De-virtualize JSObject::defaultValue
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
2
3         De-virtualize JSObject::defaultValue
4         https://bugs.webkit.org/show_bug.cgi?id=71146
5
6         Reviewed by Sam Weinig.
7
8         Added defaultValue to the MethodTable.  Replaced all virtual versions of 
9         defaultValue with static versions.  Replaced all call sites with lookups in the 
10         MethodTable.
11
12         * JavaScriptCore.exp:
13         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
14         * runtime/ClassInfo.h:
15         * runtime/ExceptionHelpers.cpp:
16         (JSC::InterruptedExecutionError::defaultValue):
17         (JSC::TerminatedExecutionError::defaultValue):
18         * runtime/ExceptionHelpers.h:
19         * runtime/JSCell.cpp:
20         (JSC::JSCell::defaultValue):
21         * runtime/JSCell.h:
22         * runtime/JSNotAnObject.cpp:
23         (JSC::JSNotAnObject::defaultValue):
24         * runtime/JSNotAnObject.h:
25         * runtime/JSObject.cpp:
26         (JSC::JSObject::getPrimitiveNumber):
27         (JSC::JSObject::defaultValue):
28         * runtime/JSObject.h:
29         (JSC::JSObject::toPrimitive):
30
31 2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
32
33         Interpreter build fix
34
35         Unreviewed build fix
36
37         * interpreter/Interpreter.cpp:
38         (JSC::Interpreter::privateExecute):
39         * runtime/Executable.cpp:
40         (JSC::FunctionExecutable::compileForCallInternal):
41         (JSC::FunctionExecutable::compileForConstructInternal):
42
43 2011-10-31  Filip Pizlo  <fpizlo@apple.com>
44
45         DFG OSR exits should add to value profiles
46         https://bugs.webkit.org/show_bug.cgi?id=71202
47
48         Reviewed by Oliver Hunt.
49         
50         Value profiles now have an extra special slot not used by the old JIT's
51         profiling, which is reserved for OSR exits.
52         
53         The DFG's OSR exit code now knows which register, node index, and value
54         profiling site was responsible for the (possibly flawed) information that
55         led to the OSR failure. This is somewhat opportunistic and imperfect;
56         if there's a lot of control flow between the value profiling site and the
57         OSR failure point, then this mechanism simply gives up. It also gives up
58         if the OSR failure is caused by either known deficiencies in the DFG
59         (like that we always assume that the index in a strict charCodeAt access
60         is within bounds) or where the OSR failure would be catalogues and
61         profiled through other means (like slow case counters).
62         
63         This patch also adds the notion of a JSValueRegs, which is either a
64         single register in JSVALUE64 or a pair in JSVALUE32_64. We should
65         probably move the 32_64 DFG towards using this, since it often makes it
66         easier to share code between 64 and 32_64.
67         
68         Also fixed a number of pathologies that this uncovered. op_method_check 
69         didn't have a value profiling site on the slow path. GetById should not
70         always force OSR exit if it never executed in the old JIT; we may be
71         able to infer its type if it's a array or string length get. Finally,
72         these changes benefit from a slight tweak to optimization delay
73         heuristics (profile fullness is now 0.35 instead of 0.25).
74         
75         3.8% speed-up on Kraken, mostly due to ~35% on both stanford-crypto-aes
76         and imaging-darkroom.
77
78         * bytecode/ValueProfile.cpp:
79         (JSC::ValueProfile::computeStatistics):
80         (JSC::ValueProfile::computeUpdatedPrediction):
81         * bytecode/ValueProfile.h:
82         (JSC::ValueProfile::ValueProfile):
83         (JSC::ValueProfile::specFailBucket):
84         (JSC::ValueProfile::numberOfSamples):
85         (JSC::ValueProfile::isLive):
86         (JSC::ValueProfile::numberOfInt32s):
87         (JSC::ValueProfile::numberOfDoubles):
88         (JSC::ValueProfile::numberOfCells):
89         (JSC::ValueProfile::numberOfObjects):
90         (JSC::ValueProfile::numberOfFinalObjects):
91         (JSC::ValueProfile::numberOfStrings):
92         (JSC::ValueProfile::numberOfArrays):
93         (JSC::ValueProfile::numberOfBooleans):
94         (JSC::ValueProfile::dump):
95         * dfg/DFGAbstractState.cpp:
96         (JSC::DFG::AbstractState::execute):
97         * dfg/DFGByteCodeParser.cpp:
98         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
99         (JSC::DFG::ByteCodeParser::getPrediction):
100         (JSC::DFG::ByteCodeParser::parseBlock):
101         * dfg/DFGGPRInfo.h:
102         (JSC::DFG::JSValueRegs::JSValueRegs):
103         (JSC::DFG::JSValueRegs::operator!):
104         (JSC::DFG::JSValueRegs::gpr):
105         (JSC::DFG::JSValueSource::JSValueSource):
106         (JSC::DFG::JSValueSource::unboxedCell):
107         (JSC::DFG::JSValueSource::operator!):
108         (JSC::DFG::JSValueSource::isAddress):
109         (JSC::DFG::JSValueSource::offset):
110         (JSC::DFG::JSValueSource::base):
111         (JSC::DFG::JSValueSource::gpr):
112         (JSC::DFG::JSValueSource::asAddress):
113         (JSC::DFG::JSValueSource::notAddress):
114         (JSC::DFG::JSValueRegs::tagGPR):
115         (JSC::DFG::JSValueRegs::payloadGPR):
116         (JSC::DFG::JSValueSource::tagGPR):
117         (JSC::DFG::JSValueSource::payloadGPR):
118         (JSC::DFG::JSValueSource::hasKnownTag):
119         (JSC::DFG::JSValueSource::tag):
120         * dfg/DFGGenerationInfo.h:
121         (JSC::DFG::GenerationInfo::jsValueRegs):
122         * dfg/DFGGraph.h:
123         (JSC::DFG::Graph::valueProfileFor):
124         * dfg/DFGJITCodeGenerator.h:
125         (JSC::JSValueOperand::jsValueRegs):
126         * dfg/DFGJITCompiler.cpp:
127         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
128         * dfg/DFGJITCompiler.h:
129         (JSC::DFG::JITCompiler::valueProfileFor):
130         * dfg/DFGJITCompiler32_64.cpp:
131         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
132         * dfg/DFGPropagator.cpp:
133         (JSC::DFG::Propagator::propagateNodePredictions):
134         * dfg/DFGSpeculativeJIT.cpp:
135         (JSC::DFG::OSRExit::OSRExit):
136         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
137         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
138         (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
139         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
140         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
141         (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
142         * dfg/DFGSpeculativeJIT.h:
143         (JSC::DFG::SpeculativeJIT::speculationCheck):
144         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
145         * dfg/DFGSpeculativeJIT32_64.cpp:
146         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
147         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
148         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
149         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
150         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
151         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
152         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
153         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
154         (JSC::DFG::SpeculativeJIT::compile):
155         * dfg/DFGSpeculativeJIT64.cpp:
156         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
157         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
158         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
159         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
160         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
161         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
162         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
163         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
164         (JSC::DFG::SpeculativeJIT::emitBranch):
165         (JSC::DFG::SpeculativeJIT::compile):
166         * jit/JITPropertyAccess.cpp:
167         (JSC::JIT::emitSlow_op_method_check):
168         * jit/JITPropertyAccess32_64.cpp:
169         (JSC::JIT::emitSlow_op_method_check):
170         * runtime/Heuristics.cpp:
171         (JSC::Heuristics::initializeHeuristics):
172         * runtime/JSValue.h:
173
174 2011-10-31  Sam Weinig  <sam@webkit.org>
175
176         Remove need for virtual JSObject::unwrappedObject
177         https://bugs.webkit.org/show_bug.cgi?id=71034
178
179         Reviewed by Geoffrey Garen.
180
181         * JavaScriptCore.exp:
182         Update exports.
183
184         * CMakeLists.txt:
185         * GNUmakefile.list.am:
186         * JavaScriptCore.exp:
187         * JavaScriptCore.gypi:
188         * JavaScriptCore.pro:
189         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
190         * JavaScriptCore.xcodeproj/project.pbxproj:
191         Add JSGlobalThis.cpp.
192
193         * runtime/JSGlobalThis.cpp: Added.
194         (JSC::JSGlobalThis::visitChildren):
195         (JSC::JSGlobalThis::unwrappedObject):
196         * runtime/JSGlobalThis.h:
197         (JSC::JSGlobalThis::createStructure):
198         Move underlying object from JSDOMWindowShell down to JSGlobalThis
199         and corresponding visitChildren method.
200
201         * runtime/JSObject.cpp:
202         (JSC::JSObject::unwrappedObject):
203         Change unwrappedObject from virtual, to just needing an if check.
204
205         * runtime/JSObject.h:
206         (JSC::JSObject::isGlobalThis):
207         * runtime/JSType.h:
208         Add isGlobalThis predicate and type.
209
210 2011-10-31  Xianzhu Wang  <wangxianzhu@chromium.org>
211
212         WTF::StringImpl::create(const char*, unsigned) calls itself
213         https://bugs.webkit.org/show_bug.cgi?id=71206
214
215         The original implementation just calls itself, causing infinite recursion.
216         Cast the first parameter to const LChar* to fix that.
217
218         Reviewed by Ryosuke Niwa.
219
220         * wtf/text/StringImpl.h:
221         (WTF::StringImpl::create):
222
223 2011-10-31  Andy Wingo  <wingo@igalia.com>
224
225         Fix DFG JIT compilation on Linux targets.
226         https://bugs.webkit.org/show_bug.cgi?id=70904
227
228         Reviewed by Darin Adler.
229
230         * jit/JITStubs.cpp (SYMBOL_STRING_RELOCATION): Simplify this
231         macro.
232
233         * dfg/DFGOperations.cpp (SYMBOL_STRING_RELOCATION): Copy the
234         simplified definition from jit/JITStubs.cpp.
235         (FUNCTION_WRAPPER_WITH_RETURN_ADDRESS, getHostCallReturnValue):
236         Use the macro to access trampoline targets through the PLT on PIC
237         systems, instead of introducing a text relocation.  Otherwise, the
238         library fails to link.
239
240 2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
241
242         De-virtualize JSObject::defineGetter
243         https://bugs.webkit.org/show_bug.cgi?id=71134
244
245         Reviewed by Darin Adler.
246
247         Added defineGetter to the MethodTable.  Replaced all virtual versions of defineGetter
248         with static versions.  Replaced all call sites with lookups in the MethodTable.
249
250         * JavaScriptCore.exp:
251         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
252         * debugger/DebuggerActivation.cpp:
253         (JSC::DebuggerActivation::defineGetter):
254         * debugger/DebuggerActivation.h:
255         * interpreter/Interpreter.cpp:
256         (JSC::Interpreter::privateExecute):
257         * jit/JITStubs.cpp:
258         (JSC::DEFINE_STUB_FUNCTION):
259         * runtime/ClassInfo.h:
260         * runtime/JSCell.cpp:
261         (JSC::JSCell::defineGetter):
262         * runtime/JSCell.h:
263         * runtime/JSGlobalObject.cpp:
264         (JSC::JSGlobalObject::defineGetter):
265         * runtime/JSGlobalObject.h:
266         * runtime/JSObject.cpp:
267         (JSC::JSObject::defineGetter):
268         (JSC::putDescriptor):
269         * runtime/JSObject.h:
270         * runtime/ObjectPrototype.cpp:
271         (JSC::objectProtoFuncDefineGetter):
272
273 2011-10-31  Michael Saboff  <msaboff@apple.com>
274
275         Towards 8-bit Strings: Move Lexer and Parser Objects out of JSGlobalData
276         https://bugs.webkit.org/show_bug.cgi?id=71138
277
278         Restructure and movement of Lexer and Parser code.
279         Moved Lexer and Parser objects out of JSGlobalData.
280         Added a new ParserTokens class and instance to JSGlobalData that
281         have JavaScript token related definitions.
282         Replaced JSGlobalData arguments to Node classes with lineNumber,
283         as that was the only use of the JSGlobalData.
284         Combined JSParser and Parser classes into one class,
285         eliminating JSParser.h and .cpp.
286         Various supporting #include changes.
287
288         These mostly mechanical changes are done in preparation to
289         making the Lexer and Parser template classes.
290
291         Reviewed by Darin Adler.
292
293         * CMakeLists.txt:
294         * GNUmakefile.list.am:
295         * JavaScriptCore.gypi:
296         * JavaScriptCore.pro:
297         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
298         * JavaScriptCore.xcodeproj/project.pbxproj:
299         * bytecompiler/NodesCodegen.cpp:
300         (JSC::ArrayNode::toArgumentList):
301         (JSC::ApplyFunctionCallDotNode::emitBytecode):
302         * parser/ASTBuilder.h:
303         (JSC::ASTBuilder::ASTBuilder):
304         (JSC::ASTBuilder::createSourceElements):
305         (JSC::ASTBuilder::createCommaExpr):
306         (JSC::ASTBuilder::createLogicalNot):
307         (JSC::ASTBuilder::createUnaryPlus):
308         (JSC::ASTBuilder::createVoid):
309         (JSC::ASTBuilder::thisExpr):
310         (JSC::ASTBuilder::createResolve):
311         (JSC::ASTBuilder::createObjectLiteral):
312         (JSC::ASTBuilder::createArray):
313         (JSC::ASTBuilder::createNumberExpr):
314         (JSC::ASTBuilder::createString):
315         (JSC::ASTBuilder::createBoolean):
316         (JSC::ASTBuilder::createNull):
317         (JSC::ASTBuilder::createBracketAccess):
318         (JSC::ASTBuilder::createDotAccess):
319         (JSC::ASTBuilder::createRegExp):
320         (JSC::ASTBuilder::createNewExpr):
321         (JSC::ASTBuilder::createConditionalExpr):
322         (JSC::ASTBuilder::createAssignResolve):
323         (JSC::ASTBuilder::createFunctionExpr):
324         (JSC::ASTBuilder::createFunctionBody):
325         (JSC::ASTBuilder::createGetterOrSetterProperty):
326         (JSC::ASTBuilder::createArguments):
327         (JSC::ASTBuilder::createArgumentsList):
328         (JSC::ASTBuilder::createPropertyList):
329         (JSC::ASTBuilder::createElementList):
330         (JSC::ASTBuilder::createFormalParameterList):
331         (JSC::ASTBuilder::createClause):
332         (JSC::ASTBuilder::createClauseList):
333         (JSC::ASTBuilder::createFuncDeclStatement):
334         (JSC::ASTBuilder::createBlockStatement):
335         (JSC::ASTBuilder::createExprStatement):
336         (JSC::ASTBuilder::createIfStatement):
337         (JSC::ASTBuilder::createForLoop):
338         (JSC::ASTBuilder::createForInLoop):
339         (JSC::ASTBuilder::createEmptyStatement):
340         (JSC::ASTBuilder::createVarStatement):
341         (JSC::ASTBuilder::createReturnStatement):
342         (JSC::ASTBuilder::createBreakStatement):
343         (JSC::ASTBuilder::createContinueStatement):
344         (JSC::ASTBuilder::createTryStatement):
345         (JSC::ASTBuilder::createSwitchStatement):
346         (JSC::ASTBuilder::createWhileStatement):
347         (JSC::ASTBuilder::createDoWhileStatement):
348         (JSC::ASTBuilder::createLabelStatement):
349         (JSC::ASTBuilder::createWithStatement):
350         (JSC::ASTBuilder::createThrowStatement):
351         (JSC::ASTBuilder::createDebugger):
352         (JSC::ASTBuilder::createConstStatement):
353         (JSC::ASTBuilder::appendConstDecl):
354         (JSC::ASTBuilder::combineCommaNodes):
355         (JSC::ASTBuilder::appendBinaryOperation):
356         (JSC::ASTBuilder::createAssignment):
357         (JSC::ASTBuilder::createNumber):
358         (JSC::ASTBuilder::makeTypeOfNode):
359         (JSC::ASTBuilder::makeDeleteNode):
360         (JSC::ASTBuilder::makeNegateNode):
361         (JSC::ASTBuilder::makeBitwiseNotNode):
362         (JSC::ASTBuilder::makeMultNode):
363         (JSC::ASTBuilder::makeDivNode):
364         (JSC::ASTBuilder::makeModNode):
365         (JSC::ASTBuilder::makeAddNode):
366         (JSC::ASTBuilder::makeSubNode):
367         (JSC::ASTBuilder::makeLeftShiftNode):
368         (JSC::ASTBuilder::makeRightShiftNode):
369         (JSC::ASTBuilder::makeURightShiftNode):
370         (JSC::ASTBuilder::makeBitOrNode):
371         (JSC::ASTBuilder::makeBitAndNode):
372         (JSC::ASTBuilder::makeBitXOrNode):
373         (JSC::ASTBuilder::makeFunctionCallNode):
374         (JSC::ASTBuilder::makeBinaryNode):
375         (JSC::ASTBuilder::makeAssignNode):
376         (JSC::ASTBuilder::makePrefixNode):
377         (JSC::ASTBuilder::makePostfixNode):
378         * parser/JSParser.cpp: Removed.
379         * parser/JSParser.h: Removed.
