bd68e5edf87301f6b5adf87c2028fdb811a3ff8b
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-08-20  Mark Lam  <mark.lam@apple.com>
2
3         Fixed erroneous line number for LLint frame when throwing exceptions.
4         https://bugs.webkit.org/show_bug.cgi?id=94051.
5
6         Reviewed by Filip Pizlo.
7
8         For LLInt frames, before throwing an exception, adjust the PC from the
9         return PC back to the call PC if we are indeed at a call site.
10
11         * bytecode/CodeBlock.cpp:
12         (JSC::CodeBlock::adjustPCIfAtCallSite):
13         (JSC):
14         (JSC::CodeBlock::bytecodeOffset):
15         * bytecode/CodeBlock.h:
16         (CodeBlock):
17         * llint/LLIntExceptions.cpp:
18         (JSC::LLInt::fixupPCforExceptionIfNeeded):
19         (LLInt):
20         (JSC::LLInt::interpreterThrowInCaller):
21         (JSC::LLInt::returnToThrow):
22         (JSC::LLInt::callToThrow):
23
24 2012-08-20  Filip Pizlo  <fpizlo@apple.com>
25
26         fast/js/dfg-peephole-compare-final-object-to-final-object-or-other-when-both-proven-final-object.html on 32-bit
27         https://bugs.webkit.org/show_bug.cgi?id=94538
28
29         Reviewed by Mark Hahnenberg.
30
31         * dfg/DFGSpeculativeJIT32_64.cpp:
32         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
33
34 2012-08-20  Filip Pizlo  <fpizlo@apple.com>
35
36         fast/js/dfg-compare-final-object-to-final-object-or-other-when-both-proven-final-object.html crashes on 32-bit
37         https://bugs.webkit.org/show_bug.cgi?id=94026
38
39         Reviewed by Mark Hahnenberg.
40
41         * dfg/DFGSpeculativeJIT32_64.cpp:
42         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
43
44 2012-08-19  Filip Pizlo  <fpizlo@apple.com>
45
46         The relationship between abstract values and structure transition watchpoints should be rationalized
47         https://bugs.webkit.org/show_bug.cgi?id=94205
48
49         Reviewed by Geoffrey Garen.
50
51         This patch does a number of things related to the handling of the abstract values
52         arrising from values with structures known to be watchpointable:
53         
54         - This rationalizes the relationship between the structure that we know an object
55           to have *right now* based on having executed a check against that structure, and
56           the structure that we know the object could have *in the future* based on a type
57           check executed in the past over a structure that was watchpointable.
58         
59         - We use the above to assert that structure transition watchpoints are being used
60           soundly.
61         
62         - We use the above to strength reduce CheckStructure into StructureTransitionWatchpoint
63           whenever possible.
64         
65         - This rationalizes the handling of CFA over constants that appeared in the bytecode.
66           If at compile-time the constant has a watchpointable structure, then we can prove
67           what structures it may have in the future. The analysis uses this to both assert
68           that structure transition watchpoints are being used correctly, and to find
69           opportunities for using them more aggressively.
70         
71         The net effect of all of these changes is that OSR entry should work more smoothly.
72         It may also be a slight win due to strength reductions, though most of those strength
73         reductions would have already been done by the parser and the structure check hoister.
74
75         * GNUmakefile.list.am:
76         * JavaScriptCore.xcodeproj/project.pbxproj:
77         * dfg/DFGAbstractState.cpp:
78         (JSC::DFG::AbstractState::beginBasicBlock):
79         (JSC::DFG::AbstractState::execute):
80         * dfg/DFGAbstractValue.h:
81         (DFG):
82         (JSC::DFG::AbstractValue::clear):
83         (JSC::DFG::AbstractValue::isClear):
84         (JSC::DFG::AbstractValue::makeTop):
85         (JSC::DFG::AbstractValue::clobberStructures):
86         (JSC::DFG::AbstractValue::isTop):
87         (JSC::DFG::AbstractValue::setFuturePossibleStructure):
88         (AbstractValue):
89         (JSC::DFG::AbstractValue::filterFuturePossibleStructure):
90         (JSC::DFG::AbstractValue::setMostSpecific):
91         (JSC::DFG::AbstractValue::set):
92         (JSC::DFG::AbstractValue::operator==):
93         (JSC::DFG::AbstractValue::merge):
94         (JSC::DFG::AbstractValue::filter):
95         (JSC::DFG::AbstractValue::filterValueByType):
96         (JSC::DFG::AbstractValue::validateType):
97         (JSC::DFG::AbstractValue::validate):
98         (JSC::DFG::AbstractValue::checkConsistency):
99         (JSC::DFG::AbstractValue::dump):
100         * dfg/DFGArgumentsSimplificationPhase.cpp:
101         (JSC::DFG::ArgumentsSimplificationPhase::run):
102         * dfg/DFGCSEPhase.cpp:
103         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
104         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
105         (JSC::DFG::CSEPhase::performNodeCSE):
106         * dfg/DFGConstantFoldingPhase.cpp:
107         (JSC::DFG::ConstantFoldingPhase::foldConstants):
108         * dfg/DFGNode.h:
109         (JSC::DFG::Node::convertToStructureTransitionWatchpoint):
110         (Node):
111         (JSC::DFG::Node::hasStructure):
112         * dfg/DFGNodeType.h:
113         (DFG):
114         * dfg/DFGOSREntry.cpp:
115         (JSC::DFG::prepareOSREntry):
116         * dfg/DFGPredictionPropagationPhase.cpp:
117         (JSC::DFG::PredictionPropagationPhase::propagate):
118         * dfg/DFGSpeculativeJIT.cpp:
119         (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
120         (JSC::DFG::SpeculativeJIT::forwardSpeculationWatchpoint):
121         (DFG):
122         (JSC::DFG::SpeculativeJIT::speculationWatchpointWithConditionalDirection):
123         (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
124         (JSC::DFG::SpeculativeJIT::speculateArray):
125         * dfg/DFGSpeculativeJIT.h:
126         (SpeculativeJIT):
127         * dfg/DFGSpeculativeJIT32_64.cpp:
128         (JSC::DFG::SpeculativeJIT::compile):
129         * dfg/DFGSpeculativeJIT64.cpp:
130         (JSC::DFG::SpeculativeJIT::compile):
131         * dfg/DFGStructureAbstractValue.h: Added.
132         (DFG):
133         (StructureAbstractValue):
134         (JSC::DFG::StructureAbstractValue::StructureAbstractValue):
135         (JSC::DFG::StructureAbstractValue::clear):
136         (JSC::DFG::StructureAbstractValue::makeTop):
137         (JSC::DFG::StructureAbstractValue::top):
138         (JSC::DFG::StructureAbstractValue::add):
139         (JSC::DFG::StructureAbstractValue::addAll):
140         (JSC::DFG::StructureAbstractValue::contains):
141         (JSC::DFG::StructureAbstractValue::isSubsetOf):
142         (JSC::DFG::StructureAbstractValue::doesNotContainAnyOtherThan):
143         (JSC::DFG::StructureAbstractValue::isSupersetOf):
144         (JSC::DFG::StructureAbstractValue::filter):
145         (JSC::DFG::StructureAbstractValue::isClear):
146         (JSC::DFG::StructureAbstractValue::isTop):
147         (JSC::DFG::StructureAbstractValue::isClearOrTop):
148         (JSC::DFG::StructureAbstractValue::isNeitherClearNorTop):
149         (JSC::DFG::StructureAbstractValue::size):
150         (JSC::DFG::StructureAbstractValue::at):
151         (JSC::DFG::StructureAbstractValue::operator[]):
152         (JSC::DFG::StructureAbstractValue::last):
153         (JSC::DFG::StructureAbstractValue::speculationFromStructures):
154         (JSC::DFG::StructureAbstractValue::hasSingleton):
155         (JSC::DFG::StructureAbstractValue::singleton):
156         (JSC::DFG::StructureAbstractValue::operator==):
157         (JSC::DFG::StructureAbstractValue::dump):
158         (JSC::DFG::StructureAbstractValue::topValue):
159         * dfg/DFGStructureCheckHoistingPhase.cpp:
160         (JSC::DFG::StructureCheckHoistingPhase::run):
161
162 2012-08-17  Filip Pizlo  <fpizlo@apple.com>
163
164         The current state of the call frame should be taken into account in the DFG for both predictions and proofs
165         https://bugs.webkit.org/show_bug.cgi?id=94412
166
167         Reviewed by Geoffrey Garen.
168
169         This ensures that no matter how smart the DFG gets, it'll always know through
170         which entrypoint OSR will try to enter, and with which values it will attempt
171         to do so. For prologue OSR, this has no effect other than adding the current
172         arguments to the argument predictions. For loop OSR, this makes our treatment
173         of the loop slightly more conservative - just conservative enough to ensure
174         that OSR succeeds.
175
176         * bytecode/CodeBlock.cpp:
177         (JSC::ProgramCodeBlock::compileOptimized):
178         (JSC::EvalCodeBlock::compileOptimized):
179         (JSC::FunctionCodeBlock::compileOptimized):
180         * bytecode/CodeBlock.h:
181         (CodeBlock):
182         (ProgramCodeBlock):
183         (EvalCodeBlock):
184         (FunctionCodeBlock):
185         * dfg/DFGAbstractState.cpp:
186         (JSC::DFG::AbstractState::initialize):
187         * dfg/DFGAbstractValue.h:
188         (JSC::DFG::AbstractValue::setMostSpecific):
189         (AbstractValue):
190         * dfg/DFGByteCodeParser.cpp:
191         (JSC::DFG::ByteCodeParser::fixVariableAccessPredictions):
192         (JSC::DFG::ByteCodeParser::parse):
193         * dfg/DFGDriver.cpp:
194         (JSC::DFG::compile):
195         (JSC::DFG::tryCompile):
196         (JSC::DFG::tryCompileFunction):
197         * dfg/DFGDriver.h:
198         (DFG):
199         (JSC::DFG::tryCompile):
200         (JSC::DFG::tryCompileFunction):
201         * dfg/DFGGraph.h:
202         (JSC::DFG::Graph::Graph):
203         (Graph):
204         * jit/JITDriver.h:
205         (JSC::jitCompileIfAppropriate):
206         (JSC::jitCompileFunctionIfAppropriate):
207         * jit/JITStubs.cpp:
208         (JSC::DEFINE_STUB_FUNCTION):
209         * runtime/Executable.cpp:
210         (JSC::EvalExecutable::compileOptimized):
211         (JSC::EvalExecutable::compileInternal):
212         (JSC::ProgramExecutable::compileOptimized):
213         (JSC::ProgramExecutable::compileInternal):
214         (JSC::FunctionExecutable::compileOptimizedForCall):
215         (JSC::FunctionExecutable::compileOptimizedForConstruct):
216         (JSC::FunctionExecutable::compileForCallInternal):
217         (JSC::FunctionExecutable::compileForConstructInternal):
218         * runtime/Executable.h:
219         (EvalExecutable):
220         (ProgramExecutable):
221         (FunctionExecutable):
222         (JSC::FunctionExecutable::compileOptimizedFor):
223         * runtime/ExecutionHarness.h:
224         (JSC::prepareForExecution):
225         (JSC::prepareFunctionForExecution):
226
227 2012-08-17  Filip Pizlo  <fpizlo@apple.com>
228
229         DFG CSE should be more honest about when it changed the IR
230         https://bugs.webkit.org/show_bug.cgi?id=94408
231
232         Reviewed by Geoffrey Garen.
233
234         The CSE phase now always returns true if it changed the IR.
235
236         * dfg/DFGCSEPhase.cpp:
237         (JSC::DFG::CSEPhase::setReplacement):
238         (JSC::DFG::CSEPhase::eliminate):
239         (JSC::DFG::CSEPhase::performNodeCSE):
240
241 2012-08-17  Filip Pizlo  <fpizlo@apple.com>
242
243         DFG is still too pessimistic about what constitutes a side-effect on array accesses
244         https://bugs.webkit.org/show_bug.cgi?id=94309
245
246         Reviewed by Geoffrey Garen.
247
248         This change means that even if structure transition watchpoints are not used for
249         hoisting of clobbered structure checks, we still retain good performance on the
250         benchmarks we care about. That's important, since butterflies will likely make
251         most array structures not watchpointable.
252
253         * dfg/DFGAbstractState.cpp:
254         (JSC::DFG::AbstractState::execute):
255         * dfg/DFGStructureCheckHoistingPhase.cpp:
256         (JSC::DFG::StructureCheckHoistingPhase::run):
257
258 2012-08-17  Milian Wolff  <milian.wolff@kdab.com>
259
260         [Qt] QNX build fails due to ctype usage in system headers
261         https://bugs.webkit.org/show_bug.cgi?id=93849
262
263         Reviewed by Simon Hausmann.
264
265         Move the check for whether DisallowCType should be active or not
266         to the DisallowCType.h header. This way, we can update the list
267         of platforms or OSes which do not work with this header in a
268         central place. All users can now safely include the header
269         and do not need to place custom guards around it.
270
271         * config.h:
272
273 2012-08-16  Simon Hausmann  <simon.hausmann@nokia.com>
274
275         [Qt] Replace use of internal Weak smart pointer with JSWeakObjectMap
276         https://bugs.webkit.org/show_bug.cgi?id=93872
277
278         Reviewed by Kenneth Rohde Christiansen.
279
280         * Target.pri: Add missing JSWeakObjectMap file to build.
281
282 2012-08-16  Filip Pizlo  <fpizlo@apple.com>
283
284         Structure check hoisting should be less expensive
285         https://bugs.webkit.org/show_bug.cgi?id=94201
286
287         Reviewed by Mark Hahnenberg.
288
289         This appears like a broad win on short-running programs.
290
291         * dfg/DFGArgumentsSimplificationPhase.cpp:
292         (JSC::DFG::ArgumentsSimplificationPhase::run):
293         * dfg/DFGCSEPhase.cpp:
294         (JSC::DFG::CSEPhase::performNodeCSE):
295         * dfg/DFGDriver.cpp:
296         (JSC::DFG::compile):
297         * dfg/DFGGraph.h:
298         (JSC::DFG::Graph::compareAndSwap):
299         (Graph):
300         (JSC::DFG::Graph::substitute):
301         (JSC::DFG::Graph::substituteGetLocal):
302         * dfg/DFGStructureCheckHoistingPhase.cpp:
303         (JSC::DFG::StructureCheckHoistingPhase::run):
304
305 2012-08-16  Filip Pizlo  <fpizlo@apple.com>
306
307         All op_resolve_global instructions should end up in the list of global resolve instructions
308         https://bugs.webkit.org/show_bug.cgi?id=94247
309         <rdar://problem/12103500>
310
311         Reviewed by Mark Hahnenberg.
312
313         * bytecompiler/BytecodeGenerator.cpp:
314         (JSC::BytecodeGenerator::emitResolveWithBase):
315
316 2012-08-15  Bruno de Oliveira Abinader  <bruno.abinader@basyskom.com>
317
318         [css3-text] Add CSS3 Text decoration compile flag
319         https://bugs.webkit.org/show_bug.cgi?id=93863
320
321         Reviewed by Julien Chaffraix.
322
323         This patch handles the compile flag implementation, which will come disabled by
324         default, thus not exposing the CSS3 text decoration features to the web, unless
325         when explicitly enabling it with "--css3-text-decoration" build parameter.
326
327         * Configurations/FeatureDefines.xcconfig:
328
329 2012-08-15  Sheriff Bot  <webkit.review.bot@gmail.com>
330
331         Unreviewed, rolling out r125687.
332         http://trac.webkit.org/changeset/125687
333         https://bugs.webkit.org/show_bug.cgi?id=94147
334
335         It broke the whole world (Requested by Ossy_night on #webkit).
336
337         * API/JSValueRef.cpp:
338         (JSValueToBoolean):
339         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
340         * bytecode/Watchpoint.h:
341         (WatchpointSet):
342         * debugger/DebuggerCallFrame.h:
343         * dfg/DFGAbstractState.cpp:
344         (JSC::DFG::AbstractState::execute):
345         * dfg/DFGCFGSimplificationPhase.cpp:
346         (JSC::DFG::CFGSimplificationPhase::run):
347         * dfg/DFGOperations.cpp:
348         * dfg/DFGOperations.h:
349         * dfg/DFGSpeculativeJIT32_64.cpp:
350         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
351         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
352         (JSC::DFG::SpeculativeJIT::compile):
353         * dfg/DFGSpeculativeJIT64.cpp:
354         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
355         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
356         (JSC::DFG::SpeculativeJIT::compile):
357         * interpreter/Interpreter.cpp:
358         (JSC::Interpreter::privateExecute):
359         * jit/JITOpcodes.cpp:
360         (JSC::JIT::emit_op_is_undefined):
361         (JSC::JIT::emit_op_jeq_null):
362         (JSC::JIT::emit_op_jneq_null):
363         (JSC::JIT::emit_op_eq_null):
364         (JSC::JIT::emit_op_neq_null):
365         * jit/JITOpcodes32_64.cpp:
366         (JSC::JIT::emit_op_is_undefined):
367         (JSC::JIT::emit_op_jeq_null):
368         (JSC::JIT::emit_op_jneq_null):
369         (JSC::JIT::emit_op_eq_null):
370         (JSC::JIT::emit_op_neq_null):
371         * jit/JITStubs.cpp:
372         (JSC::DEFINE_STUB_FUNCTION):
373         * llint/LLIntSlowPaths.cpp:
374         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
375         * llint/LowLevelInterpreter32_64.asm:
376         * llint/LowLevelInterpreter64.asm:
377         * runtime/ArrayPrototype.cpp:
378         (JSC::arrayProtoFuncFilter):
379         (JSC::arrayProtoFuncEvery):
380         (JSC::arrayProtoFuncSome):
381         * runtime/BooleanConstructor.cpp:
382         (JSC::constructBoolean):
383         (JSC::callBooleanConstructor):
384         * runtime/JSCell.h:
385         (JSCell):
386         * runtime/JSGlobalObject.cpp:
387         (JSC::JSGlobalObject::JSGlobalObject):
388         * runtime/JSGlobalObject.h:
389         (JSGlobalObject):
390         * runtime/JSString.h:
391         (JSC::JSCell::toBoolean):
392         (JSC::JSValue::toBoolean):
393         * runtime/JSValue.h:
394         * runtime/ObjectConstructor.cpp:
395         (JSC::toPropertyDescriptor):
396         * runtime/Operations.cpp:
397         (JSC::jsTypeStringForValue):
398         (JSC::jsIsObjectType):
399         * runtime/Operations.h:
400         (JSC):
401         (JSC::JSValue::equalSlowCaseInline):
402         * runtime/RegExpConstructor.cpp:
403         (JSC::setRegExpConstructorMultiline):
404         * runtime/RegExpPrototype.cpp:
405         (JSC::regExpProtoFuncToString):
406         * runtime/Structure.h:
407
408 2012-08-15  Gabor Ballabas  <gaborb@inf.u-szeged.hu>
409
410         Buildfix after r125541
411         https://bugs.webkit.org/show_bug.cgi?id=94097
412
413         Reviewed by Filip Pizlo.
414
415         r125541 has broken the traditional ARM port build of JSC.
416
417         * assembler/MacroAssemblerARM.h:
418         (JSC::MacroAssemblerARM::neg32):
419         (JSC::MacroAssemblerARM::xor32):
420
421 2012-08-14  Mark Hahnenberg  <mhahnenberg@apple.com>
422
423         Change behavior of MasqueradesAsUndefined to better accommodate DFG changes
424         https://bugs.webkit.org/show_bug.cgi?id=93884
425
426         Reviewed by Geoffrey Garen.
427
428         With some upcoming changes to the DFG to remove uses of ClassInfo, we will be changing the behavior of 
429         MasqueradesAsUndefined. In order to make this change consistent across all of our execution engines, 
430         we will make this change to MasqueradesAsUndefined as a separate patch. After this patch, MasqueradesAsUndefined 
431         objects will only masquerade as undefined in their original context (i.e. their original JSGlobalObject). 
432         For example, if an object that masquerades as undefined in frame A is passed to frame B, it will not 
433         masquerade as undefined within frame B, but it will continue to masquerade in frame A.
434
435         There are two primary changes that are taking place here. One is to thread the ExecState* through 
436         JSValue::toBoolean and JSCell::toBoolean so that JSCell::toBoolean can check the object's 
437         JSGlobalObject to compare it to the lexical JSGlobalObject of the currently running code. If the two 
438         are distinct, then the object cannot MasqueradeAsUndefined.
439
440         The other change is to perform this comparison of JSGlobalObjects everywhere where the MasqueradesAsUndefined
441         flag in the Structure is checked. For C++ code, this check has been factored into its own function in 
442         Structure::masqueradesAsUndefined. We only perform this check in the DFG if the current JSGlobalObject has 
443         had a MasqueradesAsUndefined object allocated within its context. This conditional compilation is managed 
444         through the use of a WatchpointSet in each JSGlobalObject and alternate create() functions for JS DOM wrappers
445         that are MasqueradesAsUndefined.
446
447         * API/JSValueRef.cpp:
448         (JSValueToBoolean):
449         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
450         * bytecode/Watchpoint.h:
451         (WatchpointSet):
452         * debugger/DebuggerCallFrame.h:
453         (JSC::DebuggerCallFrame::callFrame):
454         * dfg/DFGAbstractState.cpp:
455         (JSC::DFG::AbstractState::execute):
456         * dfg/DFGCFGSimplificationPhase.cpp:
457         (JSC::DFG::CFGSimplificationPhase::run):
458         * dfg/DFGOperations.cpp:
459         * dfg/DFGOperations.h:
460         * dfg/DFGSpeculativeJIT32_64.cpp:
461         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
462         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
463         (JSC::DFG::SpeculativeJIT::compile):
464         * dfg/DFGSpeculativeJIT64.cpp:
465         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
466         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
467         (JSC::DFG::SpeculativeJIT::compile):
468         * interpreter/Interpreter.cpp:
469         (JSC::Interpreter::privateExecute):
470         * jit/JITOpcodes.cpp:
471         (JSC::JIT::emit_op_is_undefined):
472         (JSC::JIT::emit_op_jeq_null):
473         (JSC::JIT::emit_op_jneq_null):
474         (JSC::JIT::emit_op_eq_null):
475         (JSC::JIT::emit_op_neq_null):
476         * jit/JITOpcodes32_64.cpp:
477         (JSC::JIT::emit_op_is_undefined):
478         (JSC::JIT::emit_op_jeq_null):
479         (JSC::JIT::emit_op_jneq_null):
480         (JSC::JIT::emit_op_eq_null):
481         (JSC::JIT::emit_op_neq_null):
482         * jit/JITStubs.cpp:
483         (JSC::DEFINE_STUB_FUNCTION):
484         * llint/LLIntSlowPaths.cpp:
485         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
486         * llint/LowLevelInterpreter32_64.asm:
487         * llint/LowLevelInterpreter64.asm:
488         * runtime/ArrayPrototype.cpp:
489         (JSC::arrayProtoFuncFilter):
490         (JSC::arrayProtoFuncEvery):
491         (JSC::arrayProtoFuncSome):
492         * runtime/BooleanConstructor.cpp:
493         (JSC::constructBoolean):
494         (JSC::callBooleanConstructor):
495         * runtime/JSCell.h:
496         (JSCell):
497         * runtime/JSGlobalObject.cpp:
498         (JSC::JSGlobalObject::JSGlobalObject):
499         * runtime/JSGlobalObject.h:
500         (JSGlobalObject):
501         (JSC::JSGlobalObject::masqueradesAsUndefinedWatchpoint):
502         * runtime/JSString.h:
503         (JSC::JSCell::toBoolean):
504         (JSC::JSValue::toBoolean):
505         * runtime/JSValue.h:
506         * runtime/ObjectConstructor.cpp:
507         (JSC::toPropertyDescriptor):
508         * runtime/Operations.cpp:
509         (JSC::jsTypeStringForValue):
510         (JSC::jsIsObjectType):
511         * runtime/Operations.h:
512         (JSC):
513         (JSC::JSValue::equalSlowCaseInline):
514         * runtime/RegExpConstructor.cpp:
515         (JSC::setRegExpConstructorMultiline):
516         * runtime/RegExpPrototype.cpp:
517         (JSC::regExpProtoFuncToString):
518         * runtime/Structure.h:
519         (Structure):
520         (JSC::Structure::globalObjectOffset):
521         (JSC::Structure::masqueradesAsUndefined):
522         (JSC):
523
524 2012-08-14  Filip Pizlo  <fpizlo@apple.com>
525
526         Unreviewed, build fix for !ENABLE(DFG_JIT)
527
528         * jit/JITPropertyAccess.cpp:
529         (JSC::JIT::emit_op_get_by_val):
530         (JSC::JIT::emit_op_put_by_val):
531         (JSC::JIT::privateCompilePatchGetArrayLength):
532         * jit/JITPropertyAccess32_64.cpp:
533         (JSC::JIT::emit_op_get_by_val):
534         (JSC::JIT::emit_op_put_by_val):
535         (JSC::JIT::privateCompilePatchGetArrayLength):
536         * llint/LowLevelInterpreter32_64.asm:
537         * llint/LowLevelInterpreter64.asm:
538
539 2012-08-13  Filip Pizlo  <fpizlo@apple.com>
540
541         Array checks should use the structure, not the class info
542         https://bugs.webkit.org/show_bug.cgi?id=93150
543
544         Reviewed by Mark Hahnenberg.
545
546         This changes all array checks used in array accesses (get, put, get length,
547         push, pop) to use the structure, not the class info. Additionally, these
548         checks in the LLInt and baseline JIT record the structure in an ArrayProfile,
549         so that the DFG can know exactly what structure to check for.
