[Mac] Enable cache partitioning and the public suffix list on 10.8
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-05-29  Jeffrey Pfau  <jpfau@apple.com>
2
3         [Mac] Enable cache partitioning and the public suffix list on 10.8
4         <rdar://problem/13679019>
5
6         Rubber-stamped by David Kilzer.
7
8         * Configurations/FeatureDefines.xcconfig:
9
10 2013-05-28  Brent Fulgham  <bfulgham@apple.com>
11
12         [Windows] Put correct byteCompile symbol in file. Previous version
13         had an extra 'i' appended to the end.
14
15         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
16         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
17
18 2013-05-28  Brent Fulgham  <bfulgham@apple.com>
19
20         [Windows] Unreviewed build fix.  Remove ?byteCompile symbol that
21         is no longer accessible during link.
22
23         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
24         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
25
26 2013-05-28  Gavin Barraclough  <barraclough@apple.com>
27
28         String(new Date(2010,10,1)) is wrong in KRAT, YAKT
29         https://bugs.webkit.org/show_bug.cgi?id=106750
30
31         Reviewed by Darin Adler.
32
33         * runtime/JSDateMath.cpp:
34         (JSC::msToGregorianDateTime):
35             - Additional review comment fix.
36
37 2013-05-28  Brent Fulgham  <bfulgham@apple.com>
38
39         [Windows] Unreviewed build fix after r150833
40
41         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
42         A CR/LF combination was lost in the file, combining two symbols.
43
44 2013-05-27  Gavin Barraclough  <barraclough@apple.com>
45
46         String(new Date(2010,10,1)) is wrong in KRAT, YAKT
47         https://bugs.webkit.org/show_bug.cgi?id=106750
48
49         Reviewed by Darin Adler.
50
51         First part of a fix, simplfy date handling code, instead of operating separately
52         on the UTC-standard and standard-DST offsets, just generate a combined UTC-local
53         offset (this is what we actually need, and what the OS gives us).
54
55         * runtime/JSDateMath.cpp:
56         (JSC::getLocalTimeOffset):
57             - removed getUTCOffset, converted getDSTOffset -> getLocalTimeOffset
58         (JSC::gregorianDateTimeToMS):
59         (JSC::msToGregorianDateTime):
60         (JSC::parseDateFromNullTerminatedCharacters):
61             - call getLocalTimeOffset instead of getUTCOffset/getDSTOffset
62         * runtime/VM.cpp:
63         (JSC::VM::resetDateCache):
64             - removed cachedUTCOffset, converted DSTOffsetCache -> LocalTimeOffsetCache
65         * runtime/VM.h:
66         (JSC::LocalTimeOffsetCache::LocalTimeOffsetCache):
67         (JSC::LocalTimeOffsetCache::reset):
68         (LocalTimeOffsetCache):
69             - removed cachedUTCOffset, converted DSTOffsetCache -> LocalTimeOffsetCache
70
71 2013-05-28  Mark Hahnenberg  <mhahnenberg@apple.com>
72
73         r150199 is very wrong
74         https://bugs.webkit.org/show_bug.cgi?id=116876
75
76         JSValue needs to protect its internal JSValueRef.
77
78         Reviewed by Darin Adler.
79
80         * API/JSValue.mm:
81         (-[JSValue initWithValue:inContext:]):
82         (-[JSValue dealloc]):
83         * API/tests/testapi.mm: Added a simple test to make sure that we protect the
84         underlying JavaScript value across garbage collections.
85
86 2013-05-27  Patrick Gansterer  <paroga@webkit.org>
87
88         Use ICU_INCLUDE_DIRS in BlackBerry CMake files
89         https://bugs.webkit.org/show_bug.cgi?id=116210
90
91         Reviewed by Rob Buis.
92
93         Set and use the ICU_INCLUDE_DIRS variable to avoid
94         duplicated adding of the ICU include directory.
95
96         * PlatformBlackBerry.cmake:
97
98 2013-05-27  Gabor Rapcsanyi  <rgabor@webkit.org>
99
100         MacroAssemblerARM should use xor to swap registers instead of move
101         https://bugs.webkit.org/show_bug.cgi?id=116306
102
103         Reviewed by Zoltan Herczeg.
104
105         Change register swapping to xor from move and this way we don't need
106         temporary register anymore.
107
108         * assembler/MacroAssemblerARM.h:
109         (JSC::MacroAssemblerARM::swap):
110
111 2013-05-25  Filip Pizlo  <fpizlo@apple.com>
112
113         We broke (-2^31/-1)|0 in the DFG
114         https://bugs.webkit.org/show_bug.cgi?id=116767
115
116         Reviewed by Andreas Kling.
117         
118         The bug is that we were assuming that in the -2^31 case, we already had -2^31
119         in the result register. This was a wrong assumption.
120
121         * dfg/DFGSpeculativeJIT.cpp:
122         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
123
124 2013-05-24  Filip Pizlo  <fpizlo@apple.com>
125
126         We broke !(0/0)
127         https://bugs.webkit.org/show_bug.cgi?id=116736
128
129         Reviewed by Gavin Barraclough.
130
131         * parser/ASTBuilder.h:
132         (JSC::ASTBuilder::createLogicalNot):
133         * runtime/JSCJSValueInlines.h:
134         (JSC::JSValue::pureToBoolean):
135
136 2013-05-24  Julien Brianceau  <jbrianceau@nds.com>
137
138         [sh4] Optimize LLINT generated code and fix few bugs in baseline JIT.
139         https://bugs.webkit.org/show_bug.cgi?id=116716
140
141         Reviewed by Geoffrey Garen.
142
143         * assembler/MacroAssemblerSH4.h:
144         (JSC::MacroAssemblerSH4::mul32): Cosmetic changes.
145         (JSC::MacroAssemblerSH4::convertInt32ToDouble): Absolute address was not dereferenced.
146         (JSC::MacroAssemblerSH4::branch32): Absolute address was not dereferenced.
147         (JSC::MacroAssemblerSH4::revertJumpReplacementToBranchPtrWithPatch): Use all 32 bits of pointer for revertJump call.
148         * assembler/SH4Assembler.h:
149         (JSC::SH4Assembler::revertJump): Use changePCrelativeAddress to patch the whole pointer.
150         (JSC::SH4Assembler::linkJump): Cosmetic change.
151         * offlineasm/sh4.rb: Optimize LLINT generated code.
152
153 2013-05-23  Peter Wang  <peter.wang@torchmobile.com.cn>
154
155         CLoop llint backend should not use the d8 register as scratch register
156         https://bugs.webkit.org/show_bug.cgi?id=116019
157
158         Reviewed by Csaba Osztrogonác.
159
160         * offlineasm/cloop.rb:
161
162 2013-05-22  Peter Wang  <peter.wang@torchmobile.com.cn>
163
164         Use uninitialized register in "JIT::emit_op_neq_null" and "emit_op_eq_null"
165         https://bugs.webkit.org/show_bug.cgi?id=116593
166
167         Reviewed by Filip Pizlo.
168
169         Generated instructions using uninitialized register. It's caused by a mistake of r126494.
170
171         * jit/JITOpcodes32_64.cpp:
172         (JSC::JIT::emit_op_eq_null):
173         (JSC::JIT::emit_op_neq_null):
174
175 2013-05-22  Filip Pizlo  <fpizlo@apple.com>
176
177         Fix indentation of CodeBlock.h
178
179         Rubber stampted by Mark Hahnenberg.
180
181         * bytecode/CodeBlock.h:
182
183 2013-05-22  Julien Brianceau  <jbrianceau@nds.com>
184
185         [sh4] Remove MacroAssemblerSH4.cpp file.
186         https://bugs.webkit.org/show_bug.cgi?id=116596.
187
188         Reviewed by Geoffrey Garen.
189
190         Move linkCall and repatchCall implementations from MacroAssemblerSH4.cpp
191         to MacroAssemblerSH4.h and remove MacroAssemblerSH4.cpp, as it is done
192         for other architectures.
193
194         * GNUmakefile.list.am:
195         * JavaScriptCore.xcodeproj/project.pbxproj:
196         * Target.pri:
197         * assembler/MacroAssemblerSH4.cpp: Removed.
198         * assembler/MacroAssemblerSH4.h:
199         (JSC::MacroAssemblerSH4::linkCall):
200         (MacroAssemblerSH4):
201         (JSC::MacroAssemblerSH4::repatchCall):
202
203 2013-05-21  Brent Fulgham  <bfulgham@apple.com>
204
205         [Windows] Unreviewed speculative fix for test-bots.
206
207         Add export declaration for WTFInvokeCrashHook to avoid runtime
208         load error on test bots.
209
210         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
211         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
212
213 2013-05-21  Mark Lam  <mark.lam@apple.com>
214
215         Added missing assert condition for PositiveOrZero in ARM branch32().
216         https://bugs.webkit.org/show_bug.cgi?id=116538.
217
218         Reviewed by Geoffrey Garen.
219
220         * assembler/MacroAssemblerARM.h:
221         (JSC::MacroAssemblerARM::branchAdd32):
222
223 2013-05-20  Mark Hahnenberg  <mhahnenberg@apple.com>
224
225         Disable SuperRegion
226         https://bugs.webkit.org/show_bug.cgi?id=116362
227
228         Rubber stamped by Geoff Garen.
229
230         * heap/Region.h:
231
232 2013-05-20  Oliver Hunt  <oliver@apple.com>
233
234         Make C API more robust against null contexts
235         https://bugs.webkit.org/show_bug.cgi?id=116462
236
237         Reviewed by Anders Carlsson.
238
239         Handle null contexts in a non-crashy way.  It's a bug to ever call the
240         API with a null context, and the absence of a context means we can't
241         produce a meaningful result, so we still assert in debug builds.
242
243         Now where possible we detect and early return, returning null for any
244         pointer type, NaN for doubles, and false for any boolean result.
245
246         * API/JSBase.cpp:
247         (JSEvaluateScript):
248         (JSCheckScriptSyntax):
249         (JSReportExtraMemoryCost):
250         * API/JSContextRef.cpp:
251         (JSContextGetGlobalObject):
252         (JSContextGetGroup):
253         (JSContextGetGlobalContext):
254         (JSContextCreateBacktrace):
255         * API/JSObjectRef.cpp:
256         (JSObjectMake):
257         (JSObjectMakeFunctionWithCallback):
258         (JSObjectMakeConstructor):
259         (JSObjectMakeFunction):
260         (JSObjectMakeArray):
261         (JSObjectMakeDate):
262         (JSObjectMakeError):
263         (JSObjectMakeRegExp):
264         (JSObjectGetPrototype):
265         (JSObjectSetPrototype):
266         (JSObjectHasProperty):
267         (JSObjectGetProperty):
268         (JSObjectSetProperty):
269         (JSObjectGetPropertyAtIndex):
270         (JSObjectSetPropertyAtIndex):
271         (JSObjectDeleteProperty):
272         (JSObjectCopyPropertyNames):
273         * API/JSValueRef.cpp:
274         (JSValueGetType):
275         (JSValueIsUndefined):
276         (JSValueIsNull):
277         (JSValueIsBoolean):
278         (JSValueIsNumber):
279         (JSValueIsString):
280         (JSValueIsObject):
281         (JSValueIsObjectOfClass):
282         (JSValueIsEqual):
283         (JSValueIsStrictEqual):
284         (JSValueIsInstanceOfConstructor):
285         (JSValueMakeUndefined):
286         (JSValueMakeNull):
287         (JSValueMakeBoolean):
288         (JSValueMakeNumber):
289         (JSValueMakeString):
290         (JSValueMakeFromJSONString):
291         (JSValueCreateJSONString):
292         (JSValueToBoolean):
293         (JSValueToNumber):
294         (JSValueToStringCopy):
295         (JSValueToObject):
296         (JSValueProtect):
297         * API/JSWeakObjectMapRefPrivate.cpp:
298
299 2013-05-20  David Kilzer  <ddkilzer@apple.com>
300
301         Synchronize FeatureDefines.xcconfig
302
303         * Configurations/FeatureDefines.xcconfig: Remove
304         ENABLE_LINK_PRERENDER.  This was missed in r150356.
305
306 2013-05-19  Anders Carlsson  <andersca@apple.com>
307
308         Remove link prerendering code
309         https://bugs.webkit.org/show_bug.cgi?id=116415
310
311         Reviewed by Darin Adler.
312
313         This code was only used by Chromium and is dead now.
314
315         * Configurations/FeatureDefines.xcconfig:
316
317 2013-05-18  Patrick Gansterer  <paroga@webkit.org>
318
319         [CMake] Replace *_LIBRARY_NAME with *_OUTPUT_NAME
320         https://bugs.webkit.org/show_bug.cgi?id=114554
321
322         Reviewed by Gyuyoung Kim.
323
324         Using variables as target names is very uncommon in CMake.
325         The usual way to specify the name of the resulting binary
326         is to set the OUTPUT_NAME target property.
