[GTK] Reorganize pkg-config files
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-08-03  Carlos Garcia Campos  <cgarcia@igalia.com>
2
3         [GTK] Reorganize pkg-config files
4         https://bugs.webkit.org/show_bug.cgi?id=65548
5
6         Reviewed by Martin Robinson.
7
8         * GNUmakefile.am:
9         * javascriptcoregtk.pc.in: Renamed from Source/WebKit/gtk/javascriptcoregtk.pc.in.
10
11 2011-08-01  David Levin  <levin@chromium.org>
12
13         Add asserts to RefCounted to make sure ref/deref happens on the right thread.
14         https://bugs.webkit.org/show_bug.cgi?id=31639
15
16         Reviewed by Dmitry Titov.
17
18         * GNUmakefile.list.am: Added new files to the build.
19         * JavaScriptCore.gypi: Ditto.
20         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
21         * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
22         * jit/ExecutableAllocator.h:
23         (JSC::ExecutablePool::ExecutablePool): Turned off checks for this
24         due to not being able to figure out what was guarding it (bug 58091).
25         * parser/SourceProvider.h:
26         (JSC::SourceProvider::SourceProvider): Ditto.
27         * wtf/CMakeLists.txt: Added new files to the build.
28         * wtf/ThreadRestrictionVerifier.h: Added.
29         Everything is done in the header to avoid the issue with exports
30         that are only useful in debug but still needing to export them.
31         * wtf/RefCounted.h:
32         (WTF::RefCountedBase::ref): Added checks using the non thread safe verifier.
33         and filed bug 58171 about making it stricter.
34         (WTF::RefCountedBase::hasOneRef): Ditto.
35         (WTF::RefCountedBase::refCount): Ditto.
36         (WTF::RefCountedBase::setMutexForVerifier): Expose a way to change the checks to be based
37         on a mutex. This is in the header to avoid adding more exports from JavaScriptCore.
38         (WTF::RefCountedBase::deprecatedTurnOffVerifier): Temporary way to turn off verification.
39         Filed bug 58174 to remove this method.
40         (WTF::RefCountedBase::derefBase):
41         * wtf/SizeLimits.cpp: Adjusted the debug size check for RefCounted.
42         * wtf/text/CString.h:
43         (WTF::CStringBuffer::CStringBuffer): Turned off checks for this while a fix is being
44         done in Chromium (bug 58093).
45
46 2011-08-02  Filip Pizlo  <fpizlo@apple.com>
47
48         JSC GC may not be able to reuse partially-free blocks after a
49         full collection
50         https://bugs.webkit.org/show_bug.cgi?id=65585
51
52         Reviewed by Darin Adler.
53         
54         This fixes the linked list management bug.  This fix is performance
55         neutral on SunSpider.
56
57         * heap/NewSpace.cpp:
58         (JSC::NewSpace::removeBlock):
59
60 2011-07-30  Oliver Hunt  <oliver@apple.com>
61
62         Simplify JSFunction creation for functions written in JS
63         https://bugs.webkit.org/show_bug.cgi?id=65422
64
65         Reviewed by Gavin Barraclough.
66
67         Remove hash lookups used to write name property and transition
68         function structure by caching the resultant structure and property
69         offset in JSGlobalObject.  This doesn't impact performance, but
70         we can use this change to make other improvements later.
71
72         * runtime/Executable.cpp:
73         (JSC::FunctionExecutable::FunctionExecutable):
74         * runtime/Executable.h:
75         (JSC::ScriptExecutable::ScriptExecutable):
76         (JSC::FunctionExecutable::jsName):
77         * runtime/JSFunction.cpp:
78         (JSC::JSFunction::JSFunction):
79         * runtime/JSGlobalObject.cpp:
80         (JSC::JSGlobalObject::reset):
81         * runtime/JSGlobalObject.h:
82         (JSC::JSGlobalObject::namedFunctionStructure):
83         (JSC::JSGlobalObject::functionNameOffset):
84
85 2011-08-02  Filip Pizlo  <fpizlo@apple.com>
86
87         JSC GC uses dummy cells to avoid having to remember which cells
88         it has already destroyed
89         https://bugs.webkit.org/show_bug.cgi?id=65556
90
91         Reviewed by Oliver Hunt.
92         
93         This gets rid of dummy cells, and ensures that it's not necessary
94         to invoke a destructor on cells that have already been swept.  In
95         the common case, a block knows that either all of its free cells
96         still need to have destructors called, or none of them do, which
97         minimizes the amount of branching that needs to happen per cell
98         when performing a sweep.
99         
100         This is performance neutral on SunSpider and V8.  It is meant as
101         a stepping stone to simplify the implementation of more
102         sophisticated sweeping algorithms.
103
104         * heap/Heap.cpp:
105         (JSC::CountFunctor::ClearMarks::operator()):
106         * heap/MarkedBlock.cpp:
107         (JSC::MarkedBlock::initForCellSize):
108         (JSC::MarkedBlock::callDestructor):
109         (JSC::MarkedBlock::specializedReset):
110         (JSC::MarkedBlock::reset):
111         (JSC::MarkedBlock::specializedSweep):
112         (JSC::MarkedBlock::sweep):
113         (JSC::MarkedBlock::produceFreeList):
114         (JSC::MarkedBlock::lazySweep):
115         (JSC::MarkedBlock::blessNewBlockForFastPath):
116         (JSC::MarkedBlock::blessNewBlockForSlowPath):
117         (JSC::MarkedBlock::canonicalizeBlock):
118         * heap/MarkedBlock.h:
119         (JSC::MarkedBlock::FreeCell::setNoObject):
120         (JSC::MarkedBlock::setDestructorState):
121         (JSC::MarkedBlock::destructorState):
122         (JSC::MarkedBlock::notifyMayHaveFreshFreeCells):
123         * runtime/JSCell.cpp:
124         * runtime/JSCell.h:
125         (JSC::JSCell::JSCell::JSCell):
126         * runtime/JSGlobalData.cpp:
127         (JSC::JSGlobalData::JSGlobalData):
128         (JSC::JSGlobalData::clearBuiltinStructures):
129         * runtime/JSGlobalData.h:
130         * runtime/Structure.h:
131
132 2011-08-01  Michael Saboff  <msaboff@apple.com>
133
134         Virtual copying of FastMalloc allocated memory causes madvise MADV_FREE_REUSABLE errors
135         https://bugs.webkit.org/show_bug.cgi?id=65502
136
137         Reviewed by Anders Carlsson.
138
139         With the fix of the issues causing madvise MADV_FREE_REUSABLE to fail,
140         added an assert to the return code of madvise to catch any regressions.
141
142         * wtf/TCSystemAlloc.cpp:
143         (TCMalloc_SystemRelease):
144
145 2011-08-02  Anders Carlsson  <andersca@apple.com>
146
147         Fix Windows build.
148
149         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
150
151 2011-08-02  Anders Carlsson  <andersca@apple.com>
152
153         Fix a Windows build error.
154
155         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
156
157 2011-08-02  Filip Pizlo  <fpizlo@apple.com>
158
159         JSC GC is far too conservative about growing the heap size, particularly
160         on desktop platforms
161         https://bugs.webkit.org/show_bug.cgi?id=65438
162
163         Reviewed by Oliver Hunt.
164
165         The minimum heap size is now 16MB instead of 512KB, provided all of the
166         following are true:
167         a) ENABLE(LARGE_HEAP) is set, which currently only happens on
168            x86 targets, but could reasonably happen on any platform that is
169            known to have a decent amount of RAM.
170         b) JSGlobalData is initialized with HeapSize = LargeHeap, which
171            currently only happens when it's the JSDOMWindowBase in WebCore or
172            in the jsc command-line tool.
173            
174         This is a 4.1% speed-up on SunSpider.
175
176         * JavaScriptCore.exp:
177         * heap/Heap.cpp:
178         (JSC::Heap::Heap):
179         (JSC::Heap::collect):
180         * heap/Heap.h:
181         * jsc.cpp:
182         (main):
183         * runtime/JSGlobalData.cpp:
184         (JSC::JSGlobalData::JSGlobalData):
185         (JSC::JSGlobalData::createContextGroup):
186         (JSC::JSGlobalData::create):
187         (JSC::JSGlobalData::createLeaked):
188         (JSC::JSGlobalData::sharedInstance):
189         * runtime/JSGlobalData.h:
190         * wtf/Platform.h:
191
192 2011-08-02  Filip Pizlo  <fpizlo@apple.com>
193
194         JSC does a GC even when the heap still has free pages
195         https://bugs.webkit.org/show_bug.cgi?id=65445
196
197         Reviewed by Oliver Hunt.
198         
199         If the high watermark is not reached, then we allocate new blocks as
200         before.  If the current watermark does reach (or exceed) the high
201         watermark, then we check if there is a block on the free block pool.
202         If there is, we simply allocation from it.  If there isn't, we
203         invoke a collectin as before.  This effectively couples the elastic
204         scavenging to the collector's decision function.  That is, if an
205         application rapidly varies its heap usage (sometimes using more and
206         sometimes less) then the collector will not thrash as it used to.
207         But if heap usage drops and stays low then the scavenger thread and
208         the GC will eventually reach a kind of consensus: the GC will set
209         the watermark low because of low heap usage, and the scavenger thread
210         will steadily eliminate pages from the free page pool, until the size
211         of the free pool is below the high watermark.
212         
213         On command-line, this is neutral on SunSpider and Kraken and a 3% win
214         on V8.  In browser, this is a 1% win on V8 and neutral on the other
215         two.
216
217         * heap/Heap.cpp:
218         (JSC::Heap::allocateSlowCase):
219         (JSC::Heap::allocateBlock):
220         * heap/Heap.h:
221
222 2011-08-02  Jeff Miller  <jeffm@apple.com>
223
224         Move WTF_USE_AVFOUNDATION from JavaScriptCore/wtf/platform.h to WebCore/config.h
225         https://bugs.webkit.org/show_bug.cgi?id=65552
226         
227         Since this is a WebCore feature, there's no need to define it in JavaScriptCore/wtf/platform.h.
228
229         Reviewed by Adam Roben.
230
231         * wtf/Platform.h: Removed WTF_USE_AVFOUNDATION.
232
233 2011-08-01  Jean-luc Brouillet  <jeanluc@chromium.org>
234
235         Removing old source files in gyp files that slow build
236         https://bugs.webkit.org/show_bug.cgi?id=65503
237
238         Reviewed by Adam Barth.
239
240         A number of stale files are listed in the gyp files. These slow the
241         build on Visual Studio 2010. Removing them.
242
243         * JavaScriptCore.gypi:
244
245 2011-07-14  David Levin  <levin@chromium.org>
246
247         currentThread is too slow!
248         https://bugs.webkit.org/show_bug.cgi?id=64577
249
250         Reviewed by Darin Adler and Dmitry Titov.
251
252         The problem is that currentThread results in a pthread_once call which always takes a lock.
253         With this change, currentThread is 10% faster than isMainThread in release mode and only
254         5% slower than isMainThread in debug.
255
256         * wtf/ThreadIdentifierDataPthreads.cpp:
257         (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
258         which is no longer needed because this is called from initializeThreading().
259         (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
260         intialization of the pthread key should already be done.
261         (WTF::ThreadIdentifierData::initialize): Ditto.
262         * wtf/ThreadIdentifierDataPthreads.h:
263         * wtf/ThreadingPthreads.cpp:
264         (WTF::initializeThreading): Acquire the pthread key here.
265
266 2011-08-01  Filip Pizlo  <fpizlo@apple.com>
267
268         DFG JIT sometimes creates speculation check data structures that have
269         invalid information about the format of a register
270         https://bugs.webkit.org/show_bug.cgi?id=65490
271
272         Reviewed by Gavin Barraclough.
273         
274         The code now makes sure to (1) always have correct and up-to-date
275         information about register format at the time that a speculation
276         check is emitted, (2) assert that speculation data is correct
277         inside the speculation check implementation, and (3) avoid creating
278         speculation data altogether if compilation has already failed, since
279         at that point the format data is almost guaranteed to be bogus.
280
281         * dfg/DFGNonSpeculativeJIT.cpp:
282         (JSC::DFG::EntryLocation::EntryLocation):
283         * dfg/DFGSpeculativeJIT.cpp:
284         (JSC::DFG::SpeculationCheck::SpeculationCheck):
285         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
286         (JSC::DFG::SpeculativeJIT::compile):
287         * dfg/DFGSpeculativeJIT.h:
288         (JSC::DFG::SpeculativeJIT::speculationCheck):
289
290 2011-08-01  Filip Pizlo  <fpizlo@apple.com>
291
292         REGRESSION(r92092): Build fails on 64 bit
293         https://bugs.webkit.org/show_bug.cgi?id=65458
294
295         Reviewed by Oliver Hunt.
296         
297         The build was broken because some compilers were smart enough to see
298         an array index out of bounds due to the decision fuction for when to
299         go from precise size classes to imprecise size classes being broken:
300         it would assume that sizes in the range 97..128 belonged to a precise
301         size class when in fact they belonged to an imprecise one.
302         
303         In fact, the code would have run correctly, by way of a fluke, because
304         though the 4th precise size class (for 97..128) didn't exist, the next
305         array over from m_preciseSizeClasses was m_impreciseSizeClasses, and
306         its first entry would have been a size class that is appropriate for
307         allocations in the range 97..128.  However, this relies on specific
308         ordering of fields in NewSpace, so it's still a bug.
309         
310         This fixes the bug by ensuring that allocations larger than 96 use
311         the imprecise size classes.
312
313         * heap/NewSpace.h:
314         (JSC::NewSpace::sizeClassFor):
315
316 2011-07-31  Gavin Barraclough  <barraclough@apple.com>
317
318         https://bugs.webkit.org/show_bug.cgi?id=64679
319         Fix bugs in Array.prototype this handling.
320
321         Unreviewed - rolling out r91290.
322
323         Looks like the wild wild web isn't ready for this yet.
324
325         This change broke http://slides.html5rocks.com/#landing-slide.
326         Interestingly, this might only be due to our lack of bind support -
327         it looks like this site is calling  Array.prototype.slice as a part
328         of its bind implementation.
329
330         * runtime/ArrayPrototype.cpp:
331         (JSC::arrayProtoFuncJoin):
332         (JSC::arrayProtoFuncConcat):
333         (JSC::arrayProtoFuncPop):
334         (JSC::arrayProtoFuncPush):
335         (JSC::arrayProtoFuncReverse):
336         (JSC::arrayProtoFuncShift):
337         (JSC::arrayProtoFuncSlice):
338         (JSC::arrayProtoFuncSort):
339         (JSC::arrayProtoFuncSplice):
340         (JSC::arrayProtoFuncUnShift):
341         (JSC::arrayProtoFuncFilter):
342         (JSC::arrayProtoFuncMap):
343         (JSC::arrayProtoFuncEvery):
344         (JSC::arrayProtoFuncForEach):
345         (JSC::arrayProtoFuncSome):
346         (JSC::arrayProtoFuncReduce):
347         (JSC::arrayProtoFuncReduceRight):
348         (JSC::arrayProtoFuncIndexOf):
349         (JSC::arrayProtoFuncLastIndexOf):
350
351 2011-07-31  Filip Pizlo  <fpizlo@apple.com>
352
353         JSC GC lays out size classes under wrong assumptions about expected
354         object size.
355         https://bugs.webkit.org/show_bug.cgi?id=65437
356
357         Reviewed by Oliver Hunt.
358         
359         Changed the atom size - which is both the smallest allocation size and
360         the smallest possible stepping unit for size class spacing - from
361         8 bytes to 4 pointer-size words.  This is a 1% win on SunSpider.
362
363         * heap/MarkedBlock.h:
364
365 2011-07-31  Filip Pizlo  <fpizlo@apple.com>
366
367         DFG non-speculative JIT does not optimize PutByVal
368         https://bugs.webkit.org/show_bug.cgi?id=65424
369
370         Reviewed by Gavin Barraclough.
371         
372         Added code to emit PutByVal inline fast path.
373
374         * dfg/DFGNonSpeculativeJIT.cpp:
375         (JSC::DFG::NonSpeculativeJIT::compile):
376
377 2011-07-31  Filip Pizlo  <fpizlo@apple.com>
378
379         The JSC garbage collector returns memory to the operating system too
380         eagerly.
381         https://bugs.webkit.org/show_bug.cgi?id=65382
382
383         Reviewed by Oliver Hunt.
384         
385         This introduces a memory reuse model similar to the one in FastMalloc.
386         A periodic scavenger thread runs in the background and returns half the
387         free memory to the OS on each timer fire.  New block allocations first
388         attempt to get the memory from the collector's internal pool, reverting
389         to OS allocation only when this pool is empty.
390
391         * heap/Heap.cpp:
392         (JSC::Heap::Heap):
393         (JSC::Heap::~Heap):
394         (JSC::Heap::destroy):
395         (JSC::Heap::waitForRelativeTimeWhileHoldingLock):
396         (JSC::Heap::waitForRelativeTime):
397         (JSC::Heap::blockFreeingThreadStartFunc):
398         (JSC::Heap::blockFreeingThreadMain):
399         (JSC::Heap::allocateBlock):
400         (JSC::Heap::freeBlocks):
401         (JSC::Heap::releaseFreeBlocks):
402         * heap/Heap.h:
403         * heap/MarkedBlock.cpp:
404         (JSC::MarkedBlock::destroy):
405         (JSC::MarkedBlock::MarkedBlock):
406         (JSC::MarkedBlock::initForCellSize):
407         (JSC::MarkedBlock::reset):
408         * heap/MarkedBlock.h:
409         * wtf/Platform.h:
410
411 2011-07-30  Filip Pizlo  <fpizlo@apple.com>
412
413         DFG JIT speculation failure pass sometimes forgets to emit code to
414         move certain registers.
415         https://bugs.webkit.org/show_bug.cgi?id=65421
416
417         Reviewed by Oliver Hunt.
418         
419         Restructured the offending loops (for gprs and fprs).  It's once again
420         possible to use spreadsheets on docs.google.com.
421
422         * dfg/DFGJITCompiler.cpp:
423         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
424
425 2011-07-30  Patrick Gansterer  <paroga@webkit.org>
426
427         Remove inclusion of MainThread.h from Threading.h
428         https://bugs.webkit.org/show_bug.cgi?id=65081
429
430         Reviewed by Darin Adler.
431
432         Add missing and remove unneeded include statements for MainThread.
433
434         * wtf/CryptographicallyRandomNumber.cpp:
435         * wtf/Threading.h:
436         * wtf/ThreadingPthreads.cpp:
437         * wtf/text/StringStatics.cpp:
438
439 2011-07-30  Oliver Hunt  <oliver@apple.com>
440
441         Reduce the size of JSGlobalObject slightly
442         https://bugs.webkit.org/show_bug.cgi?id=65417
443
444         Reviewed by Dan Bernstein.
445
446         Push a few members that either aren't commonly used,
447         or aren't frequently accessed into a separate struct.
