679         Unreviewed, rolling out r91746.
3680         http://trac.webkit.org/changeset/91746
3681         https://bugs.webkit.org/show_bug.cgi?id=65180
3682
3683         It broke SL build (Requested by Ossy on #webkit).
3684
3685         * wtf/text/StringImpl.cpp:
3686         (WTF::StringImpl::stripWhiteSpace):
3687         (WTF::StringImpl::simplifyWhiteSpace):
3688         * wtf/text/StringImpl.h:
3689         * wtf/text/WTFString.cpp:
3690         * wtf/text/WTFString.h:
3691
3692 2011-07-26  Alexis Menard  <alexis.menard@openbossa.org>
3693
3694         Reviewed by Andreas Kling.
3695
3696         [Qt] Change default backend to use GStreamer on Linux and QuickTime on Mac.
3697         https://bugs.webkit.org/show_bug.cgi?id=63472
3698
3699         Enable the bits needed for GStreamer only when QtMultimedia is not used.
3700
3701         * wtf/wtf.pri:
3702
3703 2011-07-26  Shinya Kawanaka  <shinyak@google.com>
3704
3705         Added an interface to take IsWhiteSpaceFunctionPtr.
3706         https://bugs.webkit.org/show_bug.cgi?id=57746
3707
3708         Reviewed by Kent Tamura.
3709
3710         * wtf/text/StringImpl.cpp:
3711         (WTF::StringImpl::stripWhiteSpace):
3712           Added an interface to take IsWhiteSpaceFunctionPtr.
3713         (WTF::StringImpl::simplifyWhiteSpace): ditto.
3714         * wtf/text/StringImpl.h:
3715         * wtf/text/WTFString.cpp:
3716         (WTF::String::stripWhiteSpace): ditto.
3717         (WTF::String::simplifyWhiteSpace): ditto.
3718         * wtf/text/WTFString.h:
3719
3720 2011-07-25  Filip Pizlo  <fpizlo@apple.com>
3721
3722         DFG non-speculative JIT emits inefficient code for arithmetic
3723         involving two registers
3724         https://bugs.webkit.org/show_bug.cgi?id=65160
3725
3726         Reviewed by Gavin Barraclough.
3727         
3728         The non-speculative JIT now emits inline code for double arithmetic, but
3729         still attempts integer arithmetic first.  This is a speed-up on SunSpider
3730         (albeit a small one), and a large speed-up on Kraken.
3731
3732         * dfg/DFGNonSpeculativeJIT.cpp:
3733         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
3734
3735 2011-07-25  Ryuan Choi  <ryuan.choi@samsung.com>
3736
3737         [EFL] Build break with --debug after r89153.
3738         https://bugs.webkit.org/show_bug.cgi?id=65150
3739
3740         Unreviewed build fix.
3741
3742         * wtf/CMakeListsEfl.txt: Add missing libraries.
3743
3744 2011-07-25  Filip Pizlo  <fpizlo@apple.com>
3745
3746         DFG non-speculative JIT emits obviously inefficient code for arithmetic
3747         where one operand is a constant.
3748         https://bugs.webkit.org/show_bug.cgi?id=65146
3749
3750         Reviewed by Gavin Barraclough.
3751         
3752         Changed the code to emit double arithmetic inline.
3753
3754         * dfg/DFGNonSpeculativeJIT.cpp:
3755         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
3756
3757 2011-07-25  Filip Pizlo  <fpizlo@apple.com>
3758
3759         DFG JIT bytecode parser misuses pointers into objects allocated as part of a
3760         WTF::Vector.
3761         https://bugs.webkit.org/show_bug.cgi?id=65128
3762
3763         Reviewed by Gavin Barraclough.
3764         
3765         The bytecode parser code seems to be right to have a DFGNode& phiNode reference
3766         into the graph, since this makes the code greatly more readable.  This patch
3767         thus makes the minimal change necessary to make the code right: it uses a
3768         pointer (to disambiguate between reloading the pointer and performing a
3769         copy from one location of the vector to another) and reloads it after the
3770         calls to addToGraph().