550         
551         * CMakeLists.txt:
552         * GNUmakefile.list.am:
553         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
554         * JavaScriptCore.xcodeproj/project.pbxproj:
555         * Target.pri:
556         * bytecode/ArrayProfile.cpp: Added.
557         (JSC):
558         (JSC::ArrayProfile::computeUpdatedPrediction):
559         * bytecode/ArrayProfile.h: Added.
560         (JSC):
561         (JSC::arrayModeFromStructure):
562         (ArrayProfile):
563         (JSC::ArrayProfile::ArrayProfile):
564         (JSC::ArrayProfile::bytecodeOffset):
565         (JSC::ArrayProfile::addressOfLastSeenStructure):
566         (JSC::ArrayProfile::observeStructure):
567         (JSC::ArrayProfile::expectedStructure):
568         (JSC::ArrayProfile::structureIsPolymorphic):
569         (JSC::ArrayProfile::hasDefiniteStructure):
570         (JSC::ArrayProfile::observedArrayModes):
571         * bytecode/CodeBlock.cpp:
572         (JSC::CodeBlock::dump):
573         (JSC::CodeBlock::getArrayProfile):
574         (JSC):
575         (JSC::CodeBlock::getOrAddArrayProfile):
576         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
577         * bytecode/CodeBlock.h:
578         (JSC::CodeBlock::executionEntryCount):
579         (JSC::CodeBlock::numberOfArrayProfiles):
580         (JSC::CodeBlock::arrayProfiles):
581         (JSC::CodeBlock::addArrayProfile):
582         (CodeBlock):
583         * bytecode/Instruction.h:
584         (JSC):
585         (JSC::Instruction::Instruction):
586         * bytecode/Opcode.h:
587         (JSC):
588         (JSC::padOpcodeName):
589         * bytecompiler/BytecodeGenerator.cpp:
590         (JSC::BytecodeGenerator::emitGetArgumentByVal):
591         (JSC::BytecodeGenerator::emitGetByVal):
592         (JSC::BytecodeGenerator::emitPutByVal):
593         * dfg/DFGAbstractState.cpp:
594         (JSC::DFG::AbstractState::initialize):
595         (JSC::DFG::AbstractState::execute):
596         * dfg/DFGAbstractValue.h:
597         (JSC::DFG::StructureAbstractValue::hasSingleton):
598         (StructureAbstractValue):
599         (JSC::DFG::StructureAbstractValue::singleton):
600         * dfg/DFGArgumentsSimplificationPhase.cpp:
601         (JSC::DFG::ArgumentsSimplificationPhase::run):
602         * dfg/DFGByteCodeParser.cpp:
603         (JSC::DFG::ByteCodeParser::parseBlock):
604         * dfg/DFGFixupPhase.cpp:
605         (JSC::DFG::FixupPhase::fixupNode):
606         * dfg/DFGSpeculativeJIT.cpp:
607         (JSC::DFG::SpeculativeJIT::speculateArray):
608         (DFG):
609         (JSC::DFG::SpeculativeJIT::compile):
610         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
611         (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
612         * dfg/DFGSpeculativeJIT.h:
613         (SpeculativeJIT):
614         * dfg/DFGSpeculativeJIT32_64.cpp:
615         (JSC::DFG::SpeculativeJIT::compile):
616         * dfg/DFGSpeculativeJIT64.cpp:
617         (JSC::DFG::SpeculativeJIT::compile):
618         * dfg/DFGStructureCheckHoistingPhase.cpp:
619         (JSC::DFG::StructureCheckHoistingPhase::run):
620         * jit/JITPropertyAccess.cpp:
621         (JSC::JIT::emit_op_get_by_val):
622         (JSC::JIT::emit_op_put_by_val):
623         (JSC::JIT::privateCompilePatchGetArrayLength):
624         * jit/JITPropertyAccess32_64.cpp:
625         (JSC::JIT::emit_op_get_by_val):
626         (JSC::JIT::emit_op_put_by_val):
627         (JSC::JIT::privateCompilePatchGetArrayLength):
628         * llint/LLIntOffsetsExtractor.cpp:
629         * llint/LowLevelInterpreter32_64.asm:
630         * llint/LowLevelInterpreter64.asm:
631         * runtime/Structure.h:
632         (Structure):
633         (JSC::Structure::classInfoOffset):
634
635 2012-08-14  Gabor Ballabas  <gaborb@inf.u-szeged.hu>
636
637         Rename functions in the ARM port of DFG-JIT for better code readability.
638         https://bugs.webkit.org/show_bug.cgi?id=93609
639
640         Reviewed by Zoltan Herczeg.
641
642         Rename functions in the ARM port of DFG-JIT for better code
643         readability, and for following the WebKit coding style
644         wherever it is possible.
645
646         * assembler/ARMAssembler.cpp:
647         (JSC::ARMAssembler::genInt):
648         (JSC::ARMAssembler::getImm):
649         (JSC::ARMAssembler::moveImm):
650         (JSC::ARMAssembler::encodeComplexImm):
651         (JSC::ARMAssembler::dataTransfer32):
652         (JSC::ARMAssembler::baseIndexTransfer32):
653         (JSC::ARMAssembler::dataTransfer16):
654         (JSC::ARMAssembler::baseIndexTransfer16):
655         (JSC::ARMAssembler::dataTransferFloat):
656         (JSC::ARMAssembler::baseIndexTransferFloat):
657         * assembler/ARMAssembler.h:
658         (JSC::ARMAssembler::bitAnd):
659         (JSC::ARMAssembler::bitAnds):
660         (JSC::ARMAssembler::eor):
661         (JSC::ARMAssembler::eors):
662         (JSC::ARMAssembler::sub):
663         (JSC::ARMAssembler::subs):
664         (JSC::ARMAssembler::rsb):
665         (JSC::ARMAssembler::rsbs):
666         (JSC::ARMAssembler::add):
667         (JSC::ARMAssembler::adds):
668         (JSC::ARMAssembler::adc):
669         (JSC::ARMAssembler::adcs):
670         (JSC::ARMAssembler::sbc):
671         (JSC::ARMAssembler::sbcs):
672         (JSC::ARMAssembler::rsc):
673         (JSC::ARMAssembler::rscs):
674         (JSC::ARMAssembler::tst):
675         (JSC::ARMAssembler::teq):
676         (JSC::ARMAssembler::cmp):
677         (JSC::ARMAssembler::cmn):
678         (JSC::ARMAssembler::orr):
679         (JSC::ARMAssembler::orrs):
680         (JSC::ARMAssembler::mov):
681         (JSC::ARMAssembler::movw):
682         (JSC::ARMAssembler::movt):
683         (JSC::ARMAssembler::movs):
684         (JSC::ARMAssembler::bic):
685         (JSC::ARMAssembler::bics):
686         (JSC::ARMAssembler::mvn):
687         (JSC::ARMAssembler::mvns):
688         (JSC::ARMAssembler::mul):
689         (JSC::ARMAssembler::muls):
690         (JSC::ARMAssembler::mull):
691         (JSC::ARMAssembler::vmov_f64):
692         (JSC::ARMAssembler::vadd_f64):
693         (JSC::ARMAssembler::vdiv_f64):
694         (JSC::ARMAssembler::vsub_f64):
695         (JSC::ARMAssembler::vmul_f64):
696         (JSC::ARMAssembler::vcmp_f64):
697         (JSC::ARMAssembler::vsqrt_f64):
698         (JSC::ARMAssembler::vabs_f64):
699         (JSC::ARMAssembler::vneg_f64):
700         (JSC::ARMAssembler::ldrImmediate):
701         (JSC::ARMAssembler::ldrUniqueImmediate):
702         (JSC::ARMAssembler::dtrUp):
703         (JSC::ARMAssembler::dtrUpRegister):
704         (JSC::ARMAssembler::dtrDown):
705         (JSC::ARMAssembler::dtrDownRegister):
706         (JSC::ARMAssembler::halfDtrUp):
707         (JSC::ARMAssembler::halfDtrUpRegister):
708         (JSC::ARMAssembler::halfDtrDown):
709         (JSC::ARMAssembler::halfDtrDownRegister):
710         (JSC::ARMAssembler::doubleDtrUp):
711         (JSC::ARMAssembler::doubleDtrDown):
712         (JSC::ARMAssembler::push):
713         (JSC::ARMAssembler::pop):
714         (JSC::ARMAssembler::poke):
715         (JSC::ARMAssembler::peek):
716         (JSC::ARMAssembler::vmov_vfp64):
717         (JSC::ARMAssembler::vmov_arm64):
718         (JSC::ARMAssembler::vmov_vfp32):
719         (JSC::ARMAssembler::vmov_arm32):
720         (JSC::ARMAssembler::vcvt_f64_s32):
721         (JSC::ARMAssembler::vcvt_s32_f64):
722         (JSC::ARMAssembler::vcvt_u32_f64):
723         (JSC::ARMAssembler::vcvt_f64_f32):
724         (JSC::ARMAssembler::vcvt_f32_f64):
725         (JSC::ARMAssembler::clz):
726         (JSC::ARMAssembler::lslRegister):
727         (JSC::ARMAssembler::lsrRegister):
728         (JSC::ARMAssembler::asrRegister):
729         (JSC::ARMAssembler::align):
730         (JSC::ARMAssembler::loadBranchTarget):
731         (JSC::ARMAssembler::vmov):
732         * assembler/MacroAssemblerARM.cpp:
733         (JSC::MacroAssemblerARM::load32WithUnalignedHalfWords):
734         * assembler/MacroAssemblerARM.h:
735         (JSC::MacroAssemblerARM::add32):
736         (JSC::MacroAssemblerARM::and32):
737         (JSC::MacroAssemblerARM::lshift32):
738         (JSC::MacroAssemblerARM::mul32):
739         (JSC::MacroAssemblerARM::or32):
740         (JSC::MacroAssemblerARM::rshift32):
741         (JSC::MacroAssemblerARM::urshift32):
742         (JSC::MacroAssemblerARM::sub32):
743         (JSC::MacroAssemblerARM::xor32):
744         (JSC::MacroAssemblerARM::countLeadingZeros32):
745         (JSC::MacroAssemblerARM::convertibleLoadPtr):
746         (JSC::MacroAssemblerARM::load32WithAddressOffsetPatch):
747         (JSC::MacroAssemblerARM::load32WithCompactAddressOffsetPatch):
748         (JSC::MacroAssemblerARM::store32WithAddressOffsetPatch):
749         (JSC::MacroAssemblerARM::store32):
750         (JSC::MacroAssemblerARM::pop):
751         (JSC::MacroAssemblerARM::push):
752         (JSC::MacroAssemblerARM::move):
753         (JSC::MacroAssemblerARM::swap):
754         (JSC::MacroAssemblerARM::branch32):
755         (JSC::MacroAssemblerARM::branchTest32):
756         (JSC::MacroAssemblerARM::mull32):
757         (JSC::MacroAssemblerARM::branchSub32):
758         (JSC::MacroAssemblerARM::compare32):
759         (JSC::MacroAssemblerARM::test32):
760         (JSC::MacroAssemblerARM::load32):
761         (JSC::MacroAssemblerARM::relativeTableJump):
762         (JSC::MacroAssemblerARM::moveWithPatch):
763         (JSC::MacroAssemblerARM::loadDouble):
764         (JSC::MacroAssemblerARM::moveDouble):
765         (JSC::MacroAssemblerARM::addDouble):
766         (JSC::MacroAssemblerARM::divDouble):
767         (JSC::MacroAssemblerARM::subDouble):
768         (JSC::MacroAssemblerARM::mulDouble):
769         (JSC::MacroAssemblerARM::sqrtDouble):
770         (JSC::MacroAssemblerARM::absDouble):
771         (JSC::MacroAssemblerARM::negateDouble):
772         (JSC::MacroAssemblerARM::convertInt32ToDouble):
773         (JSC::MacroAssemblerARM::convertFloatToDouble):
774         (JSC::MacroAssemblerARM::convertDoubleToFloat):
775         (JSC::MacroAssemblerARM::branchDouble):
776         (JSC::MacroAssemblerARM::branchTruncateDoubleToInt32):
777         (JSC::MacroAssemblerARM::branchTruncateDoubleToUint32):
778         (JSC::MacroAssemblerARM::truncateDoubleToInt32):
779         (JSC::MacroAssemblerARM::truncateDoubleToUint32):
780         (JSC::MacroAssemblerARM::branchConvertDoubleToInt32):
781         (JSC::MacroAssemblerARM::branchDoubleNonZero):
782         (JSC::MacroAssemblerARM::branchDoubleZeroOrNaN):
783
784 2012-08-13  Simon Hausmann  <simon.hausmann@nokia.com>
785
786         Unreviewed, rolling out r125444.
787         http://trac.webkit.org/changeset/125444
788         https://bugs.webkit.org/show_bug.cgi?id=93872
789
790         Broke some tests
791
792         * Target.pri:
793
794 2012-08-13  Simon Hausmann  <simon.hausmann@nokia.com>
795
796         [Qt] Replace use of internal Weak smart pointer with JSWeakObjectMap
797         https://bugs.webkit.org/show_bug.cgi?id=93872
798
799         Reviewed by Kenneth Rohde Christiansen.
800
801         * Target.pri: Add missing JSWeakObjectMap file to build.
802
803 2012-08-13  Raphael Kubo da Costa  <rakuco@webkit.org>
804
805         [CMake] Remove glib-related Find modules and write single new one instead.
806         https://bugs.webkit.org/show_bug.cgi?id=93786
807
808         Reviewed by Rob Buis.
809
810         * shell/PlatformEfl.cmake: Use GLIB_* instead of Glib_*.
811
812 2012-08-12  Allan Sandfeld Jensen  <allan.jensen@nokia.com>
813
814         Doesn't build with ENABLE_JIT=0
815         https://bugs.webkit.org/show_bug.cgi?id=85042
816
817         Reviewed by Eric Seidel.
818
819         Include headers without which CallFrame.h does not build, and
820         fix gcc warning about comparing unsigned int with 0.
821
822         * dfg/DFGDriver.cpp:
823         * interpreter/Interpreter.cpp:
824         (JSC::Interpreter::isOpcode):
825
826 2012-08-10  Yong Li  <yoli@rim.com>
827
828         [BlackBerry] GCActivityCallback should always schedule GC even allocated bytes is a small number
829         https://bugs.webkit.org/show_bug.cgi?id=93650
830
831         Reviewed by Rob Buis.
832
833         Even a small number of allocated JS objects could hold expensive resources.
834
835         * runtime/GCActivityCallbackBlackBerry.cpp:
836         (JSC::DefaultGCActivityCallback::didAllocate):
837
838 2012-08-09  Yong Li  <yoli@rim.com>
839
840         [QNX] Implement getCPUTime() for OS(QNX)
841         https://bugs.webkit.org/show_bug.cgi?id=93516
842
843         Reviewed by George Staikos.
844
845         Implement getCPUTime() with CLOCK_THREAD_CPUTIME_ID so it will tell
846         exactly how long the current thread has spent without being impacted
847         by other things.
848
849         * runtime/TimeoutChecker.cpp:
850         (JSC::getCPUTime):
851
852 2012-08-08  Shane Stephens  <shanestephens@google.com>
853
854         Compile flag for CSS Hierarchies
855         https://bugs.webkit.org/show_bug.cgi?id=92433
856
857         Reviewed by Tony Chang.
858
859         * Configurations/FeatureDefines.xcconfig:
860
861 2012-08-08  Benjamin Poulain  <bpoulain@apple.com>
862
863         Use char* instead of LChar* for the public interface of String construction from literals
864         https://bugs.webkit.org/show_bug.cgi?id=93402
865
866         Reviewed by Michael Saboff.
867
868         Update JSC' Identifier to use StringImpl::createFromLiteral with a char*.
869
870         * runtime/Identifier.cpp:
871         (JSC::IdentifierASCIIStringTranslator::translate):
872
873 2012-08-08  Patrick Gansterer  <paroga@webkit.org>
874
875         Remove ce_time.(cpp|h) from list of source files
876         https://bugs.webkit.org/show_bug.cgi?id=93446
877
878         Reviewed by Simon Hausmann.
879
880         r125004 removed the last dependency on functions defined in ce_time.cpp.
881
882         * Target.pri:
883
884 2012-08-08  Patrick Gansterer  <paroga@webkit.org>
885
886         [WIN] Use GetTimeZoneInformation() for getting the timezone name
887         https://bugs.webkit.org/show_bug.cgi?id=91936
888
889         Reviewed by Ryosuke Niwa.
890
891         The MS CRT implementation of strftime calls the same functions in the background.
892         Using them directly avoids the overhead of parsing the format string and removes
893         the dependency on strftime() for WinCE where this function does not exist.
894
895         * runtime/DateConversion.cpp:
896         (JSC::formatTime):
897
898 2012-08-07  Gabor Ballabas  <gaborb@inf.u-szeged.hu>
899
900         Refactor magic numbers in the ARM port of DFG-JIT
901         https://bugs.webkit.org/show_bug.cgi?id=93348
902
903         Reviewed by Eric Seidel.
904
905         Introduce new names for hard-coded magic numbers.
906         Refactor constant with confusing names to more descriptive ones.
907
908         * assembler/ARMAssembler.cpp:
909         (JSC::ARMAssembler::patchConstantPoolLoad):
910         (JSC::ARMAssembler::getOp2):
911         (JSC::ARMAssembler::genInt):
912         (JSC::ARMAssembler::getImm):
913         (JSC::ARMAssembler::moveImm):
914         (JSC::ARMAssembler::encodeComplexImm):
915         (JSC::ARMAssembler::dataTransfer32):
916         (JSC::ARMAssembler::dataTransfer16):
917         (JSC::ARMAssembler::dataTransferFloat):
918         (JSC::ARMAssembler::executableCopy):
919         * assembler/ARMAssembler.h:
920         (JSC::ARMAssembler::emitInstruction):
921         (JSC::ARMAssembler::ands_r):
922         (JSC::ARMAssembler::eors_r):
923         (JSC::ARMAssembler::subs_r):
924         (JSC::ARMAssembler::rsbs_r):
925         (JSC::ARMAssembler::adds_r):
926         (JSC::ARMAssembler::adcs_r):
927         (JSC::ARMAssembler::sbcs_r):
928         (JSC::ARMAssembler::rscs_r):
929         (JSC::ARMAssembler::tst_r):
930         (JSC::ARMAssembler::teq_r):
931         (JSC::ARMAssembler::cmp_r):
932         (JSC::ARMAssembler::cmn_r):
933         (JSC::ARMAssembler::orrs_r):
934         (JSC::ARMAssembler::movs_r):
935         (JSC::ARMAssembler::bics_r):
936         (JSC::ARMAssembler::mvns_r):
937         (JSC::ARMAssembler::muls_r):
938         (JSC::ARMAssembler::ldr_imm):
939         (JSC::ARMAssembler::ldr_un_imm):
940         (JSC::ARMAssembler::dtr_u):
941         (JSC::ARMAssembler::dtr_ur):
942         (JSC::ARMAssembler::dtr_dr):
943         (JSC::ARMAssembler::dtrh_u):
944         (JSC::ARMAssembler::dtrh_ur):
945         (JSC::ARMAssembler::fdtr_u):
946         (JSC::ARMAssembler::push_r):
947         (JSC::ARMAssembler::pop_r):
948         (JSC::ARMAssembler::getLdrImmAddress):
949         (JSC::ARMAssembler::getLdrImmAddressOnPool):
950         (JSC::ARMAssembler::patchConstantPoolLoad):
951         (JSC::ARMAssembler::repatchCompact):
952         (JSC::ARMAssembler::replaceWithJump):
953         (JSC::ARMAssembler::replaceWithLoad):
954         (JSC::ARMAssembler::replaceWithAddressComputation):
955         (JSC::ARMAssembler::getOp2Byte):
956         (JSC::ARMAssembler::getOp2Half):
957         (JSC::ARMAssembler::getImm16Op2):
958         (JSC::ARMAssembler::placeConstantPoolBarrier):
959         (JSC::ARMAssembler::getConditionalField):
960         * assembler/MacroAssemblerARM.cpp:
961         (JSC::MacroAssemblerARM::load32WithUnalignedHalfWords):
962         * assembler/MacroAssemblerARM.h:
963         (JSC::MacroAssemblerARM::and32):
964         (JSC::MacroAssemblerARM::branch32):
965         (JSC::MacroAssemblerARM::branchTest32):
966         (JSC::MacroAssemblerARM::branchTruncateDoubleToInt32):
967
968 2012-08-07  Benjamin Poulain  <benjamin@webkit.org>
969
970         Use the initialization from literal for JSC's Identifiers
971         https://bugs.webkit.org/show_bug.cgi?id=93193
972
973         Reviewed by Geoffrey Garen.
974
975         This patches modify Identifier ot take advantage of the new initialization from literal.
976
977         In addition to the memory savings (~600bytes per instance), this gives us a 2% speed
978         improvement on CommonIdentifiers on average.
979
980         * runtime/CommonIdentifiers.cpp:
981         (JSC::CommonIdentifiers::CommonIdentifiers):
982         Null and empty strings are forbidden for literal initialization. Use the most efficient constructors
983         instead of a literal.
984
985         * runtime/Identifier.cpp:
986         (IdentifierASCIIStringTranslator):
987         Rename IdentifierCStringTranslator to IdentifierASCIIStringTranslator to make the text encoding
988         explicit.
989         (JSC::IdentifierASCIIStringTranslator::hash):
990         (JSC::IdentifierASCIIStringTranslator::equal):
991         (JSC::IdentifierASCIIStringTranslator::translate): Use the fast initialization from literal.
992         (JSC::Identifier::add):
993         * runtime/Identifier.h:
994         (JSC::Identifier::Identifier):
995
996 2012-08-07  Simon Hausmann  <simon.hausmann@nokia.com>
997
998         [Qt][Win] Remove pthreads linkage
999
1000         Reviewed by Csaba Osztrogonác.
1001
1002         After r124823 linkage to pthreads is not needed anymore for the Windows
1003         build.
