f1290647652e68c83daf965ec72b08fb299f0d2e
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-05-23  Michael Saboff  <msaboff@apple.com>
2
3         Reviewed by Mark Rowe.
4
5         Safari often freezes when clicking "Return free memory" in Caches dialog
6         https://bugs.webkit.org/show_bug.cgi?id=61325
7
8         There are two fixes and improvement in instrumentation code used to find 
9         one of the problems.
10         Changed ReleaseFreeList() to set the "decommitted" bit when releasing
11         pages to the system and moving Spans from the normal list to the returned 
12         list.
13         Added a "not making forward progress" check to TCMalloc_PageHeap::scavenge
14         to eliminate an infinite loop if we can't meet the pagesToRelease target.
15         Added a check for the decommitted bit being set properly in 
16         TCMalloc_PageHeap::CheckList.
17
18         * wtf/FastMalloc.cpp:
19         (WTF::TCMalloc_PageHeap::scavenge):
20         (WTF::TCMalloc_PageHeap::Check):
21         (WTF::TCMalloc_PageHeap::CheckList):
22         (WTF::ReleaseFreeList):
23
24 2011-05-23  Gavin Barraclough  <barraclough@apple.com>
25
26         Reviewed by Geoff Garen.
27
28         https://bugs.webkit.org/show_bug.cgi?id=61306
29
30         The begin characters optimization currently has issues (#61129),
31         and does not appear to still be a performance win. The prudent
32         next step seems to be to disable while we ascertain whether this
33         is still a useful performance optimization.
34
35         * yarr/YarrInterpreter.cpp:
36         (JSC::Yarr::Interpreter::matchDisjunction):
37         (JSC::Yarr::Interpreter::interpret):
38         * yarr/YarrInterpreter.h:
39         (JSC::Yarr::BytecodePattern::BytecodePattern):
40         * yarr/YarrPattern.cpp:
41         (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
42         (JSC::Yarr::YarrPattern::compile):
43         (JSC::Yarr::YarrPattern::YarrPattern):
44         * yarr/YarrPattern.h:
45         (JSC::Yarr::YarrPattern::reset):
46
47 2011-05-23  Matthew Delaney  <mdelaney@apple.com>
48
49         Reviewed by Simon Fraser.
50
51         Remove safeFloatToInt() in FloatRect.cpp and replace with working version of clampToInteger()
52         https://bugs.webkit.org/show_bug.cgi?id=58216
53
54         * wtf/MathExtras.h:
55         (clampToInteger):
56         (clampToPositiveInteger):
57
58 2011-05-23  Ruben  <chromium@hybridsource.org>
59
60         Reviewed by Tony Chang.
61
62         Chromium gyp patch to use new POSIX defines toolkit_uses_gtk and os_posix
63         https://bugs.webkit.org/show_bug.cgi?id=61219
64
65         * JavaScriptCore.gyp/JavaScriptCore.gyp:
66
67 2011-05-23  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
68
69         Reviewed by Gavin Barraclough.
70
71         [SH4] AssemblerLabel does not name a type
72         https://bugs.webkit.org/show_bug.cgi?id=59927
73
74         SH4Assembler.h file shoold be included before AbstractMacroAssembler.h.
75
76         * assembler/MacroAssemblerSH4.h:
77
78 2011-05-23  Ryuan Choi  <ryuan.choi@samsung.com>
79
80         Rubber stamped by Eric Seidel.
81
82         [CMAKE] Refactoring wtf related code.
83         https://bugs.webkit.org/show_bug.cgi?id=60146
84
85         Move wtf-files to Source/JavaScriptCore/wtf/CMakeLists.txt.
86
87         * CMakeLists.txt:
88         * CMakeListsEfl.txt:
89         * wtf/CMakeLists.txt:
90         * wtf/CMakeListsEfl.txt:
91
92 2011-05-22  Adam Barth  <abarth@webkit.org>
93
94         Enable strict PassOwnPtr for everyone.  I expect this patch will need
95         some followups to make the GTK and EFL bots green again.
96
97         * wtf/PassOwnPtr.h:
98
99 2011-05-20  Oliver Hunt  <oliver@apple.com>
100
101         Reviewed by Gavin Barraclough.
102
103         Reduce size of inline cache path of get_by_id on ARMv7
104         https://bugs.webkit.org/show_bug.cgi?id=61221
105
106         This reduces the code size of get_by_id by 20 bytes
107
108         * assembler/ARMv7Assembler.h:
109         (JSC::ARMv7Assembler::ldrCompact):
110         (JSC::ARMv7Assembler::repatchCompact):
111         (JSC::ARMv7Assembler::setUInt7ForLoad):
112         * assembler/MacroAssemblerARMv7.h:
113         (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):
114         * jit/JIT.h:
115
116 2011-05-20  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
117
118         Reviewed by Oliver Hunt.
119
120         Zombies should "live" forever
121         https://bugs.webkit.org/show_bug.cgi?id=61170
122
123         Reusing zombie cells could still hide garbage
124         collected cell related bugs.
125
126         * JavaScriptCore.pro:
127         * heap/MarkedBlock.cpp:
128         (JSC::MarkedBlock::clearMarks):
129         * heap/MarkedBlock.h:
130         * heap/MarkedSpace.cpp:
131         (JSC::MarkedSpace::destroy):
132         * runtime/JSCell.h:
133         (JSC::JSCell::JSValue::isZombie):
134         * runtime/JSZombie.h:
135         (JSC::JSZombie::~JSZombie):
136         * runtime/WriteBarrier.h:
137         (JSC::WriteBarrierBase::setWithoutWriteBarrier):
138
139 2011-05-20  Brady Eidson  <beidson@apple.com>
140
141         Reviewed by Sam Weinig.
142
143         <rdar://problem/9472883> and https://bugs.webkit.org/show_bug.cgi?id=61203
144         Horrendous bug in callOnMainThreadAndWait
145
146         * wtf/MainThread.cpp:
147         (WTF::dispatchFunctionsFromMainThread): Before signaling the background thread with the
148           syncFlag condition, reacquire the mutex first.
149
150 2011-05-20  Oliver Hunt  <oliver@apple.com>
151
152         Reviewed by Sam Weinig.
153
154         Remove unnecessary double->int conversion at the end of op_div
155         https://bugs.webkit.org/show_bug.cgi?id=61198
156
157         We don't attempt this conversion on 64bit, removing it actually speeds
158         up sunspider and v8 slightly, and it reduces code size.
159
160         * jit/JITArithmetic32_64.cpp:
161         (JSC::JIT::emit_op_div):
162
163 2011-05-19  Evan Martin  <evan@chromium.org>
164
165         Reviewed by Tony Chang.
166
167         [chromium] remove <(library) variable
168         https://bugs.webkit.org/show_bug.cgi?id=61158
169
170         This was for a build experiment; we can just use the correct value now.
171
172         * JavaScriptCore.gyp/JavaScriptCore.gyp:
173
174 2011-05-20  Oliver Hunt  <oliver@apple.com>
175
176         Reviewed by Sam Weinig.
177
178         Interpreter uses wrong bytecode offset for determining exception handler
179         https://bugs.webkit.org/show_bug.cgi?id=61191
180
181         The bytecode offset given for the returnPC from the JIT is
182         actually the offset for the start of the instruction triggering
183         the call, whereas in the interpreter it is the actual return
184         VPC.  This means if the next instruction following a call was
185         in an exception region we would incorrectly redirect to its
186         handler.  Long term we want to completely redo how exceptions
187         are handled anyway so the simplest and lowest risk fix here is
188         to simply subtract one from the return vPC so that we have an
189         offset in the triggering instruction.
190
191         It turns out this is caught by a couple of tests already.
192
193         * interpreter/Interpreter.cpp:
194         (JSC::Interpreter::unwindCallFrame):
195
196 2011-05-20  Xan Lopez  <xlopez@igalia.com>
197
198         Reviewed by Oliver Hunt.
199
200         JIT requires VM overcommit (particularly on x86-64), Linux does not by default support this without swap?
201         https://bugs.webkit.org/show_bug.cgi?id=42756
202
203         Use the MAP_NORESERVE flag for mmap on Linux to skip the kernel
204         check of the available memory. This should give us an
205         overcommit-like behavior in most systems, which is what we want.
206
207         * wtf/OSAllocatorPosix.cpp:
208         (WTF::OSAllocator::reserveAndCommit): pass MAP_NORSERVE to mmap.
209
210 2011-05-19  Gabor Loki  <loki@webkit.org>
211
212         Fix ARM build after r86919
213
214         * assembler/ARMAssembler.h:
215         (JSC::ARMAssembler::nop):
216
217 2011-05-19  Oliver Hunt  <oliver@apple.com>
218
219         Reviewed by Gavin Barraclough.
220
221         Randomise code starting location a little
222         https://bugs.webkit.org/show_bug.cgi?id=61161
223
224         Add a nop() function to the Assemblers so that we
225         can randomise code offsets slightly at no real cost.
226
227         * assembler/ARMAssembler.h:
228         (JSC::ARMAssembler::nop):
229         * assembler/ARMv7Assembler.h:
230         (JSC::ARMv7Assembler::nop):
231         * assembler/MacroAssemblerARM.h:
232         (JSC::MacroAssemblerARM::nop):
233         * assembler/MacroAssemblerARMv7.h:
234         (JSC::MacroAssemblerARMv7::nop):
235         * assembler/MacroAssemblerMIPS.h:
236         (JSC::MacroAssemblerMIPS::nop):
237         * assembler/MacroAssemblerSH4.h:
238         (JSC::MacroAssemblerSH4::nop):
239         * assembler/MacroAssemblerX86Common.h:
240         (JSC::MacroAssemblerX86Common::nop):
241         * assembler/X86Assembler.h:
242         (JSC::X86Assembler::nop):
243         * jit/JIT.cpp:
244         (JSC::JIT::JIT):
245         (JSC::JIT::privateCompile):
246         * jit/JIT.h:
247         * runtime/WeakRandom.h:
248         (JSC::WeakRandom::getUint32):
249
250 2011-05-19  Oliver Hunt  <oliver@apple.com>
251
252         Fix windows build.
253
254         * wtf/OSAllocatorWin.cpp:
255         (WTF::OSAllocator::reserveUncommitted):
256         (WTF::OSAllocator::reserveAndCommit):
257
258 2011-05-19  Oliver Hunt  <oliver@apple.com>
259
260         Reviewed by Gavin Barraclough.
261
262         Add guard pages to each end of the memory region used by the fixedvm allocator
263         https://bugs.webkit.org/show_bug.cgi?id=61150
264
265         Add mechanism to notify the OSAllocator that pages at either end of an
266         allocation should be considered guard pages.  Update PageReservation,
267         PageAllocation, etc to handle this.
268
269         * JavaScriptCore.exp:
270         * jit/ExecutableAllocatorFixedVMPool.cpp:
271         (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
272         * wtf/OSAllocator.h:
273         * wtf/OSAllocatorPosix.cpp:
274         (WTF::OSAllocator::reserveUncommitted):
275         (WTF::OSAllocator::reserveAndCommit):
276         * wtf/PageAllocation.h:
277         (WTF::PageAllocation::PageAllocation):
278         * wtf/PageAllocationAligned.h:
279         (WTF::PageAllocationAligned::PageAllocationAligned):
280         * wtf/PageBlock.h:
281         (WTF::PageBlock::PageBlock):
282         * wtf/PageReservation.h:
283         (WTF::PageReservation::reserve):
284         (WTF::PageReservation::reserveWithGuardPages):
285             Add a new function to make a reservation that will add guard
286             pages to the ends of an allocation.
287         (WTF::PageReservation::PageReservation):
288
289 2011-05-19  Oliver Hunt  <oliver@apple.com>
290
291         Reviewed by Geoffrey Garen.
292
293         Make Executables release their JIT code as soon as they become dead
294         https://bugs.webkit.org/show_bug.cgi?id=61134
295
296         Add an ability to clear an Executable's jit code without requiring
297         it to be destroyed, and then call that from a finalizer.
298
299         * heap/Weak.h:
300         (JSC::Weak::Weak):
301         (JSC::Weak::leak):
302         * jit/JITCode.h:
303         (JSC::JITCode::clear):
304         * runtime/Executable.cpp:
305         (JSC::ExecutableFinalizer::finalize):
306         (JSC::ExecutableBase::executableFinalizer):
307         * runtime/Executable.h:
308         (JSC::ExecutableBase::ExecutableBase):
309         (JSC::ExecutableBase::clearExecutableCode):
310
311 2011-05-19  Adam Roben  <aroben@apple.com>
312
313         Remove a redundant and broken data export
314
315         Data can't be exported from JavaScriptCore.dll by listing it in the .def file. The
316         JS_EXPORTDATA macro must be used instead. (In this case it was already being used, leading
317         to a linker warning about multiple definitions.)
318
319         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed JSGlobalData::s_info.
320
321 2011-05-18  Oliver Hunt  <oliver@apple.com>
322
323         Reviewed by Gavin Barraclough.
324
325         Some tests crashing in JSC::MarkStack::validateValue beneath ScriptController::clearWindowShell on SnowLeopard Intel Release (WebKit2 Tests)
326         https://bugs.webkit.org/show_bug.cgi?id=61064
327
328         Switch NonFinalObject to using WriteBarrier<> rather than WriteBarrierBase<>
329         for its inline storage.  This resolves the problem of GC occurring before
330         a subclass has initialised its anonymous storage.
331
332         * runtime/JSObject.h:
333
334 2011-05-18  Adam Barth  <abarth@webkit.org>
335
336         Reviewed by Sam Weinig.
337
338         Delete WTFURL
339         https://bugs.webkit.org/show_bug.cgi?id=61084
340
341         It's been a year and we've failed to complete this project.  It's time
342         to throw in the towel.
343
344         * JavaScriptCore.xcodeproj/project.pbxproj:
345         * wtf/url: Removed.
346         * wtf/url/api: Removed.
347         * wtf/url/api/ParsedURL.cpp: Removed.
348         * wtf/url/api/ParsedURL.h: Removed.
349         * wtf/url/api/URLString.h: Removed.
350         * wtf/url/src: Removed.
351         * wtf/url/src/RawURLBuffer.h: Removed.
352         * wtf/url/src/URLBuffer.h: Removed.
353         * wtf/url/src/URLCharacterTypes.cpp: Removed.
354         * wtf/url/src/URLCharacterTypes.h: Removed.
355         * wtf/url/src/URLComponent.h: Removed.
356         * wtf/url/src/URLEscape.cpp: Removed.
357         * wtf/url/src/URLEscape.h: Removed.
358         * wtf/url/src/URLParser.h: Removed.
359         * wtf/url/src/URLQueryCanonicalizer.h: Removed.
360         * wtf/url/src/URLSegments.cpp: Removed.
361         * wtf/url/src/URLSegments.h: Removed.
362         * wtf/url/wtfurl.gyp: Removed.
363
364 2011-05-18  Oliver Hunt  <oliver@apple.com>
365
366         Reviewed by Sam Weinig.
367
368         JSGlobalObject and some others do GC allocation during initialization, which can cause heap corruption
369         https://bugs.webkit.org/show_bug.cgi?id=61090
370
371         Remove the Structure-free JSGlobalObject constructor and instead always
372         pass the structure into the JSGlobalObject constructor.
373         Stop DebuggerActivation creating a new structure every time, and simply
374         use a single shared structure held by the GlobalData.
375
376         * API/JSContextRef.cpp:
377         * debugger/DebuggerActivation.cpp:
378         (JSC::DebuggerActivation::DebuggerActivation):
379         * jsc.cpp:
380         (GlobalObject::GlobalObject):
381         (functionRun):
382         (jscmain):
383         * runtime/JSGlobalData.cpp:
384         (JSC::JSGlobalData::JSGlobalData):
385         (JSC::JSGlobalData::clearBuiltinStructures):
386         * runtime/JSGlobalData.h:
387         * runtime/JSGlobalObject.h:
388
389 2011-05-18  Oliver Hunt  <oliver@apple.com>
390
391         Reviewed by Adam Roben.
392
393         Disable gc validation in release builds
394         https://bugs.webkit.org/show_bug.cgi?id=60680
395
396         Add back the NDEBUG check
397
398         * wtf/Platform.h:
399
400 2011-05-17  Geoffrey Garen  <ggaren@apple.com>
401
402         Rolled out attempts to fix EFL build because they're not enough -- the
403         build script needs to be fixed.
404
405         * runtime/BooleanPrototype.cpp:
406         * runtime/DateConstructor.cpp:
407         * runtime/ErrorPrototype.cpp:
408
409 2011-05-17  Geoffrey Garen  <ggaren@apple.com>
410
411         More attempts to work around the EFL build system being borken.
412
413         * runtime/DateConstructor.cpp:
414         * runtime/ErrorPrototype.cpp:
415
416 2011-05-17  Geoffrey Garen  <ggaren@apple.com>
417
418         Try to fix the EFL build.
419
420         * runtime/BooleanPrototype.cpp:
421
422 2011-05-16  Geoffrey Garen  <ggaren@apple.com>
423
424         Rolling back in r86653 with build fixed.
425
426         Reviewed by Gavin Barraclough and Oliver Hunt.
427
428         Global object initialization is expensive
429         https://bugs.webkit.org/show_bug.cgi?id=60933
430         
431         Changed a bunch of globals to allocate their properties lazily, and changed
432         the global object to allocate a bunch of its globals lazily.
433         
434         This reduces the footprint of a global object from 287 objects with 58
435         functions for 24K to 173 objects with 20 functions for 15K.
436
437         Large patch, but it's all mechanical.
438
439         * DerivedSources.make:
440         * JavaScriptCore.exp: Build!
441
442         * create_hash_table: Added a special case for fromCharCode, since it uses
443         a custom "thunk generator".
444
445         * heap/Heap.cpp:
446         (JSC::TypeCounter::operator()): Fixed a bug where the type counter would
447         overcount objects that were owned through more than one mechanism because
448         it was getting in the way of counting the results for this patch.
449
450         * interpreter/CallFrame.h:
451         (JSC::ExecState::arrayConstructorTable):
452         (JSC::ExecState::arrayPrototypeTable):
453         (JSC::ExecState::booleanPrototypeTable):
454         (JSC::ExecState::dateConstructorTable):
455         (JSC::ExecState::errorPrototypeTable):
456         (JSC::ExecState::globalObjectTable):
457         (JSC::ExecState::numberConstructorTable):
458         (JSC::ExecState::numberPrototypeTable):
459         (JSC::ExecState::objectPrototypeTable):
460         (JSC::ExecState::regExpPrototypeTable):
461         (JSC::ExecState::stringConstructorTable): Added new tables.
462
463         * runtime/ArrayConstructor.cpp:
464         (JSC::ArrayConstructor::ArrayConstructor):
465         (JSC::ArrayConstructor::getOwnPropertySlot):
466         (JSC::ArrayConstructor::getOwnPropertyDescriptor):
467         * runtime/ArrayConstructor.h:
468         (JSC::ArrayConstructor::createStructure):
469         * runtime/ArrayPrototype.cpp:
470         (JSC::ArrayPrototype::getOwnPropertySlot):
471         (JSC::ArrayPrototype::getOwnPropertyDescriptor):
472         * runtime/ArrayPrototype.h:
473         * runtime/BooleanPrototype.cpp:
474         (JSC::BooleanPrototype::BooleanPrototype):
475         (JSC::BooleanPrototype::getOwnPropertySlot):
476         (JSC::BooleanPrototype::getOwnPropertyDescriptor):
477         * runtime/BooleanPrototype.h:
478         (JSC::BooleanPrototype::createStructure):
479         * runtime/DateConstructor.cpp:
480         (JSC::DateConstructor::DateConstructor):
481         (JSC::DateConstructor::getOwnPropertySlot):
482         (JSC::DateConstructor::getOwnPropertyDescriptor):
483         * runtime/DateConstructor.h:
484         (JSC::DateConstructor::createStructure):
485         * runtime/ErrorPrototype.cpp:
486         (JSC::ErrorPrototype::ErrorPrototype):
487         (JSC::ErrorPrototype::getOwnPropertySlot):
488         (JSC::ErrorPrototype::getOwnPropertyDescriptor):
489         * runtime/ErrorPrototype.h:
490         (JSC::ErrorPrototype::createStructure): Standardized these objects
491         to use static tables for function properties.
492
493         * runtime/JSGlobalData.cpp:
494         (JSC::JSGlobalData::JSGlobalData):
495         (JSC::JSGlobalData::~JSGlobalData):
496         * runtime/JSGlobalData.h: Added new tables.
497
498         * runtime/JSGlobalObject.cpp:
499         (JSC::JSGlobalObject::reset):
500         (JSC::JSGlobalObject::addStaticGlobals):
501         (JSC::JSGlobalObject::getOwnPropertySlot):
502         (JSC::JSGlobalObject::getOwnPropertyDescriptor):
503         * runtime/JSGlobalObject.h:
504         * runtime/JSGlobalObjectFunctions.cpp:
505         * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
506         static table for its global functions. This required uninlining some
507         things to avoid a circular header dependency. However, those things
508         probably shouldn't have been inlined in the first place.
509         
510         Even more global object properties can be made lazy, but that requires
511         more in-depth changes.
512
513         * runtime/MathObject.cpp:
514         * runtime/NumberConstructor.cpp:
515         (JSC::NumberConstructor::getOwnPropertySlot):
516         (JSC::NumberConstructor::getOwnPropertyDescriptor):
517         * runtime/NumberPrototype.cpp:
518         (JSC::NumberPrototype::NumberPrototype):
519         (JSC::NumberPrototype::getOwnPropertySlot):
520         (JSC::NumberPrototype::getOwnPropertyDescriptor):
521         * runtime/NumberPrototype.h:
522         (JSC::NumberPrototype::createStructure):
523         * runtime/ObjectPrototype.cpp:
524         (JSC::ObjectPrototype::ObjectPrototype):
525         (JSC::ObjectPrototype::put):
526         (JSC::ObjectPrototype::getOwnPropertySlot):
527         (JSC::ObjectPrototype::getOwnPropertyDescriptor):
528         * runtime/ObjectPrototype.h:
529         (JSC::ObjectPrototype::createStructure):
530         * runtime/RegExpPrototype.cpp:
531         (JSC::RegExpPrototype::RegExpPrototype):
532         (JSC::RegExpPrototype::getOwnPropertySlot):
533         (JSC::RegExpPrototype::getOwnPropertyDescriptor):
534         * runtime/RegExpPrototype.h:
535         (JSC::RegExpPrototype::createStructure):
536         * runtime/StringConstructor.cpp:
537         (JSC::StringConstructor::StringConstructor):
538         (JSC::StringConstructor::getOwnPropertySlot):
539         (JSC::StringConstructor::getOwnPropertyDescriptor):
540         * runtime/StringConstructor.h:
541         (JSC::StringConstructor::createStructure): Standardized these objects
542         to use static tables for function properties.
543
544 2011-05-17  Sam Weinig  <sam@webkit.org>
545
546         Reviewed by Oliver Hunt.
547
548         JSGlobalContextRelease should not trigger a synchronous garbage collection
549         https://bugs.webkit.org/show_bug.cgi?id=60990
550
551         * API/JSContextRef.cpp:
552         Change synchronous call to collectAllGarbage to a call to trigger the
553         activityCallback.
