[Qt] Replace use of QApplication with QGuiApplication
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-11-08  Simon Hausmann  <simon.hausmann@nokia.com>
2
3         [Qt] Replace use of QApplication with QGuiApplication
4         https://bugs.webkit.org/show_bug.cgi?id=71794
5
6         Reviewed by Andreas Kling.
7
8         Add compat headers for use when building with Qt 4: QGuiApplication
9         is typedef'ed to QApplication.
10
11         * wtf/qt/compat/QGuiApplication: Added.
12         * wtf/qt/compat/qguiapplication.h: Added.
13
14 2011-11-08  Sheriff Bot  <webkit.review.bot@gmail.com>
15
16         Unreviewed, rolling out r99647.
17         http://trac.webkit.org/changeset/99647
18         https://bugs.webkit.org/show_bug.cgi?id=71876
19
20         It broke jsc and layout tests on all bot (Requested by
21         Ossy_night on #webkit).
22
23         * assembler/MacroAssemblerARM.h:
24         (JSC::MacroAssemblerARM::supportsFloatingPoint):
25         (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
26         (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
27         (JSC::MacroAssemblerARM::supportsDoubleBitops):
28         (JSC::MacroAssemblerARM::andnotDouble):
29         * assembler/MacroAssemblerARMv7.h:
30         (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
31         (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
32         (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
33         (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
34         * assembler/MacroAssemblerMIPS.h:
35         (JSC::MacroAssemblerMIPS::andnotDouble):
36         (JSC::MacroAssemblerMIPS::supportsFloatingPoint):
37         (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
38         (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
39         (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
40         * assembler/MacroAssemblerSH4.h:
41         (JSC::MacroAssemblerSH4::supportsFloatingPoint):
42         (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
43         (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
44         (JSC::MacroAssemblerSH4::supportsDoubleBitops):
45         (JSC::MacroAssemblerSH4::andnotDouble):
46         * assembler/MacroAssemblerX86.h:
47         (JSC::MacroAssemblerX86::MacroAssemblerX86):
48         (JSC::MacroAssemblerX86::supportsFloatingPoint):
49         (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
50         (JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
51         (JSC::MacroAssemblerX86::supportsDoubleBitops):
52         * assembler/MacroAssemblerX86Common.h:
53         (JSC::MacroAssemblerX86Common::andnotDouble):
54         * assembler/MacroAssemblerX86_64.h:
55         (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
56         (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
57         (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
58         (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
59         * assembler/X86Assembler.h:
60         * dfg/DFGByteCodeParser.cpp:
61         (JSC::DFG::ByteCodeParser::handleIntrinsic):
62         * dfg/DFGSpeculativeJIT32_64.cpp:
63         (JSC::DFG::SpeculativeJIT::compile):
64         * dfg/DFGSpeculativeJIT64.cpp:
65         (JSC::DFG::SpeculativeJIT::compile):
66         * jit/ThunkGenerators.cpp:
67         (JSC::absThunkGenerator):
68         * runtime/JSGlobalData.cpp:
69
70 2011-11-08  Gavin Barraclough  <barraclough@apple.com>
71
72         Better abstract 'abs' operation through the MacroAssembler.
73         https://bugs.webkit.org/show_bug.cgi?id=71873
74
75         Reviewed by Geoff Garen.
76
77         Currently the x86 specific instruction sequence to perform a double abs
78         is duplicated throughout the JITs / thunk generators.
79
80         * assembler/MacroAssemblerARM.h:
81         (JSC::MacroAssemblerARM::supportsFloatingPoint):
82         (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
83         (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
84         (JSC::MacroAssemblerARM::supportsFloatingPointAbs):
85         (JSC::MacroAssemblerARM::absDouble):
86             - Renamed supportsFloatingPointAbs, make these methods static so that
87               we can check the JIT's capabilites before we begin compilation.
88         * assembler/MacroAssemblerARMv7.h:
89         (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
90         (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
91         (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
92         (JSC::MacroAssemblerARMv7::supportsFloatingPointAbs):
93             - Renamed supportsFloatingPointAbs, make these methods static so that
94               we can check the JIT's capabilites before we begin compilation.
95         * assembler/MacroAssemblerMIPS.h:
96         (JSC::MacroAssemblerMIPS::absDouble):
97         (JSC::MacroAssemblerMIPS::supportsFloatingPoint):
98         (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
99         (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
100         (JSC::MacroAssemblerMIPS::supportsFloatingPointAbs):
101             - Renamed supportsFloatingPointAbs, make these methods static so that
102               we can check the JIT's capabilites before we begin compilation.
103         * assembler/MacroAssemblerSH4.h:
104         (JSC::MacroAssemblerSH4::supportsFloatingPoint):
105         (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
106         (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
107         (JSC::MacroAssemblerSH4::supportsFloatingPointAbs):
108         (JSC::MacroAssemblerSH4::absDouble):
109             - Renamed supportsFloatingPointAbs, make these methods static so that
110               we can check the JIT's capabilites before we begin compilation.
111         * assembler/MacroAssemblerX86.h:
112         (JSC::MacroAssemblerX86::absDouble):
113         (JSC::MacroAssemblerX86::supportsFloatingPoint):
114         (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
115         (JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
116         (JSC::MacroAssemblerX86::supportsFloatingPointAbs):
117             - Made supports* methods static so that we can check the JIT's
118               capabilites before we begin compilation. Added absDouble.
119         * assembler/MacroAssemblerX86Common.h:
120             - Removed andnotDouble, added s_maskSignBit.
121         * assembler/MacroAssemblerX86_64.h:
122         (JSC::MacroAssemblerX86_64::absDouble):
123         (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
124         (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
125         (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
126         (JSC::MacroAssemblerX86_64::supportsFloatingPointAbs):
127             - Made supports* methods static so that we can check the JIT's
128               capabilites before we begin compilation. Added absDouble.
129         * assembler/X86Assembler.h:
130         (JSC::X86Assembler::andpd_rr):
131         (JSC::X86Assembler::andpd_mr):
132             - Added support for andpd instruction.
133         * dfg/DFGByteCodeParser.cpp:
134         (JSC::DFG::ByteCodeParser::handleIntrinsic):
135             - Added checks for supportsFloatingPointAbs, supportsFloatingPointSqrt.
136         * dfg/DFGSpeculativeJIT32_64.cpp:
137         (JSC::DFG::SpeculativeJIT::compile):
138             - Switched to use doubleAbs, we can now also reuse the operand register for the result.
139         * dfg/DFGSpeculativeJIT64.cpp:
140         (JSC::DFG::SpeculativeJIT::compile):
141             - Switched to use doubleAbs, we can now also reuse the operand register for the result.
142         * jit/ThunkGenerators.cpp:
143             - Switched to use doubleAbs.
144         (JSC::absThunkGenerator):
145         * runtime/JSGlobalData.cpp:
146             - Declared MacroAssemblerX86Common::s_maskSignBit here.
147               This is a little ugly, but it doesn't seem worth adding a whole extra .cpp
148               to the compile for just one constant.
149
150 2011-11-08  Gavin Barraclough  <barraclough@apple.com>
151
152         Move duplicates of SYMBOL_STRING* macros to the single location
153         https://bugs.webkit.org/show_bug.cgi?id=71456
154
155         Reviewed by Sam Weinig.
156
157         * JavaScriptCore.xcodeproj/project.pbxproj:
158         * dfg/DFGOperations.cpp:
159         * jit/JITStubs.cpp:
160         * wtf/InlineASM.h: Added.
161             - Moved asm related macros.
162
163 2011-11-08  Gavin Barraclough  <barraclough@apple.com>
164
165         Move code to handle 8bit regs from X86Assembler to MacroAssembler
166         https://bugs.webkit.org/show_bug.cgi?id=71867
167
168         Reviewed by Oliver Hunt.
169
170         This code is fine, but is in the wrong place really. X86 assembler should
171         basically just format up exactly the instruction you request - not expand
172         out to a set of instructions (that is what the macro assembler layer is
173         for!). For other 8-bit ops, on X86 we don't guard against clients accessing
174         the XH registers.
175
176         * assembler/MacroAssemblerX86Common.h:
177         (JSC::MacroAssemblerX86Common::store8):
178         * assembler/X86Assembler.h:
179         (JSC::X86Assembler::movb_rm):
180             - moved some code.
181
182 2011-11-08  Filip Pizlo  <fpizlo@apple.com>
183
184         Unreviewed build fix for GTK.
185
186         * GNUmakefile.list.am:
187
188 2011-11-08  Gavin Barraclough  <barraclough@apple.com>
189
190         Build fix.
191
192         * assembler/X86Assembler.h:
193
194 2011-11-08  Gavin Barraclough  <barraclough@apple.com>
195
196         Errrk, failed to commit this in last change.
197
198         * assembler/X86Assembler.h:
199
200 2011-11-08  Gavin Barraclough  <barraclough@apple.com>
201
202         Remove an unused method.
203
204         Rubber stamped by Geoff Garen.
205
206         * assembler/AbstractMacroAssembler.h:
207         * assembler/AssemblerBuffer.h:
208             - removed rewindToLabel.
209
210 2011-11-08  Gavin Barraclough  <barraclough@apple.com>
211
212         Fix OSR entry points to calculate offsets correctly WRT to branch compaction.
213         https://bugs.webkit.org/show_bug.cgi?id=71864
214
215         Reviewed by Filip Pizlo.
216
217         * assembler/LinkBuffer.h:
218         (JSC::LinkBuffer::offsetOf):
219             - We use this to return the offsets into the code of the entry points.
220         * dfg/DFGJITCompiler.cpp:
221         (JSC::DFG::JITCompiler::compileEntry):
222         (JSC::DFG::JITCompiler::compileBody):
223         (JSC::DFG::JITCompiler::compile):
224         (JSC::DFG::JITCompiler::compileFunction):
225             - Move the construction of the speculative JIT outside of
226               compileBody, such that it is still available to link the
227               OSR entry points at the point we are linking.
228         * dfg/DFGJITCompiler.h:
229         (JSC::DFG::JITCompiler::noticeOSREntry):
230             - Pass the label of the block & linkbuffer into noticeOSREntry.
231         * dfg/DFGSpeculativeJIT.cpp:
232         (JSC::DFG::SpeculativeJIT::compile):
233         (JSC::DFG::SpeculativeJIT::linkOSREntries):
234             - Moved call to noticeOSREntry until we we linking.
235         * dfg/DFGSpeculativeJIT.h:
236         * jit/JIT.cpp:
237         (JSC::JIT::privateCompileMainPass):
238         (JSC::JIT::privateCompileSlowCases):
239         (JSC::JIT::privateCompile):
240             - Moved calculation of entries until we we linking.
241         * jit/JIT.h:
242             - Removed some members.
243
244 2011-11-08  Filip Pizlo  <fpizlo@apple.com>
245
246         DFG OSR exit code should be generated by a separate compiler, not
247         related to DFG::JITCompiler
248         https://bugs.webkit.org/show_bug.cgi?id=71787
249
250         Reviewed by Gavin Barraclough.
251         
252         Moves the exitSpeculativeWithOSR() method from JITCompiler to
253         OSRExitCompiler::compileExit().
254
255         * CMakeListsEfl.txt:
256         * JavaScriptCore.xcodeproj/project.pbxproj:
257         * Target.pri:
258         * dfg/DFGJITCompiler.cpp:
259         (JSC::DFG::JITCompiler::linkOSRExits):
260         * dfg/DFGJITCompiler32_64.cpp: Removed.
261         * dfg/DFGOSRExitCompiler.h: Added.
262         (JSC::DFG::OSRExitCompiler::OSRExitCompiler):
263         * dfg/DFGOSRExitCompiler32_64.cpp: Added.
264         (JSC::DFG::OSRExitCompiler::compileExit):
265         * dfg/DFGOSRExitCompiler64.cpp: Added.
266         (JSC::DFG::OSRExitCompiler::compileExit):
267         * runtime/JSValue.h:
268
269 2011-11-08  Filip Pizlo  <fpizlo@apple.com>
270
271         Basic DFG definitions should be moved out of DFGNode.h
272         https://bugs.webkit.org/show_bug.cgi?id=71861
273
274         Rubber-stamped by Gavin Barraclough.
275
276         * JavaScriptCore.xcodeproj/project.pbxproj:
277         * dfg/DFGCommon.h: Added.
278         (JSC::DFG::NodeIndexTraits::defaultValue):
279         * dfg/DFGNode.h:
280         * dfg/DFGOSRExit.h:
281         * dfg/DFGRegisterBank.h:
282
283 2011-11-08  Michael Saboff  <msaboff@apple.com>
284
285         Towards 8 Bit Strings: Templatize JSC::Parser class by Lexer type
286         https://bugs.webkit.org/show_bug.cgi?id=71761
287
288         Templatized Parser based on Lexer<T>. Moved two enums,
289         SourceElementsMode and FunctionRequirements out of Parser definition
290         to work around a clang compiler defect.
291
292         Cleaned up SourceCode data() to return StringImpl* and eliminated
293         the recently added stringData() virtual method.
294
295         To keep code in Parser.cpp and keep Parser.h small, the two flavors
296         of Parser are explicitly instantiated at the end of Parser.cpp.
297
298         Reviewed by Gavin Barraclough.
299
300         * interpreter/Interpreter.cpp:
301         (JSC::appendSourceToError):
302         * parser/Lexer.cpp:
303         (JSC::::setCode):
304         (JSC::::sourceCode):
305         * parser/Parser.cpp:
306         (JSC::::Parser):
307         (JSC::::~Parser):
308         (JSC::::parseInner):
309         (JSC::::didFinishParsing):
310         (JSC::::allowAutomaticSemicolon):
311         (JSC::::parseSourceElements):
312         (JSC::::parseVarDeclaration):
313         (JSC::::parseConstDeclaration):
314         (JSC::::parseDoWhileStatement):
315         (JSC::::parseWhileStatement):
316         (JSC::::parseVarDeclarationList):
317         (JSC::::parseConstDeclarationList):
318         (JSC::::parseForStatement):
319         (JSC::::parseBreakStatement):
320         (JSC::::parseContinueStatement):
321         (JSC::::parseReturnStatement):
322         (JSC::::parseThrowStatement):
323         (JSC::::parseWithStatement):
324         (JSC::::parseSwitchStatement):
325         (JSC::::parseSwitchClauses):
326         (JSC::::parseSwitchDefaultClause):
327         (JSC::::parseTryStatement):
328         (JSC::::parseDebuggerStatement):
329         (JSC::::parseBlockStatement):
330         (JSC::::parseStatement):
331         (JSC::::parseFormalParameters):
332         (JSC::::parseFunctionBody):
333         (JSC::::parseFunctionInfo):
334         (JSC::::parseFunctionDeclaration):
335         (JSC::::parseExpressionOrLabelStatement):
336         (JSC::::parseExpressionStatement):
337         (JSC::::parseIfStatement):
338         (JSC::::parseExpression):
339         (JSC::::parseAssignmentExpression):
340         (JSC::::parseConditionalExpression):
341         (JSC::::isBinaryOperator):
342         (JSC::::parseBinaryExpression):
343         (JSC::::parseProperty):
344         (JSC::::parseObjectLiteral):
345         (JSC::::parseStrictObjectLiteral):
346         (JSC::::parseArrayLiteral):
347         (JSC::::parsePrimaryExpression):
348         (JSC::::parseArguments):
349         (JSC::::parseMemberExpression):
350         (JSC::::parseUnaryExpression):
351         * parser/Parser.h:
352         (JSC::::parse):
353         (JSC::parse):
354         * parser/SourceCode.h:
355         (JSC::SourceCode::data):
356         (JSC::SourceCode::subExpression):
357         * parser/SourceProvider.h:
358         (JSC::UStringSourceProvider::data):
359
360 2011-11-08  Gavin Barraclough  <barraclough@apple.com>
361
362         Fix PropertyAccessRecords in DFG JIT to take account of branch compaction.
363         https://bugs.webkit.org/show_bug.cgi?id=71855
364
365         Reviewed by Filip Pizlo.
366
367         The DFG JIT presently calculates a set of offsets early, before branches have been compacted.
368         This won't work on ARMv7.
369
370         * assembler/AbstractMacroAssembler.h:
371         (JSC::AbstractMacroAssembler::differenceBetweenCodePtr):
372         * assembler/LinkBuffer.h:
373         (JSC::LinkBuffer::locationOf):
374         * dfg/DFGJITCodeGenerator32_64.cpp:
375         (JSC::DFG::JITCodeGenerator::cachedGetById):
376         (JSC::DFG::JITCodeGenerator::cachedPutById):
377         * dfg/DFGJITCodeGenerator64.cpp:
378         (JSC::DFG::JITCodeGenerator::cachedGetById):
379         (JSC::DFG::JITCodeGenerator::cachedPutById):
380         * dfg/DFGJITCompiler.cpp:
381         (JSC::DFG::JITCompiler::link):
382         * dfg/DFGJITCompiler.h:
383         (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
384         (JSC::DFG::JITCompiler::addPropertyAccess):
385
386 2011-11-08  Gavin Barraclough  <barraclough@apple.com>
387
388         DFG JIT calculation of OSR entry points is not THUMB2 safe
389         https://bugs.webkit.org/show_bug.cgi?id=71852
390
391         Reviewed by Oliver Hunt.
392
393         Executable addresses are tagged with a low bit set to distinguish
394         between THUMB2 and traditional ARM.
395
396         * dfg/DFGJITCompiler.cpp:
397         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
398         * dfg/DFGJITCompiler32_64.cpp:
399         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
400         * dfg/DFGOSREntry.cpp:
401         (JSC::DFG::prepareOSREntry):
402         * jit/JITCode.h:
403         (JSC::JITCode::executableAddressAtOffset):
404         (JSC::JITCode::start):
405         (JSC::JITCode::size):
406
407 2011-11-08  Michael Saboff  <msaboff@apple.com>
408
409         JSC::Parser::Parser leaks Lexer member
410         https://bugs.webkit.org/show_bug.cgi?id=71847
411
412         Changed m_lexer member of Parser to be OwnPtr to fix a memory leak.
413
414         Reviewed by Oliver Hunt.
415
416         * parser/Parser.cpp:
417         (JSC::Parser::Parser):
418         (JSC::Parser::parseFunctionBody):
419         * parser/Parser.h:
420
421 2011-11-08  Yuqiang Xian  <yuqiang.xian@intel.com>
422
423         Enable DFG JIT by default on X86 Linux and Mac platforms
424         https://bugs.webkit.org/show_bug.cgi?id=71686
425
426         Reviewed by Filip Pizlo.
427
428         We can get 9% on SunSpider, 89% on Kraken and 37% on V8, on Linux X86.
429
430         * wtf/Platform.h:
431
432 2011-11-08  Yuqiang Xian  <yuqiang.xian@intel.com>
433
434         DFG 32_64 - update make lists for efl, gtk, and Qt ports with DFG change r99519
435         https://bugs.webkit.org/show_bug.cgi?id=71768
436
437         Reviewed by Geoffrey Garen.
438
439         Also includes a fix to make the newly introduced AssemblyHelpers
440         friend of JSValue as we need the Tag definitions.