448
449         * runtime/JSGlobalObject.cpp:
450         (JSC::JSGlobalObject::init):
451         (JSC::JSGlobalObject::WeakMapsFinalizer::finalize):
452         * runtime/JSGlobalObject.h:
453         (JSC::JSGlobalObject::JSGlobalObjectRareData::JSGlobalObjectRareData):
454         (JSC::JSGlobalObject::createRareDataIfNeeded):
455         (JSC::JSGlobalObject::setProfileGroup):
456         (JSC::JSGlobalObject::profileGroup):
457         (JSC::JSGlobalObject::registerWeakMap):
458         (JSC::JSGlobalObject::deregisterWeakMap):
459
460 2011-07-30  Balazs Kelemen  <kbalazs@webkit.org>
461
462         MessageQueue::waitForMessageFilteredWithTimeout can triggers an assertion
463         https://bugs.webkit.org/show_bug.cgi?id=65263
464
465         Reviewed by Dmitry Titov.
466
467         * wtf/Deque.h:
468         (WTF::::operator): Don't check the validity of an iterator
469         that will be reassigned right now.
470         * wtf/MessageQueue.h:
471         (WTF::::removeIf): Revert r51198 as I beleave this is the better
472         solution for the problem that was solved by that.
473
474 2011-07-29  Filip Pizlo  <fpizlo@apple.com>
475
476         JSC GC zombie support no longer works, and is likely no longer needed.
477         https://bugs.webkit.org/show_bug.cgi?id=65404
478
479         Reviewed by Darin Adler.
480         
481         This removes zombies, because they no longer work, are not tested, are
482         probably not needed, and are getting in the way of GC optimization
483         work.
484
485         * JavaScriptCore.xcodeproj/project.pbxproj:
486         * heap/Handle.h:
487         (JSC::HandleConverter::operator->):
488         (JSC::HandleConverter::operator*):
489         * heap/HandleHeap.cpp:
490         (JSC::HandleHeap::isValidWeakNode):
491         * heap/Heap.cpp:
492         (JSC::Heap::destroy):
493         (JSC::Heap::collect):
494         * heap/MarkedBlock.cpp:
495         (JSC::MarkedBlock::sweep):
496         * heap/MarkedBlock.h:
497         (JSC::MarkedBlock::clearMarks):
498         * interpreter/Register.h:
499         (JSC::Register::Register):
500         (JSC::Register::operator=):
501         * runtime/ArgList.h:
502         (JSC::MarkedArgumentBuffer::append):
503         (JSC::ArgList::ArgList):
504         * runtime/JSCell.cpp:
505         (JSC::isZombie):
506         * runtime/JSCell.h:
507         * runtime/JSGlobalData.cpp:
508         (JSC::JSGlobalData::JSGlobalData):
509         (JSC::JSGlobalData::clearBuiltinStructures):
510         * runtime/JSGlobalData.h:
511         * runtime/JSValue.h:
512         * runtime/JSValueInlineMethods.h:
513         (JSC::JSValue::JSValue):
514         * runtime/JSZombie.cpp: Removed.
515         * runtime/JSZombie.h: Removed.
516         * runtime/WriteBarrier.h:
517         (JSC::WriteBarrierBase::setEarlyValue):
518         (JSC::WriteBarrierBase::operator*):
519         (JSC::WriteBarrierBase::setWithoutWriteBarrier):
520         * wtf/Platform.h:
521
522 2011-07-29  Filip Pizlo  <fpizlo@apple.com>
523
524         DFG JIT verbose mode provides no details about predictions
525         https://bugs.webkit.org/show_bug.cgi?id=65389
526
527         Reviewed by Darin Adler.
528         
529         Added a print-out of the predictions to the IR dump, with names as follows:
530         "p-bottom" = the parser made no predictions
531         "p-int32" = the parser predicted int32
532         ... (same for array, cell, double, number)
533         "p-top" = the parser made conflicting predictions which will be ignored.
534
535         * dfg/DFGGraph.cpp:
536         (JSC::DFG::Graph::dump):
537         * dfg/DFGGraph.h:
538         (JSC::DFG::predictionToString):
539
540 2011-07-29  Filip Pizlo  <fpizlo@apple.com>
541
542         DFG JIT does not have any way of undoing double speculation.
543         https://bugs.webkit.org/show_bug.cgi?id=65334
544
545         Reviewed by Gavin Barraclough.
546         
547         This adds code to do a branchConvertDoubleToInt on specualtion failure.
548         This is performance-neutral on most benchmarks but does result in
549         a slight improvement in Kraken.
550
551         * dfg/DFGJITCompiler.cpp:
552         (JSC::DFG::GeneralizedRegister::moveTo):
553         (JSC::DFG::GeneralizedRegister::swapWith):
554         (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
555         (JSC::DFG::ShuffledRegister::handleCyclingPermutation):
556         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
557
558 2011-07-29  Filip Pizlo  <fpizlo@apple.com>
559
560         Crash when opening docs.google.com
561         https://bugs.webkit.org/show_bug.cgi?id=65327
562
563         Reviewed by Gavin Barraclough.
564         
565         The speculative JIT was only checking whether a value is an array when
566         we had already checked that it was, rather then when we hadn't.
567
568         * dfg/DFGSpeculativeJIT.cpp:
569         (JSC::DFG::SpeculativeJIT::compile):
570
571 2011-07-28  Oliver Hunt  <oliver@apple.com>
572
573         *_list instructions are only used in one place, where the code is wrong.
574         https://bugs.webkit.org/show_bug.cgi?id=65348
575
576         Reviewed by Darin Adler.
577
578         Simply remove the instructions and all users.  Speeds up the interpreter
579         slightly due to code motion, but otherwise has no effect (because none
580         of the _list instructions are ever used).
581
582         * bytecode/CodeBlock.cpp:
583         (JSC::isPropertyAccess):
584         (JSC::CodeBlock::dump):
585         (JSC::CodeBlock::visitStructures):
586         * bytecode/Instruction.h:
587         * bytecode/Opcode.h:
588         * interpreter/Interpreter.cpp:
589         (JSC::Interpreter::privateExecute):
590         * jit/JIT.cpp:
591         (JSC::JIT::privateCompileMainPass):
592
593 2011-07-28  Gavin Barraclough  <barraclough@apple.com>
594
595         https://bugs.webkit.org/show_bug.cgi?id=65325
596         Performance tweak to parseInt
597
598         Reviewed by Oliver Hunt.
599
600         * runtime/JSGlobalObjectFunctions.cpp:
601         (JSC::globalFuncParseInt):
602             - This change may an existing optimization redundant,
603               cleanup from Darin's comments, plus fix existing bugs.
604
605 2011-07-28  Gavin Barraclough  <barraclough@apple.com>
606
607         https://bugs.webkit.org/show_bug.cgi?id=65325
608         Performance tweak to parseInt
609
610         Reviewed by Oliver Hunt.
611
612         * runtime/JSGlobalObjectFunctions.cpp:
613         (JSC::globalFuncParseInt):
614             - parseInt applied to small positive numbers = floor.
615
616 2011-07-28  Dan Bernstein  <mitz@apple.com>
617
618         Build fix.
619
620         * runtime/Executable.cpp:
621         (JSC::FunctionExecutable::compileForCallInternal):
622
623 2011-07-28  Kent Tamura  <tkent@chromium.org>
624
625         Improve StringImpl::stripWhiteSpace() and simplifyWhiteSpace().
626         https://bugs.webkit.org/show_bug.cgi?id=65300
627
628         Reviewed by Darin Adler.
629
630         r91837 had performance regression of StringImpl::stripWhiteSpace()
631         and simplifyWhiteSpace(). This changes the code so that compilers
632         generates code equivalent to r91836 or piror.
633
634         * wtf/text/StringImpl.cpp:
635         (WTF::StringImpl::stripMatchedCharacters):
636         A template member function for stripWhiteSpace(). This function takes a functor.
637         (WTF::UCharPredicate):
638         A functor for generic predicate for single UChar argument.
639         (WTF::SpaceOrNewlinePredicate):
640         A special functor for isSpaceOrNewline().
641         (WTF::StringImpl::stripWhiteSpace):
642         Use stripmatchedCharacters().
643         (WTF::StringImpl::simplifyMatchedCharactersToSpace):
644         A template member function for simplifyWhiteSpace().
645         (WTF::StringImpl::simplifyWhiteSpace):
646         Use simplifyMatchedCharactersToSpace().
647         * wtf/text/StringImpl.h:
648
649 2011-07-27  Dmitry Lomov  <dslomov@google.com>
650
651         [chromium] Turn on WTF_MULTIPLE_THREADS.
652         https://bugs.webkit.org/show_bug.cgi?id=61017
653         The patch turns on WTF_MULTIPLE_THREADS in chromium and 
654         pushes some relevant initializations from JSC::initializeThreading
655         to WTF::initializeThreading.
656
657         Reviewed by David Levin.
658
659         * runtime/InitializeThreading.cpp:
660         (JSC::initializeThreadingOnce):
661         * wtf/FastMalloc.cpp:
662         (WTF::isForbidden):
663         (WTF::fastMallocForbid):
664         (WTF::fastMallocAllow):
665         * wtf/Platform.h:
666         * wtf/ThreadingPthreads.cpp:
667         (WTF::initializeThreading):
668         * wtf/ThreadingWin.cpp:
669         (WTF::initializeThreading):
670         * wtf/gtk/ThreadingGtk.cpp:
671         (WTF::initializeThreading):
672         * wtf/qt/ThreadingQt.cpp:
673         (WTF::initializeThreading):
674
675 2011-07-27  Mark Hahnenberg  <mhahnenberg@apple.com>
676
677         Remove operator new from JSCell
678         https://bugs.webkit.org/show_bug.cgi?id=64999
679
680         Reviewed by Oliver Hunt.
681
682         Removed the implementation of operator new in JSCell, so any further uses
683         will not successfully link.  Also removed any remaining uses of operator new.
684
685         * API/JSContextRef.cpp:
686         * debugger/DebuggerActivation.h:
687         (JSC::DebuggerActivation::create):
688         * interpreter/Interpreter.cpp:
689         (JSC::Interpreter::execute):
690         (JSC::Interpreter::createExceptionScope):
691         (JSC::Interpreter::privateExecute):
692         * jit/JITStubs.cpp:
693         (JSC::DEFINE_STUB_FUNCTION):
694         * runtime/JSCell.h:
695         * runtime/JSGlobalObject.h:
696         (JSC::JSGlobalObject::create):
697         * runtime/JSStaticScopeObject.h:
698         (JSC::JSStaticScopeObject::create):
699         (JSC::JSStaticScopeObject::JSStaticScopeObject):
700         * runtime/StrictEvalActivation.h:
701         (JSC::StrictEvalActivation::create):
702
703 2011-07-27  Filip Pizlo  <fpizlo@apple.com>
704
705         DFG graph has no notion of double prediction.
706         https://bugs.webkit.org/show_bug.cgi?id=65234
707
708         Reviewed by Gavin Barraclough.
709         
710         Added the notion of PredictDouble, and PredictNumber, which is the least
711         upper bound of PredictInt32 and PredictDouble.  Least upper bound is
712         defined as the bitwise-or of two predictions.  Bottom is defined as 0,
713         and Top is defined as all bits being set.  Added the ability to explicitly
714         distinguish between a node having had a prediction associated with it,
715         and that prediction still being valid (i.e. no conflicting predictions
716         have also been added).  Used this to guard the speculative JIT from
717         speculating Int32 in cases where the graph knows that the value is
718         double, which currently only happens for GetLocal nodes on arguments
719         which were double at compile-time.
720
721         * dfg/DFGGraph.cpp:
722         (JSC::DFG::Graph::predictArgumentTypes):
723         * dfg/DFGGraph.h:
724         (JSC::DFG::isCellPrediction):
725         (JSC::DFG::isArrayPrediction):
726         (JSC::DFG::isInt32Prediction):
727         (JSC::DFG::isDoublePrediction):
728         (JSC::DFG::isNumberPrediction):
729         * dfg/DFGSpeculativeJIT.cpp:
730         (JSC::DFG::SpeculativeJIT::compile):
731         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
732         (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
733         * dfg/DFGSpeculativeJIT.h:
734         (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
735
736 2011-07-27  Gavin Barraclough  <barraclough@apple.com>
737
738         https://bugs.webkit.org/show_bug.cgi?id=65294
739         DFG JIT - may speculate based on wrong arguments.
740
741         Reviewed by Oliver Hunt
742
743         In the case of a DFG compiled function calling to and compiling a second function that
744         also compiles through the DFG JIT (i.e. compilation triggered with DFGOperations.cpp),
745         we call compileFor passing the caller functions exec state, rather than the callee's.
746         This may lead to mis-optimization, since the DFG compiler will example the exec state's
747         arguments on the assumption that these will be passed to the callee - it is wanting the
748         callee exec state, not the caller's exec state.
749
750         Fixing this for all cases of compilation is tricksy, due to the way the numeric sort
751         function is compiled, & the structure of the calls in the Interpreter::execute methods.
752         Only fix for compilation from the JIT, in other calls don't speculate based on arguments
753         for now.
754
755         * dfg/DFGOperations.cpp:
756         * runtime/Executable.cpp:
757         (JSC::tryDFGCompile):
758         (JSC::tryDFGCompileFunction):
759         (JSC::FunctionExecutable::compileForCallInternal):
760         * runtime/Executable.h:
761         (JSC::FunctionExecutable::compileForCall):
762         (JSC::FunctionExecutable::compileFor):
763
764 2011-07-27  Oliver Hunt  <oliver@apple.com>
765
766         Handle callback oriented JSONP
767         https://bugs.webkit.org/show_bug.cgi?id=65271
768
769         Reviewed by Gavin Barraclough.
770
771         Handle the callback oriented versions of JSONP.  The Literal parser
772         now handles <Identifier> (. <Identifier>)* (jsonData).
773
774         * interpreter/Interpreter.cpp:
775         (JSC::Interpreter::execute):
776         * runtime/LiteralParser.cpp:
777         (JSC::LiteralParser::tryJSONPParse):
778         (JSC::LiteralParser::Lexer::lex):
779         * runtime/LiteralParser.h:
780
781 2011-07-27  Stephanie Lewis  <slewis@apple.com>
782
783         Revert http://trac.webkit.org/changeset/90415.
784         Caused a 5% sunspider regression in-browser.
785
786         Unreviewed rollout.
787
788         * bytecode/CodeBlock.cpp:
789         (JSC::CodeBlock::visitAggregate):
790         * heap/Heap.cpp:
791         (JSC::Heap::collectAllGarbage):
792         * heap/MarkStack.h:
793         (JSC::MarkStack::MarkStack):
794         * runtime/JSGlobalData.cpp:
795         (JSC::JSGlobalData::releaseExecutableMemory):
796         * runtime/RegExp.cpp:
797         (JSC::RegExp::compile):
798         (JSC::RegExp::invalidateCode):
799         * runtime/RegExp.h:
800
801 2011-07-27  Shinya Kawanaka  <shinyak@google.com>
802
803         Added an interface to take IsWhiteSpaceFunctionPtr.
804         https://bugs.webkit.org/show_bug.cgi?id=57746
805
806         Reviewed by Kent Tamura.
807
808         * wtf/text/StringImpl.cpp:
809         (WTF::StringImpl::stripWhiteSpace):
810           Added an interface to take IsWhiteSpaceFunctionPtr.
811         (WTF::StringImpl::simplifyWhiteSpace): ditto.
812         * wtf/text/StringImpl.h:
813         * wtf/text/WTFString.cpp:
814         (WTF::String::stripWhiteSpace): ditto.
815         (WTF::String::simplifyWhiteSpace): ditto.
816         * wtf/text/WTFString.h:
817
818 2011-07-27  Filip Pizlo  <fpizlo@apple.com>
819
820         DFG JIT speculation failure code performs incorrect conversions in
821         the case where two registers need to be swapped.
822         https://bugs.webkit.org/show_bug.cgi?id=65233
823
824         Reviewed by Gavin Barraclough.
825         
826         * dfg/DFGJITCompiler.cpp:
827         (JSC::DFG::GeneralizedRegister::swapWith):
828
829 2011-07-26  Mark Hahnenberg  <mhahnenberg@apple.com>
830
831         reduce and reduceRight bind callback's this to null rather than undefined
832         https://bugs.webkit.org/show_bug.cgi?id=62264
833
834         Reviewed by Oliver Hunt.
835
836         Fixed Array.prototype.reduce and Array.prototype.reduceRight so that they behave correctly
837         when calling the callback function without an argument for this, which means it should 
838         be undefined according to ES 15.4.4.21 and 15.4.4.22.
839
840         * runtime/ArrayPrototype.cpp:
841         (JSC::arrayProtoFuncReduce):
842         (JSC::arrayProtoFuncReduceRight):
843
844 2011-07-26  Filip Pizlo  <fpizlo@apple.com>
845
846         JSC command-line tool does not come with any facility for
847         measuring time precisely.
848         https://bugs.webkit.org/show_bug.cgi?id=65223
849
850         Reviewed by Gavin Barraclough.
851         
852         Exposed WTF::currentTime() as currentTimePrecise().
853
854         * jsc.cpp:
855         (GlobalObject::GlobalObject):
856         (functionPreciseTime):
857
858 2011-07-26  Filip Pizlo  <fpizlo@apple.com>
859
860         DFG speculative JIT never emits inline double comparisons, even when it
861         would be obvious more efficient to do so.
862         https://bugs.webkit.org/show_bug.cgi?id=65212
863
864         Reviewed by Gavin Barraclough.
865         
866         This handles the obvious case of inlining double comparisons: it only addresses
867         the speculative JIT, and only for fused compare/branch sequences.  But it does
868         handle the case where both operands are double (and there is no slow path),
869         or where one operand is double and the other is unknown type (in which case it
870         attempts to unbox the double, otherwise taking slow path).  This is an 0.8%
871         speed-up on SunSpider.
872
873         * dfg/DFGSpeculativeJIT.cpp:
874         (JSC::DFG::SpeculativeJIT::convertToDouble):
875         (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
876         (JSC::DFG::SpeculativeJIT::compare):
877         (JSC::DFG::SpeculativeJIT::compile):
878         * dfg/DFGSpeculativeJIT.h:
879         (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
880         (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
881
882 2011-07-26  Filip Pizlo  <fpizlo@apple.com>
883
884         https://bugs.webkit.org/show_bug.cgi?id=64969
885         DFG JIT generates inefficient code for speculation failures.
886
887         Reviewed by Gavin Barraclough.
888         
889         This implements a speculation failure strategy where (1) values spilled on
890         non-speculative but not spilled on speculative are spilled, (2) values that
891         are in registers on both paths are rearranged without ever touching memory,
892         and (3) values spilled on speculative but not spilled on non-speculative are
893         filled.
894         
895         The register shuffling is the most interesting part of this patch.  It
896         constructs a permutation graph for registers.  Each node represents a
897         register, and each directed edge corresponds to the register's value having
898         to be moved to a different register as part of the shuffling.  This is a
899         directed graph where each node may only have 0 or 1 incoming edges, and
900         0 or 1 outgoing edges.  The algorithm then first finds maximal non-cyclic
901         subgraphs where all nodes in the subgraph are reachable from a start node.
902         Such subgraphs always resemble linked lists, and correspond to simply
903         moving the value in the second-to-last register into the last register, and
904         then moving the value in the third-to-last register into the second-to-last
905         register, and so on.  Once these subgraphs are taken care of, the remaining
906         subgraphs are cycles, and are handled using either (a) conversion or no-op
907         if the cycle involves one node, (b) swap if it involves two nodes, or (c)
908         a cyclic shuffle involving a scratch register if there are three or more
909         nodes.
