When getting the line number of a call into a call frame with no code block, it's

[WebKit-https.git] / Source / JavaScriptCore / ChangeLog

2012-03-02  Filip Pizlo  <fpizlo@apple.com>

        When getting the line number of a call into a call frame with no code block, it's
        incorrect to rely on the returnPC
        https://bugs.webkit.org/show_bug.cgi?id=80195

        Reviewed by Oliver Hunt.

        * interpreter/Interpreter.cpp:
        (JSC::getCallerInfo):
        * jit/JITCall.cpp:
        (JSC::JIT::compileLoadVarargs):

2012-03-02  Han Hojong  <hojong.han@samsung.com>

        Expected results updated for checking type conversion
        https://bugs.webkit.org/show_bug.cgi?id=80138

        Reviewed by Gavin Barraclough.

        * tests/mozilla/ecma/TypeConversion/9.3.1-3.js:

2012-03-02  Kenichi Ishibashi  <bashi@chromium.org>

        Adding WebSocket per-frame DEFLATE extension
        https://bugs.webkit.org/show_bug.cgi?id=77522

        Added USE(ZLIB) flag.

        Reviewed by Kent Tamura.

        * wtf/Platform.h:

2012-03-02  Filip Pizlo  <fpizlo@apple.com>

        Unreviewed build fix for platforms that have DFG_JIT disabled but PARALLEL_GC enabled.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::visitAggregate):

2012-03-01  Filip Pizlo  <fpizlo@apple.com>

        DFGCodeBlocks should not trace CodeBlocks that are also going to be traced by
        virtue of being in the transitive closure
        https://bugs.webkit.org/show_bug.cgi?id=80098
 
        Reviewed by Anders Carlsson.
        
        If DFGCodeBlocks traces a CodeBlock that might also be traced via its owner Executable,
        then you might have the visitAggregate() method called concurrently by multiple threads.
        This is benign on 64-bit -- visitAggregate() and everything it calls turns out to be
        racy and slightly imprecise but not unsound. But on 32-bit, visitAggregate() may crash
        due to word tearing in ValueProfile bucket updates inside of computeUpdatedPrediction().
        
        It would seem that the fix is just to have DFGCodeBlocks not trace CodeBlocks that are
        not jettisoned. But CodeBlocks may be jettisoned later during the GC, so it must trace
        any CodeBlock that it knows to be live by virtue of it being reachable from the stack.
        Hence the real fix is to make sure that concurrent calls into CodeBlock::visitAggregate()
        don't lead to two threads racing over each other as they clobber state. This patch
        achieves this with a simple CAS loop: whichever thread wins the CAS race (which is
        trivially linearizable) will get to trace the CodeBlock; all other threads give up and
        go home.
        
        Unfortunately there will be no new tests. It's possible to reproduce this maybe 1/10
        times by running V8-v6's raytrace repeatedly, using the V8 harness hacked to rerun it
        even when it's gotten sufficient counts. But that takes a while - sometimes up to a
        minute to get a crash. I have no other reliable repro case.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::visitAggregate):
        * bytecode/CodeBlock.h:
        (DFGData):
        * heap/DFGCodeBlocks.cpp:
        (JSC::DFGCodeBlocks::clearMarks):

2012-03-01  Filip Pizlo  <fpizlo@apple.com>

        The JIT should not crash the entire process just because there is not enough executable
        memory, if the LLInt is enabled
        https://bugs.webkit.org/show_bug.cgi?id=79962

        Reviewed by Csaba Osztrogonác.
        
        Fix for ARM, SH4.

        * assembler/AssemblerBufferWithConstantPool.h:
        (JSC::AssemblerBufferWithConstantPool::executableCopy):

2012-03-01  Ryosuke Niwa  <rniwa@webkit.org>

        Revert my change. Broke builds.
        Source/JavaScriptCore/wtf/Atomics.h:188: error: redefinition of 'bool WTF::weakCompareAndSwap(volatile uintptr_t*, uintptr_t, uintptr_t)'
        Source/JavaScriptCore/wtf/Atomics.h:122: error: 'bool WTF::weakCompareAndSwap(volatile unsigned int*, unsigned int, unsigned i

        * wtf/Atomics.h:
        (WTF):
        (WTF::weakCompareAndSwap):

2012-03-01  Ryosuke Niwa  <rniwa@webkit.org>

        Gcc build fix.

        Rubber-stamped by Filip Pizlo.

        * wtf/Atomics.h:
        (WTF):
        (WTF::weakCompareAndSwap):

2012-03-01  Gavin Barraclough  <barraclough@apple.com>

        ES5.1-15.3.5.4. prohibits Function.caller from [[Get]]ting a strict caller
        https://bugs.webkit.org/show_bug.cgi?id=80011

        Reviewed by Oliver Hunt.

        Also, fix getting the caller from within a bound function, for within a getter,
        or setter (make our implementation match other browsers).

        * interpreter/Interpreter.cpp:
        (JSC::getCallerInfo):
            - Allow this to get the caller of host functions.
        (JSC::Interpreter::retrieveCallerFromVMCode):
            - This should use getCallerInfo, and should skip over function bindings.
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::callerGetter):
            - This should never return a strict-mode function.

2012-03-01  Yuqiang Xian  <yuqiang.xian@intel.com>

        DFG local CSE for a node can be terminated earlier
        https://bugs.webkit.org/show_bug.cgi?id=80014

        Reviewed by Filip Pizlo.

        When one of the node's childredn is met in the process of back traversing
        the nodes, we don't need to traverse the remaining nodes.
        This is performance neutral on SunSpider, V8 and Kraken.

        * dfg/DFGCSEPhase.cpp:
        (JSC::DFG::CSEPhase::pureCSE):
        (JSC::DFG::CSEPhase::impureCSE):
        (JSC::DFG::CSEPhase::getByValLoadElimination):
        (JSC::DFG::CSEPhase::checkFunctionElimination):
        (JSC::DFG::CSEPhase::checkStructureLoadElimination):
        (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
        (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
        (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):

2012-02-29  Yuqiang Xian  <yuqiang.xian@intel.com>

        DFG BasicBlocks should not require that their nodes have continuous indices in the graph
        https://bugs.webkit.org/show_bug.cgi?id=79899

        Reviewed by Filip Pizlo.

        This will make it more convenient to insert nodes into the DFG.
        With this capability we now place the Phi nodes in the corresponding
        blocks.
        Local CSE is modified to not to rely on the assumption of continuous
        node indices in a block.
        This is performance neutral on SunSpider, V8 and Kraken.

        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::AbstractState):
        (JSC::DFG::AbstractState::beginBasicBlock):
        (JSC::DFG::AbstractState::execute):
        (JSC::DFG::AbstractState::clobberStructures):
        (JSC::DFG::AbstractState::mergeToSuccessors):
        (JSC::DFG::AbstractState::dump):
        * dfg/DFGAbstractState.h:
        (JSC::DFG::AbstractState::forNode):
        (AbstractState):
        * dfg/DFGArithNodeFlagsInferencePhase.cpp:
        (ArithNodeFlagsInferencePhase):
        * dfg/DFGBasicBlock.h:
        (JSC::DFG::BasicBlock::BasicBlock):
        (BasicBlock):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::addToGraph):
        (ByteCodeParser):
        (JSC::DFG::ByteCodeParser::insertPhiNode):
        (JSC::DFG::ByteCodeParser::handleInlining):
        (JSC::DFG::ByteCodeParser::parseBlock):
        (JSC::DFG::ByteCodeParser::processPhiStack):
        (JSC::DFG::ByteCodeParser::linkBlock):
        (JSC::DFG::ByteCodeParser::determineReachability):
        (JSC::DFG::ByteCodeParser::parseCodeBlock):
        * dfg/DFGCFAPhase.cpp:
        (JSC::DFG::CFAPhase::performBlockCFA):
        (CFAPhase):
        * dfg/DFGCSEPhase.cpp:
        (JSC::DFG::CSEPhase::CSEPhase):
        (JSC::DFG::CSEPhase::endIndexForPureCSE):
        (JSC::DFG::CSEPhase::pureCSE):
        (JSC::DFG::CSEPhase::impureCSE):
        (JSC::DFG::CSEPhase::globalVarLoadElimination):
        (JSC::DFG::CSEPhase::getByValLoadElimination):
        (JSC::DFG::CSEPhase::checkFunctionElimination):
        (JSC::DFG::CSEPhase::checkStructureLoadElimination):
        (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
        (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
        (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
        (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
        (JSC::DFG::CSEPhase::performNodeCSE):
        (JSC::DFG::CSEPhase::performBlockCSE):
        (CSEPhase):
        * dfg/DFGGraph.cpp:
        (JSC::DFG::Graph::dump):
        * dfg/DFGPhase.cpp:
        (JSC::DFG::Phase::beginPhase):
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
        (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
        (JSC::DFG::SpeculativeJIT::compile):
        (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
        (JSC::DFG::SpeculativeJIT::compileStrictEq):
        * dfg/DFGSpeculativeJIT.h:
        (SpeculativeJIT):
        (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
        (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
        * dfg/DFGVirtualRegisterAllocationPhase.cpp:
        (JSC::DFG::VirtualRegisterAllocationPhase::run):

2012-02-29  Filip Pizlo  <fpizlo@apple.com>

        The JIT should not crash the entire process just because there is not
        enough executable memory, if the LLInt is enabled
        https://bugs.webkit.org/show_bug.cgi?id=79962
        <rdar://problem/10922215>

        Unreviewed, adding forgotten file.

        * jit/JITCompilationEffort.h: Added.
        (JSC):

2012-02-29  Filip Pizlo  <fpizlo@apple.com>

        The JIT should not crash the entire process just because there is not
        enough executable memory, if the LLInt is enabled
        https://bugs.webkit.org/show_bug.cgi?id=79962
        <rdar://problem/10922215>

        Reviewed by Gavin Barraclough.
        
        Added the notion of JITCompilationEffort. If we're JIT'ing as a result of
        a tier-up, then we set it to JITCompilationCanFail. Otherwise it's
        JITCompilationMustSucceed. This preserves the old behavior of LLInt is
        disabled or if we're compiling something that can't be interpreted (like
        an OSR exit stub).

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * assembler/ARMAssembler.cpp:
        (JSC::ARMAssembler::executableCopy):
        * assembler/ARMAssembler.h:
        (ARMAssembler):
        * assembler/AssemblerBuffer.h:
        (JSC::AssemblerBuffer::executableCopy):
        * assembler/LinkBuffer.h:
        (JSC::LinkBuffer::LinkBuffer):
        (JSC::LinkBuffer::~LinkBuffer):
        (LinkBuffer):
        (JSC::LinkBuffer::didFailToAllocate):
        (JSC::LinkBuffer::isValid):
        (JSC::LinkBuffer::linkCode):
        (JSC::LinkBuffer::performFinalization):
        * assembler/MIPSAssembler.h:
        (JSC::MIPSAssembler::executableCopy):
        * assembler/SH4Assembler.h:
        (JSC::SH4Assembler::executableCopy):
        * assembler/X86Assembler.h:
        (JSC::X86Assembler::executableCopy):
        (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
        * bytecode/CodeBlock.cpp:
        (JSC::ProgramCodeBlock::jitCompileImpl):
        (JSC::EvalCodeBlock::jitCompileImpl):
        (JSC::FunctionCodeBlock::jitCompileImpl):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::jitCompile):
        (CodeBlock):
        (ProgramCodeBlock):
        (EvalCodeBlock):
        (FunctionCodeBlock):
        * dfg/DFGDriver.cpp:
        (JSC::DFG::compile):
        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::compile):
        (JSC::DFG::JITCompiler::compileFunction):
        * dfg/DFGJITCompiler.h:
        (JITCompiler):
        * jit/ExecutableAllocator.cpp:
        (JSC::DemandExecutableAllocator::allocateNewSpace):
        (JSC::ExecutableAllocator::allocate):
        * jit/ExecutableAllocator.h:
        (ExecutableAllocator):
        * jit/ExecutableAllocatorFixedVMPool.cpp:
        (JSC::ExecutableAllocator::allocate):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompile):
        * jit/JIT.h:
        (JSC::JIT::compile):
        (JIT):
        * jit/JITCompilationEffort.h: Added.
        (JSC):
        * jit/JITDriver.h:
        (JSC::jitCompileIfAppropriate):
        (JSC::jitCompileFunctionIfAppropriate):
        * llint/LLIntSlowPaths.cpp:
        (LLInt):
        (JSC::LLInt::jitCompileAndSetHeuristics):
        (JSC::LLInt::entryOSR):
        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
        * runtime/Executable.cpp:
        (JSC::EvalExecutable::jitCompile):
        (JSC::ProgramExecutable::jitCompile):
        (JSC::FunctionExecutable::jitCompileForCall):
        (JSC::FunctionExecutable::jitCompileForConstruct):
        * runtime/Executable.h:
        (EvalExecutable):
        (ProgramExecutable):
        (FunctionExecutable):
        (JSC::FunctionExecutable::jitCompileFor):
        * runtime/ExecutionHarness.h:
        (JSC::prepareForExecution):
        (JSC::prepareFunctionForExecution):

2012-02-29  No'am Rosenthal  <noam.rosenthal@nokia.com>

        [Qt][WK2] Get rid of the #ifdef mess in LayerTreeHost[Proxy]
        https://bugs.webkit.org/show_bug.cgi?id=79501

        Enable WTF_USE_UI_SIDE_COMPOSITING for Qt.

        Reviewed by Kenneth Rohde Christiansen.

        * wtf/Platform.h:

2012-02-29  Gavin Barraclough  <barraclough@apple.com>

        Rubber stamped by Oliver Hunt.

        * tests/mozilla/ecma_2/RegExp/constructor-001.js:
        * tests/mozilla/ecma_2/RegExp/function-001.js:
        * tests/mozilla/ecma_2/RegExp/properties-001.js:
            - Check in new test cases results.

2012-02-29  Mark Rowe  <mrowe@apple.com>

        Stop installing JSCLLIntOffsetsExtractor.

        Replace the separate TestRegExp and TestAPI xcconfig files with a single ToolExecutable xcconfig file
        that derives the product name from the target name. We can then use that xcconfig file for JSCLLIntOffsetsExtractor.
        This has the results of setting SKIP_INSTALL = YES for JSCLLIntOffsetsExtractor.

        While I was doing this fiddling I noticed that the JSCLLIntOffsetsExtractor target had a custom value
        for USER_HEADER_SEARCH_PATHS to allow it to find LLIntDesiredOffsets.h. A better way of doing that is
        to add LLIntDesiredOffsets.h to the Xcode project so that it'll be included in the header map. That
        allows us to remove the override of USER_HEADER_SEARCH_PATHS entirely. So I did that too!

        Reviewed by Filip Pizlo.

        * Configurations/TestRegExp.xcconfig: Removed.
        * Configurations/ToolExecutable.xcconfig: Renamed from Source/JavaScriptCore/Configurations/TestAPI.xcconfig.
        * JavaScriptCore.xcodeproj/project.pbxproj:

2012-02-28  Filip Pizlo  <fpizlo@apple.com>

        RefCounted::deprecatedTurnOffVerifier() should not be deprecated
        https://bugs.webkit.org/show_bug.cgi?id=79864

        Reviewed by Oliver Hunt.
        
        Removed the word "deprecated" from the name of this method, since this method
        should not be deprecated. It works just fine as it is, and there is simply no
        alternative to calling this method for many interesting JSC classes.

        * parser/SourceProvider.h:
        (JSC::SourceProvider::SourceProvider):
        * runtime/SymbolTable.h:
        (JSC::SharedSymbolTable::SharedSymbolTable):
        * wtf/MetaAllocator.cpp:
        (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
        (WTF::MetaAllocator::allocate):
        * wtf/RefCounted.h:
        (RefCountedBase):
        (WTF::RefCountedBase::turnOffVerifier):

2012-02-29  Gavin Barraclough  <barraclough@apple.com>

        'source' property of RegExp instance cannot be ""
        https://bugs.webkit.org/show_bug.cgi?id=79938

        Reviewed by Oliver Hunt.

        15.10.6.4 specifies that RegExp.prototype.toString must return '/' + source + '/',
        and also states that the result must be a valid RegularExpressionLiteral. '//' is
        not a valid RegularExpressionLiteral (since it is a single line comment), and hence
        source cannot ever validly be "". If the source is empty, return a different Pattern
        that would match the same thing.

        * runtime/RegExpObject.cpp:
        (JSC::regExpObjectSource):
            - Do not return "" if the source is empty, this would lead to invalid behaviour in toString.
        * runtime/RegExpPrototype.cpp:
        (JSC::regExpProtoFuncToString):
            - No need to special case the empty string - this should be being done by 'source'.