1004
1005         * JavaScriptCore.pri:
1006
1007 2012-08-07  Gabor Ballabas  <gaborb@inf.u-szeged.hu>
1008
1009         Refactor emit*Inst functions and introduce toARMWord functions in DFG-JIT's traditional ARM port
1010         https://bugs.webkit.org/show_bug.cgi?id=93266
1011
1012         Reviewed by Csaba Osztrogonác.
1013
1014         First part of a bigger refactoring issue trying to make traditional
1015         ARM DFG-JIT port easier to read and understand.
1016
1017
1018         * assembler/ARMAssembler.h:
1019         (JSC::ARMAssembler::emitInstruction):
1020         (JSC::ARMAssembler::emitDoublePrecisionInstruction):
1021         (JSC::ARMAssembler::emitSinglePrecisionInstruction):
1022         (JSC::ARMAssembler::and_r):
1023         (JSC::ARMAssembler::ands_r):
1024         (JSC::ARMAssembler::eor_r):
1025         (JSC::ARMAssembler::eors_r):
1026         (JSC::ARMAssembler::sub_r):
1027         (JSC::ARMAssembler::subs_r):
1028         (JSC::ARMAssembler::rsb_r):
1029         (JSC::ARMAssembler::rsbs_r):
1030         (JSC::ARMAssembler::add_r):
1031         (JSC::ARMAssembler::adds_r):
1032         (JSC::ARMAssembler::adc_r):
1033         (JSC::ARMAssembler::adcs_r):
1034         (JSC::ARMAssembler::sbc_r):
1035         (JSC::ARMAssembler::sbcs_r):
1036         (JSC::ARMAssembler::rsc_r):
1037         (JSC::ARMAssembler::rscs_r):
1038         (JSC::ARMAssembler::tst_r):
1039         (JSC::ARMAssembler::teq_r):
1040         (JSC::ARMAssembler::cmp_r):
1041         (JSC::ARMAssembler::cmn_r):
1042         (JSC::ARMAssembler::orr_r):
1043         (JSC::ARMAssembler::orrs_r):
1044         (JSC::ARMAssembler::mov_r):
1045         (JSC::ARMAssembler::movw_r):
1046         (JSC::ARMAssembler::movt_r):
1047         (JSC::ARMAssembler::movs_r):
1048         (JSC::ARMAssembler::bic_r):
1049         (JSC::ARMAssembler::bics_r):
1050         (JSC::ARMAssembler::mvn_r):
1051         (JSC::ARMAssembler::mvns_r):
1052         (JSC::ARMAssembler::mul_r):
1053         (JSC::ARMAssembler::muls_r):
1054         (JSC::ARMAssembler::mull_r):
1055         (JSC::ARMAssembler::vmov_f64_r):
1056         (JSC::ARMAssembler::vadd_f64_r):
1057         (JSC::ARMAssembler::vdiv_f64_r):
1058         (JSC::ARMAssembler::vsub_f64_r):
1059         (JSC::ARMAssembler::vmul_f64_r):
1060         (JSC::ARMAssembler::vcmp_f64_r):
1061         (JSC::ARMAssembler::vsqrt_f64_r):
1062         (JSC::ARMAssembler::vabs_f64_r):
1063         (JSC::ARMAssembler::vneg_f64_r):
1064         (JSC::ARMAssembler::ldr_imm):
1065         (JSC::ARMAssembler::ldr_un_imm):
1066         (JSC::ARMAssembler::dtr_u):
1067         (JSC::ARMAssembler::dtr_ur):
1068         (JSC::ARMAssembler::dtr_d):
1069         (JSC::ARMAssembler::dtr_dr):
1070         (JSC::ARMAssembler::dtrh_u):
1071         (JSC::ARMAssembler::dtrh_ur):
1072         (JSC::ARMAssembler::dtrh_d):
1073         (JSC::ARMAssembler::dtrh_dr):
1074         (JSC::ARMAssembler::fdtr_u):
1075         (JSC::ARMAssembler::fdtr_d):
1076         (JSC::ARMAssembler::push_r):
1077         (JSC::ARMAssembler::pop_r):
1078         (JSC::ARMAssembler::vmov_vfp64_r):
1079         (JSC::ARMAssembler::vmov_arm64_r):
1080         (JSC::ARMAssembler::vmov_vfp32_r):
1081         (JSC::ARMAssembler::vmov_arm32_r):
1082         (JSC::ARMAssembler::vcvt_f64_s32_r):
1083         (JSC::ARMAssembler::vcvt_s32_f64_r):
1084         (JSC::ARMAssembler::vcvt_u32_f64_r):
1085         (JSC::ARMAssembler::vcvt_f64_f32_r):
1086         (JSC::ARMAssembler::vcvt_f32_f64_r):
1087         (JSC::ARMAssembler::vmrs_apsr):
1088         (JSC::ARMAssembler::clz_r):
1089         (JSC::ARMAssembler::bx):
1090         (JSC::ARMAssembler::blx):
1091         (JSC::ARMAssembler::linkJump):
1092         (JSC::ARMAssembler::toARMWord):
1093         (ARMAssembler):
1094
1095 2012-08-06  Patrick Gansterer  <paroga@webkit.org>
1096
1097         [WIN] Remove dependency on pthread from MachineStackMarker
1098         https://bugs.webkit.org/show_bug.cgi?id=68429
1099
1100         Reviewed by Geoffrey Garen.
1101
1102         Windows has no support for calling a destructor for thread specific data.
1103         Since we need more control over creating and deleting thread specific keys
1104         we can not simply extend WTF::ThreadSpecific with this functionality.
1105
1106         All thread specific keys created via the new API get stored in a list.
1107         After a thread function finished we iterate over this list and call
1108         the registered destructor for every item if needed.
1109
1110         * heap/MachineStackMarker.cpp:  Use the new functions instead of pthread directly.
1111         (JSC::MachineThreads::~MachineThreads):
1112         (JSC::MachineThreads::makeUsableFromMultipleThreads):
1113         (JSC::MachineThreads::addCurrentThread):
1114         * heap/MachineStackMarker.h:
1115         (MachineThreads):
1116
1117 2012-08-06  Patrick Gansterer  <paroga@webkit.org>
1118
1119         Unify JSC date and time formating functions
1120         https://bugs.webkit.org/show_bug.cgi?id=92282
1121
1122         Reviewed by Geoffrey Garen.
1123
1124         Replace the existing functions for formating GregorianDateTime
1125         with one single function. This removes some code duplications
1126         in DatePrototype and is a preperation to fix encoding issues,
1127         since we can add UChar* values to the resulting string now.
1128
1129         * runtime/DateConstructor.cpp:
1130         (JSC::callDate):
1131         * runtime/DateConversion.cpp:
1132         (JSC::formatDateTime):
1133         * runtime/DateConversion.h:
1134         (JSC):
1135         * runtime/DatePrototype.cpp:
1136         (JSC::formateDateInstance):
1137         (JSC::dateProtoFuncToString):
1138         (JSC::dateProtoFuncToUTCString):
1139         (JSC::dateProtoFuncToDateString):
1140         (JSC::dateProtoFuncToTimeString):
1141         (JSC::dateProtoFuncToGMTString):
1142
1143 2012-08-06  Carlos Garcia Campos  <cgarcia@igalia.com>
1144
1145         Unreviewed. Fix make distcheck.
1146
1147         * GNUmakefile.list.am: Add missing header file.
1148
1149 2012-08-05  Peter Wang  <peter.wang@torchmobile.com.cn>
1150
1151         Web Inspector: [JSC] implement setting breakpoints by line:column
1152         https://bugs.webkit.org/show_bug.cgi?id=53003
1153
1154         Reviewed by Geoffrey Garen.
1155
1156         Add a counter to Lexer to record the column info of each Token. Add a column parameter to
1157         op_debug, cti_op_debug, and _llint_op_debug byte-code command.
1158
1159         * bytecode/CodeBlock.cpp:
1160         (JSC::CodeBlock::dump):
1161         * bytecode/Opcode.h:
1162         (JSC):
1163         (JSC::padOpcodeName):
1164         * bytecompiler/BytecodeGenerator.cpp:
1165         (JSC::BytecodeGenerator::resolve):
1166         (JSC::BytecodeGenerator::emitDebugHook):
1167         * bytecompiler/BytecodeGenerator.h:
1168         (BytecodeGenerator):
1169         * bytecompiler/NodesCodegen.cpp:
1170         (JSC::ArrayNode::toArgumentList):
1171         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1172         (JSC::ConstStatementNode::emitBytecode):
1173         (JSC::EmptyStatementNode::emitBytecode):
1174         (JSC::DebuggerStatementNode::emitBytecode):
1175         (JSC::ExprStatementNode::emitBytecode):
1176         (JSC::VarStatementNode::emitBytecode):
1177         (JSC::IfNode::emitBytecode):
1178         (JSC::IfElseNode::emitBytecode):
1179         (JSC::DoWhileNode::emitBytecode):
1180         (JSC::WhileNode::emitBytecode):
1181         (JSC::ForNode::emitBytecode):
1182         (JSC::ForInNode::emitBytecode):
1183         (JSC::ContinueNode::emitBytecode):
1184         (JSC::BreakNode::emitBytecode):
1185         (JSC::ReturnNode::emitBytecode):
1186         (JSC::WithNode::emitBytecode):
1187         (JSC::SwitchNode::emitBytecode):
1188         (JSC::LabelNode::emitBytecode):
1189         (JSC::ThrowNode::emitBytecode):
1190         (JSC::TryNode::emitBytecode):
1191         (JSC::ProgramNode::emitBytecode):
1192         (JSC::EvalNode::emitBytecode):
1193         (JSC::FunctionBodyNode::emitBytecode):
1194         * debugger/Debugger.h:
1195         * interpreter/Interpreter.cpp:
1196         (JSC::Interpreter::unwindCallFrame):
1197         (JSC::Interpreter::throwException):
1198         (JSC::Interpreter::debug):
1199         (JSC::Interpreter::privateExecute):
1200         * interpreter/Interpreter.h:
1201         (Interpreter):
1202         * jit/JITOpcodes.cpp:
1203         (JSC::JIT::emit_op_debug):
1204         * jit/JITOpcodes32_64.cpp:
1205         (JSC::JIT::emit_op_debug):
1206         * jit/JITStubs.cpp:
1207         (JSC::DEFINE_STUB_FUNCTION):
1208         * llint/LLIntSlowPaths.cpp:
1209         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1210         * llint/LowLevelInterpreter.asm:
1211         * parser/ASTBuilder.h:
1212         (ASTBuilder):
1213         (JSC::ASTBuilder::createCommaExpr):
1214         (JSC::ASTBuilder::createLogicalNot):
1215         (JSC::ASTBuilder::createUnaryPlus):
1216         (JSC::ASTBuilder::createVoid):
1217         (JSC::ASTBuilder::thisExpr):
1218         (JSC::ASTBuilder::createResolve):
1219         (JSC::ASTBuilder::createObjectLiteral):
1220         (JSC::ASTBuilder::createArray):
1221         (JSC::ASTBuilder::createNumberExpr):
1222         (JSC::ASTBuilder::createString):
1223         (JSC::ASTBuilder::createBoolean):
1224         (JSC::ASTBuilder::createNull):
1225         (JSC::ASTBuilder::createBracketAccess):
1226         (JSC::ASTBuilder::createDotAccess):
1227         (JSC::ASTBuilder::createRegExp):
1228         (JSC::ASTBuilder::createNewExpr):
1229         (JSC::ASTBuilder::createConditionalExpr):
1230         (JSC::ASTBuilder::createAssignResolve):
1231         (JSC::ASTBuilder::createFunctionExpr):
1232         (JSC::ASTBuilder::createFunctionBody):
1233         (JSC::ASTBuilder::createGetterOrSetterProperty):
1234         (JSC::ASTBuilder::createArgumentsList):
1235         (JSC::ASTBuilder::createPropertyList):
1236         (JSC::ASTBuilder::createFuncDeclStatement):
1237         (JSC::ASTBuilder::createBlockStatement):
1238         (JSC::ASTBuilder::createExprStatement):
1239         (JSC::ASTBuilder::createIfStatement):
1240         (JSC::ASTBuilder::createForLoop):
1241         (JSC::ASTBuilder::createForInLoop):
1242         (JSC::ASTBuilder::createEmptyStatement):
1243         (JSC::ASTBuilder::createVarStatement):
1244         (JSC::ASTBuilder::createReturnStatement):
1245         (JSC::ASTBuilder::createBreakStatement):
1246         (JSC::ASTBuilder::createContinueStatement):
1247         (JSC::ASTBuilder::createTryStatement):
1248         (JSC::ASTBuilder::createSwitchStatement):
1249         (JSC::ASTBuilder::createWhileStatement):
1250         (JSC::ASTBuilder::createDoWhileStatement):
1251         (JSC::ASTBuilder::createLabelStatement):
1252         (JSC::ASTBuilder::createWithStatement):
1253         (JSC::ASTBuilder::createThrowStatement):
1254         (JSC::ASTBuilder::createDebugger):
1255         (JSC::ASTBuilder::createConstStatement):
1256         (JSC::ASTBuilder::appendConstDecl):
1257         (JSC::ASTBuilder::combineCommaNodes):
1258         (JSC::ASTBuilder::appendBinaryOperation):
1259         (JSC::ASTBuilder::createAssignment):
1260         (JSC::ASTBuilder::createNumber):
1261         (JSC::ASTBuilder::makeTypeOfNode):
1262         (JSC::ASTBuilder::makeDeleteNode):
1263         (JSC::ASTBuilder::makeNegateNode):
1264         (JSC::ASTBuilder::makeBitwiseNotNode):
1265         (JSC::ASTBuilder::makeMultNode):
1266         (JSC::ASTBuilder::makeDivNode):
1267         (JSC::ASTBuilder::makeModNode):
1268         (JSC::ASTBuilder::makeAddNode):
1269         (JSC::ASTBuilder::makeSubNode):
1270         (JSC::ASTBuilder::makeLeftShiftNode):
1271         (JSC::ASTBuilder::makeRightShiftNode):
1272         (JSC::ASTBuilder::makeURightShiftNode):
1273         (JSC::ASTBuilder::makeBitOrNode):
1274         (JSC::ASTBuilder::makeBitAndNode):
1275         (JSC::ASTBuilder::makeBitXOrNode):
1276         (JSC::ASTBuilder::makeFunctionCallNode):
1277         (JSC::ASTBuilder::makeBinaryNode):
1278         (JSC::ASTBuilder::makeAssignNode):
1279         (JSC::ASTBuilder::makePrefixNode):
1280         (JSC::ASTBuilder::makePostfixNode):
1281         * parser/Lexer.cpp:
1282         (JSC::::setCode):
1283         (JSC::::internalShift):
1284         (JSC::::shift):
1285         (JSC::::lex):
1286         * parser/Lexer.h:
1287         (Lexer):
1288         (JSC::Lexer::currentColumnNumber):
1289         (JSC::::lexExpectIdentifier):
1290         * parser/NodeConstructors.h:
1291         (JSC::Node::Node):
1292         (JSC::ExpressionNode::ExpressionNode):
1293         (JSC::StatementNode::StatementNode):
1294         (JSC::NullNode::NullNode):
1295         (JSC::BooleanNode::BooleanNode):
1296         (JSC::NumberNode::NumberNode):
1297         (JSC::StringNode::StringNode):
1298         (JSC::RegExpNode::RegExpNode):
1299         (JSC::ThisNode::ThisNode):
1300         (JSC::ResolveNode::ResolveNode):
1301         (JSC::ArrayNode::ArrayNode):
1302         (JSC::PropertyListNode::PropertyListNode):
1303         (JSC::ObjectLiteralNode::ObjectLiteralNode):
1304         (JSC::BracketAccessorNode::BracketAccessorNode):
1305         (JSC::DotAccessorNode::DotAccessorNode):
1306         (JSC::ArgumentListNode::ArgumentListNode):
1307         (JSC::NewExprNode::NewExprNode):
1308         (JSC::EvalFunctionCallNode::EvalFunctionCallNode):
1309         (JSC::FunctionCallValueNode::FunctionCallValueNode):
1310         (JSC::FunctionCallResolveNode::FunctionCallResolveNode):
1311         (JSC::FunctionCallBracketNode::FunctionCallBracketNode):
1312         (JSC::FunctionCallDotNode::FunctionCallDotNode):
1313         (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
1314         (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
1315         (JSC::PrePostResolveNode::PrePostResolveNode):
1316         (JSC::PostfixResolveNode::PostfixResolveNode):
1317         (JSC::PostfixBracketNode::PostfixBracketNode):
1318         (JSC::PostfixDotNode::PostfixDotNode):
1319         (JSC::PostfixErrorNode::PostfixErrorNode):
1320         (JSC::DeleteResolveNode::DeleteResolveNode):
1321         (JSC::DeleteBracketNode::DeleteBracketNode):
1322         (JSC::DeleteDotNode::DeleteDotNode):
1323         (JSC::DeleteValueNode::DeleteValueNode):
1324         (JSC::VoidNode::VoidNode):
1325         (JSC::TypeOfResolveNode::TypeOfResolveNode):
1326         (JSC::TypeOfValueNode::TypeOfValueNode):
1327         (JSC::PrefixResolveNode::PrefixResolveNode):
1328         (JSC::PrefixBracketNode::PrefixBracketNode):
1329         (JSC::PrefixDotNode::PrefixDotNode):
1330         (JSC::PrefixErrorNode::PrefixErrorNode):
1331         (JSC::UnaryOpNode::UnaryOpNode):
1332         (JSC::UnaryPlusNode::UnaryPlusNode):
1333         (JSC::NegateNode::NegateNode):
1334         (JSC::BitwiseNotNode::BitwiseNotNode):
1335         (JSC::LogicalNotNode::LogicalNotNode):
1336         (JSC::BinaryOpNode::BinaryOpNode):
1337         (JSC::MultNode::MultNode):
1338         (JSC::DivNode::DivNode):
1339         (JSC::ModNode::ModNode):
1340         (JSC::AddNode::AddNode):
1341         (JSC::SubNode::SubNode):
1342         (JSC::LeftShiftNode::LeftShiftNode):
1343         (JSC::RightShiftNode::RightShiftNode):
1344         (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
1345         (JSC::LessNode::LessNode):
1346         (JSC::GreaterNode::GreaterNode):
1347         (JSC::LessEqNode::LessEqNode):
1348         (JSC::GreaterEqNode::GreaterEqNode):
1349         (JSC::ThrowableBinaryOpNode::ThrowableBinaryOpNode):
1350         (JSC::InstanceOfNode::InstanceOfNode):
1351         (JSC::InNode::InNode):
1352         (JSC::EqualNode::EqualNode):
1353         (JSC::NotEqualNode::NotEqualNode):
1354         (JSC::StrictEqualNode::StrictEqualNode):
1355         (JSC::NotStrictEqualNode::NotStrictEqualNode):
1356         (JSC::BitAndNode::BitAndNode):
1357         (JSC::BitOrNode::BitOrNode):
1358         (JSC::BitXOrNode::BitXOrNode):
1359         (JSC::LogicalOpNode::LogicalOpNode):
1360         (JSC::ConditionalNode::ConditionalNode):
1361         (JSC::ReadModifyResolveNode::ReadModifyResolveNode):
1362         (JSC::AssignResolveNode::AssignResolveNode):
1363         (JSC::ReadModifyBracketNode::ReadModifyBracketNode):
1364         (JSC::AssignBracketNode::AssignBracketNode):
1365         (JSC::AssignDotNode::AssignDotNode):
1366         (JSC::ReadModifyDotNode::ReadModifyDotNode):
1367         (JSC::AssignErrorNode::AssignErrorNode):
1368         (JSC::CommaNode::CommaNode):
1369         (JSC::ConstStatementNode::ConstStatementNode):
1370         (JSC::EmptyStatementNode::EmptyStatementNode):
1371         (JSC::DebuggerStatementNode::DebuggerStatementNode):
1372         (JSC::ExprStatementNode::ExprStatementNode):
1373         (JSC::VarStatementNode::VarStatementNode):
1374         (JSC::IfNode::IfNode):
1375         (JSC::IfElseNode::IfElseNode):
1376         (JSC::DoWhileNode::DoWhileNode):
1377         (JSC::WhileNode::WhileNode):
1378         (JSC::ForNode::ForNode):
1379         (JSC::ContinueNode::ContinueNode):
1380         (JSC::BreakNode::BreakNode):
1381         (JSC::ReturnNode::ReturnNode):
1382         (JSC::WithNode::WithNode):
1383         (JSC::LabelNode::LabelNode):
1384         (JSC::ThrowNode::ThrowNode):
1385         (JSC::TryNode::TryNode):
1386         (JSC::FuncExprNode::FuncExprNode):
1387         (JSC::FuncDeclNode::FuncDeclNode):
1388         (JSC::SwitchNode::SwitchNode):
1389         (JSC::ConstDeclNode::ConstDeclNode):
1390         (JSC::BlockNode::BlockNode):
1391         (JSC::ForInNode::ForInNode):
1392         * parser/Nodes.cpp:
1393         (JSC::StatementNode::setLoc):
1394         (JSC):
1395         (JSC::ScopeNode::ScopeNode):
1396         (JSC::ProgramNode::ProgramNode):
1397         (JSC::ProgramNode::create):
1398         (JSC::EvalNode::EvalNode):
1399         (JSC::EvalNode::create):
1400         (JSC::FunctionBodyNode::FunctionBodyNode):
1401         (JSC::FunctionBodyNode::create):
1402         * parser/Nodes.h:
1403         (Node):
1404         (JSC::Node::columnNo):
1405         (ExpressionNode):
1406         (StatementNode):
1407         (JSC::StatementNode::column):
1408         (NullNode):
1409         (BooleanNode):
1410         (NumberNode):
1411         (StringNode):
1412         (RegExpNode):
1413         (ThisNode):
1414         (ResolveNode):
1415         (ArrayNode):
1416         (PropertyListNode):
1417         (ObjectLiteralNode):
1418         (BracketAccessorNode):
1419         (DotAccessorNode):
1420         (ArgumentListNode):
1421         (NewExprNode):
1422         (EvalFunctionCallNode):
1423         (FunctionCallValueNode):
1424         (FunctionCallResolveNode):
1425         (FunctionCallBracketNode):
1426         (FunctionCallDotNode):
1427         (CallFunctionCallDotNode):
1428         (ApplyFunctionCallDotNode):
1429         (PrePostResolveNode):
1430         (PostfixResolveNode):
1431         (PostfixBracketNode):
1432         (PostfixDotNode):
1433         (PostfixErrorNode):
1434         (DeleteResolveNode):
1435         (DeleteBracketNode):
1436         (DeleteDotNode):
1437         (DeleteValueNode):
1438         (VoidNode):
1439         (TypeOfResolveNode):
1440         (TypeOfValueNode):
1441         (PrefixResolveNode):
1442         (PrefixBracketNode):
1443         (PrefixDotNode):
1444         (PrefixErrorNode):
1445         (UnaryOpNode):
1446         (UnaryPlusNode):
1447         (NegateNode):
1448         (BitwiseNotNode):
1449         (LogicalNotNode):
1450         (BinaryOpNode):
1451         (MultNode):
1452         (DivNode):
1453         (ModNode):
1454         (AddNode):
1455         (SubNode):
1456         (LeftShiftNode):
1457         (RightShiftNode):
1458         (UnsignedRightShiftNode):
1459         (LessNode):
1460         (GreaterNode):
1461         (LessEqNode):
1462         (GreaterEqNode):
1463         (ThrowableBinaryOpNode):
1464         (InstanceOfNode):
1465         (InNode):
1466         (EqualNode):
1467         (NotEqualNode):
1468         (StrictEqualNode):
1469         (NotStrictEqualNode):
1470         (BitAndNode):
1471         (BitOrNode):
1472         (BitXOrNode):
1473         (LogicalOpNode):
1474         (ConditionalNode):
1475         (ReadModifyResolveNode):
1476         (AssignResolveNode):
1477         (ReadModifyBracketNode):
1478         (AssignBracketNode):
1479         (AssignDotNode):
1480         (ReadModifyDotNode):
1481         (AssignErrorNode):
1482         (CommaNode):
1483         (ConstDeclNode):
1484         (ConstStatementNode):
1485         (BlockNode):
1486         (EmptyStatementNode):
1487         (DebuggerStatementNode):
1488         (ExprStatementNode):
1489         (VarStatementNode):
1490         (IfNode):
1491         (IfElseNode):
1492         (DoWhileNode):
1493         (WhileNode):
1494         (ForNode):
1495         (ForInNode):
1496         (ContinueNode):
1497         (BreakNode):
1498         (ReturnNode):
1499         (WithNode):
1500         (LabelNode):
1501         (ThrowNode):
1502         (TryNode):
1503         (ScopeNode):
1504         (ProgramNode):
1505         (EvalNode):
1506         (FunctionBodyNode):
1507         (FuncExprNode):
1508         (FuncDeclNode):
1509         (SwitchNode):
1510         * parser/Parser.cpp:
1511         (JSC::::parseSourceElements):
1512         (JSC::::parseVarDeclaration):
1513         (JSC::::parseConstDeclaration):
1514         (JSC::::parseDoWhileStatement):
1515         (JSC::::parseWhileStatement):
1516         (JSC::::parseVarDeclarationList):
1517         (JSC::::parseConstDeclarationList):
1518         (JSC::::parseForStatement):
1519         (JSC::::parseBreakStatement):
1520         (JSC::::parseContinueStatement):
1521         (JSC::::parseReturnStatement):
1522         (JSC::::parseThrowStatement):
1523         (JSC::::parseWithStatement):
1524         (JSC::::parseSwitchStatement):
1525         (JSC::::parseTryStatement):
1526         (JSC::::parseDebuggerStatement):
1527         (JSC::::parseBlockStatement):
1528         (JSC::::parseStatement):
1529         (JSC::::parseFunctionBody):
1530         (JSC::::parseFunctionInfo):
1531         (JSC::::parseFunctionDeclaration):
1532         (JSC::::parseExpressionOrLabelStatement):
1533         (JSC::::parseExpressionStatement):
1534         (JSC::::parseIfStatement):
1535         (JSC::::parseExpression):
1536         (JSC::::parseAssignmentExpression):
1537         (JSC::::parseConditionalExpression):
1538         (JSC::::parseBinaryExpression):
1539         (JSC::::parseProperty):
1540         (JSC::::parseObjectLiteral):
1541         (JSC::::parseStrictObjectLiteral):
1542         (JSC::::parseArrayLiteral):
1543         (JSC::::parsePrimaryExpression):
1544         (JSC::::parseArguments):
1545         (JSC::::parseMemberExpression):
1546         (JSC::::parseUnaryExpression):
1547         * parser/Parser.h:
1548         (JSC::Parser::next):
1549         (JSC::Parser::nextExpectIdentifier):
1550         (JSC::Parser::tokenStart):
1551         (JSC::Parser::tokenLine):
1552         (JSC::Parser::tokenEnd):
1553         (JSC::Parser::tokenLocation):
1554         (Parser):
1555         (JSC::Parser::getTokenName):
1556         (JSC::::parse):
1557         * parser/ParserTokens.h:
1558         (JSC::JSTokenLocation::JSTokenLocation):
1559         (JSTokenLocation):
1560         (JSToken):
1561         * parser/SourceProviderCacheItem.h:
1562         (JSC::SourceProviderCacheItem::closeBraceToken):
1563         * parser/SyntaxChecker.h:
1564         (JSC::SyntaxChecker::makeFunctionCallNode):
1565         (JSC::SyntaxChecker::createCommaExpr):
1566         (JSC::SyntaxChecker::makeAssignNode):
1567         (JSC::SyntaxChecker::makePrefixNode):
1568         (JSC::SyntaxChecker::makePostfixNode):
1569         (JSC::SyntaxChecker::makeTypeOfNode):
1570         (JSC::SyntaxChecker::makeDeleteNode):
1571         (JSC::SyntaxChecker::makeNegateNode):
1572         (JSC::SyntaxChecker::makeBitwiseNotNode):
1573         (JSC::SyntaxChecker::createLogicalNot):
1574         (JSC::SyntaxChecker::createUnaryPlus):
1575         (JSC::SyntaxChecker::createVoid):
1576         (JSC::SyntaxChecker::thisExpr):
1577         (JSC::SyntaxChecker::createResolve):
1578         (JSC::SyntaxChecker::createObjectLiteral):
1579         (JSC::SyntaxChecker::createArray):
1580         (JSC::SyntaxChecker::createNumberExpr):
1581         (JSC::SyntaxChecker::createString):
1582         (JSC::SyntaxChecker::createBoolean):
1583         (JSC::SyntaxChecker::createNull):
1584         (JSC::SyntaxChecker::createBracketAccess):
1585         (JSC::SyntaxChecker::createDotAccess):
1586         (JSC::SyntaxChecker::createRegExp):
1587         (JSC::SyntaxChecker::createNewExpr):
1588         (JSC::SyntaxChecker::createConditionalExpr):
1589         (JSC::SyntaxChecker::createAssignResolve):
1590         (JSC::SyntaxChecker::createFunctionExpr):
1591         (JSC::SyntaxChecker::createFunctionBody):
1592         (JSC::SyntaxChecker::createArgumentsList):
1593         (JSC::SyntaxChecker::createPropertyList):
1594         (JSC::SyntaxChecker::createFuncDeclStatement):
1595         (JSC::SyntaxChecker::createBlockStatement):
1596         (JSC::SyntaxChecker::createExprStatement):
1597         (JSC::SyntaxChecker::createIfStatement):
1598         (JSC::SyntaxChecker::createForLoop):
1599         (JSC::SyntaxChecker::createForInLoop):
1600         (JSC::SyntaxChecker::createEmptyStatement):
1601         (JSC::SyntaxChecker::createVarStatement):
1602         (JSC::SyntaxChecker::createReturnStatement):
1603         (JSC::SyntaxChecker::createBreakStatement):
1604         (JSC::SyntaxChecker::createContinueStatement):
1605         (JSC::SyntaxChecker::createTryStatement):
1606         (JSC::SyntaxChecker::createSwitchStatement):
1607         (JSC::SyntaxChecker::createWhileStatement):
1608         (JSC::SyntaxChecker::createWithStatement):
1609         (JSC::SyntaxChecker::createDoWhileStatement):
1610         (JSC::SyntaxChecker::createLabelStatement):
1611         (JSC::SyntaxChecker::createThrowStatement):
1612         (JSC::SyntaxChecker::createDebugger):
1613         (JSC::SyntaxChecker::createConstStatement):
1614         (JSC::SyntaxChecker::appendConstDecl):
1615         (JSC::SyntaxChecker::createGetterOrSetterProperty):
1616         (JSC::SyntaxChecker::combineCommaNodes):
1617         (JSC::SyntaxChecker::operatorStackPop):