380         * parser/Lexer.cpp:
381         (JSC::Keywords::Keywords):
382         (JSC::Lexer::Lexer):
383         (JSC::Lexer::~Lexer):
384         (JSC::Lexer::setCode):
385         (JSC::Lexer::parseIdentifier):
386         * parser/Lexer.h:
387         (JSC::Keywords::isKeyword):
388         (JSC::Keywords::getKeyword):
389         (JSC::Keywords::~Keywords):
390         (JSC::Lexer::setIsReparsing):
391         (JSC::Lexer::isReparsing):
392         (JSC::Lexer::lineNumber):
393         (JSC::Lexer::setLastLineNumber):
394         (JSC::Lexer::lastLineNumber):
395         (JSC::Lexer::prevTerminator):
396         (JSC::Lexer::sawError):
397         (JSC::Lexer::getErrorMessage):
398         (JSC::Lexer::currentOffset):
399         (JSC::Lexer::setOffset):
400         (JSC::Lexer::setLineNumber):
401         (JSC::Lexer::sourceProvider):
402         (JSC::Lexer::isWhiteSpace):
403         (JSC::Lexer::isLineTerminator):
404         (JSC::Lexer::convertHex):
405         (JSC::Lexer::convertUnicode):
406         (JSC::Lexer::makeIdentifier):
407         (JSC::Lexer::lexExpectIdentifier):
408         * parser/NodeConstructors.h:
409         (JSC::ParserArenaFreeable::operator new):
410         (JSC::ParserArenaDeletable::operator new):
411         (JSC::ParserArenaRefCounted::ParserArenaRefCounted):
412         (JSC::Node::Node):
413         (JSC::ExpressionNode::ExpressionNode):
414         (JSC::StatementNode::StatementNode):
415         (JSC::NullNode::NullNode):
416         (JSC::BooleanNode::BooleanNode):
417         (JSC::NumberNode::NumberNode):
418         (JSC::StringNode::StringNode):
419         (JSC::RegExpNode::RegExpNode):
420         (JSC::ThisNode::ThisNode):
421         (JSC::ResolveNode::ResolveNode):
422         (JSC::ElementNode::ElementNode):
423         (JSC::ArrayNode::ArrayNode):
424         (JSC::PropertyNode::PropertyNode):
425         (JSC::PropertyListNode::PropertyListNode):
426         (JSC::ObjectLiteralNode::ObjectLiteralNode):
427         (JSC::BracketAccessorNode::BracketAccessorNode):
428         (JSC::DotAccessorNode::DotAccessorNode):
429         (JSC::ArgumentListNode::ArgumentListNode):
430         (JSC::ArgumentsNode::ArgumentsNode):
431         (JSC::NewExprNode::NewExprNode):
432         (JSC::EvalFunctionCallNode::EvalFunctionCallNode):
433         (JSC::FunctionCallValueNode::FunctionCallValueNode):
434         (JSC::FunctionCallResolveNode::FunctionCallResolveNode):
435         (JSC::FunctionCallBracketNode::FunctionCallBracketNode):
436         (JSC::FunctionCallDotNode::FunctionCallDotNode):
437         (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
438         (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
439         (JSC::PrePostResolveNode::PrePostResolveNode):
440         (JSC::PostfixResolveNode::PostfixResolveNode):
441         (JSC::PostfixBracketNode::PostfixBracketNode):
442         (JSC::PostfixDotNode::PostfixDotNode):
443         (JSC::PostfixErrorNode::PostfixErrorNode):
444         (JSC::DeleteResolveNode::DeleteResolveNode):
445         (JSC::DeleteBracketNode::DeleteBracketNode):
446         (JSC::DeleteDotNode::DeleteDotNode):
447         (JSC::DeleteValueNode::DeleteValueNode):
448         (JSC::VoidNode::VoidNode):
449         (JSC::TypeOfResolveNode::TypeOfResolveNode):
450         (JSC::TypeOfValueNode::TypeOfValueNode):
451         (JSC::PrefixResolveNode::PrefixResolveNode):
452         (JSC::PrefixBracketNode::PrefixBracketNode):
453         (JSC::PrefixDotNode::PrefixDotNode):
454         (JSC::PrefixErrorNode::PrefixErrorNode):
455         (JSC::UnaryOpNode::UnaryOpNode):
456         (JSC::UnaryPlusNode::UnaryPlusNode):
457         (JSC::NegateNode::NegateNode):
458         (JSC::BitwiseNotNode::BitwiseNotNode):
459         (JSC::LogicalNotNode::LogicalNotNode):
460         (JSC::BinaryOpNode::BinaryOpNode):
461         (JSC::MultNode::MultNode):
462         (JSC::DivNode::DivNode):
463         (JSC::ModNode::ModNode):
464         (JSC::AddNode::AddNode):
465         (JSC::SubNode::SubNode):
466         (JSC::LeftShiftNode::LeftShiftNode):
467         (JSC::RightShiftNode::RightShiftNode):
468         (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
469         (JSC::LessNode::LessNode):
470         (JSC::GreaterNode::GreaterNode):
471         (JSC::LessEqNode::LessEqNode):
472         (JSC::GreaterEqNode::GreaterEqNode):
473         (JSC::ThrowableBinaryOpNode::ThrowableBinaryOpNode):
474         (JSC::InstanceOfNode::InstanceOfNode):
475         (JSC::InNode::InNode):
476         (JSC::EqualNode::EqualNode):
477         (JSC::NotEqualNode::NotEqualNode):
478         (JSC::StrictEqualNode::StrictEqualNode):
479         (JSC::NotStrictEqualNode::NotStrictEqualNode):
480         (JSC::BitAndNode::BitAndNode):
481         (JSC::BitOrNode::BitOrNode):
482         (JSC::BitXOrNode::BitXOrNode):
483         (JSC::LogicalOpNode::LogicalOpNode):
484         (JSC::ConditionalNode::ConditionalNode):
485         (JSC::ReadModifyResolveNode::ReadModifyResolveNode):
486         (JSC::AssignResolveNode::AssignResolveNode):
487         (JSC::ReadModifyBracketNode::ReadModifyBracketNode):
488         (JSC::AssignBracketNode::AssignBracketNode):
489         (JSC::AssignDotNode::AssignDotNode):
490         (JSC::ReadModifyDotNode::ReadModifyDotNode):
491         (JSC::AssignErrorNode::AssignErrorNode):
492         (JSC::CommaNode::CommaNode):
493         (JSC::ConstStatementNode::ConstStatementNode):
494         (JSC::SourceElements::SourceElements):
495         (JSC::EmptyStatementNode::EmptyStatementNode):
496         (JSC::DebuggerStatementNode::DebuggerStatementNode):
497         (JSC::ExprStatementNode::ExprStatementNode):
498         (JSC::VarStatementNode::VarStatementNode):
499         (JSC::IfNode::IfNode):
500         (JSC::IfElseNode::IfElseNode):
501         (JSC::DoWhileNode::DoWhileNode):
502         (JSC::WhileNode::WhileNode):
503         (JSC::ForNode::ForNode):
504         (JSC::ContinueNode::ContinueNode):
505         (JSC::BreakNode::BreakNode):
506         (JSC::ReturnNode::ReturnNode):
507         (JSC::WithNode::WithNode):
508         (JSC::LabelNode::LabelNode):
509         (JSC::ThrowNode::ThrowNode):
510         (JSC::TryNode::TryNode):
511         (JSC::ParameterNode::ParameterNode):
512         (JSC::FuncExprNode::FuncExprNode):
513         (JSC::FuncDeclNode::FuncDeclNode):
514         (JSC::CaseClauseNode::CaseClauseNode):
515         (JSC::ClauseListNode::ClauseListNode):
516         (JSC::CaseBlockNode::CaseBlockNode):
517         (JSC::SwitchNode::SwitchNode):
518         (JSC::ConstDeclNode::ConstDeclNode):
519         (JSC::BlockNode::BlockNode):
520         (JSC::ForInNode::ForInNode):
521         * parser/NodeInfo.h:
522         * parser/Nodes.cpp:
523         (JSC::StatementNode::setLoc):
524         (JSC::ScopeNode::ScopeNode):
525         (JSC::ProgramNode::ProgramNode):
526         (JSC::ProgramNode::create):
527         (JSC::EvalNode::EvalNode):
528         (JSC::EvalNode::create):
529         (JSC::FunctionBodyNode::FunctionBodyNode):
530         (JSC::FunctionBodyNode::create):
531         * parser/Nodes.h:
532         (JSC::Node::lineNo):
533         * parser/Parser.cpp:
534         (JSC::Parser::Parser):
535         (JSC::Parser::~Parser):
536         (JSC::Parser::parseInner):
537         (JSC::Parser::allowAutomaticSemicolon):
538         (JSC::Parser::parseSourceElements):
539         (JSC::Parser::parseVarDeclaration):
540         (JSC::Parser::parseConstDeclaration):
541         (JSC::Parser::parseDoWhileStatement):
542         (JSC::Parser::parseWhileStatement):
543         (JSC::Parser::parseVarDeclarationList):
544         (JSC::Parser::parseConstDeclarationList):
545         (JSC::Parser::parseForStatement):
546         (JSC::Parser::parseBreakStatement):
547         (JSC::Parser::parseContinueStatement):
548         (JSC::Parser::parseReturnStatement):
549         (JSC::Parser::parseThrowStatement):
550         (JSC::Parser::parseWithStatement):
551         (JSC::Parser::parseSwitchStatement):
552         (JSC::Parser::parseSwitchClauses):
553         (JSC::Parser::parseSwitchDefaultClause):
554         (JSC::Parser::parseTryStatement):
555         (JSC::Parser::parseDebuggerStatement):
556         (JSC::Parser::parseBlockStatement):
557         (JSC::Parser::parseStatement):
558         (JSC::Parser::parseFormalParameters):
559         (JSC::Parser::parseFunctionBody):
560         (JSC::Parser::parseFunctionInfo):
561         (JSC::Parser::parseFunctionDeclaration):
562         (JSC::LabelInfo::LabelInfo):
563         (JSC::Parser::parseExpressionOrLabelStatement):
564         (JSC::Parser::parseExpressionStatement):
565         (JSC::Parser::parseIfStatement):
566         (JSC::Parser::parseExpression):
567         (JSC::Parser::parseAssignmentExpression):
568         (JSC::Parser::parseConditionalExpression):
569         (JSC::isUnaryOp):
570         (JSC::Parser::isBinaryOperator):
571         (JSC::Parser::parseBinaryExpression):
572         (JSC::Parser::parseProperty):
573         (JSC::Parser::parseObjectLiteral):
574         (JSC::Parser::parseStrictObjectLiteral):
575         (JSC::Parser::parseArrayLiteral):
576         (JSC::Parser::parsePrimaryExpression):
577         (JSC::Parser::parseArguments):
578         (JSC::Parser::parseMemberExpression):
579         (JSC::Parser::parseUnaryExpression):
580         * parser/Parser.h:
581         (JSC::isEvalNode):
582         (JSC::EvalNode):
583         (JSC::DepthManager::DepthManager):
584         (JSC::DepthManager::~DepthManager):
585         (JSC::ScopeLabelInfo::ScopeLabelInfo):
586         (JSC::Scope::Scope):
587         (JSC::Scope::startSwitch):
588         (JSC::Scope::endSwitch):
589         (JSC::Scope::startLoop):
590         (JSC::Scope::endLoop):
591         (JSC::Scope::inLoop):
592         (JSC::Scope::breakIsValid):
593         (JSC::Scope::continueIsValid):
594         (JSC::Scope::pushLabel):
595         (JSC::Scope::popLabel):
596         (JSC::Scope::getLabel):
597         (JSC::Scope::setIsFunction):
598         (JSC::Scope::isFunction):
599         (JSC::Scope::isFunctionBoundary):
600         (JSC::Scope::declareVariable):
601         (JSC::Scope::declareWrite):
602         (JSC::Scope::preventNewDecls):
603         (JSC::Scope::allowsNewDecls):
604         (JSC::Scope::declareParameter):
605         (JSC::Scope::useVariable):
606         (JSC::Scope::setNeedsFullActivation):
607         (JSC::Scope::collectFreeVariables):
608         (JSC::Scope::getUncapturedWrittenVariables):
609         (JSC::Scope::getCapturedVariables):
610         (JSC::Scope::setStrictMode):
611         (JSC::Scope::strictMode):
612         (JSC::Scope::isValidStrictMode):
613         (JSC::Scope::shadowsArguments):
614         (JSC::Scope::copyCapturedVariablesToVector):
615         (JSC::Scope::saveFunctionInfo):
616         (JSC::Scope::restoreFunctionInfo):
617         (JSC::ScopeRef::ScopeRef):
618         (JSC::ScopeRef::operator->):
619         (JSC::ScopeRef::index):
620         (JSC::ScopeRef::hasContainingScope):
621         (JSC::ScopeRef::containingScope):
622         (JSC::Parser::AllowInOverride::AllowInOverride):
623         (JSC::Parser::AllowInOverride::~AllowInOverride):
624         (JSC::Parser::AutoPopScopeRef::AutoPopScopeRef):
625         (JSC::Parser::AutoPopScopeRef::~AutoPopScopeRef):
626         (JSC::Parser::AutoPopScopeRef::setPopped):
627         (JSC::Parser::currentScope):
628         (JSC::Parser::pushScope):
629         (JSC::Parser::popScopeInternal):
630         (JSC::Parser::popScope):
631         (JSC::Parser::declareVariable):
632         (JSC::Parser::declareWrite):
633         (JSC::Parser::findCachedFunctionInfo):
634         (JSC::Parser::isFunctionBodyNode):
635         (JSC::Parser::next):
636         (JSC::Parser::nextExpectIdentifier):
637         (JSC::Parser::nextTokenIsColon):
638         (JSC::Parser::consume):
639         (JSC::Parser::getToken):
640         (JSC::Parser::match):
641         (JSC::Parser::tokenStart):
642         (JSC::Parser::tokenLine):
643         (JSC::Parser::tokenEnd):
644         (JSC::Parser::getTokenName):
645         (JSC::Parser::updateErrorMessageSpecialCase):
646         (JSC::Parser::updateErrorMessage):
647         (JSC::Parser::updateErrorWithNameAndMessage):
648         (JSC::Parser::startLoop):
649         (JSC::Parser::endLoop):
650         (JSC::Parser::startSwitch):
651         (JSC::Parser::endSwitch):
652         (JSC::Parser::setStrictMode):
653         (JSC::Parser::strictMode):
654         (JSC::Parser::isValidStrictMode):
655         (JSC::Parser::declareParameter):
656         (JSC::Parser::breakIsValid):
657         (JSC::Parser::continueIsValid):
658         (JSC::Parser::pushLabel):
659         (JSC::Parser::popLabel):
660         (JSC::Parser::getLabel):
661         (JSC::Parser::autoSemiColon):
662         (JSC::Parser::canRecurse):
663         (JSC::Parser::lastTokenEnd):
664         (JSC::Parser::DepthManager::DepthManager):
665         (JSC::Parser::DepthManager::~DepthManager):
666         (JSC::Parser::parse):
667         (JSC::parse):
668         * parser/ParserTokens.h: Added.
669         (JSC::JSTokenInfo::JSTokenInfo):
670         * parser/SourceCode.h:
671         (JSC::SourceCode::subExpression):
672         * parser/SourceProviderCacheItem.h:
673         * parser/SyntaxChecker.h:
674         (JSC::SyntaxChecker::SyntaxChecker):
675         (JSC::SyntaxChecker::makeFunctionCallNode):
676         (JSC::SyntaxChecker::createCommaExpr):
677         (JSC::SyntaxChecker::makeAssignNode):
678         (JSC::SyntaxChecker::makePrefixNode):
679         (JSC::SyntaxChecker::makePostfixNode):
680         (JSC::SyntaxChecker::makeTypeOfNode):
681         (JSC::SyntaxChecker::makeDeleteNode):
682         (JSC::SyntaxChecker::makeNegateNode):
683         (JSC::SyntaxChecker::makeBitwiseNotNode):
684         (JSC::SyntaxChecker::createLogicalNot):
685         (JSC::SyntaxChecker::createUnaryPlus):
686         (JSC::SyntaxChecker::createVoid):
687         (JSC::SyntaxChecker::thisExpr):
688         (JSC::SyntaxChecker::createResolve):
689         (JSC::SyntaxChecker::createObjectLiteral):
690         (JSC::SyntaxChecker::createArray):
691         (JSC::SyntaxChecker::createNumberExpr):
692         (JSC::SyntaxChecker::createString):
693         (JSC::SyntaxChecker::createBoolean):
694         (JSC::SyntaxChecker::createNull):
695         (JSC::SyntaxChecker::createBracketAccess):
696         (JSC::SyntaxChecker::createDotAccess):
697         (JSC::SyntaxChecker::createRegExp):
698         (JSC::SyntaxChecker::createNewExpr):
699         (JSC::SyntaxChecker::createConditionalExpr):
700         (JSC::SyntaxChecker::createAssignResolve):
701         (JSC::SyntaxChecker::createFunctionExpr):
702         (JSC::SyntaxChecker::createFunctionBody):
703         (JSC::SyntaxChecker::createArguments):
704         (JSC::SyntaxChecker::createArgumentsList):
705         (JSC::SyntaxChecker::createProperty):
706         (JSC::SyntaxChecker::createPropertyList):
707         (JSC::SyntaxChecker::createFuncDeclStatement):
708         (JSC::SyntaxChecker::createBlockStatement):
709         (JSC::SyntaxChecker::createExprStatement):
710         (JSC::SyntaxChecker::createIfStatement):
711         (JSC::SyntaxChecker::createForLoop):
712         (JSC::SyntaxChecker::createForInLoop):
713         (JSC::SyntaxChecker::createEmptyStatement):
714         (JSC::SyntaxChecker::createVarStatement):
715         (JSC::SyntaxChecker::createReturnStatement):
716         (JSC::SyntaxChecker::createBreakStatement):
717         (JSC::SyntaxChecker::createContinueStatement):
718         (JSC::SyntaxChecker::createTryStatement):
719         (JSC::SyntaxChecker::createSwitchStatement):
720         (JSC::SyntaxChecker::createWhileStatement):
721         (JSC::SyntaxChecker::createWithStatement):
722         (JSC::SyntaxChecker::createDoWhileStatement):
723         (JSC::SyntaxChecker::createLabelStatement):
724         (JSC::SyntaxChecker::createThrowStatement):
725         (JSC::SyntaxChecker::createDebugger):
726         (JSC::SyntaxChecker::createConstStatement):
727         (JSC::SyntaxChecker::appendConstDecl):
728         (JSC::SyntaxChecker::createGetterOrSetterProperty):
729         (JSC::SyntaxChecker::combineCommaNodes):
730         (JSC::SyntaxChecker::operatorStackPop):
731         * runtime/Executable.cpp:
732         (JSC::EvalExecutable::compileInternal):
733         (JSC::ProgramExecutable::checkSyntax):
734         (JSC::ProgramExecutable::compileInternal):
735         (JSC::FunctionExecutable::produceCodeBlockFor):
736         (JSC::FunctionExecutable::fromGlobalCode):
737         * runtime/JSGlobalData.cpp:
738         (JSC::JSGlobalData::JSGlobalData):
739         (JSC::JSGlobalData::~JSGlobalData):
740         * runtime/JSGlobalData.h:
741         * runtime/LiteralParser.cpp:
742         (JSC::LiteralParser::tryJSONPParse):
743
744 2011-10-31  Filip Pizlo  <fpizlo@apple.com>
745
746         REGRESSION (r97118): Reproducible crash in JSCell::toPrimitive when adding
747         https://bugs.webkit.org/show_bug.cgi?id=71227
748
749         Reviewed by Oliver Hunt.
750         
751         No new tests, since while I can see exactly where the DFG went wrong on the
752         site in question from looking at the generated machine code, and while I can
753         certainly believe that such a scenario would happen, I cannot visualize how
754         to make it happen reproducibly. It requires an odd combination of double
755         values getting spilled and then refilled, but then reboxed at just the right
756         time so that the spilled value is an unboxed double while the in-register
757         value is a boxed double.
758
759         * dfg/DFGJITCodeGenerator.h:
760         (JSC::DFG::JITCodeGenerator::silentFillGPR):
761
762 2011-10-30  Filip Pizlo  <fpizlo@apple.com>
763
764         JSParser::parsePrimaryExpression should have an overflow check
765         https://bugs.webkit.org/show_bug.cgi?id=71197
766
767         Reviewed by Geoff Garen.
768
769         * parser/JSParser.cpp:
770         (JSC::JSParser::parsePrimaryExpression):
771
772 2011-10-30  Filip Pizlo  <fpizlo@apple.com>
773
774         DFG ValueAdd(string, int) should not fail speculation
775         https://bugs.webkit.org/show_bug.cgi?id=71195
776
777         Reviewed by Geoff Garen.
778         
779         1% speed-up on V8.
780
781         * dfg/DFGNode.h:
782         (JSC::DFG::Node::shouldNotSpeculateInteger):
783         (JSC::DFG::Node::shouldSpeculateInteger):
784
785 2011-10-30  Filip Pizlo  <fpizlo@apple.com>
786
787         The DFG inliner should not flush the callee
788         https://bugs.webkit.org/show_bug.cgi?id=71191
789
790         Reviewed by Oliver Hunt.
791         
792         0.6% speed-up on V8.
793
794         * bytecode/CodeBlock.cpp:
795         (JSC::CodeBlock::visitAggregate):
796         * bytecode/CodeOrigin.h:
797         * dfg/DFGByteCodeParser.cpp:
798         (JSC::DFG::ByteCodeParser::flush):
799         (JSC::DFG::ByteCodeParser::handleInlining):
800         (JSC::DFG::ByteCodeParser::parseBlock):
801         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
802         (JSC::DFG::ByteCodeParser::parse):
803         * dfg/DFGJITCompiler.cpp:
804         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
805         * dfg/DFGJITCompiler32_64.cpp:
806         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
807         * interpreter/CallFrame.cpp:
808         (JSC::CallFrame::trueCallerFrameSlow):
809
810 2011-10-28  Mark Hahnenberg  <mhahnenberg@apple.com>
811
812         De-virtualize isGlobalObject, isVariableObject, isActivationObject, and isErrorInstance in JSObject
813         https://bugs.webkit.org/show_bug.cgi?id=70968
814
815         Reviewed by Geoffrey Garen.
816
817         * API/JSCallbackObject.cpp: Added two specializations for createStructure that use different JSTypes in their
818         TypeInfo.  Had to also create a specialization for JSNonFinalObject, even JSGlobalObject was the only that 
819         needed it because Windows wouldn't build without it.