2012-02-29  Gavin Barraclough  <barraclough@apple.com>

        Writable attribute not set correctly when redefining an accessor to a data descriptor
        https://bugs.webkit.org/show_bug.cgi?id=79931

        Reviewed by Oliver Hunt.

        * runtime/JSObject.cpp:
        (JSC::JSObject::defineOwnProperty):
            - use attributesOverridingCurrent instead of attributesWithOverride.
        * runtime/PropertyDescriptor.cpp:
        * runtime/PropertyDescriptor.h:
            - remove attributesWithOverride - attributesOverridingCurrent does the same thing.

2012-02-29  Kevin Ollivier  <kevino@theolliviers.com>

        Add JSCore symbol exports needed by wx port
        https://bugs.webkit.org/show_bug.cgi?id=77280

        Reviewed by Hajime Morita.

        * wtf/ArrayBufferView.h:
        * wtf/ExportMacros.h:

2012-02-28  Raphael Kubo da Costa  <kubo@profusion.mobi>

        [CMake] Always build wtf as a static library.
        https://bugs.webkit.org/show_bug.cgi?id=79857

        Reviewed by Eric Seidel.

        To help the efforts in bug 75673 to move WTF out of
        JavaScriptCore, act more like the other ports and remove the
        possibility of building WTF as a shared library.

        It does not make much sense to, for example, ship WTF as a
        separate .so with webkit-efl packages, and it should be small
        enough not to cause problems during linking.

        * wtf/CMakeLists.txt:

2012-02-28  Dmitry Lomov  <dslomov@google.com>

        [JSC] Implement ArrayBuffer transfer
        https://bugs.webkit.org/show_bug.cgi?id=73493.
        Implement ArrayBuffer transfer, per Khronos spec:  http://www.khronos.org/registry/typedarray/specs/latest/#9.
        This brings parity with V8 implementation of transferable typed arrays.

        Reviewed by Oliver Hunt.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Extra export.
        * wtf/ArrayBuffer.h:
        (ArrayBuffer): Added extra export.

2012-02-28  Kevin Ollivier  <kevino@theolliviers.com>

        [wx] Unreviewed. Build fix after recent LLInt additions.
        
        * wscript:

2012-02-28  Mark Hahnenberg  <mhahnenberg@apple.com>

        Refactor SpeculativeJIT::emitAllocateJSFinalObject
        https://bugs.webkit.org/show_bug.cgi?id=79801

        Reviewed by Filip Pizlo.

        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): Split emitAllocateJSFinalObject out to form this
        function, which is more generic in that it can allocate a variety of classes.
        (SpeculativeJIT):
        (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Changed to use the new helper function.

2012-02-28  Gavin Barraclough  <barraclough@apple.com>

        [[Get]]/[[Put]] for primitives should not wrap on strict accessor call
        https://bugs.webkit.org/show_bug.cgi?id=79588

        Reviewed by Oliver Hunt.

        In the case of [[Get]], this is a pretty trivial bug - just don't wrap
        primitives at the point you call a getter.

        For setters, this is a little more involved, since we have already wrapped
        the value up in a synthesized object. Stop doing so. There is also a further
        subtely, that in strict mode all attempts to create a new data property on
        the object should throw.

        * runtime/JSCell.cpp:
        (JSC::JSCell::put):
            - [[Put]] to a string primitive should use JSValue::putToPrimitive.
        * runtime/JSObject.cpp:
        (JSC::JSObject::put):
            - Remove static function called in one place.
        * runtime/JSObject.h:
        (JSC::JSValue::put):
            - [[Put]] to a non-cell JSValue should use JSValue::putToPrimitive.
        * runtime/JSValue.cpp:
        (JSC::JSValue::synthesizePrototype):
            - Add support for synthesizing the prototype of strings.
        (JSC::JSValue::putToPrimitive):
            - Added, implements [[Put]] for primitive bases, per 8.7.2.
        * runtime/JSValue.h:
        (JSValue):
            - Add declaration for JSValue::putToPrimitive.
        * runtime/PropertySlot.cpp:
        (JSC::PropertySlot::functionGetter):
            - Don't call ToObject on primitive this values.

2012-02-28  Mark Hahnenberg  <mhahnenberg@apple.com>

        Re-enable parallel GC on Mac
        https://bugs.webkit.org/show_bug.cgi?id=79837

        Rubber stamped by Filip Pizlo.

        * runtime/Options.cpp:
        (JSC::Options::initializeOptions): We accidentally disabled parallel GC with this line,
        so we removed it and things should go back to normal.

2012-02-28  Filip Pizlo  <fpizlo@apple.com>

        Some run-javascriptcore-tests broken for 32-bit debug
        https://bugs.webkit.org/show_bug.cgi?id=79844

        Rubber stamped by Oliver Hunt.
        
        These assertions are just plain wrong for 32-bit. We could either have a massive
        assertion that depends on value representation, that has to be changed every
        time we change the JITs, resulting in a bug tail of debug-mode crashes, or we
        could get rid of the assertions. I pick the latter.

        * dfg/DFGOperations.cpp:
        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):

2012-02-28  Mark Hahnenberg  <mhahnenberg@apple.com>

        Get rid of padding cruft in CopiedBlock
        https://bugs.webkit.org/show_bug.cgi?id=79686

        Reviewed by Filip Pizlo.

        * heap/CopiedBlock.h:
        (CopiedBlock): Removed the extra padding that was used for alignment purposes until 
        the calculation of the payload offset into CopiedBlocks was redone recently.

2012-02-28  Anders Carlsson  <andersca@apple.com>

        Fix build with newer versions of clang.

        Clang now warns since we're not passing a CFString literal to CFStringCreateWithFormatAndArguments,
        but it's OK to ignore this warning since clang is also checking that the caller (vprintf_stderr_common)
        takes a string literal.

        * wtf/Assertions.cpp:

2012-02-28  Mario Sanchez Prada  <msanchez@igalia.com>

        [GTK] Add GMainLoop and GMainContext to be handled by GRefPtr
        https://bugs.webkit.org/show_bug.cgi?id=79496

        Reviewed by Martin Robinson.

        Handle GMainLoop and GMainContext in GRefPtr, by calling
        g_main_loop_(un)ref and g_main_context_(un)ref in the
        implementation of the refGPtr and derefGPtr template functions.

        * wtf/gobject/GRefPtr.cpp:
        (WTF::refGPtr):
        (WTF):
        (WTF::derefGPtr):
        * wtf/gobject/GRefPtr.h:
        (WTF):
        * wtf/gobject/GTypedefs.h:

2012-02-28  Yong Li  <yoli@rim.com>

        JSString::resolveRope() should report extra memory cost to the heap.
        https://bugs.webkit.org/show_bug.cgi?id=79555

        Reviewed by Michael Saboff.

        At the time a JSString is constructed with fibers, it doesn't report
        extra memory cost, which is reasonable because it hasn't allocate
        new memory. However when the rope is resolved, it should report meory
        cost for the new buffer.

        * runtime/JSString.cpp:
        (JSC::JSString::resolveRope):

2012-02-27  Oliver Hunt  <oliver@apple.com>

        sputnik/Unicode/Unicode_500/S7.2_A1.6_T1.html crashes in the interpreter
        https://bugs.webkit.org/show_bug.cgi?id=79728

        Reviewed by Gavin Barraclough.

        When initialising a chained get instruction we may end up in a state where
        the instruction stream says we have a scopechain, but it has not yet been set
        (eg. if allocating the StructureChain itself is what leads to the GC).  We could
        re-order the allocation, but it occurs in a couple of places, so it seems less
        fragile simply to null check the scopechain slot before we actually visit the slot.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::visitStructures):

2012-02-27  Filip Pizlo  <fpizlo@apple.com>

        Old JIT's style of JSVALUE64 strict equality is subtly wrong
        https://bugs.webkit.org/show_bug.cgi?id=79700

        Reviewed by Oliver Hunt.

        * assembler/MacroAssemblerX86_64.h:
        (JSC::MacroAssemblerX86_64::comparePtr):
        (MacroAssemblerX86_64):
        * dfg/DFGOperations.cpp:
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
        * jit/JITOpcodes.cpp:
        (JSC::JIT::compileOpStrictEq):
        (JSC::JIT::emitSlow_op_stricteq):
        (JSC::JIT::emitSlow_op_nstricteq):
        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):

2012-02-27  Gavin Barraclough  <barraclough@apple.com>

        Implement support for op_negate and op_bitnot in the DFG JIT
        https://bugs.webkit.org/show_bug.cgi?id=79617

        Reviewed by Filip Pizlo.

        Add an ArithNegate op to the DFG JIT, to implement op_negate.

        This patch also adds support for op_negate to the JSVALUE64 baseline JIT
        (JSVALUE32_64 already had this), so that we can profile the slowpath usage.

        This is a 2.5%-3% Sunspider progression and a 1% win on Kraken.

        * assembler/ARMv7Assembler.h:
        (JSC::ARMv7Assembler::sub_S):
            - Added sub_S from immediate.
        (ARMv7Assembler):
        (JSC::ARMv7Assembler::vneg):
            - Added double negate.
        * assembler/MacroAssemblerARMv7.h:
        (JSC::MacroAssemblerARMv7::negateDouble):
            - Added double negate.
        (MacroAssemblerARMv7):
        (JSC::MacroAssemblerARMv7::branchNeg32):
            - Added.
        * assembler/MacroAssemblerX86.h:
        (MacroAssemblerX86):
            - moved loadDouble, absDouble to common.
        * assembler/MacroAssemblerX86Common.h:
        (MacroAssemblerX86Common):
        (JSC::MacroAssemblerX86Common::absDouble):
            - implementation can be shared.
        (JSC::MacroAssemblerX86Common::negateDouble):
            - Added.
        (JSC::MacroAssemblerX86Common::loadDouble):
            - allow absDouble to have a common implementation.
        * assembler/MacroAssemblerX86_64.h:
        (MacroAssemblerX86_64):
            - moved loadDouble, absDouble to common.
        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::execute):
            - support ArithNegate.
        * dfg/DFGArithNodeFlagsInferencePhase.cpp:
        (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
            - support ArithNegate.
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::makeSafe):
            - support ArithNegate.
        (JSC::DFG::ByteCodeParser::parseBlock):
            - support op_negate.
        * dfg/DFGCSEPhase.cpp:
        (JSC::DFG::CSEPhase::performNodeCSE):
            - support ArithNegate.
        * dfg/DFGCapabilities.h:
        (JSC::DFG::canCompileOpcode):
            - support op_negate.
        * dfg/DFGGraph.h:
        (JSC::DFG::Graph::negateShouldSpeculateInteger):
            - support ArithNegate.
        * dfg/DFGNode.h:
        (JSC::DFG::Node::hasArithNodeFlags):
            - support ArithNegate.
        * dfg/DFGPredictionPropagationPhase.cpp:
        (JSC::DFG::PredictionPropagationPhase::propagate):
            - support ArithNegate.
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileArithNegate):
            - support ArithNegate.
        * dfg/DFGSpeculativeJIT.h:
        (SpeculativeJIT):
            - support ArithNegate.
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
            - support ArithNegate.
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
            - support ArithNegate.
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompileSlowCases):
            - Add support for op_negate in JSVALUE64.
        * jit/JITArithmetic.cpp:
        (JSC::JIT::emit_op_negate):
        (JSC::JIT::emitSlow_op_negate):
            - Add support for op_negate in JSVALUE64.

2012-02-27  Mahesh Kulkarni  <mahesh.kulkarni@nokia.com>

        Unreviewed. Build fix for linux-bot (qt) after r109021.

        * runtime/Error.cpp:

2012-02-27  Oliver Hunt  <oliver@apple.com>

        REGRESSION (r108112): AWS Management Console at amazon.com fails to initialize
        https://bugs.webkit.org/show_bug.cgi?id=79693

        Reviewed by Filip Pizlo.

        Alas we can't provide the stack trace as an array, as despite everyone wanting
        an array, everyone arbitrarily creates the array by calling split on the stack
        trace.  To create the array we would have provided them in the first place.

        This changes the exception's stack property to a \n separated string.  To get the
        old array just do <exception>.stack.split("\n").

        * runtime/Error.cpp:
        (JSC::addErrorInfo):

2012-02-27  Gavin Barraclough  <barraclough@apple.com>

        RegExp lastIndex should behave as a regular property
        https://bugs.webkit.org/show_bug.cgi?id=79446

        Reviewed by Sam Weinig.

        lastIndex should be a regular data descriptor, with the attributes configurable:false,
        enumerable:false, writable:true. As such, it should be possible to reconfigure writable
        as false. If the lastIndex property is reconfigured to be read-only, we should respect
        this correctly.

        * runtime/CommonIdentifiers.h:
            - Removed some unused identifiers, added lastIndex.
        * runtime/RegExpObject.cpp:
        (JSC::RegExpObject::getOwnPropertySlot):
            - lastIndex is no longer a static value, provided specific handling.
        (JSC::RegExpObject::getOwnPropertyDescriptor):
            - lastIndex is no longer a static value, provided specific handling.
        (JSC::RegExpObject::deleteProperty):
            - lastIndex is no longer a static value, provided specific handling.
        (JSC::RegExpObject::getOwnPropertyNames):
            - lastIndex is no longer a static value, provided specific handling.
        (JSC::RegExpObject::getPropertyNames):
            - lastIndex is no longer a static value, provided specific handling.
        (JSC::reject):
            - helper function for defineOwnProperty.
        (JSC::RegExpObject::defineOwnProperty):
            - lastIndex is no longer a static value, provided specific handling.
        (JSC::RegExpObject::put):
            - lastIndex is no longer a static value, provided specific handling.
        (JSC::RegExpObject::match):
            - Pass setLastIndex an ExecState, so it can throw if read-only.
        * runtime/RegExpObject.h:
        (JSC::RegExpObject::setLastIndex):
            - Pass setLastIndex an ExecState, so it can throw if read-only.
        (RegExpObjectData):
            - Added lastIndexIsWritable.
        * runtime/RegExpPrototype.cpp:
        (JSC::regExpProtoFuncCompile):
            - Pass setLastIndex an ExecState, so it can throw if read-only.

2012-02-27  Gavin Barraclough  <barraclough@apple.com>

        Implement support for op_negate and op_bitnot in the DFG JIT
        https://bugs.webkit.org/show_bug.cgi?id=79617

        Reviewed by Sam Weinig.

        Remove op_bitnop - this is redundant, ~x === x^-1.
        This is a fractional (<1%) progression.

        Remove not32(X) from the MacroAssemblers - make this an optimization to add32(-1, X).
        Remove CanReuse from the result type - this was unused.
        Remove op_bitnot.

        * assembler/MacroAssemblerARM.h:
        (MacroAssemblerARM):
        (JSC::MacroAssemblerARM::xor32):
        * assembler/MacroAssemblerARMv7.h:
        (MacroAssemblerARMv7):
        (JSC::MacroAssemblerARMv7::xor32):
        * assembler/MacroAssemblerMIPS.h:
        (MacroAssemblerMIPS):
        (JSC::MacroAssemblerMIPS::xor32):
        * assembler/MacroAssemblerSH4.h:
        (MacroAssemblerSH4):
        (JSC::MacroAssemblerSH4::xor32):
        * assembler/MacroAssemblerX86Common.h:
        (MacroAssemblerX86Common):
        (JSC::MacroAssemblerX86Common::xor32):
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * bytecode/Opcode.h:
        (JSC):
        (JSC::padOpcodeName):
        * bytecompiler/NodesCodegen.cpp:
        (JSC):
        (JSC::BitwiseNotNode::emitBytecode):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::privateExecute):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompileSlowCases):
        * jit/JIT.h:
        (JIT):
        * jit/JITArithmetic32_64.cpp:
        (JSC):
        * jit/JITOpcodes.cpp:
        (JSC):
        * jit/JITStubs.cpp:
        (JSC):
        * jit/JITStubs.h:
        * llint/LLIntSlowPaths.cpp:
        (LLInt):
        * llint/LLIntSlowPaths.h:
        (LLInt):
        * llint/LowLevelInterpreter32_64.asm:
        * parser/NodeConstructors.h:
        (JSC::NegateNode::NegateNode):
        (JSC::BitwiseNotNode::BitwiseNotNode):
        (JSC::MultNode::MultNode):
        (JSC::DivNode::DivNode):
        (JSC::ModNode::ModNode):
        (JSC::SubNode::SubNode):
        (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
        * parser/Nodes.h:
        (BitwiseNotNode):
        (JSC::BitwiseNotNode::expr):
        (JSC):
        * parser/ResultType.h:
        (ResultType):
        (JSC::ResultType::numberTypeIsInt32):
        (JSC::ResultType::stringOrNumberType):
        (JSC::ResultType::forAdd):
        (JSC::ResultType::forBitOp):

2012-02-27  Michael Saboff  <msaboff@apple.com>

        Error check regexp min quantifier
        https://bugs.webkit.org/show_bug.cgi?id=70648

        Reviewed by Gavin Barraclough.