910         
911         * dfg/DFGGenerationInfo.h:
912         (JSC::DFG::needDataFormatConversion):
913         * dfg/DFGJITCompiler.cpp:
914         (JSC::DFG::GeneralizedRegister::GeneralizedRegister):
915         (JSC::DFG::GeneralizedRegister::createGPR):
916         (JSC::DFG::GeneralizedRegister::createFPR):
917         (JSC::DFG::GeneralizedRegister::dump):
918         (JSC::DFG::GeneralizedRegister::findInSpeculationCheck):
919         (JSC::DFG::GeneralizedRegister::findInEntryLocation):
920         (JSC::DFG::GeneralizedRegister::previousDataFormat):
921         (JSC::DFG::GeneralizedRegister::nextDataFormat):
922         (JSC::DFG::GeneralizedRegister::convert):
923         (JSC::DFG::GeneralizedRegister::moveTo):
924         (JSC::DFG::GeneralizedRegister::swapWith):
925         (JSC::DFG::ShuffledRegister::ShuffledRegister):
926         (JSC::DFG::ShuffledRegister::isEndOfNonCyclingPermutation):
927         (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
928         (JSC::DFG::ShuffledRegister::handleCyclingPermutation):
929         (JSC::DFG::ShuffledRegister::lookup):
930         (JSC::DFG::lookupForRegister):
931         (JSC::DFG::NodeToRegisterMap::Tuple::Tuple):
932         (JSC::DFG::NodeToRegisterMap::NodeToRegisterMap):
933         (JSC::DFG::NodeToRegisterMap::set):
934         (JSC::DFG::NodeToRegisterMap::end):
935         (JSC::DFG::NodeToRegisterMap::find):
936         (JSC::DFG::NodeToRegisterMap::clear):
937         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
938         (JSC::DFG::JITCompiler::linkSpeculationChecks):
939         * dfg/DFGJITCompiler.h:
940         * dfg/DFGNonSpeculativeJIT.cpp:
941         (JSC::DFG::EntryLocation::EntryLocation):
942         * dfg/DFGNonSpeculativeJIT.h:
943         * dfg/DFGSpeculativeJIT.cpp:
944         (JSC::DFG::SpeculationCheck::SpeculationCheck):
945         * dfg/DFGSpeculativeJIT.h:
946
947 2011-07-26  Oliver Hunt  <oliver@apple.com>
948
949         Buffer overflow creating error messages for JSON.parse
950         https://bugs.webkit.org/show_bug.cgi?id=65211
951
952         Reviewed by Darin Adler.
953
954         Parse string length to the UString constructor.
955
956         * runtime/LiteralParser.cpp:
957         (JSC::LiteralParser::parse):
958
959 2011-07-26  Mark Hahnenberg  <mhahnenberg@apple.com>
960
961         Refactor automatically generated JS DOM bindings to replace operator new with static create methods
962         https://bugs.webkit.org/show_bug.cgi?id=64732
963
964         Reviewed by Oliver Hunt.
965
966         Replacing the public constructors in the automatically generated JS DOM bindings with static 
967         create methods.  JSByteArray is used by several of these bindings in WebCore.
968
969         * JavaScriptCore.exp:
970         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
971         * runtime/JSByteArray.cpp:
972         (JSC::JSByteArray::create):
973         * runtime/JSByteArray.h:
974
975 2011-07-26  Alexis Menard  <alexis.menard@openbossa.org>
976
977         Unreviewed build fix for Qt/Linux.
978
979         On platforms with no glib and gstreamer we should not build javascriptcore
980         with the Glib support. This is related to http://trac.webkit.org/changeset/91752.
981
982         * wtf/wtf.pri:
983
984 2011-07-26  Juan C. Montemayor  <jmont@apple.com>
985
986         JSON errors should be informative
987         https://bugs.webkit.org/show_bug.cgi?id=63339
988
989         Added error messages to the JSON Parser.
990
991         Reviewed by Oliver Hunt.
992
993         * runtime/JSONObject.cpp:
994         (JSC::JSONProtoFuncParse):
995         * runtime/LiteralParser.cpp:
996         (JSC::LiteralParser::Lexer::lex):
997         (JSC::LiteralParser::Lexer::lexString):
998         (JSC::LiteralParser::Lexer::lexNumber):
999         (JSC::LiteralParser::parse):
1000         * runtime/LiteralParser.h:
1001         (JSC::LiteralParser::getErrorMessage):
1002         (JSC::LiteralParser::Lexer::sawError):
1003         (JSC::LiteralParser::Lexer::getErrorMessage):
1004
1005 2011-07-26  Sheriff Bot  <webkit.review.bot@gmail.com>
1006
1007         Unreviewed, rolling out r91746.
1008         http://trac.webkit.org/changeset/91746
1009         https://bugs.webkit.org/show_bug.cgi?id=65180
1010
1011         It broke SL build (Requested by Ossy on #webkit).
1012
1013         * wtf/text/StringImpl.cpp:
1014         (WTF::StringImpl::stripWhiteSpace):
1015         (WTF::StringImpl::simplifyWhiteSpace):
1016         * wtf/text/StringImpl.h:
1017         * wtf/text/WTFString.cpp:
1018         * wtf/text/WTFString.h:
1019
1020 2011-07-26  Alexis Menard  <alexis.menard@openbossa.org>
1021
1022         Reviewed by Andreas Kling.
1023
1024         [Qt] Change default backend to use GStreamer on Linux and QuickTime on Mac.
1025         https://bugs.webkit.org/show_bug.cgi?id=63472
1026
1027         Enable the bits needed for GStreamer only when QtMultimedia is not used.
1028
1029         * wtf/wtf.pri:
1030
1031 2011-07-26  Shinya Kawanaka  <shinyak@google.com>
1032
1033         Added an interface to take IsWhiteSpaceFunctionPtr.
1034         https://bugs.webkit.org/show_bug.cgi?id=57746
1035
1036         Reviewed by Kent Tamura.
1037
1038         * wtf/text/StringImpl.cpp:
1039         (WTF::StringImpl::stripWhiteSpace):
1040           Added an interface to take IsWhiteSpaceFunctionPtr.
1041         (WTF::StringImpl::simplifyWhiteSpace): ditto.
1042         * wtf/text/StringImpl.h:
1043         * wtf/text/WTFString.cpp:
1044         (WTF::String::stripWhiteSpace): ditto.
1045         (WTF::String::simplifyWhiteSpace): ditto.
1046         * wtf/text/WTFString.h:
1047
1048 2011-07-25  Filip Pizlo  <fpizlo@apple.com>
1049
1050         DFG non-speculative JIT emits inefficient code for arithmetic
1051         involving two registers
1052         https://bugs.webkit.org/show_bug.cgi?id=65160
1053
1054         Reviewed by Gavin Barraclough.
1055         
1056         The non-speculative JIT now emits inline code for double arithmetic, but
1057         still attempts integer arithmetic first.  This is a speed-up on SunSpider
1058         (albeit a small one), and a large speed-up on Kraken.
1059
1060         * dfg/DFGNonSpeculativeJIT.cpp:
1061         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1062
1063 2011-07-25  Ryuan Choi  <ryuan.choi@samsung.com>
1064
1065         [EFL] Build break with --debug after r89153.
1066         https://bugs.webkit.org/show_bug.cgi?id=65150
1067
1068         Unreviewed build fix.
1069
1070         * wtf/CMakeListsEfl.txt: Add missing libraries.
1071
1072 2011-07-25  Filip Pizlo  <fpizlo@apple.com>
1073
1074         DFG non-speculative JIT emits obviously inefficient code for arithmetic
1075         where one operand is a constant.
1076         https://bugs.webkit.org/show_bug.cgi?id=65146
1077
1078         Reviewed by Gavin Barraclough.
1079         
1080         Changed the code to emit double arithmetic inline.
1081
1082         * dfg/DFGNonSpeculativeJIT.cpp:
1083         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1084
1085 2011-07-25  Filip Pizlo  <fpizlo@apple.com>
1086
1087         DFG JIT bytecode parser misuses pointers into objects allocated as part of a
1088         WTF::Vector.
1089         https://bugs.webkit.org/show_bug.cgi?id=65128
1090
1091         Reviewed by Gavin Barraclough.
1092         
1093         The bytecode parser code seems to be right to have a DFGNode& phiNode reference
1094         into the graph, since this makes the code greatly more readable.  This patch
1095         thus makes the minimal change necessary to make the code right: it uses a
1096         pointer (to disambiguate between reloading the pointer and performing a
1097         copy from one location of the vector to another) and reloads it after the
1098         calls to addToGraph().
1099
1100         * dfg/DFGByteCodeParser.cpp:
1101         (JSC::DFG::ByteCodeParser::processPhiStack):
1102
1103 2011-07-25  Sheriff Bot  <webkit.review.bot@gmail.com>
1104
1105         Unreviewed, rolling out r91686.
1106         http://trac.webkit.org/changeset/91686
1107         https://bugs.webkit.org/show_bug.cgi?id=65144
1108
1109         1.5% regression in JSC (Requested by jmontemayor on #webkit).
1110
1111         * runtime/JSONObject.cpp:
1112         (JSC::JSONProtoFuncParse):
1113         * runtime/LiteralParser.cpp:
1114         (JSC::LiteralParser::Lexer::lex):
1115         (JSC::LiteralParser::Lexer::lexString):
1116         (JSC::LiteralParser::Lexer::lexNumber):
1117         (JSC::LiteralParser::parse):
1118         * runtime/LiteralParser.h:
1119
1120 2011-07-25  Jon Lee  <jonlee@apple.com>
1121
1122         Assertion called in ExecutableBase::generatedJITCodeForCall() when JIT is not available
1123         https://bugs.webkit.org/show_bug.cgi?id=65132
1124         <rdar://problem/9836297>
1125         
1126         Reviewed by Oliver Hunt.
1127         
1128         Make sure the JIT is available to use before running the following calls:
1129
1130         * bytecode/CodeBlock.cpp:
1131         (JSC::CodeBlock::unlinkCalls): Added check, return early if JIT is not available.
1132         * bytecode/CodeBlock.h:
1133         (JSC::CodeBlock::addMethodCallLinkInfos): Added assertion.
1134
1135 2011-07-25  Juan C. Montemayor  <jmont@apple.com>
1136
1137         JSON errors should be informative
1138         https://bugs.webkit.org/show_bug.cgi?id=63339
1139
1140         Added error messages to the JSON Parser.
1141
1142         Reviewed by Oliver Hunt.
1143
1144         * runtime/JSONObject.cpp:
1145         (JSC::JSONProtoFuncParse):
1146         * runtime/LiteralParser.cpp:
1147         (JSC::LiteralParser::Lexer::lex):
1148         (JSC::LiteralParser::Lexer::lexString):
1149         (JSC::LiteralParser::Lexer::lexNumber):
1150         (JSC::LiteralParser::parse):
1151         * runtime/LiteralParser.h:
1152         (JSC::LiteralParser::getErrorMessage):
1153         (JSC::LiteralParser::Lexer::sawError):
1154         (JSC::LiteralParser::Lexer::getErrorMessage):
1155
1156 2011-07-25  Filip Pizlo  <fpizlo@apple.com>
1157
1158         X86-64 assembler emits three instructions instead of two for certain
1159         loads and stores.
1160         https://bugs.webkit.org/show_bug.cgi?id=65095
1161
1162         Reviewed by Gavin Barraclough.
1163         
1164         Simply made these four methods in the assembler use the scratch register,
1165         which they were previously avoiding.  It still optimizes for the case where
1166         an absolute address memory accesses is using EAX.  This results in a slight
1167         performance improvement.
1168
1169         * assembler/MacroAssemblerX86_64.h:
1170         (JSC::MacroAssemblerX86_64::load32):
1171         (JSC::MacroAssemblerX86_64::store32):
1172         (JSC::MacroAssemblerX86_64::loadPtr):
1173         (JSC::MacroAssemblerX86_64::storePtr):
1174
1175 2011-07-25  Ryuan Choi  <ryuan.choi@samsung.com>
1176
1177         [EFL] Implement EFL-specific current time and monotonicallyIncreasingTime.
1178         https://bugs.webkit.org/show_bug.cgi?id=64354
1179
1180         Use ecore_time_unix_get which returns unix time as double type for currentTime
1181         and ecore_time_get which uses monotonic clock for monotonicallyIncreasingTime.
1182
1183         Reviewed by Kent Tamura.
1184
1185         * wtf/CurrentTime.cpp:
1186         (WTF::currentTime):
1187         (WTF::monotonicallyIncreasingTime):
1188
1189 2011-07-22  Sommer Panage  <panage@apple.com>
1190
1191         Reviewed by Oliver Hunt.
1192
1193         export JSContextCreateBacktrace as SPI in JSContextRefPrivate.h
1194         https://bugs.webkit.org/show_bug.cgi?id=64981
1195
1196         UIAutomation for iOS would like to support a Javascript backtrace in our error logs.
1197         Currently, the C API does not provide the tools to do this. However, the private API
1198         does expose the necessary functionality to get a backtrace
1199         (via Interpreter::retrieveLastCaller). We recognize this information may result in
1200         failure in the cases of programs run by 'eval', stack frames beneath host function
1201         call frames, and in programs run from other programs. Thus, we propose exporting our
1202         JSContextCreateBacktrace in JSContextRefPrivate.h. This will provide us with the tools
1203         we need while not advertising an API that isn't really ready for full use.
1204
1205         * API/JSContextRef.cpp:
1206         * API/JSContextRefPrivate.h:
1207         * JavaScriptCore.exp:
1208
1209
1210 2011-07-22  Gavin Barraclough  <barraclough@apple.com>
1211
1212         https://bugs.webkit.org/show_bug.cgi?id=65051
1213         DFG JIT - Enable by default for mac platform on x86-64.
1214
1215         Rubber Stamped by Geoff Garen.
1216
1217         This is now a performance progression.
1218
1219         * wtf/Platform.h:
1220             - Removed definition of ENABLE_DFG_JIT_RESTRICTIONS.
1221
1222 2011-07-22  Gavin Barraclough  <barraclough@apple.com>
1223
1224         https://bugs.webkit.org/show_bug.cgi?id=65047
1225         DFG JIT - Add support for op_resolve/op_resolve_base
1226
1227         Reviewed by Sam Weinig.
1228
1229         These are necessary for any significant eval code coverage
1230         (and as such increase LayoutTest coverage).
1231
1232         * dfg/DFGAliasTracker.h:
1233         (JSC::DFG::AliasTracker::recordResolve):
1234             - Conservatively blow aliasing optimizations for now.
1235         * dfg/DFGByteCodeParser.cpp:
1236         (JSC::DFG::ByteCodeParser::parseBlock):
1237             - Add support for op_resolve/op_resolve_base.
1238         * dfg/DFGJITCodeGenerator.h:
1239         (JSC::DFG::JITCodeGenerator::callOperation):
1240             - Add call with exec, identifer aguments.
1241         * dfg/DFGNode.h:
1242             - Add new node types.
1243         (JSC::DFG::Node::hasIdentifier):
1244             - Resolve nodes have identifiers, too!
1245         * dfg/DFGNonSpeculativeJIT.cpp:
1246         (JSC::DFG::NonSpeculativeJIT::compile):
1247             - Add generation for new Nodes.
1248         * dfg/DFGOperations.cpp:
1249         * dfg/DFGOperations.h:
1250             - Added new operations.
1251         * dfg/DFGSpeculativeJIT.cpp:
1252         (JSC::DFG::SpeculativeJIT::compile):
1253             - Add generation for new Nodes.
1254
1255 2011-07-22  Gavin Barraclough  <barraclough@apple.com>
1256
1257         https://bugs.webkit.org/show_bug.cgi?id=65036
1258         Messing with the register allocation within flow control = badness.
1259
1260         Reviewed by Sam Weinig.
1261
1262         * dfg/DFGNonSpeculativeJIT.cpp:
1263         (JSC::DFG::NonSpeculativeJIT::compile):
1264             - Fix register allocation.
1265
1266 2011-07-22  Mark Hahnenberg  <mhahnenberg@apple.com>
1267
1268         Date.prototype.toISOString doesn't handle negative years or years > 9999 correctly.
1269         https://bugs.webkit.org/show_bug.cgi?id=63986
1270
1271         Reviewed by Geoffrey Garen.
1272
1273         Changed the implementation of Date.prototype.toISOString() to use the extended year
1274         format (+/-yyyyyy) for years outside of [0,9999] to be in compliance with ES 15.9.1.15.1.
1275
1276         * runtime/DatePrototype.cpp:
1277         (JSC::dateProtoFuncToISOString):
1278
1279 2011-07-21  Gavin Barraclough  <barraclough@apple.com>
1280
1281         Windows build fix
1282
1283         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1284
1285 2011-07-21  Ryosuke Niwa  <rniwa@webkit.org>
1286
1287         Build fix after r91555.
1288
1289         * JavaScriptCore.exp:
1290
1291 2011-07-21  Gavin Barraclough  <barraclough@apple.com>
1292
1293         https://bugs.webkit.org/show_bug.cgi?id=19271
1294         eliminate PIC branches by changing NaN handling in JSValue::toNumber
1295
1296         Reviewed by Sam Weinig.
1297
1298         Moving the non-numeric cases out of line seems to be a consistent
1299         win on SunSpider for me, to the order of about 0.5%.
1300
1301         * runtime/JSCell.h:
1302         (JSC::JSCell::JSValue::toNumber):
1303             - Changed to only handle values that are already numbers, moce non-numeric cases out of line.
1304         * runtime/JSValue.cpp:
1305         (JSC::JSValue::toNumberSlowCase):
1306             - Added toNumberSlowCase, handling non-numeric cases.
1307         * runtime/JSValue.h:
1308             - Add declaration of toNumberSlowCase.
1309
1310 2011-07-21  Gavin Barraclough  <barraclough@apple.com>
1311
1312         https://bugs.webkit.org/show_bug.cgi?id=64875
1313         Use of `yield` keyword is broken
1314
1315         Reviewed by Sam Weinig.
1316
1317         * parser/Lexer.cpp:
1318         (JSC::Lexer::parseIdentifier):
1319             - The bug here is that a successful match of a RESERVED_IF_STRICT token from
1320               parseKeyword is being nullified back to IDENT. The problem is that in the
1321               case of IDENT matches parseKeyword should not move the lexer's input
1322               position, but in the case of RESERVED_IF_STRICT it has done so.
1323
1324 2011-07-21  Gavin Barraclough  <barraclough@apple.com>
1325
1326         https://bugs.webkit.org/show_bug.cgi?id=64900
1327         Function.prototype.apply should accept an array-like object as its second argument
1328
1329         Reviewed by Sam Weinig.
1330
1331         * interpreter/Interpreter.cpp:
1332         (JSC::Interpreter::privateExecute):
1333         * jit/JITStubs.cpp:
1334         (JSC::DEFINE_STUB_FUNCTION):
1335         * runtime/FunctionPrototype.cpp:
1336         (JSC::functionProtoFuncApply):
1337             - Remove the type error if object is not an array.
