Source/JavaScriptCore: Rolled back in <http://trac.webkit.org/changeset/127698> with...
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-09-05  Geoffrey Garen  <ggaren@apple.com>
2
3         Rolled back in <http://trac.webkit.org/changeset/127698> with a fix for
4         fast/dom/HTMLScriptElement/script-reexecution-pretty-diff.html, which
5         is to make sure that function declarations don't put their names in scope.
6
7         Reviewed by Gavin Barraclough.
8
9             Named functions should not allocate scope objects for their names
10             https://bugs.webkit.org/show_bug.cgi?id=95659
11
12             Reviewed by Oliver Hunt.
13
14 2012-09-06  Michael Saboff  <msaboff@apple.com>
15
16         16 bit JSRopeString up converts an 8 bit fibers to 16 bits during resolution
17         https://bugs.webkit.org/show_bug.cgi?id=95810
18
19         Reviewed by Benjamin Poulain.
20
21         Added 8 bit path that copies the contents of an 8 bit fiber to the 16 bit buffer
22         when resolving a 16 bit rope.
23
24         * runtime/JSString.cpp:
25         (JSC::JSRopeString::resolveRopeSlowCase):
26
27 2012-09-06  Gavin Barraclough  <barraclough@apple.com>
28
29         JS test suite puts incorrect limitations on Function.toString()
30         https://bugs.webkit.org/show_bug.cgi?id=3975
31
32         Reviewed by Geoff Garen.
33
34         The result of function toString is implementation defined;
35         these test cases were looking for specific whitespace formatting
36         that matches mozilla's, and for redundant braces to be inserted
37         around if/else blocks. Stop that.
38
39         * tests/mozilla/expected.html:
40         * tests/mozilla/js1_2/function/tostring-1.js:
41         (simplify):
42             - reduce whitespace differences
43         * tests/mozilla/js1_2/function/tostring-2.js:
44         (simplify):
45             - reduce whitespace differences
46         (TestOr):
47         (TestAnd):
48             - added braces to match expected output
49
50 2012-09-06  Yuqiang Xian  <yuqiang.xian@intel.com>
51
52         Performance regressions on 32-bit platforms with revisions 125637 and 126387
53         https://bugs.webkit.org/show_bug.cgi?id=95953
54
55         Reviewed by Filip Pizlo.
56
57         * jit/JITPropertyAccess32_64.cpp:
58         (JSC::JIT::emit_op_get_by_val): Fix the typo.
59
60 2012-09-05  Geoffrey Garen  <ggaren@apple.com>
61
62         Rolled out <http://trac.webkit.org/changeset/127698> because it broke
63         fast/dom/HTMLScriptElement/script-reexecution-pretty-diff.html
64
65             Named functions should not allocate scope objects for their names
66             https://bugs.webkit.org/show_bug.cgi?id=95659
67
68             Reviewed by Oliver Hunt.
69
70 2012-09-06  Mark Lam  <mark.lam@apple.com>
71
72         Renamed useYarrJIT() option to useRegExpJIT(). Also fixed regression in
73         which inadvertantly allows the ASM llint to use the baseline JIT when
74         useRegExpJIT() is true.
75         https://bugs.webkit.org/show_bug.cgi?id=95918.
76
77         Reviewed by Geoffrey Garen.
78
79         * runtime/JSGlobalData.cpp:
80         (JSC::enableAssembler):
81         (JSC::JSGlobalData::JSGlobalData):
82         * runtime/JSGlobalData.h:
83         (JSC::JSGlobalData::canUseJIT):
84         (JSC::JSGlobalData::canUseRegExpJIT):
85         (JSGlobalData):
86         * runtime/Options.cpp:
87         (JSC::Options::initialize):
88         * runtime/Options.h:
89         (JSC):
90
91 2012-09-06  Patrick Gansterer  <paroga@webkit.org>
92
93         Build fix for Interpreter after r127698.
94
95         * interpreter/Interpreter.cpp:
96         (JSC::Interpreter::privateExecute):
97
98 2012-09-05  Geoffrey Garen  <ggaren@apple.com>
99
100         Named functions should not allocate scope objects for their names
101         https://bugs.webkit.org/show_bug.cgi?id=95659
102
103         Reviewed by Oliver Hunt.
104
105         In most cases, we can merge a function expression's name into its symbol
106         table. This reduces memory footprint per closure from three objects
107         (function + activation + name scope) to two (function + activation),
108         speeds up closure allocation, and speeds up recursive calls.
109
110         In the case of a named function expression that contains a non-strict
111         eval, the rules are so bat-poop crazy that I don't know how to model
112         them without an extra object. Since functions now default to not having
113         such an object, this case needs to allocate the object on function
114         entry.
115
116         Therefore, this patch makes the slow case a bit slower so the fast case
117         can be faster and more memory-efficient. (Note that the slow case already
118         allocates an activation on entry, and until recently also allocated a
119         scope chain node on entry, so adding one allocation on entry shouldn't
120         break the bank.)
121
122         * bytecode/CodeBlock.cpp:
123         (JSC::CodeBlock::CodeBlock): Caught a missed initializer. No behavior change.
124
125         * bytecompiler/BytecodeGenerator.cpp:
126         (JSC::BytecodeGenerator::BytecodeGenerator): Put the callee in static scope
127         during compilation so it doesn't need to be in dynamic scope at runtime.
128
129         (JSC::BytecodeGenerator::resolveCallee):
130         (JSC::BytecodeGenerator::addCallee): Helper functions for either statically
131         resolving the callee or adding a dynamic scope that will resolve to it,
132         depending on whether you're in the fast path.
133
134         We move the callee into a var location if it's captured because activations
135         prefer to have contiguous ranges of captured variables.
136
137         * bytecompiler/BytecodeGenerator.h:
138         (JSC::BytecodeGenerator::registerFor):
139         (BytecodeGenerator):
140
141         * dfg/DFGOperations.cpp:
142         * interpreter/Interpreter.cpp:
143         (JSC::Interpreter::privateExecute):
144         * jit/JITStubs.cpp:
145         (JSC::DEFINE_STUB_FUNCTION):
146         * llint/LLIntSlowPaths.cpp:
147         (JSC::LLInt::LLINT_SLOW_PATH_DECL): This is the point of the patch: remove
148         one allocation in the case of a named function expression.
149
150         * parser/Parser.cpp:
151         (JSC::::Parser):
152         * parser/Parser.h:
153         (JSC::Scope::declareCallee):
154         (Scope):
155         (Parser):
156         (JSC::parse):
157         * runtime/Executable.cpp:
158         (JSC::EvalExecutable::compileInternal):
159         (JSC::ProgramExecutable::checkSyntax):
160         (JSC::ProgramExecutable::compileInternal):
161         (JSC::FunctionExecutable::produceCodeBlockFor):
162         (JSC::FunctionExecutable::fromGlobalCode): Pipe the callee's name through
163         the parser so we get accurate information on whether the callee was captured.
164
165         (JSC::FunctionExecutable::FunctionExecutable):
166         (JSC::EvalExecutable::compileInternal):
167         (JSC::ProgramExecutable::checkSyntax):
168         (JSC::ProgramExecutable::compileInternal):
169         (JSC::FunctionExecutable::produceCodeBlockFor):
170         (JSC::FunctionExecutable::fromGlobalCode):
171         * runtime/Executable.h:
172         (JSC::FunctionExecutable::create):
173         (FunctionExecutable):
174         (JSC::FunctionExecutable::finishCreation): I had to refactor function
175         creation to support the following function constructor quirk: the function
176         gets a name, but its name is not in lexical scope.
177
178         To simplify this, FunctionExecutable now automatically extracts all the
179         data it needs from the parsed node. The special "fromGlobalCode" path
180         used by the function constructor creates an anonymous function, and then
181         quirkily sets the value used by the .name property to be non-null, even
182         though the parsed name is null.
183
184         * runtime/JSNameScope.h:
185         (JSC::JSNameScope::create):
186         (JSC::JSNameScope::JSNameScope): Added support for explicitly specifying
187         your container scope. The compiler uses this for named function expressions.
188
189 2012-09-05  Gavin Barraclough  <barraclough@apple.com>
190
191         a = data[a]++; sets the wrong key in data
192         https://bugs.webkit.org/show_bug.cgi?id=91270
193
194         Reviewed by Oliver Hunt.
195
196         Postfix inc/dec is unsafely using finalDestination, can trample base/subscript prior to the result being put.
197
198         * bytecompiler/NodesCodegen.cpp:
199         (JSC::PostfixNode::emitResolve):
200             - Remove redundant parens.
201         (JSC::PostfixNode::emitBracket):
202         (JSC::PostfixNode::emitDot):
203             - Refactored to use tempDestination instead of finalDestination.
204         (JSC::PrefixNode::emitBracket):
205         (JSC::PrefixNode::emitDot):
206             - Should be using emitPreIncOrDec.
207
208 2012-09-05  Gavin Barraclough  <barraclough@apple.com>
209
210         Bug, assignment within subscript of prefix/postfix increment of bracket access
211         https://bugs.webkit.org/show_bug.cgi?id=95913
212
213         Reviewed by Oliver Hunt.
214
215         javascript:alert((function(){ var a = { x:1 }; var b = { x:1 }; a[a=b,"x"]++; return a.x; })())
216
217         * bytecompiler/NodesCodegen.cpp:
218         (JSC::PostfixNode::emitBracket):
219         (JSC::PrefixNode::emitBracket):
220             - Should check for assigments in the subscript when loading the base.
221         * parser/Nodes.h:
222         (JSC::BracketAccessorNode::subscriptHasAssignments):
223         (BracketAccessorNode):
224             - Used by emitBracket methods.
225
226 2012-09-05  Gavin Barraclough  <barraclough@apple.com>
227
228         Merge prefix/postfix nodes
229         https://bugs.webkit.org/show_bug.cgi?id=95898
230
231         Reviewed by Geoff Garen.
232
233         Simplify the AST.
234         This will also mean we have access to m_subscriptHasAssignments when generating a prefix/postfix op applied to a bracket access.
235
236         * bytecompiler/NodesCodegen.cpp:
237         (JSC::PostfixNode::emitResolve):
238             - was PostfixResolveNode::emitBytecode
239         (JSC::PostfixNode::emitBracket):
240             - was PostfixBracketNode::emitBytecode
241         (JSC::PostfixNode::emitDot):
242             - was PostfixDotNode::emitBytecode
243         (JSC::PostfixNode::emitBytecode):
244             - was PostfixErrorNode::emitBytecode, call resolve/bracket/dot version as appropriate.
245         (JSC::PrefixNode::emitResolve):
246             - was PrefixResolveNode::emitBytecode
247         (JSC::PrefixNode::emitBracket):
248             - was PrefixBracketNode::emitBytecode
249         (JSC::PrefixNode::emitDot):
250             - was PrefixDotNode::emitBytecode
251         (JSC::PrefixNode::emitBytecode):
252             - was PrefixErrorNode::emitBytecode, call resolve/bracket/dot version as appropriate.
253         * parser/ASTBuilder.h:
254         (JSC::ASTBuilder::makePrefixNode):
255             - Just makes a PrefixNode!
256         (JSC::ASTBuilder::makePostfixNode):
257             - Just makes a PostfixNode!
258         * parser/NodeConstructors.h:
259         (JSC::PostfixNode::PostfixNode):
260             - Added, merge of PostfixResolveNode/PostfixBracketNode/PostfixDotNode/PostfixErrorNode.
261         (JSC::PrefixNode::PrefixNode):
262             - Added, merge of PrefixResolveNode/PrefixBracketNode/PrefixDotNode/PrefixErrorNode.
263         * parser/Nodes.h:
264         (PostfixNode):
265             - Added, merge of PostfixResolveNode/PostfixBracketNode/PostfixDotNode/PostfixErrorNode.
266         (PrefixNode):
267             - Added, merge of PrefixResolveNode/PrefixBracketNode/PrefixDotNode/PrefixErrorNode.
268
269 2012-09-05  Mark Hahnenberg  <mhahnenberg@apple.com>
270
271         Remove use of JSCell::classInfoOffset() from tryCacheGetByID
272         https://bugs.webkit.org/show_bug.cgi?id=95860
273
274         Reviewed by Oliver Hunt.
275
276         We should just do the indirection through the Structure instead.
277
278         * dfg/DFGRepatch.cpp:
279         (JSC::DFG::tryCacheGetByID):
280
281 2012-09-05  Geoffrey Garen  <ggaren@apple.com>
282
283         Throw exceptions when assigning to const in strict mode
284         https://bugs.webkit.org/show_bug.cgi?id=95894
285
286         Reviewed by Oliver Hunt.
287
288         Currently, this never happens; but it will start happening once the
289         callee is a local const register. In this patch, there's no change in
290         behavior.
291
292         * bytecompiler/BytecodeGenerator.cpp:
293         (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded): Helper function
294         for doing the throwing.
295         * bytecompiler/BytecodeGenerator.h:
296
297         * bytecompiler/NodesCodegen.cpp:
298         (JSC::PostfixResolveNode::emitBytecode):
299         (JSC::PrefixResolveNode::emitBytecode):
300         (JSC::ReadModifyResolveNode::emitBytecode):
301         (JSC::AssignResolveNode::emitBytecode): Call the helper function.
302
303 2012-09-05  Geoffrey Garen  <ggaren@apple.com>
304
305         Refactored callee access in the DFG to support it in the general case
306         https://bugs.webkit.org/show_bug.cgi?id=95887
307
308         Reviewed by Phil Pizlo and Gavin Barraclough.
309
310         To support named function expressions, the DFG needs to understand the
311         callee register being used in arbitrary expressions, and not just
312         create_this.
313
314         * dfg/DFGByteCodeParser.cpp:
315         (JSC::DFG::ByteCodeParser::getDirect): 
316         (JSC::DFG::ByteCodeParser::getCallee): Remap access to the callee register
317         into a GetCallee node. Otherwise, we get confused and think we have a
318         negatively indexed argument.
319
320         (ByteCodeParser):
321         (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand): Inlining also
322         needs to remap, but to the callee in the inline frame, and not the caller's
323         callee.
324
325         (JSC::DFG::ByteCodeParser::parseBlock): Since we support the callee in
326         the general case now, there's no need to handle it in a special way for
327         create_this.
328
329 2012-09-05  Mark Hahnenberg  <mhahnenberg@apple.com>
330
331         Remove use of JSCell::classInfoOffset() from virtualForThunkGenerator
332         https://bugs.webkit.org/show_bug.cgi?id=95821
333
334         Reviewed by Oliver Hunt.
335
336         We can replace the load of the ClassInfo from the object with a load from the Structure.
337
338         * dfg/DFGThunks.cpp:
339         (JSC::DFG::virtualForThunkGenerator):
340
341 2012-09-05  Benjamin Poulain  <bpoulain@apple.com>
342
343         Fix the uses of String::operator+=() for Mac
344         https://bugs.webkit.org/show_bug.cgi?id=95818
345
346         Reviewed by Dan Bernstein.
347
348         * jsc.cpp:
349         (functionJSCStack): Use StringBuilder to create the stack dump, it is faster
350         and avoid String::operator+=().
351
352         * parser/Parser.h:
353         (JSC::Parser::updateErrorMessageSpecialCase):
354         (JSC::Parser::updateErrorMessage):
355         (JSC::Parser::updateErrorWithNameAndMessage):
356         Use the String operators (and makeString) to concatenate the strings.
357
358 2012-09-05  Gabor Rapcsanyi  <rgabor@webkit.org>
359
360         DFG JIT doesn't work properly on ARM hardfp
361         https://bugs.webkit.org/show_bug.cgi?id=95684
362
363         Reviewed by Filip Pizlo.
364
365         Add hardfp support to DFG JIT. The patch is created with the
366         help of Zoltan Herczeg.
367
368         * dfg/DFGCCallHelpers.h:
369         (CCallHelpers):
370         (JSC::DFG::CCallHelpers::setupArguments):
371         * dfg/DFGFPRInfo.h:
372         (FPRInfo):
373         * dfg/DFGSpeculativeJIT.h:
374         (SpeculativeJIT):
375         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
376         (JSC::DFG::SpeculativeJIT::appendCallSetResult):
377
378 2012-09-04  Mark Lam  <mark.lam@apple.com>
379
380         Allow the YarrJIT to use the assembler even when useJIT() is false.
381         Introduce the useYarrJIT() option.
382         https://bugs.webkit.org/show_bug.cgi?id=95809.
383
384         Reviewed by Geoffrey Garen.
385
386         * runtime/JSGlobalData.cpp:
387         (JSC::enableAssembler):
388         * runtime/Options.cpp:
389         (JSC::Options::initialize):
390         * runtime/Options.h:
391         (JSC):
392
393 2012-09-04  Gavin Barraclough  <barraclough@apple.com>
394
395         inc/dec behave incorrectly operating on a resolved const
396         https://bugs.webkit.org/show_bug.cgi?id=95815
397
398         Reviewed by Geoff Garen.
399
400         There are two bugs here.
401
402         (1) When the value being incremented is const, and the result is ignored, we assume this cannot be observed, and emit no code.
403             However if the value being incremented is not a primitive & has a valueOf conversion, then this should be being called.
404
405         (2) In the case of a pre-increment of a const value where the result is not ignored, we'll move +/-1 to the destination, then
406             add the resolved const value being incremented to this. This is problematic if the destination is a local, and the const
407             value being incremented has a valueOf conversion that throws - the destination will be modified erroneously. Instead, we
408             need to use a temporary location.
409
410         * bytecompiler/NodesCodegen.cpp:
411         (JSC::PostfixResolveNode::emitBytecode):
412         (JSC::PrefixResolveNode::emitBytecode):
413             - always at least perform a toNumber conversion, use tempDestination when reducing inc/dec to an add +/-1.
414
415 2012-09-04  Filip Pizlo  <fpizlo@apple.com>
416
417         DFG GetByVal for JSArrays shouldn't OSR exit every time that the index is out of bound
418         https://bugs.webkit.org/show_bug.cgi?id=95717
419
420         Reviewed by Oliver Hunt.
421         
422         Rolling back in after fixing the negative index case.
423
424         Make GetByVal for JSArrayOutOfBounds do meaningful things. The profiling was already
425         there so we should just use it!
426
427         * bytecode/DFGExitProfile.h:
428         (JSC::DFG::exitKindToString):
429         * dfg/DFGAbstractState.cpp:
430         (JSC::DFG::AbstractState::execute):
431         * dfg/DFGOperations.cpp:
432         * dfg/DFGOperations.h:
433         * dfg/DFGSpeculativeJIT.h:
434         (JSC::DFG::SpeculativeJIT::callOperation):
435         * dfg/DFGSpeculativeJIT32_64.cpp:
436         (JSC::DFG::SpeculativeJIT::compile):
437         * dfg/DFGSpeculativeJIT64.cpp:
438         (JSC::DFG::SpeculativeJIT::compile):
439
440 2012-09-04  Sheriff Bot  <webkit.review.bot@gmail.com>
441
442         Unreviewed, rolling out r127503.
443         http://trac.webkit.org/changeset/127503
444         https://bugs.webkit.org/show_bug.cgi?id=95788
445
446         broke some tests (fast/js/dfg-negative-array-index, fast/js
447         /dfg-put-by-val-setter-then-get-by-val) (Requested by thorton
448         on #webkit).