820         (JSC::::createStructure):
821         * API/JSCallbackObject.h:
822         * JavaScriptCore.exp:
823         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
824         * runtime/ErrorInstance.h: Removed virtual function and changed JSType provided to TypeInfo in createStructure. 
825         (JSC::ErrorInstance::createStructure):
826         * runtime/ErrorPrototype.h: Ditto
827         (JSC::ErrorPrototype::createStructure):
828         * runtime/JSActivation.h: Ditto
829         (JSC::JSActivation::createStructure):
830         * runtime/JSGlobalObject.h: Ditto
831         (JSC::JSGlobalObject::createStructure):
832         * runtime/JSObject.h: De-virtualized functions.  They now check the JSType of the object for the corresponding type.
833         (JSC::JSObject::isGlobalObject):
834         (JSC::JSObject::isVariableObject):
835         (JSC::JSObject::isActivationObject):
836         (JSC::JSObject::isErrorInstance):
837         * runtime/JSType.h: Added new types for GlobalObject, VariableObject, ActivationObject, and ErrorInstance.
838         * runtime/JSVariableObject.cpp: Removed virtual function.
839         * runtime/JSVariableObject.h: Changed JSType provided to TypeInfo in createStructure.
840         (JSC::JSVariableObject::createStructure):
841
842 2011-10-28  Pavel Feldman  <pfeldman@google.com>
843
844         Reset line numbers for scripts generated with document.write.
845         https://bugs.webkit.org/show_bug.cgi?id=71099
846
847         Reviewed by Yury Semikhatsky.
848
849         * wtf/text/TextPosition.h:
850         (WTF::OrdinalNumber::OrdinalNumber):
851
852 2011-10-27  Daniel Bates  <dbates@rim.com>
853
854         CMake: Add support to optionally install the built JavaScript shell
855         https://bugs.webkit.org/show_bug.cgi?id=71062
856
857         Reviewed by Antonio Gomes.
858
859         Generate an installation rule for installing the JavaScript shell in
860         /bin (with respect to the prefix path) when SHOULD_INSTALL_JS_SHELL
861         is defined.
862
863         * shell/CMakeLists.txt:
864
865 2011-10-27  Kentaro Hara  <haraken@chromium.org>
866
867         Generate WebKitCSSMatrix constructor for JSC by [Constructor] IDL
868         https://bugs.webkit.org/show_bug.cgi?id=70215
869
870         Reviewed by Adam Barth.
871
872         Added a method that judges if a given JSValue is empty.
873
874         Tests: transforms/svg-vs-css.xhtml
875                transforms/cssmatrix-2d-interface.xhtml
876                transforms/cssmatrix-3d-interface.xhtml
877
878         * runtime/JSValue.h:
879         * runtime/JSValueInlineMethods.h:
880         (JSC::JSValue::isEmpty):
881
882 2011-10-27  Michael Saboff  <msaboff@apple.com>
883
884         ENH: Add 8 bit string support to JSC JIT
885         https://bugs.webkit.org/show_bug.cgi?id=71073
886
887         Changed the JIT String character access generation to create code
888         to check the character size and load8() or load16() as approriate.
889
890         Reviewed by Gavin Barraclough.
891
892         * assembler/MacroAssemblerX86Common.h:
893         (JSC::MacroAssemblerX86Common::load8):
894         * assembler/X86Assembler.h:
895         (JSC::X86Assembler::movzbl_mr):
896         * dfg/DFGSpeculativeJIT.cpp:
897         (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
898         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
899         * jit/JITInlineMethods.h:
900         (JSC::JIT::emitLoadCharacterString):
901         * jit/JITPropertyAccess.cpp:
902         (JSC::JIT::stringGetByValStubGenerator):
903         * jit/JITPropertyAccess32_64.cpp:
904         (JSC::JIT::stringGetByValStubGenerator):
905         * jit/JSInterfaceJIT.h:
906         (JSC::ThunkHelpers::stringImplFlagsOffset):
907         (JSC::ThunkHelpers::stringImpl8BitFlag):
908         * jit/ThunkGenerators.cpp:
909         (JSC::stringCharLoad):
910
911 2011-10-27  Filip Pizlo  <fpizlo@apple.com>
912
913         If the bytecode generator emits code after the return in the first basic block,
914         DFG's inliner crashes
915         https://bugs.webkit.org/show_bug.cgi?id=71071
916
917         Reviewed by Gavin Barraclough.
918         
919         Removed some cruft dealing with parsing failures due to unsupported functionality
920         (that's never reached anymore due to it being caught in DFGCapabilities). This
921         allowed me to repurpose the bool return from parseBlock() to mean: true if we
922         should continue to parse, or false if we've already parsed all live code.
923
924         * dfg/DFGByteCodeParser.cpp:
925         (JSC::DFG::ByteCodeParser::ByteCodeParser):
926         (JSC::DFG::ByteCodeParser::parseBlock):
927         (JSC::DFG::ByteCodeParser::parseCodeBlock):
928
929 2011-10-27  Joseph Pecoraro  <pecoraro@apple.com>
930
931         Reviewed by David Kilzer.
932
933         Make FeatureDefines Identical Across OS X Projects
934         https://bugs.webkit.org/show_bug.cgi?id=71051
935
936         * Configurations/FeatureDefines.xcconfig:
937
938 2011-10-27  Filip Pizlo  <fpizlo@apple.com>
939
940         Crash in JSC::Structure::materializePropertyMap when viewing Garden-O-Matic
941         https://bugs.webkit.org/show_bug.cgi?id=71045
942
943         Reviewed by Geoff Garen.
944         
945         Make sure that if a structure is pinned, it also has a property map.
946
947         * runtime/Structure.cpp:
948         (JSC::Structure::changePrototypeTransition):
949         (JSC::Structure::despecifyFunctionTransition):
950         (JSC::Structure::getterSetterTransition):
951         (JSC::Structure::toDictionaryTransition):
952         (JSC::Structure::preventExtensionsTransition):
953         (JSC::Structure::addPropertyWithoutTransition):
954         (JSC::Structure::removePropertyWithoutTransition):
955         (JSC::Structure::pin):
956         (JSC::Structure::copyPropertyTableForPinning):
957         * runtime/Structure.h:
958         (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
959
960 2011-10-27  Michael Saboff  <msaboff@apple.com>
961
962         32bit build failure after r98624
963         https://bugs.webkit.org/show_bug.cgi?id=71064
964
965         Disambiguated operator overload with unsigned index (0u).
966
967         Reviewed by Sam Weinig.
968
969         * runtime/UString.h:
970         (JSC::operator==):
971
972 2011-10-27  Gustavo Noronha Silva  <gns@gnome.org>
973
974         Fix building on GNU/kFreeBSD
975         https://bugs.webkit.org/show_bug.cgi?id=71005
976
977         Reviewed by Darin Adler.
978
979         * config.h:
980         * wtf/Platform.h:
981
982 2011-10-27  Michael Saboff  <msaboff@apple.com>
983
984         Investigate storing strings in 8-bit buffers when possible
985         https://bugs.webkit.org/show_bug.cgi?id=66161
986
987         Investigate storing strings in 8-bit buffers when possible
988         https://bugs.webkit.org/show_bug.cgi?id=66161
989
990         Added support for 8 bit string data in StringImpl.  Changed
991         (UChar*) m_data to m_data16.  Added char* m_data8 as a union
992         with m_data16.  Added UChar* m_copyData16 to the other union
993         to store a 16 bit copy of an 8 bit string when needed.
994         Added characters8() and characters16() accessor methods
995         that assume the caller has checked the underlying string type
996         via the new is8Bit() method. The characters() method will
997         return a UChar* of the string, materializing a 16 bit copy if the
998         string is an 8 bit string.  Added two flags, one for 8 bit buffer
999         and a second for a 16 bit copy for an 8 bit string.
1000
1001         Fixed method name typo (StringHasher::defaultCoverter()).
1002
1003         Over time the goal is to eliminate calls to characters() and
1004         us the character8() and characters16() accessors.
1005
1006         This patch does not include changes that actually create 8 bit
1007         strings. This is the first of at least 8 patches.  Subsequent
1008         patches will be submitted for JIT changes, making the JSC lexer,
1009         parser and literal parser, JavaScript string changes and
1010         then changes in webcore to take advantage of the 8 bit strings.
1011
1012         This change is performance neutral for SunSpider and V8 when
1013         run from the command line with "jsc".
1014
1015         Reviewed by Geoffrey Garen.
1016
1017         * JavaScriptCore.exp:
1018         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def
1019         * interpreter/Interpreter.cpp:
1020         (JSC::Interpreter::callEval):
1021         * parser/SourceProvider.h:
1022         (JSC::UStringSourceProvider::data):
1023         (JSC::UStringSourceProvider::UStringSourceProvider):
1024         * runtime/Identifier.cpp:
1025         (JSC::IdentifierCStringTranslator::hash):
1026         (JSC::IdentifierCStringTranslator::equal):
1027         (JSC::IdentifierCStringTranslator::translate):
1028         (JSC::Identifier::add):
1029         (JSC::Identifier::toUInt32):
1030         * runtime/Identifier.h:
1031         (JSC::Identifier::equal):
1032         (JSC::operator==):
1033         (JSC::operator!=):
1034         * runtime/JSString.cpp:
1035         (JSC::JSString::resolveRope):
1036         (JSC::JSString::resolveRopeSlowCase):
1037         * runtime/RegExp.cpp:
1038         (JSC::RegExp::match):
1039         * runtime/StringPrototype.cpp:
1040         (JSC::jsSpliceSubstringsWithSeparators):
1041         * runtime/UString.cpp:
1042         (JSC::UString::UString):
1043         (JSC::equalSlowCase):
1044         (JSC::UString::utf8):
1045         * runtime/UString.h:
1046         (JSC::UString::characters):
1047         (JSC::UString::characters8):
1048         (JSC::UString::characters16):
1049         (JSC::UString::is8Bit):
1050         (JSC::UString::operator[]):
1051         (JSC::UString::find):
1052         (JSC::operator==):
1053         * wtf/StringHasher.h:
1054         (WTF::StringHasher::computeHash):
1055         (WTF::StringHasher::defaultConverter):
1056         * wtf/text/AtomicString.cpp:
1057         (WTF::CStringTranslator::hash):
1058         (WTF::CStringTranslator::equal):
1059         (WTF::CStringTranslator::translate):
1060         (WTF::AtomicString::add):
1061         * wtf/text/AtomicString.h:
1062         (WTF::AtomicString::AtomicString):
1063         (WTF::AtomicString::contains):
1064         (WTF::AtomicString::find):
1065         (WTF::AtomicString::add):
1066         (WTF::operator==):
1067         (WTF::operator!=):
1068         (WTF::equalIgnoringCase):
1069         * wtf/text/StringConcatenate.h:
1070         * wtf/text/StringHash.h:
1071         (WTF::StringHash::equal):
1072         (WTF::CaseFoldingHash::hash):
1073         * wtf/text/StringImpl.cpp:
1074         (WTF::StringImpl::~StringImpl):
1075         (WTF::StringImpl::createUninitialized):
1076         (WTF::StringImpl::create):
1077         (WTF::StringImpl::getData16SlowCase):
1078         (WTF::StringImpl::containsOnlyWhitespace):
1079         (WTF::StringImpl::substring):
1080         (WTF::StringImpl::characterStartingAt):
1081         (WTF::StringImpl::lower):
1082         (WTF::StringImpl::upper):
1083         (WTF::StringImpl::fill):
1084         (WTF::StringImpl::foldCase):
1085         (WTF::StringImpl::stripMatchedCharacters):
1086         (WTF::StringImpl::removeCharacters):
1087         (WTF::StringImpl::simplifyMatchedCharactersToSpace):
1088         (WTF::StringImpl::toIntStrict):
1089         (WTF::StringImpl::toUIntStrict):
1090         (WTF::StringImpl::toInt64Strict):
1091         (WTF::StringImpl::toUInt64Strict):
1092         (WTF::StringImpl::toIntPtrStrict):
1093         (WTF::StringImpl::toInt):
1094         (WTF::StringImpl::toUInt):
1095         (WTF::StringImpl::toInt64):
1096         (WTF::StringImpl::toUInt64):
1097         (WTF::StringImpl::toIntPtr):
1098         (WTF::StringImpl::toDouble):
1099         (WTF::StringImpl::toFloat):
1100         (WTF::equal):
1101         (WTF::equalIgnoringCase):
1102         (WTF::StringImpl::find):
1103         (WTF::StringImpl::findIgnoringCase):
1104         (WTF::StringImpl::reverseFind):
1105         (WTF::StringImpl::replace):
1106         (WTF::StringImpl::defaultWritingDirection):
1107         (WTF::StringImpl::adopt):
1108         (WTF::StringImpl::createWithTerminatingNullCharacter):
1109         * wtf/text/StringImpl.h:
1110         (WTF::StringImpl::StringImpl):
1111         (WTF::StringImpl::create):
1112         (WTF::StringImpl::create8):
1113         (WTF::StringImpl::tryCreateUninitialized):
1114         (WTF::StringImpl::flagsOffset):
1115         (WTF::StringImpl::flagIs8Bit):
1116         (WTF::StringImpl::dataOffset):
1117         (WTF::StringImpl::is8Bit):
1118         (WTF::StringImpl::characters8):
1119         (WTF::StringImpl::characters16):
1120         (WTF::StringImpl::characters):
1121         (WTF::StringImpl::has16BitShadow):
1122         (WTF::StringImpl::setHash):
1123         (WTF::StringImpl::hash):
1124         (WTF::StringImpl::copyChars):
1125         (WTF::StringImpl::operator[]):
1126         (WTF::StringImpl::find):
1127         (WTF::StringImpl::findIgnoringCase):
1128         (WTF::equal):
1129         (WTF::equalIgnoringCase):
1130         (WTF::StringImpl::isolatedCopy):
1131         * wtf/text/WTFString.cpp:
1132         (WTF::String::String):
1133         (WTF::String::append):
1134         (WTF::String::format):
1135         (WTF::String::fromUTF8):
1136         (WTF::String::fromUTF8WithLatin1Fallback):
1137         * wtf/text/WTFString.h:
1138         (WTF::String::find):
1139         (WTF::String::findIgnoringCase):
1140         (WTF::String::contains):
1141         (WTF::String::append):
1142         (WTF::String::fromUTF8):
1143         (WTF::String::fromUTF8WithLatin1Fallback):
1144         (WTF::operator==):
1145         (WTF::operator!=):
1146         (WTF::equalIgnoringCase):
1147         * wtf/unicode/Unicode.h:
1148         * yarr/YarrJIT.cpp:
1149         (JSC::Yarr::execute):
1150         * yarr/YarrJIT.h:
1151         (JSC::Yarr::YarrCodeBlock::execute):
1152         * yarr/YarrParser.h:
1153         (JSC::Yarr::Parser::Parser):
1154
1155 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
1156
1157         Fixing windows build
1158
1159         Unreviewed build fix
1160
1161         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1162
1163 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
1164
1165         Add ability to check for presence of static members at compile time
1166         https://bugs.webkit.org/show_bug.cgi?id=70986
1167
1168         Reviewed by Geoffrey Garen.
1169
1170         Added new CREATE_MEMBER_CHECKER macro to instantiate the template and the 
1171         HAS_MEMBER_NAMED macro to use that template to check if the specified class 
1172         does indeed have a method with that name.  This mechanism is not currently 
1173         used anywhere, but will be in the future when adding virtual methods from 
1174         JSObject to the MethodTable.
1175
1176         * runtime/ClassInfo.h:
1177
1178 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
1179
1180         De-virtualize JSCell::toThisObject
1181         https://bugs.webkit.org/show_bug.cgi?id=70958
1182
1183         Reviewed by Geoffrey Garen.
1184
1185         Converted all instances of toThisObject to static functions, 
1186         added toThisObject to the MethodTable, and replaced all call sites
1187         with a corresponding lookup in the MethodTable.
1188
1189         * API/JSContextRef.cpp:
1190         * JavaScriptCore.exp:
1191         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1192         * runtime/ClassInfo.h:
1193         * runtime/JSActivation.cpp:
1194         (JSC::JSActivation::toThisObject):
1195         * runtime/JSActivation.h:
1196         * runtime/JSCell.cpp:
1197         (JSC::JSCell::toThisObject):
1198         * runtime/JSCell.h:
1199         * runtime/JSObject.cpp:
1200         (JSC::JSObject::put):
1201         (JSC::JSObject::toThisObject):
1202         * runtime/JSObject.h:
1203         (JSC::JSValue::toThisObject):
1204         * runtime/JSStaticScopeObject.cpp:
1205         (JSC::JSStaticScopeObject::toThisObject):
1206         * runtime/JSStaticScopeObject.h:
1207         * runtime/JSString.cpp:
1208         (JSC::JSString::toThisObject):
1209         * runtime/JSString.h:
1210         * runtime/StrictEvalActivation.cpp:
1211         (JSC::StrictEvalActivation::toThisObject):
1212         * runtime/StrictEvalActivation.h:
1213
1214 2011-10-27  Yuqiang Xian  <yuqiang.xian@intel.com>
1215
1216         Fix a small bug in callOperation after r98431
1217         https://bugs.webkit.org/show_bug.cgi?id=70984
1218
1219         Reviewed by Geoffrey Garen.
1220
1221         TrustedImmPtr is not expecting "int" type parameters.
1222
1223         * dfg/DFGJITCodeGenerator.h:
1224         (JSC::DFG::callOperation):
1225
1226 2011-10-26  Oliver Hunt  <oliver@apple.com>
1227
1228         Restore structure-clearing behaviour of allocateCell<>
1229         https://bugs.webkit.org/show_bug.cgi?id=70976
1230
1231         Reviewed by Geoffrey Garen.
1232
1233         This restores the logic that allows the markstack to filter
1234         live objects that have not yet been initialised.
1235
1236         * runtime/JSCell.h:
1237         (JSC::JSCell::clearStructure):
1238            Validation-safe method to clear a cell's structure.
1239         (JSC::allocateCell):
1240            Call the above method.
1241         * runtime/Structure.h:
1242         (JSC::MarkStack::internalAppend):
1243            Don't visit cells that haven't been initialised.
1244
1245 2011-10-26  Filip Pizlo  <fpizlo@apple.com>
1246
1247         REGRESSION (r97030): Cannot log in to progressive.com
1248         https://bugs.webkit.org/show_bug.cgi?id=70094
1249
1250         Reviewed by Oliver Hunt.
1251
1252         * dfg/DFGByteCodeParser.cpp:
1253         (JSC::DFG::ByteCodeParser::handleCall):
1254
1255 2011-10-26  Mark Hahnenberg  <mhahnenberg@apple.com>
1256
1257         Remove getOwnPropertySlotVirtual
1258         https://bugs.webkit.org/show_bug.cgi?id=70741
1259
1260         Reviewed by Geoffrey Garen.
1261
1262         Removed all declarations and definitions of getOwnPropertySlotVirtual.
1263         Also replaced all call sites to getOwnPropertyVirtualVirtual with a 
1264         corresponding lookup in the MethodTable.
