[chromium] Unreviewed, update .gitignore to handle VS2010 files.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-07-03  Tony Chang  <tony@chromium.org>
2
3         [chromium] Unreviewed, update .gitignore to handle VS2010 files.
4
5         * JavaScriptCore.gyp/.gitignore:
6
7 2012-07-03  Mark Lam  <mark.lam@apple.com>
8
9         Add ability to symbolically set and dump JSC VM options.
10         See comments in runtime/Options.h for details on how the options work.
11         https://bugs.webkit.org/show_bug.cgi?id=90420
12
13         Reviewed by Filip Pizlo.
14
15         * assembler/LinkBuffer.cpp:
16         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
17         * assembler/LinkBuffer.h:
18         (JSC):
19         * bytecode/CodeBlock.cpp:
20         (JSC::CodeBlock::shouldOptimizeNow):
21         * bytecode/CodeBlock.h:
22         (JSC::CodeBlock::likelyToTakeSlowCase):
23         (JSC::CodeBlock::couldTakeSlowCase):
24         (JSC::CodeBlock::likelyToTakeSpecialFastCase):
25         (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
26         (JSC::CodeBlock::likelyToTakeAnySlowCase):
27         (JSC::CodeBlock::jitAfterWarmUp):
28         (JSC::CodeBlock::jitSoon):
29         (JSC::CodeBlock::reoptimizationRetryCounter):
30         (JSC::CodeBlock::countReoptimization):
31         (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
32         (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
33         (JSC::CodeBlock::optimizeSoon):
34         (JSC::CodeBlock::exitCountThresholdForReoptimization):
35         (JSC::CodeBlock::exitCountThresholdForReoptimizationFromLoop):
36         * bytecode/ExecutionCounter.h:
37         (JSC::ExecutionCounter::clippedThreshold):
38         * dfg/DFGByteCodeParser.cpp:
39         (JSC::DFG::ByteCodeParser::handleInlining):
40         * dfg/DFGCapabilities.h:
41         (JSC::DFG::mightCompileEval):
42         (JSC::DFG::mightCompileProgram):
43         (JSC::DFG::mightCompileFunctionForCall):
44         (JSC::DFG::mightCompileFunctionForConstruct):
45         (JSC::DFG::mightInlineFunctionForCall):
46         (JSC::DFG::mightInlineFunctionForConstruct):
47         * dfg/DFGCommon.h:
48         (JSC::DFG::shouldShowDisassembly):
49         * dfg/DFGDriver.cpp:
50         (JSC::DFG::compile):
51         * dfg/DFGOSRExit.cpp:
52         (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
53         * dfg/DFGVariableAccessData.h:
54         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
55         * heap/MarkStack.cpp:
56         (JSC::MarkStackSegmentAllocator::allocate):
57         (JSC::MarkStackSegmentAllocator::shrinkReserve):
58         (JSC::MarkStackArray::MarkStackArray):
59         (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
60         (JSC::SlotVisitor::donateKnownParallel):
61         (JSC::SlotVisitor::drain):
62         (JSC::SlotVisitor::drainFromShared):
63         * heap/MarkStack.h:
64         (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
65         (JSC::MarkStack::addOpaqueRoot):
66         * heap/SlotVisitor.h:
67         (JSC::SlotVisitor::donate):
68         * jit/JIT.cpp:
69         (JSC::JIT::emitOptimizationCheck):
70         * jsc.cpp:
71         (printUsageStatement):
72         (parseArguments):
73         * runtime/InitializeThreading.cpp:
74         (JSC::initializeThreadingOnce):
75         * runtime/JSGlobalData.cpp:
76         (JSC::enableAssembler):
77         * runtime/JSGlobalObject.cpp:
78         (JSC::JSGlobalObject::JSGlobalObject):
79         * runtime/Options.cpp:
80         (JSC):
81         (JSC::overrideOptionWithHeuristic):
82         (JSC::Options::initialize):
83         (JSC::Options::setOption):
84         (JSC::Options::dumpAllOptions):
85         (JSC::Options::dumpOption):
86         * runtime/Options.h:
87         (JSC):
88         (Options):
89         (EntryInfo):
90
91 2012-07-03  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>  Joel Dillon <joel.dillon@codethink.co.uk>
92
93         [Qt][Win] Fix broken QtWebKit5.lib linking
94         https://bugs.webkit.org/show_bug.cgi?id=88321
95
96         Reviewed by Kenneth Rohde Christiansen.
97
98         The goal is to have different ports build systems define STATICALLY_LINKED_WITH_WTF
99         when building JavaScriptCore, if both are packaged in the same DLL, instead
100         of relying on the code to handle this.
101         The effects of BUILDING_* and STATICALLY_LINKED_WITH_* are currently the same
102         except for a check in Source/JavaScriptCore/config.h.
103
104         Keeping the old way for the WX port as requested by the port's contributors.
105         For non-Windows ports there is no difference between IMPORT and EXPORT, no
106         change is needed.
107
108         * API/JSBase.h:
109           JS symbols shouldn't be included by WTF objects anymore. Remove the export when BUILDING_WTF.
110         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
111           Make sure that JavaScriptCore uses import symbols of WTF for the Win port.
112         * runtime/JSExportMacros.h:
113
114 2012-07-02  Filip Pizlo  <fpizlo@apple.com>
115
116         DFG OSR exit value recoveries should be computed lazily
117         https://bugs.webkit.org/show_bug.cgi?id=82155
118
119         Reviewed by Gavin Barraclough.
120         
121         This change aims to reduce one aspect of DFG compile times: the fact
122         that we currently compute the value recoveries for each local and
123         argument on every speculation check. We compile many speculation checks,
124         so this can add up quick. The strategy that this change takes is to
125         have the DFG save just enough information about how the compiler is
126         choosing to represent state, that the DFG::OSRExitCompiler can reify
127         the value recoveries lazily.
128         
129         This appears to be an 0.3% SunSpider speed-up and is neutral elsewhere.
130         
131         I also took the opportunity to fix the sampling regions profiler (it
132         was missing an export macro) and to put in more sampling regions in
133         the DFG (which are disabled so long as ENABLE(SAMPLING_REGIONS) is
134         false).
135         
136         * CMakeLists.txt:
137         * GNUmakefile.list.am:
138         * JavaScriptCore.xcodeproj/project.pbxproj:
139         * Target.pri:
140         * bytecode/CodeBlock.cpp:
141         (JSC):
142         (JSC::CodeBlock::shrinkDFGDataToFit):
143         * bytecode/CodeBlock.h:
144         (CodeBlock):
145         (JSC::CodeBlock::minifiedDFG):
146         (JSC::CodeBlock::variableEventStream):
147         (DFGData):
148         * bytecode/Operands.h:
149         (JSC::Operands::hasOperand):
150         (Operands):
151         (JSC::Operands::size):
152         (JSC::Operands::at):
153         (JSC::Operands::operator[]):
154         (JSC::Operands::isArgument):
155         (JSC::Operands::isVariable):
156         (JSC::Operands::argumentForIndex):
157         (JSC::Operands::variableForIndex):
158         (JSC::Operands::operandForIndex):
159         (JSC):
160         (JSC::dumpOperands):
161         * bytecode/SamplingTool.h:
162         (SamplingRegion):
163         * dfg/DFGByteCodeParser.cpp:
164         (JSC::DFG::parse):
165         * dfg/DFGCFAPhase.cpp:
166         (JSC::DFG::performCFA):
167         * dfg/DFGCSEPhase.cpp:
168         (JSC::DFG::performCSE):
169         * dfg/DFGFixupPhase.cpp:
170         (JSC::DFG::performFixup):
171         * dfg/DFGGenerationInfo.h:
172         (JSC::DFG::GenerationInfo::GenerationInfo):
173         (JSC::DFG::GenerationInfo::initConstant):
174         (JSC::DFG::GenerationInfo::initInteger):
175         (JSC::DFG::GenerationInfo::initJSValue):
176         (JSC::DFG::GenerationInfo::initCell):
177         (JSC::DFG::GenerationInfo::initBoolean):
178         (JSC::DFG::GenerationInfo::initDouble):
179         (JSC::DFG::GenerationInfo::initStorage):
180         (GenerationInfo):
181         (JSC::DFG::GenerationInfo::noticeOSRBirth):
182         (JSC::DFG::GenerationInfo::use):
183         (JSC::DFG::GenerationInfo::spill):
184         (JSC::DFG::GenerationInfo::setSpilled):
185         (JSC::DFG::GenerationInfo::fillJSValue):
186         (JSC::DFG::GenerationInfo::fillCell):
187         (JSC::DFG::GenerationInfo::fillInteger):
188         (JSC::DFG::GenerationInfo::fillBoolean):
189         (JSC::DFG::GenerationInfo::fillDouble):
190         (JSC::DFG::GenerationInfo::fillStorage):
191         (JSC::DFG::GenerationInfo::appendFill):
192         (JSC::DFG::GenerationInfo::appendSpill):
193         * dfg/DFGJITCompiler.cpp:
194         (JSC::DFG::JITCompiler::link):
195         (JSC::DFG::JITCompiler::compile):
196         (JSC::DFG::JITCompiler::compileFunction):
197         * dfg/DFGMinifiedGraph.h: Added.
198         (DFG):
199         (MinifiedGraph):
200         (JSC::DFG::MinifiedGraph::MinifiedGraph):
201         (JSC::DFG::MinifiedGraph::at):
202         (JSC::DFG::MinifiedGraph::append):
203         (JSC::DFG::MinifiedGraph::prepareAndShrink):
204         (JSC::DFG::MinifiedGraph::setOriginalGraphSize):
205         (JSC::DFG::MinifiedGraph::originalGraphSize):
206         * dfg/DFGMinifiedNode.cpp: Added.
207         (DFG):
208         (JSC::DFG::MinifiedNode::fromNode):
209         * dfg/DFGMinifiedNode.h: Added.
210         (DFG):
211         (JSC::DFG::belongsInMinifiedGraph):
212         (MinifiedNode):
213         (JSC::DFG::MinifiedNode::MinifiedNode):
214         (JSC::DFG::MinifiedNode::index):
215         (JSC::DFG::MinifiedNode::op):
216         (JSC::DFG::MinifiedNode::hasChild1):
217         (JSC::DFG::MinifiedNode::child1):
218         (JSC::DFG::MinifiedNode::hasConstant):
219         (JSC::DFG::MinifiedNode::hasConstantNumber):
220         (JSC::DFG::MinifiedNode::constantNumber):
221         (JSC::DFG::MinifiedNode::hasWeakConstant):
222         (JSC::DFG::MinifiedNode::weakConstant):
223         (JSC::DFG::MinifiedNode::getIndex):
224         (JSC::DFG::MinifiedNode::compareByNodeIndex):
225         (JSC::DFG::MinifiedNode::hasChild):
226         * dfg/DFGNode.h:
227         (Node):
228         * dfg/DFGOSRExit.cpp:
229         (JSC::DFG::OSRExit::OSRExit):
230         * dfg/DFGOSRExit.h:
231         (OSRExit):
232         * dfg/DFGOSRExitCompiler.cpp:
233         * dfg/DFGOSRExitCompiler.h:
234         (OSRExitCompiler):
235         * dfg/DFGOSRExitCompiler32_64.cpp:
236         (JSC::DFG::OSRExitCompiler::compileExit):
237         * dfg/DFGOSRExitCompiler64.cpp:
238         (JSC::DFG::OSRExitCompiler::compileExit):
239         * dfg/DFGPredictionPropagationPhase.cpp:
240         (JSC::DFG::performPredictionPropagation):
241         * dfg/DFGRedundantPhiEliminationPhase.cpp:
242         (JSC::DFG::performRedundantPhiElimination):
243         * dfg/DFGSpeculativeJIT.cpp:
244         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
245         (DFG):
246         (JSC::DFG::SpeculativeJIT::fillStorage):
247         (JSC::DFG::SpeculativeJIT::noticeOSRBirth):
248         (JSC::DFG::SpeculativeJIT::compileMovHint):
249         (JSC::DFG::SpeculativeJIT::compile):
250         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
251         * dfg/DFGSpeculativeJIT.h:
252         (DFG):
253         (JSC::DFG::SpeculativeJIT::use):
254         (SpeculativeJIT):
255         (JSC::DFG::SpeculativeJIT::spill):
256         (JSC::DFG::SpeculativeJIT::speculationCheck):
257         (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
258         (JSC::DFG::SpeculativeJIT::recordSetLocal):
259         * dfg/DFGSpeculativeJIT32_64.cpp:
260         (JSC::DFG::SpeculativeJIT::fillInteger):
261         (JSC::DFG::SpeculativeJIT::fillDouble):
262         (JSC::DFG::SpeculativeJIT::fillJSValue):
263         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
264         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
265         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
266         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
267         (JSC::DFG::SpeculativeJIT::compile):
268         * dfg/DFGSpeculativeJIT64.cpp:
269         (JSC::DFG::SpeculativeJIT::fillInteger):
270         (JSC::DFG::SpeculativeJIT::fillDouble):
271         (JSC::DFG::SpeculativeJIT::fillJSValue):
272         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
273         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
274         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
275         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
276         (JSC::DFG::SpeculativeJIT::compile):
277         * dfg/DFGValueRecoveryOverride.h: Added.
278         (DFG):
279         (ValueRecoveryOverride):
280         (JSC::DFG::ValueRecoveryOverride::ValueRecoveryOverride):
281         * dfg/DFGValueSource.cpp: Added.
282         (DFG):
283         (JSC::DFG::ValueSource::dump):
284         * dfg/DFGValueSource.h: Added.
285         (DFG):
286         (JSC::DFG::dataFormatToValueSourceKind):
287         (JSC::DFG::valueSourceKindToDataFormat):
288         (JSC::DFG::isInRegisterFile):
289         (ValueSource):
290         (JSC::DFG::ValueSource::ValueSource):
291         (JSC::DFG::ValueSource::forPrediction):
292         (JSC::DFG::ValueSource::forDataFormat):
293         (JSC::DFG::ValueSource::isSet):
294         (JSC::DFG::ValueSource::kind):
295         (JSC::DFG::ValueSource::isInRegisterFile):
296         (JSC::DFG::ValueSource::dataFormat):
297         (JSC::DFG::ValueSource::valueRecovery):
298         (JSC::DFG::ValueSource::nodeIndex):
299         (JSC::DFG::ValueSource::nodeIndexFromKind):
300         (JSC::DFG::ValueSource::kindFromNodeIndex):
301         * dfg/DFGVariableEvent.cpp: Added.
302         (DFG):
303         (JSC::DFG::VariableEvent::dump):
304         (JSC::DFG::VariableEvent::dumpFillInfo):
305         (JSC::DFG::VariableEvent::dumpSpillInfo):
306         * dfg/DFGVariableEvent.h: Added.
307         (DFG):
308         (VariableEvent):
309         (JSC::DFG::VariableEvent::VariableEvent):
310         (JSC::DFG::VariableEvent::reset):
311         (JSC::DFG::VariableEvent::fillGPR):
312         (JSC::DFG::VariableEvent::fillPair):
313         (JSC::DFG::VariableEvent::fillFPR):
314         (JSC::DFG::VariableEvent::spill):
315         (JSC::DFG::VariableEvent::death):
316         (JSC::DFG::VariableEvent::setLocal):
317         (JSC::DFG::VariableEvent::movHint):
318         (JSC::DFG::VariableEvent::kind):
319         (JSC::DFG::VariableEvent::nodeIndex):
320         (JSC::DFG::VariableEvent::dataFormat):
321         (JSC::DFG::VariableEvent::gpr):
322         (JSC::DFG::VariableEvent::tagGPR):
323         (JSC::DFG::VariableEvent::payloadGPR):
324         (JSC::DFG::VariableEvent::fpr):
325         (JSC::DFG::VariableEvent::virtualRegister):
326         (JSC::DFG::VariableEvent::operand):
327         (JSC::DFG::VariableEvent::variableRepresentation):
328         * dfg/DFGVariableEventStream.cpp: Added.
329         (DFG):
330         (JSC::DFG::VariableEventStream::logEvent):
331         (MinifiedGenerationInfo):
332         (JSC::DFG::MinifiedGenerationInfo::MinifiedGenerationInfo):
333         (JSC::DFG::MinifiedGenerationInfo::update):
334         (JSC::DFG::VariableEventStream::reconstruct):
335         * dfg/DFGVariableEventStream.h: Added.
336         (DFG):
337         (VariableEventStream):
338         (JSC::DFG::VariableEventStream::appendAndLog):
339         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
340         (JSC::DFG::performVirtualRegisterAllocation):
341
342 2012-07-02  Filip Pizlo  <fpizlo@apple.com>
343
344         DFG::ArgumentsSimplificationPhase should assert that the PhantomArguments nodes it creates are not shouldGenerate()
345         https://bugs.webkit.org/show_bug.cgi?id=90407
346
347         Reviewed by Mark Hahnenberg.
348
349         * dfg/DFGArgumentsSimplificationPhase.cpp:
350         (JSC::DFG::ArgumentsSimplificationPhase::run):
351
352 2012-07-02  Gavin Barraclough  <barraclough@apple.com>
353
354         Array.prototype.pop should throw if property is not configurable
355         https://bugs.webkit.org/show_bug.cgi?id=75788
356
357         Rubber Stamped by Oliver Hunt.
358
359         No real bug here any more, but the error we throw sometimes has a misleading message.
360  
361         * runtime/JSArray.cpp:
362         (JSC::JSArray::pop):
363
364 2012-06-29  Filip Pizlo  <fpizlo@apple.com>
365
366         JSObject wastes too much memory on unused property slots
367         https://bugs.webkit.org/show_bug.cgi?id=90255
368
369         Reviewed by Mark Hahnenberg.
370         
371         Rolling back in after applying a simple fix: it appears that
372         JSObject::setStructureAndReallocateStorageIfNecessary() was allocating more
373         property storage than necessary. Fixing this appears to resolve the crash.
374         
375         This does a few things:
376         
377         - JSNonFinalObject no longer has inline property storage.
378         
379         - Initial out-of-line property storage size is 4 slots for JSNonFinalObject,
380           or 2x the inline storage for JSFinalObject.
381         
382         - Property storage is only reallocated if it needs to be. Previously, we
383           would reallocate the property storage on any transition where the original
384           structure said shouldGrowProperyStorage(), but this led to spurious
385           reallocations when doing transitionless property adds and there are
386           deleted property slots available. That in turn led to crashes, because we
387           would switch to out-of-line storage even if the capacity matched the
388           criteria for inline storage.
389         
390         - Inline JSFunction allocation is killed off because we don't have a good
391           way of inlining property storage allocation. This didn't hurt performance.
392           Killing off code is better than fixing it if that code wasn't doing any
393           good.
394         
395         This looks like a 1% progression on V8.
396
397         * interpreter/Interpreter.cpp:
398         (JSC::Interpreter::privateExecute):
399         * jit/JIT.cpp:
400         (JSC::JIT::privateCompileSlowCases):
401         * jit/JIT.h:
402         * jit/JITInlineMethods.h:
403         (JSC::JIT::emitAllocateBasicJSObject):
404         (JSC):
405         * jit/JITOpcodes.cpp:
406         (JSC::JIT::emit_op_new_func):
407         (JSC):
408         (JSC::JIT::emit_op_new_func_exp):
409         * runtime/JSFunction.cpp:
410         (JSC::JSFunction::finishCreation):
411         * runtime/JSObject.h:
412         (JSC::JSObject::isUsingInlineStorage):
413         (JSObject):
414         (JSC::JSObject::finishCreation):
415         (JSC):
416         (JSC::JSNonFinalObject::hasInlineStorage):
417         (JSNonFinalObject):
418         (JSC::JSNonFinalObject::JSNonFinalObject):
419         (JSC::JSNonFinalObject::finishCreation):
420         (JSC::JSFinalObject::hasInlineStorage):
421         (JSC::JSFinalObject::finishCreation):
422         (JSC::JSObject::offsetOfInlineStorage):
423         (JSC::JSObject::setPropertyStorage):
424         (JSC::Structure::inlineStorageCapacity):
425         (JSC::Structure::isUsingInlineStorage):
426         (JSC::JSObject::putDirectInternal):
427         (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
428         (JSC::JSObject::putDirectWithoutTransition):
429         * runtime/Structure.cpp:
430         (JSC::Structure::Structure):
431         (JSC::nextPropertyStorageCapacity):
432         (JSC):
433         (JSC::Structure::growPropertyStorageCapacity):
434         (JSC::Structure::suggestedNewPropertyStorageSize):
435         * runtime/Structure.h:
436         (JSC::Structure::putWillGrowPropertyStorage):
437         (Structure):
438
439 2012-06-29  Filip Pizlo  <fpizlo@apple.com>
440
441         Webkit crashes in DFG on Google Docs when creating a new document
442         https://bugs.webkit.org/show_bug.cgi?id=90209
443
444         Reviewed by Gavin Barraclough.
445         
446         Don't attempt to short-circuit Phantom(GetLocal) if the GetLocal is for a
447         captured variable.