449
450         * bytecode/DFGExitProfile.h:
451         (JSC::DFG::exitKindToString):
452         * dfg/DFGAbstractState.cpp:
453         (JSC::DFG::AbstractState::execute):
454         * dfg/DFGOperations.cpp:
455         * dfg/DFGOperations.h:
456         * dfg/DFGSpeculativeJIT.h:
457         (JSC::DFG::SpeculativeJIT::callOperation):
458         * dfg/DFGSpeculativeJIT32_64.cpp:
459         (JSC::DFG::SpeculativeJIT::compile):
460         * dfg/DFGSpeculativeJIT64.cpp:
461         (JSC::DFG::SpeculativeJIT::compile):
462
463 2012-09-04  Benjamin Poulain  <bpoulain@apple.com>
464
465         Improve JSC use of Strings after the UString->String change
466         https://bugs.webkit.org/show_bug.cgi?id=95633
467
468         Reviewed by Geoffrey Garen.
469
470         This patch improve the use of strings in the JSC runtime.
471
472         The initialization of Identifier is left for future patches.
473
474         The improvements are the following:
475         -5% faster to raise one of the modified exception.
476         -3 times faster to execute Boolean::toString()
477
478         Most of the changes are just about using the new methods
479         for string literals.
480
481         With the changes, the binary on x86_64 gets 176 bytes smaller.
482
483         * API/JSCallbackObjectFunctions.h:
484         (JSC::::staticFunctionGetter):
485         (JSC::::callbackGetter):
486         * API/JSContextRef.cpp:
487         (JSContextCreateBacktrace):
488         * API/JSObjectRef.cpp:
489         (JSObjectMakeFunctionWithCallback):
490         * bytecode/CodeBlock.cpp:
491         (JSC::valueToSourceString):
492         (JSC::CodeBlock::nameForRegister):
493         * interpreter/Interpreter.cpp:
494         (JSC::Interpreter::addStackTraceIfNecessary):
495         * runtime/ArrayConstructor.cpp:
496         (JSC::constructArrayWithSizeQuirk):
497         * runtime/ArrayPrototype.cpp:
498         (JSC::shift):
499         (JSC::unshift):
500         (JSC::arrayProtoFuncPop):
501         (JSC::arrayProtoFuncReverse):
502         * runtime/BooleanPrototype.cpp:
503         (JSC::booleanProtoFuncToString): Instead of instanciating new strings, reuse the
504         keywords available in SmallStrings. Avoiding the creation of the JSString and StringImpl
505         makes the method significantly faster.
506
507         * runtime/DateConversion.cpp:
508         (JSC::formatDateTime):
509         * runtime/DatePrototype.cpp:
510         (JSC::formatLocaleDate):
511         (JSC::formateDateInstance):
512         (JSC::dateProtoFuncToISOString):
513         Change the way we use snprintf() for clarity and performance.
514
515         Instead of allocating one extra byte to put a zero "just in case", we use the size returned
516         by snprintf().
517         To prevent any overflow from a programming mistake, we explicitely test for overflow and
518         return an empty string.
519
520         (JSC::dateProtoFuncToJSON):
521         * runtime/Error.cpp:
522         (JSC::createNotEnoughArgumentsError):
523         (JSC::throwTypeError):
524         (JSC::throwSyntaxError):
525         * runtime/Error.h:
526         (JSC::StrictModeTypeErrorFunction::create):
527         * runtime/ErrorPrototype.cpp:
528         (JSC::ErrorPrototype::finishCreation):
529         (JSC::errorProtoFuncToString):
530         Using a null String is correct because (8) uses jsString(), (9) tests for a length of 0.
531
532         * runtime/ExceptionHelpers.cpp:
533         (JSC::InterruptedExecutionError::defaultValue):
534         (JSC::TerminatedExecutionError::defaultValue):
535         (JSC::createStackOverflowError):
536         (JSC::createOutOfMemoryError):
537         * runtime/Executable.cpp:
538         (JSC::EvalExecutable::compileInternal):
539         (JSC::FunctionExecutable::paramString):
540         * runtime/FunctionConstructor.cpp:
541         (JSC::constructFunction):
542         (JSC::constructFunctionSkippingEvalEnabledCheck):
543         * runtime/FunctionPrototype.h:
544         (JSC::FunctionPrototype::create):
545         Using a null String for the name is correct because InternalFunction uses jsString()
546         to create the name value.
547
548         * runtime/InternalFunction.cpp:
549         (JSC::InternalFunction::finishCreation):
550         There is no need to create an empty string for a null string, jsString() handle both
551         cases as empty JSString.
552
553         * runtime/JSArray.cpp:
554         (JSC::reject):
555         (JSC::SparseArrayValueMap::put):
556         (JSC::JSArray::put):
557         (JSC::JSArray::putByIndexBeyondVectorLength):
558         (JSC::JSArray::putDirectIndexBeyondVectorLength):
559         (JSC::JSArray::setLength):
560         (JSC::JSArray::pop):
561         (JSC::JSArray::push):
562         * runtime/JSFunction.cpp:
563         (JSC::JSFunction::finishCreation): Same issue as InternalFunction::finishCreation.
564
565         (JSC::JSFunction::callerGetter):
566         (JSC::JSFunction::defineOwnProperty):
567         * runtime/JSGlobalData.cpp:
568         (JSC::enableAssembler): Use CFSTR() instead of CFStringCreateWithCString().
569         CFStringCreateWithCString() copy the content and may choose to decode the data.
570         CFSTR() is much more efficient.
571
572         * runtime/JSGlobalObject.cpp:
573         (JSC::JSGlobalObject::reset):
574         JSFunction uses jsString() to create the name, we can use null strings instead
575         of creating empty strings.
576
577         (JSC::JSGlobalObject::createThrowTypeError): ditto.
578         * runtime/JSGlobalObjectFunctions.cpp:
579         (JSC::encode):
580         (JSC::decode):
581         (JSC::globalFuncEval):
582         * runtime/JSONObject.cpp:
583         (JSC::Stringifier::appendStringifiedValue):
584         (JSC::Stringifier::Holder::appendNextProperty):
585         (JSC::JSONProtoFuncParse):
586         (JSC::JSONProtoFuncStringify):
587         * runtime/JSObject.cpp:
588         (JSC::JSObject::put):
589         (JSC::JSObject::defaultValue):
590         (JSC::JSObject::hasInstance):
591         (JSC::JSObject::defineOwnProperty):
592         * runtime/JSString.cpp:
593         Return an empty JSString to avoid the creation of a temporary empty String.
594
595         (JSC::JSRopeString::getIndexSlowCase):
596         * runtime/JSString.h:
597         (JSC): Remove the versions of jsNontrivialString() taking a char*. All the callers
598         have been replaced by calls using ASCIILiteral.
599
600         * runtime/JSValue.cpp:
601         (JSC::JSValue::putToPrimitive):
602         * runtime/LiteralParser.cpp:
603         (JSC::::Lexer::lex):
604         (JSC::::Lexer::lexString):
605         (JSC::::Lexer::lexNumber):
606         (JSC::::parse):
607         * runtime/LiteralParser.h:
608         (JSC::LiteralParser::getErrorMessage):
609         * runtime/NumberPrototype.cpp:
610         (JSC::numberProtoFuncToExponential):
611         (JSC::numberProtoFuncToFixed):
612         (JSC::numberProtoFuncToPrecision):
613         (JSC::numberProtoFuncToString):
614         * runtime/ObjectConstructor.cpp:
615         (JSC::objectConstructorGetPrototypeOf):
616         (JSC::objectConstructorGetOwnPropertyDescriptor):
617         (JSC::objectConstructorGetOwnPropertyNames):
618         (JSC::objectConstructorKeys):
619         (JSC::toPropertyDescriptor):
620         (JSC::objectConstructorDefineProperty):
621         (JSC::objectConstructorDefineProperties):
622         (JSC::objectConstructorCreate):
623         (JSC::objectConstructorSeal):
624         (JSC::objectConstructorFreeze):
625         (JSC::objectConstructorPreventExtensions):
626         (JSC::objectConstructorIsSealed):
627         (JSC::objectConstructorIsFrozen):
628         (JSC::objectConstructorIsExtensible):
629         * runtime/ObjectPrototype.cpp:
630         (JSC::objectProtoFuncDefineGetter):
631         (JSC::objectProtoFuncDefineSetter):
632         (JSC::objectProtoFuncToString):
633         * runtime/RegExpConstructor.cpp:
634         (JSC::constructRegExp):
635         * runtime/RegExpObject.cpp:
636         (JSC::reject):
637         (JSC::regExpObjectSource):
638         * runtime/RegExpPrototype.cpp:
639         (JSC::regExpProtoFuncCompile):
640         * runtime/StringObject.cpp:
641         (JSC::StringObject::defineOwnProperty):
642         * runtime/StringPrototype.cpp:
643         (JSC::jsSpliceSubstrings):
644         (JSC::jsSpliceSubstringsWithSeparators):
645
646 2012-09-04  Filip Pizlo  <fpizlo@apple.com>
647
648         DFG GetByVal for JSArrays shouldn't OSR exit every time that the index is out of bound
649         https://bugs.webkit.org/show_bug.cgi?id=95717
650
651         Reviewed by Oliver Hunt.
652
653         Make GetByVal for JSArrayOutOfBounds do meaningful things. The profiling was already
654         there so we should just use it!
655
656         * bytecode/DFGExitProfile.h:
657         (JSC::DFG::exitKindToString):
658         * dfg/DFGAbstractState.cpp:
659         (JSC::DFG::AbstractState::execute):
660         * dfg/DFGOperations.cpp:
661         * dfg/DFGOperations.h:
662         * dfg/DFGSpeculativeJIT.h:
663         (JSC::DFG::SpeculativeJIT::callOperation):
664         * dfg/DFGSpeculativeJIT32_64.cpp:
665         (JSC::DFG::SpeculativeJIT::compile):
666         * dfg/DFGSpeculativeJIT64.cpp:
667         (JSC::DFG::SpeculativeJIT::compile):
668
669 2012-09-04  Zoltan Horvath  <zoltan@webkit.org>
670
671         Extend the coverage of the Custom Allocation Framework in WTF and in JavaScriptCore
672         https://bugs.webkit.org/show_bug.cgi?id=95737
673
674         Reviewed by Eric Seidel.
675
676         Add WTF_MAKE_FAST_ALLOCATED macro to the following class declarations because these are instantiated by operator new.
677
678         * wtf/CryptographicallyRandomNumber.cpp: CryptographicallyRandomNumber is instantiated at wtf/CryptographicallyRandomNumber.cpp:162.
679
680         * heap/MachineStackMarker.cpp:
681         (MachineThreads::Thread): Thread is instantiated at heap/MachineStackMarker.cpp:196.
682         * jit/ExecutableAllocatorFixedVMPool.cpp:
683         (FixedVMPoolExecutableAllocator): FixedVMPoolExecutableAllocator is instantiated at jit/ExecutableAllocatorFixedVMPool.cpp:111
684         * parser/SourceProviderCache.h:
685         (SourceProviderCache): SourceProviderCache is instantiated at parser/SourceProvider.h:49.
686         * parser/SourceProviderCacheItem.h:
687         (SourceProviderCacheItem): SourceProviderCacheItem is instantiated at parser/Parser.cpp:843.
688         * runtime/GCActivityCallback.h:
689         (GCActivityCallback): GCActivityCallback is instantiated at runtime/GCActivityCallback.h:96.
690         * tools/CodeProfile.h:
691         (CodeProfile): CodeProfile is instantiated at JavaScriptCore/tools/CodeProfiling.cpp:140.
692
693 2012-09-04  Mark Hahnenberg  <mhahnenberg@apple.com>
694
695         Remove uses of ClassInfo from SpeculativeJIT::compileObjectOrOtherLogicalNot
696         https://bugs.webkit.org/show_bug.cgi?id=95510
697
698         Reviewed by Oliver Hunt.
699
700         More refactoring to get rid of ClassInfo checks in the DFG.
701
702         * dfg/DFGAbstractState.cpp:
703         (JSC::DFG::AbstractState::execute):
704         * dfg/DFGSpeculativeJIT.h:
705         (SpeculativeJIT):
706         * dfg/DFGSpeculativeJIT32_64.cpp:
707         (JSC::DFG::SpeculativeJIT::compileNonStringCellOrOtherLogicalNot):
708         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
709         * dfg/DFGSpeculativeJIT64.cpp:
710         (JSC::DFG::SpeculativeJIT::compileNonStringCellOrOtherLogicalNot):
711         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
712
713 2012-09-03  Patrick Gansterer  <paroga@webkit.org>
714
715         Unreviewed. Build fix for ENABLE(CLASSIC_INTERPRETER) after r127393.
716
717         * interpreter/Interpreter.h:
718
719 2012-09-02  Geoffrey Garen  <ggaren@apple.com>
720
721         Fixed failures seen on Linux bots.
722
723         * jit/JITOpcodes.cpp:
724         (JSC::JIT::emit_op_push_with_scope):
725         * jit/JITOpcodes32_64.cpp:
726         (JSC::JIT::emit_op_push_with_scope):
727         * jit/JITStubs.cpp:
728         (JSC::DEFINE_STUB_FUNCTION):
729         * jit/JITStubs.h: push_*_scope doesn't have a destination operand anymore.
730         Accordingly, update these places in the baseline JIT, which I missed in my last patch.
731
732 2012-09-02  Geoffrey Garen  <ggaren@apple.com>
733
734         Refactored scope chain opcodes to support optimization for named function expressions
735         https://bugs.webkit.org/show_bug.cgi?id=95658
736
737         Reviewed by Sam Weinig.
738
739         Renamed
740             push_scope => push_with_scope
741             push_new_scope => push_name_scope
742         to clarify the difference between them.
743
744         Changed push_with_scope and push_name_scope not to save the new scope in
745         a temporary register, since doing so made optimization harder.
746
747         (The old behavior was a hold-over from when the scope chain wasn't
748         a GC object, and wouldn't be marked otherwise. Now, the scope chain is
749         marked because it is a GC object pointed to by the call frame.)
750
751         Changed push_name_scope to accept an operand specifying the attributes
752         for the named property, instead of assuming DontDelete, because a named
753         function expression needs ReadOnly|DontDelete.
754
755         * bytecompiler/BytecodeGenerator.cpp:
756         (JSC::BytecodeGenerator::highestUsedRegister): Removed this function,
757         which used to be related to preserving saved scope object temporaries,
758         because it had no callers.
759
760 2012-09-01  Geoffrey Garen  <ggaren@apple.com>
761
762         Rolled back out a piece of <http://trac.webkit.org/changeset/127293>
763         because it broke inspector tests on Windows.
764
765             Shrink activation objects by half
766             https://bugs.webkit.org/show_bug.cgi?id=95591
767
768             Reviewed by Sam Weinig.
769
770 2012-09-01  Mark Lam  <mark.lam@apple.com>
771
772         LLInt C loop backend.
773         https://bugs.webkit.org/show_bug.cgi?id=91052.
774
775         Reviewed by Filip Pizlo.
776
777         * JavaScriptCore.xcodeproj/project.pbxproj:
778         * bytecode/CodeBlock.cpp:
779         (JSC::CodeBlock::dump):
780         (JSC::CodeBlock::bytecodeOffset):
781         * interpreter/Interpreter.cpp:
782         (JSC::Interpreter::execute):
783         (JSC::Interpreter::executeCall):
784         (JSC::Interpreter::executeConstruct):
785         (JSC):
786         * interpreter/Interpreter.h:
787         * jit/JITStubs.h:
788         (JITStackFrame):
789         (JSC):
790         * llint/LLIntCLoop.cpp: Added.
791         (JSC):
792         (LLInt):
793         (JSC::LLInt::CLoop::initialize):
794         (JSC::LLInt::CLoop::catchRoutineFor):
795         (JSC::LLInt::CLoop::hostCodeEntryFor):
796         (JSC::LLInt::CLoop::jsCodeEntryWithArityCheckFor):
797         (JSC::LLInt::CLoop::jsCodeEntryFor):
798         * llint/LLIntCLoop.h: Added.
799         (JSC):
800         (LLInt):
801         (CLoop):
802         * llint/LLIntData.cpp:
803         (JSC::LLInt::initialize):
804         * llint/LLIntData.h:
805         (JSC):
806         * llint/LLIntOfflineAsmConfig.h:
807         * llint/LLIntOpcode.h:
808         * llint/LLIntThunks.cpp:
809         (LLInt):
810         * llint/LowLevelInterpreter.asm:
811         * llint/LowLevelInterpreter.cpp:
812         (LLInt):
813         (JSC::LLInt::Ints2Double):
814         (JSC):
815         (JSC::CLoop::execute):
816         * llint/LowLevelInterpreter.h:
817         (JSC):
818         * llint/LowLevelInterpreter32_64.asm:
819         * llint/LowLevelInterpreter64.asm:
820         * offlineasm/asm.rb:
821         * offlineasm/backends.rb:
822         * offlineasm/cloop.rb: Added.
823         * offlineasm/instructions.rb:
824         * runtime/Executable.h:
825         (ExecutableBase):
826         (JSC::ExecutableBase::hostCodeEntryFor):
827         (JSC::ExecutableBase::jsCodeEntryFor):
828         (JSC::ExecutableBase::jsCodeWithArityCheckEntryFor):
829         (JSC::ExecutableBase::catchRoutineFor):
830         (NativeExecutable):
831         * runtime/JSValue.h:
832         (JSC):
833         (LLInt):
834         (JSValue):
835         * runtime/JSValueInlineMethods.h:
836         (JSC):
837         (JSC::JSValue::JSValue):
838         * runtime/Options.cpp:
839         (JSC::Options::initialize):
840
841 2012-09-01  Geoffrey Garen  <ggaren@apple.com>
842
843         Rolled back in a piece of <http://trac.webkit.org/changeset/127293>.
844
845             Shrink activation objects by half
846             https://bugs.webkit.org/show_bug.cgi?id=95591
847
848             Reviewed by Sam Weinig.
849
850         * runtime/JSActivation.h:
851         (JSActivation):
852
853 2012-09-01  Geoffrey Garen  <ggaren@apple.com>
854
855         Rolled back in a piece of <http://trac.webkit.org/changeset/127293>.
856
857             Shrink activation objects by half
858             https://bugs.webkit.org/show_bug.cgi?id=95591
859
860             Reviewed by Sam Weinig.
861
862         * runtime/JSActivation.cpp:
863         (JSC::JSActivation::JSActivation):
864         * runtime/JSGlobalObject.cpp:
865         (JSC::JSGlobalObject::JSGlobalObject):
866         (JSC::JSGlobalObject::setGlobalThis):
867         (JSC):
868         (JSC::JSGlobalObject::visitChildren):
869         * runtime/JSGlobalObject.h:
870         (JSGlobalObject):
871         (JSC::JSScope::globalThis):
872         (JSC):
873         (JSC::JSGlobalObject::globalThis):
874         * runtime/JSNameScope.h:
875         (JSC::JSNameScope::JSNameScope):
876         * runtime/JSScope.cpp:
877         (JSC::JSScope::visitChildren):
878         * runtime/JSScope.h:
879         (JSScope):
880         (JSC::JSScope::JSScope):
881         (JSC::JSScope::globalObject):
882         (JSC::JSScope::globalData):
883         * runtime/JSSegmentedVariableObject.h:
884         (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
885         * runtime/JSSymbolTableObject.h:
886         (JSC::JSSymbolTableObject::JSSymbolTableObject):
887         * runtime/JSVariableObject.h:
888         (JSC::JSVariableObject::JSVariableObject):
889         * runtime/JSWithScope.h:
890         (JSC::JSWithScope::JSWithScope):
891         * runtime/StrictEvalActivation.cpp:
892         (JSC::StrictEvalActivation::StrictEvalActivation):
893
894 2012-09-01  Geoffrey Garen  <ggaren@apple.com>
895
896         Rolled back out a piece of <http://trac.webkit.org/changeset/127293>
897         because it broke Window inspector tests.
898
899             Shrink activation objects by half
900             https://bugs.webkit.org/show_bug.cgi?id=95591
901
902             Reviewed by Sam Weinig.
903
904         * runtime/JSActivation.h:
905         (JSActivation):
906
907 2012-08-31  Filip Pizlo  <fpizlo@apple.com>
908
909         Unreviewed, attempt to fix Windows, take two.
910
911         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
912
913 2012-08-31  Filip Pizlo  <fpizlo@apple.com>
914
915         Unreviewed, attempt to fix Windows.
916
917         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
918
919 2012-08-31  Filip Pizlo  <fpizlo@apple.com>
920
921         JSArray::putDirectIndex should by default behave like JSObject::putDirect
922         https://bugs.webkit.org/show_bug.cgi?id=95630
923
924         Reviewed by Gavin Barraclough.
925
926         * interpreter/Interpreter.cpp:
927         (JSC::Interpreter::privateExecute):
928         * jit/JITStubs.cpp:
929         (JSC::DEFINE_STUB_FUNCTION):
930         * jsc.cpp:
931         (GlobalObject::finishCreation):
932         * llint/LLIntSlowPaths.cpp:
933         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
934         * runtime/JSArray.cpp:
935         (JSC::SparseArrayValueMap::putDirect):
936         (JSC::JSArray::defineOwnNumericProperty):
937         (JSC::JSArray::putDirectIndexBeyondVectorLength):
938         * runtime/JSArray.h:
939         (SparseArrayValueMap):
940         (JSArray):
941         (JSC::JSArray::putDirectIndex):
942         * runtime/JSONObject.cpp:
943         (JSC::Walker::walk):
944         * runtime/RegExpMatchesArray.cpp:
945         (JSC::RegExpMatchesArray::reifyAllProperties):
946         (JSC::RegExpMatchesArray::reifyMatchProperty):
947         * runtime/StringPrototype.cpp:
948         (JSC::splitStringByOneCharacterImpl):
949         (JSC::stringProtoFuncSplit):
950
951 2012-08-31  Geoffrey Garen  <ggaren@apple.com>
952
953         Rolled back in a piece of <http://trac.webkit.org/changeset/127293>.
954
955             Shrink activation objects by half
956             https://bugs.webkit.org/show_bug.cgi?id=95591
957
958             Reviewed by Sam Weinig.
959
960         * runtime/JSGlobalData.cpp:
961         (JSC::JSGlobalData::JSGlobalData):
962         * runtime/JSGlobalData.h:
963         (JSGlobalData):
964         * runtime/JSNameScope.h:
965         (JSC::JSNameScope::JSNameScope):
966         * runtime/JSWithScope.h:
967         (JSC::JSWithScope::JSWithScope):
968         * runtime/StrictEvalActivation.cpp:
969         (JSC::StrictEvalActivation::StrictEvalActivation):
970
971 2012-08-31  Geoffrey Garen  <ggaren@apple.com>
972
973         Rolled back in a piece of <http://trac.webkit.org/changeset/127293>.
974
975             Shrink activation objects by half
976             https://bugs.webkit.org/show_bug.cgi?id=95591
977
978             Reviewed by Sam Weinig.
979
980         * dfg/DFGAbstractState.cpp:
981         (JSC::DFG::AbstractState::execute):
982         * jit/JITOpcodes.cpp:
983         (JSC::JIT::emit_op_resolve_global_dynamic):
984         * llint/LowLevelInterpreter32_64.asm:
985         * llint/LowLevelInterpreter64.asm:
986         * runtime/JSActivation.cpp:
987         (JSC::JSActivation::JSActivation):
988         * runtime/JSGlobalData.cpp:
989         (JSC::JSGlobalData::JSGlobalData):
990         * runtime/JSGlobalData.h:
991         (JSGlobalData):
992         * runtime/JSGlobalObject.cpp:
993         (JSC::JSGlobalObject::reset):
994         (JSC::JSGlobalObject::visitChildren):
995         * runtime/JSGlobalObject.h:
996         (JSGlobalObject):
997         (JSC::JSGlobalObject::withScopeStructure):
998         (JSC::JSGlobalObject::strictEvalActivationStructure):
999         (JSC::JSGlobalObject::activationStructure):
1000         (JSC::JSGlobalObject::nameScopeStructure):
1001
1002 2012-08-31  Mark Hahnenberg  <mhahnenberg@apple.com>
1003
1004         Remove use of ClassInfo in SpeculativeJIT::emitBranch
1005         https://bugs.webkit.org/show_bug.cgi?id=95623
1006
1007         Reviewed by Filip Pizlo.
1008
1009         * dfg/DFGAbstractState.cpp:
1010         (JSC::DFG::AbstractState::execute):
1011         * dfg/DFGSpeculativeJIT.h:
1012         (SpeculativeJIT):
1013         * dfg/DFGSpeculativeJIT32_64.cpp:
1014         (JSC::DFG::SpeculativeJIT::emitNonStringCellOrOtherBranch):
1015         (JSC::DFG::SpeculativeJIT::emitBranch):
1016         * dfg/DFGSpeculativeJIT64.cpp:
1017         (JSC::DFG::SpeculativeJIT::emitNonStringCellOrOtherBranch):
1018         (JSC::DFG::SpeculativeJIT::emitBranch):
1019
1020 2012-08-31  Geoffrey Garen  <ggaren@apple.com>
1021
1022         Rolled back in a piece of <http://trac.webkit.org/changeset/127293>.
1023
1024             Shrink activation objects by half
1025             https://bugs.webkit.org/show_bug.cgi?id=95591
1026
1027             Reviewed by Sam Weinig.
1028
1029         * heap/MarkedBlock.cpp:
1030         (JSC::MarkedBlock::MarkedBlock):
1031         * heap/MarkedBlock.h:
1032         (MarkedBlock):
1033         (JSC::MarkedBlock::globalData):
1034         (JSC):
1035         * heap/WeakSet.cpp:
1036         (JSC::WeakSet::addAllocator):
1037         * heap/WeakSet.h:
1038         (WeakSet):
1039         (JSC::WeakSet::WeakSet):
1040         (JSC::WeakSet::globalData):
1041         * runtime/JSGlobalData.h:
1042         (JSC::WeakSet::heap):
1043         (JSC):
1044
1045 2012-08-31  Mark Lam  <mark.lam@apple.com>
1046
1047         Refactor LLInt and supporting code in preparation for the C Loop backend.
1048         https://bugs.webkit.org/show_bug.cgi?id=95531.
1049
1050         Reviewed by Filip Pizlo.
1051
1052         * bytecode/GetByIdStatus.cpp:
1053         (JSC::GetByIdStatus::computeFromLLInt):
1054         * bytecode/PutByIdStatus.cpp:
1055         (JSC::PutByIdStatus::computeFromLLInt):
1056         * jit/JITExceptions.cpp:
1057         (JSC::genericThrow): Use ExecutableBase::catchRoutineFor() to fetch
1058             fetch the catch routine for a thrown exception.  This will allow
1059             us to redefine that for the C loop later, and still keep this
1060             code readable.
1061         * llint/LLIntOfflineAsmConfig.h: Moved ASM macros to
1062             LowLevelInterpreter.cpp which is the only place they are used. This
1063             will make it more convenient to redefine them for the C loop later.
1064         * llint/LLIntSlowPaths.cpp:
1065         (JSC::LLInt::setUpCall): Use ExecutableBase's hostCodeEntry()
1066             jsCodeEntryFor(), and jsCodeWithArityCheckEntryFor() for computing
1067             the entry points to functions being called.
1068         * llint/LLIntSlowPaths.h:
1069         (SlowPathReturnType):
1070         (JSC::LLInt::encodeResult):
1071         (LLInt):
1072         (JSC::LLInt::decodeResult): Added.  Needed by LLInt C Loop later.
1073         * llint/LowLevelInterpreter.asm:
1074         * llint/LowLevelInterpreter.cpp:
1075         * llint/LowLevelInterpreter32_64.asm:
1076         * llint/LowLevelInterpreter64.asm:
1077         * offlineasm/asm.rb: Disambiguate between opcodes and other labels.
1078         * offlineasm/config.rb:
1079         * runtime/Executable.h:
1080         (JSC::ExecutableBase::hostCodeEntryFor): Added.
1081         (ExecutableBase):
1082         (JSC::ExecutableBase::jsCodeEntryFor): Added.
1083         (JSC::ExecutableBase::jsCodeWithArityCheckEntryFor): Added.
1084         (JSC::ExecutableBase::catchRoutineFor): Added.
1085         * runtime/JSValueInlineMethods.h:
1086         (JSC):
1087
1088 2012-08-31  Tony Chang  <tony@chromium.org>
1089
1090         Remove ENABLE_CSS3_FLEXBOX compile time flag
1091         https://bugs.webkit.org/show_bug.cgi?id=95382
1092
1093         Reviewed by Ojan Vafai.
1094
1095         Everyone is already enabling this by default and the spec has stablized.
1096
1097         * Configurations/FeatureDefines.xcconfig:
1098
1099 2012-08-31  Geoffrey Garen  <ggaren@apple.com>
1100
1101         Not reviewed.
1102
1103         Rolled out http://trac.webkit.org/changeset/127293 because it broke
1104         inspector tests on Windows.
1105
1106             Shrink activation objects by half
1107             https://bugs.webkit.org/show_bug.cgi?id=95591
1108
1109             Reviewed by Sam Weinig.
1110
1111 2012-08-31  Geoffrey Garen  <ggaren@apple.com>
1112
1113         Shrink activation objects by half
1114         https://bugs.webkit.org/show_bug.cgi?id=95591
1115
1116         Reviewed by Sam Weinig.
1117
1118         Removed the global object, global data, and global this pointers from
1119         JSScope, and changed an int to a bitfield. This gets the JSActivation
1120         class down to 64 bytes, which in practice cuts it in half by getting it
1121         out of the 128 byte size class.
1122
1123         Now, it's one extra indirection to get these pointers. These pointers
1124         aren't accessed by JIT code, so I thought there would be no cost to the
1125         extra indirection. However, some C++-heavy SunSpider tests regressed a
1126         bit in an early version of the patch, which added even more indirection.
1127         This suggests that calls to exec->globalData() and/or exec->lexicalGlobalObject()
1128         are common and probably duplicated in lots of places, and could stand
1129         further optimization in C++.
1130
1131         * dfg/DFGAbstractState.cpp:
1132         (JSC::DFG::AbstractState::execute): Test against the specific activation
1133         for our global object, since there's no VM-shared activation structure
1134         anymore. This is guaranteed to have the same success rate as the old test
1135         because activation scope is fixed at compile time.
1136
1137         * heap/MarkedBlock.cpp:
1138         (JSC::MarkedBlock::MarkedBlock):
1139         * heap/MarkedBlock.h:
1140         (JSC::MarkedBlock::globalData):
1141         * heap/WeakSet.cpp:
1142         (JSC::WeakSet::addAllocator):
1143         * heap/WeakSet.h:
1144         (WeakSet):
1145         (JSC::WeakSet::WeakSet):
1146         (JSC::WeakSet::globalData): Store a JSGlobalData* instead of a Heap*
1147         because JSGlobalData->Heap is just a constant fold in the addressing
1148         mode, while Heap->JSGlobalData is an extra pointer dereference. (These
1149         objects should eventually just merge.)
1150
1151         * jit/JITOpcodes.cpp:
1152         (JSC::JIT::emit_op_resolve_global_dynamic): See DFGAbstractState.cpp.
1153
1154         * llint/LowLevelInterpreter32_64.asm:
1155         * llint/LowLevelInterpreter64.asm: Load the activation structure from
1156         the code block instead of the global data because the structure is not
1157         VM-shared anymore. (See DFGAbstractState.cpp.)
1158
1159         * runtime/JSActivation.cpp:
1160         (JSC::JSActivation::JSActivation):
1161         * runtime/JSActivation.h:
1162         (JSActivation): This is the point of the patch: Remove the data.
1163
1164         * runtime/JSGlobalData.cpp:
1165         (JSC::JSGlobalData::JSGlobalData):
1166         * runtime/JSGlobalData.h:
1167         (JSGlobalData): No longer VM-shared. (See DFGAbstractState.cpp.)
1168
1169         (JSC::WeakSet::heap): (See WeakSet.h.)
1170
1171         * runtime/JSGlobalObject.cpp:
1172         (JSC::JSGlobalObject::JSGlobalObject):
1173         (JSC::JSGlobalObject::setGlobalThis):
1174         (JSC::JSGlobalObject::reset):
1175         (JSC::JSGlobalObject::visitChildren):
1176         * runtime/JSGlobalObject.h:
1177         (JSGlobalObject):
1178         (JSC::JSGlobalObject::withScopeStructure):
1179         (JSC::JSGlobalObject::strictEvalActivationStructure):
1180         (JSC::JSGlobalObject::activationStructure):
1181         (JSC::JSGlobalObject::nameScopeStructure):
1182         (JSC::JSScope::globalThis):
1183         (JSC::JSGlobalObject::globalThis): Data that used to be in the JSScope
1184         class goes here now, so it's not duplicated across all activations.
1185
1186         * runtime/JSNameScope.h:
1187         (JSC::JSNameScope::JSNameScope):
1188         * runtime/JSScope.cpp:
1189         (JSC::JSScope::visitChildren): This is the point of the patch: Remove the data.
1190
1191         * runtime/JSScope.h:
1192         (JSScope):
1193         (JSC::JSScope::JSScope):
1194         (JSC::JSScope::globalObject):
1195         (JSC::JSScope::globalData):
1196         * runtime/JSSegmentedVariableObject.h:
1197         (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
1198         * runtime/JSSymbolTableObject.h:
1199         (JSC::JSSymbolTableObject::JSSymbolTableObject):
1200         * runtime/JSVariableObject.h:
1201         (JSC::JSVariableObject::JSVariableObject):
1202         * runtime/JSWithScope.h:
1203         (JSC::JSWithScope::JSWithScope):
1204         * runtime/StrictEvalActivation.cpp:
1205         (JSC::StrictEvalActivation::StrictEvalActivation): Simplified now that
1206         we don't need to pass so much data to JSScope.
1207
1208 2012-08-31  Patrick Gansterer  <paroga@webkit.org>
1209
1210         Build fix for WinCE after r127191.
1211
1212         * bytecode/JumpTable.h:
1213
1214 2012-08-30  Filip Pizlo  <fpizlo@apple.com>
1215
1216         ASSERTION FAILURE in JSC::JSGlobalData::float32ArrayDescriptor when running fast/js/dfg-float64array.html
1217         https://bugs.webkit.org/show_bug.cgi?id=95398
1218
1219         Reviewed by Mark Hahnenberg.
1220
1221         Trying to get the build failure to be a bit more informative.
1222
1223         * runtime/JSGlobalData.h:
1224         (JSGlobalData):
1225
1226 2012-08-30  Geoffrey Garen  <ggaren@apple.com>
1227
1228         Try to fix the Qt build: add some #includes that, for some reason, only the Qt linker requires.
1229
1230         * runtime/BooleanObject.cpp:
1231         * runtime/ErrorInstance.cpp:
1232         * runtime/NameInstance.cpp:
1233
1234 2012-08-30  Geoffrey Garen  <ggaren@apple.com>
1235
1236         Fix the Qt build: Removed a now-dead variable.
1237
1238         * interpreter/Interpreter.cpp:
1239         (JSC::Interpreter::execute):
1240
1241 2012-08-30  Benjamin Poulain  <bpoulain@apple.com>
1242
1243         Ambiguous operator[]  after r127191 on some compiler
1244         https://bugs.webkit.org/show_bug.cgi?id=95509
1245
1246         Reviewed by Simon Fraser.
1247
1248         On some compilers, the operator[] conflicts with the Obj-C++ operators. This attempts to solve
1249         the issue.
1250
1251         * runtime/JSString.h:
1252         (JSC::jsSingleCharacterSubstring):
1253         (JSC::jsString):
1254         (JSC::jsSubstring8):
1255         (JSC::jsSubstring):
1256         (JSC::jsOwnedString):
1257
1258 2012-08-30  Geoffrey Garen  <ggaren@apple.com>
1259
1260         Try to fix the Qt build: Remove the inline keyword at the declaration
1261         site. 
1262
1263         The Qt compiler seems to be confused, complaining about these functions
1264         not being defined in a translation unit, even though no generated code
1265         in the unit calls these functions. Maybe removing the keyword at the
1266         declaration site will change its mind.
1267
1268         This shouldn't change the inlining decision at all: the definition is
1269         still inline.
1270
1271         * interpreter/CallFrame.h:
1272         (ExecState):
1273
1274 2012-08-30  Geoffrey Garen  <ggaren@apple.com>
1275
1276         Undo Qt build fix guess, since it breaks other builds.
1277
1278         * runtime/JSArray.h:
1279
1280 2012-08-30  Geoffrey Garen  <ggaren@apple.com>
1281
1282         Try to fix the Qt build: add an #include to JSArray.h, since
1283         it's included by some of the files Qt complains about, and
1284         some of is functions call the functions Qt complains about.
1285
1286         * runtime/JSArray.h:
1287
1288 2012-08-30  Geoffrey Garen  <ggaren@apple.com>
1289
1290         Second step toward fixing the Windows build: Add new symbols.
1291
1292         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1293
1294 2012-08-30  Geoffrey Garen  <ggaren@apple.com>
1295
1296         Try to fix the Qt build: add an #include.
1297
1298         * bytecode/GetByIdStatus.cpp:
1299
1300 2012-08-30  Geoffrey Garen  <ggaren@apple.com>
1301
1302         First step toward fixing the Windows build: Remove old symbols.
1303
1304         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1305
1306 2012-08-30  Geoffrey Garen  <ggaren@apple.com>
1307
1308         Use one object instead of two for closures, eliminating ScopeChainNode
1309         https://bugs.webkit.org/show_bug.cgi?id=95501
1310
1311         Reviewed by Filip Pizlo.
1312
1313         This patch removes ScopeChainNode, and moves all the data and related
1314         functions that used to be in ScopeChainNode into JSScope.
1315
1316         Most of this patch is mechanical changes to use a JSScope* where we used
1317         to use a ScopeChainNode*. I've only specifically commented about items
1318         that were non-mechanical.
1319
1320         * runtime/Completion.cpp:
1321         (JSC::evaluate):
1322         * runtime/Completion.h: Don't require an explicit scope chain argument
1323         when evaluating code. Clients never wanted anything other than the
1324         global scope, and other arbitrary scopes probably wouldn't work
1325         correctly, anyway.
1326
1327         * runtime/JSScope.cpp:
1328         * runtime/JSScope.h:
1329         (JSC::JSScope::JSScope): JSScope now requires the data we used to pass to
1330         ScopeChainNode, so it can link itself into the scope chain correctly.
1331
1332         * runtime/JSWithScope.h:
1333         (JSC::JSWithScope::create):
1334         (JSC::JSWithScope::JSWithScope): JSWithScope gets an extra constructor
1335         for specifically supplying your own scope chain. The DOM needs this
1336         interface for setting up the scope chain for certain event handlers.
1337         Other clients always just push the JSWithScope to the head of the current
1338         scope chain.
1339
1340 2012-08-30  Mark Lam  <mark.lam@apple.com>
1341
1342         Render unto #ifdef's that which belong to them.
1343         https://bugs.webkit.org/show_bug.cgi?id=95482.
1344
1345         Reviewed by Filip Pizlo.
1346
1347         Refining / disambiguating between #ifdefs and adding some. For
1348         example, ENABLE(JIT) is conflated with ENABLE(LLINT) in some places.
1349         Also, we need to add ENABLE(COMPUTED_GOTO_OPCODES) to indicate that we
1350         want interpreted opcodes to use COMPUTED GOTOs apart from ENABLE(LLINT)
1351         and ENABLE(COMPUTED_GOTO_CLASSIC_INTERPRETER). Also cleaned up #ifdefs
1352         in certain places which were previously incorrect.
1353
1354         * bytecode/CodeBlock.cpp:
1355         (JSC):
1356         (JSC::CodeBlock::bytecodeOffset):
1357         * bytecode/CodeBlock.h:
1358         (CodeBlock):
1359         * bytecode/Opcode.h:
1360         (JSC::padOpcodeName):
1361         * config.h:
1362         * dfg/DFGOperations.cpp:
1363         * interpreter/AbstractPC.cpp:
1364         (JSC::AbstractPC::AbstractPC):
1365         * interpreter/CallFrame.h:
1366         (ExecState):
1367         * interpreter/Interpreter.cpp:
1368         (JSC::Interpreter::~Interpreter):
1369         (JSC::Interpreter::initialize):
1370         (JSC::Interpreter::isOpcode):
1371         (JSC::Interpreter::unwindCallFrame):
1372         (JSC::getLineNumberForCallFrame):
1373         (JSC::getCallerInfo):
1374         (JSC::Interpreter::execute):
1375         (JSC::Interpreter::executeCall):
1376         (JSC::Interpreter::executeConstruct):
1377         (JSC::Interpreter::privateExecute):
1378         * interpreter/Interpreter.h:
1379         (JSC::Interpreter::getOpcode):
1380         (JSC::Interpreter::getOpcodeID):
1381         (Interpreter):
1382         * jit/HostCallReturnValue.h:
1383         * jit/JITCode.h:
1384         (JITCode):
1385         * jit/JITExceptions.cpp:
1386         * jit/JITExceptions.h:
1387         * jit/JSInterfaceJIT.h:
1388         * llint/LLIntData.h:
1389         (JSC::LLInt::getOpcode):
1390         * llint/LLIntEntrypoints.cpp:
1391         (JSC::LLInt::getFunctionEntrypoint):
1392         (JSC::LLInt::getEvalEntrypoint):
1393         (JSC::LLInt::getProgramEntrypoint):
1394         * llint/LLIntOffsetsExtractor.cpp:
1395         (JSC::LLIntOffsetsExtractor::dummy):
1396         * llint/LLIntSlowPaths.cpp:
1397         (LLInt):
1398         * runtime/JSGlobalData.cpp:
1399         (JSC):
1400
1401 2012-08-30  JungJik Lee  <jungjik.lee@samsung.com>
1402
1403         [EFL][WK2] Add WebMemorySampler feature.
1404         https://bugs.webkit.org/show_bug.cgi?id=91214
1405
1406         Reviewed by Kenneth Rohde Christiansen.
1407
1408         WebMemorySampler collects Javascript stack and JIT memory usage in globalMemoryStatistics.
1409
1410         * PlatformEfl.cmake:
1411
1412 2012-08-30  Benjamin Poulain  <bpoulain@apple.com>
1413
1414         Replace JSC::UString by WTF::String
1415         https://bugs.webkit.org/show_bug.cgi?id=95271
1416
1417         Reviewed by Geoffrey Garen.
1418
1419         Having JSC::UString and WTF::String increase the complexity of working on WebKit, and
1420         add useless conversions in the bindings. It also cause some code bloat.
1421
1422         The performance advantages of UString have been ported over in previous patches. This patch
1423         is the last step: getting rid of UString.
1424
1425         In addition to the simplified code, this also reduce the binary size by 15kb on x86_64.
1426
1427         * API/OpaqueJSString.cpp:
1428         (OpaqueJSString::ustring):
1429         * runtime/Identifier.h:
1430         (JSC::Identifier::ustring):
1431         To avoid changing everything at once, the function named ustring() were kept as is. They
1432         will be renamed in a follow up patch.
1433
1434         * runtime/JSString.h:
1435         (JSC::JSString::string):
1436         (JSC::JSValue::toWTFString):
1437         (JSC::inlineJSValueNotStringtoString):
1438         (JSC::JSValue::toWTFStringInline):
1439         Since JSValue::toString() already exist (and return the JSString), the direct accessor is renamed
1440         to ::toWTFString(). We may change ::string() to ::jsString() and ::toWTFString() to ::toString()
1441         in the future.
1442
1443         * runtime/StringPrototype.cpp:
1444         (JSC::substituteBackreferencesSlow): Replace the use of UString::getCharacters<>() by String::getCharactersWithUpconvert<>().
1445
1446 2012-08-24  Mark Hahnenberg  <mhahnenberg@apple.com>
1447
1448         Remove uses of ClassInfo in StrictEq and CompareEq in the DFG
1449         https://bugs.webkit.org/show_bug.cgi?id=93401
1450
1451         Reviewed by Filip Pizlo.
1452
1453         Another incremental step in removing the dependence on ClassInfo pointers in object headers.
1454
1455         * bytecode/SpeculatedType.h:
1456         (JSC::isCellOrOtherSpeculation):
1457         (JSC):
1458         * dfg/DFGAbstractState.cpp: Updated the CFA to reflect the changes to the backend.
1459         (JSC::DFG::AbstractState::execute):
1460         * dfg/DFGNode.h:
1461         (Node):
1462         (JSC::DFG::Node::shouldSpeculateString): Added this new function since it was conspicuously absent.
1463         (JSC::DFG::Node::shouldSpeculateNonStringCellOrOther): Also add this function for use in the CFA.
1464         * dfg/DFGSpeculativeJIT.cpp: Refactored how we handle CompareEq and CompareStrictEq in the DFG. We now just 
1465         check for Strings by comparing the object's Structure to the global Structure for strings. We only 
1466         check for MasqueradesAsUndefined if the watchpoint has fired. These changes allow us to remove our 
1467         uses of the ClassInfo pointer for compiling these nodes.
1468         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
1469         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
1470         (JSC::DFG::SpeculativeJIT::compare):
1471         (JSC::DFG::SpeculativeJIT::compileStrictEq):
1472         * dfg/DFGSpeculativeJIT.h:
1473         (SpeculativeJIT):
1474         * dfg/DFGSpeculativeJIT32_64.cpp: Same changes for 32 bit as for 64 bit.
1475         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
1476         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
1477         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
1478         * dfg/DFGSpeculativeJIT64.cpp:
1479         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
1480         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
1481         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
1482
1483 2012-08-30  Yong Li  <yoli@rim.com>
1484
1485         [BlackBerry] Implement IncrementalSweeper for PLATFORM(BLACKBERRY)
1486         https://bugs.webkit.org/show_bug.cgi?id=95469
1487
1488         Reviewed by Rob Buis.
1489
1490         RIM PR# 200595.
1491         Share most code with USE(CF) and implement timer-related methods
1492         for PLATFORM(BLACKBERRY).
1493
1494         * heap/IncrementalSweeper.cpp:
1495         (JSC):
1496         (JSC::IncrementalSweeper::IncrementalSweeper):
1497         (JSC::IncrementalSweeper::create):
1498         (JSC::IncrementalSweeper::scheduleTimer):
1499         (JSC::IncrementalSweeper::cancelTimer):
1500         (JSC::IncrementalSweeper::doSweep):
1501         * heap/IncrementalSweeper.h:
1502         (IncrementalSweeper):
1503
1504 2012-08-30  Mark Lam  <mark.lam@apple.com>
1505
1506         Fix broken classic intrpreter build.
1507         https://bugs.webkit.org/show_bug.cgi?id=95484.
1508
1509         Reviewed by Filip Pizlo.
1510
1511         * interpreter/Interpreter.cpp:
1512         (JSC::Interpreter::privateExecute):
1513
1514 2012-08-30  Byungwoo Lee  <bw80.lee@samsung.com>
1515
1516         Build warning : -Wsign-compare on DFGByteCodeParser.cpp.
1517         https://bugs.webkit.org/show_bug.cgi?id=95418
1518
1519         Reviewed by Filip Pizlo.
1520
1521         There is a build warning '-Wsign-compare' on
1522         findArgumentPositionForLocal() in DFGByteCodeParser.cpp.
1523
1524         For removing this warning, casting statement is added explicitly.
1525
1526         * dfg/DFGByteCodeParser.cpp:
1527         (JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
1528         (JSC::DFG::ByteCodeParser::findArgumentPosition):
1529
1530 2012-08-30  Yong Li  <yoli@rim.com>
1531
1532         [BlackBerry] Set timer client on platform timer used in HeapTimer
1533         https://bugs.webkit.org/show_bug.cgi?id=95464
1534
1535         Reviewed by Rob Buis.
1536
1537         Otherwise the timer won't work.
1538
1539         * heap/HeapTimer.cpp:
1540         (JSC::HeapTimer::HeapTimer):
1541
1542 2012-08-30  Julien BRIANCEAU   <jbrianceau@nds.com>
1543
1544         [sh4] Add missing implementation for JavaScriptCore JIT
1545         https://bugs.webkit.org/show_bug.cgi?id=95452
1546
1547         Reviewed by Oliver Hunt.
1548
1549         * assembler/MacroAssemblerSH4.h:
1550         (JSC::MacroAssemblerSH4::isCompactPtrAlignedAddressOffset):
1551         (MacroAssemblerSH4):
1552         (JSC::MacroAssemblerSH4::add32):
1553         (JSC::MacroAssemblerSH4::convertibleLoadPtr):
1554         * assembler/SH4Assembler.h:
1555         (JSC::SH4Assembler::labelIgnoringWatchpoints):
1556         (SH4Assembler):
1557         (JSC::SH4Assembler::replaceWithLoad):
1558         (JSC::SH4Assembler::replaceWithAddressComputation):
1559
1560 2012-08-30  Charles Wei  <charles.wei@torchmobile.com.cn>
1561
1562         [BlackBerry] Eliminate build warnings
1563         https://bugs.webkit.org/show_bug.cgi?id=95338
1564
1565         Reviewed by Filip Pizlo.
1566
1567         static_cast to the same type to eliminate the build time warnings.
1568
1569         * assembler/AssemblerBufferWithConstantPool.h:
1570         (JSC::AssemblerBufferWithConstantPool::flushWithoutBarrier):
1571         * assembler/MacroAssemblerARM.h:
1572         (JSC::MacroAssemblerARM::branch32):
1573
1574 2012-08-29  Mark Hahnenberg  <mhahnenberg@apple.com>
1575
1576         Remove use of ClassInfo from compileGetByValOnArguments and compileGetArgumentsLength
1577         https://bugs.webkit.org/show_bug.cgi?id=95131
1578
1579         Reviewed by Filip Pizlo.
1580
1581         * dfg/DFGSpeculativeJIT.cpp:
1582         (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments): We don't need this speculation check. We can replace it 
1583         with an assert to guarantee this.
1584
1585 2012-08-29  Mark Lam  <mark.lam@apple.com>
1586
1587         Refactoring LLInt::Data.
1588         https://bugs.webkit.org/show_bug.cgi?id=95316.
1589
1590         Reviewed by Geoff Garen.
1591
1592         This change allows its opcodeMap to be easily queried from any function
1593         without needing to go through a GlobalData object.  It also introduces
1594         the LLInt::getCodePtr() methods that will be used by the LLInt C loop
1595         later to redefine how llint symbols (opcodes and trampoline glue
1596         labels) get resolved.
1597
1598         * assembler/MacroAssemblerCodeRef.h:
1599         (MacroAssemblerCodePtr):
1600         (JSC::MacroAssemblerCodePtr::createLLIntCodePtr):
1601         (MacroAssemblerCodeRef):
1602         (JSC::MacroAssemblerCodeRef::createLLIntCodeRef):
1603         * bytecode/CodeBlock.cpp:
1604         (JSC::CodeBlock::adjustPCIfAtCallSite):
1605         (JSC::CodeBlock::bytecodeOffset):
1606         * bytecode/Opcode.h:
1607             Remove the 'const' to simplify things and avoid having to do
1608             additional casts and #ifdefs in many places.
1609         * bytecode/ResolveGlobalStatus.cpp:
1610         (JSC::computeForLLInt):
1611         * bytecompiler/BytecodeGenerator.cpp:
1612         (JSC::BytecodeGenerator::generate):
1613         * interpreter/Interpreter.cpp:
1614         (JSC::Interpreter::initialize):
1615         * interpreter/Interpreter.h:
1616         (Interpreter):
1617         * jit/JITExceptions.cpp:
1618         (JSC::genericThrow):
1619         * llint/LLIntData.cpp:
1620         (LLInt):
1621         (JSC::LLInt::initialize):
1622         * llint/LLIntData.h:
1623         (JSC):
1624         (LLInt):
1625         (Data):
1626         (JSC::LLInt::exceptionInstructions):
1627         (JSC::LLInt::opcodeMap):
1628         (JSC::LLInt::getOpcode):
1629         (JSC::LLInt::getCodePtr):
1630         (JSC::LLInt::Data::performAssertions):
1631         * llint/LLIntExceptions.cpp:
1632         (JSC::LLInt::returnToThrowForThrownException):
1633         (JSC::LLInt::returnToThrow):
1634         (JSC::LLInt::callToThrow):
1635         * llint/LLIntSlowPaths.cpp:
1636         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1637         (JSC::LLInt::handleHostCall):
1638         * runtime/InitializeThreading.cpp:
1639         (JSC::initializeThreadingOnce): Initialize the singleton LLInt data.
1640         * runtime/JSGlobalData.cpp:
1641         (JSC::JSGlobalData::JSGlobalData):
1642         * runtime/JSGlobalData.h:
1643         (JSGlobalData): Removed the now unneeded LLInt::Data instance in
1644             JSGlobalData.
1645         * runtime/JSValue.h:
1646         (JSValue):
1647
1648 2012-08-29  Gavin Barraclough  <barraclough@apple.com>
1649
1650         PutById uses DataLabel32, not DataLabelCompact
1651         https://bugs.webkit.org/show_bug.cgi?id=95245
1652
1653         Reviewed by Geoff Garen.
1654
1655         JIT::resetPatchPutById calls the the wrong thing on x86-64 – this is moot right now,
1656         since they currently both do the same thing, but if we were to ever make compact mean
1657         8-bit this could be a real problem. Also, relying on the object still being in eax
1658         on entry to the transition stub isn't very robust - added nonArgGPR1 to at least make
1659         this explicit.
1660
1661         * jit/JITPropertyAccess.cpp:
1662         (JSC::JIT::emitSlow_op_put_by_id):
1663             - copy regT0 to nonArgGPR1
1664         (JSC::JIT::privateCompilePutByIdTransition):
1665             - DataLabelCompact -> DataLabel32
1666         (JSC::JIT::resetPatchPutById):
1667             - reload regT0 from nonArgGPR1
1668         * jit/JSInterfaceJIT.h:
1669         (JSInterfaceJIT):
1670             - added nonArgGPR1
1671
1672 2012-08-28  Yong Li  <yoli@rim.com>
1673
1674         ExecutableAllocator should be destructed after Heap
1675         https://bugs.webkit.org/show_bug.cgi?id=95244
1676
1677         Reviewed by Rob Buis.
1678
1679         RIM PR# 199364.
1680         Make ExecutableAllocator the first member in JSGlobalData.
1681         Existing Web Worker tests can show the issue.
1682
1683         * runtime/JSGlobalData.cpp:
1684         (JSC::JSGlobalData::JSGlobalData):
1685         * runtime/JSGlobalData.h:
1686         (JSGlobalData):
1687
1688 2012-08-29  Geoffrey Garen  <ggaren@apple.com>
1689
1690         Try to fix the Windows build.
1691
1692         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export!
1693
1694 2012-08-28  Geoffrey Garen  <ggaren@apple.com>
1695
1696         Introduced JSWithScope, making all scope objects subclasses of JSScope
1697         https://bugs.webkit.org/show_bug.cgi?id=95295
1698
1699         Reviewed by Filip Pizlo.
1700
1701         This is a step toward removing ScopeChainNode. With a uniform representation
1702         for objects in the scope chain, we can move data from ScopeChainNode
1703         into JSScope.
1704
1705         * CMakeLists.txt:
1706         * GNUmakefile.list.am:
1707         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1708         * JavaScriptCore.xcodeproj/project.pbxproj:
1709         * Target.pri: Build!
1710
1711         * interpreter/Interpreter.cpp:
1712         (JSC::Interpreter::privateExecute):
1713         * jit/JITStubs.cpp:
1714         (JSC::DEFINE_STUB_FUNCTION):
1715         * llint/LLIntSlowPaths.cpp:
1716         (JSC::LLInt::LLINT_SLOW_PATH_DECL): Use an explicit JSWithScope object
1717         for 'with' statements. Since 'with' can put any object in the scope
1718         chain, we'll need an adapter object to hold the data ScopeChainNode
1719         currently holds.
1720
1721         (JSGlobalData): Support for JSWithScope.
1722
1723         * runtime/JSScope.cpp:
1724         (JSC::JSScope::objectAtScope):
1725         * runtime/JSScope.h: Check for and unwrap JSWithScope.
1726
1727         * runtime/JSType.h: Support for JSWithScope.
1728
1729         * runtime/StrictEvalActivation.cpp:
1730         (JSC::StrictEvalActivation::StrictEvalActivation):
1731         * runtime/StrictEvalActivation.h:
1732         (StrictEvalActivation): Inherit from JSScope, to make the scope chain uniform.
1733
1734         * runtime/JSWithScope.cpp: Added.
1735         (JSC::JSWithScope::visitChildren):
1736         * runtime/JSWithScope.h: Added.
1737         (JSWithScope):
1738         (JSC::JSWithScope::create):
1739         (JSC::JSWithScope::object):
1740         (JSC::JSWithScope::createStructure):
1741         (JSC::JSWithScope::JSWithScope): New adapter object. Since this object
1742         is never exposed to scripts, it doesn't need any meaningful implementation
1743         of property access or other callbacks.
1744
1745 2012-08-29  Patrick Gansterer  <paroga@webkit.org>
1746
1747         Unreviewed. Build fix for !ENABLE(JIT) after r126962.
1748
1749         * interpreter/Interpreter.cpp:
1750         (JSC::Interpreter::privateExecute):
1751
1752 2012-08-28  Geoffrey Garen  <ggaren@apple.com>
1753
1754         Added JSScope::objectInScope(), and refactored callers to use it
1755         https://bugs.webkit.org/show_bug.cgi?id=95281
1756
1757         Reviewed by Gavin Barraclough.
1758
1759         This is a step toward removing ScopeChainNode. We need a layer of
1760         indirection so that 'with' scopes can proxy for an object.
1761         JSScope::objectInScope() will be that layer.
1762
1763         * bytecode/EvalCodeCache.h:
1764         (JSC::EvalCodeCache::tryGet):
1765         (JSC::EvalCodeCache::getSlow):
1766         * bytecompiler/BytecodeGenerator.cpp:
1767         (JSC::BytecodeGenerator::resolve):
1768         (JSC::BytecodeGenerator::resolveConstDecl): . vs ->
1769
1770         * interpreter/Interpreter.cpp:
1771         (JSC::Interpreter::unwindCallFrame):
1772         (JSC::Interpreter::execute):
1773         * runtime/JSScope.cpp:
1774         (JSC::JSScope::resolve):
1775         (JSC::JSScope::resolveSkip):
1776         (JSC::JSScope::resolveGlobalDynamic):
1777         (JSC::JSScope::resolveBase):
1778         (JSC::JSScope::resolveWithBase):
1779         (JSC::JSScope::resolveWithThis): Added JSScope::objectAtScope() calls.
1780
1781         * runtime/JSScope.h:
1782         (JSScope):
1783         (JSC::JSScope::objectAtScope):
1784         (JSC):
1785         (ScopeChainIterator):
1786         (JSC::ScopeChainIterator::ScopeChainIterator):
1787         (JSC::ScopeChainIterator::get):
1788         (JSC::ScopeChainIterator::operator->):
1789         (JSC::ScopeChainIterator::operator++):
1790         (JSC::ScopeChainIterator::operator==):
1791         (JSC::ScopeChainIterator::operator!=):
1792         (JSC::ScopeChainNode::begin):
1793         (JSC::ScopeChainNode::end): I moved ScopeChainIterator to this file
1794         to resolve a circular #include problem. Eventually, I'll probably rename
1795         it to JSScope::iterator, so I think it belongs here.
1796
1797         * runtime/ScopeChain.cpp:
1798         (JSC::ScopeChainNode::print):
1799         (JSC::ScopeChainNode::localDepth): . vs ->
1800
1801         * runtime/ScopeChain.h:
1802         (ScopeChainNode): I made the 'object' data member private because it's
1803         no longer safe to access -- you need to call JSScope::objectAtScope()
1804         instead.
1805
1806         The JITs need to be friends because of the private declaration.
1807
1808         Subtly, JIT/LLInt code is correct without any changes because JIT/LLInt
1809         code never compiles direct access to a with scope.
1810
1811 2012-08-28  Mark Lam  <mark.lam@apple.com>
1812
1813         Adding support for adding LLInt opcode extensions.  This will be needed
1814         by the LLInt C loop interpreter later.
1815         https://bugs.webkit.org/show_bug.cgi?id=95277.
1816
1817         Reviewed by Geoffrey Garen.
1818
1819         * JavaScriptCore.xcodeproj/project.pbxproj:
1820         * bytecode/Opcode.h:
1821         * llint/LLIntOpcode.h: Added.
1822         * llint/LowLevelInterpreter.h:
1823
1824 2012-08-28  Gavin Barraclough  <barraclough@apple.com>
1825
1826         Rolled out r126928, this broke stuff :'-(
1827
1828         * jit/JITPropertyAccess.cpp:
1829         (JSC::JIT::privateCompilePutByIdTransition):
1830         (JSC::JIT::resetPatchPutById):
1831
1832 2012-08-28  Gavin Barraclough  <barraclough@apple.com>
1833
1834         PutById uses DataLabel32, not DataLabelCompact
1835         https://bugs.webkit.org/show_bug.cgi?id=95245
1836
1837         Reviewed by Geoff Garen.
1838
1839         JIT::resetPatchPutById calls the the wrong thing on x86-64 – this is moot right now,
1840         since they currently both do the same thing, but if we were to ever make compact mean
1841         8-bit this could be a real problem. Also, don't rely on the object still being in eax
1842         on entry to the transition stub – this isn't very robust.
1843
1844         * jit/JITPropertyAccess.cpp:
1845         (JSC::JIT::privateCompilePutByIdTransition):
1846             - DataLabelCompact -> DataLabel32
1847         (JSC::JIT::resetPatchPutById):
1848             - reload regT0 from the stack
1849
1850 2012-08-28  Sheriff Bot  <webkit.review.bot@gmail.com>
1851
1852         Unreviewed, rolling out r126914.
1853         http://trac.webkit.org/changeset/126914
1854         https://bugs.webkit.org/show_bug.cgi?id=95239
1855
1856         it breaks everything and fixes nothing (Requested by pizlo on
1857         #webkit).
1858
1859         * API/JSCallbackObject.h:
1860         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
1861         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
1862         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
1863         * API/JSCallbackObjectFunctions.h:
1864         (JSC::::getOwnPropertyNames):
1865         * API/JSClassRef.cpp:
1866         (OpaqueJSClass::~OpaqueJSClass):
1867         (OpaqueJSClassContextData::OpaqueJSClassContextData):
1868         (OpaqueJSClass::contextData):
1869         * bytecode/CodeBlock.cpp:
1870         (JSC::CodeBlock::dump):
1871         (JSC::EvalCodeCache::visitAggregate):
1872         (JSC::CodeBlock::nameForRegister):
1873         * bytecode/JumpTable.h:
1874         (JSC::StringJumpTable::offsetForValue):
1875         (JSC::StringJumpTable::ctiForValue):
1876         * bytecode/LazyOperandValueProfile.cpp:
1877         (JSC::LazyOperandValueProfileParser::getIfPresent):
1878         * bytecode/SamplingTool.cpp:
1879         (JSC::SamplingTool::dump):
1880         * bytecompiler/BytecodeGenerator.cpp:
1881         (JSC::BytecodeGenerator::addVar):
1882         (JSC::BytecodeGenerator::addGlobalVar):
1883         (JSC::BytecodeGenerator::addConstant):
1884         (JSC::BytecodeGenerator::addConstantValue):
1885         (JSC::BytecodeGenerator::emitLoad):
1886         (JSC::BytecodeGenerator::addStringConstant):
1887         (JSC::BytecodeGenerator::emitLazyNewFunction):
1888         * bytecompiler/NodesCodegen.cpp:
1889         (JSC::PropertyListNode::emitBytecode):
1890         * debugger/Debugger.cpp:
1891         * dfg/DFGArgumentsSimplificationPhase.cpp:
1892         (JSC::DFG::ArgumentsSimplificationPhase::run):
1893         (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
1894         (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
1895         (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
1896         (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
1897         * dfg/DFGAssemblyHelpers.cpp:
1898         (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
1899         * dfg/DFGByteCodeCache.h:
1900         (JSC::DFG::ByteCodeCache::~ByteCodeCache):
1901         (JSC::DFG::ByteCodeCache::get):
1902         * dfg/DFGByteCodeParser.cpp:
1903         (JSC::DFG::ByteCodeParser::cellConstant):
1904         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1905         * dfg/DFGStructureCheckHoistingPhase.cpp:
1906         (JSC::DFG::StructureCheckHoistingPhase::run):
1907         (JSC::DFG::StructureCheckHoistingPhase::noticeStructureCheck):
1908         (JSC::DFG::StructureCheckHoistingPhase::noticeClobber):
1909         * heap/Heap.cpp:
1910         (JSC::Heap::markProtectedObjects):
1911         * heap/Heap.h:
1912         (JSC::Heap::forEachProtectedCell):
1913         * heap/JITStubRoutineSet.cpp:
1914         (JSC::JITStubRoutineSet::markSlow):
1915         (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
1916         * heap/MarkStack.cpp:
1917         (JSC::MarkStack::internalAppend):
1918         * heap/Weak.h:
1919         (JSC::weakRemove):
1920         * jit/JIT.cpp:
1921         (JSC::JIT::privateCompile):
1922         * jit/JITStubs.cpp:
1923         (JSC::JITThunks::ctiStub):
1924         * parser/Parser.cpp:
1925         (JSC::::parseStrictObjectLiteral):
1926         * profiler/Profile.cpp:
1927         (JSC::functionNameCountPairComparator):
1928         (JSC::Profile::debugPrintDataSampleStyle):
1929         * runtime/Identifier.cpp:
1930         (JSC::Identifier::add):
1931         * runtime/JSActivation.cpp:
1932         (JSC::JSActivation::getOwnPropertyNames):
1933         (JSC::JSActivation::symbolTablePutWithAttributes):
1934         * runtime/JSArray.cpp:
1935         (JSC::SparseArrayValueMap::put):
1936         (JSC::SparseArrayValueMap::putDirect):
1937         (JSC::SparseArrayValueMap::visitChildren):
1938         (JSC::JSArray::enterDictionaryMode):
1939         (JSC::JSArray::defineOwnNumericProperty):
1940         (JSC::JSArray::getOwnPropertySlotByIndex):
1941         (JSC::JSArray::getOwnPropertyDescriptor):
1942         (JSC::JSArray::putByIndexBeyondVectorLength):
1943         (JSC::JSArray::putDirectIndexBeyondVectorLength):
1944         (JSC::JSArray::deletePropertyByIndex):
1945         (JSC::JSArray::getOwnPropertyNames):
1946         (JSC::JSArray::setLength):
1947         (JSC::JSArray::sort):
1948         (JSC::JSArray::compactForSorting):
1949         (JSC::JSArray::checkConsistency):
1950         * runtime/JSSymbolTableObject.cpp:
1951         (JSC::JSSymbolTableObject::getOwnPropertyNames):
1952         * runtime/JSSymbolTableObject.h:
1953         (JSC::symbolTableGet):
1954         (JSC::symbolTablePut):
1955         (JSC::symbolTablePutWithAttributes):
1956         * runtime/RegExpCache.cpp:
1957         (JSC::RegExpCache::invalidateCode):
1958         * runtime/WeakGCMap.h:
1959         (JSC::WeakGCMap::clear):
1960         (JSC::WeakGCMap::set):
1961         * tools/ProfileTreeNode.h:
1962         (JSC::ProfileTreeNode::sampleChild):
1963         (JSC::ProfileTreeNode::childCount):
1964         (JSC::ProfileTreeNode::dumpInternal):
1965         (JSC::ProfileTreeNode::compareEntries):
1966
1967 2012-08-28  Filip Pizlo  <fpizlo@apple.com>
1968
1969         LLInt should not rely on ordering of global labels
1970         https://bugs.webkit.org/show_bug.cgi?id=95221
1971
1972         Reviewed by Oliver Hunt.
1973
1974         * llint/LowLevelInterpreter.asm:
1975         * llint/LowLevelInterpreter32_64.asm:
1976         * llint/LowLevelInterpreter64.asm:
1977
1978 2012-08-28  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>
1979
1980         Rename first/second to key/value in HashMap iterators
1981         https://bugs.webkit.org/show_bug.cgi?id=82784
1982
1983         Reviewed by Eric Seidel.
1984
1985         * API/JSCallbackObject.h:
1986         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
1987         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
1988         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
1989         * API/JSCallbackObjectFunctions.h:
1990         (JSC::::getOwnPropertyNames):
1991         * API/JSClassRef.cpp:
1992         (OpaqueJSClass::~OpaqueJSClass):
1993         (OpaqueJSClassContextData::OpaqueJSClassContextData):
1994         (OpaqueJSClass::contextData):
1995         * bytecode/CodeBlock.cpp:
1996         (JSC::CodeBlock::dump):
1997         (JSC::EvalCodeCache::visitAggregate):
1998         (JSC::CodeBlock::nameForRegister):
1999         * bytecode/JumpTable.h:
2000         (JSC::StringJumpTable::offsetForValue):
2001         (JSC::StringJumpTable::ctiForValue):
2002         * bytecode/LazyOperandValueProfile.cpp:
2003         (JSC::LazyOperandValueProfileParser::getIfPresent):
2004         * bytecode/SamplingTool.cpp:
2005         (JSC::SamplingTool::dump):
2006         * bytecompiler/BytecodeGenerator.cpp:
2007         (JSC::BytecodeGenerator::addVar):
2008         (JSC::BytecodeGenerator::addGlobalVar):
2009         (JSC::BytecodeGenerator::addConstant):
2010         (JSC::BytecodeGenerator::addConstantValue):
2011         (JSC::BytecodeGenerator::emitLoad):
2012         (JSC::BytecodeGenerator::addStringConstant):
2013         (JSC::BytecodeGenerator::emitLazyNewFunction):
2014         * bytecompiler/NodesCodegen.cpp:
2015         (JSC::PropertyListNode::emitBytecode):
2016         * debugger/Debugger.cpp:
2017         * dfg/DFGArgumentsSimplificationPhase.cpp:
2018         (JSC::DFG::ArgumentsSimplificationPhase::run):
2019         (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
2020         (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
2021         (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
2022         (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
2023         * dfg/DFGAssemblyHelpers.cpp:
2024         (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
2025         * dfg/DFGByteCodeCache.h:
2026         (JSC::DFG::ByteCodeCache::~ByteCodeCache):
2027         (JSC::DFG::ByteCodeCache::get):
2028         * dfg/DFGByteCodeParser.cpp:
2029         (JSC::DFG::ByteCodeParser::cellConstant):
2030         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2031         * dfg/DFGStructureCheckHoistingPhase.cpp:
2032         (JSC::DFG::StructureCheckHoistingPhase::run):
2033         (JSC::DFG::StructureCheckHoistingPhase::noticeStructureCheck):
2034         (JSC::DFG::StructureCheckHoistingPhase::noticeClobber):
2035         * heap/Heap.cpp:
2036         (JSC::Heap::markProtectedObjects):
2037         * heap/Heap.h:
2038         (JSC::Heap::forEachProtectedCell):
2039         * heap/JITStubRoutineSet.cpp:
2040         (JSC::JITStubRoutineSet::markSlow):
2041         (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
2042         * heap/MarkStack.cpp:
2043         (JSC::MarkStack::internalAppend):
2044         * heap/Weak.h:
2045         (JSC::weakRemove):
2046         * jit/JIT.cpp:
2047         (JSC::JIT::privateCompile):
2048         * jit/JITStubs.cpp:
2049         (JSC::JITThunks::ctiStub):
2050         * parser/Parser.cpp:
2051         (JSC::::parseStrictObjectLiteral):
2052         * profiler/Profile.cpp:
2053         (JSC::functionNameCountPairComparator):
2054         (JSC::Profile::debugPrintDataSampleStyle):
2055         * runtime/Identifier.cpp:
2056         (JSC::Identifier::add):
2057         * runtime/JSActivation.cpp:
2058         (JSC::JSActivation::getOwnPropertyNames):
2059         (JSC::JSActivation::symbolTablePutWithAttributes):
2060         * runtime/JSArray.cpp:
2061         (JSC::SparseArrayValueMap::put):
2062         (JSC::SparseArrayValueMap::putDirect):
2063         (JSC::SparseArrayValueMap::visitChildren):
2064         (JSC::JSArray::enterDictionaryMode):
2065         (JSC::JSArray::defineOwnNumericProperty):
2066         (JSC::JSArray::getOwnPropertySlotByIndex):
2067         (JSC::JSArray::getOwnPropertyDescriptor):
2068         (JSC::JSArray::putByIndexBeyondVectorLength):
2069         (JSC::JSArray::putDirectIndexBeyondVectorLength):
2070         (JSC::JSArray::deletePropertyByIndex):
2071         (JSC::JSArray::getOwnPropertyNames):
2072         (JSC::JSArray::setLength):
2073         (JSC::JSArray::sort):
2074         (JSC::JSArray::compactForSorting):
2075         (JSC::JSArray::checkConsistency):
2076         * runtime/JSSymbolTableObject.cpp:
2077         (JSC::JSSymbolTableObject::getOwnPropertyNames):
2078         * runtime/JSSymbolTableObject.h:
2079         (JSC::symbolTableGet):
2080         (JSC::symbolTablePut):
2081         (JSC::symbolTablePutWithAttributes):
2082         * runtime/RegExpCache.cpp:
2083         (JSC::RegExpCache::invalidateCode):
2084         * runtime/WeakGCMap.h:
2085         (JSC::WeakGCMap::clear):
2086         (JSC::WeakGCMap::set):
2087         * tools/ProfileTreeNode.h:
2088         (JSC::ProfileTreeNode::sampleChild):
2089         (JSC::ProfileTreeNode::childCount):
2090         (JSC::ProfileTreeNode::dumpInternal):
2091         (JSC::ProfileTreeNode::compareEntries):
2092
2093 2012-08-28  Geoffrey Garen  <ggaren@apple.com>
2094
2095         GCC warning in JSActivation is causing Mac EWS errors
2096         https://bugs.webkit.org/show_bug.cgi?id=95103
2097
2098         Reviewed by Sam Weinig.
2099
2100         Try to fix a strict aliasing violation by using bitwise_cast. The
2101         union in the cast should signal to the compiler that aliasing between
2102         types is happening.
2103
2104         * runtime/JSActivation.cpp:
2105         (JSC::JSActivation::visitChildren):
2106
2107 2012-08-28  Geoffrey Garen  <ggaren@apple.com>
2108
2109         Build fix: svn add two files I forgot in my last patch.
2110
2111 2012-08-27  Geoffrey Garen  <ggaren@apple.com>
2112
2113         Refactored and consolidated variable resolution functions
2114         https://bugs.webkit.org/show_bug.cgi?id=95166
2115
2116         Reviewed by Filip Pizlo.
2117
2118         This patch does a few things:
2119
2120         (1) Introduces a new class, JSScope, which is the base class for all
2121         objects that represent a scope in the scope chain.
2122
2123         (2) Refactors and consolidates duplicate implementations of variable
2124         resolution into the JSScope class.
2125
2126         (3) Renames JSStaticScopeObject to JSNameScope because, as distinct from
2127         something like a 'let' scope, JSStaticScopeObject only has storage for a
2128         single name.
2129
2130         These changes makes logical sense to me as-is. I will also use them in an
2131         upcoming optimization.
2132
2133         * CMakeLists.txt:
2134         * GNUmakefile.list.am:
2135         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2136         * JavaScriptCore.xcodeproj/project.pbxproj:
2137         * Target.pri: Build!
2138
2139         * bytecode/CodeBlock.cpp:
2140         (JSC): Build fix for LLInt-only builds.
2141
2142         * bytecode/GlobalResolveInfo.h:
2143         (GlobalResolveInfo): Use PropertyOffset to be consistent with other parts
2144         of the engine.
2145
2146         * bytecompiler/NodesCodegen.cpp:
2147         * dfg/DFGOperations.cpp: Use the shared code in JSScope instead of rolling
2148         our own.
2149
2150         * interpreter/Interpreter.cpp:
2151         (JSC::Interpreter::execute):
2152         (JSC::Interpreter::createExceptionScope):
2153         (JSC::Interpreter::privateExecute):
2154         * interpreter/Interpreter.h: Use the shared code in JSScope instead of rolling
2155         our own.
2156
2157         * jit/JITStubs.cpp:
2158         (JSC::DEFINE_STUB_FUNCTION): Use the shared code in JSScope instead of rolling
2159         our own.
2160
2161         * llint/LLIntSlowPaths.cpp:
2162         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2163         (LLInt): Use the shared code in JSScope instead of rolling our own. Note
2164         that one of these slow paths calls the wrong helper function. I left it
2165         that way to avoid a behavior change in a refactoring patch.
2166
2167         * parser/Nodes.cpp: Updated for rename.
2168
2169         * runtime/CommonSlowPaths.h:
2170         (CommonSlowPaths): Removed resolve slow paths because were duplicative.
2171
2172         * runtime/JSGlobalData.cpp:
2173         (JSC::JSGlobalData::JSGlobalData):
2174         * runtime/JSGlobalData.h:
2175         (JSGlobalData): Updated for renames.
2176
2177         * runtime/JSNameScope.cpp: Copied from Source/JavaScriptCore/runtime/JSStaticScopeObject.cpp.
2178         (JSC):
2179         (JSC::JSNameScope::visitChildren):
2180         (JSC::JSNameScope::toThisObject):
2181         (JSC::JSNameScope::put):
2182         (JSC::JSNameScope::getOwnPropertySlot):
2183         * runtime/JSNameScope.h: Copied from Source/JavaScriptCore/runtime/JSStaticScopeObject.h.
2184         (JSC):
2185         (JSC::JSNameScope::create):
2186         (JSC::JSNameScope::createStructure):
2187         (JSNameScope):
2188         (JSC::JSNameScope::JSNameScope):
2189         (JSC::JSNameScope::isDynamicScope): Used do-webcore-rename script here.
2190         It is fabulous!
2191
2192         * runtime/JSObject.h:
2193         (JSObject):
2194         (JSC::JSObject::isNameScopeObject): More rename.
2195
2196         * runtime/JSScope.cpp: Added.
2197         (JSC):
2198         (JSC::JSScope::isDynamicScope):
2199         (JSC::JSScope::resolve):
2200         (JSC::JSScope::resolveSkip):
2201         (JSC::JSScope::resolveGlobal):
2202         (JSC::JSScope::resolveGlobalDynamic):
2203         (JSC::JSScope::resolveBase):
2204         (JSC::JSScope::resolveWithBase):
2205         (JSC::JSScope::resolveWithThis):
2206         * runtime/JSScope.h: Added.
2207         (JSC):
2208         (JSScope):
2209         (JSC::JSScope::JSScope): All the code here is a port from the
2210         Interpreter.cpp implementations of this functionality.
2211
2212         * runtime/JSStaticScopeObject.cpp: Removed.
2213         * runtime/JSStaticScopeObject.h: Removed.
2214
2215         * runtime/JSSymbolTableObject.cpp:
2216         (JSC):
2217         * runtime/JSSymbolTableObject.h:
2218         (JSSymbolTableObject):
2219         * runtime/JSType.h: Updated for rename.
2220
2221         * runtime/Operations.h:
2222         (JSC::resolveBase): Removed because it was duplicative.
2223
2224 2012-08-28  Alban Browaeys <prahal@yahoo.com>
2225
2226         [GTK] LLint build fails with -g -02
2227         https://bugs.webkit.org/show_bug.cgi?id=90098
2228
2229         Reviewed by Filip Pizlo.
2230
2231         Avoid duplicate offsets for llint, discarding them.
2232
2233         * offlineasm/offsets.rb:
2234
2235 2012-08-27  Sheriff Bot  <webkit.review.bot@gmail.com>
2236
2237         Unreviewed, rolling out r126836.
2238         http://trac.webkit.org/changeset/126836
2239         https://bugs.webkit.org/show_bug.cgi?id=95163
2240
2241         Broke all Apple ports, EFL, and Qt. (Requested by tkent on
2242         #webkit).
2243
2244         * API/JSCallbackObject.h:
2245         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
2246         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
2247         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
2248         * API/JSCallbackObjectFunctions.h:
2249         (JSC::::getOwnPropertyNames):
2250         * API/JSClassRef.cpp:
2251         (OpaqueJSClass::~OpaqueJSClass):
2252         (OpaqueJSClassContextData::OpaqueJSClassContextData):
2253         (OpaqueJSClass::contextData):
2254         * bytecode/CodeBlock.cpp:
2255         (JSC::CodeBlock::dump):
2256         (JSC::EvalCodeCache::visitAggregate):
2257         (JSC::CodeBlock::nameForRegister):
2258         * bytecode/JumpTable.h:
2259         (JSC::StringJumpTable::offsetForValue):
2260         (JSC::StringJumpTable::ctiForValue):
2261         * bytecode/LazyOperandValueProfile.cpp:
2262         (JSC::LazyOperandValueProfileParser::getIfPresent):
2263         * bytecode/SamplingTool.cpp:
2264         (JSC::SamplingTool::dump):
2265         * bytecompiler/BytecodeGenerator.cpp:
2266         (JSC::BytecodeGenerator::addVar):
2267         (JSC::BytecodeGenerator::addGlobalVar):
2268         (JSC::BytecodeGenerator::addConstant):
2269         (JSC::BytecodeGenerator::addConstantValue):
2270         (JSC::BytecodeGenerator::emitLoad):
2271         (JSC::BytecodeGenerator::addStringConstant):
2272         (JSC::BytecodeGenerator::emitLazyNewFunction):
2273         * bytecompiler/NodesCodegen.cpp:
2274         (JSC::PropertyListNode::emitBytecode):
2275         * debugger/Debugger.cpp:
2276         * dfg/DFGArgumentsSimplificationPhase.cpp:
2277         (JSC::DFG::ArgumentsSimplificationPhase::run):
2278         (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
2279         (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
2280         (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
2281         (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
2282         * dfg/DFGAssemblyHelpers.cpp:
2283         (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
2284         * dfg/DFGByteCodeCache.h:
2285         (JSC::DFG::ByteCodeCache::~ByteCodeCache):
2286         (JSC::DFG::ByteCodeCache::get):
2287         * dfg/DFGByteCodeParser.cpp:
2288         (JSC::DFG::ByteCodeParser::cellConstant):
2289         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2290         * dfg/DFGStructureCheckHoistingPhase.cpp:
2291         (JSC::DFG::StructureCheckHoistingPhase::run):
2292         (JSC::DFG::StructureCheckHoistingPhase::noticeStructureCheck):
2293         (JSC::DFG::StructureCheckHoistingPhase::noticeClobber):
2294         * heap/Heap.cpp:
2295         (JSC::Heap::markProtectedObjects):
2296         * heap/Heap.h:
2297         (JSC::Heap::forEachProtectedCell):
2298         * heap/JITStubRoutineSet.cpp:
2299         (JSC::JITStubRoutineSet::markSlow):
2300         (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
2301         * heap/MarkStack.cpp:
2302         (JSC::MarkStack::internalAppend):
2303         * heap/Weak.h:
2304         (JSC::weakRemove):
2305         * jit/JIT.cpp:
2306         (JSC::JIT::privateCompile):
2307         * jit/JITStubs.cpp:
2308         (JSC::JITThunks::ctiStub):
2309         * parser/Parser.cpp:
2310         (JSC::::parseStrictObjectLiteral):
2311         * profiler/Profile.cpp:
2312         (JSC::functionNameCountPairComparator):
2313         (JSC::Profile::debugPrintDataSampleStyle):
2314         * runtime/Identifier.cpp:
2315         (JSC::Identifier::add):
2316         * runtime/JSActivation.cpp:
2317         (JSC::JSActivation::getOwnPropertyNames):
2318         (JSC::JSActivation::symbolTablePutWithAttributes):
2319         * runtime/JSArray.cpp:
2320         (JSC::SparseArrayValueMap::put):
2321         (JSC::SparseArrayValueMap::putDirect):
2322         (JSC::SparseArrayValueMap::visitChildren):
2323         (JSC::JSArray::enterDictionaryMode):
2324         (JSC::JSArray::defineOwnNumericProperty):
2325         (JSC::JSArray::getOwnPropertySlotByIndex):
2326         (JSC::JSArray::getOwnPropertyDescriptor):
2327         (JSC::JSArray::putByIndexBeyondVectorLength):
2328         (JSC::JSArray::putDirectIndexBeyondVectorLength):
2329         (JSC::JSArray::deletePropertyByIndex):
2330         (JSC::JSArray::getOwnPropertyNames):
2331         (JSC::JSArray::setLength):
2332         (JSC::JSArray::sort):
2333         (JSC::JSArray::compactForSorting):
2334         (JSC::JSArray::checkConsistency):
2335         * runtime/JSSymbolTableObject.cpp:
2336         (JSC::JSSymbolTableObject::getOwnPropertyNames):
2337         * runtime/JSSymbolTableObject.h:
2338         (JSC::symbolTableGet):
2339         (JSC::symbolTablePut):
2340         (JSC::symbolTablePutWithAttributes):
2341         * runtime/RegExpCache.cpp:
2342         (JSC::RegExpCache::invalidateCode):
2343         * runtime/WeakGCMap.h:
2344         (JSC::WeakGCMap::clear):
2345         (JSC::WeakGCMap::set):
2346         * tools/ProfileTreeNode.h:
2347         (JSC::ProfileTreeNode::sampleChild):
2348         (JSC::ProfileTreeNode::childCount):
2349         (JSC::ProfileTreeNode::dumpInternal):
2350         (JSC::ProfileTreeNode::compareEntries):
2351
2352 2012-08-27  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>
2353
2354         Rename first/second to key/value in HashMap iterators
2355         https://bugs.webkit.org/show_bug.cgi?id=82784
2356
2357         Reviewed by Eric Seidel.
2358
2359         * API/JSCallbackObject.h:
2360         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
2361         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
2362         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
2363         * API/JSCallbackObjectFunctions.h:
2364         (JSC::::getOwnPropertyNames):
2365         * API/JSClassRef.cpp:
2366         (OpaqueJSClass::~OpaqueJSClass):
2367         (OpaqueJSClassContextData::OpaqueJSClassContextData):
2368         (OpaqueJSClass::contextData):
2369         * bytecode/CodeBlock.cpp:
2370         (JSC::CodeBlock::dump):
2371         (JSC::EvalCodeCache::visitAggregate):
2372         (JSC::CodeBlock::nameForRegister):
2373         * bytecode/JumpTable.h:
2374         (JSC::StringJumpTable::offsetForValue):
2375         (JSC::StringJumpTable::ctiForValue):
2376         * bytecode/LazyOperandValueProfile.cpp:
2377         (JSC::LazyOperandValueProfileParser::getIfPresent):
2378         * bytecode/SamplingTool.cpp:
2379         (JSC::SamplingTool::dump):
2380         * bytecompiler/BytecodeGenerator.cpp:
2381         (JSC::BytecodeGenerator::addVar):
2382         (JSC::BytecodeGenerator::addGlobalVar):
2383         (JSC::BytecodeGenerator::addConstant):
2384         (JSC::BytecodeGenerator::addConstantValue):
2385         (JSC::BytecodeGenerator::emitLoad):
2386         (JSC::BytecodeGenerator::addStringConstant):
2387         (JSC::BytecodeGenerator::emitLazyNewFunction):
2388         * bytecompiler/NodesCodegen.cpp:
2389         (JSC::PropertyListNode::emitBytecode):
2390         * debugger/Debugger.cpp:
2391         * dfg/DFGArgumentsSimplificationPhase.cpp:
2392         (JSC::DFG::ArgumentsSimplificationPhase::run):
2393         (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
2394         (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
2395         (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
2396         (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
2397         * dfg/DFGAssemblyHelpers.cpp:
2398         (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
2399         * dfg/DFGByteCodeCache.h:
2400         (JSC::DFG::ByteCodeCache::~ByteCodeCache):
2401         (JSC::DFG::ByteCodeCache::get):
2402         * dfg/DFGByteCodeParser.cpp:
2403         (JSC::DFG::ByteCodeParser::cellConstant):
2404         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2405         * dfg/DFGStructureCheckHoistingPhase.cpp:
2406         (JSC::DFG::StructureCheckHoistingPhase::run):
2407         (JSC::DFG::StructureCheckHoistingPhase::noticeStructureCheck):
2408         (JSC::DFG::StructureCheckHoistingPhase::noticeClobber):
2409         * heap/Heap.cpp:
2410         (JSC::Heap::markProtectedObjects):
2411         * heap/Heap.h:
2412         (JSC::Heap::forEachProtectedCell):
2413         * heap/JITStubRoutineSet.cpp:
2414         (JSC::JITStubRoutineSet::markSlow):
2415         (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
2416         * heap/MarkStack.cpp:
2417         (JSC::MarkStack::internalAppend):
2418         * heap/Weak.h:
2419         (JSC::weakRemove):
2420         * jit/JIT.cpp:
2421         (JSC::JIT::privateCompile):
2422         * jit/JITStubs.cpp:
2423         (JSC::JITThunks::ctiStub):
2424         * parser/Parser.cpp:
2425         (JSC::::parseStrictObjectLiteral):
2426         * profiler/Profile.cpp:
2427         (JSC::functionNameCountPairComparator):
2428         (JSC::Profile::debugPrintDataSampleStyle):
2429         * runtime/Identifier.cpp:
2430         (JSC::Identifier::add):
2431         * runtime/JSActivation.cpp:
2432         (JSC::JSActivation::getOwnPropertyNames):
2433         (JSC::JSActivation::symbolTablePutWithAttributes):
2434         * runtime/JSArray.cpp:
2435         (JSC::SparseArrayValueMap::put):
2436         (JSC::SparseArrayValueMap::putDirect):
2437         (JSC::SparseArrayValueMap::visitChildren):
2438         (JSC::JSArray::enterDictionaryMode):
2439         (JSC::JSArray::defineOwnNumericProperty):
2440         (JSC::JSArray::getOwnPropertySlotByIndex):
2441         (JSC::JSArray::getOwnPropertyDescriptor):
2442         (JSC::JSArray::putByIndexBeyondVectorLength):
2443         (JSC::JSArray::putDirectIndexBeyondVectorLength):
2444         (JSC::JSArray::deletePropertyByIndex):
2445         (JSC::JSArray::getOwnPropertyNames):
2446         (JSC::JSArray::setLength):
2447         (JSC::JSArray::sort):
2448         (JSC::JSArray::compactForSorting):
2449         (JSC::JSArray::checkConsistency):
2450         * runtime/JSSymbolTableObject.cpp:
2451         (JSC::JSSymbolTableObject::getOwnPropertyNames):
2452         * runtime/JSSymbolTableObject.h:
2453         (JSC::symbolTableGet):
2454         (JSC::symbolTablePut):
2455         (JSC::symbolTablePutWithAttributes):
2456         * runtime/RegExpCache.cpp:
2457         (JSC::RegExpCache::invalidateCode):
2458         * runtime/WeakGCMap.h:
2459         (JSC::WeakGCMap::clear):
2460         (JSC::WeakGCMap::set):
2461         * tools/ProfileTreeNode.h:
2462         (JSC::ProfileTreeNode::sampleChild):
2463         (JSC::ProfileTreeNode::childCount):
2464         (JSC::ProfileTreeNode::dumpInternal):
2465         (JSC::ProfileTreeNode::compareEntries):
2466
2467 2012-08-27  Filip Pizlo  <fpizlo@apple.com>
2468
2469         Structure check hoisting should abstain if the OSR entry's must-handle value for the respective variable has a different structure
2470         https://bugs.webkit.org/show_bug.cgi?id=95141
2471         <rdar://problem/12170401>
2472
2473         Reviewed by Mark Hahnenberg.
2474
2475         * dfg/DFGStructureCheckHoistingPhase.cpp:
2476         (JSC::DFG::StructureCheckHoistingPhase::run):
2477
2478 2012-08-27  Mark Hahnenberg  <mhahnenberg@apple.com>
2479
2480         Remove use of ClassInfo from SpeculativeJIT::compileGetByValOnArguments
2481         https://bugs.webkit.org/show_bug.cgi?id=95131
2482
2483         Reviewed by Filip Pizlo.
2484
2485         * dfg/DFGSpeculativeJIT.cpp:
2486         (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments): We don't need this speculation check. We can replace it 
2487         with an assert to guarantee this.
2488
2489 2012-08-27  Oliver Hunt  <oliver@apple.com>
2490
2491         Remove opcode definition autogen for now
2492         https://bugs.webkit.org/show_bug.cgi?id=95148
2493
2494         Reviewed by Mark Hahnenberg.
2495
2496         This isn't worth doing at the moment.
2497
2498         * DerivedSources.make:
2499         * JavaScriptCore.xcodeproj/project.pbxproj:
2500         * bytecode/Opcode.h:
2501         (JSC):
2502         (JSC::padOpcodeName):
2503         * bytecode/OpcodeDefinitions.h: Removed.
2504         * bytecode/opcodes: Removed.
2505         * opcode_definition_generator.py: Removed.
2506         * opcode_generator.py: Removed.
2507         * opcode_parser.py: Removed.
2508
2509 2012-08-27  Mark Hahnenberg  <mhahnenberg@apple.com>
2510
2511         Remove uses of TypedArray ClassInfo from SpeculativeJIT::checkArgumentTypes
2512         https://bugs.webkit.org/show_bug.cgi?id=95112
2513
2514         Reviewed by Filip Pizlo.
2515
2516         Removing these checks since we no longer need them.
2517
2518         * dfg/DFGAbstractState.cpp:
2519         (JSC::DFG::AbstractState::initialize):
2520         * dfg/DFGSpeculativeJIT.cpp:
2521         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2522
2523 2012-08-27  Benjamin Poulain  <benjamin@webkit.org>
2524
2525         Add ECMAScript Number to String conversion to WTF::String
2526         https://bugs.webkit.org/show_bug.cgi?id=95016
2527
2528         Reviewed by Geoffrey Garen.
2529
2530         Rename UString::number(double) to UString::numberToStringECMAScript(double) to
2531         differenciate it from the fixed-width conversion performed by String::number().
2532
2533         * parser/ParserArena.h:
2534         (JSC::IdentifierArena::makeNumericIdentifier):
2535         * runtime/JSONObject.cpp:
2536         (JSC::Stringifier::appendStringifiedValue):
2537         * runtime/NumberPrototype.cpp:
2538         (JSC::numberProtoFuncToExponential):
2539         (JSC::numberProtoFuncToFixed):
2540         (JSC::numberProtoFuncToPrecision):
2541         (JSC::numberProtoFuncToString):
2542         * runtime/NumericStrings.h:
2543         (JSC::NumericStrings::add):
2544         * runtime/UString.cpp:
2545         (JSC::UString::numberToStringECMAScript):
2546         * runtime/UString.h:
2547         (UString):
2548
2549 2012-08-27  Mikhail Pozdnyakov  <mikhail.pozdnyakov@intel.com>
2550
2551         Rename RegisterProtocolHandler API to NavigatorContentUtils
2552         https://bugs.webkit.org/show_bug.cgi?id=94920
2553
2554         Reviewed by Adam Barth.
2555
2556         ENABLE_REGISTER_PROTOCOL_HANDLER is renamed to ENABLE_NAVIGATOR_CONTENT_UTILS.
2557
2558         * Configurations/FeatureDefines.xcconfig:
2559
2560 2012-08-26  Filip Pizlo  <fpizlo@apple.com>
2561
2562         Unreviewed, fix for builds without VALUE_PROFILING. I had forgotten that shouldEmitProfiling()
2563         is designed to return true if DFG_JIT is disabled. I should be using canBeOptimized() instead.
2564
2565         * jit/JITCall.cpp:
2566         (JSC::JIT::compileOpCall):
2567         * jit/JITCall32_64.cpp:
2568         (JSC::JIT::compileOpCall):
2569
2570 2012-08-26  Geoffrey Garen  <ggaren@apple.com>
2571
2572         Don't allocate space for arguments and call frame if arguments aren't captured
2573         https://bugs.webkit.org/show_bug.cgi?id=95024
2574
2575         Reviewed by Phil Pizlo.
2576
2577         27% on v8-real-earley.
2578
2579         * runtime/JSActivation.h:
2580         (JSC::JSActivation::registerOffset): The offset is zero if we're skipping
2581         the arguments and call frame because "offset" means space reserved for
2582         those things.
2583
2584         (JSC::JSActivation::tearOff): Don't copy the scope chain and callee. We
2585         don't need them for anything, and we're no longer guaranteed to have
2586         space for them.