3771
3772         * dfg/DFGByteCodeParser.cpp:
3773         (JSC::DFG::ByteCodeParser::processPhiStack):
3774
3775 2011-07-25  Sheriff Bot  <webkit.review.bot@gmail.com>
3776
3777         Unreviewed, rolling out r91686.
3778         http://trac.webkit.org/changeset/91686
3779         https://bugs.webkit.org/show_bug.cgi?id=65144
3780
3781         1.5% regression in JSC (Requested by jmontemayor on #webkit).
3782
3783         * runtime/JSONObject.cpp:
3784         (JSC::JSONProtoFuncParse):
3785         * runtime/LiteralParser.cpp:
3786         (JSC::LiteralParser::Lexer::lex):
3787         (JSC::LiteralParser::Lexer::lexString):
3788         (JSC::LiteralParser::Lexer::lexNumber):
3789         (JSC::LiteralParser::parse):
3790         * runtime/LiteralParser.h:
3791
3792 2011-07-25  Jon Lee  <jonlee@apple.com>
3793
3794         Assertion called in ExecutableBase::generatedJITCodeForCall() when JIT is not available
3795         https://bugs.webkit.org/show_bug.cgi?id=65132
3796         <rdar://problem/9836297>
3797         
3798         Reviewed by Oliver Hunt.
3799         
3800         Make sure the JIT is available to use before running the following calls:
3801
3802         * bytecode/CodeBlock.cpp:
3803         (JSC::CodeBlock::unlinkCalls): Added check, return early if JIT is not available.
3804         * bytecode/CodeBlock.h:
3805         (JSC::CodeBlock::addMethodCallLinkInfos): Added assertion.
3806
3807 2011-07-25  Juan C. Montemayor  <jmont@apple.com>
3808
3809         JSON errors should be informative
3810         https://bugs.webkit.org/show_bug.cgi?id=63339
3811
3812         Added error messages to the JSON Parser.
3813
3814         Reviewed by Oliver Hunt.
3815
3816         * runtime/JSONObject.cpp:
3817         (JSC::JSONProtoFuncParse):
3818         * runtime/LiteralParser.cpp:
3819         (JSC::LiteralParser::Lexer::lex):
3820         (JSC::LiteralParser::Lexer::lexString):
3821         (JSC::LiteralParser::Lexer::lexNumber):
3822         (JSC::LiteralParser::parse):
3823         * runtime/LiteralParser.h:
3824         (JSC::LiteralParser::getErrorMessage):
3825         (JSC::LiteralParser::Lexer::sawError):
3826         (JSC::LiteralParser::Lexer::getErrorMessage):
3827
3828 2011-07-25  Filip Pizlo  <fpizlo@apple.com>
3829
3830         X86-64 assembler emits three instructions instead of two for certain
3831         loads and stores.
3832         https://bugs.webkit.org/show_bug.cgi?id=65095
3833
3834         Reviewed by Gavin Barraclough.
3835         
3836         Simply made these four methods in the assembler use the scratch register,
3837         which they were previously avoiding.  It still optimizes for the case where
3838         an absolute address memory accesses is using EAX.  This results in a slight
3839         performance improvement.
3840
3841         * assembler/MacroAssemblerX86_64.h:
3842         (JSC::MacroAssemblerX86_64::load32):
3843         (JSC::MacroAssemblerX86_64::store32):
3844         (JSC::MacroAssemblerX86_64::loadPtr):
3845         (JSC::MacroAssemblerX86_64::storePtr):
3846
3847 2011-07-25  Ryuan Choi  <ryuan.choi@samsung.com>
3848
3849         [EFL] Implement EFL-specific current time and monotonicallyIncreasingTime.
3850         https://bugs.webkit.org/show_bug.cgi?id=64354
3851
3852         Use ecore_time_unix_get which returns unix time as double type for currentTime
3853         and ecore_time_get which uses monotonic clock for monotonicallyIncreasingTime.
3854
3855         Reviewed by Kent Tamura.
3856
3857         * wtf/CurrentTime.cpp:
3858         (WTF::currentTime):
3859         (WTF::monotonicallyIncreasingTime):
3860
3861 2011-07-22  Sommer Panage  <panage@apple.com>
3862
3863         Reviewed by Oliver Hunt.
3864
3865         export JSContextCreateBacktrace as SPI in JSContextRefPrivate.h
3866         https://bugs.webkit.org/show_bug.cgi?id=64981
3867
3868         UIAutomation for iOS would like to support a Javascript backtrace in our error logs.
3869         Currently, the C API does not provide the tools to do this. However, the private API
3870         does expose the necessary functionality to get a backtrace
3871         (via Interpreter::retrieveLastCaller). We recognize this information may result in
3872         failure in the cases of programs run by 'eval', stack frames beneath host function
3873         call frames, and in programs run from other programs. Thus, we propose exporting our
3874         JSContextCreateBacktrace in JSContextRefPrivate.h. This will provide us with the tools
3875         we need while not advertising an API that isn't really ready for full use.
3876
3877         * API/JSContextRef.cpp:
3878         * API/JSContextRefPrivate.h:
3879         * JavaScriptCore.exp:
3880
3881
3882 2011-07-22  Gavin Barraclough  <barraclough@apple.com>
3883
3884         https://bugs.webkit.org/show_bug.cgi?id=65051
3885         DFG JIT - Enable by default for mac platform on x86-64.
3886
3887         Rubber Stamped by Geoff Garen.
3888
3889         This is now a performance progression.
3890
3891         * wtf/Platform.h:
3892             - Removed definition of ENABLE_DFG_JIT_RESTRICTIONS.
3893
3894 2011-07-22  Gavin Barraclough  <barraclough@apple.com>
3895
3896         https://bugs.webkit.org/show_bug.cgi?id=65047
3897         DFG JIT - Add support for op_resolve/op_resolve_base
3898
3899         Reviewed by Sam Weinig.
3900
3901         These are necessary for any significant eval code coverage
3902         (and as such increase LayoutTest coverage).
3903
3904         * dfg/DFGAliasTracker.h:
3905         (JSC::DFG::AliasTracker::recordResolve):
3906             - Conservatively blow aliasing optimizations for now.
3907         * dfg/DFGByteCodeParser.cpp:
3908         (JSC::DFG::ByteCodeParser::parseBlock):
3909             - Add support for op_resolve/op_resolve_base.
3910         * dfg/DFGJITCodeGenerator.h:
3911         (JSC::DFG::JITCodeGenerator::callOperation):
3912             - Add call with exec, identifer aguments.
3913         * dfg/DFGNode.h:
3914             - Add new node types.
3915         (JSC::DFG::Node::hasIdentifier):
3916             - Resolve nodes have identifiers, too!
3917         * dfg/DFGNonSpeculativeJIT.cpp:
3918         (JSC::DFG::NonSpeculativeJIT::compile):
3919             - Add generation for new Nodes.
3920         * dfg/DFGOperations.cpp:
3921         * dfg/DFGOperations.h:
3922             - Added new operations.
3923         * dfg/DFGSpeculativeJIT.cpp:
3924         (JSC::DFG::SpeculativeJIT::compile):
3925             - Add generation for new Nodes.
3926
3927 2011-07-22  Gavin Barraclough  <barraclough@apple.com>
3928
3929         https://bugs.webkit.org/show_bug.cgi?id=65036
3930         Messing with the register allocation within flow control = badness.
3931
3932         Reviewed by Sam Weinig.
3933
3934         * dfg/DFGNonSpeculativeJIT.cpp:
3935         (JSC::DFG::NonSpeculativeJIT::compile):
3936             - Fix register allocation.
3937
3938 2011-07-22  Mark Hahnenberg  <mhahnenberg@apple.com>
3939
3940         Date.prototype.toISOString doesn't handle negative years or years > 9999 correctly.
3941         https://bugs.webkit.org/show_bug.cgi?id=63986
3942
3943         Reviewed by Geoffrey Garen.
3944
3945         Changed the implementation of Date.prototype.toISOString() to use the extended year
3946         format (+/-yyyyyy) for years outside of [0,9999] to be in compliance with ES 15.9.1.15.1.
3947
3948         * runtime/DatePrototype.cpp:
3949         (JSC::dateProtoFuncToISOString):
3950
3951 2011-07-21  Gavin Barraclough  <barraclough@apple.com>
3952
3953         Windows build fix
3954
3955         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3956
3957 2011-07-21  Ryosuke Niwa  <rniwa@webkit.org>
3958
3959         Build fix after r91555.
3960
3961         * JavaScriptCore.exp:
3962
3963 2011-07-21  Gavin Barraclough  <barraclough@apple.com>
3964
3965         https://bugs.webkit.org/show_bug.cgi?id=19271
3966         eliminate PIC branches by changing NaN handling in JSValue::toNumber
3967
3968         Reviewed by Sam Weinig.
3969
3970         Moving the non-numeric cases out of line seems to be a consistent
3971         win on SunSpider for me, to the order of about 0.5%.
3972
3973         * runtime/JSCell.h:
3974         (JSC::JSCell::JSValue::toNumber):
3975             - Changed to only handle values that are already numbers, moce non-numeric cases out of line.
3976         * runtime/JSValue.cpp:
3977         (JSC::JSValue::toNumberSlowCase):
3978             - Added toNumberSlowCase, handling non-numeric cases.
3979         * runtime/JSValue.h:
3980             - Add declaration of toNumberSlowCase.
3981
3982 2011-07-21  Gavin Barraclough  <barraclough@apple.com>
3983
3984         https://bugs.webkit.org/show_bug.cgi?id=64875
3985         Use of `yield` keyword is broken
3986
3987         Reviewed by Sam Weinig.
3988
3989         * parser/Lexer.cpp:
3990         (JSC::Lexer::parseIdentifier):
3991             - The bug here is that a successful match of a RESERVED_IF_STRICT token from
3992               parseKeyword is being nullified back to IDENT. The problem is that in the
3993               case of IDENT matches parseKeyword should not move the lexer's input
3994               position, but in the case of RESERVED_IF_STRICT it has done so.
3995
3996 2011-07-21  Gavin Barraclough  <barraclough@apple.com>
3997
3998         https://bugs.webkit.org/show_bug.cgi?id=64900
3999         Function.prototype.apply should accept an array-like object as its second argument
4000
4001         Reviewed by Sam Weinig.
4002
4003         * interpreter/Interpreter.cpp:
4004         (JSC::Interpreter::privateExecute):
4005         * jit/JITStubs.cpp:
4006         (JSC::DEFINE_STUB_FUNCTION):
4007         * runtime/FunctionPrototype.cpp:
4008         (JSC::functionProtoFuncApply):
4009             - Remove the type error if object is not an array.
4010
4011 2011-07-21  Gavin Barraclough  <barraclough@apple.com>
4012
4013         https://bugs.webkit.org/show_bug.cgi?id=64964
4014         DFG JIT - Enable support for eval code
4015
4016         Reviewed by Sam Weinig.
4017
4018         This is basically the same as program code, to the JIT!
4019
4020         * bytecode/Opcode.cpp:
4021         * bytecode/Opcode.h:
4022             - Enable opcodeNames in !NDEBUG builds.
4023         * dfg/DFGOperations.cpp:
4024             - Fix a bug exposed by eval support, throw correct type error for new.
4025         * runtime/Executable.cpp:
4026         (JSC::EvalExecutable::compileInternal):
4027             - Enable DFG JIT for eval code.
4028
4029 2011-07-20  Sheriff Bot  <webkit.review.bot@gmail.com>
4030
4031         Unreviewed, rolling out r91380.
4032         http://trac.webkit.org/changeset/91380
4033         https://bugs.webkit.org/show_bug.cgi?id=64924
4034
4035         Caused assertion failures in Chromium's IndexedDB tests
4036         (Requested by rniwa on #webkit).
4037
4038         * wtf/ThreadIdentifierDataPthreads.cpp:
4039         (WTF::ThreadIdentifierData::identifier):
4040         (WTF::ThreadIdentifierData::initialize):
4041         (WTF::ThreadIdentifierData::initializeKeyOnceHelper):
4042         (WTF::ThreadIdentifierData::initializeKeyOnce):
4043         * wtf/ThreadIdentifierDataPthreads.h:
4044         * wtf/ThreadingPthreads.cpp:
4045         (WTF::initializeThreading):
4046
4047 2011-07-20  Filip Pizlo  <fpizlo@apple.com>
4048
4049         DFG non-speculative JIT does not use() the aliased GetByVal,
4050         resulting in bloated use counts.
4051         https://bugs.webkit.org/show_bug.cgi?id=64911
4052
4053         Reviewed by Gavin Barraclough.
4054         
4055         Inserted a call to use() for the aliased GetByVal.
4056 </