448
449         * dfg/DFGCFGSimplificationPhase.cpp:
450         (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
451
452 2012-06-30  Zan Dobersek  <zandobersek@gmail.com>
453
454         Unreviewed, rolling out r121605.
455         http://trac.webkit.org/changeset/121605
456         https://bugs.webkit.org/show_bug.cgi?id=90336
457
458         Changes caused flaky crashes in sputnik/Unicode tests on Apple
459         WK1 and GTK Linux builders
460
461         * interpreter/Interpreter.cpp:
462         (JSC::Interpreter::privateExecute):
463         * jit/JIT.cpp:
464         (JSC::JIT::privateCompileSlowCases):
465         * jit/JIT.h:
466         * jit/JITInlineMethods.h:
467         (JSC::JIT::emitAllocateBasicJSObject):
468         (JSC::JIT::emitAllocateJSFinalObject):
469         (JSC):
470         (JSC::JIT::emitAllocateJSFunction):
471         * jit/JITOpcodes.cpp:
472         (JSC::JIT::emit_op_new_func):
473         (JSC::JIT::emitSlow_op_new_func):
474         (JSC):
475         (JSC::JIT::emit_op_new_func_exp):
476         (JSC::JIT::emitSlow_op_new_func_exp):
477         * runtime/JSFunction.cpp:
478         (JSC::JSFunction::finishCreation):
479         * runtime/JSObject.h:
480         (JSC::JSObject::isUsingInlineStorage):
481         (JSObject):
482         (JSC::JSObject::finishCreation):
483         (JSC):
484         (JSNonFinalObject):
485         (JSC::JSNonFinalObject::JSNonFinalObject):
486         (JSC::JSNonFinalObject::finishCreation):
487         (JSFinalObject):
488         (JSC::JSFinalObject::finishCreation):
489         (JSC::JSObject::offsetOfInlineStorage):
490         (JSC::JSObject::setPropertyStorage):
491         (JSC::Structure::isUsingInlineStorage):
492         (JSC::JSObject::putDirectInternal):
493         (JSC::JSObject::putDirectWithoutTransition):
494         (JSC::JSObject::transitionTo):
495         * runtime/Structure.cpp:
496         (JSC::Structure::Structure):
497         (JSC):
498         (JSC::Structure::growPropertyStorageCapacity):
499         (JSC::Structure::suggestedNewPropertyStorageSize):
500         * runtime/Structure.h:
501         (JSC::Structure::shouldGrowPropertyStorage):
502         (JSC::Structure::propertyStorageSize):
503
504 2012-06-29  Mark Hahnenberg  <mhahnenberg@apple.com>
505
506         Remove warning about protected values when the Heap is being destroyed
507         https://bugs.webkit.org/show_bug.cgi?id=90302
508
509         Reviewed by Geoffrey Garen.
510
511         Having to do book-keeping about whether values allocated from a certain 
512         VM are or are not protected makes the JSC API much more difficult to use 
513         correctly. Clients should be able to throw an entire VM away and not have 
514         to worry about unprotecting all of the values that they protected earlier.
515
516         * heap/Heap.cpp:
517         (JSC::Heap::lastChanceToFinalize):
518
519 2012-06-29  Filip Pizlo  <fpizlo@apple.com>
520
521         JSObject wastes too much memory on unused property slots
522         https://bugs.webkit.org/show_bug.cgi?id=90255
523
524         Reviewed by Mark Hahnenberg.
525         
526         This does a few things:
527         
528         - JSNonFinalObject no longer has inline property storage.
529         
530         - Initial out-of-line property storage size is 4 slots for JSNonFinalObject,
531           or 2x the inline storage for JSFinalObject.
532         
533         - Property storage is only reallocated if it needs to be. Previously, we
534           would reallocate the property storage on any transition where the original
535           structure said shouldGrowProperyStorage(), but this led to spurious
536           reallocations when doing transitionless property adds and there are
537           deleted property slots available. That in turn led to crashes, because we
538           would switch to out-of-line storage even if the capacity matched the
539           criteria for inline storage.
540         
541         - Inline JSFunction allocation is killed off because we don't have a good
542           way of inlining property storage allocation. This didn't hurt performance.
543           Killing off code is better than fixing it if that code wasn't doing any
544           good.
545         
546         This looks like a 1% progression on V8.
547
548         * interpreter/Interpreter.cpp:
549         (JSC::Interpreter::privateExecute):
550         * jit/JIT.cpp:
551         (JSC::JIT::privateCompileSlowCases):
552         * jit/JIT.h:
553         * jit/JITInlineMethods.h:
554         (JSC::JIT::emitAllocateBasicJSObject):
555         (JSC):
556         * jit/JITOpcodes.cpp:
557         (JSC::JIT::emit_op_new_func):
558         (JSC):
559         (JSC::JIT::emit_op_new_func_exp):
560         * runtime/JSFunction.cpp:
561         (JSC::JSFunction::finishCreation):
562         * runtime/JSObject.h:
563         (JSC::JSObject::isUsingInlineStorage):
564         (JSObject):
565         (JSC::JSObject::finishCreation):
566         (JSC):
567         (JSC::JSNonFinalObject::hasInlineStorage):
568         (JSNonFinalObject):
569         (JSC::JSNonFinalObject::JSNonFinalObject):
570         (JSC::JSNonFinalObject::finishCreation):
571         (JSC::JSFinalObject::hasInlineStorage):
572         (JSC::JSFinalObject::finishCreation):
573         (JSC::JSObject::offsetOfInlineStorage):
574         (JSC::JSObject::setPropertyStorage):
575         (JSC::Structure::inlineStorageCapacity):
576         (JSC::Structure::isUsingInlineStorage):
577         (JSC::JSObject::putDirectInternal):
578         (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
579         (JSC::JSObject::putDirectWithoutTransition):
580         * runtime/Structure.cpp:
581         (JSC::Structure::Structure):
582         (JSC::nextPropertyStorageCapacity):
583         (JSC):
584         (JSC::Structure::growPropertyStorageCapacity):
585         (JSC::Structure::suggestedNewPropertyStorageSize):
586         * runtime/Structure.h:
587         (JSC::Structure::putWillGrowPropertyStorage):
588         (Structure):
589
590 2012-06-28  Filip Pizlo  <fpizlo@apple.com>
591
592         DFG recompilation heuristics should be based on count, not rate
593         https://bugs.webkit.org/show_bug.cgi?id=90146
594
595         Reviewed by Oliver Hunt.
596         
597         This removes a bunch of code that was previously trying to prevent spurious
598         reoptimizations if a large enough majority of executions of a code block did
599         not result in OSR exit. It turns out that this code was purely harmful. This
600         patch removes all of that logic and replaces it with a dead-simple
601         heuristic: if you exit more than N times (where N is an exponential function
602         of the number of times the code block has already been recompiled) then we
603         will recompile.
604         
605         This appears to be a broad ~1% win on many benchmarks large and small.
606
607         * bytecode/CodeBlock.cpp:
608         (JSC::CodeBlock::CodeBlock):
609         * bytecode/CodeBlock.h:
610         (JSC::CodeBlock::osrExitCounter):
611         (JSC::CodeBlock::countOSRExit):
612         (CodeBlock):
613         (JSC::CodeBlock::addressOfOSRExitCounter):
614         (JSC::CodeBlock::offsetOfOSRExitCounter):
615         (JSC::CodeBlock::adjustedExitCountThreshold):
616         (JSC::CodeBlock::exitCountThresholdForReoptimization):
617         (JSC::CodeBlock::exitCountThresholdForReoptimizationFromLoop):
618         (JSC::CodeBlock::shouldReoptimizeNow):
619         (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
620         * bytecode/ExecutionCounter.cpp:
621         (JSC::ExecutionCounter::setThreshold):
622         * bytecode/ExecutionCounter.h:
623         (ExecutionCounter):
624         (JSC::ExecutionCounter::clippedThreshold):
625         * dfg/DFGJITCompiler.cpp:
626         (JSC::DFG::JITCompiler::compileBody):
627         * dfg/DFGOSRExit.cpp:
628         (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
629         * dfg/DFGOSRExitCompiler.cpp:
630         (JSC::DFG::OSRExitCompiler::handleExitCounts):
631         * dfg/DFGOperations.cpp:
632         * jit/JITStubs.cpp:
633         (JSC::DEFINE_STUB_FUNCTION):
634         * runtime/Options.cpp:
635         (Options):
636         (JSC::Options::initializeOptions):
637         * runtime/Options.h:
638         (Options):
639
640 2012-06-28  Mark Lam  <mark.lam@apple.com>
641
642         Adding a commenting utility to record BytecodeGenerator comments
643         with opcodes that are emitted.  Presently, the comments can only
644         be constant strings.  Adding comments for opcodes is optional.
645         If a comment is added, the comment will be printed following the
646         opcode when CodeBlock::dump() is called.
647
648         This utility is disabled by default, and is only meant for VM
649         development purposes.  It should not be enabled for product builds.
650
651         To enable this utility, set ENABLE_BYTECODE_COMMENTS in CodeBlock.h
652         to 1.
653
654         https://bugs.webkit.org/show_bug.cgi?id=90095
655
656         Reviewed by Geoffrey Garen.
657
658         * GNUmakefile.list.am:
659         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
660         * JavaScriptCore.xcodeproj/project.pbxproj:
661         * bytecode/CodeBlock.cpp:
662         (JSC::CodeBlock::dumpBytecodeCommentAndNewLine): Dumps the comment.
663         (JSC):
664         (JSC::CodeBlock::printUnaryOp): Add comment dumps.
665         (JSC::CodeBlock::printBinaryOp): Add comment dumps.
666         (JSC::CodeBlock::printConditionalJump): Add comment dumps.
667         (JSC::CodeBlock::printCallOp): Add comment dumps.
668         (JSC::CodeBlock::printPutByIdOp): Add comment dumps.
669         (JSC::CodeBlock::dump): Add comment dumps.
670         (JSC::CodeBlock::CodeBlock):
671         (JSC::CodeBlock::commentForBytecodeOffset):
672             Finds the comment for an opcode if available.
673         (JSC::CodeBlock::dumpBytecodeComments):
674             For debugging whether comments are collected.
675             It is not being called anywhere.
676         * bytecode/CodeBlock.h:
677         (CodeBlock):
678         (JSC::CodeBlock::bytecodeComments):
679         * bytecode/Comment.h: Added.
680         (JSC):
681         (Comment):
682         * bytecompiler/BytecodeGenerator.cpp:
683         (JSC::BytecodeGenerator::BytecodeGenerator):
684         (JSC::BytecodeGenerator::emitOpcode): Calls emitComment().
685         (JSC):
686         (JSC::BytecodeGenerator::emitComment): Adds comment to CodeBlock.
687         (JSC::BytecodeGenerator::prependComment):
688             Registers a comment for emitComemnt() to use later.
689         * bytecompiler/BytecodeGenerator.h:
690         (BytecodeGenerator):
691         (JSC::BytecodeGenerator::emitComment):
692         (JSC::BytecodeGenerator::prependComment):
693             These are inlined versions of these functions that nullify them
694             when ENABLE_BYTECODE_COMMENTS is 0.
695         (JSC::BytecodeGenerator::comments):
696
697 2012-06-28  Oliver Hunt  <oliver@apple.com>
698
699         32bit DFG incorrectly claims an fpr is fillable even if it has not been proven double
700         https://bugs.webkit.org/show_bug.cgi?id=90127
701
702         Reviewed by Filip Pizlo.
703
704         The 32-bit version of fillSpeculateDouble doesn't handle Number->fpr loads
705         correctly.  This patch fixes this by killing the fill info in the GenerationInfo
706         when the spillFormat doesn't guarantee the value is a double.
707
708         * dfg/DFGSpeculativeJIT32_64.cpp:
709         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
710
711 2012-06-28  Kent Tamura  <tkent@chromium.org>
712
713         Classify form control states by their owner forms
714         https://bugs.webkit.org/show_bug.cgi?id=89950
715
716         Reviewed by Hajime Morita.
717
718         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
719         Expose WTF::StringBuilder::canShrink()
720
721 2012-06-27  Michael Saboff  <msaboff@apple.com>
722
723         [Win] jscore-tests flakey
724         https://bugs.webkit.org/show_bug.cgi?id=88118
725
726         Reviewed by Jessie Berlin.
727
728         jsDriver.pl on windows intermittently doesn't get the returned value from jsc,
729         instead it gets 126.  Added a new option to jsc (-x) which prints the exit
730         code before exiting.  jsDriver.pl uses this option on Windows and parses the
731         exit code output for the exit code, removing it before comparing the actual
732         and expected outputs.  Filed a follow on "FIXME" defect:
733         [WIN] Intermittent failure for jsc return value to propagate through jsDriver.pl
734         https://bugs.webkit.org/show_bug.cgi?id=90119
735
736         * jsc.cpp:
737         (CommandLine::CommandLine):
738         (CommandLine):
739         (printUsageStatement):
740         (parseArguments):
741         (jscmain):
742         * tests/mozilla/jsDriver.pl:
743         (execute_tests):
744
745 2012-06-27  Sheriff Bot  <webkit.review.bot@gmail.com>
746
747         Unreviewed, rolling out r121359.
748         http://trac.webkit.org/changeset/121359
749         https://bugs.webkit.org/show_bug.cgi?id=90115
750
751         Broke many inspector tests (Requested by jpfau on #webkit).
752
753         * interpreter/Interpreter.h:
754         (JSC::StackFrame::toString):
755
756 2012-06-27  Filip Pizlo  <fpizlo@apple.com>
757
758         Javascript SHA-512 gives wrong hash on second and subsequent runs unless Web Inspector Javascript Debugging is on
759         https://bugs.webkit.org/show_bug.cgi?id=90053
760         <rdar://problem/11764613>
761
762         Reviewed by Mark Hahnenberg.
763         
764         The problem is that the code was assuming that the recovery should be Undefined if the source of
765         the SetLocal was !shouldGenerate(). But that's wrong, since the DFG optimizer may skip around a
766         UInt32ToNumber node (hence making it !shouldGenerate()) and keep the source of that node alive.
767         In that case we should base the recovery on the source of the UInt32ToNumber. The logic for this
768         was already in place but the fast check for !shouldGenerate() broke it.
769
770         * dfg/DFGSpeculativeJIT.cpp:
771         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
772
773 2012-06-27  Filip Pizlo  <fpizlo@apple.com>
774
775         DFG disassembly should be easier to read
776         https://bugs.webkit.org/show_bug.cgi?id=90106
777
778         Reviewed by Mark Hahnenberg.
779         
780         Did a few things:
781         
782         - Options::showDFGDisassembly now shows OSR exit disassembly as well.
783         
784         - Phi node dumping doesn't attempt to do line wrapping since it just made the dump harder
785           to read.
786         
787         - DFG graph disassembly view shows a few additional node types that turn out to be
788           essential for understanding OSR exits.
789         
790         Put together, these changes reinforce the philosophy that anything needed for computing
791         OSR exit is just as important as the machine code itself. Of course, we still don't take
792         that philosophy to its full extreme - for example Phantom nodes are not dumped. We may
793         revisit that in the future.
794
795         * assembler/LinkBuffer.cpp:
796         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
797         * assembler/LinkBuffer.h:
798         (JSC):
799         * dfg/DFGDisassembler.cpp:
800         (JSC::DFG::Disassembler::dump):
801         * dfg/DFGGraph.cpp:
802         (JSC::DFG::Graph::dumpBlockHeader):
803         * dfg/DFGNode.h:
804         (JSC::DFG::Node::willHaveCodeGenOrOSR):
805         * dfg/DFGOSRExitCompiler.cpp:
806         * jit/JIT.cpp:
807         (JSC::JIT::privateCompile):
808
809 2012-06-25  Mark Hahnenberg  <mhahnenberg@apple.com>
810
811         JSLock should be per-JSGlobalData
812         https://bugs.webkit.org/show_bug.cgi?id=89123
813
814         Reviewed by Geoffrey Garen.
815
816         * API/APIShims.h:
817         (APIEntryShimWithoutLock):
818         (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): Added an extra parameter to the constructor to 
819         determine whether we should ref the JSGlobalData or not. We want to ref all the time except for in the 
820         HeapTimer class because timerDidFire could run after somebody has started to tear down that particular 
821         JSGlobalData, so we wouldn't want to resurrect the ref count of that JSGlobalData from 0 back to 1 after 
822         its destruction has begun. 
823         (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
824         (JSC::APIEntryShim::APIEntryShim):
825         (APIEntryShim):
826         (JSC::APIEntryShim::~APIEntryShim):
827         (JSC::APIEntryShim::init): Factored out common initialization code for the various APIEntryShim constructors.
828         Also moved the timeoutChecker stop and start here because we need to start after we've grabbed the API lock
829         and before we've released it, which can only done in APIEntryShim.
830         (JSC::APICallbackShim::~APICallbackShim): We no longer need to synchronize here.
831         * API/JSContextRef.cpp:
832         (JSGlobalContextCreate):
833         (JSGlobalContextCreateInGroup):
834         (JSGlobalContextRelease):
835         (JSContextCreateBacktrace):
836         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
837         * heap/CopiedSpace.cpp:
838         (JSC::CopiedSpace::tryAllocateSlowCase):
839         * heap/Heap.cpp:
840         (JSC::Heap::protect):
841         (JSC::Heap::unprotect):
842         (JSC::Heap::collect):
843         (JSC::Heap::setActivityCallback):
844         (JSC::Heap::activityCallback):
845         (JSC::Heap::sweeper):
846         * heap/Heap.h: Changed m_activityCallback and m_sweeper to be raw pointers rather than OwnPtrs because they 
847         are now responsible for their own lifetime. Also changed the order of declaration of the GCActivityCallback
848         and the IncrementalSweeper to make sure they're the last things that get initialized during construction to 
849         prevent any issues with uninitialized memory in the JSGlobalData/Heap they might care about.
850         (Heap):
851         * heap/HeapTimer.cpp: Refactored to allow for thread-safe operation and shutdown.
852         (JSC::HeapTimer::~HeapTimer):
853         (JSC::HeapTimer::invalidate):
854         (JSC):
855         (JSC::HeapTimer::didStartVMShutdown): Called at the beginning of ~JSGlobalData. If we're on the same thread 
856         that the HeapTimer is running on, we kill the HeapTimer ourselves. If not, then we set some state in the 
857         HeapTimer and schedule it to fire immediately so that it can notice and kill itself.
858         (JSC::HeapTimer::timerDidFire): We grab our mutex and check our JSGlobalData pointer. If it has been zero-ed
859         out, then we know the VM has started to shutdown and we should kill ourselves. Otherwise, grab the APIEntryShim,
860         but without ref-ing the JSGlobalData (we don't want to bring the JSGlobalData's ref-count from 0 to 1) in case 
861         we were interrupted between releasing our mutex and trying to grab the APILock.
862         * heap/HeapTimer.h:
863         (HeapTimer):
864         * heap/IncrementalSweeper.cpp:
865         (JSC::IncrementalSweeper::doWork): We no longer need the API shim here since HeapTimer::timerDidFire handles 
866         all of that for us. 