2587
2588 2012-08-26  Geoffrey Garen  <ggaren@apple.com>
2589
2590         Removed the NULL checks from visitChildren functions
2591         https://bugs.webkit.org/show_bug.cgi?id=95021
2592
2593         Reviewed by Oliver Hunt.
2594
2595         As of http://trac.webkit.org/changeset/126624, all values are NULL-checked
2596         during GC, so explicit NULL checks aren't needed anymore.
2597
2598 2011-08-26  Geoffrey Garen  <ggaren@apple.com>
2599
2600         Removed a JSC-specific hack from the web inspector
2601         https://bugs.webkit.org/show_bug.cgi?id=95033
2602
2603         Reviewed by Filip Pizlo.
2604
2605         Added support for what the web inspector really wanted instead.
2606
2607         * runtime/JSActivation.cpp:
2608         (JSC::JSActivation::symbolTableGet):
2609         (JSC::JSActivation::symbolTablePut): Added some explanation for these
2610         checks, which were non-obvious to me.
2611
2612         (JSC::JSActivation::getOwnPropertySlot): It's impossible to access the
2613         arguments property of an activation after it's been torn off, since the
2614         only way to tear off an activation is to instantiate a new function,
2615         which has its own arguments property in scope. However, the inspector
2616         get special access to activations, and may try to perform this access,
2617         so we need a special guard to maintain coherence and avoid crashing in
2618         case the activation optimized out the arguments property.
2619
2620         * runtime/JSActivation.cpp:
2621         (JSC::JSActivation::symbolTableGet):
2622         (JSC::JSActivation::symbolTablePut):
2623         (JSC::JSActivation::getOwnPropertyNames):
2624         (JSC::JSActivation::getOwnPropertyDescriptor): Provide getOwnPropertyNames
2625         and getOwnPropertyDescriptor implementations, to meet the web inspector's
2626         needs. (User code can never call these.)
2627
2628 2012-08-24  Filip Pizlo  <fpizlo@apple.com>
2629
2630         Finally inlining should correctly track the catch context
2631         https://bugs.webkit.org/show_bug.cgi?id=94986
2632         <rdar://problem/11753784>
2633
2634         Reviewed by Sam Weinig.
2635
2636         This fixes two behaviors:
2637         
2638         1) Throwing from a finally block. Previously, we would seem to reenter the finally
2639            block - though only once.
2640         
2641         2) Executing a finally block from some nested context, for example due to a
2642            'continue', 'break', or 'return' in the try. This would execute the finally
2643            block in the context of of the try block, which could lead to either scope depth
2644            mismatches or reexecutions of the finally block on throw, similarly to (1) but
2645            for different reasons.
2646
2647         * bytecompiler/BytecodeGenerator.cpp:
2648         (JSC):
2649         (JSC::BytecodeGenerator::pushFinallyContext):
2650         (JSC::BytecodeGenerator::emitComplexJumpScopes):
2651         (JSC::BytecodeGenerator::pushTry):
2652         (JSC::BytecodeGenerator::popTryAndEmitCatch):
2653         * bytecompiler/BytecodeGenerator.h:
2654         (FinallyContext):
2655         (TryData):
2656         (JSC):
2657         (TryContext):
2658         (TryRange):
2659         (BytecodeGenerator):
2660         * bytecompiler/NodesCodegen.cpp:
2661         (JSC::TryNode::emitBytecode):
2662
2663 2012-08-26  Filip Pizlo  <fpizlo@apple.com>
2664
2665         Array type checks and storage accesses should be uniformly represented and available to CSE
2666         https://bugs.webkit.org/show_bug.cgi?id=95013
2667
2668         Reviewed by Oliver Hunt.
2669
2670         This uniformly breaks up all array accesses into up to three parts:
2671         
2672         1) The type check, using a newly introduced CheckArray node, in addition to possibly
2673            a CheckStructure node. We were already inserting the CheckStructure prior to this
2674            patch. The CheckArray node will be automatically eliminated if the thing it was
2675            checking for had already been checked for, either intentionally (a CheckStructure
2676            inserted based on the array profile of this access) or accidentally (some checks,
2677            typically a CheckStructure, inserted for some unrelated operations). The
2678            CheckArray node may not be inserted if the array type is non-specific (Generic or
2679            ForceExit).
2680         
2681         2) The storage load using GetIndexedPropertyStorage. Previously, this only worked for
2682            GetByVal. Now it works for all array accesses. The storage load may not be
2683            inserted if the mode of array access does not permit CSE of storage loads (like
2684            non-specific modes or Arguments).
2685         
2686         3) The access itself: one of GetByVal, PutByVal, PutByValAlias, ArrayPush, ArrayPop,
2687            GetArrayLength, StringCharAt, or StringCharCodeAt.
2688         
2689         This means that the type check can be subjected to CSE even if the CFA isn't smart
2690         enough to reason about it (yet!). It also means that the storage load can always be
2691         subjected to CSE; previously CSE on storage load only worked for array loads and not
2692         other forms of access. Finally, it removes the bizarre behavior that
2693         GetIndexedPropertyStorage previously had: previously, it was responsible for the type
2694         check in some cases, but not others; this made reasoning about the CFA really
2695         confusing.
2696         
2697         This change also disables late refinement of array mode, since I decided that
2698         supporting that feature is both confusing and likely unprofitable. The array modes are
2699         now locked in in the first fixup run after prediction propagation. Of course,
2700         refinements from Generic to something else would not have been a problem; we could
2701         reenable those if we thought we really needed to.
2702
2703         * dfg/DFGAbstractState.cpp:
2704         (JSC::DFG::AbstractState::execute):
2705         * dfg/DFGArgumentsSimplificationPhase.cpp:
2706         (JSC::DFG::ArgumentsSimplificationPhase::run):
2707         * dfg/DFGArrayMode.cpp:
2708         (JSC::DFG::fromStructure):
2709         (DFG):
2710         (JSC::DFG::refineArrayMode):
2711         * dfg/DFGArrayMode.h:
2712         (DFG):
2713         (JSC::DFG::modeIsJSArray):
2714         (JSC::DFG::lengthNeedsStorage):
2715         (JSC::DFG::modeIsSpecific):
2716         (JSC::DFG::modeSupportsLength):
2717         * dfg/DFGByteCodeParser.cpp:
2718         (JSC::DFG::ByteCodeParser::ByteCodeParser):
2719         (JSC::DFG::ByteCodeParser::getArrayMode):
2720         (ByteCodeParser):
2721         (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
2722         (JSC::DFG::ByteCodeParser::handleIntrinsic):
2723         (JSC::DFG::ByteCodeParser::parseBlock):
2724         * dfg/DFGCFGSimplificationPhase.cpp:
2725         (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
2726         * dfg/DFGCSEPhase.cpp:
2727         (JSC::DFG::CSEPhase::CSEPhase):
2728         (JSC::DFG::CSEPhase::checkStructureElimination):
2729         (CSEPhase):
2730         (JSC::DFG::CSEPhase::checkArrayElimination):
2731         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
2732         (JSC::DFG::CSEPhase::performNodeCSE):
2733         (JSC::DFG::performCSE):
2734         * dfg/DFGCSEPhase.h:
2735         (DFG):
2736         * dfg/DFGCommon.h:
2737         * dfg/DFGConstantFoldingPhase.cpp:
2738         (JSC::DFG::ConstantFoldingPhase::foldConstants):
2739         * dfg/DFGDriver.cpp:
2740         (JSC::DFG::compile):
2741         * dfg/DFGFixupPhase.cpp:
2742         (JSC::DFG::FixupPhase::fixupNode):
2743         (JSC::DFG::FixupPhase::checkArray):
2744         (FixupPhase):
2745         (JSC::DFG::FixupPhase::blessArrayOperation):
2746         * dfg/DFGGraph.cpp:
2747         (JSC::DFG::Graph::Graph):
2748         (DFG):
2749         (JSC::DFG::Graph::dump):
2750         (JSC::DFG::Graph::collectGarbage):
2751         * dfg/DFGGraph.h:
2752         (Graph):
2753         (JSC::DFG::Graph::vote):
2754         (JSC::DFG::Graph::substitute):
2755         * dfg/DFGNode.h:
2756         (JSC::DFG::Node::hasArrayMode):
2757         (JSC::DFG::Node::setArrayMode):
2758         * dfg/DFGNodeType.h:
2759         (DFG):
2760         * dfg/DFGOperations.cpp:
2761         * dfg/DFGPhase.h:
2762         (DFG):
2763         * dfg/DFGPredictionPropagationPhase.cpp:
2764         (JSC::DFG::PredictionPropagationPhase::propagate):
2765         (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags):
2766         * dfg/DFGSpeculativeJIT.cpp:
2767         (JSC::DFG::SpeculativeJIT::checkArray):
2768         (JSC::DFG::SpeculativeJIT::useChildren):
2769         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
2770         (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
2771         (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
2772         (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
2773         * dfg/DFGSpeculativeJIT.h:
2774         (SpeculativeJIT):
2775         * dfg/DFGSpeculativeJIT32_64.cpp:
2776         (JSC::DFG::SpeculativeJIT::compile):
2777         * dfg/DFGSpeculativeJIT64.cpp:
2778         (JSC::DFG::SpeculativeJIT::compile):
2779         * dfg/DFGStructureCheckHoistingPhase.cpp:
2780         (JSC::DFG::StructureCheckHoistingPhase::run):
2781
2782 2012-08-26  Filip Pizlo  <fpizlo@apple.com>
2783
2784         DFGGraph.h has a bogus comment about the nature of StorageAccessData
2785         https://bugs.webkit.org/show_bug.cgi?id=95035
2786
2787         Reviewed by Oliver Hunt.
2788
2789         The comment is both wrong (storage access instructions don't reference CheckStructure)
2790         and highly redundant: of course it's the case that two structures may have the same
2791         identifier. Our interference analyses currently don't care about this and make the
2792         conservative assumptions when necessary (same identifier, same object -> must be same
2793         property; same identifier, may be same object -> may be the same property). Better to
2794         remove the bogus comment since the code that operates over this data structure is
2795         fairly self-explanatory already.
2796
2797         * dfg/DFGGraph.h:
2798         (StorageAccessData):
2799
2800 2012-08-25  Geoffrey Garen  <ggaren@apple.com>
2801
2802         Try a little harder to fix the Linux build.
2803
2804         * runtime/JSActivation.cpp:
2805         * runtime/JSActivation.h:
2806
2807 2012-08-25  Geoffrey Garen  <ggaren@apple.com>
2808
2809         Try to fix the Linux build.
2810
2811         * runtime/JSActivation.cpp:
2812
2813 2012-08-25  Geoffrey Garen  <ggaren@apple.com>
2814
2815         Don't use malloc / destructors for activation objects
2816         https://bugs.webkit.org/show_bug.cgi?id=94897
2817
2818         Reviewed by Oliver Hunt.
2819
2820         65% faster on v8-real-earley.
2821
2822         Lots of boilerplate here, but the jist is this:
2823
2824         (1) Use CopiedSpace instead of malloc to allocate the activation's
2825         backing store.
2826
2827         (2) Use MarkedSpace instead of ref-counting to allocate the symbol table.
2828
2829         (3) ==> No more destructor.
2830
2831         * bytecode/CodeBlock.cpp:
2832         (JSC::CodeBlock::CodeBlock):
2833         (JSC::CodeBlock::stronglyVisitStrongReferences):
2834         * bytecode/CodeBlock.h:
2835         (JSC::CodeBlock::symbolTable):
2836         (CodeBlock):
2837         (JSC::GlobalCodeBlock::GlobalCodeBlock):
2838         (JSC::FunctionCodeBlock::FunctionCodeBlock):
2839         (FunctionCodeBlock): SymbolTable is a GC object now, so it gets a write
2840         barrier and visit calls instead of ref-counting. I changed all CodeBlocks
2841         to use shared symbol tables because the distinction between shared and
2842         unshared hurt my head.
2843
2844         * bytecompiler/BytecodeGenerator.cpp:
2845         (JSC::BytecodeGenerator::resolve):
2846         (JSC::BytecodeGenerator::resolveConstDecl):
2847         (JSC::BytecodeGenerator::emitPutStaticVar):
2848         * dfg/DFGByteCodeParser.cpp:
2849         (JSC::DFG::ByteCodeParser::parseBlock):
2850         * dfg/DFGSpeculativeJIT32_64.cpp:
2851         (JSC::DFG::SpeculativeJIT::compile):
2852         * dfg/DFGSpeculativeJIT64.cpp:
2853         (JSC::DFG::SpeculativeJIT::compile): Sometimes, a period just wants
2854         to be an arrow. And then C++ is there to accommodate.
2855
2856         * jit/JITDriver.h:
2857         (JSC::jitCompileFunctionIfAppropriate):
2858         * runtime/Arguments.h:
2859         (ArgumentsData):
2860         (JSC::Arguments::setRegisters):
2861         (Arguments):
2862         (JSC::Arguments::argument):
2863         (JSC::Arguments::finishCreation):
2864         * runtime/Executable.cpp:
2865         (JSC::FunctionExecutable::FunctionExecutable):
2866         (JSC::ProgramExecutable::compileInternal):
2867         (JSC::FunctionExecutable::compileForCallInternal):
2868         (JSC::FunctionExecutable::compileForConstructInternal):
2869         (JSC::FunctionExecutable::visitChildren):
2870         * runtime/Executable.h:
2871         (JSC::FunctionExecutable::symbolTable):
2872         (FunctionExecutable):
2873         * runtime/ExecutionHarness.h:
2874         (JSC::prepareFunctionForExecution): I changed from WriteBarrier to
2875         WriteBarrierBase so activations could reuse StorageBarrier and PropertyStorage.
2876
2877         * runtime/JSActivation.cpp:
2878         (JSC::JSActivation::JSActivation):
2879         (JSC::JSActivation::finishCreation): Allocate the symbol table here,
2880         after we're fully constructed, to avoid GC during initialization.
2881
2882         (JSC::JSActivation::visitChildren):
2883         (JSC::JSActivation::symbolTableGet):
2884         (JSC::JSActivation::symbolTablePut):
2885         (JSC::JSActivation::getOwnPropertyNames):
2886         (JSC::JSActivation::symbolTablePutWithAttributes):
2887         * runtime/JSActivation.h:
2888         (JSC::JSActivation::create):
2889         (JSActivation):
2890         (JSC::JSActivation::registerOffset):
2891         (JSC):
2892         (JSC::JSActivation::registerArraySize):
2893         (JSC::JSActivation::registerArraySizeInBytes):
2894         (JSC::JSActivation::tearOff): Tear-off zero-initializes all uncopied
2895         registers. This makes it safe to copyAndAppend the full buffer in
2896         visitChildren, without any extra checks.
2897
2898         * runtime/JSCell.h:
2899         (JSCell): Moved a shared default set of flags into this base class, so
2900         I could use it in a few places.
2901
2902         * runtime/JSGlobalData.cpp:
2903         (JSC::JSGlobalData::JSGlobalData):
2904         * runtime/JSGlobalData.h:
2905         (JSGlobalData): New structure for symbol tables.
2906
2907         * runtime/JSGlobalObject.cpp:
2908         (JSC::JSGlobalObject::JSGlobalObject):
2909         (JSC::JSGlobalObject::addStaticGlobals):
2910         * runtime/JSGlobalObject.h:
2911         (JSGlobalObject):
2912         (JSC::JSGlobalObject::symbolTableHasProperty): We don't need an inline
2913         symbol table -- JSSymbolTableObject will GC allocate one for us.
2914
2915         * runtime/JSObject.h:
2916         (JSObject):
2917         * runtime/JSSegmentedVariableObject.h:
2918         (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
2919         * runtime/JSStaticScopeObject.cpp:
2920         (JSC):
2921         (JSC::JSStaticScopeObject::visitChildren): NULL check our register store
2922         because finishCreation allocates an object now, so we may get marked
2923         before we've assigned to our register store.
2924
2925         * runtime/JSStaticScopeObject.h:
2926         (JSC::JSStaticScopeObject::finishCreation):
2927         (JSC::JSStaticScopeObject::JSStaticScopeObject):
2928         (JSStaticScopeObject): No more destructor for this object, either, since
2929         it no longer embeds a hash table.
2930
2931         * runtime/JSSymbolTableObject.cpp:
2932         (JSC::JSSymbolTableObject::visitChildren):
2933         (JSC::JSSymbolTableObject::deleteProperty):
2934         (JSC::JSSymbolTableObject::getOwnPropertyNames):
2935         * runtime/JSSymbolTableObject.h:
2936         (JSC::JSSymbolTableObject::symbolTable):
2937         (JSSymbolTableObject):
2938         (JSC::JSSymbolTableObject::JSSymbolTableObject):
2939         (JSC::JSSymbolTableObject::finishCreation):
2940         (JSC::symbolTableGet):
2941         (JSC::symbolTablePut):
2942         (JSC::symbolTablePutWithAttributes): SymbolTableObject allocates a symbol
2943         table automatically if one isn't provided. (Activations provide their
2944         own, which they get from compiled code.)
2945
2946         * runtime/JSVariableObject.cpp:
2947         (JSC):
2948         * runtime/JSVariableObject.h:
2949         (JSC::JSVariableObject::registerAt):
2950         (JSC::JSVariableObject::addressOfRegisters):
2951         (JSVariableObject):
2952         (JSC::JSVariableObject::JSVariableObject):
2953         (JSC::JSVariableObject::finishCreation): Removed a bunch of obsolete code.
2954         Activations manage their registers directly now.
2955
2956         * runtime/StorageBarrier.h:
2957         (StorageBarrier):
2958         (JSC::StorageBarrier::operator!):
2959
2960         * runtime/SymbolTable.cpp:
2961         (JSC):
2962         (JSC::SharedSymbolTable::destroy):
2963         * runtime/SymbolTable.h:
2964         (JSC::SharedSymbolTable::create):
2965         (SharedSymbolTable):
2966         (JSC::SharedSymbolTable::createStructure):
2967         (JSC::SharedSymbolTable::SharedSymbolTable): Boilerplat code to
2968         make shared symbol table GC-allocated.
2969
2970 2012-08-25  Filip Pizlo  <fpizlo@apple.com>
2971
2972         op_call should have ArrayProfiling for the benefit of array intrinsics
2973         https://bugs.webkit.org/show_bug.cgi?id=95014
2974
2975         Reviewed by Sam Weinig.
2976
2977         This is a performance-neutral change that just adds the profiling but does not
2978         use it, yet. If in the future we wanted to make this kind of profiling cheaper
2979         we could move it into specialized thunks for the relevant array intrinsics, but
2980         I figure that if this much simpler change gives us what we need without any
2981         discernable performance penalty then that's for the best.
2982
2983         * bytecompiler/BytecodeGenerator.cpp:
2984         (JSC::BytecodeGenerator::emitCall):
2985         * jit/JITCall.cpp:
2986         (JSC::JIT::compileOpCall):
2987         * jit/JITCall32_64.cpp:
2988         (JSC::JIT::compileOpCall):
2989         * llint/LowLevelInterpreter.asm:
2990         * llint/LowLevelInterpreter32_64.asm:
2991         * llint/LowLevelInterpreter64.asm:
2992
2993 2012-08-25  Filip Pizlo  <fpizlo@apple.com>
2994
2995         The redundant phi elimination phase is not used and should be removed
2996         https://bugs.webkit.org/show_bug.cgi?id=95006
2997
2998         Reviewed by Dan Bernstein.
2999
3000         Just removing dead code.
3001
3002         * CMakeLists.txt:
3003         * GNUmakefile.list.am:
3004         * JavaScriptCore.xcodeproj/project.pbxproj:
3005         * Target.pri:
3006         * dfg/DFGDriver.cpp:
3007         * dfg/DFGRedundantPhiEliminationPhase.cpp: Removed.