        Added checking for min or only quantifier being UINT_MAX.
        When encountered this becomes a SyntaxError during parsing.

        * yarr/YarrParser.h:
        (JSC::Yarr::Parser::parseQuantifier):
        (JSC::Yarr::Parser::parse):
        (Parser):

2012-02-27  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix make distcheck.

        * GNUmakefile.list.am: Add missing files.

2012-02-26  Hajime Morrita  <morrita@chromium.org>

        Move ChromeClient::showContextMenu() to ContextMenuClient
        https://bugs.webkit.org/show_bug.cgi?id=79427

        Reviewed by Adam Barth.

        Added ACCESSIBILITY_CONTEXT_MENUS.

        * wtf/Platform.h:

2012-02-26  Filip Pizlo  <fpizlo@apple.com>

        LayoutTests/fast/xpath/xpath-functional-test.html is crashing in the DFG
        https://bugs.webkit.org/show_bug.cgi?id=79616

        Reviewed by Oliver Hunt.
        
        Guard against the fact that in JSVALUE64, JSValue().isCell() == true.

        * dfg/DFGAbstractValue.h:
        (JSC::DFG::AbstractValue::validate):

2012-02-26  Filip Pizlo  <fpizlo@apple.com>

        DFG should support activations and nested functions
        https://bugs.webkit.org/show_bug.cgi?id=79554

        Reviewed by Sam Weinig.
        
        Fix 32-bit. The 32-bit function+activation code had some really weird
        register reuse bugs.

        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):

2012-02-26  Filip Pizlo  <fpizlo@apple.com>

        Getting the instruction stream for a code block should not require two loads
        https://bugs.webkit.org/show_bug.cgi?id=79608

        Reviewed by Sam Weinig.
        
        Introduced the RefCountedArray class, which contains a single inline pointer
        to a ref-counted non-resizeable vector backing store. This satisfies the
        requirements of CodeBlock, which desires the ability to share instruction
        streams with other CodeBlocks. It also reduces the number of loads required
        for getting the instruction stream by one.
        
        This patch also gets rid of the bytecode discarding logic, since we don't
        use it anymore and it's unlikely to ever work right with DFG or LLInt. And
        I didn't feel like porting dead code to use RefCountedArray.

        * GNUmakefile.list.am:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bytecode/CodeBlock.cpp:
        (JSC::instructionOffsetForNth):
        (JSC::CodeBlock::dump):
        (JSC::CodeBlock::CodeBlock):
        (JSC::CodeBlock::finalizeUnconditionally):
        (JSC::CodeBlock::handlerForBytecodeOffset):
        (JSC::CodeBlock::lineNumberForBytecodeOffset):
        (JSC::CodeBlock::expressionRangeForBytecodeOffset):
        (JSC::CodeBlock::shrinkToFit):
        * bytecode/CodeBlock.h:
        (CodeBlock):
        (JSC::CodeBlock::numberOfInstructions):
        (JSC::CodeBlock::instructions):
        (JSC::CodeBlock::instructionCount):
        (JSC::CodeBlock::valueProfileForBytecodeOffset):
        (JSC):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::Label::setLocation):
        (JSC):
        (JSC::BytecodeGenerator::generate):
        (JSC::BytecodeGenerator::newLabel):
        * bytecompiler/BytecodeGenerator.h:
        (JSC):
        (BytecodeGenerator):
        (JSC::BytecodeGenerator::instructions):
        * bytecompiler/Label.h:
        (JSC::Label::Label):
        (Label):
        * dfg/DFGByteCodeCache.h:
        (JSC::DFG::ByteCodeCache::~ByteCodeCache):
        (JSC::DFG::ByteCodeCache::get):
        * jit/JITExceptions.cpp:
        (JSC::genericThrow):
        * llint/LowLevelInterpreter32_64.asm:
        * runtime/Executable.cpp:
        (JSC::EvalExecutable::compileInternal):
        (JSC::ProgramExecutable::compileInternal):
        (JSC::FunctionExecutable::codeBlockWithBytecodeFor):
        (JSC::FunctionExecutable::produceCodeBlockFor):
        * wtf/RefCountedArray.h: Added.
        (WTF):
        (RefCountedArray):
        (WTF::RefCountedArray::RefCountedArray):
        (WTF::RefCountedArray::operator=):
        (WTF::RefCountedArray::~RefCountedArray):
        (WTF::RefCountedArray::size):
        (WTF::RefCountedArray::data):
        (WTF::RefCountedArray::begin):
        (WTF::RefCountedArray::end):
        (WTF::RefCountedArray::at):
        (WTF::RefCountedArray::operator[]):
        (Header):
        (WTF::RefCountedArray::Header::size):
        (WTF::RefCountedArray::Header::payload):
        (WTF::RefCountedArray::Header::fromPayload):
        * wtf/Platform.h:

2012-02-26  Yusuke Suzuki  <utatane.tea@gmail.com>

        StringLiteral and NumericLiteral are allowed as ObjectLiteral getter / setter name
        https://bugs.webkit.org/show_bug.cgi?id=79571

        Reviewed by Gavin Barraclough.

        * parser/ASTBuilder.h:
        (JSC::ASTBuilder::createGetterOrSetterProperty):
        * parser/Parser.cpp:
        (JSC::::parseProperty):
        * parser/SyntaxChecker.h:
        (JSC::SyntaxChecker::createGetterOrSetterProperty):

2012-02-26  Mark Hahnenberg  <mhahnenberg@apple.com>

        Implement fast path for op_new_array in the baseline JIT
        https://bugs.webkit.org/show_bug.cgi?id=78612

        Reviewed by Filip Pizlo.

        heap/CopiedAllocator.h:
        (CopiedAllocator): Friended the JIT to allow access to m_currentOffset.
        * heap/CopiedSpace.h:
        (CopiedSpace): Friended the JIT to allow access to isOversize.
        (JSC::CopiedSpace::allocator):
        * heap/Heap.h:
        (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT
        can use it for simple allocation i.e. when we can just bump the offset without having to 
        do anything else.
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when
        we have to bail out because the fast allocation path fails for whatever reason.
        * jit/JIT.h:
        (JIT):
        * jit/JITInlineMethods.h:
        (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to 
        allocate generic backing stores. This function is used by emitAllocateJSArray.
        (JSC):
        (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to 
        more easily allocate JSArrays. This function is used by emit_op_new_array and I expect 
        it will also be used for emit_op_new_array_buffer.
        * jit/JITOpcodes.cpp:
        (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does 
        a stub call for oversize arrays.
        (JSC):
        (JSC::JIT::emitSlow_op_new_array): New slow path that just bails out to a stub call if we 
        fail in any way on the fast path.
        * runtime/JSArray.cpp:
        (JSC):
        * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to 
        initialize in the JIT.
        (ArrayStorage):
        (JSC::ArrayStorage::lengthOffset):
        (JSC::ArrayStorage::numValuesInVectorOffset):
        (JSC::ArrayStorage::allocBaseOffset):
        (JSC::ArrayStorage::vectorOffset):
        (JSArray):
        (JSC::JSArray::sparseValueMapOffset):
        (JSC::JSArray::subclassDataOffset):
        (JSC::JSArray::indexBiasOffset):
        (JSC):
        (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file
        to being a static function in the JSArray class. This move allows the JIT to call it to 
        see what size it should allocate.

2012-02-26  Patrick Gansterer  <paroga@webkit.org>

        Unreviewed. Build fix for ENABLE(CLASSIC_INTERPRETER) after r108681.

        * interpreter/Interpreter.cpp:
        (JSC::getLineNumberForCallFrame):
        (JSC::Interpreter::getStackTrace):

2012-02-26  Patrick Gansterer  <paroga@webkit.org>

        Unreviewed. Build fix for !ENABLE(JIT) after r108681.

        * interpreter/Interpreter.cpp:
        (JSC::getLineNumberForCallFrame):

2012-02-25  Filip Pizlo  <fpizlo@apple.com>

        LLInt assembly file should be split into 32-bit and 64-bit parts
        https://bugs.webkit.org/show_bug.cgi?id=79584

        Reviewed by Sam Weinig.
        
        Moved LowLevelInterpreter.asm to LowLevelInterpreter32_64.asm. Gave offlineasm
        the ability to include files, and correctly track dependencies: it restricts
        the include mechanism to using the same directory as the source file, and uses
        the SHA1 hash of all .asm files in that directory as an input hash.

        * llint/LLIntOfflineAsmConfig.h:
        * llint/LowLevelInterpreter.asm:
        * llint/LowLevelInterpreter32_64.asm: Added.
            - This is just the entire contents of what was previously LowLevelInterpreter.asm
        * llint/LowLevelInterpreter64.asm: Added.
        * offlineasm/asm.rb:
        * offlineasm/ast.rb:
        * offlineasm/generate_offset_extractor.rb:
        * offlineasm/parser.rb:
        * offlineasm/self_hash.rb:

2012-02-25  Filip Pizlo  <fpizlo@apple.com>

        Offlineasm should support X86_64
        https://bugs.webkit.org/show_bug.cgi?id=79581

        Reviewed by Oliver Hunt.

        * llint/LLIntOfflineAsmConfig.h:
        * offlineasm/backends.rb:
        * offlineasm/instructions.rb:
        * offlineasm/settings.rb:
        * offlineasm/x86.rb:

2012-02-25  Filip Pizlo  <fpizlo@apple.com>

        DFG should support activations and nested functions
        https://bugs.webkit.org/show_bug.cgi?id=79554

        Reviewed by Oliver Hunt.
        
        Wrote the simplest possible implementation of activations. Big speed-up on
        code that uses activations, no speed-up on major benchmarks (SunSpider, V8,
        Kraken) because they do not appear to have sufficient coverage over code
        that uses activations.

        * bytecode/PredictedType.cpp:
        (JSC::predictionToString):
        (JSC::predictionFromValue):
        * bytecode/PredictedType.h:
        (JSC):
        (JSC::isEmptyPrediction):
        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::execute):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::ByteCodeParser):
        (ByteCodeParser):
        (JSC::DFG::ByteCodeParser::parseBlock):
        (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
        (JSC::DFG::ByteCodeParser::parse):
        * dfg/DFGCapabilities.h:
        (JSC::DFG::canCompileOpcode):
        (JSC::DFG::canInlineOpcode):
        * dfg/DFGGraph.h:
        (JSC::DFG::Graph::needsActivation):
        * dfg/DFGNode.h:
        (DFG):
        (JSC::DFG::Node::storageAccessDataIndex):
        (Node):
        (JSC::DFG::Node::hasFunctionDeclIndex):
        (JSC::DFG::Node::functionDeclIndex):
        (JSC::DFG::Node::hasFunctionExprIndex):
        (JSC::DFG::Node::functionExprIndex):
        * dfg/DFGOperations.cpp:
        * dfg/DFGOperations.h:
        * dfg/DFGPredictionPropagationPhase.cpp:
        (JSC::DFG::PredictionPropagationPhase::propagate):
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
        (DFG):
        (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression):
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::callOperation):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):

2012-02-25  Benjamin Poulain  <benjamin@webkit.org>

        Add an empty skeleton of KURL for WTFURL
        https://bugs.webkit.org/show_bug.cgi?id=78990

        Reviewed by Adam Barth.

        * JavaScriptCore.xcodeproj/project.pbxproj: Export the relevant classes from WTFURL
        so that can use them in WebCore.

2012-02-25  Filip Pizlo  <fpizlo@apple.com>

        Unreviewed, fix build for DFG disabled and LLInt enabled.

        * jit/JIT.cpp:
        (JSC::JIT::privateCompile):
        * llint/LLIntSlowPaths.cpp:
        (LLInt):
        (JSC::LLInt::LLINT_SLOW_PATH_DECL):

2012-02-25  Mark Hahnenberg  <mhahnenberg@apple.com>

        Fix the CopiedBlock offset alignment in a cross platform fashion
        https://bugs.webkit.org/show_bug.cgi?id=79556

        Reviewed by Filip Pizlo.

        Replaced m_payload with a payload() method that calculates the offset
        of the payload with the proper alignment. This change allows us to 
        avoid alignment-related issues in a cross-platform manner.

        * heap/CopiedAllocator.h:
        (JSC::CopiedAllocator::currentUtilization):
        * heap/CopiedBlock.h:
        (JSC::CopiedBlock::CopiedBlock):
        (JSC::CopiedBlock::payload):
        (CopiedBlock):
        * heap/CopiedSpace.cpp:
        (JSC::CopiedSpace::doneFillingBlock):
        * heap/CopiedSpaceInlineMethods.h:
        (JSC::CopiedSpace::borrowBlock):
        (JSC::CopiedSpace::allocateFromBlock):

2012-02-24  Michael Saboff  <msaboff@apple.com>

        Unreviewed, Windows build fix.  Changed signature in export to match
        change made in r108858.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2012-02-24  Filip Pizlo  <fpizlo@apple.com>

        DFG support for op_new_regexp should be enabled
        https://bugs.webkit.org/show_bug.cgi?id=79538

        Reviewed by Oliver Hunt.
        
        No performance change.

        * dfg/DFGCapabilities.h:
        (JSC::DFG::canCompileOpcode):
        * dfg/DFGCommon.h:

2012-02-24  Michael Saboff  <msaboff@apple.com>

        ASSERT(position < 0) in JSC::Yarr::Interpreter::InputStream::readChecked
        https://bugs.webkit.org/show_bug.cgi?id=73728

        Reviewed by Gavin Barraclough.

        Fixed the mixing of signed and unsigned character indeces in YARR
        interpreter.

        * runtime/RegExp.cpp:
        (JSC::RegExp::match): Added code to check for match longer than 2^31 and
        return no match after resetting the offsets.
        * yarr/YarrInterpreter.cpp: Changed to use unsigned for all character index
        handling except when matching back references.
        (JSC::Yarr::Interpreter::InputStream::readChecked):
        (JSC::Yarr::Interpreter::InputStream::checkInput):
        (JSC::Yarr::Interpreter::InputStream::uncheckInput):
        (JSC::Yarr::Interpreter::InputStream::atStart):
        (JSC::Yarr::Interpreter::InputStream::atEnd):
        (JSC::Yarr::Interpreter::InputStream::isAvailableInput):
        (JSC::Yarr::Interpreter::checkCharacter):
        (JSC::Yarr::Interpreter::checkCasedCharacter):
        (JSC::Yarr::Interpreter::checkCharacterClass):
        (JSC::Yarr::Interpreter::tryConsumeBackReference):
        (JSC::Yarr::Interpreter::matchAssertionBOL):
        (JSC::Yarr::Interpreter::matchAssertionWordBoundary):
        (JSC::Yarr::Interpreter::backtrackPatternCharacter):
        (JSC::Yarr::Interpreter::backtrackPatternCasedCharacter):
        (JSC::Yarr::Interpreter::matchCharacterClass):
        (JSC::Yarr::Interpreter::backtrackCharacterClass):
        (JSC::Yarr::Interpreter::matchParenthesesOnceBegin):
        (JSC::Yarr::Interpreter::matchDisjunction):
        (JSC::Yarr::Interpreter::interpret):
        (JSC::Yarr::ByteCompiler::assertionBOL):
        (JSC::Yarr::ByteCompiler::assertionEOL):
        (JSC::Yarr::ByteCompiler::assertionWordBoundary):
        (JSC::Yarr::ByteCompiler::atomPatternCharacter):
        (JSC::Yarr::ByteCompiler::atomCharacterClass):
        (JSC::Yarr::ByteCompiler::atomBackReference):
        (JSC::Yarr::ByteCompiler::atomParenthesesOnceBegin):
        (JSC::Yarr::ByteCompiler::atomParenthesesTerminalBegin):
        (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternBegin):
        (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
        (JSC::Yarr::ByteCompiler::emitDisjunction):
        * yarr/YarrInterpreter.h:

2012-02-24  Filip Pizlo  <fpizlo@apple.com>

        Unreviewed, build fix for builds where the DFG is disabled but the LLInt is
        enabled.