554
555 2011-05-16  Oliver Hunt  <oliver@apple.com>
556
557         Reviewed by Gavin Barraclough.
558
559         Reduce code size for inline cache
560         https://bugs.webkit.org/show_bug.cgi?id=60942
561
562         This patch introduces the concept of a "compact" address that
563         allows individual architectures to control the maximum offset
564         used for the inline path of get_by_id.  This reduces the code
565         size of get_by_id by 3 bytes on x86 and x86_64 and slightly
566         improves performance on v8 tests.
567
568         * assembler/ARMAssembler.h:
569         (JSC::ARMAssembler::repatchCompact):
570         * assembler/ARMv7Assembler.h:
571         (JSC::ARMv7Assembler::repatchCompact):
572         * assembler/AbstractMacroAssembler.h:
573         (JSC::AbstractMacroAssembler::DataLabelCompact::DataLabelCompact):
574         (JSC::AbstractMacroAssembler::differenceBetween):
575         (JSC::AbstractMacroAssembler::repatchCompact):
576         * assembler/CodeLocation.h:
577         (JSC::CodeLocationDataLabelCompact::CodeLocationDataLabelCompact):
578         (JSC::CodeLocationCommon::dataLabelCompactAtOffset):
579         * assembler/LinkBuffer.h:
580         (JSC::LinkBuffer::locationOf):
581         * assembler/MIPSAssembler.h:
582         (JSC::MIPSAssembler::repatchCompact):
583         * assembler/MacroAssembler.h:
584         (JSC::MacroAssembler::loadPtrWithCompactAddressOffsetPatch):
585         * assembler/MacroAssemblerARM.h:
586         (JSC::MacroAssemblerARM::load32WithCompactAddressOffsetPatch):
587         * assembler/MacroAssemblerARMv7.h:
588         (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):
589         * assembler/MacroAssemblerMIPS.h:
590         (JSC::MacroAssemblerMIPS::load32WithCompactAddressOffsetPatch):
591         * assembler/MacroAssemblerSH4.h:
592         (JSC::MacroAssemblerSH4::load32WithAddressOffsetPatch):
593         * assembler/MacroAssemblerX86.h:
594         (JSC::MacroAssemblerX86::repatchCompact):
595         * assembler/MacroAssemblerX86Common.h:
596         (JSC::MacroAssemblerX86Common::loadCompactWithAddressOffsetPatch):
597         * assembler/MacroAssemblerX86_64.h:
598         (JSC::MacroAssemblerX86_64::loadPtrWithCompactAddressOffsetPatch):
599         * assembler/RepatchBuffer.h:
600         (JSC::RepatchBuffer::repatch):
601         * assembler/SH4Assembler.h:
602         (JSC::SH4Assembler::repatchCompact):
603         * assembler/X86Assembler.h:
604         (JSC::X86Assembler::movl_mr_disp8):
605         (JSC::X86Assembler::movq_mr_disp8):
606         (JSC::X86Assembler::repatchCompact):
607         (JSC::X86Assembler::setInt8):
608         (JSC::X86Assembler::X86InstructionFormatter::oneByteOp_disp8):
609         (JSC::X86Assembler::X86InstructionFormatter::oneByteOp64_disp8):
610         (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
611         * jit/JIT.h:
612         * jit/JITPropertyAccess.cpp:
613         (JSC::JIT::compileGetByIdHotPath):
614         (JSC::JIT::emit_op_put_by_id):
615         (JSC::JIT::patchGetByIdSelf):
616         * jit/JITPropertyAccess32_64.cpp:
617         (JSC::JIT::compileGetByIdHotPath):
618         (JSC::JIT::emit_op_put_by_id):
619         (JSC::JIT::patchGetByIdSelf):
620         * jit/JITStubs.cpp:
621         (JSC::JITThunks::tryCacheGetByID):
622
623 2011-05-16  Sheriff Bot  <webkit.review.bot@gmail.com>
624
625         Unreviewed, rolling out r86653.
626         http://trac.webkit.org/changeset/86653
627         https://bugs.webkit.org/show_bug.cgi?id=60944
628
629         "Caused regressions on Windows, OSX and EFL" (Requested by
630         yutak on #webkit).
631
632         * DerivedSources.make:
633         * DerivedSources.pro:
634         * GNUmakefile.am:
635         * GNUmakefile.list.am:
636         * JavaScriptCore.exp:
637         * JavaScriptCore.gypi:
638         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
639         * create_hash_table:
640         * heap/Heap.cpp:
641         (JSC::TypeCounter::operator()):
642         * interpreter/CallFrame.h:
643         (JSC::ExecState::arrayTable):
644         (JSC::ExecState::numberTable):
645         * runtime/ArrayConstructor.cpp:
646         (JSC::ArrayConstructor::ArrayConstructor):
647         * runtime/ArrayConstructor.h:
648         * runtime/ArrayPrototype.cpp:
649         (JSC::ArrayPrototype::getOwnPropertySlot):
650         (JSC::ArrayPrototype::getOwnPropertyDescriptor):
651         * runtime/ArrayPrototype.h:
652         * runtime/BooleanPrototype.cpp:
653         (JSC::BooleanPrototype::BooleanPrototype):
654         * runtime/BooleanPrototype.h:
655         * runtime/DateConstructor.cpp:
656         (JSC::DateConstructor::DateConstructor):
657         * runtime/DateConstructor.h:
658         * runtime/ErrorPrototype.cpp:
659         (JSC::ErrorPrototype::ErrorPrototype):
660         * runtime/ErrorPrototype.h:
661         * runtime/JSGlobalData.cpp:
662         (JSC::JSGlobalData::JSGlobalData):
663         (JSC::JSGlobalData::~JSGlobalData):
664         * runtime/JSGlobalData.h:
665         * runtime/JSGlobalObject.cpp:
666         (JSC::JSGlobalObject::reset):
667         * runtime/JSGlobalObject.h:
668         (JSC::JSGlobalObject::addStaticGlobals):
669         (JSC::JSGlobalObject::getOwnPropertySlot):
670         (JSC::JSGlobalObject::getOwnPropertyDescriptor):
671         * runtime/JSGlobalObjectFunctions.cpp:
672         (JSC::globalFuncJSCPrint):
673         * runtime/JSGlobalObjectFunctions.h:
674         * runtime/MathObject.cpp:
675         * runtime/NumberConstructor.cpp:
676         (JSC::NumberConstructor::getOwnPropertySlot):
677         (JSC::NumberConstructor::getOwnPropertyDescriptor):
678         * runtime/NumberPrototype.cpp:
679         (JSC::NumberPrototype::NumberPrototype):
680         * runtime/NumberPrototype.h:
681         * runtime/ObjectPrototype.cpp:
682         (JSC::ObjectPrototype::ObjectPrototype):
683         (JSC::ObjectPrototype::put):
684         (JSC::ObjectPrototype::getOwnPropertySlot):
685         * runtime/ObjectPrototype.h:
686         * runtime/RegExpPrototype.cpp:
687         (JSC::RegExpPrototype::RegExpPrototype):
688         * runtime/RegExpPrototype.h:
689         * runtime/StringConstructor.cpp:
690         (JSC::StringConstructor::StringConstructor):
691         * runtime/StringConstructor.h:
692
693 2011-05-16  Geoffrey Garen  <ggaren@apple.com>
694
695         Reviewed by Geoffrey Garen.
696
697         Global object initialization is expensive
698         https://bugs.webkit.org/show_bug.cgi?id=60933
699         
700         Changed a bunch of globals to allocate their properties lazily, and changed
701         the global object to allocate a bunch of its globals lazily.
702         
703         This reduces the footprint of a global object from 287 objects with 58
704         functions for 24K to 173 objects with 20 functions for 15K.
705
706         Large patch, but it's all mechanical.
707
708         * DerivedSources.make:
709         * JavaScriptCore.exp: Build!
710
711         * create_hash_table: Added a special case for fromCharCode, since it uses
712         a custom "thunk generator".
713
714         * heap/Heap.cpp:
715         (JSC::TypeCounter::operator()): Fixed a bug where the type counter would
716         overcount objects that were owned through more than one mechanism because
717         it was getting in the way of counting the results for this patch.
718
719         * interpreter/CallFrame.h:
720         (JSC::ExecState::arrayConstructorTable):
721         (JSC::ExecState::arrayPrototypeTable):
722         (JSC::ExecState::booleanPrototypeTable):
723         (JSC::ExecState::dateConstructorTable):
724         (JSC::ExecState::errorPrototypeTable):
725         (JSC::ExecState::globalObjectTable):
726         (JSC::ExecState::numberConstructorTable):
727         (JSC::ExecState::numberPrototypeTable):
728         (JSC::ExecState::objectPrototypeTable):
729         (JSC::ExecState::regExpPrototypeTable):
730         (JSC::ExecState::stringConstructorTable): Added new tables.
731
732         * runtime/ArrayConstructor.cpp:
733         (JSC::ArrayConstructor::ArrayConstructor):
734         (JSC::ArrayConstructor::getOwnPropertySlot):
735         (JSC::ArrayConstructor::getOwnPropertyDescriptor):
736         * runtime/ArrayConstructor.h:
737         (JSC::ArrayConstructor::createStructure):
738         * runtime/ArrayPrototype.cpp:
739         (JSC::ArrayPrototype::getOwnPropertySlot):
740         (JSC::ArrayPrototype::getOwnPropertyDescriptor):
741         * runtime/ArrayPrototype.h:
742         * runtime/BooleanPrototype.cpp:
743         (JSC::BooleanPrototype::BooleanPrototype):
744         (JSC::BooleanPrototype::getOwnPropertySlot):
745         (JSC::BooleanPrototype::getOwnPropertyDescriptor):
746         * runtime/BooleanPrototype.h:
747         (JSC::BooleanPrototype::createStructure):
748         * runtime/DateConstructor.cpp:
749         (JSC::DateConstructor::DateConstructor):
750         (JSC::DateConstructor::getOwnPropertySlot):
751         (JSC::DateConstructor::getOwnPropertyDescriptor):
752         * runtime/DateConstructor.h:
753         (JSC::DateConstructor::createStructure):
754         * runtime/ErrorPrototype.cpp:
755         (JSC::ErrorPrototype::ErrorPrototype):
756         (JSC::ErrorPrototype::getOwnPropertySlot):
757         (JSC::ErrorPrototype::getOwnPropertyDescriptor):
758         * runtime/ErrorPrototype.h:
759         (JSC::ErrorPrototype::createStructure): Standardized these objects
760         to use static tables for function properties.
761
762         * runtime/JSGlobalData.cpp:
763         (JSC::JSGlobalData::JSGlobalData):
764         (JSC::JSGlobalData::~JSGlobalData):
765         * runtime/JSGlobalData.h: Added new tables.
766
767         * runtime/JSGlobalObject.cpp:
768         (JSC::JSGlobalObject::reset):
769         (JSC::JSGlobalObject::addStaticGlobals):
770         (JSC::JSGlobalObject::getOwnPropertySlot):
771         (JSC::JSGlobalObject::getOwnPropertyDescriptor):
772         * runtime/JSGlobalObject.h:
773         * runtime/JSGlobalObjectFunctions.cpp:
774         * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
775         static table for its global functions. This required uninlining some
776         things to avoid a circular header dependency. However, those things
777         probably shouldn't have been inlined in the first place.
778         
779         Even more global object properties can be made lazy, but that requires
780         more in-depth changes.
781
782         * runtime/MathObject.cpp:
783         * runtime/NumberConstructor.cpp:
784         (JSC::NumberConstructor::getOwnPropertySlot):
785         (JSC::NumberConstructor::getOwnPropertyDescriptor):
786         * runtime/NumberPrototype.cpp:
787         (JSC::NumberPrototype::NumberPrototype):
788         (JSC::NumberPrototype::getOwnPropertySlot):
789         (JSC::NumberPrototype::getOwnPropertyDescriptor):
790         * runtime/NumberPrototype.h:
791         (JSC::NumberPrototype::createStructure):
792         * runtime/ObjectPrototype.cpp:
793         (JSC::ObjectPrototype::ObjectPrototype):
794         (JSC::ObjectPrototype::put):
795         (JSC::ObjectPrototype::getOwnPropertySlot):
796         (JSC::ObjectPrototype::getOwnPropertyDescriptor):
797         * runtime/ObjectPrototype.h:
798         (JSC::ObjectPrototype::createStructure):
799         * runtime/RegExpPrototype.cpp:
800         (JSC::RegExpPrototype::RegExpPrototype):
801         (JSC::RegExpPrototype::getOwnPropertySlot):
802         (JSC::RegExpPrototype::getOwnPropertyDescriptor):
803         * runtime/RegExpPrototype.h:
804         (JSC::RegExpPrototype::createStructure):
805         * runtime/StringConstructor.cpp:
806         (JSC::StringConstructor::StringConstructor):
807         (JSC::StringConstructor::getOwnPropertySlot):
808         (JSC::StringConstructor::getOwnPropertyDescriptor):
809         * runtime/StringConstructor.h:
810         (JSC::StringConstructor::createStructure): Standardized these objects
811         to use static tables for function properties.
812
813 2011-05-16  David Kilzer  <ddkilzer@apple.com>
814
815         <http://webkit.org/b/60913> C++ exceptions should not be enabled when building with llvm-gcc-4.2
816         <rdar://problem/9446430>
817
818         Reviewed by Mark Rowe.
819
820         * Configurations/Base.xcconfig: Fixed typo.
821
822 2011-05-16  Oliver Hunt  <oliver@apple.com>
823
824         Reviewed by Geoffrey Garen.
825
826         JSWeakObjectMap finalisation may occur while gc is in inconsistent state
827         https://bugs.webkit.org/show_bug.cgi?id=60908
828         <rdar://problem/9409491>
829
830         We need to ensure that we have called all the weak map finalizers while
831         the global object (and hence global context) is still in a consistent
832         state.  The best way to achieve this is to simply use a weak handle and
833         finalizer on the global object.
834
835         * JavaScriptCore.exp:
836         * runtime/JSGlobalObject.cpp:
837         (JSC::JSGlobalObject::WeakMapFinalizer::finalize):
838         * runtime/JSGlobalObject.h:
839         (JSC::JSGlobalObject::registerWeakMap):
840
841 2011-05-16  Siddharth Mathur  <siddharth.mathur@nokia.com>
842
843         Reviewed by Laszlo Gombos.
844
845         [Qt][WK2][Symbian] Shared memory implementation for Symbian
846         https://bugs.webkit.org/show_bug.cgi?id=55875
847
848         * wtf/Platform.h: Exclude Symbian OS from USE(UNIX_DOMAIN_SOCKETS) users
849
850 2011-05-16  Gavin Barraclough  <barraclough@apple.com>
851
852         Rubber stamped by Geoff Garen.
853
854         https://bugs.webkit.org/show_bug.cgi?id=60866
855         Evaluation order broken for empty alternatives in subpatterns
856
857         Reverting https://bugs.webkit.org/show_bug.cgi?id=51395
858
859         * yarr/YarrPattern.cpp:
860         (JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd):
861
862 2011-05-15  Gavin Barraclough  <barraclough@apple.com>
863
864         Reviewed by Geoff Garen & Michael Saboff.
865
866         https://bugs.webkit.org/show_bug.cgi?id=60860
867         Simplify backtracking in YARR JIT
868
869         YARR JIT currently performs a single pass of code generation over the pattern,
870         with special handling to allow the code generation for some backtracking code
871         out of line. We can simplify things by moving to a common mechanism whereby all
872         forwards matching code is generated in one pass, and all backtracking code is
873         generated in another. Backtracking code can be generated in reverse order, to
874         optimized the common fall-through case.
875
876         To make it easier to walk over the pattern, we can first convert to a more
877         byte-code like format before JIT generating. In time we should unify this with
878         the YARR interpreter to more closely unify the two.
879
880         * yarr/YarrJIT.cpp:
881         (JSC::Yarr::YarrGenerator::jumpIfNoAvailableInput):
882         (JSC::Yarr::YarrGenerator::YarrOp::YarrOp):
883         (JSC::Yarr::YarrGenerator::BacktrackingState::BacktrackingState):
884         (JSC::Yarr::YarrGenerator::BacktrackingState::append):
885         (JSC::Yarr::YarrGenerator::BacktrackingState::fallthrough):
886         (JSC::Yarr::YarrGenerator::BacktrackingState::link):
887         (JSC::Yarr::YarrGenerator::BacktrackingState::linkTo):
888         (JSC::Yarr::YarrGenerator::BacktrackingState::takeBacktracksToJumpList):
889         (JSC::Yarr::YarrGenerator::BacktrackingState::isEmpty):
890         (JSC::Yarr::YarrGenerator::BacktrackingState::linkDataLabels):
891         (JSC::Yarr::YarrGenerator::BacktrackingState::ReturnAddressRecord::ReturnAddressRecord):
892         (JSC::Yarr::YarrGenerator::generateAssertionBOL):
893         (JSC::Yarr::YarrGenerator::backtrackAssertionBOL):
894         (JSC::Yarr::YarrGenerator::generateAssertionEOL):
895         (JSC::Yarr::YarrGenerator::backtrackAssertionEOL):
896         (JSC::Yarr::YarrGenerator::matchAssertionWordchar):
897         (JSC::Yarr::YarrGenerator::generateAssertionWordBoundary):
898         (JSC::Yarr::YarrGenerator::backtrackAssertionWordBoundary):
899         (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
900         (JSC::Yarr::YarrGenerator::backtrackPatternCharacterOnce):
901         (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
902         (JSC::Yarr::YarrGenerator::backtrackPatternCharacterFixed):
903         (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
904         (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):
905         (JSC::Yarr::YarrGenerator::generatePatternCharacterNonGreedy):
906         (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
907         (JSC::Yarr::YarrGenerator::generateCharacterClassOnce):
908         (JSC::Yarr::YarrGenerator::backtrackCharacterClassOnce):
909         (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
910         (JSC::Yarr::YarrGenerator::backtrackCharacterClassFixed):
911         (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
912         (JSC::Yarr::YarrGenerator::backtrackCharacterClassGreedy):
913         (JSC::Yarr::YarrGenerator::generateCharacterClassNonGreedy):
914         (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
915         (JSC::Yarr::YarrGenerator::generateTerm):
916         (JSC::Yarr::YarrGenerator::backtrackTerm):
917         (JSC::Yarr::YarrGenerator::generate):
918         (JSC::Yarr::YarrGenerator::backtrack):
919         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
920         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
921         (JSC::Yarr::YarrGenerator::opCompileAlternative):
922         (JSC::Yarr::YarrGenerator::opCompileBody):
923         (JSC::Yarr::YarrGenerator::YarrGenerator):
924         (JSC::Yarr::YarrGenerator::compile):
925
926 2011-05-15  Adam Barth  <abarth@webkit.org>
927
928         Enable strict PassOwnPtr on Qt.  (Build fixes to follow.)
929
930         * wtf/PassOwnPtr.h:
931
932 2011-05-15  Geoffrey Garen  <ggaren@apple.com>
933
934         Reviewed by Maciej Stachowiak.
935
936         Partial fix for <rdar://problem/9417875> REGRESSION: SunSpider ~17% slower
937         in browser than on command line
938         
939         This patch fixes a few issues in generated code that could unreasonably
940         prolong object lifetimes.
941
942         * heap/Heap.cpp:
943         (JSC::Heap::collectAllGarbage): Throw away all function code before doing
944         a major collection. We want to clear polymorphic caches, since they can
945         keep alive large object graphs that have gone "stale". For the same reason,
946         but to a lesser extent, we also want to clear linked functions and other
947         one-off caches.
948
949         This has the side-benefit of reducing memory footprint from run-once
950         functions, and of allowing predictions and caches that have failed to
951         re-specialize.
952
953         Eventually, if compilation costs rise far enough, we may want a more
954         limited strategy for de-specializing code without throwing it away
955         completely, but this works for now, and it's the simplest solution.
956
957         * jit/JITStubs.cpp:
958         (JSC::JITThunks::hostFunctionStub):
959         * jit/JITStubs.h:
960         * runtime/JSFunction.cpp: Made the host function stub cache weak --
961         otherwise it's effectively a memory leak that can seriously fragment the
962         GC and JIT heaps.
963
964         (JSC::JSFunction::JSFunction):
965         (JSC::JSFunction::visitChildren): Cleared up some comments that confused
966         me when working with this code.
967
968 2011-05-13  Oliver Hunt  <oliver@apple.com>
969
970         Reviewed by Geoffrey Garen.
971
972         Make GC validation more aggressive
973         https://bugs.webkit.org/show_bug.cgi?id=60802
974
975         This patch makes the checks performed under GC_VALIDATION
976         much more aggressive, and adds the checks to more places
977         in order to allow us to catch GC bugs much closer to the
978         point of failure.
979
980         * JavaScriptCore.exp:
981         * JavaScriptCore.xcodeproj/project.pbxproj:
982         * debugger/DebuggerActivation.cpp:
983         (JSC::DebuggerActivation::visitChildren):
984         * heap/MarkedBlock.cpp:
985         (JSC::MarkedBlock::MarkedBlock):
986         * heap/MarkedSpace.cpp:
987         * runtime/Arguments.cpp:
988         (JSC::Arguments::visitChildren):
989         * runtime/Executable.cpp:
990         (JSC::EvalExecutable::visitChildren):
991         (JSC::ProgramExecutable::visitChildren):
992         (JSC::FunctionExecutable::visitChildren):
993         * runtime/Executable.h:
994         * runtime/GetterSetter.cpp:
995         (JSC::GetterSetter::visitChildren):
996         * runtime/GetterSetter.h:
997         * runtime/JSAPIValueWrapper.h:
998         (JSC::JSAPIValueWrapper::createStructure):
999         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
1000         * runtime/JSActivation.cpp:
1001         (JSC::JSActivation::visitChildren):
1002         * runtime/JSArray.cpp:
1003         (JSC::JSArray::visitChildren):
1004         * runtime/JSCell.cpp:
1005         (JSC::slowValidateCell):
1006         * runtime/JSCell.h:
1007         (JSC::JSCell::JSCell::unvalidatedStructure):
1008         (JSC::JSCell::JSCell::JSCell):
1009         * runtime/JSFunction.cpp:
1010         (JSC::JSFunction::visitChildren):
1011         * runtime/JSGlobalObject.cpp:
1012         (JSC::JSGlobalObject::visitChildren):
1013         (JSC::slowValidateCell):
1014         * runtime/JSONObject.h:
1015         * runtime/JSObject.cpp:
1016         (JSC::JSObject::visitChildren):
1017         * runtime/JSPropertyNameIterator.cpp:
1018         (JSC::JSPropertyNameIterator::visitChildren):
1019         * runtime/JSPropertyNameIterator.h:
1020         * runtime/JSStaticScopeObject.cpp:
1021         (JSC::JSStaticScopeObject::visitChildren):
1022         * runtime/JSString.h:
1023         (JSC::RopeBuilder::JSString):
1024         * runtime/JSWrapperObject.cpp:
1025         (JSC::JSWrapperObject::visitChildren):
1026         * runtime/NativeErrorConstructor.cpp:
1027         (JSC::NativeErrorConstructor::visitChildren):
1028         * runtime/PropertyMapHashTable.h:
1029         (JSC::PropertyMapEntry::PropertyMapEntry):
1030         * runtime/RegExpObject.cpp:
1031         (JSC::RegExpObject::visitChildren):
1032         * runtime/ScopeChain.cpp:
1033         (JSC::ScopeChainNode::visitChildren):
1034         * runtime/ScopeChain.h:
1035         (JSC::ScopeChainNode::ScopeChainNode):
1036         * runtime/Structure.cpp:
1037         (JSC::Structure::Structure):
1038         (JSC::Structure::addPropertyTransition):
1039         (JSC::Structure::visitChildren):
1040         * runtime/Structure.h:
1041         (JSC::JSCell::classInfo):
1042         * runtime/StructureChain.cpp:
1043         (JSC::StructureChain::visitChildren):
1044         * runtime/StructureChain.h:
1045         * runtime/WriteBarrier.h:
1046         (JSC::validateCell):
1047         (JSC::JSCell):
1048         (JSC::JSGlobalObject):
1049         (JSC::WriteBarrierBase::set):
1050         (JSC::WriteBarrierBase::setMayBeNull):
1051         (JSC::WriteBarrierBase::setEarlyValue):
1052         (JSC::WriteBarrierBase::get):
1053         (JSC::WriteBarrierBase::operator*):
1054         (JSC::WriteBarrierBase::operator->):
1055         (JSC::WriteBarrierBase::unvalidatedGet):
1056         (JSC::WriteBarrier::WriteBarrier):
1057         * wtf/Assertions.h:
1058
1059 2011-05-13  Oliver Hunt  <oliver@apple.com>
1060
1061         Reviewed by Geoffrey Garen.
1062
1063         Make GC validation more aggressive
1064         https://bugs.webkit.org/show_bug.cgi?id=60802
1065
1066         This patch makes the checks performed under GC_VALIDATION
1067         much more aggressive, and adds the checks to more places
1068         in order to allow us to catch GC bugs much closer to the
1069         point of failure.