327
328         * CMakeLists.txt:
329         * shell/CMakeLists.txt:
330
331 2013-05-17  Patrick Gansterer  <paroga@webkit.org>
332
333         [CMake] Remove invalid include paths
334         https://bugs.webkit.org/show_bug.cgi?id=116213
335
336         Reviewed by Gyuyoung Kim.
337
338         Since "${JAVASCRIPTCORE_DIR}/wtf" does not exist, it is safe
339         to remove them from the list of include directories.
340
341         * PlatformEfl.cmake: Removed.
342         * PlatformGTK.cmake: Removed.
343
344 2013-05-16  Patrick Gansterer  <paroga@webkit.org>
345
346         Consolidate lists in JavaScriptCore CMake files
347         https://bugs.webkit.org/show_bug.cgi?id=115992
348
349         Reviewed by Gyuyoung Kim.
350
351         Move common files into the CMakeLists.txt to avoid duplicating the list of files.
352         Also rebase the recently added GTK files to match the other CMake ports, since
353         the submitted patch was based on an older version of the source tree.
354
355         * CMakeLists.txt:
356         * PlatformEfl.cmake:
357         * PlatformGTK.cmake:
358         * shell/CMakeLists.txt:
359         * shell/PlatformEfl.cmake:
360         * shell/PlatformGTK.cmake:
361
362 2013-05-16  Geoffrey Garen  <ggaren@apple.com>
363
364         JSValue shouldn't protect/unprotect its context
365         https://bugs.webkit.org/show_bug.cgi?id=116234
366
367         Reviewed by Mark Hahnenberg.
368
369         Our retain on _context is sufficient.
370
371         * API/JSValue.mm:
372         (-[JSValue initWithValue:inContext:]):
373         (-[JSValue dealloc]):
374
375 2013-05-15  Ryosuke Niwa  <rniwa@webkit.org>
376
377         Another Windows build fix attempt after r150160.
378
379         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
380         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
381
382 2013-05-15  Oliver Hunt  <oliver@apple.com>
383
384         RefCountedArray needs to use vector initialisers for its backing store
385         https://bugs.webkit.org/show_bug.cgi?id=116194
386
387         Reviewed by Gavin Barraclough.
388
389         Use an out of line function to clear the exception stack to avoid
390         needing to include otherwise unnecessary headers all over the place.
391
392         Everything else is just being updated to use that.
393
394         * bytecompiler/BytecodeGenerator.cpp:
395         * interpreter/CallFrame.h:
396         (JSC::ExecState::clearSupplementaryExceptionInfo):
397         * interpreter/Interpreter.cpp:
398         (JSC::Interpreter::addStackTraceIfNecessary):
399         (JSC::Interpreter::throwException):
400         * runtime/JSGlobalObject.cpp:
401         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
402         * runtime/VM.cpp:
403         (JSC):
404         (JSC::VM::clearExceptionStack):
405         * runtime/VM.h:
406         (VM):
407         (JSC::VM::exceptionStack):
408
409 2013-05-15  Commit Queue  <commit-queue@webkit.org>
410
411         Unreviewed, rolling out r150051.
412         http://trac.webkit.org/changeset/150051
413         https://bugs.webkit.org/show_bug.cgi?id=116186
414
415         Broke all JSC tests on Mac and the author is unresponsive
416         (Requested by rniwa on #webkit).
417
418         * JavaScriptCore.xcodeproj/project.pbxproj:
419
420 2013-05-15  Julien Brianceau  <jbrianceau@nds.com>
421
422         Remove savedTimeoutReg from JITStackFrame for sh4 base JIT.
423         https://bugs.webkit.org/show_bug.cgi?id=116143
424
425         Reviewed by Geoffrey Garen.
426
427         Since r148119, timeoutCheckRegister is removed from baseline JIT.
428         So we don't need to save r8 register in JITStackFrame anymore for sh4.
429
430         * jit/JITStubs.cpp:
431         * jit/JITStubs.h:
432         (JITStackFrame):
433
434 2013-05-15  Nico Weber  <thakis@chromium.org>
435
436         WebKit doesn't support MSVS2003 any more, remove preprocessor checks for older versions.
437         https://bugs.webkit.org/show_bug.cgi?id=116157
438
439         Reviewed by Anders Carlsson.
440
441         Also remove a gcc3.2 workaround.
442
443         Merges parts of these two commits by the talented Nico Weber:
444         https://chromium.googlesource.com/chromium/blink/+/3677e2f47348daeff405a40b6f90fbdf0654c2f5
445         https://chromium.googlesource.com/chromium/blink/+/0fcd96c448dc30be1416dcc15713c53710c1a312
446
447         * os-win32/inttypes.h:
448
449 2013-05-13  Alvaro Lopez Ortega  <alvaro@alobbs.com>
450
451         Nightly build's jsc doesn't work without DYLD_FRAMEWORK...
452         https://bugs.webkit.org/show_bug.cgi?id=79065
453
454         Reviewed by Darin Adler.
455
456         Fixes the build process so the depencencies of the jsc binary are
457         modified before its copied to its target directory. In this way
458         jsc should always use relative reference to the JavaScriptCore
459         libraries.
460
461         * JavaScriptCore.xcodeproj/project.pbxproj: Fixes the commands in
462         the "Copy Into Framework" target.
463
464 2013-05-13  Mark Hahnenberg  <mhahnenberg@apple.com>
465
466         Objective-C API: scanExternalObjectGraph should not create new JSVirtualMachine wrappers
467         https://bugs.webkit.org/show_bug.cgi?id=116074
468
469         If scanExternalObjectGraph creates a new JSVirtualMachine wrapper during collection, when the 
470         scanExternalObjectGraph call finishes and the autorelease pool is drained we will dealloc the 
471         JSVirtualMachine which will cause us to try to take the API lock for the corresponding VM. 
472         If this happens on a GC thread other than the "main" thread, we will deadlock. The solution 
473         is to just check the VM cache, and if there is no JSVirtualMachine wrapper, return early.
474
475         Reviewed by Darin Adler.
476
477         * API/JSVirtualMachine.mm:
478         (scanExternalObjectGraph):
479
480 2013-05-13  Benjamin Poulain  <benjamin@webkit.org>
481
482         Improve stringProtoFuncLastIndexOf for the prefix case
483         https://bugs.webkit.org/show_bug.cgi?id=115952
484
485         Reviewed by Geoffrey Garen.
486
487         * runtime/StringPrototype.cpp:
488         (JSC::stringProtoFuncLastIndexOf):
489         Use the optimized string search when possible.
490
491         On Joseph Pecoraro's tests, this gives a ~30% speed improvement.
492
493 2013-05-13  Zalan Bujtas  <zalan@apple.com>
494
495         WebProcess consuming very high CPU on linkedin.com
496         https://bugs.webkit.org/show_bug.cgi?id=115601
497
498         Reviewed by Andreas Kling.
499
500         Disable WEB_TIMING_MINIMAL.
501         Turn off window.performance and performance.now(). Some JS frameworks expect
502         additional Web Timing APIs, when performance.now() is available.
503
504         * Configurations/FeatureDefines.xcconfig:
505
506 2013-05-12  Anders Carlsson  <andersca@apple.com>
507
508         Stop including UnusedParam.h
509         https://bugs.webkit.org/show_bug.cgi?id=116003
510
511         Reviewed by Sam Weinig.
512
513         UnusedParam.h is empty now so there's no need to include it anymore.
514
515         * API/APICast.h:
516         * API/tests/JSNode.c:
517         * API/tests/JSNodeList.c:
518         * API/tests/minidom.c:
519         * API/tests/testapi.c:
520         * assembler/AbstractMacroAssembler.h:
521         * assembler/MacroAssemblerCodeRef.h:
522         * bytecode/CodeBlock.cpp:
523         * heap/HandleStack.h:
524         * interpreter/JSStackInlines.h:
525         * jit/CompactJITCodeMap.h:
526         * jit/ExecutableAllocator.h:
527         * parser/SourceProvider.h:
528         * runtime/DatePrototype.cpp:
529         * runtime/JSNotAnObject.cpp:
530         * runtime/JSSegmentedVariableObject.h:
531         * runtime/JSVariableObject.h:
532         * runtime/Options.cpp:
533         * runtime/PropertyOffset.h:
534
535 2013-05-11  Martin Robinson  <mrobinson@igalia.com>
536
537         [GTK] Add a basic cmake build for WTF and JavaScriptCore
538         https://bugs.webkit.org/show_bug.cgi?id=115967
539
540         Reviewed by Laszlo Gombos.
541
542         * PlatformGTK.cmake: Added.
543         * shell/PlatformGTK.cmake: Added.
544
545 2013-05-10  Laszlo Gombos  <l.gombos@samsung.com>
546
547         Remove USE(OS_RANDOMNESS)
548         https://bugs.webkit.org/show_bug.cgi?id=108095
549
550         Reviewed by Darin Adler.
551
552         Remove the USE(OS_RANDOMNESS) guard as it is turned on for all
553         ports.
554
555         * jit/JIT.cpp:
556         (JSC::JIT::JIT):
557
558 2013-05-10  Mark Hahnenberg  <mhahnenberg@apple.com>
559
560         Rename StructureCheckHoistingPhase to TypeCheckHoistingPhase
561         https://bugs.webkit.org/show_bug.cgi?id=115938
562
563         We're going to add some more types of check hoisting soon, so let's have the right name here.
564
565         Rubber stamped by Filip Pizlo.
566         
567         * CMakeLists.txt:
568         * GNUmakefile.list.am:
569         * JavaScriptCore.xcodeproj/project.pbxproj:
570         * Target.pri:
571         * dfg/DFGDriver.cpp:
572         (JSC::DFG::compile):
573         * dfg/DFGStructureCheckHoistingPhase.cpp: Removed.
574         * dfg/DFGStructureCheckHoistingPhase.h: Removed.
575         * dfg/DFGTypeCheckHoistingPhase.cpp: Copied from Source/JavaScriptCore/dfg/DFGStructureCheckHoistingPhase.cpp.
576         (JSC::DFG::TypeCheckHoistingPhase::TypeCheckHoistingPhase):
577         (JSC::DFG::performTypeCheckHoisting):
578         * dfg/DFGTypeCheckHoistingPhase.h: Copied from Source/JavaScriptCore/dfg/DFGStructureCheckHoistingPhase.h.
579
580 2013-05-09  Christophe Dumez  <ch.dumez@sisa.samsung.com>
581
582         Unreviewed build fix after r149836.
583
584         It broke at least EFL and GTK builds. Move new static members initialization
585         outside the class. Those need to have a definition outside the class because
586         their address is used (e.g. CodeCacheMap::nonGlobalWorkingSetMaxEntries).
587
588         * runtime/CodeCache.cpp:
589         (JSC):
590         * runtime/CodeCache.h:
591         (CodeCacheMap):
592
593 2013-05-08  Oliver Hunt  <oliver@apple.com>
594
595         Code cache stores bogus var references for functions in eval code
596         https://bugs.webkit.org/show_bug.cgi?id=115747
597
598         Reviewed by Mark Hahnenberg.
599
600         Non-global eval now uses a per-CodeBlock cache, and only use it
601         when we're at the top of a function's scope.  This means that we
602         will no longer cache the parsing of a single string across
603         multiple functions, and we won't cache when we're nested inside
604         constructs like |with| and |catch| where previously we would, which
605         is good because caching in those cases is unsound.