        * llint/LLIntOfflineAsmConfig.h:
        * llint/LowLevelInterpreter.asm:

2012-02-24  Filip Pizlo  <fpizlo@apple.com>

        DFG should be able to handle variables getting captured
        https://bugs.webkit.org/show_bug.cgi?id=79469

        Reviewed by Oliver Hunt.
        
        Made captured variables work by placing a Flush on the SetLocal and
        forcing the emission of the GetLocal even if copy propagation tells us
        who has the value.
        
        Changed the CFA and various prediction codes to understand that we can't
        really prove anything about captured variables. Well, we could in the
        future by just looking at what side effects are happening, but in this
        first cut we just assume that we can't reason about captured variables.
        
        Also added a mode where the DFG pretends that all variables and arguments
        got captured. Used this mode to harden the code.
        
        This is performance neutral. Capturing all variables is a slow down, but
        not too big of one. This seems to predict that when we add activation
        support, the amount of speed benefit we'll get from increased coverage
        will far outweigh the pessimism that we'll have to endure for captured
        variables.

        * bytecode/CodeType.h:
        (JSC::codeTypeToString):
        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::initialize):
        (JSC::DFG::AbstractState::endBasicBlock):
        (JSC::DFG::AbstractState::execute):
        (JSC::DFG::AbstractState::merge):
        * dfg/DFGAbstractState.h:
        (AbstractState):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::getLocal):
        (JSC::DFG::ByteCodeParser::setLocal):
        (JSC::DFG::ByteCodeParser::getArgument):
        (JSC::DFG::ByteCodeParser::setArgument):
        (JSC::DFG::ByteCodeParser::flushArgument):
        (JSC::DFG::ByteCodeParser::handleInlining):
        (JSC::DFG::ByteCodeParser::processPhiStack):
        (JSC::DFG::ByteCodeParser::parseCodeBlock):
        (JSC::DFG::ByteCodeParser::parse):
        * dfg/DFGCapabilities.h:
        (JSC::DFG::mightInlineFunctionForCall):
        (JSC::DFG::mightInlineFunctionForConstruct):
        * dfg/DFGCommon.h:
        * dfg/DFGGraph.h:
        (JSC::DFG::Graph::needsActivation):
        (Graph):
        (JSC::DFG::Graph::argumentIsCaptured):
        (JSC::DFG::Graph::localIsCaptured):
        (JSC::DFG::Graph::isCaptured):
        * dfg/DFGNode.h:
        (JSC::DFG::Node::shouldGenerate):
        * dfg/DFGPredictionPropagationPhase.cpp:
        (JSC::DFG::PredictionPropagationPhase::propagate):
        (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
        * dfg/DFGSpeculativeJIT.cpp:
        (DFG):
        (JSC::DFG::ValueSource::dump):
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT.h:
        (ValueSource):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGVirtualRegisterAllocationPhase.cpp:
        (JSC::DFG::VirtualRegisterAllocationPhase::run):

2012-02-24  Gavin Barraclough  <barraclough@apple.com>

        Should not allow malformed \x escapes
        https://bugs.webkit.org/show_bug.cgi?id=79462

        Reviewed by Oliver Hunt.

        * parser/Lexer.cpp:
        (JSC::::parseString):
        (JSC::::parseStringSlowCase):
            - Prohibit malformed '\x' escapes
        * tests/mozilla/ecma/Array/15.4.5.1-1.js:
        * tests/mozilla/ecma/LexicalConventions/7.7.4.js:
        * tests/mozilla/ecma_2/RegExp/hex-001.js:
        * tests/mozilla/js1_2/regexp/hexadecimal.js:
            - Remove erroneous test cases (correct behaviour is tested by LayoutTests/sputnik).

2012-02-24  Daniel Bates  <dbates@webkit.org>

        Fix change log entry for changeset r108819; add bug URL
        https://bugs.webkit.org/show_bug.cgi?id=79504

        Changeset r108819 is associated with bug #79504.

        * ChangeLog

2012-02-24  Daniel Bates  <dbates@webkit.org>

        Substitute ENABLE(CLASSIC_INTERPRETER) for ENABLE(INTERPRETER) in Interpreter.cpp
        https://bugs.webkit.org/show_bug.cgi?id=79504

        Reviewed by Oliver Hunt.

        There are a few places in Interpreter.cpp that need to be updated to use
        ENABLE(CLASSIC_INTERPRETER) following the renaming of ENABLE_INTERPRETER to
        ENABLE_CLASSIC_INTERPRETER in changeset <http://trac.webkit.org/changeset/108020>
        (https://bugs.webkit.org/show_bug.cgi?id=78791).

        * interpreter/Interpreter.cpp:
        (JSC::getLineNumberForCallFrame):
        (JSC::getCallerInfo):
        (JSC::getSourceURLFromCallFrame):

2012-02-24  Adam Roben  <aroben@apple.com>

        Undo the BUILDING_WTF part of r108808

        This broke the build, which is obviously worse than the linker warning it was trying to
        solve.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:

2012-02-24  Adam Roben  <aroben@apple.com>

        Fix linker warnings on Windows

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed symbols that are already
        exported via JS_EXPORTDATA.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Define BUILDING_WTF. We
        aren't actually building WTF, but we are statically linking it, so we need to define this
        symbol so that we export WTF's exports.

2012-02-24  Philippe Normand  <pnormand@igalia.com>

        Fix GTK WebAudio build for WebKitGTK 1.7.90.

        Patch by Priit Laes <plaes@plaes.org> on 2012-02-24
        Rubber-stamped by Philippe Normand.

        * GNUmakefile.list.am: Add Complex.h to the list of files so it
        gets disted in the tarballs.

2012-02-24  Zoltan Herczeg  <zherczeg@webkit.org>

        [Qt] Buildfix for "Zero out CopiedBlocks on initialization".
        https://bugs.webkit.org/show_bug.cgi?id=79199

        Ruber stamped by Csaba Osztrogonác.

        Temporary fix since the new member wastes a little space on
        64 bit systems. Although it is harmless, it is only needed
        for 32 bit systems.

        * heap/CopiedBlock.h:
        (CopiedBlock):

2012-02-24  Han Hojong  <hojong.han@samsung.com>

        Remove useless jump instructions for short circuit
        https://bugs.webkit.org/show_bug.cgi?id=75602

        Reviewed by Michael Saboff.

        Jump instruction is inserted to make short circuit, 
        however it does nothing but moving to the next instruction.
        Therefore useless jump instructions are removed, 
        and jump list is moved into the case not for a short circuit,
        so that only necessary instructions are added to JIT code
        unless it has a 16 bit pattern character and an 8 bit string.

        * yarr/YarrJIT.cpp:
        (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
        (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):

2012-02-24  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r108731.
        http://trac.webkit.org/changeset/108731
        https://bugs.webkit.org/show_bug.cgi?id=79464

        Broke Chromium Win tests (Requested by bashi on #webkit).

        * wtf/Platform.h:

2012-02-24  Andrew Lo  <anlo@rim.com>

        [BlackBerry] Enable requestAnimationFrame
        https://bugs.webkit.org/show_bug.cgi?id=79408

        Use timer implementation of requestAnimationFrame on BlackBerry.

        Reviewed by Rob Buis.

        * wtf/Platform.h:

2012-02-24  Mathias Bynens  <mathias@qiwi.be>

        `\u200c` and `\u200d` should be allowed in IdentifierPart, as per ES5
        https://bugs.webkit.org/show_bug.cgi?id=78908

        Add additional checks for zero-width non-joiner (0x200C) and
        zero-width joiner (0x200D) characters.

        Reviewed by Michael Saboff.

        * parser/Lexer.cpp:
        (JSC::isNonASCIIIdentPart)
        * runtime/LiteralParser.cpp:
        (JSC::::Lexer::lexIdentifier)

2012-02-23  Kenichi Ishibashi  <bashi@chromium.org>

        Adding WebSocket per-frame DEFLATE extension
        https://bugs.webkit.org/show_bug.cgi?id=77522

        Added USE(ZLIB) flag.

        Reviewed by Kent Tamura.

        * wtf/Platform.h:

2012-02-23  Mark Hahnenberg  <mhahnenberg@apple.com>

        Zero out CopiedBlocks on initialization
        https://bugs.webkit.org/show_bug.cgi?id=79199

        Reviewed by Filip Pizlo.

        Made CopyBlocks zero their payloads during construction. This allows 
        JSArray to avoid having to manually clear its backing store upon allocation
        and also alleviates any future pain with regard to the garbage collector trying 
        to mark what it thinks are values in what is actually uninitialized memory.

        * heap/CopiedBlock.h:
        (JSC::CopiedBlock::CopiedBlock):
        * runtime/JSArray.cpp:
        (JSC::JSArray::finishCreation):
        (JSC::JSArray::tryFinishCreationUninitialized):
        (JSC::JSArray::increaseVectorLength):
        (JSC::JSArray::unshiftCountSlowCase):

2012-02-23  Oliver Hunt  <oliver@apple.com>

        Make Interpreter::getStackTrace be able to generate the line number for the top callframe if none is provided
        https://bugs.webkit.org/show_bug.cgi?id=79407

        Reviewed by Gavin Barraclough.

        Outside of exception handling, we don't know what our source line number is.  This
        change allows us to pass -1 is as the initial line number, and get the correct line
        number in the resultant stack trace.  We can't completely elide the initial line
        number (yet) due to some idiosyncrasies of the exception handling machinery.

        * interpreter/Interpreter.cpp:
        (JSC::getLineNumberForCallFrame):
        (JSC):
        (JSC::Interpreter::getStackTrace):

2012-02-22  Filip Pizlo  <fpizlo@apple.com>

        DFG OSR exit value profiling should have graceful handling of local variables and arguments
        https://bugs.webkit.org/show_bug.cgi?id=79310

        Reviewed by Gavin Barraclough.
        
        Previously, if we OSR exited because a prediction in a local was wrong, we'd
        only realize what the true type of the local was if the regular value profiling
        kicked in and told us. Unless the local was block-locally copy propagated, in
        which case we'd know from an OSR exit profile.
        
        This patch adds OSR exit profiling to all locals and arguments. Now, if we OSR
        exit because of a mispredicted local or argument type, we'll know what the type of
        the local or argument should be immediately upon exiting.
        
        The way that local variable OSR exit profiling works is that we now have a lazily
        added set of OSR-exit-only value profiles for exit sites that are BadType and that
        cited a GetLocal as their value source. The value profiles are only added if the
        OSR exit is taken, and are keyed by CodeBlock, bytecode index of the GetLocal, and
        operand. The look-up is performed by querying the
        CompressedLazyOperandValueProfileHolder in the CodeBlock, using a key that contains
        the bytecode index and the operand. Because the value profiles are added at random
        times, they are not sorted; instead they are just stored in an arbitrarily-ordered
        SegmentedVector. Look-ups are made fast by "decompressing": the DFG::ByteCodeParser
        creates a LazyOperandValueProfileParser, which turns the
        CompressedLazyOperandValueProfileHolder's contents into a HashMap for the duration
        of DFG parsing.
        
        Previously, OSR exits had a pointer to the ValueProfile that had the specFailBucket
        into which values observed during OSR exit would be placed. Now it uses a lazy
        thunk for a ValueProfile. I call this the MethodOfGettingAValueProfile. It may
        either contain a ValueProfile inside it (which works for previous uses of OSR exit
        profiling) or it may just have knowledge of how to go about creating the
        LazyOperandValueProfile in the case that the OSR exit is actually taken. This
        ensures that we never have to create NumOperands*NumBytecodeIndices*NumCodeBlocks
        value profiling buckets unless we actually did OSR exit on every single operand,
        in every single instruction, in each code block (that's probably unlikely).
        
        This appears to be neutral on the major benchmarks, but is a double-digit speed-up
        on code deliberately written to have data flow that spans basic blocks and where
        the code exhibits post-optimization polymorphism in a local variable.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::stronglyVisitStrongReferences):
        * bytecode/CodeBlock.h:
        (CodeBlock):
        (JSC::CodeBlock::lazyOperandValueProfiles):
        * bytecode/LazyOperandValueProfile.cpp: Added.
        (JSC):
        (JSC::CompressedLazyOperandValueProfileHolder::CompressedLazyOperandValueProfileHolder):
        (JSC::CompressedLazyOperandValueProfileHolder::~CompressedLazyOperandValueProfileHolder):
        (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
        (JSC::CompressedLazyOperandValueProfileHolder::add):
        (JSC::LazyOperandValueProfileParser::LazyOperandValueProfileParser):
        (JSC::LazyOperandValueProfileParser::~LazyOperandValueProfileParser):
        (JSC::LazyOperandValueProfileParser::getIfPresent):
        (JSC::LazyOperandValueProfileParser::prediction):
        * bytecode/LazyOperandValueProfile.h: Added.
        (JSC):
        (LazyOperandValueProfileKey):
        (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey):
        (JSC::LazyOperandValueProfileKey::operator!):
        (JSC::LazyOperandValueProfileKey::operator==):
        (JSC::LazyOperandValueProfileKey::hash):
        (JSC::LazyOperandValueProfileKey::bytecodeOffset):
        (JSC::LazyOperandValueProfileKey::operand):
        (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue):
        (JSC::LazyOperandValueProfileKeyHash::hash):
        (JSC::LazyOperandValueProfileKeyHash::equal):
        (LazyOperandValueProfileKeyHash):
        (WTF):
        (JSC::LazyOperandValueProfile::LazyOperandValueProfile):
        (LazyOperandValueProfile):
        (JSC::LazyOperandValueProfile::key):
        (CompressedLazyOperandValueProfileHolder):
        (LazyOperandValueProfileParser):
        * bytecode/MethodOfGettingAValueProfile.cpp: Added.
        (JSC):
        (JSC::MethodOfGettingAValueProfile::fromLazyOperand):
        (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
        * bytecode/MethodOfGettingAValueProfile.h: Added.
        (JSC):
        (MethodOfGettingAValueProfile):
        (JSC::MethodOfGettingAValueProfile::MethodOfGettingAValueProfile):
        (JSC::MethodOfGettingAValueProfile::operator!):
        * bytecode/ValueProfile.cpp: Removed.
        * bytecode/ValueProfile.h:
        (JSC):
        (ValueProfileBase):
        (JSC::ValueProfileBase::ValueProfileBase):
        (JSC::ValueProfileBase::dump):
        (JSC::ValueProfileBase::computeUpdatedPrediction):
        (JSC::MinimalValueProfile::MinimalValueProfile):
        (ValueProfileWithLogNumberOfBuckets):
        (JSC::ValueProfileWithLogNumberOfBuckets::ValueProfileWithLogNumberOfBuckets):
        (JSC::ValueProfile::ValueProfile):
        (JSC::getValueProfileBytecodeOffset):
        (JSC::getRareCaseProfileBytecodeOffset):
        * dfg/DFGByteCodeParser.cpp:
        (ByteCodeParser):
        (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
        (JSC::DFG::ByteCodeParser::getLocal):
        (JSC::DFG::ByteCodeParser::getArgument):
        (InlineStackEntry):
        (JSC::DFG::ByteCodeParser::fixVariableAccessPredictions):
        (DFG):
        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
        (JSC::DFG::ByteCodeParser::parse):
        * dfg/DFGDriver.cpp:
        (JSC::DFG::compile):
        * dfg/DFGGraph.h:
        (JSC::DFG::Graph::valueProfileFor):
        (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
        (Graph):
        * dfg/DFGNode.h:
        (Node):
        * dfg/DFGOSRExit.cpp:
        (JSC::DFG::OSRExit::OSRExit):
        * dfg/DFGOSRExit.h:
        (OSRExit):
        * dfg/DFGOSRExitCompiler32_64.cpp:
        (JSC::DFG::OSRExitCompiler::compileExit):
        * dfg/DFGOSRExitCompiler64.cpp:
        (JSC::DFG::OSRExitCompiler::compileExit):
        * dfg/DFGPhase.cpp:
        (JSC::DFG::Phase::beginPhase):
        (JSC::DFG::Phase::endPhase):
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::speculationCheck):
        * dfg/DFGVariableAccessData.h:
        (JSC::DFG::VariableAccessData::nonUnifiedPrediction):
        (VariableAccessData):

2012-02-23  Filip Pizlo  <fpizlo@apple.com>

        Build fix.

        * llint/LLIntOffsetsExtractor.cpp:

2012-02-23  Kevin Ollivier  <kevino@theolliviers.com>

        [wx] Build fix, disable LLINT for now and fix ENABLE defines for it.

        * llint/LLIntOffsetsExtractor.cpp:
        * wtf/Platform.h:

2012-02-23  Kevin Ollivier  <kevino@theolliviers.com>

        [wx] Build fix for non-Mac wx builds.