867         (JSC::IncrementalSweeper::create):
868         * heap/IncrementalSweeper.h:
869         (IncrementalSweeper):
870         * heap/MarkedAllocator.cpp:
871         (JSC::MarkedAllocator::allocateSlowCase):
872         * heap/WeakBlock.cpp:
873         (JSC::WeakBlock::reap):
874         * jsc.cpp:
875         (functionGC):
876         (functionReleaseExecutableMemory):
877         (jscmain):
878         * runtime/Completion.cpp:
879         (JSC::checkSyntax):
880         (JSC::evaluate):
881         * runtime/GCActivityCallback.h:
882         (DefaultGCActivityCallback):
883         (JSC::DefaultGCActivityCallback::create):
884         * runtime/JSGlobalData.cpp:
885         (JSC::JSGlobalData::JSGlobalData):
886         (JSC::JSGlobalData::~JSGlobalData): Signals to the two HeapTimers (GCActivityCallback and IncrementalSweeper)
887         that the VM has started shutting down. It then waits until the HeapTimer is done with whatever activity 
888         it needs to do before continuing with any further destruction. Also asserts that we do not currently hold the 
889         APILock because this could potentially cause deadlock when we try to signal to the HeapTimers using their mutexes.
890         (JSC::JSGlobalData::sharedInstance): Protect the initialization for the shared instance with the GlobalJSLock.
891         (JSC::JSGlobalData::sharedInstanceInternal):
892         * runtime/JSGlobalData.h: Change to be ThreadSafeRefCounted so that we don't have to worry about refing and 
893         de-refing JSGlobalDatas on separate threads since we don't do it that often anyways.
894         (JSGlobalData):
895         (JSC::JSGlobalData::apiLock):
896         * runtime/JSGlobalObject.cpp:
897         (JSC::JSGlobalObject::~JSGlobalObject):
898         (JSC::JSGlobalObject::init):
899         * runtime/JSLock.cpp:
900         (JSC):
901         (JSC::GlobalJSLock::GlobalJSLock): For accessing the shared instance.
902         (JSC::GlobalJSLock::~GlobalJSLock):
903         (JSC::JSLockHolder::JSLockHolder): MutexLocker for JSLock. Also refs the JSGlobalData to keep it alive so that 
904         it can successfully unlock it later without it disappearing from underneath it.
905         (JSC::JSLockHolder::~JSLockHolder):
906         (JSC::JSLock::JSLock):
907         (JSC::JSLock::~JSLock):
908         (JSC::JSLock::lock): Uses the spin lock for guarding the lock count and owner thread fields. Uses the mutex for 
909         actually waiting for long periods. 
910         (JSC::JSLock::unlock):
911         (JSC::JSLock::currentThreadIsHoldingLock):
912         (JSC::JSLock::dropAllLocks):
913         (JSC::JSLock::dropAllLocksUnconditionally):
914         (JSC::JSLock::grabAllLocks):
915         (JSC::JSLock::DropAllLocks::DropAllLocks):
916         (JSC::JSLock::DropAllLocks::~DropAllLocks):
917         * runtime/JSLock.h:
918         (JSC):
919         (GlobalJSLock):
920         (JSLockHolder):
921         (JSLock):
922         (DropAllLocks):
923         * runtime/WeakGCMap.h:
924         (JSC::WeakGCMap::set):
925         * testRegExp.cpp:
926         (realMain):
927
928 2012-06-27  Filip Pizlo  <fpizlo@apple.com>
929
930         x86 disassembler confuses immediates with addresses
931         https://bugs.webkit.org/show_bug.cgi?id=90099
932
933         Reviewed by Mark Hahnenberg.
934         
935         Prepend "$" to immediates to disambiguate between immediates and addresses. This is in
936         accordance with the gas and AT&T syntax.
937
938         * disassembler/udis86/udis86_syn-att.c:
939         (gen_operand):
940
941 2012-06-27  Filip Pizlo  <fpizlo@apple.com>
942
943         Add a comment clarifying Options::showDisassembly versus Options::showDFGDisassembly.
944
945         Rubber stamped by Mark Hahnenberg.
946
947         * runtime/Options.cpp:
948         (JSC::Options::initializeOptions):
949
950 2012-06-27  Anthony Scian  <ascian@rim.com>
951
952         Web Inspector [JSC]: Implement ScriptCallStack::stackTrace
953         https://bugs.webkit.org/show_bug.cgi?id=40118
954
955         Reviewed by Yong Li.
956
957         Added member functions to expose function name, urlString, and line #.
958         Refactored toString to make use of these member functions to reduce
959         duplicated code for future maintenance.
960
961         Manually tested refactoring of toString by tracing thrown exceptions.
962
963         * interpreter/Interpreter.h:
964         (StackFrame):
965         (JSC::StackFrame::toString):
966         (JSC::StackFrame::friendlySourceURL):
967         (JSC::StackFrame::friendlyFunctionName):
968         (JSC::StackFrame::friendlyLineNumber):
969
970 2012-06-27  Oswald Buddenhagen  <oswald.buddenhagen@nokia.com>
971
972         [Qt] Remove redundant c++11 warning suppression code
973
974         This is already handled in default_post.
975
976         Reviewed by Tor Arne Vestbø.
977
978         * Target.pri:
979
980 2012-06-26  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
981
982         [Qt] Add missing heades to HEADERS
983
984         For JavaScriptCore there aren't any Qt specific files, so we include all
985         headers for easy editing in Qt Creator.
986
987         Reviewed by Simon Hausmann.
988
989         * Target.pri:
990
991 2012-06-26  Dominic Cooney  <dominicc@chromium.org>
992
993         [Chromium] Remove unused build scripts and empty folders for JavaScriptCore w/ gyp
994         https://bugs.webkit.org/show_bug.cgi?id=90029
995
996         Reviewed by Adam Barth.
997
998         * gyp: Removed.
999         * gyp/generate-derived-sources.sh: Removed.
1000         * gyp/generate-dtrace-header.sh: Removed.
1001         * gyp/run-if-exists.sh: Removed.
1002         * gyp/update-info-plist.sh: Removed.
1003
1004 2012-06-26  Geoffrey Garen  <ggaren@apple.com>
1005
1006         Reduced (but did not eliminate) use of "berzerker GC"
1007         https://bugs.webkit.org/show_bug.cgi?id=89237
1008
1009         Reviewed by Gavin Barraclough.
1010
1011         (PART 2)
1012
1013         This part turns off "berzerker GC" and turns on incremental shrinking.
1014
1015         * heap/IncrementalSweeper.cpp:
1016         (JSC::IncrementalSweeper::doSweep): Free or shrink after sweeping to
1017         maintain the behavior we used to get from the occasional berzerker GC,
1018         which would run all finalizers and then free or shrink all blocks
1019         synchronously.
1020
1021         * heap/MarkedBlock.h:
1022         (JSC::MarkedBlock::needsSweeping): Sweep zapped blocks, too. It's always
1023         safe to sweep a zapped block (that's the point of zapping), and it's
1024         sometimes profitable. For example, consider this case: Block A does some
1025         allocation (transitioning Block A from Marked to FreeListed), then GC
1026         happens (transitioning Block A to Zapped), then all objects in Block A
1027         are free, then the incremental sweeper visits Block A. If we skipped
1028         Zapped blocks, we'd skip Block A, even though it would be profitable to
1029         run its destructors and free its memory.
1030
1031         * runtime/GCActivityCallback.cpp:
1032         (JSC::DefaultGCActivityCallback::doWork): Don't sweep eagerly; we'll do
1033         this incrementally.
1034
1035 2012-06-26  Filip Pizlo  <fpizlo@apple.com>
1036
1037         DFG PutByValAlias is too aggressive
1038         https://bugs.webkit.org/show_bug.cgi?id=90026
1039         <rdar://problem/11751830>
1040
1041         Reviewed by Gavin Barraclough.
1042         
1043         For CSE on normal arrays, we now treat PutByVal as impure. This does not appear to affect
1044         performance by much.
1045         
1046         For CSE on typed arrays, we fix PutByValAlias by making GetByVal speculate that the access
1047         is within bounds. This also has the effect of making our out-of-bounds handling consistent
1048         with WebCore.
1049
1050         * dfg/DFGCSEPhase.cpp:
1051         (JSC::DFG::CSEPhase::performNodeCSE):
1052         * dfg/DFGGraph.h:
1053         (JSC::DFG::Graph::byValIsPure):
1054         (JSC::DFG::Graph::clobbersWorld):
1055         * dfg/DFGNodeType.h:
1056         (DFG):
1057         * dfg/DFGSpeculativeJIT.cpp:
1058         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
1059         (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
1060
1061 2012-06-26  Yong Li  <yoli@rim.com>
1062
1063         [BlackBerry] Add JSC statistics into about:memory
1064         https://bugs.webkit.org/show_bug.cgi?id=89779
1065
1066         Reviewed by Rob Buis.
1067
1068         Fix non-JIT build on BlackBerry broken by r121196.
1069
1070         * runtime/MemoryStatistics.cpp:
1071         (JSC::globalMemoryStatistics):
1072
1073 2012-06-25  Filip Pizlo  <fpizlo@apple.com>
1074
1075         DFG::operationNewArray is unnecessarily slow, and may use the wrong array
1076         prototype when inlined
1077         https://bugs.webkit.org/show_bug.cgi?id=89821
1078
1079         Reviewed by Geoffrey Garen.
1080         
1081         Fixes all array allocations to use the right structure, and hence the right prototype. Adds
1082         inlining of new Array(...) with a non-zero number of arguments. Optimizes allocations of
1083         empty arrays.
1084
1085         * dfg/DFGAbstractState.cpp:
1086         (JSC::DFG::AbstractState::execute):
1087         * dfg/DFGByteCodeParser.cpp:
1088         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
1089         * dfg/DFGCCallHelpers.h:
1090         (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
1091         (CCallHelpers):
1092         * dfg/DFGNodeType.h:
1093         (DFG):
1094         * dfg/DFGOperations.cpp:
1095         * dfg/DFGOperations.h:
1096         * dfg/DFGPredictionPropagationPhase.cpp:
1097         (JSC::DFG::PredictionPropagationPhase::propagate):
1098         * dfg/DFGSpeculativeJIT.h:
1099         (JSC::DFG::SpeculativeJIT::callOperation):
1100         * dfg/DFGSpeculativeJIT32_64.cpp:
1101         (JSC::DFG::SpeculativeJIT::compile):
1102         * dfg/DFGSpeculativeJIT64.cpp:
1103         (JSC::DFG::SpeculativeJIT::compile):
1104         * runtime/JSArray.h:
1105         (JSC):
1106         (JSC::constructArray):
1107         * runtime/JSGlobalObject.h:
1108         (JSC):
1109         (JSC::constructArray):
1110
1111 2012-06-26  Filip Pizlo  <fpizlo@apple.com>
1112
1113         New fast/js/dfg-store-unexpected-value-into-argument-and-osr-exit.html fails on 32 bit
1114         https://bugs.webkit.org/show_bug.cgi?id=89953
1115
1116         Reviewed by Zoltan Herczeg.
1117         
1118         DFG 32-bit JIT was confused about the difference between a predicted type and a
1119         proven type. This is easy to get confused about, since a local that is predicted int32
1120         almost always means that the local must be an int32 since speculations are hoisted to
1121         stores to locals. But that is less likely to be the case for arguments, where there is
1122         an additional least-upper-bounding step: any store to an argument with a weird type
1123         may force the argument to be any type.
1124         
1125         This patch basically duplicates the functionality in DFGSpeculativeJIT64.cpp for
1126         GetLocal: the decision of whether to load a local as an int32 (or as an array, or as
1127         a boolean) is made based on the AbstractValue::m_type, which is a type proof, rather
1128         than the VariableAccessData::prediction(), which is a predicted type.
1129
1130         * dfg/DFGSpeculativeJIT32_64.cpp:
1131         (JSC::DFG::SpeculativeJIT::compile):
1132
1133 2012-06-25  Filip Pizlo  <fpizlo@apple.com>
1134
1135         JSC should try to make profiling deterministic because otherwise reproducing failures is
1136         nearly impossible
1137         https://bugs.webkit.org/show_bug.cgi?id=89940
1138
1139         Rubber stamped by Gavin Barraclough.
1140         
1141         This rolls out the part of http://trac.webkit.org/changeset/121215 that introduced randomness
1142         into the system. Now, instead of randomizing the tier-up threshold, we always set it to an
1143         artificially low (and statically predetermined!) value. This gives most of the benefit of
1144         threshold randomization without actually making the system behave completely differently on
1145         each invocation.
1146
1147         * bytecode/ExecutionCounter.cpp:
1148         (JSC::ExecutionCounter::setThreshold):
1149         * runtime/Options.cpp:
1150         (Options):
1151         (JSC::Options::initializeOptions):
1152         * runtime/Options.h:
1153         (Options):
1154
1155 2012-06-22  Filip Pizlo  <fpizlo@apple.com>
1156
1157         Value profiling should use tier-up threshold randomization to get more coverage
1158         https://bugs.webkit.org/show_bug.cgi?id=89802
1159
1160         Reviewed by Gavin Barraclough.
1161         
1162         This patch causes both LLInt and Baseline JIT code to take the OSR slow path several
1163         times before actually doing OSR. If we take the OSR slow path before the execution
1164         count threshold is reached, then we just call CodeBlock::updateAllPredictions() to
1165         compute the current latest least-upper-bound SpecType of all values seen in each
1166         ValueProfile.
1167
1168         * bytecode/CodeBlock.cpp:
1169         (JSC::CodeBlock::stronglyVisitStrongReferences):
1170         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
1171         (JSC):
1172         (JSC::CodeBlock::updateAllPredictions):
1173         (JSC::CodeBlock::shouldOptimizeNow):
1174         * bytecode/CodeBlock.h:
1175         (JSC::CodeBlock::llintExecuteCounter):
1176         (JSC::CodeBlock::jitExecuteCounter):
1177         (CodeBlock):
1178         (JSC::CodeBlock::updateAllPredictions):
1179         * bytecode/ExecutionCounter.cpp:
1180         (JSC::ExecutionCounter::setThreshold):
1181         (JSC::ExecutionCounter::status):
1182         (JSC):
1183         * bytecode/ExecutionCounter.h:
1184         (JSC::ExecutionCounter::count):
1185         (ExecutionCounter):
1186         * dfg/DFGAbstractState.cpp:
1187         (JSC::DFG::AbstractState::execute):
1188         * dfg/DFGOperations.cpp:
1189         * dfg/DFGSpeculativeJIT.cpp:
1190         (JSC::DFG::SpeculativeJIT::compile):
1191         * jit/JITStubs.cpp:
1192         (JSC::DEFINE_STUB_FUNCTION):
1193         * llint/LLIntSlowPaths.cpp:
1194         (JSC::LLInt::jitCompileAndSetHeuristics):
1195         (JSC::LLInt::entryOSR):
1196         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1197         * runtime/JSGlobalObject.cpp:
1198         (JSC::JSGlobalObject::JSGlobalObject):
1199         (JSC):
1200         * runtime/JSGlobalObject.h:
1201         (JSGlobalObject):
1202         (JSC::JSGlobalObject::weakRandomInteger):
1203         * runtime/Options.cpp:
1204         (Options):
1205         (JSC::Options::initializeOptions):
1206         * runtime/Options.h:
1207         (Options):
1208         * runtime/WeakRandom.h:
1209         (WeakRandom):
1210         (JSC::WeakRandom::seedUnsafe):
1211
1212 2012-06-25  Yong Li  <yoli@rim.com>
1213
1214         [BlackBerry] Add JSC statistics into about:memory
1215         https://bugs.webkit.org/show_bug.cgi?id=89779
1216
1217         Reviewed by Rob Buis.
1218
1219         Add MemoryStatistics.cpp into build, and fill JITBytes for BlackBerry port.
1220
1221         * PlatformBlackBerry.cmake:
1222         * runtime/MemoryStatistics.cpp:
1223         (JSC::globalMemoryStatistics):
1224
1225 2012-06-23  Sheriff Bot  <webkit.review.bot@gmail.com>
1226
1227         Unreviewed, rolling out r121058.
1228         http://trac.webkit.org/changeset/121058
1229         https://bugs.webkit.org/show_bug.cgi?id=89809
1230
1231         Patch causes plugins tests to crash in GTK debug builds
1232         (Requested by zdobersek on #webkit).
1233
1234         * API/APIShims.h:
1235         (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
1236         (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
1237         (APIEntryShimWithoutLock):
1238         (JSC::APIEntryShim::APIEntryShim):
1239         (APIEntryShim):
1240         (JSC::APICallbackShim::~APICallbackShim):
1241         * API/JSContextRef.cpp:
1242         (JSGlobalContextCreate):
1243         (JSGlobalContextCreateInGroup):
1244         (JSGlobalContextRelease):
1245         (JSContextCreateBacktrace):
1246         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1247         * heap/CopiedSpace.cpp:
1248         (JSC::CopiedSpace::tryAllocateSlowCase):
1249         * heap/Heap.cpp:
1250         (JSC::Heap::protect):
1251         (JSC::Heap::unprotect):
1252         (JSC::Heap::collect):
1253         (JSC::Heap::setActivityCallback):
1254         (JSC::Heap::activityCallback):
1255         (JSC::Heap::sweeper):
1256         * heap/Heap.h:
1257         (Heap):
1258         * heap/HeapTimer.cpp:
1259         (JSC::HeapTimer::~HeapTimer):
1260         (JSC::HeapTimer::invalidate):
1261         (JSC::HeapTimer::timerDidFire):
1262         (JSC):
1263         * heap/HeapTimer.h:
1264         (HeapTimer):
1265         * heap/IncrementalSweeper.cpp:
1266         (JSC::IncrementalSweeper::doWork):
1267         (JSC::IncrementalSweeper::create):
1268         * heap/IncrementalSweeper.h:
1269         (IncrementalSweeper):
1270         * heap/MarkedAllocator.cpp:
1271         (JSC::MarkedAllocator::allocateSlowCase):
1272         * heap/WeakBlock.cpp:
1273         (JSC::WeakBlock::reap):
1274         * jsc.cpp:
1275         (functionGC):
1276         (functionReleaseExecutableMemory):
1277         (jscmain):
1278         * runtime/Completion.cpp:
1279         (JSC::checkSyntax):
1280         (JSC::evaluate):
1281         * runtime/GCActivityCallback.h:
1282         (DefaultGCActivityCallback):
1283         (JSC::DefaultGCActivityCallback::create):
1284         * runtime/JSGlobalData.cpp:
1285         (JSC::JSGlobalData::JSGlobalData):
1286         (JSC::JSGlobalData::~JSGlobalData):
1287         (JSC::JSGlobalData::sharedInstance):
1288         (JSC::JSGlobalData::sharedInstanceInternal):
1289         * runtime/JSGlobalData.h:
1290         (JSGlobalData):
1291         * runtime/JSGlobalObject.cpp:
1292         (JSC::JSGlobalObject::~JSGlobalObject):
1293         (JSC::JSGlobalObject::init):
1294         * runtime/JSLock.cpp:
1295         (JSC):
1296         (JSC::createJSLockCount):
1297         (JSC::JSLock::lockCount):
1298         (JSC::setLockCount):
1299         (JSC::JSLock::JSLock):
1300         (JSC::JSLock::lock):
1301         (JSC::JSLock::unlock):
1302         (JSC::JSLock::currentThreadIsHoldingLock):
1303         (JSC::JSLock::DropAllLocks::DropAllLocks):
1304         (JSC::JSLock::DropAllLocks::~DropAllLocks):
1305         * runtime/JSLock.h:
1306         (JSC):
1307         (JSLock):
1308         (JSC::JSLock::JSLock):
1309         (JSC::JSLock::~JSLock):
1310         (DropAllLocks):
1311         * runtime/WeakGCMap.h:
1312         (JSC::WeakGCMap::set):
1313         * testRegExp.cpp:
1314         (realMain):
1315
1316 2012-06-22  Alexandru Chiculita  <achicu@adobe.com>
1317
1318         [CSS Shaders] Re-enable the CSS Shaders compile time flag on Safari Mac
1319         https://bugs.webkit.org/show_bug.cgi?id=89781
1320
1321         Reviewed by Dean Jackson.
1322
1323         Added ENABLE_CSS_SHADERS flag as enabled by default on Safari for Mac.
1324
1325         * Configurations/FeatureDefines.xcconfig:
1326
1327 2012-06-22  Filip Pizlo  <fpizlo@apple.com>
1328
1329         DFG tier-up should happen in prologues, not epilogues
1330         https://bugs.webkit.org/show_bug.cgi?id=89752
1331
1332         Reviewed by Geoffrey Garen.
1333
1334         This change has two outcomes:
1335         
1336         1) Slightly reduces the likelihood that a function will be optimized both
1337         standalone and via inlining.  Previously, if you had a call sequence like foo() 
1338         calls bar() exactly once, and nobody else calls bar(), then bar() would get
1339         optimized first (because it returns first) and then foo() gets optimized.  If foo()
1340         can inline bar() then that means that bar() gets optimized twice.  But now, if we
1341         optimize in prologues, then foo() will be optimized first.  If it inlines bar(),
1342         that means that there will no longer be any calls to bar().