606
607         * bytecode/EvalCodeCache.h:
608         (JSC):
609         (JSC::EvalCodeCache::getSlow):
610         (JSC::EvalCodeCache::get):
611         * bytecode/UnlinkedCodeBlock.h:
612         (JSC::UnlinkedCodeBlock::codeCacheForEval):
613         (UnlinkedCodeBlock):
614         (RareData):
615         * debugger/Debugger.cpp:
616         (JSC::evaluateInGlobalCallFrame):
617         * debugger/DebuggerCallFrame.cpp:
618         (JSC::DebuggerCallFrame::evaluate):
619         * interpreter/Interpreter.cpp:
620         (JSC::eval):
621         * runtime/CodeCache.cpp:
622         (JSC::CodeCache::CodeCache):
623         (JSC::CodeCache::generateBytecode):
624         (JSC):
625         (JSC::CodeCache::getCodeBlock):
626         * runtime/CodeCache.h:
627         (JSC::CodeCacheMap::CodeCacheMap):
628         (CodeCacheMap):
629         (JSC::CodeCacheMap::canPruneQuickly):
630         (JSC::CodeCacheMap::prune):
631         (JSC::CodeCache::create):
632         (CodeCache):
633         * runtime/Executable.cpp:
634         (JSC::EvalExecutable::EvalExecutable):
635         (JSC::EvalExecutable::compileInternal):
636         * runtime/Executable.h:
637         (JSC::EvalExecutable::create):
638         (EvalExecutable):
639         * runtime/JSGlobalObject.cpp:
640         (JSC::JSGlobalObject::createEvalCodeBlock):
641         * runtime/JSGlobalObject.h:
642         (JSGlobalObject):
643         * runtime/JSGlobalObjectFunctions.cpp:
644         (JSC::globalFuncEval):
645         * runtime/VM.cpp:
646         (JSC::VM::VM):
647         * runtime/VM.h:
648         (VM):
649
650 2013-05-08  Mark Hahnenberg  <mhahnenberg@apple.com>
651
652         DFGArrayMode::fromObserved is too liberal when it sees different Array and NonArray shapes
653         https://bugs.webkit.org/show_bug.cgi?id=115805
654
655         Reviewed by Geoffrey Garen.
656
657         It checks the observed ArrayModes to see if we have seen any ArrayWith* first. If so, it assumes it's 
658         an Array::Array, even if we've also observed any NonArrayWith* in the ArrayProfile. This leads to the 
659         code generated by jumpSlowForUnwantedArrayMode to check the indexing type against (shape | IsArray) 
660         instead of just shape, which can cause us to exit a lot in the case that we saw a NonArray.
661
662         To fix this we need to add a case that checks for both ArrayWith* and NonArrayWith* cases first, which 
663         should then use Array::PossiblyArray, then do the checks we were already doing.
664
665         * bytecode/ArrayProfile.h:
666         (JSC::hasSeenArray):
667         (JSC::hasSeenNonArray):
668         * dfg/DFGArrayMode.cpp:
669         (JSC::DFG::ArrayMode::fromObserved):
670
671 2013-05-09  Joe Mason  <jmason@blackberry.com>
672
673         [BlackBerry] Set up logging buffer on start of jsc executable
674         https://bugs.webkit.org/show_bug.cgi?id=114688
675
676         Reviewed by Rob Buis.
677
678         Internal PR: 322715
679         Internally Reviewed By: Jeff Rogers
680
681         * jsc.cpp:
682         (main): call BB::Platform::setupApplicationLogging
683
684 2013-05-08  Michael Saboff  <msaboff@apple.com>
685
686         JSC: There should be a disassembler for ARM Thumb 2
687         https://bugs.webkit.org/show_bug.cgi?id=115827
688
689         Reviewed by Filip Pizlo.
690
691         Added a new disassembler for ARMv7 Thumb2 instructions for use by the JSC debugging
692         and profiling code.  The opcode coverage is currently not complete.  It covers all
693         of the integer instructions JSC currently emits, but only a limited number of
694         floating point opcodes.  Currently that is just the 64 bit vmov and vmsr instructions.
695
696         The disassembler is structured as a base opcode class ARMv7DOpcode with sub-classes
697         for each instruction group.  There is a public format method that does the bulk of
698         the disassembly work.  There are two broad sub-classes, ARMv7D16BitOpcode and
699         ARMv7D32BitOpcode, for the 16 bit and 32 bit opcodes.  There are sub-classes under
700         those two classes for individual and related groups of opcodes.  Instructions are
701         "dispatched" to the right subclass via two arrays of linked lists in the inner classes
702         OpcodeGroup.  There is one such inner class for each ARMv7D16BitOpcode and ARMv7D32BitOpcode.
703         Each OpcodeGroup has a mask and a pattern that it applies to the instruction to determine
704         that it matches a particular group.  OpcodeGroup uses a static method to reinterpret_cast
705         the Opcode object to the right base class for the instruction group for formatting.
706         The cast eliminates the need of allocating an object for each decoded instruction.
707         Unknown instructions are formatted as ".word 1234" or ".long 12345678" depending whether
708         the instruction is 16 or 32 bit.
709
710         * JavaScriptCore.xcodeproj/project.pbxproj:
711         * disassembler/ARMv7: Added.
712         * disassembler/ARMv7/ARMv7DOpcode.cpp: Added.
713         (ARMv7Disassembler):
714         (OpcodeGroupInitializer):
715         (JSC::ARMv7Disassembler::ARMv7DOpcode::init):
716         (JSC::ARMv7Disassembler::ARMv7DOpcode::startITBlock):
717         (JSC::ARMv7Disassembler::ARMv7DOpcode::saveITConditionAt):
718         (JSC::ARMv7Disassembler::ARMv7DOpcode::fetchOpcode):
719         (JSC::ARMv7Disassembler::ARMv7DOpcode::disassemble):
720         (JSC::ARMv7Disassembler::ARMv7DOpcode::bufferPrintf):
721         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendInstructionName):
722         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendRegisterName):
723         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendRegisterList):
724         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendFPRegisterName):
725         (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::init):
726         (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::doDisassemble):
727         (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::defaultFormat):
728         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::format):
729         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::format):
730         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::format):
731         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::format):
732         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::format):
733         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::format):
734         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::format):
735         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchT2::format):
736         (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::format):
737         (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT1::format):
738         (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::format):
739         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::format):
740         (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::format):
741         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::format):
742         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::format):
743         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::format):
744         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::format):
745         (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::format):
746         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::format):
747         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscBreakpointT1::format):
748         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::format):
749         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::format):
750         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::format):
751         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::format):
752         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::format):
753         (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::format):
754         (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::format):
755         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::init):
756         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::doDisassemble):
757         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::defaultFormat):
758         (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::format):
759         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::format):
760         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::appendModifiedImmediate):
761         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::format):
762         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::appendImmShift):
763         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::format):
764         (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::format):
765         (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::appendFPRegister):
766         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegShift::format):
767         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::format):
768         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegParallel::format):
769         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegMisc::format):
770         (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::format):
771         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadRegister::format):
772         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::format):
773         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadUnsignedImmediate::format):
774         (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::format):
775         (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::format):
776         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::format):
777         (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate12::format):
778         (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::format):
779         (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleRegister::format):
780         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::format):
781         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::format):
782         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::format):
783         * disassembler/ARMv7/ARMv7DOpcode.h: Added.
784         (ARMv7Disassembler):
785         (ARMv7DOpcode):
786         (JSC::ARMv7Disassembler::ARMv7DOpcode::ARMv7DOpcode):
787         (JSC::ARMv7Disassembler::ARMv7DOpcode::is32BitInstruction):
788         (JSC::ARMv7Disassembler::ARMv7DOpcode::isFPInstruction):
789         (JSC::ARMv7Disassembler::ARMv7DOpcode::conditionName):
790         (JSC::ARMv7Disassembler::ARMv7DOpcode::shiftName):
791         (JSC::ARMv7Disassembler::ARMv7DOpcode::inITBlock):
792         (JSC::ARMv7Disassembler::ARMv7DOpcode::startingITBlock):
793         (JSC::ARMv7Disassembler::ARMv7DOpcode::endITBlock):
794         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendInstructionNameNoITBlock):
795         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendSeparator):
796         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendCharacter):
797         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendString):
798         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendShiftType):
799         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendSignedImmediate):
800         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendUnsignedImmediate):
801         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendPCRelativeOffset):
802         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendShiftAmount):
803         (ARMv7D16BitOpcode):
804         (OpcodeGroup):
805         (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::OpcodeGroup):
806         (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::setNext):
807         (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::next):
808         (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::matches):
809         (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::format):
810         (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::rm):
811         (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::rd):
812         (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::opcodeGroupNumber):
813         (ARMv7DOpcodeAddRegisterT2):
814         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::rdn):
815         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::rm):
816         (ARMv7DOpcodeAddSPPlusImmediate):
817         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::rd):
818         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::immediate8):
819         (ARMv7DOpcodeAddSubtract):
820         (ARMv7DOpcodeAddSubtractT1):
821         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::opName):
822         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::op):
823         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::rm):
824         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::rn):
825         (ARMv7DOpcodeAddSubtractImmediate3):
826         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::opName):
827         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::op):
828         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::immediate3):
829         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::rn):
830         (ARMv7DOpcodeAddSubtractImmediate8):
831         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::opName):
832         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::op):
833         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::rdn):
834         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::immediate8):
835         (ARMv7DOpcodeBranchConditionalT1):
836         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::condition):
837         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::offset):
838         (ARMv7DOpcodeBranchExchangeT1):
839         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::opName):
840         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::rm):
841         (ARMv7DOpcodeBranchT2):
842         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchT2::immediate11):
843         (ARMv7DOpcodeCompareImmediateT1):
844         (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::rn):
845         (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::immediate8):
846         (ARMv7DOpcodeCompareRegisterT1):
847         (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT1::rn):
848         (ARMv7DOpcodeCompareRegisterT2):
849         (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::rn):
850         (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::rm):
851         (ARMv7DOpcodeDataProcessingRegisterT1):
852         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::opName):
853         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::op):
854         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::rm):
855         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::rdn):
856         (ARMv7DOpcodeGeneratePCRelativeAddress):
857         (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::rd):
858         (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::immediate8):
859         (ARMv7DOpcodeLoadFromLiteralPool):
860         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::rt):
861         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::immediate8):
862         (ARMv7DOpcodeLoadStoreRegisterImmediate):
863         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::opName):
864         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::op):
865         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::immediate5):
866         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::rn):
867         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::rt):
868         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::scale):
869         (ARMv7DOpcodeLoadStoreRegisterImmediateWordAndByte):
870         (ARMv7DOpcodeLoadStoreRegisterImmediateHalfWord):
871         (ARMv7DOpcodeLoadStoreRegisterOffsetT1):
872         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::opName):
873         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::opB):
874         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rm):
875         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rn):
876         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rt):
877         (ARMv7DOpcodeLoadStoreRegisterSPRelative):
878         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::opName):
879         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::op):
880         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::rt):
881         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::immediate8):
882         (ARMv7DOpcodeLogicalImmediateT1):
883         (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::opName):
884         (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::op):
885         (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::immediate5):
886         (ARMv7DOpcodeMiscAddSubSP):
887         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::opName):
888         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::op):
889         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::immediate7):
890         (ARMv7DOpcodeMiscByteHalfwordOps):