1265
1266         * API/JSCallbackObject.h:
1267         * API/JSCallbackObjectFunctions.h:
1268         (JSC::::getOwnPropertyDescriptor):
1269         * JavaScriptCore.exp:
1270         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1271         * debugger/DebuggerActivation.cpp:
1272         (JSC::DebuggerActivation::getOwnPropertySlot):
1273         * debugger/DebuggerActivation.h:
1274         * runtime/Arguments.cpp:
1275         * runtime/Arguments.h:
1276         * runtime/ArrayConstructor.cpp:
1277         * runtime/ArrayConstructor.h:
1278         * runtime/ArrayPrototype.cpp:
1279         * runtime/ArrayPrototype.h:
1280         * runtime/BooleanPrototype.cpp:
1281         * runtime/BooleanPrototype.h:
1282         * runtime/DateConstructor.cpp:
1283         * runtime/DateConstructor.h:
1284         * runtime/DatePrototype.cpp:
1285         * runtime/DatePrototype.h:
1286         (JSC::DatePrototype::create):
1287         * runtime/ErrorPrototype.cpp:
1288         * runtime/ErrorPrototype.h:
1289         * runtime/JSActivation.cpp:
1290         * runtime/JSActivation.h:
1291         * runtime/JSArray.cpp:
1292         (JSC::JSArray::getOwnPropertySlotByIndex):
1293         * runtime/JSArray.h:
1294         * runtime/JSByteArray.cpp:
1295         * runtime/JSByteArray.h:
1296         * runtime/JSCell.cpp:
1297         * runtime/JSCell.h:
1298         * runtime/JSFunction.cpp:
1299         (JSC::JSFunction::getOwnPropertyDescriptor):
1300         (JSC::JSFunction::getOwnPropertyNames):
1301         (JSC::JSFunction::put):
1302         * runtime/JSFunction.h:
1303         * runtime/JSGlobalObject.cpp:
1304         * runtime/JSGlobalObject.h:
1305         * runtime/JSNotAnObject.cpp:
1306         * runtime/JSNotAnObject.h:
1307         * runtime/JSONObject.cpp:
1308         (JSC::Stringifier::Holder::appendNextProperty):
1309         (JSC::Walker::walk):
1310         * runtime/JSONObject.h:
1311         * runtime/JSObject.cpp:
1312         (JSC::JSObject::getOwnPropertySlotByIndex):
1313         (JSC::JSObject::hasOwnProperty):
1314         * runtime/JSObject.h:
1315         (JSC::JSCell::fastGetOwnPropertySlot):
1316         (JSC::JSObject::getPropertySlot):
1317         (JSC::JSValue::get):
1318         * runtime/JSStaticScopeObject.cpp:
1319         * runtime/JSStaticScopeObject.h:
1320         * runtime/JSString.cpp:
1321         (JSC::JSString::getOwnPropertySlot):
1322         * runtime/JSString.h:
1323         * runtime/MathObject.cpp:
1324         * runtime/MathObject.h:
1325         (JSC::MathObject::create):
1326         * runtime/NumberConstructor.cpp:
1327         * runtime/NumberConstructor.h:
1328         * runtime/NumberPrototype.cpp:
1329         * runtime/NumberPrototype.h:
1330         * runtime/ObjectConstructor.cpp:
1331         * runtime/ObjectConstructor.h:
1332         * runtime/ObjectPrototype.cpp:
1333         * runtime/ObjectPrototype.h:
1334         * runtime/RegExpConstructor.cpp:
1335         * runtime/RegExpConstructor.h:
1336         * runtime/RegExpMatchesArray.h:
1337         (JSC::RegExpMatchesArray::createStructure):
1338         * runtime/RegExpObject.cpp:
1339         * runtime/RegExpObject.h:
1340         * runtime/RegExpPrototype.cpp:
1341         * runtime/RegExpPrototype.h:
1342         * runtime/StringConstructor.cpp:
1343         * runtime/StringConstructor.h:
1344         * runtime/StringObject.cpp:
1345         * runtime/StringObject.h:
1346         * runtime/StringPrototype.cpp:
1347         * runtime/StringPrototype.h:
1348
1349 2011-10-26  Alejandro G. Castro  <alex@igalia.com>
1350
1351         [GTK] [WK2] Add WebKit2 distcheck support
1352         https://bugs.webkit.org/show_bug.cgi?id=70933
1353
1354         Reviewed by Martin Robinson.
1355
1356         * GNUmakefile.list.am: Add MemoryStatistics.h to the sources list.
1357
1358 2011-10-26  Michael Saboff  <msaboff@apple.com>
1359
1360         Increase StringImpl Flag Bits for 8 bit Strings
1361         https://bugs.webkit.org/show_bug.cgi?id=70937
1362
1363         Increased the number of bits used for flags in StringImpl
1364         from 6 to 8 bits. This frees up 2 flag bits that will be
1365         used for 8-bit string support. Updated hash methods accordingly.
1366         Changed hash value masking from the low bits to the high
1367         bits.
1368
1369         Reviewed by Darin Adler.
1370
1371         * create_hash_table:
1372         * wtf/StringHasher.h:
1373         (WTF::StringHasher::hash):
1374         * wtf/text/StringImpl.h:
1375
1376 2011-10-26  Dan Bernstein  <mitz@apple.com>
1377
1378         Build fix.
1379
1380         Reverted r98488, which caused the scripts’ status messages to be included in the generated
1381         files.
1382
1383         * create_hash_table:
1384         * create_jit_stubs:
1385
1386 2011-10-26  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
1387
1388         Don't print regular output to STDERR when generating hashtables and JIT stubs
1389
1390         Reviewed by Simon Hausmann.
1391
1392         * create_hash_table:
1393         * create_jit_stubs:
1394
1395 2011-10-25  Gavin Barraclough  <barraclough@apple.com>
1396
1397         Split DFGJITCodeGenerator::callOperation methods
1398         https://bugs.webkit.org/show_bug.cgi?id=70870
1399
1400         Reviewed by Filip Pizlo.
1401
1402         The DFGJITCodeGenerator currently contains two sets of callOperation methods.
1403         One set works with the JSVALUE64 value representation and passes arguments in
1404         registers (suitable for use on x86-64), and one set works with the JSVALUE32_64
1405         value representation and passes arguments in memory  (suitable for use on x86).
1406         By refactoring out the representation and calling convention specific aspects
1407         of the code we can also configure the DFG JIT to operator on platforms that use
1408         the JSVALUE32_64 value representation but pass arguments in registers.
1409
1410         On platforms supported by the JIT, the payload precedes the tag of a value in
1411         argument/result ordering, as such, in order to make the setupResults method
1412         generally applicable to return the results of a function that are returned in
1413         two registers, the ordering of arguments to this function has been reversed -
1414         as is the ordering of augments passed to setupArguments methods, with respect
1415         to the ordering with which they are passed in to callOperation.
1416         This inconsistency will be resolved in a later change when we combine the pairs
1417         of arguments passed into callOperation, such that the function signatures can
1418         be made consistent across the two value representations (the callOperation
1419         methods will be passed a reference to a struct representing the JSValue
1420         temporary, this will consist of two gprs on 32_64 and one on 64).
1421
1422         * dfg/DFGJITCodeGenerator.h:
1423         (JSC::DFG::resetCallArguments):
1424         (JSC::DFG::addCallArgument):
1425             - moved, removed tag,payload version of this method.
1426         (JSC::DFG::setupArguments):
1427         (JSC::DFG::setupArgumentsExecState):
1428         (JSC::DFG::setupArgumentsWithExecState):
1429             - Calling convention specific portion of callOperation refactored out into these methods.
1430         (JSC::DFG::callOperation):
1431             - updated these methods to use setupArguments* methods.
1432         (JSC::DFG::setupResults):
1433             - setupResults is now passed payload,tag.
1434         (JSC::DFG::appendCallWithExceptionCheckSetResult):
1435             - Added fpr versions of this function.
1436         (JSC::DFG::appendCallSetResult):
1437             - Added versions of this function without exception check.
1438         * dfg/DFGJITCodeGenerator32_64.cpp:
1439         (JSC::DFG::JITCodeGenerator::emitCall):
1440             - setupResults is now passed payload,tag.
1441
1442 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
1443
1444         Remove deletePropertyVirtual
1445         https://bugs.webkit.org/show_bug.cgi?id=70738
1446
1447         Reviewed by Geoffrey Garen.
1448
1449         Removed all declarations and definitions of deletePropertyVirtual.
1450         Also replaced all call sites to deletePropertyVirtual with a 
1451         corresponding lookup in the MethodTable.
1452
1453         * API/JSCallbackObject.h:
1454         * API/JSCallbackObjectFunctions.h:
1455         (JSC::::deletePropertyByIndex):
1456         * API/JSObjectRef.cpp:
1457         (JSObjectDeleteProperty):
1458         * JavaScriptCore.exp:
1459         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1460         * debugger/DebuggerActivation.cpp:
1461         (JSC::DebuggerActivation::deleteProperty):
1462         * debugger/DebuggerActivation.h:
1463         * interpreter/Interpreter.cpp:
1464         (JSC::Interpreter::privateExecute):
1465         * jit/JITStubs.cpp:
1466         (JSC::DEFINE_STUB_FUNCTION):
1467         * runtime/Arguments.cpp:
1468         * runtime/Arguments.h:
1469         * runtime/ArrayPrototype.cpp:
1470         (JSC::arrayProtoFuncPop):
1471         (JSC::arrayProtoFuncReverse):
1472         (JSC::arrayProtoFuncShift):
1473         (JSC::arrayProtoFuncSplice):
1474         (JSC::arrayProtoFuncUnShift):
1475         * runtime/JSActivation.cpp:
1476         * runtime/JSActivation.h:
1477         * runtime/JSArray.cpp:
1478         (JSC::JSArray::deleteProperty):
1479         (JSC::JSArray::deletePropertyByIndex):
1480         * runtime/JSArray.h:
1481         * runtime/JSCell.cpp:
1482         (JSC::JSCell::deleteProperty):
1483         (JSC::JSCell::deletePropertyByIndex):
1484         * runtime/JSCell.h:
1485         * runtime/JSFunction.cpp:
1486         * runtime/JSFunction.h:
1487         * runtime/JSNotAnObject.cpp:
1488         * runtime/JSNotAnObject.h:
1489         * runtime/JSONObject.cpp:
1490         (JSC::Walker::walk):
1491         * runtime/JSObject.cpp:
1492         (JSC::JSObject::deletePropertyByIndex):
1493         (JSC::JSObject::defineOwnProperty):
1494         * runtime/JSObject.h:
1495         * runtime/JSVariableObject.cpp:
1496         * runtime/JSVariableObject.h:
1497         * runtime/RegExpMatchesArray.h:
1498         * runtime/StrictEvalActivation.cpp:
1499         * runtime/StrictEvalActivation.h:
1500         * runtime/StringObject.cpp:
1501         * runtime/StringObject.h:
1502
1503 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
1504
1505         Remove putVirtual
1506         https://bugs.webkit.org/show_bug.cgi?id=70740
1507
1508         Reviewed by Geoffrey Garen.
1509
1510         Removed all declarations and definitions of putVirtual.
1511         Also replaced all call sites to putVirtual with a 
1512         corresponding lookup in the MethodTable.
1513
1514         * API/JSCallbackObject.h:
1515         * API/JSCallbackObjectFunctions.h:
1516         * API/JSObjectRef.cpp:
1517         (JSObjectSetProperty):
1518         (JSObjectSetPropertyAtIndex):
1519         * JavaScriptCore.exp:
1520         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1521         * debugger/DebuggerActivation.cpp:
1522         (JSC::DebuggerActivation::put):
1523         * debugger/DebuggerActivation.h:
1524         * dfg/DFGOperations.cpp:
1525         * interpreter/Interpreter.cpp:
1526         (JSC::Interpreter::execute):
1527         (JSC::Interpreter::privateExecute):
1528         * jsc.cpp:
1529         (GlobalObject::finishCreation):
1530         * runtime/Arguments.cpp:
1531         * runtime/Arguments.h:
1532         * runtime/ArrayPrototype.cpp:
1533         (JSC::putProperty):
1534         (JSC::arrayProtoFuncConcat):
1535         (JSC::arrayProtoFuncPush):
1536         (JSC::arrayProtoFuncReverse):
1537         (JSC::arrayProtoFuncShift):
1538         (JSC::arrayProtoFuncSlice):
1539         (JSC::arrayProtoFuncSort):
1540         (JSC::arrayProtoFuncSplice):
1541         (JSC::arrayProtoFuncUnShift):
1542         (JSC::arrayProtoFuncFilter):
1543         (JSC::arrayProtoFuncMap):
1544         * runtime/JSActivation.cpp:
1545         * runtime/JSActivation.h:
1546         * runtime/JSArray.cpp:
1547         (JSC::JSArray::putSlowCase):
1548         (JSC::JSArray::push):
1549         (JSC::JSArray::shiftCount):
1550         (JSC::JSArray::unshiftCount):
1551         * runtime/JSArray.h:
1552         * runtime/JSByteArray.cpp:
1553         * runtime/JSByteArray.h:
1554         * runtime/JSCell.cpp:
1555         (JSC::JSCell::put):
1556         (JSC::JSCell::putByIndex):
1557         * runtime/JSCell.h:
1558         * runtime/JSFunction.cpp:
1559         * runtime/JSFunction.h:
1560         * runtime/JSGlobalObject.cpp:
1561         * runtime/JSGlobalObject.h:
1562         * runtime/JSNotAnObject.cpp:
1563         * runtime/JSNotAnObject.h:
1564         * runtime/JSONObject.cpp:
1565         (JSC::Walker::walk):
1566         * runtime/JSObject.cpp:
1567         (JSC::JSObject::putByIndex):
1568         (JSC::JSObject::defineOwnProperty):
1569         * runtime/JSObject.h:
1570         (JSC::JSValue::put):
1571         * runtime/JSStaticScopeObject.cpp:
1572         * runtime/JSStaticScopeObject.h:
1573         * runtime/ObjectPrototype.cpp:
1574         * runtime/ObjectPrototype.h:
1575         * runtime/RegExpConstructor.cpp:
1576         * runtime/RegExpConstructor.h:
1577         * runtime/RegExpMatchesArray.h:
1578         * runtime/RegExpObject.cpp:
1579         * runtime/RegExpObject.h:
1580         * runtime/StringObject.cpp:
1581         * runtime/StringObject.h:
1582         * runtime/StringPrototype.cpp:
1583         (JSC::stringProtoFuncSplit):
1584
1585 2011-10-25  Gavin Barraclough  <barraclough@apple.com>
1586
1587         Separate out function linking & exception check data structures.
1588         https://bugs.webkit.org/show_bug.cgi?id=70858
1589
1590         Reviewed by Oliver Hunt.
1591
1592         This will make it easier to refactor the callOperation methods to spilt the value
1593         representation specific handling from the cpu/calling-convention implementation.
1594
1595         * dfg/DFGJITCodeGenerator.h:
1596         (JSC::DFG::appendCallWithExceptionCheck):
1597         * dfg/DFGJITCodeGenerator32_64.cpp:
1598         (JSC::DFG::JITCodeGenerator::emitCall):
1599         * dfg/DFGJITCodeGenerator64.cpp:
1600         (JSC::DFG::JITCodeGenerator::emitCall):
1601         * dfg/DFGJITCompiler.cpp:
1602         (JSC::DFG::JITCompiler::compileBody):
1603         (JSC::DFG::JITCompiler::link):
1604         * dfg/DFGJITCompiler.h:
1605         (JSC::DFG::CallLinkRecord::CallLinkRecord):
1606         (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
1607         (JSC::DFG::JITCompiler::JITCompiler):
1608         (JSC::DFG::JITCompiler::notifyCall):
1609         (JSC::DFG::JITCompiler::appendCall):
1610         (JSC::DFG::JITCompiler::addExceptionCheck):
1611         (JSC::DFG::JITCompiler::addFastExceptionCheck):
1612         * dfg/DFGJITCompiler32_64.cpp:
1613         (JSC::DFG::JITCompiler::compileBody):
1614         (JSC::DFG::JITCompiler::link):
1615
1616 2011-10-25  Filip Pizlo  <fpizlo@apple.com>
1617
1618         Tiered compilation may introduce dangling pointers in constant buffers
1619         https://bugs.webkit.org/show_bug.cgi?id=70854
1620
1621         Reviewed by Oliver Hunt.
1622         
1623         Tiered compilation now copies constant buffers, which fixes the regression in
1624         https://bugs.webkit.org/show_bug.cgi?id=70246. No new tests because this
1625         regression relies on a subtle interleaving of optimized compilation and garbage
1626         collection, and cannot be reproduced in a simple test.
1627         
1628         This also adds some new debug support, which was used to fix this bug and is
1629         likely to be useful in the future.
1630
1631         * bytecode/CodeBlock.cpp:
1632         (JSC::CodeBlock::copyDataFrom):
1633         (JSC::CodeBlock::usesOpcode):
1634         * bytecode/CodeBlock.h:
1635         * dfg/DFGGraph.cpp:
1636         (JSC::DFG::Graph::dump):
1637
1638 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
1639
1640         Fixing Windows build after r98367
1641
1642         Unreviewed build fix
1643
1644         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1645
1646 2011-10-25  Yuqiang Xian  <yuqiang.xian@intel.com>
1647
1648         Add missing DFG file entries to the make lists for GTK and Qt ports
1649         https://bugs.webkit.org/show_bug.cgi?id=70806
1650
1651         Reviewed by Darin Adler.
1652
1653         * GNUmakefile.list.am:
1654         * JavaScriptCore.pro:
1655
1656 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
1657
1658         Add getOwnPropertySlot to MethodTable
1659         https://bugs.webkit.org/show_bug.cgi?id=69807
1660
1661         Reviewed by Oliver Hunt.
1662
1663         * JavaScriptCore.exp:
1664         * runtime/ClassInfo.h: Added both versions of getOwnPropertySlot to the MethodTable.
1665         * runtime/JSCell.h: Changed getOwnPropertySlot to be protected so other classes can 
1666         reference it in their MethodTables.
1667
1668 2011-10-25  Oliver Hunt  <oliver@apple.com>
1669
1670         Need to support marking of multiple nested codeblocks when compiling
1671         https://bugs.webkit.org/show_bug.cgi?id=70832
1672
1673         Reviewed by Gavin Barraclough.
1674
1675         When inlining a function we end up with multiple codeblocks being
1676         compiled at the same time, so we need to support a list of live
1677         codeblocks.
1678
1679         * heap/Heap.cpp:
1680         (JSC::Heap::markRoots):
1681         * runtime/JSGlobalData.cpp:
1682         (JSC::JSGlobalData::JSGlobalData):
1683         * runtime/JSGlobalData.h:
1684         (JSC::JSGlobalData::startedCompiling):
1685         (JSC::JSGlobalData::finishedCompiling):
1686
1687 2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
1688
1689         DFG JIT 32_64 - fillInteger should accept DataFormatJSInteger
1690         https://bugs.webkit.org/show_bug.cgi?id=70798
1691
1692         Reviewed by Filip Pizlo.
1693
1694         When filling an integer for a known integer node (not speculated), it
1695         should accept DataFormatJSInteger as well.
1696
1697         * dfg/DFGJITCodeGenerator32_64.cpp:
1698         (JSC::DFG::JITCodeGenerator::fillInteger):
1699
1700 2011-10-24  Geoffrey Garen  <ggaren@apple.com>
1701
1702         Build fix: removed some cases of threadsafeCopy() that I missed in
1703         my previous patch.
1704
1705         * JavaScriptCore.order:
1706
1707 2011-10-24  Geoffrey Garen  <ggaren@apple.com>
1708
1709         Removed SharedUChar and tightened language around its previous uses
1710         https://bugs.webkit.org/show_bug.cgi?id=70698
1711
1712         Reviewed by David Levin.
1713
1714         - Removed SharedUChar because most of its functionality has moved into
1715         other abstraction layers, and we want remaining clients to choose their
1716         abstractions explicitly instead of relying on StringImpl to provide this
1717         behavior implicitly, since we think they can sometimes make more efficient
1718         choices.
1719
1720         - Renamed "threadSafeCopy" and "crossThreadCopy" to "isolatedCopy" because
1721         the former names could give the impression that the resulting object was
1722         thread-safe, but actually it's just an isolated copy, which is not
1723         thread-safe by itself, but can be used to implement a thread-safe
1724         algorithm through isolation.
1725
1726         * wtf/CrossThreadRefCounted.h: Removed.
1727
1728         * JavaScriptCore.exp: Export!