441
442         * CMakeListsEfl.txt:
443         * GNUmakefile.list.am:
444         * Target.pri:
445         * runtime/JSValue.h:
446
447 2011-11-07  Yuqiang Xian  <yuqiang.xian@intel.com>
448
449         Fix gcc 4.4 compilation warnings in DFG 32_64
450         https://bugs.webkit.org/show_bug.cgi?id=71762
451
452         Reviewed by Filip Pizlo.
453
454         * dfg/DFGJITCodeGenerator.h:
455         (JSC::DFG::JITCodeGenerator::registersMatched):
456
457 2011-11-07  Filip Pizlo  <fpizlo@apple.com>
458
459         DFG code base should allow for classes not related to DFG::JITCompiler
460         to use DFG idioms
461         https://bugs.webkit.org/show_bug.cgi?id=71746
462
463         Reviewed by Gavin Barraclough.
464
465         * JavaScriptCore.xcodeproj/project.pbxproj:
466         * dfg/DFGAssemblyHelpers.cpp: Added.
467         (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
468         (JSC::DFG::AssemblyHelpers::emitCount):
469         (JSC::DFG::AssemblyHelpers::setSamplingFlag):
470         (JSC::DFG::AssemblyHelpers::clearSamplingFlag):
471         (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
472         (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
473         (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
474         (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
475         (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
476         * dfg/DFGAssemblyHelpers.h: Added.
477         * dfg/DFGJITCompiler.cpp:
478         * dfg/DFGJITCompiler.h:
479         (JSC::DFG::JITCompiler::JITCompiler):
480         (JSC::DFG::JITCompiler::graph):
481         * dfg/DFGJITCompiler32_64.cpp:
482         * dfg/DFGOSRExit.h: Added.
483         (JSC::DFG::SpeculationRecovery::SpeculationRecovery):
484         (JSC::DFG::SpeculationRecovery::type):
485         (JSC::DFG::SpeculationRecovery::dest):
486         (JSC::DFG::SpeculationRecovery::src):
487         (JSC::DFG::OSRExit::numberOfRecoveries):
488         (JSC::DFG::OSRExit::valueRecovery):
489         (JSC::DFG::OSRExit::isArgument):
490         (JSC::DFG::OSRExit::isVariable):
491         (JSC::DFG::OSRExit::argumentForIndex):
492         (JSC::DFG::OSRExit::variableForIndex):
493         (JSC::DFG::OSRExit::operandForArgument):
494         (JSC::DFG::OSRExit::operandForIndex):
495         * dfg/DFGSpeculativeJIT.h:
496
497 2011-11-07  Filip Pizlo  <fpizlo@apple.com>
498
499         Switch back to 1+1 value profiling buckets, since it didn't help on arewefastyet,
500         but it appears to help on other benchmarks.
501
502         Rubber stamped by Oliver Hunt.
503
504         * bytecode/ValueProfile.h:
505
506 2011-11-07  Ariya Hidayat  <ariya@sencha.com>
507
508         "use strict" can not contain escape sequences or line continuation
509         https://bugs.webkit.org/show_bug.cgi?id=71532
510
511         Reviewed by Darin Adler.
512
513         Store the actual literal length (before the escapes and line
514         continuation are encoded) while parsing the directive and use it
515         for the directive comparison.
516
517         * parser/Parser.cpp:
518         (JSC::Parser::parseSourceElements):
519         (JSC::Parser::parseStatement):
520         * parser/Parser.h:
521
522 2011-11-06  Filip Pizlo  <fpizlo@apple.com>
523
524         DFG operationCreateThis slow path may get the wrong callee in case of inlining
525         https://bugs.webkit.org/show_bug.cgi?id=71647
526
527         Reviewed by Oliver Hunt.
528         
529         No new tests because I only saw this manifest itself when I had other bugs
530         leading to spurious slow path executions.
531
532         * dfg/DFGJITCodeGenerator.h:
533         (JSC::DFG::callOperation):
534         * dfg/DFGOperations.cpp:
535         * dfg/DFGOperations.h:
536         * dfg/DFGSpeculativeJIT32_64.cpp:
537         (JSC::DFG::SpeculativeJIT::compile):
538         * dfg/DFGSpeculativeJIT64.cpp:
539         (JSC::DFG::SpeculativeJIT::compile):
540
541 2011-11-07  Mark Hahnenberg  <mhahnenberg@apple.com>
542
543         De-virtualize JSObject::putWithAttributes
544         https://bugs.webkit.org/show_bug.cgi?id=71716
545
546         Reviewed by Darin Adler.
547
548         Added putWithAttributes to the MethodTable, changed all the virtual 
549         implementations of putWithAttributes to static ones, and replaced 
550         all call sites with corresponding lookups in the MethodTable.
551
552         * API/JSObjectRef.cpp:
553         (JSObjectSetProperty):
554         * JavaScriptCore.exp:
555         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
556         * debugger/DebuggerActivation.cpp:
557         (JSC::DebuggerActivation::putWithAttributes):
558         * debugger/DebuggerActivation.h:
559         * interpreter/Interpreter.cpp:
560         (JSC::Interpreter::execute):
561         * runtime/ClassInfo.h:
562         * runtime/JSActivation.cpp:
563         (JSC::JSActivation::putWithAttributes):
564         * runtime/JSActivation.h:
565         * runtime/JSCell.cpp:
566         (JSC::JSCell::putWithAttributes):
567         * runtime/JSCell.h:
568         * runtime/JSGlobalObject.cpp:
569         (JSC::JSGlobalObject::putWithAttributes):
570         * runtime/JSGlobalObject.h:
571         * runtime/JSObject.cpp:
572         (JSC::JSObject::putWithAttributes):
573         (JSC::putDescriptor):
574         * runtime/JSObject.h:
575         * runtime/JSStaticScopeObject.cpp:
576         (JSC::JSStaticScopeObject::putWithAttributes):
577         * runtime/JSStaticScopeObject.h:
578         * runtime/JSVariableObject.cpp:
579         (JSC::JSVariableObject::putWithAttributes):
580         * runtime/JSVariableObject.h:
581
582 2011-11-07  Dmitry Lomov  <dslomov@google.com>
583
584         Unreviewed. Release build fix.
585
586         * parser/Lexer.cpp:
587         (JSC::assertCharIsIn8BitRange):
588
589 2011-11-07  Filip Pizlo  <fpizlo@apple.com>
590
591         Switch the value profiler back to 8 buckets, because we suspect that while this
592         is more expensive it's also more stable.
593
594         Rubber stamped by Geoff Garen.
595
596         * bytecode/ValueProfile.h:
597
598 2011-11-07  Andrew Wason  <rectalogic@rectalogic.com>
599
600         Uninitialized Heap member var
601         https://bugs.webkit.org/show_bug.cgi?id=71722
602
603         Reviewed by Filip Pizlo.
604
605         * heap/Heap.cpp:
606         (JSC::Heap::Heap): Initialize m_blockFreeingThreadShouldQuit
607
608 2011-11-07  Yuqiang Xian  <yuqiang.xian@intel.com>
609
610         DFG 32_64 - registers cannot be reused arbitrarily if speculation failures are possible
611         https://bugs.webkit.org/show_bug.cgi?id=71684
612
613         Reviewed by Filip Pizlo.
614
615         Currently in DFG JIT, we try to reuse the physical register of an
616         operand for temporary usage if the current use of the operand is the
617         last use. But sometimes this can be wrong, for example if there are
618         possible speculation failures and we need to fallback to baseline JIT,
619         the value of the operand which is supposed to be hold in the physical
620         register can be modified by register reusing. The fixes the last
621         inspector failures in layout test on Mac 32-bit if switching on DFG.
622
623         * dfg/DFGSpeculativeJIT32_64.cpp:
624         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
625         (JSC::DFG::SpeculativeJIT::compile):
626
627 2011-11-07  Ryosuke Niwa  <rniwa@webkit.org>
628
629         REGRESSION(r99436): Broke Snow Leopard debug build
630         https://bugs.webkit.org/show_bug.cgi?id=71713
631
632         Reviewed by Darin Adler.
633
634         Put the assertion in a template and use template specialization
635         to avoid warning when instantiated with UChar or LChar.
636
637         In the long term, we should have traits for unsigned integral types
638         and use that to specialize template instead of specializing it for UChar and LChar.
639
640         * parser/Lexer.cpp:
641         (JSC::assertCharIsIn8BitRange):
642         (JSC::::append8):
643
644 2011-11-07  ChangSeok Oh  <shivamidow@gmail.com>
645
646         [EFL] Support requestAnimationFrame API
647         https://bugs.webkit.org/show_bug.cgi?id=67112
648
649         Reviewed by Andreas Kling.
650
651         Let EFL port use REQUEST_ANIMATION_FRAME_TIMER.
652
653         * wtf/Platform.h:
654
655 2011-11-07  Michael Saboff  <msaboff@apple.com>
656
657         Towards 8 Bit Strings: Templatize JSC::Lexer class by character type
658         https://bugs.webkit.org/show_bug.cgi?id=71331
659
660         Change the Lexer class to be a template class based on the character
661         type of the source.  In the process updated the parseIdentifier()
662         and parseString() methods to create 8 bit strings where possible.
663         Also added some helper methods for accumulating temporary string
664         data in the 8 and 16 bit vectors.
665
666         Changed the SourceProvider::data() virtual method to return a
667         StringImpl* instead of a UChar*.
668
669         Updated the KeywordLookup generator to create code to match keywords
670         for both 8 and 16 bit source strings.
671
672         Due to a compiler bug (<rdar://problem/10194295>) moved enum
673         definition outside of Lexer class declaration.  Remove second enum
674         no longer needed.
675
676         Reviewed by Darin Adler.
677
678         * KeywordLookupGenerator.py:
679         * interpreter/Interpreter.cpp:
680         (JSC::Interpreter::callEval):
681         * parser/Lexer.cpp:
682         (JSC::::Lexer):
683         (JSC::::~Lexer):
684         (JSC::::getInvalidCharMessage):
685         (JSC::::currentCharacter):
686         (JSC::::setCode):
687         (JSC::::internalShift):
688         (JSC::::shift):
689         (JSC::::peek):
690         (JSC::::getUnicodeCharacter):
691         (JSC::::shiftLineTerminator):
692         (JSC::::lastTokenWasRestrKeyword):
693         (JSC::::record8):
694         (JSC::::append8):
695         (JSC::::append16):
696         (JSC::::record16):
697         (JSC::::parseIdentifier):
698         (JSC::::parseIdentifierSlowCase):
699         (JSC::::parseString):
700         (JSC::::parseStringSlowCase):
701         (JSC::::parseHex):
702         (JSC::::parseOctal):
703         (JSC::::parseDecimal):
704         (JSC::::parseNumberAfterDecimalPoint):
705         (JSC::::parseNumberAfterExponentIndicator):
706         (JSC::::parseMultilineComment):
707         (JSC::::nextTokenIsColon):
708         (JSC::::lex):
709         (JSC::::scanRegExp):
710         (JSC::::skipRegExp):
711         (JSC::::clear):
712         (JSC::::sourceCode):
713         * parser/Lexer.h:
714         (JSC::Lexer::append16):
715         (JSC::Lexer::currentOffset):
716         (JSC::Lexer::setOffsetFromCharOffset):
717         (JSC::::isWhiteSpace):
718         (JSC::::isLineTerminator):
719         (JSC::::convertHex):
720         (JSC::::convertUnicode):
721         (JSC::::makeIdentifier):
722         (JSC::::setCodeStart):
723         (JSC::::makeIdentifierLCharFromUChar):
724         (JSC::::lexExpectIdentifier):
725         * parser/Parser.cpp:
726         (JSC::Parser::Parser):
727         (JSC::Parser::parseProperty):
728         (JSC::Parser::parseMemberExpression):
729         * parser/Parser.h:
730         (JSC::Parser::next):
731         (JSC::Parser::nextExpectIdentifier):
732         * parser/ParserArena.h:
733         (JSC::IdentifierArena::makeIdentifier):
734         (JSC::IdentifierArena::makeIdentifierLCharFromUChar):
735         * parser/SourceCode.h:
736         (JSC::SourceCode::subExpression):
737         * parser/SourceProvider.h:
738         (JSC::UStringSourceProvider::stringData):
739         * parser/SourceProviderCache.h:
740         * parser/SyntaxChecker.h:
741         * runtime/FunctionPrototype.cpp:
742         (JSC::insertSemicolonIfNeeded):
743         * runtime/Identifier.cpp:
744         (JSC::IdentifierTable::add):
745         (JSC::IdentifierLCharFromUCharTranslator::hash):
746         (JSC::IdentifierLCharFromUCharTranslator::equal):
747         (JSC::IdentifierLCharFromUCharTranslator::translate):
748         (JSC::Identifier::add8):
749         * runtime/Identifier.h:
750         (JSC::Identifier::Identifier):
751         (JSC::Identifier::createLCharFromUChar):
752         (JSC::Identifier::canUseSingleCharacterString):
753         (JSC::IdentifierCharBufferTranslator::hash):
754         (JSC::IdentifierCharBufferTranslator::equal):
755         (JSC::IdentifierCharBufferTranslator::translate):
756         (JSC::Identifier::add):
757         (JSC::Identifier::equal):
758         (JSC::IdentifierTable::add):
759         * runtime/JSGlobalObjectFunctions.cpp:
760         (JSC::decode):
761         (JSC::parseIntOverflow):
762         (JSC::globalFuncUnescape):
763         * runtime/JSGlobalObjectFunctions.h:
764         (JSC::parseIntOverflow):
765         * runtime/LiteralParser.cpp:
766         (JSC::LiteralParser::tryJSONPParse):
767         (JSC::LiteralParser::Lexer::lexString):
768         * wtf/text/StringImpl.h:
769
770 2011-11-07  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
771
772         [Qt] Put the jsc binary in 'bin' instead of leaving it deep in the build tree
773
774         Allows us to not package up the whole Source/JavaScriptCore directory for the
775         buildbots.
776
777         Reviewed-by Simon Hausmann.
778
779         * jsc.pro:
780
781 2011-11-06  Filip Pizlo  <fpizlo@apple.com>
782
783         REGRESSION(r99374): GTK+ build of the jsc binary doesn't like the call
784         to initializeMainThread, and crashes
785         https://bugs.webkit.org/show_bug.cgi?id=71643
786
787         Reviewed by Sam Weinig.
788
789         * jsc.cpp:
790         (main):
791
792 2011-11-06  Sam Weinig  <sam@webkit.org>
793
794         Add space missing from some class declarations
795         https://bugs.webkit.org/show_bug.cgi?id=71632
796
797         Reviewed by Anders Carlsson.
798
799         * assembler/AssemblerBufferWithConstantPool.h:
800         * bytecode/CodeBlock.h:
801         * dfg/DFGVariableAccessData.h:
802         * heap/VTableSpectrum.h:
803         * jit/ExecutableAllocator.cpp:
804         * jit/ExecutableAllocatorFixedVMPool.cpp:
805         * wtf/MetaAllocatorHandle.h:
806         * wtf/UnionFind.h:
807
808 2011-11-06  Sam Weinig  <sam@webkit.org>
809
810         Allow use of FINAL in JavaScriptCore
811         https://bugs.webkit.org/show_bug.cgi?id=71630
812
813         Reviewed by Anders Carlsson.
814
815         * Configurations/Base.xcconfig:
816         Don't warn about C++11 extensions used in C++98 mode.
817
818 2011-11-05  Filip Pizlo  <fpizlo@apple.com>
819
820         Value profiling should just use two buckets
821         https://bugs.webkit.org/show_bug.cgi?id=71619
822
823         Reviewed by Gavin Barraclough.
824         
825         Added one more configuration options (like Heuristics::minimumOptimizationDelay),
826         improved debugging in JIT optimization support, changed the number of buckets
827         in the value profile from 9 to 2, and wrote a more optimal value profiling path
828         in the old JIT to take advantage of this. It's still possible to play around with
829         larger numbers of buckets, and we should probably keep this for a little while
830         until we convince ourselves that using just two buckets is the right call.
831
832         * bytecode/CodeBlock.cpp:
833         (JSC::CodeBlock::shouldOptimizeNow):
834         * bytecode/ValueProfile.h:
835         * jit/JITInlineMethods.h:
836         (JSC::JIT::emitValueProfilingSite):
837         * jit/JITStubs.cpp:
838         (JSC::DEFINE_STUB_FUNCTION):
839         * runtime/Heuristics.cpp:
840         (JSC::Heuristics::initializeHeuristics):
841         * runtime/Heuristics.h:
842
843 2011-11-03  Filip Pizlo  <fpizlo@apple.com>
844
845         JSC should be able to sample itself in a more flexible way than just sampling flags
846         https://bugs.webkit.org/show_bug.cgi?id=71522
847
848         Reviewed by Gavin Barraclough.
849         
850         Added a construct that looks like SamplingRegion samplingRegion("name").
851
852         * JavaScriptCore.exp:
853         * JavaScriptCore.xcodeproj/project.pbxproj:
854         * bytecode/SamplingTool.cpp:
855         (JSC::SamplingRegion::Locker::Locker):
856         (JSC::SamplingRegion::Locker::~Locker):
857         (JSC::SamplingRegion::sample):
858         (JSC::SamplingRegion::dump):
859         (JSC::SamplingRegion::dumpInternal):
860         (JSC::SamplingThread::threadStartFunc):
861         * bytecode/SamplingTool.h:
862         (JSC::SamplingRegion::SamplingRegion):
863         (JSC::SamplingRegion::~SamplingRegion):
864         (JSC::SamplingRegion::exchangeCurrent):
865         * bytecompiler/BytecodeGenerator.cpp:
866         (JSC::BytecodeGenerator::generate):
867         * dfg/DFGDriver.cpp:
868         (JSC::DFG::compile):
869         * heap/Heap.cpp:
870         (JSC::Heap::markRoots):
871         (JSC::Heap::collect):
872         * heap/VTableSpectrum.cpp:
873         (JSC::VTableSpectrum::countVPtr):
874         (JSC::VTableSpectrum::dump):
875         * heap/VTableSpectrum.h:
876         * jsc.cpp:
877         (main):
878         (runWithScripts):
879         * parser/Parser.h:
880         (JSC::parse):
881         * runtime/Executable.cpp:
882         (JSC::EvalExecutable::compileInternal):
883         (JSC::ProgramExecutable::compileInternal):
884         (JSC::FunctionExecutable::compileForCallInternal):
885         (JSC::FunctionExecutable::compileForConstructInternal):
886         * wtf/Atomics.h:
887         (WTF::weakCompareAndSwap):
888         * wtf/Platform.h:
889         * wtf/Spectrum.h: Added.
890         (WTF::Spectrum::Spectrum):
891         (WTF::Spectrum::add):
892         (WTF::Spectrum::get):
893         (WTF::Spectrum::begin):
894         (WTF::Spectrum::end):
895         (WTF::Spectrum::KeyAndCount::KeyAndCount):
896         (WTF::Spectrum::KeyAndCount::operator<):
897         (WTF::Spectrum::buildList):
898         * wtf/wtf.pri:
899
900 2011-11-05  Sam Weinig  <sam@webkit.org>
901
902         Fix windows build.
903
904         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
905
906 2011-11-04  Sam Weinig  <sam@webkit.org>
907
908         Reduce the number of putWithAttributes
909         https://bugs.webkit.org/show_bug.cgi?id=71597
910
911         Reviewed by Adam Roben.
912
913         * JavaScriptCore.exp:
914         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
915         Remove exports of removed functions.
916
917         * runtime/JSActivation.cpp:
918         (JSC::JSActivation::putWithAttributes):
919         Calling the overload without the extra parameters does the same thing.
920
921         * runtime/JSObject.cpp:
922         (JSC::JSObject::putWithAttributes):
923         * runtime/JSObject.h:
924         Remove four unused JSObject::putWithAttributes overloads and make one of the remaining
925         two overloads not virtual, since no one overrides it.