891         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::opName):
892         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::op):
893         (ARMv7DOpcodeMiscBreakpointT1):
894         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscBreakpointT1::immediate8):
895         (ARMv7DOpcodeMiscCompareAndBranch):
896         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::opName):
897         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::op):
898         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::immediate6):
899         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::rn):
900         (ARMv7DOpcodeMiscHint16):
901         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::opName):
902         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::opA):
903         (ARMv7DOpcodeMiscIfThenT1):
904         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::firstCondition):
905         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::mask):
906         (ARMv7DOpcodeMiscPushPop):
907         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::opName):
908         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::op):
909         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::registerMask):
910         (ARMv7DOpcodeMoveImmediateT1):
911         (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::rd):
912         (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::immediate8):
913         (ARMv7DOpcodeMoveRegisterT1):
914         (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::rd):
915         (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::rm):
916         (ARMv7D32BitOpcode):
917         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::OpcodeGroup):
918         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::setNext):
919         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::next):
920         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::matches):
921         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::format):
922         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rd):
923         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rm):
924         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rn):
925         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rt):
926         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::opcodeGroupNumber):
927         (ARMv7DOpcodeBranchRelative):
928         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::sBit):
929         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::j1):
930         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::j2):
931         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::immediate11):
932         (ARMv7DOpcodeConditionalBranchT3):
933         (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::offset):
934         (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::condition):
935         (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::immediate6):
936         (ARMv7DOpcodeBranchOrBranchLink):
937         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::offset):
938         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::immediate10):
939         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::isBL):
940         (ARMv7DOpcodeDataProcessingLogicalAndRithmetic):
941         (ARMv7DOpcodeDataProcessingModifiedImmediate):
942         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::opName):
943         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::op):
944         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::sBit):
945         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::immediate12):
946         (ARMv7DOpcodeDataProcessingShiftedReg):
947         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::opName):
948         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::sBit):
949         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::op):
950         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::immediate5):
951         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::type):
952         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::tbBit):
953         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::tBit):
954         (ARMv7DOpcodeDataProcessingReg):
955         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingReg::op1):
956         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingReg::op2):
957         (ARMv7DOpcodeDataProcessingRegShift):
958         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegShift::opName):
959         (ARMv7DOpcodeDataProcessingRegExtend):
960         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::opExtendName):
961         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::opExtendAndAddName):
962         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::rotate):
963         (ARMv7DOpcodeDataProcessingRegParallel):
964         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegParallel::opName):
965         (ARMv7DOpcodeDataProcessingRegMisc):
966         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegMisc::opName):
967         (ARMv7DOpcodeHint32):
968         (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::opName):
969         (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::isDebugHint):
970         (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::debugOption):
971         (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::op):
972         (ARMv7DOpcodeFPTransfer):
973         (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opH):
974         (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opL):
975         (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::rt):
976         (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opC):
977         (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opB):
978         (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::vd):
979         (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::vn):
980         (ARMv7DOpcodeDataLoad):
981         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataLoad::opName):
982         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataLoad::op):
983         (ARMv7DOpcodeLoadRegister):
984         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadRegister::immediate2):
985         (ARMv7DOpcodeLoadSignedImmediate):
986         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::pBit):
987         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::uBit):
988         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::wBit):
989         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::immediate8):
990         (ARMv7DOpcodeLoadUnsignedImmediate):
991         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadUnsignedImmediate::immediate12):
992         (ARMv7DOpcodeLongMultipleDivide):
993         (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::opName):
994         (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlalOpName):
995         (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlaldOpName):
996         (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlsldOpName):
997         (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::rdLo):
998         (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::rdHi):
999         (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::op1):
1000         (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::op2):
1001         (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::nBit):
1002         (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::mBit):
1003         (ARMv7DOpcodeDataPushPopSingle):
1004         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::opName):
1005         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::op):
1006         (ARMv7DOpcodeDataStoreSingle):
1007         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataStoreSingle::opName):
1008         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataStoreSingle::op):
1009         (ARMv7DOpcodeStoreSingleImmediate12):
1010         (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate12::immediate12):
1011         (ARMv7DOpcodeStoreSingleImmediate8):
1012         (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::pBit):
1013         (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::uBit):
1014         (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::wBit):
1015         (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::immediate8):
1016         (ARMv7DOpcodeStoreSingleRegister):
1017         (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleRegister::immediate2):
1018         (ARMv7DOpcodeUnmodifiedImmediate):
1019         (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::opName):
1020         (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::op):
1021         (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::shBit):
1022         (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::bitNumOrSatImmediate):
1023         (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate5):
1024         (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate12):
1025         (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate16):
1026         (ARMv7DOpcodeVMOVDoublePrecision):
1027         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::op):
1028         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::rt2):
1029         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::rt):
1030         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::vm):
1031         (ARMv7DOpcodeVMOVSinglePrecision):
1032         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::op):
1033         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::rt2):
1034         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::rt):
1035         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::vm):
1036         (ARMv7DOpcodeVMSR):
1037         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::opL):
1038         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::rt):
1039         * disassembler/ARMv7Disassembler.cpp: Added.
1040         (JSC::tryToDisassemble):
1041
1042 2013-05-07  Julien Brianceau  <jbrianceau@nds.com>
1043
1044         Take advantage of pre-decrement and post-increment opcodes for sh4 base JIT.
1045         https://bugs.webkit.org/show_bug.cgi?id=115722
1046
1047         Reviewed by Oliver Hunt.
1048
1049         * assembler/MacroAssemblerSH4.h:
1050         (JSC::MacroAssemblerSH4::load8PostInc):
1051         (MacroAssemblerSH4):
1052         (JSC::MacroAssemblerSH4::load16Unaligned):
1053         (JSC::MacroAssemblerSH4::load16PostInc):
1054         (JSC::MacroAssemblerSH4::storeDouble):
1055         (JSC::MacroAssemblerSH4::load32WithUnalignedHalfWords):
1056         * assembler/SH4Assembler.h:
1057         (JSC::SH4Assembler::movwMemRegIn):
1058         (SH4Assembler):
1059         (JSC::SH4Assembler::movbMemRegIn):
1060         (JSC::SH4Assembler::printInstr):
1061
1062 2013-05-07  Anders Carlsson  <andersca@apple.com>
1063
1064         Remove AlwaysInline.h from WTF
1065         https://bugs.webkit.org/show_bug.cgi?id=115727
1066
1067         Reviewed by Brent Fulgham.
1068
1069         The macro that used to be in AlwaysInline.h is now in Compiler.h so there's no reason
1070         to keep AlwaysInline.h around anymore.
1071
1072         * jit/JSInterfaceJIT.h:
1073         * parser/Lexer.h:
1074         * runtime/JSCJSValue.h:
1075         * runtime/SymbolTable.h:
1076
1077 2013-05-07  Mikhail Pozdnyakov  <mikhail.pozdnyakov@intel.com>
1078
1079         HashTraits<RefPtr<P> >::PeekType should be raw pointer for better performance
1080         https://bugs.webkit.org/show_bug.cgi?id=115646
1081
1082         Reviewed by Darin Adler.
1083
1084         * bytecompiler/StaticPropertyAnalyzer.h:
1085         (JSC::StaticPropertyAnalyzer::putById):
1086             Updated accordingly to new HashMap<.., RefPtr>::get() semantics.
1087
1088 2013-05-06  Julien Brianceau  <jbrianceau@nds.com>
1089
1090         Misc bugfix and cleaning in sh4 base JIT.
1091         https://bugs.webkit.org/show_bug.cgi?id=115627
1092
1093         Reviewed by Oliver Hunt.
1094
1095         Get rid of loadX(RegisterID r0, RegisterID src, RegisterID dest) functions.
1096         Remove misplaced extuw() implementation from MacroAssemblerSH4.
1097         Add movbRegMemr0 and movwRegMemr0 functions in SH4Assembler.
1098
1099         * assembler/MacroAssemblerSH4.h:
1100         (JSC::MacroAssemblerSH4::add32): Skip operation when first operand is a zero immediate.
1101         (JSC::MacroAssemblerSH4::sub32): Skip operation when first operand is a zero immediate.
1102         (JSC::MacroAssemblerSH4::load32): Fix wrong usage of r0 register.
1103         (JSC::MacroAssemblerSH4::load8Signed): Handle "base == r0" case.
1104         (MacroAssemblerSH4):
1105         (JSC::MacroAssemblerSH4::load16): Handle "base == r0" case.
1106         (JSC::MacroAssemblerSH4::load16Unaligned): Use extuw() implementation from SH4Assembler.
1107         (JSC::MacroAssemblerSH4::load16Signed): Cosmetic change.
1108         (JSC::MacroAssemblerSH4::store8): Fix unhandled BaseIndex offset and handle (base == r0) case.
1109         (JSC::MacroAssemblerSH4::store16): Fix unhandled BaseIndex offset and handle (base == r0) case.
1110         (JSC::MacroAssemblerSH4::store32):
1111         * assembler/SH4Assembler.h:
1112         (JSC::SH4Assembler::movwRegMemr0):
1113         (SH4Assembler):
1114         (JSC::SH4Assembler::movbRegMemr0):
1115         (JSC::SH4Assembler::placeConstantPoolBarrier): Cosmetic change.
1116         (JSC::SH4Assembler::maxJumpReplacementSize):
1117         (JSC::SH4Assembler::replaceWithJump): Correct branch range and save an opcode.
1118         (JSC::SH4Assembler::printInstr):
1119
1120 2013-05-06  Anders Carlsson  <andersca@apple.com>
1121
1122         Stop using WTF::deleteAllValues in JavaScriptCore
1123         https://bugs.webkit.org/show_bug.cgi?id=115670
1124
1125         Reviewed by Oliver Hunt.
1126
1127         Change the Vectors used to Vectors of OwnPtrs instead.
1128
1129         * heap/DFGCodeBlocks.cpp:
1130         (JSC::DFGCodeBlocks::~DFGCodeBlocks):
1131         (JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks):
1132
1133 2013-05-06  Andras Becsi  <andras.becsi@digia.com>
1134
1135         Build with GCC 4.8 fails because of -Wmaybe-uninitialized
1136         https://bugs.webkit.org/show_bug.cgi?id=115648
1137
1138         Reviewed by Michael Saboff.
1139
1140         Initialize values in Options::setOption since from
1141         there we end up calling OptionRange::init with
1142         uninitialized members.
1143
1144         * runtime/Options.cpp:
1145
1146 2013-05-06  Gabor Rapcsanyi  <rgabor@webkit.org>
1147
1148         JSC ARM traditional failing on Octane NavierStokes test
1149         https://bugs.webkit.org/show_bug.cgi?id=115626
1150
1151         Reviewed by Zoltan Herczeg.
1152
1153         Change the ARM traditional assembler to use double precision on value
1154         conversions.
1155
1156         * assembler/ARMAssembler.h:
1157
1158 2013-05-03  Michael Saboff  <msaboff@apple.com>
1159
1160         There should be a runtime option to constrain what functions get DFG compiled
1161         https://bugs.webkit.org/show_bug.cgi?id=115576
1162
1163         Reviewed by Mark Hahnenberg.
1164
1165         Added OptionRange to Options to allow checking that something is within an option
1166         or not.  The new OptionClass supports range strings in the form of [!]<low>[:<high>].
1167         If only one value is given, then it will be used for both low and high.  A leading
1168         '!' inverts the check.  If no range is given, then checking for a value within a range
1169         will always return true.  Added the option "bytecodeRangeToDFGCompile" that takes an
1170         OptionRange string to select the bytecode range of code blocks to DFG compile.
1171
1172         * dfg/DFGDriver.cpp:
1173         (JSC::DFG::compile): Added new check for bytecode count within bytecodeRangeToDFGCompile
1174         range.
1175         * runtime/Options.cpp:
1176         (JSC::parse): Added overloaded parse() for OptionRange.
1177         (JSC::OptionRange::init): Parse range string and then initialize the range.
1178         (JSC::OptionRange::isInRange): Function used by consumer to check if a value is within
1179         the specified range.
1180         (JSC::Options::dumpOption): Added code to dump OptionRange options.
1181         * runtime/Options.h:
1182         (OptionRange): New class.
1183         (JSC::OptionRange::operator= ): This is really used as a default ctor for use within
1184         the Option static array initialization.
1185         (JSC::OptionRange::rangeString): This is used for debug.  It assumes that the char*
1186         passed into OptionRange::init is valid when this function is called.
1187
1188 2013-05-02  Oliver Hunt  <oliver@apple.com>
1189
1190         Fix potential bug in lookup logic
1191         https://bugs.webkit.org/show_bug.cgi?id=115522
1192
1193         Reviewed by Mark Hahnenberg.
1194
1195         Though not a problem in practise, it is technically possible
1196         to inject an un-proxied global object into the scope chain
1197         via the C API.  This change makes sure that the scope walk
1198         in BytecodeGenerator actually limits itself to scopes that
1199         are statically bindable.