1729
1730         * wtf/text/StringImpl.cpp:
1731         (WTF::StringImpl::~StringImpl): Removed the stuff mentioned above.
1732
1733         * wtf/text/StringImpl.h:
1734         (WTF::StringImpl::length): Ditto.
1735
1736         (WTF::StringImpl::isolatedCopy): Inlined this, since it's now trivial.
1737
1738         * wtf/text/WTFString.cpp:
1739         (WTF::String::isolatedCopy):
1740         * wtf/text/WTFString.h: Updated for StringImpl changes.
1741
1742         * API/OpaqueJSString.h:
1743         * GNUmakefile.list.am:
1744         * JavaScriptCore.exp:
1745         * JavaScriptCore.gypi:
1746         * JavaScriptCore.order:
1747         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
1748         * JavaScriptCore.xcodeproj/project.pbxproj:
1749         * wtf/CMakeLists.txt:
1750         * wtf/OwnFastMallocPtr.h:
1751         * wtf/RefCounted.h:
1752         * wtf/SizeLimits.cpp:
1753         * wtf/ThreadSafeRefCounted.h:
1754         * wtf/wtf.pri:
1755         * yarr/YarrPattern.h: Updated these files to accomodate removal of
1756         CrossThreadRefCounted.h.
1757
1758 2011-10-24  Oliver Hunt  <oliver@apple.com>
1759
1760         Crash in void JSC::validateCell<JSC::RegExp*>(JSC::RegExp*)
1761         https://bugs.webkit.org/show_bug.cgi?id=70689
1762
1763         Reviewed by Filip Pizlo.
1764
1765         While performing codegen we need to make the GlobalData explicitly
1766         aware of the codeblock being compiled, as compilation may trigger GC
1767         and CodeBlock holds GC values, but has not yet been assigned to its
1768         owner executable.
1769
1770         * bytecompiler/BytecodeGenerator.cpp:
1771         (JSC::BytecodeGenerator::BytecodeGenerator):
1772         (JSC::BytecodeGenerator::~BytecodeGenerator):
1773         * bytecompiler/BytecodeGenerator.h:
1774         * heap/AllocationSpace.cpp:
1775         (JSC::AllocationSpace::allocateSlowCase):
1776         * heap/Heap.cpp:
1777         (JSC::Heap::markRoots):
1778         * runtime/JSGlobalData.cpp:
1779         (JSC::JSGlobalData::JSGlobalData):
1780         * runtime/JSGlobalData.h:
1781         (JSC::JSGlobalData::startedCompiling):
1782         (JSC::JSGlobalData::finishedCompiling):
1783
1784 2011-10-24  Filip Pizlo  <fpizlo@apple.com>
1785
1786         Object-or-other branch speculation may corrupt the state for OSR if the child of the
1787         branch is an integer
1788         https://bugs.webkit.org/show_bug.cgi?id=70777
1789
1790         Reviewed by Oliver Hunt.
1791
1792         * dfg/DFGSpeculativeJIT64.cpp:
1793         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1794
1795 2011-10-24  Filip Pizlo  <fpizlo@apple.com>
1796
1797         op_new_array_buffer is not inlined correctly
1798         https://bugs.webkit.org/show_bug.cgi?id=70770
1799
1800         Reviewed by Oliver Hunt.
1801         
1802         Disabled inlining of op_new_array_buffer, for now.
1803
1804         * dfg/DFGCapabilities.h:
1805         (JSC::DFG::canInlineOpcode):
1806
1807 2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
1808
1809         Add boolean speculations to DFG JIT 32_64
1810         https://bugs.webkit.org/show_bug.cgi?id=70706
1811
1812         Reviewed by Filip Pizlo.
1813
1814         Different from the boolean speculations in DFG 64, the boolean
1815         speculations in DFG 32_64 will use a 32bit GPR to hold the primitive
1816         boolean instead of a JSBoolean. This choice is not only for
1817         performance, but also to save a register as we're short of registers on
1818         X86.
1819         To accomplish this we make use of DataFormatBoolean, allow a value to
1820         be represented as a primitive boolean and converted from/to a
1821         JSBoolean.
1822         This patch also fixes SpillOrder in 32_64, which should be different
1823         from 64, and fixes needDataFormatConversion logic in 32_64.
1824
1825         * assembler/MacroAssemblerX86Common.h:
1826         (JSC::MacroAssemblerX86Common::branchTest32):
1827             We don't expect byte test actually as it doesn't work for registers
1828             esp..edi on X86.
1829         * dfg/DFGGenerationInfo.h:
1830         (JSC::DFG::needDataFormatConversion):
1831         (JSC::DFG::GenerationInfo::initBoolean):
1832         (JSC::DFG::GenerationInfo::gpr):
1833         (JSC::DFG::GenerationInfo::fillInteger):
1834         (JSC::DFG::GenerationInfo::fillBoolean):
1835         * dfg/DFGJITCodeGenerator.cpp:
1836         (JSC::DFG::JITCodeGenerator::checkConsistency):
1837         * dfg/DFGJITCodeGenerator.h:
1838         (JSC::DFG::JITCodeGenerator::use):
1839         (JSC::DFG::JITCodeGenerator::silentSpillGPR):
1840         (JSC::DFG::JITCodeGenerator::silentFillGPR):
1841         (JSC::DFG::JITCodeGenerator::spill):
1842         (JSC::DFG::cellResult):
1843         (JSC::DFG::booleanResult):
1844         * dfg/DFGJITCodeGenerator32_64.cpp:
1845         (JSC::DFG::JITCodeGenerator::fillJSValue):
1846         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
1847         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
1848         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
1849         * dfg/DFGJITCompiler32_64.cpp:
1850         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1851         * dfg/DFGSpeculativeJIT.cpp:
1852         (JSC::DFG::ValueSource::dump):
1853         (JSC::DFG::ValueRecovery::dump):
1854         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
1855         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
1856         * dfg/DFGSpeculativeJIT.h:
1857         (JSC::DFG::ValueSource::forPrediction):
1858         (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
1859         (JSC::DFG::ValueRecovery::inGPR):
1860         (JSC::DFG::ValueRecovery::gpr):
1861         * dfg/DFGSpeculativeJIT32_64.cpp:
1862         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1863         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1864         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1865         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
1866         (JSC::DFG::SpeculativeJIT::compare):
1867         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1868         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1869         (JSC::DFG::SpeculativeJIT::emitBranch):
1870         (JSC::DFG::SpeculativeJIT::compile):
1871
1872 2011-10-24  Mark Hahnenberg  <mhahnenberg@apple.com>
1873
1874         Fixing Windows build
1875
1876         Unreviewed build fix
1877
1878         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1879
1880 2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
1881
1882         BitVector isInline check could fail
1883         https://bugs.webkit.org/show_bug.cgi?id=70691
1884
1885         Reviewed by Geoffrey Garen.
1886
1887         Current BitVector uses the highest bit of m_bitsOrPointer to indicate
1888         whether it's an inlined bit set or a pointer to an outOfLine bit set.
1889         This check may fail in case the pointer also has the highest bit set,
1890         which is surely possible on IA32 (Linux).
1891         In this case the check failure can result in unexpected behaviors,
1892         for example if the BitVector is incorrectly determined as having an
1893         inlined bit set, then setting a bit exceeding maxInlineBits will wrongly
1894         modify the memory adjacent to the BitVector object.
1895         This fix is to use the lowest bit of m_bitsOrPointer to indicate inline
1896         or outofline, based on the assumption that the pointer to OutOfLineBits
1897         should be 4 or 8 byte aligned.
1898         We could mark the lowest bit (bit 0) with 1 for inlined bit set,
1899         and bits 1~bitsInPointer are used for bit set/test.
1900         In this case we need do one bit more shift for bit set/test.
1901
1902         * wtf/BitVector.cpp:
1903         (WTF::BitVector::resizeOutOfLine):
1904         * wtf/BitVector.h:
1905         (WTF::BitVector::quickGet):
1906         (WTF::BitVector::quickSet):
1907         (WTF::BitVector::quickClear):
1908         (WTF::BitVector::makeInlineBits):
1909         (WTF::BitVector::isInline):
1910
1911 2011-10-24  Mark Hahnenberg  <mhahnenberg@apple.com>
1912
1913         Rename static getOwnPropertySlot to getOwnPropertySlotByIndex
1914         https://bugs.webkit.org/show_bug.cgi?id=70271
1915
1916         Reviewed by Darin Adler.
1917
1918         Renaming versions of getOwnPropertySlot that use an unsigned as the property
1919         name to "getOwnPropertySlotByIndex" in preparation for adding them to the 
1920         MethodTable, which requires unique names for each method.
1921
1922         * JavaScriptCore.exp:
1923         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1924         * runtime/Arguments.cpp:
1925         (JSC::Arguments::getOwnPropertySlotVirtual):
1926         (JSC::Arguments::getOwnPropertySlotByIndex):
1927         * runtime/Arguments.h:
1928         * runtime/JSArray.cpp:
1929         (JSC::JSArray::getOwnPropertySlotVirtual):
1930         (JSC::JSArray::getOwnPropertySlotByIndex):
1931         (JSC::JSArray::getOwnPropertySlot):
1932         * runtime/JSArray.h:
1933         * runtime/JSByteArray.cpp:
1934         (JSC::JSByteArray::getOwnPropertySlotVirtual):
1935         (JSC::JSByteArray::getOwnPropertySlotByIndex):
1936         * runtime/JSByteArray.h:
1937         * runtime/JSCell.cpp:
1938         (JSC::JSCell::getOwnPropertySlotVirtual):
1939         (JSC::JSCell::getOwnPropertySlotByIndex):
1940         * runtime/JSCell.h:
1941         * runtime/JSNotAnObject.cpp:
1942         (JSC::JSNotAnObject::getOwnPropertySlotVirtual):
1943         (JSC::JSNotAnObject::getOwnPropertySlotByIndex):
1944         * runtime/JSNotAnObject.h:
1945         * runtime/JSObject.cpp:
1946         (JSC::JSObject::getOwnPropertySlotVirtual):
1947         (JSC::JSObject::getOwnPropertySlotByIndex):
1948         * runtime/JSObject.h:
1949         * runtime/JSString.cpp:
1950         (JSC::JSString::getOwnPropertySlotVirtual):
1951         (JSC::JSString::getOwnPropertySlotByIndex):
1952         * runtime/JSString.h:
1953         * runtime/ObjectPrototype.cpp:
1954         (JSC::ObjectPrototype::getOwnPropertySlotVirtual):
1955         (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
1956         * runtime/ObjectPrototype.h:
1957         * runtime/RegExpMatchesArray.h:
1958         (JSC::RegExpMatchesArray::getOwnPropertySlotVirtual):
1959         (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
1960         * runtime/StringObject.cpp:
1961         (JSC::StringObject::getOwnPropertySlotVirtual):
1962         (JSC::StringObject::getOwnPropertySlotByIndex):
1963         * runtime/StringObject.h:
1964
1965 2011-10-24  Patrick Gansterer  <paroga@webkit.org>
1966
1967         Interpreter build fix after r98179.
1968
1969         * bytecode/CodeBlock.h:
1970         Moved CodeBlock::baselineVersion() into ENABLE(JIT) block,
1971         since it is only used there.
1972
1973 2011-10-23  Geoffrey Garen  <ggaren@apple.com>
1974
1975         Fixed a typo Darin spotted.
1976
1977         * wtf/StringHasher.h:
1978         (WTF::StringHasher::hash): Expelliarmus!
1979
1980 2011-10-23  Geoffrey Garen  <ggaren@apple.com>
1981
1982         Removed StringImpl::createStrippingNullCharacters
1983         https://bugs.webkit.org/show_bug.cgi?id=70700
1984
1985         Reviewed by David Levin.
1986         
1987         It was unused.
1988
1989         * JavaScriptCore.exp:
1990         * wtf/text/StringImpl.cpp:
1991         * wtf/text/StringImpl.h:
1992
1993 2011-10-22  Filip Pizlo  <fpizlo@apple.com>
1994
1995         DFG should inline constructors
1996         https://bugs.webkit.org/show_bug.cgi?id=70675
1997
1998         Reviewed by Oliver Hunt.
1999         
2000         Adds support for inlining constructors. Also fixes two pathologies
2001         uncovered along the way: CheckMethod claimed that it never returned a
2002         result (causing CheckMethod -> SetLocal -> GetLocal sequences to
2003         result in the GetLocal doing OSR exit), and get_by_id parsing never
2004         checked if it was hot in slow path. Also fiddled with inlining
2005         heuristics; it appears that for now, the more inlining, the happier
2006         V8 is. Finally, a bug was uncovered where a silent spill of a boxed
2007         integer that had previously been spilled unboxed causes the silent
2008         fill to forget to unbox.
2009         
2010         This appears to be a 4% speed-up on V8 in their harness, or a 1%
2011         speed-up in my harness. The difference is due to warm-up: in my
2012         harness we see significant amounts of time spent in compilation, but
2013         in V8's harness compilation gets amortizes. Profiling indicates that
2014         we have the potential for a 5% win from basic optimizations like
2015         generating OSR exits lazily and holding onto bytecode longer.
2016
2017         * dfg/DFGAbstractState.cpp:
2018         (JSC::DFG::AbstractState::execute):
2019         * dfg/DFGByteCodeParser.cpp:
2020         (JSC::DFG::ByteCodeParser::handleCall):
2021         (JSC::DFG::ByteCodeParser::handleInlining):
2022         (JSC::DFG::ByteCodeParser::handleMinMax):
2023         (JSC::DFG::ByteCodeParser::parseBlock):
2024         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2025         (JSC::DFG::ByteCodeParser::parse):
2026         * dfg/DFGCapabilities.h:
2027         (JSC::DFG::mightInlineFunctionForConstruct):
2028         (JSC::DFG::canInlineOpcode):
2029         (JSC::DFG::mightInlineFunctionFor):
2030         (JSC::DFG::canInlineFunctionFor):
2031         * dfg/DFGJITCodeGenerator.h:
2032         (JSC::DFG::JITCodeGenerator::silentFillGPR):
2033         * runtime/Executable.h:
2034         (JSC::isCall):
2035         (JSC::ExecutableBase::intrinsicFor):
2036         * runtime/Heuristics.cpp:
2037         (JSC::Heuristics::initializeHeuristics):
2038         * runtime/Heuristics.h:
2039
2040 2011-10-23  Noel Gordon  <noel.gordon@gmail.com>
2041
2042         [chromium] Remove RopeImpl.{h,cpp} from the gyp projects
2043         https://bugs.webkit.org/show_bug.cgi?id=70703
2044
2045         Reviewed by Kent Tamura.
2046
2047         runtime/RopeImpl.{h,cpp} were removed in r97872, remove references
2048         to these files from the gyp project files.
2049
2050         * JavaScriptCore.gypi:
2051
2052 2011-10-23  Mark Hahnenberg  <mhahnenberg@apple.com>
2053
2054         Add deleteProperty to the MethodTable
2055         https://bugs.webkit.org/show_bug.cgi?id=70162
2056
2057         Reviewed by Sam Weinig.
2058
2059         * JavaScriptCore.exp:
2060         * runtime/ClassInfo.h: Added both versions of deleteProperty to the MethodTable.
2061         * runtime/JSFunction.h: Changed JSFunction::deleteProperty to 
2062         be protected rather than private for subclasses who don't provide their own
2063         implementation.
2064
2065 2011-10-23  Mark Hahnenberg  <mhahnenberg@apple.com>
2066
2067         Remove getConstructDataVirtual
2068         https://bugs.webkit.org/show_bug.cgi?id=70638
2069
2070         Reviewed by Darin Adler.
2071
2072         Removed all declarations and definitions of getConstructDataVirtual.
2073         Also replaced all call sites to getConstructDataVirtual with a 
2074         corresponding lookup in the MethodTable.
2075
2076         * API/JSCallbackConstructor.cpp:
2077         * API/JSCallbackConstructor.h:
2078         * API/JSCallbackObject.h:
2079         * API/JSCallbackObjectFunctions.h:
2080         * API/JSObjectRef.cpp:
2081         (JSObjectIsConstructor):
2082         (JSObjectCallAsConstructor):
2083         * JavaScriptCore.exp:
2084         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2085         * dfg/DFGOperations.cpp:
2086         * interpreter/Interpreter.cpp:
2087         (JSC::Interpreter::privateExecute):
2088         * jit/JITStubs.cpp:
2089         (JSC::DEFINE_STUB_FUNCTION):
2090         * runtime/ArrayConstructor.cpp:
2091         * runtime/ArrayConstructor.h:
2092         * runtime/BooleanConstructor.cpp:
2093         * runtime/BooleanConstructor.h:
2094         * runtime/DateConstructor.cpp:
2095         * runtime/DateConstructor.h:
2096         * runtime/Error.h:
2097         (JSC::StrictModeTypeErrorFunction::getConstructData):
2098         * runtime/ErrorConstructor.cpp:
2099         * runtime/ErrorConstructor.h:
2100         * runtime/FunctionConstructor.cpp:
2101         * runtime/FunctionConstructor.h:
2102         * runtime/JSCell.cpp:
2103         * runtime/JSCell.h:
2104         * runtime/JSFunction.cpp:
2105         * runtime/JSFunction.h:
2106         * runtime/JSObject.h:
2107         (JSC::getConstructData):
2108         * runtime/NativeErrorConstructor.cpp:
2109         * runtime/NativeErrorConstructor.h:
2110         * runtime/NumberConstructor.cpp:
2111         * runtime/NumberConstructor.h:
2112         * runtime/ObjectConstructor.cpp:
2113         * runtime/ObjectConstructor.h:
2114         * runtime/RegExpConstructor.cpp:
2115         * runtime/RegExpConstructor.h:
2116         * runtime/StringConstructor.cpp:
2117         * runtime/StringConstructor.h:
2118
2119 2011-10-23  Geoffrey Garen  <ggaren@apple.com>
2120
2121         Try to fix the SL build.
2122
2123         * dfg/DFGByteCodeParser.cpp:
2124         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Cast
2125         away int vs unisgned warning.
2126
2127 2011-10-21  Geoffrey Garen  <ggaren@apple.com>
2128
2129         Separated string lifetime bits from character buffer state bits
2130         https://bugs.webkit.org/show_bug.cgi?id=70673
2131
2132         Reviewed by Anders Carlsson.
2133         
2134         Moved the static/immortal bit into the bottom bit of the refcount, and
2135         moved all other bits into the high bits of the hash code.
2136         
2137         This is the first step toward a new Characters/PassString class, and it
2138         makes ref/deref slightly more efficient.
2139
2140         * create_hash_table:
2141         * wtf/StringHasher.h:
2142         (WTF::StringHasher::hash): Tweaked the string hashing function to leave
2143         the top bits clear, so they can be used as flags.
2144         
2145         Fixed some small differences between the PERL copy of this function and
2146         the C++ copy of this function, which could have in theory caused subtle
2147         crashes.
2148
2149         * wtf/text/StringImpl.cpp:
2150         (WTF::StringImpl::sharedBuffer):
2151         (WTF::StringImpl::createWithTerminatingNullCharacter):
2152         * wtf/text/StringImpl.h:
2153         (WTF::StringImpl::StringImpl):
2154         (WTF::StringImpl::cost): Renamed s_refCountFlagShouldReportedCost to
2155         s_didReportExtraCost, since the original name was both self-contradictory
2156         and used as a double-negative.
2157
2158         (WTF::StringImpl::isIdentifier):
2159         (WTF::StringImpl::setIsIdentifier):
2160         (WTF::StringImpl::hasTerminatingNullCharacter):
2161         (WTF::StringImpl::isAtomic):
2162         (WTF::StringImpl::setIsAtomic):
2163         (WTF::StringImpl::setHash):
2164         (WTF::StringImpl::rawHash):
2165         (WTF::StringImpl::hasHash):
2166         (WTF::StringImpl::existingHash):
2167         (WTF::StringImpl::hash):
2168         (WTF::StringImpl::hasOneRef):
2169         (WTF::StringImpl::ref):
2170         (WTF::StringImpl::deref):
2171         (WTF::StringImpl::bufferOwnership):
2172         (WTF::StringImpl::isStatic): Moved the static/immortal bit into the bottom
2173         bit of the refcount. Now, all lifetime information lives in the refcount
2174         field. Moved the other bits into the hash code field.