1618
1619 2012-08-03  Filip Pizlo  <fpizlo@apple.com>
1620
1621         Crashes in dfgBuildPutByIdList when clicking on just about anything on Google Maps
1622         https://bugs.webkit.org/show_bug.cgi?id=92691
1623
1624         Reviewed by Mark Hahnenberg.
1625
1626         The state of the stubs was changing after we determined the type (by virtue of the slow path
1627         function that was called), since the get or put (in this case put) could cause arbitrary
1628         side effects. Perhaps a full-blown fix would be to eliminate our reliance of the slow path
1629         function to determine what to do, but an easier fix for now is to have the slow path give up
1630         if its assumptions were invalidated by a side effect.
1631
1632         * dfg/DFGOperations.cpp:
1633         * jit/JITStubs.cpp:
1634         (JSC::DEFINE_STUB_FUNCTION):
1635
1636 2012-08-03  Filip Pizlo  <fpizlo@apple.com>
1637
1638         DFG handling of get_by_id should always inject a ForceOSRExit node if there is no prediction
1639         https://bugs.webkit.org/show_bug.cgi?id=93162
1640
1641         Reviewed by Mark Hahnenberg.
1642
1643         This simplifies the DFG IR by ensuring that all nodes that use value profiles will be preceded
1644         by a ForceOSRExit if the value profile had no data.
1645
1646         * dfg/DFGByteCodeParser.cpp:
1647         (JSC::DFG::ByteCodeParser::parseBlock):
1648
1649 2012-08-03  Filip Pizlo  <fpizlo@apple.com>
1650
1651         DFG::StructureCheckHoistingPhase keeps a Node& around for too long
1652         https://bugs.webkit.org/show_bug.cgi?id=93157
1653
1654         Reviewed by Mark Hahnenberg.
1655
1656         * dfg/DFGStructureCheckHoistingPhase.cpp:
1657         (JSC::DFG::StructureCheckHoistingPhase::run):
1658
1659 2012-08-02  Patrick Gansterer  <paroga@webkit.org>
1660
1661         Move getLocalTime() as static inline function to DateMath
1662         https://bugs.webkit.org/show_bug.cgi?id=92955
1663
1664         Reviewed by Ryosuke Niwa.
1665
1666         getCurrentLocalTime() and getLocalTime() has been superseded with the
1667         GregorianDateTime class. So we can move it into DateMath.cpp as an static inline
1668         function. This allows us to remove the dependecy on time() and localtime()
1669         for Windows CE, where this functions require the ce_time library to work.
1670
1671         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1672
1673 2012-08-02  Filip Pizlo  <fpizlo@apple.com>
1674
1675         ASSERTION FAILED: at(m_compileIndex).canExit() || m_isCheckingArgumentTypes
1676         https://bugs.webkit.org/show_bug.cgi?id=91074
1677
1678         Reviewed by Mark Hahnenberg.
1679
1680         Fixes a bug where the speculative JIT was performing an unnecessary speculation that the
1681         CFA had proven shouldn't be performed, leading to asserts that a node should not have
1682         exit sites. This is a debug-only assert with no release symptom - we were just emitting
1683         a check that was not reachable.
1684         
1685         Also found, and fixed, a bug where structure check hoisting was slightly confusing the
1686         CFA by inserting GetLocal's into the graph. CSE would clean the GetLocal's up, which
1687         would make the backend happy - but the CFA would produce subtly wrong results.
1688
1689         * bytecode/SpeculatedType.h:
1690         (JSC::isOtherOrEmptySpeculation):
1691         (JSC):
1692         * dfg/DFGDriver.cpp:
1693         (JSC::DFG::compile):
1694         * dfg/DFGGraph.cpp:
1695         (JSC::DFG::Graph::dump):
1696         * dfg/DFGSpeculativeJIT64.cpp:
1697         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
1698         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
1699
1700 2012-08-02  Filip Pizlo  <fpizlo@apple.com>
1701
1702         Unreviewed, build fix for DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE).
1703
1704         * dfg/DFGStructureCheckHoistingPhase.cpp:
1705         (JSC::DFG::StructureCheckHoistingPhase::run):
1706
1707 2012-08-01  Mark Hahnenberg  <mhahnenberg@apple.com>
1708
1709         Remove all uses of ClassInfo for JSStrings in JIT code
1710         https://bugs.webkit.org/show_bug.cgi?id=92935
1711
1712         Reviewed by Geoffrey Garen.
1713
1714         This is the first step in removing our dependence on in-object ClassInfo pointers
1715         in JIT code. Most of the changes are to check the Structure, which is unique for 
1716         JSString primitives.
1717
1718         * bytecode/SpeculatedType.cpp:
1719         (JSC::speculationFromClassInfo):
1720         (JSC::speculationFromStructure): Changed to check the TypeInfo in the Structure
1721         since there wasn't a JSGlobalData immediately available to grab the JSString 
1722         Structure out of.
1723         * dfg/DFGSpeculativeJIT.cpp:
1724         (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
1725         * dfg/DFGSpeculativeJIT32_64.cpp:
1726         (JSC::DFG::SpeculativeJIT::compile):
1727         * dfg/DFGSpeculativeJIT64.cpp:
1728         (JSC::DFG::SpeculativeJIT::compile):
1729         * jit/JITInlineMethods.h:
1730         (JSC::JIT::emitLoadCharacterString):
1731         * jit/JITOpcodes.cpp:
1732         (JSC::JIT::privateCompileCTIMachineTrampolines):
1733         (JSC::JIT::emit_op_to_primitive):
1734         (JSC::JIT::emit_op_convert_this):
1735         * jit/JITOpcodes32_64.cpp:
1736         (JSC::JIT::privateCompileCTIMachineTrampolines):
1737         (JSC::JIT::emit_op_to_primitive):
1738         (JSC::JIT::emitSlow_op_eq):
1739         (JSC::JIT::emitSlow_op_neq):
1740         (JSC::JIT::compileOpStrictEq):
1741         (JSC::JIT::emit_op_convert_this):
1742         * jit/JITPropertyAccess.cpp:
1743         (JSC::JIT::stringGetByValStubGenerator):
1744         (JSC::JIT::emitSlow_op_get_by_val):
1745         * jit/JITPropertyAccess32_64.cpp:
1746         (JSC::JIT::stringGetByValStubGenerator):
1747         (JSC::JIT::emitSlow_op_get_by_val):
1748         * jit/SpecializedThunkJIT.h:
1749         (JSC::SpecializedThunkJIT::loadJSStringArgument):
1750         * jit/ThunkGenerators.cpp:
1751         (JSC::stringCharLoad):
1752         (JSC::charCodeAtThunkGenerator):
1753         (JSC::charAtThunkGenerator):
1754
1755 2012-08-02  Filip Pizlo  <fpizlo@apple.com>
1756
1757         Unreviewed, missed a style goof in the previous patch: "NodeIndex nodeIndex"
1758         in a method signature is painfully redundant.
1759
1760         * dfg/DFGSpeculativeJIT.h:
1761         (SpeculativeJIT):
1762
1763 2012-08-02  Filip Pizlo  <fpizlo@apple.com>
1764
1765         DFGSpeculativeJIT.h has too many inline method bodies
1766         https://bugs.webkit.org/show_bug.cgi?id=92957
1767
1768         Reviewed by Antti Koivisto.
1769
1770         * dfg/DFGSpeculativeJIT.cpp:
1771         (JSC::DFG::SpeculativeJIT::speculationCheck):
1772         (DFG):
1773         (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
1774         (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
1775         (JSC::DFG::SpeculativeJIT::speculationCheckWithConditionalDirection):
1776         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
1777         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecutionWithConditionalDirection):
1778         * dfg/DFGSpeculativeJIT.h:
1779         (SpeculativeJIT):
1780
1781 2012-08-01  Sheriff Bot  <webkit.review.bot@gmail.com>
1782
1783         Unreviewed, rolling out r124406.
1784         http://trac.webkit.org/changeset/124406
1785         https://bugs.webkit.org/show_bug.cgi?id=92951
1786
1787         it set the Mac bots on fire (Requested by pizlo on #webkit).
1788
1789         * bytecode/Opcode.h:
1790         (JSC):
1791         (JSC::padOpcodeName):
1792         * bytecompiler/BytecodeGenerator.cpp:
1793         (JSC::BytecodeGenerator::emitDebugHook):
1794         * bytecompiler/BytecodeGenerator.h:
1795         (BytecodeGenerator):
1796         * bytecompiler/NodesCodegen.cpp:
1797         (JSC::ArrayNode::toArgumentList):
1798         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1799         (JSC::ConditionalNode::emitBytecode):
1800         (JSC::ConstStatementNode::emitBytecode):
1801         (JSC::EmptyStatementNode::emitBytecode):
1802         (JSC::DebuggerStatementNode::emitBytecode):
1803         (JSC::ExprStatementNode::emitBytecode):
1804         (JSC::VarStatementNode::emitBytecode):
1805         (JSC::IfNode::emitBytecode):
1806         (JSC::IfElseNode::emitBytecode):
1807         (JSC::DoWhileNode::emitBytecode):
1808         (JSC::WhileNode::emitBytecode):
1809         (JSC::ForNode::emitBytecode):
1810         (JSC::ForInNode::emitBytecode):
1811         (JSC::ContinueNode::emitBytecode):
1812         (JSC::BreakNode::emitBytecode):
1813         (JSC::ReturnNode::emitBytecode):
1814         (JSC::WithNode::emitBytecode):
1815         (JSC::SwitchNode::emitBytecode):
1816         (JSC::LabelNode::emitBytecode):
1817         (JSC::ThrowNode::emitBytecode):
1818         (JSC::TryNode::emitBytecode):
1819         (JSC::ProgramNode::emitBytecode):
1820         (JSC::EvalNode::emitBytecode):
1821         (JSC::FunctionBodyNode::emitBytecode):
1822         * debugger/Debugger.h:
1823         * interpreter/Interpreter.cpp:
1824         (JSC::Interpreter::unwindCallFrame):
1825         (JSC::Interpreter::throwException):
1826         (JSC::Interpreter::debug):
1827         * interpreter/Interpreter.h:
1828         (Interpreter):
1829         * jit/JITOpcodes.cpp:
1830         (JSC::JIT::emit_op_debug):
1831         * jit/JITOpcodes32_64.cpp:
1832         (JSC::JIT::emit_op_debug):
1833         * jit/JITStubs.cpp:
1834         (JSC::DEFINE_STUB_FUNCTION):
1835         * llint/LLIntSlowPaths.cpp:
1836         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1837         * parser/ASTBuilder.h:
1838         (ASTBuilder):
1839         (JSC::ASTBuilder::createCommaExpr):
1840         (JSC::ASTBuilder::createLogicalNot):
1841         (JSC::ASTBuilder::createUnaryPlus):
1842         (JSC::ASTBuilder::createVoid):
1843         (JSC::ASTBuilder::thisExpr):
1844         (JSC::ASTBuilder::createResolve):
1845         (JSC::ASTBuilder::createObjectLiteral):
1846         (JSC::ASTBuilder::createArray):
1847         (JSC::ASTBuilder::createNumberExpr):
1848         (JSC::ASTBuilder::createString):
1849         (JSC::ASTBuilder::createBoolean):
1850         (JSC::ASTBuilder::createNull):
1851         (JSC::ASTBuilder::createBracketAccess):
1852         (JSC::ASTBuilder::createDotAccess):
1853         (JSC::ASTBuilder::createRegExp):
1854         (JSC::ASTBuilder::createNewExpr):
1855         (JSC::ASTBuilder::createConditionalExpr):
1856         (JSC::ASTBuilder::createAssignResolve):
1857         (JSC::ASTBuilder::createFunctionExpr):
1858         (JSC::ASTBuilder::createFunctionBody):
1859         (JSC::ASTBuilder::createGetterOrSetterProperty):
1860         (JSC::ASTBuilder::createArgumentsList):
1861         (JSC::ASTBuilder::createPropertyList):
1862         (JSC::ASTBuilder::createFuncDeclStatement):
1863         (JSC::ASTBuilder::createBlockStatement):
1864         (JSC::ASTBuilder::createExprStatement):
1865         (JSC::ASTBuilder::createIfStatement):
1866         (JSC::ASTBuilder::createForLoop):
1867         (JSC::ASTBuilder::createForInLoop):
1868         (JSC::ASTBuilder::createEmptyStatement):
1869         (JSC::ASTBuilder::createVarStatement):
1870         (JSC::ASTBuilder::createReturnStatement):
1871         (JSC::ASTBuilder::createBreakStatement):
1872         (JSC::ASTBuilder::createContinueStatement):
1873         (JSC::ASTBuilder::createTryStatement):
1874         (JSC::ASTBuilder::createSwitchStatement):
1875         (JSC::ASTBuilder::createWhileStatement):
1876         (JSC::ASTBuilder::createDoWhileStatement):
1877         (JSC::ASTBuilder::createLabelStatement):
1878         (JSC::ASTBuilder::createWithStatement):
1879         (JSC::ASTBuilder::createThrowStatement):
1880         (JSC::ASTBuilder::createDebugger):
1881         (JSC::ASTBuilder::createConstStatement):
1882         (JSC::ASTBuilder::appendConstDecl):
1883         (JSC::ASTBuilder::combineCommaNodes):
1884         (JSC::ASTBuilder::appendBinaryOperation):
1885         (JSC::ASTBuilder::createAssignment):
1886         (JSC::ASTBuilder::createNumber):
1887         (JSC::ASTBuilder::makeTypeOfNode):
1888         (JSC::ASTBuilder::makeDeleteNode):
1889         (JSC::ASTBuilder::makeNegateNode):
1890         (JSC::ASTBuilder::makeBitwiseNotNode):
1891         (JSC::ASTBuilder::makeMultNode):
1892         (JSC::ASTBuilder::makeDivNode):
1893         (JSC::ASTBuilder::makeModNode):
1894         (JSC::ASTBuilder::makeAddNode):
1895         (JSC::ASTBuilder::makeSubNode):
1896         (JSC::ASTBuilder::makeLeftShiftNode):
1897         (JSC::ASTBuilder::makeRightShiftNode):
1898         (JSC::ASTBuilder::makeURightShiftNode):
1899         (JSC::ASTBuilder::makeBitOrNode):
1900         (JSC::ASTBuilder::makeBitAndNode):
1901         (JSC::ASTBuilder::makeBitXOrNode):
1902         (JSC::ASTBuilder::makeFunctionCallNode):
1903         (JSC::ASTBuilder::makeBinaryNode):
1904         (JSC::ASTBuilder::makeAssignNode):
1905         (JSC::ASTBuilder::makePrefixNode):
1906         (JSC::ASTBuilder::makePostfixNode):
1907         * parser/Lexer.cpp:
1908         (JSC::::setCode):
1909         (JSC::::internalShift):
1910         (JSC::::shift):
1911         (JSC::::lex):
1912         * parser/Lexer.h:
1913         (Lexer):
1914         (JSC::::lexExpectIdentifier):
1915         * parser/NodeConstructors.h:
1916         (JSC::Node::Node):
1917         (JSC::ExpressionNode::ExpressionNode):
1918         (JSC::StatementNode::StatementNode):
1919         (JSC::NullNode::NullNode):
1920         (JSC::BooleanNode::BooleanNode):
1921         (JSC::NumberNode::NumberNode):
1922         (JSC::StringNode::StringNode):
1923         (JSC::RegExpNode::RegExpNode):
1924         (JSC::ThisNode::ThisNode):
1925         (JSC::ResolveNode::ResolveNode):
1926         (JSC::ArrayNode::ArrayNode):
1927         (JSC::PropertyListNode::PropertyListNode):
1928         (JSC::ObjectLiteralNode::ObjectLiteralNode):
1929         (JSC::BracketAccessorNode::BracketAccessorNode):
1930         (JSC::DotAccessorNode::DotAccessorNode):
1931         (JSC::ArgumentListNode::ArgumentListNode):
1932         (JSC::NewExprNode::NewExprNode):
1933         (JSC::EvalFunctionCallNode::EvalFunctionCallNode):
1934         (JSC::FunctionCallValueNode::FunctionCallValueNode):
1935         (JSC::FunctionCallResolveNode::FunctionCallResolveNode):
1936         (JSC::FunctionCallBracketNode::FunctionCallBracketNode):
1937         (JSC::FunctionCallDotNode::FunctionCallDotNode):
1938         (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
1939         (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
1940         (JSC::PrePostResolveNode::PrePostResolveNode):
1941         (JSC::PostfixResolveNode::PostfixResolveNode):
1942         (JSC::PostfixBracketNode::PostfixBracketNode):
1943         (JSC::PostfixDotNode::PostfixDotNode):
1944         (JSC::PostfixErrorNode::PostfixErrorNode):
1945         (JSC::DeleteResolveNode::DeleteResolveNode):
1946         (JSC::DeleteBracketNode::DeleteBracketNode):
1947         (JSC::DeleteDotNode::DeleteDotNode):
1948         (JSC::DeleteValueNode::DeleteValueNode):
1949         (JSC::VoidNode::VoidNode):
1950         (JSC::TypeOfResolveNode::TypeOfResolveNode):
1951         (JSC::TypeOfValueNode::TypeOfValueNode):
1952         (JSC::PrefixResolveNode::PrefixResolveNode):
1953         (JSC::PrefixBracketNode::PrefixBracketNode):
1954         (JSC::PrefixDotNode::PrefixDotNode):
1955         (JSC::PrefixErrorNode::PrefixErrorNode):
1956         (JSC::UnaryOpNode::UnaryOpNode):
1957         (JSC::UnaryPlusNode::UnaryPlusNode):
1958         (JSC::NegateNode::NegateNode):
1959         (JSC::BitwiseNotNode::BitwiseNotNode):
1960         (JSC::LogicalNotNode::LogicalNotNode):
1961         (JSC::BinaryOpNode::BinaryOpNode):
1962         (JSC::MultNode::MultNode):
1963         (JSC::DivNode::DivNode):
1964         (JSC::ModNode::ModNode):
1965         (JSC::AddNode::AddNode):
1966         (JSC::SubNode::SubNode):
1967         (JSC::LeftShiftNode::LeftShiftNode):
1968         (JSC::RightShiftNode::RightShiftNode):
1969         (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
1970         (JSC::LessNode::LessNode):
1971         (JSC::GreaterNode::GreaterNode):
1972         (JSC::LessEqNode::LessEqNode):
1973         (JSC::GreaterEqNode::GreaterEqNode):
1974         (JSC::ThrowableBinaryOpNode::ThrowableBinaryOpNode):
1975         (JSC::InstanceOfNode::InstanceOfNode):
1976         (JSC::InNode::InNode):
1977         (JSC::EqualNode::EqualNode):
1978         (JSC::NotEqualNode::NotEqualNode):
1979         (JSC::StrictEqualNode::StrictEqualNode):
1980         (JSC::NotStrictEqualNode::NotStrictEqualNode):
1981         (JSC::BitAndNode::BitAndNode):
1982         (JSC::BitOrNode::BitOrNode):
1983         (JSC::BitXOrNode::BitXOrNode):
1984         (JSC::LogicalOpNode::LogicalOpNode):
1985         (JSC::ConditionalNode::ConditionalNode):
1986         (JSC::ReadModifyResolveNode::ReadModifyResolveNode):
1987         (JSC::AssignResolveNode::AssignResolveNode):
1988         (JSC::ReadModifyBracketNode::ReadModifyBracketNode):
1989         (JSC::AssignBracketNode::AssignBracketNode):
1990         (JSC::AssignDotNode::AssignDotNode):
1991         (JSC::ReadModifyDotNode::ReadModifyDotNode):
1992         (JSC::AssignErrorNode::AssignErrorNode):
1993         (JSC::CommaNode::CommaNode):
1994         (JSC::ConstStatementNode::ConstStatementNode):
1995         (JSC::EmptyStatementNode::EmptyStatementNode):
1996         (JSC::DebuggerStatementNode::DebuggerStatementNode):
1997         (JSC::ExprStatementNode::ExprStatementNode):
1998         (JSC::VarStatementNode::VarStatementNode):
1999         (JSC::IfNode::IfNode):
2000         (JSC::IfElseNode::IfElseNode):
2001         (JSC::DoWhileNode::DoWhileNode):
2002         (JSC::WhileNode::WhileNode):
2003         (JSC::ForNode::ForNode):
2004         (JSC::ContinueNode::ContinueNode):
2005         (JSC::BreakNode::BreakNode):
2006         (JSC::ReturnNode::ReturnNode):
2007         (JSC::WithNode::WithNode):
2008         (JSC::LabelNode::LabelNode):
2009         (JSC::ThrowNode::ThrowNode):
2010         (JSC::TryNode::TryNode):
2011         (JSC::FuncExprNode::FuncExprNode):
2012         (JSC::FuncDeclNode::FuncDeclNode):
2013         (JSC::SwitchNode::SwitchNode):
2014         (JSC::ConstDeclNode::ConstDeclNode):
2015         (JSC::BlockNode::BlockNode):
2016         (JSC::ForInNode::ForInNode):
2017         * parser/Nodes.cpp:
2018         (JSC):
2019         (JSC::StatementNode::setLoc):
2020         (JSC::ScopeNode::ScopeNode):
2021         (JSC::ProgramNode::ProgramNode):
2022         (JSC::ProgramNode::create):
2023         (JSC::EvalNode::EvalNode):
2024         (JSC::EvalNode::create):
2025         (JSC::FunctionBodyNode::FunctionBodyNode):
2026         (JSC::FunctionBodyNode::create):
2027         * parser/Nodes.h:
2028         (Node):
2029         (ExpressionNode):
2030         (StatementNode):
2031         (NullNode):
2032         (BooleanNode):
2033         (NumberNode):
2034         (StringNode):
2035         (RegExpNode):
2036         (ThisNode):
2037         (ResolveNode):
2038         (ArrayNode):
2039         (PropertyListNode):
2040         (ObjectLiteralNode):
2041         (BracketAccessorNode):
2042         (DotAccessorNode):
2043         (ArgumentListNode):
2044         (NewExprNode):
2045         (EvalFunctionCallNode):
2046         (FunctionCallValueNode):
2047         (FunctionCallResolveNode):
2048         (FunctionCallBracketNode):
2049         (FunctionCallDotNode):
2050         (CallFunctionCallDotNode):
2051         (ApplyFunctionCallDotNode):
2052         (PrePostResolveNode):
2053         (PostfixResolveNode):
2054         (PostfixBracketNode):
2055         (PostfixDotNode):
2056         (PostfixErrorNode):
2057         (DeleteResolveNode):
2058         (DeleteBracketNode):
2059         (DeleteDotNode):
2060         (DeleteValueNode):
2061         (VoidNode):
2062         (TypeOfResolveNode):
2063         (TypeOfValueNode):
2064         (PrefixResolveNode):
2065         (PrefixBracketNode):
2066         (PrefixDotNode):
2067         (PrefixErrorNode):