1338
1339 2011-07-21  Gavin Barraclough  <barraclough@apple.com>
1340
1341         https://bugs.webkit.org/show_bug.cgi?id=64964
1342         DFG JIT - Enable support for eval code
1343
1344         Reviewed by Sam Weinig.
1345
1346         This is basically the same as program code, to the JIT!
1347
1348         * bytecode/Opcode.cpp:
1349         * bytecode/Opcode.h:
1350             - Enable opcodeNames in !NDEBUG builds.
1351         * dfg/DFGOperations.cpp:
1352             - Fix a bug exposed by eval support, throw correct type error for new.
1353         * runtime/Executable.cpp:
1354         (JSC::EvalExecutable::compileInternal):
1355             - Enable DFG JIT for eval code.
1356
1357 2011-07-20  Sheriff Bot  <webkit.review.bot@gmail.com>
1358
1359         Unreviewed, rolling out r91380.
1360         http://trac.webkit.org/changeset/91380
1361         https://bugs.webkit.org/show_bug.cgi?id=64924
1362
1363         Caused assertion failures in Chromium's IndexedDB tests
1364         (Requested by rniwa on #webkit).
1365
1366         * wtf/ThreadIdentifierDataPthreads.cpp:
1367         (WTF::ThreadIdentifierData::identifier):
1368         (WTF::ThreadIdentifierData::initialize):
1369         (WTF::ThreadIdentifierData::initializeKeyOnceHelper):
1370         (WTF::ThreadIdentifierData::initializeKeyOnce):
1371         * wtf/ThreadIdentifierDataPthreads.h:
1372         * wtf/ThreadingPthreads.cpp:
1373         (WTF::initializeThreading):
1374
1375 2011-07-20  Filip Pizlo  <fpizlo@apple.com>
1376
1377         DFG non-speculative JIT does not use() the aliased GetByVal,
1378         resulting in bloated use counts.
1379         https://bugs.webkit.org/show_bug.cgi?id=64911
1380
1381         Reviewed by Gavin Barraclough.
1382         
1383         Inserted a call to use() for the aliased GetByVal.
1384
1385         * dfg/DFGNonSpeculativeJIT.cpp:
1386         (JSC::DFG::NonSpeculativeJIT::compile):
1387
1388 2011-07-20  Gavin Barraclough  <barraclough@apple.com>
1389
1390         https://bugs.webkit.org/show_bug.cgi?id=64909
1391         DFG JIT - Missing ToInt32 conversions for double constants.
1392
1393         Reviewed by Sam Weinig.
1394
1395         * dfg/DFGByteCodeParser.cpp:
1396         (JSC::DFG::ByteCodeParser::toInt32):
1397             - We cannot trivially omit ToInt32 conversions on double constants.
1398
1399 2011-07-20  Filip Pizlo  <fpizlo@apple.com>
1400
1401         DFG speculative JIT sometimes claims to use compare operands twice, leading to
1402         use count corruption.
1403         https://bugs.webkit.org/show_bug.cgi?id=64903
1404
1405         Reviewed by Gavin Barraclough.
1406         
1407         Move the calls to use() in SpeculativeJIT::compare() so that they only happen
1408         if the JITCodeGenerator's helper method (which also calls use()) is not called.
1409
1410         * dfg/DFGSpeculativeJIT.cpp:
1411         (JSC::DFG::SpeculativeJIT::compare):
1412
1413 2011-07-20  Oliver Hunt  <oliver@apple.com>
1414
1415         Don't throw away code when JSGarbageCollect API is called
1416         https://bugs.webkit.org/show_bug.cgi?id=64894
1417
1418         Reviewed by Sam Weinig.
1419
1420         Just call collectAllGarbage.  That will clean up all unneeded
1421         code without causing any pathological recompilation problems.
1422
1423         * API/JSBase.cpp:
1424         (JSGarbageCollect):
1425
1426 2011-07-20  Oliver Hunt  <oliver@apple.com>
1427
1428         Codeblock doesn't visit cached structures in global resolve instructions
1429         https://bugs.webkit.org/show_bug.cgi?id=64889
1430
1431         Reviewed by Sam Weinig.
1432
1433         Visit the global resolve instructions.  This fixes a couple
1434         of random crashes seen in the jquery tests when using the
1435         interpreter.
1436
1437         * bytecode/CodeBlock.cpp:
1438         (JSC::CodeBlock::visitAggregate):
1439
1440 2011-07-20  James Robinson  <jamesr@chromium.org>
1441
1442         Revert worker and WebKit2 runloops to use currentTime() for scheduling instead of the monotonic clock
1443         https://bugs.webkit.org/show_bug.cgi?id=64841
1444
1445         Reviewed by Mark Rowe.
1446
1447         http://trac.webkit.org/changeset/91206 converted most of WebKit's deferred work scheduling to using the
1448         monotonic clock instead of WTF::currentTime().  This broke many plugin tests on WebKit2 for reasons that are
1449         unclear.  This reverts everything except for WebCore::ThreadTimers back to the previous behavior.
1450
1451         * wtf/ThreadingPthreads.cpp:
1452         (WTF::ThreadCondition::timedWait):
1453         * wtf/ThreadingWin.cpp:
1454         (WTF::absoluteTimeToWaitTimeoutInterval):
1455         * wtf/gtk/ThreadingGtk.cpp:
1456         (WTF::ThreadCondition::timedWait):
1457         * wtf/qt/ThreadingQt.cpp:
1458         (WTF::ThreadCondition::timedWait):
1459
1460 2011-07-14  David Levin  <levin@chromium.org>
1461
1462         currentThread is too slow!
1463         https://bugs.webkit.org/show_bug.cgi?id=64577
1464
1465         Reviewed by Darin Adler and Dmitry Titov.
1466
1467         The problem is that currentThread results in a pthread_once call which always takes a lock.
1468         With this change, currentThread is 10% faster than isMainThread in release mode and only
1469         5% slower than isMainThread in debug.
1470
1471         * wtf/ThreadIdentifierDataPthreads.cpp:
1472         (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
1473         which is no longer needed because this is called from initializeThreading().
1474         (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
1475         intialization of the pthread key should already be done.
1476         (WTF::ThreadIdentifierData::initialize): Ditto.
1477         * wtf/ThreadIdentifierDataPthreads.h:
1478         * wtf/ThreadingPthreads.cpp:
1479         (WTF::initializeThreading): Acquire the pthread key here.
1480
1481 2011-07-20  Mark Rowe  <mrowe@apple.com>
1482
1483         Fix the 32-bit build.
1484
1485         * runtime/ObjectPrototype.cpp:
1486         (JSC::objectProtoFuncToString):
1487
1488 2011-07-19  Gavin Barraclough  <barraclough@apple.com>
1489
1490         https://bugs.webkit.org/show_bug.cgi?id=64678
1491         Fix bugs in Object.prototype this handling.
1492
1493         Reviewed by Darin Adler.
1494
1495         Fix ES5.1 correctness issues identified by Mads Ager.
1496
1497         * runtime/ObjectPrototype.cpp:
1498         (JSC::objectProtoFuncToString):
1499             - ES5.1 expects toString of undefined/null to produce "[object Undefined]"/"[object Null]".
1500
1501 2011-07-19  Mark Hahnenberg  <mhahnenberg@apple.com>
1502
1503         [JSC] WebKit allocates gigabytes of memory when doing repeated string concatenation
1504         https://bugs.webkit.org/show_bug.cgi?id=63918
1505
1506         Reviewed by Darin Adler.
1507
1508         When allocating JSStrings during concatenation, we needed to call the Heap's reportExtraMemoryCost
1509         method due to additional string copying within several of the constructors when dealing with 
1510         UStrings.  This has been added to the UString version of the appendStringInConstruct method 
1511         within the JSString class.
1512
1513         * runtime/JSString.h:
1514         (JSC::RopeBuilder::JSString):
1515         (JSC::RopeBuilder::appendStringInConstruct):
1516
1517 2011-07-19  Gavin Barraclough  <barraclough@apple.com>
1518
1519         https://bugs.webkit.org/show_bug.cgi?id=64679
1520         Fix bugs in Array.prototype this handling.
1521
1522         Reviewed by Oliver Hunt.
1523
1524         * runtime/ArrayPrototype.cpp:
1525         (JSC::arrayProtoFuncJoin):
1526         (JSC::arrayProtoFuncConcat):
1527         (JSC::arrayProtoFuncPop):
1528         (JSC::arrayProtoFuncPush):
1529         (JSC::arrayProtoFuncReverse):
1530         (JSC::arrayProtoFuncShift):
1531         (JSC::arrayProtoFuncSlice):
1532         (JSC::arrayProtoFuncSort):
1533         (JSC::arrayProtoFuncSplice):
1534         (JSC::arrayProtoFuncUnShift):
1535         (JSC::arrayProtoFuncFilter):
1536         (JSC::arrayProtoFuncMap):
1537         (JSC::arrayProtoFuncEvery):
1538         (JSC::arrayProtoFuncForEach):
1539         (JSC::arrayProtoFuncSome):
1540         (JSC::arrayProtoFuncReduce):
1541         (JSC::arrayProtoFuncReduceRight):
1542         (JSC::arrayProtoFuncIndexOf):
1543         (JSC::arrayProtoFuncLastIndexOf):
1544             - These methods should throw if this value is undefined.
1545
1546 2011-07-19  Gavin Barraclough  <barraclough@apple.com>
1547
1548         https://bugs.webkit.org/show_bug.cgi?id=64677
1549         Fix bugs in String.prototype this handling.
1550
1551         Reviewed by Oliver Hunt.
1552
1553         undefined/null this values should throw TypeErrors, not convert to
1554         the global object, and primitive values should not be converted via
1555         object types.
1556
1557         * runtime/StringPrototype.cpp:
1558         (JSC::stringProtoFuncReplace):
1559         (JSC::stringProtoFuncCharAt):
1560         (JSC::stringProtoFuncCharCodeAt):
1561         (JSC::stringProtoFuncIndexOf):
1562         (JSC::stringProtoFuncLastIndexOf):
1563         (JSC::stringProtoFuncMatch):
1564         (JSC::stringProtoFuncSearch):
1565         (JSC::stringProtoFuncSlice):
1566         (JSC::stringProtoFuncSplit):
1567         (JSC::stringProtoFuncSubstr):
1568         (JSC::stringProtoFuncSubstring):
1569         (JSC::stringProtoFuncToLowerCase):
1570         (JSC::stringProtoFuncToUpperCase):
1571         (JSC::stringProtoFuncLocaleCompare):
1572         (JSC::stringProtoFuncBig):
1573         (JSC::stringProtoFuncSmall):
1574         (JSC::stringProtoFuncBlink):
1575         (JSC::stringProtoFuncBold):
1576         (JSC::stringProtoFuncFixed):
1577         (JSC::stringProtoFuncItalics):
1578         (JSC::stringProtoFuncStrike):
1579         (JSC::stringProtoFuncSub):
1580         (JSC::stringProtoFuncSup):
1581         (JSC::stringProtoFuncFontcolor):
1582         (JSC::stringProtoFuncFontsize):
1583         (JSC::stringProtoFuncAnchor):
1584         (JSC::stringProtoFuncLink):
1585         (JSC::trimString):
1586             - These methods should throw if this value is undefined,
1587               convert ToString directly, not via ToObject.
1588
1589 2011-07-19  Filip Pizlo  <fpizlo@apple.com>
1590
1591         DFG JIT sometimes emits spill code even when the respective values
1592         are never needed.
1593         https://bugs.webkit.org/show_bug.cgi?id=64774
1594
1595         Reviewed by Gavin Barraclough.
1596         
1597         The main high-level change is that it is now easier to call use() on a
1598         virtual register.  JSValueOperand and its other-typed relatives now have
1599         a handy use() method, and jsValueResult() and friends now make it easier to
1600         pass UseChildrenCalledExplicitly.
1601         
1602         The rest of this patch hoists the call to use() as high as possible for
1603         all of those cases where either flushRegisters() or silentSpillAllRegisters()
1604         may be called.
1605
1606         * dfg/DFGJITCodeGenerator.cpp:
1607         (JSC::DFG::JITCodeGenerator::cachedGetById):
1608         (JSC::DFG::JITCodeGenerator::cachedGetMethod):
1609         (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
1610         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
1611         (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
1612         (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
1613         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
1614         (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
1615         (JSC::DFG::JITCodeGenerator::emitBranch):
1616         * dfg/DFGJITCodeGenerator.h:
1617         (JSC::DFG::JITCodeGenerator::use):
1618         (JSC::DFG::JITCodeGenerator::integerResult):
1619         (JSC::DFG::JITCodeGenerator::jsValueResult):
1620         (JSC::DFG::IntegerOperand::use):
1621         (JSC::DFG::DoubleOperand::use):
1622         (JSC::DFG::JSValueOperand::use):
1623         * dfg/DFGNonSpeculativeJIT.cpp:
1624         (JSC::DFG::NonSpeculativeJIT::valueToNumber):
1625         (JSC::DFG::NonSpeculativeJIT::valueToInt32):
1626         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1627         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1628         (JSC::DFG::NonSpeculativeJIT::compile):
1629         * dfg/DFGSpeculativeJIT.cpp:
1630         (JSC::DFG::SpeculativeJIT::compile):
1631         * dfg/DFGSpeculativeJIT.h:
1632         (JSC::DFG::SpeculateStrictInt32Operand::use):
1633         (JSC::DFG::SpeculateCellOperand::use):
1634
1635 2011-07-19  Xan Lopez  <xlopez@igalia.com>
1636
1637         ARMv7 backend broken, lacks 3 parameter rshift32 method
1638         https://bugs.webkit.org/show_bug.cgi?id=64571
1639
1640         Reviewed by Zoltan Herczeg.
1641
1642         * assembler/MacroAssemblerARMv7.h:
1643         (JSC::MacroAssemblerARMv7::rshift32): add missing rshift32 method.
1644
1645 2011-07-18  Filip Pizlo  <fpizlo@apple.com>
1646
1647         DFG JIT does not optimize strict equality as effectively as the old JIT does.
1648         https://bugs.webkit.org/show_bug.cgi?id=64759
1649
1650         Reviewed by Gavin Barraclough.
1651         
1652         This adds a more complete set of strict equality optimizations.  If either
1653         operand is known numeric, then the code reverts to the old style of optimizing
1654         (first try integer comparison).  Otherwise it uses the old JIT's trick of
1655         first simultaneously checking if both operands are either numbers or cells;
1656         if not then a fast path is taken.
1657
1658         * dfg/DFGJITCodeGenerator.cpp:
1659         (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
1660         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
1661         (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
1662         * dfg/DFGJITCodeGenerator.h:
1663         * dfg/DFGNonSpeculativeJIT.cpp:
1664         (JSC::DFG::NonSpeculativeJIT::compile):
1665         * dfg/DFGOperations.cpp:
1666         * dfg/DFGOperations.h:
1667         * dfg/DFGSpeculativeJIT.cpp:
1668         (JSC::DFG::SpeculativeJIT::compile):
1669
1670 2011-07-18  Gavin Barraclough  <barraclough@apple.com>
1671
1672         https://bugs.webkit.org/show_bug.cgi?id=64760
1673         DFG JIT - Should be able to compile program code.
1674
1675         Reviewed by Geoff Garen.
1676
1677         Add support for op_end, hooks to compile program code in Executable.cpp.
1678
1679         * dfg/DFGByteCodeParser.cpp:
1680         (JSC::DFG::ByteCodeParser::parseBlock):
1681             - Add support for op_end
1682         * dfg/DFGJITCompiler.cpp:
1683         (JSC::DFG::JITCompiler::compileEntry):
1684         (JSC::DFG::JITCompiler::compileBody):
1685         (JSC::DFG::JITCompiler::link):
1686             - Added, separate out steps of compileFunction.
1687         (JSC::DFG::JITCompiler::compile):
1688             - Added, compile program code.
1689         (JSC::DFG::JITCompiler::compileFunction):
1690             - Sections separated out to helper functions.
1691         * dfg/DFGJITCompiler.h:
1692         (JSC::DFG::JITCompiler::JITCompiler):
1693             - Added m_exceptionCheckCount.
1694         * runtime/Executable.cpp:
1695         (JSC::tryDFGCompile):
1696         (JSC::tryDFGCompileFunction):
1697         (JSC::ProgramExecutable::compileInternal):
1698         (JSC::FunctionExecutable::compileForCallInternal):
1699             - Renamed tryDFGCompile to tryDFGCompileFunction, added tryDFGCompile to compile program code.
1700
1701 2011-07-18  Gavin Barraclough  <barraclough@apple.com>
1702
1703         https://bugs.webkit.org/show_bug.cgi?id=64678
1704         Fix bugs in Object.prototype this handling.
1705
1706         Reviewed by Oliver Hunt.
1707
1708         undefined/null this values should throw TypeErrors, not convert to the global object,
1709         also, to toLocaleString should be calling the ToObject & invoking the object's toString
1710         function, even for values that are already strings.
1711
1712         * runtime/ObjectPrototype.cpp:
1713         (JSC::objectProtoFuncValueOf):
1714         (JSC::objectProtoFuncHasOwnProperty):
1715         (JSC::objectProtoFuncIsPrototypeOf):
1716         (JSC::objectProtoFuncPropertyIsEnumerable):
1717         (JSC::objectProtoFuncToLocaleString):
1718         (JSC::objectProtoFuncToString):
1719
1720 2011-07-18  Filip Pizlo  <fpizlo@apple.com>
1721
1722         JSC GC lazy sweep does not inline the common cases of cell destruction.
1723         https://bugs.webkit.org/show_bug.cgi?id=64745
1724
1725         Reviewed by Oliver Hunt.
1726         
1727         This inlines the case of JSFinalObject destruction.
1728
1729         * heap/MarkedBlock.cpp:
1730         (JSC::MarkedBlock::lazySweep):
1731
1732 2011-07-18  Oliver Hunt  <oliver@apple.com>
1733
1734         Interpreter build-fix
1735
1736         * interpreter/Interpreter.cpp:
1737         (JSC::Interpreter::privateExecute):
1738
1739 2011-07-18  Filip Pizlo  <fpizlo@apple.com>
1740
1741         DFG JIT does not optimize equal-null comparisons and branches.
1742         https://bugs.webkit.org/show_bug.cgi?id=64659
1743
1744         Reviewed by Gavin Barraclough.
1745         
1746         Added a peephole-aware compare-to-null implementation to JITCodeGenerator,
1747         which is used by both the speculative and non-speculative JIT.  Through
1748         the use of the new isNullConstant helper, the two JITs invoke the
1749         nonSpecualtiveCompareNull() helper instead of their regular comparison
1750         helpers when compiling CompareEq.  Through the use of the new isKnownCell
1751         helper, the compare-null code will skip the is-a-cell check if the
1752         speculative JIT had been speculating cell.
1753
1754         * dfg/DFGJITCodeGenerator.cpp:
1755         (JSC::DFG::JITCodeGenerator::isKnownCell):
1756         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
1757         (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
1758         (JSC::DFG::JITCodeGenerator::nonSpeculativeCompareNull):
1759         * dfg/DFGJITCodeGenerator.h:
1760         (JSC::DFG::JITCodeGenerator::isNullConstant):
1761         * dfg/DFGNonSpeculativeJIT.cpp:
1762         (JSC::DFG::NonSpeculativeJIT::compile):
1763         * dfg/DFGOperations.cpp:
1764         * dfg/DFGSpeculativeJIT.cpp:
1765         (JSC::DFG::SpeculativeJIT::compile):
1766
1767 2011-07-18  James Robinson  <jamesr@chromium.org>
1768
1769         Timer scheduling should be based off the monotonic clock
1770         https://bugs.webkit.org/show_bug.cgi?id=64544
1771
1772         Reviewed by Darin Adler.
1773
1774         Switches ThreadCondition::timedWait and related utility functions from currentTime() to
1775         monotonicallyIncreasingTime().