        * runtime/DatePrototype.cpp:

2012-02-22  Filip Pizlo  <fpizlo@apple.com>

        DFG's logic for emitting a Flush is too convoluted and contains an inaccurate comment
        https://bugs.webkit.org/show_bug.cgi?id=79334

        Reviewed by Oliver Hunt.

        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::getLocal):
        (JSC::DFG::ByteCodeParser::getArgument):
        (JSC::DFG::ByteCodeParser::flush):

2012-02-23  Gavin Barraclough  <barraclough@apple.com>

        Object.isSealed / Object.isFrozen don't work for native objects
        https://bugs.webkit.org/show_bug.cgi?id=79331

        Reviewed by Sam Weinig.

        Need to inspect all properties, including static ones.
        This exposes a couple of bugs in Array & Arguments:
            - getOwnPropertyDescriptor doesn't correctly report the writable attribute of array length.
            - Arguments object's defineOwnProperty does not handle callee/caller/length correctly.

        * runtime/Arguments.cpp:
        (JSC::Arguments::defineOwnProperty):
            - Add handling for callee/caller/length.
        * runtime/JSArray.cpp:
        (JSC::JSArray::getOwnPropertyDescriptor):
            - report length's writability correctly.
        * runtime/ObjectConstructor.cpp:
        (JSC::objectConstructorSeal):
        (JSC::objectConstructorFreeze):
        (JSC::objectConstructorIsSealed):
        (JSC::objectConstructorIsFrozen):
            - Add spec-based implementation for non-final objects.

2012-02-23  Gavin Barraclough  <barraclough@apple.com>

        pop of array hole should get from the prototype chain
        https://bugs.webkit.org/show_bug.cgi?id=79338

        Reviewed by Sam Weinig.

        * runtime/JSArray.cpp:
        (JSC::JSArray::pop):
            - If the fast fast vector case fails, more closely follow the spec.

2012-02-23  Yong Li  <yoli@rim.com>

        JSString::outOfMemory() should ASSERT(isRope()) rather than !isRope()
        https://bugs.webkit.org/show_bug.cgi?id=79268

        Reviewed by Michael Saboff.

        resolveRope() is the only caller of outOfMemory(), and it calls outOfMemory()
        after it fails to allocate a buffer for m_value. So outOfMemory() should assert
        isRope() rather than !isRope().

        * runtime/JSString.cpp:
        (JSC::JSString::outOfMemory):

2012-02-23  Patrick Gansterer  <paroga@webkit.org>

        [CMake] Add WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS macro
        https://bugs.webkit.org/show_bug.cgi?id=79371

        Reviewed by Daniel Bates.

        * CMakeLists.txt:
        * shell/CMakeLists.txt:
        * wtf/CMakeLists.txt:

2012-02-23  Aron Rosenberg  <arosenberg@logitech.com>

        Fix the PRI macros used in WTF::String formatters to be compatible with Qt and Visual Studio 2005 and newer.
        https://bugs.webkit.org/show_bug.cgi?id=76210

        Add compile time check for Visual Studio 2005 or newer.

        Reviewed by Simon Hausmann.

        * os-win32/inttypes.h:

2012-02-22  Gavin Barraclough  <barraclough@apple.com>

        Implement [[DefineOwnProperty]] for the arguments object
        https://bugs.webkit.org/show_bug.cgi?id=79309

        Reviewed by Sam Weinig.

        * runtime/Arguments.cpp:
        (JSC::Arguments::deletePropertyByIndex):
        (JSC::Arguments::deleteProperty):
            - Deleting an argument should also delete the copy on the object, if any.
        (JSC::Arguments::defineOwnProperty):
            - Defining a property may override the live mapping.
        * runtime/Arguments.h:
        (Arguments):

2012-02-22  Gavin Barraclough  <barraclough@apple.com>

        Fix Object.freeze for non-final objects.
        https://bugs.webkit.org/show_bug.cgi?id=79286

        Reviewed by Oliver Hunt.

        For vanilla objects we implement this with a single transition, for objects
        with special properties we should just follow the spec defined algorithm.

        * runtime/JSArray.cpp:
        (JSC::SparseArrayValueMap::put):
            - this does need to handle inextensible objects.
        * runtime/ObjectConstructor.cpp:
        (JSC::objectConstructorSeal):
        (JSC::objectConstructorFreeze):
            - Implement spec defined algorithm for non-final objects.
        * runtime/Structure.cpp:
        (JSC::Structure::Structure):
        (JSC::Structure::freezeTransition):
            - freeze should set m_hasReadOnlyOrGetterSetterPropertiesExcludingProto.
        * runtime/Structure.h:
        (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto):
        (JSC::Structure::setHasGetterSetterProperties):
        (JSC::Structure::setContainsReadOnlyProperties):
        (Structure):
            - renamed m_hasReadOnlyOrGetterSetterPropertiesExcludingProto.

2012-02-22  Mark Hahnenberg  <mhahnenberg@apple.com>

        Allocations from CopiedBlocks should always be 8-byte aligned
        https://bugs.webkit.org/show_bug.cgi?id=79271

        Reviewed by Geoffrey Garen.

        * heap/CopiedAllocator.h:
        (JSC::CopiedAllocator::allocate):
        * heap/CopiedBlock.h: Changed to add padding so that the start of the payload is always 
        guaranteed to be 8 byte aligned on both 64- and 32-bit platforms.
        (CopiedBlock):
        * heap/CopiedSpace.cpp: Changed all assertions of isPointerAligned to is8ByteAligned.
        (JSC::CopiedSpace::tryAllocateOversize):
        (JSC::CopiedSpace::getFreshBlock):
        * heap/CopiedSpaceInlineMethods.h:
        (JSC::CopiedSpace::allocateFromBlock):
        * runtime/JSArray.h:
        (ArrayStorage): Added padding for ArrayStorage to make sure that it is always 8 byte 
        aligned on both 64- and 32-bit platforms.
        * wtf/StdLibExtras.h:
        (WTF::is8ByteAligned): Added new utility function that functions similarly to the 
        way isPointerAligned does, but it just always checks for 8 byte alignment.
        (WTF):

2012-02-22  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r108456.
        http://trac.webkit.org/changeset/108456
        https://bugs.webkit.org/show_bug.cgi?id=79223

        Broke fast/regex/pcre-test-4.html and cannot find anyone on
        IRC (Requested by zherczeg on #webkit).

        * yarr/YarrJIT.cpp:
        (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):

2012-02-22  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r108468.
        http://trac.webkit.org/changeset/108468
        https://bugs.webkit.org/show_bug.cgi?id=79219

        Broke Chromium Win release build (Requested by bashi on
        #webkit).

        * wtf/Platform.h:

2012-02-22  Kenichi Ishibashi  <bashi@chromium.org>

        Adding WebSocket per-frame DEFLATE extension
        https://bugs.webkit.org/show_bug.cgi?id=77522

        Added USE(ZLIB) flag.

        Reviewed by Kent Tamura.

        * wtf/Platform.h:

2012-02-22  Hojong Han  <hojong.han@samsung.com>

        Short circuit fixed for a 16 bt pattern character and an 8 bit string.
        https://bugs.webkit.org/show_bug.cgi?id=75602

        Reviewed by Gavin Barraclough.

        * yarr/YarrJIT.cpp:
        (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):

2012-02-21  Filip Pizlo  <fpizlo@apple.com>

        Build fix for systems with case sensitive disks.

        * llint/LLIntOfflineAsmConfig.h:

2012-02-21  Filip Pizlo  <fpizlo@apple.com>

        JSC should be a triple-tier VM
        https://bugs.webkit.org/show_bug.cgi?id=75812
        <rdar://problem/10079694>

        Reviewed by Gavin Barraclough.
        
        Implemented an interpreter that uses the JIT's calling convention. This
        interpreter is called LLInt, or the Low Level Interpreter. JSC will now
        will start by executing code in LLInt and will only tier up to the old
        JIT after the code is proven hot.
        
        LLInt is written in a modified form of our macro assembly. This new macro
        assembly is compiled by an offline assembler (see offlineasm), which
        implements many modern conveniences such as a Turing-complete CPS-based
        macro language and direct access to relevant C++ type information
        (basically offsets of fields and sizes of structs/classes).
        
        Code executing in LLInt appears to the rest of the JSC world "as if" it
        were executing in the old JIT. Hence, things like exception handling and
        cross-execution-engine calls just work and require pretty much no
        additional overhead.
        
        This interpreter is 2-2.5x faster than our old interpreter on SunSpider,
        V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider,
        V8, and Kraken, but appear to get a double-digit improvement on real-world
        websites due to a huge reduction in the amount of JIT'ing.
        
        * CMakeLists.txt:
        * GNUmakefile.am:
        * GNUmakefile.list.am:
        * JavaScriptCore.pri:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
        * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * assembler/LinkBuffer.h:
        * assembler/MacroAssemblerCodeRef.h:
        (MacroAssemblerCodePtr):
        (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
        * bytecode/BytecodeConventions.h: Added.
        * bytecode/CallLinkStatus.cpp:
        (JSC::CallLinkStatus::computeFromLLInt):
        (JSC):
        (JSC::CallLinkStatus::computeFor):
        * bytecode/CallLinkStatus.h:
        (JSC::CallLinkStatus::isSet):
        (JSC::CallLinkStatus::operator!):
        (CallLinkStatus):
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        (JSC::CodeBlock::CodeBlock):
        (JSC::CodeBlock::~CodeBlock):
        (JSC::CodeBlock::finalizeUnconditionally):
        (JSC::CodeBlock::stronglyVisitStrongReferences):
        (JSC):
        (JSC::CodeBlock::unlinkCalls):
        (JSC::CodeBlock::unlinkIncomingCalls):
        (JSC::CodeBlock::bytecodeOffset):
        (JSC::ProgramCodeBlock::jettison):
        (JSC::EvalCodeBlock::jettison):
        (JSC::FunctionCodeBlock::jettison):
        (JSC::ProgramCodeBlock::jitCompileImpl):
        (JSC::EvalCodeBlock::jitCompileImpl):
        (JSC::FunctionCodeBlock::jitCompileImpl):
        * bytecode/CodeBlock.h:
        (JSC):
        (CodeBlock):
        (JSC::CodeBlock::baselineVersion):
        (JSC::CodeBlock::linkIncomingCall):
        (JSC::CodeBlock::bytecodeOffset):
        (JSC::CodeBlock::jitCompile):
        (JSC::CodeBlock::hasOptimizedReplacement):
        (JSC::CodeBlock::addPropertyAccessInstruction):
        (JSC::CodeBlock::addGlobalResolveInstruction):
        (JSC::CodeBlock::addLLIntCallLinkInfo):
        (JSC::CodeBlock::addGlobalResolveInfo):
        (JSC::CodeBlock::numberOfMethodCallLinkInfos):
        (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
        (JSC::CodeBlock::likelyToTakeSlowCase):
        (JSC::CodeBlock::couldTakeSlowCase):
        (JSC::CodeBlock::likelyToTakeSpecialFastCase):
        (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
        (JSC::CodeBlock::likelyToTakeAnySlowCase):
        (JSC::CodeBlock::addFrequentExitSite):
        (JSC::CodeBlock::dontJITAnytimeSoon):
        (JSC::CodeBlock::jitAfterWarmUp):
        (JSC::CodeBlock::jitSoon):
        (JSC::CodeBlock::llintExecuteCounter):
        (ProgramCodeBlock):
        (EvalCodeBlock):
        (FunctionCodeBlock):
        * bytecode/GetByIdStatus.cpp:
        (JSC::GetByIdStatus::computeFromLLInt):
        (JSC):
        (JSC::GetByIdStatus::computeFor):
        * bytecode/GetByIdStatus.h:
        (JSC::GetByIdStatus::GetByIdStatus):
        (JSC::GetByIdStatus::wasSeenInJIT):
        (GetByIdStatus):
        * bytecode/Instruction.h:
        (JSC):
        (JSC::Instruction::Instruction):
        (Instruction):
        * bytecode/LLIntCallLinkInfo.h: Added.
        (JSC):
        (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo):
        (LLIntCallLinkInfo):
        (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo):
        (JSC::LLIntCallLinkInfo::isLinked):
        (JSC::LLIntCallLinkInfo::unlink):
        * bytecode/MethodCallLinkStatus.cpp:
        (JSC::MethodCallLinkStatus::computeFor):
        * bytecode/Opcode.cpp:
        (JSC):
        * bytecode/Opcode.h:
        (JSC):
        (JSC::padOpcodeName):
        * bytecode/PutByIdStatus.cpp:
        (JSC::PutByIdStatus::computeFromLLInt):
        (JSC):
        (JSC::PutByIdStatus::computeFor):
        * bytecode/PutByIdStatus.h:
        (PutByIdStatus):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitResolve):
        (JSC::BytecodeGenerator::emitResolveWithBase):
        (JSC::BytecodeGenerator::emitGetById):
        (JSC::BytecodeGenerator::emitPutById):
        (JSC::BytecodeGenerator::emitDirectPutById):
        (JSC::BytecodeGenerator::emitCall):
        (JSC::BytecodeGenerator::emitConstruct):
        (JSC::BytecodeGenerator::emitCatch):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
        (JSC::DFG::ByteCodeParser::handleInlining):
        (JSC::DFG::ByteCodeParser::parseBlock):
        * dfg/DFGCapabilities.h:
        (JSC::DFG::canCompileOpcode):
        * dfg/DFGOSRExitCompiler.cpp:
        * dfg/DFGOperations.cpp:
        * heap/Heap.h:
        (JSC):
        (JSC::Heap::firstAllocatorWithoutDestructors):
        (Heap):
        * heap/MarkStack.cpp:
        (JSC::visitChildren):
        * heap/MarkedAllocator.h:
        (JSC):
        (MarkedAllocator):
        * heap/MarkedSpace.h:
        (JSC):
        (MarkedSpace):
        (JSC::MarkedSpace::firstAllocator):
        * interpreter/CallFrame.cpp:
        (JSC):
        (JSC::CallFrame::bytecodeOffsetForNonDFGCode):
        (JSC::CallFrame::setBytecodeOffsetForNonDFGCode):
        (JSC::CallFrame::currentVPC):
        (JSC::CallFrame::setCurrentVPC):
        (JSC::CallFrame::trueCallerFrame):
        * interpreter/CallFrame.h:
        (JSC::ExecState::hasReturnPC):
        (JSC::ExecState::clearReturnPC):
        (ExecState):
        (JSC::ExecState::bytecodeOffsetForNonDFGCode):
        (JSC::ExecState::currentVPC):
        (JSC::ExecState::setCurrentVPC):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::Interpreter):
        (JSC::Interpreter::~Interpreter):
        (JSC):
        (JSC::Interpreter::initialize):
        (JSC::Interpreter::isOpcode):
        (JSC::Interpreter::unwindCallFrame):
        (JSC::getCallerInfo):
        (JSC::Interpreter::privateExecute):
        (JSC::Interpreter::retrieveLastCaller):
        * interpreter/Interpreter.h:
        (JSC):
        (Interpreter):
        (JSC::Interpreter::getOpcode):
        (JSC::Interpreter::getOpcodeID):
        (JSC::Interpreter::classicEnabled):
        * interpreter/RegisterFile.h:
        (JSC):
        (RegisterFile):
        * jit/ExecutableAllocator.h:
        (JSC):
        * jit/HostCallReturnValue.cpp: Added.
        (JSC):
        (JSC::getHostCallReturnValueWithExecState):
        * jit/HostCallReturnValue.h: Added.
        (JSC):
        (JSC::initializeHostCallReturnValue):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompileSlowCases):
        (JSC::JIT::privateCompile):
        * jit/JITCode.h:
        (JSC::JITCode::isOptimizingJIT):
        (JITCode):
        (JSC::JITCode::isBaselineCode):
        (JSC::JITCode::JITCode):
        * jit/JITDriver.h:
        (JSC::jitCompileIfAppropriate):
        (JSC::jitCompileFunctionIfAppropriate):
        * jit/JITExceptions.cpp:
        (JSC::jitThrow):
        * jit/JITInlineMethods.h:
        (JSC::JIT::updateTopCallFrame):
        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):
        (JSC):
        * jit/JITStubs.h:
        (JSC):
        * jit/JSInterfaceJIT.h:
        * llint: Added.
        * llint/LLIntCommon.h: Added.
        * llint/LLIntData.cpp: Added.
        (LLInt):
        (JSC::LLInt::Data::Data):
        (JSC::LLInt::Data::performAssertions):
        (JSC::LLInt::Data::~Data):
        * llint/LLIntData.h: Added.
        (JSC):
        (LLInt):
        (Data):
        (JSC::LLInt::Data::exceptionInstructions):
        (JSC::LLInt::Data::opcodeMap):
        (JSC::LLInt::Data::performAssertions):
        * llint/LLIntEntrypoints.cpp: Added.
        (LLInt):
        (JSC::LLInt::getFunctionEntrypoint):
        (JSC::LLInt::getEvalEntrypoint):
        (JSC::LLInt::getProgramEntrypoint):
        * llint/LLIntEntrypoints.h: Added.
        (JSC):
        (LLInt):
        (JSC::LLInt::getEntrypoint):
        * llint/LLIntExceptions.cpp: Added.
        (LLInt):
        (JSC::LLInt::interpreterThrowInCaller):
        (JSC::LLInt::returnToThrowForThrownException):
        (JSC::LLInt::returnToThrow):
        (JSC::LLInt::callToThrow):
        * llint/LLIntExceptions.h: Added.
        (JSC):
        (LLInt):
        * llint/LLIntOfflineAsmConfig.h: Added.
        * llint/LLIntOffsetsExtractor.cpp: Added.
        (JSC):
        (LLIntOffsetsExtractor):
        (JSC::LLIntOffsetsExtractor::dummy):
        (main):
        * llint/LLIntSlowPaths.cpp: Added.
        (LLInt):
        (JSC::LLInt::llint_trace_operand):
        (JSC::LLInt::llint_trace_value):
        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
        (JSC::LLInt::traceFunctionPrologue):
        (JSC::LLInt::shouldJIT):
        (JSC::LLInt::entryOSR):
        (JSC::LLInt::resolveGlobal):
        (JSC::LLInt::getByVal):
        (JSC::LLInt::handleHostCall):
        (JSC::LLInt::setUpCall):
        (JSC::LLInt::genericCall):
        * llint/LLIntSlowPaths.h: Added.
        (JSC):
        (LLInt):
        * llint/LLIntThunks.cpp: Added.
        (LLInt):
        (JSC::LLInt::generateThunkWithJumpTo):
        (JSC::LLInt::functionForCallEntryThunkGenerator):
        (JSC::LLInt::functionForConstructEntryThunkGenerator):
        (JSC::LLInt::functionForCallArityCheckThunkGenerator):
        (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
        (JSC::LLInt::evalEntryThunkGenerator):
        (JSC::LLInt::programEntryThunkGenerator):
        * llint/LLIntThunks.h: Added.
        (JSC):
        (LLInt):
        * llint/LowLevelInterpreter.asm: Added.
        * llint/LowLevelInterpreter.cpp: Added.
        * llint/LowLevelInterpreter.h: Added.
        * offlineasm: Added.
        * offlineasm/armv7.rb: Added.
        * offlineasm/asm.rb: Added.
        * offlineasm/ast.rb: Added.
        * offlineasm/backends.rb: Added.
        * offlineasm/generate_offset_extractor.rb: Added.
        * offlineasm/instructions.rb: Added.
        * offlineasm/offset_extractor_constants.rb: Added.
        * offlineasm/offsets.rb: Added.
        * offlineasm/opt.rb: Added.
        * offlineasm/parser.rb: Added.
        * offlineasm/registers.rb: Added.
        * offlineasm/self_hash.rb: Added.
        * offlineasm/settings.rb: Added.
        * offlineasm/transform.rb: Added.
        * offlineasm/x86.rb: Added.
        * runtime/CodeSpecializationKind.h: Added.
        (JSC):
        * runtime/CommonSlowPaths.h:
        (JSC::CommonSlowPaths::arityCheckFor):
        (CommonSlowPaths):
        * runtime/Executable.cpp:
        (JSC::jettisonCodeBlock):
        (JSC):
        (JSC::EvalExecutable::jitCompile):
        (JSC::samplingDescription):
        (JSC::EvalExecutable::compileInternal):
        (JSC::ProgramExecutable::jitCompile):
        (JSC::ProgramExecutable::compileInternal):
        (JSC::FunctionExecutable::baselineCodeBlockFor):
        (JSC::FunctionExecutable::jitCompileForCall):
        (JSC::FunctionExecutable::jitCompileForConstruct):
        (JSC::FunctionExecutable::compileForCallInternal):
        (JSC::FunctionExecutable::compileForConstructInternal):
        * runtime/Executable.h:
        (JSC):
        (EvalExecutable):
        (ProgramExecutable):
        (FunctionExecutable):
        (JSC::FunctionExecutable::jitCompileFor):
        * runtime/ExecutionHarness.h: Added.
        (JSC):
        (JSC::prepareForExecution):
        (JSC::prepareFunctionForExecution):
        * runtime/JSArray.h:
        (JSC):
        (JSArray):
        * runtime/JSCell.h:
        (JSC):
        (JSCell):
        * runtime/JSFunction.h:
        (JSC):
        (JSFunction):
        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        * runtime/JSGlobalData.h:
        (JSC):
        (JSGlobalData):
        * runtime/JSGlobalObject.h:
        (JSC):
        (JSGlobalObject):
        * runtime/JSObject.h:
        (JSC):
        (JSObject):
        (JSFinalObject):
        * runtime/JSPropertyNameIterator.h:
        (JSC):
        (JSPropertyNameIterator):
        * runtime/JSString.h:
        (JSC):
        (JSString):
        * runtime/JSTypeInfo.h:
        (JSC):
        (TypeInfo):
        * runtime/JSValue.cpp:
        (JSC::JSValue::description):
        * runtime/JSValue.h:
        (LLInt):
        (JSValue):
        * runtime/JSVariableObject.h:
        (JSC):
        (JSVariableObject):
        * runtime/Options.cpp:
        (Options):
        (JSC::Options::initializeOptions):
        * runtime/Options.h:
        (Options):
        * runtime/ScopeChain.h:
        (JSC):
        (ScopeChainNode):
        * runtime/Structure.cpp:
        (JSC::Structure::addPropertyTransition):
        * runtime/Structure.h:
        (JSC):
        (Structure):
        * runtime/StructureChain.h:
        (JSC):
        (StructureChain):
        * wtf/InlineASM.h:
        * wtf/Platform.h:
        * wtf/SentinelLinkedList.h:
        (SentinelLinkedList):
        (WTF::SentinelLinkedList::isEmpty):
        * wtf/text/StringImpl.h:
        (JSC):
        (StringImpl):

2012-02-21  Oliver Hunt  <oliver@apple.com>

        Unbreak double-typed arrays on ARMv7
        https://bugs.webkit.org/show_bug.cgi?id=79177

        Reviewed by Gavin Barraclough.

        The existing code had completely broken address arithmetic.

        * JSCTypedArrayStubs.h:
        (JSC):
        * assembler/MacroAssemblerARMv7.h:
        (JSC::MacroAssemblerARMv7::storeDouble):
        (JSC::MacroAssemblerARMv7::storeFloat):

2012-02-21  Gavin Barraclough  <barraclough@apple.com>

        Should be able to reconfigure a non-configurable property as read-only
        https://bugs.webkit.org/show_bug.cgi?id=79170

        Reviewed by Sam Weinig.

        See ES5.1 8.12.9 10.a.i - the spec prohibits making a read-only property writable,
        but does not inhibit making a writable property read-only.

        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        * runtime/JSGlobalData.h:
        (JSC::JSGlobalData::setInDefineOwnProperty):
        (JSGlobalData):
        (JSC::JSGlobalData::isInDefineOwnProperty):
            - Added flag, tracking whether we are in JSObject::defineOwnProperty.
        * runtime/JSObject.cpp:
        (JSC::JSObject::deleteProperty):
        (DefineOwnPropertyScope):
            - Always allow properties to be deleted by DefineOwnProperty - assume it knows what it is doing!
        (JSC::DefineOwnPropertyScope::DefineOwnPropertyScope):
        (JSC::DefineOwnPropertyScope::~DefineOwnPropertyScope):
            - Added RAII helper.
        (JSC::JSObject::defineOwnProperty):
            - Track on the globalData when we are in this method.

2012-02-21  Oliver Hunt  <oliver@apple.com>

        Make TypedArrays be available in commandline jsc
        https://bugs.webkit.org/show_bug.cgi?id=79163

        Reviewed by Gavin Barraclough.

        Adds a compile time option to have jsc support a basic implementation
        of the TypedArrays available in WebCore.  This lets us test the typed
        array logic in the JIT witout having to build webcore.

        * JSCTypedArrayStubs.h: Added.
        (JSC):
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * jsc.cpp:
        (GlobalObject::finishCreation):
        (GlobalObject):
        (GlobalObject::addConstructableFunction):
        * runtime/JSGlobalData.h:
        (JSGlobalData):

2012-02-21  Tom Sepez  <tsepez@chromium.org>

        equalIgnoringNullity() only comparing half the bytes for equality
        https://bugs.webkit.org/show_bug.cgi?id=79135

        Reviewed by Adam Barth.

        * wtf/text/StringImpl.h:
        (WTF::equalIgnoringNullity):

2012-02-21  Roland Takacs  <takacs.roland@stud.u-szeged.hu>

        Unnecessary preprocessor macros in MainThread.h/cpp
        https://bugs.webkit.org/show_bug.cgi?id=79083

        Removed invalid/wrong PLATFORM(WINDOWS) preprocessor macro.

        * wtf/MainThread.cpp:
        (WTF):
        * wtf/MainThread.h:
        (WTF):

2012-02-21  Sam Weinig  <sam@webkit.org>

        Attempt to fix the Snow Leopard build.

        * Configurations/Base.xcconfig:

2012-02-21  Sam Weinig  <sam@webkit.org>

        Use libc++ when building with Clang on Mac
        https://bugs.webkit.org/show_bug.cgi?id=78981

        Reviewed by Dan Bernstein.

        * Configurations/Base.xcconfig:

2012-02-21  Adam Roben  <aroben@apple.com>

        Roll out r108309, r108323, and r108326

        They broke the 32-bit Lion build.

        Original bugs is <http://webkit.org/b/75812> <rdar://problem/10079694>.

        * CMakeLists.txt:
        * GNUmakefile.am:
        * GNUmakefile.list.am:
        * JavaScriptCore.pri:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
        * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * assembler/LinkBuffer.h:
        * assembler/MacroAssemblerCodeRef.h:
        * bytecode/BytecodeConventions.h: Removed.
        * bytecode/CallLinkStatus.cpp:
        * bytecode/CallLinkStatus.h:
        * bytecode/CodeBlock.cpp:
        * bytecode/CodeBlock.h:
        * bytecode/GetByIdStatus.cpp:
        * bytecode/GetByIdStatus.h:
        * bytecode/Instruction.h:
        * bytecode/LLIntCallLinkInfo.h: Removed.
        * bytecode/MethodCallLinkStatus.cpp:
        * bytecode/Opcode.cpp:
        * bytecode/Opcode.h:
        * bytecode/PutByIdStatus.cpp:
        * bytecode/PutByIdStatus.h:
        * bytecompiler/BytecodeGenerator.cpp:
        * dfg/DFGByteCodeParser.cpp:
        * dfg/DFGCapabilities.h:
        * dfg/DFGOSRExitCompiler.cpp:
        * dfg/DFGOperations.cpp:
        * heap/Heap.h:
        * heap/MarkStack.cpp:
        * heap/MarkedAllocator.h:
        * heap/MarkedSpace.h:
        * interpreter/CallFrame.cpp:
        * interpreter/CallFrame.h:
        * interpreter/Interpreter.cpp:
        * interpreter/Interpreter.h:
        * interpreter/RegisterFile.h:
        * jit/ExecutableAllocator.h:
        * jit/HostCallReturnValue.cpp: Removed.
        * jit/HostCallReturnValue.h: Removed.
        * jit/JIT.cpp:
        * jit/JITCode.h:
        * jit/JITDriver.h:
        * jit/JITExceptions.cpp:
        * jit/JITInlineMethods.h:
        * jit/JITStubs.cpp:
        * jit/JITStubs.h:
        * jit/JSInterfaceJIT.h:
        * llint/LLIntCommon.h: Removed.
        * llint/LLIntData.cpp: Removed.
        * llint/LLIntData.h: Removed.
        * llint/LLIntEntrypoints.cpp: Removed.
        * llint/LLIntEntrypoints.h: Removed.
        * llint/LLIntExceptions.cpp: Removed.
        * llint/LLIntExceptions.h: Removed.
        * llint/LLIntOfflineAsmConfig.h: Removed.
        * llint/LLIntOffsetsExtractor.cpp: Removed.
        * llint/LLIntSlowPaths.cpp: Removed.
        * llint/LLIntSlowPaths.h: Removed.
        * llint/LLIntThunks.cpp: Removed.
        * llint/LLIntThunks.h: Removed.
        * llint/LowLevelInterpreter.asm: Removed.
        * llint/LowLevelInterpreter.cpp: Removed.
        * llint/LowLevelInterpreter.h: Removed.
        * offlineasm/armv7.rb: Removed.
        * offlineasm/asm.rb: Removed.
        * offlineasm/ast.rb: Removed.
        * offlineasm/backends.rb: Removed.
        * offlineasm/generate_offset_extractor.rb: Removed.
        * offlineasm/instructions.rb: Removed.
        * offlineasm/offset_extractor_constants.rb: Removed.
        * offlineasm/offsets.rb: Removed.
        * offlineasm/opt.rb: Removed.
        * offlineasm/parser.rb: Removed.
        * offlineasm/registers.rb: Removed.
        * offlineasm/self_hash.rb: Removed.
        * offlineasm/settings.rb: Removed.
        * offlineasm/transform.rb: Removed.
        * offlineasm/x86.rb: Removed.
        * runtime/CodeSpecializationKind.h: Removed.
        * runtime/CommonSlowPaths.h:
        * runtime/Executable.cpp:
        * runtime/Executable.h:
        * runtime/ExecutionHarness.h: Removed.
        * runtime/JSArray.h:
        * runtime/JSCell.h:
        * runtime/JSFunction.h:
        * runtime/JSGlobalData.cpp:
        * runtime/JSGlobalData.h:
        * runtime/JSGlobalObject.h:
        * runtime/JSObject.h:
        * runtime/JSPropertyNameIterator.h:
        * runtime/JSString.h:
        * runtime/JSTypeInfo.h:
        * runtime/JSValue.cpp:
        * runtime/JSValue.h:
        * runtime/JSVariableObject.h:
        * runtime/Options.cpp:
        * runtime/Options.h:
        * runtime/ScopeChain.h:
        * runtime/Structure.cpp:
        * runtime/Structure.h:
        * runtime/StructureChain.h:
        * wtf/InlineASM.h:
        * wtf/Platform.h:
        * wtf/SentinelLinkedList.h:
        * wtf/text/StringImpl.h:

2012-02-21  Gustavo Noronha Silva  <kov@debian.org> and Bob Tracy  <rct@frus.com>

        Does not build on IA64, SPARC and Alpha
        https://bugs.webkit.org/show_bug.cgi?id=79047

        Rubber-stamped by Kent Tamura.

        * wtf/dtoa/utils.h: these architectures also have correct double
        operations, so add them to the appropriate side of the check.

2012-02-21  Filip Pizlo  <fpizlo@apple.com>

        Fix massive crashes in all tests introduced by previous build fix, and fix non-DFG build.
        https://bugs.webkit.org/show_bug.cgi?id=75812

        Reviewed by Csaba Osztrogonác.

        * dfg/DFGOperations.cpp:
        (JSC):
        * jit/HostCallReturnValue.h:
        (JSC::initializeHostCallReturnValue):

2012-02-21  Filip Pizlo  <fpizlo@apple.com>

        Attempted build fix for ELF platforms.

        * dfg/DFGOperations.cpp:
        (JSC):
        (JSC::getHostCallReturnValueWithExecState):
        * jit/HostCallReturnValue.cpp:
        (JSC):
        * jit/HostCallReturnValue.h:
        (JSC::initializeHostCallReturnValue):

2012-02-20  Filip Pizlo  <fpizlo@apple.com>

        JSC should be a triple-tier VM
        https://bugs.webkit.org/show_bug.cgi?id=75812
        <rdar://problem/10079694>

        Reviewed by Gavin Barraclough.
        
        Implemented an interpreter that uses the JIT's calling convention. This
        interpreter is called LLInt, or the Low Level Interpreter. JSC will now
        will start by executing code in LLInt and will only tier up to the old
        JIT after the code is proven hot.
        
        LLInt is written in a modified form of our macro assembly. This new macro
        assembly is compiled by an offline assembler (see offlineasm), which
        implements many modern conveniences such as a Turing-complete CPS-based
        macro language and direct access to relevant C++ type information
        (basically offsets of fields and sizes of structs/classes).
        