2175
2176 2011-10-21  Filip Pizlo  <fpizlo@apple.com>
2177
2178         DFG inlining sometimes fails to reset constant references
2179         https://bugs.webkit.org/show_bug.cgi?id=70668
2180
2181         Reviewed by Anders Carlsson.
2182         
2183         Reset constant references when we need to (new block created) and not
2184         when we don't (change of inlining depth).
2185
2186         * dfg/DFGByteCodeParser.cpp:
2187         (JSC::DFG::ByteCodeParser::handleInlining):
2188         (JSC::DFG::ByteCodeParser::prepareToParseBlock):
2189         (JSC::DFG::ByteCodeParser::parseBlock):
2190         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2191
2192 2011-10-21  Filip Pizlo  <fpizlo@apple.com>
2193
2194         DFG should have inlining
2195         https://bugs.webkit.org/show_bug.cgi?id=69996
2196
2197         Reviewed by Oliver Hunt.
2198         
2199         Implements inlining that's hooked into the bytecode parser. Only
2200         works for calls, for now, though nothing fundamentally prevents us
2201         from inlining constructor calls. 2% overall speed-up on all
2202         benchmarks. 7% speed-up on V8 (around 34% and 27% on deltablue and
2203         richards respectively), neutral on Kraken and SunSpider. 
2204         
2205         * bytecode/CodeBlock.cpp:
2206         (JSC::CodeBlock::visitAggregate):
2207         * bytecode/CodeBlock.h:
2208         (JSC::CodeBlock::baselineVersion):
2209         (JSC::CodeBlock::setInstructionCount):
2210         (JSC::CodeBlock::likelyToTakeSlowCase):
2211         (JSC::CodeBlock::couldTakeSlowCase):
2212         (JSC::CodeBlock::likelyToTakeSpecialFastCase):
2213         (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
2214         (JSC::CodeBlock::likelyToTakeAnySlowCase):
2215         * bytecode/CodeOrigin.h:
2216         (JSC::CodeOrigin::inlineDepthForCallFrame):
2217         (JSC::CodeOrigin::inlineDepth):
2218         (JSC::CodeOrigin::operator==):
2219         (JSC::CodeOrigin::inlineStack):
2220         * bytecompiler/BytecodeGenerator.cpp:
2221         (JSC::BytecodeGenerator::generate):
2222         * dfg/DFGAbstractState.cpp:
2223         (JSC::DFG::AbstractState::beginBasicBlock):
2224         (JSC::DFG::AbstractState::execute):
2225         (JSC::DFG::AbstractState::mergeStateAtTail):
2226         * dfg/DFGBasicBlock.h:
2227         (JSC::DFG::BasicBlock::BasicBlock):
2228         (JSC::DFG::BasicBlock::ensureLocals):
2229         (JSC::DFG::UnlinkedBlock::UnlinkedBlock):
2230         * dfg/DFGByteCodeParser.cpp:
2231         (JSC::DFG::ByteCodeParser::ByteCodeParser):
2232         (JSC::DFG::ByteCodeParser::getDirect):
2233         (JSC::DFG::ByteCodeParser::get):
2234         (JSC::DFG::ByteCodeParser::setDirect):
2235         (JSC::DFG::ByteCodeParser::set):
2236         (JSC::DFG::ByteCodeParser::getLocal):
2237         (JSC::DFG::ByteCodeParser::getArgument):
2238         (JSC::DFG::ByteCodeParser::flush):
2239         (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry):
2240         (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
2241         (JSC::DFG::ByteCodeParser::handleInlining):
2242         (JSC::DFG::ByteCodeParser::parseBlock):
2243         (JSC::DFG::ByteCodeParser::processPhiStack):
2244         (JSC::DFG::ByteCodeParser::linkBlock):
2245         (JSC::DFG::ByteCodeParser::linkBlocks):
2246         (JSC::DFG::ByteCodeParser::handleSuccessor):
2247         (JSC::DFG::ByteCodeParser::determineReachability):
2248         (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
2249         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2250         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2251         (JSC::DFG::ByteCodeParser::parse):
2252         * dfg/DFGCapabilities.cpp:
2253         (JSC::DFG::canHandleOpcodes):
2254         (JSC::DFG::canCompileOpcodes):
2255         (JSC::DFG::canInlineOpcodes):
2256         * dfg/DFGCapabilities.h:
2257         (JSC::DFG::mightCompileEval):
2258         (JSC::DFG::mightCompileProgram):
2259         (JSC::DFG::mightCompileFunctionForCall):
2260         (JSC::DFG::mightCompileFunctionForConstruct):
2261         (JSC::DFG::mightInlineFunctionForCall):
2262         (JSC::DFG::mightInlineFunctionForConstruct):
2263         (JSC::DFG::canInlineOpcode):
2264         (JSC::DFG::canInlineOpcodes):
2265         (JSC::DFG::canInlineFunctionForCall):
2266         (JSC::DFG::canInlineFunctionForConstruct):
2267         * dfg/DFGGraph.cpp:
2268         (JSC::DFG::printWhiteSpace):
2269         (JSC::DFG::Graph::dumpCodeOrigin):
2270         (JSC::DFG::Graph::dump):
2271         * dfg/DFGGraph.h:
2272         (JSC::DFG::GetBytecodeBeginForBlock::operator()):
2273         (JSC::DFG::Graph::blockIndexForBytecodeOffset):
2274         * dfg/DFGJITCompiler.cpp:
2275         (JSC::DFG::JITCompiler::decodedCodeMapFor):
2276         (JSC::DFG::JITCompiler::linkOSRExits):
2277         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
2278         * dfg/DFGJITCompiler.h:
2279         (JSC::DFG::JITCompiler::debugCall):
2280         (JSC::DFG::JITCompiler::baselineCodeBlockFor):
2281         * dfg/DFGJITCompiler32_64.cpp:
2282         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
2283         * dfg/DFGNode.h:
2284         (JSC::DFG::Node::hasVariableAccessData):
2285         (JSC::DFG::Node::shouldGenerate):
2286         * dfg/DFGOperands.h:
2287         (JSC::DFG::Operands::ensureLocals):
2288         (JSC::DFG::Operands::setLocal):
2289         (JSC::DFG::Operands::getLocal):
2290         * dfg/DFGPropagator.cpp:
2291         (JSC::DFG::Propagator::propagateNodePredictions):
2292         * dfg/DFGSpeculativeJIT.cpp:
2293         (JSC::DFG::OSRExit::OSRExit):
2294         (JSC::DFG::SpeculativeJIT::compile):
2295         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2296         * dfg/DFGSpeculativeJIT.h:
2297         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
2298         * dfg/DFGSpeculativeJIT32_64.cpp:
2299         (JSC::DFG::SpeculativeJIT::compile):
2300         * dfg/DFGSpeculativeJIT64.cpp:
2301         (JSC::DFG::SpeculativeJIT::compile):
2302         * interpreter/CallFrame.cpp:
2303         (JSC::CallFrame::trueCallerFrameSlow):
2304         * jit/JITCall.cpp:
2305         (JSC::JIT::compileOpCallSlowCase):
2306         * jit/JITStubs.cpp:
2307         (JSC::DEFINE_STUB_FUNCTION):
2308         * runtime/Executable.cpp:
2309         (JSC::FunctionExecutable::baselineCodeBlockFor):
2310         (JSC::FunctionExecutable::produceCodeBlockFor):
2311         (JSC::FunctionExecutable::compileForCallInternal):
2312         (JSC::FunctionExecutable::compileForConstructInternal):
2313         * runtime/Executable.h:
2314         (JSC::FunctionExecutable::profiledCodeBlockFor):
2315         (JSC::FunctionExecutable::parameterCount):
2316         * runtime/Heuristics.cpp:
2317         (JSC::Heuristics::initializeHeuristics):
2318         * runtime/Heuristics.h:
2319         * runtime/JSFunction.h:
2320
2321 2011-10-21  Mark Hahnenberg  <mhahnenberg@apple.com>
2322
2323         Add put to the MethodTable
2324         https://bugs.webkit.org/show_bug.cgi?id=70439
2325
2326         Reviewed by Oliver Hunt.
2327
2328         * JavaScriptCore.exp:
2329         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2330         * runtime/ClassInfo.h: Added put and putByIndex to the MethodTable.
2331         * runtime/JSFunction.h: Changed access modifier for put to protected since some
2332         subclasses of JSFunction need to reference it in their MethodTables.
2333
2334 2011-10-21  Mark Hahnenberg  <mhahnenberg@apple.com>
2335
2336         Add finalizer to JSObject
2337         https://bugs.webkit.org/show_bug.cgi?id=70336
2338
2339         Reviewed by Darin Adler.
2340
2341         * heap/MarkedBlock.cpp:
2342         (JSC::MarkedBlock::callDestructor): Skip the call to the destructor 
2343         if we're a JSFinalObject, since the finalizer takes care of things.
2344         * runtime/JSCell.h:
2345         (JSC::JSCell::~JSCell): Remove the GC validation due to a conflict with 
2346         future changes and the fact that we no longer always call the destructor, making 
2347         the information provided less useful.
2348         * runtime/JSObject.cpp:
2349         (JSC::JSObject::finalize): Add finalizer for JSObject.
2350         (JSC::JSObject::allocatePropertyStorage): The first time we need to allocate out-of-line
2351         property storage, we add a finalizer to ourself.
2352         * runtime/JSObject.h:
2353
2354 2011-10-21  Simon Hausmann  <simon.hausmann@nokia.com>
2355
2356         Remove QtScript source code from WebKit.
2357         https://bugs.webkit.org/show_bug.cgi?id=64088
2358
2359         Reviewed by Tor Arne Vestbø.
2360
2361         Removed dead code that isn't developed anymore.
2362
2363         * JavaScriptCore.gypi:
2364         * JavaScriptCore.pri:
2365         * qt/api/QtScript.pro: Removed.
2366         * qt/api/qscriptconverter_p.h: Removed.
2367         * qt/api/qscriptengine.cpp: Removed.
2368         * qt/api/qscriptengine.h: Removed.
2369         * qt/api/qscriptengine_p.cpp: Removed.
2370         * qt/api/qscriptengine_p.h: Removed.
2371         * qt/api/qscriptfunction.cpp: Removed.
2372         * qt/api/qscriptfunction_p.h: Removed.
2373         * qt/api/qscriptoriginalglobalobject_p.h: Removed.
2374         * qt/api/qscriptprogram.cpp: Removed.
2375         * qt/api/qscriptprogram.h: Removed.
2376         * qt/api/qscriptprogram_p.h: Removed.
2377         * qt/api/qscriptstring.cpp: Removed.
2378         * qt/api/qscriptstring.h: Removed.
2379         * qt/api/qscriptstring_p.h: Removed.
2380         * qt/api/qscriptsyntaxcheckresult.cpp: Removed.
2381         * qt/api/qscriptsyntaxcheckresult.h: Removed.
2382         * qt/api/qscriptsyntaxcheckresult_p.h: Removed.
2383         * qt/api/qscriptvalue.cpp: Removed.
2384         * qt/api/qscriptvalue.h: Removed.
2385         * qt/api/qscriptvalue_p.h: Removed.
2386         * qt/api/qscriptvalueiterator.cpp: Removed.
2387         * qt/api/qscriptvalueiterator.h: Removed.
2388         * qt/api/qscriptvalueiterator_p.h: Removed.
2389         * qt/api/qtscriptglobal.h: Removed.
2390         * qt/benchmarks/benchmarks.pri: Removed.
2391         * qt/benchmarks/benchmarks.pro: Removed.
2392         * qt/benchmarks/qscriptengine/qscriptengine.pro: Removed.
2393         * qt/benchmarks/qscriptengine/tst_qscriptengine.cpp: Removed.
2394         * qt/benchmarks/qscriptvalue/qscriptvalue.pro: Removed.
2395         * qt/benchmarks/qscriptvalue/tst_qscriptvalue.cpp: Removed.
2396         * qt/tests/qscriptengine/qscriptengine.pro: Removed.
2397         * qt/tests/qscriptengine/tst_qscriptengine.cpp: Removed.
2398         * qt/tests/qscriptstring/qscriptstring.pro: Removed.
2399         * qt/tests/qscriptstring/tst_qscriptstring.cpp: Removed.
2400         * qt/tests/qscriptvalue/qscriptvalue.pro: Removed.
2401         * qt/tests/qscriptvalue/tst_qscriptvalue.cpp: Removed.
2402         * qt/tests/qscriptvalue/tst_qscriptvalue.h: Removed.
2403         * qt/tests/qscriptvalue/tst_qscriptvalue_generated_comparison.cpp: Removed.
2404         * qt/tests/qscriptvalue/tst_qscriptvalue_generated_init.cpp: Removed.
2405         * qt/tests/qscriptvalue/tst_qscriptvalue_generated_istype.cpp: Removed.
2406         * qt/tests/qscriptvalue/tst_qscriptvalue_generated_totype.cpp: Removed.
2407         * qt/tests/qscriptvalueiterator/qscriptvalueiterator.pro: Removed.
2408         * qt/tests/qscriptvalueiterator/tst_qscriptvalueiterator.cpp: Removed.
2409         * qt/tests/tests.pri: Removed.
2410         * qt/tests/tests.pro: Removed.
2411
2412 2011-10-21  Zheng Liu  <zheng.z.liu@intel.com>
2413
2414         bytecompiler sometimes generates incorrect bytecode for put_by_id
2415         https://bugs.webkit.org/show_bug.cgi?id=70403
2416
2417         Reviewed by Filip Pizlo.
2418
2419         * bytecompiler/NodesCodegen.cpp:
2420         (JSC::AssignDotNode::emitBytecode):
2421         (JSC::AssignBracketNode::emitBytecode):
2422
2423 2011-10-20  Filip Pizlo  <fpizlo@apple.com>
2424
2425         DFG should not try to predict argument types by looking at the values of
2426         argument registers at the time of compilation
2427         https://bugs.webkit.org/show_bug.cgi?id=70578
2428
2429         Reviewed by Oliver Hunt.
2430
2431         * bytecode/CodeBlock.cpp:
2432         * dfg/DFGDriver.cpp:
2433         (JSC::DFG::compile):
2434         (JSC::DFG::tryCompile):
2435         (JSC::DFG::tryCompileFunction):
2436         * dfg/DFGDriver.h:
2437         (JSC::DFG::tryCompileFunction):
2438         * dfg/DFGGraph.cpp:
2439         (JSC::DFG::Graph::predictArgumentTypes):
2440         * dfg/DFGGraph.h:
2441         * runtime/Executable.cpp:
2442         (JSC::FunctionExecutable::compileOptimizedForCall):
2443         (JSC::FunctionExecutable::compileOptimizedForConstruct):
2444         (JSC::FunctionExecutable::compileForCallInternal):
2445         (JSC::FunctionExecutable::compileForConstructInternal):
2446         * runtime/Executable.h:
2447         (JSC::FunctionExecutable::compileForCall):
2448         (JSC::FunctionExecutable::compileForConstruct):
2449         (JSC::FunctionExecutable::compileFor):
2450         (JSC::FunctionExecutable::compileOptimizedFor):
2451
2452 2011-10-20  Filip Pizlo  <fpizlo@apple.com>
2453
2454         DFG call optimization handling will fail if the call had been unlinked due
2455         to the callee being optimized
2456         https://bugs.webkit.org/show_bug.cgi?id=70468
2457
2458         Reviewed by Geoff Garen.
2459         
2460         If a call had ever been linked, we remember this fact as well as the function
2461         to which it was linked even if unlinkIncomingCalls() or unlinkCalls() are
2462         called.
2463
2464         * bytecode/CodeBlock.cpp:
2465         (JSC::CodeBlock::visitAggregate):
2466         * bytecode/CodeBlock.h:
2467         * dfg/DFGByteCodeParser.cpp:
2468         (JSC::DFG::ByteCodeParser::parseBlock):
2469         * dfg/DFGRepatch.cpp:
2470         (JSC::DFG::dfgLinkFor):
2471         * jit/JIT.cpp:
2472         (JSC::JIT::linkFor):
2473
2474 2011-10-20  Yuqiang Xian  <yuqiang.xian@intel.com>
2475
2476         DFG JIT 32_64 - Fix ByteArray speculation
2477         https://bugs.webkit.org/show_bug.cgi?id=70571
2478
2479         Reviewed by Filip Pizlo.
2480
2481         * dfg/DFGSpeculativeJIT.h:
2482         (JSC::DFG::ValueSource::forPrediction):
2483         * dfg/DFGSpeculativeJIT32_64.cpp:
2484         (JSC::DFG::SpeculativeJIT::compile):
2485
2486 2011-10-20  Vincent Scheib  <scheib@chromium.org>
2487
2488         MouseLock compile and run time flags.
2489         https://bugs.webkit.org/show_bug.cgi?id=70530
2490
2491         Reviewed by Darin Fisher.
2492
2493         * wtf/Platform.h:
2494
2495 2011-10-20  Mark Hahnenberg  <mhahnenberg@apple.com>
2496
2497         Rename static deleteProperty to deletePropertyByIndex
2498         https://bugs.webkit.org/show_bug.cgi?id=70257
2499
2500         Reviewed by Geoffrey Garen.
2501
2502         Renaming versions of deleteProperty that use an unsigned as the property
2503         name to "deletePropertyByIndex" in preparation for adding them to the 
2504         MethodTable, which requires unique names for each method.
2505
2506         * API/JSCallbackObject.h:
2507         * API/JSCallbackObjectFunctions.h:
2508         (JSC::::deletePropertyVirtual):
2509         (JSC::::deletePropertyByIndex):
2510         * runtime/Arguments.cpp:
2511         (JSC::Arguments::deletePropertyVirtual):
2512         (JSC::Arguments::deletePropertyByIndex):
2513         * runtime/Arguments.h:
2514         * runtime/JSArray.cpp:
2515         (JSC::JSArray::deletePropertyVirtual):
2516         (JSC::JSArray::deletePropertyByIndex):
2517         * runtime/JSArray.h:
2518         * runtime/JSCell.cpp:
2519         (JSC::JSCell::deletePropertyVirtual):
2520         (JSC::JSCell::deletePropertyByIndex):
2521         * runtime/JSCell.h:
2522         * runtime/JSNotAnObject.cpp:
2523         (JSC::JSNotAnObject::deletePropertyVirtual):
2524         (JSC::JSNotAnObject::deletePropertyByIndex):
2525         * runtime/JSNotAnObject.h:
2526         * runtime/JSObject.cpp:
2527         (JSC::JSObject::deletePropertyVirtual):
2528         (JSC::JSObject::deletePropertyByIndex):
2529         * runtime/JSObject.h:
2530         * runtime/RegExpMatchesArray.h:
2531         (JSC::RegExpMatchesArray::deletePropertyVirtual):
2532         (JSC::RegExpMatchesArray::deletePropertyByIndex):
2533
2534 2011-10-20  Filip Pizlo  <fpizlo@apple.com>
2535
2536         https://bugs.webkit.org/show_bug.cgi?id=70482
2537         DFG-related stubs in the old JIT should not be built if the DFG is disabled
2538
2539         Reviewed by Zoltan Herczeg.
2540         
2541         Aiming for a slight code size/build time reduction if the DFG is not in
2542         play. This should also make further DFG development slightly easier since
2543         the bodies of these JIT stubs can now safely refer to things that are only
2544         declared when the DFG is enabled.
2545
2546         * jit/JITStubs.cpp:
2547         * jit/JITStubs.h:
2548
2549 2011-10-19  Filip Pizlo  <fpizlo@apple.com>
2550
2551         DFG ConvertThis emits slow code when the source node is known to be,
2552         but not predicted to be, a final object
2553         https://bugs.webkit.org/show_bug.cgi?id=70466
2554
2555         Reviewed by Oliver Hunt.
2556         
2557         Added a new case in ConvertThis compilation.
2558
2559         * dfg/DFGSpeculativeJIT32_64.cpp:
2560         (JSC::DFG::SpeculativeJIT::compile):
2561         * dfg/DFGSpeculativeJIT64.cpp:
2562         (JSC::DFG::SpeculativeJIT::compile):
2563
2564 2011-10-19  Filip Pizlo  <fpizlo@apple.com>
2565
2566         Optimization triggers in the old JIT may sometimes fire repeatedly even
2567         though there is no optimization to be done
2568         https://bugs.webkit.org/show_bug.cgi?id=70467
2569
2570         Reviewed by Oliver Hunt.
2571         
2572         If optimize_from_ret does nothing, it delays the next optimization trigger.
2573         This is performance-neutral.
2574
2575         * jit/JITStubs.cpp:
2576         (JSC::DEFINE_STUB_FUNCTION):
2577         * runtime/Heuristics.cpp:
2578         (JSC::Heuristics::initializeHeuristics):
2579
2580 2011-10-19  Yuqiang Xian  <yuqiang.xian@intel.com>
2581
2582         DFG JIT 32_64 - remove unnecessary double unboxings in fillDouble/fillSpeculateDouble
2583         https://bugs.webkit.org/show_bug.cgi?id=70460
2584
2585         Reviewed by Filip Pizlo.
2586
2587         As pointed out by Gavin in bug #70418, when a value is already in memory
2588         we can avoid loading it to two GPRs at first and then unboxing them to a FPR.
2589         This gives 9% improvement on Kraken if without the change in bug #70418,
2590         and 1% if based on the code with bug #70418 change.
2591         Performance is neutral in V8 and SunSpider.
2592
2593         * dfg/DFGJITCodeGenerator32_64.cpp:
2594         (JSC::DFG::JITCodeGenerator::fillDouble):
2595         * dfg/DFGSpeculativeJIT32_64.cpp:
2596         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2597
2598 2011-10-19  Gavin Barraclough  <barraclough@apple.com>
2599
2600         Poisoning of strict caller,arguments inappropriately poisoning "in"
2601         https://bugs.webkit.org/show_bug.cgi?id=63398
2602
2603         Reviewed by Oliver Hunt.
2604
2605         This fixes the problem by correctly implementing the spec -
2606         the error should actually be being thrown from a standard JS getter/setter.
2607         This implements spec correct behaviour for strict mode JS functions & bound
2608         functions, I'll follow up with a patch to do the same for arguments.
2609
2610         * runtime/JSBoundFunction.cpp:
2611         (JSC::JSBoundFunction::finishCreation):
2612             - Add the poisoned caller/arguments properties.
2613         * runtime/JSBoundFunction.h:
2614         * runtime/JSFunction.cpp:
2615         (JSC::JSFunction::finishCreation):
2616         (JSC::JSFunction::getOwnPropertySlot):
2617         (JSC::JSFunction::getOwnPropertyDescriptor):
2618         (JSC::JSFunction::put):
2619             - If the caller/arguments are accessed on a strict mode function, lazily add the ThrowTypeError getter.
2620         * runtime/JSFunction.h:
2621         * runtime/JSGlobalObject.cpp:
2622         (JSC::JSGlobalObject::createThrowTypeError):
2623         (JSC::JSGlobalObject::visitChildren):
2624         * runtime/JSGlobalObject.h:
2625         (JSC::JSGlobalObject::throwTypeErrorGetterSetter):
2626             - Add a ThrowTypeError type, per ES5 13.2.3.
2627         * runtime/JSGlobalObjectFunctions.cpp:
2628         (JSC::globalFuncThrowTypeError):
2629         * runtime/JSGlobalObjectFunctions.h:
2630             - Implementation of ThrowTypeError.
2631         * runtime/JSObject.cpp:
2632         (JSC::JSObject::initializeGetterSetterProperty):
2633         * runtime/JSObject.h:
2634             - This function adds a new property (must not exist already) that is an initialized getter/setter.
2635
2636 2011-10-19  Yuqiang Xian  <yuqiang.xian@intel.com>
2637
2638         DFG JIT 32_64 - improve double boxing/unboxing
2639         https://bugs.webkit.org/show_bug.cgi?id=70418
2640
2641         Reviewed by Gavin Barraclough.
2642
2643         Double boxing/unboxing in DFG JIT 32_64 is currently implemented inefficiently,
2644         which tries to exchange data through memory.
2645         On X86 some SSE instructions can help us on such operations with better performance.
2646         This improves 32-bit DFG performance by 29% on Kraken, 7% on SunSpider,
2647         and 2% on V8, tested on Linux X86 (Core i7 Nehalem).
2648
2649         * assembler/MacroAssemblerX86Common.h:
2650         (JSC::MacroAssemblerX86Common::lshiftPacked):
2651         (JSC::MacroAssemblerX86Common::rshiftPacked):
2652         (JSC::MacroAssemblerX86Common::orPacked):
2653         (JSC::MacroAssemblerX86Common::moveInt32ToPacked):
2654         (JSC::MacroAssemblerX86Common::movePackedToInt32):
2655         * assembler/X86Assembler.h:
2656         (JSC::X86Assembler::movd_rr):
2657         (JSC::X86Assembler::psllq_i8r):
2658         (JSC::X86Assembler::psrlq_i8r):
2659         (JSC::X86Assembler::por_rr):
2660         * dfg/DFGJITCodeGenerator.h:
2661         (JSC::DFG::JITCodeGenerator::boxDouble):
2662         (JSC::DFG::JITCodeGenerator::unboxDouble):
2663         * dfg/DFGJITCodeGenerator32_64.cpp:
2664         (JSC::DFG::JITCodeGenerator::fillDouble):
2665         (JSC::DFG::JITCodeGenerator::fillJSValue):
2666         (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
2667         (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
2668         (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
2669         (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
2670         * dfg/DFGJITCompiler.h:
2671         (JSC::DFG::JITCompiler::boxDouble):
2672         (JSC::DFG::JITCompiler::unboxDouble):
2673         * dfg/DFGSpeculativeJIT32_64.cpp:
2674         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2675         (JSC::DFG::SpeculativeJIT::convertToDouble):
2676         (JSC::DFG::SpeculativeJIT::compile):
2677
2678 2011-10-19  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2679
2680         [EFL] Fix DSO linkage of wtf_efl.
2681
2682         Unreviewed build fix.
2683
2684         Need to add -ldl to jsc_efl (requested by dladdr).
2685
2686         * wtf/CMakeListsEfl.txt:
2687
2688 2011-10-19  Geoffrey Garen  <ggaren@apple.com>
2689
2690         Removed StringImplBase, fusing it into StringImpl
2691         https://bugs.webkit.org/show_bug.cgi?id=70443
2692
2693         Reviewed by Gavin Barraclough.
2694
2695         * GNUmakefile.list.am:
2696         * JavaScriptCore.gypi:
2697         * JavaScriptCore.order:
2698         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
2699         * JavaScriptCore.xcodeproj/project.pbxproj:
2700         * wtf/CMakeLists.txt:
2701         * wtf/text/StringImpl.h:
2702         (WTF::StringImpl::StringImpl):
2703         (WTF::StringImpl::ref):
2704         (WTF::StringImpl::length):
2705         * wtf/text/StringImplBase.h: Removed.
2706         * wtf/wtf.pri: Removed!
2707
2708 2011-10-19  Mark Hahnenberg  <mhahnenberg@apple.com>
2709
2710         Add getConstructData to the MethodTable
2711         https://bugs.webkit.org/show_bug.cgi?id=70163
2712
2713         Reviewed by Geoffrey Garen.
2714
2715         Adding getConstructData to the MethodTable in order to be able to 
2716         remove all calls to getConstructDataVirtual soon.  Part of the process 
2717         of de-virtualizing JSCell.
2718
2719         * JavaScriptCore.exp:
2720         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2721         * runtime/ClassInfo.h:
2722
2723 2011-10-18  Oliver Hunt  <oliver@apple.com>
2724
2725         Support CanvasPixelArray in the DFG
2726         https://bugs.webkit.org/show_bug.cgi?id=70384
2727
2728         Reviewed by Filip Pizlo.
2729
2730         Add support for the old CanvasPixelArray optimisations to the
2731         DFG.  This removes the regression seen in the DFG when using
2732         a CPA.
2733
2734         * assembler/MacroAssemblerX86Common.h:
2735         (JSC::MacroAssemblerX86Common::store8):
2736         (JSC::MacroAssemblerX86Common::truncateDoubleToInt32):
2737         * assembler/X86Assembler.h:
2738         (JSC::X86Assembler::movb_rm):
2739         (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
2740         * bytecode/PredictedType.cpp:
2741         (JSC::predictionToString):
2742         (JSC::predictionFromClassInfo):
2743         * bytecode/PredictedType.h:
2744         (JSC::isByteArrayPrediction):
2745         * dfg/DFGAbstractState.cpp:
2746         (JSC::DFG::AbstractState::initialize):
2747         (JSC::DFG::AbstractState::execute):
2748         * dfg/DFGNode.h:
2749         (JSC::DFG::Node::shouldSpeculateByteArray):
2750         * dfg/DFGPropagator.cpp:
2751         (JSC::DFG::Propagator::propagateNodePredictions):
2752         (JSC::DFG::Propagator::fixupNode):
2753         (JSC::DFG::Propagator::performNodeCSE):
2754         * dfg/DFGSpeculativeJIT.cpp:
2755         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2756         (JSC::DFG::compileClampDoubleToByte):
2757         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
2758         (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
2759         * dfg/DFGSpeculativeJIT.h:
2760         * dfg/DFGSpeculativeJIT32_64.cpp:
2761         (JSC::DFG::SpeculativeJIT::compile):
2762         * dfg/DFGSpeculativeJIT64.cpp:
2763         (JSC::DFG::SpeculativeJIT::compile):
2764         * runtime/JSByteArray.h:
2765         (JSC::JSByteArray::offsetOfStorage):
2766         * wtf/ByteArray.cpp:
2767         * wtf/ByteArray.h:
2768         (WTF::ByteArray::offsetOfSize):
2769         (WTF::ByteArray::offsetOfData):
2770
2771 2011-10-18  Geoffrey Garen  <ggaren@apple.com>
2772
2773         Some rope cleanup following r97827
2774         https://bugs.webkit.org/show_bug.cgi?id=70398
2775
2776         Reviewed by Oliver Hunt.
2777
2778         9% speedup on date-format-xparb, neutral overall.
2779         
2780         - Removed RopeImpl*.
2781         - Removed JSString::m_fiberCount, since this can be deduced from other data.
2782         - Renamed a jsString() variant to jsStringFromArguments for clarity.
2783
2784         * CMakeLists.txt:
2785         * GNUmakefile.list.am:
2786         * JavaScriptCore.order:
2787         * JavaScriptCore.pro:
2788         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2789         * JavaScriptCore.xcodeproj/project.pbxproj: Removed RopeImpl*.
2790
2791         * dfg/DFGSpeculativeJIT.cpp:
2792         (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
2793         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
2794         * jit/JITInlineMethods.h:
2795         (JSC::JIT::emitLoadCharacterString):
2796         * jit/JITPropertyAccess.cpp:
2797         (JSC::JIT::stringGetByValStubGenerator):
2798         * jit/JITPropertyAccess32_64.cpp:
2799         (JSC::JIT::stringGetByValStubGenerator):
2800         * jit/SpecializedThunkJIT.h:
2801         (JSC::SpecializedThunkJIT::loadJSStringArgument):
2802         * jit/ThunkGenerators.cpp:
2803         (JSC::stringCharLoad): Use a NULL m_value to signal rope-iness, instead
2804         of testing m_fiberCount, since m_fiberCount is gone now.
2805
2806         * runtime/JSString.cpp:
2807         (JSC::JSString::RopeBuilder::expand):
2808         (JSC::JSString::visitChildren):
2809         (JSC::JSString::resolveRope):
2810         (JSC::JSString::resolveRopeSlowCase):
2811         (JSC::JSString::outOfMemory): Use a NULL fiber to indicate "last fiber
2812         in the vector" instead of testing m_fiberCount, since m_fiberCount is gone now.
2813
2814         * runtime/JSString.h:
2815         (JSC::RopeBuilder::JSString):
2816         (JSC::RopeBuilder::finishCreation):
2817         (JSC::RopeBuilder::offsetOfLength):
2818         (JSC::RopeBuilder::isRope):
2819         (JSC::RopeBuilder::string): Removed m_fiberCount. Renamed
2820         jsString => jsStringFromArguments for clarity.
2821
2822         * runtime/Operations.h:
2823         (JSC::jsStringFromArguments): Renamed.
2824
2825         * runtime/RopeImpl.cpp: Removed.
2826         * runtime/RopeImpl.h: Removed.
2827
2828         * runtime/SmallStrings.cpp:
2829         (JSC::SmallStrings::createEmptyString): Switched to StringImpl::empty,
2830         which is slightly faster.
2831
2832         * runtime/StringPrototype.cpp:
2833         (JSC::stringProtoFuncConcat): Updated for rename.
2834
2835         * wtf/text/StringImplBase.h:
2836         (WTF::StringImplBase::StringImplBase): Removed the concept of an invalid
2837         StringImpl, since this was only used by RopeImpl, which is now gone.
2838
2839 2011-10-19  Rafael Antognolli  <antognolli@profusion.mobi>
2840
2841         [EFL] Fix DSO linkage of jsc_efl.
2842         https://bugs.webkit.org/show_bug.cgi?id=70412
2843
2844         Unreviewed build fix.
2845
2846         Need to add -ldl to jsc_efl (requested by dladdr).
2847
2848         * shell/CMakeListsEfl.txt:
2849
2850 2011-10-18  Geoffrey Garen  <ggaren@apple.com>
2851
2852         Rolled out last Windows build fix because it was wrong.
2853
2854 2011-10-18  Geoffrey Garen  <ggaren@apple.com>
2855
2856         Rolled out last Windows build fix because it was wrong.
2857
2858 2011-10-18  Geoffrey Garen  <ggaren@apple.com>
2859
2860         Try to fix part of the Windows build.
2861         
2862         Export!
2863
2864 2011-10-18  Geoffrey Garen  <ggaren@apple.com>
2865
2866         Switched ropes from malloc memory to GC memory
2867         https://bugs.webkit.org/show_bug.cgi?id=70364
2868
2869         Reviewed by Gavin Barraclough.
2870
2871         ~1% SunSpider speedup. Neutral elsewhere. Removes one cause for strings
2872         having C++ destructors.
2873
2874         * heap/MarkStack.cpp:
2875         (JSC::visitChildren): Call the JSString visitChildren function now,
2876         since it's no longer a no-op.
2877
2878         * runtime/JSString.cpp:
2879         (JSC::JSString::~JSString): Moved this destructor out of line because
2880         it's called virtually, so there's no value to inlining.
2881
2882         (JSC::JSString::RopeBuilder::expand): Switched RopeBuilder to be a thin
2883         initializing wrapper around JSString. JSString now represents ropes
2884         directly, rather than relying on an underlying malloc object.
2885
2886         (JSC::JSString::visitChildren): Visit our rope fibers, since they're GC
2887         objects now.
2888
2889         (JSC::JSString::resolveRope):
2890         (JSC::JSString::resolveRopeSlowCase):
2891         (JSC::JSString::outOfMemory): Updated for operating on JSStrings instead
2892         of malloc objects.
2893
2894         (JSC::JSString::replaceCharacter): Removed optimizations for substringing
2895         ropes and replacing subsections of ropes. We want to reimplement versions
2896         of these optimizations in the future, but this patch already has good
2897         performance without them.
2898
2899         * runtime/JSString.h:
2900         (JSC::RopeBuilder::JSString):
2901         (JSC::RopeBuilder::finishCreation):
2902         (JSC::RopeBuilder::createNull):
2903         (JSC::RopeBuilder::create):
2904         (JSC::RopeBuilder::createHasOtherOwner):
2905         (JSC::jsSingleCharacterString):
2906         (JSC::jsSingleCharacterSubstring):
2907         (JSC::jsNontrivialString):
2908         (JSC::jsString):
2909         (JSC::jsSubstring):
2910         (JSC::jsOwnedString): Lots of mechanical changes here. The two important
2911         things are: (1) The fibers in JSString::m_fibers are JSStrings now, not
2912         malloc objects; (2) I simplified the JSString constructor interface to
2913         only accept PassRefPtr<StringImpl>, instead of variations on that like
2914         UString, reducing refcount churn.
2915
2916         * runtime/JSValue.h:
2917         * runtime/JSValue.cpp:
2918         (JSC::JSValue::toPrimitiveString): Updated this function to return a
2919         JSString instead of a UString, since that's what clients want now.
2920
2921         * runtime/Operations.cpp:
2922         (JSC::jsAddSlowCase):
2923         * runtime/Operations.h:
2924         (JSC::jsString):
2925         * runtime/SmallStrings.cpp:
2926         (JSC::SmallStrings::createEmptyString): Updated for interface changes above.
2927
2928         * runtime/StringConstructor.cpp:
2929         (JSC::constructWithStringConstructor):
2930         * runtime/StringObject.h:
2931         (JSC::StringObject::create): Don't create a new JSString if we already
2932         have a JSString.
2933
2934         * runtime/StringPrototype.cpp:
2935         (JSC::stringProtoFuncConcat): Updated for interface changes above.
2936
2937 2011-10-18  Gavin Barraclough  <barraclough@apple.com>
2938
2939         Errrk, fix partial commit of r97825!
2940
2941         * runtime/DatePrototype.cpp:
2942         (JSC::dateProtoFuncToISOString):
2943
2944 2011-10-18  Gavin Barraclough  <barraclough@apple.com>
2945
2946         Date.prototype.toISOString fails to throw exception
2947         https://bugs.webkit.org/show_bug.cgi?id=70394
2948
2949         Reviewed by Sam Weinig.
2950
2951         * runtime/DatePrototype.cpp:
2952         (JSC::dateProtoFuncToISOString):
2953             - Should throw a range error if the internal value is not finite.
2954
2955 2011-10-18  Mark Hahnenberg  <mhahnenberg@apple.com>
2956
2957         Rename static put to putByIndex
2958         https://bugs.webkit.org/show_bug.cgi?id=70281
2959
2960         Reviewed by Geoffrey Garen.
2961
2962         Renaming versions of deleteProperty that use an unsigned as the property
2963         name to "deletePropertyByIndex" in preparation for adding them to the 
2964         MethodTable, which requires unique names for each method.
2965
2966         * dfg/DFGOperations.cpp:
2967         (JSC::DFG::putByVal):
2968         * jit/JITStubs.cpp:
2969         (JSC::DEFINE_STUB_FUNCTION):
2970         * runtime/Arguments.cpp:
2971         (JSC::Arguments::putVirtual):
2972         (JSC::Arguments::putByIndex):
2973         * runtime/Arguments.h:
2974         * runtime/ArrayPrototype.cpp:
2975         (JSC::arrayProtoFuncMap):
2976         * runtime/JSArray.cpp:
2977         (JSC::JSArray::put):
2978         (JSC::JSArray::putVirtual):
2979         (JSC::JSArray::putByIndex):
2980         * runtime/JSArray.h:
2981         * runtime/JSByteArray.cpp:
2982         (JSC::JSByteArray::putVirtual):
2983         (JSC::JSByteArray::putByIndex):
2984         * runtime/JSByteArray.h:
2985         * runtime/JSCell.cpp:
2986         (JSC::JSCell::putVirtual):
2987         (JSC::JSCell::putByIndex):
2988         * runtime/JSCell.h:
2989         * runtime/JSNotAnObject.cpp:
2990         (JSC::JSNotAnObject::putVirtual):
2991         (JSC::JSNotAnObject::putByIndex):
2992         * runtime/JSNotAnObject.h:
2993         * runtime/JSObject.cpp:
2994         (JSC::JSObject::putVirtual):
2995         (JSC::JSObject::putByIndex):
2996         * runtime/JSObject.h:
2997         * runtime/RegExpConstructor.cpp:
2998         (JSC::RegExpMatchesArray::fillArrayInstance):
2999         * runtime/RegExpMatchesArray.h:
3000         (JSC::RegExpMatchesArray::putVirtual):
3001         (JSC::RegExpMatchesArray::putByIndex):
3002
3003 2011-10-18  Gavin Barraclough  <barraclough@apple.com>
3004
3005         Array.prototype methods missing exception checks
3006         https://bugs.webkit.org/show_bug.cgi?id=70360
3007
3008         Reviewed by Geoff Garen.
3009
3010         Missing exception checks after calls to the static getProperty helper,
3011         these may result in the wrong exception being thrown (or an ASSERT being hit,
3012         as is currently the case running test-262).