1070
1071         * JavaScriptCore.exp:
1072         * JavaScriptCore.xcodeproj/project.pbxproj:
1073         * debugger/DebuggerActivation.cpp:
1074         (JSC::DebuggerActivation::visitChildren):
1075         * heap/MarkedBlock.cpp:
1076         (JSC::MarkedBlock::MarkedBlock):
1077         * heap/MarkedSpace.cpp:
1078         * runtime/Arguments.cpp:
1079         (JSC::Arguments::visitChildren):
1080         * runtime/Executable.cpp:
1081         (JSC::EvalExecutable::visitChildren):
1082         (JSC::ProgramExecutable::visitChildren):
1083         (JSC::FunctionExecutable::visitChildren):
1084         * runtime/Executable.h:
1085         * runtime/GetterSetter.cpp:
1086         (JSC::GetterSetter::visitChildren):
1087         * runtime/GetterSetter.h:
1088         * runtime/JSAPIValueWrapper.h:
1089         (JSC::JSAPIValueWrapper::createStructure):
1090         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
1091         * runtime/JSActivation.cpp:
1092         (JSC::JSActivation::visitChildren):
1093         * runtime/JSArray.cpp:
1094         (JSC::JSArray::visitChildren):
1095         * runtime/JSCell.cpp:
1096         (JSC::slowValidateCell):
1097         * runtime/JSCell.h:
1098         (JSC::JSCell::JSCell::unvalidatedStructure):
1099         (JSC::JSCell::JSCell::JSCell):
1100         * runtime/JSFunction.cpp:
1101         (JSC::JSFunction::visitChildren):
1102         * runtime/JSGlobalObject.cpp:
1103         (JSC::JSGlobalObject::visitChildren):
1104         (JSC::slowValidateCell):
1105         * runtime/JSONObject.h:
1106         * runtime/JSObject.cpp:
1107         (JSC::JSObject::visitChildren):
1108         * runtime/JSPropertyNameIterator.cpp:
1109         (JSC::JSPropertyNameIterator::visitChildren):
1110         * runtime/JSPropertyNameIterator.h:
1111         * runtime/JSStaticScopeObject.cpp:
1112         (JSC::JSStaticScopeObject::visitChildren):
1113         * runtime/JSString.h:
1114         (JSC::RopeBuilder::JSString):
1115         * runtime/JSWrapperObject.cpp:
1116         (JSC::JSWrapperObject::visitChildren):
1117         * runtime/NativeErrorConstructor.cpp:
1118         (JSC::NativeErrorConstructor::visitChildren):
1119         * runtime/PropertyMapHashTable.h:
1120         (JSC::PropertyMapEntry::PropertyMapEntry):
1121         * runtime/RegExpObject.cpp:
1122         (JSC::RegExpObject::visitChildren):
1123         * runtime/ScopeChain.cpp:
1124         (JSC::ScopeChainNode::visitChildren):
1125         * runtime/ScopeChain.h:
1126         (JSC::ScopeChainNode::ScopeChainNode):
1127         * runtime/Structure.cpp:
1128         (JSC::Structure::Structure):
1129         (JSC::Structure::addPropertyTransition):
1130         (JSC::Structure::visitChildren):
1131         * runtime/Structure.h:
1132         (JSC::JSCell::classInfo):
1133         * runtime/StructureChain.cpp:
1134         (JSC::StructureChain::visitChildren):
1135         * runtime/StructureChain.h:
1136         * runtime/WriteBarrier.h:
1137         (JSC::validateCell):
1138         (JSC::JSCell):
1139         (JSC::JSGlobalObject):
1140         (JSC::WriteBarrierBase::set):
1141         (JSC::WriteBarrierBase::setMayBeNull):
1142         (JSC::WriteBarrierBase::setEarlyValue):
1143         (JSC::WriteBarrierBase::get):
1144         (JSC::WriteBarrierBase::operator*):
1145         (JSC::WriteBarrierBase::operator->):
1146         (JSC::WriteBarrierBase::unvalidatedGet):
1147         (JSC::WriteBarrier::WriteBarrier):
1148         * wtf/Assertions.h:
1149
1150 2011-05-14  Csaba Osztrogonác  <ossy@webkit.org>
1151
1152         Unreviewed, rolling out r86469 and r86471, because they made hundreds tests crash on Qt.
1153
1154         Make GC validation more aggressive
1155         https://bugs.webkit.org/show_bug.cgi?id=60802
1156
1157         * JavaScriptCore.exp:
1158         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1159         * JavaScriptCore.xcodeproj/project.pbxproj:
1160         * debugger/DebuggerActivation.cpp:
1161         (JSC::DebuggerActivation::visitChildren):
1162         * heap/MarkedBlock.cpp:
1163         (JSC::MarkedBlock::MarkedBlock):
1164         * heap/MarkedSpace.cpp:
1165         * runtime/Arguments.cpp:
1166         (JSC::Arguments::visitChildren):
1167         * runtime/Executable.cpp:
1168         (JSC::EvalExecutable::visitChildren):
1169         (JSC::ProgramExecutable::visitChildren):
1170         (JSC::FunctionExecutable::visitChildren):
1171         * runtime/Executable.h:
1172         (JSC::ProgramExecutable::createStructure):
1173         (JSC::FunctionExecutable::createStructure):
1174         * runtime/GetterSetter.cpp:
1175         (JSC::GetterSetter::visitChildren):
1176         * runtime/GetterSetter.h:
1177         (JSC::GetterSetter::createStructure):
1178         * runtime/JSAPIValueWrapper.h:
1179         (JSC::JSAPIValueWrapper::createStructure):
1180         * runtime/JSActivation.cpp:
1181         (JSC::JSActivation::visitChildren):
1182         * runtime/JSArray.cpp:
1183         (JSC::JSArray::visitChildren):
1184         * runtime/JSCell.cpp:
1185         * runtime/JSCell.h:
1186         (JSC::JSCell::JSCell::JSCell):
1187         * runtime/JSFunction.cpp:
1188         (JSC::JSFunction::visitChildren):
1189         * runtime/JSGlobalObject.cpp:
1190         (JSC::JSGlobalObject::visitChildren):
1191         * runtime/JSONObject.h:
1192         (JSC::JSONObject::createStructure):
1193         * runtime/JSObject.cpp:
1194         (JSC::JSObject::visitChildren):
1195         * runtime/JSPropertyNameIterator.cpp:
1196         (JSC::JSPropertyNameIterator::visitChildren):
1197         * runtime/JSPropertyNameIterator.h:
1198         * runtime/JSStaticScopeObject.cpp:
1199         (JSC::JSStaticScopeObject::visitChildren):
1200         * runtime/JSString.h:
1201         (JSC::RopeBuilder::createStructure):
1202         * runtime/JSWrapperObject.cpp:
1203         (JSC::JSWrapperObject::visitChildren):
1204         * runtime/NativeErrorConstructor.cpp:
1205         (JSC::NativeErrorConstructor::visitChildren):
1206         * runtime/PropertyMapHashTable.h:
1207         (JSC::PropertyMapEntry::PropertyMapEntry):
1208         * runtime/RegExpObject.cpp:
1209         (JSC::RegExpObject::visitChildren):
1210         * runtime/ScopeChain.cpp:
1211         (JSC::ScopeChainNode::visitChildren):
1212         * runtime/ScopeChain.h:
1213         (JSC::ScopeChainNode::ScopeChainNode):
1214         * runtime/Structure.cpp:
1215         (JSC::Structure::Structure):
1216         (JSC::Structure::addPropertyTransition):
1217         (JSC::Structure::visitChildren):
1218         * runtime/Structure.h:
1219         (JSC::Structure::createStructure):
1220         (JSC::JSCell::classInfo):
1221         * runtime/StructureChain.cpp:
1222         (JSC::StructureChain::visitChildren):
1223         * runtime/StructureChain.h:
1224         * runtime/WriteBarrier.h:
1225         (JSC::WriteBarrierBase::set):
1226         (JSC::WriteBarrierBase::get):
1227         (JSC::WriteBarrierBase::operator*):
1228         (JSC::WriteBarrierBase::operator->):
1229         (JSC::WriteBarrier::WriteBarrier):
1230         * wtf/Assertions.h:
1231
1232 2011-05-13  Oliver Hunt  <oliver@apple.com>
1233
1234         Reviewed by Geoffrey Garen.
1235
1236         Make GC validation more aggressive
1237         https://bugs.webkit.org/show_bug.cgi?id=60802
1238
1239         This patch makes the checks performed under GC_VALIDATION
1240         much more aggressive, and adds the checks to more places
1241         in order to allow us to catch GC bugs much closer to the
1242         point of failure.
1243
1244         * JavaScriptCore.exp:
1245         * JavaScriptCore.xcodeproj/project.pbxproj:
1246         * debugger/DebuggerActivation.cpp:
1247         (JSC::DebuggerActivation::visitChildren):
1248         * heap/MarkedBlock.cpp:
1249         (JSC::MarkedBlock::MarkedBlock):
1250         * heap/MarkedSpace.cpp:
1251         * runtime/Arguments.cpp:
1252         (JSC::Arguments::visitChildren):
1253         * runtime/Executable.cpp:
1254         (JSC::EvalExecutable::visitChildren):
1255         (JSC::ProgramExecutable::visitChildren):
1256         (JSC::FunctionExecutable::visitChildren):
1257         * runtime/Executable.h:
1258         * runtime/GetterSetter.cpp:
1259         (JSC::GetterSetter::visitChildren):
1260         * runtime/GetterSetter.h:
1261         * runtime/JSAPIValueWrapper.h:
1262         (JSC::JSAPIValueWrapper::createStructure):
1263         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
1264         * runtime/JSActivation.cpp:
1265         (JSC::JSActivation::visitChildren):
1266         * runtime/JSArray.cpp:
1267         (JSC::JSArray::visitChildren):
1268         * runtime/JSCell.cpp:
1269         (JSC::slowValidateCell):
1270         * runtime/JSCell.h:
1271         (JSC::JSCell::JSCell::unvalidatedStructure):
1272         (JSC::JSCell::JSCell::JSCell):
1273         * runtime/JSFunction.cpp:
1274         (JSC::JSFunction::visitChildren):
1275         * runtime/JSGlobalObject.cpp:
1276         (JSC::JSGlobalObject::visitChildren):
1277         (JSC::slowValidateCell):
1278         * runtime/JSONObject.h:
1279         * runtime/JSObject.cpp:
1280         (JSC::JSObject::visitChildren):
1281         * runtime/JSPropertyNameIterator.cpp:
1282         (JSC::JSPropertyNameIterator::visitChildren):
1283         * runtime/JSPropertyNameIterator.h:
1284         * runtime/JSStaticScopeObject.cpp:
1285         (JSC::JSStaticScopeObject::visitChildren):
1286         * runtime/JSString.h:
1287         (JSC::RopeBuilder::JSString):
1288         * runtime/JSWrapperObject.cpp:
1289         (JSC::JSWrapperObject::visitChildren):
1290         * runtime/NativeErrorConstructor.cpp:
1291         (JSC::NativeErrorConstructor::visitChildren):
1292         * runtime/PropertyMapHashTable.h:
1293         (JSC::PropertyMapEntry::PropertyMapEntry):
1294         * runtime/RegExpObject.cpp:
1295         (JSC::RegExpObject::visitChildren):
1296         * runtime/ScopeChain.cpp:
1297         (JSC::ScopeChainNode::visitChildren):
1298         * runtime/ScopeChain.h:
1299         (JSC::ScopeChainNode::ScopeChainNode):
1300         * runtime/Structure.cpp:
1301         (JSC::Structure::Structure):
1302         (JSC::Structure::addPropertyTransition):
1303         (JSC::Structure::visitChildren):
1304         * runtime/Structure.h:
1305         (JSC::JSCell::classInfo):
1306         * runtime/StructureChain.cpp:
1307         (JSC::StructureChain::visitChildren):
1308         * runtime/StructureChain.h:
1309         * runtime/WriteBarrier.h:
1310         (JSC::validateCell):
1311         (JSC::JSCell):
1312         (JSC::JSGlobalObject):
1313         (JSC::WriteBarrierBase::set):
1314         (JSC::WriteBarrierBase::setMayBeNull):
1315         (JSC::WriteBarrierBase::setEarlyValue):
1316         (JSC::WriteBarrierBase::get):
1317         (JSC::WriteBarrierBase::operator*):
1318         (JSC::WriteBarrierBase::operator->):
1319         (JSC::WriteBarrierBase::unvalidatedGet):
1320         (JSC::WriteBarrier::WriteBarrier):
1321         * wtf/Assertions.h:
1322
1323 2011-05-01  Holger Hans Peter Freyther  <holger@moiji-mobile.com>
1324
1325         Reviewed by Steve Block.
1326
1327         [android] OS(ANDROID) does not imply PLATFORM(ANDROID)
1328         https://bugs.webkit.org/show_bug.cgi?id=59888
1329
1330         It is possible to build QtWebKit and others for OS(ANDROID). Let
1331         the buildsystem decide which platform is to be build.
1332
1333         * wtf/Platform.h:
1334
1335 2011-05-12  Maciej Stachowiak  <mjs@apple.com>
1336
1337         Reviewed by Darin Adler.
1338
1339         XMLDocumentParserLibxml2 should play nice with strict OwnPtrs
1340         https://bugs.webkit.org/show_bug.cgi?id=59394
1341
1342         This portion of the change introduces a PassTraits template, which
1343         is used to enable takeFirst() to work for a Deque holding OwnPtrs,
1344         and optimize it for a Deque holding RefPtrs. In the future it can
1345         be deployed elsewhere to make our data structures work better with
1346         our smart pointers.
1347
1348         * GNUmakefile.list.am:
1349         * JavaScriptCore.gypi:
1350         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
1351         * JavaScriptCore.xcodeproj/project.pbxproj:
1352         * wtf/CMakeLists.txt:
1353         * wtf/Deque.h:
1354         (WTF::::takeFirst):
1355         * wtf/PassTraits.h: Added.
1356         (WTF::PassTraits::transfer):
1357
1358 2011-05-12  Nikolas Zimmermann  <nzimmermann@rim.com>
1359
1360         Not reviewed.
1361
1362         Revert r86334, it broke the win build. WinCE build is fixed even without this patch. WinCairo remains broken atm, everything else works.
1363
1364         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1365
1366 2011-05-12  Nikolas Zimmermann  <nzimmermann@rim.com>
1367
1368         Not reviewed.
1369
1370         String operator+ reallocates unnecessarily when concatting > 2 strings
1371         https://bugs.webkit.org/show_bug.cgi?id=58420
1372
1373         Try to fix WinCE/WinCairo linking by exporting three symbols, not sure whether it's correct though. Win worked just fine before.
1374
1375         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1376
1377 2011-05-12  Nikolas Zimmermann  <nzimmermann@rim.com>
1378
1379         Reviewed by Darin Adler.
1380
1381         String operator+ reallocates unnecessarily when concatting > 2 strings
1382         https://bugs.webkit.org/show_bug.cgi?id=58420
1383
1384         Provide a faster String append operator.
1385         Up until now, "String operator+(const String& a, const String& b)" copied String a into a temporary
1386         object, and used a.append(b), which reallocates a new buffer of aLength+bLength. When concatting
1387         N strings using operator+, this leads to N-1 reallocations.
1388
1389         Replace this with a flexible operator+ implementation, that avoids these reallocations.
1390         When concatting a 'String' with any string type (char*, UChar, Vector<char>, String, AtomicString, etc..)
1391         a StringAppend<String, T> object is created, which holds the intermediate string objects, and delays
1392         creation of the final string, until operator String() is invoked.
1393
1394         template<typename T>
1395         StringAppend<String, T> operator+(const String& string1, T string2)
1396         {
1397             return StringAppend<String, T>(string1, string2);
1398         }
1399
1400         template<typename U, typename V, typename W>
1401         StringAppend<U, StringAppend<V, W> > operator+(U string1, const StringAppend<V, W>& string2)
1402         {
1403             return StringAppend<U, StringAppend<V, W> >(string1, string2);
1404         }
1405
1406         When concatting three strings - "String a, b, c; String result = a + b + c;" following happens:
1407         first a StringAppend<String, String> object is created by operator+(const String& string1, String string2).
1408         Then operator+(String string1, const StringAppend<String, String>& string2) is invoked, which returns
1409         a StringAppend<String, StringAppend<String, String> > object.
1410         Then operator String() is invoked, which allocates a StringImpl object, once, large enough to hold the
1411         final string - it uses tryMakeString provided by StringConcatenate.h under the hoods, which guards us
1412         against too big string allocations, etc.
1413
1414         Note that the second template, defines a recursive way to concat an arbitary number of strings
1415         into a single String with just one allocation.
1416
1417         * GNUmakefile.list.am: Add StringOperators.h to build.
1418         * JavaScriptCore.exp: Export WTF::emptyString(). Remove no longer needed symbols.
1419         * JavaScriptCore.gypi: Add StringOperators.h to build.
1420         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
1421         * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
1422         * wtf/text/AtomicString.h: Pull in StringConcatenate.h at the end of the file.
1423         * wtf/text/StringConcatenate.h: Conditionally include AtomicString.h to avoid a cyclic dependency. Pull in StringOperators.h at the end of the file.
1424         * wtf/text/StringOperators.h: Added. This is never meant to be included directly, including either WTFString.h or AtomicString.h automatically pulls in this file.
1425         (WTF::StringAppend::StringAppend):
1426         (WTF::StringAppend::operator String):
1427         (WTF::StringAppend::operator AtomicString):
1428         (WTF::StringAppend::writeTo):
1429         (WTF::StringAppend::length):
1430         (WTF::operator+):
1431         * wtf/text/WTFString.cpp: Remove operator+ implementations that use String::append(). 
1432         (WTF::emptyString): Add new shared empty string free function.
1433         * wtf/text/WTFString.h: Replace operator+ implementations by StringAppend template solution. Pull in AtomicString.h at the end of the file.
1434
1435 2011-05-12  Philippe Normand  <pnormand@igalia.com>
1436
1437         Unreviewed, GTK build fix.
1438
1439         * wtf/Platform.h:
1440
1441 2011-05-12  Keith Kyzivat  <keith.kyzivat@nokia.com>
1442
1443         Reviewed by Csaba Osztrogonác.
1444
1445         [Qt] Arm debug build failing on ARMAssembler::debugOffset()
1446         https://bugs.webkit.org/show_bug.cgi?id=60688
1447
1448         Related to svn rev 85523
1449
1450         * assembler/ARMAssembler.h:
1451         (JSC::ARMAssembler::debugOffset):
1452
1453 2011-05-11  Igor Oliveira  <igor.oliveira@openbossa.org>
1454
1455         Reviewed by Eric Seidel.
1456
1457         WebKit does not build with GCCE
1458         https://bugs.webkit.org/show_bug.cgi?id=60667
1459
1460         Allow compile WebKit with GCCE
1461
1462         * wtf/Alignment.h:
1463         * wtf/Platform.h:
1464
1465 2011-05-11  Adam Barth  <abarth@webkit.org>
1466
1467         Reviewed by Eric Seidel.
1468
1469         Enable strict PassOwnPtr on Mac
1470         https://bugs.webkit.org/show_bug.cgi?id=60684
1471
1472         This should build cleanly now.
1473
1474         * wtf/PassOwnPtr.h:
1475
1476 2011-05-11  Oliver Hunt  <oliver@apple.com>
1477
1478         Reviewed by Darin Adler.
1479
1480         Protect JSC from WebCore executing JS during JS wrapper finalization
1481         https://bugs.webkit.org/show_bug.cgi?id=60672
1482         <rdar://problem/9350997>
1483
1484         Detect when we're trying to execute JS during GC and prevent the
1485         execution from happening.  We also assert that this isn't happening
1486         as it implies incorrect behaviour of an object's destructor.
1487
1488         * JavaScriptCore.exp:
1489         * heap/Heap.cpp:
1490         * heap/Heap.h:
1491         (JSC::Heap::isBusy):
1492         * interpreter/Interpreter.cpp:
1493         (JSC::Interpreter::execute):
1494         (JSC::Interpreter::executeCall):
1495         (JSC::Interpreter::executeConstruct):
1496         * runtime/JSGlobalData.h:
1497         (JSC::JSGlobalData::isCollectorBusy):
1498
1499 2011-05-11  Oliver Hunt  <oliver@apple.com>
1500
1501         Reviewed by Gavin Barraclough.
1502
1503         Enable gc mark validation in temporarily in release builds
1504         https://bugs.webkit.org/show_bug.cgi?id=60678
1505
1506         Make it easier to turn the gc mark validation on and off, and
1507         temporarily turn it on for all builds.
1508
1509         * heap/MarkStack.cpp:
1510         * heap/MarkStack.h:
1511         (JSC::MarkStack::append):
1512         (JSC::MarkStack::internalAppend):
1513         * runtime/WriteBarrier.h:
1514         (JSC::MarkStack::appendValues):
1515         * wtf/Platform.h:
1516
1517 2011-05-11  Geoffrey Garen  <ggaren@apple.com>
1518
1519         Reviewed by Oliver Hunt.
1520
1521         <rdar://problem/9331651> REGRESSION: RPRVT grows by 1MB / sec @ dvd2blu.com
1522         
1523         SunSpider reports no change.
1524
1525         This bug was caused by changing Structure and Executable to being GC
1526         objects, and by a long-standing bug that would thrash the global object
1527         between dictionary and non-dictionary states.
1528
1529         * runtime/BatchedTransitionOptimizer.h:
1530         (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer): Don't
1531         eagerly transition to dictionary -- this can cause pathological dictionary
1532         churn, and it's not necessary, since objects know how to automatically
1533         transition to dictionary when necessary.
1534
1535         * runtime/Executable.cpp:
1536         (JSC::EvalExecutable::compileInternal):
1537         (JSC::ProgramExecutable::compileInternal):
1538         (JSC::FunctionExecutable::compileForCallInternal):
1539         (JSC::FunctionExecutable::compileForConstructInternal): Be sure to report
1540         extra cost from compilation, because it can be quite high. This is especially
1541         important for program code, since DOM timers can repeatedly allocate
1542         program code without allocating any other objects.