1343         
1344         2) It lets us kill some code in JITStubs.  Epilogue tier-up was very different from
1345         loop tier-up, since epilogue tier-up should not attempt OSR.  But prologue tier-up
1346         requires OSR (albeit really easy OSR since it's the top of the compilation unit),
1347         so it becomes just like loop tier-up.  As a result, we now have one optimization
1348         hook (cti_optimize) instead of two (cti_optimize_from_loop and
1349         cti_optimize_from_ret).
1350         
1351         As a consequence of not having an optimization check in epilogues, the OSR exit
1352         code must now trigger reoptimization itself instead of just signaling the epilogue
1353         check to fire.
1354         
1355         This also adds the ability to count the number of DFG compilations, which was
1356         useful for debugging this patch and might be useful for other things in the future.
1357
1358         * bytecode/CodeBlock.cpp:
1359         (JSC::CodeBlock::reoptimize):
1360         (JSC):
1361         * bytecode/CodeBlock.h:
1362         (CodeBlock):
1363         * dfg/DFGByteCodeParser.cpp:
1364         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1365         * dfg/DFGDriver.cpp:
1366         (DFG):
1367         (JSC::DFG::getNumCompilations):
1368         (JSC::DFG::compile):
1369         * dfg/DFGDriver.h:
1370         (DFG):
1371         * dfg/DFGOSRExitCompiler.cpp:
1372         (JSC::DFG::OSRExitCompiler::handleExitCounts):
1373         * dfg/DFGOperations.cpp:
1374         * dfg/DFGOperations.h:
1375         * jit/JIT.cpp:
1376         (JSC::JIT::emitOptimizationCheck):
1377         * jit/JIT.h:
1378         * jit/JITCall32_64.cpp:
1379         (JSC::JIT::emit_op_ret):
1380         (JSC::JIT::emit_op_ret_object_or_this):
1381         * jit/JITOpcodes.cpp:
1382         (JSC::JIT::emit_op_ret):
1383         (JSC::JIT::emit_op_ret_object_or_this):
1384         (JSC::JIT::emit_op_enter):
1385         * jit/JITOpcodes32_64.cpp:
1386         (JSC::JIT::emit_op_enter):
1387         * jit/JITStubs.cpp:
1388         (JSC::DEFINE_STUB_FUNCTION):
1389         * jit/JITStubs.h:
1390
1391 2012-06-20  Mark Hahnenberg  <mhahnenberg@apple.com>
1392
1393         JSLock should be per-JSGlobalData
1394         https://bugs.webkit.org/show_bug.cgi?id=89123
1395
1396         Reviewed by Gavin Barraclough.
1397
1398         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1399         * API/APIShims.h:
1400         (APIEntryShimWithoutLock):
1401         (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): Added an extra parameter to the constructor to 
1402         determine whether we should ref the JSGlobalData or not. We want to ref all the time except for in the 
1403         HeapTimer class because timerDidFire could run after somebody has started to tear down that particular 
1404         JSGlobalData, so we wouldn't want to resurrect the ref count of that JSGlobalData from 0 back to 1 after 
1405         its destruction has begun. 
1406         (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock): Now derefs if it also refed.
1407         (JSC::APIEntryShim::APIEntryShim):
1408         (APIEntryShim):
1409         (JSC::APIEntryShim::~APIEntryShim):
1410         (JSC::APIEntryShim::init): Factored out common initialization code for the various APIEntryShim constructors.
1411         Also moved the timeoutChecker stop and start here because we need to start after we've grabbed the API lock
1412         and before we've released it, which can only done in APIEntryShim.
1413         (JSC::APICallbackShim::~APICallbackShim): We no longer need to synchronize here.
1414         * API/JSContextRef.cpp:
1415         (JSGlobalContextCreate):
1416         (JSGlobalContextCreateInGroup):
1417         (JSGlobalContextRelease):
1418         (JSContextCreateBacktrace):
1419         * heap/CopiedSpace.cpp:
1420         (JSC::CopiedSpace::tryAllocateSlowCase):
1421         * heap/Heap.cpp:
1422         (JSC::Heap::protect):
1423         (JSC::Heap::unprotect):
1424         (JSC::Heap::collect):
1425         (JSC::Heap::setActivityCallback):
1426         (JSC::Heap::activityCallback):
1427         (JSC::Heap::sweeper):
1428         * heap/Heap.h: Changed m_activityCallback and m_sweeper to be raw pointers rather than OwnPtrs because they 
1429         are now responsible for their own lifetime. Also changed the order of declaration of the GCActivityCallback
1430         and the IncrementalSweeper to make sure they're the last things that get initialized during construction to 
1431         prevent any issues with uninitialized memory in the JSGlobalData/Heap they might care about.
1432         (Heap):
1433         * heap/HeapTimer.cpp: Refactored to allow for thread-safe operation and shutdown.
1434         (JSC::HeapTimer::~HeapTimer):
1435         (JSC::HeapTimer::invalidate):
1436         (JSC):
1437         (JSC::HeapTimer::didStartVMShutdown): Called at the beginning of ~JSGlobalData. If we're on the same thread 
1438         that the HeapTimer is running on, we kill the HeapTimer ourselves. If not, then we set some state in the 
1439         HeapTimer and schedule it to fire immediately so that it can notice and kill itself.
1440         (JSC::HeapTimer::timerDidFire): We grab our mutex and check our JSGlobalData pointer. If it has been zero-ed
1441         out, then we know the VM has started to shutdown and we should kill ourselves. Otherwise, grab the APIEntryShim,
1442         but without ref-ing the JSGlobalData (we don't want to bring the JSGlobalData's ref-count from 0 to 1) in case 
1443         we were interrupted between releasing our mutex and trying to grab the APILock.
1444         * heap/HeapTimer.h: 
1445         (HeapTimer):
1446         * heap/IncrementalSweeper.cpp:
1447         (JSC::IncrementalSweeper::doWork): We no longer need the API shim here since HeapTimer::timerDidFire handles 
1448         all of that for us. 
1449         (JSC::IncrementalSweeper::create):
1450         * heap/IncrementalSweeper.h:
1451         (IncrementalSweeper):
1452         * heap/MarkedAllocator.cpp:
1453         (JSC::MarkedAllocator::allocateSlowCase):
1454         * heap/WeakBlock.cpp:
1455         (JSC::WeakBlock::reap):
1456         * jsc.cpp:
1457         (functionGC):
1458         (functionReleaseExecutableMemory):
1459         (jscmain):
1460         * runtime/Completion.cpp:
1461         (JSC::checkSyntax):
1462         (JSC::evaluate):
1463         * runtime/GCActivityCallback.h:
1464         (DefaultGCActivityCallback):
1465         (JSC::DefaultGCActivityCallback::create):
1466         * runtime/JSGlobalData.cpp:
1467         (JSC::JSGlobalData::JSGlobalData):
1468         (JSC::JSGlobalData::~JSGlobalData): Signals to the two HeapTimers (GCActivityCallback and IncrementalSweeper)
1469         that the VM has started shutting down. It then waits until the HeapTimer is done with whatever activity 
1470         it needs to do before continuing with any further destruction. Also asserts that we do not currently hold the 
1471         APILock because this could potentially cause deadlock when we try to signal to the HeapTimers using their mutexes.
1472         (JSC::JSGlobalData::sharedInstance): Protect the initialization for the shared instance with the GlobalJSLock.
1473         (JSC::JSGlobalData::sharedInstanceInternal):
1474         * runtime/JSGlobalData.h: Change to be ThreadSafeRefCounted so that we don't have to worry about refing and 
1475         de-refing JSGlobalDatas on separate threads since we don't do it that often anyways.
1476         (JSGlobalData):
1477         (JSC::JSGlobalData::apiLock):
1478         * runtime/JSGlobalObject.cpp:
1479         (JSC::JSGlobalObject::~JSGlobalObject):
1480         (JSC::JSGlobalObject::init):
1481         * runtime/JSLock.cpp:
1482         (JSC):
1483         (JSC::GlobalJSLock::GlobalJSLock): For accessing the shared instance.
1484         (JSC::GlobalJSLock::~GlobalJSLock):
1485         (JSC::JSLockHolder::JSLockHolder): MutexLocker for JSLock. Also refs the JSGlobalData to keep it alive so that 
1486         it can successfully unlock it later without it disappearing from underneath it.
1487         (JSC::JSLockHolder::~JSLockHolder):
1488         (JSC::JSLock::JSLock):
1489         (JSC::JSLock::~JSLock):
1490         (JSC::JSLock::lock): Uses the spin lock for guarding the lock count and owner thread fields. Uses the mutex for 
1491         actually waiting for long periods. 
1492         (JSC::JSLock::unlock):
1493         (JSC::JSLock::currentThreadIsHoldingLock): 
1494         (JSC::JSLock::dropAllLocks):
1495         (JSC::JSLock::dropAllLocksUnconditionally):
1496         (JSC::JSLock::grabAllLocks):
1497         (JSC::JSLock::DropAllLocks::DropAllLocks):
1498         (JSC::JSLock::DropAllLocks::~DropAllLocks):
1499         * runtime/JSLock.h:
1500         (JSC):
1501         (GlobalJSLock):
1502         (JSLockHolder):
1503         (JSLock):
1504         (DropAllLocks):
1505         * runtime/WeakGCMap.h:
1506         (JSC::WeakGCMap::set):
1507         * testRegExp.cpp:
1508         (realMain):
1509
1510 2012-06-22  Peter Beverloo  <peter@chromium.org>
1511
1512         [Chromium] Disable c++0x compatibility warnings in JavaScriptCore.gyp when building for Android
1513         https://bugs.webkit.org/show_bug.cgi?id=88853
1514
1515         Reviewed by Steve Block.
1516
1517         The Android exclusions were necessary to fix a gyp generation error, as
1518         the gcc_version variable wasn't being defined for Android. Remove these
1519         exceptions when Chromium is able to define the gcc_version variable.
1520
1521         * JavaScriptCore.gyp/JavaScriptCore.gyp:
1522
1523 2012-06-21  Filip Pizlo  <fpizlo@apple.com>
1524
1525         op_resolve_global should not prevent DFG inlining
1526         https://bugs.webkit.org/show_bug.cgi?id=89726
1527
1528         Reviewed by Gavin Barraclough.
1529
1530         * bytecode/CodeBlock.cpp:
1531         (JSC::CodeBlock::CodeBlock):
1532         (JSC::CodeBlock::shrinkToFit):
1533         * bytecode/GlobalResolveInfo.h:
1534         (JSC::GlobalResolveInfo::GlobalResolveInfo):
1535         (GlobalResolveInfo):
1536         * dfg/DFGByteCodeParser.cpp:
1537         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1538         * dfg/DFGCapabilities.h:
1539         (JSC::DFG::canInlineOpcode):
1540         * dfg/DFGOperations.cpp:
1541         * dfg/DFGOperations.h:
1542         * dfg/DFGSpeculativeJIT.h:
1543         (JSC::DFG::SpeculativeJIT::callOperation):
1544         * dfg/DFGSpeculativeJIT32_64.cpp:
1545         (JSC::DFG::SpeculativeJIT::compile):
1546         * dfg/DFGSpeculativeJIT64.cpp:
1547         (JSC::DFG::SpeculativeJIT::compile):
1548
1549 2012-06-20  Filip Pizlo  <fpizlo@apple.com>
1550
1551         DFG should inline 'new Array()'
1552         https://bugs.webkit.org/show_bug.cgi?id=89632
1553
1554         Reviewed by Geoffrey Garen.
1555         
1556         This adds support for treating InternalFunction like intrinsics. The code
1557         to do so is actually quite clean, so I don't feel bad about perpetuating
1558         the InternalFunction vs. JSFunction-with-NativeExecutable dichotomy.
1559         
1560         Currently this newfound power is only used to inline 'new Array()'.
1561         
1562         * dfg/DFGByteCodeParser.cpp:
1563         (ByteCodeParser):
1564         (JSC::DFG::ByteCodeParser::handleCall):
1565         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
1566         (DFG):
1567         * dfg/DFGGraph.h:
1568         (JSC::DFG::Graph::isInternalFunctionConstant):
1569         (JSC::DFG::Graph::valueOfInternalFunctionConstant):
1570
1571 2012-06-21  Mark Hahnenberg  <mhahnenberg@apple.com>
1572
1573         Adding copyrights to new files.
1574
1575         * heap/HeapTimer.cpp:
1576         * heap/HeapTimer.h:
1577         * heap/IncrementalSweeper.cpp:
1578         * heap/IncrementalSweeper.h:
1579
1580 2012-06-21  Arnaud Renevier  <arno@renevier.net>
1581
1582         make sure headers are included only once per file
1583         https://bugs.webkit.org/show_bug.cgi?id=88922
1584
1585         Reviewed by Alexey Proskuryakov.
1586
1587         * bytecode/CodeBlock.h:
1588         * heap/MachineStackMarker.cpp:
1589         * runtime/JSVariableObject.h:
1590
1591 2012-06-21  Ryuan Choi  <ryuan.choi@gmail.com>
1592
1593         [EFL][WK2] Make WebKit2/Efl headers and resources installable.
1594         https://bugs.webkit.org/show_bug.cgi?id=88207
1595
1596         Reviewed by Chang Shu.
1597
1598         * shell/CMakeLists.txt: Use ${EXEC_INSTALL_DIR} instead of hardcoding "bin"
1599
1600 2012-06-20  Geoffrey Garen  <ggaren@apple.com>
1601
1602         Reduced (but did not eliminate) use of "berzerker GC"
1603         https://bugs.webkit.org/show_bug.cgi?id=89237
1604
1605         Reviewed by Gavin Barraclough.
1606
1607         (PART 1)
1608
1609         This patch turned out to be crashy, so I'm landing the non-crashy bits
1610         first.
1611
1612         This part is pre-requisite refactoring. I didn't actually turn off
1613         "berzerker GC" or turn on incremental shrinking.
1614
1615         * heap/MarkedAllocator.cpp:
1616         (JSC::MarkedAllocator::removeBlock): Make sure to clear the free list when
1617         we throw away the block we're currently allocating out of. Otherwise, we'll
1618         allocate out of a stale free list.
1619
1620         * heap/MarkedSpace.cpp:
1621         (JSC::Free::Free):
1622         (JSC::Free::operator()):
1623         (JSC::Free::returnValue): Refactored this functor to use a shared helper
1624         function, so we can share our implementation with the incremental sweeper.
1625
1626         Also changed to freeing individual blocks immediately instead of linking
1627         them into a list for later freeing. This makes the programming interface
1628         simpler, and it's slightly more efficient to boot.
1629
1630         (JSC::MarkedSpace::~MarkedSpace): Updated for rename.
1631
1632         (JSC::MarkedSpace::freeBlock):
1633         (JSC::MarkedSpace::freeOrShrinkBlock): New helper functions to share behavior
1634         with the incremental sweeper.
1635
1636         (JSC::MarkedSpace::shrink): Updated for new functor behavior.
1637
1638         * heap/MarkedSpace.h: Statically typed languages are awesome.
1639
1640 2012-06-20  Filip Pizlo  <fpizlo@apple.com>
1641
1642         DFG should optimize ResolveGlobal
1643         https://bugs.webkit.org/show_bug.cgi?id=89617
1644
1645         Reviewed by Oliver Hunt.
1646         
1647         This adds inlining of ResolveGlobal accesses that are known monomorphic. It also
1648         adds the specific function optimization to ResolveGlobal, when it is inlined. And,
1649         it makes internal functions act like specific functions, since that will be the
1650         most common use-case of this optimization.
1651         
1652         This is only a slighy speed-up (sub 1%), since we don't yet do the obvious thing
1653         with this optimization, which is to completely inline common "globally resolved"
1654         function and constructor calls, like "new Array()".
1655
1656         * CMakeLists.txt:
1657         * GNUmakefile.list.am:
1658         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1659         * JavaScriptCore.xcodeproj/project.pbxproj:
1660         * Target.pri:
1661         * bytecode/CodeBlock.cpp:
1662         (JSC::CodeBlock::globalResolveInfoForBytecodeOffset):
1663         * bytecode/CodeBlock.h:
1664         (CodeBlock):
1665         (JSC::CodeBlock::numberOfGlobalResolveInfos):
1666         * bytecode/GlobalResolveInfo.h:
1667         (JSC::getGlobalResolveInfoBytecodeOffset):
1668         (JSC):
1669         * bytecode/ResolveGlobalStatus.cpp: Added.
1670         (JSC):
1671         (JSC::computeForStructure):
1672         (JSC::computeForLLInt):
1673         (JSC::ResolveGlobalStatus::computeFor):
1674         * bytecode/ResolveGlobalStatus.h: Added.
1675         (JSC):
1676         (ResolveGlobalStatus):
1677         (JSC::ResolveGlobalStatus::ResolveGlobalStatus):
1678         (JSC::ResolveGlobalStatus::state):
1679         (JSC::ResolveGlobalStatus::isSet):
1680         (JSC::ResolveGlobalStatus::operator!):
1681         (JSC::ResolveGlobalStatus::isSimple):
1682         (JSC::ResolveGlobalStatus::takesSlowPath):
1683         (JSC::ResolveGlobalStatus::structure):
1684         (JSC::ResolveGlobalStatus::offset):
1685         (JSC::ResolveGlobalStatus::specificValue):
1686         * dfg/DFGByteCodeParser.cpp:
1687         (ByteCodeParser):
1688         (JSC::DFG::ByteCodeParser::handleGetByOffset):
1689         (DFG):
1690         (JSC::DFG::ByteCodeParser::handleGetById):
1691         (JSC::DFG::ByteCodeParser::parseBlock):
1692         * runtime/JSObject.cpp:
1693         (JSC::getCallableObjectSlow):
1694         (JSC):
1695         (JSC::JSObject::put):
1696         (JSC::JSObject::putDirectVirtual):
1697         (JSC::JSObject::putDirectAccessor):
1698         * runtime/JSObject.h:
1699         (JSC):
1700         (JSC::getCallableObject):
1701         (JSC::JSObject::putOwnDataProperty):
1702         (JSC::JSObject::putDirect):
1703         (JSC::JSObject::putDirectWithoutTransition):
1704
1705 2012-06-20  Filip Pizlo  <fpizlo@apple.com>
1706
1707         Functions on global objects should be specializable
1708         https://bugs.webkit.org/show_bug.cgi?id=89615
1709
1710         Reviewed by Oliver Hunt.
1711         
1712         I tested to see if this brought back the bug in https://bugs.webkit.org/show_bug.cgi?id=33343,
1713         and it didn't. Bug 33343 was the reason why we disabled global object function specialization
1714         to begin with. So I'm guessing this is safe.
1715
1716         * runtime/JSGlobalObject.cpp:
1717         (JSC::JSGlobalObject::init):
1718
1719 2012-06-20  Filip Pizlo  <fpizlo@apple.com>
1720
1721         build-webkit failure due to illegal 32-bit integer constants in code
1722         generated by offlineasm
1723         https://bugs.webkit.org/show_bug.cgi?id=89347
1724
1725         Reviewed by Geoffrey Garen.
1726         
1727         The offending constants are the magic numbers used by offlineasm to find
1728         offsets in the generated machine code. Added code to turn them into what
1729         the C++ compiler will believe to be valid 32-bit values.
1730
1731         * offlineasm/offsets.rb:
1732
1733 2012-06-19  Geoffrey Garen  <ggaren@apple.com>
1734
1735         Made the incremental sweeper more aggressive
1736         https://bugs.webkit.org/show_bug.cgi?id=89527
1737
1738         Reviewed by Oliver Hunt.
1739
1740         This is a pre-requisite to getting rid of "berzerker GC" because we need
1741         the sweeper to reclaim memory in a timely fashion, or we'll see a memory
1742         footprint regression.