        Code executing in LLInt appears to the rest of the JSC world "as if" it
        were executing in the old JIT. Hence, things like exception handling and
        cross-execution-engine calls just work and require pretty much no
        additional overhead.
        
        This interpreter is 2-2.5x faster than our old interpreter on SunSpider,
        V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider,
        V8, and Kraken, but appear to get a double-digit improvement on real-world
        websites due to a huge reduction in the amount of JIT'ing.
        
        * CMakeLists.txt:
        * GNUmakefile.am:
        * GNUmakefile.list.am:
        * JavaScriptCore.pri:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
        * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * assembler/LinkBuffer.h:
        * assembler/MacroAssemblerCodeRef.h:
        (MacroAssemblerCodePtr):
        (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
        * bytecode/BytecodeConventions.h: Added.
        * bytecode/CallLinkStatus.cpp:
        (JSC::CallLinkStatus::computeFromLLInt):
        (JSC):
        (JSC::CallLinkStatus::computeFor):
        * bytecode/CallLinkStatus.h:
        (JSC::CallLinkStatus::isSet):
        (JSC::CallLinkStatus::operator!):
        (CallLinkStatus):
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        (JSC::CodeBlock::CodeBlock):
        (JSC::CodeBlock::~CodeBlock):
        (JSC::CodeBlock::finalizeUnconditionally):
        (JSC::CodeBlock::stronglyVisitStrongReferences):
        (JSC):
        (JSC::CodeBlock::unlinkCalls):
        (JSC::CodeBlock::unlinkIncomingCalls):
        (JSC::CodeBlock::bytecodeOffset):
        (JSC::ProgramCodeBlock::jettison):
        (JSC::EvalCodeBlock::jettison):
        (JSC::FunctionCodeBlock::jettison):
        (JSC::ProgramCodeBlock::jitCompileImpl):
        (JSC::EvalCodeBlock::jitCompileImpl):
        (JSC::FunctionCodeBlock::jitCompileImpl):
        * bytecode/CodeBlock.h:
        (JSC):
        (CodeBlock):
        (JSC::CodeBlock::baselineVersion):
        (JSC::CodeBlock::linkIncomingCall):
        (JSC::CodeBlock::bytecodeOffset):
        (JSC::CodeBlock::jitCompile):
        (JSC::CodeBlock::hasOptimizedReplacement):
        (JSC::CodeBlock::addPropertyAccessInstruction):
        (JSC::CodeBlock::addGlobalResolveInstruction):
        (JSC::CodeBlock::addLLIntCallLinkInfo):
        (JSC::CodeBlock::addGlobalResolveInfo):
        (JSC::CodeBlock::numberOfMethodCallLinkInfos):
        (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
        (JSC::CodeBlock::likelyToTakeSlowCase):
        (JSC::CodeBlock::couldTakeSlowCase):
        (JSC::CodeBlock::likelyToTakeSpecialFastCase):
        (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
        (JSC::CodeBlock::likelyToTakeAnySlowCase):
        (JSC::CodeBlock::addFrequentExitSite):
        (JSC::CodeBlock::dontJITAnytimeSoon):
        (JSC::CodeBlock::jitAfterWarmUp):
        (JSC::CodeBlock::jitSoon):
        (JSC::CodeBlock::llintExecuteCounter):
        (ProgramCodeBlock):
        (EvalCodeBlock):
        (FunctionCodeBlock):
        * bytecode/GetByIdStatus.cpp:
        (JSC::GetByIdStatus::computeFromLLInt):
        (JSC):
        (JSC::GetByIdStatus::computeFor):
        * bytecode/GetByIdStatus.h:
        (JSC::GetByIdStatus::GetByIdStatus):
        (JSC::GetByIdStatus::wasSeenInJIT):
        (GetByIdStatus):
        * bytecode/Instruction.h:
        (JSC):
        (JSC::Instruction::Instruction):
        (Instruction):
        * bytecode/LLIntCallLinkInfo.h: Added.
        (JSC):
        (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo):
        (LLIntCallLinkInfo):
        (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo):
        (JSC::LLIntCallLinkInfo::isLinked):
        (JSC::LLIntCallLinkInfo::unlink):
        * bytecode/MethodCallLinkStatus.cpp:
        (JSC::MethodCallLinkStatus::computeFor):
        * bytecode/Opcode.cpp:
        (JSC):
        * bytecode/Opcode.h:
        (JSC):
        (JSC::padOpcodeName):
        * bytecode/PutByIdStatus.cpp:
        (JSC::PutByIdStatus::computeFromLLInt):
        (JSC):
        (JSC::PutByIdStatus::computeFor):
        * bytecode/PutByIdStatus.h:
        (PutByIdStatus):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitResolve):
        (JSC::BytecodeGenerator::emitResolveWithBase):
        (JSC::BytecodeGenerator::emitGetById):
        (JSC::BytecodeGenerator::emitPutById):
        (JSC::BytecodeGenerator::emitDirectPutById):
        (JSC::BytecodeGenerator::emitCall):
        (JSC::BytecodeGenerator::emitConstruct):
        (JSC::BytecodeGenerator::emitCatch):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
        (JSC::DFG::ByteCodeParser::handleInlining):
        (JSC::DFG::ByteCodeParser::parseBlock):
        * dfg/DFGCapabilities.h:
        (JSC::DFG::canCompileOpcode):
        * dfg/DFGOSRExitCompiler.cpp:
        * dfg/DFGOperations.cpp:
        * heap/Heap.h:
        (JSC):
        (JSC::Heap::firstAllocatorWithoutDestructors):
        (Heap):
        * heap/MarkStack.cpp:
        (JSC::visitChildren):
        * heap/MarkedAllocator.h:
        (JSC):
        (MarkedAllocator):
        * heap/MarkedSpace.h:
        (JSC):
        (MarkedSpace):
        (JSC::MarkedSpace::firstAllocator):
        * interpreter/CallFrame.cpp:
        (JSC):
        (JSC::CallFrame::bytecodeOffsetForNonDFGCode):
        (JSC::CallFrame::setBytecodeOffsetForNonDFGCode):
        (JSC::CallFrame::currentVPC):
        (JSC::CallFrame::setCurrentVPC):
        (JSC::CallFrame::trueCallerFrame):
        * interpreter/CallFrame.h:
        (JSC::ExecState::hasReturnPC):
        (JSC::ExecState::clearReturnPC):
        (ExecState):
        (JSC::ExecState::bytecodeOffsetForNonDFGCode):
        (JSC::ExecState::currentVPC):
        (JSC::ExecState::setCurrentVPC):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::Interpreter):
        (JSC::Interpreter::~Interpreter):
        (JSC):
        (JSC::Interpreter::initialize):
        (JSC::Interpreter::isOpcode):
        (JSC::Interpreter::unwindCallFrame):
        (JSC::getCallerInfo):
        (JSC::Interpreter::privateExecute):
        (JSC::Interpreter::retrieveLastCaller):
        * interpreter/Interpreter.h:
        (JSC):
        (Interpreter):
        (JSC::Interpreter::getOpcode):
        (JSC::Interpreter::getOpcodeID):
        (JSC::Interpreter::classicEnabled):
        * interpreter/RegisterFile.h:
        (JSC):
        (RegisterFile):
        * jit/ExecutableAllocator.h:
        (JSC):
        * jit/HostCallReturnValue.cpp: Added.
        (JSC):
        (JSC::getHostCallReturnValueWithExecState):
        * jit/HostCallReturnValue.h: Added.
        (JSC):
        (JSC::initializeHostCallReturnValue):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompileSlowCases):
        (JSC::JIT::privateCompile):
        * jit/JITCode.h:
        (JSC::JITCode::isOptimizingJIT):
        (JITCode):
        (JSC::JITCode::isBaselineCode):
        (JSC::JITCode::JITCode):
        * jit/JITDriver.h:
        (JSC::jitCompileIfAppropriate):
        (JSC::jitCompileFunctionIfAppropriate):
        * jit/JITExceptions.cpp:
        (JSC::jitThrow):
        * jit/JITInlineMethods.h:
        (JSC::JIT::updateTopCallFrame):
        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):
        (JSC):
        * jit/JITStubs.h:
        (JSC):
        * jit/JSInterfaceJIT.h:
        * llint: Added.
        * llint/LLIntCommon.h: Added.
        * llint/LLIntData.cpp: Added.
        (LLInt):
        (JSC::LLInt::Data::Data):
        (JSC::LLInt::Data::performAssertions):
        (JSC::LLInt::Data::~Data):
        * llint/LLIntData.h: Added.
        (JSC):
        (LLInt):
        (Data):
        (JSC::LLInt::Data::exceptionInstructions):
        (JSC::LLInt::Data::opcodeMap):
        (JSC::LLInt::Data::performAssertions):
        * llint/LLIntEntrypoints.cpp: Added.
        (LLInt):
        (JSC::LLInt::getFunctionEntrypoint):
        (JSC::LLInt::getEvalEntrypoint):
        (JSC::LLInt::getProgramEntrypoint):
        * llint/LLIntEntrypoints.h: Added.
        (JSC):
        (LLInt):
        (JSC::LLInt::getEntrypoint):
        * llint/LLIntExceptions.cpp: Added.
        (LLInt):
        (JSC::LLInt::interpreterThrowInCaller):
        (JSC::LLInt::returnToThrowForThrownException):
        (JSC::LLInt::returnToThrow):
        (JSC::LLInt::callToThrow):
        * llint/LLIntExceptions.h: Added.
        (JSC):
        (LLInt):
        * llint/LLIntOfflineAsmConfig.h: Added.
        * llint/LLIntOffsetsExtractor.cpp: Added.
        (JSC):
        (LLIntOffsetsExtractor):
        (JSC::LLIntOffsetsExtractor::dummy):
        (main):
        * llint/LLIntSlowPaths.cpp: Added.
        (LLInt):
        (JSC::LLInt::llint_trace_operand):
        (JSC::LLInt::llint_trace_value):
        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
        (JSC::LLInt::traceFunctionPrologue):
        (JSC::LLInt::shouldJIT):
        (JSC::LLInt::entryOSR):
        (JSC::LLInt::resolveGlobal):
        (JSC::LLInt::getByVal):
        (JSC::LLInt::handleHostCall):
        (JSC::LLInt::setUpCall):
        (JSC::LLInt::genericCall):
        * llint/LLIntSlowPaths.h: Added.
        (JSC):
        (LLInt):
        * llint/LLIntThunks.cpp: Added.
        (LLInt):
        (JSC::LLInt::generateThunkWithJumpTo):
        (JSC::LLInt::functionForCallEntryThunkGenerator):
        (JSC::LLInt::functionForConstructEntryThunkGenerator):
        (JSC::LLInt::functionForCallArityCheckThunkGenerator):
        (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
        (JSC::LLInt::evalEntryThunkGenerator):
        (JSC::LLInt::programEntryThunkGenerator):
        * llint/LLIntThunks.h: Added.
        (JSC):
        (LLInt):
        * llint/LowLevelInterpreter.asm: Added.
        * llint/LowLevelInterpreter.cpp: Added.
        * llint/LowLevelInterpreter.h: Added.
        * offlineasm: Added.
        * offlineasm/armv7.rb: Added.
        * offlineasm/asm.rb: Added.
        * offlineasm/ast.rb: Added.
        * offlineasm/backends.rb: Added.
        * offlineasm/generate_offset_extractor.rb: Added.
        * offlineasm/instructions.rb: Added.
        * offlineasm/offset_extractor_constants.rb: Added.
        * offlineasm/offsets.rb: Added.
        * offlineasm/opt.rb: Added.
        * offlineasm/parser.rb: Added.
        * offlineasm/registers.rb: Added.
        * offlineasm/self_hash.rb: Added.
        * offlineasm/settings.rb: Added.
        * offlineasm/transform.rb: Added.
        * offlineasm/x86.rb: Added.
        * runtime/CodeSpecializationKind.h: Added.
        (JSC):
        * runtime/CommonSlowPaths.h:
        (JSC::CommonSlowPaths::arityCheckFor):
        (CommonSlowPaths):
        * runtime/Executable.cpp:
        (JSC::jettisonCodeBlock):
        (JSC):
        (JSC::EvalExecutable::jitCompile):
        (JSC::samplingDescription):
        (JSC::EvalExecutable::compileInternal):
        (JSC::ProgramExecutable::jitCompile):
        (JSC::ProgramExecutable::compileInternal):
        (JSC::FunctionExecutable::baselineCodeBlockFor):
        (JSC::FunctionExecutable::jitCompileForCall):
        (JSC::FunctionExecutable::jitCompileForConstruct):
        (JSC::FunctionExecutable::compileForCallInternal):
        (JSC::FunctionExecutable::compileForConstructInternal):
        * runtime/Executable.h:
        (JSC):
        (EvalExecutable):
        (ProgramExecutable):
        (FunctionExecutable):
        (JSC::FunctionExecutable::jitCompileFor):
        * runtime/ExecutionHarness.h: Added.
        (JSC):
        (JSC::prepareForExecution):
        (JSC::prepareFunctionForExecution):
        * runtime/JSArray.h:
        (JSC):
        (JSArray):
        * runtime/JSCell.h:
        (JSC):
        (JSCell):
        * runtime/JSFunction.h:
        (JSC):
        (JSFunction):
        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        * runtime/JSGlobalData.h:
        (JSC):
        (JSGlobalData):
        * runtime/JSGlobalObject.h:
        (JSC):
        (JSGlobalObject):
        * runtime/JSObject.h:
        (JSC):
        (JSObject):
        (JSFinalObject):
        * runtime/JSPropertyNameIterator.h:
        (JSC):
        (JSPropertyNameIterator):
        * runtime/JSString.h:
        (JSC):
        (JSString):
        * runtime/JSTypeInfo.h:
        (JSC):
        (TypeInfo):
        * runtime/JSValue.cpp:
        (JSC::JSValue::description):
        * runtime/JSValue.h:
        (LLInt):
        (JSValue):
        * runtime/JSVariableObject.h:
        (JSC):
        (JSVariableObject):
        * runtime/Options.cpp:
        (Options):
        (JSC::Options::initializeOptions):
        * runtime/Options.h:
        (Options):
        * runtime/ScopeChain.h:
        (JSC):
        (ScopeChainNode):
        * runtime/Structure.cpp:
        (JSC::Structure::addPropertyTransition):
        * runtime/Structure.h:
        (JSC):
        (Structure):
        * runtime/StructureChain.h:
        (JSC):
        (StructureChain):
        * wtf/InlineASM.h:
        * wtf/Platform.h:
        * wtf/SentinelLinkedList.h:
        (SentinelLinkedList):
        (WTF::SentinelLinkedList::isEmpty):
        * wtf/text/StringImpl.h:
        (JSC):
        (StringImpl):

2012-02-20  Filip Pizlo  <fpizlo@apple.com>

        Unreviewed, rolling out http://trac.webkit.org/changeset/108291
        It completely broke the 32-bit JIT.

        * heap/CopiedAllocator.h:
        * heap/CopiedSpace.h:
        (CopiedSpace):
        * heap/Heap.h:
        (JSC::Heap::allocatorForObjectWithDestructor):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileSlowCases):
        * jit/JIT.h:
        (JIT):
        * jit/JITInlineMethods.h:
        (JSC):
        * jit/JITOpcodes.cpp:
        (JSC::JIT::emit_op_new_array):
        * runtime/JSArray.cpp:
        (JSC::storageSize):
        (JSC):
        * runtime/JSArray.h:
        (ArrayStorage):
        (JSArray):

2012-02-20  Gavin Barraclough  <barraclough@apple.com>

        [[Put]] should throw if prototype chain contains a readonly property.
        https://bugs.webkit.org/show_bug.cgi?id=79069

        Reviewed by Oliver Hunt.

        Currently we only check the base of the put, not the prototype chain.
        Fold this check in with the test for accessors.

        * runtime/JSObject.cpp:
        (JSC::JSObject::put):
            - Updated to test all objects in the propotype chain for readonly properties.
        (JSC::JSObject::putDirectAccessor):
        (JSC::putDescriptor):
            - Record the presence of readonly properties on the structure.
        * runtime/Structure.cpp:
        (JSC::Structure::Structure):
            - hasGetterSetterPropertiesExcludingProto expanded to hasReadOnlyOrGetterSetterPropertiesExcludingProto.
        * runtime/Structure.h:
        (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto):
        (JSC::Structure::setHasGetterSetterProperties):
            - hasGetterSetterPropertiesExcludingProto expanded to hasReadOnlyOrGetterSetterPropertiesExcludingProto.
        (JSC::Structure::setContainsReadOnlyProperties):
            - Added.