1543
1544         * runtime/JSObject.cpp:
1545         (JSC::JSObject::removeDirect): Don't transition to the uncacheable state
1546         if the thing we're trying to remove doesn't exist. This can happen during
1547         compilation, since the compiler needs to ensure that no pre-existing
1548         conflicting definitions exist for certain declarations.
1549
1550 2011-05-11  Oliver Hunt  <oliver@apple.com>
1551
1552         Reviewed by Gavin Barraclough.
1553
1554         Make mark stack validation functions do something useful in a release build
1555         https://bugs.webkit.org/show_bug.cgi?id=60645
1556
1557         Turn ASSERTs into actual if(...) CRASH(); statements.
1558
1559         * heap/MarkStack.cpp:
1560         (JSC::MarkStack::validateValue):
1561
1562 2011-05-11  Xan Lopez  <xlopez@igalia.com>
1563
1564         Reviewed by Martin Robinson.
1565
1566         Fix copy&paste error in comment.
1567
1568         * jit/JITPropertyAccess.cpp:
1569         (JSC::JIT::stringGetByValStubGenerator): the value is stored in
1570         regT2, not regT1.
1571
1572 2011-05-11  Adam Roben  <aroben@apple.com>
1573
1574         WinCE build fixes for strict PassOwnPtr
1575
1576         * wtf/unicode/CollatorDefault.cpp:
1577         (WTF::Collator::userDefault): Use adoptPtr.
1578
1579 2011-05-11  Holger Hans Peter Freyther  <holger@moiji-mobile.com>
1580
1581         Unreviewed build fix.
1582
1583         [MIPS] Fix compilation of the MIPS JIT
1584
1585         Include the MIPSAssembler.h first to indirectly include
1586         AssemblerBuffer.h before the AbstractMacroAssembler.h. This
1587         order is used for the ARM and X86 MacroAssembler*.h
1588
1589         * assembler/MacroAssemblerMIPS.h:
1590
1591 2011-05-11  Adam Roben  <aroben@apple.com>
1592
1593         Turn on strict PassOwnPtr on Windows
1594
1595         Fixes <http://webkit.org/b/60632> Windows should build with strict PassOwnPtr enabled
1596
1597         Reviewed by Adam Barth.
1598
1599         * wtf/PassOwnPtr.h:
1600
1601 2011-05-10  Stephanie Lewis  <slewis@apple.com>
1602
1603         Unreviewed.
1604
1605         Revert accidental JavaScriptCore change in http://trac.webkit.org/changeset/86130
1606
1607         * Configurations/JavaScriptCore.xcconfig:
1608
1609 2011-05-10  Adam Barth  <abarth@webkit.org>
1610
1611         Reviewed by David Levin.
1612
1613         Enable strict PassOwnPtr on Chromium
1614         https://bugs.webkit.org/show_bug.cgi?id=60502
1615
1616         Other platforms to follow.
1617
1618         * wtf/PassOwnPtr.h:
1619
1620 2011-05-10  Geoffrey Garen  <ggaren@apple.com>
1621
1622         Reviewed by Darin Adler.
1623
1624         Fixed up some #include dependencies so the WriteBarrier class can actually call Heap::writeBarrier
1625         https://bugs.webkit.org/show_bug.cgi?id=60532
1626
1627         * GNUmakefile.list.am:
1628         * JavaScriptCore.gypi:
1629         * JavaScriptCore.xcodeproj/project.pbxproj: Build!
1630
1631         * heap/Handle.h: Moved HandleTypes to its own header because that's the
1632         WebKit style, and it was necessary to resolve a circular dependency
1633         between Handle.h and WriteBarrier.h.
1634
1635         * heap/Heap.h:
1636         (JSC::Heap::writeBarrier): Added an inline no-op writeBarrier(), to
1637         verify that all the code is in the right place.
1638
1639         * heap/MarkStack.h: Moved WriteBarrier operations to WriteBarrier.h to
1640         resolve a circular dependency.
1641
1642         * runtime/ArgList.h:
1643         * runtime/JSCell.h: #include WriteBarrier.h since we don't get it for
1644         free anymore.
1645
1646         * runtime/PropertyMapHashTable.h:
1647         (JSC::PropertyTable::PropertyTable): Call the real writeBarrier()
1648         function, now that it exists.
1649
1650         * runtime/SmallStrings.h: Removed a stray #include to resolve a circular
1651         dependency.
1652
1653         * runtime/WriteBarrier.h:
1654         (JSC::WriteBarrierBase::set):
1655         (JSC::MarkStack::append):
1656         (JSC::MarkStack::appendValues): Updated to match the changes above.
1657
1658 2011-05-10  Oliver Hunt  <oliver@apple.com>
1659
1660         Build fix.
1661
1662         * heap/MarkStack.cpp:
1663         (JSC::MarkStack::validateValue):
1664
1665 2011-05-10  Oliver Hunt  <oliver@apple.com>
1666
1667         Reviewed by Gavin Barraclough.
1668
1669         Add some aggressive GC validation to debug builds.
1670         https://bugs.webkit.org/show_bug.cgi?id=60601
1671
1672         When assertions are enabled we now do some validity checking
1673         of objects being added to the mark stack.
1674
1675         * bytecode/Instruction.h:
1676         (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::PolymorphicStubInfo):
1677         (JSC::PolymorphicAccessStructureList::visitAggregate):
1678         * heap/MarkStack.cpp:
1679         (JSC::MarkStack::validateSet):
1680         (JSC::MarkStack::validateValue):
1681         * heap/MarkStack.h:
1682         (JSC::MarkStack::appendValues):
1683         (JSC::MarkStack::append):
1684         (JSC::MarkStack::internalAppend):
1685
1686 2011-05-09  Darin Adler  <darin@apple.com>
1687
1688         Reviewed by Oliver Hunt.
1689
1690         http://bugs.webkit.org/show_bug.cgi?id=60509
1691         Wrong type used for return value from strlen
1692
1693         * wtf/FastMalloc.cpp:
1694         (WTF::fastStrDup): Use size_t. Also don't bother checking for failure since
1695         fastMalloc won't return if it fails.
1696
1697 2011-05-09  Adam Barth  <abarth@webkit.org>
1698
1699         Reviewed by Eric Seidel.
1700
1701         CSP should block Function constructor
1702         https://bugs.webkit.org/show_bug.cgi?id=60240
1703
1704         When eval is disabled, we need to block the use of the function
1705         constructor.  However, the WebCore JSC bindings call the function
1706         constructor directly to create inline event listeners.  To support that
1707         use, this patch adds an entrypoint that bypasses the check for whether
1708         eval is enabled.
1709
1710         * JavaScriptCore.exp:
1711         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1712         * runtime/FunctionConstructor.cpp:
1713         (JSC::constructFunction):
1714         (JSC::constructFunctionSkippingEvalEnabledCheck):
1715         * runtime/FunctionConstructor.h:
1716
1717 2011-05-09  Adam Roben  <aroben@apple.com>
1718
1719         Automatically touch WebKit.idl whenever any other WebKit1 IDL file changes
1720
1721         Fixes <http://webkit.org/b/60468> WebKit.idl needs to be manually touched whenever any other
1722         WebKit1 IDL file changes to avoid build errors
1723
1724         Reviewed by Tim Hatcher.
1725
1726         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
1727         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
1728         Updated for script rename.
1729
1730         * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py: Removed.
1731         * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Renamed
1732         from react-to-vsprops-changes.py.
1733         (top level): Moved a constant here from main.
1734         (main): Moved most code from here to react_to_vsprops_changes. Added a call to the new
1735         react_to_webkit1_interface_changes function.
1736         (react_to_vsprops_changes): Moved code here from main. Updated to use the
1737         TOP_LEVEL_DIRECTORY global. Moved some code from here to mtime_of_newest_file_matching_globa
1738         and touch_if_older_than.
1739         (react_to_webkit1_interface_changes): Added. Touches WebKit.idl if any other WebKit1 IDL
1740         file has changed.
1741         (mtime_of_newest_file_matching_glob): Added. Code came from main.
1742         (touch_if_older_than): Added. Code came from main.
1743
1744 2011-05-08  Jessie Berlin  <jberlin@apple.com>
1745
1746         Reviewed by Dan Bernstein.
1747
1748         Make JSRetainPtr work with JSGlobalContextRefs.
1749         https://bugs.webkit.org/show_bug.cgi?id=60452
1750
1751         Add specialized functions for JSRetain and JSRelease when dealing with JSGlobalContextRefs.
1752
1753         * API/JSRetainPtr.h:
1754         (JSRetain):
1755         (JSRelease):
1756
1757 2011-05-07  Dawit Alemayehu  <adawit@kde.org>
1758
1759         Reviewed by Daniel Bates.
1760
1761         Fix compile with GCC 4.6.0
1762         https://bugs.webkit.org/show_bug.cgi?id=60380
1763
1764         Remove unused local variable from code.
1765
1766         * runtime/StringPrototype.cpp:
1767         (JSC::stringProtoFuncMatch):
1768
1769 2011-05-06  Alexis Menard  <alexis.menard@openbossa.org>
1770
1771         Unreviewed build fix with gcc 4.6.0 on linux and c++0x support.
1772
1773         std::tr1::has_trivial_constructor is in <tr1/memory>.
1774
1775         * wtf/TypeTraits.h:
1776
1777 2011-05-05  Jay Civelli  <jcivelli@chromium.org>
1778
1779         Reviewed by Adam Barth.
1780
1781         Added convenience methods to convert from a byte to hex ASCII digit
1782         characters and vice-versa.
1783         https://bugs.webkit.org/show_bug.cgi?id=59834
1784
1785         * wtf/ASCIICType.h:
1786         (WTF::toASCIIHexValue):
1787         (WTF::lowerNibbleToASCIIHexDigit):
1788         (WTF::upperNibbleToASCIIHexDigit):
1789
1790 2011-05-05  Alexis Menard  <alexis.menard@openbossa.org>
1791
1792         Reviewed by Benjamin Poulain.
1793
1794         [Qt] Make QtWebKit build when using gcc 4.6.0
1795         https://bugs.webkit.org/show_bug.cgi?id=60265
1796
1797         If QtWebKit is compiled with gcc 4.6.0 or later we don't want to deactivate
1798         the c++0x support because it works.
1799
1800         * JavaScriptCore.pro:
1801
1802 2011-05-04  Fridrich Strba  <fridrich.strba@bluewin.ch>
1803
1804         Reviewed by Geoffrey Garen.
1805
1806         Port MachineStackMarker.cpp to Windows x64
1807         https://bugs.webkit.org/show_bug.cgi?id=60216
1808
1809         * heap/MachineStackMarker.cpp:
1810         (JSC::getPlatformThreadRegisters): the CONTEXT struct is usable also
1811         on 64-bit Windows.
1812         (JSC::otherThreadStackPointer): return the Rsp register on Windows x64.
1813
1814 2011-05-04  Fridrich Strba  <fridrich.strba@bluewin.ch>
1815
1816         Reviewed by Martin Robinson.
1817
1818         Link libjavascriptcoregtk on Windows with winmm.dll
1819         https://bugs.webkit.org/show_bug.cgi?id=60215
1820
1821         * GNUmakefile.am:
1822
1823 2011-05-04  Tao Bai  <michaelbai@chromium.org>
1824
1825         Reviewed by David Kilzer.
1826
1827         Populate touch-icon url to FrameLoaderClient
1828         https://bugs.webkit.org/show_bug.cgi?id=59143
1829
1830         * Configurations/FeatureDefines.xcconfig:
1831
1832 2011-05-03  Geoffrey Garen  <ggaren@apple.com>
1833
1834         Reviewed by Darin Adler.
1835
1836         <rdar://problem/9366557> Various crashes due to bad DFG codegen at canalplus.fr
1837
1838         * dfg/DFGSpeculativeJIT.cpp:
1839         (JSC::DFG::SpeculativeJIT::checkArgumentTypes): Removed a stray line of
1840         code that accidentally survived the conversion to a switch statement,
1841         causing a lot of important code not to run most of the time.
1842
1843         Since this is not a trivial finger-picking mistake, I will not call it a
1844         typo.
1845
1846 2011-05-04  Adam Roben  <aroben@apple.com>
1847
1848         Another attempted build fix
1849
1850         * wtf/OwnPtr.h:
1851         (WTF::OwnPtr::operator==):
1852         (WTF::OwnPtr::operator!=):
1853         * wtf/PassOwnPtr.h:
1854         (WTF::PassOwnPtr::operator==):
1855         (WTF::PassOwnPtr::operator!=):
1856         Added a return statement. And made a tweak based on a suggestion from Anders Carlsson.
1857
1858 2011-05-04  Adam Roben  <aroben@apple.com>
1859
1860         Try to fix Leopard, Qt, and probably others
1861
1862         * wtf/OwnPtr.h:
1863         (WTF::OwnPtr::operator==):
1864         (WTF::OwnPtr::operator!=):
1865         * wtf/PassOwnPtr.h:
1866         (WTF::PassOwnPtr::operator==):
1867         (WTF::PassOwnPtr::operator!=):
1868         Try to get the compiler not to instantiate these function templates unnecessarily.
1869
1870 2011-05-03  Adam Roben  <aroben@apple.com>
1871
1872         Disallow equality comparisons between [Pass]OwnPtrs
1873
1874         If you have two OwnPtrs that are equal, you've already lost. (Unless you're doing something
1875         really sneaky, in which case you should stop!)
1876
1877         Fixes <http://webkit.org/b/60053> Testing OwnPtrs for equality should cause a compiler error
1878
1879         Reviewed by Anders Carlsson and Antti Koivisto.
1880
1881         * wtf/OwnPtr.h:
1882         (WTF::OwnPtr::operator==):
1883         (WTF::OwnPtr::operator!=):
1884         * wtf/PassOwnPtr.h:
1885         (WTF::PassOwnPtr::operator==):
1886         (WTF::PassOwnPtr::operator!=):
1887         Added private equality operators that fail to compile when used. (When not used, the
1888         compiler will skip over them because they are function templates.)
1889
1890 2011-05-04  Alexis Menard  <alexis.menard@openbossa.org>
1891
1892         Reviewed by Gavin Barraclough.
1893
1894         JITArithmetic.cpp produces a warning on a unused variable.
1895         https://bugs.webkit.org/show_bug.cgi?id=60060
1896
1897         Just properly use what we already have converted.
1898
1899         * jit/JITArithmetic.cpp:
1900         (JSC::JIT::emitSlow_op_add):
1901         (JSC::JIT::emitSlow_op_mul):
1902
1903 2011-05-04  Alexis Menard  <alexis.menard@openbossa.org>
1904
1905         Reviewed by Geoffrey Garen.
1906
1907         JITPropertyAccess produces a unused but set variable warning in gcc 4.6.0.
1908         https://bugs.webkit.org/show_bug.cgi?id=60050
1909
1910         This patch fix a compilation warning. The new warning scenario -Wunused-but-set-variable
1911         in gcc 4.6.0 is included in -Wall and therefore stops the compilation when warnings are treated
1912         as errors. The patch introduces a new macro ASSERT_JIT_OFFSET_UNUSED and ASSERT_WITH_MESSAGE_UNUSED
1913         which copy the idea of ASSERT_UNUSED.
1914
1915         * jit/JIT.h:
1916         * jit/JITPropertyAccess.cpp:
1917         (JSC::JIT::emit_op_method_check):
1918         (JSC::JIT::compileGetByIdHotPath):
1919         (JSC::JIT::emit_op_put_by_id):
1920         * wtf/Assertions.h:
1921         (assertWithMessageUnused):
1922
1923 2011-04-29  Jer Noble  <jer.noble@apple.com>
1924
1925         Reviewed by Eric Seidel.
1926
1927         Implement FULLSCREEN_API on Windows, Part 4: Enable it
1928         https://bugs.webkit.org/show_bug.cgi?id=59798
1929
1930         * wtf/Platform.h: Set ENABLE_FULLSCREEN_API on win.
1931
1932 2011-05-03  Alexis Menard  <alexis.menard@openbossa.org>
1933
1934         Reviewed by Eric Seidel.
1935
1936         Unused but set variable warning in MacroAssemberX86_64
1937         https://bugs.webkit.org/show_bug.cgi?id=59482
1938
1939         * assembler/MacroAssemblerX86_64.h:
1940         (JSC::MacroAssemblerX86_64::call):
1941         (JSC::MacroAssemblerX86_64::tailRecursiveCall):
1942         (JSC::MacroAssemblerX86_64::makeTailRecursiveCall):
1943
1944 2011-05-03  Oliver Hunt  <oliver@apple.com>
1945
1946         Reviewed by Geoffrey Garen.
1947
1948         Make malloc validation useful
1949         https://bugs.webkit.org/show_bug.cgi?id=57502
1950
1951         Reland this patch (rolled out in 82905) without
1952         turning it on by default.
1953
1954         * JavaScriptCore.exp:
1955         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1956         * wtf/FastMalloc.cpp:
1957         (WTF::tryFastMalloc):
1958         (WTF::fastMalloc):
1959         (WTF::tryFastCalloc):
1960         (WTF::fastCalloc):
1961         (WTF::fastFree):
1962         (WTF::tryFastRealloc):
1963         (WTF::fastRealloc):
1964         (WTF::fastMallocSize):
1965         (WTF::TCMalloc_PageHeap::isScavengerSuspended):
1966         (WTF::TCMalloc_PageHeap::scheduleScavenger):
1967         (WTF::TCMalloc_PageHeap::suspendScavenger):
1968         (WTF::TCMalloc_PageHeap::signalScavenger):
1969         (WTF::TCMallocStats::malloc):
1970         (WTF::TCMallocStats::free):
1971         (WTF::TCMallocStats::fastCalloc):
1972         (WTF::TCMallocStats::tryFastCalloc):
1973         (WTF::TCMallocStats::calloc):
1974         (WTF::TCMallocStats::fastRealloc):
1975         (WTF::TCMallocStats::tryFastRealloc):
1976         (WTF::TCMallocStats::realloc):
1977         (WTF::TCMallocStats::fastMallocSize):
1978         * wtf/FastMalloc.h:
1979         (WTF::Internal::fastMallocValidationHeader):
1980         (WTF::Internal::fastMallocValidationSuffix):
1981         (WTF::Internal::fastMallocMatchValidationType):
1982         (WTF::Internal::setFastMallocMatchValidationType):
1983         (WTF::fastMallocMatchValidateFree):
1984         (WTF::fastMallocValidate):
1985
1986 2011-05-03  Xan Lopez  <xlopez@igalia.com>
1987
1988         Reviewed by Anders Carlsson.
1989
1990         Compile error with GCC 4.6.0, tries to assign unsigned& to bitfield
1991         https://bugs.webkit.org/show_bug.cgi?id=59261
1992
1993         Use unary '+' to force proper type detection in template arguments
1994         with GCC 4.6.0. See bug report for more details.
1995
1996         * runtime/Structure.cpp:
1997         (JSC::StructureTransitionTable::remove): Use '+' to force precise type detection.
1998         (JSC::StructureTransitionTable::add): ditto.
1999         * runtime/Structure.h:
2000         (JSC::StructureTransitionTable::keyForWeakGCMapFinalizer): ditto.
2001
2002 2011-05-03  Jessie Berlin  <jberlin@apple.com>
2003
2004         Rubber-stamped by Adam Roben.
2005
2006         Revert r85550 and r85575.
2007
2008         Variables cannot be exported via the .def file. Instead, they should be annotated with
2009         JS_EXPORTDATA.
2010
2011         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2012         * runtime/Structure.cpp:
2013         (JSC::Structure::materializePropertyMap):
2014         * runtime/Structure.h:
2015         (JSC::Structure::typeInfo):
2016         (JSC::Structure::previousID):
2017         (JSC::Structure::propertyStorageCapacity):
2018         (JSC::Structure::propertyStorageSize):
2019         (JSC::Structure::get):
2020         (JSC::Structure::materializePropertyMapIfNecessary):
2021
2022 2011-05-02  Adam Roben  <aroben@apple.com>
2023
2024         Allow implicit conversion from nullptr_t to PassOwnPtr
2025
2026         This makes it a lot easier to write code that just wants a null PassOwnPtr, especially in
2027         strict PassOwnPtr mode.
2028
2029         Fixes <http://webkit.org/b/59964> Implicit conversion from std::nullptr_t to PassOwnPtr
2030         doesn't work, but should
2031
2032         Reviewed by Adam Barth.
2033
2034         * wtf/PassOwnPtr.h:
2035         (WTF::PassOwnPtr::PassOwnPtr): Added a non-explicit constructor that takes a nullptr_t.
2036
2037         * wtf/MessageQueue.h:
2038         (WTF::::waitForMessageFilteredWithTimeout):
2039         (WTF::::tryGetMessage):
2040         Use the new implicit conversion.
2041
2042 2011-05-02  Jessie Berlin  <jberlin@apple.com>
2043
2044         Rubber-stamped by Oliver Hunt.
2045
2046         Remove an assertion that Windows was hitting on launch.
2047
2048         * runtime/Structure.cpp:
2049         (JSC::Structure::materializePropertyMap):
2050         * runtime/Structure.h:
2051         (JSC::Structure::typeInfo):
2052         (JSC::Structure::previousID):
2053         (JSC::Structure::propertyStorageCapacity):
2054         (JSC::Structure::propertyStorageSize):
2055         (JSC::Structure::get):
2056         (JSC::Structure::materializePropertyMapIfNecessary):
2057
2058 2011-05-02  Mark Rowe  <mrowe@apple.com>
2059
2060         Reviewed by Geoff Garen.
2061
2062         <rdar://problem/9371948> JavaScriptCore should build with GCC 4.2
2063
2064         * Configurations/CompilerVersion.xcconfig:
2065
2066 2011-05-02  Gavin Barraclough  <barraclough@apple.com>
2067
2068         ARMv7 build fix.
2069
2070         * assembler/AbstractMacroAssembler.h:
2071         (JSC::AbstractMacroAssembler::Jump::link):
2072         (JSC::AbstractMacroAssembler::Jump::linkTo):
2073
2074 2011-05-02  Oliver Hunt  <oliver@apple.com>
2075
2076         Windows build fix.
2077
2078         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2079
2080 2011-05-02  Michael Saboff  <msaboff@apple.com>
2081
2082         Reviewed by Geoffrey Garen.
2083
2084         crash in JSC::RegExp::match
2085         https://bugs.webkit.org/show_bug.cgi?id=58922
2086
2087         Cleared chained backtrack data label when linking label even if that 
2088         label doesn't chain itself.  This is needed so that subsequent 
2089         backtrack data labels point to the next outer paren and not within 
2090         the current paren.
2091
2092         * yarr/YarrJIT.cpp:
2093         (JSC::Yarr::YarrGenerator::TermGenerationState::linkDataLabelToBacktrackIfExists):
2094
2095 2011-05-02  Geoffrey Garen  <ggaren@apple.com>
2096
2097         Reviewed by Oliver Hunt.
2098
2099         Tiny bit of heap cleanup.
2100
2101         * heap/MarkedBlock.h:
2102         (JSC::MarkedBlock::contains): Tightened up an assertion and a comment.
2103
2104         * heap/MarkedSpace.h:
2105         (JSC::MarkedSpace::globalData):
2106         (JSC::MarkedSpace::highWaterMark):
2107         (JSC::MarkedSpace::setHighWaterMark): Moved inlines out of the class
2108         definition, for better clarity.