1776
1777         Add WTF::monotonicallyIncreasingTime() to list of exported functions so it can be accessed from WebCore/WebKit.
1778
1779         * JavaScriptCore.exp:
1780         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1781         * wtf/ThreadingPthreads.cpp:
1782         (WTF::ThreadCondition::timedWait):
1783         * wtf/ThreadingWin.cpp:
1784         (WTF::absoluteTimeToWaitTimeoutInterval):
1785         * wtf/gtk/ThreadingGtk.cpp:
1786         (WTF::ThreadCondition::timedWait):
1787         * wtf/qt/ThreadingQt.cpp:
1788         (WTF::ThreadCondition::timedWait):
1789
1790 2011-07-18  Filip Pizlo  <fpizlo@apple.com>
1791
1792         JSC JIT does not inline GC allocation fast paths
1793         https://bugs.webkit.org/show_bug.cgi?id=64582
1794
1795         Reviewed by Oliver Hunt.
1796
1797         This addresses inlining allocation for the easiest-to-allocate cases:
1798         op_new_object and op_create_this.  Inlining GC allocation fast paths
1799         required three changes.  First, the JSGlobalData now saves the vtable
1800         pointer of JSFinalObject, since that's what op_new_object and
1801         op_create_this allocate.  Second, the Heap exposes a reference to
1802         the appropriate SizeClass, so that the JIT may inline accesses
1803         directly to the SizeClass for JSFinalObject allocations.  And third,
1804         the JIT is extended with code to emit inline fast paths for GC
1805         allocation.  A stub call is emitted in the case where the inline fast
1806         path fails.
1807
1808         * heap/Heap.h:
1809         (JSC::Heap::sizeClassFor):
1810         (JSC::Heap::allocate):
1811         * jit/JIT.cpp:
1812         (JSC::JIT::privateCompileSlowCases):
1813         * jit/JIT.h:
1814         * jit/JITInlineMethods.h:
1815         (JSC::JIT::emitAllocateJSFinalObject):
1816         * jit/JITOpcodes.cpp:
1817         (JSC::JIT::emit_op_new_object):
1818         (JSC::JIT::emitSlow_op_new_object):
1819         (JSC::JIT::emit_op_create_this):
1820         (JSC::JIT::emitSlow_op_create_this):
1821         * jit/JITOpcodes32_64.cpp:
1822         (JSC::JIT::emit_op_new_object):
1823         (JSC::JIT::emitSlow_op_new_object):
1824         (JSC::JIT::emit_op_create_this):
1825         (JSC::JIT::emitSlow_op_create_this):
1826         * runtime/JSGlobalData.cpp:
1827         (JSC::JSGlobalData::storeVPtrs):
1828         * runtime/JSGlobalData.h:
1829         * runtime/JSObject.h:
1830         (JSC::JSFinalObject::JSFinalObject):
1831         (JSC::JSObject::offsetOfInheritorID):
1832
1833 2011-07-18  Mark Hahnenberg  <mhahnenberg@apple.com>
1834
1835         Refactor JSC to replace JSCell::operator new with static create method
1836         https://bugs.webkit.org/show_bug.cgi?id=64466
1837
1838         Reviewed by Oliver Hunt (oliver@apple.com) and Darin Adler (darin@apple.com).
1839
1840         First step in a longer refactoring process to remove the use of
1841         operator new overloading in order to allocate GC objects and to replace
1842         this method with static create methods for each individual type of heap-allocated
1843         JS object.  This particular patch only deals with replacing uses of
1844         operator new within JSC proper.  Future patches will remove it from the
1845         parts that interface with the DOM.  Due to the DOM's continued dependence
1846         on it, operator new has not actually been removed from JSCell.
1847
1848         * API/JSCallbackConstructor.h:
1849         (JSC::JSCallbackConstructor::create):
1850         * API/JSCallbackFunction.h:
1851         (JSC::JSCallbackFunction::create):
1852         * API/JSCallbackObject.h:
1853         (JSC::JSCallbackObject::operator new):
1854         (JSC::JSCallbackObject::create):
1855         * API/JSCallbackObjectFunctions.h:
1856         (JSC::::staticFunctionGetter):
1857         * API/JSClassRef.cpp:
1858         (OpaqueJSClass::prototype):
1859         * API/JSContextRef.cpp:
1860         * API/JSObjectRef.cpp:
1861         (JSObjectMake):
1862         (JSObjectMakeFunctionWithCallback):
1863         (JSObjectMakeConstructor):
1864         * JavaScriptCore.exp:
1865         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1866         * bytecode/CodeBlock.cpp:
1867         (JSC::CodeBlock::createActivation):
1868         * bytecompiler/BytecodeGenerator.cpp:
1869         (JSC::BytecodeGenerator::BytecodeGenerator):
1870         * bytecompiler/BytecodeGenerator.h:
1871         (JSC::BytecodeGenerator::makeFunction):
1872         * bytecompiler/NodesCodegen.cpp:
1873         (JSC::RegExpNode::emitBytecode):
1874         * interpreter/Interpreter.cpp:
1875         (JSC::Interpreter::privateExecute):
1876         (JSC::Interpreter::retrieveArguments):
1877         * jit/JITStubs.cpp:
1878         (JSC::DEFINE_STUB_FUNCTION):
1879         * jsc.cpp:
1880         (GlobalObject::create):
1881         (GlobalObject::GlobalObject):
1882         (functionRun):
1883         (jscmain):
1884         * runtime/Arguments.h:
1885         (JSC::Arguments::create):
1886         (JSC::Arguments::createNoParameters):
1887         * runtime/ArrayConstructor.cpp:
1888         (JSC::constructArrayWithSizeQuirk):
1889         * runtime/ArrayConstructor.h:
1890         (JSC::ArrayConstructor::create):
1891         * runtime/ArrayPrototype.cpp:
1892         (JSC::arrayProtoFuncSplice):
1893         * runtime/ArrayPrototype.h:
1894         (JSC::ArrayPrototype::create):
1895         * runtime/BooleanConstructor.cpp:
1896         (JSC::constructBoolean):
1897         (JSC::constructBooleanFromImmediateBoolean):
1898         * runtime/BooleanConstructor.h:
1899         (JSC::BooleanConstructor::create):
1900         * runtime/BooleanObject.h:
1901         (JSC::BooleanObject::create):
1902         * runtime/BooleanPrototype.h:
1903         (JSC::BooleanPrototype::create):
1904         * runtime/DateConstructor.cpp:
1905         (JSC::constructDate):
1906         * runtime/DateConstructor.h:
1907         (JSC::DateConstructor::create):
1908         * runtime/DateInstance.h:
1909         (JSC::DateInstance::create):
1910         * runtime/DatePrototype.h:
1911         (JSC::DatePrototype::create):
1912         * runtime/Error.cpp:
1913         (JSC::createError):
1914         (JSC::createEvalError):
1915         (JSC::createRangeError):
1916         (JSC::createReferenceError):
1917         (JSC::createSyntaxError):
1918         (JSC::createTypeError):
1919         (JSC::createURIError):
1920         (JSC::StrictModeTypeErrorFunction::create):
1921         (JSC::createTypeErrorFunction):
1922         * runtime/ErrorConstructor.h:
1923         (JSC::ErrorConstructor::create):
1924         * runtime/ErrorInstance.cpp:
1925         (JSC::ErrorInstance::ErrorInstance):
1926         (JSC::ErrorInstance::create):
1927         * runtime/ErrorInstance.h:
1928         * runtime/ErrorPrototype.cpp:
1929         (JSC::ErrorPrototype::ErrorPrototype):
1930         * runtime/ErrorPrototype.h:
1931         (JSC::ErrorPrototype::create):
1932         * runtime/ExceptionHelpers.cpp:
1933         (JSC::InterruptedExecutionError::InterruptedExecutionError):
1934         (JSC::InterruptedExecutionError::create):
1935         (JSC::createInterruptedExecutionException):
1936         (JSC::TerminatedExecutionError::TerminatedExecutionError):
1937         (JSC::TerminatedExecutionError::create):
1938         (JSC::createTerminatedExecutionException):
1939         * runtime/Executable.cpp:
1940         (JSC::FunctionExecutable::FunctionExecutable):
1941         (JSC::FunctionExecutable::fromGlobalCode):
1942         * runtime/Executable.h:
1943         (JSC::ExecutableBase::create):
1944         (JSC::NativeExecutable::create):
1945         (JSC::ScriptExecutable::ScriptExecutable):
1946         (JSC::EvalExecutable::create):
1947         (JSC::ProgramExecutable::create):
1948         (JSC::FunctionExecutable::create):
1949         (JSC::FunctionExecutable::make):
1950         * runtime/FunctionConstructor.cpp:
1951         (JSC::constructFunctionSkippingEvalEnabledCheck):
1952         * runtime/FunctionConstructor.h:
1953         (JSC::FunctionConstructor::create):
1954         * runtime/FunctionPrototype.cpp:
1955         (JSC::FunctionPrototype::addFunctionProperties):
1956         * runtime/FunctionPrototype.h:
1957         (JSC::FunctionPrototype::create):
1958         * runtime/GetterSetter.h:
1959         (JSC::GetterSetter::create):
1960         * runtime/JSAPIValueWrapper.h:
1961         (JSC::JSAPIValueWrapper::create):
1962         (JSC::jsAPIValueWrapper):
1963         * runtime/JSActivation.cpp:
1964         (JSC::JSActivation::argumentsGetter):
1965         * runtime/JSActivation.h:
1966         (JSC::JSActivation::create):
1967         * runtime/JSArray.h:
1968         (JSC::JSArray::create):
1969         * runtime/JSCell.h:
1970         (JSC::JSCell::allocateCell):
1971         * runtime/JSFunction.h:
1972         (JSC::JSFunction::create):
1973         * runtime/JSGlobalObject.cpp:
1974         (JSC::JSGlobalObject::init):
1975         (JSC::JSGlobalObject::reset):
1976         * runtime/JSGlobalObject.h:
1977         (JSC::constructEmptyArray):
1978         (JSC::constructArray):
1979         * runtime/JSNotAnObject.h:
1980         (JSC::JSNotAnObject::create):
1981         * runtime/JSONObject.h:
1982         (JSC::JSONObject::create):
1983         * runtime/JSObject.cpp:
1984         (JSC::JSObject::defineGetter):
1985         (JSC::JSObject::defineSetter):
1986         (JSC::putDescriptor):
1987         * runtime/JSObject.h:
1988         (JSC::JSFinalObject::create):
1989         * runtime/JSPropertyNameIterator.cpp:
1990         (JSC::JSPropertyNameIterator::create):
1991         * runtime/JSPropertyNameIterator.h:
1992         (JSC::JSPropertyNameIterator::create):
1993         * runtime/JSString.cpp:
1994         (JSC::JSString::substringFromRope):
1995         (JSC::JSString::replaceCharacter):
1996         (JSC::StringObject::create):
1997         * runtime/JSString.h:
1998         (JSC::RopeBuilder::JSString):
1999         (JSC::RopeBuilder::create):
2000         (JSC::RopeBuilder::createHasOtherOwner):
2001         (JSC::jsSingleCharacterString):
2002         (JSC::jsSingleCharacterSubstring):
2003         (JSC::jsNontrivialString):
2004         (JSC::jsString):
2005         (JSC::jsSubstring):
2006         (JSC::jsOwnedString):
2007         * runtime/JSValue.cpp:
2008         (JSC::JSValue::toObjectSlowCase):
2009         (JSC::JSValue::synthesizeObject):
2010         (JSC::JSValue::synthesizePrototype):
2011         * runtime/Lookup.cpp:
2012         (JSC::setUpStaticFunctionSlot):
2013         * runtime/MathObject.h:
2014         (JSC::MathObject::create):
2015         * runtime/NativeErrorConstructor.cpp:
2016         (JSC::NativeErrorConstructor::NativeErrorConstructor):
2017         * runtime/NativeErrorConstructor.h:
2018         (JSC::NativeErrorConstructor::create):
2019         * runtime/NativeErrorPrototype.h:
2020         (JSC::NativeErrorPrototype::create):
2021         * runtime/NumberConstructor.cpp:
2022         (JSC::constructWithNumberConstructor):
2023         * runtime/NumberConstructor.h:
2024         (JSC::NumberConstructor::create):
2025         * runtime/NumberObject.cpp:
2026         (JSC::constructNumber):
2027         * runtime/NumberObject.h:
2028         (JSC::NumberObject::create):
2029         * runtime/NumberPrototype.h:
2030         (JSC::NumberPrototype::create):
2031         * runtime/ObjectConstructor.h:
2032         (JSC::ObjectConstructor::create):
2033         * runtime/ObjectPrototype.h:
2034         (JSC::ObjectPrototype::create):
2035         * runtime/Operations.h:
2036         (JSC::jsString):
2037         * runtime/RegExp.cpp:
2038         (JSC::RegExp::RegExp):
2039         (JSC::RegExp::createWithoutCaching):
2040         (JSC::RegExp::create):
2041         * runtime/RegExp.h:
2042         * runtime/RegExpCache.cpp:
2043         (JSC::RegExpCache::lookupOrCreate):
2044         * runtime/RegExpConstructor.cpp:
2045         (JSC::RegExpConstructor::arrayOfMatches):
2046         (JSC::constructRegExp):
2047         * runtime/RegExpConstructor.h:
2048         (JSC::RegExpConstructor::create):
2049         * runtime/RegExpMatchesArray.h:
2050         (JSC::RegExpMatchesArray::create):
2051         * runtime/RegExpObject.h:
2052         (JSC::RegExpObject::create):
2053         * runtime/RegExpPrototype.cpp:
2054         (JSC::regExpProtoFuncCompile):
2055         * runtime/RegExpPrototype.h:
2056         (JSC::RegExpPrototype::create):
2057         * runtime/ScopeChain.h:
2058         (JSC::ScopeChainNode::create):
2059         (JSC::ScopeChainNode::push):
2060         * runtime/SmallStrings.cpp:
2061         (JSC::SmallStrings::createEmptyString):
2062         (JSC::SmallStrings::createSingleCharacterString):
2063         * runtime/StringConstructor.cpp:
2064         (JSC::constructWithStringConstructor):
2065         * runtime/StringConstructor.h:
2066         (JSC::StringConstructor::create):
2067         * runtime/StringObject.h:
2068         (JSC::StringObject::create):
2069         * runtime/StringObjectThatMasqueradesAsUndefined.h:
2070         (JSC::StringObjectThatMasqueradesAsUndefined::create):
2071         * runtime/StringPrototype.cpp:
2072         (JSC::stringProtoFuncMatch):
2073         (JSC::stringProtoFuncSearch):
2074         * runtime/StringPrototype.h:
2075         (JSC::StringPrototype::create):
2076         * runtime/Structure.h:
2077         (JSC::Structure::create):
2078         (JSC::Structure::createStructure):
2079         * runtime/StructureChain.h:
2080         (JSC::StructureChain::create):
2081
2082 2011-07-17  Ryuan Choi  <ryuan.choi@samsung.com>
2083
2084         [EFL] Refactor scheduleDispatchFunctionsOnMainThread to fix crash.
2085         https://bugs.webkit.org/show_bug.cgi?id=64337
2086
2087         Replace ecore_timer_add to Ecore_Pipe.
2088         This is needed because ecore_timer should not be called in a child thread,
2089         but in the main thread.
2090
2091         Reviewed by Antonio Gomes.
2092
2093         * wtf/efl/MainThreadEfl.cpp:
2094         (WTF::pipeObject):
2095         (WTF::monitorDispatchFunctions):
2096         (WTF::initializeMainThreadPlatform):
2097         (WTF::scheduleDispatchFunctionsOnMainThread):
2098
2099 2011-07-17  Filip Pizlo  <fpizlo@apple.com>
2100
2101         DFG JIT operationCompareEqual does not inline JSValue::equalSlowCaseInline.
2102         https://bugs.webkit.org/show_bug.cgi?id=64637
2103
2104         Reviewed by Gavin Barraclough.
2105
2106         * dfg/DFGOperations.cpp:
2107
2108 2011-07-16  Gavin Barraclough  <barraclough@apple.com>
2109
2110         https://bugs.webkit.org/show_bug.cgi?id=64657
2111         Converted this value not preserved when accessed via direct eval.
2112
2113         Reviewed by Oliver Hunt.
2114
2115         Upon entry into a non-strict function, primitive this values should be boxed as Object types
2116         (or substituted with the global object) - which is done by op_convert_this. However we only
2117         do so where this is used lexically within the function (we omit the conversion op if not).
2118         The problem comes if a direct eval (running within the function's scope) accesses the this
2119         value.
2120
2121         We are safe in the case of a single eval, since the this object will be converted within
2122         callEval, however the converted value is not preserved, and a new wrapper object is allocated
2123         each time eval is invoked. This is inefficient and incorrect, since any changes to the wrapper
2124         object will be lost between eval statements.
2125
2126         * bytecompiler/BytecodeGenerator.cpp:
2127         (JSC::BytecodeGenerator::BytecodeGenerator):
2128             - If a function uses eval, we always need to convert this.
2129         * interpreter/Interpreter.cpp:
2130         (JSC::Interpreter::execute):
2131             - Don't convert primitive values here - this is too late!
2132         (JSC::Interpreter::privateExecute):
2133             - Changed op_convert_this to call new isPrimitive method.
2134         * jit/JITStubs.cpp:
2135         (JSC::DEFINE_STUB_FUNCTION):
2136             - Changed op_convert_this to call new isPrimitive method.
2137         * runtime/JSCell.h:
2138         (JSC::JSCell::JSValue::isPrimitive):
2139             - Added JSValue::isPrimitive.
2140         * runtime/JSValue.h:
2141             - Added JSValue::isPrimitive.
2142
2143 2011-07-16  Filip Pizlo  <fpizlo@apple.com>
2144
2145         DFG JIT compare/branch code emits is-integer tests even when a value is
2146         definitely not an integer.
2147         https://bugs.webkit.org/show_bug.cgi?id=64654
2148
2149         Reviewed by Gavin Barraclough.
2150         
2151         Added the isKnownNotInteger() method, which returns true if a node is
2152         definitely not an integer and will always fail any is-integer test.  Then
2153         modified the compare and branch code to use this method; if it returns
2154         true then is-int tests are omitted and the compiler always emits a slow
2155         call.
2156
2157         * dfg/DFGJITCodeGenerator.cpp:
2158         (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
2159         (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
2160         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
2161         (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
2162         * dfg/DFGJITCodeGenerator.h:
2163         * dfg/DFGSpeculativeJIT.cpp:
2164         (JSC::DFG::SpeculativeJIT::compare):
2165
2166 2011-07-16  Filip Pizlo  <fpizlo@apple.com>
2167
2168         DFG speculative JIT has dead code for slow calls for branches.
2169         https://bugs.webkit.org/show_bug.cgi?id=64653
2170
2171         Reviewed by Gavin Barraclough.
2172         
2173         Removed SpeculativeJIT::compilePeepHoleCall.
2174
2175         * dfg/DFGSpeculativeJIT.cpp:
2176         * dfg/DFGSpeculativeJIT.h:
2177
2178 2011-07-15  Mark Rowe  <mrowe@apple.com>
2179
2180         Fix the build.
2181
2182         * dfg/DFGGraph.h:
2183
2184 2011-07-15  Gavin Barraclough  <barraclough@apple.com>
2185
2186         NativeError.prototype objects have [[Class]] of "Object" but should be "Error"
2187         https://bugs.webkit.org/show_bug.cgi?id=55346
2188
2189         Reviewed by Sam Weinig.
2190
2191         * runtime/ErrorPrototype.cpp:
2192         (JSC::ErrorPrototype::ErrorPrototype):
2193             - Switch to putDirect since we're not the only ones tranitioning this Structure now.
2194         * runtime/NativeErrorPrototype.cpp:
2195         (JSC::NativeErrorPrototype::NativeErrorPrototype):
2196         * runtime/NativeErrorPrototype.h:
2197             - Switch base class to ErrorPrototype.
2198
2199 2011-07-15  Gavin Barraclough  <barraclough@apple.com>
2200
2201         DFG JIT - Where arguments passed are integers, speculate this.
2202         https://bugs.webkit.org/show_bug.cgi?id=64630
2203
2204         Reviewed by Sam Weinig.
2205
2206         Presently the DFG JIT is overly aggressively predicting double.
2207         Use a bit of dynamic information, and curtail this a little.
2208
2209         * dfg/DFGGraph.cpp:
2210         (JSC::DFG::Graph::predictArgumentTypes):
2211             - Check for integer arguments.
2212         * dfg/DFGGraph.h:
2213             - Function declaration.
2214         * runtime/Executable.cpp:
2215         (JSC::tryDFGCompile):
2216         (JSC::FunctionExecutable::compileForCallInternal):
2217             - Add call to predictArgumentTypes.
2218
2219 2011-07-15  Filip Pizlo  <fpizlo@apple.com>
2220
2221         DFG JIT is inconsistent about fusing branches and speculating
2222         integer comparisons for branches.
2223         https://bugs.webkit.org/show_bug.cgi?id=64573
2224
2225         Reviewed by Gavin Barraclough.
2226         
2227         This patch moves some of NonSpeculativeJIT's functionality up into the
2228         JITCodeGenerator superclass so that it can be used from both JITs.  Now,
2229         in cases where the speculative JIT doesn't want to speculate but still
2230         wants to emit good code, it can reliably emit the same code sequence as
2231         the non-speculative JIT.  This patch also extends the non-speculative
2232         JIT's compare optimizations to include compare/branch fusing, and
2233         extends the speculative JIT's compare optimizations to cover StrictEqual.
2234
2235         * dfg/DFGJITCodeGenerator.cpp:
2236         (JSC::DFG::JITCodeGenerator::isKnownInteger):
2237         (JSC::DFG::JITCodeGenerator::isKnownNumeric):
2238         (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
2239         (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
2240         * dfg/DFGJITCodeGenerator.h:
2241         (JSC::DFG::JITCodeGenerator::detectPeepHoleBranch):
2242         * dfg/DFGNonSpeculativeJIT.cpp:
2243         (JSC::DFG::NonSpeculativeJIT::compile):
2244         * dfg/DFGNonSpeculativeJIT.h:
2245         * dfg/DFGOperations.cpp:
2246         * dfg/DFGSpeculativeJIT.cpp:
2247         (JSC::DFG::SpeculativeJIT::compare):
2248         (JSC::DFG::SpeculativeJIT::compile):
2249         * dfg/DFGSpeculativeJIT.h:
2250         * wtf/Platform.h:
2251
2252 2011-07-14  Gavin Barraclough  <barraclough@apple.com>
2253
2254         https://bugs.webkit.org/show_bug.cgi?id=64250
2255         Global strict mode function leaking global object as "this".
2256
2257         Reviewed by Oliver Hunt.
2258
2259         The root problem here is that we pass the wrong values into
2260         calls, and then try to fix them up in the callee. Correct
2261         behaviour per the spec is to pass in the value undefined,
2262         as this unless either (1) the function call is based on an
2263         explicit property access or (2) the base of the call comes
2264         directly from a 'with'.
2265
2266         This change does away with the need for this conversion of
2267         objects (non strict code should only box primitives), and
2268         does away with all this conversion for strict functions.
2269
2270         This patch may have web compatibility ramifications, and may
2271         require some advocacy.
2272
2273         * bytecode/CodeBlock.cpp:
2274         (JSC::CodeBlock::dump):
2275             - Removed op_convert_this_strict, added op_resolve_with_this.
2276         * bytecode/Opcode.h:
2277             - Removed op_convert_this_strict, added op_resolve_with_this.
2278         * bytecompiler/BytecodeGenerator.cpp:
2279         (JSC::BytecodeGenerator::BytecodeGenerator):
2280         (JSC::BytecodeGenerator::emitResolveWithThis):
2281             - Removed op_convert_this_strict, added op_resolve_with_this.
2282         * bytecompiler/BytecodeGenerator.h:
2283             - Removed op_convert_this_strict, added op_resolve_with_this.
2284         * bytecompiler/NodesCodegen.cpp:
2285         (JSC::EvalFunctionCallNode::emitBytecode):
2286         (JSC::FunctionCallResolveNode::emitBytecode):
2287             - Removed op_convert_this_strict, added op_resolve_with_this.
2288         * dfg/DFGSpeculativeJIT.cpp:
2289         (JSC::DFG::SpeculativeJIT::compile):
2290             - Change NeedsThisConversion check to test for JSString's vptr
2291               (objects no longer need conversion).
2292         * interpreter/Interpreter.cpp:
2293         (JSC::Interpreter::resolveThisAndProperty):
2294             - Based on resolveBaseAndProperty, but produce correct this value.
2295         (JSC::Interpreter::privateExecute):
2296             - Removed op_convert_this_strict, added op_resolve_with_this.
2297         * interpreter/Interpreter.h:
2298         * jit/JIT.cpp:
2299         (JSC::JIT::privateCompileMainPass):
2300         (JSC::JIT::privateCompileSlowCases):
2301             - Removed op_convert_this_strict, added op_resolve_with_this.
2302         * jit/JIT.h:
2303         * jit/JITOpcodes.cpp:
2304         (JSC::JIT::emit_op_resolve_with_this):
2305             - Removed op_convert_this_strict, added op_resolve_with_this.
2306         (JSC::JIT::emit_op_convert_this):
2307         (JSC::JIT::emitSlow_op_convert_this):
2308             - Change NeedsThisConversion check to test for JSString's vptr
2309               (objects no longer need conversion).
2310         * jit/JITOpcodes32_64.cpp:
2311         (JSC::JIT::emit_op_resolve_with_this):
2312             - Removed op_convert_this_strict, added op_resolve_with_this.
2313         (JSC::JIT::emit_op_convert_this):
2314         (JSC::JIT::emitSlow_op_convert_this):
2315             - Change NeedsThisConversion check to test for JSString's vptr
2316               (objects no longer need conversion).
2317         * jit/JITStubs.cpp:
2318         (JSC::DEFINE_STUB_FUNCTION):
2319             - Removed op_convert_this_strict, added op_resolve_with_this.
2320         * jit/JITStubs.h:
2321             - Removed op_convert_this_strict, added op_resolve_with_this.
2322         * runtime/JSActivation.h:
2323             - removed NeedsThisConversion flag, added IsEnvironmentRecord.
2324         * runtime/JSStaticScopeObject.h:
2325             - removed NeedsThisConversion flag, added IsEnvironmentRecord.
2326         * runtime/JSString.h:
2327         (JSC::RopeBuilder::createStructure):
2328             - removed NeedsThisConversion.
2329         * runtime/JSTypeInfo.h:
2330         (JSC::TypeInfo::isEnvironmentRecord):
2331         (JSC::TypeInfo::overridesHasInstance):
2332             - removed NeedsThisConversion flag, added IsEnvironmentRecord.
2333         * runtime/JSValue.h:
2334             - removed NeedsThisConversion.
2335         * runtime/JSVariableObject.h:
2336             - Corrected StructureFlags inheritance.
2337         * runtime/StrictEvalActivation.h:
2338         (JSC::StrictEvalActivation::createStructure):
2339             - Added IsEnvironmentRecord to StructureFlags, addded createStructure.
2340         * runtime/Structure.h:
2341             - removed NeedsThisConversion.
2342         * tests/mozilla/ecma/String/15.5.4.6-2.js:
2343         (getTestCases):
2344             - Removed invalid test case.
2345
2346 2011-07-15  Sheriff Bot  <webkit.review.bot@gmail.com>
2347
2348         Unreviewed, rolling out r91082, r91087, and r91089.
2349         http://trac.webkit.org/changeset/91082
2350         http://trac.webkit.org/changeset/91087
2351         http://trac.webkit.org/changeset/91089
2352         https://bugs.webkit.org/show_bug.cgi?id=64616
2353
2354         gtk tests are failing a lot after this change. (Requested by
2355         dave_levin on #webkit).
2356
2357         * wtf/ThreadIdentifierDataPthreads.cpp:
2358         (WTF::ThreadIdentifierData::identifier):
2359         (WTF::ThreadIdentifierData::initialize):
2360         (WTF::ThreadIdentifierData::initializeKeyOnceHelper):
2361         (WTF::ThreadIdentifierData::initializeKeyOnce):
2362         * wtf/ThreadIdentifierDataPthreads.h:
2363         * wtf/ThreadingPthreads.cpp:
2364         (WTF::initializeThreading):
2365
2366 2011-07-15  David Levin  <levin@chromium.org>
2367
2368         Another attempted build fix.
2369
2370         * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
2371         up the definition of PTHREAD_KEYS_MAX.
2372
2373 2011-07-15  David Levin  <levin@chromium.org>
2374
2375         Chromium build fix.
2376
2377         * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
2378         up the definition of PTHREAD_KEYS_MAX.
2379
2380 2011-07-14  David Levin  <levin@chromium.org>
2381
2382         currentThread is too slow!
2383         https://bugs.webkit.org/show_bug.cgi?id=64577
2384
2385         Reviewed by Darin Adler and Dmitry Titov.
2386
2387         The problem is that currentThread results in a pthread_once call which always takes a lock.
2388         With this change, currentThread is 10% faster than isMainThread in release mode and only
2389         5% slower than isMainThread in debug.
2390
2391         * wtf/ThreadIdentifierDataPthreads.cpp:
2392         (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
2393         which is no longer needed because this is called from initializeThreading().
2394         (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
2395         intialization of the pthread key should already be done.
2396         (WTF::ThreadIdentifierData::initialize): Ditto.
2397         * wtf/ThreadIdentifierDataPthreads.h:
2398         * wtf/ThreadingPthreads.cpp:
2399         (WTF::initializeThreading): Acquire the pthread key here.
2400
2401 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
2402
2403         DFG JIT does not optimize Branch as well as it could.
2404         https://bugs.webkit.org/show_bug.cgi?id=64574
2405
2406         Reviewed by Gavin Barraclough.
2407         
2408         This creates a common code path for emitting unfused branches, which does
2409         no speculation, and only performs a slow call if absolutely necessary.
2410
2411         * dfg/DFGJITCodeGenerator.cpp:
2412         (JSC::DFG::JITCodeGenerator::emitBranch):
2413         * dfg/DFGJITCodeGenerator.h:
2414         * dfg/DFGNonSpeculativeJIT.cpp:
2415         (JSC::DFG::NonSpeculativeJIT::compile):
2416         * dfg/DFGSpeculativeJIT.cpp:
2417         (JSC::DFG::SpeculativeJIT::compile):
2418
2419 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
2420
2421         GC allocation fast path has too many operations.
2422         https://bugs.webkit.org/show_bug.cgi?id=64493
2423
2424         Reviewed by Darin Adler.
2425         
2426         Changed the timing of the lazy sweep so that it occurs when we land on
2427         a previously-unsweeped block, rather than whenever we land on an unsweeped
2428         cell.  After the per-block lazy sweep occurs, the block is turned into a
2429         singly linked list of free cells.  The allocation fast path is now just a
2430         load-branch-store to remove a cell from the head of the list.
2431         
2432         Additionally, this changes the way new blocks are allocated.  Previously,
2433         they would be populated with dummy cells.  With this patch, they are
2434         turned into a free list, which means that there will never be destructor
2435         calls for allocations in fresh blocks.
2436         
2437         These changes result in a 1.9% speed-up on V8, and a 0.6% speed-up on
2438         SunSpider.  There are no observed statistically significant slow-downs
2439         on any individual benchmark.
2440
2441         * JavaScriptCore.exp:
2442         * heap/Heap.cpp:
2443         (JSC::Heap::allocateSlowCase):
2444         (JSC::Heap::collect):
2445         (JSC::Heap::canonicalizeBlocks):
2446         (JSC::Heap::resetAllocator):
2447         * heap/Heap.h:
2448         (JSC::Heap::forEachProtectedCell):
2449         (JSC::Heap::forEachCell):
2450         (JSC::Heap::forEachBlock):
2451         (JSC::Heap::allocate):
2452         * heap/MarkedBlock.cpp:
2453         (JSC::MarkedBlock::MarkedBlock):
2454         (JSC::MarkedBlock::lazySweep):
2455         (JSC::MarkedBlock::blessNewBlockForFastPath):
2456         (JSC::MarkedBlock::blessNewBlockForSlowPath):
2457         (JSC::MarkedBlock::canonicalizeBlock):
2458         * heap/MarkedBlock.h:
2459         * heap/NewSpace.cpp:
2460         (JSC::NewSpace::addBlock):
2461         (JSC::NewSpace::canonicalizeBlocks):
2462         * heap/NewSpace.h:
2463         (JSC::NewSpace::allocate):
2464         (JSC::NewSpace::SizeClass::SizeClass):
2465         (JSC::NewSpace::SizeClass::canonicalizeBlock):
2466         * heap/OldSpace.cpp:
2467         (JSC::OldSpace::addBlock):
2468
2469 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
2470
2471         DFG JIT crashes on host constructor calls in debug mode.
2472         https://bugs.webkit.org/show_bug.cgi?id=64562
2473         
2474         Reviewed by Gavin Barraclough.
2475         
2476         Fixed the relevant ASSERT.
2477
2478         * dfg/DFGOperations.cpp:
2479
2480 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
2481
2482         DFG speculative JIT contains a FIXME for rewinding speculative code generation that
2483         has already been fixed.
2484         https://bugs.webkit.org/show_bug.cgi?id=64022
2485
2486         Reviewed by Gavin Barraclough.
2487
2488         * dfg/DFGSpeculativeJIT.h:
2489         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
2490
2491 2011-07-14  Ryuan Choi  <ryuan.choi@samsung.com>
2492
2493         [EFL] Add OwnPtr specialization for Ecore_Pipe.
2494         https://bugs.webkit.org/show_bug.cgi?id=64515
2495
2496         Add an overload for deleteOwnedPtr(Ecore_Pipe*) on EFL port.
2497
2498         Reviewed by Xan Lopez.
2499
2500         * wtf/OwnPtrCommon.h:
2501         * wtf/efl/OwnPtrEfl.cpp:
2502         (WTF::deleteOwnedPtr):
2503
2504 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
2505
2506         DFG JIT unnecessarily boxes and unboxes values during silent spilling.
2507         https://bugs.webkit.org/show_bug.cgi?id=64068
2508
2509         Reviewed by Gavin Barraclough.
2510         
2511         Silent spilling and filling of registers is done during slow-path C
2512         function calls.  The silent spill/fill logic does not affect register
2513         allocation on paths that don't involve the C function call.
2514         
2515         This changes the silent spilling code to spill in unboxed form.  The
2516         silent fill will refill in whatever form the register was spilled in.
2517         For example, the silent spill code may choose not to spill the register
2518         because it was already spilled previously, which would imply that it
2519         was spilled in boxed form.  The filling code detects this and either
2520         unboxes, or not, depending on what is appropriate.
2521         
2522         This change also results in a simplification of the silent spill/fill
2523         API: silent spilling no longer needs to know about the set of registers
2524         that cannot be trampled, since it never does boxing and hence does not
2525         need a temporary register.
2526
2527         * dfg/DFGJITCodeGenerator.cpp:
2528         (JSC::DFG::JITCodeGenerator::cachedGetById):
2529         (JSC::DFG::JITCodeGenerator::cachedPutById):
2530         * dfg/DFGJITCodeGenerator.h:
2531         (JSC::DFG::JITCodeGenerator::silentSpillGPR):
2532         (JSC::DFG::JITCodeGenerator::silentSpillFPR):
2533         (JSC::DFG::JITCodeGenerator::silentFillFPR):
2534         (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
2535         * dfg/DFGNonSpeculativeJIT.cpp:
2536         (JSC::DFG::NonSpeculativeJIT::valueToNumber):
2537         (JSC::DFG::NonSpeculativeJIT::valueToInt32):
2538         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
2539         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
2540         (JSC::DFG::NonSpeculativeJIT::compare):
2541         (JSC::DFG::NonSpeculativeJIT::compile):
2542         * dfg/DFGSpeculativeJIT.cpp:
2543         (JSC::DFG::SpeculativeJIT::compile):
2544
2545 2011-07-13  Michael Saboff  <msaboff@apple.com>
2546
2547         https://bugs.webkit.org/show_bug.cgi?id=64202
2548         Enh: Improve handling of RegExp in the form of /.*blah.*/
2549
2550         Reviewed by Gavin Barraclough.
2551
2552         Added code to both the Yarr interpreter and JIT to handle
2553         these expressions a little differently.  First off, the terms
2554         in between the leading and trailing .*'s cannot capture and
2555         also this enhancement is limited to single alternative expressions.
2556         If an expression is of the right form with the aforementioned
2557         restrictions, we process the inner terms and then look for the
2558         beginning of the string and end of the string.  There is handling 
2559         for multiline expressions to allow the beginning and end to be 
2560         right after and right before newlines.
2561
2562         This enhancement speeds up expressions of this type 12x on
2563         a MacBookPro.
2564
2565         Cleaned up 'case' statement indentation.
2566
2567         A new set of tests was added as LayoutTests/fast/regex/dotstar.html
2568
2569         * yarr/YarrInterpreter.cpp:
2570         (JSC::Yarr::Interpreter::InputStream::end):
2571         (JSC::Yarr::Interpreter::matchDotStarEnclosure):
2572         (JSC::Yarr::Interpreter::matchDisjunction):
2573         (JSC::Yarr::ByteCompiler::assertionDotStarEnclosure):
2574         (JSC::Yarr::ByteCompiler::emitDisjunction):
2575         * yarr/YarrInterpreter.h:
2576         (JSC::Yarr::ByteTerm::DotStarEnclosure):
2577         * yarr/YarrJIT.cpp:
2578         (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
2579         (JSC::Yarr::YarrGenerator::backtrackDotStarEnclosure):
2580         (JSC::Yarr::YarrGenerator::generateTerm):
2581         (JSC::Yarr::YarrGenerator::backtrackTerm):
2582         * yarr/YarrPattern.cpp:
2583         (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
2584         (JSC::Yarr::YarrPatternConstructor::containsCapturingTerms):
2585         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
2586         (JSC::Yarr::YarrPattern::compile):
2587         * yarr/YarrPattern.h:
2588         (JSC::Yarr::PatternTerm::PatternTerm):
2589
2590 2011-07-13  Xan Lopez  <xlopez@igalia.com>
2591
2592         [GTK] Fix distcheck
2593
2594         Reviewed by Martin Robinson.
2595
2596         * GNUmakefile.list.am: add missing files.
2597
2598 2011-07-13  Filip Pizlo  <fpizlo@apple.com>
2599
2600         DFG JIT does not implement prototype chain or list caching for get_by_id.
2601         https://bugs.webkit.org/show_bug.cgi?id=64147
2602
2603         Reviewed by Gavin Barraclough.
2604         
2605         This implements unified support for prototype caching, prototype chain
2606         caching, and polymorphic (i.e. list) prototype and prototype chain
2607         caching.  This is done by creating common code for emitting prototype
2608         or chain access stubs, and having it factored out into
2609         generateProtoChainAccessStub().  This function is called by
2610         tryCacheGetByID once the latter determines that some form of prototype
2611         access caching is necessary (i.e. the slot being accessed is not on the
2612         base value but on some other object).
2613         
2614         Direct prototype list, and prototype chain list, caching is implemented by
2615         linking the slow path to operationGetByIdProtoBuildList(), which uses the
2616         same helper function (generateProtoChainAccessStub()) as tryCacheGetByID.
2617         
2618         This change required ensuring that the value in the scratchGPR field in
2619         StructureStubInfo is preserved even after the stub info is in the
2620         chain, or proto_list, states.  Hence scratchGPR was moved out of the union
2621         and into the top-level of StructureStubInfo.
2622         
2623         * bytecode/StructureStubInfo.h:
2624         * dfg/DFGJITCompiler.cpp:
2625         (JSC::DFG::JITCompiler::compileFunction):
2626         * dfg/DFGOperations.cpp:
2627         * dfg/DFGOperations.h:
2628         * dfg/DFGRepatch.cpp:
2629         (JSC::DFG::emitRestoreScratch):
2630         (JSC::DFG::linkRestoreScratch):
2631         (JSC::DFG::generateProtoChainAccessStub):
2632         (JSC::DFG::tryCacheGetByID):
2633         (JSC::DFG::tryBuildGetByIDProtoList):
2634         (JSC::DFG::dfgBuildGetByIDProtoList):
2635         (JSC::DFG::tryCachePutByID):
2636         * dfg/DFGRepatch.h:
2637
2638 2011-07-12  Brent Fulgham  <bfulgham@webkit.org>
2639
2640         Standardize WinCairo conditionalized code under PLATFORM macro.
2641         https://bugs.webkit.org/show_bug.cgi?id=64377
2642
2643         Reviewed by Maciej Stachowiak.
2644
2645         * wtf/Platform.h: Update to use PLATFORM(WIN_CAIRO) for tests.
2646
2647 2011-07-13  David Levin  <levin@chromium.org>
2648
2649         Possible race condition in ThreadIdentifierData::initializeKeyOnce and shouldCallRealDebugger.
2650         https://bugs.webkit.org/show_bug.cgi?id=64465
2651
2652         Reviewed by Dmitry Titov.
2653
2654         There isn't a good way to test this as it is very highly unlikely to occur.
2655
2656         * wtf/ThreadIdentifierDataPthreads.cpp:
2657         (WTF::ThreadIdentifierData::initializeKeyOnce): Since scoped static initialization
2658         isn't thread-safe, change the initialization to be global.
2659
2660 2011-07-12  Gavin Barraclough  <barraclough@apple.com>
2661
2662         https://bugs.webkit.org/show_bug.cgi?id=64424
2663         Our direct eval behaviour deviates slightly from the spec.
2664
2665         Reviewed by Oliver Hunt.
2666
2667         The ES5 spec defines a concept of 'Direct Call to Eval' (see section 15.1.2.1.1), where
2668         behaviour will differ from that of an indirect call (e.g. " { eval: window.eval }.eval();"
2669         or "var a = eval; a();" are indirect calls), particularly in non-strict scopes variables
2670         may be introduced into the caller's environment.
2671
2672         ES5 direct calls are any call where the callee function is provided by a reference, a base
2673         of that Reference is an EnvironmentRecord (this corresponds to all productions
2674         "PrimaryExpression: Identifier", see 10.2.2.1 GetIdentifierReference), and where the name
2675         of the reference is "eval". This means any expression of the form "eval(...)", and that
2676         calls the standard built in eval method from on the Global Object, is considered to be
2677         direct.
2678
2679         In JavaScriptCore we are currently overly restrictive. We also check that the
2680         EnvironmentRecord that is the base of the reference is the Declaractive Environment Record
2681         at the root of the scope chain, corresponding to the Global Object - an "eval(..)" statement
2682         that hits a var eval in a nested scope is not considered to be direct. This behaviour does
2683         not emanate from the spec, and is incorrect.
2684
2685         * interpreter/Interpreter.cpp:
2686         (JSC::Interpreter::privateExecute):
2687             - Fixed direct eval check in op_call_eval.
2688         * jit/JITStubs.cpp:
2689         (JSC::DEFINE_STUB_FUNCTION):
2690             - Fixed direct eval check in op_call_eval.
2691         * runtime/Executable.h:
2692         (JSC::isHostFunction):
2693             - Added check for host function with specific NativeFunction.
2694
2695 2011-07-13  Ademar de Souza Reis Jr.  <ademar.reis@openbossa.org>
2696
2697         Reviewed by Andreas Kling.
2698
2699         Broken build on QNX
2700         https://bugs.webkit.org/show_bug.cgi?id=63717
2701
2702         QNX doesn't support pthread's SA_RESTART (required by
2703         JSC_MULTIPLE_THREADS), JIT is broken at runtime and there a
2704         few minor compilation errors here and there.
2705
2706         Original patch by Ritt Konstantin <ritt.ks@gmail.com>, also
2707         tested by him on QNX v6.5 (x86)
2708
2709         * wtf/DateMath.cpp: fix usage of abs/labs
2710         * wtf/Platform.h: Disable JIT and JSC_MULTIPLE_THREADS
2711         * wtf/StackBounds.cpp: Add a couple of missing includes (and sort them)
2712
2713 2011-07-12  Anders Carlsson  <andersca@apple.com>
2714
2715         If a compiler has nullptr support, include <cstddef> to get the nullptr_t definition
2716         https://bugs.webkit.org/show_bug.cgi?id=64429
2717
2718         Include the cstddef which has the nullptr_t typedef according to the C++0x standard.
2719
2720         * wtf/NullPtr.h:
2721
2722 2011-07-13  MORITA Hajime  <morrita@google.com>
2723
2724         Refactoring: Ignored ExceptionCode value should be less annoying.
2725         https://bugs.webkit.org/show_bug.cgi?id=63688
2726
2727         Added ASSERT_AT macro.
2728
2729         Reviewed by Darin Adler.
2730
2731         * wtf/Assertions.h:
2732
2733 2011-07-12  Filip Pizlo  <fpizlo@apple.com>
2734
2735         DFG JIT does not implement op_construct.
2736         https://bugs.webkit.org/show_bug.cgi?id=64066
2737
2738         Reviewed by Gavin Barraclough.
2739         
2740         This is a fixed implementation of op_construct.  Constructor calls are implemented
2741         by reusing almost all of the code for Call, with care taken to make sure that
2742         where the are differences (like selecting different code blocks), those differences
2743         are respected.  The two fixes over the last patch are: (1) make sure the
2744         CodeBlock::unlinkCalls respects differences between Call and Construct, and (2)
2745         make sure that virtualFor() in DFGOperations respects the CodeSpecializationKind
2746         (either CodeForCall or CodeForConstruct) when invoking the compiler.
2747
2748         * dfg/DFGAliasTracker.h:
2749         (JSC::DFG::AliasTracker::recordConstruct):
2750         * dfg/DFGByteCodeParser.cpp:
2751         (JSC::DFG::ByteCodeParser::addCall):
2752         (JSC::DFG::ByteCodeParser::parseBlock):
2753         * dfg/DFGJITCodeGenerator.cpp:
2754         (JSC::DFG::JITCodeGenerator::emitCall):
2755         * dfg/DFGNode.h:
2756         * dfg/DFGNonSpeculativeJIT.cpp:
2757         (JSC::DFG::NonSpeculativeJIT::compile):
2758         * dfg/DFGOperations.cpp:
2759         * dfg/DFGOperations.h:
2760         * dfg/DFGRepatch.cpp:
2761         (JSC::DFG::dfgLinkFor):
2762         * dfg/DFGRepatch.h:
2763         * dfg/DFGSpeculativeJIT.cpp:
2764         (JSC::DFG::SpeculativeJIT::compile):
2765         * runtime/CodeBlock.cpp:
2766         (JSC::CodeBlock::unlinkCalls):
2767
2768 2011-07-12  Oliver Hunt  <oliver@apple.com>
2769
2770         Overzealous type validation in method_check
2771         https://bugs.webkit.org/show_bug.cgi?id=64415
2772
2773         Reviewed by Gavin Barraclough.
2774
2775         method_check is essentially just a value look up
2776         optimisation, but it internally stores the value
2777         as a JSFunction, even though it never relies on
2778         this fact.  Under GC validation however we end up
2779         trying to enforce that assumption.  The fix is
2780         simply to store the value as a correct supertype.
2781
2782         * bytecode/CodeBlock.h:
2783         * dfg/DFGRepatch.cpp:
2784         (JSC::DFG::dfgRepatchGetMethodFast):
2785         (JSC::DFG::tryCacheGetMethod):
2786         * jit/JIT.h:
2787         * jit/JITPropertyAccess.cpp:
2788         (JSC::JIT::patchMethodCallProto):
2789         * jit/JITStubs.cpp:
2790         (JSC::DEFINE_STUB_FUNCTION):
2791
2792 2011-07-12  Filip Pizlo  <fpizlo@apple.com>
2793
2794         COLLECT_ON_EVERY_ALLOCATION no longer works.
2795         https://bugs.webkit.org/show_bug.cgi?id=64388
2796
2797         Reviewed by Oliver Hunt.
2798         
2799         Added a flag to Heap that determines if it's safe to collect (which for now means that
2800         JSGlobalObject has actually been initialized, but it should work for other things, too).
2801         This allows JSGlobalObject to allocate even if the allocator wants to GC; instead of
2802         GCing it just grows the heap, if necessary.
2803         
2804         Then changed Heap::allocate() to not recurse ad infinitum when
2805         COLLECT_ON_EVERY_ALLOCATION is set.  This also makes the allocator generally more
2806         resilient against bugs; this change allowed me to put in handy assertions, such as that
2807         an allocation must succeed after either a collection or after a new block was added.
2808
2809         * heap/Heap.cpp:
2810         (JSC::Heap::Heap):
2811         (JSC::Heap::tryAllocate):
2812         (JSC::Heap::allocate):
2813         (JSC::Heap::collectAllGarbage):
2814         (JSC::Heap::collect):
2815         * heap/Heap.h:
2816         (JSC::Heap::notifyIsSafeToCollect):
2817         * runtime/JSGlobalData.cpp:
2818         (JSC::JSGlobalData::JSGlobalData):
2819
2820 2011-07-12  Filip Pizlo  <fpizlo@apple.com>
2821
2822         DFG JIT put_by_id transition caching does not inform the GC about the structure and
2823         prototype chain that it is referencing.
2824         https://bugs.webkit.org/show_bug.cgi?id=64387
2825
2826         Reviewed by Gavin Barraclough.
2827         
2828         Fixed the relevant code in DFGRepatch to call StructureStubInfo::initPutByIdTransition().
2829
2830         * dfg/DFGRepatch.cpp:
2831         (JSC::DFG::tryCachePutByID):
2832
2833 2011-07-12  Adam Roben  <aroben@apple.com>
2834
2835         Ensure no intermediate WTF::Strings are created when concatenating with string literals
2836
2837         Fixes <http://webkit.org/b/63330> Concatenating string literals and WTF::Strings using
2838         operator+ is suboptimal
2839
2840         Reviewed by Darin Adler.
2841
2842         * wtf/text/StringConcatenate.h:
2843         (WTF::StringTypeAdapter<String>::writeTo): Added a macro that can be used for testing how
2844         many WTF::Strings get copied while evaluating an operator+ expression.
2845
2846         * wtf/text/StringOperators.h:
2847         (WTF::operator+): Changed the overload that takes a StringAppend to take it on the left-hand
2848         side, since operator+ is left-associative. Having the StringAppend on the right-hand side
2849         was causing us to make intermediate WTF::Strings when evaluating expressions that contained
2850         multiple calls to operator+. Added some more overloads for that take a left-hand side of
2851         const char* to resolve overload ambiguity for certain expressions. Added overloads that take
2852         a left-hand side of const UChar* (matching the const char* overloads) so that wide string
2853         literals don't first have to be converted to a WTF::String in operator+ expressions.
2854
2855 2011-07-12  Adam Roben  <aroben@apple.com>
2856
2857         Unreviewed, rolling out r90811.
2858         http://trac.webkit.org/changeset/90811
2859         https://bugs.webkit.org/show_bug.cgi?id=61025
2860
2861         Several svg tests failing assertions beneath
2862         SVGSMILElement::findInstanceTime
2863
2864         * wtf/StdLibExtras.h:
2865         (WTF::binarySearch):
2866
2867 2011-07-12  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
2868
2869         Reviewed by Nikolas Zimmermann.
2870
2871         Speed up SVGSMILElement::findInstanceTime.
2872         https://bugs.webkit.org/show_bug.cgi?id=61025
2873
2874         Add a new parameter to StdlibExtras.h::binarySerarch function
2875         to also handle cases when the array does not contain the key value.
2876         This is needed for an svg function.
2877
2878         * wtf/StdLibExtras.h:
2879         (WTF::binarySearch):
2880
2881 2011-07-11  Filip Pizlo  <fpizlo@apple.com>
2882
2883         DFG speculative JIT does not guard itself against floating point speculation
2884         failures on non-floating-point constants.
2885         https://bugs.webkit.org/show_bug.cgi?id=64330
2886
2887         Reviewed by Gavin Barraclough.
2888         
2889         Made fillSpeculateDouble immediate invoke terminateSpeculativeExecution() as
2890         soon as it notices that it's speculating on something that is a non-numeric
2891         JSConstant.
2892
2893         * dfg/DFGSpeculativeJIT.cpp:
2894         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2895
2896 2011-07-11  Filip Pizlo  <fpizlo@apple.com>
2897
2898         DFG Speculative JIT does not always insert speculation checks when speculating
2899         arrays.
2900         https://bugs.webkit.org/show_bug.cgi?id=64254
2901
2902         Reviewed by Gavin Barraclough.
2903         
2904         Changed the SetLocal instruction to always validate that the value being stored
2905         into the local variable is an array, if that variable was marked PredictArray.
2906         This is necessary since uses of arrays assume that if a PredictArray value is
2907         in a local variable then the speculation check validating that the value is an
2908         array was already performed.
2909
2910         * dfg/DFGSpeculativeJIT.cpp:
2911         (JSC::DFG::SpeculativeJIT::compile):
2912
2913 2011-07-11  Gabor Loki  <loki@webkit.org>
2914
2915         Fix the condition of the optimized code in doubleTransfer
2916         https://bugs.webkit.org/show_bug.cgi?id=64261
2917
2918         Reviewed by Zoltan Herczeg.
2919
2920         The condition of the optimized code in doubleTransfer is wrong. The
2921         data transfer should be executed with four bytes aligned address.
2922         VFP cannot perform unaligned memory access.
2923
2924         Reported by Jacob Bramley.
2925
2926         * assembler/ARMAssembler.cpp:
2927         (JSC::ARMAssembler::doubleTransfer):
2928
2929 2011-07-11  Gabor Loki  <loki@webkit.org>
2930
2931         Signed arithmetic bug in dataTransfer32.
2932         https://bugs.webkit.org/show_bug.cgi?id=64257
2933
2934         Reviewed by Zoltan Herczeg.
2935
2936         An arithmetic bug is fixed. If the offset of dataTransfer is half of the
2937         addressable memory space on a 32-bit machine (-2147483648 = 0x80000000)
2938         a load instruction is emitted with a wrong zero offset.
2939
2940         Inspired by Jacob Bramley's patch from JaegerMonkey.
2941
2942         * assembler/ARMAssembler.cpp:
2943         (JSC::ARMAssembler::dataTransfer32):
2944
2945 2011-07-09  Thouraya Andolsi  <thouraya.andolsi@st.com>
2946
2947         Fix unaligned userspace access for SH4 platforms. 
2948         https://bugs.webkit.org/show_bug.cgi?id=62993
2949
2950         * wtf/Platform.h:
2951
2952 2011-07-09  Chao-ying Fu  <fu@mips.com>
2953
2954         Fix MIPS build due to readInt32 and readPointer
2955         https://bugs.webkit.org/show_bug.cgi?id=63962
2956
2957         * assembler/MIPSAssembler.h:
2958         (JSC::MIPSAssembler::readInt32):
2959         (JSC::MIPSAssembler::readPointer):
2960         * assembler/MacroAssemblerMIPS.h:
2961         (JSC::MacroAssemblerMIPS::rshift32):
2962
2963 2011-07-08  Gavin Barraclough  <barraclough@apple.com>
2964
2965         https://bugs.webkit.org/show_bug.cgi?id=64181
2966         REGRESSION (r90602): Gmail doesn't load
2967
2968         Rolling out r90601, r90602.
2969
2970         * dfg/DFGAliasTracker.h:
2971         * dfg/DFGByteCodeParser.cpp:
2972         (JSC::DFG::ByteCodeParser::addVarArgChild):
2973         (JSC::DFG::ByteCodeParser::parseBlock):
2974         * dfg/DFGJITCodeGenerator.cpp:
2975         (JSC::DFG::JITCodeGenerator::emitCall):
2976         * dfg/DFGNode.h:
2977         * dfg/DFGNonSpeculativeJIT.cpp:
2978         (JSC::DFG::NonSpeculativeJIT::compile):
2979         * dfg/DFGOperations.cpp:
2980         * dfg/DFGOperations.h:
2981         * dfg/DFGRepatch.cpp:
2982         (JSC::DFG::tryCacheGetByID):
2983         (JSC::DFG::dfgLinkCall):
2984         * dfg/DFGRepatch.h:
2985         * dfg/DFGSpeculativeJIT.cpp:
2986         (JSC::DFG::SpeculativeJIT::compile):
2987         * runtime/JSObject.h:
2988         (JSC::JSObject::isUsingInlineStorage):
2989
2990 2011-07-08  Kalev Lember  <kalev@smartlink.ee>
2991
2992         Reviewed by Adam Roben.
2993
2994         Add missing _WIN32_WINNT and WINVER definitions
2995         https://bugs.webkit.org/show_bug.cgi?id=59702
2996
2997         Moved _WIN32_WINNT and WINVER definitions to config.h so that they are
2998         available for all source files.
2999
3000         In particular, wtf/FastMalloc.cpp uses CreateTimerQueueTimer and
3001         DeleteTimerQueueTimer which are both guarded by
3002         #if (_WIN32_WINNT >= 0x0500)
3003         in MinGW headers.
3004
3005         * config.h:
3006         * wtf/Assertions.cpp:
3007
3008 2011-07-08  Chang Shu  <cshu@webkit.org>
3009
3010         Rename "makeSecure" to "fill" and remove the support for displaying last character
3011         to avoid layering violatation.
3012         https://bugs.webkit.org/show_bug.cgi?id=59114
3013
3014         Reviewed by Alexey Proskuryakov.
3015
3016         * JavaScriptCore.exp:
3017         * JavaScriptCore.order:
3018         * wtf/text/StringImpl.cpp:
3019         (WTF::StringImpl::fill):
3020         * wtf/text/StringImpl.h:
3021         * wtf/text/WTFString.h:
3022         (WTF::String::fill):
3023
3024 2011-07-08  Benjamin Poulain  <benjamin@webkit.org>
3025
3026         [WK2] Do not forward touch events to the web process when it does not need them
3027         https://bugs.webkit.org/show_bug.cgi?id=64164
3028
3029         Reviewed by Kenneth Rohde Christiansen.
3030
3031         Add a convenience function to obtain a reference to the last element of a Deque.
3032
3033         * wtf/Deque.h:
3034         (WTF::Deque::last):
3035
3036 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
3037
3038         DFG JIT does not implement op_construct.
3039         https://bugs.webkit.org/show_bug.cgi?id=64066
3040
3041         Reviewed by Gavin Barraclough.
3042
3043         * dfg/DFGAliasTracker.h:
3044         (JSC::DFG::AliasTracker::recordConstruct):
3045         * dfg/DFGByteCodeParser.cpp:
3046         (JSC::DFG::ByteCodeParser::addCall):
3047         (JSC::DFG::ByteCodeParser::parseBlock):
3048         * dfg/DFGJITCodeGenerator.cpp:
3049         (JSC::DFG::JITCodeGenerator::emitCall):
3050         * dfg/DFGNode.h:
3051         * dfg/DFGNonSpeculativeJIT.cpp:
3052         (JSC::DFG::NonSpeculativeJIT::compile):
3053         * dfg/DFGOperations.cpp:
3054         * dfg/DFGOperations.h:
3055         * dfg/DFGRepatch.cpp:
3056         (JSC::DFG::dfgLinkFor):
3057         * dfg/DFGRepatch.h:
3058         * dfg/DFGSpeculativeJIT.cpp:
3059         (JSC::DFG::SpeculativeJIT::compile):
3060
3061 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
3062
3063         DFG JIT does not implement get_by_id prototype caching.
3064         https://bugs.webkit.org/show_bug.cgi?id=64077
3065
3066         Reviewed by Gavin Barraclough.
3067
3068         * dfg/DFGRepatch.cpp:
3069         (JSC::DFG::emitRestoreScratch):
3070         (JSC::DFG::linkRestoreScratch):
3071         (JSC::DFG::tryCacheGetByID):
3072         * runtime/JSObject.h:
3073         (JSC::JSObject::addressOfPropertyAtOffset):
3074
3075 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
3076
3077         DFG JIT method_check implementation does not link to optimized get_by_id
3078         slow path.
3079         https://bugs.webkit.org/show_bug.cgi?id=64073
3080
3081         Reviewed by Gavin Barraclough.
3082
3083         * dfg/DFGRepatch.cpp:
3084         (JSC::DFG::dfgRepatchGetMethodFast):
3085
3086 2011-07-07  Oliver Hunt  <oliver@apple.com>
3087
3088         Encode jump and link sizes into the appropriate enums
3089         https://bugs.webkit.org/show_bug.cgi?id=64123
3090
3091         Reviewed by Sam Weinig.
3092
3093         Finally kill off the out of line jump and link size arrays, 
3094         so we can avoid icky loads and constant fold the linking arithmetic.
3095
3096         * assembler/ARMv7Assembler.cpp:
3097         * assembler/ARMv7Assembler.h:
3098         (JSC::ARMv7Assembler::jumpSizeDelta):
3099         (JSC::ARMv7Assembler::computeJumpType):
3100
3101 2011-07-06  Juan C. Montemayor  <jmont@apple.com>
3102
3103         ASSERT_NOT_REACHED running test 262
3104         https://bugs.webkit.org/show_bug.cgi?id=63951
3105         
3106         Added a case to the switch statement where the code was failing. Fixed
3107         some logic as well that gave faulty error messages.
3108
3109         Reviewed by Gavin Barraclough.
3110
3111         * parser/JSParser.cpp:
3112         (JSC::JSParser::getTokenName):
3113         (JSC::JSParser::updateErrorMessageSpecialCase):
3114         (JSC::JSParser::updateErrorMessage):
3115
3116 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
3117
3118         DFG JIT implementation of op_call results in regressions on sunspider
3119         controlflow-recursive.
3120         https://bugs.webkit.org/show_bug.cgi?id=64039
3121
3122         Reviewed by Gavin Barraclough.
3123
3124         * dfg/DFGByteCodeParser.cpp:
3125         (JSC::DFG::ByteCodeParser::isSmallInt32Constant):
3126         (JSC::DFG::ByteCodeParser::parseBlock):
3127         * dfg/DFGSpeculativeJIT.h:
3128         (JSC::DFG::SpeculativeJIT::isInteger):
3129
3130 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
3131
3132         DFG JIT does not support method_check
3133         https://bugs.webkit.org/show_bug.cgi?id=63972
3134
3135         Reviewed by Gavin Barraclough.
3136
3137         * assembler/CodeLocation.h:
3138         (JSC::CodeLocationPossiblyNearCall::CodeLocationPossiblyNearCall):
3139         * bytecode/CodeBlock.cpp:
3140         (JSC::CodeBlock::visitAggregate):
3141         * bytecode/CodeBlock.h:
3142         (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
3143         (JSC::MethodCallLinkInfo::seenOnce):
3144         (JSC::MethodCallLinkInfo::setSeen):
3145         * dfg/DFGAliasTracker.h:
3146         (JSC::DFG::AliasTracker::recordGetMethod):
3147         * dfg/DFGByteCodeParser.cpp:
3148         (JSC::DFG::ByteCodeParser::parseBlock):
3149         * dfg/DFGJITCodeGenerator.cpp:
3150         (JSC::DFG::JITCodeGenerator::cachedGetById):
3151         (JSC::DFG::JITCodeGenerator::cachedGetMethod):
3152         * dfg/DFGJITCodeGenerator.h:
3153         * dfg/DFGJITCompiler.cpp:
3154         (JSC::DFG::JITCompiler::compileFunction):
3155         * dfg/DFGJITCompiler.h:
3156         (JSC::DFG::JITCompiler::addMethodGet):
3157         (JSC::DFG::JITCompiler::MethodGetRecord::MethodGetRecord):
3158         * dfg/DFGNode.h:
3159         (JSC::DFG::Node::hasIdentifier):
3160         * dfg/DFGNonSpeculativeJIT.cpp:
3161         (JSC::DFG::NonSpeculativeJIT::compile):
3162         * dfg/DFGOperations.cpp:
3163         * dfg/DFGOperations.h:
3164         * dfg/DFGRepatch.cpp:
3165         (JSC::DFG::dfgRepatchGetMethodFast):
3166         (JSC::DFG::tryCacheGetMethod):
3167         (JSC::DFG::dfgRepatchGetMethod):
3168         * dfg/DFGRepatch.h:
3169         * dfg/DFGSpeculativeJIT.cpp:
3170         (JSC::DFG::SpeculativeJIT::compile):
3171         * jit/JITWriteBarrier.h:
3172         (JSC::JITWriteBarrier::set):
3173
3174 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
3175
3176         DFG JIT op_call implementation will flush registers even when those registers are dead
3177         https://bugs.webkit.org/show_bug.cgi?id=64023
3178
3179         Reviewed by Gavin Barraclough.
3180
3181         * dfg/DFGJITCodeGenerator.cpp:
3182         (JSC::DFG::JITCodeGenerator::emitCall):
3183         * dfg/DFGJITCodeGenerator.h:
3184         (JSC::DFG::JITCodeGenerator::integerResult):
3185         (JSC::DFG::JITCodeGenerator::noResult):
3186         (JSC::DFG::JITCodeGenerator::cellResult):
3187         (JSC::DFG::JITCodeGenerator::jsValueResult):
3188         (JSC::DFG::JITCodeGenerator::doubleResult):
3189         * dfg/DFGNonSpeculativeJIT.cpp:
3190         (JSC::DFG::NonSpeculativeJIT::compile):
3191         * dfg/DFGSpeculativeJIT.cpp:
3192         (JSC::DFG::SpeculativeJIT::compile):
3193
3194 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
3195
3196         DFG speculative JIT may crash when speculating int on a non-int JSConstant.
3197         https://bugs.webkit.org/show_bug.cgi?id=64017
3198
3199         Reviewed by Gavin Barraclough.
3200
3201         * dfg/DFGSpeculativeJIT.cpp:
3202         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
3203         (JSC::DFG::SpeculativeJIT::compile):
3204
3205 2011-07-06  Dmitriy Vyukov  <dvyukov@google.com>
3206
3207         Reviewed by David Levin.
3208
3209         Allow substitution of dynamic annotations and prevent identical code folding by the linker.
3210         https://bugs.webkit.org/show_bug.cgi?id=62443
3211
3212         * wtf/DynamicAnnotations.cpp:
3213         (WTFAnnotateBenignRaceSized):
3214         (WTFAnnotateHappensBefore):
3215         (WTFAnnotateHappensAfter):
3216
3217 2011-07-06  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
3218
3219         Calls on 32 bit machines are failed after r90423
3220         https://bugs.webkit.org/show_bug.cgi?id=63980
3221
3222         Reviewed by Gavin Barraclough.
3223
3224         Copy the necessary lines from JITCall.cpp.
3225
3226         * jit/JITCall32_64.cpp:
3227         (JSC::JIT::compileOpCall):
3228
3229 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
3230
3231         DFG JIT virtual call implementation is inefficient.
3232         https://bugs.webkit.org/show_bug.cgi?id=63974
3233
3234         Reviewed by Gavin Barraclough.
3235
3236         * dfg/DFGOperations.cpp:
3237         * runtime/Executable.h:
3238         (JSC::ExecutableBase::generatedJITCodeForCallWithArityCheck):
3239         (JSC::ExecutableBase::generatedJITCodeForConstructWithArityCheck):
3240         (JSC::ExecutableBase::generatedJITCodeWithArityCheckFor):
3241         (JSC::ExecutableBase::hasJITCodeForCall):
3242         (JSC::ExecutableBase::hasJITCodeForConstruct):
3243         (JSC::ExecutableBase::hasJITCodeFor):
3244         * runtime/JSFunction.h:
3245         (JSC::JSFunction::scopeUnchecked):
3246
3247 2011-07-05  Oliver Hunt  <oliver@apple.com>
3248
3249         Force inlining of simple functions that show up as not being inlined
3250         https://bugs.webkit.org/show_bug.cgi?id=63964
3251
3252         Reviewed by Gavin Barraclough.
3253
3254         Looking at profile data indicates the gcc is failing to inline a
3255         number of trivial functions.  This patch hits the ones that show
3256         up in profiles with the ALWAYS_INLINE hammer.
3257
3258         We also replace the memcpy() call in linking with a manual loop.
3259         Apparently memcpy() is almost never faster than an inlined loop.
3260
3261         * assembler/ARMv7Assembler.h:
3262         (JSC::ARMv7Assembler::add):
3263         (JSC::ARMv7Assembler::add_S):
3264         (JSC::ARMv7Assembler::ARM_and):
3265         (JSC::ARMv7Assembler::asr):
3266         (JSC::ARMv7Assembler::b):
3267         (JSC::ARMv7Assembler::blx):
3268         (JSC::ARMv7Assembler::bx):
3269         (JSC::ARMv7Assembler::clz):
3270         (JSC::ARMv7Assembler::cmn):
3271         (JSC::ARMv7Assembler::cmp):
3272         (JSC::ARMv7Assembler::eor):
3273         (JSC::ARMv7Assembler::it):
3274         (JSC::ARMv7Assembler::ldr):
3275         (JSC::ARMv7Assembler::ldrCompact):
3276         (JSC::ARMv7Assembler::ldrh):
3277         (JSC::ARMv7Assembler::ldrb):
3278         (JSC::ARMv7Assembler::lsl):
3279         (JSC::ARMv7Assembler::lsr):
3280         (JSC::ARMv7Assembler::movT3):
3281         (JSC::ARMv7Assembler::mov):
3282         (JSC::ARMv7Assembler::movt):
3283         (JSC::ARMv7Assembler::mvn):
3284         (JSC::ARMv7Assembler::neg):
3285         (JSC::ARMv7Assembler::orr):
3286         (JSC::ARMv7Assembler::orr_S):
3287         (JSC::ARMv7Assembler::ror):
3288         (JSC::ARMv7Assembler::smull):
3289         (JSC::ARMv7Assembler::str):
3290         (JSC::ARMv7Assembler::sub):
3291         (JSC::ARMv7Assembler::sub_S):
3292         (JSC::ARMv7Assembler::tst):
3293         (JSC::ARMv7Assembler::linkRecordSourceComparator):
3294         (JSC::ARMv7Assembler::link):
3295         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Reg3Imm8):
3296         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Imm5Reg3Reg3):
3297         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp7Reg3Reg3Reg3):
3298         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8Imm8):
3299         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8RegReg143):
3300         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp9Imm7):
3301         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp10Reg3Reg3):
3302         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4FourFours):
3303         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16FourFours):
3304         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16Op16):
3305         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp5i6Imm4Reg4EncodedImm):
3306         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4Reg4Imm12):
3307         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp):
3308         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp):
3309         * assembler/LinkBuffer.h:
3310         (JSC::LinkBuffer::linkCode):
3311         * assembler/MacroAssemblerARMv7.h:
3312         (JSC::MacroAssemblerARMv7::nearCall):
3313         (JSC::MacroAssemblerARMv7::call):
3314         (JSC::MacroAssemblerARMv7::ret):
3315         (JSC::MacroAssemblerARMv7::moveWithPatch):
3316         (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
3317         (JSC::MacroAssemblerARMv7::storePtrWithPatch):
3318         (JSC::MacroAssemblerARMv7::tailRecursiveCall):
3319         (JSC::MacroAssemblerARMv7::makeTailRecursiveCall):
3320         (JSC::MacroAssemblerARMv7::jump):
3321         (JSC::MacroAssemblerARMv7::makeBranch):
3322
3323 2011-07-05  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
3324
3325         Make "Add optimised paths for a few maths functions" work on Qt
3326         https://bugs.webkit.org/show_bug.cgi?id=63893
3327
3328         Reviewed by Oliver Hunt.
3329
3330         Move the generated code to the .text section instead of .data section.
3331         Fix alignment for the 32 bit thunk code.
3332
3333         * jit/ThunkGenerators.cpp:
3334
3335 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
3336
3337         DFG JIT does not implement op_call.
3338         https://bugs.webkit.org/show_bug.cgi?id=63858
3339
3340         Reviewed by Gavin Barraclough.
3341
3342         * bytecode/CodeBlock.cpp:
3343         (JSC::CodeBlock::unlinkCalls):
3344         * bytecode/CodeBlock.h:
3345         (JSC::CodeBlock::setNumberOfCallLinkInfos):
3346         (JSC::CodeBlock::numberOfCallLinkInfos):
3347         * bytecompiler/BytecodeGenerator.cpp:
3348         (JSC::BytecodeGenerator::emitCall):
3349         (JSC::BytecodeGenerator::emitConstruct):
3350         * dfg/DFGAliasTracker.h:
3351         (JSC::DFG::AliasTracker::lookupGetByVal):
3352         (JSC::DFG::AliasTracker::recordCall):
3353         (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
3354         * dfg/DFGByteCodeParser.cpp:
3355         (JSC::DFG::ByteCodeParser::ByteCodeParser):
3356         (JSC::DFG::ByteCodeParser::getLocal):
3357         (JSC::DFG::ByteCodeParser::getArgument):
3358         (JSC::DFG::ByteCodeParser::toInt32):
3359         (JSC::DFG::ByteCodeParser::addToGraph):
3360         (JSC::DFG::ByteCodeParser::addVarArgChild):
3361         (JSC::DFG::ByteCodeParser::predictInt32):
3362         (JSC::DFG::ByteCodeParser::parseBlock):
3363         (JSC::DFG::ByteCodeParser::processPhiStack):
3364         (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
3365         * dfg/DFGGraph.cpp:
3366         (JSC::DFG::Graph::opName):
3367         (JSC::DFG::Graph::dump):
3368         (JSC::DFG::Graph::refChildren):
3369         * dfg/DFGGraph.h:
3370         * dfg/DFGJITCodeGenerator.cpp:
3371         (JSC::DFG::JITCodeGenerator::useChildren):
3372         (JSC::DFG::JITCodeGenerator::emitCall):
3373         * dfg/DFGJITCodeGenerator.h:
3374         (JSC::DFG::JITCodeGenerator::addressOfCallData):
3375         * dfg/DFGJITCompiler.cpp:
3376         (JSC::DFG::JITCompiler::compileFunction):
3377         * dfg/DFGJITCompiler.h:
3378         (JSC::DFG::CallRecord::CallRecord):
3379         (JSC::DFG::JITCompiler::notifyCall):
3380         (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
3381         (JSC::DFG::JITCompiler::addJSCall):
3382         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
3383         (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
3384         * dfg/DFGNode.h:
3385         (JSC::DFG::Node::Node):
3386         (JSC::DFG::Node::child1):
3387         (JSC::DFG::Node::child2):
3388         (JSC::DFG::Node::child3):
3389         (JSC::DFG::Node::firstChild):
3390         (JSC::DFG::Node::numChildren):
3391         * dfg/DFGNonSpeculativeJIT.cpp:
3392         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
3393         (JSC::DFG::NonSpeculativeJIT::compare):
3394         (JSC::DFG::NonSpeculativeJIT::compile):
3395         * dfg/DFGOperations.cpp:
3396         * dfg/DFGOperations.h:
3397         * dfg/DFGRepatch.cpp:
3398         (JSC::DFG::dfgLinkCall):
3399         * dfg/DFGRepatch.h:
3400         * dfg/DFGSpeculativeJIT.cpp:
3401         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
3402         (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
3403         (JSC::DFG::SpeculativeJIT::compile):
3404         * dfg/DFGSpeculativeJIT.h:
3405         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
3406         * interpreter/CallFrame.h:
3407         (JSC::ExecState::calleeAsValue):
3408         * jit/JIT.cpp:
3409         (JSC::JIT::JIT):
3410         (JSC::JIT::privateCompileMainPass):
3411         (JSC::JIT::privateCompileSlowCases):
3412         (JSC::JIT::privateCompile):
3413         (JSC::JIT::linkCall):
3414         (JSC::JIT::linkConstruct):
3415         * jit/JITCall.cpp:
3416         (JSC::JIT::compileOpCall):
3417         * jit/JITCode.h:
3418         (JSC::JITCode::JITCode):
3419         (JSC::JITCode::jitType):
3420         (JSC::JITCode::HostFunction):
3421         * runtime/JSFunction.h:
3422         * runtime/JSGlobalData.h:
3423
3424 2011-07-05  Oliver Hunt  <oliver@apple.com>
3425
3426         Initialize new MarkStack member