1743
1744         * heap/IncrementalSweeper.h:
1745         * heap/IncrementalSweeper.cpp:
1746         (JSC::IncrementalSweeper::scheduleTimer): Since the time slice is predictable,
1747         no need to use a data member to record it.
1748
1749         (JSC::IncrementalSweeper::doSweep): Sweep as many blocks as we can in a
1750         small time slice. This is better than sweeping only one block per timer
1751         fire because that strategy has a heavy timer overhead, and artificially
1752         delays memory reclamation.
1753
1754 2012-06-20  Filip Pizlo  <fpizlo@apple.com>
1755
1756         DFG should be able to print disassembly interleaved with the IR
1757         https://bugs.webkit.org/show_bug.cgi?id=89551
1758
1759         Reviewed by Geoffrey Garen.
1760         
1761         This change also removes running Dominators unconditionally on every DFG
1762         compile. Dominators are designed to be computed on-demand, and currently
1763         the only demand is graph dumps.
1764
1765         * CMakeLists.txt:
1766         * GNUmakefile.list.am:
1767         * JavaScriptCore.xcodeproj/project.pbxproj:
1768         * Target.pri:
1769         * assembler/ARMv7Assembler.h:
1770         (JSC::ARMv7Assembler::labelIgnoringWatchpoints):
1771         (ARMv7Assembler):
1772         * assembler/AbstractMacroAssembler.h:
1773         (AbstractMacroAssembler):
1774         (JSC::AbstractMacroAssembler::labelIgnoringWatchpoints):
1775         * assembler/X86Assembler.h:
1776         (X86Assembler):
1777         (JSC::X86Assembler::labelIgnoringWatchpoints):
1778         * dfg/DFGCommon.h:
1779         (JSC::DFG::shouldShowDisassembly):
1780         (DFG):
1781         * dfg/DFGDisassembler.cpp: Added.
1782         (DFG):
1783         (JSC::DFG::Disassembler::Disassembler):
1784         (JSC::DFG::Disassembler::dump):
1785         (JSC::DFG::Disassembler::dumpDisassembly):
1786         * dfg/DFGDisassembler.h: Added.
1787         (DFG):
1788         (Disassembler):
1789         (JSC::DFG::Disassembler::setStartOfCode):
1790         (JSC::DFG::Disassembler::setForBlock):
1791         (JSC::DFG::Disassembler::setForNode):
1792         (JSC::DFG::Disassembler::setEndOfMainPath):
1793         (JSC::DFG::Disassembler::setEndOfCode):
1794         * dfg/DFGDriver.cpp:
1795         (JSC::DFG::compile):
1796         * dfg/DFGGraph.cpp:
1797         (JSC::DFG::Graph::dumpCodeOrigin):
1798         (JSC::DFG::Graph::amountOfNodeWhiteSpace):
1799         (DFG):
1800         (JSC::DFG::Graph::printNodeWhiteSpace):
1801         (JSC::DFG::Graph::dump):
1802         (JSC::DFG::Graph::dumpBlockHeader):
1803         * dfg/DFGGraph.h:
1804         * dfg/DFGJITCompiler.cpp:
1805         (JSC::DFG::JITCompiler::JITCompiler):
1806         (DFG):
1807         (JSC::DFG::JITCompiler::compile):
1808         (JSC::DFG::JITCompiler::compileFunction):
1809         * dfg/DFGJITCompiler.h:
1810         (JITCompiler):
1811         (JSC::DFG::JITCompiler::setStartOfCode):
1812         (JSC::DFG::JITCompiler::setForBlock):
1813         (JSC::DFG::JITCompiler::setForNode):
1814         (JSC::DFG::JITCompiler::setEndOfMainPath):
1815         (JSC::DFG::JITCompiler::setEndOfCode):
1816         * dfg/DFGNode.h:
1817         (Node):
1818         (JSC::DFG::Node::willHaveCodeGen):
1819         * dfg/DFGNodeFlags.cpp:
1820         (JSC::DFG::nodeFlagsAsString):
1821         * dfg/DFGSpeculativeJIT.cpp:
1822         (JSC::DFG::SpeculativeJIT::compile):
1823         * dfg/DFGSpeculativeJIT.h:
1824         (SpeculativeJIT):
1825         * runtime/Options.cpp:
1826         (Options):
1827         (JSC::Options::initializeOptions):
1828         * runtime/Options.h:
1829         (Options):
1830
1831 2012-06-19  Filip Pizlo  <fpizlo@apple.com>
1832
1833         JSC should be able to show disassembly for all generated JIT code
1834         https://bugs.webkit.org/show_bug.cgi?id=89536
1835
1836         Reviewed by Gavin Barraclough.
1837         
1838         Now instead of doing linkBuffer.finalizeCode(), you do
1839         FINALIZE_CODE(linkBuffer, (... explanation ...)). FINALIZE_CODE() then
1840         prints your explanation and the disassembled code, if
1841         Options::showDisassembly is set to true.
1842
1843         * CMakeLists.txt:
1844         * GNUmakefile.list.am:
1845         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1846         * JavaScriptCore.xcodeproj/project.pbxproj:
1847         * Target.pri:
1848         * assembler/LinkBuffer.cpp: Added.
1849         (JSC):
1850         (JSC::LinkBuffer::finalizeCodeWithoutDisassembly):
1851         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
1852         (JSC::LinkBuffer::linkCode):
1853         (JSC::LinkBuffer::performFinalization):
1854         (JSC::LinkBuffer::dumpLinkStatistics):
1855         (JSC::LinkBuffer::dumpCode):
1856         * assembler/LinkBuffer.h:
1857         (LinkBuffer):
1858         (JSC):
1859         * assembler/MacroAssemblerCodeRef.h:
1860         (JSC::MacroAssemblerCodeRef::tryToDisassemble):
1861         (MacroAssemblerCodeRef):
1862         * dfg/DFGJITCompiler.cpp:
1863         (JSC::DFG::JITCompiler::compile):
1864         (JSC::DFG::JITCompiler::compileFunction):
1865         * dfg/DFGOSRExitCompiler.cpp:
1866         * dfg/DFGRepatch.cpp:
1867         (JSC::DFG::generateProtoChainAccessStub):
1868         (JSC::DFG::tryCacheGetByID):
1869         (JSC::DFG::tryBuildGetByIDList):
1870         (JSC::DFG::emitPutReplaceStub):
1871         (JSC::DFG::emitPutTransitionStub):
1872         * dfg/DFGThunks.cpp:
1873         (JSC::DFG::osrExitGenerationThunkGenerator):
1874         * disassembler/Disassembler.h:
1875         (JSC):
1876         (JSC::tryToDisassemble):
1877         * disassembler/UDis86Disassembler.cpp:
1878         (JSC::tryToDisassemble):
1879         * jit/JIT.cpp:
1880         (JSC::JIT::privateCompile):
1881         * jit/JITCode.h:
1882         (JSC::JITCode::tryToDisassemble):
1883         * jit/JITOpcodes.cpp:
1884         (JSC::JIT::privateCompileCTIMachineTrampolines):
1885         * jit/JITOpcodes32_64.cpp:
1886         (JSC::JIT::privateCompileCTIMachineTrampolines):
1887         (JSC::JIT::privateCompileCTINativeCall):
1888         * jit/JITPropertyAccess.cpp:
1889         (JSC::JIT::stringGetByValStubGenerator):
1890         (JSC::JIT::privateCompilePutByIdTransition):
1891         (JSC::JIT::privateCompilePatchGetArrayLength):
1892         (JSC::JIT::privateCompileGetByIdProto):
1893         (JSC::JIT::privateCompileGetByIdSelfList):
1894         (JSC::JIT::privateCompileGetByIdProtoList):
1895         (JSC::JIT::privateCompileGetByIdChainList):
1896         (JSC::JIT::privateCompileGetByIdChain):
1897         * jit/JITPropertyAccess32_64.cpp:
1898         (JSC::JIT::stringGetByValStubGenerator):
1899         (JSC::JIT::privateCompilePutByIdTransition):
1900         (JSC::JIT::privateCompilePatchGetArrayLength):
1901         (JSC::JIT::privateCompileGetByIdProto):
1902         (JSC::JIT::privateCompileGetByIdSelfList):
1903         (JSC::JIT::privateCompileGetByIdProtoList):
1904         (JSC::JIT::privateCompileGetByIdChainList):
1905         (JSC::JIT::privateCompileGetByIdChain):
1906         * jit/SpecializedThunkJIT.h:
1907         (JSC::SpecializedThunkJIT::finalize):
1908         * jit/ThunkGenerators.cpp:
1909         (JSC::charCodeAtThunkGenerator):
1910         (JSC::charAtThunkGenerator):
1911         (JSC::fromCharCodeThunkGenerator):
1912         (JSC::sqrtThunkGenerator):
1913         (JSC::floorThunkGenerator):
1914         (JSC::ceilThunkGenerator):
1915         (JSC::roundThunkGenerator):
1916         (JSC::expThunkGenerator):
1917         (JSC::logThunkGenerator):
1918         (JSC::absThunkGenerator):
1919         (JSC::powThunkGenerator):
1920         * llint/LLIntThunks.cpp:
1921         (JSC::LLInt::generateThunkWithJumpTo):
1922         (JSC::LLInt::functionForCallEntryThunkGenerator):
1923         (JSC::LLInt::functionForConstructEntryThunkGenerator):
1924         (JSC::LLInt::functionForCallArityCheckThunkGenerator):
1925         (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
1926         (JSC::LLInt::evalEntryThunkGenerator):
1927         (JSC::LLInt::programEntryThunkGenerator):
1928         * runtime/Options.cpp:
1929         (Options):
1930         (JSC::Options::initializeOptions):
1931         * runtime/Options.h:
1932         (Options):
1933         * yarr/YarrJIT.cpp:
1934         (JSC::Yarr::YarrGenerator::compile):
1935
1936 2012-06-19  Mark Hahnenberg  <mhahnenberg@apple.com>
1937
1938         [Qt][Mac] REGRESSION(r120742): It broke the build
1939         https://bugs.webkit.org/show_bug.cgi?id=89516
1940
1941         Reviewed by Geoffrey Garen.
1942
1943         Removing GCActivityCallbackCF.cpp because it doesn't mesh well with cross-platform 
1944         code on Darwin (e.g. Qt). We now use plain ol' vanilla ifdefs to handle platforms 
1945         without CF support. These if-defs will probably disappear in the future when we 
1946         use cross-platform timers in HeapTimer.
1947
1948         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1949         * JavaScriptCore.xcodeproj/project.pbxproj:
1950         * runtime/GCActivityCallback.cpp:
1951         (JSC):
1952         (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
1953         (JSC::DefaultGCActivityCallback::doWork):
1954         (JSC::DefaultGCActivityCallback::scheduleTimer):
1955         (JSC::DefaultGCActivityCallback::cancelTimer):
1956         (JSC::DefaultGCActivityCallback::didAllocate):
1957         (JSC::DefaultGCActivityCallback::willCollect):
1958         (JSC::DefaultGCActivityCallback::cancel):
1959         * runtime/GCActivityCallbackCF.cpp: Removed.
1960
1961 2012-06-19  Filip Pizlo  <fpizlo@apple.com>
1962
1963         DFG CFA forgets to notify subsequent phases of found constants if it proves LogicalNot to be a constant
1964         https://bugs.webkit.org/show_bug.cgi?id=89511
1965         <rdar://problem/11700089>
1966
1967         Reviewed by Geoffrey Garen.
1968
1969         * dfg/DFGAbstractState.cpp:
1970         (JSC::DFG::AbstractState::execute):
1971
1972 2012-06-19  Mark Lam  <mark.lam@apple.com>
1973
1974         CodeBlock::needsCallReturnIndices() is no longer needed.
1975         https://bugs.webkit.org/show_bug.cgi?id=89490
1976
1977         Reviewed by Geoffrey Garen.
1978
1979         * bytecode/CodeBlock.h:
1980         (JSC::CodeBlock::needsCallReturnIndices): removed.
1981         * dfg/DFGJITCompiler.cpp:
1982         (JSC::DFG::JITCompiler::link):
1983         * jit/JIT.cpp:
1984         (JSC::JIT::privateCompile):
1985
1986 2012-06-19  Filip Pizlo  <fpizlo@apple.com>
1987
1988         Unreviewed, try to fix Windows build.
1989
1990         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
1991
1992 2012-06-17  Filip Pizlo  <fpizlo@apple.com>
1993
1994         It should be possible to look at disassembly
1995         https://bugs.webkit.org/show_bug.cgi?id=89319
1996
1997         Reviewed by Sam Weinig.
1998         
1999         This imports the udis86 disassembler library. The library is placed
2000         behind an abstraction in disassembler/Disassembler.h, so that we can
2001         in the future use other disassemblers (for other platforms) whenever
2002         appropriate. As a first step, the disassembler is being invoked for
2003         DFG verbose dumps.
2004         
2005         If we ever want to merge a new version of udis86 in the future, I've
2006         made notes about changes I made to the library in
2007         disassembler/udis86/differences.txt.
2008
2009         * CMakeLists.txt:
2010         * DerivedSources.make:
2011         * GNUmakefile.list.am:
2012         * JavaScriptCore.pri:
2013         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2014         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
2015         * JavaScriptCore.xcodeproj/project.pbxproj:
2016         * dfg/DFGJITCompiler.cpp:
2017         (JSC::DFG::JITCompiler::compile):
2018         (JSC::DFG::JITCompiler::compileFunction):
2019         * disassembler: Added.
2020         * disassembler/Disassembler.h: Added.
2021         (JSC):
2022         (JSC::tryToDisassemble):
2023         * disassembler/UDis86Disassembler.cpp: Added.
2024         (JSC):
2025         (JSC::tryToDisassemble):
2026         * disassembler/udis86: Added.
2027         * disassembler/udis86/differences.txt: Added.
2028         * disassembler/udis86/itab.py: Added.
2029         (UdItabGenerator):
2030         (UdItabGenerator.__init__):
2031         (UdItabGenerator.toGroupId):
2032         (UdItabGenerator.genLookupTable):
2033         (UdItabGenerator.genLookupTableList):
2034         (UdItabGenerator.genInsnTable):
2035         (genItabH):
2036         (genItabH.UD_ITAB_H):
2037         (genItabC):
2038         (genItab):
2039         (main):
2040         * disassembler/udis86/optable.xml: Added.
2041         * disassembler/udis86/ud_opcode.py: Added.
2042         (UdOpcodeTables):
2043         (UdOpcodeTables.sizeOfTable):
2044         (UdOpcodeTables.nameOfTable):
2045         (UdOpcodeTables.updateTable):
2046         (UdOpcodeTables.Insn):
2047         (UdOpcodeTables.Insn.__init__):
2048         (UdOpcodeTables.Insn.__init__.opcode):
2049         (UdOpcodeTables.parse):
2050         (UdOpcodeTables.addInsnDef):
2051         (UdOpcodeTables.print_table):
2052         (UdOpcodeTables.print_tree):
2053         * disassembler/udis86/ud_optable.py: Added.
2054         (UdOptableXmlParser):
2055         (UdOptableXmlParser.parseDef):
2056         (UdOptableXmlParser.parse):
2057         (printFn):
2058         (parse):
2059         (main):
2060         * disassembler/udis86/udis86.c: Added.
2061         (ud_init):
2062         (ud_disassemble):
2063         (ud_set_mode):
2064         (ud_set_vendor):
2065         (ud_set_pc):
2066         (ud):
2067         (ud_insn_asm):
2068         (ud_insn_off):
2069         (ud_insn_hex):
2070         (ud_insn_ptr):
2071         (ud_insn_len):
2072         * disassembler/udis86/udis86.h: Added.
2073         * disassembler/udis86/udis86_decode.c: Added.
2074         (eff_adr_mode):
2075         (ud_lookup_mnemonic):
2076         (decode_prefixes):
2077         (modrm):
2078         (resolve_operand_size):
2079         (resolve_mnemonic):
2080         (decode_a):
2081         (decode_gpr):
2082         (resolve_gpr64):
2083         (resolve_gpr32):
2084         (resolve_reg):
2085         (decode_imm):
2086         (decode_modrm_reg):
2087         (decode_modrm_rm):
2088         (decode_o):
2089         (decode_operand):
2090         (decode_operands):
2091         (clear_insn):
2092         (resolve_mode):
2093         (gen_hex):
2094         (decode_insn):
2095         (decode_3dnow):
2096         (decode_ssepfx):
2097         (decode_ext):
2098         (decode_opcode):
2099         (ud_decode):
2100         * disassembler/udis86/udis86_decode.h: Added.
2101         (ud_itab_entry_operand):
2102         (ud_itab_entry):
2103         (ud_lookup_table_list_entry):
2104         (sse_pfx_idx):
2105         (mode_idx):
2106         (modrm_mod_idx):
2107         (vendor_idx):
2108         (is_group_ptr):
2109         (group_idx):
2110         * disassembler/udis86/udis86_extern.h: Added.
2111         * disassembler/udis86/udis86_input.c: Added.
2112         (inp_buff_hook):
2113         (inp_file_hook):
2114         (ud):
2115         (ud_set_user_opaque_data):
2116         (ud_get_user_opaque_data):
2117         (ud_set_input_buffer):
2118         (ud_set_input_file):
2119         (ud_input_skip):
2120         (ud_input_end):
2121         (ud_inp_next):
2122         (ud_inp_back):
2123         (ud_inp_peek):
2124         (ud_inp_move):
2125         (ud_inp_uint8):
2126         (ud_inp_uint16):
2127         (ud_inp_uint32):
2128         (ud_inp_uint64):
2129         * disassembler/udis86/udis86_input.h: Added.
2130         * disassembler/udis86/udis86_itab_holder.c: Added.
2131         * disassembler/udis86/udis86_syn-att.c: Added.
2132         (opr_cast):
2133         (gen_operand):
2134         (ud_translate_att):
2135         * disassembler/udis86/udis86_syn-intel.c: Added.
2136         (opr_cast):
2137         (gen_operand):
2138         (ud_translate_intel):
2139         * disassembler/udis86/udis86_syn.c: Added.
2140         * disassembler/udis86/udis86_syn.h: Added.
2141         (mkasm):
2142         * disassembler/udis86/udis86_types.h: Added.
2143         (ud_operand):
2144         (ud):
2145         * jit/JITCode.h:
2146         (JITCode):
2147         (JSC::JITCode::tryToDisassemble):
2148
2149 2012-06-19  Mark Hahnenberg  <mhahnenberg@apple.com>
2150
2151         GCActivityCallback and IncrementalSweeper should share code
2152         https://bugs.webkit.org/show_bug.cgi?id=89400
2153
2154         Reviewed by Geoffrey Garen.
2155
2156         A lot of functionality is duplicated between GCActivityCallback and IncrementalSweeper. 
2157         We should extract the common functionality out into a separate class that both of them 
2158         can inherit from. This refactoring will be an even greater boon when we add the ability 
2159         to shut these two agents down in a thread-safe fashion
2160
2161         * CMakeLists.txt:
2162         * GNUmakefile.list.am:
2163         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2164         * JavaScriptCore.xcodeproj/project.pbxproj:
2165         * Target.pri:
2166         * heap/Heap.cpp:
2167         (JSC::Heap::Heap): Move initialization down so that the JSGlobalData has a valid Heap when 
2168         we're initializing the GCActivityCallback and the IncrementalSweeper.
2169         * heap/Heap.h:
2170         (Heap):
2171         * heap/HeapTimer.cpp: Added.
2172         (JSC):
2173         (JSC::HeapTimer::HeapTimer): Initialize the various base class data that
2174         DefaultGCActivityCallback::commonConstructor() used to do.
2175         (JSC::HeapTimer::~HeapTimer): Call to invalidate().
2176         (JSC::HeapTimer::synchronize): Same functionality as the old DefaultGCActivityCallback::synchronize().
2177         Virtual so that non-CF subclasses can override.
2178         (JSC::HeapTimer::invalidate): Tears down the runloop timer to prevent any future firing.
2179         (JSC::HeapTimer::timerDidFire): Callback to pass to the timer function. Casts and calls the virtual doWork().
2180         * heap/HeapTimer.h: Added. This is the class that serves as the common base class for 
2181         both GCActivityCallback and IncrementalSweeper. It handles setting up and tearing down run loops and synchronizing 
2182         across threads for its subclasses. 
2183         (JSC):
2184         (HeapTimer):
2185         * heap/IncrementalSweeper.cpp: Changes to accomodate the extraction of common functionality 
2186         between IncrementalSweeper and GCActivityCallback into a common ancestor.
2187         (JSC):
2188         (JSC::IncrementalSweeper::doWork): 
2189         (JSC::IncrementalSweeper::IncrementalSweeper):
2190         (JSC::IncrementalSweeper::cancelTimer):
2191         (JSC::IncrementalSweeper::create):
2192         * heap/IncrementalSweeper.h:
2193         (IncrementalSweeper):
2194         * runtime/GCActivityCallback.cpp:
2195         (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
2196         (JSC::DefaultGCActivityCallback::doWork):
2197         * runtime/GCActivityCallback.h:
2198         (GCActivityCallback):
2199         (JSC::GCActivityCallback::willCollect):
2200         (JSC::GCActivityCallback::GCActivityCallback):
2201         (JSC):
2202         (DefaultGCActivityCallback): Remove the platform data struct. The platform data should be kept in 
2203         the class itself so as to be accessible by doWork(). Most of the platform data for CF is kept in 
2204         HeapTimer anyways, so we only need the m_delay field now.
2205         * runtime/GCActivityCallbackBlackBerry.cpp:
2206         (JSC):
2207         (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
2208         (JSC::DefaultGCActivityCallback::doWork):
2209         (JSC::DefaultGCActivityCallback::didAllocate):
2210         * runtime/GCActivityCallbackCF.cpp:
2211         (JSC):
2212         (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
2213         (JSC::DefaultGCActivityCallback::doWork):
2214         (JSC::DefaultGCActivityCallback::scheduleTimer):
2215         (JSC::DefaultGCActivityCallback::cancelTimer):
2216         (JSC::DefaultGCActivityCallback::didAllocate):
2217         (JSC::DefaultGCActivityCallback::willCollect):
2218         (JSC::DefaultGCActivityCallback::cancel):
2219
2220
2221 2012-06-19  Mike West  <mkwst@chromium.org>
2222
2223         Introduce ENABLE_CSP_NEXT configuration flag.
2224         https://bugs.webkit.org/show_bug.cgi?id=89300
2225
2226         Reviewed by Adam Barth.
2227
2228         The 1.0 draft of the Content Security Policy spec is just about to
2229         move to Last Call. We'll hide work on the upcoming 1.1 spec behind
2230         this ENABLE flag, disabled by default.
2231
2232         Spec: https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html
2233
2234         * Configurations/FeatureDefines.xcconfig:
2235
2236 2012-06-18  Mark Lam  <mark.lam@apple.com>
2237
2238         Changed JSC to always record line number information so that error.stack
2239         and window.onerror() can report proper line numbers.
2240         https://bugs.webkit.org/show_bug.cgi?id=89410
2241
2242         Reviewed by Geoffrey Garen.
2243
2244         * bytecode/CodeBlock.cpp:
2245         (JSC::CodeBlock::CodeBlock):
2246         (JSC::CodeBlock::lineNumberForBytecodeOffset):
2247         (JSC::CodeBlock::shrinkToFit): m_lineInfo is now available unconditionally.
2248
2249         * bytecode/CodeBlock.h:
2250         (JSC::CodeBlock::addLineInfo):
2251         (JSC::CodeBlock::hasLineInfo): Unused.  Now removed.
2252         (JSC::CodeBlock::needsCallReturnIndices):
2253         (CodeBlock):
2254         (RareData):  Hoisted m_lineInfo out of m_rareData.  m_lineInfo is now
2255         filled in unconditionally.
2256
2257         * bytecompiler/BytecodeGenerator.h:
2258         (JSC::BytecodeGenerator::addLineInfo):
2259
2260 2012-06-18  Andy Estes  <aestes@apple.com>
2261
2262         Fix r120663, which didn't land the change that was reviewed.
2263
2264 2012-06-18  Andy Estes  <aestes@apple.com>
2265
2266         [JSC] In JSGlobalData.cpp, enableAssembler() sometimes leaks two CF objects
2267         https://bugs.webkit.org/show_bug.cgi?id=89415
2268
2269         Reviewed by Sam Weinig.
2270
2271         In the case where canUseJIT was a non-NULL CFBooleanRef,
2272         enableAssembler() would leak both canUseJITKey and canUseJIT by
2273         returning before calling CFRelease. Fix this by using RetainPtr.
2274
2275         * runtime/JSGlobalData.cpp:
2276         (JSC::enableAssembler):
2277
2278 2012-06-17  Geoffrey Garen  <ggaren@apple.com>
2279
2280         GC copy phase spends needless cycles zero-filling blocks
2281         https://bugs.webkit.org/show_bug.cgi?id=89128
2282
2283         Reviewed by Gavin Barraclough.
2284
2285         We only need to zero-fill when we're allocating memory that might not
2286         get fully initialized before GC.
2287
2288         * heap/CopiedBlock.h:
2289         (JSC::CopiedBlock::createNoZeroFill):
2290         (JSC::CopiedBlock::create): Added a way to create without zero-filling.
2291         This is our optimization.
2292
2293         (JSC::CopiedBlock::zeroFillToEnd):
2294         (JSC::CopiedBlock::CopiedBlock): Split zero-filling out from creation,
2295         so we can sometimes create without zero-filling.
2296
2297         * heap/CopiedSpace.cpp:
2298         (JSC::CopiedSpace::init):
2299         (JSC::CopiedSpace::tryAllocateSlowCase):
2300         (JSC::CopiedSpace::doneCopying): Renamed addNewBlock to allocateBlock()
2301         to clarify that the new block is always newly-allocated.
2302
2303         (JSC::CopiedSpace::doneFillingBlock): Make sure to zero-fill to the end
2304         of a block that might be used in the future for allocation. (Most of the
2305         time, this is a no-op, since we've already filled the block completely.)
2306
2307         (JSC::CopiedSpace::getFreshBlock): Removed this function because the
2308         abstraction of "allocation must succeed" is no longer useful.
2309
2310         * heap/CopiedSpace.h: Updated declarations to match.
2311
2312         * heap/CopiedSpaceInlineMethods.h:
2313         (JSC::CopiedSpace::allocateBlockForCopyingPhase): New function, which
2314         knows that it can skip zero-filling.
2315
2316         Added tighter scoping to our lock, to improve parallelism.
2317
2318         (JSC::CopiedSpace::allocateBlock): Folded getFreshBlock functionality
2319         into this function, for simplicity.
2320
2321         * heap/MarkStack.cpp:
2322         (JSC::SlotVisitor::startCopying):
2323         (JSC::SlotVisitor::allocateNewSpace): Use our new zero-fill-free helper
2324         function for great good.
2325
2326 2012-06-17  Filip Pizlo  <fpizlo@apple.com>
2327
2328         DFG should attempt to use structure watchpoints for all inlined get_by_id's and put_by_id's
2329         https://bugs.webkit.org/show_bug.cgi?id=89316
2330
2331         Reviewed by Oliver Hunt.
2332
2333         * dfg/DFGByteCodeParser.cpp:
2334         (JSC::DFG::ByteCodeParser::addStructureTransitionCheck):
2335         (ByteCodeParser):
2336         (JSC::DFG::ByteCodeParser::handleGetById):
2337         (JSC::DFG::ByteCodeParser::parseBlock):
2338
2339 2012-06-15  Yong Li  <yoli@rim.com>
2340
2341         [BlackBerry] Put platform-specific GC policy in GCActivityCallback
2342         https://bugs.webkit.org/show_bug.cgi?id=89236
2343
2344         Reviewed by Rob Buis.
2345
2346         Add GCActivityCallbackBlackBerry.cpp and implement platform-specific
2347         low memory GC policy there.
2348
2349         * PlatformBlackBerry.cmake:
2350         * heap/Heap.h:
2351         (JSC::Heap::isSafeToCollect): Added.
2352         * runtime/GCActivityCallbackBlackBerry.cpp: Added.
2353         (JSC):
2354         (JSC::DefaultGCActivityCallbackPlatformData::DefaultGCActivityCallbackPlatformData):
2355         (DefaultGCActivityCallbackPlatformData):
2356         (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
2357         (JSC::DefaultGCActivityCallback::~DefaultGCActivityCallback):
2358         (JSC::DefaultGCActivityCallback::didAllocate):
2359         (JSC::DefaultGCActivityCallback::willCollect):
2360         (JSC::DefaultGCActivityCallback::synchronize):
2361         (JSC::DefaultGCActivityCallback::cancel):
2362
2363 2012-06-15  Filip Pizlo  <fpizlo@apple.com>
2364
2365         DFG should be able to set watchpoints on structure transitions in the
2366         method check prototype chain
2367         https://bugs.webkit.org/show_bug.cgi?id=89058
2368
2369         Adding the same assertion to 32-bit that I added to 64-bit. This change
2370         does not affect correctness but it's a good thing for assertion coverage.
2371
2372         * dfg/DFGSpeculativeJIT32_64.cpp:
2373         (JSC::DFG::SpeculativeJIT::compile):
2374
2375 2012-06-13  Filip Pizlo  <fpizlo@apple.com>
2376
2377         DFG should be able to set watchpoints on structure transitions in the
2378         method check prototype chain
2379         https://bugs.webkit.org/show_bug.cgi?id=89058
2380
2381         Reviewed by Gavin Barraclough.
2382         
2383         This adds the ability to set watchpoints on Structures, and then does
2384         the most modest thing we can do with this ability: the DFG now sets
2385         watchpoints on structure transitions in the prototype chain of method
2386         checks.
2387         
2388         This appears to be a >1% speed-up on V8.
2389
2390         * bytecode/PutByIdStatus.cpp:
2391         (JSC::PutByIdStatus::computeFromLLInt):
2392         (JSC::PutByIdStatus::computeFor):
2393         * bytecode/StructureSet.h:
2394         (JSC::StructureSet::containsOnly):
2395         (StructureSet):
2396         * bytecode/Watchpoint.cpp:
2397         (JSC::WatchpointSet::WatchpointSet):
2398         (JSC::InlineWatchpointSet::add):
2399         (JSC):
2400         (JSC::InlineWatchpointSet::inflateSlow):
2401         (JSC::InlineWatchpointSet::freeFat):
2402         * bytecode/Watchpoint.h:
2403         (WatchpointSet):
2404         (JSC):
2405         (InlineWatchpointSet):
2406         (JSC::InlineWatchpointSet::InlineWatchpointSet):
2407         (JSC::InlineWatchpointSet::~InlineWatchpointSet):
2408         (JSC::InlineWatchpointSet::hasBeenInvalidated):
2409         (JSC::InlineWatchpointSet::isStillValid):
2410         (JSC::InlineWatchpointSet::startWatching):
2411         (JSC::InlineWatchpointSet::notifyWrite):
2412         (JSC::InlineWatchpointSet::isFat):
2413         (JSC::InlineWatchpointSet::fat):
2414         (JSC::InlineWatchpointSet::inflate):
2415         * dfg/DFGAbstractState.cpp:
2416         (JSC::DFG::AbstractState::execute):
2417         * dfg/DFGByteCodeParser.cpp:
2418         (JSC::DFG::ByteCodeParser::addStructureTransitionCheck):
2419         (ByteCodeParser):
2420         (JSC::DFG::ByteCodeParser::parseBlock):
2421         * dfg/DFGCSEPhase.cpp:
2422         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
2423         (CSEPhase):
2424         (JSC::DFG::CSEPhase::performNodeCSE):
2425         * dfg/DFGCommon.h:
2426         * dfg/DFGGraph.cpp:
2427         (JSC::DFG::Graph::dump):
2428         * dfg/DFGGraph.h:
2429         (JSC::DFG::Graph::isCellConstant):
2430         * dfg/DFGJITCompiler.h:
2431         (JSC::DFG::JITCompiler::addWeakReferences):
2432         (JITCompiler):
2433         * dfg/DFGNode.h:
2434         (JSC::DFG::Node::hasStructure):
2435         (Node):
2436         (JSC::DFG::Node::structure):
2437         * dfg/DFGNodeType.h:
2438         (DFG):
2439         * dfg/DFGPredictionPropagationPhase.cpp:
2440         (JSC::DFG::PredictionPropagationPhase::propagate):
2441         * dfg/DFGRepatch.cpp:
2442         (JSC::DFG::emitPutTransitionStub):
2443         * dfg/DFGSpeculativeJIT64.cpp:
2444         (JSC::DFG::SpeculativeJIT::compile):
2445         * jit/JITStubs.cpp:
2446         (JSC::JITThunks::tryCachePutByID):
2447         * llint/LLIntSlowPaths.cpp:
2448         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2449         * runtime/Structure.cpp:
2450         (JSC::Structure::Structure):
2451         * runtime/Structure.h:
2452         (JSC::Structure::transitionWatchpointSetHasBeenInvalidated):
2453         (Structure):
2454         (JSC::Structure::transitionWatchpointSetIsStillValid):
2455         (JSC::Structure::addTransitionWatchpoint):
2456         (JSC::Structure::notifyTransitionFromThisStructure):
2457         (JSC::JSCell::setStructure):
2458         * runtime/SymbolTable.cpp:
2459         (JSC::SymbolTableEntry::attemptToWatch):
2460
2461 2012-06-13  Filip Pizlo  <fpizlo@apple.com>
2462
2463         DFG should be able to set watchpoints on global variables
2464         https://bugs.webkit.org/show_bug.cgi?id=88692
2465
2466         Reviewed by Geoffrey Garen.
2467         
2468         Rolling back in after fixing Windows build issues, and implementing
2469         branchTest8 for the Qt port's strange assemblers.
2470         
2471         This implements global variable constant folding by allowing the optimizing
2472         compiler to set a "watchpoint" on globals that it wishes to constant fold.
2473         If the watchpoint fires, then an OSR exit is forced by overwriting the
2474         machine code that the optimizing compiler generated with a jump.
2475         
2476         As such, this patch is adding quite a bit of stuff:
2477         
2478         - Jump replacement on those hardware targets supported by the optimizing
2479           JIT. It is now possible to patch in a jump instruction over any recorded
2480           watchpoint label. The jump must be "local" in the sense that it must be
2481           within the range of the largest jump distance supported by a one
2482           instruction jump.
2483           
2484         - WatchpointSets and Watchpoints. A Watchpoint is a doubly-linked list node
2485           that records the location where a jump must be inserted and the
2486           destination to which it should jump. Watchpoints can be added to a
2487           WatchpointSet. The WatchpointSet can be fired all at once, which plants
2488           all jumps. WatchpointSet also remembers if it had ever been invalidated,
2489           which allows for monotonicity: we typically don't want to optimize using
2490           watchpoints on something for which watchpoints had previously fired. The
2491           act of notifying a WatchpointSet has a trivial fast path in case no
2492           Watchpoints are registered (one-byte load+branch).
2493         
2494         - SpeculativeJIT::speculationWatchpoint(). It's like speculationCheck(),
2495           except that you don't have to emit branches. But, you need to know what
2496           WatchpointSet to add the resulting Watchpoint to. Not everything that
2497           you could write a speculationCheck() for will have a WatchpointSet that
2498           would get notified if the condition you were speculating against became
2499           invalid.
2500           
2501         - SymbolTableEntry now has the ability to refer to a WatchpointSet. It can
2502           do so without incurring any space overhead for those entries that don't
2503           have WatchpointSets.
2504           
2505         - The bytecode generator infers all global function variables to be
2506           watchable, and makes all stores perform the WatchpointSet's write check,
2507           and marks all loads as being potentially watchable (i.e. you can compile
2508           them to a watchpoint and a constant).
2509         
2510         Put together, this allows for fully sleazy inlining of calls to globally
2511         declared functions. The inline prologue will no longer contain the load of
2512         the function, or any checks of the function you're calling. I.e. it's
2513         pretty much like the kind of inlining you would see in Java or C++.
2514         Furthermore, the watchpointing functionality is built to be fairly general,
2515         and should allow setting watchpoints on all sorts of interesting things
2516         in the future.
2517         
2518         The sleazy inlining means that we will now sometimes inline in code paths
2519         that have never executed. Previously, to inline we would have either had
2520         to have executed the call (to read the call's inline cache) or have
2521         executed the method check (to read the method check's inline cache). Now,
2522         we might inline when the callee is a watched global variable. This
2523         revealed some humorous bugs. First, constant folding disagreed with CFA
2524         over what kinds of operations can clobber (example: code path A is dead
2525         but stores a String into variable X, all other code paths store 0 into
2526         X, and then you do CompareEq(X, 0) - CFA will say that this is a non-
2527         clobbering constant, but constant folding thought it was clobbering
2528         because it saw the String prediction). Second, inlining would crash if
2529         the inline callee had not been compiled. This patch fixes both bugs,
2530         since otherwise run-javascriptcore-tests would report regressions.
2531
2532         * CMakeLists.txt:
2533         * GNUmakefile.list.am:
2534         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2535         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2536         * JavaScriptCore.xcodeproj/project.pbxproj:
2537         * Target.pri:
2538         * assembler/ARMv7Assembler.h:
2539         (ARMv7Assembler):
2540         (JSC::ARMv7Assembler::ARMv7Assembler):
2541         (JSC::ARMv7Assembler::labelForWatchpoint):
2542         (JSC::ARMv7Assembler::label):
2543         (JSC::ARMv7Assembler::replaceWithJump):
2544         (JSC::ARMv7Assembler::maxJumpReplacementSize):
2545         * assembler/AbstractMacroAssembler.h:
2546         (JSC):
2547         (AbstractMacroAssembler):
2548         (Label):
2549         (JSC::AbstractMacroAssembler::watchpointLabel):
2550         (JSC::AbstractMacroAssembler::readPointer):
2551         * assembler/AssemblerBuffer.h:
2552         * assembler/MacroAssemblerARM.h:
2553         (JSC::MacroAssemblerARM::branchTest8):
2554         (MacroAssemblerARM):
2555         (JSC::MacroAssemblerARM::replaceWithJump):
2556         (JSC::MacroAssemblerARM::maxJumpReplacementSize):
2557         * assembler/MacroAssemblerARMv7.h:
2558         (JSC::MacroAssemblerARMv7::load8Signed):
2559         (JSC::MacroAssemblerARMv7::load16Signed):
2560         (MacroAssemblerARMv7):
2561         (JSC::MacroAssemblerARMv7::replaceWithJump):
2562         (JSC::MacroAssemblerARMv7::maxJumpReplacementSize):
2563         (JSC::MacroAssemblerARMv7::branchTest8):
2564         (JSC::MacroAssemblerARMv7::jump):
2565         (JSC::MacroAssemblerARMv7::makeBranch):
2566         * assembler/MacroAssemblerMIPS.h:
2567         (JSC::MacroAssemblerMIPS::branchTest8):
2568         (MacroAssemblerMIPS):
2569         (JSC::MacroAssemblerMIPS::replaceWithJump):
2570         (JSC::MacroAssemblerMIPS::maxJumpReplacementSize):
2571         * assembler/MacroAssemblerSH4.h:
2572         (JSC::MacroAssemblerSH4::branchTest8):
2573         (MacroAssemblerSH4):
2574         (JSC::MacroAssemblerSH4::replaceWithJump):
2575         (JSC::MacroAssemblerSH4::maxJumpReplacementSize):
2576         * assembler/MacroAssemblerX86.h:
2577         (MacroAssemblerX86):
2578         (JSC::MacroAssemblerX86::branchTest8):
2579         * assembler/MacroAssemblerX86Common.h:
2580         (JSC::MacroAssemblerX86Common::replaceWithJump):
2581         (MacroAssemblerX86Common):
2582         (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
2583         * assembler/MacroAssemblerX86_64.h:
2584         (MacroAssemblerX86_64):
2585         (JSC::MacroAssemblerX86_64::branchTest8):
2586         * assembler/X86Assembler.h:
2587         (JSC::X86Assembler::X86Assembler):
2588         (X86Assembler):
2589         (JSC::X86Assembler::cmpb_im):
2590         (JSC::X86Assembler::testb_im):
2591         (JSC::X86Assembler::labelForWatchpoint):
2592         (JSC::X86Assembler::label):
2593         (JSC::X86Assembler::replaceWithJump):
2594         (JSC::X86Assembler::maxJumpReplacementSize):
2595         (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
2596         * bytecode/CodeBlock.cpp:
2597         (JSC):
2598         (JSC::CodeBlock::printGetByIdCacheStatus):
2599         (JSC::CodeBlock::dump):
2600         * bytecode/CodeBlock.h:
2601         (JSC::CodeBlock::appendOSRExit):
2602         (JSC::CodeBlock::appendSpeculationRecovery):
2603         (CodeBlock):
2604         (JSC::CodeBlock::appendWatchpoint):
2605         (JSC::CodeBlock::numberOfWatchpoints):
2606         (JSC::CodeBlock::watchpoint):
2607         (DFGData):
2608         * bytecode/DFGExitProfile.h:
2609         (JSC::DFG::exitKindToString):
2610         (JSC::DFG::exitKindIsCountable):
2611         * bytecode/GetByIdStatus.cpp:
2612         (JSC::GetByIdStatus::computeForChain):
2613         * bytecode/Instruction.h:
2614         (Instruction):
2615         (JSC::Instruction::Instruction):
2616         * bytecode/Opcode.h:
2617         (JSC):
2618         (JSC::padOpcodeName):
2619         * bytecode/Watchpoint.cpp: Added.
2620         (JSC):
2621         (JSC::Watchpoint::~Watchpoint):
2622         (JSC::Watchpoint::correctLabels):
2623         (JSC::Watchpoint::fire):
2624         (JSC::WatchpointSet::WatchpointSet):
2625         (JSC::WatchpointSet::~WatchpointSet):
2626         (JSC::WatchpointSet::add):
2627         (JSC::WatchpointSet::notifyWriteSlow):
2628         (JSC::WatchpointSet::fireAllWatchpoints):
2629         * bytecode/Watchpoint.h: Added.
2630         (JSC):
2631         (Watchpoint):
2632         (JSC::Watchpoint::Watchpoint):
2633         (JSC::Watchpoint::setDestination):
2634         (WatchpointSet):
2635         (JSC::WatchpointSet::isStillValid):
2636         (JSC::WatchpointSet::hasBeenInvalidated):
2637         (JSC::WatchpointSet::startWatching):
2638         (JSC::WatchpointSet::notifyWrite):
2639         (JSC::WatchpointSet::addressOfIsWatched):
2640         * bytecompiler/BytecodeGenerator.cpp:
2641         (JSC::ResolveResult::checkValidity):
2642         (JSC::BytecodeGenerator::addGlobalVar):
2643         (JSC::BytecodeGenerator::BytecodeGenerator):
2644         (JSC::BytecodeGenerator::resolve):
2645         (JSC::BytecodeGenerator::emitResolve):
2646         (JSC::BytecodeGenerator::emitResolveWithBase):
2647         (JSC::BytecodeGenerator::emitResolveWithThis):
2648         (JSC::BytecodeGenerator::emitGetStaticVar):
2649         (JSC::BytecodeGenerator::emitPutStaticVar):
2650         * bytecompiler/BytecodeGenerator.h:
2651         (BytecodeGenerator):
2652         * bytecompiler/NodesCodegen.cpp:
2653         (JSC::FunctionCallResolveNode::emitBytecode):
2654         (JSC::PostfixResolveNode::emitBytecode):
2655         (JSC::PrefixResolveNode::emitBytecode):
2656         (JSC::ReadModifyResolveNode::emitBytecode):
2657         (JSC::AssignResolveNode::emitBytecode):
2658         (JSC::ConstDeclNode::emitCodeSingle):
2659         * dfg/DFGAbstractState.cpp:
2660         (JSC::DFG::AbstractState::execute):
2661         (JSC::DFG::AbstractState::clobberStructures):
2662         * dfg/DFGAbstractState.h:
2663         (AbstractState):
2664         (JSC::DFG::AbstractState::didClobber):
2665         * dfg/DFGByteCodeParser.cpp:
2666         (JSC::DFG::ByteCodeParser::handleInlining):
2667         (JSC::DFG::ByteCodeParser::parseBlock):
2668         * dfg/DFGCCallHelpers.h:
2669         (CCallHelpers):
2670         (JSC::DFG::CCallHelpers::setupArguments):
2671         * dfg/DFGCSEPhase.cpp:
2672         (JSC::DFG::CSEPhase::globalVarWatchpointElimination):
2673         (CSEPhase):
2674         (JSC::DFG::CSEPhase::globalVarStoreElimination):
2675         (JSC::DFG::CSEPhase::performNodeCSE):
2676         * dfg/DFGCapabilities.h:
2677         (JSC::DFG::canCompileOpcode):
2678         * dfg/DFGConstantFoldingPhase.cpp:
2679         (JSC::DFG::ConstantFoldingPhase::run):
2680         * dfg/DFGCorrectableJumpPoint.h:
2681         (JSC::DFG::CorrectableJumpPoint::isSet):
2682         (CorrectableJumpPoint):
2683         * dfg/DFGJITCompiler.cpp:
2684         (JSC::DFG::JITCompiler::linkOSRExits):
2685         (JSC::DFG::JITCompiler::link):
2686         * dfg/DFGNode.h:
2687         (JSC::DFG::Node::hasIdentifierNumberForCheck):
2688         (Node):
2689         (JSC::DFG::Node::identifierNumberForCheck):
2690         (JSC::DFG::Node::hasRegisterPointer):
2691         * dfg/DFGNodeType.h:
2692         (DFG):
2693         * dfg/DFGOSRExit.cpp:
2694         (JSC::DFG::OSRExit::OSRExit):
2695         * dfg/DFGOSRExit.h:
2696         (OSRExit):
2697         * dfg/DFGOperations.cpp:
2698         * dfg/DFGOperations.h:
2699         * dfg/DFGPredictionPropagationPhase.cpp:
2700         (JSC::DFG::PredictionPropagationPhase::propagate):
2701         * dfg/DFGSpeculativeJIT.h:
2702         (JSC::DFG::SpeculativeJIT::callOperation):
2703         (JSC::DFG::SpeculativeJIT::appendCall):
2704         (SpeculativeJIT):
2705         (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
2706         * dfg/DFGSpeculativeJIT32_64.cpp:
2707         (JSC::DFG::SpeculativeJIT::compile):
2708         * dfg/DFGSpeculativeJIT64.cpp:
2709         (JSC::DFG::SpeculativeJIT::compile):
2710         * interpreter/Interpreter.cpp:
2711         (JSC::Interpreter::privateExecute):
2712         * jit/JIT.cpp:
2713         (JSC::JIT::privateCompileMainPass):
2714         (JSC::JIT::privateCompileSlowCases):
2715         * jit/JIT.h:
2716         * jit/JITPropertyAccess.cpp:
2717         (JSC::JIT::emit_op_put_global_var_check):
2718         (JSC):
2719         (JSC::JIT::emitSlow_op_put_global_var_check):
2720         * jit/JITPropertyAccess32_64.cpp:
2721         (JSC::JIT::emit_op_put_global_var_check):
2722         (JSC):
2723         (JSC::JIT::emitSlow_op_put_global_var_check):
2724         * jit/JITStubs.cpp:
2725         (JSC::DEFINE_STUB_FUNCTION):
2726         (JSC):
2727         * jit/JITStubs.h:
2728         * llint/LLIntSlowPaths.cpp:
2729         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2730         (LLInt):
2731         * llint/LLIntSlowPaths.h:
2732         (LLInt):
2733         * llint/LowLevelInterpreter32_64.asm:
2734         * llint/LowLevelInterpreter64.asm:
2735         * runtime/JSObject.cpp:
2736         (JSC::JSObject::removeDirect):
2737         * runtime/JSObject.h:
2738         (JSObject):
2739         * runtime/JSSymbolTableObject.h:
2740         (JSC::symbolTableGet):
2741         (JSC::symbolTablePut):
2742         (JSC::symbolTablePutWithAttributes):
2743         * runtime/SymbolTable.cpp: Added.
2744         (JSC):
2745         (JSC::SymbolTableEntry::copySlow):
2746         (JSC::SymbolTableEntry::freeFatEntrySlow):
2747         (JSC::SymbolTableEntry::couldBeWatched):
2748         (JSC::SymbolTableEntry::attemptToWatch):
2749         (JSC::SymbolTableEntry::addressOfIsWatched):
2750         (JSC::SymbolTableEntry::addWatchpoint):
2751         (JSC::SymbolTableEntry::notifyWriteSlow):
2752         (JSC::SymbolTableEntry::inflateSlow):
2753         * runtime/SymbolTable.h:
2754         (JSC):
2755         (SymbolTableEntry):
2756         (Fast):
2757         (JSC::SymbolTableEntry::Fast::Fast):
2758         (JSC::SymbolTableEntry::Fast::isNull):
2759         (JSC::SymbolTableEntry::Fast::getIndex):
2760         (JSC::SymbolTableEntry::Fast::isReadOnly):
2761         (JSC::SymbolTableEntry::Fast::getAttributes):
2762         (JSC::SymbolTableEntry::Fast::isFat):
2763         (JSC::SymbolTableEntry::SymbolTableEntry):
2764         (JSC::SymbolTableEntry::~SymbolTableEntry):
2765         (JSC::SymbolTableEntry::operator=):
2766         (JSC::SymbolTableEntry::isNull):
2767         (JSC::SymbolTableEntry::getIndex):
2768         (JSC::SymbolTableEntry::getFast):
2769         (JSC::SymbolTableEntry::getAttributes):
2770         (JSC::SymbolTableEntry::isReadOnly):
2771         (JSC::SymbolTableEntry::watchpointSet):
2772         (JSC::SymbolTableEntry::notifyWrite):
2773         (FatEntry):
2774         (JSC::SymbolTableEntry::FatEntry::FatEntry):
2775         (JSC::SymbolTableEntry::isFat):
2776         (JSC::SymbolTableEntry::fatEntry):
2777         (JSC::SymbolTableEntry::inflate):
2778         (JSC::SymbolTableEntry::bits):
2779         (JSC::SymbolTableEntry::freeFatEntry):
2780         (JSC::SymbolTableEntry::pack):
2781         (JSC::SymbolTableEntry::isValidIndex):
2782
2783 2012-06-13  Sheriff Bot  <webkit.review.bot@gmail.com>
2784
2785         Unreviewed, rolling out r120172.
2786         http://trac.webkit.org/changeset/120172
2787         https://bugs.webkit.org/show_bug.cgi?id=88976
2788
2789         The patch causes compilation failures on Gtk, Qt and Apple Win
2790         bots (Requested by zdobersek on #webkit).
2791
2792         * CMakeLists.txt:
2793         * GNUmakefile.list.am:
2794         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2795         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2796         * JavaScriptCore.xcodeproj/project.pbxproj:
2797         * Target.pri:
2798         * assembler/ARMv7Assembler.h:
2799         (JSC::ARMv7Assembler::nop):
2800         (JSC::ARMv7Assembler::label):
2801         (JSC::ARMv7Assembler::readPointer):
2802         (ARMv7Assembler):
2803         * assembler/AbstractMacroAssembler.h:
2804         (JSC):
2805         (AbstractMacroAssembler):
2806         (Label):
2807         * assembler/AssemblerBuffer.h:
2808         * assembler/MacroAssemblerARM.h:
2809         * assembler/MacroAssemblerARMv7.h:
2810         (JSC::MacroAssemblerARMv7::nop):
2811         (JSC::MacroAssemblerARMv7::jump):
2812         (JSC::MacroAssemblerARMv7::makeBranch):
2813         * assembler/MacroAssemblerMIPS.h:
2814         * assembler/MacroAssemblerSH4.h:
2815         * assembler/MacroAssemblerX86.h:
2816         (MacroAssemblerX86):
2817         (JSC::MacroAssemblerX86::moveWithPatch):
2818         * assembler/MacroAssemblerX86Common.h:
2819         * assembler/MacroAssemblerX86_64.h:
2820         (JSC::MacroAssemblerX86_64::branchTest8):
2821         * assembler/X86Assembler.h:
2822         (JSC::X86Assembler::cmpb_im):
2823         (JSC::X86Assembler::codeSize):
2824         (JSC::X86Assembler::label):
2825         (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
2826         * bytecode/CodeBlock.cpp:
2827         (JSC::CodeBlock::dump):
2828         * bytecode/CodeBlock.h:
2829         (JSC::CodeBlock::appendOSRExit):
2830         (JSC::CodeBlock::appendSpeculationRecovery):
2831         (DFGData):
2832         * bytecode/DFGExitProfile.h:
2833         (JSC::DFG::exitKindToString):
2834         (JSC::DFG::exitKindIsCountable):
2835         * bytecode/Instruction.h:
2836         * bytecode/Opcode.h:
2837         (JSC):
2838         (JSC::padOpcodeName):
2839         * bytecode/Watchpoint.cpp: Removed.
2840         * bytecode/Watchpoint.h: Removed.
2841         * bytecompiler/BytecodeGenerator.cpp:
2842         (JSC::ResolveResult::checkValidity):
2843         (JSC::BytecodeGenerator::addGlobalVar):
2844         (JSC::BytecodeGenerator::BytecodeGenerator):
2845         (JSC::BytecodeGenerator::resolve):
2846         (JSC::BytecodeGenerator::emitResolve):
2847         (JSC::BytecodeGenerator::emitResolveWithBase):
2848         (JSC::BytecodeGenerator::emitResolveWithThis):
2849         (JSC::BytecodeGenerator::emitGetStaticVar):
2850         (JSC::BytecodeGenerator::emitPutStaticVar):
2851         * bytecompiler/BytecodeGenerator.h:
2852         (BytecodeGenerator):
2853         * bytecompiler/NodesCodegen.cpp:
2854         (JSC::FunctionCallResolveNode::emitBytecode):
2855         (JSC::PostfixResolveNode::emitBytecode):
2856         (JSC::PrefixResolveNode::emitBytecode):
2857         (JSC::ReadModifyResolveNode::emitBytecode):
2858         (JSC::AssignResolveNode::emitBytecode):
2859         (JSC::ConstDeclNode::emitCodeSingle):
2860         * dfg/DFGAbstractState.cpp:
2861         (JSC::DFG::AbstractState::execute):
2862         (JSC::DFG::AbstractState::clobberStructures):
2863         * dfg/DFGAbstractState.h:
2864         (AbstractState):
2865         * dfg/DFGByteCodeParser.cpp:
2866         (JSC::DFG::ByteCodeParser::handleInlining):
2867         (JSC::DFG::ByteCodeParser::parseBlock):
2868         * dfg/DFGCCallHelpers.h:
2869         (JSC::DFG::CCallHelpers::setupArguments):
2870         * dfg/DFGCSEPhase.cpp:
2871         (JSC::DFG::CSEPhase::globalVarStoreElimination):
2872         (JSC::DFG::CSEPhase::performNodeCSE):
2873         * dfg/DFGCapabilities.h:
2874         (JSC::DFG::canCompileOpcode):
2875         * dfg/DFGConstantFoldingPhase.cpp:
2876         (JSC::DFG::ConstantFoldingPhase::run):
2877         * dfg/DFGCorrectableJumpPoint.h:
2878         * dfg/DFGJITCompiler.cpp:
2879         (JSC::DFG::JITCompiler::linkOSRExits):
2880         (JSC::DFG::JITCompiler::link):
2881         * dfg/DFGNode.h:
2882         (JSC::DFG::Node::hasRegisterPointer):
2883         * dfg/DFGNodeType.h:
2884         (DFG):
2885         * dfg/DFGOSRExit.cpp:
2886         (JSC::DFG::OSRExit::OSRExit):
2887         * dfg/DFGOSRExit.h:
2888         (OSRExit):
2889         * dfg/DFGOperations.cpp:
2890         * dfg/DFGOperations.h:
2891         * dfg/DFGPredictionPropagationPhase.cpp:
2892         (JSC::DFG::PredictionPropagationPhase::propagate):
2893         * dfg/DFGSpeculativeJIT.h:
2894         (JSC::DFG::SpeculativeJIT::callOperation):
2895         (JSC::DFG::SpeculativeJIT::appendCallSetResult):
2896         (JSC::DFG::SpeculativeJIT::speculationCheck):
2897         * dfg/DFGSpeculativeJIT32_64.cpp:
2898         (JSC::DFG::SpeculativeJIT::compile):
2899         * dfg/DFGSpeculativeJIT64.cpp:
2900         (JSC::DFG::SpeculativeJIT::compile):
2901         * jit/JIT.cpp:
2902         (JSC::JIT::privateCompileMainPass):
2903         (JSC::JIT::privateCompileSlowCases):
2904         * jit/JIT.h:
2905         * jit/JITPropertyAccess.cpp:
2906         * jit/JITPropertyAccess32_64.cpp:
2907         * jit/JITStubs.cpp:
2908         * jit/JITStubs.h:
2909         * llint/LLIntSlowPaths.cpp:
2910         * llint/LLIntSlowPaths.h:
2911         (LLInt):
2912         * llint/LowLevelInterpreter32_64.asm:
2913         * llint/LowLevelInterpreter64.asm:
2914         * runtime/JSObject.cpp:
2915         (JSC::JSObject::removeDirect):
2916         * runtime/JSObject.h:
2917         (JSObject):
2918         * runtime/JSSymbolTableObject.h:
2919         (JSC::symbolTableGet):
2920         (JSC::symbolTablePut):
2921         (JSC::symbolTablePutWithAttributes):
2922         * runtime/SymbolTable.cpp: Removed.
2923         * runtime/SymbolTable.h:
2924         (JSC):
2925         (JSC::SymbolTableEntry::isNull):
2926         (JSC::SymbolTableEntry::getIndex):
2927         (SymbolTableEntry):
2928         (JSC::SymbolTableEntry::getAttributes):
2929         (JSC::SymbolTableEntry::isReadOnly):
2930         (JSC::SymbolTableEntry::pack):
2931         (JSC::SymbolTableEntry::isValidIndex):
2932
2933 2012-06-12  Filip Pizlo  <fpizlo@apple.com>
2934
2935         DFG should be able to set watchpoints on global variables
2936         https://bugs.webkit.org/show_bug.cgi?id=88692
2937
2938         Reviewed by Geoffrey Garen.
2939         
2940         This implements global variable constant folding by allowing the optimizing
2941         compiler to set a "watchpoint" on globals that it wishes to constant fold.
2942         If the watchpoint fires, then an OSR exit is forced by overwriting the
2943         machine code that the optimizing compiler generated with a jump.
2944         
2945         As such, this patch is adding quite a bit of stuff:
2946         
2947         - Jump replacement on those hardware targets supported by the optimizing
2948           JIT. It is now possible to patch in a jump instruction over any recorded
2949           watchpoint label. The jump must be "local" in the sense that it must be
2950           within the range of the largest jump distance supported by a one
2951           instruction jump.
2952           
2953         - WatchpointSets and Watchpoints. A Watchpoint is a doubly-linked list node
2954           that records the location where a jump must be inserted and the
2955           destination to which it should jump. Watchpoints can be added to a
2956           WatchpointSet. The WatchpointSet can be fired all at once, which plants
2957           all jumps. WatchpointSet also remembers if it had ever been invalidated,
2958           which allows for monotonicity: we typically don't want to optimize using
2959           watchpoints on something for which watchpoints had previously fired. The
2960           act of notifying a WatchpointSet has a trivial fast path in case no
2961           Watchpoints are registered (one-byte load+branch).
2962         
2963         - SpeculativeJIT::speculationWatchpoint(). It's like speculationCheck(),
2964           except that you don't have to emit branches. But, you need to know what
2965           WatchpointSet to add the resulting Watchpoint to. Not everything that
2966           you could write a speculationCheck() for will have a WatchpointSet that
2967           would get notified if the condition you were speculating against became
2968           invalid.
2969           
2970         - SymbolTableEntry now has the ability to refer to a WatchpointSet. It can
2971           do so without incurring any space overhead for those entries that don't
2972           have WatchpointSets.
2973           
2974         - The bytecode generator infers all global function variables to be
2975           watchable, and makes all stores perform the WatchpointSet's write check,
2976           and marks all loads as being potentially watchable (i.e. you can compile
2977           them to a watchpoint and a constant).
2978         
2979         Put together, this allows for fully sleazy inlining of calls to globally
2980         declared functions. The inline prologue will no longer contain the load of
2981         the function, or any checks of the function you're calling. I.e. it's
2982         pretty much like the kind of inlining you would see in Java or C++.
2983         Furthermore, the watchpointing functionality is built to be fairly general,
2984         and should allow setting watchpoints on all sorts of interesting things
2985         in the future.
2986         
2987         The sleazy inlining means that we will now sometimes inline in code paths
2988         that have never executed. Previously, to inline we would have either had
2989         to have executed the call (to read the call's inline cache) or have
2990         executed the method check (to read the method check's inline cache). Now,
2991         we might inline when the callee is a watched global variable. This
2992         revealed some humorous bugs. First, constant folding disagreed with CFA
2993         over what kinds of operations can clobber (example: code path A is dead
2994         but stores a String into variable X, all other code paths store 0 into
2995         X, and then you do CompareEq(X, 0) - CFA will say that this is a non-
2996         clobbering constant, but constant folding thought it was clobbering
2997         because it saw the String prediction). Second, inlining would crash if
2998         the inline callee had not been compiled. This patch fixes both bugs,
2999         since otherwise run-javascriptcore-tests would report regressions.
3000
3001         * CMakeLists.txt:
3002         * GNUmakefile.list.am:
3003         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3004         * JavaScriptCore.xcodeproj/project.pbxproj:
3005         * Target.pri:
3006         * assembler/ARMv7Assembler.h:
3007         (ARMv7Assembler):
3008         (JSC::ARMv7Assembler::ARMv7Assembler):
3009         (JSC::ARMv7Assembler::labelForWatchpoint):
3010         (JSC::ARMv7Assembler::label):
3011         (JSC::ARMv7Assembler::replaceWithJump):
3012         (JSC::ARMv7Assembler::maxJumpReplacementSize):
3013         * assembler/AbstractMacroAssembler.h:
3014         (JSC):
3015         (AbstractMacroAssembler):
3016         (Label):
3017         (JSC::AbstractMacroAssembler::watchpointLabel):
3018         * assembler/AssemblerBuffer.h:
3019         * assembler/MacroAssemblerARM.h:
3020         (JSC::MacroAssemblerARM::replaceWithJump):
3021         (MacroAssemblerARM):
3022         (JSC::MacroAssemblerARM::maxJumpReplacementSize):
3023         * assembler/MacroAssemblerARMv7.h:
3024         (MacroAssemblerARMv7):
3025         (JSC::MacroAssemblerARMv7::replaceWithJump):
3026         (JSC::MacroAssemblerARMv7::maxJumpReplacementSize):
3027         (JSC::MacroAssemblerARMv7::branchTest8):
3028         (JSC::MacroAssemblerARMv7::jump):
3029         (JSC::MacroAssemblerARMv7::makeBranch):
3030         * assembler/MacroAssemblerMIPS.h:
3031         (JSC::MacroAssemblerMIPS::replaceWithJump):
3032         (MacroAssemblerMIPS):
3033         (JSC::MacroAssemblerMIPS::maxJumpReplacementSize):
3034         * assembler/MacroAssemblerSH4.h:
3035         (JSC::MacroAssemblerSH4::replaceWithJump):
3036         (MacroAssemblerSH4):
3037         (JSC::MacroAssemblerSH4::maxJumpReplacementSize):
3038         * assembler/MacroAssemblerX86.h:
3039         (MacroAssemblerX86):
3040         (JSC::MacroAssemblerX86::branchTest8):
3041         * assembler/MacroAssemblerX86Common.h:
3042         (JSC::MacroAssemblerX86Common::replaceWithJump):
3043         (MacroAssemblerX86Common):
3044         (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
3045         * assembler/MacroAssemblerX86_64.h:
3046         (MacroAssemblerX86_64):
3047         (JSC::MacroAssemblerX86_64::branchTest8):
3048         * assembler/X86Assembler.h:
3049         (JSC::X86Assembler::X86Assembler):
3050         (X86Assembler):
3051         (JSC::X86Assembler::cmpb_im):
3052         (JSC::X86Assembler::testb_im):
3053         (JSC::X86Assembler::labelForWatchpoint):
3054         (JSC::X86Assembler::label):
3055         (JSC::X86Assembler::replaceWithJump):
3056         (JSC::X86Assembler::maxJumpReplacementSize):
3057         (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
3058         * bytecode/CodeBlock.cpp:
3059         (JSC::CodeBlock::dump):
3060         * bytecode/CodeBlock.h:
3061         (JSC::CodeBlock::appendOSRExit):
3062         (JSC::CodeBlock::appendSpeculationRecovery):
3063         (CodeBlock):
3064         (JSC::CodeBlock::appendWatchpoint):
3065         (JSC::CodeBlock::numberOfWatchpoints):
3066         (JSC::CodeBlock::watchpoint):
3067         (DFGData):
3068         * bytecode/DFGExitProfile.h:
3069         (JSC::DFG::exitKindToString):
3070         (JSC::DFG::exitKindIsCountable):
3071         * bytecode/Instruction.h:
3072         (Instruction):
3073         (JSC::Instruction::Instruction):
3074         * bytecode/Opcode.h:
3075         (JSC):
3076         (JSC::padOpcodeName):
3077         * bytecode/Watchpoint.cpp: Added.
3078         (JSC):
3079         (JSC::Watchpoint::~Watchpoint):
3080         (JSC::Watchpoint::correctLabels):
3081         (JSC::Watchpoint::fire):
3082         (JSC::WatchpointSet::WatchpointSet):
3083         (JSC::WatchpointSet::~WatchpointSet):
3084         (JSC::WatchpointSet::add):
3085         (JSC::WatchpointSet::notifyWriteSlow):
3086         (JSC::WatchpointSet::fireAllWatchpoints):
3087         * bytecode/Watchpoint.h: Added.
3088         (JSC):
3089         (Watchpoint):
3090         (JSC::Watchpoint::Watchpoint):
3091         (JSC::Watchpoint::setDestination):
3092         (WatchpointSet):
3093         (JSC::WatchpointSet::isStillValid):
3094         (JSC::WatchpointSet::hasBeenInvalidated):
3095         (JSC::WatchpointSet::startWatching):
3096         (JSC::WatchpointSet::notifyWrite):
3097         (JSC::WatchpointSet::addressOfIsWatched):
3098         * bytecompiler/BytecodeGenerator.cpp:
3099         (JSC::ResolveResult::checkValidity):
3100         (JSC::BytecodeGenerator::addGlobalVar):
3101         (JSC::BytecodeGenerator::BytecodeGenerator):
3102         (JSC::BytecodeGenerator::resolve):
3103         (JSC::BytecodeGenerator::emitResolve):
3104         (JSC::BytecodeGenerator::emitResolveWithBase):
3105         (JSC::BytecodeGenerator::emitResolveWithThis):
3106         (JSC::BytecodeGenerator::emitGetStaticVar):
3107         (JSC::BytecodeGenerator::emitPutStaticVar):
3108         * bytecompiler/BytecodeGenerator.h:
3109         (BytecodeGenerator):
3110         * bytecompiler/NodesCodegen.cpp:
3111         (JSC::FunctionCallResolveNode::emitBytecode):
3112         (JSC::PostfixResolveNode::emitBytecode):
3113         (JSC::PrefixResolveNode::emitBytecode):
3114         (JSC::ReadModifyResolveNode::emitBytecode):
3115         (JSC::AssignResolveNode::emitBytecode):
3116         (JSC::ConstDeclNode::emitCodeSingle):
3117         * dfg/DFGAbstractState.cpp:
3118         (JSC::DFG::AbstractState::execute):
3119         (JSC::DFG::AbstractState::clobberStructures):
3120         * dfg/DFGAbstractState.h:
3121         (AbstractState):
3122         (JSC::DFG::AbstractState::didClobber):
3123         * dfg/DFGByteCodeParser.cpp:
3124         (JSC::DFG::ByteCodeParser::handleInlining):
3125         (JSC::DFG::ByteCodeParser::parseBlock):
3126         * dfg/DFGCCallHelpers.h:
3127         (CCallHelpers):
3128         (JSC::DFG::CCallHelpers::setupArguments):
3129         * dfg/DFGCSEPhase.cpp:
3130         (JSC::DFG::CSEPhase::globalVarWatchpointElimination):
3131         (CSEPhase):
3132         (JSC::DFG::CSEPhase::globalVarStoreElimination):
3133         (JSC::DFG::CSEPhase::performNodeCSE):
3134         * dfg/DFGCapabilities.h:
3135         (JSC::DFG::canCompileOpcode):
3136         * dfg/DFGConstantFoldingPhase.cpp:
3137         (JSC::DFG::ConstantFoldingPhase::run):
3138         * dfg/DFGCorrectableJumpPoint.h:
3139         (JSC::DFG::CorrectableJumpPoint::isSet):
3140         (CorrectableJumpPoint):
3141         * dfg/DFGJITCompiler.cpp:
3142         (JSC::DFG::JITCompiler::linkOSRExits):
3143         (JSC::DFG::JITCompiler::link):
3144         * dfg/DFGNode.h:
3145         (JSC::DFG::Node::hasIdentifierNumberForCheck):
3146         (Node):
3147         (JSC::DFG::Node::identifierNumberForCheck):
3148         (JSC::DFG::Node::hasRegisterPointer):
3149         * dfg/DFGNodeType.h:
3150         (DFG):
3151         * dfg/DFGOSRExit.cpp:
3152         (JSC::DFG::OSRExit::OSRExit):
3153         * dfg/DFGOSRExit.h:
3154         (OSRExit):
3155         * dfg/DFGOperations.cpp:
3156         * dfg/DFGOperations.h:
3157         * dfg/DFGPredictionPropagationPhase.cpp:
3158         (JSC::DFG::PredictionPropagationPhase::propagate):
3159         * dfg/DFGSpeculativeJIT.h:
3160         (JSC::DFG::SpeculativeJIT::callOperation):
3161         (JSC::DFG::SpeculativeJIT::appendCall):
3162         (SpeculativeJIT):
3163         (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
3164         * dfg/DFGSpeculativeJIT32_64.cpp:
3165         (JSC::DFG::SpeculativeJIT::compile):
3166         * dfg/DFGSpeculativeJIT64.cpp:
3167         (JSC::DFG::SpeculativeJIT::compile):
3168         * jit/JIT.cpp:
3169         (JSC::JIT::privateCompileMainPass):
3170         (JSC::JIT::privateCompileSlowCases):
3171         * jit/JIT.h:
3172         * jit/JITPropertyAccess.cpp:
3173         (JSC::JIT::emit_op_put_global_var_check):
3174         (JSC):
3175         (JSC::JIT::emitSlow_op_put_global_var_check):
3176         * jit/JITPropertyAccess32_64.cpp:
3177         (JSC::JIT::emit_op_put_global_var_check):
3178         (JSC):
3179         (JSC::JIT::emitSlow_op_put_global_var_check):
3180         * jit/JITStubs.cpp:
3181         (JSC::JITThunks::JITThunks):
3182         (JSC::DEFINE_STUB_FUNCTION):
3183         (JSC):
3184         * jit/JITStubs.h:
3185         * llint/LLIntSlowPaths.cpp:
3186         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3187         (LLInt):
3188         * llint/LLIntSlowPaths.h:
3189         (LLInt):
3190         * llint/LowLevelInterpreter32_64.asm:
3191         * llint/LowLevelInterpreter64.asm:
3192         * runtime/JSObject.cpp:
3193         (JSC::JSObject::removeDirect):
3194         * runtime/JSObject.h:
3195         (JSObject):
3196         * runtime/JSSymbolTableObject.h:
3197         (JSC::symbolTableGet):
3198         (JSC::symbolTablePut):
3199         (JSC::symbolTablePutWithAttributes):
3200         * runtime/SymbolTable.cpp: Added.
3201         (JSC):
3202         (JSC::SymbolTableEntry::copySlow):
3203         (JSC::SymbolTableEntry::freeFatEntrySlow):
3204         (JSC::SymbolTableEntry::couldBeWatched):
3205         (JSC::SymbolTableEntry::attemptToWatch):
3206         (JSC::SymbolTableEntry::addressOfIsWatched):
3207         (JSC::SymbolTableEntry::addWatchpoint):
3208         (JSC::SymbolTableEntry::notifyWriteSlow):
3209         (JSC::SymbolTableEntry::inflateSlow):
3210         * runtime/SymbolTable.h:
3211         (JSC):
3212         (SymbolTableEntry):
3213         (Fast):
3214         (JSC::SymbolTableEntry::Fast::Fast):
3215         (JSC::SymbolTableEntry::Fast::isNull):
3216         (JSC::SymbolTableEntry::Fast::getIndex):
3217         (JSC::SymbolTableEntry::Fast::isReadOnly):
3218         (JSC::SymbolTableEntry::Fast::getAttributes):
3219         (JSC::SymbolTableEntry::Fast::isFat):
3220         (JSC::SymbolTableEntry::SymbolTableEntry):
3221         (JSC::SymbolTableEntry::~SymbolTableEntry):
3222         (JSC::SymbolTableEntry::operator=):
3223         (JSC::SymbolTableEntry::isNull):
3224         (JSC::SymbolTableEntry::getIndex):
3225         (JSC::SymbolTableEntry::getFast):
3226         (JSC::SymbolTableEntry::getAttributes):
3227         (JSC::SymbolTableEntry::isReadOnly):
3228         (JSC::SymbolTableEntry::watchpointSet):
3229         (JSC::SymbolTableEntry::notifyWrite):
3230         (FatEntry):
3231         (JSC::SymbolTableEntry::FatEntry::FatEntry):
3232         (JSC::SymbolTableEntry::isFat):
3233         (JSC::SymbolTableEntry::fatEntry):
3234         (JSC::SymbolTableEntry::inflate):
3235         (JSC::SymbolTableEntry::bits):
3236         (JSC::SymbolTableEntry::freeFatEntry):
3237         (JSC::SymbolTableEntry::pack):
3238         (JSC::SymbolTableEntry::isValidIndex):
3239
3240 2012-06-12  Filip Pizlo  <fpizlo@apple.com>
3241
3242         Unreviewed build fix for ARMv7 debug builds.
3243
3244         * jit/JITStubs.cpp:
3245         (JSC::JITThunks::JITThunks):
3246
3247 2012-06-12  Geoffrey Garen  <ggaren@apple.com>
3248
3249         Build fix for case-sensitive file systems: use the right case.
3250
3251         * heap/ListableHandler.h:
3252
3253 2012-06-11  Geoffrey Garen  <ggaren@apple.com>
3254
3255         GC should be 1.7X faster
3256         https://bugs.webkit.org/show_bug.cgi?id=88840
3257
3258         Reviewed by Oliver Hunt.
3259
3260         I profiled, and removed anything that showed up as a concurrency
3261         bottleneck. Then, I added 3 threads to our max thread count, since we
3262         can scale up to more threads now.
3263
3264         * heap/BlockAllocator.cpp:
3265         (JSC::BlockAllocator::BlockAllocator):
3266         (JSC::BlockAllocator::~BlockAllocator):
3267         (JSC::BlockAllocator::releaseFreeBlocks):
3268         (JSC::BlockAllocator::waitForRelativeTimeWhileHoldingLock):
3269         (JSC::BlockAllocator::waitForRelativeTime):
3270         (JSC::BlockAllocator::blockFreeingThreadMain):
3271         * heap/BlockAllocator.h:
3272         (BlockAllocator):
3273         (JSC::BlockAllocator::allocate):
3274         (JSC::BlockAllocator::deallocate): Use a spin lock for the common case
3275         where we're just popping a linked list. (A pthread mutex would sleep our
3276         thread even if the lock were only contended for a microsecond.) 
3277
3278         Scope the lock to avoid holding it while allocating VM, since that's a
3279         slow activity and it doesn't modify any of our data structures.
3280
3281         We still use a pthread mutex to handle our condition variable since we
3282         have to, and it's not a hot path.
3283
3284         * heap/CopiedSpace.cpp:
3285         (JSC::CopiedSpace::CopiedSpace):
3286         (JSC::CopiedSpace::doneFillingBlock):
3287         * heap/CopiedSpace.h:
3288         (JSC::CopiedSpace::CopiedSpace): Use a spin lock for the to space lock,
3289         since it just guards linked list and hash table manipulation.
3290
3291         * heap/MarkStack.cpp:
3292         (JSC::MarkStackSegmentAllocator::MarkStackSegmentAllocator):
3293         (JSC::MarkStackSegmentAllocator::allocate):
3294         (JSC::MarkStackSegmentAllocator::release):
3295         (JSC::MarkStackSegmentAllocator::shrinkReserve): Use a spin lock, since
3296         we're just managing a linked list.
3297
3298         (JSC::MarkStackArray::donateSomeCellsTo): Changed donation to be proportional
3299         to our current stack size. This fixes cases where we used to donate too
3300         much. Interestingly, donating too much was starving the donor (when it
3301         ran out of work later) *and* the recipient (since it had to wait on a
3302         long donation operation to complete before it could acquire the lock).
3303
3304         In the worst case, we're still guaranteed to donate N cells in roughly log N time.
3305
3306         This change also fixes cases where we used to donate too little, since
3307         we would always keep a fixed minimum number of cells. In the worst case,
3308         with N marking threads, would could have N large object graph roots in
3309         our stack for the duration of GC, and scale to only 1 thread.
3310
3311         It's an interesting observation that a single object in the mark stack
3312         might represent an arbitrarily large object graph -- and only the act
3313         of marking can find out.
3314
3315         (JSC::MarkStackArray::stealSomeCellsFrom): Steal in proportion to idle
3316         threads. Once again, this fixes cases where constants could cause us
3317         to steal too much or too little.
3318
3319         (JSC::SlotVisitor::donateKnownParallel): Always wake up other threads
3320         if they're idle. We can afford to do this because we're conservative
3321         about when we donate.
3322
3323         (JSC::SlotVisitor::drainFromShared):
3324         * heap/MarkStack.h:
3325         (MarkStackSegmentAllocator):
3326         (MarkStackArray):
3327         (JSC):
3328         * heap/SlotVisitor.h: Merged the "should I donate?" decision into a
3329         single function, for simplicity.
3330
3331         * runtime/Options.cpp:
3332         (minimumNumberOfScansBetweenRebalance): Reduced the delay before donation
3333         a lot. We can afford to do this because, in the common case, donation is
3334         a single branch that decides not to donate. 
3335
3336         (cpusToUse): Use more CPUs now, since we scale better now.
3337
3338         * runtime/Options.h:
3339         (Options): Removed now-unused variables.
3340
3341 2012-06-12  Filip Pizlo  <fpizlo@apple.com>
3342
3343         REGRESSION(120121): inspector tests crash in DFG
3344         https://bugs.webkit.org/show_bug.cgi?id=88941
3345
3346         Reviewed by Geoffrey Garen.
3347         
3348         The CFG simplifier has two different ways of fixing up GetLocal, Phantom, and Flush. If we've
3349         already fixed up the node one way, we shouldn't try the other way. The reason why we shouldn't
3350         is that the second way depends on the node referring to other nodes in the to-be-jettisoned
3351         block. After fixup they potentially will refer to nodes in the block being merged to.
3352
3353         * dfg/DFGCFGSimplificationPhase.cpp:
3354         (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
3355         (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
3356
3357 2012-06-12  Leo Yang  <leo.yang@torchmobile.com.cn>
3358
3359         Dynamic hash table in DOMObjectHashTableMap is wrong in multiple threads
3360         https://bugs.webkit.org/show_bug.cgi?id=87334
3361
3362         Reviewed by Geoffrey Garen.
3363
3364         Add a copy member function to JSC::HasTable. This function will copy all data
3365         members except for *table* which contains thread specific data that prevents
3366         up copying it. When you want to copy a JSC::HashTable that was constructed
3367         on another thread you should call JSC::HashTable::copy().
3368
3369         * runtime/Lookup.h:
3370         (JSC::HashTable::copy):
3371         (HashTable):
3372