2109
2110 2011-05-02  Oliver Hunt  <oliver@apple.com>
2111
2112         Reviewed by Gavin Barraclough.
2113
2114         Correct marking of interpreter data in mixed mode builds
2115         https://bugs.webkit.org/show_bug.cgi?id=59962
2116
2117         We had a few places in mixed mode builds where we would not
2118         track data used by the interpreter for marking.  This patch
2119         corrects the problem and adds a number of assertions to catch
2120         live Structures being collected.
2121
2122         * JavaScriptCore.exp:
2123         * assembler/ARMv7Assembler.h:
2124         (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
2125         * bytecode/CodeBlock.cpp:
2126         (JSC::CodeBlock::dump):
2127         * bytecode/CodeBlock.h:
2128         (JSC::CodeBlock::addPropertyAccessInstruction):
2129         (JSC::CodeBlock::addGlobalResolveInstruction):
2130         (JSC::CodeBlock::addStructureStubInfo):
2131         (JSC::CodeBlock::addGlobalResolveInfo):
2132         * bytecompiler/BytecodeGenerator.cpp:
2133         (JSC::BytecodeGenerator::emitResolve):
2134         (JSC::BytecodeGenerator::emitResolveWithBase):
2135         (JSC::BytecodeGenerator::emitGetById):
2136         (JSC::BytecodeGenerator::emitPutById):
2137         (JSC::BytecodeGenerator::emitDirectPutById):
2138         * runtime/Structure.cpp:
2139         (JSC::Structure::materializePropertyMap):
2140         * runtime/Structure.h:
2141         (JSC::Structure::typeInfo):
2142         (JSC::Structure::previousID):
2143         (JSC::Structure::propertyStorageCapacity):
2144         (JSC::Structure::propertyStorageSize):
2145         (JSC::Structure::get):
2146         (JSC::Structure::materializePropertyMapIfNecessary):
2147
2148 2011-05-02  Xan Lopez  <xlopez@igalia.com>
2149
2150         Reviewed by Alexey Proskuryakov.
2151
2152         Use native NullPtr when using GCC 4.6.0 and C++0x
2153         https://bugs.webkit.org/show_bug.cgi?id=59252
2154
2155         GCC 4.6.0 has nullptr support, use it when possible.
2156
2157         * wtf/NullPtr.cpp: include config.h to pull in Platform.h before
2158         NullPtr.h, since we need the GCC_VERSION_AT_LEAST definition.
2159         * wtf/NullPtr.h: check for GCC >= 4.6.0 and C++0x in order to
2160         use native nullptr.
2161
2162 2011-05-02  Gavin Barraclough  <barraclough@apple.com>
2163
2164         Reviewed by Oliver Hunt.
2165
2166         https://bugs.webkit.org/show_bug.cgi?id=59950
2167         Clean up AssemblerBuffer to use a Vector internally.
2168
2169         AssemblerBuffer handles reallocing a byte array itself - stop that.
2170
2171         * assembler/ARMAssembler.cpp:
2172         (JSC::ARMAssembler::executableCopy):
2173         * assembler/AssemblerBuffer.h:
2174         (JSC::AssemblerLabel::AssemblerLabel):
2175         (JSC::AssemblerLabel::labelAtOffset):
2176         (JSC::AssemblerBuffer::AssemblerBuffer):
2177         (JSC::AssemblerBuffer::~AssemblerBuffer):
2178         (JSC::AssemblerBuffer::isAvailable):
2179         (JSC::AssemblerBuffer::ensureSpace):
2180         (JSC::AssemblerBuffer::isAligned):
2181         (JSC::AssemblerBuffer::putIntegral):
2182         (JSC::AssemblerBuffer::putIntegralUnchecked):
2183         (JSC::AssemblerBuffer::putByteUnchecked):
2184         (JSC::AssemblerBuffer::putByte):
2185         (JSC::AssemblerBuffer::putShortUnchecked):
2186         (JSC::AssemblerBuffer::putShort):
2187         (JSC::AssemblerBuffer::putIntUnchecked):
2188         (JSC::AssemblerBuffer::putInt):
2189         (JSC::AssemblerBuffer::putInt64Unchecked):
2190         (JSC::AssemblerBuffer::putInt64):
2191         (JSC::AssemblerBuffer::codeSize):
2192         (JSC::AssemblerBuffer::label):
2193         (JSC::AssemblerBuffer::executableCopy):
2194         (JSC::AssemblerBuffer::rewindToLabel):
2195         (JSC::AssemblerBuffer::debugOffset):
2196         (JSC::AssemblerBuffer::append):
2197         (JSC::AssemblerBuffer::grow):
2198         * assembler/AssemblerBufferWithConstantPool.h:
2199         * assembler/MacroAssemblerX86_64.h:
2200         (JSC::MacroAssemblerX86_64::linkCall):
2201         * assembler/X86Assembler.h:
2202         (JSC::X86Assembler::X86InstructionFormatter::rewindToLabel):
2203
2204 2011-05-02  Jeff Miller  <jeffm@apple.com>
2205
2206         Reviewed by Alexy Proskuryakov.
2207
2208         Avoid potential buffer overflow in WTFLog() and WTFLogVerbose()
2209         https://bugs.webkit.org/show_bug.cgi?id=59949
2210
2211         * wtf/Assertions.cpp: Check for 0 or empty format string in WTFLog() and WTFLogVerbose().
2212
2213 2011-05-02  Adam Barth  <abarth@webkit.org>
2214
2215         Reviewed by Alexey Proskuryakov.
2216
2217         StringImpl::endsWith has some insane code
2218         https://bugs.webkit.org/show_bug.cgi?id=59900
2219
2220         * wtf/text/StringImpl.cpp:
2221         (WTF::StringImpl::endsWith):
2222             - m_data shadows a member variable of the same name.
2223
2224 2011-05-02  Gabor Loki  <loki@webkit.org>
2225
2226         Buildfix for ARM after r85448
2227
2228         * assembler/ARMAssembler.h:
2229         (JSC::ARMAssembler::loadBranchTarget):
2230
2231 2011-05-01  Oliver Hunt  <oliver@apple.com>
2232
2233         Reviewed by Gavin Barraclough.
2234
2235         Strict-mode only reserved words not reserved
2236         https://bugs.webkit.org/show_bug.cgi?id=55342
2237
2238         Fix line number tracking when we rollback the lexer.
2239
2240         * parser/JSParser.cpp:
2241         (JSC::JSParser::parseSourceElements):
2242
2243 2011-05-01  Oliver Hunt  <oliver@apple.com>
2244
2245         Reviewed by Gavin Barraclough.
2246
2247         ES5 Strict mode does not allow getter and setter for same propId
2248         https://bugs.webkit.org/show_bug.cgi?id=57295
2249
2250         Simplify and correct the logic for strict mode object literals.
2251
2252         * parser/JSParser.cpp:
2253         (JSC::JSParser::parseStrictObjectLiteral):
2254
2255 2011-05-01  Oliver Hunt  <oliver@apple.com>
2256
2257         Reviewed by Gavin Barraclough.
2258
2259         Assigning to function identifier under strict should throw
2260         https://bugs.webkit.org/show_bug.cgi?id=59289
2261
2262         Add logic to StaticScopeObject to ensure we don't silently consume
2263         writes to constant properties.
2264
2265         * runtime/JSStaticScopeObject.cpp:
2266         (JSC::JSStaticScopeObject::put):
2267
2268 2011-05-01  Gavin Barraclough  <barraclough@apple.com>
2269
2270         Reviewed by Sam Weinig.
2271
2272         https://bugs.webkit.org/show_bug.cgi?id=59903
2273         Use AssemblerLabel throughout Assembler classes, AssemblerBuffer
2274
2275         Creating a lable() into the AssemblerBuffer should return an AssemblerLabel,
2276         not an unsigned int.
2277
2278         * assembler/ARMAssembler.cpp:
2279         (JSC::ARMAssembler::executableCopy):
2280         * assembler/ARMAssembler.h:
2281         (JSC::ARMAssembler::blx):
2282         (JSC::ARMAssembler::label):
2283         (JSC::ARMAssembler::loadBranchTarget):
2284         * assembler/ARMv7Assembler.h:
2285         (JSC::ARMv7Assembler::b):
2286         (JSC::ARMv7Assembler::blx):
2287         (JSC::ARMv7Assembler::bx):
2288         (JSC::ARMv7Assembler::label):
2289         (JSC::ARMv7Assembler::ARMInstructionFormatter::label):
2290         * assembler/AssemblerBuffer.h:
2291         (JSC::AssemblerBuffer::label):
2292         * assembler/AssemblerBufferWithConstantPool.h:
2293         * assembler/MIPSAssembler.h:
2294         (JSC::MIPSAssembler::label):
2295         (JSC::MIPSAssembler::relocateJumps):
2296         * assembler/SH4Assembler.h:
2297         (JSC::SH4Assembler::loadConstant):
2298         (JSC::SH4Assembler::loadConstantUnReusable):
2299         (JSC::SH4Assembler::call):
2300         (JSC::SH4Assembler::jmp):
2301         (JSC::SH4Assembler::jne):
2302         (JSC::SH4Assembler::je):
2303         (JSC::SH4Assembler::label):
2304         (JSC::SH4Assembler::oneShortOp):
2305         * assembler/X86Assembler.h:
2306         (JSC::X86Assembler::call):
2307         (JSC::X86Assembler::jmp_r):
2308         (JSC::X86Assembler::label):
2309         (JSC::X86Assembler::X86InstructionFormatter::immediateRel32):
2310         (JSC::X86Assembler::X86InstructionFormatter::label):
2311
2312 2011-05-01  Adam Barth  <abarth@webkit.org>
2313
2314         Reviewed by David Levin.
2315
2316         Enable strict mode for OwnPtr and PassOwnPtr
2317         https://bugs.webkit.org/show_bug.cgi?id=59428
2318
2319         * wtf/OwnPtr.h:
2320
2321 2011-05-01  Patrick Gansterer  <paroga@webkit.org>
2322
2323         Reviewed by Adam Barth.
2324
2325         Enable strict OwnPtr for PLATFORM(WIN)
2326         https://bugs.webkit.org/show_bug.cgi?id=59881
2327
2328         * wtf/OwnPtr.h:
2329
2330 2011-05-01  Gavin Barraclough  <barraclough@apple.com>
2331
2332         Reviewed by Sam Weinig.
2333
2334         https://bugs.webkit.org/show_bug.cgi?id=59896
2335         Remove JmpSrc/JmpDst types.
2336
2337         The JmpSrc/JmpDst classes predate the MacroAssembler interface. Having these
2338         object be per-assembler in unhelpful, causes unnecessary code duplication,
2339         and prevents the AssemblerBuffer from providing a richer type for labels.
2340         The limited semantic meaning that they did convey is undermined by the manner
2341         in which their meanings have been overloaded (use of JmpSrc for Call, JmpDst
2342         for data labels).
2343
2344         Jumps on ARMv7 have had additional information added to the object via the
2345         ARMv7 JmpSrc. This data should probably be in the instruction stream. This
2346         patch does not fix the problem, and moves the data (ifdefed) to
2347         AbstractMacroAssembler::Jump (which is effectively where it was before!).
2348         This at least closes the hole such that no further data may be added to JmpSrc,
2349         but this is unfortunate, and should be cleaned up.
2350
2351         * assembler/ARMAssembler.h:
2352         (JSC::ARMAssembler::blx):
2353         (JSC::ARMAssembler::label):
2354         (JSC::ARMAssembler::align):
2355         (JSC::ARMAssembler::loadBranchTarget):
2356         (JSC::ARMAssembler::jmp):
2357         (JSC::ARMAssembler::linkPointer):
2358         (JSC::ARMAssembler::linkJump):
2359         (JSC::ARMAssembler::linkCall):
2360         (JSC::ARMAssembler::getRelocatedAddress):
2361         (JSC::ARMAssembler::getDifferenceBetweenLabels):
2362         (JSC::ARMAssembler::getCallReturnOffset):
2363         * assembler/ARMv7Assembler.h:
2364         (JSC::ARMv7Assembler::b):
2365         (JSC::ARMv7Assembler::blx):
2366         (JSC::ARMv7Assembler::bx):
2367         (JSC::ARMv7Assembler::label):
2368         (JSC::ARMv7Assembler::align):
2369         (JSC::ARMv7Assembler::getRelocatedAddress):
2370         (JSC::ARMv7Assembler::getDifferenceBetweenLabels):
2371         (JSC::ARMv7Assembler::getCallReturnOffset):
2372         (JSC::ARMv7Assembler::linkJump):
2373         (JSC::ARMv7Assembler::linkCall):
2374         (JSC::ARMv7Assembler::linkPointer):
2375         * assembler/AbstractMacroAssembler.h:
2376         (JSC::AbstractMacroAssembler::Label::isSet):
2377         (JSC::AbstractMacroAssembler::Call::Call):
2378         (JSC::AbstractMacroAssembler::Jump::Jump):
2379         (JSC::AbstractMacroAssembler::Jump::link):
2380         (JSC::AbstractMacroAssembler::Jump::linkTo):
2381         (JSC::AbstractMacroAssembler::linkPointer):
2382         (JSC::AbstractMacroAssembler::getLinkerAddress):
2383         * assembler/AssemblerBuffer.h:
2384         (JSC::AssemblerLabel::AssemblerLabel):
2385         (JSC::AssemblerLabel::isSet):
2386         * assembler/LinkBuffer.h:
2387         (JSC::LinkBuffer::patch):
2388         * assembler/MIPSAssembler.h:
2389         (JSC::MIPSAssembler::label):
2390         (JSC::MIPSAssembler::align):
2391         (JSC::MIPSAssembler::getRelocatedAddress):
2392         (JSC::MIPSAssembler::getDifferenceBetweenLabels):
2393         (JSC::MIPSAssembler::getCallReturnOffset):
2394         (JSC::MIPSAssembler::linkJump):
2395         (JSC::MIPSAssembler::linkCall):
2396         (JSC::MIPSAssembler::linkPointer):
2397         * assembler/MacroAssemblerARMv7.h:
2398         (JSC::MacroAssemblerARMv7::branchDouble):
2399         (JSC::MacroAssemblerARMv7::branchDoubleZeroOrNaN):
2400         (JSC::MacroAssemblerARMv7::jump):
2401         (JSC::MacroAssemblerARMv7::nearCall):
2402         (JSC::MacroAssemblerARMv7::call):
2403         (JSC::MacroAssemblerARMv7::ret):
2404         (JSC::MacroAssemblerARMv7::tailRecursiveCall):
2405         (JSC::MacroAssemblerARMv7::makeBranch):
2406         * assembler/MacroAssemblerMIPS.h:
2407         (JSC::MacroAssemblerMIPS::nearCall):
2408         (JSC::MacroAssemblerMIPS::call):
2409         (JSC::MacroAssemblerMIPS::tailRecursiveCall):
2410         (JSC::MacroAssemblerMIPS::branchTrue):
2411         (JSC::MacroAssemblerMIPS::branchFalse):
2412         (JSC::MacroAssemblerMIPS::branchEqual):
2413         (JSC::MacroAssemblerMIPS::branchNotEqual):
2414         * assembler/SH4Assembler.h:
2415         (JSC::SH4Assembler::call):
2416         (JSC::SH4Assembler::jmp):
2417         (JSC::SH4Assembler::jne):
2418         (JSC::SH4Assembler::je):
2419         (JSC::SH4Assembler::label):
2420         (JSC::SH4Assembler::align):
2421         (JSC::SH4Assembler::linkJump):
2422         (JSC::SH4Assembler::linkCall):
2423         (JSC::SH4Assembler::linkPointer):
2424         (JSC::SH4Assembler::getCallReturnOffset):
2425         (JSC::SH4Assembler::getRelocatedAddress):
2426         (JSC::SH4Assembler::getDifferenceBetweenLabels):
2427         (JSC::SH4Assembler::patchPointer):
2428         * assembler/X86Assembler.h:
2429         (JSC::X86Assembler::call):
2430         (JSC::X86Assembler::jmp):
2431         (JSC::X86Assembler::jmp_r):
2432         (JSC::X86Assembler::jne):
2433         (JSC::X86Assembler::jnz):
2434         (JSC::X86Assembler::je):
2435         (JSC::X86Assembler::jz):
2436         (JSC::X86Assembler::jl):
2437         (JSC::X86Assembler::jb):
2438         (JSC::X86Assembler::jle):
2439         (JSC::X86Assembler::jbe):
2440         (JSC::X86Assembler::jge):
2441         (JSC::X86Assembler::jg):
2442         (JSC::X86Assembler::ja):
2443         (JSC::X86Assembler::jae):
2444         (JSC::X86Assembler::jo):
2445         (JSC::X86Assembler::jp):
2446         (JSC::X86Assembler::js):
2447         (JSC::X86Assembler::jCC):
2448         (JSC::X86Assembler::label):
2449         (JSC::X86Assembler::labelFor):
2450         (JSC::X86Assembler::align):
2451         (JSC::X86Assembler::linkJump):
2452         (JSC::X86Assembler::linkCall):
2453         (JSC::X86Assembler::linkPointer):
2454         (JSC::X86Assembler::getCallReturnOffset):
2455         (JSC::X86Assembler::getRelocatedAddress):
2456         (JSC::X86Assembler::getDifferenceBetweenLabels):
2457         (JSC::X86Assembler::rewindToLabel):
2458         (JSC::X86Assembler::X86InstructionFormatter::immediateRel32):
2459         (JSC::X86Assembler::X86InstructionFormatter::rewindToLabel):
2460         * jit/JIT.cpp:
2461         (JSC::JIT::privateCompileMainPass):
2462         * jit/JIT.h:
2463         * jit/JITInlineMethods.h:
2464         (JSC::JIT::atJumpTarget):
2465         (JSC::JIT::emitGetVirtualRegister):
2466         * jit/JITOpcodes.cpp:
2467         (JSC::JIT::emit_op_jmp):
2468         (JSC::JIT::emit_op_jfalse):
2469         (JSC::JIT::emit_op_jeq_null):
2470         (JSC::JIT::emit_op_jneq_null):
2471         (JSC::JIT::emit_op_jneq_ptr):
2472         (JSC::JIT::emit_op_jsr):
2473         (JSC::JIT::emit_op_jtrue):
2474         (JSC::JIT::emit_op_jmp_scopes):
2475
2476 2011-05-01  Chao-ying Fu  <fu@mips.com>
2477
2478         Reviewed by Eric Seidel.
2479
2480         Fix MIPS build due to the split of "Condition" enum
2481         https://bugs.webkit.org/show_bug.cgi?id=59407
2482
2483         * assembler/MIPSAssembler.h:
2484         (JSC::MIPSAssembler::debugOffset):
2485         * assembler/MacroAssemblerMIPS.h:
2486         (JSC::MacroAssemblerMIPS::branch32):
2487         (JSC::MacroAssemblerMIPS::compare32):
2488
2489 2011-04-30  Adam Barth  <abarth@webkit.org>
2490
2491         Reviewed by Adam Barth.
2492
2493         Enable strict OwnPtr for GTK
2494         https://bugs.webkit.org/show_bug.cgi?id=59861
2495
2496         * wtf/OwnPtr.h:
2497
2498 2011-04-30  Gavin Barraclough  <barraclough@apple.com>
2499
2500         ARMv7 build fix.
2501
2502         * assembler/AssemblerBufferWithConstantPool.h:
2503
2504 2011-04-30  Gavin Barraclough  <barraclough@apple.com>
2505
2506         Reviewed by Oliver Hunt.
2507
2508         Bug 59869 - AssemblerBuffer cleanup - disambiguate size()
2509
2510         The method size() is called on the AssemblerBuffer both to acquire
2511         the complete size of the code, and to get a position to use as a
2512         label into the code. Instead, add an explicit 'label' method.
2513
2514         * assembler/ARMAssembler.cpp:
2515         (JSC::ARMAssembler::executableCopy):
2516         * assembler/ARMAssembler.h:
2517         (JSC::ARMAssembler::blx):
2518         (JSC::ARMAssembler::codeSize):
2519         (JSC::ARMAssembler::label):
2520         (JSC::ARMAssembler::loadBranchTarget):
2521         * assembler/ARMv7Assembler.h:
2522         (JSC::ARMv7Assembler::b):
2523         (JSC::ARMv7Assembler::blx):
2524         (JSC::ARMv7Assembler::bx):
2525         (JSC::ARMv7Assembler::label):
2526         (JSC::ARMv7Assembler::codeSize):
2527         (JSC::ARMv7Assembler::ARMInstructionFormatter::codeSize):
2528         (JSC::ARMv7Assembler::ARMInstructionFormatter::data):
2529         * assembler/AbstractMacroAssembler.h:
2530         * assembler/AssemblerBuffer.h:
2531         (JSC::AssemblerBuffer::codeSize):
2532         (JSC::AssemblerBuffer::label):
2533         * assembler/AssemblerBufferWithConstantPool.h:
2534         * assembler/LinkBuffer.h:
2535         (JSC::LinkBuffer::LinkBuffer):
2536         (JSC::LinkBuffer::linkCode):
2537         * assembler/MIPSAssembler.h:
2538         (JSC::MIPSAssembler::newJmpSrc):
2539         (JSC::MIPSAssembler::appendJump):
2540         (JSC::MIPSAssembler::label):
2541         (JSC::MIPSAssembler::codeSize):
2542         (JSC::MIPSAssembler::relocateJumps):
2543         * assembler/SH4Assembler.h:
2544         (JSC::SH4Assembler::loadConstant):
2545         (JSC::SH4Assembler::loadConstantUnReusable):
2546         (JSC::SH4Assembler::call):
2547         (JSC::SH4Assembler::jmp):
2548         (JSC::SH4Assembler::jne):
2549         (JSC::SH4Assembler::je):
2550         (JSC::SH4Assembler::label):
2551         (JSC::SH4Assembler::executableCopy):
2552         (JSC::SH4Assembler::oneShortOp):
2553         (JSC::SH4Assembler::codeSize):
2554         * assembler/X86Assembler.h:
2555         (JSC::X86Assembler::call):
2556         (JSC::X86Assembler::jmp_r):
2557         (JSC::X86Assembler::codeSize):
2558         (JSC::X86Assembler::label):
2559         (JSC::X86Assembler::executableCopy):
2560         (JSC::X86Assembler::X86InstructionFormatter::immediateRel32):
2561         (JSC::X86Assembler::X86InstructionFormatter::codeSize):
2562         (JSC::X86Assembler::X86InstructionFormatter::label):
2563         (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
2564         * dfg/DFGJITCompiler.cpp:
2565         (JSC::DFG::JITCompiler::compileFunction):
2566         * jit/JIT.cpp:
2567         (JSC::JIT::privateCompile):
2568         * jit/JITOpcodes.cpp:
2569         (JSC::JIT::privateCompileCTIMachineTrampolines):
2570         * jit/JITOpcodes32_64.cpp:
2571         (JSC::JIT::privateCompileCTIMachineTrampolines):
2572         * yarr/YarrJIT.cpp:
2573         (JSC::Yarr::YarrGenerator::compile):
2574
2575 2011-04-29  Adam Barth  <abarth@webkit.org>
2576
2577         Attempt to fix the Windows build.
2578
2579         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2580
2581 2011-04-29  Adam Barth  <abarth@webkit.org>
2582
2583         Reviewed by Eric Seidel.
2584
2585         CSP script-src should block eval
2586         https://bugs.webkit.org/show_bug.cgi?id=59850
2587
2588         ggaren recommend a different approach to this patch, essentially
2589         installing a new function for function-eval and changing the AST
2590         representation of operator-eval to call function-eval.  However, I'm
2591         not sure that approach is workable because the ASTBuilder doesn't know
2592         about global objects, and there is added complication due to the cache.
2593
2594         This approach is more dynamic, adding a branch in EvalExecutable to
2595         detect whether eval is current disabled in the lexical scope.  The spec
2596         is slightly unclear about whether we should return undefined or throw
2597         an exception.  I've asked Brandon to clarify the spec, but throwing an
2598         exception seems natural.
2599
2600         * JavaScriptCore.exp:
2601         * runtime/Executable.cpp:
2602         (JSC::EvalExecutable::compileInternal):
2603         * runtime/JSGlobalObject.cpp:
2604         (JSC::JSGlobalObject::disableEval):
2605         * runtime/JSGlobalObject.h:
2606         (JSC::JSGlobalObject::JSGlobalObject):
2607         (JSC::JSGlobalObject::isEvalEnabled):
2608
2609 2011-04-29  Gavin Barraclough  <barraclough@apple.com>
2610
2611         Reviewed by Oliver Hunt.
2612
2613         https://bugs.webkit.org/show_bug.cgi?id=59847
2614         Remove linkOffset from LinkBuffer
2615
2616         This is redundant since removal of recompilation for exception info.
2617
2618         * assembler/LinkBuffer.h:
2619         (JSC::LinkBuffer::LinkBuffer):
2620         (JSC::LinkBuffer::linkCode):
2621         * dfg/DFGJITCompiler.cpp:
2622         (JSC::DFG::JITCompiler::compileFunction):
2623         * jit/JIT.cpp:
2624         (JSC::JIT::JIT):
2625         (JSC::JIT::privateCompile):
2626         * jit/JIT.h:
2627         (JSC::JIT::compile):
2628         (JSC::JIT::compileCTIMachineTrampolines):
2629         (JSC::JIT::compileCTINativeCall):
2630         * jit/JITOpcodes.cpp:
2631         (JSC::JIT::privateCompileCTIMachineTrampolines):
2632         * jit/JITOpcodes32_64.cpp:
2633         (JSC::JIT::privateCompileCTIMachineTrampolines):
2634         (JSC::JIT::privateCompileCTINativeCall):
2635         * jit/JITPropertyAccess.cpp:
2636         (JSC::JIT::stringGetByValStubGenerator):
2637         (JSC::JIT::privateCompilePutByIdTransition):
2638         (JSC::JIT::privateCompilePatchGetArrayLength):
2639         (JSC::JIT::privateCompileGetByIdProto):
2640         (JSC::JIT::privateCompileGetByIdSelfList):
2641         (JSC::JIT::privateCompileGetByIdProtoList):
2642         (JSC::JIT::privateCompileGetByIdChainList):
2643         (JSC::JIT::privateCompileGetByIdChain):
2644         * jit/JITPropertyAccess32_64.cpp:
2645         (JSC::JIT::stringGetByValStubGenerator):
2646         (JSC::JIT::privateCompilePutByIdTransition):
2647         (JSC::JIT::privateCompilePatchGetArrayLength):
2648         (JSC::JIT::privateCompileGetByIdProto):
2649         (JSC::JIT::privateCompileGetByIdSelfList):
2650         (JSC::JIT::privateCompileGetByIdProtoList):
2651         (JSC::JIT::privateCompileGetByIdChainList):
2652         (JSC::JIT::privateCompileGetByIdChain):
2653         * jit/SpecializedThunkJIT.h:
2654         (JSC::SpecializedThunkJIT::finalize):
2655         * yarr/YarrJIT.cpp:
2656         (JSC::Yarr::YarrGenerator::compile):
2657
2658 2011-04-29  Gavin Barraclough  <barraclough@apple.com>
2659
2660         Reviewed by Oliver Hunt & Geoff Garen.
2661
2662         https://bugs.webkit.org/show_bug.cgi?id=59221
2663         [RegexFuzz] Regression blocking testing
2664
2665         Okay, so the bug here is that when, in the case of a TypeParentheticalAssertion
2666         node, emitDisjunction recursively calls to itself to emit the nested disjunction
2667         the value of parenthesesInputCountAlreadyChecked is bogus (doesn't take into
2668         account the uncheck that has just taken place).
2669
2670         Also, the special handling given to countToCheck in the case of parenthetical
2671         assertions is nonsense, delete it, along with the isParentheticalAssertion argument.
2672
2673         * yarr/YarrInterpreter.cpp:
2674         (JSC::Yarr::ByteCompiler::emitDisjunction):
2675
2676 2011-04-29  Csaba Osztrogonác  <ossy@webkit.org>
2677
2678         Reviewed by Adam Barth.
2679
2680         Enable strict OwnPtr for Qt
2681         https://bugs.webkit.org/show_bug.cgi?id=59667
2682
2683         * wtf/OwnPtr.h:
2684
2685 2011-04-29  Dean Jackson  <dino@apple.com>
2686
2687         Reviewed by Simon Fraser.
2688
2689         Add ENABLE macro for WebKitAnimation
2690         https://bugs.webkit.org/show_bug.cgi?id=59729
2691
2692         Add new feature to toggle WebKit Animation API.
2693
2694         * Configurations/FeatureDefines.xcconfig:
2695
2696 2011-04-28  Sam Weinig  <sam@webkit.org>
2697
2698         Reviewed by Mark Rowe.
2699
2700         Install testapi.js along side testapi
2701         https://bugs.webkit.org/show_bug.cgi?id=59773
2702
2703         * JavaScriptCore.xcodeproj/project.pbxproj:
2704         Add new build phase to copy testapi.js to install path of testapi
2705         on install.
2706
2707 2011-04-28  David Levin  <levin@chromium.org>
2708
2709         Reviewed by Adam Barth.
2710
2711         Remove IMAGE_RESIZER related code.
2712         https://bugs.webkit.org/show_bug.cgi?id=59735
2713
2714         * Configurations/FeatureDefines.xcconfig:
2715
2716 2011-04-28  Gavin Barraclough  <barraclough@apple.com>
2717
2718         Reviewed by Oliver Hunt.
2719
2720         https://bugs.webkit.org/show_bug.cgi?id=59763
2721         DFG JIT - Unify FPRReg & FPRegisterID
2722
2723         (Following on from GPRReg/RegisterID unification).
2724
2725         * dfg/DFGFPRInfo.h:
2726         (JSC::DFG::FPRInfo::toRegister):
2727         (JSC::DFG::FPRInfo::debugName):
2728         * dfg/DFGGPRInfo.h:
2729         * dfg/DFGJITCodeGenerator.cpp:
2730         (JSC::DFG::JITCodeGenerator::fillDouble):
2731         (JSC::DFG::JITCodeGenerator::checkConsistency):
2732         * dfg/DFGJITCodeGenerator.h:
2733         (JSC::DFG::JITCodeGenerator::boxDouble):
2734         (JSC::DFG::JITCodeGenerator::unboxDouble):
2735         (JSC::DFG::JITCodeGenerator::flushRegisters):
2736         (JSC::DFG::JITCodeGenerator::isFlushed):
2737         (JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
2738         (JSC::DFG::JITCodeGenerator::setupStubArguments):
2739         (JSC::DFG::JITCodeGenerator::callOperation):
2740         (JSC::DFG::GPRResult::lockedResult):
2741         (JSC::DFG::FPRResult::lockedResult):
2742         * dfg/DFGJITCompiler.cpp:
2743         (JSC::DFG::JITCompiler::fillNumericToDouble):
2744         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
2745         (JSC::DFG::JITCompiler::compileFunction):
2746         * dfg/DFGJITCompiler.h:
2747         * dfg/DFGNode.h:
2748         * dfg/DFGNonSpeculativeJIT.cpp:
2749         (JSC::DFG::EntryLocation::EntryLocation):
2750         (JSC::DFG::NonSpeculativeJIT::valueToNumber):
2751         (JSC::DFG::NonSpeculativeJIT::valueToInt32):
2752         (JSC::DFG::NonSpeculativeJIT::numberToInt32):
2753         (JSC::DFG::NonSpeculativeJIT::compile):
2754         * dfg/DFGNonSpeculativeJIT.h:
2755         (JSC::DFG::NonSpeculativeJIT::silentSpillAllRegisters):
2756         (JSC::DFG::NonSpeculativeJIT::silentFillAllRegisters):
2757         * dfg/DFGRegisterBank.h:
2758         (JSC::DFG::RegisterBank::iterator::regID):
2759         (JSC::DFG::RegisterBank::iterator::debugName):
2760         * dfg/DFGSpeculativeJIT.cpp:
2761         (JSC::DFG::SpeculationCheck::SpeculationCheck):
2762         (JSC::DFG::SpeculativeJIT::compile):
2763         * dfg/DFGSpeculativeJIT.h:
2764
2765 2011-04-28  David Kilzer  <ddkilzer@apple.com>
2766
2767         Revert "<http://webkit.org/b/59705> WTF::postTimer() leaks a CFRunLoopTimerRef every time it's called"
2768
2769         This reverts commit r85195.  It was crashing DumpRenderTree on Lion.
2770
2771         * wtf/mac/MainThreadMac.mm:
2772         (WTF::postTimer):
2773
2774 2011-04-28  Adam Barth  <abarth@webkit.org>
2775
2776         Reviewed by Eric Seidel.
2777
2778         Remove WML
2779         https://bugs.webkit.org/show_bug.cgi?id=59678
2780
2781         Remove the WML configuration option from the Mac build system.
2782
2783         * Configurations/FeatureDefines.xcconfig:
2784
2785 2011-04-28  Sheriff Bot  <webkit.review.bot@gmail.com>
2786
2787         Unreviewed, rolling out r85233 and r85235.
2788         http://trac.webkit.org/changeset/85233
2789         http://trac.webkit.org/changeset/85235
2790         https://bugs.webkit.org/show_bug.cgi?id=59754
2791
2792         Causes issues with jsc. (Requested by dave_levin on #webkit).
2793
2794         * GNUmakefile.list.am:
2795         * JavaScriptCore.gypi:
2796         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
2797         * JavaScriptCore.xcodeproj/project.pbxproj:
2798         * jit/ExecutableAllocator.h:
2799         (JSC::ExecutablePool::ExecutablePool):
2800         * parser/SourceProvider.h:
2801         (JSC::SourceProvider::SourceProvider):
2802         * runtime/RegExp.cpp:
2803         (JSC::RegExp::RegExp):
2804         * wtf/CMakeLists.txt:
2805         * wtf/RefCounted.h:
2806         (WTF::RefCountedBase::ref):
2807         (WTF::RefCountedBase::hasOneRef):
2808         (WTF::RefCountedBase::refCount):
2809         (WTF::RefCountedBase::derefBase):
2810         * wtf/SizeLimits.cpp:
2811         * wtf/ThreadRestrictionVerifier.h: Removed.
2812         * wtf/text/CString.h:
2813         (WTF::CStringBuffer::CStringBuffer):
2814
2815 2011-04-28  Gavin Barraclough  <barraclough@apple.com>
2816
2817         Reviewed by Oliver Hunt.
2818
2819         Bug 59740 - DFG JIT - Unify GPRReg & RegisterID
2820
2821         Currently we use a mix of enum values throughout the DFG JIT to  represent
2822         gpr registers - the RegisterID provided by the MacroAssembler, and the
2823         GPRReg enum giving the sequential register set over which the RegisterBank
2824         allocates. Unify the two.
2825
2826         Patch to unify FPRReg in a similar fashion will follow.
2827
2828         * JavaScriptCore.xcodeproj/project.pbxproj:
2829         * dfg/DFGFPRInfo.h: Added.
2830         (JSC::DFG::next):
2831         (JSC::DFG::FPRBankInfo::toRegister):
2832         (JSC::DFG::FPRBankInfo::toIndex):
2833         * dfg/DFGGPRInfo.h: Added.
2834         (JSC::DFG::GPRInfo::toRegister):
2835         (JSC::DFG::GPRInfo::toIndex):
2836         (JSC::DFG::GPRInfo::debugName):
2837         * dfg/DFGJITCodeGenerator.cpp:
2838         (JSC::DFG::JITCodeGenerator::fillInteger):
2839         (JSC::DFG::JITCodeGenerator::fillDouble):
2840         (JSC::DFG::JITCodeGenerator::fillJSValue):
2841         (JSC::DFG::JITCodeGenerator::dump):
2842         (JSC::DFG::JITCodeGenerator::checkConsistency):
2843         (JSC::DFG::GPRTemporary::GPRTemporary):
2844         (JSC::DFG::FPRTemporary::FPRTemporary):
2845         * dfg/DFGJITCodeGenerator.h:
2846         (JSC::DFG::JITCodeGenerator::boxDouble):
2847         (JSC::DFG::JITCodeGenerator::unboxDouble):
2848         (JSC::DFG::JITCodeGenerator::spill):
2849         (JSC::DFG::JITCodeGenerator::flushRegisters):
2850         (JSC::DFG::JITCodeGenerator::isFlushed):
2851         (JSC::DFG::JITCodeGenerator::bitOp):
2852         (JSC::DFG::JITCodeGenerator::shiftOp):
2853         (JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
2854         (JSC::DFG::JITCodeGenerator::setupStubArguments):
2855         (JSC::DFG::JITCodeGenerator::callOperation):
2856         (JSC::DFG::IntegerOperand::gpr):
2857         (JSC::DFG::DoubleOperand::gpr):
2858         (JSC::DFG::GPRTemporary::gpr):
2859         (JSC::DFG::FPRTemporary::gpr):
2860         (JSC::DFG::GPRResult::lockedResult):
2861         * dfg/DFGJITCompiler.cpp:
2862         (JSC::DFG::JITCompiler::fillNumericToDouble):
2863         (JSC::DFG::JITCompiler::fillInt32ToInteger):
2864         (JSC::DFG::JITCompiler::fillToJS):
2865         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
2866         (JSC::DFG::JITCompiler::compileFunction):
2867         (JSC::DFG::JITCompiler::jitAssertIsInt32):
2868         (JSC::DFG::JITCompiler::jitAssertIsJSInt32):
2869         (JSC::DFG::JITCompiler::jitAssertIsJSNumber):
2870         (JSC::DFG::JITCompiler::jitAssertIsJSDouble):
2871         * dfg/DFGJITCompiler.h:
2872         (JSC::DFG::JITCompiler::preserveReturnAddressAfterCall):
2873         (JSC::DFG::JITCompiler::restoreReturnAddressBeforeReturn):
2874         (JSC::DFG::JITCompiler::emitGetFromCallFrameHeaderPtr):
2875         (JSC::DFG::JITCompiler::emitPutToCallFrameHeader):
2876         (JSC::DFG::JITCompiler::emitPutImmediateToCallFrameHeader):
2877         (JSC::DFG::JITCompiler::addressForGlobalVar):
2878         (JSC::DFG::JITCompiler::addressFor):
2879         (JSC::DFG::JITCompiler::tagFor):
2880         (JSC::DFG::JITCompiler::payloadFor):
2881         * dfg/DFGNonSpeculativeJIT.cpp:
2882         (JSC::DFG::EntryLocation::EntryLocation):
2883         (JSC::DFG::NonSpeculativeJIT::valueToNumber):
2884         (JSC::DFG::NonSpeculativeJIT::valueToInt32):
2885         (JSC::DFG::NonSpeculativeJIT::numberToInt32):
2886         (JSC::DFG::NonSpeculativeJIT::compile):
2887         * dfg/DFGNonSpeculativeJIT.h:
2888         (JSC::DFG::NonSpeculativeJIT::silentSpillGPR):
2889         (JSC::DFG::NonSpeculativeJIT::silentSpillFPR):
2890         (JSC::DFG::NonSpeculativeJIT::silentFillGPR):
2891         (JSC::DFG::NonSpeculativeJIT::silentFillFPR):
2892         (JSC::DFG::NonSpeculativeJIT::silentSpillAllRegisters):
2893         (JSC::DFG::NonSpeculativeJIT::silentFillAllRegisters):
2894         * dfg/DFGRegisterBank.h:
2895         (JSC::DFG::RegisterBank::allocate):
2896         (JSC::DFG::RegisterBank::retain):
2897         (JSC::DFG::RegisterBank::release):
2898         (JSC::DFG::RegisterBank::lock):
2899         (JSC::DFG::RegisterBank::unlock):
2900         (JSC::DFG::RegisterBank::isLocked):
2901         (JSC::DFG::RegisterBank::name):
2902         (JSC::DFG::RegisterBank::iterator::name):
2903         (JSC::DFG::RegisterBank::iterator::isLocked):
2904         (JSC::DFG::RegisterBank::iterator::release):
2905         (JSC::DFG::RegisterBank::iterator::gpr):
2906         (JSC::DFG::RegisterBank::iterator::debugName):
2907         (JSC::DFG::RegisterBank::iterator::operator++):
2908         (JSC::DFG::RegisterBank::iterator::operator!=):
2909         (JSC::DFG::RegisterBank::iterator::index):
2910         (JSC::DFG::RegisterBank::iterator::iterator):
2911         (JSC::DFG::RegisterBank::begin):
2912         (JSC::DFG::RegisterBank::end):
2913         (JSC::DFG::RegisterBank::isLockedAtIndex):
2914         (JSC::DFG::RegisterBank::nameAtIndex):
2915         (JSC::DFG::RegisterBank::releaseAtIndex):
2916         (JSC::DFG::RegisterBank::allocateInternal):
2917         (JSC::DFG::RegisterBank::MapEntry::MapEntry):
2918         * dfg/DFGScoreBoard.h:
2919         (JSC::DFG::ScoreBoard::~ScoreBoard):
2920         * dfg/DFGSpeculativeJIT.cpp:
2921         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
2922         (JSC::DFG::SpeculationCheck::SpeculationCheck):
2923         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2924         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
2925         (JSC::DFG::SpeculativeJIT::compile):
2926         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2927         (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
2928         * dfg/DFGSpeculativeJIT.h:
2929         (JSC::DFG::SpeculateIntegerOperand::gpr):
2930
2931 2011-04-28  Oliver Hunt  <oliver@apple.com>
2932
2933         Reviewed by Gavin Barraclough.
2934
2935         Remove evil addressOfStructure() function
2936         https://bugs.webkit.org/show_bug.cgi?id=59739
2937
2938         Remove the addressOfStructure function from JSCell, and update
2939         callsites to use the same logic as testPrototype()
2940
2941         * jit/JITPropertyAccess.cpp:
2942         (JSC::JIT::privateCompileGetByIdProto):
2943         (JSC::JIT::privateCompileGetByIdProtoList):
2944         * jit/JITPropertyAccess32_64.cpp:
2945         (JSC::JIT::privateCompileGetByIdProto):
2946         (JSC::JIT::privateCompileGetByIdProtoList):
2947         * runtime/JSCell.h:
2948
2949 2011-04-28  Oliver Hunt  <oliver@apple.com>
2950
2951         Reviewed by Gavin Barraclough.
2952
2953         Clean up testPrototype()
2954         https://bugs.webkit.org/show_bug.cgi?id=59734
2955
2956         Remove direct pointer to the inside of a GC object and just do
2957         the indirect load manually.  Doesn't effect sunspider but does
2958         clean up the code quite a bit, and simplifies the handling of
2959         GC values.
2960
2961         * jit/JITPropertyAccess.cpp:
2962         (JSC::JIT::testPrototype):
2963
2964 2011-04-28  David Levin  <levin@chromium.org>
2965
2966         Build fix.
2967
2968         * wtf/RefCounted.h: Fix inverted ifdef.
2969
2970 2011-04-07  David Levin  <levin@chromium.org>
2971
2972         Reviewed by Darin Adler.
2973
2974         Add asserts to RefCounted to make sure ref/deref happens on the right thread.
2975         https://bugs.webkit.org/show_bug.cgi?id=31639
2976
2977         * GNUmakefile.list.am: Added new files to the build.
2978         * JavaScriptCore.gypi: Ditto.
2979         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
2980         * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
2981         * jit/ExecutableAllocator.h:
2982         (JSC::ExecutablePool::ExecutablePool): Turned off checks for this
2983         due to not being able to figure out what was guarding it (bug 58091).
2984         * parser/SourceProvider.h:
2985         (JSC::SourceProvider::SourceProvider): Ditto.
2986         * runtime/RegExp.cpp:
2987         (JSC::RegExp::RegExp): Ditto.
2988         * wtf/CMakeLists.txt: Added new files to the build.
2989         * wtf/ThreadRestrictionVerifier.h: Added.
2990         Everything is done in the header to avoid the issue with exports
2991         that are only useful in debug but still needing to export them.
2992         * wtf/RefCounted.h:
2993         (WTF::RefCountedBase::ref): Added checks using the non thread safe verifier.
2994         and filed bug 58171 about making it stricter.
2995         (WTF::RefCountedBase::hasOneRef): Ditto.
2996         (WTF::RefCountedBase::refCount): Ditto.
2997         (WTF::RefCountedBase::setMutexForVerifier): Expose a way to change the checks to be based
2998         on a mutex. This is in the header to avoid adding more exports from JavaScriptCore.
2999         (WTF::RefCountedBase::deprecatedTurnOffVerifier): Temporary way to turn off verification.
3000         Filed bug 58174 to remove this method.
3001         (WTF::RefCountedBase::derefBase):
3002         * wtf/SizeLimits.cpp: Adjusted the debug size check for RefCounted.
3003         * wtf/text/CString.h:
3004         (WTF::CStringBuffer::CStringBuffer): Turned off checks for this while a fix is being
3005         done in Chromium's test_shell (bug 58093).
3006
3007 2011-04-28  Xan Lopez  <xlopez@igalia.com>
3008
3009         Unreviewed attempt to fix the build.
3010
3011         * GNUmakefile.am: add -lpthread.
3012
3013 2011-04-28  Oliver Hunt  <oliver@apple.com>
3014
3015         Reviewed by Gavin Barraclough.
3016
3017         Only need a single implementation of testPrototype
3018         https://bugs.webkit.org/show_bug.cgi?id=59724
3019
3020         Remove excess copy of identical testPrototype() code
3021
3022         * jit/JITPropertyAccess.cpp:
3023         (JSC::JIT::testPrototype):
3024         * jit/JITPropertyAccess32_64.cpp:
3025
3026 2011-04-28  Xan Lopez  <xlopez@igalia.com>
3027
3028         Reviewed by Martin Robinson.
3029
3030         [Gtk] Split JSC and WebCore builds
3031         https://bugs.webkit.org/show_bug.cgi?id=19428
3032
3033         Build JavaScriptCore as a libtool shared library instead of a
3034         private convenience library.
3035
3036         * GNUmakefile.am: define new jsc library and adapt to new name for
3037         javascriptcore target.
3038         * GNUmakefile.list.am: ditto.
3039
3040 2011-04-28  David Kilzer  <ddkilzer@apple.com>
3041
3042         <http://webkit.org/b/59705> WTF::postTimer() leaks a CFRunLoopTimerRef every time it's called
3043
3044         Reviewed by Simon Fraser.
3045
3046         * wtf/mac/MainThreadMac.mm:
3047         (WTF::postTimer): Use RetainPtr to plug the leak.
3048
3049 2011-04-27  Sam Weinig  <sam@webkit.org>
3050
3051         Reviewed by David Kilzer.
3052
3053         Add way to install testapi in production builds
3054         https://bugs.webkit.org/show_bug.cgi?id=59674
3055
3056         * Configurations/TestAPI.xcconfig: Copied from Configurations/JavaScriptCore.xcconfig.
3057         Add configuration file for TestAPI. In addition to name, we now specify an install path
3058         and allow SKIP_INSTALL to be overridden by setting FORCE_TOOL_INSTALL.
3059
3060         * JavaScriptCore.xcodeproj/project.pbxproj:
3061         Remove in-project build settings and add missing configuration files. Added missing CompilerVersion.xcconfig
3062         file.
3063
3064 2011-04-27  Adam Barth  <abarth@webkit.org>
3065
3066         Reviewed by David Levin.
3067
3068         Enable strict OwnPtrs for Chromium
3069         https://bugs.webkit.org/show_bug.cgi?id=59666
3070
3071         * wtf/OwnPtr.h:
3072
3073 2011-04-27  Oliver Hunt  <oliver@apple.com>
3074
3075         Reviewed by Geoffrey Garen.
3076
3077         Add ability to remove keys from weakmap API
3078         https://bugs.webkit.org/show_bug.cgi?id=59645
3079
3080         Add JSWeakObjectMapRemove API
3081
3082         * API/JSWeakObjectMapRefPrivate.cpp:
3083         * API/JSWeakObjectMapRefPrivate.h:
3084         * JavaScriptCore.exp:
3085
3086 2011-04-27  Adam Barth  <abarth@webkit.org>
3087
3088         Reviewed by David Levin.
3089
3090         Enable strict mode for OwnPtr
3091         https://bugs.webkit.org/show_bug.cgi?id=59428
3092
3093         This patch enables strict mode for OwnPtr on PLATFORM(MAC) only.
3094
3095         * wtf/OwnPtr.h:
3096
3097 2011-04-27  Steve Block  <steveblock@google.com>
3098
3099         Reviewed by David Levin.
3100
3101         Remove Android build system
3102         https://bugs.webkit.org/show_bug.cgi?id=48111
3103
3104         This is to avoid the maintenance burden until the Android port is
3105         fully upstreamed.
3106
3107         * Android.mk: Removed.
3108         * Android.v8.wtf.mk: Removed.
3109
3110 2011-04-27  Mark Rowe  <mrowe@apple.com>
3111
3112         Fix 32-bit build after r85036.
3113
3114         * wtf/Platform.h: USE(PLUGIN_HOST_PROCESS) is only true for 64-bit.
3115
3116 2011-04-27  Csaba Osztrogonác  <ossy@webkit.org>
3117
3118         Unreviewed buildfix after r85036.
3119
3120         Readd non-dead code.
3121
3122         * wtf/OSAllocatorPosix.cpp:
3123         (WTF::OSAllocator::reserveAndCommit):
3124
3125 2011-04-27  Adam Barth  <abarth@webkit.org>
3126
3127         Reviewed by Kenneth Russell.
3128
3129         OwnPtr assignment operator should be private
3130         https://bugs.webkit.org/show_bug.cgi?id=59487
3131
3132         Unfortunately we can't remove the copy constructor because of some
3133         detail about gcc.  (The issue is documented in a comment already.)
3134
3135         * wtf/OwnPtr.h:
3136
3137 2011-04-26  Sheriff Bot  <webkit.review.bot@gmail.com>
3138
3139         Unreviewed, rolling out r84977.
3140         http://trac.webkit.org/changeset/84977
3141         https://bugs.webkit.org/show_bug.cgi?id=59568
3142
3143         caused crashes on the SL WK2 bots (Requested by jessieberlin
3144         on #webkit).
3145
3146         * assembler/MacroAssemblerX86_64.h:
3147         (JSC::MacroAssemblerX86_64::call):
3148         (JSC::MacroAssemblerX86_64::tailRecursiveCall):
3149         (JSC::MacroAssemblerX86_64::makeTailRecursiveCall):
3150
3151 2011-04-26  Kevin Ollivier  <kevino@theolliviers.com>
3152
3153         Rubberstamped by Eric Seidel.
3154
3155         Enable waf to be used to build other ports
3156         https://bugs.webkit.org/show_bug.cgi?id=58213
3157
3158         * wscript:
3159
3160 2011-04-26  Sam Weinig  <sam@webkit.org>
3161
3162         Reviewed by David Hyatt.
3163
3164         Remove Datagrid from the tree
3165         https://bugs.webkit.org/show_bug.cgi?id=59543
3166
3167         * Configurations/FeatureDefines.xcconfig:
3168         Remove feature.
3169
3170 2011-04-26  Adrienne Walker  <enne@google.com>
3171
3172         Reviewed by Geoffrey Garen.
3173
3174         Fix incorrect use of OwnPtr<T*> in GCActivityCallback
3175         https://bugs.webkit.org/show_bug.cgi?id=59559
3176
3177         * runtime/GCActivityCallback.h:
3178
3179 2011-04-26  Xan Lopez  <xlopez@igalia.com>
3180
3181         Reviewed by Daniel Bates.
3182
3183         Unused but set variable warning in MacroAssembelX86_64
3184         https://bugs.webkit.org/show_bug.cgi?id=59482
3185
3186         * assembler/MacroAssemblerX86_64.h:
3187         (JSC::MacroAssemblerX86_64::call): do not declare the label
3188         variable if we are not going to use it.
3189         (JSC::MacroAssemblerX86_64::tailRecursiveCall): ditto.
3190         (JSC::MacroAssemblerX86_64::makeTailRecursiveCall): ditto.
3191
3192 2011-04-26  Dan Bernstein  <mitz@apple.com>
3193
3194         Reviewed by Mark Rowe.
3195
3196         Choose the compiler based on the Xcode version for Snow Leopard debug builds.
3197
3198         * Configurations/Base.xcconfig:
3199         * Configurations/CompilerVersion.xcconfig: Added.
3200
3201 2011-04-25  Geoffrey Garen  <ggaren@apple.com>
3202
3203         Reviewed by Oliver Hunt.
3204
3205         Nixed special finalizer handling for WebCore strings
3206         https://bugs.webkit.org/show_bug.cgi?id=59425
3207         
3208         SunSpider reports no change.
3209         
3210         Not needed anymore, since weak handles have finalizers.
3211
3212         * runtime/JSString.cpp:
3213         (JSC::JSString::resolveRope):
3214         (JSC::JSString::resolveRopeSlowCase):
3215         (JSC::JSString::outOfMemory):
3216         (JSC::JSString::substringFromRope):
3217         (JSC::JSString::replaceCharacter): Updated for removal of union.
3218
3219         * runtime/JSString.h:
3220         (JSC::RopeBuilder::JSString):
3221         (JSC::RopeBuilder::~JSString):
3222         (JSC::RopeBuilder::appendStringInConstruct):
3223         (JSC::RopeBuilder::appendValueInConstructAndIncrementLength): No need for
3224         union or special constructor anymore.
3225
3226 2011-04-26  Gabor Loki  <loki@webkit.org>
3227
3228         Reviewed by Csaba Osztrogonác.
3229
3230         Speeding up SVG filters with multicore (SMP) support
3231         https://bugs.webkit.org/show_bug.cgi?id=43903
3232
3233         Some SVG filters execute a huge number of pixel manipulations, which
3234         cannot be sped up by graphics accelerators, since their algorithm is
3235         too complex. Using the power of Symmetric Multi Processing (SMP) we
3236         can split up a task to smaller (data independent) tasks, which can be
3237         executed independently.
3238
3239         The ParallelJobs framework provides a simple way for distributed
3240         programming. The framework is based on WebKit's threading infrastructure,
3241         Open Multi-Processing's (OpenMP) API, and libdispatch API.
3242
3243         * GNUmakefile.list.am:
3244         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
3245         * JavaScriptCore.xcodeproj/project.pbxproj:
3246         * wtf/CMakeLists.txt:
3247         * wtf/ParallelJobs.h: Added.
3248         (WTF::ParallelJobs::ParallelJobs):
3249         (WTF::ParallelJobs::numberOfJobs):
3250         (WTF::ParallelJobs::parameterForJob):
3251         (WTF::ParallelJobs::executeJobs):
3252         * wtf/ParallelJobsGeneric.cpp: Added.
3253         (WTF::ParallelEnvironment::ThreadPrivate::tryLockFor):
3254         (WTF::ParallelEnvironment::ThreadPrivate::executeJob):
3255         (WTF::ParallelEnvironment::ThreadPrivate::waitForFinish):
3256         (WTF::ParallelEnvironment::ThreadPrivate::workerThread):
3257         * wtf/ParallelJobsGeneric.h: Added.
3258         (WTF::ParallelEnvironment::ParallelEnvironment):
3259         (WTF::ParallelEnvironment::numberOfJobs):
3260         (WTF::ParallelEnvironment::parameterForJob):
3261         (WTF::ParallelEnvironment::executeJobs):
3262         (WTF::ParallelEnvironment::ThreadPrivate::ThreadPrivate):
3263         (WTF::ParallelEnvironment::ThreadPrivate::create):
3264         * wtf/ParallelJobsLibdispatch.h: Added.
3265         (WTF::ParallelEnvironment::ParallelEnvironment):
3266         (WTF::ParallelEnvironment::numberOfJobs):
3267         (WTF::ParallelEnvironment::parameterForJob):
3268         (WTF::ParallelEnvironment::executeJobs):
3269         * wtf/ParallelJobsOpenMP.h: Added.
3270         (WTF::ParallelEnvironment::ParallelEnvironment):
3271         (WTF::ParallelEnvironment::numberOfJobs):
3272         (WTF::ParallelEnvironment::parameterForJob):
3273         (WTF::ParallelEnvironment::executeJobs):
3274         * wtf/Platform.h:
3275         * wtf/wtf.pri:
3276
3277 2011-04-26  Mihai Parparita  <mihaip@chromium.org>
3278
3279         Reviewed by Adam Barth.
3280
3281         Turn off make built-in implicit rules for derived sources makefile
3282         https://bugs.webkit.org/show_bug.cgi?id=59418
3283         
3284         We don't use any of make's built-in implicit rules, turning them off
3285         speeds up parsing of the makefile.
3286
3287         * JavaScriptCore.xcodeproj/project.pbxproj:
3288         * gyp/generate-derived-sources.sh:
3289
3290 2011-04-25  Geoffrey Garen  <ggaren@apple.com>
3291
3292         Reviewed by Oliver Hunt.
3293
3294         Custom prototypes on DOM objects don't persist after garbage collection
3295         https://bugs.webkit.org/show_bug.cgi?id=59412
3296         
3297         SunSpider reports no change.
3298         
3299         The hasCustomProperties() check didn't check for a custom prototype.
3300
3301         * runtime/JSObject.h:
3302         (JSC::JSObject::hasCustomProperties): Changed to delegate to Structure
3303         because it is the "truth" about an object's pedigree.
3304
3305         * runtime/Structure.cpp:
3306         (JSC::Structure::Structure):
3307         * runtime/Structure.h:
3308         (JSC::Structure::didTransition): Track whether a Structure has ever
3309         transitioned for any reason. If so, we have to assume that the object
3310         holding it is custom in some way.
3311
3312 2011-04-25  Gavin Barraclough  <barraclough@apple.com>
3313
3314         Reviewed by Geoff Garen.
3315
3316         https://bugs.webkit.org/show_bug.cgi?id=59405
3317         DFG JIT - add type speculation for integer & array types, for vars & args.
3318
3319         If a var or argument is used as the base for a GetByVal or PutByVal access
3320         we are speculating that it is of type Array (we only generate code on the
3321         speculative path to perform array accesses). By typing the var or args slot
3322         as Array, and checking on entry to the function (in the case of args), and
3323         each time the local is written to, we can avoid a type check at each point
3324         the array is accessed. This will typically hoist type checks out of loops.
3325
3326         Similarly, any local that is incremented or decremented, or is the input or
3327         output or a bitwise operator, is likely to be an integer. By typing the
3328         local as int32 we can avoid speculation checks on access, and tagging when
3329         writing to the slot. All accesses can become 32bit instead of 64.
3330
3331         * dfg/DFGByteCodeParser.cpp:
3332         (JSC::DFG::ByteCodeParser::set):
3333         (JSC::DFG::ByteCodeParser::predictArray):
3334         (JSC::DFG::ByteCodeParser::predictInt32):
3335         (JSC::DFG::ByteCodeParser::parseBlock):
3336         * dfg/DFGGraph.h:
3337         (JSC::DFG::PredictionSlot::PredictionSlot):
3338         (JSC::DFG::Graph::Graph):
3339         (JSC::DFG::Graph::predict):
3340         (JSC::DFG::Graph::getPrediction):
3341         * dfg/DFGJITCompiler.cpp:
3342         (JSC::DFG::JITCompiler::compileFunction):
3343         * dfg/DFGJITCompiler.h:
3344         (JSC::DFG::JITCompiler::tagFor):
3345         (JSC::DFG::JITCompiler::payloadFor):
3346         * dfg/DFGNode.h:
3347         * dfg/DFGNonSpeculativeJIT.cpp:
3348         (JSC::DFG::NonSpeculativeJIT::compile):
3349         * dfg/DFGSpeculativeJIT.cpp:
3350         (JSC::DFG::SpeculativeJIT::compile):
3351         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
3352         (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
3353         * dfg/DFGSpeculativeJIT.h:
3354         * runtime/Executable.cpp:
3355         (JSC::tryDFGCompile):
3356
3357 2011-04-25  David Levin  <levin@chromium.org>
3358
3359         Reviewed by James Robinson.
3360
3361         Fix OwnPtr strict mode violation in MessageQueue.h
3362         https://bugs.webkit.org/show_bug.cgi?id=59400
3363
3364         * wtf/MessageQueue.h:
3365         (WTF::::waitForMessage):
3366         (WTF::::waitForMessageFilteredWithTimeout):
3367         (WTF::::tryGetMessage):
3368
3369 2011-04-25  Adam Barth  <abarth@webkit.org>
3370
3371         Reviewed by Darin Adler.
3372
3373         JavaScriptCore should play nice strict OwnPtrs
3374         https://bugs.webkit.org/show_bug.cgi?id=59401
3375
3376         * dfg/DFGByteCodeParser.cpp:
3377         (JSC::DFG::ByteCodeParser::parse):
3378         * heap/Heap.cpp:
3379         (JSC::TypeCounter::TypeCounter):
3380         * jit/JITStubs.cpp:
3381         (JSC::JITThunks::JITThunks):
3382         * parser/JSParser.cpp:
3383         (JSC::JSParser::Scope::Scope):
3384         * yarr/YarrJIT.cpp:
3385         (JSC::Yarr::YarrGenerator::GenerationState::addParenthesesTail):
3386
3387 2011-04-25  Mark Rowe  <mrowe@apple.com>
3388
3389         Build fix.
3390
3391         * wtf/ListHashSet.h:
3392
3393 2011-04-25  Gavin Barraclough  <barraclough@apple.com>
3394
3395         Reviewed by Oliver Hunt.
3396
3397         Bug 59370 - DFG JIT - fix leak of BlocksBlocks
3398         (put the blocks immediately into an OwnPtr).
3399
3400         * dfg/DFGByteCodeParser.cpp:
3401         (JSC::DFG::ByteCodeParser::parse):
3402
3403 2011-04-25  James Robinson  <jamesr@chromium.org>
3404
3405         Reviewed by David Levin.
3406
3407         Fix strict OwnPtr violations in ListHashSet and RenderLayerCompositor
3408         https://bugs.webkit.org/show_bug.cgi?id=59353
3409
3410         * wtf/ListHashSet.h:
3411         (WTF::::ListHashSet):
3412
3413 2011-04-25  David Levin  <levin@chromium.org>
3414
3415         Reviewed by Adam Barth.
3416
3417         Fix PassOwnPtr issues in Structure and JSGlobalData.cpp
3418         https://bugs.webkit.org/show_bug.cgi?id=59347
3419
3420         * runtime/JSGlobalData.cpp:
3421         (JSC::JSGlobalData::JSGlobalData):
3422         * runtime/Structure.cpp:
3423         (JSC::Structure::copyPropertyTable):
3424         (JSC::Structure::createPropertyMap):
3425         * runtime/Structure.h:
3426
3427 2011-04-25  Oliver Hunt  <oliver@apple.com>
3428
3429         Reviewed by Geoffrey Garen.
3430
3431         Make ClassInfo required when creating a Structure
3432         https://bugs.webkit.org/show_bug.cgi?id=59340
3433
3434         Add ClassInfo to all those types which currently don't
3435         have it, and add an assertion to Structure::create to
3436         ensure that the provided classInfo is not null.
3437
3438         * runtime/Executable.h:
3439         (JSC::EvalExecutable::createStructure):
3440         (JSC::ProgramExecutable::createStructure):
3441         (JSC::FunctionExecutable::createStructure):
3442         * runtime/GetterSetter.cpp:
3443         * runtime/GetterSetter.h:
3444         (JSC::GetterSetter::createStructure):
3445         * runtime/JSAPIValueWrapper.cpp:
3446         * runtime/JSAPIValueWrapper.h:
3447         (JSC::JSAPIValueWrapper::createStructure):
3448         * runtime/JSCell.cpp:
3449         * runtime/JSCell.h:
3450         * runtime/JSString.cpp:
3451         * runtime/JSString.h:
3452         (JSC::RopeBuilder::createStructure):
3453         * runtime/Structure.h:
3454         (JSC::Structure::create):
3455         (JSC::JSCell::createDummyStructure):
3456
3457 2011-04-25  David Levin  <levin@chromium.org>
3458
3459         Reviewed by Adam Barth.
3460
3461         PropertyMapHashTable.h should use adoptPtr instead of implicit conversions to PassRefPtr.
3462         https://bugs.webkit.org/show_bug.cgi?id=59342
3463
3464         This patch is to prepare for the strict OwnPtr hack-a-thon.
3465
3466         * runtime/PropertyMapHashTable.h:
3467         (JSC::PropertyTable::copy):
3468
3469 2011-04-25  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
3470
3471         Reviewed by Gavin Barraclough.
3472
3473         Rationalize MacroAssembler branch methods
3474         https://bugs.webkit.org/show_bug.cgi?id=58950
3475
3476         split out the 'Condition' enum into 'RelationalCondition' and 'ResultCondition' 
3477         and apply related changes (only for SH4 platforms).
3478
3479         * assembler/MacroAssemblerSH4.cpp:
3480         * assembler/MacroAssemblerSH4.h:
3481         (JSC::MacroAssemblerSH4::compare32):
3482         (JSC::MacroAssemblerSH4::branch32WithUnalignedHalfWords):
3483         (JSC::MacroAssemblerSH4::branchDouble):
3484         (JSC::MacroAssemblerSH4::branch32):
3485         (JSC::MacroAssemblerSH4::branchTest8):
3486         (JSC::MacroAssemblerSH4::branch8):
3487         (JSC::MacroAssemblerSH4::branchTruncateDoubleToInt32):
3488         (JSC::MacroAssemblerSH4::test8):
3489         (JSC::MacroAssemblerSH4::branch16):
3490         (JSC::MacroAssemblerSH4::branchTest32):
3491         (JSC::MacroAssemblerSH4::branchAdd32):
3492         (JSC::MacroAssemblerSH4::branchMul32):
3493         (JSC::MacroAssemblerSH4::branchSub32):
3494         (JSC::MacroAssemblerSH4::branchOr32):
3495         (JSC::MacroAssemblerSH4::branchConvertDoubleToInt32):
3496         (JSC::MacroAssemblerSH4::branchPtrWithPatch):
3497         (JSC::MacroAssemblerSH4::SH4Condition):
3498         * assembler/SH4Assembler.h:
3499         (JSC::SH4Assembler::cmpEqImmR0):
3500
3501 2011-04-25  Adam Barth  <abarth@webkit.org>
3502
3503         Reviewed by Eric Seidel.
3504
3505         PropertyMapHashTable should work with strict OwnPtr
3506         https://bugs.webkit.org/show_bug.cgi?id=59337
3507
3508         This patch is in preparation for the strict OwnPtr hack-a-thon.
3509
3510         * runtime/PropertyMapHashTable.h:
3511         (JSC::PropertyTable::PropertyTable):
3512         (JSC::PropertyTable::addDeletedOffset):
3513
3514 2011-04-25  Geoffrey Garen  <ggaren@apple.com>
3515
3516         Reviewed by Sam Weinig.
3517
3518         Nixed MarkStack::deprecatedAppend, since it has no clients left.
3519
3520         * heap/MarkStack.h:
3521
3522 2011-04-23  Gavin Barraclough  <barraclough@apple.com>
3523
3524         Reviewed by Oliver Hunt.
3525
3526         Bug 59287 - DFG JIT - Handle temporaries as vars, allowing support for ?:
3527
3528         SetLocals to temporaries will only be generated if they are used within other
3529         blocks, due to the SSA based DCE.
3530
3531         * dfg/DFGByteCodeParser.cpp:
3532         (JSC::DFG::ByteCodeParser::ByteCodeParser):
3533         (JSC::DFG::ByteCodeParser::get):
3534         (JSC::DFG::ByteCodeParser::set):
3535         (JSC::DFG::ByteCodeParser::getLocal):
3536         (JSC::DFG::ByteCodeParser::setLocal):
3537         (JSC::DFG::ByteCodeParser::parseBlock):
3538         (JSC::DFG::ByteCodeParser::processPhiStack):
3539         (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
3540         (JSC::DFG::ByteCodeParser::parse):
3541         * dfg/DFGGraph.h:
3542         (JSC::DFG::BasicBlock::BasicBlock):
3543
3544 2011-04-22  Gavin Barraclough  <barraclough@apple.com>
3545
3546         Reviewed by Sam Weinig & Geoff Garen.
3547
3548         Bug 59266 - DFG JIT - Add SSA style DCE
3549
3550         This works by making GetLocal nodes reference SetLocal nodes from prior blocks,
3551         via intermediate Phi nodes. Whenever we add a GetLocal to the graph, also add a
3552         matching child Phi, and add the Phi to a work queue to add references to prior
3553         definitions once we have the full CFG & can determine predecessors. This process
3554         is iterative, inserting new phis into predecessors as necessary.
3555
3556         * dfg/DFGByteCodeParser.cpp:
3557         (JSC::DFG::ByteCodeParser::getVariable):
3558         (JSC::DFG::ByteCodeParser::setVariable):
3559         (JSC::DFG::ByteCodeParser::getArgument):
3560         (JSC::DFG::ByteCodeParser::setArgument):
3561         (JSC::DFG::ByteCodeParser::parseBlock):
3562         (JSC::DFG::ByteCodeParser::processWorkQueue):
3563         (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
3564         (JSC::DFG::ByteCodeParser::parse):
3565         * dfg/DFGGraph.cpp:
3566         (JSC::DFG::Graph::dump):
3567         (JSC::DFG::Graph::refChildren):
3568         * dfg/DFGGraph.h:
3569         (JSC::DFG::Graph::ref):
3570         * dfg/DFGNode.h:
3571         (JSC::DFG::Node::ref):
3572         * dfg/DFGNonSpeculativeJIT.cpp:
3573         (JSC::DFG::NonSpeculativeJIT::compile):
3574         * dfg/DFGScoreBoard.h:
3575         (JSC::DFG::ScoreBoard::~ScoreBoard):
3576         (JSC::DFG::ScoreBoard::dump):
3577         * dfg/DFGSpeculativeJIT.cpp:
3578         (JSC::DFG::SpeculativeJIT::compile):
3579
3580 2011-04-22  Vitaly Repeshko  <vitalyr@chromium.org>
3581
3582         Reviewed by Adam Barth.
3583
3584         Add missing default constructors for HashMap iterator specializations.
3585         https://bugs.webkit.org/show_bug.cgi?id=59250
3586
3587         * wtf/HashIterators.h:
3588         * wtf/HashTable.h:
3589         (WTF::HashTableConstIterator::HashTableConstIterator): Added cast
3590         to help compiler find the function template.