3008         * dfg/DFGRedundantPhiEliminationPhase.h: Removed.
3009
3010 2012-08-24  Benjamin Poulain  <bpoulain@apple.com>
3011
3012         Unify Number to StringImpl conversion
3013         https://bugs.webkit.org/show_bug.cgi?id=94879
3014
3015         Reviewed by Geoffrey Garen.
3016
3017         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3018         * runtime/UString.cpp:
3019         * runtime/UString.h:
3020         (JSC::UString::number):
3021         Update UString to directly use the common NumberToString implementation.
3022
3023 2012-08-24  Oliver Hunt  <oliver@apple.com>
3024
3025         Always null check cells before marking
3026         https://bugs.webkit.org/show_bug.cgi?id=94968
3027
3028         Reviewed by Geoffrey Garen.
3029
3030         Originally we tried to minimise null checks by only null checking values
3031         that we knew could be null, however given that we can't ever guarantee
3032         when a GC will happen, we're better off just always assuming that a null
3033         check will be necessary.  This results in a much less fragile code base
3034         as we can add GC allocations to object initialisers without having to
3035         subsequently worry about whether the object we are initialising will need
3036         to add a bunch of null checks in its visitChildren implementation.
3037
3038         * heap/MarkStack.cpp:
3039         (JSC::MarkStack::internalAppend):
3040         * heap/MarkStackInlineMethods.h:
3041         (JSC::MarkStack::append):
3042         (JSC::MarkStack::appendUnbarrieredPointer):
3043         * runtime/Structure.h:
3044         (JSC::MarkStack::internalAppend):
3045
3046 2012-08-23  Oliver Hunt  <oliver@apple.com>
3047
3048         Autogenerate Opcode definitions
3049         https://bugs.webkit.org/show_bug.cgi?id=94840
3050
3051         Reviewed by Gavin Barraclough.
3052
3053         Start the process of autogenerating the code emission for the bytecode.
3054         We'll just start with automatic generation of the list of Opcodes as that
3055         requires the actual definition of the opcodes, and the logic for parsing
3056         them.
3057
3058         Due to some rather annoying dependency cycles, this initial version has
3059         the OpcodeDefinitions.h file checked into the tree, although with some
3060         work I hope to be able to fix that.
3061
3062         * DerivedSources.make:
3063         * JavaScriptCore.xcodeproj/project.pbxproj:
3064         * bytecode/Opcode.h:
3065           Include OpcodeDefinitions.h as our definitive source of info
3066           about the opcodes.
3067         * bytecode/OpcodeDefinitions.h: Added.
3068           Autogenerated file
3069         * bytecode/opcodes: Added.
3070           The new opcode definition file
3071         * opcode_definition_generator.py: Added.
3072         (generateOpcodeDefinition):
3073         (generate):
3074           Module that generates the content for OpcodeDefinitions.h
3075         * opcode_generator.py: Added.
3076         (printUsage):
3077         (main):
3078           Driver script
3079         * opcode_parser.py: Added.
3080           Simple parser for the opcode definitions.
3081
3082 2011-08-23  Geoffrey Garen  <ggaren@apple.com>
3083
3084         Unreviewed, rolling out r126505.
3085         http://trac.webkit.org/changeset/126505
3086         https://bugs.webkit.org/show_bug.cgi?id=94840
3087
3088         Caused testapi to crash on launch
3089
3090         * DerivedSources.make:
3091         * JavaScriptCore.xcodeproj/project.pbxproj:
3092         * bytecode/Opcode.h:
3093         (JSC):
3094         (JSC::padOpcodeName):
3095         * bytecode/OpcodeDefinitions.h: Removed.
3096         * bytecode/opcodes: Removed.
3097         * opcode_definition_generator.py: Removed.
3098         * opcode_generator.py: Removed.
3099         * opcode_parser.py: Removed.
3100
3101 2012-08-23  Oliver Hunt  <oliver@apple.com>
3102
3103         Autogenerate Opcode definitions
3104         https://bugs.webkit.org/show_bug.cgi?id=94840
3105
3106         Reviewed by Gavin Barraclough.
3107
3108         Start the process of autogenerating the code emission for the bytecode.
3109         We'll just start with automatic generation of the list of Opcodes as that
3110         requires the actual definition of the opcodes, and the logic for parsing
3111         them.
3112
3113         Due to some rather annoying dependency cycles, this initial version has
3114         the OpcodeDefinitions.h file checked into the tree, although with some
3115         work I hope to be able to fix that.
3116
3117         * DerivedSources.make:
3118         * JavaScriptCore.xcodeproj/project.pbxproj:
3119         * bytecode/Opcode.h:
3120           Include OpcodeDefinitions.h as our definitive source of info
3121           about the opcodes.
3122         * bytecode/OpcodeDefinitions.h: Added.
3123           Autogenerated file
3124         * bytecode/opcodes: Added.
3125           The new opcode definition file
3126         * opcode_definition_generator.py: Added.
3127         (generateOpcodeDefinition):
3128         (generate):
3129           Module that generates the content for OpcodeDefinitions.h
3130         * opcode_generator.py: Added.
3131         (printUsage):
3132         (main):
3133           Driver script
3134         * opcode_parser.py: Added.
3135           Simple parser for the opcode definitions.
3136
3137 2012-08-23  Mark Hahnenberg  <mhahnenberg@apple.com>
3138
3139         Change behavior of MasqueradesAsUndefined to better accommodate DFG changes
3140         https://bugs.webkit.org/show_bug.cgi?id=93884
3141
3142         Reviewed by Filip Pizlo.
3143
3144         With some upcoming changes to the DFG to remove uses of ClassInfo, we will be changing the behavior of  
3145         MasqueradesAsUndefined. In order to make this change consistent across all of our execution engines,  
3146         we will make this change to MasqueradesAsUndefined as a separate patch. After this patch, MasqueradesAsUndefined  
3147         objects will only masquerade as undefined in their original context (i.e. their original JSGlobalObject).  
3148         For example, if an object that masquerades as undefined in frame A is passed to frame B, it will not  
3149         masquerade as undefined within frame B, but it will continue to masquerade in frame A. 
3150
3151         There are two primary changes that are taking place here. One is to thread the ExecState* through  
3152         JSValue::toBoolean and JSCell::toBoolean so that JSCell::toBoolean can check the object's  
3153         JSGlobalObject to compare it to the lexical JSGlobalObject of the currently running code. If the two  
3154         are distinct, then the object cannot MasqueradeAsUndefined. 
3155
3156         The other change is to perform this comparison of JSGlobalObjects everywhere where the MasqueradesAsUndefined 
3157         flag in the Structure is checked. For C++ code, this check has been factored into its own function in  
3158         Structure::masqueradesAsUndefined. We only perform this check in the DFG if the current JSGlobalObject has  
3159         had a MasqueradesAsUndefined object allocated within its context. This conditional compilation is managed  
3160         through the use of a WatchpointSet in each JSGlobalObject and alternate create() functions for JS DOM wrappers 
3161         that are MasqueradesAsUndefined.
3162
3163         * API/JSValueRef.cpp:
3164         (JSValueToBoolean):
3165         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3166         * bytecode/Watchpoint.h:
3167         (WatchpointSet):
3168         * debugger/DebuggerCallFrame.h:
3169         (JSC::DebuggerCallFrame::callFrame):
3170         * dfg/DFGAbstractState.cpp:
3171         (JSC::DFG::AbstractState::execute):
3172         * dfg/DFGCFGSimplificationPhase.cpp:
3173         (JSC::DFG::CFGSimplificationPhase::run):
3174         * dfg/DFGOperations.cpp:
3175         * dfg/DFGOperations.h:
3176         * dfg/DFGSpeculativeJIT32_64.cpp:
3177         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
3178         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
3179         (JSC::DFG::SpeculativeJIT::compile):
3180         * dfg/DFGSpeculativeJIT64.cpp:
3181         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
3182         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
3183         (JSC::DFG::SpeculativeJIT::compile):
3184         * interpreter/Interpreter.cpp:
3185         (JSC::Interpreter::privateExecute):
3186         * jit/JITOpcodes.cpp:
3187         (JSC::JIT::emit_op_is_undefined):
3188         (JSC::JIT::emit_op_jeq_null):
3189         (JSC::JIT::emit_op_jneq_null):
3190         (JSC::JIT::emit_op_eq_null):
3191         (JSC::JIT::emit_op_neq_null):
3192         * jit/JITOpcodes32_64.cpp:
3193         (JSC::JIT::emit_op_is_undefined):
3194         (JSC::JIT::emit_op_jeq_null):
3195         (JSC::JIT::emit_op_jneq_null):
3196         (JSC::JIT::emit_op_eq_null):
3197         (JSC::JIT::emit_op_neq_null):
3198         * jit/JITStubs.cpp:
3199         (JSC::DEFINE_STUB_FUNCTION):
3200         * llint/LLIntSlowPaths.cpp:
3201         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3202         * llint/LowLevelInterpreter32_64.asm:
3203         * llint/LowLevelInterpreter64.asm:
3204         * runtime/ArrayPrototype.cpp:
3205         (JSC::arrayProtoFuncFilter):
3206         (JSC::arrayProtoFuncEvery):
3207         (JSC::arrayProtoFuncSome):
3208         * runtime/BooleanConstructor.cpp:
3209         (JSC::constructBoolean):
3210         (JSC::callBooleanConstructor):
3211         * runtime/JSCell.h:
3212         (JSCell):
3213         * runtime/JSGlobalObject.cpp:
3214         (JSC::JSGlobalObject::JSGlobalObject):
3215         * runtime/JSGlobalObject.h:
3216         (JSGlobalObject):
3217         (JSC::JSGlobalObject::masqueradesAsUndefinedWatchpoint):
3218         * runtime/JSString.h:
3219         (JSC::JSCell::toBoolean):
3220         (JSC::JSValue::toBoolean):
3221         * runtime/JSValue.h:
3222         * runtime/ObjectConstructor.cpp:
3223         (JSC::toPropertyDescriptor):
3224         * runtime/Operations.cpp:
3225         (JSC::jsTypeStringForValue):
3226         (JSC::jsIsObjectType):
3227         * runtime/Operations.h:
3228         (JSC):
3229         (JSC::JSValue::equalSlowCaseInline):
3230         * runtime/RegExpConstructor.cpp:
3231         (JSC::setRegExpConstructorMultiline):
3232         * runtime/RegExpPrototype.cpp:
3233         (JSC::regExpProtoFuncToString):
3234         * runtime/Structure.h:
3235         (Structure):
3236         (JSC::Structure::globalObjectOffset):
3237         (JSC::Structure::masqueradesAsUndefined):
3238         (JSC):
3239
3240 2012-08-23  Mark Rowe  <mrowe@apple.com>
3241
3242         Make JavaScriptCore build with the latest version of clang.
3243
3244         Reviewed by Dan Bernstein.
3245
3246         * heap/MachineStackMarker.cpp:
3247         (JSC::MachineThreads::MachineThreads): The m_heap member is only used within
3248         assertions, so guard its initialization with !ASSERT_DISABLED.
3249         * heap/MachineStackMarker.h:
3250         (MachineThreads): Ditto for its declaration.
3251         * jit/JITStubCall.h:
3252         (JSC::JITStubCall::JITStubCall): The m_returnType member is only used within
3253         assertions or if we're using JSVALUE32_64, so guard its uses with the appropriate
3254         #if.
3255         (JITStubCall): Ditto.
3256
3257 2012-08-23  Christophe Dumez  <christophe.dumez@intel.com>
3258
3259         Serialization of JavaScript values does not appear to respect new HTML5 Structured Clone semantics
3260         https://bugs.webkit.org/show_bug.cgi?id=65292
3261
3262         Reviewed by Oliver Hunt.
3263
3264         Add function to construct a StringObject from a JSValue.
3265         Similar functions already exist for NumberObject and
3266         BooleanObject for example.
3267
3268         Export several symbols so address linking errors in
3269         WebCore.
3270
3271         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3272         * runtime/BooleanObject.h:
3273         (BooleanObject):
3274         * runtime/NumberObject.h:
3275         (NumberObject):
3276         (JSC):
3277         * runtime/StringObject.cpp:
3278         (JSC::constructString):
3279         (JSC):
3280         * runtime/StringObject.h:
3281         (JSC):
3282
3283 2012-08-22  Filip Pizlo  <fpizlo@apple.com>
3284
3285         Array accesses should remember what kind of array they are predicted to access
3286         https://bugs.webkit.org/show_bug.cgi?id=94448
3287
3288         Reviewed by Gavin Barraclough.
3289
3290         Introduced the notion of DFG::Array::Mode, stored in node.arrayMode(), which allows nodes
3291         to remember how they decided to access arrays. This permits the bytecode parser to "lock in"
3292         the mode of access if it has profiling at its disposal, and it also allows the prediction
3293         propagator to do a fixup of the array mode later in the optimization fixpoint.
3294         
3295         This patch adds a healthy amount of new capability (specifically the ability of the parser
3296         to lock in an array mode regardless of type predictions) and it also blows away a lot of
3297         messy code.
3298
3299         * CMakeLists.txt:
3300         * GNUmakefile.list.am:
3301         * JavaScriptCore.xcodeproj/project.pbxproj:
3302         * Target.pri:
3303         * dfg/DFGAbstractState.cpp:
3304         (JSC::DFG::AbstractState::execute):
3305         * dfg/DFGArgumentsSimplificationPhase.cpp:
3306         (JSC::DFG::ArgumentsSimplificationPhase::run):
3307         * dfg/DFGArrayMode.cpp: Added.
3308         (DFG):
3309         (JSC::DFG::fromObserved):
3310         (JSC::DFG::refineArrayMode):
3311         (JSC::DFG::modeAlreadyChecked):
3312         (JSC::DFG::modeToString):
3313         * dfg/DFGArrayMode.h: Added.
3314         (DFG):
3315         (JSC::DFG::canCSEStorage):
3316         (JSC::DFG::modeForPut):
3317         (JSC::DFG::modesCompatibleForStorageLoad):
3318         (JSC::DFG::modeSupportsLength):
3319         * dfg/DFGByteCodeParser.cpp:
3320         (ByteCodeParser):
3321         (JSC::DFG::ByteCodeParser::getArrayModeWithoutOSRExit):
3322         (JSC::DFG::ByteCodeParser::getArrayMode):
3323         (JSC::DFG::ByteCodeParser::handleIntrinsic):
3324         (JSC::DFG::ByteCodeParser::parseBlock):
3325         * dfg/DFGCSEPhase.cpp:
3326         (JSC::DFG::CSEPhase::getByValLoadElimination):
3327         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
3328         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
3329         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
3330         (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
3331         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
3332         (JSC::DFG::CSEPhase::performNodeCSE):
3333         * dfg/DFGFixupPhase.cpp:
3334         (JSC::DFG::FixupPhase::fixupNode):
3335         * dfg/DFGGraph.cpp:
3336         (JSC::DFG::Graph::dump):
3337         * dfg/DFGGraph.h:
3338         (JSC::DFG::Graph::byValIsPure):
3339         (JSC::DFG::Graph::clobbersWorld):
3340         * dfg/DFGNode.h:
3341         (JSC::DFG::Node::hasArrayMode):
3342         (Node):
3343         (JSC::DFG::Node::arrayMode):
3344         (JSC::DFG::Node::setArrayMode):
3345         * dfg/DFGNodeType.h:
3346         (DFG):
3347         * dfg/DFGPredictionPropagationPhase.cpp:
3348         (JSC::DFG::PredictionPropagationPhase::propagate):
3349         * dfg/DFGSpeculativeJIT.cpp:
3350         (JSC::DFG::SpeculativeJIT::typedArrayDescriptor):
3351         (DFG):
3352         (JSC::DFG::SpeculativeJIT::speculateArray):
3353         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
3354         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
3355         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
3356         (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
3357         (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
3358         (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
3359         (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
3360         * dfg/DFGSpeculativeJIT.h:
3361         (SpeculativeJIT):
3362         * dfg/DFGSpeculativeJIT32_64.cpp:
3363         (JSC::DFG::SpeculativeJIT::compile):
3364         * dfg/DFGSpeculativeJIT64.cpp:
3365         (JSC::DFG::SpeculativeJIT::compile):
3366         * dfg/DFGStructureCheckHoistingPhase.cpp:
3367         (JSC::DFG::StructureCheckHoistingPhase::run):
3368
3369 2012-08-22  Geoffrey Garen  <ggaren@apple.com>
3370
3371         ThreadRestrictionVerifier should be opt-in, not opt-out
3372         https://bugs.webkit.org/show_bug.cgi?id=94761
3373
3374         Reviewed by Mark Hahnenberg.
3375
3376         Removed explicit calls to disable the verifier, since it's off by default now.
3377
3378         * parser/SourceProvider.h:
3379         (JSC::SourceProvider::SourceProvider):
3380         (SourceProvider):
3381         * runtime/SymbolTable.h:
3382         (JSC::SharedSymbolTable::SharedSymbolTable):
3383
3384 2012-08-22  Mark Hahnenberg  <mhahnenberg@apple.com>
3385
3386         Separate MarkStackThreadSharedData from MarkStack
3387         https://bugs.webkit.org/show_bug.cgi?id=94294
3388
3389         Reviewed by Filip Pizlo.
3390
3391         MarkStackThreadSharedData is soon going to have data to allow for a parallel copying 
3392         mode too, so to separate our concerns we should split it out into its own set of files 
3393         and rename it to GCThreadSharedData. For now this is purely a cosmetic refactoring.
3394
3395         * CMakeLists.txt:
3396         * GNUmakefile.list.am:
3397         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3398         * JavaScriptCore.xcodeproj/project.pbxproj:
3399         * Target.pri:
3400         * heap/GCThreadSharedData.cpp: Added.
3401         (JSC):
3402         (JSC::GCThreadSharedData::resetChildren):
3403         (JSC::GCThreadSharedData::childVisitCount):
3404         (JSC::GCThreadSharedData::markingThreadMain):
3405         (JSC::GCThreadSharedData::markingThreadStartFunc):
3406         (JSC::GCThreadSharedData::GCThreadSharedData):
3407         (JSC::GCThreadSharedData::~GCThreadSharedData):
3408         (JSC::GCThreadSharedData::reset):
3409         * heap/GCThreadSharedData.h: Added.
3410         (JSC):
3411         (GCThreadSharedData):
3412         * heap/Heap.h:
3413         (Heap):
3414         * heap/ListableHandler.h:
3415         (ListableHandler):
3416         * heap/MarkStack.cpp:
3417         (JSC::MarkStack::MarkStack):
3418         (JSC::MarkStack::~MarkStack):
3419         * heap/MarkStack.h:
3420         (JSC):
3421         (MarkStack):
3422         (JSC::MarkStack::sharedData):
3423         * heap/MarkStackInlineMethods.h: Added.
3424         (JSC):
3425         (JSC::MarkStack::append):
3426         (JSC::MarkStack::appendUnbarrieredPointer):
3427         (JSC::MarkStack::appendUnbarrieredValue):
3428         (JSC::MarkStack::internalAppend):
3429         (JSC::MarkStack::addWeakReferenceHarvester):
3430         (JSC::MarkStack::addUnconditionalFinalizer):
3431 &nbs