2068         (UnaryOpNode):
2069         (UnaryPlusNode):
2070         (NegateNode):
2071         (BitwiseNotNode):
2072         (LogicalNotNode):
2073         (BinaryOpNode):
2074         (MultNode):
2075         (DivNode):
2076         (ModNode):
2077         (AddNode):
2078         (SubNode):
2079         (LeftShiftNode):
2080         (RightShiftNode):
2081         (UnsignedRightShiftNode):
2082         (LessNode):
2083         (GreaterNode):
2084         (LessEqNode):
2085         (GreaterEqNode):
2086         (ThrowableBinaryOpNode):
2087         (InstanceOfNode):
2088         (InNode):
2089         (EqualNode):
2090         (NotEqualNode):
2091         (StrictEqualNode):
2092         (NotStrictEqualNode):
2093         (BitAndNode):
2094         (BitOrNode):
2095         (BitXOrNode):
2096         (LogicalOpNode):
2097         (ConditionalNode):
2098         (ReadModifyResolveNode):
2099         (AssignResolveNode):
2100         (ReadModifyBracketNode):
2101         (AssignBracketNode):
2102         (AssignDotNode):
2103         (ReadModifyDotNode):
2104         (AssignErrorNode):
2105         (CommaNode):
2106         (ConstDeclNode):
2107         (ConstStatementNode):
2108         (BlockNode):
2109         (EmptyStatementNode):
2110         (DebuggerStatementNode):
2111         (ExprStatementNode):
2112         (VarStatementNode):
2113         (IfNode):
2114         (IfElseNode):
2115         (DoWhileNode):
2116         (WhileNode):
2117         (ForNode):
2118         (ForInNode):
2119         (ContinueNode):
2120         (BreakNode):
2121         (ReturnNode):
2122         (WithNode):
2123         (LabelNode):
2124         (ThrowNode):
2125         (TryNode):
2126         (ScopeNode):
2127         (ProgramNode):
2128         (EvalNode):
2129         (FunctionBodyNode):
2130         (FuncExprNode):
2131         (FuncDeclNode):
2132         (SwitchNode):
2133         * parser/Parser.cpp:
2134         (JSC::::parseSourceElements):
2135         (JSC::::parseVarDeclaration):
2136         (JSC::::parseConstDeclaration):
2137         (JSC::::parseDoWhileStatement):
2138         (JSC::::parseWhileStatement):
2139         (JSC::::parseVarDeclarationList):
2140         (JSC::::parseConstDeclarationList):
2141         (JSC::::parseForStatement):
2142         (JSC::::parseBreakStatement):
2143         (JSC::::parseContinueStatement):
2144         (JSC::::parseReturnStatement):
2145         (JSC::::parseThrowStatement):
2146         (JSC::::parseWithStatement):
2147         (JSC::::parseSwitchStatement):
2148         (JSC::::parseTryStatement):
2149         (JSC::::parseDebuggerStatement):
2150         (JSC::::parseBlockStatement):
2151         (JSC::::parseStatement):
2152         (JSC::::parseFunctionBody):
2153         (JSC::::parseFunctionInfo):
2154         (JSC::::parseFunctionDeclaration):
2155         (JSC::::parseExpressionOrLabelStatement):
2156         (JSC::::parseExpressionStatement):
2157         (JSC::::parseIfStatement):
2158         (JSC::::parseExpression):
2159         (JSC::::parseAssignmentExpression):
2160         (JSC::::parseConditionalExpression):
2161         (JSC::::parseBinaryExpression):
2162         (JSC::::parseProperty):
2163         (JSC::::parseObjectLiteral):
2164         (JSC::::parseStrictObjectLiteral):
2165         (JSC::::parseArrayLiteral):
2166         (JSC::::parsePrimaryExpression):
2167         (JSC::::parseArguments):
2168         (JSC::::parseMemberExpression):
2169         (JSC::::parseUnaryExpression):
2170         * parser/Parser.h:
2171         (JSC::Parser::next):
2172         (JSC::Parser::nextExpectIdentifier):
2173         (JSC::Parser::tokenStart):
2174         (JSC::Parser::tokenLine):
2175         (JSC::Parser::tokenEnd):
2176         (JSC::Parser::getTokenName):
2177         (JSC::::parse):
2178         * parser/ParserTokens.h:
2179         (JSC::JSTokenInfo::JSTokenInfo):
2180         (JSTokenInfo):
2181         (JSToken):
2182         * parser/SourceProviderCacheItem.h:
2183         (JSC::SourceProviderCacheItem::closeBraceToken):
2184         * parser/SyntaxChecker.h:
2185         (JSC::SyntaxChecker::makeFunctionCallNode):
2186         (JSC::SyntaxChecker::createCommaExpr):
2187         (JSC::SyntaxChecker::makeAssignNode):
2188         (JSC::SyntaxChecker::makePrefixNode):
2189         (JSC::SyntaxChecker::makePostfixNode):
2190         (JSC::SyntaxChecker::makeTypeOfNode):
2191         (JSC::SyntaxChecker::makeDeleteNode):
2192         (JSC::SyntaxChecker::makeNegateNode):
2193         (JSC::SyntaxChecker::makeBitwiseNotNode):
2194         (JSC::SyntaxChecker::createLogicalNot):
2195         (JSC::SyntaxChecker::createUnaryPlus):
2196         (JSC::SyntaxChecker::createVoid):
2197         (JSC::SyntaxChecker::thisExpr):
2198         (JSC::SyntaxChecker::createResolve):
2199         (JSC::SyntaxChecker::createObjectLiteral):
2200         (JSC::SyntaxChecker::createArray):
2201         (JSC::SyntaxChecker::createNumberExpr):
2202         (JSC::SyntaxChecker::createString):
2203         (JSC::SyntaxChecker::createBoolean):
2204         (JSC::SyntaxChecker::createNull):
2205         (JSC::SyntaxChecker::createBracketAccess):
2206         (JSC::SyntaxChecker::createDotAccess):
2207         (JSC::SyntaxChecker::createRegExp):
2208         (JSC::SyntaxChecker::createNewExpr):
2209         (JSC::SyntaxChecker::createConditionalExpr):
2210         (JSC::SyntaxChecker::createAssignResolve):
2211         (JSC::SyntaxChecker::createFunctionExpr):
2212         (JSC::SyntaxChecker::createFunctionBody):
2213         (JSC::SyntaxChecker::createArgumentsList):
2214         (JSC::SyntaxChecker::createPropertyList):
2215         (JSC::SyntaxChecker::createFuncDeclStatement):
2216         (JSC::SyntaxChecker::createBlockStatement):
2217         (JSC::SyntaxChecker::createExprStatement):
2218         (JSC::SyntaxChecker::createIfStatement):
2219         (JSC::SyntaxChecker::createForLoop):
2220         (JSC::SyntaxChecker::createForInLoop):
2221         (JSC::SyntaxChecker::createEmptyStatement):
2222         (JSC::SyntaxChecker::createVarStatement):
2223         (JSC::SyntaxChecker::createReturnStatement):
2224         (JSC::SyntaxChecker::createBreakStatement):
2225         (JSC::SyntaxChecker::createContinueStatement):
2226         (JSC::SyntaxChecker::createTryStatement):
2227         (JSC::SyntaxChecker::createSwitchStatement):
2228         (JSC::SyntaxChecker::createWhileStatement):
2229         (JSC::SyntaxChecker::createWithStatement):
2230         (JSC::SyntaxChecker::createDoWhileStatement):
2231         (JSC::SyntaxChecker::createLabelStatement):
2232         (JSC::SyntaxChecker::createThrowStatement):
2233         (JSC::SyntaxChecker::createDebugger):
2234         (JSC::SyntaxChecker::createConstStatement):
2235         (JSC::SyntaxChecker::appendConstDecl):
2236         (JSC::SyntaxChecker::createGetterOrSetterProperty):
2237         (JSC::SyntaxChecker::combineCommaNodes):
2238         (JSC::SyntaxChecker::operatorStackPop):
2239
2240 2012-08-01  Peter Wang  <peter.wang@torchmobile.com.cn>
2241
2242         Web Inspector: [JSC] implement setting breakpoints by line:column
2243         https://bugs.webkit.org/show_bug.cgi?id=53003
2244
2245         Reviewed by Geoffrey Garen.
2246
2247         Add a counter in lexer to record the column of each token. Debugger will use column info
2248         in "Pretty Print" debug mode of Inspector.
2249
2250         * bytecode/Opcode.h:
2251         (JSC):
2252         (JSC::padOpcodeName):
2253         * bytecompiler/BytecodeGenerator.cpp:
2254         (JSC::BytecodeGenerator::emitDebugHook):
2255         * bytecompiler/BytecodeGenerator.h:
2256         (BytecodeGenerator):
2257         * bytecompiler/NodesCodegen.cpp:
2258         (JSC::ArrayNode::toArgumentList):
2259         (JSC::ApplyFunctionCallDotNode::emitBytecode):
2260         (JSC::ConditionalNode::emitBytecode):
2261         (JSC::ConstStatementNode::emitBytecode):
2262         (JSC::EmptyStatementNode::emitBytecode):
2263         (JSC::DebuggerStatementNode::emitBytecode):
2264         (JSC::ExprStatementNode::emitBytecode):
2265         (JSC::VarStatementNode::emitBytecode):
2266         (JSC::IfNode::emitBytecode):
2267         (JSC::IfElseNode::emitBytecode):
2268         (JSC::DoWhileNode::emitBytecode):
2269         (JSC::WhileNode::emitBytecode):
2270         (JSC::ForNode::emitBytecode):
2271         (JSC::ForInNode::emitBytecode):
2272         (JSC::ContinueNode::emitBytecode):
2273         (JSC::BreakNode::emitBytecode):
2274         (JSC::ReturnNode::emitBytecode):
2275         (JSC::WithNode::emitBytecode):
2276         (JSC::SwitchNode::emitBytecode):
2277         (JSC::LabelNode::emitBytecode):
2278         (JSC::ThrowNode::emitBytecode):
2279         (JSC::TryNode::emitBytecode):
2280         (JSC::ProgramNode::emitBytecode):
2281         (JSC::EvalNode::emitBytecode):
2282         (JSC::FunctionBodyNode::emitBytecode):
2283         * debugger/Debugger.h:
2284         * interpreter/Interpreter.cpp:
2285         (JSC::Interpreter::unwindCallFrame):
2286         (JSC::Interpreter::throwException):
2287         (JSC::Interpreter::debug):
2288         * interpreter/Interpreter.h:
2289         (Interpreter):
2290         * jit/JITOpcodes.cpp:
2291         (JSC::JIT::emit_op_debug):
2292         * jit/JITOpcodes32_64.cpp:
2293         (JSC::JIT::emit_op_debug):
2294         * jit/JITStubs.cpp:
2295         (JSC::DEFINE_STUB_FUNCTION):
2296         * llint/LLIntSlowPaths.cpp:
2297         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2298         * parser/ASTBuilder.h:
2299         (ASTBuilder):
2300         (JSC::ASTBuilder::createCommaExpr):
2301         (JSC::ASTBuilder::createLogicalNot):
2302         (JSC::ASTBuilder::createUnaryPlus):
2303         (JSC::ASTBuilder::createVoid):
2304         (JSC::ASTBuilder::thisExpr):
2305         (JSC::ASTBuilder::createResolve):
2306         (JSC::ASTBuilder::createObjectLiteral):
2307         (JSC::ASTBuilder::createArray):
2308         (JSC::ASTBuilder::createNumberExpr):
2309         (JSC::ASTBuilder::createString):
2310         (JSC::ASTBuilder::createBoolean):
2311         (JSC::ASTBuilder::createNull):
2312         (JSC::ASTBuilder::createBracketAccess):
2313         (JSC::ASTBuilder::createDotAccess):
2314         (JSC::ASTBuilder::createRegExp):
2315         (JSC::ASTBuilder::createNewExpr):
2316         (JSC::ASTBuilder::createConditionalExpr):
2317         (JSC::ASTBuilder::createAssignResolve):
2318         (JSC::ASTBuilder::createFunctionExpr):
2319         (JSC::ASTBuilder::createFunctionBody):
2320         (JSC::ASTBuilder::createGetterOrSetterProperty):
2321         (JSC::ASTBuilder::createArgumentsList):
2322         (JSC::ASTBuilder::createPropertyList):
2323         (JSC::ASTBuilder::createFuncDeclStatement):
2324         (JSC::ASTBuilder::createBlockStatement):
2325         (JSC::ASTBuilder::createExprStatement):
2326         (JSC::ASTBuilder::createIfStatement):
2327         (JSC::ASTBuilder::createForLoop):
2328         (JSC::ASTBuilder::createForInLoop):
2329         (JSC::ASTBuilder::createEmptyStatement):
2330         (JSC::ASTBuilder::createVarStatement):
2331         (JSC::ASTBuilder::createReturnStatement):
2332         (JSC::ASTBuilder::createBreakStatement):
2333         (JSC::ASTBuilder::createContinueStatement):
2334         (JSC::ASTBuilder::createTryStatement):
2335         (JSC::ASTBuilder::createSwitchStatement):
2336         (JSC::ASTBuilder::createWhileStatement):
2337         (JSC::ASTBuilder::createDoWhileStatement):
2338         (JSC::ASTBuilder::createLabelStatement):
2339         (JSC::ASTBuilder::createWithStatement):
2340         (JSC::ASTBuilder::createThrowStatement):
2341         (JSC::ASTBuilder::createDebugger):
2342         (JSC::ASTBuilder::createConstStatement):
2343         (JSC::ASTBuilder::appendConstDecl):
2344         (JSC::ASTBuilder::combineCommaNodes):
2345         (JSC::ASTBuilder::appendBinaryOperation):
2346         (JSC::ASTBuilder::createAssignment):
2347         (JSC::ASTBuilder::createNumber):
2348         (JSC::ASTBuilder::makeTypeOfNode):
2349         (JSC::ASTBuilder::makeDeleteNode):
2350         (JSC::ASTBuilder::makeNegateNode):
2351         (JSC::ASTBuilder::makeBitwiseNotNode):
2352         (JSC::ASTBuilder::makeMultNode):
2353         (JSC::ASTBuilder::makeDivNode):
2354         (JSC::ASTBuilder::makeModNode):
2355         (JSC::ASTBuilder::makeAddNode):
2356         (JSC::ASTBuilder::makeSubNode):
2357         (JSC::ASTBuilder::makeLeftShiftNode):
2358         (JSC::ASTBuilder::makeRightShiftNode):
2359         (JSC::ASTBuilder::makeURightShiftNode):
2360         (JSC::ASTBuilder::makeBitOrNode):
2361         (JSC::ASTBuilder::makeBitAndNode):
2362         (JSC::ASTBuilder::makeBitXOrNode):
2363         (JSC::ASTBuilder::makeFunctionCallNode):
2364         (JSC::ASTBuilder::makeBinaryNode):
2365         (JSC::ASTBuilder::makeAssignNode):
2366         (JSC::ASTBuilder::makePrefixNode):
2367         (JSC::ASTBuilder::makePostfixNode):
2368         * parser/Lexer.cpp:
2369         (JSC::::setCode):
2370         (JSC::::internalShift):
2371         (JSC::::shift):
2372         (JSC::::lex):
2373         * parser/Lexer.h:
2374         (Lexer):
2375         (JSC::Lexer::currentColumnNumber):
2376         (JSC::::lexExpectIdentifier):
2377         * parser/NodeConstructors.h:
2378         (JSC::Node::Node):
2379         (JSC::ExpressionNode::ExpressionNode):
2380         (JSC::StatementNode::StatementNode):
2381         (JSC::NullNode::NullNode):
2382         (JSC::BooleanNode::BooleanNode):
2383         (JSC::NumberNode::NumberNode):
2384         (JSC::StringNode::StringNode):
2385         (JSC::RegExpNode::RegExpNode):
2386         (JSC::ThisNode::ThisNode):
2387         (JSC::ResolveNode::ResolveNode):
2388         (JSC::ArrayNode::ArrayNode):
2389         (JSC::PropertyListNode::PropertyListNode):
2390         (JSC::ObjectLiteralNode::ObjectLiteralNode):
2391         (JSC::BracketAccessorNode::BracketAccessorNode):
2392         (JSC::DotAccessorNode::DotAccessorNode):
2393         (JSC::ArgumentListNode::ArgumentListNode):
2394         (JSC::NewExprNode::NewExprNode):
2395         (JSC::EvalFunctionCallNode::EvalFunctionCallNode):
2396         (JSC::FunctionCallValueNode::FunctionCallValueNode):
2397         (JSC::FunctionCallResolveNode::FunctionCallResolveNode):
2398         (JSC::FunctionCallBracketNode::FunctionCallBracketNode):
2399         (JSC::FunctionCallDotNode::FunctionCallDotNode):
2400         (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
2401         (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
2402         (JSC::PrePostResolveNode::PrePostResolveNode):
2403         (JSC::PostfixResolveNode::PostfixResolveNode):
2404         (JSC::PostfixBracketNode::PostfixBracketNode):
2405         (JSC::PostfixDotNode::PostfixDotNode):
2406         (JSC::PostfixErrorNode::PostfixErrorNode):
2407         (JSC::DeleteResolveNode::DeleteResolveNode):
2408         (JSC::DeleteBracketNode::DeleteBracketNode):
2409         (JSC::DeleteDotNode::DeleteDotNode):
2410         (JSC::DeleteValueNode::DeleteValueNode):
2411         (JSC::VoidNode::VoidNode):
2412         (JSC::TypeOfResolveNode::TypeOfResolveNode):
2413         (JSC::TypeOfValueNode::TypeOfValueNode):
2414         (JSC::PrefixResolveNode::PrefixResolveNode):
2415         (JSC::PrefixBracketNode::PrefixBracketNode):
2416         (JSC::PrefixDotNode::PrefixDotNode):
2417         (JSC::PrefixErrorNode::PrefixErrorNode):
2418         (JSC::UnaryOpNode::UnaryOpNode):
2419         (JSC::UnaryPlusNode::UnaryPlusNode):
2420         (JSC::NegateNode::NegateNode):
2421         (JSC::BitwiseNotNode::BitwiseNotNode):
2422         (JSC::LogicalNotNode::LogicalNotNode):
2423         (JSC::BinaryOpNode::BinaryOpNode):
2424         (JSC::MultNode::MultNode):
2425         (JSC::DivNode::DivNode):
2426         (JSC::ModNode::ModNode):
2427         (JSC::AddNode::AddNode):
2428         (JSC::SubNode::SubNode):
2429         (JSC::LeftShiftNode::LeftShiftNode):
2430         (JSC::RightShiftNode::RightShiftNode):
2431         (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
2432         (JSC::LessNode::LessNode):
2433         (JSC::GreaterNode::GreaterNode):
2434         (JSC::LessEqNode::LessEqNode):
2435         (JSC::GreaterEqNode::GreaterEqNode):
2436         (JSC::ThrowableBinaryOpNode::ThrowableBinaryOpNode):
2437         (JSC::InstanceOfNode::InstanceOfNode):
2438         (JSC::InNode::InNode):
2439         (JSC::EqualNode::EqualNode):
2440         (JSC::NotEqualNode::NotEqualNode):
2441         (JSC::StrictEqualNode::StrictEqualNode):
2442         (JSC::NotStrictEqualNode::NotStrictEqualNode):
2443         (JSC::BitAndNode::BitAndNode):
2444         (JSC::BitOrNode::BitOrNode):
2445         (JSC::BitXOrNode::BitXOrNode):
2446         (JSC::LogicalOpNode::LogicalOpNode):
2447         (JSC::ConditionalNode::ConditionalNode):
2448         (JSC::ReadModifyResolveNode::ReadModifyResolveNode):
2449         (JSC::AssignResolveNode::AssignResolveNode):
2450         (JSC::ReadModifyBracketNode::ReadModifyBracketNode):
2451         (JSC::AssignBracketNode::AssignBracketNode):
2452         (JSC::AssignDotNode::AssignDotNode):
2453         (JSC::ReadModifyDotNode::ReadModifyDotNode):
2454         (JSC::AssignErrorNode::AssignErrorNode):
2455         (JSC::CommaNode::CommaNode):
2456         (JSC::ConstStatementNode::ConstStatementNode):
2457         (JSC::EmptyStatementNode::EmptyStatementNode):
2458         (JSC::DebuggerStatementNode::DebuggerStatementNode):
2459         (JSC::ExprStatementNode::ExprStatementNode):
2460         (JSC::VarStatementNode::VarStatementNode):
2461         (JSC::IfNode::IfNode):
2462         (JSC::IfElseNode::IfElseNode):
2463         (JSC::DoWhileNode::DoWhileNode):
2464         (JSC::WhileNode::WhileNode):
2465         (JSC::ForNode::ForNode):
2466         (JSC::ContinueNode::ContinueNode):
2467         (JSC::BreakNode::BreakNode):
2468         (JSC::ReturnNode::ReturnNode):
2469         (JSC::WithNode::WithNode):
2470         (JSC::LabelNode::LabelNode):
2471         (JSC::ThrowNode::ThrowNode):
2472         (JSC::TryNode::TryNode):
2473         (JSC::FuncExprNode::FuncExprNode):
2474         (JSC::FuncDeclNode::FuncDeclNode):
2475         (JSC::SwitchNode::SwitchNode):
2476         (JSC::ConstDeclNode::ConstDeclNode):
2477         (JSC::BlockNode::BlockNode):
2478         (JSC::ForInNode::ForInNode):
2479         * parser/Nodes.cpp:
2480         (JSC::StatementNode::setLoc):
2481         (JSC):
2482         (JSC::ScopeNode::ScopeNode):
2483         (JSC::ProgramNode::ProgramNode):
2484         (JSC::ProgramNode::create):
2485         (JSC::EvalNode::EvalNode):
2486         (JSC::EvalNode::create):
2487         (JSC::FunctionBodyNode::FunctionBodyNode):
2488         (JSC::FunctionBodyNode::create):
2489         * parser/Nodes.h:
2490         (Node):
2491         (JSC::Node::columnNo):
2492         (ExpressionNode):
2493         (StatementNode):
2494         (JSC::StatementNode::column):
2495         (NullNode):
2496         (BooleanNode):
2497         (NumberNode):
2498         (StringNode):
2499         (RegExpNode):
2500         (ThisNode):
2501         (ResolveNode):
2502         (ArrayNode):
2503         (PropertyListNode):
2504         (ObjectLiteralNode):
2505         (BracketAccessorNode):
2506         (DotAccessorNode):
2507         (ArgumentListNode):
2508         (NewExprNode):
2509         (EvalFunctionCallNode):
2510         (FunctionCallValueNode):
2511         (FunctionCallResolveNode):
2512         (FunctionCallBracketNode):
2513         (FunctionCallDotNode):
2514         (CallFunctionCallDotNode):
2515         (ApplyFunctionCallDotNode):
2516         (PrePostResolveNode):
2517         (PostfixResolveNode):
2518         (PostfixBracketNode):
2519         (PostfixDotNode):
2520         (PostfixErrorNode):
2521         (DeleteResolveNode):
2522         (DeleteBracketNode):
2523         (DeleteDotNode):
2524         (DeleteValueNode):
2525         (VoidNode):
2526         (TypeOfResolveNode):
2527         (TypeOfValueNode):
2528         (PrefixResolveNode):
2529         (PrefixBracketNode):
2530         (PrefixDotNode):
2531         (PrefixErrorNode):
2532         (UnaryOpNode):
2533         (UnaryPlusNode):
2534         (NegateNode):
2535         (BitwiseNotNode):
2536         (LogicalNotNode):