3591
3592 2011-04-22  Gavin Barraclough  <barraclough@apple.com>
3593
3594         Reviewed by Sam Weinig.
3595
3596         Bug 59262 - DFG JIT - reduce size of VariableRecord
3597
3598         We never need both the get & set node, only the most recent
3599         (which is always a set, if both exist).
3600
3601         * dfg/DFGByteCodeParser.cpp:
3602         (JSC::DFG::ByteCodeParser::getVariable):
3603         (JSC::DFG::ByteCodeParser::setVariable):
3604         (JSC::DFG::ByteCodeParser::getArgument):
3605         (JSC::DFG::ByteCodeParser::setArgument):
3606         (JSC::DFG::ByteCodeParser::parseBlock):
3607         * dfg/DFGGraph.h:
3608         (JSC::DFG::VariableRecord::VariableRecord):
3609
3610 2011-04-22  Gavin Barraclough  <barraclough@apple.com>
3611
3612         Reviewed by Geoffrey Garen.
3613
3614         Bug 59254 - DFG JIT - retain VariableRecords for args/var in all basic blocks,
3615         such that this information is available for DCE.  Also, since this enlarges the
3616         size of BasicBlock, make Graph hold a vector of pointers to basic blocks, not a
3617         vector of blocks.
3618
3619         * dfg/DFGByteCodeParser.cpp:
3620         (JSC::DFG::ByteCodeParser::ByteCodeParser):
3621         (JSC::DFG::ByteCodeParser::get):
3622         (JSC::DFG::ByteCodeParser::set):
3623         (JSC::DFG::ByteCodeParser::getVariable):
3624         (JSC::DFG::ByteCodeParser::setVariable):
3625         (JSC::DFG::ByteCodeParser::getArgument):
3626         (JSC::DFG::ByteCodeParser::setArgument):
3627         (JSC::DFG::ByteCodeParser::parseBlock):
3628         (JSC::DFG::ByteCodeParser::setupPredecessors):
3629         (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
3630         (JSC::DFG::ByteCodeParser::parse):
3631         * dfg/DFGGraph.cpp:
3632         (JSC::DFG::Graph::dump):
3633         * dfg/DFGGraph.h:
3634         (JSC::DFG::VariableRecord::VariableRecord):
3635         (JSC::DFG::BasicBlock::BasicBlock):
3636         (JSC::DFG::BasicBlock::getBytecodeBegin):
3637         (JSC::DFG::Graph::blockIndexForBytecodeOffset):
3638         (JSC::DFG::Graph::blockForBytecodeOffset):
3639         * dfg/DFGNonSpeculativeJIT.cpp:
3640         (JSC::DFG::NonSpeculativeJIT::compile):
3641         * dfg/DFGSpeculativeJIT.cpp:
3642         (JSC::DFG::SpeculativeJIT::compile):
3643         * dfg/DFGSpeculativeJIT.h:
3644         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
3645
3646 2011-04-22  Gavin Barraclough  <barraclough@apple.com>
3647
3648         Errk, build fix.
3649
3650         * dfg/DFGSpeculativeJIT.cpp:
3651         (JSC::DFG::SpeculativeJIT::compile):
3652
3653 2011-04-22  Gavin Barraclough  <barraclough@apple.com>
3654
3655         Reviewed by Sam Weinig.
3656
3657         Quick cleanup to SpeculativeJIT/NonSpeculativeJIT compile loop,
3658         move out the call to checkConsistency().
3659
3660         * dfg/DFGNonSpeculativeJIT.cpp:
3661         (JSC::DFG::NonSpeculativeJIT::compile):
3662         * dfg/DFGSpeculativeJIT.cpp:
3663         (JSC::DFG::SpeculativeJIT::compile):
3664         * dfg/DFGSpeculativeJIT.h:
3665         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
3666         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
3667
3668 2011-04-21  Vitaly Repeshko  <vitalyr@chromium.org>
3669
3670         Reviewed by Adam Barth.
3671
3672         Provide default constructors for HashMap iterators.
3673         https://bugs.webkit.org/show_bug.cgi?id=59151
3674
3675         These will be used to implement an iterator over EventTarget's
3676         listeners.
3677
3678         * wtf/HashTable.h:
3679         (WTF::HashTableConstIteratorAdapter::HashTableConstIteratorAdapter):
3680         (WTF::HashTableIteratorAdapter::HashTableIteratorAdapter):
3681
3682 2011-04-22  Gavin Barraclough  <barraclough@apple.com>
3683
3684         Reviewed by Geoff Garen.
3685
3686         Bug 59232 - DFG JIT - Add predecessor links to BasicBlocks
3687
3688         These will be necessary for DCE support.
3689         Also factor allocateVirtualRegisters out into its own method.
3690
3691         * dfg/DFGByteCodeParser.cpp:
3692         (JSC::DFG::ByteCodeParser::setupPredecessors):
3693         (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
3694         (JSC::DFG::ByteCodeParser::parse):
3695         * dfg/DFGGraph.h:
3696         (JSC::DFG::Graph::blockForBytecodeOffset):
3697         * dfg/DFGNode.h:
3698         (JSC::DFG::Node::isTerminal):
3699
3700 2011-04-22  Oliver Hunt  <oliver@apple.com>
3701
3702         Reviewed by Geoffrey Garen.
3703
3704         Object.create creates uncachable objects
3705         https://bugs.webkit.org/show_bug.cgi?id=59164
3706
3707         Use the prototype object's inheritorID, as we
3708         should always have done
3709
3710         * runtime/JSGlobalObject.cpp:
3711         (JSC::JSGlobalObject::reset):
3712         (JSC::JSGlobalObject::visitChildren):
3713         * runtime/JSGlobalObject.h:
3714         (JSC::JSGlobalObject::nullPrototypeObjectStructure):
3715         * runtime/ObjectConstructor.cpp:
3716         (JSC::objectConstructorCreate):
3717
3718 2011-04-22  Gavin Barraclough  <barraclough@apple.com>
3719
3720         Reviewed by Sam Weinig.
3721
3722         Bug 59222 - DFG JIT - don't allocate virtual registers to nodes with no result
3723
3724         We currently allocate virtual registers to nodes which have no result - these are
3725         clearly unused, and may result in us allocating a larger than necessary stack frame.
3726
3727         Encapsulate Node::virtualRegister such that we can ASSERT this is only called on
3728         nodes that have results, and improve the quality of output from the consistency check.
3729
3730         * dfg/DFGByteCodeParser.cpp:
3731         (JSC::DFG::ByteCodeParser::parse):
3732         * dfg/DFGGraph.cpp:
3733         (JSC::DFG::Graph::dump):
3734         * dfg/DFGGraph.h:
3735         (JSC::DFG::Graph::ref):
3736         (JSC::DFG::Graph::deref):
3737         * dfg/DFGJITCodeGenerator.cpp:
3738         (JSC::DFG::JITCodeGenerator::fillInteger):
3739         (JSC::DFG::JITCodeGenerator::fillDouble):
3740         (JSC::DFG::JITCodeGenerator::fillJSValue):
3741         (JSC::DFG::JITCodeGenerator::dump):
3742         (JSC::DFG::JITCodeGenerator::checkConsistency):
3743         * dfg/DFGJITCodeGenerator.h:
3744         (JSC::DFG::JITCodeGenerator::canReuse):
3745         (JSC::DFG::JITCodeGenerator::isFilled):
3746         (JSC::DFG::JITCodeGenerator::isFilledDouble):
3747         (JSC::DFG::JITCodeGenerator::use):
3748         (JSC::DFG::JITCodeGenerator::integerResult):
3749         (JSC::DFG::JITCodeGenerator::noResult):
3750         (JSC::DFG::JITCodeGenerator::cellResult):
3751         (JSC::DFG::JITCodeGenerator::jsValueResult):
3752         (JSC::DFG::JITCodeGenerator::doubleResult):
3753         (JSC::DFG::JITCodeGenerator::initConstantInfo):
3754         * dfg/DFGJITCompiler.cpp:
3755         (JSC::DFG::JITCompiler::fillNumericToDouble):
3756         (JSC::DFG::JITCompiler::fillInt32ToInteger):
3757         (JSC::DFG::JITCompiler::fillToJS):
3758         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
3759         * dfg/DFGNode.h:
3760         (JSC::DFG::Node::Node):
3761         (JSC::DFG::Node::hasResult):
3762         (JSC::DFG::Node::virtualRegister):
3763         (JSC::DFG::Node::setVirtualRegister):
3764         (JSC::DFG::Node::refCount):
3765         (JSC::DFG::Node::ref):
3766         (JSC::DFG::Node::deref):
3767         (JSC::DFG::Node::adjustedRefCount):
3768         * dfg/DFGNonSpeculativeJIT.cpp:
3769         (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
3770         (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
3771         (JSC::DFG::NonSpeculativeJIT::compile):
3772         * dfg/DFGScoreBoard.h:
3773         (JSC::DFG::ScoreBoard::use):
3774         * dfg/DFGSpeculativeJIT.cpp:
3775         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
3776         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
3777         (JSC::DFG::SpeculativeJIT::compile):
3778
3779 2011-04-22  Sam Weinig  <sam@webkit.org>
3780
3781         Reviewed by Gavin Barraclough and Oliver Hunt.
3782
3783         Arrays should participate in global object forwarding fun
3784         https://bugs.webkit.org/show_bug.cgi?id=59215
3785
3786         * runtime/JSGlobalObject.h:
3787         (JSC::constructEmptyArray):
3788         (JSC::constructArray):
3789         Add variants of constructArray that take a global object.
3790
3791 2011-04-22  Sheriff Bot  <webkit.review.bot@gmail.com>
3792
3793         Unreviewed, rolling out r84650 and r84654.
3794         http://trac.webkit.org/changeset/84650
3795         http://trac.webkit.org/changeset/84654
3796         https://bugs.webkit.org/show_bug.cgi?id=59218
3797
3798         Broke Windows build (Requested by bweinstein on #webkit).
3799
3800         * API/JSCallbackObjectFunctions.h:
3801         (JSC::::init):
3802         * JavaScriptCore.exp:
3803         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3804         * heap/Handle.h:
3805         (JSC::HandleBase::operator!):
3806         (JSC::HandleBase::operator UnspecifiedBoolType*):
3807         (JSC::HandleTypes::getFromSlot):
3808         * heap/HandleHeap.cpp:
3809         (JSC::HandleHeap::markStrongHandles):
3810         (JSC::HandleHeap::markWeakHandles):
3811         (JSC::HandleHeap::finalizeWeakHandles):
3812         (JSC::HandleHeap::writeBarrier):
3813         (JSC::HandleHeap::protectedGlobalObjectCount):
3814         (JSC::HandleHeap::isValidWeakNode):
3815         * heap/HandleHeap.h:
3816         (JSC::HandleHeap::copyWeak):
3817         (JSC::HandleHeap::makeWeak):
3818         (JSC::HandleHeap::Node::slot):
3819         * heap/HandleStack.cpp:
3820         (JSC::HandleStack::mark):
3821         (JSC::HandleStack::grow):
3822         * heap/HandleStack.h:
3823         (JSC::HandleStack::zapTo):
3824         (JSC::HandleStack::push):
3825         * heap/Heap.cpp:
3826         (JSC::HandleHeap::protectedObjectTypeCounts):
3827         * heap/Local.h:
3828         (JSC::::set):
3829         * heap/Strong.h:
3830         (JSC::Strong::set):
3831         * heap/Weak.h:
3832         (JSC::Weak::set):
3833         * runtime/StructureTransitionTable.h:
3834         (JSC::StructureTransitionTable::singleTransition):
3835         (JSC::StructureTransitionTable::setSingleTransition):
3836         * runtime/WeakGCMap.h:
3837         (JSC::WeakGCMap::add):
3838         (JSC::WeakGCMap::set):
3839         * runtime/WriteBarrier.h:
3840
3841 2011-04-22  Brian Weinstein  <bweinstein@apple.com>
3842
3843         Part of Windows build fix from r84650.
3844
3845         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3846
3847 2011-04-22  Oliver Hunt  <oliver@apple.com>
3848
3849         Reviewed by Geoffrey Garen.
3850
3851         Make it harder to use HandleSlot incorrectly
3852         https://bugs.webkit.org/show_bug.cgi?id=59205
3853
3854         Just add a little type fudging to make it harder to
3855         incorrectly assign through a HandleSlot.
3856
3857         * API/JSCallbackObjectFunctions.h:
3858         (JSC::::init):
3859         * JavaScriptCore.exp:
3860         * heap/Handle.h:
3861         (JSC::HandleBase::operator!):
3862         (JSC::HandleBase::operator UnspecifiedBoolType*):
3863         (JSC::HandleTypes::getFromSlot):
3864         * heap/HandleHeap.cpp:
3865         (JSC::HandleHeap::markStrongHandles):
3866         (JSC::HandleHeap::markWeakHandles):
3867         (JSC::HandleHeap::finalizeWeakHandles):
3868         (JSC::HandleHeap::writeBarrier):
3869         (JSC::HandleHeap::protectedGlobalObjectCount):
3870         (JSC::HandleHeap::isValidWeakNode):
3871         * heap/HandleHeap.h:
3872         (JSC::HandleHeap::copyWeak):
3873         (JSC::HandleHeap::makeWeak):
3874         (JSC::HandleHeap::Node::slot):
3875         * heap/HandleStack.cpp:
3876         (JSC::HandleStack::mark):
3877         (JSC::HandleStack::grow):
3878         * heap/HandleStack.h:
3879         (JSC::HandleStack::zapTo):
3880         (JSC::HandleStack::push):
3881         * heap/Heap.cpp:
3882         (JSC::HandleHeap::protectedObjectTypeCounts):
3883         * heap/Local.h:
3884         (JSC::::set):
3885         * heap/Strong.h:
3886         (JSC::Strong::set):
3887         * heap/Weak.h:
3888         (JSC::Weak::set):
3889         * runtime/StructureTransitionTable.h:
3890         (JSC::StructureTransitionTable::singleTransition):
3891         (JSC::StructureTransitionTable::setSingleTransition):
3892         * runtime/WeakGCMap.h:
3893         (JSC::WeakGCMap::add):
3894         (JSC::WeakGCMap::set):
3895         * runtime/WriteBarrier.h:
3896         (JSC::OpaqueJSValue::toJSValue):
3897         (JSC::OpaqueJSValue::toJSValueRef):
3898         (JSC::OpaqueJSValue::fromJSValue):
3899
3900 2011-04-22  Patrick Gansterer  <paroga@webkit.org>
3901
3902         Unreviewed. Build fix for ENABLE(INTERPRETER) after r84556.
3903
3904         * bytecode/CodeBlock.cpp:
3905         (JSC::CodeBlock::visitAggregate):
3906
3907 2011-04-21  Sheriff Bot  <webkit.review.bot@gmail.com>
3908
3909         Unreviewed, rolling out r84583.
3910         http://trac.webkit.org/changeset/84583
3911         https://bugs.webkit.org/show_bug.cgi?id=59173
3912
3913         "broke
3914         http://trac.webkit.org/export/84593/trunk/LayoutTests/fast/js
3915         /Object-create.html" (Requested by ggaren on #webkit).
3916
3917         * runtime/ObjectConstructor.cpp:
3918         (JSC::objectConstructorCreate):
3919
3920 2011-04-21  Maciej Stachowiak  <mjs@apple.com>
3921
3922         Reviewed by Adam Roben.
3923
3924         Add a feature define to allow <details> and <summary> to be disabled
3925         https://bugs.webkit.org/show_bug.cgi?id=59118
3926         <rdar://problem/9257045>
3927
3928         * Configurations/FeatureDefines.xcconfig:
3929
3930 2011-04-21  Oliver Hunt  <oliver@apple.com>
3931
3932         Reviewed by Geoffrey Garen.
3933
3934         Object.create creates uncachable objects
3935         https://bugs.webkit.org/show_bug.cgi?id=59164
3936
3937         Use the prototype object's inheritorID, as we
3938         should always have done
3939
3940         * runtime/ObjectConstructor.cpp:
3941         (JSC::objectConstructorCreate):
3942
3943 2011-04-21  Oliver Hunt  <oliver@apple.com>
3944
3945         Reviewed by Geoffrey Garen.
3946
3947         Start moving to a general visitor pattern for GC traversal
3948         https://bugs.webkit.org/show_bug.cgi?id=59141
3949
3950         This is just a rename:
3951             markChildren -> visitChildren
3952             markAggregate -> visitAggregate
3953             markStack -> visitor
3954             MarkStack -> typedef'd to SlotVisitor
3955
3956         * API/JSCallbackObject.h:
3957         (JSC::JSCallbackObjectData::visitChildren):
3958         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
3959         (JSC::JSCallbackObject::visitChildren):
3960         * JavaScriptCore.exp:
3961         * bytecode/CodeBlock.cpp:
3962         (JSC::CodeBlock::visitStructures):
3963         (JSC::EvalCodeCache::visitAggregate):
3964         (JSC::CodeBlock::visitAggregate):
3965         * bytecode/CodeBlock.h:
3966         * bytecode/EvalCodeCache.h:
3967         * bytecode/Instruction.h:
3968         (JSC::PolymorphicAccessStructureList::visitAggregate):
3969         * bytecode/StructureStubInfo.cpp:
3970         (JSC::StructureStubInfo::visitAggregate):
3971         * bytecode/StructureStubInfo.h:
3972         * debugger/DebuggerActivation.cpp:
3973         (JSC::DebuggerActivation::visitChildren):
3974         * debugger/DebuggerActivation.h:
3975         * heap/HandleHeap.cpp:
3976         (JSC::WeakHandleOwner::isReachableFromOpaqueRoots):
3977         (JSC::HandleHeap::markStrongHandles):
3978         (JSC::HandleHeap::markWeakHandles):
3979         * heap/HandleHeap.h:
3980         * heap/HandleStack.cpp:
3981         (JSC::HandleStack::mark):
3982         * heap/HandleStack.h:
3983         * heap/Heap.cpp:
3984         (JSC::Heap::markProtectedObjects):
3985         (JSC::Heap::markTempSortVectors):
3986         (JSC::Heap::markRoots):
3987         * heap/Heap.h:
3988         * heap/MarkStack.cpp:
3989         (JSC::MarkStack::visitChildren):
3990         (JSC::MarkStack::drain):
3991         * heap/MarkStack.h:
3992         (JSC::HeapRootVisitor::HeapRootVisitor):
3993         (JSC::HeapRootVisitor::mark):
3994         (JSC::HeapRootVisitor::visitor):
3995         * heap/MarkedSpace.h:
3996         * runtime/ArgList.cpp:
3997         (JSC::MarkedArgumentBuffer::markLists):
3998         * runtime/ArgList.h:
3999         * runtime/Arguments.cpp:
4000         (JSC::Arguments::visitChildren):
4001         * runtime/Arguments.h:
4002         * runtime/Executable.cpp:
4003         (JSC::EvalExecutable::visitChildren):
4004         (JSC::ProgramExecutable::visitChildren):
4005         (JSC::FunctionExecutable::visitChildren):
4006         * runtime/Executable.h:
4007         * runtime/GetterSetter.cpp:
4008         (JSC::GetterSetter::visitChildren):
4009         * runtime/GetterSetter.h:
4010         (JSC::GetterSetter::createStructure):
4011         * runtime/JSAPIValueWrapper.h:
4012         (JSC::JSAPIValueWrapper::createStructure):
4013         * runtime/JSActivation.cpp:
4014         (JSC::JSActivation::visitChildren):
4015         * runtime/JSActivation.h:
4016         * runtime/JSArray.cpp:
4017         (JSC::JSArray::visitChildren):
4018         * runtime/JSArray.h:
4019         (JSC::JSArray::visitDirect):
4020         * runtime/JSCell.h:
4021         (JSC::JSCell::JSCell::visitChildren):
4022         * runtime/JSFunction.cpp:
4023         (JSC::JSFunction::visitChildren):
4024         * runtime/JSFunction.h:
4025         * runtime/JSGlobalObject.cpp:
4026         (JSC::visitIfNeeded):
4027         (JSC::JSGlobalObject::visitChildren):
4028         * runtime/JSGlobalObject.h:
4029         * runtime/JSONObject.cpp:
4030         * runtime/JSObject.cpp:
4031         (JSC::JSObject::visitChildren):
4032         * runtime/JSObject.h:
4033         (JSC::JSObject::visitDirect):
4034         * runtime/JSPropertyNameIterator.cpp:
4035         (JSC::JSPropertyNameIterator::visitChildren):
4036         * runtime/JSPropertyNameIterator.h:
4037         (JSC::JSPropertyNameIterator::createStructure):
4038         * runtime/JSStaticScopeObject.cpp:
4039         (JSC::JSStaticScopeObject::visitChildren):
4040         * runtime/JSStaticScopeObject.h:
4041         * runtime/JSTypeInfo.h:
4042         (JSC::TypeInfo::TypeInfo):
4043         (JSC::TypeInfo::overridesVisitChildren):
4044         * runtime/JSWrapperObject.cpp:
4045         (JSC::JSWrapperObject::visitChildren):
4046         * runtime/JSWrapperObject.h:
4047         * runtime/JSZombie.h:
4048         (JSC::JSZombie::visitChildren):
4049         * runtime/NativeErrorConstructor.cpp:
4050         (JSC::NativeErrorConstructor::visitChildren):
4051         * runtime/NativeErrorConstructor.h:
4052         * runtime/RegExpObject.cpp:
4053         (JSC::RegExpObject::visitChildren):
4054         * runtime/RegExpObject.h:
4055         * runtime/ScopeChain.cpp:
4056         (JSC::ScopeChainNode::visitChildren):
4057         * runtime/ScopeChain.h:
4058         * runtime/SmallStrings.cpp:
4059         (JSC::SmallStrings::visitChildren):
4060         * runtime/SmallStrings.h:
4061         * runtime/Structure.cpp:
4062         (JSC::Structure::Structure):
4063         (JSC::Structure::visitChildren):
4064         * runtime/Structure.h:
4065         * runtime/StructureChain.cpp:
4066         (JSC::StructureChain::visitChildren):
4067         * runtime/StructureChain.h:
4068         (JSC::StructureChain::createStructure):
4069
4070 2011-04-21  Sheriff Bot  <webkit.review.bot@gmail.com>
4071
4072         Unreviewed, rolling out r84548.
4073         http://trac.webkit.org/changeset/84548
4074         https://bugs.webkit.org/show_bug.cgi?id=59144
4075
4076         Broke chromium-win build (Requested by aklein on #webkit).
4077
4078         * wtf/Platform.h:
4079
4080 2011-04-21  Adam Klein  <adamk@chromium.org>
4081
4082         Reviewed by David Levin.
4083
4084         [fileapi] Worker File API calls that create Blobs fail in debug builds due to random number generator thread assertion
4085         https://bugs.webkit.org/show_bug.cgi?id=55728
4086
4087         Enable WTF_MULTIPLE_THREADS for Chromium.
4088