1200
1201         * bytecompiler/BytecodeGenerator.cpp:
1202         (JSC::BytecodeGenerator::resolve):
1203         * runtime/JSObject.h:
1204         (JSObject):
1205         (JSC):
1206         (JSC::JSObject::isStaticScopeObject):
1207
1208 2013-05-01  Roger Fong  <roger_fong@apple.com>
1209
1210         Set Path in makefile for AppleWin.
1211
1212         * JavaScriptCore.vcxproj/JavaScriptCore.make:
1213
1214 2013-05-01  Benjamin Poulain  <benjamin@webkit.org>
1215
1216         Remove the remaining wscript
1217         https://bugs.webkit.org/show_bug.cgi?id=115459
1218
1219         Reviewed by Andreas Kling.
1220
1221         * wscript: Removed.
1222
1223 2013-04-30  Mark Lam  <mark.lam@apple.com>
1224
1225         JSContextGroupSetExecutionTimeLimit() should not pass a callback to the
1226         VM watchdog if its client did not pass one in.
1227         https://bugs.webkit.org/show_bug.cgi?id=115461.
1228
1229         Reviewed by Geoffrey Garen.
1230
1231         * API/JSContextRef.cpp:
1232         (internalScriptTimeoutCallback):
1233         (JSContextGroupSetExecutionTimeLimit):
1234         * API/tests/testapi.c:
1235         (main):
1236         - Added test case when the time limit callback is 0.
1237         - Also updated a check to verify that a TerminatedExecutionException is
1238           thrown when the time out is cancelled.
1239         - Also fixed some cosmetic typos.
1240
1241 2013-04-30  Geoffrey Garen  <ggaren@apple.com>
1242
1243         Removed op_ensure_property_exists
1244         https://bugs.webkit.org/show_bug.cgi?id=115460
1245
1246         Reviewed by Mark Hahnenberg.
1247
1248         It was unused, and whatever it was once used for was not optimized.
1249
1250         * JavaScriptCore.order:
1251         * bytecode/CodeBlock.cpp:
1252         (JSC::CodeBlock::dumpBytecode):
1253         * bytecode/Opcode.h:
1254         (JSC::padOpcodeName):
1255         * jit/JIT.cpp:
1256         (JSC::JIT::privateCompileMainPass):
1257         * jit/JIT.h:
1258         * jit/JITOpcodes.cpp:
1259         * jit/JITOpcodes32_64.cpp:
1260         * jit/JITStubs.cpp:
1261         * jit/JITStubs.h:
1262         * llint/LLIntSlowPaths.cpp:
1263         * llint/LLIntSlowPaths.h:
1264         * llint/LowLevelInterpreter.asm:
1265
1266 2013-04-30  Oliver Hunt  <oliver@apple.com>
1267
1268         JSC Stack walking logic craches in the face of inlined functions triggering VM re-entry
1269         https://bugs.webkit.org/show_bug.cgi?id=115449
1270
1271         Reviewed by Geoffrey Garen.
1272
1273         Rename callframeishost to something that makes sense, and fix
1274         getCallerInfo to correctly handle inline functions calling into
1275         the VM.
1276
1277         * bytecode/CodeBlock.cpp:
1278         (JSC::CodeBlock::codeOriginForReturn):
1279           Make this more robust in the face of incorrect stack walking
1280         * interpreter/CallFrame.cpp:
1281         (JSC::CallFrame::trueCallerFrame):
1282           Everyone has to perform a codeblock() check before calling this
1283           so we might as well just do it here.
1284         * interpreter/Interpreter.cpp:
1285         (JSC::getCallerInfo):
1286
1287 2013-04-30  Julien Brianceau  <jbrianceau@nds.com>
1288
1289         Bug fixing in sh4 base JIT and LLINT.
1290         https://bugs.webkit.org/show_bug.cgi?id=115420
1291
1292         Reviewed by Oliver Hunt.
1293
1294         * assembler/MacroAssemblerSH4.h:
1295         (JSC::MacroAssemblerSH4::lshift32):
1296         (JSC::MacroAssemblerSH4::rshift32):
1297         (JSC::MacroAssemblerSH4::branchMul32):
1298         (JSC::MacroAssemblerSH4::urshift32):
1299         (JSC::MacroAssemblerSH4::replaceWithJump):
1300         (JSC::MacroAssemblerSH4::maxJumpReplacementSize):
1301         * assembler/SH4Assembler.h:
1302         (JSC::SH4Assembler::shldRegReg):
1303         (JSC::SH4Assembler::shadRegReg):
1304         (JSC::SH4Assembler::shalImm8r):
1305         (SH4Assembler):
1306         (JSC::SH4Assembler::sharImm8r):
1307         (JSC::SH4Assembler::maxJumpReplacementSize):
1308         (JSC::SH4Assembler::replaceWithJump):
1309         * offlineasm/sh4.rb:
1310
1311 2013-04-30  Geoffrey Garen  <ggaren@apple.com>
1312
1313         Objective-C JavaScriptCore API should publicly support bridging to C
1314         https://bugs.webkit.org/show_bug.cgi?id=115447
1315
1316         Reviewed by Mark Hahnenberg.
1317
1318         For consistency, I renamed
1319
1320             +[JSValue valueWithValue:] => +[JSValue valueWithJSValueRef]
1321             +[JSContext contextWithGlobalContextRef] => +[JSContext contextWithJSGlobalContextRef]
1322             -[JSContext globalContext] => -[JSContext JSGlobalContextRef]
1323
1324         I searched svn to verify that these functions don't have clients yet,
1325         so we won't break anything.
1326
1327         I also exported as public API
1328
1329             +[JSValue valueWithJSValueRef:]
1330             +[JSContext contextWithJSGlobalContextRef:]
1331
1332         It's hard to integrate with the C API without these.
1333
1334 2013-04-30  Commit Queue  <rniwa@webkit.org>
1335
1336         Unreviewed, rolling out r149349 and r149354.
1337         http://trac.webkit.org/changeset/149349
1338         http://trac.webkit.org/changeset/149354
1339         https://bugs.webkit.org/show_bug.cgi?id=115444
1340
1341          The Thumb version of compileSoftModulo make invalid use of
1342         registers (Requested by benjaminp on #webkit).
1343
1344         * CMakeLists.txt:
1345         * GNUmakefile.list.am:
1346         * JavaScriptCore.xcodeproj/project.pbxproj:
1347         * assembler/ARMv7Assembler.h:
1348         (ARMv7Assembler):
1349         * assembler/AbstractMacroAssembler.h:
1350         (JSC::isARMv7s):
1351         (JSC):
1352         * assembler/MacroAssemblerARMv7.cpp: Removed.
1353         * assembler/MacroAssemblerARMv7.h:
1354         (MacroAssemblerARMv7):
1355         * dfg/DFGFixupPhase.cpp:
1356         (JSC::DFG::FixupPhase::fixupNode):
1357         * dfg/DFGOperations.cpp:
1358         * dfg/DFGOperations.h:
1359         * dfg/DFGSpeculativeJIT.cpp:
1360         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
1361         (DFG):
1362         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARMv7s):
1363         * dfg/DFGSpeculativeJIT.h:
1364         (JSC::DFG::SpeculativeJIT::callOperation):
1365         (SpeculativeJIT):
1366         * dfg/DFGSpeculativeJIT32_64.cpp:
1367         (JSC::DFG::SpeculativeJIT::compile):
1368
1369 2013-04-30  Zalan Bujtas  <zalan@apple.com>
1370
1371         Animations fail to start on http://www.google.com/insidesearch/howsearchworks/thestory/
1372         https://bugs.webkit.org/show_bug.cgi?id=111244
1373
1374         Reviewed by David Kilzer.
1375         
1376         Enable performance.now() as a minimal subset of Web Timing API. 
1377         It returns DOMHighResTimeStamp, a monotonically increasing value representing the 
1378         number of milliseconds from the start of the navigation of the current document.
1379         JS libraries use this API to check against the requestAnimationFrame() timestamp.
1380
1381         * Configurations/FeatureDefines.xcconfig:
1382
1383 2013-04-30  Zoltan Arvai  <zarvai@inf.u-szeged.hu>
1384
1385         Unreviewed. Speculative build fix on Qt Arm and Mips after r149349.
1386
1387         * dfg/DFGSpeculativeJIT.cpp:
1388         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
1389
1390 2013-04-29  Cosmin Truta  <ctruta@blackberry.com>
1391
1392         [ARM] Expand the use of integer division
1393         https://bugs.webkit.org/show_bug.cgi?id=115138
1394
1395         Reviewed by Benjamin Poulain.
1396
1397         If availability of hardware integer division isn't known at compile
1398         time, check the CPU flags and decide at runtime whether to fall back
1399         to software. Currently, this OS-specific check is implemented on QNX.
1400
1401         Moreover, use operator % instead of fmod() in the calculation of the
1402         software modulo. Even when it's software-emulated, operator % is faster
1403         than fmod(): on ARM v7 QNX, without hardware division, we noticed
1404         >3% speedup on SunSpider.
1405
1406         * CMakeLists.txt:
1407         * GNUmakefile.list.am:
1408         * JavaScriptCore.xcodeproj/project.pbxproj:
1409         * assembler/ARMv7Assembler.h:
1410         (JSC::ARMv7Assembler::sdiv): Did not compile conditionally.
1411         (JSC::ARMv7Assembler::udiv): Ditto.
1412         * assembler/AbstractMacroAssembler.h:
1413         (JSC::isARMv7s): Removed.
1414         * assembler/MacroAssemblerARMv7.cpp: Added.
1415         (JSC::isIntegerDivSupported): Added.
1416         * assembler/MacroAssemblerARMv7.h:
1417         (JSC::MacroAssemblerARMv7::supportsIntegerDiv): Added.
1418         * dfg/DFGFixupPhase.cpp:
1419         (JSC::DFG::FixupPhase::fixupNode): Checked MacroAssembler::supportsIntegerDiv() in ArithDiv case.
1420         * dfg/DFGOperations.cpp:
1421         (JSC::DFG::operationModOnInts): Added.
1422         * dfg/DFGOperations.h:
1423         (JSC::DFG::Z_DFGOperation_ZZ): Added.
1424         * dfg/DFGSpeculativeJIT.cpp:
1425         (JSC::DFG::SpeculativeJIT::compileSoftModulo): Separated the X86-specific and ARM-specific codegen
1426         from the common implementation; used operationModOnInts on ARM.
1427         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARM): Renamed from compileIntegerArithDivForARMv7.
1428         (JSC::DFG::SpeculativeJIT::compileArithMod): Allowed run-time detection of integer div on ARM.
1429         * dfg/DFGSpeculativeJIT.h:
1430         (JSC::DFG::SpeculativeJIT::callOperation): Added overloads with Z_DFGOperation_ZZ arguments.
1431         * dfg/DFGSpeculativeJIT32_64.cpp:
1432         (JSC::DFG::SpeculativeJIT::compile): Used compileIntegerArithDivForARM.
1433
1434 2013-04-29  Benjamin Poulain  <benjamin@webkit.org>
1435
1436         Unify the data access of StringImpl members from JavaScriptCore
1437         https://bugs.webkit.org/show_bug.cgi?id=115320
1438
1439         Reviewed by Andreas Kling.
1440
1441         DFG accesses the member infos by directly calling the methods on StringImpl,
1442         while the baseline JIT was using helper methods on ThunkHelpers.
1443
1444         Cut the middle man, and use StringImpl directly everywhere.
1445
1446         * jit/JITInlines.h:
1447         (JSC::JIT::emitLoadCharacterString):
1448         * jit/JITPropertyAccess.cpp:
1449         (JSC::JIT::stringGetByValStubGenerator):
1450         * jit/JITPropertyAccess32_64.cpp:
1451         (JSC::JIT::stringGetByValStubGenerator):
1452         * jit/JSInterfaceJIT.h:
1453         * jit/ThunkGenerators.cpp:
1454         (JSC::stringCharLoad):
1455
1456 2013-04-29  Benjamin Poulain  <bpoulain@apple.com>
1457
1458         Use push and pop for iOS math function thunks
1459         https://bugs.webkit.org/show_bug.cgi?id=115215
1460
1461         Reviewed by Filip Pizlo.
1462
1463         The iOS ABI is a little different than regular ARM ABI regarding stack alignment.
1464         The requirement is 4 bytes:
1465         "The ARM environment uses a stack that—at the point of function calls—is 4-byte aligned,
1466          grows downward, and contains local variables and a function’s parameters."