2537         (BinaryOpNode):
2538         (MultNode):
2539         (DivNode):
2540         (ModNode):
2541         (AddNode):
2542         (SubNode):
2543         (LeftShiftNode):
2544         (RightShiftNode):
2545         (UnsignedRightShiftNode):
2546         (LessNode):
2547         (GreaterNode):
2548         (LessEqNode):
2549         (GreaterEqNode):
2550         (ThrowableBinaryOpNode):
2551         (InstanceOfNode):
2552         (InNode):
2553         (EqualNode):
2554         (NotEqualNode):
2555         (StrictEqualNode):
2556         (NotStrictEqualNode):
2557         (BitAndNode):
2558         (BitOrNode):
2559         (BitXOrNode):
2560         (LogicalOpNode):
2561         (ConditionalNode):
2562         (ReadModifyResolveNode):
2563         (AssignResolveNode):
2564         (ReadModifyBracketNode):
2565         (AssignBracketNode):
2566         (AssignDotNode):
2567         (ReadModifyDotNode):
2568         (AssignErrorNode):
2569         (CommaNode):
2570         (ConstDeclNode):
2571         (ConstStatementNode):
2572         (BlockNode):
2573         (EmptyStatementNode):
2574         (DebuggerStatementNode):
2575         (ExprStatementNode):
2576         (VarStatementNode):
2577         (IfNode):
2578         (IfElseNode):
2579         (DoWhileNode):
2580         (WhileNode):
2581         (ForNode):
2582         (ForInNode):
2583         (ContinueNode):
2584         (BreakNode):
2585         (ReturnNode):
2586         (WithNode):
2587         (LabelNode):
2588         (ThrowNode):
2589         (TryNode):
2590         (ScopeNode):
2591         (ProgramNode):
2592         (EvalNode):
2593         (FunctionBodyNode):
2594         (FuncExprNode):
2595         (FuncDeclNode):
2596         (SwitchNode):
2597         * parser/Parser.cpp:
2598         (JSC::::parseSourceElements):
2599         (JSC::::parseVarDeclaration):
2600         (JSC::::parseConstDeclaration):
2601         (JSC::::parseDoWhileStatement):
2602         (JSC::::parseWhileStatement):
2603         (JSC::::parseVarDeclarationList):
2604         (JSC::::parseConstDeclarationList):
2605         (JSC::::parseForStatement):
2606         (JSC::::parseBreakStatement):
2607         (JSC::::parseContinueStatement):
2608         (JSC::::parseReturnStatement):
2609         (JSC::::parseThrowStatement):
2610         (JSC::::parseWithStatement):
2611         (JSC::::parseSwitchStatement):
2612         (JSC::::parseTryStatement):
2613         (JSC::::parseDebuggerStatement):
2614         (JSC::::parseBlockStatement):
2615         (JSC::::parseStatement):
2616         (JSC::::parseFunctionBody):
2617         (JSC::::parseFunctionInfo):
2618         (JSC::::parseFunctionDeclaration):
2619         (JSC::::parseExpressionOrLabelStatement):
2620         (JSC::::parseExpressionStatement):
2621         (JSC::::parseIfStatement):
2622         (JSC::::parseExpression):
2623         (JSC::::parseAssignmentExpression):
2624         (JSC::::parseConditionalExpression):
2625         (JSC::::parseBinaryExpression):
2626         (JSC::::parseProperty):
2627         (JSC::::parseObjectLiteral):
2628         (JSC::::parseStrictObjectLiteral):
2629         (JSC::::parseArrayLiteral):
2630         (JSC::::parsePrimaryExpression):
2631         (JSC::::parseArguments):
2632         (JSC::::parseMemberExpression):
2633         (JSC::::parseUnaryExpression):
2634         * parser/Parser.h:
2635         (JSC::Parser::next):
2636         (JSC::Parser::nextExpectIdentifier):
2637         (JSC::Parser::tokenStart):
2638         (JSC::Parser::tokenLine):
2639         (JSC::Parser::tokenEnd):
2640         (JSC::Parser::tokenLocation):
2641         (Parser):
2642         (JSC::Parser::getTokenName):
2643         (JSC::::parse):
2644         * parser/ParserTokens.h:
2645         (JSC::JSTokenLocation::JSTokenLocation):
2646         (JSTokenLocation):
2647         (JSToken):
2648         * parser/SourceProviderCacheItem.h:
2649         (JSC::SourceProviderCacheItem::closeBraceToken):
2650         * parser/SyntaxChecker.h:
2651         (JSC::SyntaxChecker::makeFunctionCallNode):
2652         (JSC::SyntaxChecker::createCommaExpr):
2653         (JSC::SyntaxChecker::makeAssignNode):
2654         (JSC::SyntaxChecker::makePrefixNode):
2655         (JSC::SyntaxChecker::makePostfixNode):
2656         (JSC::SyntaxChecker::makeTypeOfNode):
2657         (JSC::SyntaxChecker::makeDeleteNode):
2658         (JSC::SyntaxChecker::makeNegateNode):
2659         (JSC::SyntaxChecker::makeBitwiseNotNode):
2660         (JSC::SyntaxChecker::createLogicalNot):
2661         (JSC::SyntaxChecker::createUnaryPlus):
2662         (JSC::SyntaxChecker::createVoid):
2663         (JSC::SyntaxChecker::thisExpr):
2664         (JSC::SyntaxChecker::createResolve):
2665         (JSC::SyntaxChecker::createObjectLiteral):
2666         (JSC::SyntaxChecker::createArray):
2667         (JSC::SyntaxChecker::createNumberExpr):
2668         (JSC::SyntaxChecker::createString):
2669         (JSC::SyntaxChecker::createBoolean):
2670         (JSC::SyntaxChecker::createNull):
2671         (JSC::SyntaxChecker::createBracketAccess):
2672         (JSC::SyntaxChecker::createDotAccess):
2673         (JSC::SyntaxChecker::createRegExp):
2674         (JSC::SyntaxChecker::createNewExpr):
2675         (JSC::SyntaxChecker::createConditionalExpr):
2676         (JSC::SyntaxChecker::createAssignResolve):
2677         (JSC::SyntaxChecker::createFunctionExpr):
2678         (JSC::SyntaxChecker::createFunctionBody):
2679         (JSC::SyntaxChecker::createArgumentsList):
2680         (JSC::SyntaxChecker::createPropertyList):
2681         (JSC::SyntaxChecker::createFuncDeclStatement):
2682         (JSC::SyntaxChecker::createBlockStatement):
2683         (JSC::SyntaxChecker::createExprStatement):
2684         (JSC::SyntaxChecker::createIfStatement):
2685         (JSC::SyntaxChecker::createForLoop):
2686         (JSC::SyntaxChecker::createForInLoop):
2687         (JSC::SyntaxChecker::createEmptyStatement):
2688         (JSC::SyntaxChecker::createVarStatement):
2689         (JSC::SyntaxChecker::createReturnStatement):
2690         (JSC::SyntaxChecker::createBreakStatement):
2691         (JSC::SyntaxChecker::createContinueStatement):
2692         (JSC::SyntaxChecker::createTryStatement):
2693         (JSC::SyntaxChecker::createSwitchStatement):
2694         (JSC::SyntaxChecker::createWhileStatement):
2695         (JSC::SyntaxChecker::createWithStatement):
2696         (JSC::SyntaxChecker::createDoWhileStatement):
2697         (JSC::SyntaxChecker::createLabelStatement):
2698         (JSC::SyntaxChecker::createThrowStatement):
2699         (JSC::SyntaxChecker::createDebugger):
2700         (JSC::SyntaxChecker::createConstStatement):
2701         (JSC::SyntaxChecker::appendConstDecl):
2702         (JSC::SyntaxChecker::createGetterOrSetterProperty):
2703         (JSC::SyntaxChecker::combineCommaNodes):
2704         (JSC::SyntaxChecker::operatorStackPop):
2705
2706 2012-08-01  Filip Pizlo  <fpizlo@apple.com>
2707
2708         DFG should hoist structure checks
2709         https://bugs.webkit.org/show_bug.cgi?id=92696
2710
2711         Reviewed by Gavin Barraclough.
2712
2713         This hoists structure checks in the same way that we would hoist array checks, but with added
2714         complexity to cope with the fact that the structure of an object may change. This is handled
2715         by performing a side effects analysis over the region in which the respective variable is
2716         live. If a structure clobbering side effect may happen then we either hoist the structure
2717         checks and fall back on structure transition watchpoints (if the watchpoint set is still
2718         valid), or we avoid hoisting altogether.
2719         
2720         Doing this required teaching the CFA that we may have an expectation that an object has a
2721         particular structure even after structure clobbering happens, in the sense that structure
2722         proofs that were cobbered can be revived using watchpoints. CFA must know about this so that
2723         OSR entry may know about it, since we cannot allow entry to happen if the variable has a
2724         clobbered structure proof, will have a watchpoint to revive the proof, and the variable in
2725         the baseline JIT has a completely unrelated structure.
2726         
2727         This is mostly performance neutral.
2728
2729         * CMakeLists.txt:
2730         * GNUmakefile.list.am:
2731         * JavaScriptCore.xcodeproj/project.pbxproj:
2732         * Target.pri:
2733         * bytecode/ValueRecovery.h:
2734         (JSC::ValueRecovery::isSet):
2735         (JSC::ValueRecovery::operator!):
2736         (ValueRecovery):
2737         * dfg/DFGAbstractState.cpp:
2738         (JSC::DFG::AbstractState::execute):
2739         (JSC::DFG::AbstractState::clobberWorld):
2740         (DFG):
2741         (JSC::DFG::AbstractState::clobberCapturedVars):
2742         * dfg/DFGAbstractState.h:
2743         (AbstractState):
2744         * dfg/DFGAbstractValue.h:
2745         (JSC::DFG::AbstractValue::clear):
2746         (JSC::DFG::AbstractValue::isClear):
2747         (JSC::DFG::AbstractValue::makeTop):
2748         (JSC::DFG::AbstractValue::isTop):
2749         (JSC::DFG::AbstractValue::set):
2750         (JSC::DFG::AbstractValue::operator==):
2751         (JSC::DFG::AbstractValue::merge):
2752         (JSC::DFG::AbstractValue::filter):
2753         (JSC::DFG::AbstractValue::validate):
2754         (JSC::DFG::AbstractValue::validateForEntry):
2755         (AbstractValue):
2756         (JSC::DFG::AbstractValue::checkConsistency):
2757         (JSC::DFG::AbstractValue::dump):
2758         * dfg/DFGByteCodeParser.cpp:
2759         (JSC::DFG::ByteCodeParser::setLocal):
2760         (JSC::DFG::ByteCodeParser::getArgument):
2761         (JSC::DFG::ByteCodeParser::setArgument):
2762         (JSC::DFG::ByteCodeParser::parseBlock):
2763         (JSC::DFG::ByteCodeParser::fixVariableAccessSpeculations):
2764         * dfg/DFGCSEPhase.cpp:
2765         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
2766         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
2767         (JSC::DFG::CSEPhase::putStructureStoreElimination):
2768         (JSC::DFG::CSEPhase::getLocalLoadElimination):
2769         (JSC::DFG::CSEPhase::performNodeCSE):
2770         * dfg/DFGDriver.cpp:
2771         (JSC::DFG::compile):
2772         * dfg/DFGGraph.cpp:
2773         (JSC::DFG::Graph::dump):
2774         * dfg/DFGGraph.h:
2775         (JSC::DFG::Graph::vote):
2776         (Graph):
2777         * dfg/DFGNode.h:
2778         (JSC::DFG::Node::convertToStructureTransitionWatchpoint):
2779         (Node):
2780         (JSC::DFG::Node::hasStructureSet):
2781         * dfg/DFGNodeType.h:
2782         (DFG):
2783         * dfg/DFGOSREntry.cpp:
2784         (JSC::DFG::prepareOSREntry):
2785         * dfg/DFGPredictionPropagationPhase.cpp:
2786         (JSC::DFG::PredictionPropagationPhase::propagate):
2787         (PredictionPropagationPhase):
2788         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
2789         * dfg/DFGSpeculativeJIT.h:
2790         (SpeculativeJIT):
2791         (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
2792         (JSC::DFG::SpeculativeJIT::speculationCheckWithConditionalDirection):
2793         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecutionWithConditionalDirection):
2794         (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
2795         (JSC::DFG::SpeculateCellOperand::gpr):
2796         (SpeculateCellOperand):
2797         * dfg/DFGSpeculativeJIT32_64.cpp:
2798         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2799         (JSC::DFG::SpeculativeJIT::compile):
2800         * dfg/DFGSpeculativeJIT64.cpp:
2801         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2802         (JSC::DFG::SpeculativeJIT::compile):
2803         * dfg/DFGStructureCheckHoistingPhase.cpp: Added.
2804         (DFG):
2805         (StructureCheckHoistingPhase):
2806         (JSC::DFG::StructureCheckHoistingPhase::StructureCheckHoistingPhase):
2807         (JSC::DFG::StructureCheckHoistingPhase::run):
2808         (JSC::DFG::StructureCheckHoistingPhase::noticeStructureCheck):
2809         (JSC::DFG::StructureCheckHoistingPhase::noticeClobber):
2810         (JSC::DFG::StructureCheckHoistingPhase::clobber):
2811         (CheckData):
2812         (JSC::DFG::StructureCheckHoistingPhase::CheckData::CheckData):
2813         (JSC::DFG::performStructureCheckHoisting):
2814         * dfg/DFGStructureCheckHoistingPhase.h: Added.
2815         (DFG):
2816         * dfg/DFGVariableAccessData.h:
2817         (VariableAccessData):
2818         (JSC::DFG::VariableAccessData::VariableAccessData):
2819         (JSC::DFG::VariableAccessData::mergeStructureCheckHoistingFailed):
2820         (JSC::DFG::VariableAccessData::structureCheckHoistingFailed):
2821         (JSC::DFG::VariableAccessData::clearVotes):
2822         (JSC::DFG::VariableAccessData::vote):
2823         (JSC::DFG::VariableAccessData::voteRatio):
2824         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
2825         * runtime/Options.h:
2826         (JSC):
2827
2828 2012-08-01  Filip Pizlo  <fpizlo@apple.com>
2829
2830         DFG should distinguish between PutByVal's that clobber the world and ones that don't
2831         https://bugs.webkit.org/show_bug.cgi?id=92923
2832
2833         Reviewed by Mark Hahnenberg.
2834
2835         This is performance-neutral. I also confirmed that it's neutral if we make the
2836         clobbering variant (PutByValSafe) clobber all knowledge of what is an array,
2837         which should feed nicely into work on removing uses of ClassInfo.
2838
2839         * bytecode/DFGExitProfile.h:
2840         * dfg/DFGAbstractState.cpp:
2841         (JSC::DFG::AbstractState::execute):
2842         * dfg/DFGByteCodeParser.cpp:
2843         (JSC::DFG::ByteCodeParser::parseBlock):
2844         * dfg/DFGCSEPhase.cpp:
2845         (JSC::DFG::CSEPhase::getByValLoadElimination):
2846         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
2847         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
2848         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
2849         (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
2850         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
2851         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
2852         (JSC::DFG::CSEPhase::performNodeCSE):
2853         * dfg/DFGFixupPhase.cpp:
2854         (JSC::DFG::FixupPhase::fixupNode):
2855         * dfg/DFGGraph.h:
2856         (JSC::DFG::Graph::byValIsPure):
2857         (JSC::DFG::Graph::clobbersWorld):
2858         * dfg/DFGNodeType.h:
2859         (DFG):
2860         * dfg/DFGPredictionPropagationPhase.cpp:
2861         (JSC::DFG::PredictionPropagationPhase::propagate):
2862         * dfg/DFGSpeculativeJIT32_64.cpp:
2863         (JSC::DFG::SpeculativeJIT::compile):
2864         * dfg/DFGSpeculativeJIT64.cpp:
2865         (JSC::DFG::SpeculativeJIT::compile):
2866
2867 2012-08-01  Jian Li  <jianli@chromium.org>
2868
2869         Add new CSS property "-webkit-widget-region" to expose dashboard region support for other port
2870         https://bugs.webkit.org/show_bug.cgi?id=90298
2871
2872         Reviewed by Adam Barth.
2873
2874         * Configurations/FeatureDefines.xcconfig: Add ENABLE_WIDGET_REGION define.
2875
2876 2012-08-01  Patrick Gansterer  <paroga@webkit.org>
2877
2878         Replace WTF::getCurrentLocalTime() with GregorianDateTime::setToCurrentLocalTime()
2879         https://bugs.webkit.org/show_bug.cgi?id=92286
2880
2881         Reviewed by Geoffrey Garen.
2882
2883         Add a method to GregorianDateTime to set its values to the current locale time.
2884         Replacing all occurrences of getCurrentLocalTime with the new function allows
2885         us to remove getCurrentLocalTime in a next step.
2886
2887         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2888
2889 2012-08-01  Mark Hahnenberg  <mhahnenberg@apple.com>
2890
2891         C++ code should get ClassInfo from the Structure
2892         https://bugs.webkit.org/show_bug.cgi?id=92892
2893
2894         Reviewed by Geoffrey Garen.
2895
2896         In our march to remove ClassInfo from our JSCell object headers, we can switch 
2897         C++ code over to grabbing the ClassInfo from the Structure since it is finally 
2898         safe to do so now that Structure access is safe during finalization/destruction. 
2899         The remaining JIT code changes can be done in a separate patch.
2900
2901         * heap/MarkedBlock.cpp:
2902         (JSC::MarkedBlock::callDestructor): We don't want to clear the Structure any more 
2903         since the Structure should still be valid at this point.
2904         * heap/WeakSetInlines.h:
2905         (JSC::WeakBlock::finalize): Ditto.
2906         * runtime/JSCell.h:
2907         (JSC):
2908         * runtime/Structure.h:
2909         (JSC::JSCell::classInfo): Move JSCell's classInfo() to Structure.h so it can be 
2910         inline. Use a different method of getting the JSCell's Structure based on 
2911         whether we're in GC_VALIDATION mode or not, since always using get() will cause 
2912         infinite recursion in GC_VALIDATION mode.
2913         (JSC):
2914
2915 2012-07-31  Mark Hahnenberg  <mhahnenberg@apple.com>
2916
2917         MarkedBlock::sweep() should sweep another block if it can't sweep a Structure block
2918         https://bugs.webkit.org/show_bug.cgi?id=92819
2919
2920         Reviewed by Geoffrey Garen.
2921
2922         If we are forced to allocate a new block for Structures because we are unable to safely 
2923         sweep our pre-existing Structure blocks, we should sweep another random block so that we 
2924         can start sweeping Structure blocks sooner.
2925
2926         * heap/IncrementalSweeper.cpp:
2927         (JSC::IncrementalSweeper::doSweep): Change to use sweepNextBlock.
2928         (JSC):
2929         (JSC::IncrementalSweeper::sweepNextBlock): 
2930         * heap/IncrementalSweeper.h:
2931         (IncrementalSweeper):
2932         * heap/MarkedAllocator.cpp:
2933         (JSC::MarkedAllocator::tryAllocateHelper): When we can't safely sweep 
2934         our Structure blocks, call sweepNextBlock instead.
2935
2936 2012-07-31  Sam Weinig  <sam@webkit.org>
2937
2938         Fix the Windows build.
2939
2940         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2941
2942 2012-07-31  Geoffrey Garen  <ggaren@apple.com>
2943
2944         Maybe fix the GCC build.
2945
2946         * heap/HeapBlock.h:
2947         (HeapBlock): Accommodate incorrect parsing in GCC.
2948
2949 2012-07-31  Sam Weinig  <sam@webkit.org>
2950
2951         Stop masking 8 bits off of the visited link hash. We need all the bits!
2952         https://bugs.webkit.org/show_bug.cgi?id=92799
2953
2954         Reviewed by Anders Carlsson.
2955
2956         * runtime/Identifier.cpp:
2957         (JSC::IdentifierCStringTranslator::hash):
2958         (JSC::IdentifierLCharFromUCharTranslator::hash):
2959         * runtime/Identifier.h:
2960         (JSC::IdentifierCharBufferTranslator::hash):
2961         Update for new function names.
2962
2963 2012-07-31  Geoffrey Garen  <ggaren@apple.com>
2964
2965         Maybe break the Windows build.
2966
2967         Reviewed by Anders Carlsson.
2968
2969         Formally objected to by Sam Weinig.
2970
2971         * heap/HeapBlock.h:
2972         (HeapBlock): Try to slightly improve this because we don't want Windows to control our lives.
2973
2974 2012-07-30  Mark Hahnenberg  <mhahnenberg@apple.com>
2975
2976         Structures should be swept after all other objects
2977         https://bugs.webkit.org/show_bug.cgi?id=92679
2978
2979         Reviewed by Filip Pizlo.
2980
2981         In order to get rid of ClassInfo from our objects, we need to be able to safely get the 
2982         ClassInfo during the destruction of objects. We'd like to get the ClassInfo out of the 
2983         Structure, but currently it is not safe to do so because the order of destruction of objects 
2984         is not guaranteed to sweep objects before their corresponding Structure. We can fix this by 
2985         sweeping Structures after everything else.
2986
2987         * heap/Heap.cpp:
2988         (JSC::Heap::isSafeToSweepStructures): Add a function that checks if it is safe to sweep Structures.
2989         If the Heap's IncrementalSweeper member is null, that means we're shutting down this VM and it is 
2990         safe to sweep structures since we'll always do Structures last anyways due to the ordering of 
2991         MarkedSpace::forEachBlock.
2992         (JSC):
2993         (JSC::Heap::didStartVMShutdown): Add this intermediate function to the Heap that ~JSGlobalData now
2994         calls rather than calling the two HeapTimer objects individually. This allows the Heap to null out 
2995         these pointers after it has invalidated them to prevent accidental use-after-free in the sweep() 
2996         calls during lastChanceToFinalize().
2997         * heap/Heap.h:
2998         (Heap):
2999         * heap/HeapTimer.h:
3000         (HeapTimer):
3001         * heap/IncrementalSweeper.cpp:
3002         (JSC::IncrementalSweeper::structuresCanBeSwept): Determines if it is currently safe to sweep Structures.
3003         This decision is based on whether we have gotten to the end of the vector of blocks that need sweeping
3004         the first time.
3005         (JSC):
3006         (JSC::IncrementalSweeper::doSweep): We add a second pass over the vector to sweep Structures after we 
3007         make our first pass. We now null out the slots as we sweep them so that we can quickly find the 
3008         Structures during the second pass.
3009         (JSC::IncrementalSweeper::startSweeping): Initialize our new Structure sweeping index.
3010         (JSC::IncrementalSweeper::willFinishSweeping): Callback that is called by MarkedSpace::sweep to notify 
3011         the IncrementalSweeper that we are going to sweep all of the remaining blocks in the Heap so it can 
3012         assume that everything is taken care of in the correct order. Since MarkedSpace::forEachBlock 
3013         iterates over the Structure blocks after all other blocks, the ordering property for sweeping Structures holds.
3014         (JSC::IncrementalSweeper::IncrementalSweeper): Initialize Structure sweeping index.
3015         * heap/IncrementalSweeper.h: Add declarations for new stuff.
3016         (IncrementalSweeper):
3017         * heap/MarkedAllocator.cpp:
3018         (JSC::MarkedAllocator::tryAllocateHelper): We now check if the current block only contains structures and 
3019         if so and it isn't safe to sweep Structures according to the Heap, we just return early instead of doing 
3020         the normal lazy sweep. If this proves to be too much of a waste in the future we can add an extra clause that 
3021         will sweep some number of other blocks in place of the current block to mitigate the cost of the floating 
3022         Structure garbage.
3023         (JSC::MarkedAllocator::addBlock):
3024         * heap/MarkedAllocator.h:
3025         (JSC::MarkedAllocator::zapFreeList): When we zap the free list in the MarkedAllocator, the current block is no 
3026         longer valid to allocate from, so we set the current block to null.
3027         * heap/MarkedBlock.cpp:
3028         (JSC::MarkedBlock::sweepHelper): Added a couple assertions to make sure that we weren't trying to sweep Structures
3029         at an unsafe time.
3030         * heap/MarkedSpace.cpp:
3031         (JSC::MarkedSpace::sweep): Notify the IncrementalSweeper that the MarkedSpace will finish all currently remaining sweeping.
3032         (JSC): 
3033         * heap/MarkedSpace.h:
3034         (JSC):
3035         * runtime/JSGlobalData.cpp:
3036         (JSC::JSGlobalData::~JSGlobalData): Call the new Heap::didStartVMShutdown.
3037
3038 2012-07-31  Geoffrey Garen  <ggaren@apple.com>
3039
3040         Fix all the other builds I just broke. Maybe fix the Windows build.
3041
3042         * heap/HeapBlock.h:
3043         (HeapBlock): WTF?
3044
3045 2012-07-31  Geoffrey Garen  <ggaren@apple.com>
3046
3047         Maybe fix the Windows build.
3048
3049         * heap/HeapBlock.h:
3050         (HeapBlock): WTF?
3051
3052 2012-07-31  Geoffrey Garen  <ggaren@apple.com>
3053
3054         Maybe fix the Windows build.
3055
3056         * heap/HeapBlock.h:
3057         (HeapBlock): WTF?
3058
3059 2012-07-31  Geoffrey Garen  <ggaren@apple.com>
3060
3061         Removed some public data and casting from the Heap
3062         https://bugs.webkit.org/show_bug.cgi?id=92777
3063
3064         Reviewed by Oliver Hunt.
3065
3066         * heap/BlockAllocator.cpp:
3067         (JSC::BlockAllocator::releaseFreeBlocks):
3068         (JSC::BlockAllocator::blockFreeingThreadMain): Use the DeadBlock class
3069         since HeapBlock is a template, and not a class, now. Call destroy()
3070         instead of monkeying around with DeadBlock's internal data because
3071         encapsulation is good.
3072
3073         * heap/BlockAllocator.h:
3074         (DeadBlock): Added a class to represent a dead block, since HeapBlock is
3075         a template now, and can't be instantiated directly.
3076
3077         (JSC::DeadBlock::DeadBlock):
3078         (JSC::DeadBlock::create):
3079         (BlockAllocator):
3080         (JSC::BlockAllocator::allocate):
3081         (JSC::BlockAllocator::deallocate): Use the DeadBlock class because
3082         encapsulation is good.
3083
3084         * heap/CopiedBlock.h:
3085         (CopiedBlock::destroy): No need for a destroy() function, since we
3086         inherit one now.
3087
3088         (JSC::CopiedBlock::CopiedBlock):
3089         (JSC::CopiedBlock::payloadEnd):
3090         (JSC::CopiedBlock::capacity): Updated for some encapsulation inside
3091         HeapBlock.
3092
3093         * heap/CopiedSpace.cpp:
3094         (JSC::CopiedSpace::~CopiedSpace):
3095         (JSC::CopiedSpace::doneCopying):
3096         (JSC::CopiedSpace::size):
3097         (JSC::CopiedSpace::capacity):
3098         (JSC::isBlockListPagedOut): Removed a bunch of casting. This is no longer
3099         necessary, now that our list and its nodes have the right type.
3100
3101         * heap/CopiedSpace.h: Use the right type in our data structures because
3102         it improves clarity.
3103
3104         * heap/CopiedSpaceInlineMethods.h:
3105         (JSC::CopiedSpace::startedCopying): Use swap to avoid duplicating it.
3106
3107         * heap/HeapBlock.h:
3108         (HeapBlock): Made this a class template so we can return the right type
3109         in linked list operations. Made our data private because encapsulation
3110         is good.
3111
3112         (JSC::HeapBlock::destroy): Since we know our type, we can also eliminate
3113         duplicate destroy() functions in our subclasses.
3114
3115         (JSC::HeapBlock::allocation): Added an accessor so we can hide our data.
3116         By using const, this accessor prevents clients from accidentally deleting
3117         our allocation.
3118
3119         * heap/MarkedAllocator.cpp:
3120         (JSC::MarkedAllocator::isPagedOut):
3121         (JSC::MarkedAllocator::tryAllocateHelper):
3122         (JSC::MarkedAllocator::removeBlock): Removed a bunch of casting. This is
3123         no longer necessary, now that our list and its nodes have the right type.
3124
3125         * heap/MarkedAllocator.h:
3126         (MarkedAllocator):
3127         (JSC::MarkedAllocator::reset):
3128         (JSC::MarkedAllocator::forEachBlock): Use the right type, do less casting.
3129
3130         * heap/MarkedBlock.cpp: 
3131         (JSC::MarkedBlock::destroy): Removed this function because our parent
3132         class provides it for us now.
3133
3134         (JSC::MarkedBlock::MarkedBlock):
3135         * heap/MarkedBlock.h:
3136         (MarkedBlock):
3137         (JSC::MarkedBlock::capacity): Updated for encapsulation.
3138
3139 2012-07-31  Filip Pizlo  <fpizlo@apple.com>
3140
3141         DFG OSR exit profiling has unusual oversights
3142         https://bugs.webkit.org/show_bug.cgi?id=92728
3143
3144         Reviewed by Geoffrey Garen.
3145
3146         * dfg/DFGOSRExit.cpp:
3147         (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
3148         * dfg/DFGSpeculativeJIT.h:
3149         (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
3150         * dfg/DFGSpeculativeJIT32_64.cpp:
3151         (JSC::DFG::SpeculativeJIT::compile):
3152         * dfg/DFGSpeculativeJIT64.cpp:
3153         (JSC::DFG::SpeculativeJIT::compile):
3154
3155 2012-07-31  Chao-ying Fu  <fu@mips.com>
3156
3157         Add MIPS add32 function
3158         https://bugs.webkit.org/show_bug.cgi?id=91522
3159
3160         Reviewed by Oliver Hunt.
3161
3162         Add isCompactPtrAlignedAddressOffset.
3163         Add a new version of add32 that accepts AbsoluteAddress as inputs.
3164
3165         * assembler/MacroAssemblerMIPS.h:
3166         (JSC::MacroAssemblerMIPS::isCompactPtrAlignedAddressOffset): New.
3167         (MacroAssemblerMIPS):
3168         (JSC::MacroAssemblerMIPS::add32): Support AbsoluteAddress as inputs.
3169
3170 2012-07-30  Sheriff Bot  <webkit.review.bot@gmail.com>
3171
3172         Unreviewed, rolling out r124123.
3173         http://trac.webkit.org/changeset/124123
3174         https://bugs.webkit.org/show_bug.cgi?id=92700
3175
3176         ASSERT crashes terminate webkit Layout tests (Requested by
3177         msaboff on #webkit).
3178
3179         * heap/Heap.cpp:
3180         * heap/Heap.h:
3181         (Heap):
3182         * heap/IncrementalSweeper.cpp:
3183         (JSC::IncrementalSweeper::doSweep):
3184         (JSC::IncrementalSweeper::startSweeping):
3185         (JSC::IncrementalSweeper::IncrementalSweeper):
3186         (JSC):
3187         * heap/IncrementalSweeper.h:
3188         (IncrementalSweeper):
3189         * heap/MarkedAllocator.cpp:
3190         (JSC::MarkedAllocator::tryAllocateHelper):
3191         (JSC::MarkedAllocator::addBlock):
3192         * heap/MarkedAllocator.h:
3193         (JSC::MarkedAllocator::zapFreeList):
3194         * heap/MarkedBlock.cpp:
3195         (JSC::MarkedBlock::sweepHelper):
3196         * heap/MarkedSpace.cpp:
3197         * heap/MarkedSpace.h:
3198         (JSC::MarkedSpace::sweep):
3199         (JSC):
3200         * runtime/JSGlobalData.cpp:
3201         (JSC::JSGlobalData::~JSGlobalData):
3202
3203 2012-07-30  Mark Hahnenberg  <mhahnenberg@apple.com>
3204
3205         Structures should be swept after all other objects
3206         https://bugs.webkit.org/show_bug.cgi?id=92679
3207
3208         Reviewed by Filip Pizlo.
3209
3210         In order to get rid of ClassInfo from our objects, we need to be able to safely get the 
3211         ClassInfo during the destruction of objects. We'd like to get the ClassInfo out of the 
3212         Structure, but currently it is not safe to do so because the order of destruction of objects 
3213         is not guaranteed to sweep objects before their corresponding Structure. We can fix this by 
3214         sweeping Structures after everything else.
3215
3216         * heap/Heap.cpp:
3217         (JSC::Heap::isSafeToSweepStructures): Add a function that checks if it is safe to sweep Structures.
3218         If the Heap's IncrementalSweeper member is null, that means we're shutting down this VM and it is 
3219         safe to sweep structures since we'll always do Structures last anyways due to the ordering of 
3220         MarkedSpace::forEachBlock.
3221         (JSC):
3222         (JSC::Heap::didStartVMShutdown): Add this intermediate function to the Heap that ~JSGlobalData now
3223         calls rather than calling the two HeapTimer objects individually. This allows the Heap to null out 
3224         these pointers after it has invalidated them to prevent accidental use-after-free in the sweep() 
3225         calls during lastChanceToFinalize().
3226         * heap/Heap.h:
3227         (Heap):
3228         * heap/HeapTimer.h:
3229         (HeapTimer):
3230         * heap/IncrementalSweeper.cpp:
3231         (JSC::IncrementalSweeper::structuresCanBeSwept): Determines if it is currently safe to sweep Structures.
3232         This decision is based on whether we have gotten to the end of the vector of blocks that need sweeping
3233         the first time.
3234         (JSC):
3235         (JSC::IncrementalSweeper::doSweep): We add a second pass over the vector to sweep Structures after we 
3236         make our first pass. We now null out the slots as we sweep them so that we can quickly find the 
3237         Structures during the second pass.
3238         (JSC::IncrementalSweeper::startSweeping): Initialize our new Structure sweeping index.
3239         (JSC::IncrementalSweeper::willFinishSweeping): Callback that is called by MarkedSpace::sweep to notify 
3240         the IncrementalSweeper that we are going to sweep all of the remaining blocks in the Heap so it can 
3241         assume that everything is taken care of in the correct order. Since MarkedSpace::forEachBlock 
3242         iterates over the Structure blocks after all other blocks, the ordering property for sweeping Structures holds.
3243         (JSC::IncrementalSweeper::IncrementalSweeper): Initialize Structure sweeping index.
3244         * heap/IncrementalSweeper.h: Add declarations for new stuff.
3245         (IncrementalSweeper):
3246         * heap/MarkedAllocator.cpp:
3247         (JSC::MarkedAllocator::tryAllocateHelper): We now check if the current block only contains structures and 
3248         if so and it isn't safe to sweep Structures according to the Heap, we just return early instead of doing 
3249         the normal lazy sweep. If this proves to be too much of a waste in the future we can add an extra clause that 
3250         will sweep some number of other blocks in place of the current block to mitigate the cost of the floating 
3251         Structure garbage.
3252         (JSC::MarkedAllocator::addBlock):
3253         * heap/MarkedAllocator.h:
3254         (JSC::MarkedAllocator::zapFreeList): When we zap the free list in the MarkedAllocator, the current block is no 
3255         longer valid to allocate from, so we set the current block to null.
3256         * heap/MarkedBlock.cpp:
3257         (JSC::MarkedBlock::sweepHelper): Added a couple assertions to make sure that we weren't trying to sweep Structures
3258         at an unsafe time.
3259         * heap/MarkedSpace.cpp:
3260         (JSC::MarkedSpace::sweep): Notify the IncrementalSweeper that the MarkedSpace will finish all currently remaining sweeping.
3261         (JSC): 
3262         * heap/MarkedSpace.h:
3263         (JSC):
3264         * runtime/JSGlobalData.cpp:
3265         (JSC::JSGlobalData::~JSGlobalData): Call the new Heap::didStartVMShutdown.
3266
3267 2012-07-29  Filip Pizlo  <fpizlo@apple.com>
3268
3269         PropertyNameArray::m_shouldCache is only assigned and never used
3270         https://bugs.webkit.org/show_bug.cgi?id=92598
3271
3272         Reviewed by Dan Bernstein.
3273
3274         * runtime/PropertyNameArray.h:
3275         (JSC::PropertyNameArray::PropertyNameArray):
3276         (PropertyNameArray):
3277
3278 2012-07-29  Rik Cabanier  <cabanier@adobe.com>
3279
3280         Add ENABLE_CSS_COMPOSITING flag
3281         https://bugs.webkit.org/show_bug.cgi?id=92553
3282
3283         Reviewed by Dirk Schulze.
3284
3285         Adds compiler flag CSS_COMPOSITING to build systems to enable CSS blending and compositing. See spec https://dvcs.w3.org/hg/FXTF/rawfile/tip/compositing/index.html
3286
3287         * Configurations/FeatureDefines.xcconfig:
3288
3289 2012-07-27  Mark Hahnenberg  <mhahnenberg@apple.com>
3290
3291         Split functionality of MarkedAllocator::m_currentBlock
3292         https://bugs.webkit.org/show_bug.cgi?id=92550
3293
3294         Reviewed by Filip Pizlo.
3295
3296         MarkedAllocator::m_currentBlock serves two purposes right now; it indicates the block that is currently 
3297         being used for allocation and the beginning of the list of blocks that need to be swept. We should split 
3298         these two functionalities into two separate fields.
3299
3300         * heap/MarkedAllocator.cpp:
3301         (JSC::MarkedAllocator::tryAllocateHelper): Use m_blocksToSweep instead of m_currentBlock as the 
3302         initializer/reference of the loop. Only change m_currentBlock when we know what the result will be.
3303         (JSC::MarkedAllocator::addBlock): When we add a new block we know that both m_blocksToSweep and 
3304         m_currentBlock are null. In order to preserve the invariant that m_currentBlock <= m_blocksToSweep, 
3305         we assign both of them to point to the new block.
3306         (JSC::MarkedAllocator::removeBlock): We need a separate check to see if the block we're removing is 
3307         m_blocksToSweep and if so, advance it to the next block in the list.
3308         * heap/MarkedAllocator.h:
3309         (MarkedAllocator): Initialize m_blocksToSweep.
3310         (JSC::MarkedAllocator::MarkedAllocator):
3311         (JSC::MarkedAllocator::reset): We set m_blocksToSweep to be the head of our list. This function is called
3312         at the end of a collection, so all of the blocks in our allocator need to be swept. We need to sweep a 
3313         block before we can start allocating, so m_currentBlock is set to null. We also set the freeList to 
3314         the empty FreeList to emphasize the fact that we can't start allocating until we do some sweeping.
3315
3316 2012-07-27  Mark Hahnenberg  <mhahnenberg@apple.com>
3317
3318         Increase inline storage for JSFinalObjects by one
3319         https://bugs.webkit.org/show_bug.cgi?id=92526
3320
3321         Reviewed by Geoffrey Garen.
3322
3323         Now that we've removed the inheritorID from objects, we can increase our inline storage for JSFinalObjects on 
3324         64-bit platforms by 1.
3325
3326         * llint/LowLevelInterpreter.asm: Change the constant.
3327         * runtime/PropertyOffset.h: Change the constant.
3328         (JSC):
3329
3330 2012-07-27  Jer Noble  <jer.noble@apple.com>
3331
3332         Support a rational time class for use by media elements.
3333         https://bugs.webkit.org/show_bug.cgi?id=88787
3334
3335         Re-export WTF::MediaTime from JavaScriptCore.
3336
3337         Reviewed by Eric Carlson.
3338
3339         * JavaScriptCore.order:
3340         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3341
3342 2012-07-26  Filip Pizlo  <fpizlo@apple.com>
3343
3344         JSObject::reallocateStorageIfNecessary is neither used nor defined
3345         https://bugs.webkit.org/show_bug.cgi?id=92417
3346
3347         Reviewed by Mark Rowe.
3348
3349         * runtime/JSObject.h:
3350         (JSObject):
3351
3352 2012-07-26  Mark Hahnenberg  <mhahnenberg@apple.com>
3353
3354         Allocate Structures in a separate part of the Heap
3355         https://bugs.webkit.org/show_bug.cgi?id=92420
3356
3357         Reviewed by Filip Pizlo.
3358
3359         To fix our issue with destruction/finalization of Structures before their objects, we can move Structures to a separate 
3360         part of the Heap that will be swept after all other objects. This first patch will just be separating Structures 
3361         out into their own separate MarkedAllocator. Everything else will behave identically.
3362
3363         * heap/Heap.h: New function to allocate Structures in the Heap.
3364         (Heap):
3365         (JSC):
3366         (JSC::Heap::allocateStructure):
3367         * heap/MarkedAllocator.cpp: Pass whether or not we're allocated Structures to the MarkedBlock.
3368         (JSC::MarkedAllocator::allocateBlock):
3369         * heap/MarkedAllocator.h: Add tracking for whether or not we're allocating only Structures.
3370         (JSC::MarkedAllocator::onlyContainsStructures):
3371         (MarkedAllocator):
3372         (JSC::MarkedAllocator::MarkedAllocator):
3373         (JSC::MarkedAllocator::init):
3374         * heap/MarkedBlock.cpp: Add tracking for whether or not we're allocating only Structures. We need this to be able to 
3375         distinguish the various MarkedBlock types in MarkedSpace::allocatorFor(MarkedBlock*).
3376         (JSC::MarkedBlock::create):
3377         (JSC::MarkedBlock::MarkedBlock):
3378         * heap/MarkedBlock.h:
3379         (MarkedBlock):
3380         (JSC::MarkedBlock::onlyContainsStructures):
3381         (JSC):
3382         * heap/MarkedSpace.cpp: Include the new Structure allocator in all the places that all the other allocators are used/modified.
3383         (JSC::MarkedSpace::MarkedSpace):
3384         (JSC::MarkedSpace::resetAllocators):
3385         (JSC::MarkedSpace::canonicalizeCellLivenessData):
3386         (JSC::MarkedSpace::isPagedOut):
3387         * heap/MarkedSpace.h: Add new MarkedAllocator just for Structures.
3388         (MarkedSpace):
3389         (JSC::MarkedSpace::allocatorFor):
3390         (JSC::MarkedSpace::allocateStructure):
3391         (JSC):
3392         (JSC::MarkedSpace::forEachBlock):
3393         * runtime/Structure.h: Move all of the functions that call allocateCell<Structure> down below the explicit template specialization
3394         for allocateCell<Structure>. The new inline specialization for allocateCell directly calls the allocateStructure() function in the
3395         Heap.
3396         (Structure):
3397         (JSC::Structure):
3398         (JSC):
3399         (JSC::Structure::create):
3400         (JSC::Structure::createStructure):
3401
3402 2012-07-26  Filip Pizlo  <fpizlo@apple.com>
3403
3404         JSArray has methods that are neither used nor defined
3405         https://bugs.webkit.org/show_bug.cgi?id=92416
3406
3407         Reviewed by Simon Fraser.
3408
3409         * runtime/JSArray.h:
3410         (JSArray):
3411
3412 2012-07-26  Zoltan Herczeg  <zherczeg@webkit.org>
3413
3414         [Qt][ARM]ARMAssembler needs buildfix afert r123417
3415         https://bugs.webkit.org/show_bug.cgi?id=92086
3416
3417         Reviewed by Csaba Osztrogonác.
3418
3419         The ARM implementation of this should be optimized code path
3420         is covered by a non-optimized code path. This patch fixes this,
3421         and adds a new function which returns with the offset range.
3422
3423         * assembler/ARMAssembler.h:
3424         (JSC::ARMAssembler::readPointer):
3425         (ARMAssembler):
3426         (JSC::ARMAssembler::repatchInt32):
3427         (JSC::ARMAssembler::repatchCompact):
3428         * assembler/MacroAssemblerARM.h:
3429         (MacroAssemblerARM):
3430         (JSC::MacroAssemblerARM::isCompactPtrAlignedAddressOffset):
3431         (JSC::MacroAssemblerARM::load32WithCompactAddressOffsetPatch):
3432
3433 2012-07-25  Mark Hahnenberg  <mhahnenberg@apple.com>
3434
3435         Build fix for 32-bit after r123682
3436
3437         * runtime/JSObject.h: Need to pad out JSObjects on 32-bit so that they're the correct size since
3438         we only removed one 4-byte word and we need to be 8-byte aligned.
3439         (JSObject):
3440
3441 2012-07-25  Filip Pizlo  <fpizlo@apple.com>
3442
3443         JSC GC object copying APIs should allow for greater flexibility
3444         https://bugs.webkit.org/show_bug.cgi?id=92316
3445
3446         Reviewed by Mark Hahnenberg.
3447
3448         It's now the case that visitChildren() methods can directly pin and allocate in new space during copying.
3449         They can also do the copying and marking themselves. This new API is only used for JSObjects for now.
3450
3451         * JavaScriptCore.xcodeproj/project.pbxproj:
3452         * heap/MarkStack.cpp:
3453         (JSC::SlotVisitor::allocateNewSpaceSlow):
3454         (JSC::SlotVisitor::allocateNewSpaceOrPin):
3455         (JSC):
3456         (JSC::SlotVisitor::copyAndAppend):
3457         * heap/MarkStack.h:
3458         (MarkStack):
3459         (JSC::MarkStack::appendUnbarrieredValue):
3460         (JSC):
3461         * heap/SlotVisitor.h:
3462         * heap/SlotVisitorInlineMethods.h: Added.
3463         (JSC):
3464         (JSC::SlotVisitor::checkIfShouldCopyAndPinOtherwise):
3465         (JSC::SlotVisitor::allocateNewSpace):
3466         * runtime/JSObject.cpp:
3467         (JSC::JSObject::visitOutOfLineStorage):
3468         (JSC):
3469         (JSC::JSObject::visitChildren):
3470         (JSC::JSFinalObject::visitChildren):
3471         * runtime/JSObject.h:
3472         (JSObject):
3473
3474 2012-07-25  Mark Hahnenberg  <mhahnenberg@apple.com>
3475
3476         Remove JSObject::m_inheritorID
3477         https://bugs.webkit.org/show_bug.cgi?id=88378
3478
3479         Reviewed by Filip Pizlo.
3480
3481         This is rarely used, and not performance critical (the commonly accessed copy is cached on JSFunction),
3482         and most objects don't need an inheritorID (this value is only used if the object is used as a prototype).
3483         Instead use a private named value in the object's property storage.
3484
3485         * dfg/DFGSpeculativeJIT.h:
3486         (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): No need m_inheritorID to initialize!
3487         * jit/JITInlineMethods.h:
3488         (JSC::JIT::emitAllocateBasicJSObject): No need m_inheritorID to initialize!
3489         * llint/LowLevelInterpreter.asm: No need m_inheritorID to initialize!
3490         * runtime/JSGlobalData.h:
3491         (JSGlobalData): Added private name 'm_inheritorIDKey'.
3492         * runtime/JSGlobalThis.cpp:
3493         (JSC::JSGlobalThis::setUnwrappedObject): resetInheritorID is now passed a JSGlobalData&.
3494         * runtime/JSObject.cpp:
3495         (JSC::JSObject::visitChildren): No m_inheritorID to be marked.
3496         (JSC::JSFinalObject::visitChildren): No m_inheritorID to be marked.
3497         (JSC::JSObject::createInheritorID): Store the newly created inheritorID in the property map. Make sure 
3498         it's got the DontEnum attribute!!
3499         * runtime/JSObject.h:
3500         (JSObject):
3501         (JSC::JSObject::resetInheritorID): Remove the inheritorID from property storage.
3502         (JSC):
3503         (JSC::JSObject::inheritorID): Read the inheritorID from property storage.
3504
3505 2012-07-25  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>
3506
3507         Create a specialized pair for use in HashMap iterators
3508         https://bugs.webkit.org/show_bug.cgi?id=92137
3509
3510         Reviewed by Ryosuke Niwa.
3511
3512         Update a couple of sites that relied on the fact that "contents" of iterators were
3513         std::pairs.
3514
3515         * profiler/Profile.cpp:
3516         (JSC): This code kept a vector of the pairs that were the "contents" of the iterators. This
3517         is changed to use a KeyValuePair. We make use HashCount's ValueType (which represents only
3518         the key) to get the proper key parameter for KeyValuePair.
3519         * tools/ProfileTreeNode.h:
3520         (ProfileTreeNode): Use HashMap::ValueType to declare the type of the contents of the hash
3521         instead of declaring it manually. This will make use of the new KeyValuePair.
3522
3523 2012-07-25  Patrick Gansterer  <paroga@webkit.org>
3524
3525         REGRESSION(r123505): Date.getYear() returns the same as Date.getFullYear()
3526         https://bugs.webkit.org/show_bug.cgi?id=92218
3527
3528         Reviewed by Csaba Osztrogonác.
3529
3530         * runtime/DatePrototype.cpp:
3531         (JSC::dateProtoFuncGetYear): Added the missing offset of 1900 to the return value.
3532
3533 2012-07-24  Filip Pizlo  <fpizlo@apple.com>
3534
3535         REGRESSION(r123417): It made tests assert/crash on 32 bit
3536         https://bugs.webkit.org/show_bug.cgi?id=92088
3537
3538         Reviewed by Mark Hahnenberg.
3539
3540         The pointer arithmetic was wrong, because negative numbers are hard to think about.
3541
3542         * dfg/DFGRepatch.cpp:
3543         (JSC::DFG::emitPutTransitionStub):
3544         * dfg/DFGSpeculativeJIT.cpp:
3545         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
3546
3547 2012-07-24  Patrick Gansterer  <paroga@webkit.org>
3548
3549         Store the full year in GregorianDateTime
3550         https://bugs.webkit.org/show_bug.cgi?id=92067
3551
3552         Reviewed by Geoffrey Garen.
3553
3554         Use the full year instead of the offset from year 1900
3555         for the year member variable of GregorianDateTime.
3556
3557         * runtime/DateConstructor.cpp:
3558         (JSC::constructDate):
3559         (JSC::dateUTC):
3560         * runtime/DateConversion.cpp:
3561         (JSC::formatDate):
3562         (JSC::formatDateUTCVariant):
3563         * runtime/DatePrototype.cpp:
3564         (JSC::formatLocaleDate):
3565         (JSC::fillStructuresUsingDateArgs):
3566         (JSC::dateProtoFuncToISOString):
3567         (JSC::dateProtoFuncGetFullYear):
3568         (JSC::dateProtoFuncGetUTCFullYear):
3569         (JSC::dateProtoFuncSetYear):
3570         * runtime/JSDateMath.cpp:
3571         (JSC::gregorianDateTimeToMS):
3572         (JSC::msToGregorianDateTime):
3573
3574 2012-07-24  Patrick Gansterer  <paroga@webkit.org>
3575
3576         [WIN] Build fix after r123417.
3577
3578         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3579
3580 2012-07-23  Patrick Gansterer  <paroga@webkit.org>
3581
3582         Move GregorianDateTime from JSC to WTF namespace
3583         https://bugs.webkit.org/show_bug.cgi?id=91948
3584
3585         Reviewed by Geoffrey Garen.
3586
3587         Moving GregorianDateTime into the WTF namespace allows us to us to
3588         use it in WebCore too. The new class has the same behaviour as the
3589         old struct. Only the unused timeZone member has been removed.
3590
3591         * runtime/DateConstructor.cpp:
3592         * runtime/DateConversion.cpp:
3593         * runtime/DateConversion.h:
3594         * runtime/DateInstance.h:
3595         * runtime/DatePrototype.cpp:
3596         * runtime/JSDateMath.cpp:
3597         * runtime/JSDateMath.h:
3598
3599 2012-07-23  Filip Pizlo  <fpizlo@apple.com>
3600
3601         Property storage should grow in reverse address direction, to support butterflies
3602         https://bugs.webkit.org/show_bug.cgi?id=91788
3603
3604         Reviewed by Geoffrey Garen.
3605
3606         Changes property storage to grow to the left, and changes the property storage pointer to point
3607         one 8-byte word (i.e. JSValue) to the right of the first value in the storage.
3608         
3609         Also improved debug support somewhat, by adding a describe() function to the jsc command-line,
3610         and a slow mode of object access in LLInt.
3611
3612         * assembler/ARMv7Assembler.h:
3613         (JSC::ARMv7Assembler::repatchCompact):
3614         * assembler/MacroAssemblerARMv7.h:
3615         (MacroAssemblerARMv7):
3616         (JSC::MacroAssemblerARMv7::isCompactPtrAlignedAddressOffset):
3617         (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):
3618         * assembler/MacroAssemblerX86Common.h:
3619         (JSC::MacroAssemblerX86Common::isCompactPtrAlignedAddressOffset):
3620         (JSC::MacroAssemblerX86Common::repatchCompact):
3621         * assembler/X86Assembler.h:
3622         (JSC::X86Assembler::repatchCompact):
3623         * bytecode/CodeBlock.cpp:
3624         (JSC::dumpStructure):
3625         * bytecode/GetByIdStatus.h:
3626         (JSC::GetByIdStatus::GetByIdStatus):
3627         * dfg/DFGOperations.cpp:
3628         * dfg/DFGOperations.h:
3629         * dfg/DFGRepatch.cpp:
3630         (JSC::DFG::tryCacheGetByID):
3631         (JSC::DFG::emitPutTransitionStub):
3632         * dfg/DFGSpeculativeJIT.cpp:
3633         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
3634         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
3635         * dfg/DFGSpeculativeJIT.h:
3636         (JSC::DFG::SpeculativeJIT::callOperation):
3637         * dfg/DFGSpeculativeJIT32_64.cpp:
3638         (JSC::DFG::SpeculativeJIT::compile):
3639         * dfg/DFGSpeculativeJIT64.cpp:
3640         (JSC::DFG::SpeculativeJIT::compile):
3641         * heap/ConservativeRoots.cpp:
3642         (JSC::ConservativeRoots::genericAddPointer):
3643         * heap/CopiedSpace.h:
3644         (CopiedSpace):
3645         * heap/CopiedSpaceInlineMethods.h:
3646         (JSC::CopiedSpace::pinIfNecessary):
3647         (JSC):
3648         * jit/JITPropertyAccess.cpp:
3649         (JSC::JIT::compileGetDirectOffset):
3650         * jit/JITPropertyAccess32_64.cpp:
3651         (JSC::JIT::compileGetDirectOffset):
3652         * jit/JITStubs.cpp:
3653         (JSC::JITThunks::tryCacheGetByID):
3654         * jsc.cpp:
3655         (GlobalObject::finishCreation):
3656         (functionDescribe):
3657         * llint/LLIntCommon.h:
3658         * llint/LLIntSlowPaths.cpp:
3659         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3660         * llint/LowLevelInterpreter32_64.asm:
3661         * llint/LowLevelInterpreter64.asm:
3662         * runtime/JSObject.cpp:
3663         (JSC::JSObject::visitChildren):
3664         (JSC::JSFinalObject::visitChildren):
3665         (JSC::JSObject::growOutOfLineStorage):
3666         * runtime/JSObject.h:
3667         (JSC::JSObject::getDirectLocation):
3668         (JSC::JSObject::offsetForLocation):
3669         * runtime/JSValue.h:
3670         (JSValue):
3671         * runtime/PropertyOffset.h:
3672         (JSC::offsetInOutOfLineStorage):
3673
3674 2012-07-23  Filip Pizlo  <fpizlo@apple.com>
3675
3676         DFG is too aggressive in performing the specific value optimization on loads
3677         https://bugs.webkit.org/show_bug.cgi?id=92034
3678
3679         Reviewed by Mark Hahnenberg.
3680
3681         This ensures that we don't do optimizations based on a structure having a specific
3682         value, if there is no way to detect that the value is despecified. This is the
3683         case for dictionaries, since despecifying a value in a dictionary does not lead to
3684         a transition and so cannot be caught by either structure checks or structure
3685         transition watchpoints.
3686
3687         * bytecode/GetByIdStatus.cpp:
3688         (JSC::GetByIdStatus::computeFromLLInt):
3689         (JSC::GetByIdStatus::computeForChain):
3690         (JSC::GetByIdStatus::computeFor):
3691         * bytecode/ResolveGlobalStatus.cpp:
3692         (JSC::computeForStructure):
3693
3694 2012-07-23  Filip Pizlo  <fpizlo@apple.com>
3695
3696         REGRESSION(r123169): It made fast/js/dfg-inline-arguments-use-from-uninlined-code.html fail on 32 bit platforms
3697         https://bugs.webkit.org/show_bug.cgi?id=92002
3698
3699         Reviewed by Mark Hahnenberg.
3700         
3701         In the process of changing the nature of local variable typing, I forgot to modify one of the places where
3702         we glue the DFG's notion of variable prediction to the runtime's notion of variable tagging.
3703
3704         * dfg/DFGSpeculativeJIT.cpp:
3705         (JSC::DFG::SpeculativeJIT::compile):
3706
3707 2012-07-23  Simon Fraser  <simon.fraser@apple.com>
3708
3709         Part 2 of: Implement sticky positioning
3710         https://bugs.webkit.org/show_bug.cgi?id=90046
3711
3712         Reviewed by Ojan Vafai.
3713
3714         Turn on ENABLE_CSS_STICKY_POSITION.
3715
3716         * Configurations/FeatureDefines.xcconfig:
3717
3718 2012-07-23  Patrick Gansterer  <paroga@webkit.org>
3719
3720         Move JSC::parseDate() from DateConversion to JSDateMath
3721         https://bugs.webkit.org/show_bug.cgi?id=91982
3722
3723         Reviewed by Geoffrey Garen.
3724
3725         Moveing this function into the other files removes the dependency
3726         on JSC spcific classes in DateConversion.{cpp|h}.
3727
3728         * runtime/DateConversion.cpp:
3729         * runtime/DateConversion.h:
3730         (JSC):
3731         * runtime/JSDateMath.cpp:
3732         (JSC::parseDate):
3733         (JSC):
3734         * runtime/JSDateMath.h:
3735         (JSC):
3736
3737 2012-07-23  Simon Fraser  <simon.fraser@apple.com>
3738
3739         Part 1 of: Implement sticky positioning
3740         https://bugs.webkit.org/show_bug.cgi?id=90046
3741
3742         Reviewed by Ojan Vafai.
3743
3744         Add ENABLE_CSS_STICKY_POSITION, defaulting to off initially.
3745         
3746         Sort the ENABLE_CSS lines in the file. Make sure all the flags
3747         are in FEATURE_DEFINES.
3748
3749         * Configurations/FeatureDefines.xcconfig:
3750
3751 2012-07-23  Yong Li  <yoli@rim.com>
3752
3753         [BlackBerry] Implement GCActivityCallback with platform timer
3754         https://bugs.webkit.org/show_bug.cgi?id=90175
3755
3756         Reviewed by Rob Buis.
3757
3758         Use JSLock when performing GC to avoid assertions.
3759
3760         * runtime/GCActivityCallbackBlackBerry.cpp:
3761         (JSC::DefaultGCActivityCallback::doWork):
3762
3763 2012-07-23  Kent Tamura  <tkent@chromium.org>
3764
3765         Rename ENABLE_METER_TAG and ENABLE_PROGRESS_TAG to ENABLE_METER_ELEMENT and ENABLE_PROGRESS_ELEMENT respectively
3766         https://bugs.webkit.org/show_bug.cgi?id=91941
3767
3768         Reviewed by Kentaro Hara.
3769
3770         A flag name for an elmement should be ENABLE_*_ELEMENT.
3771
3772         * Configurations/FeatureDefines.xcconfig:
3773
3774 2012-07-22  Kent Tamura  <tkent@chromium.org>
3775
3776         Rename ENABLE_DETAILS to ENABLE_DETAILS_ELEMENT
3777         https://bugs.webkit.org/show_bug.cgi?id=91928
3778
3779         Reviewed by Kentaro Hara.
3780
3781         A flag name for an elmement should be ENABLE_*_ELEMENT.
3782
3783         * Configurations/FeatureDefines.xcconfig:
3784
3785 2012-07-21  Patrick Gansterer  <paroga@webkit.org>
3786
3787         [WIN] Use GetDateFormat and GetTimeFormat instead of strftime
3788         https://bugs.webkit.org/show_bug.cgi?id=83436
3789
3790         Reviewed by Brent Fulgham.
3791
3792         The MS CRT implementation of strftime calls the same two functions.
3793         Using them directly avoids the overhead of parsing the format string and removes
3794         the dependency on strftime() for WinCE where this function does not exist.
3795
3796         * runtime/DatePrototype.cpp:
3797         (JSC::formatLocaleDate):
3798
3799 2012-07-20  Kent Tamura  <tkent@chromium.org>
3800
3801         Rename ENABLE_DATALIST to ENABLE_DATALIST_ELEMENT
3802         https://bugs.webkit.org/show_bug.cgi?id=91846
3803
3804         Reviewed by Kentaro Hara.
3805
3806         A flag name for an elmement should be ENABLE_*_ELEMENT.
3807
3808         * Configurations/FeatureDefines.xcconfig:
3809
3810 2012-07-20  Han Shen  <shenhan@google.com>
3811
3812         [Chromium] Compilation fails under gcc 4.7
3813         https://bugs.webkit.org/show_bug.cgi?id=90227
3814
3815         Reviewed by Tony Chang.
3816
3817         Disable warnings about c++0x compatibility in gcc newer than 4.6.
3818
3819         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3820
3821 2012-07-18  Filip Pizlo  <fpizlo@apple.com>
3822
3823         DFG cell checks should be hoisted
3824         https://bugs.webkit.org/show_bug.cgi?id=91717
3825
3826         Reviewed by Geoffrey Garen.
3827
3828         The DFG has always had the policy of hoisting array and integer checks to
3829         the point of variable assignment. Eventually, we added doubles and booleans
3830         to the mix. But cells should really be part of this as well, particularly
3831         for 32-bit where accessing a known-type variable is dramatically cheaper
3832         than accessing a variable whose types is only predicted but otherwise
3833         unproven.
3834         
3835         This appears to be a definite speed-up for V8 on 32-bit, a possible speed-up
3836         for Kraken, and a possible slow-down for V8 on 64-bit (around 0.2% if at
3837         all). Any slow-downs can, and should, be addressed by making the hoisting
3838         logic cognizant of variables that are never used in a manner that requires
3839         type checks, and by sinking argument checks to the point(s) of first use.
3840         
3841         To make this work I had to change some OSR machinery, and special-case the
3842         type predictions of the 'this' argument for constructors. OSR exit normally
3843         assumes that arguments are boxed, which happens to be true because the
3844         type prediction used for check hoisting is LUB'd with the type of the
3845         argument that was passed in - so either the arguments are always stored to
3846         with the full tag+payload, or if only the payload is stored then the tag
3847         matches whatever the caller would have set. But not so with the 'this'
3848         argument for constructors, which is not initialized by the caller. We
3849         could make this more precise by having argument types for OSR be inferred
3850         using similar machinery to other locals, but I figured that for this patch
3851         I should use the surgical fix.
3852
3853         * assembler/MacroAssemblerX86_64.h:
3854         (JSC::MacroAssemblerX86_64::branchTestPtr):
3855         (MacroAssemblerX86_64):
3856         * assembler/X86Assembler.h:
3857         (JSC::X86Assembler::testq_rm):
3858         (X86Assembler):
3859         * dfg/DFGAbstractState.cpp:
3860         (JSC::DFG::AbstractState::initialize):
3861         (JSC::DFG::AbstractState::execute):
3862         * dfg/DFGDriver.cpp:
3863         (JSC::DFG::compile):
3864         * dfg/DFGGraph.h:
3865         (JSC::DFG::Graph::isCreatedThisArgument):
3866         (Graph):
3867         * dfg/DFGSpeculativeJIT.cpp:
3868         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
3869         * dfg/DFGSpeculativeJIT32_64.cpp:
3870         (JSC::DFG::SpeculativeJIT::compile):
3871         * dfg/DFGSpeculativeJIT64.cpp:
3872         (JSC::DFG::SpeculativeJIT::compile):
3873         * dfg/DFGValueSource.h:
3874         (JSC::DFG::ValueSource::forSpeculation):
3875
3876 2012-07-19  Filip Pizlo  <fpizlo@apple.com>
3877
3878         Fast path of storage resize should be removed from property storage reallocation, since it is only useful for arrays
3879         https://bugs.webkit.org/show_bug.cgi?id=91796
3880
3881         Reviewed by Geoffrey Garen.
3882
3883         * dfg/DFGRepatch.cpp:
3884         (JSC::DFG::emitPutTransitionStub):
3885         * dfg/DFGSpeculativeJIT.cpp:
3886         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
3887         * runtime/JSObject.cpp:
3888         (JSC::JSObject::growOutOfLineStorage):
3889
3890 2012-07-19  Mark Lam  <mark.lam@apple.com>
3891
3892         Bug fixes and enhancements for OfflineASM annotation system.
3893         https://bugs.webkit.org/show_bug.cgi?id=91690
3894
3895         Reviewed by Filip Pizlo.
3896
3897         * offlineasm/armv7.rb: added default handling of Instruction lower().
3898         * offlineasm/asm.rb: added more support for annotations and more pretty printing.
3899         * offlineasm/ast.rb: added more support for annotations.
3900         * offlineasm/config.rb: added $preferredCommentStartColumn, simplified $enableInstrAnnotations.
3901         * offlineasm/parser.rb: added more support for annotations.
3902         * offlineasm/transform.rb: added more support for annotations.
3903         * offlineasm/x86.rb: added default handling of Instruction lower().
3904
3905 2012-07-19  Patrick Gansterer  <paroga@webkit.org>
3906
3907         [WIN] Fix compilation of JSGlobalData.h with ENABLE(DFG_JIT)
3908         https://bugs.webkit.org/show_bug.cgi?id=91243
3909
3910         Reviewed by Geoffrey Garen.
3911
3912         Disable MSVC warning 4200 "zero-sized array in struct/union" for JSC::ScratchBuffer.
3913
3914         * runtime/JSGlobalData.h:
3915         (JSC):
3916
3917 2012-07-19  Mark Lam  <mark.lam@apple.com>
3918
3919         Fixed broken ENABLE_JIT=0 build.
3920         https://bugs.webkit.org/show_bug.cgi?id=91725
3921
3922         Reviewed by Oliver Hunt.
3923
3924         * bytecode/Watchpoint.cpp:
3925         * heap/JITStubRoutineSet.h:
3926         (JSC):
3927         (JITStubRoutineSet):
3928         (JSC::JITStubRoutineSet::JITStubRoutineSet):
3929         (JSC::JITStubRoutineSet::~JITStubRoutineSet):
3930         (JSC::JITStubRoutineSet::add):
3931         (JSC::JITStubRoutineSet::clearMarks):
3932         (JSC::JITStubRoutineSet::mark):
3933         (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
3934         (JSC::JITStubRoutineSet::traceMarkedStubRoutines):
3935
3936 2012-07-19  Kristóf Kosztyó  <kkristof@inf.u-szeged.hu>
3937
3938         [Qt] Unreviewed buildfix after r123042.
3939
3940         * interpreter/Interpreter.cpp:
3941         (JSC::Interpreter::dumpRegisters):
3942
3943 2012-07-18  Filip Pizlo  <fpizlo@apple.com>
3944
3945         DFG should emit inline code for property storage (re)allocation
3946         https://bugs.webkit.org/show_bug.cgi?id=91597
3947
3948         Reviewed by Oliver Hunt.
3949
3950         This adds two new ops to the DFG IR: AllocatePropertyStorage and
3951         ReallocatePropertyStorage. It enables these to interact properly with
3952         CSE so that a GetPropertyStorage on something for which we have
3953         obviously done a (Re)AllocatePropertyStorage will result in the
3954         GetPropertyStorage being eliminated. Other than that, the code
3955         emitted for these ops is identical to the code we were emitting in
3956         the corresponding PutById stub.
3957
3958         * dfg/DFGAbstractState.cpp:
3959         (JSC::DFG::AbstractState::execute):
3960         * dfg/DFGByteCodeParser.cpp:
3961         (JSC::DFG::ByteCodeParser::parseBlock):
3962         * dfg/DFGCSEPhase.cpp:
3963         (JSC::DFG::CSEPhase::putStructureStoreElimination):
3964         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
3965         * dfg/DFGNode.h:
3966         (JSC::DFG::Node::hasStructureTransitionData):
3967         * dfg/DFGNodeType.h:
3968         (DFG):
3969         * dfg/DFGOperations.cpp:
3970         * dfg/DFGOperations.h:
3971         * dfg/DFGPredictionPropagationPhase.cpp:
3972         (JSC::DFG::PredictionPropagationPhase::propagate):
3973         * dfg/DFGSpeculativeJIT.cpp:
3974         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
3975         (DFG):
3976         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
3977         * dfg/DFGSpeculativeJIT.h:
3978         (JSC::DFG::SpeculativeJIT::callOperation):
3979         (SpeculativeJIT):
3980         * dfg/DFGSpeculativeJIT32_64.cpp:
3981         (JSC::DFG::SpeculativeJIT::compile):
3982         * dfg/DFGSpeculativeJIT64.cpp:
3983         (JSC::DFG::SpeculativeJIT::compile):
3984         * runtime/Structure.cpp:
3985         (JSC::nextOutOfLineStorageCapacity):
3986         * runtime/Structure.h:
3987         (JSC):
3988
3989 2012-07-16  Oliver Hunt  <oliver@apple.com>
3990
3991         dumpCallFrame is broken in ToT
3992         https://bugs.webkit.org/show_bug.cgi?id=91444
3993
3994         Reviewed by Gavin Barraclough.
3995
3996         Various changes have been made to the SF calling convention, but
3997         dumpCallFrame has not been updated to reflect these changes.
3998         That resulted in both bogus information, as well as numerous
3999         assertions of sadness.
4000
4001         This patch makes dumpCallFrame actually work again and adds the
4002         wonderful feature of telling you the name of the variable that a
4003         register reflects, or what value it contains.
4004
4005         * bytecode/CodeBlock.cpp:
4006