926
927 2011-11-04  Pratik Solanki  <psolanki@apple.com>
928
929         sqrtDouble and andnotDouble should be declared noreturn
930         https://bugs.webkit.org/show_bug.cgi?id=71592
931
932         Reviewed by Sam Weinig.
933
934         * assembler/MacroAssemblerARMv7.h:
935
936 2011-11-04  Mark Hahnenberg  <mhahnenberg@apple.com>
937
938         De-virtualize JSObject::hasInstance
939         https://bugs.webkit.org/show_bug.cgi?id=71430
940
941         Reviewed by Darin Adler.
942
943         Added hasInstance to the MethodTable, changed all the virtual 
944         implementations of hasInstance to static ones, and replaced 
945         all call sites with corresponding lookups in the MethodTable.
946
947         * API/JSCallbackObject.h:
948         * API/JSCallbackObjectFunctions.h:
949         (JSC::::hasInstance):
950         * API/JSValueRef.cpp:
951         (JSValueIsInstanceOfConstructor):
952         * JavaScriptCore.exp:
953         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
954         * interpreter/Interpreter.cpp:
955         (JSC::Interpreter::privateExecute):
956         * jit/JITStubs.cpp:
957         (JSC::DEFINE_STUB_FUNCTION):
958         * runtime/ClassInfo.h:
959         * runtime/JSBoundFunction.cpp:
960         (JSC::JSBoundFunction::hasInstance):
961         * runtime/JSBoundFunction.h:
962         * runtime/JSCell.cpp:
963         (JSC::JSCell::hasInstance):
964         * runtime/JSCell.h:
965         * runtime/JSObject.cpp:
966         (JSC::JSObject::hasInstance):
967         * runtime/JSObject.h:
968
969 2011-11-04  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
970
971         [Qt] Refactor and clean up the qmake build system
972
973         The qmake build system has accumulated a bit of cruft and redundancy
974         over time. There's also a fairly tight coupling between how to build
975         the various targets, and _what_ to build, making it harder to add new
976         rules or sources. This patch aims to elevate these issues somewhat.
977
978         This is a short-list of the changes:
979
980           * The rules for how to build targets are now mostly contained as
981             prf-files in Tools/qmake/mkspecs/features. Using mkspecs also
982             allows us to do pre- and post-processing of each project file,
983             which helps to clean up the actual project files.
984
985           * Derived sources are no longer generated as a separate make-step
986             but is part of each target's project file as a subdir. Makefile
987             rules are used to ensure that we run make on the derived sources
988             before running qmake on the actual target makefile. This makes
989             it easier to keep a proper dependency between derived sources
990             and the target.
991
992           * We use GNU make and the compiler to generate dependencies on
993             UNIX-based systems running Qt 5. This allows us to lessen the
994             need to run qmake, which should reduce compile time.
995
996           * WebKit2 is now build by default if building with Qt 5. It can
997             be disabled by passing --no-webkit2 to build-webkit.
998
999         The result of these changes are hopefully a cleaner and easier
1000         build system to modify, and faster build times due to no longer
1001         running qmake on every single build. It's also a first step
1002         towards possibly generating the list of sources using another
1003         build system.
1004
1005         https://bugs.webkit.org/show_bug.cgi?id=71222
1006
1007         Reviewed by Simon Hausmann.
1008
1009         * DerivedSources.pri: Added.
1010         * DerivedSources.pro: Removed.
1011         * JavaScriptCore.pro:
1012         * Target.pri: Copied from Source/JavaScriptCore/JavaScriptCore.pro.
1013         * headers.pri: Removed.
1014         * jsc.pro:
1015         * wtf/wtf.pri:
1016         * yarr/yarr.pri:
1017
1018 2011-11-04  Yuqiang Xian  <yuqiang.xian@intel.com>
1019
1020         More code clean-up in DFG 32_64
1021         https://bugs.webkit.org/show_bug.cgi?id=71540
1022
1023         Remove unnecessary code duplications, and fix compilation warnings.
1024
1025         Reviewed by Gavin Barraclough.
1026
1027         * dfg/DFGJITCompiler.cpp:
1028         (JSC::DFG::JITCompiler::emitCount):
1029         (JSC::DFG::JITCompiler::setSamplingFlag):
1030         (JSC::DFG::JITCompiler::clearSamplingFlag):
1031         (JSC::DFG::JITCompiler::jitAssertIsCell):
1032         * dfg/DFGJITCompiler32_64.cpp:
1033         * dfg/DFGSpeculativeJIT32_64.cpp:
1034         (JSC::DFG::SpeculativeJIT::compile):
1035
1036 2011-11-04  Csaba Osztrogonác  <ossy@webkit.org>
1037
1038         De-virtualize JSObject::hasInstance
1039         https://bugs.webkit.org/show_bug.cgi?id=71430
1040
1041         Unreviewed rolling out r99238, because it made a test crash on all platform.
1042
1043         * API/JSCallbackObject.h:
1044         * API/JSCallbackObjectFunctions.h:
1045         (JSC::::hasInstance):
1046         * API/JSValueRef.cpp:
1047         (JSValueIsInstanceOfConstructor):
1048         * JavaScriptCore.exp:
1049         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1050         * interpreter/Interpreter.cpp:
1051         (JSC::Interpreter::privateExecute):
1052         * jit/JITStubs.cpp:
1053         (JSC::DEFINE_STUB_FUNCTION):
1054         * runtime/ClassInfo.h:
1055         * runtime/JSBoundFunction.cpp:
1056         (JSC::JSBoundFunction::hasInstance):
1057         * runtime/JSBoundFunction.h:
1058         * runtime/JSCell.cpp:
1059         * runtime/JSCell.h:
1060         * runtime/JSObject.cpp:
1061         (JSC::JSObject::hasInstance):
1062         * runtime/JSObject.h:
1063
1064 2011-11-03  Mark Hahnenberg  <mhahnenberg@apple.com>
1065
1066         De-virtualize JSObject::getPropertyNames
1067         https://bugs.webkit.org/show_bug.cgi?id=71306
1068
1069         Reviewed by Darin Adler.
1070
1071         Added getPropertyNames to the MethodTable, changed all the virtual 
1072         implementations of getPropertyNames to static ones, and replaced 
1073         all call sites with corresponding lookups in the MethodTable.
1074
1075         * API/JSObjectRef.cpp:
1076         (JSObjectCopyPropertyNames):
1077         * JavaScriptCore.exp:
1078         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1079         * debugger/DebuggerActivation.cpp:
1080         (JSC::DebuggerActivation::getOwnPropertyNames):
1081         * runtime/ClassInfo.h:
1082         * runtime/JSCell.cpp:
1083         (JSC::JSCell::getPropertyNames):
1084         * runtime/JSCell.h:
1085         * runtime/JSObject.cpp:
1086         (JSC::JSObject::getPropertyNames):
1087         (JSC::JSObject::getOwnPropertyNames):
1088         * runtime/JSObject.h:
1089         * runtime/JSPropertyNameIterator.cpp:
1090         (JSC::JSPropertyNameIterator::create):
1091         * runtime/ScopeChain.cpp:
1092         (JSC::ScopeChainNode::print):
1093         * runtime/Structure.cpp:
1094         (JSC::Structure::getPropertyNamesFromStructure):
1095         * runtime/Structure.h:
1096
1097 2011-11-03  Darin Adler  <darin@apple.com>
1098
1099         Change remaining callers of releaseRef to call leakRef
1100         https://bugs.webkit.org/show_bug.cgi?id=71422
1101
1102         * wtf/text/AtomicString.cpp:
1103         (WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef.
1104
1105 2011-11-02  Darin Adler  <darin@apple.com>
1106
1107         Change remaining callers of releaseRef to call leakRef
1108         https://bugs.webkit.org/show_bug.cgi?id=71422
1109
1110         * wtf/text/AtomicString.cpp:
1111         (WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef.
1112
1113 2011-11-03  Mark Hahnenberg  <mhahnenberg@apple.com>
1114
1115         De-virtualize JSObject::hasInstance
1116         https://bugs.webkit.org/show_bug.cgi?id=71430
1117
1118         Reviewed by Darin Adler.
1119
1120         Added hasInstance to the MethodTable, changed all the virtual 
1121         implementations of hasInstance to static ones, and replaced 
1122         all call sites with corresponding lookups in the MethodTable.
1123
1124         * API/JSCallbackObject.h:
1125         * API/JSCallbackObjectFunctions.h:
1126         (JSC::::hasInstance):
1127         * API/JSValueRef.cpp:
1128         (JSValueIsInstanceOfConstructor):
1129         * JavaScriptCore.exp:
1130         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1131         * interpreter/Interpreter.cpp:
1132         (JSC::Interpreter::privateExecute):
1133         * jit/JITStubs.cpp:
1134         (JSC::DEFINE_STUB_FUNCTION):
1135         * runtime/ClassInfo.h:
1136         * runtime/JSBoundFunction.cpp:
1137         (JSC::JSBoundFunction::hasInstance):
1138         * runtime/JSBoundFunction.h:
1139         * runtime/JSCell.cpp:
1140         (JSC::JSCell::hasInstance):
1141         * runtime/JSCell.h:
1142         * runtime/JSObject.cpp:
1143         (JSC::JSObject::hasInstance):
1144         * runtime/JSObject.h:
1145
1146 2011-11-03  Filip Pizlo  <fpizlo@apple.com>
1147
1148         JIT-specific code should be able to refer to register types even on JIT-disabled builds
1149         https://bugs.webkit.org/show_bug.cgi?id=71498
1150
1151         Reviewed by Gavin Barraclough.
1152
1153         * assembler/MacroAssembler.h:
1154         (MacroAssembler::MacroAssembler):
1155
1156 2011-11-03  Mark Hahnenberg  <mhahnenberg@apple.com>
1157
1158         De-virtualize JSObject::className
1159         https://bugs.webkit.org/show_bug.cgi?id=71428
1160
1161         Reviewed by Sam Weinig.
1162
1163         Added className to the MethodTable, changed all the virtual 
1164         implementations of className to static ones, and replaced 
1165         all call sites with corresponding lookups in the MethodTable.
1166
1167         * API/JSCallbackObject.h:
1168         * API/JSCallbackObjectFunctions.h:
1169         (JSC::::className):
1170         * JavaScriptCore.exp:
1171         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1172         * debugger/DebuggerActivation.cpp:
1173         (JSC::DebuggerActivation::className):
1174         * debugger/DebuggerActivation.h:
1175         * jsc.cpp:
1176         (GlobalObject::createStructure):
1177         * profiler/Profiler.cpp:
1178         (JSC::Profiler::createCallIdentifier):
1179         * runtime/ClassInfo.h:
1180         * runtime/JSCell.cpp:
1181         (JSC::JSCell::className):
1182         * runtime/JSCell.h:
1183         * runtime/JSObject.cpp:
1184         (JSC::JSObject::className):
1185         * runtime/JSObject.h:
1186         * runtime/ObjectPrototype.cpp:
1187         (JSC::objectProtoFuncToString):
1188         * testRegExp.cpp:
1189         (GlobalObject::createStructure):
1190
1191 2011-11-02  Jer Noble  <jer.noble@apple.com>
1192
1193         Add Clock class and platform-specific implementations.
1194         https://bugs.webkit.org/show_bug.cgi?id=71341
1195
1196         Reviewed by Sam Weinig.
1197
1198         Add WTF_USE_COREAUDIO macro for use by PlatformClockCA.
1199
1200         * wtf/Platform.h:
1201
1202 2011-11-03  Pavel Feldman  <pfeldman@chromium.org>
1203
1204         Not reviewed: fixing win build. step2.
1205
1206         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1207
1208 2011-11-03  Pavel Feldman  <pfeldman@chromium.org>
1209
1210         Not reviewed: fix windows build, step1
1211
1212         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1213
1214 2011-11-03  Pavel Feldman  <pfeldman@google.com>
1215
1216         Web Inspector: preserve script location for inline handlers.
1217         https://bugs.webkit.org/show_bug.cgi?id=71367
1218
1219         Makes SourceCode factories receive TextPosition instead of the line number;
1220         Stores consistent position values in SourceCode and SourceProvider;
1221
1222         Reviewed by Yury Semikhatsky.
1223
1224         * API/JSBase.cpp:
1225         (JSEvaluateScript):
1226         (JSCheckScriptSyntax):
1227         * API/JSObjectRef.cpp:
1228         (JSObjectMakeFunction):
1229         * parser/SourceCode.h:
1230         (JSC::makeSource):
1231         * parser/SourceProvider.h:
1232         (JSC::SourceProvider::SourceProvider):
1233         (JSC::SourceProvider::startPosition):
1234         (JSC::UStringSourceProvider::create):
1235         (JSC::UStringSourceProvider::UStringSourceProvider):
1236         * runtime/FunctionConstructor.cpp:
1237         (JSC::constructFunction):
1238         (JSC::constructFunctionSkippingEvalEnabledCheck):
1239         * runtime/FunctionConstructor.h:
1240
1241 2011-11-03  Kentaro Hara  <haraken@chromium.org>
1242
1243         Fixed wrong implementation of doubleValue % 2^{64}.
1244         https://bugs.webkit.org/show_bug.cgi?id=67980
1245
1246         Reviewed by Hajime Morita.
1247
1248         fast/events/constructors/progress-event-constructor.html was failing
1249         because of the wrong implementation of conversion from an ECMAScript value
1250         to an IDL unsigned long long value (Spec: http://www.w3.org/TR/WebIDL/#es-unsigned-long-long).
1251         In particular, the calculation of doubleValue % 2^{64} was wrong.
1252         This patch implemented it correctly in doubleToInteger() in wtf/MathExtras.h.
1253
1254         * wtf/MathExtras.h:
1255         (doubleToInteger): Implemented the spec correctly.
1256
1257 2011-11-03  Sheriff Bot  <webkit.review.bot@gmail.com>
1258
1259         Unreviewed, rolling out r99089.
1260         http://trac.webkit.org/changeset/99089
1261         https://bugs.webkit.org/show_bug.cgi?id=71448
1262
1263         @plt postfix for math functions cause crash on Linux 32 (the
1264         symbol is defined but it points to NULL) (Requested by
1265         zherczeg on #webkit).
1266
1267         * dfg/DFGOperations.cpp:
1268         * jit/JITStubs.cpp:
1269         * jit/ThunkGenerators.cpp:
1270
1271 2011-11-02  Filip Pizlo  <fpizlo@apple.com>
1272
1273         DFG inlining breaks function.arguments[something] if the argument being
1274         retrieved was subjected to DFG's unboxing optimizations
1275         https://bugs.webkit.org/show_bug.cgi?id=71436
1276
1277         Reviewed by Oliver Hunt.
1278         
1279         This makes inlined arguments retrieval use some of the same machinery as
1280         OSR to determine where from, and how, to retrieve a value that the DFG
1281         might have somehow squirreled away while the old JIT would put it in its
1282         obvious location, using an obvious format.
1283         
1284         To that end, previously DFG-internal notions such as DataFormat,
1285         VirtualRegister, and ValueRecovery are now in bytecode/ since they are
1286         stored as part of InlineCallFrames.
1287
1288         * bytecode/CodeOrigin.h:
1289         * dfg/DFGAbstractState.cpp:
1290         (JSC::DFG::AbstractState::execute):
1291         * dfg/DFGByteCodeParser.cpp:
1292         (JSC::DFG::ByteCodeParser::handleInlining):
1293         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1294         * dfg/DFGJITCompiler.cpp:
1295         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1296         * dfg/DFGJITCompiler32_64.cpp:
1297         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1298         * dfg/DFGNode.h:
1299         * dfg/DFGPropagator.cpp:
1300         (JSC::DFG::Propagator::propagateNodePredictions):
1301         * dfg/DFGSpeculativeJIT.cpp:
1302         (JSC::DFG::SpeculativeJIT::compile):
1303         * dfg/DFGSpeculativeJIT64.cpp:
1304         (JSC::DFG::SpeculativeJIT::compile):
1305         * interpreter/CallFrame.cpp:
1306         (JSC::CallFrame::trueCallerFrame):
1307         * interpreter/CallFrame.h:
1308         (JSC::ExecState::inlineCallFrame):
1309         * interpreter/Register.h:
1310         (JSC::Register::asInlineCallFrame):
1311         (JSC::Register::unboxedInt32):
1312         (JSC::Register::unboxedBoolean):
1313         (JSC::Register::unboxedCell):
1314         * runtime/Arguments.h:
1315         (JSC::Arguments::finishCreationAndCopyRegisters):
1316
1317 2011-11-02  Filip Pizlo  <fpizlo@apple.com>
1318
1319         ValueRecovery should be moved out of the DFG JIT
1320         https://bugs.webkit.org/show_bug.cgi?id=71439
1321
1322         Reviewed by Oliver Hunt.
1323
1324         * JavaScriptCore.xcodeproj/project.pbxproj:
1325         * bytecode/DataFormat.h: Added.
1326         (JSC::dataFormatToString):
1327         (JSC::needDataFormatConversion):
1328         (JSC::isJSFormat):
1329         (JSC::isJSInteger):
1330         (JSC::isJSDouble):
1331         (JSC::isJSCell):
1332         (JSC::isJSBoolean):
1333         * bytecode/ValueRecovery.h: Added.
1334         (JSC::ValueRecovery::ValueRecovery):
1335         (JSC::ValueRecovery::alreadyInRegisterFile):
1336         (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedInt32):
1337         (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedCell):
1338         (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
1339         (JSC::ValueRecovery::inGPR):
1340         (JSC::ValueRecovery::inPair):
1341         (JSC::ValueRecovery::inFPR):
1342         (JSC::ValueRecovery::displacedInRegisterFile):
1343         (JSC::ValueRecovery::constant):
1344         (JSC::ValueRecovery::technique):
1345         (JSC::ValueRecovery::isInRegisters):
1346         (JSC::ValueRecovery::gpr):
1347         (JSC::ValueRecovery::tagGPR):
1348         (JSC::ValueRecovery::payloadGPR):
1349         (JSC::ValueRecovery::fpr):
1350         (JSC::ValueRecovery::virtualRegister):
1351         (JSC::ValueRecovery::dump):
1352         * bytecode/VirtualRegister.h: Added.
1353         * dfg/DFGGenerationInfo.h:
1354         (JSC::DFG::GenerationInfo::isJSFormat):
1355         * dfg/DFGSpeculativeJIT.cpp:
1356         (JSC::DFG::ValueSource::dump):
1357         * dfg/DFGSpeculativeJIT.h:
1358         * dfg/DFGVariableAccessData.h:
1359
1360 2011-11-02  Sam Weinig  <sam@webkit.org>
1361
1362         Object.getOwnPropertyDescriptor() does not retrieve the getter/setter from a property on the window that has been overridden with a getter/setter
1363         https://bugs.webkit.org/show_bug.cgi?id=71333
1364
1365         Reviewed by Gavin Barraclough.
1366
1367         Tested by fast/dom/getter-on-window-object2.html
1368
1369         * runtime/PropertyDescriptor.cpp:
1370         (JSC::PropertyDescriptor::setDescriptor):
1371         The attributes returned from Structure::get do not include Getter or Setter, so
1372         instead check if the value is a GetterSetter like we do elsewhere. If it is, update
1373         the descriptor's attributes accordingly.
1374
1375 2011-11-02  Yuqiang Xian  <yuqiang.xian@intel.com>
1376
1377         FunctionPtr should accept FASTCALL functions on X86
1378         https://bugs.webkit.org/show_bug.cgi?id=71434
1379
1380         Reviewed by Filip Pizlo.
1381
1382         On X86 we sometimes use FASTCALL convention functions, for example the
1383         cti functions, and we may need the pointers to such functions, e.g.,
1384         in current DFG register file check and arity check, though long term
1385         we may avoid such usage of cti calls in DFG.
1386
1387         * assembler/MacroAssemblerCodeRef.h:
1388         (JSC::FunctionPtr::FunctionPtr):
1389
1390 2011-11-02  Filip Pizlo  <fpizlo@apple.com>
1391
1392         Inlined uses of the global object should use the right global object
1393         https://bugs.webkit.org/show_bug.cgi?id=71427
1394
1395         Reviewed by Oliver Hunt.
1396
1397         * dfg/DFGJITCompiler.h:
1398         (JSC::DFG::JITCompiler::globalObjectFor):
1399         * dfg/DFGSpeculativeJIT64.cpp:
1400         (JSC::DFG::SpeculativeJIT::compile):
1401
1402 2011-11-02  Yuqiang Xian  <yuqiang.xian@intel.com>
1403
1404         Remove some unnecessary loads/stores in DFG JIT 32_64
1405         https://bugs.webkit.org/show_bug.cgi?id=71090
1406
1407         Reviewed by Filip Pizlo.
1408
1409         In fillSpeculateCell and OSR exit, some unnecessary loads/stores can
1410         be eliminated.
1411
1412         * dfg/DFGJITCompiler32_64.cpp:
1413         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1414         * dfg/DFGSpeculativeJIT32_64.cpp:
1415         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1416
1417 2011-11-02  Adam Klein  <adamk@chromium.org>
1418
1419         Replace usage of StringImpl with String where possible in CharacterData and Text
1420         https://bugs.webkit.org/show_bug.cgi?id=71383
1421
1422         Reviewed by Darin Adler.
1423
1424         * wtf/text/WTFString.h:
1425         (WTF::String::containsOnlyWhitespace): Added new method.
1426
1427 2011-11-02  Mark Hahnenberg  <mhahnenberg@apple.com>
1428
1429         De-virtualize JSObject::getOwnPropertyNames
1430         https://bugs.webkit.org/show_bug.cgi?id=71307
1431
1432         Reviewed by Darin Adler.
1433
1434         Added getOwnPropertyNames to the MethodTable, changed all the virtual 
1435         implementations of getOwnPropertyNames to static ones, and replaced 
1436         all call sites with corresponding lookups in the MethodTable.
1437
1438         * API/JSCallbackObject.h:
1439         * API/JSCallbackObjectFunctions.h:
1440         (JSC::::getOwnPropertyNames):
1441         * JavaScriptCore.exp:
1442         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1443         * debugger/DebuggerActivation.cpp:
1444         (JSC::DebuggerActivation::getOwnPropertyNames):
1445         * debugger/DebuggerActivation.h:
1446         * runtime/Arguments.cpp:
1447         (JSC::Arguments::getOwnPropertyNames):
1448         * runtime/Arguments.h:
1449         * runtime/ClassInfo.h:
1450         * runtime/JSActivation.cpp:
1451         (JSC::JSActivation::getOwnPropertyNames):
1452         * runtime/JSActivation.h:
1453         * runtime/JSArray.cpp:
1454         (JSC::JSArray::getOwnPropertyNames):
1455         * runtime/JSArray.h:
1456         * runtime/JSByteArray.cpp:
1457         (JSC::JSByteArray::getOwnPropertyNames):
1458         * runtime/JSByteArray.h:
1459         * runtime/JSCell.cpp:
1460         (JSC::JSCell::getOwnPropertyNames):
1461         * runtime/JSCell.h:
1462         * runtime/JSFunction.cpp:
1463         (JSC::JSFunction::getOwnPropertyNames):
1464         * runtime/JSFunction.h:
1465         * runtime/JSNotAnObject.cpp:
1466         (JSC::JSNotAnObject::getOwnPropertyNames):
1467         * runtime/JSNotAnObject.h:
1468         * runtime/JSONObject.cpp:
1469         (JSC::Stringifier::Holder::appendNextProperty):
1470         (JSC::Walker::walk):
1471         * runtime/JSObject.cpp:
1472         (JSC::JSObject::getPropertyNames):
1473         (JSC::JSObject::getOwnPropertyNames):
1474         * runtime/JSObject.h:
1475         * runtime/JSVariableObject.cpp:
1476         (JSC::JSVariableObject::~JSVariableObject):
1477         (JSC::JSVariableObject::getOwnPropertyNames):
1478         * runtime/JSVariableObject.h:
1479         * runtime/ObjectConstructor.cpp:
1480         (JSC::objectConstructorGetOwnPropertyNames):
1481         (JSC::objectConstructorKeys):
1482         (JSC::defineProperties):
1483         * runtime/RegExpMatchesArray.h:
1484         (JSC::RegExpMatchesArray::getOwnPropertyNames):
1485         * runtime/StringObject.cpp:
1486         (JSC::StringObject::getOwnPropertyNames):
1487         * runtime/StringObject.h:
1488         * runtime/Structure.h:
1489
1490 2011-11-02  Dean Jackson  <dino@apple.com>
1491
1492         Add ENABLE_CSS_SHADERS flag
1493         https://bugs.webkit.org/show_bug.cgi?id=71394
1494
1495         Reviewed by Sam Weinig.
1496
1497         * Configurations/FeatureDefines.xcconfig:
1498
1499 2011-11-02  Alexey Shabalin  <a.shabalin@gmail.com>
1500
1501         TEXTREL in libjavascriptcoregtk-1.0.so.0.11.0 on x86 (or i586)
1502         https://bugs.webkit.org/show_bug.cgi?id=70610
1503
1504         Reviewed by Martin Robinson.
1505
1506         Properly annotate ASM on BSD and Linux x86 systems.
1507
1508         * dfg/DFGOperations.cpp: Add annotation for X86.
1509         * jit/JITStubs.cpp: Ditto.
1510         * jit/ThunkGenerators.cpp: Ditto.
1511
1512 2011-11-02  Xianzhu Wang  <wangxianzhu@chromium.org>
1513
1514         Missing Force8BitConstructor in 8-bit version of StringImpl::reallocate()
1515         https://bugs.webkit.org/show_bug.cgi?id=71347
1516
1517         Reviewed by Geoffrey Garen.
1518
1519         * wtf/text/StringImpl.cpp:
1520         (WTF::StringImpl::reallocate):
1521
1522 2011-11-01  Darin Adler  <darin@apple.com>
1523
1524         Cut down on malloc/free a bit in the parser arena
1525         https://bugs.webkit.org/show_bug.cgi?id=71343
1526
1527         Reviewed by Oliver Hunt.
1528
1529         * parser/ParserArena.cpp:
1530         (JSC::ParserArena::deallocateObjects): Call the destructors of
1531         the deletable objects before freeing the pools. Don't call
1532         fastFree on the deletable objects any more.
1533
1534         * parser/ParserArena.h:
1535         (JSC::ParserArena::allocateDeletable): Use allocateFreeable
1536         instead of fastMalloc here.
1537
1538 2011-11-01  Sam Weinig  <sam@webkit.org>
1539
1540         Implement __lookupGetter__/__lookupSetter__ in terms of getPropertyDescriptor
1541         https://bugs.webkit.org/show_bug.cgi?id=71336
1542
1543         Reviewed by Darin Adler.
1544
1545         * debugger/DebuggerActivation.cpp:
1546         * debugger/DebuggerActivation.h:
1547         Remove overrides of lookupGetter/lookupSetter, which are no longer needed
1548         due to implementing getPropertyDescriptor.
1549
1550         * runtime/JSObject.cpp:
1551         (JSC::JSObject::lookupGetter):
1552         (JSC::JSObject::lookupSetter):
1553         * runtime/JSObject.h:
1554         De-virtualize lookupGetter/lookupSetter, and implement them in terms of
1555         getPropertyDescriptor.
1556
1557 2011-11-01  Mark Hahnenberg  <mhahnenberg@apple.com>
1558
1559         De-virtualize JSObject::defineSetter
1560         https://bugs.webkit.org/show_bug.cgi?id=71303
1561
1562         Reviewed by Darin Adler.
1563
1564         Added defineSetter to the MethodTable, changed all the virtual 
1565         implementations of defineSetter to static ones, and replaced 
1566         all call sites with corresponding lookups in the MethodTable.
1567
1568         * JavaScriptCore.exp:
1569         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1570         * debugger/DebuggerActivation.cpp:
1571         (JSC::DebuggerActivation::defineSetter):
1572         * debugger/DebuggerActivation.h:
1573         * interpreter/Interpreter.cpp:
1574         (JSC::Interpreter::privateExecute):
1575         * jit/JITStubs.cpp:
1576         (JSC::DEFINE_STUB_FUNCTION):
1577         * runtime/ClassInfo.h:
1578         * runtime/JSCell.cpp:
1579         (JSC::JSCell::defineSetter):
1580         * runtime/JSCell.h:
1581         * runtime/JSGlobalObject.cpp:
1582         (JSC::JSGlobalObject::defineSetter):
1583         * runtime/JSGlobalObject.h:
1584         * runtime/JSObject.cpp:
1585         (JSC::JSObject::defineSetter):
1586         (JSC::putDescriptor):
1587         * runtime/JSObject.h:
1588         * runtime/ObjectPrototype.cpp:
1589         (JSC::objectProtoFuncDefineSetter):
1590
1591 2011-11-01  Filip Pizlo  <fpizlo@apple.com>
1592
1593         DFG inlining breaks function.arguments
1594         https://bugs.webkit.org/show_bug.cgi?id=71329
1595
1596         Reviewed by Oliver Hunt.
1597         
1598         The DFG was forgetting to store code origin mappings for inlined
1599         call sites. Some of the fast-path optimizations for
1600         CallFrame::trueCallerFrame() were wrong. An assertion in Arguments
1601         was wrong.
1602         
1603         I also took the opportunity to decrease code duplication between
1604         DFG64 and DFG32_64, because I didn't feel like writing the same
1605         code twice.
1606
1607         * bytecode/CodeBlock.h:
1608         (JSC::ExecState::isInlineCallFrame):
1609         * dfg/DFGJITCompiler.cpp:
1610         (JSC::DFG::JITCompiler::compileEntry):
1611         (JSC::DFG::JITCompiler::compileBody):
1612         (JSC::DFG::JITCompiler::link):
1613         (JSC::DFG::JITCompiler::compile):
1614         (JSC::DFG::JITCompiler::compileFunction):
1615         * dfg/DFGJITCompiler32_64.cpp:
1616         * dfg/DFGNode.h:
1617         * interpreter/CallFrame.cpp:
1618         (JSC::CallFrame::trueCallerFrame):
1619         * interpreter/CallFrame.h:
1620         * runtime/Arguments.h:
1621         (JSC::Arguments::getArgumentsData):
1622
1623 2011-11-01  Xianzhu Wang  <wangxianzhu@chromium.org>
1624
1625         StringImpl::reallocate() should have a 8-bit version
1626         https://bugs.webkit.org/show_bug.cgi?id=71210
1627
1628         Reviewed by Geoffrey Garen.
1629
1630         * wtf/text/StringImpl.cpp:
1631         (WTF::StringImpl::reallocate):
1632         * wtf/text/StringImpl.h:
1633
1634 2011-10-31  Filip Pizlo  <fpizlo@apple.com>
1635
1636         The GC should be parallel
1637         https://bugs.webkit.org/show_bug.cgi?id=70995
1638
1639         Reviewed by Geoff Garen.
1640         
1641         Added parallel tracing to the GC. This works by having local mark
1642         stacks per thread, and a global shared one. Threads sometimes
1643         donate cells from the mark stack to the global one if the heuristics
1644         tell them that it's affordable to do so. Threads that have depleted
1645         their local mark stacks try to steal some from the shared one.
1646
1647         Marking is now done using an atomic weak relaxed CAS (compare-and-swap).
1648         
1649         This is a 23% speed-up on V8-splay when I use 4 marking threads,
1650         leading to a 3.5% speed-up on V8.
1651         
1652         It also appears that this reduces GC pause times on real websites by
1653         more than half.
1654
1655         * JavaScriptCore.exp:
1656         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1657         * heap/Heap.cpp:
1658         (JSC::Heap::Heap):
1659         (JSC::Heap::~Heap):
1660         (JSC::Heap::markRoots):
1661         * heap/Heap.h:
1662         * heap/MarkStack.cpp:
1663         (JSC::MarkStackSegmentAllocator::MarkStackSegmentAllocator):
1664         (JSC::MarkStackSegmentAllocator::~MarkStackSegmentAllocator):
1665         (JSC::MarkStackSegmentAllocator::allocate):
1666         (JSC::MarkStackSegmentAllocator::release):
1667         (JSC::MarkStackSegmentAllocator::shrinkReserve):
1668         (JSC::MarkStackArray::MarkStackArray):
1669         (JSC::MarkStackArray::~MarkStackArray):
1670         (JSC::MarkStackArray::expand):
1671         (JSC::MarkStackArray::refill):
1672         (JSC::MarkStackArray::donateSomeCellsTo):
1673         (JSC::MarkStackArray::stealSomeCellsFrom):
1674         (JSC::MarkStackThreadSharedData::markingThreadMain):
1675         (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
1676         (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
1677         (JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData):
1678         (JSC::MarkStackThreadSharedData::reset):
1679         (JSC::MarkStack::reset):
1680         (JSC::SlotVisitor::donateSlow):
1681         (JSC::SlotVisitor::drain):
1682         (JSC::SlotVisitor::drainFromShared):
1683         (JSC::MarkStack::mergeOpaqueRoots):
1684         (JSC::SlotVisitor::harvestWeakReferences):
1685         * heap/MarkStack.h:
1686         (JSC::MarkStackSegment::data):
1687         (JSC::MarkStackSegment::capacityFromSize):
1688         (JSC::MarkStackSegment::sizeFromCapacity):
1689         (JSC::MarkStackArray::postIncTop):
1690         (JSC::MarkStackArray::preDecTop):
1691         (JSC::MarkStackArray::setTopForFullSegment):
1692         (JSC::MarkStackArray::setTopForEmptySegment):
1693         (JSC::MarkStackArray::top):
1694         (JSC::MarkStackArray::validatePrevious):
1695         (JSC::MarkStack::addWeakReferenceHarvester):
1696         (JSC::MarkStack::mergeOpaqueRootsIfNecessary):
1697         (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
1698         (JSC::MarkStack::MarkStack):
1699         (JSC::MarkStack::addOpaqueRoot):
1700         (JSC::MarkStack::containsOpaqueRoot):
1701         (JSC::MarkStack::opaqueRootCount):
1702         (JSC::MarkStackArray::append):
1703         (JSC::MarkStackArray::canRemoveLast):
1704         (JSC::MarkStackArray::removeLast):
1705         (JSC::MarkStackArray::isEmpty):
1706         (JSC::MarkStackArray::canDonateSomeCells):
1707         (JSC::MarkStackArray::size):
1708         (JSC::ParallelModeEnabler::ParallelModeEnabler):
1709         (JSC::ParallelModeEnabler::~ParallelModeEnabler):
1710         * heap/MarkedBlock.h:
1711         (JSC::MarkedBlock::testAndSetMarked):
1712         * heap/SlotVisitor.h:
1713         (JSC::SlotVisitor::donate):
1714         (JSC::SlotVisitor::donateAndDrain):
1715         (JSC::SlotVisitor::donateKnownParallel):
1716         (JSC::SlotVisitor::SlotVisitor):
1717         * heap/WeakReferenceHarvester.h:
1718         * runtime/Heuristics.cpp:
1719         (JSC::Heuristics::initializeHeuristics):
1720         * runtime/Heuristics.h:
1721         * wtf/Atomics.h:
1722         (WTF::weakCompareAndSwap):
1723         * wtf/Bitmap.h:
1724         (WTF::::Bitmap):
1725         (WTF::::get):
1726         (WTF::::set):
1727         (WTF::::testAndSet):
1728         (WTF::::testAndClear):
1729         (WTF::::concurrentTestAndSet):
1730         (WTF::::concurrentTestAndClear):
1731         (WTF::::clear):
1732         (WTF::::clearAll):
1733         (WTF::::nextPossiblyUnset):
1734         (WTF::::findRunOfZeros):
1735         (WTF::::count):
1736         (WTF::::isEmpty):
1737         (WTF::::isFull):
1738         * wtf/MainThread.h:
1739         (WTF::isMainThreadOrGCThread):
1740         * wtf/Platform.h:
1741         * wtf/ThreadSpecific.h:
1742         (WTF::::isSet):
1743         * wtf/mac/MainThreadMac.mm:
1744         (WTF::initializeGCThreads):
1745         (WTF::initializeMainThreadPlatform):
1746         (WTF::initializeMainThreadToProcessMainThreadPlatform):
1747         (WTF::registerGCThread):
1748         (WTF::isMainThreadOrGCThread):
1749
1750 2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
1751
1752         De-virtualize JSObject::defaultValue
1753         https://bugs.webkit.org/show_bug.cgi?id=71146
1754
1755         Reviewed by Sam Weinig.
1756
1757         Added defaultValue to the MethodTable.  Replaced all virtual versions of 
1758         defaultValue with static versions.  Replaced all call sites with lookups in the 
1759         MethodTable.
1760
1761         * JavaScriptCore.exp:
1762         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1763         * runtime/ClassInfo.h:
1764         * runtime/ExceptionHelpers.cpp:
1765         (JSC::InterruptedExecutionError::defaultValue):
1766         (JSC::TerminatedExecutionError::defaultValue):
1767         * runtime/ExceptionHelpers.h:
1768         * runtime/JSCell.cpp:
1769         (JSC::JSCell::defaultValue):
1770         * runtime/JSCell.h:
1771         * runtime/JSNotAnObject.cpp:
1772         (JSC::JSNotAnObject::defaultValue):
1773         * runtime/JSNotAnObject.h:
1774         * runtime/JSObject.cpp:
1775         (JSC::JSObject::getPrimitiveNumber):
1776         (JSC::JSObject::defaultValue):
1777         * runtime/JSObject.h:
1778         (JSC::JSObject::toPrimitive):
1779
1780 2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
1781
1782         Interpreter build fix
1783
1784         Unreviewed build fix
1785
1786         * interpreter/Interpreter.cpp:
1787         (JSC::Interpreter::privateExecute):
1788         * runtime/Executable.cpp:
1789         (JSC::FunctionExecutable::compileForCallInternal):
1790         (JSC::FunctionExecutable::compileForConstructInternal):
1791
1792 2011-10-31  Filip Pizlo  <fpizlo@apple.com>
1793
1794         DFG OSR exits should add to value profiles
1795         https://bugs.webkit.org/show_bug.cgi?id=71202
1796
1797         Reviewed by Oliver Hunt.
1798         
1799         Value profiles now have an extra special slot not used by the old JIT's
1800         profiling, which is reserved for OSR exits.
1801         
1802         The DFG's OSR exit code now knows which register, node index, and value
1803         profiling site was responsible for the (possibly flawed) information that
1804         led to the OSR failure. This is somewhat opportunistic and imperfect;
1805         if there's a lot of control flow between the value profiling site and the
1806         OSR failure point, then this mechanism simply gives up. It also gives up
1807         if the OSR failure is caused by either known deficiencies in the DFG
1808         (like that we always assume that the index in a strict charCodeAt access
1809         is within bounds) or where the OSR failure would be catalogues and
1810         profiled through other means (like slow case counters).
1811         
1812         This patch also adds the notion of a JSValueRegs, which is either a
1813         single register in JSVALUE64 or a pair in JSVALUE32_64. We should
1814         probably move the 32_64 DFG towards using this, since it often makes it
1815         easier to share code between 64 and 32_64.
1816         
1817         Also fixed a number of pathologies that this uncovered. op_method_check 
1818         didn't have a value profiling site on the slow path. GetById should not
1819         always force OSR exit if it never executed in the old JIT; we may be
1820         able to infer its type if it's a array or string length get. Finally,
1821         these changes benefit from a slight tweak to optimization delay
1822         heuristics (profile fullness is now 0.35 instead of 0.25).
1823         
1824         3.8% speed-up on Kraken, mostly due to ~35% on both stanford-crypto-aes
1825         and imaging-darkroom.
1826
1827         * bytecode/ValueProfile.cpp:
1828         (JSC::ValueProfile::computeStatistics):
1829         (JSC::ValueProfile::computeUpdatedPrediction):
1830         * bytecode/ValueProfile.h:
1831         (JSC::ValueProfile::ValueProfile):
1832         (JSC::ValueProfile::specFailBucket):
1833         (JSC::ValueProfile::numberOfSamples):
1834         (JSC::ValueProfile::isLive):
1835         (JSC::ValueProfile::numberOfInt32s):
1836         (JSC::ValueProfile::numberOfDoubles):
1837         (JSC::ValueProfile::numberOfCells):
1838         (JSC::ValueProfile::numberOfObjects):
1839         (JSC::ValueProfile::numberOfFinalObjects):
1840         (JSC::ValueProfile::numberOfStrings):
1841         (JSC::ValueProfile::numberOfArrays):
1842         (JSC::ValueProfile::numberOfBooleans):
1843         (JSC::ValueProfile::dump):
1844         * dfg/DFGAbstractState.cpp:
1845         (JSC::DFG::AbstractState::execute):
1846         * dfg/DFGByteCodeParser.cpp:
1847         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
1848         (JSC::DFG::ByteCodeParser::getPrediction):
1849         (JSC::DFG::ByteCodeParser::parseBlock):
1850         * dfg/DFGGPRInfo.h:
1851         (JSC::DFG::JSValueRegs::JSValueRegs):
1852         (JSC::DFG::JSValueRegs::operator!):
1853         (JSC::DFG::JSValueRegs::gpr):
1854         (JSC::DFG::JSValueSource::JSValueSource):
1855         (JSC::DFG::JSValueSource::unboxedCell):
1856         (JSC::DFG::JSValueSource::operator!):
1857         (JSC::DFG::JSValueSource::isAddress):
1858         (JSC::DFG::JSValueSource::offset):
1859         (JSC::DFG::JSValueSource::base):
1860         (JSC::DFG::JSValueSource::gpr):
1861         (JSC::DFG::JSValueSource::asAddress):
1862         (JSC::DFG::JSValueSource::notAddress):
1863         (JSC::DFG::JSValueRegs::tagGPR):
1864         (JSC::DFG::JSValueRegs::payloadGPR):
1865         (JSC::DFG::JSValueSource::tagGPR):
1866         (JSC::DFG::JSValueSource::payloadGPR):
1867         (JSC::DFG::JSValueSource::hasKnownTag):
1868         (JSC::DFG::JSValueSource::tag):
1869         * dfg/DFGGenerationInfo.h:
1870         (JSC::DFG::GenerationInfo::jsValueRegs):
1871         * dfg/DFGGraph.h:
1872         (JSC::DFG::Graph::valueProfileFor):
1873         * dfg/DFGJITCodeGenerator.h:
1874         (JSC::JSValueOperand::jsValueRegs):
1875         * dfg/DFGJITCompiler.cpp:
1876         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1877         * dfg/DFGJITCompiler.h:
1878         (JSC::DFG::JITCompiler::valueProfileFor):
1879         * dfg/DFGJITCompiler32_64.cpp:
1880         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1881         * dfg/DFGPropagator.cpp:
1882         (JSC::DFG::Propagator::propagateNodePredictions):
1883         * dfg/DFGSpeculativeJIT.cpp:
1884         (JSC::DFG::OSRExit::OSRExit):
1885         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
1886         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
1887         (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
1888         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
1889         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
1890         (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
1891         * dfg/DFGSpeculativeJIT.h:
1892         (JSC::DFG::SpeculativeJIT::speculationCheck):
1893         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
1894         * dfg/DFGSpeculativeJIT32_64.cpp:
1895         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1896         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1897         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1898         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1899         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
1900         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1901         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1902         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1903         (JSC::DFG::SpeculativeJIT::compile):
1904         * dfg/DFGSpeculativeJIT64.cpp:
1905         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1906         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1907         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1908         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1909         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
1910         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1911         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1912         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1913         (JSC::DFG::SpeculativeJIT::emitBranch):
1914         (JSC::DFG::SpeculativeJIT::compile):
1915         * jit/JITPropertyAccess.cpp:
1916         (JSC::JIT::emitSlow_op_method_check):
1917         * jit/JITPropertyAccess32_64.cpp:
1918         (JSC::JIT::emitSlow_op_method_check):
1919         * runtime/Heuristics.cpp:
1920         (JSC::Heuristics::initializeHeuristics):
1921         * runtime/JSValue.h:
1922
1923 2011-10-31  Sam Weinig  <sam@webkit.org>
1924
1925         Remove need for virtual JSObject::unwrappedObject
1926         https://bugs.webkit.org/show_bug.cgi?id=71034
1927
1928         Reviewed by Geoffrey Garen.
1929
1930         * JavaScriptCore.exp:
1931         Update exports.
1932
1933         * CMakeLists.txt:
1934         * GNUmakefile.list.am:
1935         * JavaScriptCore.exp:
1936         * JavaScriptCore.gypi:
1937         * JavaScriptCore.pro:
1938         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1939         * JavaScriptCore.xcodeproj/project.pbxproj:
1940         Add JSGlobalThis.cpp.
1941
1942         * runtime/JSGlobalThis.cpp: Added.
1943         (JSC::JSGlobalThis::visitChildren):
1944         (JSC::JSGlobalThis::unwrappedObject):
1945         * runtime/JSGlobalThis.h:
1946         (JSC::JSGlobalThis::createStructure):
1947         Move underlying object from JSDOMWindowShell down to JSGlobalThis
1948         and corresponding visitChildren method.
1949
1950         * runtime/JSObject.cpp:
1951         (JSC::JSObject::unwrappedObject):
1952         Change unwrappedObject from virtual, to just needing an if check.
1953
1954         * runtime/JSObject.h:
1955         (JSC::JSObject::isGlobalThis):
1956         * runtime/JSType.h:
1957         Add isGlobalThis predicate and type.
1958
1959 2011-10-31  Xianzhu Wang  <wangxianzhu@chromium.org>
1960
1961         WTF::StringImpl::create(const char*, unsigned) calls itself
1962         https://bugs.webkit.org/show_bug.cgi?id=71206
1963
1964         The original implementation just calls itself, causing infinite recursion.
1965         Cast the first parameter to const LChar* to fix that.
1966
1967         Reviewed by Ryosuke Niwa.
1968
1969         * wtf/text/StringImpl.h:
1970         (WTF::StringImpl::create):
1971
1972 2011-10-31  Andy Wingo  <wingo@igalia.com>
1973
1974         Fix DFG JIT compilation on Linux targets.
1975         https://bugs.webkit.org/show_bug.cgi?id=70904
1976
1977         Reviewed by Darin Adler.
1978
1979         * jit/JITStubs.cpp (SYMBOL_STRING_RELOCATION): Simplify this
1980         macro.
1981
1982         * dfg/DFGOperations.cpp (SYMBOL_STRING_RELOCATION): Copy the
1983         simplified definition from jit/JITStubs.cpp.
1984         (FUNCTION_WRAPPER_WITH_RETURN_ADDRESS, getHostCallReturnValue):
1985         Use the macro to access trampoline targets through the PLT on PIC
1986         systems, instead of introducing a text relocation.  Otherwise, the
1987         library fails to link.
1988
1989 2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
1990
1991         De-virtualize JSObject::defineGetter
1992         https://bugs.webkit.org/show_bug.cgi?id=71134
1993
1994         Reviewed by Darin Adler.
1995
1996         Added defineGetter to the MethodTable.  Replaced all virtual versions of defineGetter
1997         with static versions.  Replaced all call sites with lookups in the MethodTable.
1998
1999         * JavaScriptCore.exp:
2000         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2001         * debugger/DebuggerActivation.cpp:
2002         (JSC::DebuggerActivation::defineGetter):
2003         * debugger/DebuggerActivation.h:
2004         * interpreter/Interpreter.cpp:
2005         (JSC::Interpreter::privateExecute):
2006         * jit/JITStubs.cpp:
2007         (JSC::DEFINE_STUB_FUNCTION):
2008         * runtime/ClassInfo.h:
2009         * runtime/JSCell.cpp:
2010         (JSC::JSCell::defineGetter):
2011         * runtime/JSCell.h:
2012         * runtime/JSGlobalObject.cpp:
2013         (JSC::JSGlobalObject::defineGetter):
2014         * runtime/JSGlobalObject.h:
2015         * runtime/JSObject.cpp:
2016         (JSC::JSObject::defineGetter):
2017         (JSC::putDescriptor):
2018         * runtime/JSObject.h:
2019         * runtime/ObjectPrototype.cpp:
2020         (JSC::objectProtoFuncDefineGetter):
2021
2022 2011-10-31  Michael Saboff  <msaboff@apple.com>
2023
2024         Towards 8-bit Strings: Move Lexer and Parser Objects out of JSGlobalData
2025         https://bugs.webkit.org/show_bug.cgi?id=71138
2026
2027         Restructure and movement of Lexer and Parser code.
2028         Moved Lexer and Parser objects out of JSGlobalData.
2029         Added a new ParserTokens class and instance to JSGlobalData that
2030         have JavaScript token related definitions.
2031         Replaced JSGlobalData arguments to Node classes with lineNumber,
2032         as that was the only use of the JSGlobalData.
2033         Combined JSParser and Parser classes into one class,
2034         eliminating JSParser.h and .cpp.
2035         Various supporting #include changes.
2036
2037         These mostly mechanical changes are done in preparation to
2038         making the Lexer and Parser template classes.
2039
2040         Reviewed by Darin Adler.
2041
2042         * CMakeLists.txt:
2043         * GNUmakefile.list.am:
2044         * JavaScriptCore.gypi:
2045         * JavaScriptCore.pro:
2046         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2047         * JavaScriptCore.xcodeproj/project.pbxproj:
2048         * bytecompiler/NodesCodegen.cpp:
2049         (JSC::ArrayNode::toArgumentList):
2050         (JSC::ApplyFunctionCallDotNode::emitBytecode):
2051         * parser/ASTBuilder.h:
2052         (JSC::ASTBuilder::ASTBuilder):
2053         (JSC::ASTBuilder::createSourceElements):
2054         (JSC::ASTBuilder::createCommaExpr):
2055         (JSC::ASTBuilder::createLogicalNot):
2056         (JSC::ASTBuilder::createUnaryPlus):
2057         (JSC::ASTBuilder::createVoid):
2058         (JSC::ASTBuilder::thisExpr):
2059         (JSC::ASTBuilder::createResolve):
2060         (JSC::ASTBuilder::createObjectLiteral):
2061         (JSC::ASTBuilder::createArray):
2062         (JSC::ASTBuilder::createNumberExpr):
2063         (JSC::ASTBuilder::createString):
2064         (JSC::ASTBuilder::createBoolean):
2065         (JSC::ASTBuilder::createNull):
2066         (JSC::ASTBuilder::createBracketAccess):
2067         (JSC::ASTBuilder::createDotAccess):
2068         (JSC::ASTBuilder::createRegExp):
2069         (JSC::ASTBuilder::createNewExpr):
2070         (JSC::ASTBuilder::createConditionalExpr):
2071         (JSC::ASTBuilder::createAssignResolve):
2072         (JSC::ASTBuilder::createFunctionExpr):
2073         (JSC::ASTBuilder::createFunctionBody):
2074         (JSC::ASTBuilder::createGetterOrSetterProperty):
2075         (JSC::ASTBuilder::createArguments):
2076         (JSC::ASTBuilder::createArgumentsList):
2077         (JSC::ASTBuilder::createPropertyList):
2078         (JSC::ASTBuilder::createElementList):
2079         (JSC::ASTBuilder::createFormalParameterList):
2080         (JSC::ASTBuilder::createClause):
2081         (JSC::ASTBuilder::createClauseList):
2082         (JSC::ASTBuilder::createFuncDeclStatement):
2083         (JSC::ASTBuilder::createBlockStatement):
2084         (JSC::ASTBuilder::createExprStatement):
2085         (JSC::ASTBuilder::createIfStatement):
2086         (JSC::ASTBuilder::createForLoop):
2087         (JSC::ASTBuilder::createForInLoop):
2088         (JSC::ASTBuilder::createEmptyStatement):
2089         (JSC::ASTBuilder::createVarStatement):
2090         (JSC::ASTBuilder::createReturnStatement):
2091         (JSC::ASTBuilder::createBreakStatement):
2092         (JSC::ASTBuilder::createContinueStatement):
2093         (JSC::ASTBuilder::createTryStatement):
2094         (JSC::ASTBuilder::createSwitchStatement):
2095         (JSC::ASTBuilder::createWhileStatement):
2096         (JSC::ASTBuilder::createDoWhileStatement):
2097         (JSC::ASTBuilder::createLabelStatement):
2098         (JSC::ASTBuilder::createWithStatement):
2099         (JSC::ASTBuilder::createThrowStatement):
2100         (JSC::ASTBuilder::createDebugger):
2101         (JSC::ASTBuilder::createConstStatement):
2102         (JSC::ASTBuilder::appendConstDecl):
2103         (JSC::ASTBuilder::combineCommaNodes):
2104         (JSC::ASTBuilder::appendBinaryOperation):
2105         (JSC::ASTBuilder::createAssignment):
2106         (JSC::ASTBuilder::createNumber):
2107         (JSC::ASTBuilder::makeTypeOfNode):
2108         (JSC::ASTBuilder::makeDeleteNode):
2109         (JSC::ASTBuilder::makeNegateNode):
2110         (JSC::ASTBuilder::makeBitwiseNotNode):
2111         (JSC::ASTBuilder::makeMultNode):
2112         (JSC::ASTBuilder::makeDivNode):
2113         (JSC::ASTBuilder::makeModNode):
2114         (JSC::ASTBuilder::makeAddNode):
2115         (JSC::ASTBuilder::makeSubNode):
2116         (JSC::ASTBuilder::makeLeftShiftNode):
2117         (JSC::ASTBuilder::makeRightShiftNode):
2118         (JSC::ASTBuilder::makeURightShiftNode):
2119         (JSC::ASTBuilder::makeBitOrNode):
2120         (JSC::ASTBuilder::makeBitAndNode):
2121         (JSC::ASTBuilder::makeBitXOrNode):
2122         (JSC::ASTBuilder::makeFunctionCallNode):
2123         (JSC::ASTBuilder::makeBinaryNode):
2124         (JSC::ASTBuilder::makeAssignNode):
2125         (JSC::ASTBuilder::makePrefixNode):
2126         (JSC::ASTBuilder::makePostfixNode):
2127         * parser/JSParser.cpp: Removed.
2128         * parser/JSParser.h: Removed.
2129         * parser/Lexer.cpp:
2130         (JSC::Keywords::Keywords):
2131         (JSC::Lexer::Lexer):
2132         (JSC::Lexer::~Lexer):
2133         (JSC::Lexer::setCode):
2134         (JSC::Lexer::parseIdentifier):
2135         * parser/Lexer.h:
2136         (JSC::Keywords::isKeyword):
2137         (JSC::Keywords::getKeyword):
2138         (JSC::Keywords::~Keywords):
2139         (JSC::Lexer::setIsReparsing):
2140         (JSC::Lexer::isReparsing):
2141         (JSC::Lexer::lineNumber):
2142         (JSC::Lexer::setLastLineNumber):
2143         (JSC::Lexer::lastLineNumber):
2144         (JSC::Lexer::prevTerminator):
2145         (JSC::Lexer::sawError):
2146         (JSC::Lexer::getErrorMessage):
2147         (JSC::Lexer::currentOffset):
2148         (JSC::Lexer::setOffset):
2149         (JSC::Lexer::setLineNumber):
2150         (JSC::Lexer::sourceProvider):
2151         (JSC::Lexer::isWhiteSpace):
2152         (JSC::Lexer::isLineTerminator):
2153         (JSC::Lexer::convertHex):
2154         (JSC::Lexer::convertUnicode):
2155         (JSC::Lexer::makeIdentifier):
2156         (JSC::Lexer::lexExpectIdentifier):
2157         * parser/NodeConstructors.h:
2158         (JSC::ParserArenaFreeable::operator new):
2159         (JSC::ParserArenaDeletable::operator new):
2160         (JSC::ParserArenaRefCounted::ParserArenaRefCounted):
2161         (JSC::Node::Node):
2162         (JSC::ExpressionNode::ExpressionNode):
2163         (JSC::StatementNode::StatementNode):
2164         (JSC::NullNode::NullNode):
2165         (JSC::BooleanNode::BooleanNode):
2166         (JSC::NumberNode::NumberNode):
2167         (JSC::StringNode::StringNode):
2168         (JSC::RegExpNode::RegExpNode):
2169         (JSC::ThisNode::ThisNode):
2170         (JSC::ResolveNode::ResolveNode):
2171         (JSC::ElementNode::ElementNode):
2172         (JSC::ArrayNode::ArrayNode):
2173         (JSC::PropertyNode::PropertyNode):
2174         (JSC::PropertyListNode::PropertyListNode):
2175         (JSC::ObjectLiteralNode::ObjectLiteralNode):
2176         (JSC::BracketAccessorNode::BracketAccessorNode):
2177         (JSC::DotAccessorNode::DotAccessorNode):
2178         (JSC::ArgumentListNode::ArgumentListNode):
2179         (JSC::ArgumentsNode::ArgumentsNode):
2180         (JSC::NewExprNode::NewExprNode):
2181         (JSC::EvalFunctionCallNode::EvalFunctionCallNode):
2182         (JSC::FunctionCallValueNode::FunctionCallValueNode):
2183         (JSC::FunctionCallResolveNode::FunctionCallResolveNode):
2184         (JSC::FunctionCallBracketNode::FunctionCallBracketNode):
2185         (JSC::FunctionCallDotNode::FunctionCallDotNode):
2186         (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
2187         (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
2188         (JSC::PrePostResolveNode::PrePostResolveNode):
2189         (JSC::PostfixResolveNode::PostfixResolveNode):
2190         (JSC::PostfixBracketNode::PostfixBracketNode):
2191         (JSC::PostfixDotNode::PostfixDotNode):
2192         (JSC::PostfixErrorNode::PostfixErrorNode):
2193         (JSC::DeleteResolveNode::DeleteResolveNode):
2194         (JSC::DeleteBracketNode::DeleteBracketNode):
2195         (JSC::DeleteDotNode::DeleteDotNode):
2196         (JSC::DeleteValueNode::DeleteValueNode):
2197         (JSC::VoidNode::VoidNode):
2198         (JSC::TypeOfResolveNode::TypeOfResolveNode):
2199         (JSC::TypeOfValueNode::TypeOfValueNode):
2200         (JSC::PrefixResolveNode::PrefixResolveNode):
2201         (JSC::PrefixBracketNode::PrefixBracketNode):
2202         (JSC::PrefixDotNode::PrefixDotNode):
2203         (JSC::PrefixErrorNode::PrefixErrorNode):
2204         (JSC::UnaryOpNode::UnaryOpNode):
2205         (JSC::UnaryPlusNode::UnaryPlusNode):
2206         (JSC::NegateNode::NegateNode):
2207         (JSC::BitwiseNotNode::BitwiseNotNode):
2208         (JSC::LogicalNotNode::LogicalNotNode):
2209         (JSC::BinaryOpNode::BinaryOpNode):
2210         (JSC::MultNode::MultNode):
2211         (JSC::DivNode::DivNode):
2212         (JSC::ModNode::ModNode):
2213         (JSC::AddNode::AddNode):
2214         (JSC::SubNode::SubNode):
2215         (JSC::LeftShiftNode::LeftShiftNode):
2216         (JSC::RightShiftNode::RightShiftNode):
2217         (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
2218         (JSC::LessNode::LessNode):
2219         (JSC::GreaterNode::GreaterNode):
2220         (JSC::LessEqNode::LessEqNode):
2221         (JSC::GreaterEqNode::GreaterEqNode):
2222         (JSC::ThrowableBinaryOpNode::ThrowableBinaryOpNode):
2223         (JSC::InstanceOfNode::InstanceOfNode):
2224         (JSC::InNode::InNode):
2225         (JSC::EqualNode::EqualNode):
2226         (JSC::NotEqualNode::NotEqualNode):
2227         (JSC::StrictEqualNode::StrictEqualNode):
2228         (JSC::NotStrictEqualNode::NotStrictEqualNode):
2229         (JSC::BitAndNode::BitAndNode):
2230         (JSC::BitOrNode::BitOrNode):
2231         (JSC::BitXOrNode::BitXOrNode):
2232         (JSC::LogicalOpNode::LogicalOpNode):
2233         (JSC::ConditionalNode::ConditionalNode):
2234         (JSC::ReadModifyResolveNode::ReadModifyResolveNode):
2235         (JSC::AssignResolveNode::AssignResolveNode):
2236         (JSC::ReadModifyBracketNode::ReadModifyBracketNode):
2237         (JSC::AssignBracketNode::AssignBracketNode):
2238         (JSC::AssignDotNode::AssignDotNode):
2239         (JSC::ReadModifyDotNode::ReadModifyDotNode):
2240         (JSC::AssignErrorNode::AssignErrorNode):
2241         (JSC::CommaNode::CommaNode):
2242         (JSC::ConstStatementNode::ConstStatementNode):
2243         (JSC::SourceElements::SourceElements):
2244         (JSC::EmptyStatementNode::EmptyStatementNode):
2245         (JSC::DebuggerStatementNode::DebuggerStatementNode):
2246         (JSC::ExprStatementNode::ExprStatementNode):
2247         (JSC::VarStatementNode::VarStatementNode):
2248         (JSC::IfNode::IfNode):
2249         (JSC::IfElseNode::IfElseNode):
2250         (JSC::DoWhileNode::DoWhileNode):
2251         (JSC::WhileNode::WhileNode):
2252         (JSC::ForNode::ForNode):
2253         (JSC::ContinueNode::ContinueNode):
2254         (JSC::BreakNode::BreakNode):
2255         (JSC::ReturnNode::ReturnNode):
2256         (JSC::WithNode::WithNode):
2257         (JSC::LabelNode::LabelNode):
2258         (JSC::ThrowNode::ThrowNode):
2259         (JSC::TryNode::TryNode):
2260         (JSC::ParameterNode::ParameterNode):
2261         (JSC::FuncExprNode::FuncExprNode):
2262         (JSC::FuncDeclNode::FuncDeclNode):
2263         (JSC::CaseClauseNode::CaseClauseNode):
2264         (JSC::ClauseListNode::ClauseListNode):
2265         (JSC::CaseBlockNode::CaseBlockNode):
2266         (JSC::SwitchNode::SwitchNode):
2267         (JSC::ConstDeclNode::ConstDeclNode):
2268         (JSC::BlockNode::BlockNode):
2269         (JSC::ForInNode::ForInNode):
2270         * parser/NodeInfo.h:
2271         * parser/Nodes.cpp:
2272         (JSC::StatementNode::setLoc):
2273         (JSC::ScopeNode::ScopeNode):
2274         (JSC::ProgramNode::ProgramNode):
2275         (JSC::ProgramNode::create):
2276         (JSC::EvalNode::EvalNode):
2277         (JSC::EvalNode::create):
2278         (JSC::FunctionBodyNode::FunctionBodyNode):
2279         (JSC::FunctionBodyNode::create):
2280         * parser/Nodes.h:
2281         (JSC::Node::lineNo):
2282         * parser/Parser.cpp:
2283         (JSC::Parser::Parser):
2284         (JSC::Parser::~Parser):
2285         (JSC::Parser::parseInner):
2286         (JSC::Parser::allowAutomaticSemicolon):
2287         (JSC::Parser::parseSourceElements):
2288         (JSC::Parser::parseVarDeclaration):
2289         (JSC::Parser::parseConstDeclaration):
2290         (JSC::Parser::parseDoWhileStatement):
2291         (JSC::Parser::parseWhileStatement):
2292         (JSC::Parser::parseVarDeclarationList):
2293         (JSC::Parser::parseConstDeclarationList):
2294         (JSC::Parser::parseForStatement):
2295         (JSC::Parser::parseBreakStatement):
2296         (JSC::Parser::parseContinueStatement):
2297         (JSC::Parser::parseReturnStatement):
2298         (JSC::Parser::parseThrowStatement):
2299         (JSC::Parser::parseWithStatement):
2300         (JSC::Parser::parseSwitchStatement):
2301         (JSC::Parser::parseSwitchClauses):
2302         (JSC::Parser::parseSwitchDefaultClause):
2303         (JSC::Parser::parseTryStatement):
2304         (JSC::Parser::parseDebuggerStatement):
2305         (JSC::Parser::parseBlockStatement):
2306         (JSC::Parser::parseStatement):
2307         (JSC::Parser::parseFormalParameters):
2308         (JSC::Parser::parseFunctionBody):
2309         (JSC::Parser::parseFunctionInfo):
2310         (JSC::Parser::parseFunctionDeclaration):
2311         (JSC::LabelInfo::LabelInfo):
2312         (JSC::Parser::parseExpressionOrLabelStatement):
2313         (JSC::Parser::parseExpressionStatement):
2314         (JSC::Parser::parseIfStatement):
2315         (JSC::Parser::parseExpression):
2316         (JSC::Parser::parseAssignmentExpression):
2317         (JSC::Parser::parseConditionalExpression):
2318         (JSC::isUnaryOp):
2319         (JSC::Parser::isBinaryOperator):
2320         (JSC::Parser::parseBinaryExpression):
2321         (JSC::Parser::parseProperty):
2322         (JSC::Parser::parseObjectLiteral):
2323         (JSC::Parser::parseStrictObjectLiteral):
2324         (JSC::Parser::parseArrayLiteral):
2325         (JSC::Parser::parsePrimaryExpression):
2326         (JSC::Parser::parseArguments):
2327         (JSC::Parser::parseMemberExpression):
2328         (JSC::Parser::parseUnaryExpression):
2329         * parser/Parser.h:
2330         (JSC::isEvalNode):
2331         (JSC::EvalNode):
2332         (JSC::DepthManager::DepthManager):
2333         (JSC::DepthManager::~DepthManager):
2334         (JSC::ScopeLabelInfo::ScopeLabelInfo):
2335         (JSC::Scope::Scope):
2336         (JSC::Scope::startSwitch):
2337         (JSC::Scope::endSwitch):
2338         (JSC::Scope::startLoop):
2339         (JSC::Scope::endLoop):
2340         (JSC::Scope::inLoop):
2341         (JSC::Scope::breakIsValid):
2342         (JSC::Scope::continueIsValid):
2343         (JSC::Scope::pushLabel):
2344         (JSC::Scope::popLabel):
2345         (JSC::Scope::getLabel):
2346         (JSC::Scope::setIsFunction):
2347         (JSC::Scope::isFunction):
2348         (JSC::Scope::isFunctionBoundary):
2349         (JSC::Scope::declareVariable):
2350         (JSC::Scope::declareWrite):
2351         (JSC::Scope::preventNewDecls):
2352         (JSC::Scope::allowsNewDecls):
2353         (JSC::Scope::declareParameter):
2354         (JSC::Scope::useVariable):
2355         (JSC::Scope::setNeedsFullActivation):
2356         (JSC::Scope::collectFreeVariables):
2357         (JSC::Scope::getUncapturedWrittenVariables):
2358         (JSC::Scope::getCapturedVariables):
2359         (JSC::Scope::setStrictMode):
2360         (JSC::Scope::strictMode):
2361         (JSC::Scope::isValidStrictMode):
2362         (JSC::Scope::shadowsArguments):
2363         (JSC::Scope::copyCapturedVariablesToVector):
2364         (JSC::Scope::saveFunctionInfo):
2365         (JSC::Scope::restoreFunctionInfo):
2366         (JSC::ScopeRef::ScopeRef):
2367         (JSC::ScopeRef::operator->):
2368         (JSC::ScopeRef::index):
2369         (JSC::ScopeRef::hasContainingScope):
2370         (JSC::ScopeRef::containingScope):
2371         (JSC::Parser::AllowInOverride::AllowInOverride):
2372         (JSC::Parser::AllowInOverride::~AllowInOverride):
2373         (JSC::Parser::AutoPopScopeRef::AutoPopScopeRef):
2374         (JSC::Parser::AutoPopScopeRef::~AutoPopScopeRef):
2375         (JSC::Parser::AutoPopScopeRef::setPopped):
2376         (JSC::Parser::currentScope):
2377         (JSC::Parser::pushScope):
2378         (JSC::Parser::popScopeInternal):
2379         (JSC::Parser::popScope):
2380         (JSC::Parser::declareVariable):
2381         (JSC::Parser::declareWrite):
2382         (JSC::Parser::findCachedFunctionInfo):
2383         (JSC::Parser::isFunctionBodyNode):
2384         (JSC::Parser::next):
2385         (JSC::Parser::nextExpectIdentifier):
2386         (JSC::Parser::nextTokenIsColon):
2387         (JSC::Parser::consume):
2388         (JSC::Parser::getToken):
2389         (JSC::Parser::match):
2390         (JSC::Parser::tokenStart):
2391         (JSC::Parser::tokenLine):
2392         (JSC::Parser::tokenEnd):
2393         (JSC::Parser::getTokenName):
2394         (JSC::Parser::updateErrorMessageSpecialCase):
2395         (JSC::Parser::updateErrorMessage):
2396         (JSC::Parser::updateErrorWithNameAndMessage):
2397         (JSC::Parser::startLoop):
2398         (JSC::Parser::endLoop):
2399         (JSC::Parser::startSwitch):
2400         (JSC::Parser::endSwitch):
2401         (JSC::Parser::setStrictMode):
2402         (JSC::Parser::strictMode):
2403         (JSC::Parser::isValidStrictMode):
2404         (JSC::Parser::declareParameter):
2405         (JSC::Parser::breakIsValid):
2406         (JSC::Parser::continueIsValid):
2407         (JSC::Parser::pushLabel):
2408         (JSC::Parser::popLabel):
2409         (JSC::Parser::getLabel):
2410         (JSC::Parser::autoSemiColon):
2411         (JSC::Parser::canRecurse):
2412         (JSC::Parser::lastTokenEnd):
2413         (JSC::Parser::DepthManager::DepthManager):
2414         (JSC::Parser::DepthManager::~DepthManager):
2415         (JSC::Parser::parse):
2416         (JSC::parse):
2417         * parser/ParserTokens.h: Added.
2418         (JSC::JSTokenInfo::JSTokenInfo):
2419         * parser/SourceCode.h:
2420         (JSC::SourceCode::subExpression):
2421         * parser/SourceProviderCacheItem.h:
2422         * parser/SyntaxChecker.h:
2423         (JSC::SyntaxChecker::SyntaxChecker):
2424         (JSC::SyntaxChecker::makeFunctionCallNode):
2425         (JSC::SyntaxChecker::createCommaExpr):
2426         (JSC::SyntaxChecker::makeAssignNode):
2427         (JSC::SyntaxChecker::makePrefixNode):
2428         (JSC::SyntaxChecker::makePostfixNode):
2429         (JSC::SyntaxChecker::makeTypeOfNode):
2430         (JSC::SyntaxChecker::makeDeleteNode):
2431         (JSC::SyntaxChecker::makeNegateNode):
2432         (JSC::SyntaxChecker::makeBitwiseNotNode):
2433         (JSC::SyntaxChecker::createLogicalNot):
2434         (JSC::SyntaxChecker::createUnaryPlus):
2435         (JSC::SyntaxChecker::createVoid):
2436         (JSC::SyntaxChecker::thisExpr):
2437         (JSC::SyntaxChecker::createResolve):
2438         (JSC::SyntaxChecker::createObjectLiteral):
2439         (JSC::SyntaxChecker::createArray):
2440         (JSC::SyntaxChecker::createNumberExpr):
2441         (JSC::SyntaxChecker::createString):
2442         (JSC::SyntaxChecker::createBoolean):
2443         (JSC::SyntaxChecker::createNull):
2444         (JSC::SyntaxChecker::createBracketAccess):
2445         (JSC::SyntaxChecker::createDotAccess):
2446         (JSC::SyntaxChecker::createRegExp):
2447         (JSC::SyntaxChecker::createNewExpr):
2448         (JSC::SyntaxChecker::createConditionalExpr):
2449         (JSC::SyntaxChecker::createAssignResolve):
2450         (JSC::SyntaxChecker::createFunctionExpr):
2451         (JSC::SyntaxChecker::createFunctionBody):
2452         (JSC::SyntaxChecker::createArguments):
2453         (JSC::SyntaxChecker::createArgumentsList):
2454         (JSC::SyntaxChecker::createProperty):
2455         (JSC::SyntaxChecker::createPropertyList):
2456         (JSC::SyntaxChecker::createFuncDeclStatement):
2457         (JSC::SyntaxChecker::createBlockStatement):
2458         (JSC::SyntaxChecker::createExprStatement):
2459         (JSC::SyntaxChecker::createIfStatement):
2460         (JSC::SyntaxChecker::createForLoop):
2461         (JSC::SyntaxChecker::createForInLoop):
2462         (JSC::SyntaxChecker::createEmptyStatement):
2463         (JSC::SyntaxChecker::createVarStatement):
2464         (JSC::SyntaxChecker::createReturnStatement):
2465         (JSC::SyntaxChecker::createBreakStatement):
2466         (JSC::SyntaxChecker::createContinueStatement):
2467         (JSC::SyntaxChecker::createTryStatement):
2468         (JSC::SyntaxChecker::createSwitchStatement):
2469         (JSC::SyntaxChecker::createWhileStatement):
2470         (JSC::SyntaxChecker::createWithStatement):
2471         (JSC::SyntaxChecker::createDoWhileStatement):
2472         (JSC::SyntaxChecker::createLabelStatement):
2473         (JSC::SyntaxChecker::createThrowStatement):
2474         (JSC::SyntaxChecker::createDebugger):
2475         (JSC::SyntaxChecker::createConstStatement):
2476         (JSC::SyntaxChecker::appendConstDecl):
2477         (JSC::SyntaxChecker::createGetterOrSetterProperty):
2478         (JSC::SyntaxChecker::combineCommaNodes):
2479         (JSC::SyntaxChecker::operatorStackPop):
2480         * runtime/Executable.cpp:
2481         (JSC::EvalExecutable::compileInternal):
2482         (JSC::ProgramExecutable::checkSyntax):
2483         (JSC::ProgramExecutable::compileInternal):
2484         (JSC::FunctionExecutable::produceCodeBlockFor):
2485         (JSC::FunctionExecutable::fromGlobalCode):
2486         * runtime/JSGlobalData.cpp:
2487         (JSC::JSGlobalData::JSGlobalData):
2488         (JSC::JSGlobalData::~JSGlobalData):
2489         * runtime/JSGlobalData.h:
2490         * runtime/LiteralParser.cpp:
2491         (JSC::LiteralParser::tryJSONPParse):
2492
2493 2011-10-31  Filip Pizlo  <fpizlo@apple.com>
2494
2495         REGRESSION (r97118): Reproducible crash in JSCell::toPrimitive when adding
2496         https://bugs.webkit.org/show_bug.cgi?id=71227
2497
2498         Reviewed by Oliver Hunt.
2499         
2500         No new tests, since while I can see exactly where the DFG went wrong on the
2501         site in question from looking at the generated machine code, and while I can
2502         certainly believe that such a scenario would happen, I cannot visualize how
2503         to make it happen reproducibly. It requires an odd combination of double
2504         values getting spilled and then refilled, but then reboxed at just the right
2505         time so that the spilled value is an unboxed double while the in-register
2506         value is a boxed double.
2507
2508         * dfg/DFGJITCodeGenerator.h:
2509         (JSC::DFG::JITCodeGenerator::silentFillGPR):
2510
2511 2011-10-30  Filip Pizlo  <fpizlo@apple.com>
2512
2513         JSParser::parsePrimaryExpression should have an overflow check
2514         https://bugs.webkit.org/show_bug.cgi?id=71197
2515
2516         Reviewed by Geoff Garen.
2517
2518         * parser/JSParser.cpp:
2519         (JSC::JSParser::parsePrimaryExpression):
2520
2521 2011-10-30  Filip Pizlo  <fpizlo@apple.com>
2522
2523         DFG ValueAdd(string, int) should not fail speculation
2524         https://bugs.webkit.org/show_bug.cgi?id=71195
2525
2526         Reviewed by Geoff Garen.
2527         
2528         1% speed-up on V8.
2529
2530         * dfg/DFGNode.h:
2531         (JSC::DFG::Node::shouldNotSpeculateInteger):
2532         (JSC::DFG::Node::shouldSpeculateInteger):
2533
2534 2011-10-30  Filip Pizlo  <fpizlo@apple.com>
2535
2536         The DFG inliner should not flush the callee
2537         https://bugs.webkit.org/show_bug.cgi?id=71191
2538
2539         Reviewed by Oliver Hunt.
2540         
2541         0.6% speed-up on V8.
2542
2543         * bytecode/CodeBlock.cpp:
2544         (JSC::CodeBlock::visitAggregate):
2545         * bytecode/CodeOrigin.h:
2546         * dfg/DFGByteCodeParser.cpp:
2547         (JSC::DFG::ByteCodeParser::flush):
2548         (JSC::DFG::ByteCodeParser::handleInlining):
2549         (JSC::DFG::ByteCodeParser::parseBlock):
2550         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2551         (JSC::DFG::ByteCodeParser::parse):
2552         * dfg/DFGJITCompiler.cpp:
2553         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
2554         * dfg/DFGJITCompiler32_64.cpp:
2555         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
2556         * interpreter/CallFrame.cpp:
2557         (JSC::CallFrame::trueCallerFrameSlow):
2558
2559 2011-10-28  Mark Hahnenberg  <mhahnenberg@apple.com>
2560
2561         De-virtualize isGlobalObject, isVariableObject, isActivationObject, and isErrorInstance in JSObject
2562         https://bugs.webkit.org/show_bug.cgi?id=70968
2563
2564         Reviewed by Geoffrey Garen.
2565
2566         * API/JSCallbackObject.cpp: Added two specializations for createStructure that use different JSTypes in their
2567         TypeInfo.  Had to also create a specialization for JSNonFinalObject, even JSGlobalObject was the only that 
2568         needed it because Windows wouldn't build without it.
2569         (JSC::::createStructure):
2570         * API/JSCallbackObject.h:
2571         * JavaScriptCore.exp:
2572         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2573         * runtime/ErrorInstance.h: Removed virtual function and changed JSType provided to TypeInfo in createStructure. 
2574         (JSC::ErrorInstance::createStructure):
2575         * runtime/ErrorPrototype.h: Ditto
2576         (JSC::ErrorPrototype::createStructure):
2577         * runtime/JSActivation.h: Ditto
2578         (JSC::JSActivation::createStructure):
2579         * runtime/JSGlobalObject.h: Ditto
2580         (JSC::JSGlobalObject::createStructure):
2581         * runtime/JSObject.h: De-virtualized functions.  They now check the JSType of the object for the corresponding type.
2582         (JSC::JSObject::isGlobalObject):
2583         (JSC::JSObject::isVariableObject):
2584         (JSC::JSObject::isActivationObject):
2585         (JSC::JSObject::isErrorInstance):
2586         * runtime/JSType.h: Added new types for GlobalObject, VariableObject, ActivationObject, and ErrorInstance.
2587         * runtime/JSVariableObject.cpp: Removed virtual function.
2588         * runtime/JSVariableObject.h: Changed JSType provided to TypeInfo in createStructure.
2589         (JSC::JSVariableObject::createStructure):
2590
2591 2011-10-28  Pavel Feldman  <pfeldman@google.com>
2592
2593         Reset line numbers for scripts generated with document.write.
2594         https://bugs.webkit.org/show_bug.cgi?id=71099
2595
2596         Reviewed by Yury Semikhatsky.
2597
2598         * wtf/text/TextPosition.h:
2599         (WTF::OrdinalNumber::OrdinalNumber):
2600
2601 2011-10-27  Daniel Bates  <dbates@rim.com>
2602
2603         CMake: Add support to optionally install the built JavaScript shell
2604         https://bugs.webkit.org/show_bug.cgi?id=71062
2605
2606         Reviewed by Antonio Gomes.
2607
2608         Generate an installation rule for installing the JavaScript shell in
2609         /bin (with respect to the prefix path) when SHOULD_INSTALL_JS_SHELL
2610         is defined.
2611
2612         * shell/CMakeLists.txt:
2613
2614 2011-10-27  Kentaro Hara  <haraken@chromium.org>
2615
2616         Generate WebKitCSSMatrix constructor for JSC by [Constructor] IDL
2617         https://bugs.webkit.org/show_bug.cgi?id=70215
2618
2619         Reviewed by Adam Barth.
2620
2621         Added a method that judges if a given JSValue is empty.
2622
2623         Tests: transforms/svg-vs-css.xhtml
2624                transforms/cssmatrix-2d-interface.xhtml
2625                transforms/cssmatrix-3d-interface.xhtml
2626
2627         * runtime/JSValue.h:
2628         * runtime/JSValueInlineMethods.h:
2629         (JSC::JSValue::isEmpty):
2630
2631 2011-10-27  Michael Saboff  <msaboff@apple.com>
2632
2633         ENH: Add 8 bit string support to JSC JIT
2634         https://bugs.webkit.org/show_bug.cgi?id=71073
2635
2636         Changed the JIT String character access generation to create code
2637         to check the character size and load8() or load16() as approriate.
2638
2639         Reviewed by Gavin Barraclough.
2640
2641         * assembler/MacroAssemblerX86Common.h:
2642         (JSC::MacroAssemblerX86Common::load8):
2643         * assembler/X86Assembler.h:
2644         (JSC::X86Assembler::movzbl_mr):
2645         * dfg/DFGSpeculativeJIT.cpp:
2646         (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
2647         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
2648         * jit/JITInlineMethods.h:
2649         (JSC::JIT::emitLoadCharacterString):
2650         * jit/JITPropertyAccess.cpp:
2651         (JSC::JIT::stringGetByValStubGenerator):
2652         * jit/JITPropertyAccess32_64.cpp:
2653         (JSC::JIT::stringGetByValStubGenerator):
2654         * jit/JSInterfaceJIT.h:
2655         (JSC::ThunkHelpers::stringImplFlagsOffset):
2656         (JSC::ThunkHelpers::stringImpl8BitFlag):
2657         * jit/ThunkGenerators.cpp:
2658         (JSC::stringCharLoad):
2659
2660 2011-10-27  Filip Pizlo  <fpizlo@apple.com>
2661
2662         If the bytecode generator emits code after the return in the first basic block,
2663         DFG's inliner crashes
2664         https://bugs.webkit.org/show_bug.cgi?id=71071
2665
2666         Reviewed by Gavin Barraclough.
2667         
2668         Removed some cruft dealing with parsing failures due to unsupported functionality
2669         (that's never reached anymore due to it being caught in DFGCapabilities). This
2670         allowed me to repurpose the bool return from parseBlock() to mean: true if we
2671         should continue to parse, or false if we've already parsed all live code.
2672
2673         * dfg/DFGByteCodeParser.cpp:
2674         (JSC::DFG::ByteCodeParser::ByteCodeParser):
2675         (JSC::DFG::ByteCodeParser::parseBlock):
2676         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2677
2678 2011-10-27  Joseph Pecoraro  <pecoraro@apple.com>
2679
2680         Reviewed by David Kilzer.
2681
2682         Make FeatureDefines Identical Across OS X Projects
2683         https://bugs.webkit.org/show_bug.cgi?id=71051
2684
2685         * Configurations/FeatureDefines.xcconfig:
2686
2687 2011-10-27  Filip Pizlo  <fpizlo@apple.com>
2688
2689         Crash in JSC::Structure::materializePropertyMap when viewing Garden-O-Matic
2690         https://bugs.webkit.org/show_bug.cgi?id=71045
2691
2692         Reviewed by Geoff Garen.
2693         
2694         Make sure that if a structure is pinned, it also has a property map.
2695
2696         * runtime/Structure.cpp:
2697         (JSC::Structure::changePrototypeTransition):
2698         (JSC::Structure::despecifyFunctionTransition):
2699         (JSC::Structure::getterSetterTransition):
2700         (JSC::Structure::toDictionaryTransition):
2701         (JSC::Structure::preventExtensionsTransition):
2702         (JSC::Structure::addPropertyWithoutTransition):
2703         (JSC::Structure::removePropertyWithoutTransition):
2704         (JSC::Structure::pin):
2705         (JSC::Structure::copyPropertyTableForPinning):
2706         * runtime/Structure.h:
2707         (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
2708
2709 2011-10-27  Michael Saboff  <msaboff@apple.com>
2710
2711         32bit build failure after r98624
2712         https://bugs.webkit.org/show_bug.cgi?id=71064
2713
2714         Disambiguated operator overload with unsigned index (0u).
2715
2716         Reviewed by Sam Weinig.
2717
2718         * runtime/UString.h:
2719         (JSC::operator==):
2720
2721 2011-10-27  Gustavo Noronha Silva  <gns@gnome.org>
2722
2723         Fix building on GNU/kFreeBSD
2724         https://bugs.webkit.org/show_bug.cgi?id=71005
2725
2726         Reviewed by Darin Adler.
2727
2728         * config.h:
2729         * wtf/Platform.h:
2730
2731 2011-10-27  Michael Saboff  <msaboff@apple.com>
2732
2733         Investigate storing strings in 8-bit buffers when possible
2734         https://bugs.webkit.org/show_bug.cgi?id=66161
2735
2736         Investigate storing strings in 8-bit buffers when possible
2737         https://bugs.webkit.org/show_bug.cgi?id=66161
2738
2739         Added support for 8 bit string data in StringImpl.  Changed
2740         (UChar*) m_data to m_data16.  Added char* m_data8 as a union
2741         with m_data16.  Added UChar* m_copyData16 to the other union
2742         to store a 16 bit copy of an 8 bit string when needed.
2743         Added characters8() and characters16() accessor methods
2744         that assume the caller has checked the underlying string type
2745         via the new is8Bit() method. The characters() method will
2746         return a UChar* of the string, materializing a 16 bit copy if the
2747         string is an 8 bit string.  Added two flags, one for 8 bit buffer
2748         and a second for a 16 bit copy for an 8 bit string.
2749
2750         Fixed method name typo (StringHasher::defaultCoverter()).
2751
2752         Over time the goal is to eliminate calls to characters() and
2753         us the character8() and characters16() accessors.
2754
2755         This patch does not include changes that actually create 8 bit
2756         strings. This is the first of at least 8 patches.  Subsequent
2757         patches will be submitted for JIT changes, making the JSC lexer,
2758         parser and literal parser, JavaScript string changes and
2759         then changes in webcore to take advantage of the 8 bit strings.
2760
2761         This change is performance neutral for SunSpider and V8 when
2762         run from the command line with "jsc".
2763
2764         Reviewed by Geoffrey Garen.
2765
2766         * JavaScriptCore.exp:
2767         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def
2768         * interpreter/Interpreter.cpp:
2769         (JSC::Interpreter::callEval):
2770         * parser/SourceProvider.h:
2771         (JSC::UStringSourceProvider::data):
2772         (JSC::UStringSourceProvider::UStringSourceProvider):
2773         * runtime/Identifier.cpp:
2774         (JSC::IdentifierCStringTranslator::hash):
2775         (JSC::IdentifierCStringTranslator::equal):
2776         (JSC::IdentifierCStringTranslator::translate):
2777         (JSC::Identifier::add):
2778         (JSC::Identifier::toUInt32):
2779         * runtime/Identifier.h:
2780         (JSC::Identifier::equal):
2781         (JSC::operator==):
2782         (JSC::operator!=):
2783         * runtime/JSString.cpp:
2784         (JSC::JSString::resolveRope):
2785         (JSC::JSString::resolveRopeSlowCase):
2786         * runtime/RegExp.cpp:
2787         (JSC::RegExp::match):
2788         * runtime/StringPrototype.cpp:
2789         (JSC::jsSpliceSubstringsWithSeparators):
2790         * runtime/UString.cpp:
2791         (JSC::UString::UString):
2792         (JSC::equalSlowCase):
2793         (JSC::UString::utf8):
2794         * runtime/UString.h:
2795         (JSC::UString::characters):
2796         (JSC::UString::characters8):
2797         (JSC::UString::characters16):
2798         (JSC::UString::is8Bit):
2799         (JSC::UString::operator[]):
2800         (JSC::UString::find):
2801         (JSC::operator==):
2802         * wtf/StringHasher.h:
2803         (WTF::StringHasher::computeHash):
2804         (WTF::StringHasher::defaultConverter):
2805         * wtf/text/AtomicString.cpp:
2806         (WTF::CStringTranslator::hash):
2807         (WTF::CStringTranslator::equal):
2808         (WTF::CStringTranslator::translate):
2809         (WTF::AtomicString::add):
2810         * wtf/text/AtomicString.h:
2811         (WTF::AtomicString::AtomicString):
2812         (WTF::AtomicString::contains):
2813         (WTF::AtomicString::find):
2814         (WTF::AtomicString::add):
2815         (WTF::operator==):
2816         (WTF::operator!=):
2817         (WTF::equalIgnoringCase):
2818         * wtf/text/StringConcatenate.h:
2819         * wtf/text/StringHash.h:
2820         (WTF::StringHash::equal):
2821         (WTF::CaseFoldingHash::hash):
2822         * wtf/text/StringImpl.cpp:
2823         (WTF::StringImpl::~StringImpl):
2824         (WTF::StringImpl::createUninitialized):
2825         (WTF::StringImpl::create):
2826         (WTF::StringImpl::getData16SlowCase):
2827         (WTF::StringImpl::containsOnlyWhitespace):
2828         (WTF::StringImpl::substring):
2829         (WTF::StringImpl::characterStartingAt):
2830         (WTF::StringImpl::lower):
2831         (WTF::StringImpl::upper):
2832         (WTF::StringImpl::fill):
2833         (WTF::StringImpl::foldCase):
2834         (WTF::StringImpl::stripMatchedCharacters):
2835         (WTF::StringImpl::removeCharacters):
2836         (WTF::StringImpl::simplifyMatchedCharactersToSpace):
2837         (WTF::StringImpl::toIntStrict):
2838         (WTF::StringImpl::toUIntStrict):
2839         (WTF::StringImpl::toInt64Strict):
2840         (WTF::StringImpl::toUInt64Strict):
2841         (WTF::StringImpl::toIntPtrStrict):
2842         (WTF::StringImpl::toInt):
2843         (WTF::StringImpl::toUInt):
2844         (WTF::StringImpl::toInt64):
2845         (WTF::StringImpl::toUInt64):
2846         (WTF::StringImpl::toIntPtr):
2847         (WTF::StringImpl::toDouble):
2848         (WTF::StringImpl::toFloat):
2849         (WTF::equal):
2850         (WTF::equalIgnoringCase):
2851         (WTF::StringImpl::find):
2852         (WTF::StringImpl::findIgnoringCase):
2853         (WTF::StringImpl::reverseFind):
2854         (WTF::StringImpl::replace):
2855         (WTF::StringImpl::defaultWritingDirection):
2856         (WTF::StringImpl::adopt):
2857         (WTF::StringImpl::createWithTerminatingNullCharacter):
2858         * wtf/text/StringImpl.h:
2859         (WTF::StringImpl::StringImpl):
2860         (WTF::StringImpl::create):
2861         (WTF::StringImpl::create8):
2862         (WTF::StringImpl::tryCreateUninitialized):
2863         (WTF::StringImpl::flagsOffset):
2864         (WTF::StringImpl::flagIs8Bit):
2865         (WTF::StringImpl::dataOffset):
2866         (WTF::StringImpl::is8Bit):
2867         (WTF::StringImpl::characters8):
2868         (WTF::StringImpl::characters16):
2869         (WTF::StringImpl::characters):
2870         (WTF::StringImpl::has16BitShadow):
2871         (WTF::StringImpl::setHash):
2872         (WTF::StringImpl::hash):
2873         (WTF::StringImpl::copyChars):
2874         (WTF::StringImpl::operator[]):
2875         (WTF::StringImpl::find):
2876         (WTF::StringImpl::findIgnoringCase):
2877         (WTF::equal):
2878         (WTF::equalIgnoringCase):
2879         (WTF::StringImpl::isolatedCopy):
2880         * wtf/text/WTFString.cpp:
2881         (WTF::String::String):
2882         (WTF::String::append):
2883         (WTF::String::format):
2884         (WTF::String::fromUTF8):
2885         (WTF::String::fromUTF8WithLatin1Fallback):
2886         * wtf/text/WTFString.h:
2887         (WTF::String::find):
2888         (WTF::String::findIgnoringCase):
2889         (WTF::String::contains):
2890         (WTF::String::append):
2891         (WTF::String::fromUTF8):
2892         (WTF::String::fromUTF8WithLatin1Fallback):
2893         (WTF::operator==):
2894         (WTF::operator!=):
2895         (WTF::equalIgnoringCase):
2896         * wtf/unicode/Unicode.h:
2897         * yarr/YarrJIT.cpp:
2898         (JSC::Yarr::execute):
2899         * yarr/YarrJIT.h:
2900         (JSC::Yarr::YarrCodeBlock::execute):
2901         * yarr/YarrParser.h:
2902         (JSC::Yarr::Parser::Parser):
2903
2904 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
2905
2906         Fixing windows build
2907
2908         Unreviewed build fix
2909
2910         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2911
2912 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
2913
2914         Add ability to check for presence of static members at compile time
2915         https://bugs.webkit.org/show_bug.cgi?id=70986
2916
2917         Reviewed by Geoffrey Garen.
2918
2919         Added new CREATE_MEMBER_CHECKER macro to instantiate the template and the 
2920         HAS_MEMBER_NAMED macro to use that template to check if the specified class 
2921         does indeed have a method with that name.  This mechanism is not currently 
2922         used anywhere, but will be in the future when adding virtual methods from 
2923         JSObject to the MethodTable.
2924
2925         * runtime/ClassInfo.h:
2926
2927 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
2928
2929         De-virtualize JSCell::toThisObject
2930         https://bugs.webkit.org/show_bug.cgi?id=70958
2931
2932         Reviewed by Geoffrey Garen.
2933
2934         Converted all instances of toThisObject to static functions, 
2935         added toThisObject to the MethodTable, and replaced all call sites
2936         with a corresponding lookup in the MethodTable.
2937
2938         * API/JSContextRef.cpp:
2939         * JavaScriptCore.exp:
2940         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2941         * runtime/ClassInfo.h:
2942         * runtime/JSActivation.cpp:
2943         (JSC::JSActivation::toThisObject):
2944         * runtime/JSActivation.h:
2945         * runtime/JSCell.cpp:
2946         (JSC::JSCell::toThisObject):
2947         * runtime/JSCell.h:
2948         * runtime/JSObject.cpp:
2949         (JSC::JSObject::put):
2950         (JSC::JSObject::toThisObject):
2951         * runtime/JSObject.h:
2952         (JSC::JSValue::toThisObject):
2953         * runtime/JSStaticScopeObject.cpp:
2954         (JSC::JSStaticScopeObject::toThisObject):
2955         * runtime/JSStaticScopeObject.h:
2956         * runtime/JSString.cpp:
2957         (JSC::JSString::toThisObject):
2958         * runtime/JSString.h:
2959         * runtime/StrictEvalActivation.cpp:
2960         (JSC::StrictEvalActivation::toThisObject):
2961         * runtime/StrictEvalActivation.h:
2962
2963 2011-10-27  Yuqiang Xian  <yuqiang.xian@intel.com>
2964
2965         Fix a small bug in callOperation after r98431
2966         https://bugs.webkit.org/show_bug.cgi?id=70984
2967
2968         Reviewed by Geoffrey Garen.
2969
2970         TrustedImmPtr is not expecting "int" type parameters.
2971
2972         * dfg/DFGJITCodeGenerator.h:
2973         (JSC::DFG::callOperation):
2974
2975 2011-10-26  Oliver Hunt  <oliver@apple.com>
2976
2977         Restore structure-clearing behaviour of allocateCell<>
2978         https://bugs.webkit.org/show_bug.cgi?id=70976
2979
2980         Reviewed by Geoffrey Garen.
2981
2982         This restores the logic that allows the markstack to filter
2983         live objects that have not yet been initialised.
2984
2985         * runtime/JSCell.h:
2986         (JSC::JSCell::clearStructure):
2987            Validation-safe method to clear a cell's structure.
2988         (JSC::allocateCell):
2989            Call the above method.
2990         * runtime/Structure.h:
2991         (JSC::MarkStack::internalAppend):
2992            Don't visit cells that haven't been initialised.
2993
2994 2011-10-26  Filip Pizlo  <fpizlo@apple.com>
2995
2996         REGRESSION (r97030): Cannot log in to progressive.com
2997         https://bugs.webkit.org/show_bug.cgi?id=70094
2998
2999         Reviewed by Oliver Hunt.
3000
3001         * dfg/DFGByteCodeParser.cpp:
3002         (JSC::DFG::ByteCodeParser::handleCall):
3003
3004 2011-10-26  Mark Hahnenberg  <mhahnenberg@apple.com>
3005
3006         Remove getOwnPropertySlotVirtual
3007         https://bugs.webkit.org/show_bug.cgi?id=70741
3008
3009         Reviewed by Geoffrey Garen.
3010
3011         Removed all declarations and definitions of getOwnPropertySlotVirtual.
3012         Also replaced all call sites to getOwnPropertyVirtualVirtual with a 
3013         corresponding lookup in the MethodTable.
3014
3015         * API/JSCallbackObject.h:
3016         * API/JSCallbackObjectFunctions.h:
3017         (JSC::::getOwnPropertyDescriptor):
3018         * JavaScriptCore.exp:
3019         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3020         * debugger/DebuggerActivation.cpp:
3021         (JSC::DebuggerActivation::getOwnPropertySlot):
3022         * debugger/DebuggerActivation.h:
3023         * runtime/Arguments.cpp:
3024         * runtime/Arguments.h:
3025         * runtime/ArrayConstructor.cpp:
3026         * runtime/ArrayConstructor.h:
3027         * runtime/ArrayPrototype.cpp:
3028         * runtime/ArrayPrototype.h:
3029         * runtime/BooleanPrototype.cpp:
3030         * runtime/BooleanPrototype.h:
3031         * runtime/DateConstructor.cpp:
3032         * runtime/DateConstructor.h:
3033         * runtime/DatePrototype.cpp:
3034         * runtime/DatePrototype.h:
3035         (JSC::DatePrototype::create):
3036         * runtime/ErrorPrototype.cpp:
3037         * runtime/ErrorPrototype.h:
3038         * runtime/JSActivation.cpp:
3039         * runtime/JSActivation.h:
3040         * runtime/JSArray.cpp:
3041         (JSC::JSArray::getOwnPropertySlotByIndex):
3042         * runtime/JSArray.h:
3043         * runtime/JSByteArray.cpp:
3044         * runtime/JSByteArray.h:
3045         * runtime/JSCell.cpp:
3046         * runtime/JSCell.h:
3047         * runtime/JSFunction.cpp:
3048         (JSC::JSFunction::getOwnPropertyDescriptor):
3049         (JSC::JSFunction::getOwnPropertyNames):
3050         (JSC::JSFunction::put):
3051         * runtime/JSFunction.h:
3052         * runtime/JSGlobalObject.cpp:
3053         * runtime/JSGlobalObject.h:
3054         * runtime/JSNotAnObject.cpp:
3055         * runtime/JSNotAnObject.h:
3056         * runtime/JSONObject.cpp:
3057         (JSC::Stringifier::Holder::appendNextProperty):
3058         (JSC::Walker::walk):
3059         * runtime/JSONObject.h:
3060         * runtime/JSObject.cpp:
3061         (JSC::JSObject::getOwnPropertySlotByIndex):
3062         (JSC::JSObject::hasOwnProperty):
3063         * runtime/JSObject.h:
3064         (JSC::JSCell::fastGetOwnPropertySlot):
3065         (JSC::JSObject::getPropertySlot):
3066         (JSC::JSValue::get):
3067         * runtime/JSStaticScopeObject.cpp:
3068         * runtime/JSStaticScopeObject.h:
3069         * runtime/JSString.cpp:
3070         (JSC::JSString::getOwnPropertySlot):
3071         * runtime/JSString.h:
3072         * runtime/MathObject.cpp:
3073         * runtime/MathObject.h:
3074         (JSC::MathObject::create):
3075         * runtime/NumberConstructor.cpp:
3076         * runtime/NumberConstructor.h:
3077         * runtime/NumberPrototype.cpp:
3078         * runtime/NumberPrototype.h:
3079         * runtime/ObjectConstructor.cpp:
3080         * runtime/ObjectConstructor.h:
3081         * runtime/ObjectPrototype.cpp:
3082         * runtime/ObjectPrototype.h:
3083         * runtime/RegExpConstructor.cpp:
3084         * runtime/RegExpConstructor.h:
3085         * runtime/RegExpMatchesArray.h:
3086         (JSC::RegExpMatchesArray::createStructure):
3087         * runtime/RegExpObject.cpp:
3088         * runtime/RegExpObject.h:
3089         * runtime/RegExpPrototype.cpp:
3090         * runtime/RegExpPrototype.h:
3091         * runtime/StringConstructor.cpp:
3092         * runtime/StringConstructor.h:
3093         * runtime/StringObject.cpp:
3094         * runtime/StringObject.h:
3095         * runtime/StringPrototype.cpp:
3096         * runtime/StringPrototype.h:
3097
3098 2011-10-26  Alejandro G. Castro  <alex@igalia.com>
3099
3100         [GTK] [WK2] Add WebKit2 distcheck support
3101         https://bugs.webkit.org/show_bug.cgi?id=70933
3102
3103         Reviewed by Martin Robinson.
3104
3105         * GNUmakefile.list.am: Add MemoryStatistics.h to the sources list.
3106
3107 2011-10-26  Michael Saboff  <msaboff@apple.com>
3108
3109         Increase StringImpl Flag Bits for 8 bit Strings
3110         https://bugs.webkit.org/show_bug.cgi?id=70937
3111
3112         Increased the number of bits used for flags in StringImpl
3113         from 6 to 8 bits. This frees up 2 flag bits that will be
3114         used for 8-bit string support. Updated hash methods accordingly.
3115         Changed hash value masking from the low bits to the high
3116         bits.
3117
3118         Reviewed by Darin Adler.
3119
3120         * create_hash_table:
3121         * wtf/StringHasher.h:
3122         (WTF::StringHasher::hash):
3123         * wtf/text/StringImpl.h:
3124
3125 2011-10-26  Dan Bernstein  <mitz@apple.com>
3126
3127         Build fix.
3128
3129         Reverted r98488, which caused the scripts’ status messages to be included in the generated
3130         files.
3131
3132         * create_hash_table:
3133         * create_jit_stubs:
3134
3135 2011-10-26  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
3136
3137         Don't print regular output to STDERR when generating hashtables and JIT stubs
3138
3139         Reviewed by Simon Hausmann.
3140
3141         * create_hash_table:
3142         * create_jit_stubs:
3143
3144 2011-10-25  Gavin Barraclough  <barraclough@apple.com>
3145
3146         Split DFGJITCodeGenerator::callOperation methods
3147         https://bugs.webkit.org/show_bug.cgi?id=70870
3148
3149         Reviewed by Filip Pizlo.
3150
3151         The DFGJITCodeGenerator currently contains two sets of callOperation methods.
3152         One set works with the JSVALUE64 value representation and passes arguments in
3153         registers (suitable for use on x86-64), and one set works with the JSVALUE32_64
3154         value representation and passes arguments in memory  (suitable for use on x86).
3155         By refactoring out the representation and calling convention specific aspects
3156         of the code we can also configure the DFG JIT to operator on platforms that use
3157         the JSVALUE32_64 value representation but pass arguments in registers.
3158
3159         On platforms supported by the JIT, the payload precedes the tag of a value in
3160         argument/result ordering, as such, in order to make the setupResults method
3161         generally applicable to return the results of a function that are returned in
3162         two registers, the ordering of arguments to this function has been reversed -
3163         as is the ordering of augments passed to setupArguments methods, with respect
3164         to the ordering with which they are passed in to callOperation.
3165         This inconsistency will be resolved in a later change when we combine the pairs
3166         of arguments passed into callOperation, such that the function signatures can
3167         be made consistent across the two value representations (the callOperation
3168         methods will be passed a reference to a struct representing the JSValue
3169         temporary, this will consist of two gprs on 32_64 and one on 64).
3170
3171         * dfg/DFGJITCodeGenerator.h:
3172         (JSC::DFG::resetCallArguments):
3173         (JSC::DFG::addCallArgument):
3174             - moved, removed tag,payload version of this method.
3175         (JSC::DFG::setupArguments):
3176         (JSC::DFG::setupArgumentsExecState):
3177         (JSC::DFG::setupArgumentsWithExecState):
3178             - Calling convention specific portion of callOperation refactored out into these methods.
3179         (JSC::DFG::callOperation):
3180             - updated these methods to use setupArguments* methods.
3181         (JSC::DFG::setupResults):
3182             - setupResults is now passed payload,tag.
3183         (JSC::DFG::appendCallWithExceptionCheckSetResult):
3184             - Added fpr versions of this function.
3185         (JSC::DFG::appendCallSetResult):
3186             - Added versions of this function without exception check.
3187         * dfg/DFGJITCodeGenerator32_64.cpp:
3188         (JSC::DFG::JITCodeGenerator::emitCall):
3189             - setupResults is now passed payload,tag.
3190
3191 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
3192
3193         Remove deletePropertyVirtual
3194         https://bugs.webkit.org/show_bug.cgi?id=70738
3195
3196         Reviewed by Geoffrey Garen.
3197
3198         Removed all declarations and definitions of deletePropertyVirtual.
3199         Also replaced all call sites to deletePropertyVirtual with a 
3200         corresponding lookup in the MethodTable.
3201
3202         * API/JSCallbackObject.h:
3203         * API/JSCallbackObjectFunctions.h:
3204         (JSC::::deletePropertyByIndex):
3205         * API/JSObjectRef.cpp:
3206         (JSObjectDeleteProperty):
3207         * JavaScriptCore.exp:
3208         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3209         * debugger/DebuggerActivation.cpp:
3210         (JSC::DebuggerActivation::deleteProperty):
3211         * debugger/DebuggerActivation.h:
3212         * interpreter/Interpreter.cpp:
3213         (JSC::Interpreter::privateExecute):
3214         * jit/JITStubs.cpp:
3215         (JSC::DEFINE_STUB_FUNCTION):
3216         * runtime/Arguments.cpp:
3217         * runtime/Arguments.h:
3218         * runtime/ArrayPrototype.cpp:
3219         (JSC::arrayProtoFuncPop):
3220         (JSC::arrayProtoFuncReverse):
3221         (JSC::arrayProtoFuncShift):
3222         (JSC::arrayProtoFuncSplice):
3223         (JSC::arrayProtoFuncUnShift):
3224         * runtime/JSActivation.cpp:
3225         * runtime/JSActivation.h:
3226         * runtime/JSArray.cpp:
3227         (JSC::JSArray::deleteProperty):
3228         (JSC::JSArray::deletePropertyByIndex):
3229         * runtime/JSArray.h:
3230         * runtime/JSCell.cpp:
3231         (JSC::JSCell::deleteProperty):
3232         (JSC::JSCell::deletePropertyByIndex):
3233         * runtime/JSCell.h:
3234         * runtime/JSFunction.cpp:
3235         * runtime/JSFunction.h:
3236         * runtime/JSNotAnObject.cpp:
3237         * runtime/JSNotAnObject.h:
3238         * runtime/JSONObject.cpp:
3239         (JSC::Walker::walk):
3240         * runtime/JSObject.cpp:
3241         (JSC::JSObject::deletePropertyByIndex):
3242         (JSC::JSObject::defineOwnProperty):
3243         * runtime/JSObject.h:
3244         * runtime/JSVariableObject.cpp:
3245         * runtime/JSVariableObject.h:
3246         * runtime/RegExpMatchesArray.h:
3247         * runtime/StrictEvalActivation.cpp:
3248         * runtime/StrictEvalActivation.h:
3249         * runtime/StringObject.cpp:
3250         * runtime/StringObject.h:
3251
3252 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
3253
3254         Remove putVirtual
3255         https://bugs.webkit.org/show_bug.cgi?id=70740
3256
3257         Reviewed by Geoffrey Garen.
3258
3259         Removed all declarations and definitions of putVirtual.
3260         Also replaced all call sites to putVirtual with a 
3261         corresponding lookup in the MethodTable.
3262
3263         * API/JSCallbackObject.h:
3264         * API/JSCallbackObjectFunctions.h:
3265         * API/JSObjectRef.cpp:
3266         (JSObjectSetProperty):
3267         (JSObjectSetPropertyAtIndex):
3268         * JavaScriptCore.exp:
3269         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3270         * debugger/DebuggerActivation.cpp:
3271         (JSC::DebuggerActivation::put):
3272         * debugger/DebuggerActivation.h:
3273         * dfg/DFGOperations.cpp:
3274         * interpreter/Interpreter.cpp:
3275         (JSC::Interpreter::execute):
3276         (JSC::Interpreter::privateExecute):
3277         * jsc.cpp:
3278         (GlobalObject::finishCreation):
3279         * runtime/Arguments.cpp:
3280         * runtime/Arguments.h:
3281         * runtime/ArrayPrototype.cpp:
3282         (JSC::putProperty):
3283         (JSC::arrayProtoFuncConcat):
3284         (JSC::arrayProtoFuncPush):
3285         (JSC::arrayProtoFuncReverse):
3286         (JSC::arrayProtoFuncShift):
3287         (JSC::arrayProtoFuncSlice):
3288         (JSC::arrayProtoFuncSort):
3289         (JSC::arrayProtoFuncSplice):
3290         (JSC::arrayProtoFuncUnShift):
3291         (JSC::arrayProtoFuncFilter):
3292         (JSC::arrayProtoFuncMap):
3293         * runtime/JSActivation.cpp:
3294         * runtime/JSActivation.h:
3295         * runtime/JSArray.cpp:
3296         (JSC::JSArray::putSlowCase):
3297         (JSC::JSArray::push):
3298         (JSC::JSArray::shiftCount):
3299         (JSC::JSArray::unshiftCount):
3300         * runtime/JSArray.h:
3301         * runtime/JSByteArray.cpp:
3302         * runtime/JSByteArray.h:
3303         * runtime/JSCell.cpp:
3304         (JSC::JSCell::put):
3305         (JSC::JSCell::putByIndex):
3306         * runtime/JSCell.h:
3307         * runtime/JSFunction.cpp:
3308         * runtime/JSFunction.h:
3309         * runtime/JSGlobalObject.cpp:
3310         * runtime/JSGlobalObject.h:
3311         * runtime/JSNotAnObject.cpp:
3312         * runtime/JSNotAnObject.h:
3313         * runtime/JSONObject.cpp:
3314         (JSC::Walker::walk):
3315         * runtime/JSObject.cpp:
3316         (JSC::JSObject::putByIndex):
3317         (JSC::JSObject::defineOwnProperty):
3318         * runtime/JSObject.h:
3319         (JSC::JSValue::put):
3320         * runtime/JSStaticScopeObject.cpp:
3321         * runtime/JSStaticScopeObject.h:
3322         * runtime/ObjectPrototype.cpp:
3323         * runtime/ObjectPrototype.h:
3324         * runtime/RegExpConstructor.cpp:
3325         * runtime/RegExpConstructor.h:
3326         * runtime/RegExpMatchesArray.h:
3327         * runtime/RegExpObject.cpp:
3328         * runtime/RegExpObject.h:
3329         * runtime/StringObject.cpp:
3330         * runtime/StringObject.h:
3331         * runtime/StringPrototype.cpp:
3332         (JSC::stringProtoFuncSplit):
3333
3334 2011-10-25  Gavin Barraclough  <barraclough@apple.com>
3335
3336         Separate out function linking & exception check data structures.
3337         https://bugs.webkit.org/show_bug.cgi?id=70858
3338
3339         Reviewed by Oliver Hunt.
3340
3341         This will make it easier to refactor the callOperation methods to spilt the value
3342         representation specific handling from the cpu/calling-convention implementation.
3343
3344         * dfg/DFGJITCodeGenerator.h:
3345         (JSC::DFG::appendCallWithExceptionCheck):
3346         * dfg/DFGJITCodeGenerator32_64.cpp:
3347         (JSC::DFG::JITCodeGenerator::emitCall):
3348         * dfg/DFGJITCodeGenerator64.cpp:
3349         (JSC::DFG::JITCodeGenerator::emitCall):
3350         * dfg/DFGJITCompiler.cpp:
3351         (JSC::DFG::JITCompiler::compileBody):
3352         (JSC::DFG::JITCompiler::link):
3353         * dfg/DFGJITCompiler.h:
3354         (JSC::DFG::CallLinkRecord::CallLinkRecord):
3355         (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
3356         (JSC::DFG::JITCompiler::JITCompiler):
3357         (JSC::DFG::JITCompiler::notifyCall):
3358         (JSC::DFG::JITCompiler::appendCall):
3359         (JSC::DFG::JITCompiler::addExceptionCheck):
3360         (JSC::DFG::JITCompiler::addFastExceptionCheck):
3361         * dfg/DFGJITCompiler32_64.cpp:
3362         (JSC::DFG::JITCompiler::compileBody):
3363         (JSC::DFG::JITCompiler::link):
3364
3365 2011-10-25  Filip Pizlo  <fpizlo@apple.com>
3366
3367         Tiered compilation may introduce dangling pointers in constant buffers
3368         https://bugs.webkit.org/show_bug.cgi?id=70854
3369
3370         Reviewed by Oliver Hunt.
3371         
3372         Tiered compilation now copies constant buffers, which fixes the regression in
3373         https://bugs.webkit.org/show_bug.cgi?id=70246. No new tests because this
3374         regression relies on a subtle interleaving of optimized compilation and garbage
3375         collection, and cannot be reproduced in a simple test.
3376         
3377         This also adds some new debug support, which was used to fix this bug and is
3378         likely to be useful in the future.
3379
3380         * bytecode/CodeBlock.cpp:
3381         (JSC::CodeBlock::copyDataFrom):
3382         (JSC::CodeBlock::usesOpcode):
3383         * bytecode/CodeBlock.h:
3384         * dfg/DFGGraph.cpp:
3385         (JSC::DFG::Graph::dump):
3386
3387 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
3388
3389         Fixing Windows build after r98367
3390
3391         Unreviewed build fix
3392
3393         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3394
3395 2011-10-25  Yuqiang Xian  <yuqiang.xian@intel.com>
3396
3397         Add missing DFG file entries to the make lists for GTK and Qt ports
3398         https://bugs.webkit.org/show_bug.cgi?id=70806
3399
3400         Reviewed by Darin Adler.
3401
3402         * GNUmakefile.list.am:
3403         * JavaScriptCore.pro:
3404
3405 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
3406
3407         Add getOwnPropertySlot to MethodTable
3408         https://bugs.webkit.org/show_bug.cgi?id=69807
3409
3410         Reviewed by Oliver Hunt.
3411
3412         * JavaScriptCore.exp:
3413         * runtime/ClassInfo.h: Added both versions of getOwnPropertySlot to the MethodTable.
3414         * runtime/JSCell.h: Changed getOwnPropertySlot to be protected so other classes can 
3415         reference it in their MethodTables.
3416
3417 2011-10-25  Oliver Hunt  <oliver@apple.com>
3418
3419         Need to support marking of multiple nested codeblocks when compiling
3420         https://bugs.webkit.org/show_bug.cgi?id=70832
3421
3422         Reviewed by Gavin Barraclough.
3423
3424         When inlining a function we end up with multiple codeblocks being
3425         compiled at the same time, so we need to support a list of live
3426         codeblocks.
3427
3428         * heap/Heap.cpp:
3429         (JSC::Heap::markRoots):
3430         * runtime/JSGlobalData.cpp:
3431         (JSC::JSGlobalData::JSGlobalData):
3432         * runtime/JSGlobalData.h:
3433         (JSC::JSGlobalData::startedCompiling):
3434         (JSC::JSGlobalData::finishedCompiling):
3435
3436 2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
3437
3438         DFG JIT 32_64 - fillInteger should accept DataFormatJSInteger
3439         https://bugs.webkit.org/show_bug.cgi?id=70798
3440
3441         Reviewed by Filip Pizlo.
3442
3443         When filling an integer for a known integer node (not speculated), it
3444         should accept DataFormatJSInteger as well.
3445
3446         * dfg/DFGJITCodeGenerator32_64.cpp:
3447         (JSC::DFG::JITCodeGenerator::fillInteger):
3448
3449 2011-10-24  Geoffrey Garen  <ggaren@apple.com>
3450
3451         Build fix: removed some cases of threadsafeCopy() that I missed in
3452         my previous patch.
3453
3454         * JavaScriptCore.order: