Use WTF::move() instead of std::move() to help ensure move semantics in JavaScriptCore
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-10-17  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2
3         Use WTF::move() instead of std::move() to help ensure move semantics in JavaScriptCore
4         https://bugs.webkit.org/show_bug.cgi?id=137809
5
6         Reviewed by Csaba Osztrogon√°c.
7
8         Substitution of WTF::move() for std::move(). Clean up std::move() in JavaScriptCore.
9
10         * bytecode/GetByIdStatus.cpp:
11         (JSC::GetByIdStatus::computeForStubInfo):
12         * bytecode/PutByIdStatus.cpp:
13         (JSC::PutByIdStatus::computeForStubInfo):
14         * bytecode/PutByIdVariant.cpp:
15         (JSC::PutByIdVariant::setter):
16
17 2014-10-15  Oliver Hunt  <oliver@apple.com>
18
19         Use a single allocation for the Arguments object
20         https://bugs.webkit.org/show_bug.cgi?id=137751
21
22         Reviewed by Filip Pizlo.
23
24         This patch removes the secondary allocation for parameters in the Arguments
25         object.  This is faily simple, but we needed to make it possible for the JIT
26         to allocate a variable GC object.  To do this i've added a new 
27         emitAllocateVariableSizedJSObject function to the JIT that does the work to
28         find the correct heap for a variable sized allocation and then bump that
29         allocator.
30
31         * dfg/DFGSpeculativeJIT.cpp:
32         (JSC::DFG::SpeculativeJIT::emitAllocateArguments):
33         * dfg/DFGSpeculativeJIT.h:
34         (JSC::DFG::SpeculativeJIT::emitAllocateVariableSizedJSObject):
35         * heap/CopyToken.h:
36         * heap/Heap.h:
37         (JSC::Heap::subspaceForObjectWithoutDestructor):
38         (JSC::Heap::subspaceForObjectNormalDestructor):
39         (JSC::Heap::subspaceForObjectsWithImmortalStructure):
40         * heap/MarkedSpace.h:
41         (JSC::MarkedSpace::subspaceForObjectsWithNormalDestructor):
42         (JSC::MarkedSpace::subspaceForObjectsWithImmortalStructure):
43         (JSC::MarkedSpace::subspaceForObjectsWithoutDestructor):
44         * interpreter/StackVisitor.cpp:
45         (JSC::StackVisitor::Frame::createArguments):
46         * runtime/Arguments.cpp:
47         (JSC::Arguments::visitChildren):
48         (JSC::Arguments::copyBackingStore):
49         (JSC::Arguments::tearOff):
50         (JSC::Arguments::allocateRegisterArray): Deleted.
51         * runtime/Arguments.h:
52         (JSC::Arguments::create):
53         (JSC::Arguments::isTornOff):
54         (JSC::Arguments::offsetOfRegisterArray):
55         (JSC::Arguments::registerArraySizeInBytes):
56         (JSC::Arguments::registerArray):
57         (JSC::Arguments::allocationSize): Deleted.
58
59 2014-10-15  Filip Pizlo  <fpizlo@apple.com>
60
61         Apparently we've had a hole in arguments capture all along
62         https://bugs.webkit.org/show_bug.cgi?id=137767
63
64         Reviewed by Oliver Hunt.
65
66         * dfg/DFGByteCodeParser.cpp:
67         (JSC::DFG::ByteCodeParser::getArgument):
68         * tests/stress/arguments-captured.js: Added.
69         (foo):
70         (bar):
71
72 2014-10-16  Saam Barati  <saambarati1@gmail.com>
73
74         Have the ProfileType node in the DFG convert to a structure check where it can
75         https://bugs.webkit.org/show_bug.cgi?id=137596
76
77         Reviewed by Filip Pizlo.
78
79         TypeSet now keeps track of the live set of Structures it has seen.
80         It no longer nukes everything during GC. It now only removes unmarked
81         structures during GC. This modification allows the ProfileType node 
82         to convert into a CheckStructure node safely in the DFG. 
83
84         This change brings up the conversion rate from ProfileType to Check 
85         or CheckStructrue from ~45% to ~65%. This change also speeds the 
86         type profiler up significantly: consistently between 2x-20x faster. 
87
88         This patch also does some slight refactoring: a few type profiler
89         related fields are moved from VM to TypeProfiler.