2012-02-20  Mark Hahnenberg  <mhahnenberg@apple.com>

        Implement fast path for op_new_array in the baseline JIT
        https://bugs.webkit.org/show_bug.cgi?id=78612

        Reviewed by Filip Pizlo.

        * heap/CopiedAllocator.h:
        (CopiedAllocator): Friended the JIT to allow access to m_currentOffset.
        * heap/CopiedSpace.h:
        (CopiedSpace): Friended the JIT to allow access to 
        (JSC::CopiedSpace::allocator):
        * heap/Heap.h:
        (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT
        can use it for simple allocation i.e. when we can just bump the offset without having to 
        do anything else.
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when
        we have to bail out because the fast allocation path fails for whatever reason.
        * jit/JIT.h:
        (JIT):
        * jit/JITInlineMethods.h:
        (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to 
        allocate generic backing stores. This function is used by emitAllocateJSArray.
        (JSC):
        (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to 
        more easily allocate JSArrays. This function is used by emit_op_new_array and I expect 
        it will also be used for emit_op_new_array_buffer.
        * jit/JITOpcodes.cpp:
        (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does 
        a stub call for oversize arrays.
        (JSC):
        (JSC::JIT::emitSlow_op_new_array): Just bails out to a stub call if we fail in any way on 
        the fast path.
        * runtime/JSArray.cpp:
        (JSC):
        * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to 
        initialize in the JIT.
        (ArrayStorage):
        (JSC::ArrayStorage::lengthOffset):
        (JSC::ArrayStorage::numValuesInVectorOffset):
        (JSC::ArrayStorage::allocBaseOffset):
        (JSC::ArrayStorage::vectorOffset):
        (JSArray):
        (JSC::JSArray::sparseValueMapOffset):
        (JSC::JSArray::subclassDataOffset):
        (JSC::JSArray::indexBiasOffset):
        (JSC):
        (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file
        to being a static function in the JSArray class. This move allows the JIT to call it to 
        see what size it should allocate.

2012-02-20  Gavin Barraclough  <barraclough@apple.com>

        DefineOwnProperty fails with numeric properties & Object.prototype
        https://bugs.webkit.org/show_bug.cgi?id=79059

        Reviewed by Oliver Hunt.

        ObjectPrototype caches whether it contains any numeric properties (m_hasNoPropertiesWithUInt32Names),
        calls to defineOwnProperty need to update this cache.

        * runtime/ObjectPrototype.cpp:
        (JSC::ObjectPrototype::put):
        (JSC::ObjectPrototype::defineOwnProperty):
        (JSC):
        (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
        * runtime/ObjectPrototype.h:
        (ObjectPrototype):

2012-02-20  Pino Toscano  <pino@debian.org>

        Does not build on GNU Hurd
        https://bugs.webkit.org/show_bug.cgi?id=79045

        Reviewed by Gustavo Noronha Silva.

        * wtf/Platform.h: define WTF_OS_HURD.
        * wtf/ThreadIdentifierDataPthreads.cpp: adds a band-aid fix
        for the lack of PTHREAD_KEYS_MAX definition, with a value which
        should not cause issues.

2012-02-20  Gavin Barraclough  <barraclough@apple.com>

        Unreviewed windows build fix.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2012-02-20  Mark Hahnenberg  <mhahnenberg@apple.com>

        Undoing accidental changes

        * heap/Heap.cpp:
        (JSC::Heap::collectAllGarbage):

2012-02-20  Mark Hahnenberg  <mhahnenberg@apple.com>

        Factor out allocation in CopySpace into a separate CopyAllocator
        https://bugs.webkit.org/show_bug.cgi?id=78610

        Reviewed by Oliver Hunt.

        Added a new CopyAllocator class, which allows us to do allocations without 
        having to load the current offset and store the current offset in the current 
        block. This change will allow us to easily do inline assembly in the JIT for 
        array allocations.

        * GNUmakefile.list.am:
        * JavaScriptCore.gypi:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * heap/CopiedAllocator.h: Added.
        (JSC):
        (CopiedAllocator):
        (JSC::CopiedAllocator::currentBlock):
        (JSC::CopiedAllocator::CopiedAllocator):
        (JSC::CopiedAllocator::allocate):
        (JSC::CopiedAllocator::fitsInCurrentBlock):
        (JSC::CopiedAllocator::wasLastAllocation):
        (JSC::CopiedAllocator::startedCopying):
        (JSC::CopiedAllocator::resetCurrentBlock):
        (JSC::CopiedAllocator::currentUtilization):
        (JSC::CopiedAllocator::resetLastAllocation):
        * heap/CopiedBlock.h:
        (CopiedBlock):
        * heap/CopiedSpace.cpp: Moved some stuff from CopiedSpaceInlineMethods to here because we 
        weren't really getting any benefits from having such big functions in a header file.
        (JSC::CopiedSpace::CopiedSpace):
        (JSC):
        (JSC::CopiedSpace::init):
        (JSC::CopiedSpace::tryAllocateSlowCase):
        (JSC::CopiedSpace::tryAllocateOversize):
        (JSC::CopiedSpace::tryReallocate):
        (JSC::CopiedSpace::tryReallocateOversize):
        (JSC::CopiedSpace::doneFillingBlock):
        (JSC::CopiedSpace::doneCopying):
        (JSC::CopiedSpace::getFreshBlock):
        * heap/CopiedSpace.h:
        (CopiedSpace):
        * heap/CopiedSpaceInlineMethods.h:
        (JSC):
        (JSC::CopiedSpace::startedCopying):
        (JSC::CopiedSpace::addNewBlock):
        (JSC::CopiedSpace::allocateNewBlock):
        (JSC::CopiedSpace::fitsInBlock):
        (JSC::CopiedSpace::tryAllocate):
        (JSC::CopiedSpace::allocateFromBlock):
        * heap/Heap.cpp:
        (JSC::Heap::collectAllGarbage):
        * heap/HeapBlock.h:
        (HeapBlock):

2012-02-20  Patrick Gansterer  <paroga@webkit.org>

        Fix Visual Studio 2010 build.

        * bytecompiler/NodesCodegen.cpp:
        (JSC::PropertyListNode::emitBytecode):

2012-02-16  Gavin Barraclough  <barraclough@apple.com>

        Move special __proto__ property to Object.prototype
        https://bugs.webkit.org/show_bug.cgi?id=78409

        Reviewed by Oliver Hunt.

        Re-implement this as a regular accessor property.  This has three key benefits:
        1) It makes it possible for objects to be given properties named __proto__.
        2) Object.prototype.__proto__ can be deleted, preventing object prototypes from being changed.
        3) This largely removes the magic used the implement __proto__, it can just be made a regular accessor property.

        * parser/Parser.cpp:
        (JSC::::parseFunctionInfo):
            - No need to prohibit functions named __proto__.
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::reset):
            - Add __proto__ accessor to Object.prototype.
        * runtime/JSGlobalObjectFunctions.cpp:
        (JSC::globalFuncProtoGetter):
        (JSC::globalFuncProtoSetter):
            - Definition of the __proto__ accessor functions.
        * runtime/JSGlobalObjectFunctions.h:
            - Declaration of the __proto__ accessor functions.
        * runtime/JSObject.cpp:
        (JSC::JSObject::put):
            - Remove the special handling for __proto__, there is still a check to allow for a fast guard for accessors excluding __proto__.
        (JSC::JSObject::putDirectAccessor):
            - Track on the structure whether an object contains accessors other than one for __proto__.
        (JSC::JSObject::defineOwnProperty):
            - No need to prohibit definition of own properties named __proto__.
        * runtime/JSObject.h:
        (JSC::JSObject::inlineGetOwnPropertySlot):
            - Remove the special handling for __proto__.
        (JSC::JSValue::get):
            - Remove the special handling for __proto__.
        * runtime/JSString.cpp:
        (JSC::JSString::getOwnPropertySlot):
            - Remove the special handling for __proto__.
        * runtime/JSValue.h:
        (JSValue):
            - Made synthesizePrototype public (this may be needed by the __proto__ getter).
        * runtime/ObjectConstructor.cpp:
        (JSC::objectConstructorGetPrototypeOf):
            - Perform the security check & call prototype() directly.
        * runtime/Structure.cpp:
        (JSC::Structure::Structure):
            - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
        * runtime/Structure.h:
        (JSC::Structure::hasGetterSetterPropertiesExcludingProto):
        (JSC::Structure::setHasGetterSetterProperties):
        (Structure):
            - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.

2012-02-20  Michael Saboff  <msaboff@apple.com>

        Update toLower and toUpper tests for Unicode 6.1 changes
        https://bugs.webkit.org/show_bug.cgi?id=78923

        Reviewed by Oliver Hunt.

        * tests/mozilla/ecma/String/15.5.4.11-2.js: Updated the test
        to handle a third set of results for updated Unicode 6.1
        changes.
        (getTestCases):
        (TestCaseMultiExpected):
        (writeTestCaseResultMultiExpected):
        (getTestCaseResultMultiExpected):
        (test):
        (GetUnicodeValues):
        (DecimalToHexString):

2012-02-20  Andy Wingo  <wingo@igalia.com>

        Remove unused features from CodeFeatures
        https://bugs.webkit.org/show_bug.cgi?id=78804

        Reviewed by Gavin Barraclough.

        * parser/Nodes.h:
        * parser/ASTBuilder.h:
        (JSC::ClosureFeature):
        (JSC::ASTBuilder::createFunctionBody):
        (JSC::ASTBuilder::usesClosures):
        Remove "ClosureFeature".  Since we track captured variables more
        precisely, this bit doesn't do us any good.

        (JSC::AssignFeature):
        (JSC::ASTBuilder::makeAssignNode):
        (JSC::ASTBuilder::makePrefixNode):
        (JSC::ASTBuilder::makePostfixNode):
        (JSC::ASTBuilder::usesAssignment):
        Similarly, remove AssignFeature.  It is unused.

2012-02-19  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix make distcheck issues.

        * GNUmakefile.list.am: Add missing files.

2012-02-18  Sam Weinig  <sam@webkit.org>

        Fix style issues in DFG Phase classes
        https://bugs.webkit.org/show_bug.cgi?id=78983

        Reviewed by Ryosuke Niwa.

        * dfg/DFGArithNodeFlagsInferencePhase.cpp:
        * dfg/DFGCFAPhase.cpp:
        * dfg/DFGCSEPhase.cpp:
        * dfg/DFGPredictionPropagationPhase.cpp:
        * dfg/DFGVirtualRegisterAllocationPhase.cpp:
        Add a space before the colon in class declarations.

2012-02-18  Filip Pizlo  <fpizlo@apple.com>

        Attempt to fix Windows build.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2012-02-18  Sam Weinig  <sam@webkit.org>

        Fix the libc++ build.

        Reviewed by Anders Carlsson.

        * heap/Weak.h:
        Libc++'s nullptr emulation does not allow default construction
        of the nullptr_t type. Work around this with the arguably clearer
        just returning nullptr.

2012-02-18  Filip Pizlo  <fpizlo@apple.com>

        DFGPropagator.cpp has too many things
        https://bugs.webkit.org/show_bug.cgi?id=78956

        Reviewed by Oliver Hunt.
        
        Added the notion of a DFG::Phase. Removed DFG::Propagator, and took its
        various things and put them into separate files. These new phases follow
        the naming convention "DFG<name>Phase" where <name> is a noun. They are
        called via functions of the form "perform<name>".

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * dfg/DFGArithNodeFlagsInferencePhase.cpp: Added.
        (DFG):
        (JSC::DFG::performArithNodeFlagsInference):
        * dfg/DFGArithNodeFlagsInferencePhase.h: Added.
        (DFG):
        * dfg/DFGCFAPhase.cpp: Added.
        (DFG):
        (JSC::DFG::performCFA):
        * dfg/DFGCFAPhase.h: Added.
        (DFG):
        * dfg/DFGCSEPhase.cpp: Added.
        (DFG):
        (JSC::DFG::performCSE):
        * dfg/DFGCSEPhase.h: Added.
        (DFG):
        * dfg/DFGDriver.cpp:
        (JSC::DFG::compile):
        * dfg/DFGPhase.cpp: Added.
        (DFG):
        (JSC::DFG::Phase::beginPhase):
        (JSC::DFG::Phase::endPhase):
        * dfg/DFGPhase.h: Added.
        (DFG):
        (Phase):
        (JSC::DFG::Phase::Phase):
        (JSC::DFG::Phase::~Phase):
        (JSC::DFG::Phase::globalData):
        (JSC::DFG::Phase::codeBlock):
        (JSC::DFG::Phase::profiledBlock):
        (JSC::DFG::Phase::beginPhase):
        (JSC::DFG::Phase::endPhase):
        (JSC::DFG::runPhase):
        * dfg/DFGPredictionPropagationPhase.cpp: Added.
        (DFG):
        (JSC::DFG::performPredictionPropagation):
        * dfg/DFGPredictionPropagationPhase.h: Added.
        (DFG):
        * dfg/DFGPropagator.cpp: Removed.
        * dfg/DFGPropagator.h: Removed.
        * dfg/DFGVirtualRegisterAllocationPhase.cpp: Added.
        (DFG):
        (JSC::DFG::performVirtualRegisterAllocation):
        * dfg/DFGVirtualRegisterAllocationPhase.h: Added.
        (DFG):

2012-02-17  Filip Pizlo  <fpizlo@apple.com>

        DFG::Graph should have references to JSGlobalData, the CodeBlock being compiled, and
        the CodeBlock that was used for profiling
        https://bugs.webkit.org/show_bug.cgi?id=78954

        Reviewed by Gavin Barraclough.

        * bytecode/CodeBlock.h:
        (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
        (JSC):
        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::AbstractState):
        (JSC::DFG::AbstractState::execute):
        * dfg/DFGAbstractState.h:
        * dfg/DFGAssemblyHelpers.h:
        (AssemblyHelpers):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::ByteCodeParser):
        (JSC::DFG::ByteCodeParser::handleCall):
        (JSC::DFG::parse):
        * dfg/DFGByteCodeParser.h:
        (DFG):
        * dfg/DFGDriver.cpp:
        (JSC::DFG::compile):
        * dfg/DFGGraph.cpp:
        (JSC::DFG::Graph::dump):
        (JSC::DFG::Graph::predictArgumentTypes):
        * dfg/DFGGraph.h:
        (JSC::DFG::Graph::Graph):
        (Graph):
        (JSC::DFG::Graph::getJSConstantPrediction):
        (JSC::DFG::Graph::addShouldSpeculateInteger):
        (JSC::DFG::Graph::isInt32Constant):
        (JSC::DFG::Graph::isDoubleConstant):
        (JSC::DFG::Graph::isNumberConstant):
        (JSC::DFG::Graph::isBooleanConstant):
        (JSC::DFG::Graph::isFunctionConstant):
        (JSC::DFG::Graph::valueOfJSConstant):
        (JSC::DFG::Graph::valueOfInt32Constant):
        (JSC::DFG::Graph::valueOfNumberConstant):
        (JSC::DFG::Graph::valueOfBooleanConstant):
        (JSC::DFG::Graph::valueOfFunctionConstant):
        (JSC::DFG::Graph::baselineCodeBlockFor):
        (JSC::DFG::Graph::valueProfileFor):
        (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
        * dfg/DFGJITCompiler.h:
        (JSC::DFG::JITCompiler::JITCompiler):
        (JITCompiler):
        * dfg/DFGOSRExit.cpp:
        (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
        * dfg/DFGPropagator.cpp:
        (JSC::DFG::Propagator::Propagator):
        (JSC::DFG::Propagator::isNotNegZero):
        (JSC::DFG::Propagator::isNotZero):
        (JSC::DFG::Propagator::propagateNodePredictions):
        (JSC::DFG::Propagator::doRoundOfDoubleVoting):
        (JSC::DFG::Propagator::globalCFA):
        (JSC::DFG::propagate):
        * dfg/DFGPropagator.h:
        (DFG):
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
        (JSC::DFG::SpeculativeJIT::compileAdd):
        (JSC::DFG::SpeculativeJIT::compileArithSub):
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::isConstant):
        (JSC::DFG::SpeculativeJIT::isJSConstant):
        (JSC::DFG::SpeculativeJIT::isInt32Constant):
        (JSC::DFG::SpeculativeJIT::isDoubleConstant):
        (JSC::DFG::SpeculativeJIT::isNumberConstant):
        (JSC::DFG::SpeculativeJIT::isBooleanConstant):
        (JSC::DFG::SpeculativeJIT::isFunctionConstant):
        (JSC::DFG::SpeculativeJIT::valueOfInt32Constant):