1467
1468         Subsequently, we can just use push and pop to preserve the link register.
1469
1470         * jit/ThunkGenerators.cpp:
1471
1472 2013-04-29  Brent Fulgham  <bfulgham@webkit.org>
1473
1474         [Windows, WinCairo] Get rid of last few pthread include/link references.
1475         https://bugs.webkit.org/show_bug.cgi?id=115375
1476
1477         Reviewed by Tim Horton.
1478
1479         * JavaScriptCore.vcproj/jsc/jscPostBuild.cmd:
1480         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
1481         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props:
1482         * JavaScriptCore.vcxproj/jsc/jscCommon.props:
1483         * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props:
1484         * JavaScriptCore.vcxproj/testapi/testapiCommon.props:
1485
1486 2013-04-29  Roger Fong  <roger_fong@apple.com>
1487
1488         Unreviewed. AppleWin VS2010 build fix.
1489
1490         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
1491
1492 2013-04-26  Mark Hahnenberg  <mhahnenberg@apple.com>
1493
1494         ~BlockAllocator should ASSERT that it has no more Regions left
1495         https://bugs.webkit.org/show_bug.cgi?id=115287
1496
1497         Reviewed by Andreas Kling.
1498
1499         * heap/BlockAllocator.cpp:
1500         (JSC::BlockAllocator::~BlockAllocator):
1501         (JSC::BlockAllocator::allRegionSetsAreEmpty):
1502         * heap/BlockAllocator.h:
1503         (RegionSet):
1504         (JSC::BlockAllocator::RegionSet::isEmpty):
1505         (BlockAllocator):
1506
1507 2013-04-29  Mark Hahnenberg  <mhahnenberg@apple.com>
1508
1509         IndexingTypes should use hex
1510         https://bugs.webkit.org/show_bug.cgi?id=115286
1511
1512         Decimal is kind of confusing/hard to read because they're used as bit masks. Hex seems more appropriate.
1513
1514         Reviewed by Geoffrey Garen.
1515
1516         * runtime/IndexingType.h:
1517
1518 2013-04-29  Carlos Garcia Campos  <cgarcia@igalia.com>
1519
1520         Unreviewed. Fix make distcheck.
1521
1522         * GNUmakefile.list.am: Add missing headers files to compilation
1523         and offlineasm/sh4.rb script.
1524
1525 2013-04-28  Dean Jackson  <dino@apple.com>
1526
1527         [Mac] Disable canvas backing store scaling (HIGH_DPI_CANVAS)
1528         https://bugs.webkit.org/show_bug.cgi?id=115310
1529
1530         Reviewed by Simon Fraser.
1531
1532         Remove ENABLE_HIGH_DPI_CANVAS_macosx.
1533
1534         * Configurations/FeatureDefines.xcconfig:
1535
1536 2013-04-27  Darin Adler  <darin@apple.com>
1537
1538         Move from constructor and member function adoptCF/NS to free function adoptCF/NS.
1539         https://bugs.webkit.org/show_bug.cgi?id=115307
1540
1541         Reviewed by Geoffrey Garen.
1542
1543         * heap/HeapTimer.cpp:
1544         (JSC::HeapTimer::HeapTimer):
1545         * runtime/VM.cpp:
1546         (JSC::enableAssembler):
1547         Use adoptCF free function.
1548
1549 2013-04-27  Anders Carlsson  <andersca@apple.com>
1550
1551         Try to fix the Windows build.
1552
1553         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
1554
1555 2013-04-25  Geoffrey Garen  <ggaren@apple.com>
1556
1557         Cleaned up pre/post inc/dec in bytecode
1558         https://bugs.webkit.org/show_bug.cgi?id=115222
1559
1560         Reviewed by Filip Pizlo.
1561
1562         A few related changes here:
1563
1564         (*) Removed post_inc and post_dec. The two-result form was awkward to
1565         reason about. Being explicit about the intermediate mov and to_number
1566         reduces DFG overhead, removes some fragile ASSERTs from the DFG, and
1567         fixes a const bug. Plus, we get to blow away 262 lines of code.
1568
1569         (*) Renamed pre_inc and pre_dec to inc and dec, since there's only one
1570         version now.
1571
1572         (*) Renamed to_jsnumber to to_number, to match the ECMA name.
1573
1574         (*) Tightened up the codegen and runtime support for to_number.
1575
1576
1577         * JavaScriptCore.order: Order!
1578
1579         * bytecode/CodeBlock.cpp:
1580         (JSC::CodeBlock::dumpBytecode):
1581         * bytecode/Opcode.h:
1582         (JSC::padOpcodeName):
1583         * bytecompiler/BytecodeGenerator.cpp:
1584         (JSC::BytecodeGenerator::emitInc):
1585         (JSC::BytecodeGenerator::emitDec):
1586         * bytecompiler/BytecodeGenerator.h:
1587         (JSC::BytecodeGenerator::emitToNumber):
1588         (BytecodeGenerator): Removed post_inc and post_dec.
1589
1590         * bytecompiler/NodesCodegen.cpp:
1591         (JSC::emitPreIncOrDec): Updated for rename.
1592
1593         (JSC::emitPostIncOrDec): Issue an explicit mov and to_number when needed.
1594         These are rare, and they boil away in the DFG.
1595
1596         (JSC::PostfixNode::emitResolve):
1597         (JSC::PrefixNode::emitResolve): For const, use an explicit mov instead
1598         of any special forms. This fixes a bug where we would do string
1599         add/subtract instead of number.
1600
1601         * dfg/DFGByteCodeParser.cpp:
1602         (JSC::DFG::ByteCodeParser::parseBlock):
1603         * dfg/DFGCapabilities.h:
1604         (JSC::DFG::canCompileOpcode):
1605         * jit/JIT.cpp:
1606         (JSC::JIT::privateCompileMainPass):
1607         (JSC::JIT::privateCompileSlowCases):
1608         * jit/JIT.h:
1609         * jit/JITArithmetic.cpp:
1610         (JSC::JIT::emit_op_inc):
1611         (JSC::JIT::emitSlow_op_inc):
1612         (JSC::JIT::emit_op_dec):
1613         (JSC::JIT::emitSlow_op_dec):
1614         * jit/JITArithmetic32_64.cpp:
1615         (JSC::JIT::emit_op_inc):
1616         (JSC::JIT::emitSlow_op_inc):
1617         (JSC::JIT::emit_op_dec):
1618         (JSC::JIT::emitSlow_op_dec): Removed post_inc/dec, and updated for renames.
1619
1620         * jit/JITOpcodes.cpp:
1621         (JSC::JIT::emit_op_to_number):
1622         (JSC::JIT::emitSlow_op_to_number): Removed a test for number cells. There's
1623         no such thing!
1624
1625         * jit/JITOpcodes32_64.cpp:
1626         (JSC::JIT::emit_op_to_number): Use LowestTag to avoid making assumptions
1627         about the lowest valued tag.
1628
1629         (JSC::JIT::emitSlow_op_to_number): Updated for renames.
1630
1631         * jit/JITStubs.cpp:
1632         (JSC::DEFINE_STUB_FUNCTION):
1633         * jit/JITStubs.h:
1634         * llint/LLIntSlowPaths.cpp:
1635         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1636         * llint/LLIntSlowPaths.h:
1637         * llint/LowLevelInterpreter32_64.asm:
1638         * llint/LowLevelInterpreter64.asm:
1639         * parser/NodeConstructors.h:
1640         (JSC::UnaryPlusNode::UnaryPlusNode): Removed post_inc/dec, and updated for renames.
1641
1642         * runtime/Operations.cpp:
1643         (JSC::jsIsObjectType): Removed a test for number cells. There's
1644         no such thing!
1645
1646 2013-04-27  Julien Brianceau  <jbrianceau@nds.com>
1647
1648         REGRESSION(r149114): cache flush for SH4 arch may flush an extra page.
1649         https://bugs.webkit.org/show_bug.cgi?id=115305
1650
1651         Reviewed by Andreas Kling.
1652
1653         * assembler/SH4Assembler.h:
1654         (JSC::SH4Assembler::cacheFlush):
1655
1656 2013-04-26  Geoffrey Garen  <ggaren@apple.com>
1657
1658         Re-landing <http://trac.webkit.org/changeset/148999>
1659
1660             Filled out more cases of branch folding in bytecode when emitting
1661             expressions into a branching context
1662             https://bugs.webkit.org/show_bug.cgi?id=115057
1663
1664             Reviewed by Phil Pizlo.
1665
1666         We can't fold the number == 1 case to boolean because all non-zero numbers
1667         down-cast to true, but only 1 is == to true.
1668
1669 2013-04-26  Filip Pizlo  <fpizlo@apple.com>
1670
1671         Correct indentation of SymbolTable.h
1672         
1673         Rubber stamped by Mark Hahnenberg.
1674
1675         * runtime/SymbolTable.h:
1676
1677 2013-04-26  Roger Fong  <roger_fong@apple.com>
1678
1679         Make Apple Windows VS2010 build results into and get dependencies from __32 suffixed folders.
1680         Make the DebugSuffix configuration use _debug dependencies.
1681
1682         * JavaScriptCore.vcxproj/JavaScriptCore.make:
1683         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1684         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1685         * JavaScriptCore.vcxproj/JavaScriptCoreCF.props:
1686         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
1687         * JavaScriptCore.vcxproj/JavaScriptCoreDebug.props:
1688         * JavaScriptCore.vcxproj/JavaScriptCoreDebugCFLite.props:
1689         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj:
1690         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.filters:
1691         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorBuildCmd.cmd:
1692         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props:
1693         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorDebug.props:
1694         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd:
1695         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPreBuild.cmd:
1696         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorProduction.props:
1697         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorRelease.props:
1698         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.make:
1699         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
1700         * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedCommon.props:
1701         * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedDebug.props:
1702         * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedProduction.props:
1703         * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedRelease.props:
1704         * JavaScriptCore.vcxproj/JavaScriptCorePostBuild.cmd:
1705         * JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd:
1706         * JavaScriptCore.vcxproj/JavaScriptCoreProduction.props:
1707         * JavaScriptCore.vcxproj/JavaScriptCoreRelease.props:
1708         * JavaScriptCore.vcxproj/JavaScriptCoreReleaseCFLite.props:
1709         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.make:
1710         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
1711         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/build-LLIntAssembly.sh:
1712         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.make:
1713         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
1714         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh:
1715         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
1716         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props:
1717         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.props:
1718         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorProduction.props:
1719         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.props:
1720         * JavaScriptCore.vcxproj/build-generated-files.sh:
1721         * JavaScriptCore.vcxproj/copy-files.cmd:
1722         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
1723         * JavaScriptCore.vcxproj/jsc/jscCommon.props:
1724         * JavaScriptCore.vcxproj/jsc/jscDebug.props:
1725         * JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd:
1726         * JavaScriptCore.vcxproj/jsc/jscPreLink.cmd:
1727         * JavaScriptCore.vcxproj/jsc/jscProduction.props:
1728         * JavaScriptCore.vcxproj/jsc/jscRelease.props:
1729         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
1730         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters:
1731         * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props:
1732         * JavaScriptCore.vcxproj/testRegExp/testRegExpDebug.props:
1733         * JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd:
1734         * JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd:
1735         * JavaScriptCore.vcxproj/testRegExp/testRegExpProduction.props:
1736         * JavaScriptCore.vcxproj/testRegExp/testRegExpRelease.props:
1737         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
1738         * JavaScriptCore.vcxproj/testapi/testapiCommon.props:
1739         * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props:
1740         * JavaScriptCore.vcxproj/testapi/testapiDebug.props:
1741         * JavaScriptCore.vcxproj/testapi/testapiDebugCFLite.props:
1742         * JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd:
1743         * JavaScriptCore.vcxproj/testapi/testapiProduction.props:
1744         * JavaScriptCore.vcxproj/testapi/testapiRelease.props:
1745         * JavaScriptCore.vcxproj/testapi/testapiReleaseCFLite.props:
1746
1747 2013-04-26  Roger Fong  <roger_fong@apple.com>
1748
1749         Disable sub-pixel layout on mac.
1750         https://bugs.webkit.org/show_bug.cgi?id=114999.
1751
1752         Reviewed by Simon Fraser.
1753
1754         * Configurations/FeatureDefines.xcconfig:
1755
1756 2013-04-26  Oliver Hunt  <oliver@apple.com>
1757
1758         Make stack tracing more robust
1759         https://bugs.webkit.org/show_bug.cgi?id=115272
1760
1761         Reviewed by Geoffrey Garen.
1762
1763         CallFrame already handles stack walking confusion robustly,
1764         so we should make sure that the actual walk handles that as well.
1765
1766         * interpreter/Interpreter.cpp:
1767         (JSC::getCallerInfo):
1768
1769 2013-04-26  Mark Hahnenberg  <mhahnenberg@apple.com>
1770
1771         REGRESSION(r149165): It made many tests crash on 32 bit
1772         https://bugs.webkit.org/show_bug.cgi?id=115227
1773
1774         Reviewed by Csaba Osztrogonác.
1775
1776         m_reservation is uninitialized when ENABLE(SUPER_REGION) is false.
1777
1778         * heap/SuperRegion.cpp:
1779         (JSC::SuperRegion::~SuperRegion):
1780
1781 2013-04-26  Julien Brianceau  <jbrianceau@nds.com>
1782
1783         Fix SH4 build broken since r149159.
1784         https://bugs.webkit.org/show_bug.cgi?id=115229
1785
1786         Add BranchTruncateType enum in SH4 port and handle it in branchTruncateDoubleToInt32.
1787
1788         Reviewed by Allan Sandfeld Jensen.
1789
1790         * assembler/MacroAssemblerSH4.h:
1791         (JSC::MacroAssemblerSH4::branchTruncateDoubleToInt32):
1792
1793 2013-04-25  Mark Hahnenberg  <mhahnenberg@apple.com>
1794
1795         SuperRegion doesn't call deallocate() on its PageReservation
1796         https://bugs.webkit.org/show_bug.cgi?id=115208
1797
1798         Reviewed by Geoffrey Garen.
1799
1800         It should. This doesn't cause us to leak physical memory, but it does cause us to leak virtual 
1801         address space (and probably mach ports), which is also bad :-( FixedVMPoolExecutableAllocator 
1802         also has this bug, but it doesn't matter much because there's only one instance of that class 
1803         throughout the entire lifetime of the process, whereas each VM has its own SuperRegion. 
1804
1805         * heap/SuperRegion.cpp:
1806         (JSC::SuperRegion::~SuperRegion):
1807         * heap/SuperRegion.h:
1808         (SuperRegion):
1809         * jit/ExecutableAllocatorFixedVMPool.cpp:
1810         (FixedVMPoolExecutableAllocator):
1811         (JSC::FixedVMPoolExecutableAllocator::~FixedVMPoolExecutableAllocator):
1812
1813 2013-04-25  Filip Pizlo  <fpizlo@apple.com>
1814
1815         DFG doesn't support to_jsnumber
1816         https://bugs.webkit.org/show_bug.cgi?id=115129
1817
1818         Reviewed by Geoffrey Garen.
1819         
1820         Based on Oliver's patch. Implements to_jsnumber as Identity(Number:@thingy), and then does
1821         an optimization in Fixup to turn Identity(Number:) into Identity(Int32:) if the predictions
1822         tell us to. Identity is later turned into Phantom.
1823         
1824         Also fixed BackPropMask, which appeared to have NodeDoesNotExit included in it. That's
1825         wrong; NodeDoesNotExit is not a backward propagation property.
1826         
1827         Also fixed Identity to be marked as CanExit (i.e. not NodeDoesNotExit).
1828         
1829         This more than doubles the FPS on ammo.
1830
1831         * dfg/DFGByteCodeParser.cpp:
1832         (JSC::DFG::ByteCodeParser::parseBlock):
1833         * dfg/DFGCapabilities.h:
1834         (JSC::DFG::canCompileOpcode):
1835         * dfg/DFGFixupPhase.cpp:
1836         (JSC::DFG::FixupPhase::fixupNode):
1837         (FixupPhase):
1838         (JSC::DFG::FixupPhase::observeUseKindOnNode):
1839         (JSC::DFG::FixupPhase::observeUseKindOnEdge):
1840         * dfg/DFGNodeFlags.h:
1841         (DFG):
1842         * dfg/DFGNodeType.h:
1843         (DFG):
1844         * dfg/DFGPredictionPropagationPhase.cpp:
1845         (JSC::DFG::PredictionPropagationPhase::propagate):
1846
1847 2013-04-24  Oliver Hunt  <oliver@apple.com>
1848
1849         Add support for Math.imul
1850         https://bugs.webkit.org/show_bug.cgi?id=115143
1851
1852         Reviewed by Filip Pizlo.
1853
1854         Add support for Math.imul, a thunk generator for Math.imul,
1855         and an intrinsic.
1856
1857         Fairly self explanatory set of changes, DFG intrinsics simply
1858         leverages the existing ValueToInt32 nodes.
1859
1860         * create_hash_table:
1861         * dfg/DFGAbstractState.cpp:
1862         (JSC::DFG::AbstractState::executeEffects):
1863         * dfg/DFGBackwardsPropagationPhase.cpp:
1864         (JSC::DFG::BackwardsPropagationPhase::propagate):
1865         * dfg/DFGByteCodeParser.cpp:
1866         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1867         * dfg/DFGCSEPhase.cpp:
1868         (JSC::DFG::CSEPhase::performNodeCSE):
1869         * dfg/DFGFixupPhase.cpp:
1870         (JSC::DFG::FixupPhase::fixupNode):
1871         * dfg/DFGNodeType.h:
1872         (DFG):
1873         * dfg/DFGPredictionPropagationPhase.cpp:
1874         (JSC::DFG::PredictionPropagationPhase::propagate):
1875         * dfg/DFGSpeculativeJIT.cpp:
1876         (JSC::DFG::SpeculativeJIT::compileArithIMul):
1877         * dfg/DFGSpeculativeJIT.h:
1878         (SpeculativeJIT):
1879         * dfg/DFGSpeculativeJIT32_64.cpp:
1880         (JSC::DFG::SpeculativeJIT::compile):
1881         * dfg/DFGSpeculativeJIT64.cpp:
1882         (JSC::DFG::SpeculativeJIT::compile):
1883         * jit/ThunkGenerators.cpp:
1884         (JSC::imulThunkGenerator):
1885         (JSC):
1886         * jit/ThunkGenerators.h:
1887         (JSC):
1888         * runtime/Intrinsic.h:
1889         * runtime/MathObject.cpp:
1890         (JSC):
1891         (JSC::mathProtoFuncIMul):
1892         * runtime/VM.cpp:
1893         (JSC::thunkGeneratorForIntrinsic):
1894
1895 2013-04-25  Filip Pizlo  <fpizlo@apple.com>
1896
1897         Unreviewed, roll out http://trac.webkit.org/changeset/148999
1898         It broke http://kripken.github.io/ammo.js/examples/new/ammo.html
1899
1900         * JavaScriptCore.order:
1901         * bytecompiler/BytecodeGenerator.cpp:
1902         (JSC::BytecodeGenerator::emitNewArray):
1903         (JSC::BytecodeGenerator::emitThrowReferenceError):
1904         (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
1905         * bytecompiler/BytecodeGenerator.h:
1906         (JSC::BytecodeGenerator::shouldEmitProfileHooks):
1907         (BytecodeGenerator):
1908         * bytecompiler/NodesCodegen.cpp:
1909         (JSC):
1910         (JSC::NullNode::emitBytecode):
1911         (JSC::BooleanNode::emitBytecode):
1912         (JSC::NumberNode::emitBytecode):
1913         (JSC::StringNode::emitBytecode):
1914         (JSC::IfNode::emitBytecode):
1915         (JSC::IfElseNode::emitBytecode):
1916         * parser/ASTBuilder.h:
1917         (JSC::ASTBuilder::createIfStatement):
1918         (ASTBuilder):
1919         * parser/NodeConstructors.h:
1920         (JSC):
1921         (JSC::NullNode::NullNode):
1922         (JSC::BooleanNode::BooleanNode):
1923         (JSC::NumberNode::NumberNode):
1924         (JSC::StringNode::StringNode):
1925         (JSC::IfNode::IfNode):
1926         (JSC::IfElseNode::IfElseNode):
1927         * parser/Nodes.h:
1928         (JSC::ExpressionNode::isPure):
1929         (JSC::ExpressionNode::isSubtract):
1930         (StatementNode):
1931         (NullNode):
1932         (JSC::NullNode::isNull):
1933         (BooleanNode):
1934         (JSC::BooleanNode::isPure):
1935         (NumberNode):
1936         (JSC::NumberNode::value):
1937         (JSC::NumberNode::isPure):
1938         (StringNode):
1939         (JSC::StringNode::isPure):
1940         (JSC::StringNode::isString):
1941         (BinaryOpNode):
1942         (IfNode):
1943         (JSC):
1944         (IfElseNode):
1945         (ContinueNode):
1946         (BreakNode):
1947         * parser/Parser.cpp:
1948         (JSC::::parseIfStatement):
1949         * parser/ResultType.h:
1950         (ResultType):
1951         * runtime/JSCJSValueInlines.h:
1952         (JSC::JSValue::pureToBoolean):
1953         * runtime/JSCell.h:
1954         (JSCell):
1955         * runtime/JSCellInlines.h:
1956         (JSC):
1957
1958 2013-04-25  Filip Pizlo  <fpizlo@apple.com>
1959
1960         PreciseJumpTargets should treat loop_hint as a jump target
1961         https://bugs.webkit.org/show_bug.cgi?id=115209
1962
1963         Reviewed by Mark Hahnenberg.
1964         
1965         I didn't add a test but I turned this into a release assertion. Running Octane is enough
1966         to trigger it.
1967
1968         * bytecode/PreciseJumpTargets.cpp:
1969         (JSC::computePreciseJumpTargets):
1970         * dfg/DFGByteCodeParser.cpp:
1971         (JSC::DFG::ByteCodeParser::parseBlock):
1972
1973 2013-04-25  Roman Zhuykov  <zhroma@ispras.ru>
1974
1975         Fix problems with processing negative zero on DFG.
1976         https://bugs.webkit.org/show_bug.cgi?id=113862
1977
1978         Reviewed by Filip Pizlo.
1979
1980         Fix NodeNeedsNegZero flag propagation in BackwardPropagationPhase.
1981         Function arithNodeFlags should not mask NodeNeedsNegZero flag for ArithNegate and DoubleAsInt32
1982         nodes and this flag should be always used to decide where we need to generate nezative-zero checks.
1983         Remove unnecessary negative-zero checks from integer ArithDiv on ARM.
1984         Also remove such checks from integer ArithMod on ARM and X86, and make them always to
1985         check not only "modulo_result == 0" but also "dividend < 0".
1986         Generate faster code for case when ArithMod operation divisor is constant power of 2 on ARMv7
1987         in the same way as on ARMv7s, and add negative-zero checks into this code when needed.
1988         Change speculationCheck ExitKind from Overflow to NegativeZero where applicable.
1989  
1990         This shows 30% speedup of math-spectral-norm, and 5% speedup
1991         on SunSpider overall on ARMv7 Linux.
1992
1993         * assembler/MacroAssemblerARM.h:
1994         (JSC::MacroAssemblerARM::branchConvertDoubleToInt32):
1995         * assembler/MacroAssemblerARMv7.h:
1996         (JSC::MacroAssemblerARMv7::branchConvertDoubleToInt32):
1997         * assembler/MacroAssemblerMIPS.h:
1998         (JSC::MacroAssemblerMIPS::branchConvertDoubleToInt32):
1999         * assembler/MacroAssemblerSH4.h:
2000         (JSC::MacroAssemblerSH4::branchConvertDoubleToInt32):
2001         * assembler/MacroAssemblerX86Common.h:
2002         (JSC::MacroAssemblerX86Common::branchConvertDoubleToInt32):
2003         * dfg/DFGBackwardsPropagationPhase.cpp:
2004         (JSC::DFG::BackwardsPropagationPhase::isNotNegZero):
2005         (JSC::DFG::BackwardsPropagationPhase::isNotPosZero):
2006         (JSC::DFG::BackwardsPropagationPhase::propagate):
2007         * dfg/DFGNode.h:
2008         (JSC::DFG::Node::arithNodeFlags):
2009         * dfg/DFGSpeculativeJIT.cpp:
2010         (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
2011         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
2012         (JSC::DFG::SpeculativeJIT::compileArithNegate):
2013
2014 2013-04-25  Oliver Hunt  <oliver@apple.com>
2015
2016         Stack guards are too conservative
2017         https://bugs.webkit.org/show_bug.cgi?id=115147
2018
2019         Reviewed by Mark Hahnenberg.
2020
2021         Increase stack guard to closer to old size.
2022
2023         * interpreter/Interpreter.cpp:
2024         (JSC::Interpreter::StackPolicy::StackPolicy):
2025
2026 2013-04-25  Oliver Hunt  <oliver@apple.com>
2027
2028         Stack guards are too conservative
2029         https://bugs.webkit.org/show_bug.cgi?id=115147
2030
2031         Reviewed by Geoffrey Garen.
2032
2033         Reduce the limits and simplify the decision making.
2034
2035         * interpreter/Interpreter.cpp:
2036         (JSC::Interpreter::StackPolicy::StackPolicy):
2037
2038 2013-04-25  Nick Diego Yamane  <nick.yamane@openbossa.org>
2039
2040         JSC: Fix interpreter misbehavior in builds with JIT disabled
2041         https://bugs.webkit.org/show_bug.cgi?id=115190
2042
2043         Reviewed by Oliver Hunt.
2044
2045         Commit http://trac.webkit.org/changeset/147858 modified
2046         some details on how JS stack traces are built. The method
2047         "getLineNumberForCallFrame", renamed in that changeset to
2048         "getBytecodeOffsetForCallFrame" is always returning `0' when
2049         JIT is disabled
2050
2051         How to reproduce:
2052          - Build webkit with JIT disabled
2053          - Open MiniBrowser, for example, with http://google.com
2054          - In a debug build, WebProcess will hit the following ASSERT:
2055            Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp:279 ASSERT(low);
2056
2057         * interpreter/Interpreter.cpp:
2058         (JSC::getBytecodeOffsetForCallFrame):
2059
2060 2013-04-25  Oliver Hunt  <oliver@apple.com>
2061
2062         Make checkSyntax take a VM instead of an ExecState
2063
2064         RS=Tim
2065
2066         * jsc.cpp:
2067         (runInteractive):
2068         * runtime/Completion.cpp:
2069         (JSC::checkSyntax):
2070         * runtime/Completion.h:
2071         (JSC):
2072
2073 2013-04-25  Michael Saboff  <msaboff@apple.com>
2074
2075         32 Bit: Crash due to RegExpTest nodes not setting result type to Boolean
2076         https://bugs.webkit.org/show_bug.cgi?id=115188
2077
2078         Reviewed by Geoffrey Garen.
2079
2080         Changed the RegExpTest node to set the AbstractValue to boolean, since that
2081         what it is.
2082
2083         * dfg/DFGAbstractState.cpp:
2084         (JSC::DFG::AbstractState::executeEffects):
2085
2086 2013-04-25  Julien Brianceau  <jbrianceau@nds.com>
2087
2088         REGRESSION(r137994): Random crashes occur with SH4 JSC.
2089         https://bugs.webkit.org/show_bug.cgi?id=115167.
2090
2091         Reviewed by Oliver Hunt.
2092
2093         Since r137994, uncommited pages could be inside the area of memory in
2094         parameter of the cacheFlush function. That's why we have to flush each
2095         page separately to avoid a fail of the whole flush, if an uncommited page
2096         is in the area.
2097
2098         This patch is very similar to changeset 145194 made for ARMv7 architecture,
2099         see https://bugs.webkit.org/show_bug.cgi?id=111441 for further information.
2100
2101         * assembler/SH4Assembler.h:
2102         (JSC::SH4Assembler::cacheFlush):
2103
2104 2013-04-24  Mark Lam  <mark.lam@apple.com>
2105
2106         Add watchdog timer polling for the DFG.
2107         https://bugs.webkit.org/show_bug.cgi?id=115134.
2108
2109         Reviewed by Geoffrey Garen.
2110
2111         The strategy is to add a speculation check to the DFG generated code to
2112         test if the watchdog timer has fired or not. If the watchdog timer has
2113         fired, the generated code will do an OSR exit to the baseline JIT, and
2114         let it handle servicing the watchdog timer.
2115
2116         If the watchdog is not enabled, this speculation check will not be
2117         emitted.
2118
2119         * API/tests/testapi.c:
2120         (currentCPUTime_callAsFunction):
2121         (extendTerminateCallback):
2122         (main):
2123         - removed try/catch statements so that we can test the watchdog on the DFG.
2124         - added JS bindings to a native currentCPUTime() function so that the timeout
2125           tests can be more accurate.
2126         - also shortened the time values so that the tests can complete sooner.
2127
2128         * bytecode/ExitKind.h:
2129         * dfg/DFGAbstractState.cpp:
2130         (JSC::DFG::AbstractState::executeEffects):
2131         * dfg/DFGByteCodeParser.cpp:
2132         (JSC::DFG::ByteCodeParser::parseBlock):
2133         * dfg/DFGFixupPhase.cpp:
2134         (JSC::DFG::FixupPhase::fixupNode):
2135         * dfg/DFGNodeType.h:
2136         * dfg/DFGPredictionPropagationPhase.cpp:
2137         (JSC::DFG::PredictionPropagationPhase::propagate):
2138         * dfg/DFGSpeculativeJIT32_64.cpp:
2139         (JSC::DFG::SpeculativeJIT::compile):
2140         * dfg/DFGSpeculativeJIT64.cpp:
2141         (JSC::DFG::SpeculativeJIT::compile):
2142         * runtime/Watchdog.cpp:
2143         (JSC::Watchdog::setTimeLimit):
2144
2145 2013-04-24  Filip Pizlo  <fpizlo@apple.com>
2146
2147         Special thunks for math functions should work on ARMv7
2148         https://bugs.webkit.org/show_bug.cgi?id=115144
2149
2150         Reviewed by Gavin Barraclough and Oliver Hunt.
2151         
2152         The only hard bit here was ensuring that we implemented the very special
2153         "cheap C call" convention on ARMv7.
2154
2155         * assembler/AbstractMacroAssembler.h:
2156         (JSC::isARMv7s):
2157         (JSC):
2158         (JSC::isX86):
2159         * dfg/DFGCommon.h:
2160         * jit/SpecializedThunkJIT.h:
2161         (SpecializedThunkJIT):
2162         (JSC::SpecializedThunkJIT::callDoubleToDoublePreservingReturn):
2163         * jit/ThunkGenerators.cpp:
2164         (JSC::floorThunkGenerator):
2165         (JSC::ceilThunkGenerator):
2166         (JSC::roundThunkGenerator):
2167         (JSC::expThunkGenerator):
2168         (JSC::logThunkGenerator):
2169
2170 2013-04-24  Julien Brianceau  <jbrianceau@nds.com>
2171
2172         Misc bugfix and cleaning in sh4 base JIT.
2173         https://bugs.webkit.org/show_bug.cgi?id=115022.
2174
2175         Reviewed by Oliver Hunt.
2176
2177         Remove unused add32() and sub32() with scratchreg parameter to avoid
2178         confusion as this function prototype means another behaviour.
2179         Remove unused "void push(Address)" function which seems quite buggy.
2180
2181         * assembler/MacroAssemblerSH4.h:
2182         (JSC::MacroAssemblerSH4::and32): Cosmetic change.
2183         (JSC::MacroAssemblerSH4::lshift32): Cosmetic change.
2184         (JSC::MacroAssemblerSH4::or32): Cosmetic change.
2185         (JSC::MacroAssemblerSH4::xor32): Cosmetic change.
2186         (MacroAssemblerSH4):
2187         (JSC::MacroAssemblerSH4::load32): Cosmetic change.
2188         (JSC::MacroAssemblerSH4::load8Signed): Fix invalid offset upper limit
2189         when using r0 register and cosmetic changes.
2190         (JSC::MacroAssemblerSH4::load8): Reuse load8Signed to avoid duplication.
2191         (JSC::MacroAssemblerSH4::load16): Fix invalid offset upper limit when
2192         using r0 register, fix missing offset shift and cosmetic changes.
2193         (JSC::MacroAssemblerSH4::store32): Cosmetic change.
2194         (JSC::MacroAssemblerSH4::branchAdd32): Store result value before branch.
2195
2196 2013-04-24  Patrick Gansterer  <paroga@webkit.org>
2197
2198         [WIN] Remove pthread from Visual Studio files in JavaScriptCore
2199         https://bugs.webkit.org/show_bug.cgi?id=114864
2200
2201         Reviewed by Brent Fulgham.
2202
2203         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
2204         * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.vsprops:
2205         * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
2206         * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops:
2207         * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops:
2208         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
2209         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props:
2210         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props:
2211         * JavaScriptCore.vcxproj/jsc/jscCommon.props:
2212         * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props:
2213         * JavaScriptCore.vcxproj/testapi/testapiCommon.props:
2214         * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props:
2215
2216 2013-04-24  Filip Pizlo  <fpizlo@apple.com>
2217
2218         DFG should keep the operand to create_this alive if it's emitting code for create_this
2219         https://bugs.webkit.org/show_bug.cgi?id=115133
2220
2221         Reviewed by Mark Hahnenberg.
2222         
2223         The DFG must model bytecode liveness, or else OSR exit is going to have a really bad time.
2224
2225         * dfg/DFGByteCodeParser.cpp:
2226         (JSC::DFG::ByteCodeParser::parseBlock):
2227
2228 2013-04-24  Roger Fong  <roger_fong@apple.com>
2229
2230         Have VS2010 WebKit solution look in WebKit_Libraries/lib32 for dependencies.
2231
2232         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd:
2233         * JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd:
2234         * JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd:
2235         * JavaScriptCore.vcxproj/jsc/jscPreLink.cmd:
2236         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters:
2237         * JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd:
2238         * JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd:
2239         * JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd:
2240
2241 2013-04-24  Geoffrey Garen  <ggaren@apple.com>
2242
2243         32-bit build fix.
2244
2245         Unreviewed.
2246
2247         * dfg/DFGSpeculativeJIT.cpp:
2248         (JSC::DFG::SpeculativeJIT::compilePeepHoleBooleanBranch): Explicitly
2249         truncate to 32-bit to avoid compiler warnings. It's safe to truncate
2250         because the payload of a boolean is the low bits on both 64-bit and 32-bit.
2251
2252 2013-04-23  Geoffrey Garen  <ggaren@apple.com>
2253
2254         Filled out more cases of branch folding in the DFG
2255         https://bugs.webkit.org/show_bug.cgi?id=115088
2256
2257         Reviewed by Oliver Hunt.
2258
2259         No change on the benchmarks we track, but a 3X speedup on a
2260         microbenchmark that uses these techniques.
2261
2262         * dfg/DFGByteCodeParser.cpp:
2263         (JSC::DFG::ByteCodeParser::parseBlock): (!/=)= and (!/=)== can constant
2264         fold all types, not just numbers, because true constants have no
2265         side effects when type-converted at runtime.
2266
2267         * dfg/DFGFixupPhase.cpp:
2268         (JSC::DFG::FixupPhase::fixupNode):
2269         * dfg/DFGNode.h:
2270         (JSC::DFG::Node::shouldSpeculateBoolean): Added support for fixing up
2271         boolean uses, like we do for other types like number.
2272
2273         * dfg/DFGSpeculativeJIT.cpp:
2274         (JSC::DFG::SpeculativeJIT::compilePeepHoleBooleanBranch):
2275         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
2276         (JSC::DFG::SpeculativeJIT::compare):
2277         (JSC::DFG::SpeculativeJIT::compileStrictEq):
2278         (JSC::DFG::SpeculativeJIT::compileBooleanCompare): Peephole fuse
2279         boolean compare and/or compare-branch, now that we have the types for
2280         them.
2281
2282         * dfg/DFGSpeculativeJIT.h: Updated declarations.
2283
2284 == Rolled over to ChangeLog-2013-04-24 ==