90
91         * bytecode/CodeBlock.cpp:
92         (JSC::CodeBlock::CodeBlock):
93         * dfg/DFGFixupPhase.cpp:
94         (JSC::DFG::FixupPhase::fixupNode):
95         * dfg/DFGNode.h:
96         (JSC::DFG::Node::convertToCheckStructure):
97         * heap/Heap.cpp:
98         (JSC::Heap::collect):
99         * runtime/SymbolTable.cpp:
100         (JSC::SymbolTable::uniqueIDForVariable):
101         * runtime/SymbolTable.h:
102         * runtime/TypeLocationCache.cpp:
103         (JSC::TypeLocationCache::getTypeLocation):
104         * runtime/TypeProfiler.cpp:
105         (JSC::TypeProfiler::TypeProfiler):
106         (JSC::TypeProfiler::nextTypeLocation):
107         (JSC::TypeProfiler::invalidateTypeSetCache):
108         (JSC::TypeProfiler::dumpTypeProfilerData):
109         * runtime/TypeProfiler.h:
110         (JSC::TypeProfiler::getNextUniqueVariableID):
111         * runtime/TypeProfilerLog.cpp:
112         (JSC::TypeProfilerLog::processLogEntries):
113         * runtime/TypeSet.cpp:
114         (JSC::TypeSet::addTypeInformation):
115         (JSC::TypeSet::invalidateCache):
116         * runtime/TypeSet.h:
117         (JSC::TypeSet::structureSet):
118         * runtime/VM.cpp:
119         (JSC::VM::VM):
120         (JSC::VM::enableTypeProfiler):
121         (JSC::VM::disableTypeProfiler):
122         (JSC::VM::dumpTypeProfilerData):
123         (JSC::VM::nextTypeLocation): Deleted.
124         (JSC::VM::invalidateTypeSetCache): Deleted.
125         * runtime/VM.h:
126         (JSC::VM::typeProfiler):
127         (JSC::VM::getNextUniqueVariableID): Deleted.
128         * tests/typeProfiler/dfg-jit-optimizations.js:
129
130 2014-10-16  Adrien Destugues  <pulkomandy@gmail.com>
131
132         Use isnan from std namespace in ProfileGenerator.cpp
133         https://bugs.webkit.org/show_bug.cgi?id=137653
134
135         Reviewed by Darin Adler.
136
137         The C++ isnan() function is in the std namespace. The unprefixed isnan
138         may be available because of C99 headers leakage in C++, but should not
139         be used.
140
141         No new tests: no functional change, build fix on platforms which don't
142         export C99 functions in C++.
143
144         * profiler/ProfileGenerator.cpp:
145         (JSC::ProfileGenerator::beginCallEntry):
146         (JSC::ProfileGenerator::endCallEntry):
147         (JSC::ProfileGenerator::didPause):
148         (JSC::ProfileGenerator::didContinue):
149
150 2014-10-15  Michael Saboff  <msaboff@apple.com>
151
152         REGRESSION(r174025): remote inspector crashes frequently when executing inspector frontend's JavaScript
153         https://bugs.webkit.org/show_bug.cgi?id=137758
154
155         Rubber stamped by Filip Pizlo.
156
157         Reverted r174025 for just PutByOffset Nodes.
158
159         * dfg/DFGFixupPhase.cpp:
160         (JSC::DFG::FixupPhase::fixupNode):
161
162 2014-10-14  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
163
164         Clean up unnecessary PassOwnPtr.h inclusion
165         https://bugs.webkit.org/show_bug.cgi?id=137726
166
167         Reviewed by Chris Dumez.
168
169         * API/JSCallbackObject.h: Remove PassOwnPtr.h inclusion.
170         * bytecode/DFGExitProfile.cpp: ditto.
171
172 2014-10-14  Brent Fulgham  <bfulgham@apple.com>
173
174         [Win] Unreviewed gardening. Ignore Visual Studio *.sdf files.
175
176         * JavaScriptCore.vcxproj: Modified properties svn:ignore and svn:ignore.
177         * JavaScriptCore.vcxproj/jsc: Modified property svn:ignore.
178
179 2014-10-14  Matthew Mirman  <mmirman@apple.com>
180
181         Removes references to LLVMJIT which is no longer part of LLVM
182         https://bugs.webkit.org/show_bug.cgi?id=137708
183
184         Reviewed by Filip Pizlo.
185
186         * Configurations/LLVMForJSC.xcconfig: removed -lLLVMJIT
187         * llvm/LLVMAPIFunctions.h: removed LinkInJIT
188
189 2014-10-14  peavo@outlook.com  <peavo@outlook.com>
190
191         [Win32] Thunk is not implemented.
192         https://bugs.webkit.org/show_bug.cgi?id=137691
193
194         Reviewed by Mark Lam.
195
196         Thunks for functions with double operands (floor, etc.) are not implemented on Win32.
197
198         * jit/ThunkGenerators.cpp:
199
200 2014-10-12  Alexey Proskuryakov  <ap@apple.com>
201
202         Adding svn:ignore so that .pyc files don't show up as new.
203
204         * inspector/scripts/codegen: Added property svn:ignore.
205
206 2014-10-10  Commit Queue  <commit-queue@webkit.org>
207
208         Unreviewed, rolling out r174606.
209         https://bugs.webkit.org/show_bug.cgi?id=137621
210
211         broke a JSC test (Requested by estes on #webkit).
212
213         Reverted changeset:
214
215         "Various arguments optimisations in codegen fail to account
216         for arguments being in lexical record"
217         https://bugs.webkit.org/show_bug.cgi?id=137617
218         http://trac.webkit.org/changeset/174606
219
220 2014-10-10  Oliver Hunt  <oliver@apple.com>
221
222         Various arguments optimisations in codegen fail to account for arguments being in lexical record
223         https://bugs.webkit.org/show_bug.cgi?id=137617
224
225         Reviewed by Michael Saboff.
226
227         Rework the way we track |arguments| references so that we don't try
228         to use the |arguments| reference on the stack if it's not safe.
229
230         To do this without nuking performance it was necessary to update
231         the parser to track modification of the |arguments| reference
232         itself.
233
234         * bytecode/CodeBlock.cpp:
235         * bytecompiler/BytecodeGenerator.cpp:
236         (JSC::BytecodeGenerator::BytecodeGenerator):
237         (JSC::BytecodeGenerator::willResolveToArguments):
238         (JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister):
239         (JSC::BytecodeGenerator::emitCall):
240         (JSC::BytecodeGenerator::emitConstruct):
241         (JSC::BytecodeGenerator::emitEnumeration):
242         (JSC::BytecodeGenerator::uncheckedRegisterForArguments): Deleted.
243         * bytecompiler/BytecodeGenerator.h:
244         (JSC::BytecodeGenerator::hasSafeLocalArgumentsRegister):
245         * bytecompiler/NodesCodegen.cpp:
246         (JSC::BracketAccessorNode::emitBytecode):
247         (JSC::DotAccessorNode::emitBytecode):
248         (JSC::getArgumentByVal):
249         (JSC::CallFunctionCallDotNode::emitBytecode):
250         (JSC::ApplyFunctionCallDotNode::emitBytecode):
251         (JSC::ArrayPatternNode::emitDirectBinding):
252         * interpreter/StackVisitor.cpp:
253         (JSC::StackVisitor::Frame::existingArguments):
254         * parser/Nodes.h:
255         (JSC::ScopeNode::modifiesArguments):
256         * parser/Parser.cpp:
257         (JSC::Parser<LexerType>::parseInner):
258         * parser/Parser.h:
259         (JSC::Scope::getCapturedVariables):
260         * parser/ParserModes.h:
261
262 2014-10-09  Joseph Pecoraro  <pecoraro@apple.com>
263
264         Web Inspector: Remove unused generator code
265         https://bugs.webkit.org/show_bug.cgi?id=137564
266
267         Reviewed by Brian Burg.
268
269         * inspector/scripts/codegen/generate_backend_dispatcher_header.py:
270         (BackendDispatcherHeaderGenerator.generate_output): Deleted.
271         * inspector/scripts/codegen/generate_backend_dispatcher_implementation.py:
272         (BackendDispatcherImplementationGenerator.generate_output):
273         * inspector/scripts/codegen/generate_frontend_dispatcher_header.py:
274         (FrontendDispatcherHeaderGenerator.generate_output):
275         * inspector/scripts/codegen/generate_frontend_dispatcher_implementation.py:
276         (FrontendDispatcherImplementationGenerator.generate_output):
277         * inspector/scripts/codegen/generate_protocol_types_header.py:
278         (ProtocolTypesHeaderGenerator.generate_output):
279         * inspector/scripts/codegen/generate_protocol_types_implementation.py:
280         (ProtocolTypesImplementationGenerator.generate_output):
281         inputFilename is now handled by the generic generator base class.
282
283         * inspector/scripts/codegen/models.py:
284         (Framework.fromString):
285         (Frameworks):
286         * inspector/scripts/generate-inspector-protocol-bindings.py:
287         The WTF framework is unused. Remove unexpected frameworks.
288
289 2014-10-09  Dean Jackson  <dino@apple.com>
290
291         Remove ENABLE_CSS3_CONDITIONAL_RULES
292         https://bugs.webkit.org/show_bug.cgi?id=137571
293
294         Reviewed by Simon Fraser.
295
296         * Configurations/FeatureDefines.xcconfig:
297
298 2014-10-09  Adrien Destugues  <pulkomandy@gmail.com>
299
300         Fix compiler warning on noreturn function
301         https://bugs.webkit.org/show_bug.cgi?id=137558
302
303         Reviewed by Darin Adler.
304
305         The function is marked "noreturn", but the stub implementation does
306         return. No new tests: function is never called. Only fixes a warning.
307
308         * heap/HeapStatistics.cpp:
309         (JSC::HeapStatistics::exitWithFailure):
310
311 2014-10-09  Akos Kiss  <akiss@inf.u-szeged.hu>
312
313         Ensure that inline assembly Thunk functions don't conflict with the section designations of the compiler
314         https://bugs.webkit.org/show_bug.cgi?id=137434
315
316         Reviewed by Michael Saboff.
317
318         The ARM64 version of the defineUnaryDoubleOpWrapper macro in
319         ThunkGenerators.cpp contains inline assembly with .text assembler
320         directive followed by a static variable declaration. This macro gets
321         expanded several times afterwards, however, only during the compilation
322         of the first expansion does gcc insert a .data assembler directive
323         before the assembled version of the static variable. Thus, only the
324         first variable gets allocated in the .data section, all the others
325         remain in .text. If JavaScriptCore is built as a shared library then
326         this causes a segmentation fault during dynamic linking.
327
328         This patch puts a .previous directive at the end of the inline assembly
329         to ensure that the assumptions of the compiler about the sections are
330         not broken and the following variable goes to the right place.
331
332         * jit/ThunkGenerators.cpp:
333
334 2014-10-08  Oliver Hunt  <oliver@apple.com>
335
336         Make sure arguments tearoff is performed through the environment record if necessary
337         https://bugs.webkit.org/show_bug.cgi?id=137538
338
339         Reviewed by Michael Saboff.
340
341         Fairly simple change.  If we have a lexical record we need to pull the unmodified
342         arguments object from the record and then use the standard op_tear_off_arguments
343         instruction on the temporary.
344
345         * bytecompiler/BytecodeGenerator.cpp:
346         (JSC::BytecodeGenerator::emitGetOwnScope):
347         (JSC::BytecodeGenerator::emitReturn):
348         * bytecompiler/BytecodeGenerator.h:
349
350 2014-10-08  peavo@outlook.com  <peavo@outlook.com>
351
352         [WinCairo] Enable JIT on 32-bit.
353         https://bugs.webkit.org/show_bug.cgi?id=137521
354
355         Reviewed by Mark Lam.
356
357         Enable JIT on Windows 32-bit, but disable it at runtime if SSE2 is not present.
358
359         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/build-LLIntAssembly.pl:
360         * runtime/Options.cpp:
361         (JSC::recomputeDependentOptions):
362
363 2014-10-08  Brent Fulgham  <bfulgham@apple.com>
364
365         [Win] Resolve some static analysis warnings in JavaScriptCore
366         https://bugs.webkit.org/show_bug.cgi?id=137508
367
368         Reviewed by Geoffrey Garen.
369
370         * API/tests/testapi.c:
371         (assertEqualsAsCharactersPtr): MSVC insists on using %Iu as its format specifier
372         for size_t. Make the format string conditional on Windows.
373         * bytecode/Watchpoint.h:
374         (JSC::InlineWatchpointSet::encodeState): Silence warning about left-shifting 'state'
375         as a 32-bit value before OR-ing it with a 64-bit value.
376         * dfg/DFGFixupPhase.cpp:
377         (JSC::DFG::FixupPhase::fixupNode): Silence warning about operator prescedence
378         causing the || operation to take place before the >= test.
379         * dfg/DFGInPlaceAbstractState.cpp:
380         (JSC::DFG::InPlaceAbstractState::endBasicBlock): Ditto (|| before !=)
381         * testRegExp.cpp:
382         (testOneRegExp): Ditto %Iu format specifier.
383         * yarr/YarrInterpreter.cpp:
384         (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext): Silence warning about
385         using a 32-bit value as part of a 64-bit calculation.
386
387 2014-10-07  Simon Fraser  <simon.fraser@apple.com>
388
389         Roll-over Changelogs.
390
391         * ChangeLog-2014-10-07: Copied from Source/JavaScriptCore/ChangeLog.
392
393 == Rolled over to ChangeLog-2014-10-07 ==