3013
3014         No performance impact.
3015
3016         * runtime/ArrayPrototype.cpp:
3017         (JSC::arrayProtoFuncConcat):
3018         (JSC::arrayProtoFuncReverse):
3019         (JSC::arrayProtoFuncShift):
3020         (JSC::arrayProtoFuncSlice):
3021         (JSC::arrayProtoFuncSplice):
3022         (JSC::arrayProtoFuncUnShift):
3023         (JSC::arrayProtoFuncReduce):
3024         (JSC::arrayProtoFuncReduceRight):
3025         (JSC::arrayProtoFuncIndexOf):
3026         (JSC::arrayProtoFuncLastIndexOf):
3027
3028 2011-10-18  Adam Barth  <abarth@webkit.org>
3029
3030         Always enable ENABLE(XPATH)
3031         https://bugs.webkit.org/show_bug.cgi?id=70217
3032
3033         Reviewed by Eric Seidel.
3034
3035         * Configurations/FeatureDefines.xcconfig:
3036
3037 2011-10-18  Gavin Barraclough  <barraclough@apple.com>
3038
3039         Indexed arguments on the Arguments object should be enumerable.
3040         https://bugs.webkit.org/show_bug.cgi?id=70302
3041
3042         Reviewed by Sam Weinig.
3043
3044         See ECMA-262 5.1 chapter 10.6 step 11b.
3045         This is visible through a number of means, including Object.keys, Object.getOwnPropertyDescriptor, and operator in.
3046
3047         * runtime/Arguments.cpp:
3048         (JSC::Arguments::getOwnPropertyDescriptor):
3049             - The 'enumerable' property should be true for indexed arguments.
3050         (JSC::Arguments::getOwnPropertyNames):
3051             - Don't guard the adding of indexed properties with 'IncludeDontEnumProperties'.
3052
3053 2011-10-18  Gustavo Noronha Silva  <gns@gnome.org>
3054
3055         Fix distcheck.
3056
3057         * GNUmakefile.list.am: fix a typo and add a missing header to the
3058         list.
3059
3060 2011-10-18  Balazs Kelemen  <kbalazs@webkit.org>
3061
3062         ParallelJobs: maximum number of threads should be determined dynamically
3063         https://bugs.webkit.org/show_bug.cgi?id=68540
3064
3065         Reviewed by Zoltan Herczeg.
3066
3067         Add logic to determine the number of cores and use this as
3068         the maximum number of threads. The implementation currently
3069         covers Linux, Darwin, Windows, AIX, Solaris, OpenBSD and NetBSD.
3070         The patch was tested on Linux, Mac and Windows which was enough to
3071         cover all code path. It should work on the rest accoring to the
3072         documentation of those OS's. The hard coded constant is still used
3073         on uncovered OS's which should be fixed in the future.
3074
3075         * wtf/ParallelJobs.h: Removed the default value of the requestedJobNumber
3076         argument because clients should always fill it and the 0 default value
3077         was incorrect anyway.
3078         (WTF::ParallelJobs::ParallelJobs):
3079         * wtf/ParallelJobsGeneric.cpp:
3080         (WTF::ParallelEnvironment::determineMaxNumberOfParallelThreads):
3081         * wtf/ParallelJobsGeneric.h:
3082         (WTF::ParallelEnvironment::ParallelEnvironment):
3083
3084 2011-10-17  Gavin Barraclough  <barraclough@apple.com>
3085
3086         Reverted r997709, this caused test failures.
3087
3088         * jit/JITStubs.cpp:
3089         (JSC::DEFINE_STUB_FUNCTION):
3090         * runtime/JSObject.cpp:
3091         (JSC::JSObject::hasProperty):
3092         (JSC::JSObject::hasOwnProperty):
3093
3094 2011-10-17  Ryosuke Niwa  <rniwa@webkit.org>
3095
3096         Rename deregister* to unregister*
3097         https://bugs.webkit.org/show_bug.cgi?id=70272
3098
3099         Reviewed by Darin Adler.
3100
3101         Renamed deregisterWeakMap to unregisterWeakMap.
3102
3103         * runtime/JSGlobalObject.h:
3104         (JSC::JSGlobalObject::unregisterWeakMap):
3105
3106 2011-10-17  Gavin Barraclough  <barraclough@apple.com>
3107
3108         Poisoning of strict caller/arguments inappropriately poisoning "in"
3109         https://bugs.webkit.org/show_bug.cgi?id=63398
3110
3111         Reviewed by Sam Weinig.
3112
3113         The problem here is that the has[Own]Property methods get the slot rather than
3114         the descriptor, and getting the slot may cause the property to be eagerly accessed.
3115
3116         * jit/JITStubs.cpp:
3117         (JSC::DEFINE_STUB_FUNCTION):
3118             - We don't expect hasProperty to ever throw. If it does, it won't get caught
3119               (since it is after the exception check), so ASSERT to guard against this.
3120         * runtime/JSObject.cpp:
3121         (JSC::JSObject::hasProperty):
3122         (JSC::JSObject::hasOwnProperty):
3123             - These methods should not check for the presence of the descriptor; never get the value.
3124
3125 2011-10-17  Gavin Barraclough  <barraclough@apple.com>
3126
3127         Exception ordering in String.prototype.replace
3128         https://bugs.webkit.org/show_bug.cgi?id=70290
3129
3130         If pattern is not a regexp, it should be converted toString before the replacement value has it's toString conversion called.
3131
3132         Reviewed by Oliver Hunt.
3133
3134         * runtime/StringPrototype.cpp:
3135         (JSC::stringProtoFuncReplace):
3136
3137 2011-10-17  Filip Pizlo  <fpizlo@apple.com>
3138
3139         DFG bytecode parser should understand inline stacks
3140         https://bugs.webkit.org/show_bug.cgi?id=70278
3141
3142         Reviewed by Oliver Hunt.
3143         
3144         The DFG bytecode parser is now capable of parsing multiple code blocks at
3145         once. This remains turned off since not all inlining functionality is
3146         implemented.       
3147         
3148         This required making a few changes elsewhere in the system. The bytecode
3149         parser now may do some of the same things that the bytecode generator does,
3150         like allocating constants and identifiers. Basic block linking relies on
3151         bytecode indices, which are only meaningful within the context of one basic
3152         block. This is fine, so long as linking is done eagerly whenever switching
3153         from one code block to another.
3154
3155         * bytecode/CodeOrigin.h:
3156         (JSC::CodeOrigin::CodeOrigin):
3157         * bytecompiler/BytecodeGenerator.h:
3158         * dfg/DFGBasicBlock.h:
3159         * dfg/DFGByteCodeParser.cpp:
3160         (JSC::DFG::ByteCodeParser::ByteCodeParser):
3161         (JSC::DFG::ByteCodeParser::get):
3162         (JSC::DFG::ByteCodeParser::set):
3163         (JSC::DFG::ByteCodeParser::getThis):
3164         (JSC::DFG::ByteCodeParser::setThis):
3165         (JSC::DFG::ByteCodeParser::currentCodeOrigin):
3166         (JSC::DFG::ByteCodeParser::getPrediction):
3167         (JSC::DFG::ByteCodeParser::makeSafe):
3168         (JSC::DFG::ByteCodeParser::makeDivSafe):
3169         (JSC::DFG::ByteCodeParser::InlineStackEntry::executable):
3170         (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry):
3171         (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
3172         (JSC::DFG::ByteCodeParser::parseBlock):
3173         (JSC::DFG::ByteCodeParser::linkBlock):
3174         (JSC::DFG::ByteCodeParser::linkBlocks):
3175         (JSC::DFG::ByteCodeParser::setupPredecessors):
3176         (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
3177         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
3178         (JSC::DFG::ByteCodeParser::parseCodeBlock):
3179         (JSC::DFG::ByteCodeParser::parse):
3180         * dfg/DFGGraph.h:
3181         (JSC::DFG::GetBytecodeBeginForBlock::GetBytecodeBeginForBlock):
3182         (JSC::DFG::GetBytecodeBeginForBlock::operator()):
3183         (JSC::DFG::Graph::blockIndexForBytecodeOffset):
3184         * dfg/DFGNode.h:
3185         * runtime/Identifier.h:
3186         (JSC::IdentifierMapIndexHashTraits::emptyValue):
3187         * runtime/JSValue.h:
3188         * wtf/StdLibExtras.h:
3189         (WTF::binarySearchWithFunctor):
3190
3191 2011-10-17  Gavin Barraclough  <barraclough@apple.com>
3192
3193         Incorrect behavior from String match/search & undefined pattern
3194         https://bugs.webkit.org/show_bug.cgi?id=70286
3195
3196         Reviewed by Sam weinig.
3197
3198         * runtime/StringPrototype.cpp:
3199         (JSC::stringProtoFuncMatch):
3200             - In case of undefined, pattern is "".
3201         (JSC::stringProtoFuncSearch):
3202             - In case of undefined, pattern is "".
3203
3204 2011-10-17  Gavin Barraclough  <barraclough@apple.com>
3205
3206         https://bugs.webkit.org/show_bug.cgi?id=70207
3207         After deleting __defineSetter__, it is absent but appears in name list
3208
3209         Reviewed by Darin Adler.
3210
3211         * runtime/JSObject.cpp:
3212         (JSC::JSObject::getOwnPropertyNames):
3213             - This should check whether static functions have been reified.
3214
3215 2011-10-17  Geoffrey Garen  <ggaren@apple.com>
3216
3217         Mac build fix.
3218
3219         * JavaScriptCore.exp: Export!
3220
3221 2011-10-17  Geoffrey Garen  <ggaren@apple.com>
3222
3223         Windows build fix.
3224
3225         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export!
3226
3227 2011-10-17  Geoffrey Garen  <ggaren@apple.com>
3228
3229         Windows build fix.
3230
3231         * heap/HandleStack.cpp: Added a missing #include.
3232
3233 2011-10-17  Geoffrey Garen  <ggaren@apple.com>
3234
3235         Windows build fix.
3236
3237         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed no
3238         longer existant symbol.
3239
3240         * heap/MarkStack.cpp:
3241         (JSC::MarkStackArray::shrinkAllocation): Cast to the right type.
3242
3243 2011-10-17  Geoffrey Garen  <ggaren@apple.com>
3244
3245         Simplified GC marking logic
3246         https://bugs.webkit.org/show_bug.cgi?id=70258
3247
3248         Reviewed by Filip Pizlo.
3249         
3250         No perf. change.
3251         
3252         This is a first step toward GC allocating string backing stores, starting
3253         with ropes. It also enables future simplifications and optimizations.
3254         
3255         - Replaced some complex mark stack logic with a simple linear stack of
3256         JSCell pointers.
3257         
3258         - Replaced logic for short-circuiting marking based on JSType and/or
3259         Structure flags with special cases for object, array, and string.
3260         
3261         - Fiddled with inlining for better codegen.
3262
3263         * JavaScriptCore.exp:
3264         * heap/HandleStack.cpp: Build!
3265
3266         * heap/Heap.cpp:
3267         (JSC::Heap::Heap): Provide more vptrs to SlotVisitor, for use in marking.
3268
3269         * heap/HeapRootVisitor.h: Removed unused functions that no longer build.
3270
3271         * heap/MarkStack.cpp:
3272         (JSC::MarkStackArray::MarkStackArray):
3273         (JSC::MarkStackArray::~MarkStackArray):
3274         (JSC::MarkStackArray::expand):
3275         (JSC::MarkStackArray::shrinkAllocation):
3276         (JSC::MarkStack::reset):
3277         (JSC::visitChildren):
3278         (JSC::SlotVisitor::drain):
3279         * heap/MarkStack.h:
3280         (JSC::MarkStack::MarkStack):
3281         (JSC::MarkStack::~MarkStack):
3282         (JSC::MarkStackArray::append):
3283         (JSC::MarkStackArray::removeLast):
3284         (JSC::MarkStackArray::isEmpty):
3285         (JSC::MarkStack::append):
3286         (JSC::MarkStack::appendUnbarrieredPointer):
3287         (JSC::MarkStack::internalAppend): Replaced complex mark set logic with
3288         simple linear stack.
3289
3290         * heap/SlotVisitor.h:
3291         (JSC::SlotVisitor::SlotVisitor): Updated for above changes.
3292
3293         * runtime/JSArray.cpp:
3294         (JSC::JSArray::visitChildren):
3295         * runtime/JSArray.h:
3296         * runtime/JSObject.cpp:
3297         (JSC::JSObject::visitChildren):
3298         * runtime/JSObject.h: Don't inline visitChildren; it's too big.
3299
3300         * runtime/Structure.h:
3301         (JSC::MarkStack::internalAppend): Nixed the short-circuit for CompoundType
3302         because it prevented strings from owning GC pointers.
3303
3304         * runtime/WriteBarrier.h:
3305         (JSC::MarkStack::appendValues): No need to validate; internalAppend will
3306         do that for us.
3307
3308 2011-10-17  Adam Roben  <aroben@apple.com>
3309
3310         Windows build fix after r97536, part 3
3311
3312         * runtime/JSAPIValueWrapper.h:
3313         * runtime/JSObject.h:
3314         Use JS_EXPORTDATA to export the s_info members.
3315
3316 2011-10-17  Adam Roben  <aroben@apple.com>
3317
3318         Interpreter build fix after r97564
3319
3320         * runtime/Executable.cpp:
3321         (JSC::FunctionExecutable::compileForCallInternal):
3322         (JSC::FunctionExecutable::compileForConstructInternal):
3323         Moved declaration of globalData variable into ENABLE(JIT) blocks, since it is only used
3324         there.
3325
3326 2011-10-17  Adam Roben  <aroben@apple.com>
3327
3328         Windows build fix after r97536, part 2
3329
3330         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Added back
3331         JSC::setUpStaticFunctionSlot with its new mangled name. SOrted the rest of the file while I
3332         was at it.
3333
3334 2011-10-17  Adam Roben  <aroben@apple.com>
3335
3336         Windows build fix after r97536
3337
3338         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed export of
3339         JSC::setUpStaticFunctionSlot, which no longer exists. Also removed incorrect exports of
3340         s_info members, which need to be exported via JS_EXPORTDATA instead.
3341
3342 2011-10-17  Patrick Gansterer  <paroga@webkit.org>
3343
3344         Interpreter build fix after r97436, r97506, r97532 and r97537.
3345
3346         * interpreter/Interpreter.cpp:
3347         (JSC::Interpreter::privateExecute):
3348
3349 2011-10-16  Adam Barth  <abarth@webkit.org>
3350
3351         Always disable ENABLE(ON_FIRST_TEXTAREA_FOCUS_SELECT_ALL) and delete associated code
3352         https://bugs.webkit.org/show_bug.cgi?id=70216
3353
3354         Reviewed by Eric Seidel.
3355
3356         * wtf/Platform.h:
3357
3358 2011-10-16  Noel Gordon  <noel.gordon@gmail.com>
3359
3360         [chromium] Remove PageAllocatorSymbian.h, OSAllocatorSymbian.cpp, gtk/ThreadingGtk.cpp from gyp project files
3361         https://bugs.webkit.org/show_bug.cgi?id=70205
3362
3363         Reviewed by James Robinson.
3364
3365         wtf/PageAllocatorSymbian.h and wtf/OSAllocatorSymbian.cpp were removed in r97557.
3366         wtf/gtk/ThreadingGtk.cpp was removed in r97269.
3367
3368         * JavaScriptCore.gypi:
3369
3370 2011-10-16  Adam Barth  <abarth@webkit.org>
3371
3372         Always enable ENABLE(DOM_STORAGE)
3373         https://bugs.webkit.org/show_bug.cgi?id=70189
3374
3375         Reviewed by Eric Seidel.
3376
3377         * Configurations/FeatureDefines.xcconfig:
3378
3379 2011-10-15  Dan Horák <dan@danny.cz>
3380
3381         The s390 and s390x architectures both use 64-bit double type
3382         that conforms to the IEEE-754 standard.
3383
3384         https://bugs.webkit.org/show_bug.cgi?id=69940
3385
3386         Reviewed by Gavin Barraclough.
3387
3388         * wtf/dtoa/utils.h:
3389
3390 2011-10-14  Filip Pizlo  <fpizlo@apple.com>
3391
3392         FunctionExecutable should expose the ability to create unattached FunctionCodeBlocks
3393         https://bugs.webkit.org/show_bug.cgi?id=70157
3394
3395         Reviewed by Geoff Garen.
3396         
3397         Added FunctionExecutable::produceCodeBlockFor() and rewired compileForCallInternal()
3398         and compileForConstructInternal() to use this method. This required more cleanly
3399         exposing some of CodeBlock's tiering functionality and moving the CompilationKind
3400         enum to Executable.h, as this was the easiest way to make it available to the
3401         declarations/definitions of CodeBlock, FunctionExecutable, and BytecodeGenerator.
3402
3403         * bytecode/CodeBlock.cpp:
3404         (JSC::CodeBlock::copyDataFrom):
3405         (JSC::CodeBlock::copyDataFromAlternative):
3406         * bytecode/CodeBlock.h:
3407         (JSC::CodeBlock::setAlternative):
3408         * bytecompiler/BytecodeGenerator.h:
3409         * runtime/Executable.cpp:
3410         (JSC::EvalExecutable::compileInternal):
3411         (JSC::ProgramExecutable::compileInternal):
3412         (JSC::FunctionExecutable::produceCodeBlockFor):
3413         (JSC::FunctionExecutable::compileForCallInternal):
3414         (JSC::FunctionExecutable::compileForConstructInternal):
3415         * runtime/Executable.h:
3416         (JSC::FunctionExecutable::codeBlockFor):
3417
3418 2011-10-15  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
3419
3420         [Qt] [Symbian] Remove support for the Symbian platform for the QtWebKit port
3421         https://bugs.webkit.org/show_bug.cgi?id=69920
3422
3423         Reviewed by Kenneth Rohde Christiansen.
3424
3425         * JavaScriptCore.pri:
3426         * JavaScriptCore.pro:
3427         * heap/MarkStack.h:
3428         (JSC::::shrinkAllocation):
3429         * jit/ExecutableAllocator.cpp:
3430         * jit/ExecutableAllocator.h:
3431         (JSC::ExecutableAllocator::cacheFlush):
3432         * jit/JITStubs.cpp:
3433         * jsc.pro:
3434         * runtime/ArrayPrototype.cpp:
3435         (JSC::arrayProtoFuncToString):
3436         * runtime/DatePrototype.cpp:
3437         (JSC::formatLocaleDate):
3438         * runtime/StringPrototype.cpp:
3439         (JSC::stringProtoFuncLastIndexOf):
3440         * runtime/TimeoutChecker.cpp:
3441         (JSC::getCPUTime):
3442         * wtf/Assertions.cpp:
3443         * wtf/Assertions.h: