Fix 32bit build.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-09-02  Oliver Hunt  <oliver@apple.com>
2
3         Fix 32bit build.
4
5         * heap/NewSpace.h:
6         (JSC::NewSpace::allocatePropertyStorage):
7         (JSC::NewSpace::inPropertyStorageNursery):
8
9 2011-09-02  Oliver Hunt  <oliver@apple.com>
10
11         Use bump allocator for initial property storage
12         https://bugs.webkit.org/show_bug.cgi?id=67494
13
14         Reviewed by Gavin Barraclough.
15
16         Switch to a bump allocator for the initial out of line
17         property storage.  This gives us slightly faster allocation
18         for short lived objects that need out of line storage at
19         the cost of an additional memcpy when the object survives
20         a GC pass.
21
22         No performance impact.
23
24         * JavaScriptCore.exp:
25         * heap/Heap.cpp:
26         (JSC::Heap::collect):
27         * heap/Heap.h:
28         (JSC::Heap::allocatePropertyStorage):
29         (JSC::Heap::inPropertyStorageNursary):
30         * heap/NewSpace.cpp:
31         (JSC::NewSpace::NewSpace):
32         * heap/NewSpace.h:
33         (JSC::NewSpace::resetPropertyStorageNursary):
34         (JSC::NewSpace::allocatePropertyStorage):
35         (JSC::NewSpace::inPropertyStorageNursary):
36         * jit/JITStubs.cpp:
37         (JSC::DEFINE_STUB_FUNCTION):
38         * runtime/JSObject.cpp:
39         (JSC::JSObject::allocatePropertyStorage):
40         * runtime/JSObject.h:
41         (JSC::JSObject::~JSObject):
42         (JSC::JSObject::putDirectInternal):
43         (JSC::JSObject::putDirectWithoutTransition):
44         (JSC::JSObject::putDirectFunctionWithoutTransition):
45         (JSC::JSObject::transitionTo):
46         (JSC::JSObject::visitChildrenDirect):
47
48 2011-09-01  Mark Rowe  <mrowe@apple.com>
49
50         Fix the build.
51
52         * JavaScriptCore.JSVALUE32_64only.exp:
53         * JavaScriptCore.JSVALUE64only.exp:
54         * JavaScriptCore.exp:
55
56 2011-09-01  Mark Hahnenberg  <mhahnenberg@apple.com>
57
58         Unzip initialization lists and constructors in JSCell hierarchy (4/7)
59         https://bugs.webkit.org/show_bug.cgi?id=67174
60
61         Reviewed by Oliver Hunt.
62
63         Completed the fourth level of the refactoring to add finishCreation() 
64         methods to all classes within the JSCell hierarchy with non-trivial 
65         constructor bodies.
66
67         This primarily consists of pushing the calls to finishCreation() down 
68         into the constructors of the subclasses of the second level of the hierarchy 
69         as well as pulling the finishCreation() calls out into the class's corresponding
70         create() method if it has one.  Doing both simultaneously allows us to 
71         maintain the invariant that the finishCreation() method chain is called exactly 
72         once during the creation of an object, since calling it any other number of 
73         times (0, 2, or more) will cause an assertion failure.
74
75         * API/JSCallbackConstructor.cpp:
76         (JSC::JSCallbackConstructor::JSCallbackConstructor):
77         (JSC::JSCallbackConstructor::finishCreation):
78         * API/JSCallbackConstructor.h:
79         * API/JSCallbackObject.h:
80         (JSC::JSCallbackObject::create):
81         * API/JSCallbackObjectFunctions.h:
82         (JSC::::JSCallbackObject):
83         (JSC::::finishCreation):
84         * JavaScriptCore.JSVALUE64only.exp:
85         * JavaScriptCore.exp:
86         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
87         * debugger/DebuggerActivation.cpp:
88         (JSC::DebuggerActivation::DebuggerActivation):
89         (JSC::DebuggerActivation::create):
90         * debugger/DebuggerActivation.h:
91         * runtime/Arguments.h:
92         (JSC::Arguments::create):
93         (JSC::Arguments::createNoParameters):
94         (JSC::Arguments::Arguments):
95         * runtime/ArrayPrototype.cpp:
96         (JSC::ArrayPrototype::ArrayPrototype):
97         (JSC::ArrayPrototype::finishCreation):
98         * runtime/ArrayPrototype.h:
99         * runtime/BooleanObject.cpp:
100         (JSC::BooleanObject::BooleanObject):
101         (JSC::BooleanObject::finishCreation):
102         * runtime/BooleanObject.h:
103         * runtime/DateInstance.cpp:
104         (JSC::DateInstance::DateInstance):
105         (JSC::DateInstance::finishCreation):
106         * runtime/DateInstance.h:
107         * runtime/ErrorInstance.cpp:
108         (JSC::ErrorInstance::ErrorInstance):
109         * runtime/ErrorInstance.h:
110         (JSC::ErrorInstance::create):
111         * runtime/ErrorPrototype.cpp:
112         (JSC::ErrorPrototype::ErrorPrototype):
113         (JSC::ErrorPrototype::finishCreation):
114         * runtime/ErrorPrototype.h:
115         * runtime/ExceptionHelpers.cpp:
116         (JSC::InterruptedExecutionError::InterruptedExecutionError):
117         (JSC::InterruptedExecutionError::create):
118         (JSC::TerminatedExecutionError::TerminatedExecutionError):
119         (JSC::TerminatedExecutionError::create):
120         * runtime/Executable.cpp:
121         (JSC::EvalExecutable::EvalExecutable):
122         (JSC::ProgramExecutable::ProgramExecutable):
123         (JSC::FunctionExecutable::FunctionExecutable):
124         * runtime/Executable.h:
125         (JSC::NativeExecutable::create):
126         (JSC::NativeExecutable::NativeExecutable):
127         (JSC::EvalExecutable::create):
128         (JSC::ProgramExecutable::create):
129         (JSC::FunctionExecutable::create):
130         * runtime/InternalFunction.cpp:
131         (JSC::InternalFunction::InternalFunction):
132         (JSC::InternalFunction::finishCreation):
133         * runtime/InternalFunction.h:
134         * runtime/JSActivation.cpp:
135         (JSC::JSActivation::JSActivation):
136         (JSC::JSActivation::finishCreation):
137         * runtime/JSActivation.h:
138         * runtime/JSArray.cpp:
139         (JSC::JSArray::JSArray):
140         * runtime/JSArray.h:
141         (JSC::JSArray::create):
142         * runtime/JSByteArray.cpp:
143         (JSC::JSByteArray::JSByteArray):
144         * runtime/JSByteArray.h:
145         (JSC::JSByteArray::create):
146         * runtime/JSFunction.cpp:
147         (JSC::JSFunction::JSFunction):
148         (JSC::JSFunction::finishCreation):
149         * runtime/JSFunction.h:
150         (JSC::JSFunction::create):
151         * runtime/JSGlobalObject.h:
152         (JSC::JSGlobalObject::JSGlobalObject):
153         (JSC::JSGlobalObject::finishCreation):
154         * runtime/JSNotAnObject.h:
155         (JSC::JSNotAnObject::JSNotAnObject):
156         (JSC::JSNotAnObject::create):
157         * runtime/JSONObject.cpp:
158         (JSC::JSONObject::JSONObject):
159         (JSC::JSONObject::finishCreation):
160         * runtime/JSONObject.h:
161         * runtime/JSObjectWithGlobalObject.cpp:
162         (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
163         * runtime/JSObjectWithGlobalObject.h:
164         * runtime/JSStaticScopeObject.h:
165         (JSC::JSStaticScopeObject::create):
166         (JSC::JSStaticScopeObject::finishCreation):
167         (JSC::JSStaticScopeObject::JSStaticScopeObject):
168         * runtime/JSVariableObject.h:
169         (JSC::JSVariableObject::JSVariableObject):
170         * runtime/JSWrapperObject.h:
171         (JSC::JSWrapperObject::JSWrapperObject):
172         * runtime/MathObject.cpp:
173         (JSC::MathObject::MathObject):
174         (JSC::MathObject::finishCreation):
175         * runtime/MathObject.h:
176         * runtime/NumberObject.cpp:
177         (JSC::NumberObject::NumberObject):
178         (JSC::NumberObject::finishCreation):
179         * runtime/NumberObject.h:
180         * runtime/ObjectPrototype.cpp:
181         (JSC::ObjectPrototype::ObjectPrototype):
182         * runtime/ObjectPrototype.h:
183         (JSC::ObjectPrototype::create):
184         * runtime/RegExpConstructor.cpp:
185         (JSC::RegExpMatchesArray::RegExpMatchesArray):
186         (JSC::RegExpMatchesArray::finishCreation):
187         * runtime/RegExpMatchesArray.h:
188         * runtime/RegExpObject.cpp:
189         (JSC::RegExpObject::RegExpObject):
190         (JSC::RegExpObject::finishCreation):
191         * runtime/RegExpObject.h:
192         * runtime/StrictEvalActivation.cpp:
193         (JSC::StrictEvalActivation::StrictEvalActivation):
194         * runtime/StrictEvalActivation.h:
195         (JSC::StrictEvalActivation::create):
196         * runtime/StringObject.cpp:
197         (JSC::StringObject::StringObject):
198         (JSC::StringObject::finishCreation):
199         * runtime/StringObject.h:
200
201 2011-09-01  Daniel Bates  <dbates@rim.com>
202
203         QNX GCC distribution doesn't support vasprintf()
204         https://bugs.webkit.org/show_bug.cgi?id=67423
205
206         Reviewed by Antonio Gomes.
207
208         * wtf/Platform.h: Don't enable HAVE_VASPRINTF when building with GCC on QNX.
209
210 2011-09-01  Michael Saboff  <msaboff@apple.com>
211
212         Remove simple usage of UString::characters() from JavaScriptCore
213         https://bugs.webkit.org/show_bug.cgi?id=67340
214
215         In preparation to allowing StringImpl to be backed by 8 bit 
216         characters when appropriate, we need to eliminate or change the
217         usage of StringImpl::characters().  Most of the changes below
218         change s->characters()[0] to s[0].
219
220         Reviewed by Geoffrey Garen.
221
222         * bytecompiler/BytecodeGenerator.cpp:
223         (JSC::keyForCharacterSwitch):
224         * bytecompiler/NodesCodegen.cpp:
225         (JSC::processClauseList):
226         * interpreter/Interpreter.cpp:
227         (JSC::Interpreter::privateExecute):
228         * jit/JITStubs.cpp:
229         (JSC::DEFINE_STUB_FUNCTION):
230         * runtime/Identifier.cpp:
231         (JSC::Identifier::addSlowCase):
232         * runtime/JSGlobalObjectFunctions.cpp:
233         (JSC::jsToNumber):
234         (JSC::parseFloat):
235         * runtime/JSString.cpp:
236         (JSC::JSString::substringFromRope):
237         * runtime/JSString.h:
238         (JSC::jsSingleCharacterSubstring):
239         (JSC::jsString):
240         (JSC::jsSubstring):
241         (JSC::jsOwnedString):
242         * runtime/RegExp.cpp:
243         (JSC::regExpFlags):
244         * wtf/text/StringBuilder.h:
245         (WTF::StringBuilder::operator[]):
246
247 2011-09-01  Ada Chan  <adachan@apple.com>
248
249         Export fastMallocStatistics and Heap::objectTypeCounts for https://bugs.webkit.org/show_bug.cgi?id=67160.
250
251         Reviewed by Darin Adler.
252
253         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
254
255 2011-09-01  Hao Zheng  <zhenghao@chromium.org>
256
257         Define PTHREAD_KEYS_MAX to fix Android port build.
258         https://bugs.webkit.org/show_bug.cgi?id=67362
259
260         Reviewed by Adam Barth.
261
262         PTHREAD_KEYS_MAX is not defined in bionic, so explicitly define it.
263
264         * wtf/ThreadIdentifierDataPthreads.cpp:
265
266 2011-08-31  Oliver Hunt  <oliver@apple.com>
267
268         Fix build.
269
270         * wtf/CheckedArithmetic.h:
271         (WTF::Checked::Checked):
272         (WTF::Checked::operator=):
273
274 2011-08-31  Oliver Hunt  <oliver@apple.com>
275
276         fast/regex/overflow.html asserts in debug builds
277         https://bugs.webkit.org/show_bug.cgi?id=67326
278
279         Reviewed by Gavin Barraclough.
280
281         The deliberate overflows in these expressions don't interact nicely
282         with Checked<32bit-type> so we just bump up to Checked<int64_t> for the
283         intermediate calculations.
284
285         * yarr/YarrJIT.cpp:
286         (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
287         (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
288
289 2011-08-31  Jeff Miller  <jeffm@apple.com>
290
291         REGRESSION(92210): AVFoundation media engine is disabled on OS X
292         https://bugs.webkit.org/show_bug.cgi?id=67316
293
294         Move the definition of WTF_USE_AVFOUNDATION on the Mac back to JavaScriptCore/wtf/Platform.h,
295         since WebKit2 doesn't have access to WebCore/config.h on this platform. This reverts the
296         changes that were made in r92210.
297
298         Reviewed by Darin Adler.
299
300         * wtf/Platform.h: Added definition of WTF_USE_AVFOUNDATION on the Mac.
301
302 2011-08-31  Peter Beverloo  <peter@chromium.org>
303
304         Add Android's platform specification and the right atomic functions.
305         https://bugs.webkit.org/show_bug.cgi?id=66687
306
307         Reviewed by Adam Barth.
308
309         * wtf/Atomics.h:
310         (WTF::atomicIncrement):
311         (WTF::atomicDecrement):
312         * wtf/Platform.h:
313
314 2011-08-30  Oliver Hunt  <oliver@apple.com>
315
316         Add support for checked arithmetic
317         https://bugs.webkit.org/show_bug.cgi?id=67095
318
319         Reviewed by Sam Weinig.
320
321         Add a checked arithmetic class Checked<T> that provides overflow-safe
322         arithmetic over all integral types.  Checked<T> supports addition, subtraction
323         and multiplication, along with "bool" conversions and equality operators.
324
325         Checked<> can be used in either CRASH() on overflow or delayed failure modes,
326         although the default is to CRASH().
327
328         To ensure the code is actually in use (rather than checking in dead code) I've
329         made a couple of properties in YARR use Checked<int> and Checked<unsigned>
330         instead of raw value arithmetic.  This has resulted in a moderate set of changes,
331         to YARR - mostly adding .get() calls, but a couple of casts from unsigned long
332         to unsigned for some uses of sizeof, as Checked<> currently does not support
333         mixed signed-ness of types wider that 32 bits.
334
335         Happily the increased type safety of Checked<> means that it's not possible to
336         accidentally assign away precision, nor accidentally call integer overload of
337         a function instead of the bool version.
338
339         No measurable regression in performance, and SunSpider claims this patch to be
340         a progression of 0.3%.
341
342         * GNUmakefile.list.am:
343         * JavaScriptCore.gypi:
344         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
345         * JavaScriptCore.xcodeproj/project.pbxproj:
346         * wtf/CheckedArithmetic.h: Added.
347         (WTF::CrashOnOverflow::overflowed):
348         (WTF::CrashOnOverflow::clearOverflow):
349         (WTF::CrashOnOverflow::hasOverflowed):
350         (WTF::RecordOverflow::RecordOverflow):
351         (WTF::RecordOverflow::overflowed):
352         (WTF::RecordOverflow::clearOverflow):
353         (WTF::RecordOverflow::hasOverflowed):
354         (WTF::isInBounds):
355         (WTF::safeAdd):
356         (WTF::safeSub):
357         (WTF::safeMultiply):
358         (WTF::safeEquals):
359         (WTF::workAroundClangBug):
360         (WTF::Checked::Checked):
361         (WTF::Checked::operator=):
362         (WTF::Checked::operator++):
363         (WTF::Checked::operator--):
364         (WTF::Checked::operator!):
365         (WTF::Checked::operator UnspecifiedBoolType*):
366         (WTF::Checked::get):
367         (WTF::Checked::operator+=):
368         (WTF::Checked::operator-=):
369         (WTF::Checked::operator*=):
370         (WTF::Checked::operator==):
371         (WTF::Checked::operator!=):
372         (WTF::operator+):
373         (WTF::operator-):
374         (WTF::operator*):
375         * yarr/YarrInterpreter.cpp:
376         (JSC::Yarr::ByteCompiler::atomPatternCharacter):
377         (JSC::Yarr::ByteCompiler::atomCharacterClass):
378         (JSC::Yarr::ByteCompiler::atomBackReference):
379         (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
380         (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
381         (JSC::Yarr::ByteCompiler::atomParenthesesOnceEnd):
382         (JSC::Yarr::ByteCompiler::atomParenthesesTerminalEnd):
383         * yarr/YarrInterpreter.h:
384         (JSC::Yarr::ByteTerm::ByteTerm):
385         (JSC::Yarr::ByteTerm::CheckInput):
386         (JSC::Yarr::ByteTerm::UncheckInput):
387         * yarr/YarrJIT.cpp:
388         (JSC::Yarr::YarrGenerator::generateAssertionEOL):
389         (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
390         (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
391         (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
392         (JSC::Yarr::YarrGenerator::generateCharacterClassOnce):
393         (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
394         (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
395         (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
396         * yarr/YarrPattern.cpp:
397         (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
398         * yarr/YarrPattern.h:
399
400 2011-08-31  Andrei Popescu  <andreip@google.com>
401
402         Investigate current uses of OS(ANDROID)
403         https://bugs.webkit.org/show_bug.cgi?id=66761
404
405         Unreviewed, build fix for ARM platforms.
406
407         * wtf/Platform.h:
408
409 2011-08-31  Andrei Popescu  <andreip@google.com>
410
411         Investigate current uses of OS(ANDROID)
412         https://bugs.webkit.org/show_bug.cgi?id=66761
413
414         Reviewed by Darin Adler.
415
416         Remove the last legacy Android code.
417
418         No new tests needed as the code wasn't tested in the first place.
419
420         * wtf/Atomics.h:
421         * wtf/Platform.h:
422         * wtf/ThreadingPthreads.cpp:
423         (WTF::createThreadInternal):
424
425 2011-08-30  Aaron Colwell  <acolwell@chromium.org>
426
427         Add MediaSource API to HTMLMediaElement
428         https://bugs.webkit.org/show_bug.cgi?id=64731
429
430         Reviewed by Eric Carlson.
431
432         * Configurations/FeatureDefines.xcconfig:
433
434 2011-08-30  Oliver Hunt  <oliver@apple.com>
435
436         TypedArrays don't ensure that denormalised values are normalised
437         https://bugs.webkit.org/show_bug.cgi?id=67178
438
439         Reviewed by Gavin Barraclough.
440
441         Add a couple of assertions to jsNumber() to ensure that
442         we block signaling NaNs
443
444         * runtime/JSValue.h:
445         (JSC::jsDoubleNumber):
446         (JSC::jsNumber):
447
448 2011-08-30  Ademar de Souza Reis Jr.  <ademar.reis@openbossa.org>
449
450         [Qt] Do not unconditionally use pkg-config in .pro files
451         https://bugs.webkit.org/show_bug.cgi?id=67055
452
453         Reviewed by Andreas Kling.
454
455         Original patch from Rohan McGovern <rohan.mcgovern@nokia.com>
456
457         Using the first pkg-config in PATH is prone to errors when cross
458         compiling inside the Qt repository (using Qt's build-system).
459
460         This patch protect calls for pkg-config with
461         !contains(QT_CONFIG, no-pkg-config). no-pkg-config is added to
462         QT_CONFIG by Qt's 'configure' when cross-compiling on systems
463         without pkg-config.
464
465         The respective change in Qt's configure has been submited already.
466
467         No new tests as this is just a build change.
468
469         * wtf/wtf.pri: protect pkg-config calls
470
471 2011-08-29  Daniel Bates  <dbates@webkit.org>
472
473         Add HAVE(VASPRINTF) macro to test for vasprintf() support
474         https://bugs.webkit.org/show_bug.cgi?id=67156
475
476         Reviewed by Darin Adler.
477
478         Encapsulate testing of vasprintf() support in a HAVE macro
479         instead of hardcoding the list of supported/unsupported
480         compilers at the call site.
481
482         * wtf/Platform.h:
483
484 2011-08-29  Mark Hahnenberg  <mhahnenberg@apple.com>
485
486         Unzip initialization lists and constructors in JSCell hierarchy (3/7)
487         https://bugs.webkit.org/show_bug.cgi?id=67064
488
489         Reviewed by Darin Adler.
490
491         Completed the third level of the refactoring to add finishCreation() 
492         methods to all classes within the JSCell hierarchy with non-trivial 
493         constructor bodies.
494
495         This primarily consists of pushing the calls to finishCreation() down 
496         into the constructors of the subclasses of the second level of the hierarchy 
497         as well as pulling the finishCreation() calls out into the class's corresponding
498         create() method if it has one.  Doing both simultaneously allows us to 
499         maintain the invariant that the finishCreation() method chain is called exactly 
500         once during the creation of an object, since calling it any other number of 
501         times (0, 2, or more) will cause an assertion failure.
502
503         * debugger/DebuggerActivation.cpp:
504         (JSC::DebuggerActivation::DebuggerActivation):
505         (JSC::DebuggerActivation::finishCreation):
506         * debugger/DebuggerActivation.h:
507         (JSC::DebuggerActivation::create):
508         * runtime/Arguments.h:
509         (JSC::Arguments::create):
510         (JSC::Arguments::createNoParameters):
511         (JSC::Arguments::Arguments):
512         (JSC::Arguments::finishCreation):
513         * runtime/ErrorInstance.cpp:
514         (JSC::ErrorInstance::ErrorInstance):
515         * runtime/ErrorInstance.h:
516         (JSC::ErrorInstance::finishCreation):
517         * runtime/ExceptionHelpers.cpp:
518         (JSC::InterruptedExecutionError::InterruptedExecutionError):
519         (JSC::TerminatedExecutionError::TerminatedExecutionError):
520         * runtime/Executable.cpp:
521         (JSC::EvalExecutable::EvalExecutable):
522         (JSC::ProgramExecutable::ProgramExecutable):
523         (JSC::FunctionExecutable::FunctionExecutable):
524         Moved the assignment of m_firstLine and m_lastLine into the 
525         FunctionExecutable::finishCreation() method in Executable.h
526         * runtime/Executable.h:
527         (JSC::ScriptExecutable::ScriptExecutable):
528         (JSC::EvalExecutable::create):
529         (JSC::ProgramExecutable::create):
530         (JSC::FunctionExecutable::create):
531         (JSC::FunctionExecutable::finishCreation):
532         * runtime/JSArray.cpp:
533         (JSC::JSArray::JSArray):
534         (JSC::JSArray::finishCreation):
535         * runtime/JSArray.h:
536         * runtime/JSByteArray.cpp:
537         (JSC::JSByteArray::JSByteArray):
538         * runtime/JSByteArray.h:
539         (JSC::JSByteArray::finishCreation):
540         * runtime/JSNotAnObject.h:
541         (JSC::JSNotAnObject::JSNotAnObject):
542         * runtime/JSObject.h:
543         (JSC::JSNonFinalObject::JSNonFinalObject):
544         * runtime/JSObjectWithGlobalObject.cpp:
545         (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
546         (JSC::JSObjectWithGlobalObject::finishCreation):
547         * runtime/JSObjectWithGlobalObject.h:
548         * runtime/JSVariableObject.h:
549         (JSC::JSVariableObject::JSVariableObject):
550         (JSC::JSVariableObject::finishCreation):
551         * runtime/JSWrapperObject.h:
552         (JSC::JSWrapperObject::JSWrapperObject):
553         * runtime/ObjectPrototype.cpp:
554         (JSC::ObjectPrototype::ObjectPrototype):
555         (JSC::ObjectPrototype::finishCreation):
556         * runtime/ObjectPrototype.h:
557         * runtime/StrictEvalActivation.cpp:
558         (JSC::StrictEvalActivation::StrictEvalActivation):
559
560 2011-08-29  Andreas Kling  <kling@webkit.org>
561
562         Unreviewed build fix after r93990.
563
564         * wtf/HashTable.h:
565
566 2011-08-29  Andreas Kling  <kling@webkit.org>
567
568         Viewing a post on reddit.com wastes a lot of memory on event listeners.
569         https://bugs.webkit.org/show_bug.cgi?id=67133
570
571         Reviewed by Darin Adler.
572
573         Add a minimum table size to the HashTraits, instead of having it hard coded.
574         The default value remains at 64, but can now be specialized.
575
576         * runtime/StructureTransitionTable.h:
577         * wtf/HashTable.h:
578         (WTF::HashTable::shouldShrink):
579         (WTF::::expand):
580         (WTF::::checkTableConsistencyExceptSize):
581         * wtf/HashTraits.h:
582
583 2011-08-28  Jonathan Liu  <net147@gmail.com>
584
585         Fix build error when compiling with MinGW-w64 by disabling JIT
586         on Windows 64-bit
587         https://bugs.webkit.org/show_bug.cgi?id=61235
588
589         Reviewed by Gavin Barraclough.
590
591         The fixed mmap executable allocator for JIT on x86_64 requires
592         sys/mman.h which is not available on Windows.
593
594         * wtf/Platform.h:
595
596 2011-08-27  Filip Pizlo  <fpizlo@apple.com>
597
598         JSC::Executable is inconsistent about using weak handle finalizers
599         and destructors for releasing memory
600         https://bugs.webkit.org/show_bug.cgi?id=67072
601
602         Reviewed by Darin Adler.
603         
604         Moved more of the destruction of Executable state into the finalizer,
605         which also resulted in an opportunity to mostly combine this with
606         discardCode().  This also means that the finalizer is now enabled even
607         when the JIT is turned off.  This is performance neutral on SunSpider,
608         V8, and Kraken.
609
610         * runtime/Executable.cpp:
611         (JSC::ExecutableBase::clearCode):
612         (JSC::ExecutableFinalizer::finalize):
613         (JSC::EvalExecutable::clearCode):
614         (JSC::ProgramExecutable::clearCode):
615         (JSC::FunctionExecutable::discardCode):
616         (JSC::FunctionExecutable::clearCode):
617         * runtime/Executable.h:
618         (JSC::ExecutableBase::finishCreation):
619
620 2011-08-26  Gavin Barraclough  <barraclough@apple.com>
621
622         DFG JIT - ArithMod may clobber operands.
623         https://bugs.webkit.org/show_bug.cgi?id=67085
624
625         Reviewed by Sam Weinig.
626
627         unboxDouble must be called on a temporary.
628
629         * dfg/DFGJITCodeGenerator.cpp:
630         (JSC::DFG::JITCodeGenerator::fillDouble):
631         * dfg/DFGJITCodeGenerator.h:
632         (JSC::DFG::JITCodeGenerator::boxDouble):
633         * dfg/DFGNonSpeculativeJIT.cpp:
634         (JSC::DFG::NonSpeculativeJIT::compile):
635         * dfg/DFGSpeculativeJIT.cpp:
636         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
637
638 2011-08-26  Mark Hahnenberg  <mhahnenberg@apple.com>
639
640         Unzip initialization lists and constructors in JSCell hierarchy (2/7)
641         https://bugs.webkit.org/show_bug.cgi?id=66957
642
643         Reviewed by Darin Adler.
644
645         Completed the second level of the refactoring to add finishCreation()
646         methods to all classes within the JSCell hierarchy with non-trivial 
647         constructor bodies.
648
649         * runtime/Executable.h:
650         (JSC::ExecutableBase::ExecutableBase):
651         (JSC::ExecutableBase::create):
652         (JSC::NativeExecutable::create):
653         (JSC::NativeExecutable::finishCreation):
654         (JSC::NativeExecutable::NativeExecutable):
655         (JSC::ScriptExecutable::ScriptExecutable):
656         (JSC::ScriptExecutable::finishCreation):
657         * runtime/GetterSetter.h:
658         (JSC::GetterSetter::GetterSetter):
659         (JSC::GetterSetter::create):
660         * runtime/JSAPIValueWrapper.h:
661         (JSC::JSAPIValueWrapper::create):
662         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
663         * runtime/JSObject.h:
664         (JSC::JSNonFinalObject::JSNonFinalObject):
665         (JSC::JSNonFinalObject::finishCreation):
666         (JSC::JSFinalObject::create):
667         (JSC::JSFinalObject::finishCreation):
668         (JSC::JSFinalObject::JSFinalObject):
669         (JSC::JSObject::JSObject):
670         * runtime/JSPropertyNameIterator.cpp:
671         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
672         (JSC::JSPropertyNameIterator::create):
673         * runtime/JSPropertyNameIterator.h:
674         (JSC::JSPropertyNameIterator::create):
675         * runtime/RegExp.cpp:
676         (JSC::RegExp::RegExp):
677         (JSC::RegExp::createWithoutCaching):
678         * runtime/ScopeChain.h:
679         (JSC::ScopeChainNode::ScopeChainNode):
680         (JSC::ScopeChainNode::create):
681         * runtime/Structure.cpp:
682         (JSC::Structure::Structure):
683         * runtime/Structure.h:
684         (JSC::Structure::create):
685         (JSC::Structure::finishCreation):
686         (JSC::Structure::createStructure):
687         * runtime/StructureChain.cpp:
688         (JSC::StructureChain::StructureChain):
689         * runtime/StructureChain.h:
690         (JSC::StructureChain::create):
691
692 2011-08-26  Filip Pizlo  <fpizlo@apple.com>
693
694         The GC does not have a facility for profiling the kinds of objects
695         that occupy the heap
696         https://bugs.webkit.org/show_bug.cgi?id=66849
697
698         Reviewed by Geoffrey Garen.
699         
700         Destructor calls and object scans are now optionally counted, per
701         vtable. When the heap is destroyed and profiling is enabled, the
702         counts are dumped, with care taken to print the names of classes
703         (modulo C++ mangling) sorted in descending commonality.
704
705         * GNUmakefile.list.am:
706         * JavaScriptCore.exp:
707         * JavaScriptCore.pro:
708         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
709         * JavaScriptCore.xcodeproj/project.pbxproj:
710         * heap/Heap.cpp:
711         (JSC::Heap::destroy):
712         * heap/Heap.h:
713         * heap/MarkStack.cpp:
714         (JSC::SlotVisitor::visitChildren):
715         (JSC::SlotVisitor::drain):
716         * heap/MarkStack.h:
717         * heap/MarkedBlock.cpp:
718         (JSC::MarkedBlock::callDestructor):
719         * heap/MarkedBlock.h:
720         * heap/VTableSpectrum.cpp: Added.
721         (JSC::VTableSpectrum::VTableSpectrum):
722         (JSC::VTableSpectrum::~VTableSpectrum):
723         (JSC::VTableSpectrum::countVPtr):
724         (JSC::VTableSpectrum::count):
725         (JSC::VTableAndCount::VTableAndCount):
726         (JSC::VTableAndCount::operator<):
727         (JSC::VTableSpectrum::dump):
728         * heap/VTableSpectrum.h: Added.
729         * wtf/Platform.h:
730
731 2011-08-26  Juan C. Montemayor  <jmont@apple.com>
732
733         Update topCallFrame when calling host functions in the JIT
734         https://bugs.webkit.org/show_bug.cgi?id=67010
735
736         Reviewed by Oliver Hunt.
737         
738         The topCallFrame is not being updated when a host function is
739         called by the JIT. This causes problems when trying to create a
740         stack trace (https://bugs.webkit.org/show_bug.cgi?id=66994).
741
742         * jit/JITOpcodes.cpp:
743         (JSC::JIT::privateCompileCTIMachineTrampolines):
744         (JSC::JIT::privateCompileCTINativeCall):
745
746 2011-08-26  Alexey Proskuryakov  <ap@apple.com>
747
748         Get rid of frame life support timer
749         https://bugs.webkit.org/show_bug.cgi?id=66874
750
751         Reviewed by Geoff Garen.
752
753         * runtime/JSGlobalObject.h:
754         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
755         globalExec() no longer needs to be virtual, its only override was in JSDOMWindowBase.
756
757 2011-08-26  Chao-ying Fu  <fu@mips.com>
758
759         Fix MIPS patchOffsetGetByIdSlowCaseCall
760         https://bugs.webkit.org/show_bug.cgi?id=67046
761
762         Reviewed by Gavin Barraclough.
763
764         * jit/JIT.h:
765
766 2011-08-25  Mark Hahnenberg  <mhahnenberg@apple.com>
767
768         Fixing broken build due to unused variables in release mode
769         https://bugs.webkit.org/show_bug.cgi?id=67004
770
771         Unreviewed, release build fix.
772
773         Fixing broken build due to unused variables in ASSERTs in release build.
774
775         * runtime/JSObject.h:
776         (JSC::JSObject::finishCreation):
777         * runtime/JSString.h:
778         (JSC::RopeBuilder::finishCreation):
779         * runtime/ScopeChain.h:
780         (JSC::ScopeChainNode::finishCreation):
781
782 2011-08-25  Mark Hahnenberg  <mhahnenberg@apple.com>
783
784         Unzip initialization lists and constructors in JSCell hierarchy (1/7)
785         https://bugs.webkit.org/show_bug.cgi?id=66827
786
787         Reviewed by Geoffrey Garen.
788
789         Added finishCreation() methods to all immediately subclasses of JSCell with
790         non-empty constructors.  Part of a larger refactoring to "unzip" initialization
791         lists and constructor bodies.  Also renamed JSCell's constructorBody() method
792         to finishCreation().
793
794         * runtime/Executable.h:
795         (JSC::ExecutableBase::ExecutableBase):
796         (JSC::ExecutableBase::constructorBody):
797         * runtime/GetterSetter.h:
798         (JSC::GetterSetter::GetterSetter):
799         * runtime/JSAPIValueWrapper.h:
800         (JSC::JSAPIValueWrapper::constructorBody):
801         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
802         * runtime/JSCell.h:
803         (JSC::JSCell::JSCell::JSCell):
804         (JSC::JSCell::JSCell::constructorBody):
805         * runtime/JSObject.h:
806         (JSC::JSObject::constructorBody):
807         (JSC::JSObject::JSObject):
808         * runtime/JSPropertyNameIterator.h:
809         (JSC::JSPropertyNameIterator::constructorBody):
810         * runtime/JSString.h:
811         (JSC::RopeBuilder::JSString):
812         (JSC::RopeBuilder::constructorBody):
813         * runtime/RegExp.cpp:
814         (JSC::RegExp::RegExp):
815         (JSC::RegExp::constructorBody):
816         * runtime/RegExp.h:
817         * runtime/ScopeChain.h:
818         (JSC::ScopeChainNode::ScopeChainNode):
819         (JSC::ScopeChainNode::constructorBody):
820         * runtime/Structure.cpp:
821         (JSC::Structure::Structure):
822         * runtime/StructureChain.cpp:
823         (JSC::StructureChain::StructureChain):
824         * runtime/StructureChain.h:
825         (JSC::StructureChain::create):
826         (JSC::StructureChain::constructorBody):
827
828 2011-08-25  Gabor Loki  <loki@webkit.org>
829
830         REGRESSION(r93755): It made 14 jsc test and ~500 layout test fail on Qt-ARM bot
831         https://bugs.webkit.org/show_bug.cgi?id=66956
832
833         Rebaseline constants for patching GetByIdSlowCaseCall on ARM.
834
835         Reviewed by Oliver Hunt.
836
837         * jit/JIT.h:
838
839 2011-08-24  Juan C. Montemayor  <jmont@apple.com>
840
841         Keep track of topCallFrame for Stack traces
842         https://bugs.webkit.org/show_bug.cgi?id=66571
843
844         Reviewed by Geoffrey Garen.
845
846         This patch adds a TopCallFrame to JSC in order to have that information
847         when an error is thrown to create a stack trace. The TopCallFrame is
848         updated throughout select points in the Interpreter and the JSC.
849
850         * interpreter/Interpreter.cpp:
851         (JSC::Interpreter::unwindCallFrame):
852         (JSC::Interpreter::throwException):
853         (JSC::Interpreter::execute):
854         (JSC::Interpreter::executeCall):
855         (JSC::Interpreter::executeConstruct):
856         (JSC::Interpreter::privateExecute):
857         * interpreter/Interpreter.h:
858         (JSC::TopCallFrameSetter::TopCallFrameSetter):
859         (JSC::TopCallFrameSetter::~TopCallFrameSetter):
860         * jit/JIT.h:
861         * jit/JITInlineMethods.h:
862         (JSC::JIT::updateTopCallFrame):
863         * jit/JITStubCall.h:
864         (JSC::JITStubCall::call):
865         * jit/JITStubs.cpp:
866         (JSC::throwExceptionFromOpCall):
867         (JSC::DEFINE_STUB_FUNCTION):
868         (JSC::arityCheckFor):
869         * runtime/JSGlobalData.cpp:
870         (JSC::JSGlobalData::JSGlobalData):
871         * runtime/JSGlobalData.h:
872
873 2011-08-24  Filip Pizlo  <fpizlo@apple.com>
874
875         ErrorInstance::create sometimes has two heap object constructions
876         in flight at once
877         https://bugs.webkit.org/show_bug.cgi?id=66845
878
879         Reviewed by Darin Adler.
880         
881         The fix is simple since there is already a second create() method
882         that takes a UString.
883
884         * runtime/ErrorInstance.cpp:
885         (JSC::ErrorInstance::create):
886
887 2011-08-24  Filip Pizlo  <fpizlo@apple.com>
888
889         There is no facility for profiling how the write barrier is used
890         https://bugs.webkit.org/show_bug.cgi?id=66747
891
892         Reviewed by Geoffrey Garen.
893         
894         Added facilities for the JIT to specify the kind of write barrier
895         being executed.  Added code for profiling the number of each kind
896         of barrier encountered.
897
898         * GNUmakefile.list.am:
899         * JavaScriptCore.exp:
900         * JavaScriptCore.pro:
901         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
902         * JavaScriptCore.xcodeproj/project.pbxproj:
903         * dfg/DFGJITCodeGenerator.cpp:
904         (JSC::DFG::JITCodeGenerator::writeBarrier):
905         (JSC::DFG::JITCodeGenerator::cachedPutById):
906         * dfg/DFGJITCodeGenerator.h:
907         * dfg/DFGJITCompiler.cpp:
908         (JSC::DFG::JITCompiler::emitCount):
909         * dfg/DFGJITCompiler.h:
910         (JSC::DFG::JITCompiler::emitCount):
911         * dfg/DFGNonSpeculativeJIT.cpp:
912         (JSC::DFG::NonSpeculativeJIT::compile):
913         * dfg/DFGRepatch.cpp:
914         (JSC::DFG::tryCachePutByID):
915         * dfg/DFGSpeculativeJIT.cpp:
916         (JSC::DFG::SpeculativeJIT::compile):
917         * heap/Heap.h:
918         (JSC::Heap::writeBarrier):
919         * heap/WriteBarrierSupport.cpp: Added.
920         (JSC::WriteBarrierCounters::initialize):
921         * heap/WriteBarrierSupport.h: Added.
922         (JSC::WriteBarrierCounters::WriteBarrierCounters):
923         (JSC::WriteBarrierCounters::jitCounterFor):
924         (JSC::WriteBarrierCounters::countWriteBarrier):
925         * jit/JIT.h:
926         * jit/JITPropertyAccess.cpp:
927         (JSC::JIT::emit_op_put_by_id):
928         (JSC::JIT::privateCompilePutByIdTransition):
929         (JSC::JIT::emit_op_put_scoped_var):
930         (JSC::JIT::emit_op_put_global_var):
931         (JSC::JIT::emitWriteBarrier):
932         * jit/JITPropertyAccess32_64.cpp:
933         (JSC::JIT::emit_op_put_by_val):
934         (JSC::JIT::emit_op_put_by_id):
935         (JSC::JIT::privateCompilePutByIdTransition):
936         (JSC::JIT::emit_op_put_scoped_var):
937         (JSC::JIT::emit_op_put_global_var):
938         (JSC::JIT::emitWriteBarrier):
939         * runtime/InitializeThreading.cpp:
940         (JSC::initializeThreadingOnce):
941         * runtime/WriteBarrier.h:
942         (JSC::WriteBarrierBase::setWithoutWriteBarrier):
943
944 2011-08-23  Mark Hahnenberg  <mhahnenberg@apple.com>
945
946         Add checks to ensure allocation does not take place during initialization of GC-managed objects
947         https://bugs.webkit.org/show_bug.cgi?id=65288
948
949         Reviewed by Darin Adler.
950
951         Adding the new validation functionality.  In its current state, it will performs checks, 
952         but they don't fail unless you do allocation in the arguments to the parent constructor in the 
953         initialization list of a class.  The allocateCell() method turns on the global flag disallowing any new 
954         allocations, and the constructorBody() method in JSCell turns it off.  This way, allocation is still 
955         allowed in constructor bodies while other refactoring efforts continue.
956
957         * runtime/JSCell.h:
958         (JSC::JSCell::JSCell::constructorBody):
959         (JSC::JSCell::JSCell::JSCell):
960         (JSC::JSCell::allocateCell):
961         * runtime/JSGlobalData.cpp:
962         (JSC::JSGlobalData::JSGlobalData):
963         * runtime/JSGlobalData.h:
964         (JSC::JSGlobalData::isInitializingObject):
965         (JSC::JSGlobalData::setInitializingObject):
966         * runtime/StringObjectThatMasqueradesAsUndefined.h:
967         (JSC::StringObjectThatMasqueradesAsUndefined::create):
968
969 2011-08-23  Gavin Barraclough  <barraclough@apple.com>
970
971         https://bugs.webkit.org/show_bug.cgi?id=55347
972         "name" and "message" enumerable on *Error.prototype
973
974         Reviewed by Sam Weinig.
975
976         The default value of a NativeErrorPrototype's message
977         property is "", not the name of the error.
978
979         * runtime/NativeErrorConstructor.cpp:
980         (JSC::NativeErrorConstructor::NativeErrorConstructor):
981         * runtime/NativeErrorConstructor.h:
982         (JSC::NativeErrorConstructor::create):
983         (JSC::NativeErrorConstructor::constructorBody):
984         * runtime/NativeErrorPrototype.cpp:
985         (JSC::NativeErrorPrototype::NativeErrorPrototype):
986         (JSC::NativeErrorPrototype::constructorBody):
987         * runtime/NativeErrorPrototype.h:
988         (JSC::NativeErrorPrototype::create):
989         * runtime/StringPrototype.cpp:
990         (JSC::StringPrototype::StringPrototype):
991         * runtime/StringPrototype.h:
992         (JSC::StringPrototype::create):
993
994 2011-08-23  Steve Block  <steveblock@google.com>
995
996         Remove last occurrences of PLATFORM(ANDROID)
997         https://bugs.webkit.org/show_bug.cgi?id=66763
998
999         Reviewed by Tony Gentilcore.
1000
1001         * wtf/Platform.h:
1002
1003 2011-08-23  Steve Block  <steveblock@google.com>
1004
1005         Remove all mention of removed Android files from build scripts
1006         https://bugs.webkit.org/show_bug.cgi?id=66755
1007
1008         Reviewed by Tony Gentilcore.
1009
1010         * JavaScriptCore.gyp/JavaScriptCore.gyp:
1011         * JavaScriptCore.gypi:
1012         * gyp/JavaScriptCore.gyp:
1013
1014 2011-08-23  Adam Barth  <abarth@webkit.org>
1015
1016         Remove WebCore/editing/android and other Android-specific directories
1017         https://bugs.webkit.org/show_bug.cgi?id=66739
1018
1019         Reviewed by Steve Block.
1020
1021         Now that Android shares more code with Chromium, we don't need these
1022         Android-specific files.
1023
1024         * wtf/android: Removed.
1025         * wtf/android/AndroidThreading.h: Removed.
1026         * wtf/android/MainThreadAndroid.cpp: Removed.
1027
1028 2011-08-23  Ilya Tikhonovsky  <loislo@chromium.org>
1029
1030         Unreviewed build fix for compile error on Windows for r93560.
1031
1032         * runtime/SamplingCounter.h:
1033
1034 2011-08-22  Filip Pizlo  <fpizlo@apple.com>
1035
1036         Sampling counter support is in the bytecode directory
1037         https://bugs.webkit.org/show_bug.cgi?id=66724
1038
1039         Reviewed by Darin Adler.
1040         
1041         Moved SamplingCounter to a separate header in runtime/.
1042
1043         * GNUmakefile.list.am:
1044         * JavaScriptCore.pro:
1045         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1046         * JavaScriptCore.xcodeproj/project.pbxproj:
1047         * bytecode/SamplingTool.cpp:
1048         * bytecode/SamplingTool.h:
1049         * runtime/SamplingCounter.cpp: Added.
1050         (JSC::AbstractSamplingCounter::dump):
1051         * runtime/SamplingCounter.h: Added.
1052         (JSC::AbstractSamplingCounter::count):
1053         (JSC::AbstractSamplingCounter::addressOfCounter):
1054         (JSC::AbstractSamplingCounter::init):
1055         (JSC::SamplingCounter::SamplingCounter):
1056         (JSC::GlobalSamplingCounter::name):
1057         (JSC::DeletableSamplingCounter::DeletableSamplingCounter):
1058         (JSC::DeletableSamplingCounter::~DeletableSamplingCounter):
1059
1060 2011-08-21  Martin Robinson  <mrobinson@igalia.com>
1061
1062         Fix 'make dist' for WebKitGTK+.
1063
1064         * GNUmakefile.list.am: Add a missing header to the sources list.
1065
1066 2011-08-20  Filip Pizlo  <fpizlo@apple.com>
1067
1068         JavaScriptCore bytecompiler does not compute scope depth correctly
1069         in the case of constant declarations
1070         https://bugs.webkit.org/show_bug.cgi?id=66572
1071
1072         Reviewed by Oliver Hunt.
1073         
1074         Changed the handling of const to add the dynamic scope depth.
1075
1076         * bytecompiler/NodesCodegen.cpp:
1077         (JSC::ConstDeclNode::emitCodeSingle):
1078
1079 2011-08-19  Daniel Bates  <dbates@webkit.org>
1080
1081         Only #include <signal.h> and require SA_RESTART when building with JSC_MULTIPLE_THREADS
1082         https://bugs.webkit.org/show_bug.cgi?id=66617
1083
1084         Both <signal.h> and SA_RESTART usage are guarded behind ENABLE(JSC_MULTIPLE_THREADS).
1085         But we cause a compile error if the platform doesn't support SA_RESTART regardless of
1086         whether JSC_MULTIPLE_THREADS is enabled for the port. Instead, we shouldn't require
1087         SA_RESTART support unless we are building with JSC_MULTIPLE_THREADS enabled.
1088
1089         Reviewed by Antonio Gomes.
1090
1091         * heap/MachineStackMarker.cpp:
1092
1093 2011-08-19  Filip Pizlo  <fpizlo@apple.com>
1094
1095         The JSC JIT currently has no facility to profile and report
1096         the types of values
1097         https://bugs.webkit.org/show_bug.cgi?id=65901
1098
1099         Reviewed by Gavin Barraclough.
1100         
1101         Added the ability to profile the values seen at function calls (both
1102         arguments and results) and heap loads.  This is done with emphasis
1103         on performance.  A value profiling site consists of: add, and,
1104         move, and store; no branching is necessary.  Each value profiling
1105         site (called a ValueProfile) has a ring buffer of 8 recently-seen
1106         values.  ValueProfiles are stored in the CodeBlock; there will be
1107         one for each argument (excluding this) and each heap load or callsite.
1108         Each time a value profiling site executes, it stores the value into
1109         a pseudo-random element in the ValueProfile buffer.  The point is
1110         that for frequently executed code, we will have 8 somewhat recent
1111         values in the buffer and will be able to not only figure out what
1112         type it is, but also to be able to reason about the actual values
1113         if we wish to do so.
1114         
1115         This feature is currently disabled by default.  When enabled, it
1116         results in a 3.7% slow-down on SunSpider.
1117
1118         * JavaScriptCore.xcodeproj/project.pbxproj:
1119         * bytecode/CodeBlock.cpp:
1120         (JSC::CodeBlock::~CodeBlock):
1121         * bytecode/CodeBlock.h:
1122         (JSC::CodeBlock::addValueProfile):
1123         (JSC::CodeBlock::numberOfValueProfiles):
1124         (JSC::CodeBlock::valueProfile):
1125         (JSC::CodeBlock::valueProfileForBytecodeOffset):
1126         * bytecode/ValueProfile.h: Added.
1127         (JSC::ValueProfile::ValueProfile):
1128         (JSC::ValueProfile::numberOfSamples):
1129         (JSC::ValueProfile::computeProbability):
1130         (JSC::ValueProfile::numberOfInt32s):
1131         (JSC::ValueProfile::numberOfDoubles):
1132         (JSC::ValueProfile::numberOfCells):
1133         (JSC::ValueProfile::probabilityOfInt32):
1134         (JSC::ValueProfile::probabilityOfDouble):
1135         (JSC::ValueProfile::probabilityOfCell):
1136         (JSC::getValueProfileBytecodeOffset):
1137         * jit/JIT.cpp:
1138         (JSC::JIT::privateCompileSlowCases):
1139         (JSC::JIT::privateCompile):
1140         * jit/JIT.h:
1141         (JSC::JIT::emitValueProfilingSite):
1142         * jit/JITCall.cpp:
1143         (JSC::JIT::emit_op_call_put_result):
1144         * jit/JITInlineMethods.h:
1145         (JSC::JIT::emitValueProfilingSite):
1146         * jit/JITPropertyAccess.cpp:
1147         (JSC::JIT::emit_op_get_by_val):
1148         (JSC::JIT::emitSlow_op_get_by_val):
1149         (JSC::JIT::emit_op_method_check):
1150         (JSC::JIT::emit_op_get_by_id):
1151         (JSC::JIT::emitSlow_op_get_by_id):
1152         * jit/JSInterfaceJIT.h:
1153         * wtf/Platform.h:
1154         * wtf/StdLibExtras.h:
1155         (WTF::binarySearch):
1156         (WTF::genericBinarySearch):
1157
1158 2011-08-19  Daniel Bates  <dbates@webkit.org>
1159
1160         Don't include DisallowCType.h when building on QNX
1161         https://bugs.webkit.org/show_bug.cgi?id=66616
1162
1163         Reviewed by Antonio Gomes.
1164
1165         * config.h:
1166
1167 2011-08-19  Daniel Bates  <dbates@webkit.org>
1168
1169         Implement ExecutableAllocator::cacheFlush() for QNX
1170         https://bugs.webkit.org/show_bug.cgi?id=66611
1171
1172         Reviewed by Antonio Gomes.
1173
1174         * jit/ExecutableAllocator.h:
1175         (JSC::ExecutableAllocator::cacheFlush):
1176
1177 2011-08-19  Daniel Bates  <dbates@webkit.org>
1178
1179         Implement WTF::atomic{Increment, Decrement}() for QNX
1180         https://bugs.webkit.org/show_bug.cgi?id=66605
1181
1182         Reviewed by Darin Adler.
1183
1184         * wtf/Atomics.h:
1185         (WTF::atomicIncrement):
1186         (WTF::atomicDecrement):
1187
1188 2011-08-19  Beth Dakin  <bdakin@apple.com>
1189
1190         https://bugs.webkit.org/show_bug.cgi?id=66590
1191         Re-name scrollbar painter types
1192
1193         Reviewed by Sam Weinig.
1194
1195         WTF_USE_WK_SCROLLBAR_PAINTER is now WTF_USE_SCROLLBAR_PAINTER since WK no longer 
1196         applies.
1197         * wtf/Platform.h:
1198
1199 2011-08-18  Mark Hahnenberg  <mhahnenberg@apple.com>
1200
1201         Move allocation in constructors into separate constructorBody() methods
1202         https://bugs.webkit.org/show_bug.cgi?id=66265
1203
1204         Reviewed by Oliver Hunt.
1205
1206         Refactoring to put all allocations that need to be done after the object's 
1207         initialization list has executed but before the object is ready for use 
1208         into a separate constructorBody() method.  This method is still called by the constructor, 
1209         so the patch doesn't resolve any potential issues, it's just to set up the code for further refactoring.
1210
1211         * JavaScriptCore.exp:
1212         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1213         * jsc.cpp:
1214         (GlobalObject::constructorBody):
1215         (GlobalObject::GlobalObject):
1216         * runtime/ErrorInstance.cpp:
1217         (JSC::ErrorInstance::ErrorInstance):
1218         * runtime/ErrorInstance.h:
1219         (JSC::ErrorInstance::constructorBody):
1220         * runtime/ErrorPrototype.cpp:
1221         (JSC::ErrorPrototype::ErrorPrototype):
1222         (JSC::ErrorPrototype::constructorBody):
1223         * runtime/ErrorPrototype.h:
1224         * runtime/Executable.cpp:
1225         (JSC::FunctionExecutable::FunctionExecutable):
1226         * runtime/Executable.h:
1227         (JSC::FunctionExecutable::constructorBody):
1228         * runtime/InternalFunction.cpp:
1229         (JSC::InternalFunction::InternalFunction):
1230         * runtime/InternalFunction.h:
1231         (JSC::InternalFunction::constructorBody):
1232         * runtime/JSByteArray.cpp:
1233         (JSC::JSByteArray::JSByteArray):
1234         * runtime/JSByteArray.h:
1235         (JSC::JSByteArray::constructorBody):
1236         * runtime/JSFunction.cpp:
1237         (JSC::JSFunction::JSFunction):
1238         (JSC::JSFunction::constructorBody):
1239         * runtime/JSFunction.h:
1240         * runtime/JSGlobalObject.h:
1241         (JSC::JSGlobalObject::JSGlobalObject):
1242         (JSC::JSGlobalObject::constructorBody):
1243         * runtime/JSPropertyNameIterator.cpp:
1244         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
1245         * runtime/JSPropertyNameIterator.h:
1246         (JSC::JSPropertyNameIterator::constructorBody):
1247         * runtime/JSString.h:
1248         (JSC::RopeBuilder::JSString):
1249         (JSC::RopeBuilder::constructorBody):
1250         * runtime/NativeErrorConstructor.cpp:
1251         (JSC::NativeErrorConstructor::NativeErrorConstructor):
1252         * runtime/NativeErrorConstructor.h:
1253         (JSC::NativeErrorConstructor::constructorBody):
1254         * runtime/NativeErrorPrototype.cpp:
1255         (JSC::NativeErrorPrototype::NativeErrorPrototype):
1256         (JSC::NativeErrorPrototype::constructorBody):
1257         * runtime/NativeErrorPrototype.h:
1258         * runtime/StringObject.cpp:
1259         * runtime/StringObject.h:
1260         (JSC::StringObject::create):
1261         * runtime/StringObjectThatMasqueradesAsUndefined.h:
1262         (JSC::StringObjectThatMasqueradesAsUndefined::create):
1263         (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
1264         * runtime/StringPrototype.cpp:
1265         (JSC::StringPrototype::StringPrototype):
1266         * runtime/StringPrototype.h:
1267         (JSC::StringPrototype::create):
1268
1269 2011-08-10  Filip Pizlo  <fpizlo@apple.com>
1270
1271         DFG non-speculative JIT does not inline the double case of ValueAdd
1272         https://bugs.webkit.org/show_bug.cgi?id=66025
1273
1274         Reviewed by Gavin Barraclough.
1275         
1276         This is a 1.3% win on Kraken overall, with >=8% speed-ups on a few
1277         benchmarks (imaging-darkroom, stanford-crypto-pbkdf2,
1278         stanford-crypto-sha256-iterative).  It looks like it might have
1279         a speed-up in SunSpider (though not statistically significant or
1280         particularly reproducible) and a slight slow-down in V8 (0.14%,
1281         not statistically significant).  It does slow down v8-crypto by
1282         1.5%.
1283
1284         * dfg/DFGJITCodeGenerator.cpp:
1285         (JSC::DFG::JITCodeGenerator::isKnownInteger):
1286         (JSC::DFG::JITCodeGenerator::isKnownNumeric):
1287         * dfg/DFGNonSpeculativeJIT.cpp:
1288         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1289         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1290         * dfg/DFGOperations.cpp:
1291
1292 2011-08-18  Filip Pizlo  <fpizlo@apple.com>
1293
1294         [jsfunfuzz] DFG speculative JIT does divide-by-zero checks incorrectly
1295         https://bugs.webkit.org/show_bug.cgi?id=66426
1296
1297         Reviewed by Oliver Hunt.
1298         
1299         Changed the branchTestPtr to branchTest32.
1300
1301         * dfg/DFGSpeculativeJIT.cpp:
1302         (JSC::DFG::SpeculativeJIT::compile):
1303
1304 2011-08-17  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
1305
1306         https://bugs.webkit.org/show_bug.cgi?id=66379
1307         implements load32WithCompactAddressOffsetPatch function 
1308         and fixes store32 and moveWithPatch functions for SH4 platforms.
1309
1310         Reviewed by Gavin Barraclough.
1311
1312         * assembler/MacroAssemblerSH4.h:
1313         (JSC::MacroAssemblerSH4::rshift32):
1314         (JSC::MacroAssemblerSH4::store32):
1315         (JSC::MacroAssemblerSH4::load32WithCompactAddressOffsetPatch):
1316         (JSC::MacroAssemblerSH4::moveWithPatch):
1317         * assembler/SH4Assembler.h:
1318         (JSC::SH4Assembler::movlMemRegCompact):
1319         (JSC::SH4Assembler::readPointer):
1320         (JSC::SH4Assembler::repatchCompact):
1321         * jit/JIT.h:
1322
1323 2011-08-17  Filip Pizlo  <fpizlo@apple.com>
1324
1325         JSC verbose debugging output sometimes doesn't work as expected.
1326         https://bugs.webkit.org/show_bug.cgi?id=66107
1327
1328         Reviewed by Gavin Barraclough.
1329         
1330         Hardened the CodeBlock::dump() code so that it no longer crashes.  Improved
1331         the DFG verbose code so that it prints slightly more useful information.
1332
1333         * assembler/LinkBuffer.h:
1334         (JSC::LinkBuffer::debugSize):
1335         * bytecode/CodeBlock.cpp:
1336         (JSC::valueToSourceString):
1337         (JSC::CodeBlock::dump):
1338         * bytecode/CodeBlock.h:
1339         (JSC::CodeBlock::numberOfRegExps):
1340         * dfg/DFGJITCompiler.cpp:
1341         (JSC::DFG::JITCompiler::link):
1342
1343 2011-08-16  Michael Saboff  <msaboff@apple.com>
1344
1345         Crash in Structure::visitChildren running iAd.js regression test suite under memory pressure
1346         https://bugs.webkit.org/show_bug.cgi?id=66351
1347
1348         JIT::privateCompilePutByIdTransition expects that regT0 and regT1
1349         have the basePayload and baseTag respectively.  In some cases,
1350         we may get to this generated code with one or both of these
1351         registers trash.  One know case is that regT0 on ARM may be
1352         trashed as regT0 (r0) is also arg0 and can be overrun with sp due
1353         to calls to JIT::restoreReturnAddress().  This patch uses the
1354         values on the stack.  A longer term solution is to work out all
1355         cases so that the register entry assumptions can assured.
1356
1357         While fixing this, also determined that the additional stack offset
1358         of sizeof(void*) is not needed for ARM.
1359
1360         Reviewed by Gavin Barraclough.
1361
1362         * jit/JITPropertyAccess32_64.cpp:
1363         (JSC::JIT::privateCompilePutByIdTransition):
1364
1365 2011-08-15  Gavin Barraclough  <barraclough@apple.com>
1366
1367         https://bugs.webkit.org/show_bug.cgi?id=66263
1368         DFG JIT does not always zero extend boolean result of DFG operations
1369
1370         Reviewed by Sam Weinig.
1371
1372         * dfg/DFGOperations.cpp:
1373         * dfg/DFGOperations.h:
1374             - Change bool return values to a 64-bit type.
1375
1376 2011-08-15  Gavin Barraclough  <barraclough@apple.com>
1377
1378         Crash accessing static property on sealed object
1379         https://bugs.webkit.org/show_bug.cgi?id=66242
1380
1381         Reviewed by Sam Weinig.
1382
1383         * runtime/JSObject.h:
1384         (JSC::JSObject::putDirectInternal):
1385             - should only check isExtensible if checkReadOnly.
1386
1387 2011-08-15  Sam Weinig  <sam@webkit.org>
1388
1389         Fix release build when building with Clang.
1390
1391         Reviewed by Anders Carlsson.
1392
1393         * runtime/Identifier.cpp:
1394         (JSC::Identifier::checkCurrentIdentifierTable):
1395         Add NO_RETURN_DUE_TO_CRASH.
1396
1397 2011-08-15  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
1398
1399         Reviewed by Nikolas Zimmermann.
1400
1401         Speed up SVGSMILElement::findInstanceTime.
1402         https://bugs.webkit.org/show_bug.cgi?id=61025
1403
1404         Add a new parameter to StdlibExtras.h::binarySerarch function
1405         to also handle cases when the array does not contain the key value.
1406         This is needed for an svg function.
1407
1408         * wtf/StdLibExtras.h:
1409         (WTF::binarySearch):
1410
1411 2011-08-13  Sam Weinig  <sam@webkit.org>
1412
1413         Add back 0xbbadbeef to CRASH to allow for old habits
1414         https://bugs.webkit.org/show_bug.cgi?id=66190
1415
1416         Reviewed by David Kilzer.
1417
1418         * wtf/Assertions.h:
1419         Add back the assignment to the memory address 0xbbadbeef in the CRASH
1420         macro, as it does not cause issue in the clang static analyzer and many
1421         people use its presence in crash reports to easily identify ASSERTs. 
1422
1423 2011-08-13  Sam Weinig  <sam@webkit.org>
1424
1425         Fix a bunch of minor bugs caught by the clang static analyzer in JavaScriptCore
1426         https://bugs.webkit.org/show_bug.cgi?id=66182
1427
1428         Reviewed by Dan Bernstein.
1429
1430         Fixes 10 warnings in JavaScriptCore and 2 in testapi.
1431
1432         * API/tests/testapi.c:
1433         (main):
1434         Remove dead variables.
1435
1436         * dfg/DFGGraph.cpp:
1437         (JSC::DFG::Graph::dump):
1438         Initialize hasPrinted and silence an unused warning by casting to void (Ok here
1439         since it is debug code and I want to keep it clear that if other cases are added,
1440         the hasPrinted flag would be needed).
1441
1442         * wtf/dtoa.cpp:
1443         (WTF::d2b):
1444         The variable "de" in the else block is always zero, so there is no reason to
1445         use it.
1446
1447 2011-08-12  Sam Weinig  <sam@webkit.org>
1448
1449         Use __builtin_trap() for CRASH when building with clang
1450         https://bugs.webkit.org/show_bug.cgi?id=66152
1451
1452         Reviewed by Anders Carlsson.
1453
1454         * wtf/Assertions.h:
1455         Add Clang specific CRASH macro that calls __builtin_trap() instead
1456         of silly techniques to crash. This allows the static analyzer to understand
1457         that we are intentionally crashing. As a result, we need to mark some functions
1458         as not returning.
1459
1460         Also adds a macros that annotates a function as never returning due to ASSERT or CRASH.
1461
1462         * wtf/Compiler.h:
1463         Add COMPILIER(CLANG) and fix some formatting and spelling mistakes.
1464
1465         * wtf/FastMalloc.cpp:
1466         (WTF::Internal::fastMallocMatchFailed):
1467         Add NO_RETURN_DUE_TO_CRASH.
1468
1469         * yarr/YarrParser.h:
1470         (JSC::Yarr::Parser::CharacterClassParserDelegate::assertionWordBoundary):
1471         (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBackReference):
1472         Add NO_RETURN_DUE_TO_ASSERT.
1473
1474 2011-08-12  Filip Pizlo  <fpizlo@apple.com>
1475
1476         DFG JIT has inconsistent use of boxDouble and unboxDouble,
1477         inconsistent use of assertions regarding doubles, and those
1478         assertions are not turned on in debug builds
1479         https://bugs.webkit.org/show_bug.cgi?id=66160
1480
1481         Reviewed by Gavin Barraclough.
1482         
1483         JIT assertions are now turned on in debug builds.  JIT
1484         assertions are now used for boxing and unboxing doubles, and boxing
1485         and unboxing no longer involves code duplication.
1486
1487         * dfg/DFGJITCodeGenerator.cpp:
1488         (JSC::DFG::JITCodeGenerator::fillDouble):
1489         * dfg/DFGJITCodeGenerator.h:
1490         (JSC::DFG::JITCodeGenerator::boxDouble):
1491         (JSC::DFG::JITCodeGenerator::unboxDouble):
1492         * dfg/DFGJITCompiler.cpp:
1493         (JSC::DFG::JITCompiler::fillNumericToDouble):
1494         (JSC::DFG::GeneralizedRegister::moveTo):
1495         (JSC::DFG::GeneralizedRegister::swapWith):
1496         * dfg/DFGJITCompiler.h:
1497         (JSC::DFG::JITCompiler::boxDouble):
1498         (JSC::DFG::JITCompiler::unboxDouble):
1499         * dfg/DFGNode.h:
1500         * dfg/DFGNonSpeculativeJIT.cpp:
1501         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1502         (JSC::DFG::NonSpeculativeJIT::compile):
1503         * dfg/DFGSpeculativeJIT.cpp:
1504         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1505         (JSC::DFG::SpeculativeJIT::convertToDouble):
1506
1507 2011-08-12  Mark Rowe  <mrowe@apple.com>
1508
1509         Be more forward-looking in the choice of compiler.
1510
1511         Rubber-stamped by Jon Honeycutt.
1512
1513         * Configurations/CompilerVersion.xcconfig:
1514
1515 2011-08-12  Kalev Lember  <kalevlember@gmail.com>
1516
1517         [GTK] Fix non-pthreads build after r91906.
1518         https://bugs.webkit.org/show_bug.cgi?id=66151
1519
1520         Reviewed by David Levin.
1521
1522         r91906 broke the non-pthreads GTK+ build by including a header which
1523         doesn't exist. Fix it by including DateMath.h instead of DateMap.h.
1524
1525         * wtf/gtk/ThreadingGtk.cpp:
1526
1527 2011-08-12  Mark Rowe  <mrowe@apple.com>
1528
1529         Update some configuration settings that were missed back in r92432.
1530
1531         * Configurations/CompilerVersion.xcconfig:
1532
1533 2011-08-12  Filip Pizlo  <fpizlo@apple.com>
1534
1535         REGRESSION (r91610?): Bing Maps fail to initialize (InvalidOperation:
1536         Matrix3D.invert)
1537         https://bugs.webkit.org/show_bug.cgi?id=66038
1538
1539         Reviewed by Gavin Barraclough.
1540         
1541         Simplest and lowest-impact fix for the case where the spilled format
1542         of a DFG node differs from the register format: if the format is
1543         converted then indicate that the spilled value is no longer valid
1544         ("kill the spill").
1545
1546         * dfg/DFGGenerationInfo.h:
1547         (JSC::DFG::GenerationInfo::killSpilled):
1548         * dfg/DFGJITCodeGenerator.cpp:
1549         (JSC::DFG::JITCodeGenerator::fillDouble):
1550         * dfg/DFGSpeculativeJIT.cpp:
1551         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1552
1553 2011-08-12  Sam Weinig  <sam@webkit.org>
1554
1555         Move compiler specific macros to their own header
1556         https://bugs.webkit.org/show_bug.cgi?id=66119
1557
1558         Reviewed by Anders Carlsson.
1559
1560         * JavaScriptCore.gypi:
1561         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
1562         * JavaScriptCore.xcodeproj/project.pbxproj:
1563         * wtf/CMakeLists.txt:
1564         Add Compiler.h
1565
1566         * wtf/AlwaysInline.h:
1567         Move the contents of this file (which no longer was just about ALWAYS_INLINE) to
1568         Compiler.h.  We can remove this file in a later commit.
1569
1570         * wtf/Compiler.h: Added.
1571         Put all compiler specific checks and features in this file.
1572
1573         * wtf/Platform.h:
1574         Move COMPILER macro and definitions (and the odd WARN_UNUSED_RETURN compiler feature)
1575         to Compiler.h.  Include Compiler.h since it is necessary.
1576
1577 2011-08-11  Filip Pizlo  <fpizlo@apple.com>
1578
1579         DFG JIT-specific structure stub info code offset fields are signed
1580         8-bit, but it is possible for the offsets to be greater than 127
1581         https://bugs.webkit.org/show_bug.cgi?id=66122
1582
1583         Reviewed by Gavin Barraclough.
1584
1585         * bytecode/StructureStubInfo.h:
1586         * dfg/DFGJITCodeGenerator.cpp:
1587         (JSC::DFG::JITCodeGenerator::cachedGetById):
1588         (JSC::DFG::JITCodeGenerator::cachedPutById):
1589
1590 2011-08-11  Filip Pizlo  <fpizlo@apple.com>
1591
1592         DFG JIT speculation failure code sometimes picks the wrong register
1593         as a scratch register.
1594         https://bugs.webkit.org/show_bug.cgi?id=66104
1595
1596         Reviewed by Gavin Barraclough.
1597         
1598         Hardened the code with more assertions and fixed the bug.  Now a
1599         spilled register is only used for scratch if it also isn't being
1600         used for shuffling.
1601
1602         * dfg/DFGJITCompiler.cpp:
1603         (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
1604         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
1605
1606 2011-08-11  Sheriff Bot  <webkit.review.bot@gmail.com>
1607
1608         Unreviewed, rolling out r92880.
1609         http://trac.webkit.org/changeset/92880
1610         https://bugs.webkit.org/show_bug.cgi?id=66123
1611
1612         Breaks compile in VS2010 (Requested by jamesr_ on #webkit).
1613
1614         * wtf/PassRefPtr.h:
1615
1616 2011-08-11  Mark Rowe  <mrowe@apple.com>
1617
1618         Don't conditionalize the use of -fomit-frame-pointer on compiler version as
1619         all of our supported compilers are now new enough to have the same, sane behavior.
1620
1621         Rubber-stamped by Sam Weinig.
1622
1623         * Configurations/JavaScriptCore.xcconfig:
1624
1625 2011-08-11  Filip Pizlo  <fpizlo@apple.com>
1626
1627         DFG JIT verbose mode does not report the generated types of nodes
1628         https://bugs.webkit.org/show_bug.cgi?id=65830
1629
1630         Reviewed by Sam Weinig.
1631         
1632         Added code that prints the type selected for each node's result.
1633
1634         * dfg/DFGGenerationInfo.h:
1635         (JSC::DFG::dataFormatToString):
1636         * dfg/DFGNonSpeculativeJIT.cpp:
1637         (JSC::DFG::NonSpeculativeJIT::compile):
1638         * dfg/DFGSpeculativeJIT.cpp:
1639         (JSC::DFG::SpeculativeJIT::compile):
1640
1641 2011-08-11  James Robinson  <jamesr@chromium.org>
1642
1643         nullptr can't be used for PassRefPtr
1644         https://bugs.webkit.org/show_bug.cgi?id=66024
1645
1646         Reviewed by Anders Carlsson.
1647
1648         * wtf/PassRefPtr.h:
1649         (WTF::PassRefPtr::PassRefPtr):
1650
1651 2011-08-11  Daniel Bates  <dbates@rim.com>
1652
1653         Removed unused variable in StackBounds::initialize() to resolve
1654         compiler warning when building on QNX.
1655         https://bugs.webkit.org/show_bug.cgi?id=66072
1656
1657         Reviewed by Antonio Gomes.
1658
1659         * wtf/StackBounds.cpp:
1660         (WTF::StackBounds::initialize):
1661
1662 2011-08-11  Devdatta Deshpande  <pwjd73@motorola.com>
1663
1664         Implementation of monotonically increasing clock on GTK
1665         https://bugs.webkit.org/show_bug.cgi?id=62175
1666
1667         Reviewed by Martin Robinson.
1668
1669         * wtf/CurrentTime.cpp:
1670         (WTF::monotonicallyIncreasingTime):
1671         The default implementation of monotonicallyIncreasingTime only
1672         guarantees the result to be non-decreasing.
1673         If the system time is changed to past then default implementation will
1674         still fail and WebCore timers will not fire.
1675
1676 2011-08-10  Geoffrey Garen  <ggaren@apple.com>
1677
1678         Removed some incorrect code that was dead.
1679
1680         Reviewed by Oliver Hunt.
1681
1682         clearSingleTransition() wasn't resetting m_data. Luckily,
1683         no one cares, because its caller was unused. Removed both.
1684
1685         * runtime/Structure.cpp:
1686         * runtime/StructureTransitionTable.h:
1687         (JSC::StructureTransitionTable::~StructureTransitionTable):
1688
1689 2011-08-10  Filip Pizlo  <fpizlo@apple.com>
1690
1691         REGRESSION(r92670-r92744): WebKit crashes when opening Gmail
1692         https://bugs.webkit.org/show_bug.cgi?id=66010
1693
1694         Reviewed by Oliver Hunt.
1695         
1696         Made sure that Construct calls use() on the this argument.
1697
1698         * dfg/DFGJITCodeGenerator.cpp:
1699         (JSC::DFG::JITCodeGenerator::emitCall):
1700
1701 2011-08-10  Mark Hahnenberg  <mhahnenberg@apple.com>
1702
1703         JSC should always throw when function arg list is too long
1704         https://bugs.webkit.org/show_bug.cgi?id=65869
1705
1706         Reviewed by Oliver Hunt.
1707
1708         Changed the behavior of the interpreter and JIT to throw an exception 
1709         when too many arguments are passed rather than truncating the list.  Added 
1710         a new method to create a "Too many arguments." exception used by this 
1711         new functionality.
1712
1713         * interpreter/Interpreter.cpp:
1714         (JSC::Interpreter::privateExecute):
1715         * jit/JITStubs.cpp:
1716         (JSC::DEFINE_STUB_FUNCTION):
1717         * runtime/ExceptionHelpers.cpp:
1718         (JSC::createTooManyParamsError):
1719         * runtime/ExceptionHelpers.h:
1720
1721 2011-08-10  Oliver Hunt  <oliver@apple.com>
1722
1723         Make GC checks more aggressive in release builds
1724         https://bugs.webkit.org/show_bug.cgi?id=66001
1725
1726         Reviewed by Gavin Barraclough.
1727
1728         * heap/HandleHeap.cpp:
1729         (JSC::HandleHeap::visitStrongHandles):
1730         (JSC::HandleHeap::visitWeakHandles):
1731         (JSC::HandleHeap::finalizeWeakHandles):
1732         (JSC::HandleHeap::writeBarrier):
1733         (JSC::HandleHeap::isLiveNode):
1734         (JSC::HandleHeap::isValidWeakNode):
1735            Increase handle heap validation logic, and make some of
1736            the crashes trigger in release builds as well as debug.
1737         * heap/HandleHeap.h:
1738         (JSC::HandleHeap::allocate):
1739         (JSC::HandleHeap::makeWeak):
1740            Ditto
1741         * runtime/JSGlobalData.cpp:
1742         (WTF::Recompiler::operator()):
1743         * runtime/JSGlobalObject.cpp:
1744         (JSC::JSGlobalObject::visitChildren):
1745            Fix GC bugs found while testing this patch
1746
1747 2011-08-10  Oliver Hunt  <oliver@apple.com>
1748
1749         JSEvaluteScript does not return the correct object when given JSONP data
1750         https://bugs.webkit.org/show_bug.cgi?id=66003
1751
1752         Reviewed by Gavin Barraclough.
1753
1754         Make sure we propagate the result of the function call rather than the
1755         argument.
1756
1757         * interpreter/Interpreter.cpp:
1758         (JSC::Interpreter::execute):
1759
1760 2011-08-10  Filip Pizlo  <fpizlo@apple.com>
1761
1762         DFG JIT heap prediction causes regressions when combined with
1763         aggressive integer prediction
1764         https://bugs.webkit.org/show_bug.cgi?id=65954
1765
1766         Reviewed by Gavin Barraclough.
1767         
1768         Disabled heap prediction, but did not remove the capability.
1769         This improves V8 crypto performance by 20%.
1770
1771         * dfg/DFGGraph.h:
1772         (JSC::DFG::Graph::predict):
1773
1774 2011-08-09  Filip Pizlo  <fpizlo@apple.com>
1775
1776         DFG JIT does not speculative integers as aggressively as it should
1777         https://bugs.webkit.org/show_bug.cgi?id=65949
1778
1779         Reviewed by Gavin Barraclough.
1780         
1781         Added a tree walk to propagate integer predictions through arithmetic
1782         expressions.
1783         
1784         This is a 71% speed-up on Kraken's imaging-gaussian-blur, which
1785         translates to a 19% speed-up on Kraken overall.  It's neutral on
1786         other benchmarks.
1787
1788         * dfg/DFGByteCodeParser.cpp:
1789         (JSC::DFG::ByteCodeParser::predictInt32):
1790
1791 2011-08-09  Filip Pizlo  <fpizlo@apple.com>
1792
1793         DFG JIT has no way of propagating predictions to loads and calls
1794         https://bugs.webkit.org/show_bug.cgi?id=65883
1795
1796         Reviewed by Gavin Barraclough.
1797         
1798         This introduces the capability to store predictions on graph
1799         nodes.  To save space while being somewhat consistent, the
1800         prediction is always stored in the second OpInfo slot (since
1801         a GetById will use the first one for the identifier).  This
1802         change is a natural extension of r92593 (global variable
1803         prediction).
1804         
1805         This is a 1.5% win on V8 in the arithmetic mean, and a 0.6%
1806         win on V8 in the geometric mean.  It is neutral on SunSpider
1807         and Kraken.  Interestingly, on V8 it regresses crypto by 3%
1808         while progressing deltablue and richards by 2.6% and 4.3%,
1809         respectively.
1810
1811         * dfg/DFGByteCodeParser.cpp:
1812         (JSC::DFG::ByteCodeParser::addToGraph):
1813         (JSC::DFG::ByteCodeParser::addCall):
1814         (JSC::DFG::ByteCodeParser::parseBlock):
1815         * dfg/DFGGraph.cpp:
1816         (JSC::DFG::Graph::dump):
1817         * dfg/DFGGraph.h:
1818         (JSC::DFG::Graph::predict):
1819         (JSC::DFG::Graph::getPrediction):
1820         * dfg/DFGNode.h:
1821         (JSC::DFG::isCellPrediction):
1822         (JSC::DFG::isArrayPrediction):
1823         (JSC::DFG::isInt32Prediction):
1824         (JSC::DFG::isDoublePrediction):
1825         (JSC::DFG::isNumberPrediction):
1826         (JSC::DFG::predictionToString):
1827         (JSC::DFG::Node::Node):
1828         (JSC::DFG::Node::hasPrediction):
1829         (JSC::DFG::Node::getPrediction):
1830         (JSC::DFG::Node::predict):
1831
1832 2011-08-09  Filip Pizlo  <fpizlo@apple.com>
1833
1834         DFG JIT passes the this argument to constructors even though
1835         it's not necessary
1836         https://bugs.webkit.org/show_bug.cgi?id=65943
1837
1838         Reviewed by Gavin Barraclough.
1839
1840         * dfg/DFGJITCodeGenerator.cpp:
1841         (JSC::DFG::JITCodeGenerator::emitCall):
1842
1843 2011-08-09  Chao-ying Fu  <fu@mips.com>
1844
1845         Fix one MIPS instruction to call JITStubThunked_##op
1846         https://bugs.webkit.org/show_bug.cgi?id=65942
1847
1848         Reviewed by Gavin Barraclough.
1849
1850         Changed "bal" to "jalr" for a possible processor mode change from
1851         MIPS32 to MIPS16.
1852
1853         * jit/JITStubs.cpp:
1854
1855 2011-08-09  Filip Pizlo  <fpizlo@apple.com>
1856
1857         DFG JIT failure loading web site
1858         https://bugs.webkit.org/show_bug.cgi?id=65930
1859
1860         Reviewed by Oliver Hunt.
1861         
1862         Put the use() call after the fpr()/gpr() calls, since doing otherwise
1863         breaks the register allocator.
1864
1865         * dfg/DFGNonSpeculativeJIT.cpp:
1866         (JSC::DFG::NonSpeculativeJIT::compile):
1867
1868 2011-08-09  Mark Hahnenberg  <mhahnenberg@apple.com>
1869
1870         Add ParentClass typedef in all JSC classes
1871         https://bugs.webkit.org/show_bug.cgi?id=65731
1872
1873         Reviewed by Oliver Hunt.
1874
1875         Just added the Base typedefs in all the classes that are a subclass of JSCell 
1876         to point at their parent classes.  This is a change to support future changes to the way
1877         constructors and destructors are implemented in JS objects, among other things.
1878
1879         * API/JSCallbackConstructor.h:
1880         * API/JSCallbackFunction.h:
1881         * API/JSCallbackObject.h:
1882         (JSC::JSCallbackObject::createStructure):
1883         (JSC::JSCallbackObject::visitChildren):
1884         * API/JSCallbackObjectFunctions.h:
1885         (JSC::::asCallbackObject):
1886         (JSC::::JSCallbackObject):
1887         (JSC::::init):
1888         (JSC::::className):
1889         (JSC::::getOwnPropertySlot):
1890         (JSC::::getOwnPropertyDescriptor):
1891         (JSC::::put):
1892         (JSC::::deleteProperty):
1893         (JSC::::getConstructData):
1894         (JSC::::construct):
1895         (JSC::::hasInstance):
1896         (JSC::::getCallData):
1897         (JSC::::call):
1898         (JSC::::getOwnPropertyNames):
1899         (JSC::::toNumber):
1900         (JSC::::toString):
1901         (JSC::::setPrivate):
1902         (JSC::::getPrivate):
1903         (JSC::::inherits):
1904         (JSC::::getStaticValue):
1905         (JSC::::staticFunctionGetter):
1906         (JSC::::callbackGetter):
1907         * debugger/DebuggerActivation.h:
1908         * jsc.cpp:
1909         * runtime/Arguments.h:
1910         * runtime/ArrayConstructor.h:
1911         * runtime/ArrayPrototype.h:
1912         * runtime/BooleanConstructor.h:
1913         * runtime/BooleanObject.h:
1914         * runtime/BooleanPrototype.h:
1915         * runtime/DateConstructor.h:
1916         * runtime/DateInstance.h:
1917         * runtime/DatePrototype.h:
1918         * runtime/Error.cpp:
1919         * runtime/ErrorConstructor.h:
1920         * runtime/ErrorInstance.h:
1921         * runtime/ErrorPrototype.h:
1922         * runtime/ExceptionHelpers.cpp:
1923         * runtime/Executable.h:
1924         * runtime/FunctionConstructor.h:
1925         * runtime/FunctionPrototype.h:
1926         * runtime/GetterSetter.h:
1927         * runtime/InternalFunction.h:
1928         * runtime/JSAPIValueWrapper.h:
1929         * runtime/JSActivation.h:
1930         * runtime/JSArray.h:
1931         * runtime/JSFunction.h:
1932         * runtime/JSGlobalObject.h:
1933         * runtime/JSNotAnObject.h:
1934         * runtime/JSONObject.h:
1935         * runtime/JSObject.h:
1936         * runtime/JSPropertyNameIterator.h:
1937         * runtime/JSStaticScopeObject.h:
1938         * runtime/JSString.h:
1939         * runtime/JSVariableObject.h:
1940         * runtime/JSWrapperObject.h:
1941         * runtime/MathObject.h:
1942         * runtime/NativeErrorConstructor.h:
1943         * runtime/NativeErrorPrototype.h:
1944         * runtime/NumberConstructor.h:
1945         * runtime/NumberObject.h:
1946         * runtime/NumberPrototype.h:
1947         * runtime/ObjectConstructor.h:
1948         * runtime/ObjectPrototype.h:
1949         * runtime/RegExp.h:
1950         * runtime/RegExpConstructor.h:
1951         * runtime/RegExpMatchesArray.h:
1952         * runtime/RegExpObject.h:
1953         (JSC::RegExpObject::create):
1954         * runtime/RegExpPrototype.h:
1955         * runtime/ScopeChain.h:
1956         * runtime/StrictEvalActivation.h:
1957         * runtime/StringConstructor.h:
1958         * runtime/StringObject.h:
1959         * runtime/StringObjectThatMasqueradesAsUndefined.h:
1960         * runtime/StringPrototype.h:
1961         * runtime/Structure.h:
1962         * runtime/StructureChain.h:
1963
1964 2011-08-08  Oliver Hunt  <oliver@apple.com>
1965
1966         Using mprotect to create guard pages breaks our use of madvise to release executable memory
1967         https://bugs.webkit.org/show_bug.cgi?id=65870
1968
1969         Reviewed by Gavin Barraclough.
1970
1971         Use mmap rather than mprotect to clear guard page permissions.
1972
1973         * wtf/OSAllocatorPosix.cpp:
1974         (WTF::OSAllocator::reserveAndCommit):
1975
1976 2011-08-08  Oliver Hunt  <oliver@apple.com>
1977
1978         Non-extensibility does not prevent mutating [[Prototype]]
1979         https://bugs.webkit.org/show_bug.cgi?id=65832
1980
1981         Reviewed by Gavin Barraclough.
1982
1983         Disallow mutation of __proto__ on objects that are not extensible.
1984
1985         * runtime/JSObject.cpp:
1986         (JSC::JSObject::put):
1987
1988 2011-08-08  Filip Pizlo  <fpizlo@apple.com>
1989
1990         DFG JIT does not track speculation decisions for global variables
1991         https://bugs.webkit.org/show_bug.cgi?id=65825
1992
1993         Reviewed by Gavin Barraclough.
1994         
1995         Added the capability to track predictions for global variables, and
1996         ensured that code can abstract over the source of prediction (local
1997         versus global variable) wherever it is appropriate to do so.  Also
1998         cleaned up the code in SpeculativeJIT that decides how to speculate
1999         based on recorded predictions (for example instead of using isInteger,
2000         which makes sense for local predictions where the GetLocal would
2001         return an integer value, we now tend to use shouldSpeculateInteger,
2002         which checks if the value is either already an integer or should be
2003         speculated to be an integer).
2004         
2005         This is an 0.8% win on SunSpider, almost entirely thanks to a 25%
2006         win on controlflow-recursive.  It's also a 4.8% win on v8-crypto.
2007
2008         * dfg/DFGByteCodeParser.cpp:
2009         (JSC::DFG::ByteCodeParser::predictArray):
2010         (JSC::DFG::ByteCodeParser::predictInt32):
2011         (JSC::DFG::ByteCodeParser::parseBlock):
2012         * dfg/DFGGraph.cpp:
2013         (JSC::DFG::Graph::dump):
2014         * dfg/DFGGraph.h:
2015         (JSC::DFG::Graph::predictGlobalVar):
2016         (JSC::DFG::Graph::predict):
2017         (JSC::DFG::Graph::getGlobalVarPrediction):
2018         (JSC::DFG::Graph::getPrediction):
2019         * dfg/DFGSpeculativeJIT.cpp:
2020         (JSC::DFG::SpeculativeJIT::compile):
2021         * dfg/DFGSpeculativeJIT.h:
2022         (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
2023         (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
2024
2025 2011-08-07  Martin Robinson  <mrobinson@igalia.com>
2026
2027         Distribution fix for GTK+.
2028
2029         * GNUmakefile.list.am: Strip removed files from the source list.
2030
2031 2011-08-06  Gavin Barraclough  <barraclough@apple.com>
2032
2033         https://bugs.webkit.org/show_bug.cgi?id=65821
2034         Don't form identifiers the first time a string is used as a property name.
2035
2036         Reviewed by Oliver Hunt.
2037
2038         This is a 1% win on SunSpider.
2039
2040         * dfg/DFGOperations.cpp:
2041             - Use fastGetOwnProperty.
2042         * jit/JITStubs.cpp:
2043         (JSC::DEFINE_STUB_FUNCTION):
2044             - Use fastGetOwnProperty.
2045         * runtime/JSCell.h:
2046         * runtime/JSObject.h:
2047         (JSC::JSCell::fastGetOwnProperty):
2048             - Fast call to get a property without creating an identifier the first time.
2049         * runtime/PropertyMapHashTable.h:
2050         (JSC::PropertyTable::find):
2051         (JSC::PropertyTable::findWithString):
2052             - Add interface to look up by either strinsg or identifiers.
2053         * runtime/Structure.h:
2054         (JSC::Structure::get):
2055             - Add a get() call that takes a UString, not an Identifier.
2056         * wtf/text/StringImpl.h:
2057         (WTF::StringImpl::hasHash):
2058             - Add a call to check if the has has been set (to detect the first use as a property name).
2059
2060 2011-08-06  Aron Rosenberg  <arosenberg@logitech.com>
2061
2062         Reviewed by Benjamin Poulain.
2063
2064         [Qt] Fix build with Intel compiler on Windows
2065         https://bugs.webkit.org/show_bug.cgi?id=65088
2066
2067         Intel compiler needs .lib suffixes instead of .a
2068         Intel compiler doesn't support nullptr
2069         Intel compiler supports unsized arrays
2070
2071         * JavaScriptCore.pri:
2072         * jsc.cpp:
2073         * wtf/ByteArray.h:
2074         * wtf/NullPtr.h:
2075
2076 2011-08-05  Gavin Barraclough  <barraclough@apple.com>
2077
2078         String replace with the empty string means string removal
2079         https://bugs.webkit.org/show_bug.cgi?id=65799
2080
2081         Reviewed by Sam Weinig.
2082
2083         Optimization for String.prototype.replace([RegExp], ""), this improves v8-regexp by ~3%.
2084
2085         * runtime/StringPrototype.cpp:
2086         (JSC::jsSpliceSubstrings):
2087         (JSC::stringProtoFuncReplace):
2088
2089 2011-08-05  Noel Gordon  <noel.gordon@gmail.com>
2090
2091         [Chromium] Remove JSZombie references from gyp project files.
2092         https://bugs.webkit.org/show_bug.cgi?id=65798
2093
2094         JSC runtime/JSZombie.{cpp,h} were removed in r92046.  Remove references to these
2095         file names from the gyp projects.
2096
2097         Reviewed by Darin Adler.
2098
2099         * JavaScriptCore.gypi: zombies be gone.
2100
2101 2011-08-05  Mark Rowe  <mrowe@apple.com>
2102
2103         <http://webkit.org/b/65785> ThreadRestrictionVerifier needs a mode where an object
2104         is tied to a particular dispatch queue
2105
2106         A RefCounted object can be opted in to this mode by calling setDispatchQueueForVerifier
2107         with the dispatch queue it will be tied to. This will cause ThreadRestrictionVerifier
2108         to ensure that all operations are performed on the given dispatch queue.
2109
2110         Reviewed by Anders Carlsson.
2111
2112         * wtf/RefCounted.h:
2113         (WTF::RefCountedBase::setDispatchQueueForVerifier):
2114         * wtf/ThreadRestrictionVerifier.h:
2115         (WTF::ThreadRestrictionVerifier::ThreadRestrictionVerifier):
2116         (WTF::ThreadRestrictionVerifier::~ThreadRestrictionVerifier):
2117         (WTF::ThreadRestrictionVerifier::setDispatchQueueMode):
2118         (WTF::ThreadRestrictionVerifier::setShared):
2119         (WTF::ThreadRestrictionVerifier::isSafeToUse):
2120
2121 2011-08-05  Oliver Hunt  <oliver@apple.com>
2122
2123         Inline allocation of function objects
2124         https://bugs.webkit.org/show_bug.cgi?id=65779
2125
2126         Reviewed by Gavin Barraclough.
2127
2128         Inline allocation and initilisation of function objects
2129         in generated code.  This ended up being a 60-70% improvement
2130         in function allocation performance.  This improvement shows
2131         up as a ~2% improvement in 32bit sunspider and V8, but is a
2132         wash on 64-bit.
2133
2134         We currently don't inline the allocation of named function
2135         expressions, as that requires being able to gc allocate a
2136         variable object.
2137
2138         * jit/JIT.cpp:
2139         (JSC::JIT::privateCompileSlowCases):
2140         * jit/JIT.h:
2141         (JSC::JIT::emitStoreCell):
2142         * jit/JITInlineMethods.h:
2143         (JSC::JIT::emitAllocateBasicJSObject):
2144         (JSC::JIT::emitAllocateJSFinalObject):
2145         (JSC::JIT::emitAllocateJSFunction):
2146         * jit/JITOpcodes.cpp:
2147         (JSC::JIT::emit_op_new_func):
2148         (JSC::JIT::emitSlow_op_new_func):
2149         (JSC::JIT::emit_op_new_func_exp):
2150         (JSC::JIT::emitSlow_op_new_func_exp):
2151         * jit/JITOpcodes32_64.cpp:
2152             Removed duplicate implementation of op_new_func and op_new_func_exp
2153         * runtime/JSFunction.h:
2154         (JSC::JSFunction::offsetOfScopeChain):
2155         (JSC::JSFunction::offsetOfExecutable):
2156
2157 2011-08-04  David Levin  <levin@chromium.org>
2158
2159         CStringBuffer should have thread safety checks turned on.
2160         https://bugs.webkit.org/show_bug.cgi?id=58093
2161
2162         Reviewed by Dmitry Titov.
2163
2164         * wtf/text/CString.h:
2165         (WTF::CStringBuffer::CStringBuffer): Removed the ifdef that
2166         turned this off for Chromium.
2167
2168 2011-08-04  Mark Rowe  <mrowe@apple.com>
2169
2170         Future-proof Xcode configuration settings.
2171
2172         * Configurations/Base.xcconfig:
2173         * Configurations/DebugRelease.xcconfig:
2174         * Configurations/JavaScriptCore.xcconfig:
2175         * Configurations/Version.xcconfig:
2176
2177 2011-08-04  Mark Hahnenberg  <mhahnenberg@apple.com>
2178
2179         Interpreter can potentially GC in the middle of initializing a structure chain
2180         https://bugs.webkit.org/show_bug.cgi?id=65638
2181
2182         Reviewed by Oliver Hunt.
2183
2184         Moved the allocation of a prototype StructureChain before the initialization of 
2185         the structure chain within the interpreter that was causing intermittent GC crashes.
2186
2187         * interpreter/Interpreter.cpp:
2188         (JSC::Interpreter::tryCachePutByID):
2189         * wtf/Platform.h:
2190
2191 2011-08-04  Filip Pizlo  <fpizlo@apple.com>
2192
2193         Eval handling attempts literal parsing even when the eval
2194         string is in the cache
2195         https://bugs.webkit.org/show_bug.cgi?id=65675
2196
2197         Reviewed by Oliver Hunt.
2198         
2199         This is a 25% speed-up on date-format-tofte and a 1.5% speed-up overall
2200         in SunSpider.  It's neutral on V8.
2201
2202         * bytecode/EvalCodeCache.h:
2203         (JSC::EvalCodeCache::tryGet):
2204         (JSC::EvalCodeCache::getSlow):
2205         (JSC::EvalCodeCache::get):
2206         * interpreter/Interpreter.cpp:
2207         (JSC::Interpreter::callEval):
2208
2209 2011-08-03  Mark Rowe  <mrowe@apple.com>
2210
2211         Bring some order to FeatureDefines.xcconfig to make it easier to follow.
2212
2213         Reviewed by Sam Weinig.
2214
2215         * Configurations/FeatureDefines.xcconfig:
2216
2217 2011-08-03  Mark Rowe  <mrowe@apple.com>
2218
2219         Clean up FeatureDefines.xcconfig to remove some unnecessary conditional settings
2220
2221         Reviewed by Dave Kilzer.
2222
2223         * Configurations/FeatureDefines.xcconfig:
2224
2225 2011-08-03  Filip Pizlo  <fpizlo@apple.com>
2226
2227         JSC GC heap size improvement breaks build on some platforms due to
2228         unused parameter
2229         https://bugs.webkit.org/show_bug.cgi?id=65641
2230
2231         Reviewed by Darin Adler.
2232         
2233         Fix build on non-x86 platforms, by ensuring that the relevant
2234         parameter always appears to be used even when it isn't.
2235
2236         * heap/Heap.cpp:
2237
2238 2011-08-03  Carlos Garcia Campos  <cgarcia@igalia.com>
2239
2240         [GTK] Reorganize pkg-config files
2241         https://bugs.webkit.org/show_bug.cgi?id=65548
2242
2243         Reviewed by Martin Robinson.
2244
2245         * GNUmakefile.am:
2246         * javascriptcoregtk.pc.in: Renamed from Source/WebKit/gtk/javascriptcoregtk.pc.in.
2247
2248 2011-08-01  David Levin  <levin@chromium.org>
2249
2250         Add asserts to RefCounted to make sure ref/deref happens on the right thread.
2251         https://bugs.webkit.org/show_bug.cgi?id=31639
2252
2253         Reviewed by Dmitry Titov.
2254
2255         * GNUmakefile.list.am: Added new files to the build.
2256         * JavaScriptCore.gypi: Ditto.
2257         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
2258         * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
2259         * jit/ExecutableAllocator.h:
2260         (JSC::ExecutablePool::ExecutablePool): Turned off checks for this
2261         due to not being able to figure out what was guarding it (bug 58091).
2262         * parser/SourceProvider.h:
2263         (JSC::SourceProvider::SourceProvider): Ditto.
2264         * wtf/CMakeLists.txt: Added new files to the build.
2265         * wtf/ThreadRestrictionVerifier.h: Added.
2266         Everything is done in the header to avoid the issue with exports
2267         that are only useful in debug but still needing to export them.
2268         * wtf/RefCounted.h:
2269         (WTF::RefCountedBase::ref): Added checks using the non thread safe verifier.
2270         and filed bug 58171 about making it stricter.
2271         (WTF::RefCountedBase::hasOneRef): Ditto.
2272         (WTF::RefCountedBase::refCount): Ditto.
2273         (WTF::RefCountedBase::setMutexForVerifier): Expose a way to change the checks to be based
2274         on a mutex. This is in the header to avoid adding more exports from JavaScriptCore.
2275         (WTF::RefCountedBase::deprecatedTurnOffVerifier): Temporary way to turn off verification.
2276         Filed bug 58174 to remove this method.
2277         (WTF::RefCountedBase::derefBase):
2278         * wtf/SizeLimits.cpp: Adjusted the debug size check for RefCounted.
2279         * wtf/text/CString.h:
2280         (WTF::CStringBuffer::CStringBuffer): Turned off checks for this while a fix is being
2281         done in Chromium (bug 58093).
2282
2283 2011-08-02  Filip Pizlo  <fpizlo@apple.com>
2284
2285         JSC GC may not be able to reuse partially-free blocks after a
2286         full collection
2287         https://bugs.webkit.org/show_bug.cgi?id=65585
2288
2289         Reviewed by Darin Adler.
2290         
2291         This fixes the linked list management bug.  This fix is performance
2292         neutral on SunSpider.
2293
2294         * heap/NewSpace.cpp:
2295         (JSC::NewSpace::removeBlock):
2296
2297 2011-07-30  Oliver Hunt  <oliver@apple.com>
2298
2299         Simplify JSFunction creation for functions written in JS
2300         https://bugs.webkit.org/show_bug.cgi?id=65422
2301
2302         Reviewed by Gavin Barraclough.
2303
2304         Remove hash lookups used to write name property and transition
2305         function structure by caching the resultant structure and property
2306         offset in JSGlobalObject.  This doesn't impact performance, but
2307         we can use this change to make other improvements later.
2308
2309         * runtime/Executable.cpp:
2310         (JSC::FunctionExecutable::FunctionExecutable):
2311         * runtime/Executable.h:
2312         (JSC::ScriptExecutable::ScriptExecutable):
2313         (JSC::FunctionExecutable::jsName):
2314         * runtime/JSFunction.cpp:
2315         (JSC::JSFunction::JSFunction):
2316         * runtime/JSGlobalObject.cpp:
2317         (JSC::JSGlobalObject::reset):
2318         * runtime/JSGlobalObject.h:
2319         (JSC::JSGlobalObject::namedFunctionStructure):
2320         (JSC::JSGlobalObject::functionNameOffset):
2321
2322 2011-08-02  Filip Pizlo  <fpizlo@apple.com>
2323
2324         JSC GC uses dummy cells to avoid having to remember which cells
2325         it has already destroyed
2326         https://bugs.webkit.org/show_bug.cgi?id=65556
2327
2328         Reviewed by Oliver Hunt.
2329         
2330         This gets rid of dummy cells, and ensures that it's not necessary
2331         to invoke a destructor on cells that have already been swept.  In
2332         the common case, a block knows that either all of its free cells
2333         still need to have destructors called, or none of them do, which
2334         minimizes the amount of branching that needs to happen per cell
2335         when performing a sweep.
2336         
2337         This is performance neutral on SunSpider and V8.  It is meant as
2338         a stepping stone to simplify the implementation of more
2339         sophisticated sweeping algorithms.
2340
2341         * heap/Heap.cpp:
2342         (JSC::CountFunctor::ClearMarks::operator()):
2343         * heap/MarkedBlock.cpp:
2344         (JSC::MarkedBlock::initForCellSize):
2345         (JSC::MarkedBlock::callDestructor):
2346         (JSC::MarkedBlock::specializedReset):
2347         (JSC::MarkedBlock::reset):
2348         (JSC::MarkedBlock::specializedSweep):
2349         (JSC::MarkedBlock::sweep):
2350         (JSC::MarkedBlock::produceFreeList):
2351         (JSC::MarkedBlock::lazySweep):
2352         (JSC::MarkedBlock::blessNewBlockForFastPath):
2353         (JSC::MarkedBlock::blessNewBlockForSlowPath):
2354         (JSC::MarkedBlock::canonicalizeBlock):
2355         * heap/MarkedBlock.h:
2356         (JSC::MarkedBlock::FreeCell::setNoObject):
2357         (JSC::MarkedBlock::setDestructorState):
2358         (JSC::MarkedBlock::destructorState):
2359         (JSC::MarkedBlock::notifyMayHaveFreshFreeCells):
2360         * runtime/JSCell.cpp:
2361         * runtime/JSCell.h:
2362         (JSC::JSCell::JSCell::JSCell):
2363         * runtime/JSGlobalData.cpp:
2364         (JSC::JSGlobalData::JSGlobalData):
2365         (JSC::JSGlobalData::clearBuiltinStructures):
2366         * runtime/JSGlobalData.h:
2367         * runtime/Structure.h:
2368
2369 2011-08-01  Michael Saboff  <msaboff@apple.com>
2370
2371         Virtual copying of FastMalloc allocated memory causes madvise MADV_FREE_REUSABLE errors
2372         https://bugs.webkit.org/show_bug.cgi?id=65502
2373
2374         Reviewed by Anders Carlsson.
2375
2376         With the fix of the issues causing madvise MADV_FREE_REUSABLE to fail,
2377         added an assert to the return code of madvise to catch any regressions.
2378
2379         * wtf/TCSystemAlloc.cpp:
2380         (TCMalloc_SystemRelease):
2381
2382 2011-08-02  Anders Carlsson  <andersca@apple.com>
2383
2384         Fix Windows build.
2385
2386         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2387
2388 2011-08-02  Anders Carlsson  <andersca@apple.com>
2389
2390         Fix a Windows build error.
2391
2392         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2393
2394 2011-08-02  Filip Pizlo  <fpizlo@apple.com>
2395
2396         JSC GC is far too conservative about growing the heap size, particularly
2397         on desktop platforms
2398         https://bugs.webkit.org/show_bug.cgi?id=65438
2399
2400         Reviewed by Oliver Hunt.
2401
2402         The minimum heap size is now 16MB instead of 512KB, provided all of the
2403         following are true:
2404         a) ENABLE(LARGE_HEAP) is set, which currently only happens on
2405            x86 targets, but could reasonably happen on any platform that is
2406            known to have a decent amount of RAM.
2407         b) JSGlobalData is initialized with HeapSize = LargeHeap, which
2408            currently only happens when it's the JSDOMWindowBase in WebCore or
2409            in the jsc command-line tool.
2410            
2411         This is a 4.1% speed-up on SunSpider.
2412
2413         * JavaScriptCore.exp:
2414         * heap/Heap.cpp:
2415         (JSC::Heap::Heap):
2416         (JSC::Heap::collect):
2417         * heap/Heap.h:
2418         * jsc.cpp:
2419         (main):
2420         * runtime/JSGlobalData.cpp:
2421         (JSC::JSGlobalData::JSGlobalData):
2422         (JSC::JSGlobalData::createContextGroup):
2423         (JSC::JSGlobalData::create):
2424         (JSC::JSGlobalData::createLeaked):
2425         (JSC::JSGlobalData::sharedInstance):
2426         * runtime/JSGlobalData.h:
2427         * wtf/Platform.h:
2428
2429 2011-08-02  Filip Pizlo  <fpizlo@apple.com>
2430
2431         JSC does a GC even when the heap still has free pages
2432         https://bugs.webkit.org/show_bug.cgi?id=65445
2433
2434         Reviewed by Oliver Hunt.
2435         
2436         If the high watermark is not reached, then we allocate new blocks as
2437         before.  If the current watermark does reach (or exceed) the high
2438         watermark, then we check if there is a block on the free block pool.
2439         If there is, we simply allocation from it.  If there isn't, we
2440         invoke a collectin as before.  This effectively couples the elastic
2441         scavenging to the collector's decision function.  That is, if an
2442         application rapidly varies its heap usage (sometimes using more and
2443         sometimes less) then the collector will not thrash as it used to.
2444         But if heap usage drops and stays low then the scavenger thread and
2445         the GC will eventually reach a kind of consensus: the GC will set
2446         the watermark low because of low heap usage, and the scavenger thread
2447         will steadily eliminate pages from the free page pool, until the size
2448         of the free pool is below the high watermark.
2449         
2450         On command-line, this is neutral on SunSpider and Kraken and a 3% win
2451         on V8.  In browser, this is a 1% win on V8 and neutral on the other
2452         two.
2453
2454         * heap/Heap.cpp:
2455         (JSC::Heap::allocateSlowCase):
2456         (JSC::Heap::allocateBlock):
2457         * heap/Heap.h:
2458
2459 2011-08-02  Jeff Miller  <jeffm@apple.com>
2460
2461         Move WTF_USE_AVFOUNDATION from JavaScriptCore/wtf/platform.h to WebCore/config.h
2462         https://bugs.webkit.org/show_bug.cgi?id=65552
2463         
2464         Since this is a WebCore feature, there's no need to define it in JavaScriptCore/wtf/platform.h.
2465
2466         Reviewed by Adam Roben.
2467
2468         * wtf/Platform.h: Removed WTF_USE_AVFOUNDATION.
2469
2470 2011-08-01  Jean-luc Brouillet  <jeanluc@chromium.org>
2471
2472         Removing old source files in gyp files that slow build
2473         https://bugs.webkit.org/show_bug.cgi?id=65503
2474
2475         Reviewed by Adam Barth.
2476
2477         A number of stale files are listed in the gyp files. These slow the
2478         build on Visual Studio 2010. Removing them.
2479
2480         * JavaScriptCore.gypi:
2481
2482 2011-07-14  David Levin  <levin@chromium.org>
2483
2484         currentThread is too slow!
2485         https://bugs.webkit.org/show_bug.cgi?id=64577
2486
2487         Reviewed by Darin Adler and Dmitry Titov.
2488
2489         The problem is that currentThread results in a pthread_once call which always takes a lock.
2490         With this change, currentThread is 10% faster than isMainThread in release mode and only
2491         5% slower than isMainThread in debug.
2492
2493         * wtf/ThreadIdentifierDataPthreads.cpp:
2494         (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
2495         which is no longer needed because this is called from initializeThreading().
2496         (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
2497         intialization of the pthread key should already be done.
2498         (WTF::ThreadIdentifierData::initialize): Ditto.
2499         * wtf/ThreadIdentifierDataPthreads.h:
2500         * wtf/ThreadingPthreads.cpp:
2501         (WTF::initializeThreading): Acquire the pthread key here.
2502
2503 2011-08-01  Filip Pizlo  <fpizlo@apple.com>
2504
2505         DFG JIT sometimes creates speculation check data structures that have
2506         invalid information about the format of a register
2507         https://bugs.webkit.org/show_bug.cgi?id=65490
2508
2509         Reviewed by Gavin Barraclough.
2510         
2511         The code now makes sure to (1) always have correct and up-to-date
2512         information about register format at the time that a speculation
2513         check is emitted, (2) assert that speculation data is correct
2514         inside the speculation check implementation, and (3) avoid creating
2515         speculation data altogether if compilation has already failed, since
2516         at that point the format data is almost guaranteed to be bogus.
2517
2518         * dfg/DFGNonSpeculativeJIT.cpp:
2519         (JSC::DFG::EntryLocation::EntryLocation):
2520         * dfg/DFGSpeculativeJIT.cpp:
2521         (JSC::DFG::SpeculationCheck::SpeculationCheck):
2522         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2523         (JSC::DFG::SpeculativeJIT::compile):
2524         * dfg/DFGSpeculativeJIT.h:
2525         (JSC::DFG::SpeculativeJIT::speculationCheck):
2526
2527 2011-08-01  Filip Pizlo  <fpizlo@apple.com>
2528
2529         REGRESSION(r92092): Build fails on 64 bit
2530         https://bugs.webkit.org/show_bug.cgi?id=65458
2531
2532         Reviewed by Oliver Hunt.
2533         
2534         The build was broken because some compilers were smart enough to see
2535         an array index out of bounds due to the decision fuction for when to
2536         go from precise size classes to imprecise size classes being broken:
2537         it would assume that sizes in the range 97..128 belonged to a precise
2538         size class when in fact they belonged to an imprecise one.
2539         
2540         In fact, the code would have run correctly, by way of a fluke, because
2541         though the 4th precise size class (for 97..128) didn't exist, the next
2542         array over from m_preciseSizeClasses was m_impreciseSizeClasses, and
2543         its first entry would have been a size class that is appropriate for
2544         allocations in the range 97..128.  However, this relies on specific
2545         ordering of fields in NewSpace, so it's still a bug.
2546         
2547         This fixes the bug by ensuring that allocations larger than 96 use
2548         the imprecise size classes.
2549
2550         * heap/NewSpace.h:
2551         (JSC::NewSpace::sizeClassFor):
2552
2553 2011-07-31  Gavin Barraclough  <barraclough@apple.com>
2554
2555         https://bugs.webkit.org/show_bug.cgi?id=64679
2556         Fix bugs in Array.prototype this handling.
2557
2558         Unreviewed - rolling out r91290.
2559
2560         Looks like the wild wild web isn't ready for this yet.
2561
2562         This change broke http://slides.html5rocks.com/#landing-slide.
2563         Interestingly, this might only be due to our lack of bind support -
2564         it looks like this site is calling  Array.prototype.slice as a part
2565         of its bind implementation.
2566
2567         * runtime/ArrayPrototype.cpp:
2568         (JSC::arrayProtoFuncJoin):
2569         (JSC::arrayProtoFuncConcat):
2570         (JSC::arrayProtoFuncPop):
2571         (JSC::arrayProtoFuncPush):
2572         (JSC::arrayProtoFuncReverse):
2573         (JSC::arrayProtoFuncShift):
2574         (JSC::arrayProtoFuncSlice):
2575         (JSC::arrayProtoFuncSort):
2576         (JSC::arrayProtoFuncSplice):
2577         (JSC::arrayProtoFuncUnShift):
2578         (JSC::arrayProtoFuncFilter):
2579         (JSC::arrayProtoFuncMap):
2580         (JSC::arrayProtoFuncEvery):
2581         (JSC::arrayProtoFuncForEach):
2582         (JSC::arrayProtoFuncSome):
2583         (JSC::arrayProtoFuncReduce):
2584         (JSC::arrayProtoFuncReduceRight):
2585         (JSC::arrayProtoFuncIndexOf):
2586         (JSC::arrayProtoFuncLastIndexOf):
2587
2588 2011-07-31  Filip Pizlo  <fpizlo@apple.com>
2589
2590         JSC GC lays out size classes under wrong assumptions about expected
2591         object size.
2592         https://bugs.webkit.org/show_bug.cgi?id=65437
2593
2594         Reviewed by Oliver Hunt.
2595         
2596         Changed the atom size - which is both the smallest allocation size and
2597         the smallest possible stepping unit for size class spacing - from
2598         8 bytes to 4 pointer-size words.  This is a 1% win on SunSpider.
2599
2600         * heap/MarkedBlock.h:
2601
2602 2011-07-31  Filip Pizlo  <fpizlo@apple.com>
2603
2604         DFG non-speculative JIT does not optimize PutByVal
2605         https://bugs.webkit.org/show_bug.cgi?id=65424
2606
2607         Reviewed by Gavin Barraclough.
2608         
2609         Added code to emit PutByVal inline fast path.
2610
2611         * dfg/DFGNonSpeculativeJIT.cpp:
2612         (JSC::DFG::NonSpeculativeJIT::compile):
2613
2614 2011-07-31  Filip Pizlo  <fpizlo@apple.com>
2615
2616         The JSC garbage collector returns memory to the operating system too
2617         eagerly.
2618         https://bugs.webkit.org/show_bug.cgi?id=65382
2619
2620         Reviewed by Oliver Hunt.
2621         
2622         This introduces a memory reuse model similar to the one in FastMalloc.
2623         A periodic scavenger thread runs in the background and returns half the
2624         free memory to the OS on each timer fire.  New block allocations first
2625         attempt to get the memory from the collector's internal pool, reverting
2626         to OS allocation only when this pool is empty.
2627
2628         * heap/Heap.cpp:
2629         (JSC::Heap::Heap):
2630         (JSC::Heap::~Heap):
2631         (JSC::Heap::destroy):
2632         (JSC::Heap::waitForRelativeTimeWhileHoldingLock):
2633         (JSC::Heap::waitForRelativeTime):
2634         (JSC::Heap::blockFreeingThreadStartFunc):
2635         (JSC::Heap::blockFreeingThreadMain):
2636         (JSC::Heap::allocateBlock):
2637         (JSC::Heap::freeBlocks):
2638         (JSC::Heap::releaseFreeBlocks):
2639         * heap/Heap.h:
2640         * heap/MarkedBlock.cpp:
2641         (JSC::MarkedBlock::destroy):
2642         (JSC::MarkedBlock::MarkedBlock):
2643         (JSC::MarkedBlock::initForCellSize):
2644         (JSC::MarkedBlock::reset):
2645         * heap/MarkedBlock.h:
2646         * wtf/Platform.h:
2647
2648 2011-07-30  Filip Pizlo  <fpizlo@apple.com>
2649
2650         DFG JIT speculation failure pass sometimes forgets to emit code to
2651         move certain registers.
2652         https://bugs.webkit.org/show_bug.cgi?id=65421
2653
2654         Reviewed by Oliver Hunt.
2655         
2656         Restructured the offending loops (for gprs and fprs).  It's once again
2657         possible to use spreadsheets on docs.google.com.
2658
2659         * dfg/DFGJITCompiler.cpp:
2660         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
2661
2662 2011-07-30  Patrick Gansterer  <paroga@webkit.org>
2663
2664         Remove inclusion of MainThread.h from Threading.h
2665         https://bugs.webkit.org/show_bug.cgi?id=65081
2666
2667         Reviewed by Darin Adler.
2668
2669         Add missing and remove unneeded include statements for MainThread.
2670
2671         * wtf/CryptographicallyRandomNumber.cpp:
2672         * wtf/Threading.h:
2673         * wtf/ThreadingPthreads.cpp:
2674         * wtf/text/StringStatics.cpp:
2675
2676 2011-07-30  Oliver Hunt  <oliver@apple.com>
2677
2678         Reduce the size of JSGlobalObject slightly
2679         https://bugs.webkit.org/show_bug.cgi?id=65417
2680
2681         Reviewed by Dan Bernstein.
2682
2683         Push a few members that either aren't commonly used,
2684         or aren't frequently accessed into a separate struct.
2685
2686         * runtime/JSGlobalObject.cpp:
2687         (JSC::JSGlobalObject::init):
2688         (JSC::JSGlobalObject::WeakMapsFinalizer::finalize):
2689         * runtime/JSGlobalObject.h:
2690         (JSC::JSGlobalObject::JSGlobalObjectRareData::JSGlobalObjectRareData):
2691         (JSC::JSGlobalObject::createRareDataIfNeeded):
2692         (JSC::JSGlobalObject::setProfileGroup):
2693         (JSC::JSGlobalObject::profileGroup):
2694         (JSC::JSGlobalObject::registerWeakMap):
2695         (JSC::JSGlobalObject::deregisterWeakMap):
2696
2697 2011-07-30  Balazs Kelemen  <kbalazs@webkit.org>
2698
2699         MessageQueue::waitForMessageFilteredWithTimeout can triggers an assertion
2700         https://bugs.webkit.org/show_bug.cgi?id=65263
2701
2702         Reviewed by Dmitry Titov.
2703
2704         * wtf/Deque.h:
2705         (WTF::::operator): Don't check the validity of an iterator
2706         that will be reassigned right now.
2707         * wtf/MessageQueue.h:
2708         (WTF::::removeIf): Revert r51198 as I beleave this is the better
2709         solution for the problem that was solved by that.
2710
2711 2011-07-29  Filip Pizlo  <fpizlo@apple.com>
2712
2713         JSC GC zombie support no longer works, and is likely no longer needed.
2714         https://bugs.webkit.org/show_bug.cgi?id=65404
2715
2716         Reviewed by Darin Adler.
2717         
2718         This removes zombies, because they no longer work, are not tested, are
2719         probably not needed, and are getting in the way of GC optimization
2720         work.
2721
2722         * JavaScriptCore.xcodeproj/project.pbxproj:
2723         * heap/Handle.h:
2724         (JSC::HandleConverter::operator->):
2725         (JSC::HandleConverter::operator*):
2726         * heap/HandleHeap.cpp:
2727         (JSC::HandleHeap::isValidWeakNode):
2728         * heap/Heap.cpp:
2729         (JSC::Heap::destroy):
2730         (JSC::Heap::collect):
2731         * heap/MarkedBlock.cpp:
2732         (JSC::MarkedBlock::sweep):
2733         * heap/MarkedBlock.h:
2734         (JSC::MarkedBlock::clearMarks):
2735         * interpreter/Register.h:
2736         (JSC::Register::Register):
2737         (JSC::Register::operator=):
2738         * runtime/ArgList.h:
2739         (JSC::MarkedArgumentBuffer::append):
2740         (JSC::ArgList::ArgList):
2741         * runtime/JSCell.cpp:
2742         (JSC::isZombie):
2743         * runtime/JSCell.h:
2744         * runtime/JSGlobalData.cpp:
2745         (JSC::JSGlobalData::JSGlobalData):
2746         (JSC::JSGlobalData::clearBuiltinStructures):
2747         * runtime/JSGlobalData.h:
2748         * runtime/JSValue.h:
2749         * runtime/JSValueInlineMethods.h:
2750         (JSC::JSValue::JSValue):
2751         * runtime/JSZombie.cpp: Removed.
2752         * runtime/JSZombie.h: Removed.
2753         * runtime/WriteBarrier.h:
2754         (JSC::WriteBarrierBase::setEarlyValue):
2755         (JSC::WriteBarrierBase::operator*):
2756         (JSC::WriteBarrierBase::setWithoutWriteBarrier):
2757         * wtf/Platform.h:
2758
2759 2011-07-29  Filip Pizlo  <fpizlo@apple.com>
2760
2761         DFG JIT verbose mode provides no details about predictions
2762         https://bugs.webkit.org/show_bug.cgi?id=65389
2763
2764         Reviewed by Darin Adler.
2765         
2766         Added a print-out of the predictions to the IR dump, with names as follows:
2767         "p-bottom" = the parser made no predictions
2768         "p-int32" = the parser predicted int32
2769         ... (same for array, cell, double, number)
2770         "p-top" = the parser made conflicting predictions which will be ignored.
2771
2772         * dfg/DFGGraph.cpp:
2773         (JSC::DFG::Graph::dump):
2774         * dfg/DFGGraph.h:
2775         (JSC::DFG::predictionToString):
2776
2777 2011-07-29  Filip Pizlo  <fpizlo@apple.com>
2778
2779         DFG JIT does not have any way of undoing double speculation.
2780         https://bugs.webkit.org/show_bug.cgi?id=65334
2781
2782         Reviewed by Gavin Barraclough.
2783         
2784         This adds code to do a branchConvertDoubleToInt on specualtion failure.
2785         This is performance-neutral on most benchmarks but does result in
2786         a slight improvement in Kraken.
2787
2788         * dfg/DFGJITCompiler.cpp:
2789         (JSC::DFG::GeneralizedRegister::moveTo):
2790         (JSC::DFG::GeneralizedRegister::swapWith):
2791         (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
2792         (JSC::DFG::ShuffledRegister::handleCyclingPermutation):
2793         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
2794
2795 2011-07-29  Filip Pizlo  <fpizlo@apple.com>
2796
2797         Crash when opening docs.google.com
2798         https://bugs.webkit.org/show_bug.cgi?id=65327
2799
2800         Reviewed by Gavin Barraclough.
2801         
2802         The speculative JIT was only checking whether a value is an array when
2803         we had already checked that it was, rather then when we hadn't.
2804
2805         * dfg/DFGSpeculativeJIT.cpp:
2806         (JSC::DFG::SpeculativeJIT::compile):
2807
2808 2011-07-28  Oliver Hunt  <oliver@apple.com>
2809
2810         *_list instructions are only used in one place, where the code is wrong.
2811         https://bugs.webkit.org/show_bug.cgi?id=65348
2812
2813         Reviewed by Darin Adler.
2814
2815         Simply remove the instructions and all users.  Speeds up the interpreter
2816         slightly due to code motion, but otherwise has no effect (because none
2817         of the _list instructions are ever used).
2818
2819         * bytecode/CodeBlock.cpp:
2820         (JSC::isPropertyAccess):
2821         (JSC::CodeBlock::dump):
2822         (JSC::CodeBlock::visitStructures):
2823         * bytecode/Instruction.h:
2824         * bytecode/Opcode.h:
2825         * interpreter/Interpreter.cpp:
2826         (JSC::Interpreter::privateExecute):
2827         * jit/JIT.cpp:
2828         (JSC::JIT::privateCompileMainPass):
2829
2830 2011-07-28  Gavin Barraclough  <barraclough@apple.com>
2831
2832         https://bugs.webkit.org/show_bug.cgi?id=65325
2833         Performance tweak to parseInt
2834
2835         Reviewed by Oliver Hunt.
2836
2837         * runtime/JSGlobalObjectFunctions.cpp:
2838         (JSC::globalFuncParseInt):
2839             - This change may an existing optimization redundant,
2840               cleanup from Darin's comments, plus fix existing bugs.
2841
2842 2011-07-28  Gavin Barraclough  <barraclough@apple.com>
2843
2844         https://bugs.webkit.org/show_bug.cgi?id=65325
2845         Performance tweak to parseInt
2846
2847         Reviewed by Oliver Hunt.
2848
2849         * runtime/JSGlobalObjectFunctions.cpp:
2850         (JSC::globalFuncParseInt):
2851             - parseInt applied to small positive numbers = floor.
2852
2853 2011-07-28  Dan Bernstein  <mitz@apple.com>
2854
2855         Build fix.
2856
2857         * runtime/Executable.cpp:
2858         (JSC::FunctionExecutable::compileForCallInternal):
2859
2860 2011-07-28  Kent Tamura  <tkent@chromium.org>
2861
2862         Improve StringImpl::stripWhiteSpace() and simplifyWhiteSpace().
2863         https://bugs.webkit.org/show_bug.cgi?id=65300
2864
2865         Reviewed by Darin Adler.
2866
2867         r91837 had performance regression of StringImpl::stripWhiteSpace()
2868         and simplifyWhiteSpace(). This changes the code so that compilers
2869         generates code equivalent to r91836 or piror.
2870
2871         * wtf/text/StringImpl.cpp:
2872         (WTF::StringImpl::stripMatchedCharacters):
2873         A template member function for stripWhiteSpace(). This function takes a functor.
2874         (WTF::UCharPredicate):
2875         A functor for generic predicate for single UChar argument.
2876         (WTF::SpaceOrNewlinePredicate):
2877         A special functor for isSpaceOrNewline().
2878         (WTF::StringImpl::stripWhiteSpace):
2879         Use stripmatchedCharacters().
2880         (WTF::StringImpl::simplifyMatchedCharactersToSpace):
2881         A template member function for simplifyWhiteSpace().
2882         (WTF::StringImpl::simplifyWhiteSpace):
2883         Use simplifyMatchedCharactersToSpace().
2884         * wtf/text/StringImpl.h:
2885
2886 2011-07-27  Dmitry Lomov  <dslomov@google.com>
2887
2888         [chromium] Turn on WTF_MULTIPLE_THREADS.
2889         https://bugs.webkit.org/show_bug.cgi?id=61017
2890         The patch turns on WTF_MULTIPLE_THREADS in chromium and 
2891         pushes some relevant initializations from JSC::initializeThreading
2892         to WTF::initializeThreading.
2893
2894         Reviewed by David Levin.
2895
2896         * runtime/InitializeThreading.cpp:
2897         (JSC::initializeThreadingOnce):
2898         * wtf/FastMalloc.cpp:
2899         (WTF::isForbidden):
2900         (WTF::fastMallocForbid):
2901         (WTF::fastMallocAllow):
2902         * wtf/Platform.h:
2903         * wtf/ThreadingPthreads.cpp:
2904         (WTF::initializeThreading):
2905         * wtf/ThreadingWin.cpp:
2906         (WTF::initializeThreading):
2907         * wtf/gtk/ThreadingGtk.cpp:
2908         (WTF::initializeThreading):
2909         * wtf/qt/ThreadingQt.cpp:
2910         (WTF::initializeThreading):
2911
2912 2011-07-27  Mark Hahnenberg  <mhahnenberg@apple.com>
2913
2914         Remove operator new from JSCell
2915         https://bugs.webkit.org/show_bug.cgi?id=64999
2916
2917         Reviewed by Oliver Hunt.
2918
2919         Removed the implementation of operator new in JSCell, so any further uses
2920         will not successfully link.  Also removed any remaining uses of operator new.
2921
2922         * API/JSContextRef.cpp:
2923         * debugger/DebuggerActivation.h:
2924         (JSC::DebuggerActivation::create):
2925         * interpreter/Interpreter.cpp:
2926         (JSC::Interpreter::execute):
2927         (JSC::Interpreter::createExceptionScope):
2928         (JSC::Interpreter::privateExecute):
2929         * jit/JITStubs.cpp:
2930         (JSC::DEFINE_STUB_FUNCTION):
2931         * runtime/JSCell.h:
2932         * runtime/JSGlobalObject.h:
2933         (JSC::JSGlobalObject::create):
2934         * runtime/JSStaticScopeObject.h:
2935         (JSC::JSStaticScopeObject::create):
2936         (JSC::JSStaticScopeObject::JSStaticScopeObject):
2937         * runtime/StrictEvalActivation.h:
2938         (JSC::StrictEvalActivation::create):
2939
2940 2011-07-27  Filip Pizlo  <fpizlo@apple.com>
2941
2942         DFG graph has no notion of double prediction.
2943         https://bugs.webkit.org/show_bug.cgi?id=65234
2944
2945         Reviewed by Gavin Barraclough.
2946         
2947         Added the notion of PredictDouble, and PredictNumber, which is the least
2948         upper bound of PredictInt32 and PredictDouble.  Least upper bound is
2949         defined as the bitwise-or of two predictions.  Bottom is defined as 0,
2950         and Top is defined as all bits being set.  Added the ability to explicitly
2951         distinguish between a node having had a prediction associated with it,
2952         and that prediction still being valid (i.e. no conflicting predictions
2953         have also been added).  Used this to guard the speculative JIT from
2954         speculating Int32 in cases where the graph knows that the value is
2955         double, which currently only happens for GetLocal nodes on arguments
2956         which were double at compile-time.
2957
2958         * dfg/DFGGraph.cpp:
2959         (JSC::DFG::Graph::predictArgumentTypes):
2960         * dfg/DFGGraph.h:
2961         (JSC::DFG::isCellPrediction):
2962         (JSC::DFG::isArrayPrediction):
2963         (JSC::DFG::isInt32Prediction):
2964         (JSC::DFG::isDoublePrediction):
2965         (JSC::DFG::isNumberPrediction):
2966         * dfg/DFGSpeculativeJIT.cpp:
2967         (JSC::DFG::SpeculativeJIT::compile):
2968         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2969         (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
2970         * dfg/DFGSpeculativeJIT.h:
2971         (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
2972
2973 2011-07-27  Gavin Barraclough  <barraclough@apple.com>
2974
2975         https://bugs.webkit.org/show_bug.cgi?id=65294
2976         DFG JIT - may speculate based on wrong arguments.
2977
2978         Reviewed by Oliver Hunt
2979
2980         In the case of a DFG compiled function calling to and compiling a second function that
2981         also compiles through the DFG JIT (i.e. compilation triggered with DFGOperations.cpp),
2982         we call compileFor passing the caller functions exec state, rather than the callee's.
2983         This may lead to mis-optimization, since the DFG compiler will example the exec state's
2984         arguments on the assumption that these will be passed to the callee - it is wanting the
2985         callee exec state, not the caller's exec state.
2986
2987         Fixing this for all cases of compilation is tricksy, due to the way the numeric sort
2988         function is compiled, & the structure of the calls in the Interpreter::execute methods.
2989         Only fix for compilation from the JIT, in other calls don't speculate based on arguments
2990         for now.
2991
2992         * dfg/DFGOperations.cpp:
2993         * runtime/Executable.cpp:
2994         (JSC::tryDFGCompile):
2995         (JSC::tryDFGCompileFunction):
2996         (JSC::FunctionExecutable::compileForCallInternal):
2997         * runtime/Executable.h:
2998         (JSC::FunctionExecutable::compileForCall):
2999         (JSC::FunctionExecutable::compileFor):
3000
3001 2011-07-27  Oliver Hunt  <oliver@apple.com>
3002
3003         Handle callback oriented JSONP
3004         https://bugs.webkit.org/show_bug.cgi?id=65271
3005
3006         Reviewed by Gavin Barraclough.
3007
3008         Handle the callback oriented versions of JSONP.  The Literal parser
3009         now handles <Identifier> (. <Identifier>)* (jsonData).
3010
3011         * interpreter/Interpreter.cpp:
3012         (JSC::Interpreter::execute):
3013         * runtime/LiteralParser.cpp:
3014         (JSC::LiteralParser::tryJSONPParse):
3015         (JSC::LiteralParser::Lexer::lex):
3016         * runtime/LiteralParser.h:
3017
3018 2011-07-27  Stephanie Lewis  <slewis@apple.com>
3019
3020         Revert http://trac.webkit.org/changeset/90415.
3021         Caused a 5% sunspider regression in-browser.
3022
3023         Unreviewed rollout.
3024
3025         * bytecode/CodeBlock.cpp:
3026         (JSC::CodeBlock::visitAggregate):
3027         * heap/Heap.cpp:
3028         (JSC::Heap::collectAllGarbage):
3029         * heap/MarkStack.h:
3030         (JSC::MarkStack::MarkStack):
3031         * runtime/JSGlobalData.cpp:
3032         (JSC::JSGlobalData::releaseExecutableMemory):
3033         * runtime/RegExp.cpp:
3034         (JSC::RegExp::compile):
3035         (JSC::RegExp::invalidateCode):
3036         * runtime/RegExp.h:
3037
3038 2011-07-27  Shinya Kawanaka  <shinyak@google.com>
3039
3040         Added an interface to take IsWhiteSpaceFunctionPtr.
3041         https://bugs.webkit.org/show_bug.cgi?id=57746
3042
3043         Reviewed by Kent Tamura.
3044
3045         * wtf/text/StringImpl.cpp:
3046         (WTF::StringImpl::stripWhiteSpace):
3047           Added an interface to take IsWhiteSpaceFunctionPtr.
3048         (WTF::StringImpl::simplifyWhiteSpace): ditto.
3049         * wtf/text/StringImpl.h:
3050         * wtf/text/WTFString.cpp:
3051         (WTF::String::stripWhiteSpace): ditto.
3052         (WTF::String::simplifyWhiteSpace): ditto.
3053         * wtf/text/WTFString.h:
3054
3055 2011-07-27  Filip Pizlo  <fpizlo@apple.com>
3056
3057         DFG JIT speculation failure code performs incorrect conversions in
3058         the case where two registers need to be swapped.
3059         https://bugs.webkit.org/show_bug.cgi?id=65233
3060
3061         Reviewed by Gavin Barraclough.
3062         
3063         * dfg/DFGJITCompiler.cpp:
3064         (JSC::DFG::GeneralizedRegister::swapWith):
3065
3066 2011-07-26  Mark Hahnenberg  <mhahnenberg@apple.com>
3067
3068         reduce and reduceRight bind callback's this to null rather than undefined
3069         https://bugs.webkit.org/show_bug.cgi?id=62264
3070
3071         Reviewed by Oliver Hunt.
3072
3073         Fixed Array.prototype.reduce and Array.prototype.reduceRight so that they behave correctly
3074         when calling the callback function without an argument for this, which means it should 
3075         be undefined according to ES 15.4.4.21 and 15.4.4.22.
3076
3077         * runtime/ArrayPrototype.cpp:
3078         (JSC::arrayProtoFuncReduce):
3079         (JSC::arrayProtoFuncReduceRight):
3080
3081 2011-07-26  Filip Pizlo  <fpizlo@apple.com>
3082
3083         JSC command-line tool does not come with any facility for
3084         measuring time precisely.
3085         https://bugs.webkit.org/show_bug.cgi?id=65223
3086
3087         Reviewed by Gavin Barraclough.
3088         
3089         Exposed WTF::currentTime() as currentTimePrecise().
3090
3091         * jsc.cpp:
3092         (GlobalObject::GlobalObject):
3093         (functionPreciseTime):
3094
3095 2011-07-26  Filip Pizlo  <fpizlo@apple.com>
3096
3097         DFG speculative JIT never emits inline double comparisons, even when it
3098         would be obvious more efficient to do so.
3099         https://bugs.webkit.org/show_bug.cgi?id=65212
3100
3101         Reviewed by Gavin Barraclough.
3102         
3103         This handles the obvious case of inlining double comparisons: it only addresses
3104         the speculative JIT, and only for fused compare/branch sequences.  But it does
3105         handle the case where both operands are double (and there is no slow path),
3106         or where one operand is double and the other is unknown type (in which case it
3107         attempts to unbox the double, otherwise taking slow path).  This is an 0.8%
3108         speed-up on SunSpider.
3109
3110         * dfg/DFGSpeculativeJIT.cpp:
3111         (JSC::DFG::SpeculativeJIT::convertToDouble):
3112         (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
3113         (JSC::DFG::SpeculativeJIT::compare):
3114         (JSC::DFG::SpeculativeJIT::compile):
3115         * dfg/DFGSpeculativeJIT.h:
3116         (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
3117         (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
3118
3119 2011-07-26  Filip Pizlo  <fpizlo@apple.com>
3120
3121         https://bugs.webkit.org/show_bug.cgi?id=64969
3122         DFG JIT generates inefficient code for speculation failures.
3123
3124         Reviewed by Gavin Barraclough.
3125         
3126         This implements a speculation failure strategy where (1) values spilled on
3127         non-speculative but not spilled on speculative are spilled, (2) values that
3128         are in registers on both paths are rearranged without ever touching memory,
3129         and (3) values spilled on speculative but not spilled on non-speculative are
3130         filled.
3131         
3132         The register shuffling is the most interesting part of this patch.  It
3133         constructs a permutation graph for registers.  Each node represents a
3134         register, and each directed edge corresponds to the register's value having
3135         to be moved to a different register as part of the shuffling.  This is a
3136         directed graph where each node may only have 0 or 1 incoming edges, and
3137         0 or 1 outgoing edges.  The algorithm then first finds maximal non-cyclic
3138         subgraphs where all nodes in the subgraph are reachable from a start node.
3139         Such subgraphs always resemble linked lists, and correspond to simply
3140         moving the value in the second-to-last register into the last register, and
3141         then moving the value in the third-to-last register into the second-to-last
3142         register, and so on.  Once these subgraphs are taken care of, the remaining
3143         subgraphs are cycles, and are handled using either (a) conversion or no-op
3144         if the cycle involves one node, (b) swap if it involves two nodes, or (c)
3145         a cyclic shuffle involving a scratch register if there are three or more
3146         nodes.
3147         
3148         * dfg/DFGGenerationInfo.h:
3149         (JSC::DFG::needDataFormatConversion):
3150         * dfg/DFGJITCompiler.cpp:
3151         (JSC::DFG::GeneralizedRegister::GeneralizedRegister):
3152         (JSC::DFG::GeneralizedRegister::createGPR):
3153         (JSC::DFG::GeneralizedRegister::createFPR):
3154         (JSC::DFG::GeneralizedRegister::dump):
3155         (JSC::DFG::GeneralizedRegister::findInSpeculationCheck):
3156         (JSC::DFG::GeneralizedRegister::findInEntryLocation):
3157         (JSC::DFG::GeneralizedRegister::previousDataFormat):
3158         (JSC::DFG::GeneralizedRegister::nextDataFormat):
3159         (JSC::DFG::GeneralizedRegister::convert):
3160         (JSC::DFG::GeneralizedRegister::moveTo):
3161         (JSC::DFG::GeneralizedRegister::swapWith):
3162         (JSC::DFG::ShuffledRegister::ShuffledRegister):
3163         (JSC::DFG::ShuffledRegister::isEndOfNonCyclingPermutation):
3164         (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
3165         (JSC::DFG::ShuffledRegister::handleCyclingPermutation):
3166         (JSC::DFG::ShuffledRegister::lookup):
3167         (JSC::DFG::lookupForRegister):
3168         (JSC::DFG::NodeToRegisterMap::Tuple::Tuple):
3169         (JSC::DFG::NodeToRegisterMap::NodeToRegisterMap):
3170         (JSC::DFG::NodeToRegisterMap::set):
3171         (JSC::DFG::NodeToRegisterMap::end):
3172         (JSC::DFG::NodeToRegisterMap::find):
3173         (JSC::DFG::NodeToRegisterMap::clear):
3174         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
3175         (JSC::DFG::JITCompiler::linkSpeculationChecks):
3176         * dfg/DFGJITCompiler.h:
3177         * dfg/DFGNonSpeculativeJIT.cpp:
3178         (JSC::DFG::EntryLocation::EntryLocation):
3179         * dfg/DFGNonSpeculativeJIT.h:
3180         * dfg/DFGSpeculativeJIT.cpp:
3181         (JSC::DFG::SpeculationCheck::SpeculationCheck):
3182         * dfg/DFGSpeculativeJIT.h:
3183
3184 2011-07-26  Oliver Hunt  <oliver@apple.com>
3185
3186         Buffer overflow creating error messages for JSON.parse
3187         https://bugs.webkit.org/show_bug.cgi?id=65211
3188
3189         Reviewed by Darin Adler.
3190
3191         Parse string length to the UString constructor.
3192
3193         * runtime/LiteralParser.cpp:
3194         (JSC::LiteralParser::parse):
3195
3196 2011-07-26  Mark Hahnenberg  <mhahnenberg@apple.com>
3197
3198         Refactor automatically generated JS DOM bindings to replace operator new with static create methods
3199         https://bugs.webkit.org/show_bug.cgi?id=64732
3200
3201         Reviewed by Oliver Hunt.
3202
3203         Replacing the public constructors in the automatically generated JS DOM bindings with static 
3204         create methods.  JSByteArray is used by several of these bindings in WebCore.
3205
3206         * JavaScriptCore.exp:
3207         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3208         * runtime/JSByteArray.cpp:
3209         (JSC::JSByteArray::create):
3210         * runtime/JSByteArray.h:
3211
3212 2011-07-26  Alexis Menard  <alexis.menard@openbossa.org>
3213
3214         Unreviewed build fix for Qt/Linux.
3215
3216         On platforms with no glib and gstreamer we should not build javascriptcore
3217         with the Glib support. This is related to http://trac.webkit.org/changeset/91752.
3218
3219         * wtf/wtf.pri:
3220
3221 2011-07-26  Juan C. Montemayor  <jmont@apple.com>
3222
3223         JSON errors should be informative
3224         https://bugs.webkit.org/show_bug.cgi?id=63339
3225
3226         Added error messages to the JSON Parser.
3227
3228         Reviewed by Oliver Hunt.
3229
3230         * runtime/JSONObject.cpp:
3231         (JSC::JSONProtoFuncParse):
3232         * runtime/LiteralParser.cpp:
3233         (JSC::LiteralParser::Lexer::lex):
3234         (JSC::LiteralParser::Lexer::lexString):
3235         (JSC::LiteralParser::Lexer::lexNumber):
3236         (JSC::LiteralParser::parse):
3237         * runtime/LiteralParser.h:
3238         (JSC::LiteralParser::getErrorMessage):
3239         (JSC::LiteralParser::Lexer::sawError):
3240         (JSC::LiteralParser::Lexer::getErrorMessage):
3241
3242 2011-07-26  Sheriff Bot  <webkit.review.bot@gmail.com>
3243
3244         Unreviewed, rolling out r91746.
3245         http://trac.webkit.org/changeset/91746
3246         https://bugs.webkit.org/show_bug.cgi?id=65180
3247
3248         It broke SL build (Requested by Ossy on #webkit).
3249
3250         * wtf/text/StringImpl.cpp:
3251         (WTF::StringImpl::stripWhiteSpace):
3252         (WTF::StringImpl::simplifyWhiteSpace):
3253         * wtf/text/StringImpl.h:
3254         * wtf/text/WTFString.cpp:
3255         * wtf/text/WTFString.h:
3256
3257 2011-07-26  Alexis Menard  <alexis.menard@openbossa.org>
3258
3259         Reviewed by Andreas Kling.
3260
3261         [Qt] Change default backend to use GStreamer on Linux and QuickTime on Mac.
3262         https://bugs.webkit.org/show_bug.cgi?id=63472
3263
3264         Enable the bits needed for GStreamer only when QtMultimedia is not used.
3265
3266         * wtf/wtf.pri:
3267
3268 2011-07-26  Shinya Kawanaka  <shinyak@google.com>
3269
3270         Added an interface to take IsWhiteSpaceFunctionPtr.
3271         https://bugs.webkit.org/show_bug.cgi?id=57746
3272
3273         Reviewed by Kent Tamura.
3274
3275         * wtf/text/StringImpl.cpp:
3276         (WTF::StringImpl::stripWhiteSpace):
3277           Added an interface to take IsWhiteSpaceFunctionPtr.
3278         (WTF::StringImpl::simplifyWhiteSpace): ditto.
3279         * wtf/text/StringImpl.h:
3280         * wtf/text/WTFString.cpp:
3281         (WTF::String::stripWhiteSpace): ditto.
3282         (WTF::String::simplifyWhiteSpace): ditto.
3283         * wtf/text/WTFString.h:
3284
3285 2011-07-25  Filip Pizlo  <fpizlo@apple.com>
3286
3287         DFG non-speculative JIT emits inefficient code for arithmetic
3288         involving two registers
3289         https://bugs.webkit.org/show_bug.cgi?id=65160
3290
3291         Reviewed by Gavin Barraclough.
3292         
3293         The non-speculative JIT now emits inline code for double arithmetic, but
3294         still attempts integer arithmetic first.  This is a speed-up on SunSpider
3295         (albeit a small one), and a large speed-up on Kraken.
3296
3297         * dfg/DFGNonSpeculativeJIT.cpp:
3298         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
3299
3300 2011-07-25  Ryuan Choi  <ryuan.choi@samsung.com>
3301
3302         [EFL] Build break with --debug after r89153.
3303         https://bugs.webkit.org/show_bug.cgi?id=65150
3304
3305         Unreviewed build fix.
3306
3307         * wtf/CMakeListsEfl.txt: Add missing libraries.
3308
3309 2011-07-25  Filip Pizlo  <fpizlo@apple.com>
3310
3311         DFG non-speculative JIT emits obviously inefficient code for arithmetic
3312         where one operand is a constant.
3313         https://bugs.webkit.org/show_bug.cgi?id=65146
3314
3315         Reviewed by Gavin Barraclough.
3316         
3317         Changed the code to emit double arithmetic inline.
3318
3319         * dfg/DFGNonSpeculativeJIT.cpp:
3320         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
3321
3322 2011-07-25  Filip Pizlo  <fpizlo@apple.com>
3323
3324         DFG JIT bytecode parser misuses pointers into objects allocated as part of a
3325         WTF::Vector.
3326         https://bugs.webkit.org/show_bug.cgi?id=65128
3327
3328         Reviewed by Gavin Barraclough.
3329         
3330         The bytecode parser code seems to be right to have a DFGNode& phiNode reference
3331         into the graph, since this makes the code greatly more readable.  This patch
3332         thus makes the minimal change necessary to make the code right: it uses a
3333         pointer (to disambiguate between reloading the pointer and performing a
3334         copy from one location of the vector to another) and reloads it after the
3335         calls to addToGraph().
3336
3337         * dfg/DFGByteCodeParser.cpp:
3338         (JSC::DFG::ByteCodeParser::processPhiStack):
3339
3340 2011-07-25  Sheriff Bot  <webkit.review.bot@gmail.com>
3341
3342         Unreviewed, rolling out r91686.
3343         http://trac.webkit.org/changeset/91686
3344         https://bugs.webkit.org/show_bug.cgi?id=65144
3345
3346         1.5% regression in JSC (Requested by jmontemayor on #webkit).
3347
3348         * runtime/JSONObject.cpp:
3349         (JSC::JSONProtoFuncParse):
3350         * runtime/LiteralParser.cpp:
3351         (JSC::LiteralParser::Lexer::lex):
3352         (JSC::LiteralParser::Lexer::lexString):
3353         (JSC::LiteralParser::Lexer::lexNumber):
3354         (JSC::LiteralParser::parse):
3355         * runtime/LiteralParser.h:
3356
3357 2011-07-25  Jon Lee  <jonlee@apple.com>
3358
3359         Assertion called in ExecutableBase::generatedJITCodeForCall() when JIT is not available
3360         https://bugs.webkit.org/show_bug.cgi?id=65132
3361         <rdar://problem/9836297>
3362         
3363         Reviewed by Oliver Hunt.
3364         
3365         Make sure the JIT is available to use before running the following calls:
3366
3367         * bytecode/CodeBlock.cpp:
3368         (JSC::CodeBlock::unlinkCalls): Added check, return early if JIT is not available.
3369         * bytecode/CodeBlock.h:
3370         (JSC::CodeBlock::addMethodCallLinkInfos): Added assertion.
3371
3372 2011-07-25  Juan C. Montemayor  <jmont@apple.com>
3373
3374         JSON errors should be informative
3375         https://bugs.webkit.org/show_bug.cgi?id=63339
3376
3377         Added error messages to the JSON Parser.
3378
3379         Reviewed by Oliver Hunt.
3380
3381         * runtime/JSONObject.cpp:
3382         (JSC::JSONProtoFuncParse):
3383         * runtime/LiteralParser.cpp:
3384         (JSC::LiteralParser::Lexer::lex):
3385         (JSC::LiteralParser::Lexer::lexString):
3386         (JSC::LiteralParser::Lexer::lexNumber):
3387         (JSC::LiteralParser::parse):
3388         * runtime/LiteralParser.h:
3389         (JSC::LiteralParser::getErrorMessage):
3390         (JSC::LiteralParser::Lexer::sawError):
3391         (JSC::LiteralParser::Lexer::getErrorMessage):
3392
3393 2011-07-25  Filip Pizlo  <fpizlo@apple.com>
3394
3395         X86-64 assembler emits three instructions instead of two for certain
3396         loads and stores.
3397         https://bugs.webkit.org/show_bug.cgi?id=65095
3398
3399         Reviewed by Gavin Barraclough.
3400         
3401         Simply made these four methods in the assembler use the scratch register,
3402         which they were previously avoiding.  It still optimizes for the case where
3403         an absolute address memory accesses is using EAX.  This results in a slight
3404         performance improvement.
3405
3406         * assembler/MacroAssemblerX86_64.h:
3407         (JSC::MacroAssemblerX86_64::load32):
3408         (JSC::MacroAssemblerX86_64::store32):
3409         (JSC::MacroAssemblerX86_64::loadPtr):
3410         (JSC::MacroAssemblerX86_64::storePtr):
3411
3412 2011-07-25  Ryuan Choi  <ryuan.choi@samsung.com>
3413
3414         [EFL] Implement EFL-specific current time and monotonicallyIncreasingTime.
3415         https://bugs.webkit.org/show_bug.cgi?id=64354
3416
3417         Use ecore_time_unix_get which returns unix time as double type for currentTime
3418         and ecore_time_get which uses monotonic clock for monotonicallyIncreasingTime.
3419
3420         Reviewed by Kent Tamura.
3421
3422         * wtf/CurrentTime.cpp:
3423         (WTF::currentTime):
3424         (WTF::monotonicallyIncreasingTime):
3425
3426 2011-07-22  Sommer Panage  <panage@apple.com>
3427
3428         Reviewed by Oliver Hunt.
3429
3430         export JSContextCreateBacktrace as SPI in JSContextRefPrivate.h
3431         https://bugs.webkit.org/show_bug.cgi?id=64981
3432
3433         UIAutomation for iOS would like to support a Javascript backtrace in our error logs.
3434         Currently, the C API does not provide the tools to do this. However, the private API
3435         does expose the necessary functionality to get a backtrace
3436         (via Interpreter::retrieveLastCaller). We recognize this information may result in
3437         failure in the cases of programs run by 'eval', stack frames beneath host function
3438         call frames, and in programs run from other programs. Thus, we propose exporting our
3439         JSContextCreateBacktrace in JSContextRefPrivate.h. This will provide us with the tools
3440         we need while not advertising an API that isn't really ready for full use.
3441
3442         * API/JSContextRef.cpp:
3443         * API/JSContextRefPrivate.h:
3444         * JavaScriptCore.exp:
3445
3446
3447 2011-07-22  Gavin Barraclough  <barraclough@apple.com>
3448
3449         https://bugs.webkit.org/show_bug.cgi?id=65051
3450         DFG JIT - Enable by default for mac platform on x86-64.
3451
3452         Rubber Stamped by Geoff Garen.
3453
3454         This is now a performance progression.
3455
3456         * wtf/Platform.h:
3457             - Removed definition of ENABLE_DFG_JIT_RESTRICTIONS.
3458
3459 2011-07-22  Gavin Barraclough  <barraclough@apple.com>
3460
3461         https://bugs.webkit.org/show_bug.cgi?id=65047
3462         DFG&n