1 2014-09-25 Csaba Osztrogonác <ossy@webkit.org>
3 Remove WinCE port from trunk
4 https://bugs.webkit.org/show_bug.cgi?id=136951
6 Reviewed by Alex Christensen.
8 * assembler/ARMAssembler.h:
9 (JSC::ARMAssembler::cacheFlush):
10 * assembler/ARMv7Assembler.h:
11 (JSC::ARMv7Assembler::cacheFlush):
13 * heap/MachineStackMarker.cpp:
14 (JSC::MachineThreads::gatherFromCurrentThread):
15 (JSC::MachineThreads::gatherFromOtherThread):
16 (JSC::swapIfBackwards): Deleted.
17 * jit/ExecutableAllocator.h:
20 * runtime/DateConstructor.cpp:
21 * runtime/Options.cpp:
22 (JSC::overrideOptionWithHeuristic):
27 * tools/CodeProfiling.cpp:
28 (JSC::CodeProfiling::notifyAllocator):
30 2014-09-24 Brian J. Burg <burg@cs.washington.edu>
32 Web Inspector: subtract elapsed time while debugger is paused from profile nodes
33 https://bugs.webkit.org/show_bug.cgi?id=136796
35 Reviewed by Timothy Hatcher.
37 Rather than accruing no time to any profile node created while the debugger is paused,
38 we can instead count a node's elapsed time and exclude time elapsed while paused.
40 Time for a node may elapse in a non-contiguous fashion depending on the interleaving of
41 didPause, didContinue, willExecute, and didExecute. A node's start time is set to the
42 start of the last such interval that accrues elapsed time.
44 * profiler/ProfileGenerator.cpp:
45 (JSC::ProfileGenerator::ProfileGenerator):
46 (JSC::ProfileGenerator::beginCallEntry):
47 (JSC::ProfileGenerator::endCallEntry):
48 (JSC::ProfileGenerator::didPause): Added.
49 (JSC::ProfileGenerator::didContinue): Added.
50 * profiler/ProfileGenerator.h:
51 (JSC::ProfileGenerator::didPause): Deleted.
52 (JSC::ProfileGenerator::didContinue): Deleted.
53 * profiler/ProfileNode.h: Rename totalTime to elapsedTime.
54 (JSC::ProfileNode::Call::Call):
55 (JSC::ProfileNode::Call::elapsedTime): Added.
56 (JSC::ProfileNode::Call::setElapsedTime): Added.
57 (JSC::CalculateProfileSubtreeDataFunctor::operator()):
58 (JSC::ProfileNode::Call::totalTime): Deleted.
59 (JSC::ProfileNode::Call::setTotalTime): Deleted.
61 2014-09-24 Commit Queue <commit-queue@webkit.org>
63 Unreviewed, rolling out r173839.
64 https://bugs.webkit.org/show_bug.cgi?id=137062
66 NumberConstruct should no longer use static tables (Requested
71 "Simple ES6 feature: Number constructor extras"
72 https://bugs.webkit.org/show_bug.cgi?id=131707
73 http://trac.webkit.org/changeset/173839
75 2014-09-23 Mark Lam <mark.lam@apple.com>
77 DebuggerCallFrame::invalidate() should invalidate all DebuggerScope chains.
78 <https://webkit.org/b/137045>
80 Reviewed by Geoffrey Garen.
82 DebuggerCallFrame::invalidate() currently invalidates all DebuggerCallFrames
83 in the debugger stack, but only invalidates the DebuggerScope chain of the
84 top most frame. We should also invalidate all the DebuggerScope chains of
85 the other frames in the debugger stack.
87 * debugger/DebuggerCallFrame.cpp:
88 (JSC::DebuggerCallFrame::invalidate):
89 * debugger/DebuggerScope.cpp:
90 (JSC::DebuggerScope::invalidateChain):
92 2014-09-23 Mark Lam <mark.lam@apple.com>
94 Renamed DebuggerCallFrameScope to DebuggerPausedScope.
95 <https://webkit.org/b/137042>
97 Reviewed by Michael Saboff.
99 DebuggerPausedScope is a better name for this data structure because it
100 is meant for tracking the period within which the debugger is paused,
101 and doing clean ups after the pause ends.
103 * debugger/Debugger.cpp:
104 (JSC::DebuggerPausedScope::DebuggerPausedScope):
105 (JSC::DebuggerPausedScope::~DebuggerPausedScope):
106 (JSC::Debugger::pauseIfNeeded):
107 (JSC::DebuggerCallFrameScope::DebuggerCallFrameScope): Deleted.
108 (JSC::DebuggerCallFrameScope::~DebuggerCallFrameScope): Deleted.
109 * debugger/Debugger.h:
110 * debugger/DebuggerCallFrame.h:
112 2014-09-23 Tomas Popela <tpopela@redhat.com>
114 [CLoop] - Fix CLoop on the 32-bit Big-Endians
115 https://bugs.webkit.org/show_bug.cgi?id=137020
117 Reviewed by Mark Lam.
119 * llint/LowLevelInterpreter.asm:
120 * llint/LowLevelInterpreter32_64.asm:
122 2014-09-23 Joseph Pecoraro <pecoraro@apple.com>
124 Web Inspector: Should be able to attach a debugger to a JSContext before anything is executed
125 https://bugs.webkit.org/show_bug.cgi?id=136893
127 Reviewed by Timothy Hatcher.
129 Adds new remote inspector protocol handling for automatic inspection.
130 Debuggers can signal they have enabled automatic inspection, and
131 when debuggables are created the current application will pause to
132 see if the debugger will inspect or decline to inspect the debuggable.
134 * inspector/remote/RemoteInspectorConstants.h:
135 * inspector/remote/RemoteInspector.h:
136 * inspector/remote/RemoteInspector.mm:
137 (Inspector::globalAutomaticInspectionState):
138 (Inspector::RemoteInspector::RemoteInspector):
139 (Inspector::RemoteInspector::start):
140 When first starting, check the global "is there an auto-inspect" debugger state.
141 This is necessary so that the current application knows if it should pause or
142 not when a debuggable is created, even without having connected to webinspectord yet.
144 (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate):
145 When a debuggable has enabled remote inspection, take this path to propose
146 it as an automatic inspection candidate if there is an auto-inspect debugger.
148 (Inspector::RemoteInspector::sendAutomaticInspectionCandidateMessage):
149 Send the automatic inspection candidate message.
151 (Inspector::RemoteInspector::receivedSetupMessage):
152 (Inspector::RemoteInspector::setupFailed):
153 (Inspector::RemoteInspector::setupSucceeded):
154 After attempting to open an inspector, unpause if it was for the
155 automatic inspection candidate.
157 (Inspector::RemoteInspector::waitingForAutomaticInspection):
158 When running a nested runloop, check if we should remain paused.
160 (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
161 If by the time we connect to webinspectord we have a candidate, then
162 immediately send the candidate message.
164 (Inspector::RemoteInspector::stopInternal):
165 (Inspector::RemoteInspector::xpcConnectionFailed):
166 In error cases, clear our state.
168 (Inspector::RemoteInspector::xpcConnectionReceivedMessage):
169 (Inspector::RemoteInspector::receivedAutomaticInspectionConfigurationMessage):
170 (Inspector::RemoteInspector::receivedAutomaticInspectionRejectMessage):
171 Update state when receiving new messages.
174 * inspector/remote/RemoteInspectorDebuggable.h:
175 * inspector/remote/RemoteInspectorDebuggable.cpp:
176 (Inspector::RemoteInspectorDebuggable::setRemoteDebuggingAllowed):
177 Special case when a debuggable is newly allowed to be debuggable.
179 (Inspector::RemoteInspectorDebuggable::pauseWaitingForAutomaticInspection):
180 Run a nested run loop while this is an automatic inspection candidate.
182 * inspector/JSGlobalObjectInspectorController.h:
183 * inspector/JSGlobalObjectInspectorController.cpp:
184 (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
185 (Inspector::JSGlobalObjectInspectorController::connectFrontend):
186 When the inspector starts via automatic inspection automatically pause.
187 We plan on removing this condition by having the frontend signal to the
188 backend when it is completely initialized.
190 * inspector/remote/RemoteInspectorDebuggableConnection.h:
191 * inspector/remote/RemoteInspectorDebuggableConnection.mm:
192 (Inspector::RemoteInspectorDebuggableConnection::setup):
193 Pass on the flag of whether or not this was automatic inspection.
195 * runtime/JSGlobalObjectDebuggable.h:
196 * runtime/JSGlobalObjectDebuggable.cpp:
197 (JSC::JSGlobalObjectDebuggable::connect):
198 (JSC::JSGlobalObjectDebuggable::pauseWaitingForAutomaticInspection):
199 When pausing in a JSGlobalObject we need to release the API lock.
201 2014-09-22 Filip Pizlo <fpizlo@apple.com>
203 FTL allocatePropertyStorage code should involve less copy-paste
204 https://bugs.webkit.org/show_bug.cgi?id=137006
206 Reviewed by Michael Saboff.
208 * ftl/FTLLowerDFGToLLVM.cpp:
209 (JSC::FTL::LowerDFGToLLVM::allocatePropertyStorage):
210 (JSC::FTL::LowerDFGToLLVM::reallocatePropertyStorage):
211 (JSC::FTL::LowerDFGToLLVM::allocatePropertyStorageWithSizeImpl):
213 2014-09-22 Diego Pino Garcia <dpino@igalia.com>
215 Simple ES6 feature: Number constructor extras
216 https://bugs.webkit.org/show_bug.cgi?id=131707
218 Reviewed by Darin Adler.
220 * runtime/CommonIdentifiers.h: Added new identifiers.
221 * runtime/NumberConstructor.cpp:
222 (JSC::NumberConstructor::getOwnPropertySlot):
223 (JSC::NumberConstructor::isFunction): Added.
224 (JSC::numberConstructorEpsilonValue): Added.
225 (JSC::numberConstructorNegInfinity): Added.
226 (JSC::numberConstructorPosInfinity): Added.
227 (JSC::numberConstructorMaxValue): Added.
228 (JSC::numberConstructorMinValue): Added.
229 (JSC::numberConstructorMaxSafeInteger): Added.
230 (JSC::numberConstructorMinSafeInteger): Added.
231 (JSC::numberConstructorFuncIsFinite): Added.
232 (JSC::numberConstructorFuncIsInteger): Added.
233 (JSC::numberConstructorFuncIsNaN): Added.
234 (JSC::numberConstructorFuncIsSafeInteger): Added.
235 * runtime/NumberConstructor.h:
237 2014-09-21 Filip Pizlo <fpizlo@apple.com>
239 FTL should store the four bytes of the cell header using a 32-bit store rather than four 8-bit stores
240 https://bugs.webkit.org/show_bug.cgi?id=136992
242 Reviewed by Sam Weinig.
244 LLVM ought to be able to do this optimization for us given how the code was written, but
245 any such lower-level attempts to optimize this would get into trouble with the weird
246 object materialization logic I'll be introducing in bug 136330. So, this brings the
247 merging of the byte stores into the FTL lowering so that we can control it explicitly.
249 * ftl/FTLAbstractHeap.h:
250 (JSC::FTL::AbstractHeap::changeParent):
251 * ftl/FTLAbstractHeapRepository.cpp:
252 (JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):
253 * ftl/FTLAbstractHeapRepository.h:
254 * ftl/FTLLowerDFGToLLVM.cpp:
255 (JSC::FTL::LowerDFGToLLVM::allocateCell):
257 2014-09-21 Saam Barati <saambarati1@gmail.com>
259 Web Inspector: fix TypeSet hierarchy in TypeTokenView
260 https://bugs.webkit.org/show_bug.cgi?id=136982
262 Reviewed by Joseph Pecoraro.
264 TypeSet was computing the set of type booleans in the Inspector::Protocol::Runtime::TypeSet
265 object incorrectly because it was calling TypeSet::doesTypeConformTo(T) which checks if the
266 type set has only been of type T. It now checks '(m_seenTypes & T) != TypeNothing' to see
267 if type T is in the set of seen types, but not the entire set itself.
269 * runtime/TypeSet.cpp:
270 (JSC::TypeSet::inspectorTypeSet):
272 2014-09-21 Filip Pizlo <fpizlo@apple.com>
274 Structure should have a method for concurrently getting all of the property map entries, and this method shouldn't involve copy-paste
275 https://bugs.webkit.org/show_bug.cgi?id=136983
277 Reviewed by Mark Hahnenberg.
279 * runtime/PropertyMapHashTable.h:
280 (JSC::PropertyMapEntry::PropertyMapEntry): Moved PropertyMapEntry struct to Structure.h so that Structure can refer to it.
281 * runtime/Structure.cpp:
282 (JSC::Structure::getConcurrently): Switch to using the new forEachPropertyConcurrently() method.
283 (JSC::Structure::getPropertiesConcurrently): The subject of this patch. It will be useful for object allocation sinking (bug 136330).
284 (JSC::Structure::dump): Switch to using the new forEachPropertyConcurrently() method.
285 * runtime/Structure.h:
286 (JSC::PropertyMapEntry::PropertyMapEntry): Moved from PropertyMapHashTable.h.
287 * runtime/StructureInlines.h:
288 (JSC::Structure::forEachPropertyConcurrently): Capture this very common concurrent structure iteration pattern into a template method.
290 2014-09-21 Filip Pizlo <fpizlo@apple.com>
292 Structure::getConcurrently() doesn't need to take a VM& argument.
294 Rubber stamped by Dan Bernstein.
296 Removed the extra argument, and then removed similar arguments from other methods until
297 I could build successfully again. It turned out that many methods took a VM& argument
298 just for calling getConcurrently().
300 * bytecode/CodeBlock.cpp:
301 (JSC::dumpStructure):
303 (JSC::CodeBlock::printGetByIdCacheStatus):
304 (JSC::CodeBlock::printPutByIdCacheStatus):
305 * bytecode/ComplexGetStatus.cpp:
306 (JSC::ComplexGetStatus::computeFor):
307 * bytecode/GetByIdStatus.cpp:
308 (JSC::GetByIdStatus::computeFromLLInt):
309 (JSC::GetByIdStatus::computeForStubInfo):
310 (JSC::GetByIdStatus::computeFor):
311 * bytecode/GetByIdStatus.h:
312 * bytecode/PutByIdStatus.cpp:
313 (JSC::PutByIdStatus::computeFromLLInt):
314 (JSC::PutByIdStatus::computeForStubInfo):
315 (JSC::PutByIdStatus::computeFor):
316 * bytecode/PutByIdStatus.h:
317 * dfg/DFGAbstractInterpreterInlines.h:
318 (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
319 * dfg/DFGByteCodeParser.cpp:
320 (JSC::DFG::ByteCodeParser::parseBlock):
321 * dfg/DFGConstantFoldingPhase.cpp:
322 (JSC::DFG::ConstantFoldingPhase::foldConstants):
323 * dfg/DFGFixupPhase.cpp:
324 (JSC::DFG::FixupPhase::isStringPrototypeMethodSane):
325 * runtime/IntendedStructureChain.cpp:
326 (JSC::IntendedStructureChain::mayInterceptStoreTo):
327 * runtime/IntendedStructureChain.h:
328 * runtime/Structure.cpp:
329 (JSC::Structure::getConcurrently):
330 * runtime/Structure.h:
331 * runtime/StructureInlines.h:
332 (JSC::Structure::getConcurrently):
334 2014-09-20 Filip Pizlo <fpizlo@apple.com>
336 FTL OSRExit construction should be based on methods that return ExitValues rather than methods that add ExitValues to OSRExit
337 https://bugs.webkit.org/show_bug.cgi?id=136978
339 Reviewed by Dean Jackson.
341 * ftl/FTLLowerDFGToLLVM.cpp:
342 (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
343 (JSC::FTL::LowerDFGToLLVM::exitValueForNode):
344 (JSC::FTL::LowerDFGToLLVM::exitArgument):
345 (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode): Deleted.
346 (JSC::FTL::LowerDFGToLLVM::tryToSetConstantExitArgument): Deleted.
347 (JSC::FTL::LowerDFGToLLVM::addExitArgument): Deleted.
349 2014-09-20 Filip Pizlo <fpizlo@apple.com>
351 FTL OSR exit should do reboxing and value recovery in the same pass
352 https://bugs.webkit.org/show_bug.cgi?id=136977
354 Reviewed by Oliver Hunt.
356 It's conceptually simpler to have all of the logic in one place. After the
357 recover-and-rebox loop is done, all of the exit values are in the form that the baseline
358 JIT would want them to be in; the only remaining task is to move them into the right
359 place on the stack after we do all of the necessary stack adjustments.
361 * ftl/FTLOSRExitCompiler.cpp:
362 (JSC::FTL::compileStub):
364 2014-09-19 Filip Pizlo <fpizlo@apple.com>
366 StorageAccessData should be referenced in a sensible way
367 https://bugs.webkit.org/show_bug.cgi?id=136963
369 Reviewed and rubber stamped by Michael Saboff.
371 * dfg/DFGAbstractInterpreterInlines.h:
372 (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
373 * dfg/DFGByteCodeParser.cpp:
374 (JSC::DFG::ByteCodeParser::handleGetByOffset):
375 (JSC::DFG::ByteCodeParser::handlePutByOffset):
376 (JSC::DFG::ByteCodeParser::handlePutById):
377 * dfg/DFGClobberize.h:
378 (JSC::DFG::clobberize):
379 * dfg/DFGConstantFoldingPhase.cpp:
380 (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
381 (JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
383 (JSC::DFG::Graph::dump):
386 (JSC::DFG::Node::convertToGetByOffset):
387 (JSC::DFG::Node::convertToPutByOffset):
388 (JSC::DFG::Node::storageAccessData):
389 (JSC::DFG::Node::storageAccessDataIndex): Deleted.
390 * dfg/DFGSafeToExecute.h:
391 (JSC::DFG::safeToExecute):
392 * dfg/DFGSpeculativeJIT32_64.cpp:
393 (JSC::DFG::SpeculativeJIT::compile):
394 * dfg/DFGSpeculativeJIT64.cpp:
395 (JSC::DFG::SpeculativeJIT::compile):
396 * ftl/FTLLowerDFGToLLVM.cpp:
397 (JSC::FTL::LowerDFGToLLVM::compileGetByOffset):
398 (JSC::FTL::LowerDFGToLLVM::compilePutByOffset):
400 2014-09-19 Ryosuke Niwa <rniwa@webkit.org>
402 Leak of mallocs under StructureSet::OutOfLineList::create
403 https://bugs.webkit.org/show_bug.cgi?id=136970
405 Reviewed by Filip Pizlo.
407 addOutOfLine should free the old list when expanding the capacity.
409 * bytecode/StructureSet.cpp:
410 (JSC::StructureSet::addOutOfLine):
412 2014-09-19 Daniel Bates <dabates@apple.com>
414 Always assume internal SDK when building configuration Production
415 https://bugs.webkit.org/show_bug.cgi?id=136925
416 <rdar://problem/18362399>
418 Reviewed by Dan Bernstein.
420 As a side effect of this change we will always enable ENABLE_TOUCH_EVENTS, ENABLE_IOS_{GESTURE, TOUCH}_EVENTS,
421 and ENABLE_XSLT when either building configuration Production or building with the Internal SDK.
423 * Configurations/Base.xcconfig:
425 2014-09-19 Diego Pino Garcia <dpino@igalia.com>
427 Simple ES6 feature:String prototype additions
428 https://bugs.webkit.org/show_bug.cgi?id=131704
430 Reviewed by Darin Adler.
432 * runtime/StringPrototype.cpp:
433 (JSC::StringPrototype::finishCreation):
434 (JSC::stringProtoFuncStartsWith): Added.
435 (JSC::stringProtoFuncEndsWith): Added.
436 (JSC::stringProtoFuncContains): Added.
438 2014-09-18 Joseph Pecoraro <pecoraro@apple.com>
440 Unreviewed rollout r173731. Broke multiple builds.
442 * inspector/JSGlobalObjectInspectorController.cpp:
443 (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
444 (Inspector::JSGlobalObjectInspectorController::connectFrontend):
445 * inspector/JSGlobalObjectInspectorController.h:
446 * inspector/remote/RemoteInspector.h:
447 * inspector/remote/RemoteInspector.mm:
448 (Inspector::RemoteInspector::RemoteInspector):
449 (Inspector::RemoteInspector::setupFailed):
450 (Inspector::RemoteInspector::start):
451 (Inspector::RemoteInspector::stopInternal):
452 (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
453 (Inspector::RemoteInspector::xpcConnectionReceivedMessage):
454 (Inspector::RemoteInspector::xpcConnectionFailed):
455 (Inspector::RemoteInspector::receivedSetupMessage):
456 (Inspector::globalAutomaticInspectionState): Deleted.
457 (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate): Deleted.
458 (Inspector::RemoteInspector::sendAutomaticInspectionCandidateMessage): Deleted.
459 (Inspector::RemoteInspector::setupSucceeded): Deleted.
460 (Inspector::RemoteInspector::waitingForAutomaticInspection): Deleted.
461 (Inspector::RemoteInspector::receivedAutomaticInspectionConfigurationMessage): Deleted.
462 (Inspector::RemoteInspector::receivedAutomaticInspectionRejectMessage): Deleted.
463 * inspector/remote/RemoteInspectorConstants.h:
464 * inspector/remote/RemoteInspectorDebuggable.cpp:
465 (Inspector::RemoteInspectorDebuggable::setRemoteDebuggingAllowed):
466 (Inspector::RemoteInspectorDebuggable::pauseWaitingForAutomaticInspection): Deleted.
467 * inspector/remote/RemoteInspectorDebuggable.h:
468 * inspector/remote/RemoteInspectorDebuggableConnection.h:
469 * inspector/remote/RemoteInspectorDebuggableConnection.mm:
470 (Inspector::RemoteInspectorDebuggableConnection::setup):
471 * runtime/JSGlobalObjectDebuggable.cpp:
472 (JSC::JSGlobalObjectDebuggable::connect):
473 (JSC::JSGlobalObjectDebuggable::pauseWaitingForAutomaticInspection): Deleted.
474 * runtime/JSGlobalObjectDebuggable.h:
476 2014-09-18 Joseph Pecoraro <pecoraro@apple.com>
478 Web Inspector: Should be able to attach a debugger to a JSContext before anything is executed
479 https://bugs.webkit.org/show_bug.cgi?id=136893
481 Reviewed by Timothy Hatcher.
483 Adds new remote inspector protocol handling for automatic inspection.
484 Debuggers can signal they have enabled automatic inspection, and
485 when debuggables are created the current application will pause to
486 see if the debugger will inspect or decline to inspect the debuggable.
488 * inspector/remote/RemoteInspectorConstants.h:
489 * inspector/remote/RemoteInspector.h:
490 * inspector/remote/RemoteInspector.mm:
491 (Inspector::globalAutomaticInspectionState):
492 (Inspector::RemoteInspector::RemoteInspector):
493 (Inspector::RemoteInspector::start):
494 When first starting, check the global "is there an auto-inspect" debugger state.
495 This is necessary so that the current application knows if it should pause or
496 not when a debuggable is created, even without having connected to webinspectord yet.
498 (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate):
499 When a debuggable has enabled remote inspection, take this path to propose
500 it as an automatic inspection candidate if there is an auto-inspect debugger.
502 (Inspector::RemoteInspector::sendAutomaticInspectionCandidateMessage):
503 Send the automatic inspection candidate message.
505 (Inspector::RemoteInspector::receivedSetupMessage):
506 (Inspector::RemoteInspector::setupFailed):
507 (Inspector::RemoteInspector::setupSucceeded):
508 After attempting to open an inspector, unpause if it was for the
509 automatic inspection candidate.
511 (Inspector::RemoteInspector::waitingForAutomaticInspection):
512 When running a nested runloop, check if we should remain paused.
514 (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
515 If by the time we connect to webinspectord we have a candidate, then
516 immediately send the candidate message.
518 (Inspector::RemoteInspector::stopInternal):
519 (Inspector::RemoteInspector::xpcConnectionFailed):
520 In error cases, clear our state.
522 (Inspector::RemoteInspector::xpcConnectionReceivedMessage):
523 (Inspector::RemoteInspector::receivedAutomaticInspectionConfigurationMessage):
524 (Inspector::RemoteInspector::receivedAutomaticInspectionRejectMessage):
525 Update state when receiving new messages.
528 * inspector/remote/RemoteInspectorDebuggable.h:
529 * inspector/remote/RemoteInspectorDebuggable.cpp:
530 (Inspector::RemoteInspectorDebuggable::setRemoteDebuggingAllowed):
531 Special case when a debuggable is newly allowed to be debuggable.
533 (Inspector::RemoteInspectorDebuggable::pauseWaitingForAutomaticInspection):
534 Run a nested run loop while this is an automatic inspection candidate.
536 * inspector/JSGlobalObjectInspectorController.h:
537 * inspector/JSGlobalObjectInspectorController.cpp:
538 (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
539 (Inspector::JSGlobalObjectInspectorController::connectFrontend):
540 When the inspector starts via automatic inspection automatically pause.
541 We plan on removing this condition by having the frontend signal to the
542 backend when it is completely initialized.
544 * inspector/remote/RemoteInspectorDebuggableConnection.h:
545 * inspector/remote/RemoteInspectorDebuggableConnection.mm:
546 (Inspector::RemoteInspectorDebuggableConnection::setup):
547 Pass on the flag of whether or not this was automatic inspection.
549 * runtime/JSGlobalObjectDebuggable.h:
550 * runtime/JSGlobalObjectDebuggable.cpp:
551 (JSC::JSGlobalObjectDebuggable::connect):
552 (JSC::JSGlobalObjectDebuggable::pauseWaitingForAutomaticInspection):
553 When pausing in a JSGlobalObject we need to release the API lock.
555 2014-09-18 Eva Balazsfalvi <evab.u-szeged@partner.samsung.com>
557 Fix "Tools/Scripts/build-webkit --efl --no-inspector" build
558 https://bugs.webkit.org/show_bug.cgi?id=136912
560 Reviewed by Darin Adler.
562 * runtime/TypeSet.cpp:
563 (JSC::TypeSet::leastCommonAncestor):
565 2014-09-17 Michael Saboff <msaboff@apple.com>
567 Change CallFrame to use Callee instead of JSScope to implement vm()
568 https://bugs.webkit.org/show_bug.cgi?id=136894
570 Reviewed by Geoffrey Garen.
572 Added JSCell::vm() method that can be used on any JSObject. Changed CallFrame::vm() to
573 use JSCell::vm with the Callee. Made similar changes in the LLInt.
574 In support of this, changed JSGlobalObject::init() to take a VM& parameter, as there is
575 a chicken/egg problem with trying to use the Callee in the global exec before the Callee
576 has been create. Besides, the vm is readily available in finishCreation(), the caller of
579 * llint/LowLevelInterpreter32_64.asm:
580 * llint/LowLevelInterpreter64.asm:
581 Changed the calculation of CallFrame::VM to use the Callee instead of JSScope.
584 * runtime/JSCellInlines.h:
585 (JSC::JSCell::vm): New method for getting VM from the pointer.
586 (JSC::ExecState::vm): Moved this method from JSScope.h to here since this file
587 contains the implementation of JSCell::vm(), this file is included by all users
588 of CallFrame::vm, and lastly putting it in CallFrameInlines.h required changing
589 many other .h files and possible the WebCore generator generate-bindings.pl.
591 * runtime/JSGlobalObject.cpp:
592 (JSC::JSGlobalObject::init):
593 * runtime/JSGlobalObject.h:
594 (JSC::JSGlobalObject::finishCreation):
595 Changed init() to take a VM parameter.
598 (JSC::ExecState::vm): Deleted.
600 2014-09-16 Filip Pizlo <fpizlo@apple.com>
602 Unreviewed, disable native inlining because it causes build failures.
604 * JavaScriptCore.xcodeproj/project.pbxproj:
606 2014-09-16 Joseph Pecoraro <pecoraro@apple.com>
608 Web Inspector: Reduce a bit of churn setting initial remote inspection state
609 https://bugs.webkit.org/show_bug.cgi?id=136875
611 Reviewed by Timothy Hatcher.
613 * API/JSContextRef.cpp:
614 (JSGlobalContextCreateInGroup):
615 Set the defaultl remote debuggable state at the API boundary.
617 * runtime/JSGlobalObject.cpp:
618 (JSC::JSGlobalObject::init):
619 Do not set remote debuggable state here. Let clients set it.
621 2014-09-16 Yusuke Suzuki <utatane.tea@gmail.com>
623 Promise: Drop Promise.cast
624 https://bugs.webkit.org/show_bug.cgi?id=136222
626 Reviewed by Sam Weinig.
628 Promise.cast is dropped and Promise.resolve is replaced with old Promise.cast.
630 * runtime/CommonIdentifiers.h:
631 * runtime/JSPromiseConstructor.cpp:
632 (JSC::JSPromiseConstructorFuncResolve):
633 (JSC::JSPromiseConstructorFuncRace):
634 (JSC::JSPromiseConstructorFuncAll):
635 (JSC::JSPromiseConstructorFuncCast): Deleted.
637 2014-09-16 Filip Pizlo <fpizlo@apple.com>
639 Local OSR availability calculation should be reusable
640 https://bugs.webkit.org/show_bug.cgi?id=136860
642 Reviewed by Oliver Hunt.
644 Previously, the FTL lowering repeated some of the logic of the OSR availability analysis
645 phase. Humorously, it actually did this logic a bit differently; for example the phase
646 would claim that a SetLocal makes both the flush and the node available while the FTL
647 only claimed that the flush was available. This different was benign, but still: yuck!
649 Also, previously if you wanted to use availability information then you'd have to repeat
650 some of the logic that both the phase itself and the FTL lowering already had.
651 Presumably, you could get epic style points for finding other benign ways in which to
652 make your copy of the logic different from the other two!
654 This reduces the amount of style points one could conceivably get in the future when
655 hacking JSC, by creating a single reusable thingy for computing local OSR availability.
657 * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
658 (JSC::DFG::OSRAvailabilityAnalysisPhase::run):
659 (JSC::DFG::LocalOSRAvailabilityCalculator::LocalOSRAvailabilityCalculator):
660 (JSC::DFG::LocalOSRAvailabilityCalculator::~LocalOSRAvailabilityCalculator):
661 (JSC::DFG::LocalOSRAvailabilityCalculator::beginBlock):
662 (JSC::DFG::LocalOSRAvailabilityCalculator::executeNode):
663 * dfg/DFGOSRAvailabilityAnalysisPhase.h:
664 * ftl/FTLLowerDFGToLLVM.cpp:
665 (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
666 (JSC::FTL::LowerDFGToLLVM::compileBlock):
667 (JSC::FTL::LowerDFGToLLVM::compileNode):
668 (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
669 (JSC::FTL::LowerDFGToLLVM::compileInvalidationPoint):
670 (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
671 (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
672 (JSC::FTL::LowerDFGToLLVM::availability):
673 (JSC::FTL::LowerDFGToLLVM::compileMovHint): Deleted.
674 (JSC::FTL::LowerDFGToLLVM::compileZombieHint): Deleted.
675 (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock): Deleted.
677 2014-09-16 Csaba Osztrogonác <ossy@webkit.org>
680 https://bugs.webkit.org/show_bug.cgi?id=136823
682 Reviewed by Geoffrey Garen.
684 * tests/mozilla/mozilla-tests.yaml: Unskip passing tests.
686 2014-09-15 Michael Saboff <msaboff@apple.com>
688 Create a JSCallee for GlobalExec object
689 https://bugs.webkit.org/show_bug.cgi?id=136840
691 Reviewed by Geoffrey Garen.
693 Added m_globalCallee, initialized it and then used it to set the globalExec's callee.
695 * runtime/JSGlobalObject.cpp:
696 (JSC::JSGlobalObject::init):
697 (JSC::JSGlobalObject::visitChildren):
698 * runtime/JSGlobalObject.h:
700 2014-09-14 Filip Pizlo <fpizlo@apple.com>
702 DFG ref count calculation should be reusable
703 https://bugs.webkit.org/show_bug.cgi?id=136811
705 Reviewed by Oliver Hunt.
707 Henceforth if you call Graph::computeRefCounts(), a nifty O(n) operation, every Node
708 will be able to tell you how many places it is used from. Currently only DCE uses this,
709 but it will be useful for https://bugs.webkit.org/show_bug.cgi?id=136330.
711 * dfg/DFGDCEPhase.cpp:
712 (JSC::DFG::DCEPhase::run):
713 (JSC::DFG::DCEPhase::findTypeCheckRoot): Deleted.
714 (JSC::DFG::DCEPhase::countNode): Deleted.
715 (JSC::DFG::DCEPhase::countEdge): Deleted.
717 (JSC::DFG::Graph::computeRefCounts):
720 2014-09-12 Michael Saboff <msaboff@apple.com>
722 Merge JSGlobalObject::reset() into ::init()
723 https://bugs.webkit.org/show_bug.cgi?id=136800
725 Reviewed by Oliver Hunt.
727 Moved the contents of reset() into init().
728 Note that the diff shows more changes.
730 * runtime/JSGlobalObject.cpp:
731 (JSC::JSGlobalObject::init): Moved body of reset() into init.
732 (JSC::JSGlobalObject::put):
733 (JSC::JSGlobalObject::defineOwnProperty):
734 (JSC::JSGlobalObject::addGlobalVar):
735 (JSC::JSGlobalObject::addFunction):
736 (JSC::lastInPrototypeChain):
737 (JSC::JSGlobalObject::reset): Deleted.
738 * runtime/JSGlobalObject.h:
740 2014-09-12 Michael Saboff <msaboff@apple.com>
742 Add JSCallee to program and eval CallFrames
743 https://bugs.webkit.org/show_bug.cgi?id=136785
745 Reviewed by Mark Lam.
747 Populated Callee slot for program and call eval CallFrames with a JSCallee objects.
748 Made supporting changes including adding a JSCallee structure to global object and adding
749 JSCallee::create() method. Added code so that the newly added callee object won't be
750 returned by Function.caller. Changed null pointer checks of callee to check the if
751 the type is JSFunction* or JSCallee*.
753 * debugger/DebuggerCallFrame.cpp:
754 (JSC::DebuggerCallFrame::functionName):
755 (JSC::DebuggerCallFrame::type):
756 * profiler/LegacyProfiler.cpp:
757 (JSC::LegacyProfiler::createCallIdentifier):
758 * interpreter/Interpreter.cpp:
759 (JSC::unwindCallFrame):
760 Changed checks of callee is a JSFunction* or JSCallee* instead of just checking
761 if it is null or not.
763 * interpreter/Interpreter.cpp:
764 (JSC::Interpreter::execute): Create and use JSCallee objects for execute(EvalExecutable, ...)
765 and execute(ProgramExecutable, ...)
768 (JSC::JITCode::execute): Use jsDynamicCast to cast only JSFunctions.
770 * runtime/JSCallee.cpp:
771 (JSC::JSCallee::create): Not used, therefore deleted.
773 * runtime/JSCallee.h:
774 (JSC::JSCallee::create): Added.
776 * runtime/JSFunction.cpp:
777 (JSC::JSFunction::callerGetter): Added test to return null for JSCallee's that aren't
778 JSFunction's. This can only be the case when the JSCallee comes from a program or
781 * runtime/JSGlobalObject.cpp:
782 (JSC::JSGlobalObject::reset):
783 (JSC::JSGlobalObject::visitChildren):
784 * runtime/JSGlobalObject.h:
785 (JSC::JSGlobalObject::calleeStructure):
786 Added new JSCallee structure.
788 2014-09-10 Jon Honeycutt <jhoneycutt@apple.com>
790 Re-add the request autocomplete feature
792 <https://bugs.webkit.org/show_bug.cgi?id=136730>
794 This feature was rolled out in r148731 because it was only used by
795 Chromium. As we consider supporting this feature, roll it back in, but
798 This rolls out r148731 (which removed the feature) with small changes
799 needed to make the code build in ToT, to match modern style, to make
800 the tests run, and to remove unused code.
802 Reviewed by Andy Estes.
804 * Configurations/FeatureDefines.xcconfig:
806 2014-09-12 Julien Brianceau <jbriance@cisco.com>
808 [x86] moveDoubleToInts() does not clobber its source register anymore
809 https://bugs.webkit.org/show_bug.cgi?id=131690
811 Reviewed by Oliver Hunt.
813 * assembler/MacroAssemblerX86.h:
814 (JSC::MacroAssemblerX86::moveDoubleToInts):
815 * dfg/DFGSpeculativeJIT.cpp:
816 (JSC::DFG::SpeculativeJIT::compileValueRep):
817 * jit/SpecializedThunkJIT.h:
818 (JSC::SpecializedThunkJIT::returnDouble):
820 2014-09-12 Mark Lam <mark.lam@apple.com>
822 Unreviewed build fix for CLOOP build.
824 * runtime/JSCallee.h:
826 2014-09-12 Michael Saboff <msaboff@apple.com>
828 Remove unneeded declarations from JSCallee.h
829 https://bugs.webkit.org/show_bug.cgi?id=136783
831 Reviewed by Mark Lam.
833 * runtime/JSCallee.h:
834 (JSCallee::name): Deleted.
835 (JSCallee::displayName): Deleted.
836 (JSCallee::calculatedDisplayName): Deleted.
838 2014-09-11 Brian J. Burg <burg@cs.washington.edu>
840 Web Inspector: disambiguate double and integer primitive types in the protocol
841 https://bugs.webkit.org/show_bug.cgi?id=136606
843 Reviewed by Timothy Hatcher.
845 Right now it's really easy to mix up doubles and integers when serializing or deserializing
846 values for the inspector protocol. This patch disambiguates setting/getting doubles and integers
847 so that it is clearer as to which type is intended.
849 A new InspectorValue::Type is added for Integer types, and the Number type is renamed to Double.
850 The existing callsites for asNumber/getNumber/setNumber have been fixed.
852 Address various integration points to make sure the right type tag is assigned to InspectorValues.
854 * bindings/ScriptValue.cpp:
855 (Deprecated::jsToInspectorValue): Make an Integer if the JSValue is Int52 or smaller.
856 * inspector/InjectedScriptManager.cpp:
857 (Inspector::InjectedScriptManager::injectedScriptForObjectId):
858 * inspector/InspectorBackendDispatcher.cpp:
859 (Inspector::InspectorBackendDispatcher::dispatch):
860 (Inspector::InspectorBackendDispatcher::sendResponse):
861 (Inspector::InspectorBackendDispatcher::reportProtocolError):
862 (Inspector::AsMethodBridges::asInteger):
863 (Inspector::AsMethodBridges::asDouble):
864 (Inspector::InspectorBackendDispatcher::getInteger):
865 (Inspector::InspectorBackendDispatcher::getDouble):
866 (Inspector::AsMethodBridges::asInt): Deleted.
867 (Inspector::InspectorBackendDispatcher::getInt): Deleted.
868 * inspector/InspectorBackendDispatcher.h:
869 * inspector/InspectorProtocolTypes.h: Remove the special case for checking int type tags.
870 (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw):
871 (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw):
872 (Inspector::Protocol::BindingTraits<int>::assertValueHasExpectedType): Deleted.
873 * inspector/InspectorValues.cpp: Allow integers and doubles to be convertible using asInteger/asDouble.
874 (Inspector::InspectorValue::asDouble):
875 (Inspector::InspectorValue::asInteger):
876 (Inspector::InspectorBasicValue::asDouble):
877 (Inspector::InspectorBasicValue::asInteger):
878 (Inspector::InspectorBasicValue::writeJSON):
879 (Inspector::InspectorValue::asNumber): Deleted.
880 (Inspector::InspectorBasicValue::asNumber): Deleted.
881 * inspector/InspectorValues.h:
882 (Inspector::InspectorObjectBase::setInteger):
883 (Inspector::InspectorObjectBase::setDouble):
884 (Inspector::InspectorArrayBase::pushInteger):
885 (Inspector::InspectorArrayBase::pushDouble):
886 (Inspector::InspectorObjectBase::setNumber): Deleted.
887 (Inspector::InspectorArrayBase::pushInt): Deleted.
888 (Inspector::InspectorArrayBase::pushNumber): Deleted.
889 * inspector/agents/InspectorDebuggerAgent.cpp:
890 (Inspector::buildObjectForBreakpointCookie):
891 (Inspector::InspectorDebuggerAgent::breakpointActionsFromProtocol):
892 (Inspector::parseLocation):
893 (Inspector::InspectorDebuggerAgent::didParseSource):
894 * inspector/agents/InspectorRuntimeAgent.cpp:
895 (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
896 * inspector/scripts/codegen/generator.py: Update emitted code and rebaseline test results.
897 (Generator.keyed_get_method_for_type):
898 (Generator.keyed_set_method_for_type):
899 * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
900 * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
901 * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
902 * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
903 * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
904 * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
905 * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
906 * replay/EncodedValue.cpp:
907 (JSC::EncodedValue::convertTo<double>):
908 (JSC::EncodedValue::convertTo<float>):
909 (JSC::EncodedValue::convertTo<int32_t>):
910 (JSC::EncodedValue::convertTo<int64_t>):
911 (JSC::EncodedValue::convertTo<uint32_t>):
912 (JSC::EncodedValue::convertTo<uint64_t>):
914 2014-09-11 Joseph Pecoraro <pecoraro@apple.com>
916 Web Inspector: Occasional ASSERT closing web inspector
917 https://bugs.webkit.org/show_bug.cgi?id=136762
919 Reviewed by Timothy Hatcher.
921 It is harmless, and indeed possible to have an empty set of listeners
922 now that each Page gets its own PageDebugServer instead of a shared
923 global. So we should replace the null checks with isEmpty checks.
924 Since nobody was ever returning null, convert to references as well.
926 * inspector/JSGlobalObjectScriptDebugServer.h:
927 * inspector/ScriptDebugServer.cpp:
928 (Inspector::ScriptDebugServer::dispatchBreakpointActionLog):
929 (Inspector::ScriptDebugServer::dispatchBreakpointActionSound):
930 (Inspector::ScriptDebugServer::dispatchBreakpointActionProbe):
931 (Inspector::ScriptDebugServer::sourceParsed):
932 (Inspector::ScriptDebugServer::dispatchFunctionToListeners):
933 (Inspector::ScriptDebugServer::notifyDoneProcessingDebuggerEvents):
934 (Inspector::ScriptDebugServer::handlePause):
935 (Inspector::ScriptDebugServer::needPauseHandling): Deleted.
936 * inspector/ScriptDebugServer.h:
938 2014-09-10 Michael Saboff <msaboff@apple.com>
940 Move JSScope out of JSFunction into separate JSCallee class
941 https://bugs.webkit.org/show_bug.cgi?id=136725
943 Reviewed by Oliver Hunt.
945 Created new JSCallee class that contains a JSScope*. Changed JSFunction to inherit from
949 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
950 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
951 * JavaScriptCore.xcodeproj/project.pbxproj:
952 Build changes. Added JSCallee.cpp and JSCallee.h.
954 * runtime/JSCallee.cpp: Added.
955 (JSC::JSCallee::create):
956 (JSC::JSCallee::destroy):
957 (JSC::JSCallee::JSCallee):
958 (JSC::JSCallee::finishCreation):
959 (JSC::JSCallee::visitChildren):
960 (JSC::JSCallee::getOwnPropertySlot): Pass through wrapper function.
961 (JSC::JSCallee::getOwnNonIndexPropertyNames): Pass through wrapper function.
962 (JSC::JSCallee::put): Pass through wrapper function.
963 (JSC::JSCallee::deleteProperty): Pass through wrapper function.
964 (JSC::JSCallee::defineOwnProperty): Pass through wrapper function.
966 * runtime/JSCallee.h: Added.
967 (JSC::JSCallee::scope):
968 (JSC::JSCallee::scopeUnchecked):
969 (JSC::JSCallee::setScope):
970 (JSC::JSCallee::createStructure):
971 (JSC::JSCallee::offsetOfScopeChain):
973 * runtime/JSFunction.cpp:
974 (JSC::JSFunction::JSFunction):
975 (JSC::JSFunction::addNameScopeIfNeeded):
976 (JSC::JSFunction::visitChildren):
977 * runtime/JSFunction.h:
978 (JSC::JSFunction::scope): Deleted.
979 (JSC::JSFunction::scopeUnchecked): Deleted.
980 (JSC::JSFunction::setScope): Deleted.
981 (JSC::JSFunction::offsetOfScopeChain): Deleted.
982 * runtime/JSFunctionInlines.h:
983 (JSC::JSFunction::JSFunction):
984 Changed to reference JSCallee and its methods.
986 * runtime/JSType.h: Added JSCallee as a TypeEnum.
988 2014-09-11 Filip Pizlo <fpizlo@apple.com>
990 REGRESSION (r172129): Vine pages load as blank
991 https://bugs.webkit.org/show_bug.cgi?id=136655
992 rdar://problem/18281215
994 Reviewed by Michael Saboff.
996 If lastNode is something that is subject to DCE, then removing the Phantom's reference to something
997 that lastNode references means that the thing being referenced may no longer be kept alive for OSR.
998 Teach PhantomRemovalPhase that it's only safe to do this if lastNode is a Phantom. That's probably too
999 conservative, but that's fine since this is mainly just an optimization to make the IR sane to read and
1000 reasonably compact; it's OK if we miss cases here.
1002 * dfg/DFGPhantomRemovalPhase.cpp:
1003 (JSC::DFG::PhantomRemovalPhase::run):
1004 * tests/stress/remove-phantom-after-setlocal.js: Added.
1006 2014-09-11 Bear Travis <betravis@adobe.com>
1008 [CSS Font Loading] Enable CSS Font Loading on Mac
1009 https://bugs.webkit.org/show_bug.cgi?id=135473
1011 Reviewed by Antti Koivisto.
1013 Enable CSS Font Loading in FeatureDefines.
1015 * Configurations/FeatureDefines.xcconfig:
1017 2014-09-11 Joseph Pecoraro <pecoraro@apple.com>
1019 Unreviewed rebaseline of inspector generator test results after r173120.
1021 * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1022 * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1023 * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1024 * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1026 2014-09-11 Oliver Hunt <oliver@apple.com>
1028 Rename activation to be more in line with spec language
1029 https://bugs.webkit.org/show_bug.cgi?id=136721
1031 Reviewed by Michael Saboff.
1033 Somewhat bigger than the last one, but still just a rename.
1036 * JavaScriptCore.order:
1037 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1038 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1039 * JavaScriptCore.xcodeproj/project.pbxproj:
1040 * bytecode/BytecodeList.json:
1041 * bytecode/BytecodeUseDef.h:
1042 (JSC::computeUsesForBytecodeOffset):
1043 (JSC::computeDefsForBytecodeOffset):
1044 * bytecode/CallVariant.h:
1045 * bytecode/CodeBlock.cpp:
1046 (JSC::CodeBlock::dumpBytecode):
1047 (JSC::CodeBlock::CodeBlock):
1048 (JSC::CodeBlock::finalizeUnconditionally):
1049 (JSC::CodeBlock::isCaptured):
1050 (JSC::CodeBlock::nameForRegister):
1051 * bytecode/CodeBlock.h:
1052 (JSC::CodeBlock::setActivationRegister):
1053 (JSC::CodeBlock::activationRegister):
1054 (JSC::CodeBlock::uncheckedActivationRegister):
1055 (JSC::CodeBlock::needsActivation):
1056 * bytecode/Instruction.h:
1057 * bytecode/UnlinkedCodeBlock.h:
1058 (JSC::UnlinkedCodeBlock::setActivationRegister):
1059 (JSC::UnlinkedCodeBlock::activationRegister):
1060 (JSC::UnlinkedCodeBlock::hasActivationRegister):
1061 * bytecompiler/BytecodeGenerator.cpp:
1062 (JSC::BytecodeGenerator::BytecodeGenerator):
1063 (JSC::BytecodeGenerator::emitReturn):
1064 * bytecompiler/BytecodeGenerator.h:
1065 * debugger/DebuggerCallFrame.cpp:
1066 (JSC::DebuggerCallFrame::scope):
1067 * debugger/DebuggerScope.cpp:
1068 (JSC::DebuggerScope::isFunctionOrEvalScope):
1069 * dfg/DFGByteCodeParser.cpp:
1070 (JSC::DFG::ByteCodeParser::parseBlock):
1071 * dfg/DFGCapabilities.cpp:
1072 (JSC::DFG::capabilityLevel):
1074 (JSC::DFG::Graph::tryGetActivation):
1075 (JSC::DFG::Graph::tryGetRegisters):
1077 * dfg/DFGNodeType.h:
1078 * dfg/DFGOperations.cpp:
1079 * dfg/DFGSpeculativeJIT32_64.cpp:
1080 (JSC::DFG::SpeculativeJIT::compile):
1081 * dfg/DFGSpeculativeJIT64.cpp:
1082 (JSC::DFG::SpeculativeJIT::compile):
1083 * interpreter/CallFrame.cpp:
1084 (JSC::CallFrame::lexicalEnvironment):
1085 (JSC::CallFrame::setActivation):
1086 (JSC::CallFrame::activation): Deleted.
1087 * interpreter/CallFrame.h:
1088 * interpreter/Interpreter.cpp:
1089 (JSC::unwindCallFrame):
1090 * interpreter/Register.h:
1092 (JSC::JIT::privateCompileMainPass):
1094 * jit/JITOpcodes.cpp:
1095 (JSC::JIT::emit_op_tear_off_lexical_environment):
1096 (JSC::JIT::emit_op_tear_off_arguments):
1097 (JSC::JIT::emit_op_create_lexical_environment):
1098 (JSC::JIT::emit_op_tear_off_activation): Deleted.
1099 (JSC::JIT::emit_op_create_activation): Deleted.
1100 * jit/JITOpcodes32_64.cpp:
1101 (JSC::JIT::emit_op_tear_off_lexical_environment):
1102 (JSC::JIT::emit_op_tear_off_arguments):
1103 (JSC::JIT::emit_op_create_lexical_environment):
1104 (JSC::JIT::emit_op_tear_off_activation): Deleted.
1105 (JSC::JIT::emit_op_create_activation): Deleted.
1106 * jit/JITOperations.cpp:
1107 * jit/JITOperations.h:
1108 * llint/LLIntSlowPaths.cpp:
1109 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1110 * llint/LLIntSlowPaths.h:
1111 * llint/LowLevelInterpreter32_64.asm:
1112 * llint/LowLevelInterpreter64.asm:
1113 * runtime/Arguments.cpp:
1114 (JSC::Arguments::visitChildren):
1115 (JSC::Arguments::tearOff):
1116 (JSC::Arguments::didTearOffActivation):
1117 * runtime/Arguments.h:
1118 (JSC::Arguments::offsetOfActivation):
1119 (JSC::Arguments::argument):
1120 (JSC::Arguments::finishCreation):
1121 * runtime/CommonSlowPaths.cpp:
1122 * runtime/JSFunction.h:
1123 * runtime/JSGlobalObject.cpp:
1124 (JSC::JSGlobalObject::reset):
1125 (JSC::JSGlobalObject::visitChildren):
1126 * runtime/JSGlobalObject.h:
1127 (JSC::JSGlobalObject::activationStructure):
1128 * runtime/JSLexicalEnvironment.cpp: Renamed from Source/JavaScriptCore/runtime/JSActivation.cpp.
1129 (JSC::JSLexicalEnvironment::visitChildren):
1130 (JSC::JSLexicalEnvironment::symbolTableGet):
1131 (JSC::JSLexicalEnvironment::symbolTablePut):
1132 (JSC::JSLexicalEnvironment::getOwnNonIndexPropertyNames):
1133 (JSC::JSLexicalEnvironment::symbolTablePutWithAttributes):
1134 (JSC::JSLexicalEnvironment::getOwnPropertySlot):
1135 (JSC::JSLexicalEnvironment::put):
1136 (JSC::JSLexicalEnvironment::deleteProperty):
1137 (JSC::JSLexicalEnvironment::toThis):
1138 (JSC::JSLexicalEnvironment::argumentsGetter):
1139 * runtime/JSLexicalEnvironment.h: Renamed from Source/JavaScriptCore/runtime/JSActivation.h.
1140 (JSC::JSLexicalEnvironment::create):
1141 (JSC::JSLexicalEnvironment::createStructure):
1142 (JSC::JSLexicalEnvironment::JSLexicalEnvironment):
1143 (JSC::asActivation):
1144 (JSC::Register::lexicalEnvironment):
1145 (JSC::JSLexicalEnvironment::registersOffset):
1146 (JSC::JSLexicalEnvironment::tearOff):
1147 (JSC::JSLexicalEnvironment::isTornOff):
1148 (JSC::JSLexicalEnvironment::storageOffset):
1149 (JSC::JSLexicalEnvironment::storage):
1150 (JSC::JSLexicalEnvironment::allocationSize):
1151 (JSC::JSLexicalEnvironment::isValidIndex):
1152 (JSC::JSLexicalEnvironment::isValid):
1153 (JSC::JSLexicalEnvironment::registerAt):
1154 * runtime/JSObject.h:
1155 * runtime/JSScope.cpp:
1156 (JSC::abstractAccess):
1157 * runtime/JSScope.h:
1158 (JSC::ResolveOp::ResolveOp):
1159 * runtime/JSSymbolTableObject.cpp:
1160 * runtime/StrictEvalActivation.h:
1161 (JSC::StrictEvalActivation::create):
1164 2014-09-11 László Langó <llango.u-szeged@partner.samsung.com>
1166 [JavaScriptCore] Fix FTL on platform EFL.
1167 https://bugs.webkit.org/show_bug.cgi?id=133571
1169 Reviewed by Filip Pizlo.
1171 There are no compact_unwind sections on Linux systems so FTL crashes.
1172 We have to parse eh_frame in FTLUnwindInfo instead of compact_unwind
1173 and get the information for stack unwinding from there.
1175 * CMakeLists.txt: Revert r169181.
1176 * ftl/FTLCompile.cpp:
1177 Change section name literals to use SECTION_NAME macro, because of architecture differencies.
1178 (JSC::FTL::mmAllocateCodeSection):
1179 (JSC::FTL::mmAllocateDataSection):
1180 (JSC::FTL::compile):
1182 We need the SECTION_NAME macro in FTLCompile and FTLLink, so we define it here.
1187 (JSC::FTL::State::State):
1188 * ftl/FTLUnwindInfo.h:
1189 * ftl/FTLUnwindInfo.cpp:
1190 Lift the eh_frame parsing method from LLVM/libcxxabi project and modify it for our purposes.
1191 Parse eh_frame on Linux instead of compact_unwind.
1192 (JSC::FTL::UnwindInfo::parse):
1194 2014-09-10 Saam Barati <saambarati1@gmail.com>
1196 Web Inspector: Modify the type profiler runtime protocol to transfer some computation into the WebInspector
1197 https://bugs.webkit.org/show_bug.cgi?id=136500
1199 Reviewed by Joseph Pecoraro.
1201 This patch changes the type profiler protocol to the Web Inspector
1202 by moving the work of calculating computed properties that effect the UI
1203 into the Web Inspector. This makes the Web Inspector have control over the
1204 strings it displays as UI elements representing type information to the user
1205 instead of JavaScriptCore deciding on a convention for these strings.
1206 JavaScriptCore now sends enough information to the Web Inspector so that
1207 it can compute the properties JavaScriptCore used to compute.
1209 * inspector/agents/InspectorRuntimeAgent.cpp:
1210 (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1211 * inspector/protocol/Runtime.json:
1212 * runtime/TypeProfiler.cpp:
1213 (JSC::TypeProfiler::getTypesForVariableAtOffsetForInspector): Deleted.
1214 * runtime/TypeProfiler.h:
1215 * runtime/TypeSet.cpp:
1216 (JSC::TypeSet::inspectorTypeSet):
1217 (JSC::StructureShape::leastCommonAncestor):
1218 (JSC::StructureShape::inspectorRepresentation):
1219 * runtime/TypeSet.h:
1221 2014-09-10 Akos Kiss <akiss@inf.u-szeged.hu>
1223 Apply ARM64-specific lowering to load/store instructions in offlineasm
1224 https://bugs.webkit.org/show_bug.cgi?id=136569
1226 Reviewed by Michael Saboff.
1228 The standard risc lowering of load/store instructions with base +
1229 immediate offset addresses is to move the offset to a temporary, add the
1230 base to the temporary, and then change the load/store to use the
1231 temporary + 0 immediate offset address. However, on ARM64, base +
1232 register offset addressing mode is available, so it is unnecessary to
1233 perform explicit register additions but it is enough to change load/store
1234 to use base + temporary as the address.
1236 * offlineasm/arm64.rb: Added arm64LowerMalformedLoadStoreAddresses
1238 2014-09-10 Oliver Hunt <oliver@apple.com>
1240 Rename JSVariableObject to JSEnvironmentRecord to align naming with ES spec
1241 https://bugs.webkit.org/show_bug.cgi?id=136710
1243 Reviewed by Anders Carlsson.
1245 This is a trivial rename.
1248 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1249 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1250 * JavaScriptCore.xcodeproj/project.pbxproj:
1251 * dfg/DFGAbstractHeap.h:
1252 * dfg/DFGClobberize.h:
1253 (JSC::DFG::clobberize):
1254 * dfg/DFGSpeculativeJIT32_64.cpp:
1255 (JSC::DFG::SpeculativeJIT::compile):
1256 * dfg/DFGSpeculativeJIT64.cpp:
1257 (JSC::DFG::SpeculativeJIT::compile):
1258 * ftl/FTLAbstractHeapRepository.cpp:
1259 * ftl/FTLAbstractHeapRepository.h:
1260 * ftl/FTLLowerDFGToLLVM.cpp:
1261 (JSC::FTL::LowerDFGToLLVM::compileGetClosureRegisters):
1262 * jit/JITOpcodes32_64.cpp:
1263 * jit/JITPropertyAccess.cpp:
1264 (JSC::JIT::emitGetClosureVar):
1265 (JSC::JIT::emitPutClosureVar):
1266 * jit/JITPropertyAccess32_64.cpp:
1267 (JSC::JIT::emitGetClosureVar):
1268 (JSC::JIT::emitPutClosureVar):
1269 * llint/LLIntOffsetsExtractor.cpp:
1270 * llint/LowLevelInterpreter32_64.asm:
1271 * llint/LowLevelInterpreter64.asm:
1272 * runtime/JSActivation.cpp:
1273 (JSC::JSActivation::getOwnNonIndexPropertyNames):
1274 * runtime/JSActivation.h:
1275 * runtime/JSEnvironmentRecord.cpp: Renamed from Source/JavaScriptCore/runtime/JSVariableObject.cpp.
1276 * runtime/JSEnvironmentRecord.h: Renamed from Source/JavaScriptCore/runtime/JSVariableObject.h.
1277 (JSC::JSEnvironmentRecord::registers):
1278 (JSC::JSEnvironmentRecord::registerAt):
1279 (JSC::JSEnvironmentRecord::addressOfRegisters):
1280 (JSC::JSEnvironmentRecord::offsetOfRegisters):
1281 (JSC::JSEnvironmentRecord::JSEnvironmentRecord):
1282 * runtime/JSNameScope.h:
1283 * runtime/JSSegmentedVariableObject.h:
1285 2014-09-10 Julien Brianceau <jbriance@cisco.com>
1287 [mips] Add missing parts and fix LLINT mips backend
1288 https://bugs.webkit.org/show_bug.cgi?id=136706
1290 Reviewed by Michael Saboff.
1292 * llint/LowLevelInterpreter.asm: Fix invalid CalleeSave register number.
1293 Implement initPCRelative and setEntryAddress macros.
1294 * llint/LowLevelInterpreter32_64.asm: Fix register distribution in
1297 2014-09-10 Saam Barati <saambarati1@gmail.com>
1299 TypeSet needs a mode where it no longer profiles structure shapes
1300 https://bugs.webkit.org/show_bug.cgi?id=136263
1302 Reviewed by Filip Pizlo.
1304 The TypeSet data structure used to gather as many StructureShape
1305 objects as it encountered during type profiling. But, this meant
1306 that there was no upper limit on how many objects it could allocate.
1307 This patch places a fixed upper bound on the number of StructureShapes
1308 allocated per TypeSet to prevent using too much memory for little gain
1309 in type profiling usefulness.
1311 StructureShape objects are now also aware of when they are created
1312 from Structures which are dictionaries.
1314 In total, this patch lays the final groundwork needed in refactoring
1315 the inspector protocol for the type profiler.
1317 * runtime/Structure.cpp:
1318 (JSC::Structure::toStructureShape):
1319 * runtime/TypeProfiler.cpp:
1320 (JSC::TypeProfiler::typeInformationForExpressionAtOffset):
1321 * runtime/TypeSet.cpp:
1322 (JSC::TypeSet::TypeSet):
1323 (JSC::TypeSet::addTypeInformation):
1324 (JSC::StructureShape::StructureShape):
1325 (JSC::StructureShape::toJSONString):
1326 (JSC::StructureShape::enterDictionaryMode):
1327 * runtime/TypeSet.h:
1328 (JSC::TypeSet::isOverflown):
1329 * tests/typeProfiler/dictionary-mode.js: Added.
1331 * tests/typeProfiler/driver/driver.js:
1332 * tests/typeProfiler/overflow.js: Added.
1336 2014-09-10 Peter Gal <galpeter@inf.u-szeged.hu>
1338 [MIPS] branch32WithPatch missing
1339 https://bugs.webkit.org/show_bug.cgi?id=136696
1341 Reviewed by Michael Saboff.
1343 Added the missing branch32WithPatch. The implementation
1344 is currently the same as the branchPtrithPatch because
1345 the macro assembler supports only 32 bit MIPS.
1347 * assembler/MacroAssemblerMIPS.h:
1348 (JSC::MacroAssemblerMIPS::branch32WithPatch):
1350 2014-09-10 Dániel Bátyai <dbatyai.u-szeged@partner.samsung.com>
1352 Fix !ENABLE(DFG_JIT) build
1353 https://bugs.webkit.org/show_bug.cgi?id=136702
1355 Reviewed by Michael Saboff.
1357 * bytecode/CallEdgeProfile.h:
1359 2014-09-09 Benjamin Poulain <bpoulain@apple.com>
1361 Disable the "unreachable-code" warning
1362 https://bugs.webkit.org/show_bug.cgi?id=136677
1364 Reviewed by Darin Adler.
1366 * Configurations/Base.xcconfig:
1368 2014-09-08 Filip Pizlo <fpizlo@apple.com>
1370 DFG should have a reusable SSA builder
1371 https://bugs.webkit.org/show_bug.cgi?id=136331
1373 Reviewed by Oliver Hunt.
1375 We want to implement sophisticated SSA transformations like object allocation sinking
1376 (https://bugs.webkit.org/show_bug.cgi?id=136330), but to do that, we need to be able to do
1377 updates to SSA that require inserting new Phi's. This requires calculating where Phis go.
1378 Previously, our Phi calculation was based on Aycock and Horspool's algorithm, and our
1379 implementation of this algorithm only worked when doing CPS->SSA conversion. The code
1380 could not be reused for cases where some phase happens to know that it introduced a few
1381 defs in some blocks and it wants to figure out where the Phis should go. Moreover, even
1382 the general algorithm of Aycock and Horspool is not well suited to such targetted SSA
1383 updates, since it requires first inserting maximal Phis. That scales well when the Phis
1384 were already there (like in our CPS form) but otherwise it's quite unnatural and may be
1385 difficult to make efficient.
1387 The usual way of handling both SSA conversion and SSA update is to use Cytron et al's
1388 algorithm based on dominance frontiers. For a while now, I've been working on creating a
1389 Cytron-based SSA calculator that can be used both as a replacement for our current SSA
1390 converter and as a reusable tool for any phase that needs to do SSA update. I previously
1391 optimized our dominator calculation and representation to use dominator trees computed
1392 using Lengauer and Tarjan's algorithm - mainly to make it more scalable to enumerate over
1393 the set of blocks that dominate you or vice-versa, and then I implemented a dominance
1394 frontier calculator. This patch implements the final step towards making SSA update
1395 available to all SSA phases: it implements an SSACalculator that can tell you where Phis
1396 go when given an arbitrary set of Defs. To keep things simple, and to ensure that we have
1397 good test coverage for this SSACalculator, this patch replaces the old Aycock-Horspool
1398 SSA converter with one based on the SSACalculator.
1400 This has no observable impact. It does reduce the amount of code in SSAConversionPhase.
1401 But even better, it makes SSAConversionPhase have significantly less tricky logic. It
1402 mostly just relies on SSACalculator to do the tricky stuff, and SSAConversionPhase mostly
1403 just reasons about the weirdnesses unique to the ThreadedCPS form that it sees as input.
1404 In fact, using the Cytron et al approach means that there isn't really any "smoke and
1405 mirrors" trickyness related to SSA. SSACalculator's only "tricks" are using the pruned
1406 iterated dominance frontier to place Phi's and using the dom tree to find reaching defs.
1407 The complexity is mostly confined to Dominators, which computes various dominator-related
1408 properties over the control flow graph. That class can be difficult to understand, but at
1409 least it follows well-known graph theory wisdom.
1412 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1413 * JavaScriptCore.xcodeproj/project.pbxproj:
1414 * dfg/DFGAnalysis.h:
1415 * dfg/DFGCSEPhase.cpp:
1416 * dfg/DFGDCEPhase.cpp:
1417 (JSC::DFG::DCEPhase::run):
1418 * dfg/DFGDominators.h:
1419 (JSC::DFG::Dominators::immediateDominatorOf):
1420 (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOf):
1421 (JSC::DFG::Dominators::forAllBlocksInPrunedIteratedDominanceFrontierOf):
1423 (JSC::DFG::Graph::dump):
1424 (JSC::DFG::Graph::blocksInPreOrder):
1425 (JSC::DFG::Graph::blocksInPostOrder):
1426 (JSC::DFG::Graph::getBlocksInPreOrder): Deleted.
1427 (JSC::DFG::Graph::getBlocksInPostOrder): Deleted.
1429 * dfg/DFGLICMPhase.cpp:
1430 (JSC::DFG::LICMPhase::run):
1431 * dfg/DFGNodeFlags.h:
1433 (JSC::DFG::Phase::beginPhase):
1434 (JSC::DFG::Phase::endPhase):
1436 * dfg/DFGSSACalculator.cpp: Added.
1437 (JSC::DFG::SSACalculator::Variable::dump):
1438 (JSC::DFG::SSACalculator::Variable::dumpVerbose):
1439 (JSC::DFG::SSACalculator::Def::dump):
1440 (JSC::DFG::SSACalculator::SSACalculator):
1441 (JSC::DFG::SSACalculator::~SSACalculator):
1442 (JSC::DFG::SSACalculator::newVariable):
1443 (JSC::DFG::SSACalculator::newDef):
1444 (JSC::DFG::SSACalculator::nonLocalReachingDef):
1445 (JSC::DFG::SSACalculator::reachingDefAtTail):
1446 (JSC::DFG::SSACalculator::dump):
1447 * dfg/DFGSSACalculator.h: Added.
1448 (JSC::DFG::SSACalculator::Variable::index):
1449 (JSC::DFG::SSACalculator::Variable::Variable):
1450 (JSC::DFG::SSACalculator::Def::variable):
1451 (JSC::DFG::SSACalculator::Def::block):
1452 (JSC::DFG::SSACalculator::Def::value):
1453 (JSC::DFG::SSACalculator::Def::Def):
1454 (JSC::DFG::SSACalculator::variable):
1455 (JSC::DFG::SSACalculator::computePhis):
1456 (JSC::DFG::SSACalculator::phisForBlock):
1457 (JSC::DFG::SSACalculator::reachingDefAtHead):
1458 * dfg/DFGSSAConversionPhase.cpp:
1459 (JSC::DFG::SSAConversionPhase::SSAConversionPhase):
1460 (JSC::DFG::SSAConversionPhase::run):
1461 (JSC::DFG::SSAConversionPhase::forwardPhiChildren): Deleted.
1462 (JSC::DFG::SSAConversionPhase::forwardPhi): Deleted.
1463 (JSC::DFG::SSAConversionPhase::forwardPhiEdge): Deleted.
1464 (JSC::DFG::SSAConversionPhase::deduplicateChildren): Deleted.
1465 * dfg/DFGSSAConversionPhase.h:
1466 * dfg/DFGValidate.cpp:
1467 (JSC::DFG::Validate::Validate):
1468 (JSC::DFG::Validate::dumpGraphIfAppropriate):
1469 (JSC::DFG::validate):
1470 * dfg/DFGValidate.h:
1471 * ftl/FTLLowerDFGToLLVM.cpp:
1472 (JSC::FTL::LowerDFGToLLVM::lower):
1473 * runtime/Options.h:
1475 2014-09-08 Commit Queue <commit-queue@webkit.org>
1477 Unreviewed, rolling out r173402.
1478 https://bugs.webkit.org/show_bug.cgi?id=136649
1480 Breaking buildw with error "unable to restore file position to
1481 0x00000c60 for section __DWARF.__debug_info (errno = 9)"
1482 (Requested by mlam_ on #webkit).
1486 "Move CallFrame and Register inlines functions out of
1488 https://bugs.webkit.org/show_bug.cgi?id=136579
1489 http://trac.webkit.org/changeset/173402
1491 2014-09-08 Mark Lam <mark.lam@apple.com>
1493 Move CallFrame and Register inlines functions out of JSScope.h.
1494 <https://webkit.org/b/136579>
1496 Reviewed by Geoffrey Garen.
1498 This include fixing up some files to #include JSCInlines.h to pick up
1499 these inline functions. I also added JSCellInlines.h to JSCInlines.h
1500 since it is included from many of the affected .cpp files.
1502 * API/ObjCCallbackFunction.mm:
1503 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1504 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1505 * JavaScriptCore.xcodeproj/project.pbxproj:
1506 * bindings/ScriptValue.cpp:
1507 * inspector/InjectedScriptHost.cpp:
1508 * inspector/InjectedScriptManager.cpp:
1509 * inspector/JSGlobalObjectInspectorController.cpp:
1510 * inspector/JSJavaScriptCallFrame.cpp:
1511 * inspector/ScriptDebugServer.cpp:
1512 * interpreter/CallFrameInlines.h:
1513 (JSC::CallFrame::vm):
1514 (JSC::CallFrame::lexicalGlobalObject):
1515 (JSC::CallFrame::globalThisValue):
1516 * interpreter/RegisterInlines.h: Added.
1517 (JSC::Register::operator=):
1518 (JSC::Register::scope):
1519 * runtime/ArgumentsIteratorConstructor.cpp:
1520 * runtime/JSArrayIterator.cpp:
1521 * runtime/JSCInlines.h:
1522 * runtime/JSCJSValue.cpp:
1523 * runtime/JSMapIterator.cpp:
1524 * runtime/JSPromiseConstructor.cpp:
1525 * runtime/JSPromiseDeferred.cpp:
1526 * runtime/JSPromiseFunctions.cpp:
1527 * runtime/JSPromisePrototype.cpp:
1528 * runtime/JSPromiseReaction.cpp:
1529 * runtime/JSScope.h:
1530 (JSC::Register::operator=): Deleted.
1531 (JSC::Register::scope): Deleted.
1532 (JSC::ExecState::vm): Deleted.
1533 (JSC::ExecState::lexicalGlobalObject): Deleted.
1534 (JSC::ExecState::globalThisValue): Deleted.
1535 * runtime/JSSetIterator.cpp:
1536 * runtime/MapConstructor.cpp:
1537 * runtime/MapData.cpp:
1538 * runtime/MapIteratorPrototype.cpp:
1539 * runtime/MapPrototype.cpp:
1540 * runtime/SetConstructor.cpp:
1541 * runtime/SetIteratorPrototype.cpp:
1542 * runtime/SetPrototype.cpp:
1543 * runtime/WeakMapConstructor.cpp:
1544 * runtime/WeakMapPrototype.cpp:
1546 2014-09-08 Eva Balazsfalvi <evab.u-szeged@partner.samsung.com>
1549 https://bugs.webkit.org/show_bug.cgi?id=136571
1551 Reviewed by Darin Adler.
1553 * Configurations/FeatureDefines.xcconfig:
1555 2014-09-08 Saam Barati <saambarati1@gmail.com>
1557 Merge StructureShapes that share the same prototype chain
1558 https://bugs.webkit.org/show_bug.cgi?id=136549
1560 Reviewed by Filip Pizlo.
1562 Instead of keeping track of many discrete StructureShapes that share
1563 the same prototype chain, TypeSet should merge StructureShapes that
1564 have the same prototype chain and provide a new member variable for
1565 optional structure fields. This provides a cleaner and more concise
1566 interface for dealing with StructureShapes within TypeSet. Instead
1567 of having many discrete shapes that are almost identical, almost
1568 identical shapes will be merged together with an interface for
1569 understanding what fields the shapes being merged together differ in.
1571 * runtime/TypeSet.cpp:
1572 (JSC::TypeSet::addTypeInformation):
1573 (JSC::StructureShape::addProperty):
1574 (JSC::StructureShape::toJSONString):
1575 (JSC::StructureShape::inspectorRepresentation):
1576 (JSC::StructureShape::hasSamePrototypeChain):
1577 (JSC::StructureShape::merge):
1578 * runtime/TypeSet.h:
1579 * tests/typeProfiler/optional-fields.js: Added.
1583 2014-09-08 Jessie Berlin <jberlin@apple.com>
1585 More 32-bit Release build fixes after r173364.
1587 * dfg/DFGSpeculativeJIT32_64.cpp:
1588 (JSC::DFG::SpeculativeJIT::compile):
1590 2014-09-07 Maciej Stachowiak <mjs@apple.com>
1592 Fix typos in last patch to fix build.
1594 Unreviewed build fix.
1596 * dfg/DFGSpeculativeJIT.cpp:
1597 (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
1598 (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
1600 2014-09-07 Maciej Stachowiak <mjs@apple.com>
1602 Introduce COMPILER_QUIRK(CONSIDERS_UNREACHABLE_CODE) and use it
1603 https://bugs.webkit.org/show_bug.cgi?id=136616
1605 Reviewed by Darin Adler.
1607 Many compilers will analyze unrechable code paths (e.g. after an
1608 unreachable code path), so sometimes they need dead code initializations.
1609 But clang with suitable warnings will complain about unreachable code. So
1610 use the quirk to include it conditionally.
1612 * bytecode/CodeBlock.cpp:
1613 (JSC::CodeBlock::printGetByIdOp):
1614 * dfg/DFGOSRExitCompilerCommon.cpp:
1615 (JSC::DFG::handleExitCounts):
1617 (JSC::DFG::Plan::compileInThread):
1618 * dfg/DFGSpeculativeJIT.cpp:
1619 (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
1621 * runtime/JSArray.cpp:
1622 (JSC::JSArray::fillArgList):
1623 (JSC::JSArray::copyToArguments):
1624 * runtime/RegExp.cpp:
1625 (JSC::RegExp::compile):
1626 (JSC::RegExp::compileMatchOnly):
1628 2014-09-06 Darin Adler <darin@apple.com>
1630 Make updates suggested by new version of Xcode
1631 https://bugs.webkit.org/show_bug.cgi?id=136603
1633 Reviewed by Mark Rowe.
1635 * Configurations/Base.xcconfig: Added CLANG_WARN_UNREACHABLE_CODE, COMBINE_HIDPI_IMAGES,
1636 and ENABLE_STRICT_OBJC_MSGSEND as suggested by Xcode upgrade check.
1638 * JavaScriptCore.xcodeproj/project.pbxproj: Update LastUpgradeCheck.
1640 * dfg/DFGSpeculativeJIT.cpp:
1641 (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode): Compile out unreachable code
1642 for clang, since it understands the code is unreachable.
1643 * runtime/JSArray.cpp:
1644 (JSC::JSArray::fillArgList): Ditto.
1645 (JSC::JSArray::copyToArguments): Ditto.
1647 2014-09-05 Matt Baker <mattbaker@apple.com>
1649 Web Inspector: breakpoint actions should work regardless of Content Security Policy
1650 https://bugs.webkit.org/show_bug.cgi?id=136542
1652 Reviewed by Mark Lam.
1654 Added JSC::DebuggerEvalEnabler, an RAII object which enables eval on a
1655 JSGlobalObject for the duration of a scope, returning the eval enabled state to its
1656 original value when the scope exits. Used by JSC::DebuggerCallFrame::evaluate
1657 to allow breakpoint actions to execute JS in pages with a Content Security Policy
1658 that would normally prohibit this (such as Inspector's Main.html).
1660 Refactored Inspector::InjectedScriptBase to use the RAII object instead of manually
1661 setting eval enabled and then resetting the original eval enabled state.
1663 NOTE: The JS::DebuggerEvalEnabler constructor checks the passed in ExecState pointer
1664 for null to be equivalent with the original code in Inspector::InjectedScriptBase.
1665 InjectedScriptBase is getting the ExecState from ScriptObject::scriptState(), which
1666 can currently be null.
1668 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1669 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1670 * JavaScriptCore.xcodeproj/project.pbxproj:
1671 * debugger/DebuggerCallFrame.cpp:
1672 (JSC::DebuggerCallFrame::evaluate):
1673 * debugger/DebuggerEvalEnabler.h: Added.
1674 (JSC::DebuggerEvalEnabler::DebuggerEvalEnabler):
1675 (JSC::DebuggerEvalEnabler::~DebuggerEvalEnabler):
1676 * inspector/InjectedScriptBase.cpp:
1677 (Inspector::InjectedScriptBase::callFunctionWithEvalEnabled):
1679 2014-09-05 peavo@outlook.com <peavo@outlook.com>
1681 [WinCairo] jsc.exe won't run.
1682 https://bugs.webkit.org/show_bug.cgi?id=136481
1684 Reviewed by Alex Christensen.
1686 We need to define WIN_CAIRO to avoid looking for the AAS folder.
1688 * JavaScriptCore.vcxproj/jsc/DLLLauncherWinCairo.props: Added.
1689 * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj:
1690 * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj:
1691 * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props:
1692 * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj:
1694 2014-09-05 David Kilzer <ddkilzer@apple.com>
1696 JavaScriptCore should build with newer clang
1697 <http://webkit.org/b/136002>
1698 <rdar://problem/18020616>
1700 Reviewed by Geoffrey Garen.
1702 Other than the JSC::SourceProvider::asID() change (which simply
1703 removes code that the optimizing compiler would have discarded
1704 in Release builds), we move the |this| checks in OpaqueJSString
1705 to NULL checks in to JSBase, JSObjectRef, JSScriptRef,
1706 JSStringRef{CF} and JSValueRef.
1708 Note that the following function arguments are _not_ NULL-checked
1709 since doing so would just cover up bugs (and were not needed to
1710 prevent any tests from failing):
1711 - |script| in JSEvaluateScript(), JSCheckScriptSyntax();
1712 - |body| in JSObjectMakeFunction();
1713 - |source| in JSScriptCreateReferencingImmortalASCIIText()
1714 (which is a const char* anyway);
1715 - |source| in JSScriptCreateFromString().
1718 (JSEvaluateScript): Add NULL check for |sourceURL|.
1719 (JSCheckScriptSyntax): Ditto.
1720 * API/JSObjectRef.cpp:
1721 (JSObjectMakeFunction): Ditto.
1722 * API/JSScriptRef.cpp:
1723 (JSScriptCreateReferencingImmortalASCIIText): Ditto.
1724 (JSScriptCreateFromString): Add NULL check for |url|.
1725 * API/JSStringRef.cpp:
1726 (JSStringGetLength): Return early if NULL pointer is passed in.
1727 (JSStringGetCharactersPtr): Ditto.
1728 (JSStringGetUTF8CString): Ditto. Also check |buffer| parameter.
1729 * API/JSStringRefCF.cpp:
1730 (JSStringCopyCFString): Ditto.
1731 * API/JSValueRef.cpp:
1732 (JSValueMakeString): Add NULL check for |string|.
1734 * API/OpaqueJSString.cpp:
1735 (OpaqueJSString::string): Remove code that checks |this|.
1736 (OpaqueJSString::identifier): Ditto.
1737 (OpaqueJSString::characters): Ditto.
1738 * API/OpaqueJSString.h:
1739 (OpaqueJSString::is8Bit): Remove code that checks |this|.
1740 (OpaqueJSString::characters8): Ditto.
1741 (OpaqueJSString::characters16): Ditto.
1742 (OpaqueJSString::length): Ditto.
1744 * parser/SourceProvider.h:
1745 (JSC::SourceProvider::asID): Remove code that checks |this|.
1747 2014-06-06 Jer Noble <jer.noble@apple.com>
1749 Refactoring: make MediaTime the primary time type for audiovisual times.
1750 https://bugs.webkit.org/show_bug.cgi?id=133579
1752 Reviewed by Eric Carlson.
1754 Add a utility function which converts a MediaTime to a JSNumber.
1756 * runtime/JSCJSValue.h:
1759 2014-09-04 Michael Saboff <msaboff@apple.com>
1761 ARM: Add more coverage to ARMv7 disassembler
1762 https://bugs.webkit.org/show_bug.cgi?id=136565
1764 Reviewed by Mark Lam.
1766 Added ARMV7 disassembler support for Push/Pop multiple and floating point instructions
1767 VCMP, VCVT[R] between floating point and integer, and VLDR.
1769 * disassembler/ARMv7/ARMv7DOpcode.cpp:
1770 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopMultiple::appendRegisterList):
1771 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPopMultiple::format):
1772 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushMultiple::format):
1773 (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::format):
1774 (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::format):
1775 (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::format):
1776 * disassembler/ARMv7/ARMv7DOpcode.h:
1777 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopMultiple::registerList):
1778 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopMultiple::condition):
1779 (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::condition):
1780 (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::dBit):
1781 (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::vd):
1782 (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::szBit):
1783 (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::eBit):
1784 (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::mBit):
1785 (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::vm):
1786 (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::condition):
1787 (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::dBit):
1788 (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::op2):
1789 (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::vd):
1790 (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::szBit):
1791 (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::op):
1792 (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::mBit):
1793 (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::vm):
1794 (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::condition):
1795 (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::uBit):
1796 (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::rn):
1797 (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::vd):
1798 (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::doubleReg):
1799 (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::immediate8):
1801 2014-09-04 Mark Lam <mark.lam@apple.com>
1803 Move PropertySlot's inline functions back to PropertySlot.h.
1804 <https://webkit.org/b/136547>
1806 Reviewed by Filip Pizlo.
1808 * runtime/JSObject.h:
1809 (JSC::PropertySlot::getValue): Deleted.
1810 * runtime/PropertySlot.h:
1811 (JSC::PropertySlot::getValue):
1813 2014-09-04 Filip Pizlo <fpizlo@apple.com>
1815 Make sure that deleting all code first processes the call edge log, and reenable call edge profiling.
1817 Rubber stamped by Sam Weinig.
1819 * debugger/Debugger.cpp:
1820 (JSC::Debugger::forEachCodeBlock):
1821 (JSC::Debugger::setSteppingMode):
1822 (JSC::Debugger::recompileAllJSFunctions):
1823 * inspector/agents/InspectorRuntimeAgent.cpp:
1824 (Inspector::recompileAllJSFunctionsForTypeProfiling):
1825 * runtime/Options.h: Reenable call edge profiling.
1827 (JSC::VM::prepareToDiscardCode): Make sure this also processes the call edge log, in case any call edge profiles are about to be destroyed.
1828 (JSC::VM::discardAllCode):
1829 (JSC::VM::releaseExecutableMemory):
1830 (JSC::VM::setEnabledProfiler):
1831 (JSC::VM::waitForCompilationsToComplete): Deleted.
1832 * runtime/VM.h: Rename waitForCompilationsToComplete() back to prepareToDiscardCode() because the purpose of the method - now as ever - is to do all of the things that need to be done to ensure that code may be safely deleted.
1834 2014-09-04 Akos Kiss <akiss@inf.u-szeged.hu>
1836 Ensure that the call frame set up by vmEntryToNative does not overlap with the stack of the callee
1837 https://bugs.webkit.org/show_bug.cgi?id=136485
1839 Reviewed by Michael Saboff.
1841 Changed makeHostFunctionCall to keep the stack pointer above the call
1842 frame set up by doVMEntry. Thus the callee will/can not override the top
1845 Refactored the two (32_64 and 64) versions of makeHostFunctionCall to be
1846 more alike to help future maintenance.
1848 * llint/LowLevelInterpreter32_64.asm:
1849 * llint/LowLevelInterpreter64.asm:
1851 2014-09-04 Michael Saboff <msaboff@apple.com>
1853 REGRESSION(r173031): crashes during run-layout-jsc on x86/Linux
1854 https://bugs.webkit.org/show_bug.cgi?id=136436
1856 Reviewed by Geoffrey Garen.
1858 Instead of trying to calculate a stack pointer that allows for possible
1859 stacked argument space, just use the "home" stack pointer location.
1860 That stack pointer provides space for the worst case number of stacked
1861 arguments on architectures that use stacked arguments. It also provides
1862 stack space so that the return PC and caller frame pointer that are stored
1863 as part of making the call to operationCallEval will not override any part
1864 of the callee frame created on the stack.
1866 Changed compileCallEval() to use the stackPointer value of the calling
1867 function. That stack pointer is calculated to have enough space for
1868 outgoing stacked arguments. By moving the stack pointer to its "home"
1869 position, the caller frame and return PC are not set as part of making
1870 the call to operationCallEval(). Moved the explicit setting of the
1871 callerFrame field of the callee CallFrame from operationCallEval() to
1872 compileCallEval() since it has been the artifact of making a call for
1873 most architectures. Simplified the exception logic in compileCallEval()
1874 as a result of the change. To be compliant with the stack state
1875 expected by virtualCallThunkGenerator(), moved the stack pointer to
1876 point above the CallerFrameAndPC of the callee CallFrame.
1878 * jit/JIT.h: Changed callOperationNoExceptionCheck(J_JITOperation_EE, ...)
1879 to callOperation(J_JITOperation_EE, ...) as it now can do a typical exception
1881 * jit/JITCall.cpp & jit/JITCall32_64.cpp:
1882 (JSC::JIT::compileCallEval): Use the home stack pointer when making the call
1883 to operationCallEval. Since the stack pointer adjustment no longer needs
1884 to be done after making the call to operationCallEval(), the exception check
1885 logic can be simplified.
1886 (JSC::JIT::compileCallEvalSlowCase): Restored the stack pointer to point
1887 to above the calleeFrame as this is what the generated thunk expects.
1889 (JSC::JIT::callOperation): Refactor of callOperationNoExceptionCheck
1890 with the addition of a standard exception check.
1891 (JSC::JIT::callOperationNoExceptionCheck): Deleted.
1892 * jit/JITOperations.cpp:
1893 (JSC::operationCallEval): Eliminated the explicit setting of caller frame
1894 as that is now done in the code generated by compileCallEval().
1896 2014-09-03 Filip Pizlo <fpizlo@apple.com>
1898 Beef up the DFG's CFG analyses to include iterated dominance frontiers and more user-friendly BlockSets
1899 https://bugs.webkit.org/show_bug.cgi?id=136520
1901 Reviewed by Geoffrey Garen.
1903 Add code to compute iterated dominance frontiers. This involves using BlockSet a lot, so
1904 this patch also makes BlockSet a lot more user-friendly.
1907 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1908 * JavaScriptCore.xcodeproj/project.pbxproj:
1909 * dfg/DFGBasicBlock.h:
1910 * dfg/DFGBlockSet.cpp: Added.
1911 (JSC::DFG::BlockSet::dump):
1912 * dfg/DFGBlockSet.h:
1913 (JSC::DFG::BlockSet::iterator::iterator):
1914 (JSC::DFG::BlockSet::iterator::operator++):
1915 (JSC::DFG::BlockSet::iterator::operator==):
1916 (JSC::DFG::BlockSet::iterator::operator!=):
1917 (JSC::DFG::BlockSet::Iterable::Iterable):
1918 (JSC::DFG::BlockSet::Iterable::begin):
1919 (JSC::DFG::BlockSet::Iterable::end):
1920 (JSC::DFG::BlockSet::iterable):
1921 (JSC::DFG::BlockAdder::BlockAdder):
1922 (JSC::DFG::BlockAdder::operator()):
1923 * dfg/DFGBlockSetInlines.h: Added.
1924 (JSC::DFG::BlockSet::iterator::operator*):
1925 * dfg/DFGDominators.cpp:
1926 (JSC::DFG::Dominators::strictDominatorsOf):
1927 (JSC::DFG::Dominators::dominatorsOf):
1928 (JSC::DFG::Dominators::blocksStrictlyDominatedBy):
1929 (JSC::DFG::Dominators::blocksDominatedBy):
1930 (JSC::DFG::Dominators::dominanceFrontierOf):
1931 (JSC::DFG::Dominators::iteratedDominanceFrontierOf):
1932 * dfg/DFGDominators.h:
1933 (JSC::DFG::Dominators::forAllStrictDominatorsOf):
1934 (JSC::DFG::Dominators::forAllDominatorsOf):
1935 (JSC::DFG::Dominators::forAllBlocksStrictlyDominatedBy):
1936 (JSC::DFG::Dominators::forAllBlocksDominatedBy):
1937 (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOf):
1938 (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOf):
1939 (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOfImpl):
1940 (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOfImpl):
1942 (JSC::DFG::Graph::dumpBlockHeader):
1943 * dfg/DFGInvalidationPointInjectionPhase.cpp:
1944 (JSC::DFG::InvalidationPointInjectionPhase::run):
1946 2014-09-04 Mark Lam <mark.lam@apple.com>
1948 Fixed indentations and some style warnings in JavaScriptCore/runtime.
1949 <https://webkit.org/b/136518>
1951 Reviewed by Michael Saboff.
1953 Also removed some superflous spaces. There are no semantic changes.
1955 * runtime/Completion.h:
1956 * runtime/ConstructData.h:
1957 * runtime/DateConstructor.h:
1958 * runtime/DateInstance.h:
1959 * runtime/DateInstanceCache.h:
1960 * runtime/DatePrototype.h:
1962 * runtime/ErrorConstructor.h:
1963 * runtime/ErrorInstance.h:
1964 * runtime/ErrorPrototype.h:
1965 * runtime/FunctionConstructor.h:
1966 * runtime/FunctionPrototype.h:
1967 * runtime/GetterSetter.h:
1968 * runtime/Identifier.h:
1969 * runtime/InitializeThreading.h:
1970 * runtime/InternalFunction.h:
1971 * runtime/JSAPIValueWrapper.h:
1972 * runtime/JSFunction.h:
1974 * runtime/JSNotAnObject.h:
1975 * runtime/JSONObject.h:
1976 * runtime/JSString.h:
1977 * runtime/JSTypeInfo.h:
1978 * runtime/JSWrapperObject.h:
1980 * runtime/MathObject.h:
1981 * runtime/NativeErrorConstructor.h:
1982 * runtime/NativeErrorPrototype.h:
1983 * runtime/NumberConstructor.h:
1984 * runtime/NumberObject.h:
1985 * runtime/NumberPrototype.h:
1986 * runtime/NumericStrings.h:
1987 * runtime/ObjectConstructor.h:
1988 * runtime/ObjectPrototype.h:
1989 * runtime/PropertyDescriptor.h:
1990 * runtime/Protect.h:
1991 * runtime/PutPropertySlot.h:
1993 * runtime/RegExpCachedResult.h:
1994 * runtime/RegExpConstructor.h:
1995 * runtime/RegExpMatchesArray.h:
1996 * runtime/RegExpObject.h:
1997 * runtime/RegExpPrototype.h:
1998 * runtime/SmallStrings.h:
1999 * runtime/StringConstructor.h:
2000 * runtime/StringObject.h:
2001 * runtime/StringPrototype.h:
2002 * runtime/StructureChain.h:
2005 2014-09-04 Eva Balazsfalvi <evab.u-szeged@partner.samsung.com>
2007 Remove CSS_FILTERS flag
2008 https://bugs.webkit.org/show_bug.cgi?id=136529
2010 Reviewed by Dirk Schulze.
2012 * Configurations/FeatureDefines.xcconfig:
2014 2014-09-04 Commit Queue <commit-queue@webkit.org>
2016 Unreviewed, rolling out r173248.
2017 https://bugs.webkit.org/show_bug.cgi?id=136536
2019 call edge profiling and polymorphic call inlining are still
2020 causing crashes (Requested by eric_carlson on #webkit).
2024 "Reenable call edge profiling and polymorphic call inlining,
2025 now that a bunch of the bugs"
2026 http://trac.webkit.org/changeset/173248
2028 2014-09-04 Brian J. Burg <burg@cs.washington.edu>
2030 Web Inspector: the profiler should not accrue time to nodes while the debugger is paused
2031 https://bugs.webkit.org/show_bug.cgi?id=136352
2033 Reviewed by Timothy Hatcher.
2035 Hook up pause/continue events to the LegacyProfiler and any active
2036 ProfilerGenerators. If the debugger is paused, all intervening call
2037 entries will be created with totalTime as 0.0.
2039 * inspector/ScriptDebugServer.cpp:
2040 (Inspector::ScriptDebugServer::handlePause):
2041 * profiler/LegacyProfiler.cpp: Move from typedef'd callbacks to using
2042 std::function. This allows callbacks to take different argument types.
2044 (JSC::callFunctionForProfilesWithGroup):
2045 (JSC::LegacyProfiler::willExecute):
2046 (JSC::LegacyProfiler::didExecute):
2047 (JSC::LegacyProfiler::exceptionUnwind):
2048 (JSC::LegacyProfiler::didPause):
2049 (JSC::LegacyProfiler::didContinue):
2050 (JSC::dispatchFunctionToProfiles): Deleted.
2051 * profiler/LegacyProfiler.h:
2052 * profiler/ProfileGenerator.cpp:
2053 (JSC::ProfileGenerator::ProfileGenerator):
2054 (JSC::ProfileGenerator::endCallEntry):
2055 (JSC::ProfileGenerator::didExecute): Deleted.
2056 * profiler/ProfileGenerator.h:
2057 (JSC::ProfileGenerator::didPause):
2058 (JSC::ProfileGenerator::didContinue):
2060 2014-09-04 Commit Queue <commit-queue@webkit.org>
2062 Unreviewed, rolling out r173245.
2063 https://bugs.webkit.org/show_bug.cgi?id=136533
2065 Broke JSC tests. (Requested by ddkilzer on #webkit).
2069 "JavaScriptCore should build with newer clang"
2070 https://bugs.webkit.org/show_bug.cgi?id=136002
2071 http://trac.webkit.org/changeset/173245
2073 2014-09-04 Brian J. Burg <burg@cs.washington.edu>
2075 LegacyProfiler: ProfileNodes should be used more like structs
2076 https://bugs.webkit.org/show_bug.cgi?id=136381
2078 Reviewed by Timothy Hatcher.
2080 Previously, both the profile generator and individual profile nodes
2081 were collectively responsible for creating new Call entries and
2082 maintaining data structure invariants. This complexity is unnecessary.
2084 This patch centralizes profile data creation inside the profile generator.
2085 The profile nodes manage nextSibling and parent pointers, but do not
2086 collect the current time or create new Call entries themselves.
2088 Since ProfileNode::nextSibling and its callers are only used within
2089 debug printing code, it should be compiled out for release builds.
2091 * profiler/ProfileGenerator.cpp:
2092 (JSC::ProfileGenerator::ProfileGenerator):
2093 (JSC::AddParentForConsoleStartFunctor::operator()):
2094 (JSC::ProfileGenerator::beginCallEntry): create a new Call entry.
2095 (JSC::ProfileGenerator::endCallEntry): finish the last Call entry.
2096 (JSC::ProfileGenerator::willExecute): inline ProfileNode::willExecute()
2097 (JSC::ProfileGenerator::didExecute): inline ProfileNode::didExecute()
2098 (JSC::ProfileGenerator::stopProfiling): Only walk up the spine.
2099 (JSC::ProfileGenerator::removeProfileStart):
2100 (JSC::ProfileGenerator::removeProfileEnd):
2101 * profiler/ProfileGenerator.h:
2102 * profiler/ProfileNode.cpp:
2103 (JSC::ProfileNode::ProfileNode):
2104 (JSC::ProfileNode::addChild):
2105 (JSC::ProfileNode::removeChild):
2106 (JSC::ProfileNode::spliceNode): Renamed from insertNode.
2107 (JSC::ProfileNode::debugPrintRecursively):
2108 (JSC::ProfileNode::willExecute): Deleted.
2109 (JSC::ProfileNode::insertNode): Deleted.
2110 (JSC::ProfileNode::stopProfiling): Deleted.
2111 (JSC::ProfileNode::traverseNextNodePostOrder):
2112 (JSC::ProfileNode::endAndRecordCall): Deleted.
2113 (JSC::ProfileNode::debugPrintDataSampleStyle):
2114 * profiler/ProfileNode.h:
2115 (JSC::ProfileNode::Call::setStartTime):
2116 (JSC::ProfileNode::Call::setTotalTime):
2117 (JSC::ProfileNode::appendCall):
2118 (JSC::ProfileNode::firstChild):
2119 (JSC::ProfileNode::lastChild):
2120 (JSC::ProfileNode::nextSibling):
2121 (JSC::ProfileNode::setNextSibling):
2123 2014-09-02 Brian J. Burg <burg@cs.washington.edu>
2125 Web Inspector: fix prefixes for subclasses of JSC::ConsoleClient
2126 https://bugs.webkit.org/show_bug.cgi?id=136476
2128 Reviewed by Timothy Hatcher.
2131 * JavaScriptCore.xcodeproj/project.pbxproj:
2132 * inspector/JSGlobalObjectConsoleClient.cpp: Renamed from Source/JavaScriptCore/inspector/JSConsoleClient.cpp.
2133 * inspector/JSGlobalObjectConsoleClient.h: Renamed from Source/JavaScriptCore/inspector/JSConsoleClient.h.
2134 * inspector/JSGlobalObjectInspectorController.cpp:
2135 (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
2136 (Inspector::JSGlobalObjectInspectorController::reportAPIException):
2137 * inspector/JSGlobalObjectInspectorController.h:
2139 2014-09-03 Filip Pizlo <fpizlo@apple.com>
2141 Reenable call edge profiling and polymorphic call inlining, now that a bunch of the bugs
2144 * runtime/Options.h:
2146 2014-09-03 David Kilzer <ddkilzer@apple.com>
2148 JavaScriptCore should build with newer clang
2149 <http://webkit.org/b/136002>
2150 <rdar://problem/18020616>
2152 Reviewed by Geoffrey Garen.
2154 Other than the JSC::SourceProvider::asID() change (which simply
2155 removes code that the optimizing compiler would have discarded
2156 in Release builds), we move the |this| checks in OpaqueJSString
2157 to NULL checks in to JSBase, JSScriptRef, JSStringRef{CF} and
2161 (JSEvaluateScript): Use String() in case |script| or |sourceURL|
2163 * API/JSScriptRef.cpp:
2164 (JSScriptCreateReferencingImmortalASCIIText): Use String() in
2166 * API/JSStringRef.cpp:
2167 (JSStringGetLength): Return early if NULL pointer is passed in.
2168 (JSStringGetCharactersPtr): Ditto.
2169 (JSStringGetUTF8CString): Ditto. Also check |buffer| parameter.
2170 * API/JSStringRefCF.cpp:
2171 (JSStringCopyCFString): Ditto.
2172 * API/JSValueRef.cpp:
2173 (JSValueMakeString): Use String() in case |string| is NULL.
2175 * API/OpaqueJSString.cpp:
2176 (OpaqueJSString::string): Remove code that checks |this|.
2177 (OpaqueJSString::identifier): Ditto.
2178 (OpaqueJSString::characters): Ditto.
2179 * API/OpaqueJSString.h:
2180 (OpaqueJSString::is8Bit): Remove code that checks |this|.
2181 (OpaqueJSString::characters8): Ditto.
2182 (OpaqueJSString::characters16): Ditto.
2183 (OpaqueJSString::length): Ditto.
2185 * parser/SourceProvider.h:
2186 (JSC::SourceProvider::asID): Remove code that checks |this|.
2188 2014-09-03 Filip Pizlo <fpizlo@apple.com>
2190 CallEdgeProfile::visitWeak() shouldn't attempt to despecify empty profiles
2191 https://bugs.webkit.org/show_bug.cgi?id=136511
2193 Reviewed by Geoffrey Garen.
2195 * bytecode/CallEdgeProfile.cpp:
2196 (JSC::CallEdgeProfile::worthDespecifying):
2197 (JSC::CallEdgeProfile::visitWeak):
2198 (JSC::CallEdgeProfile::mergeBack):
2200 2014-09-03 David Kilzer <ddkilzer@apple.com>
2202 REGRESSION (r167325): (null) entry added to Xcode project file when JSBoundFunction.h was removed
2203 <http://webkit.org/b/136509>
2205 Reviewed by Daniel Bates.
2207 * JavaScriptCore.xcodeproj/project.pbxproj: Remove the (null)
2208 entry left behind when JSBoundFunction.h was removed.
2210 2014-09-03 Joseph Pecoraro <pecoraro@apple.com>
2212 Avoid warning if a process does not have access to com.apple.webinspector
2213 https://bugs.webkit.org/show_bug.cgi?id=136473
2215 Reviewed by Alexey Proskuryakov.
2217 Pre-check for access to the mach port to avoid emitting warnings
2218 in syslog for processes that do not have access.
2220 * inspector/remote/RemoteInspector.mm:
2221 (Inspector::canAccessWebInspectorMachPort):
2222 (Inspector::RemoteInspector::shared):
2224 2014-09-03 Filip Pizlo <fpizlo@apple.com>
2226 Temporarily disable call edge profiling. It is causing crashes and I'm still investigating
2229 * runtime/Options.h:
2231 2014-09-03 Balazs Kilvady <kilvadyb@homejinni.com>
2233 [MIPS] Wrong register usage in LLInt op_catch.
2234 https://bugs.webkit.org/show_bug.cgi?id=125168
2236 Reviewed by Geoffrey Garen.
2238 Fix register usage and add PIC header to all the ops in LLInt.
2240 * offlineasm/instructions.rb:
2241 * offlineasm/mips.rb:
2243 2014-09-03 Saam Barati <saambarati1@gmail.com>
2245 Create tests for type profiling
2246 https://bugs.webkit.org/show_bug.cgi?id=136161
2248 Reviewed by Geoffrey Garen.
2250 The type profiler is now being tested. These are basic tests that don't
2251 check every edge case, but will catch any major failures in the type profiler.
2253 - The basic, inheritance-based type system in TypeSet.
2254 - Function return types.
2255 - Correct merging of types for multiple assignments to one variable.
2257 This patch also provides an API for writing new tests for
2258 the type profiler. The API works by passing in a function and a
2259 unique substring of an expression contained in that function, and
2260 returns an object representing type information for that expression.
2263 (GlobalObject::finishCreation):
2264 (functionFindTypeForExpression):
2265 (functionReturnTypeFor):
2266 * runtime/TypeProfiler.cpp:
2267 (JSC::TypeProfiler::typeInformationForExpressionAtOffset):
2268 * runtime/TypeProfiler.h:
2269 * runtime/TypeProfilerLog.h:
2270 * runtime/TypeSet.cpp:
2271 (JSC::TypeSet::toJSONString):
2272 (JSC::StructureShape::toJSONString):
2273 * runtime/TypeSet.h:
2274 * tests/typeProfiler: Added.
2275 * tests/typeProfiler.yaml: Added.
2276 * tests/typeProfiler/basic.js: Added.
2279 * tests/typeProfiler/captured.js: Added.
2280 (wrapper.changeFoo):
2282 * tests/typeProfiler/driver: Added.
2283 * tests/typeProfiler/driver/driver.js: Added.
2285 * tests/typeProfiler/inheritance.js: Added.
2290 * tests/typeProfiler/return.js: Added.
2294 2014-09-03 Julien Brianceau <jbriance@cisco.com>
2296 Add missing implementations to fix build for sh4 architecture
2297 https://bugs.webkit.org/show_bug.cgi?id=136455
2299 Reviewed by Geoffrey Garen.
2301 * assembler/MacroAssemblerSH4.h:
2302 (JSC::MacroAssemblerSH4::store8):
2303 (JSC::MacroAssemblerSH4::moveWithPatch):
2304 (JSC::MacroAssemblerSH4::branchAdd32):
2305 (JSC::MacroAssemblerSH4::branch32WithPatch):
2306 (JSC::MacroAssemblerSH4::abortWithReason):
2307 (JSC::MacroAssemblerSH4::canJumpReplacePatchableBranch32WithPatch):
2308 (JSC::MacroAssemblerSH4::startOfPatchableBranch32WithPatchOnAddress):
2309 (JSC::MacroAssemblerSH4::revertJumpReplacementToPatchableBranch32WithPatch):
2310 * jit/AssemblyHelpers.h:
2311 (JSC::AssemblyHelpers::emitFunctionPrologue):
2312 (JSC::AssemblyHelpers::emitFunctionEpilogue):
2314 2014-09-03 Dan Bernstein <mitz@apple.com>
2316 Get rid of HIGH_DPI_CANVAS leftovers
2317 https://bugs.webkit.org/show_bug.cgi?id=136491
2319 Reviewed by Benjamin Poulain.
2321 * Configurations/FeatureDefines.xcconfig: Removed definition of ENABLE_HIGH_DPI_CANVAS
2322 and removed it from FEATURE_DEFINES.
2324 2014-09-03 Filip Pizlo <fpizlo@apple.com>
2326 CallEdgeProfile::visitWeak() should gracefully handle the case where primaryCallee duplicates an entry in otherCallees
2327 https://bugs.webkit.org/show_bug.cgi?id=136490
2329 Reviewed by Geoffrey Garen.
2331 * bytecode/CallEdgeProfile.cpp:
2332 (JSC::CallEdgeProfile::visitWeak):
2334 2014-09-03 Filip Pizlo <fpizlo@apple.com>
2336 FTL In implementation sets callReturnLocation incorrectly leading to crashes beneath repatchCall()
2337 https://bugs.webkit.org/show_bug.cgi?id=136488
2339 Reviewed by Mark Hahnenberg.
2341 * ftl/FTLCompile.cpp:
2342 (JSC::FTL::generateCheckInICFastPath): The call is in the slow path.
2343 * tests/stress/ftl-in-overflow.js: Added. This used to crash with 100% with FTL enabled.
2346 2014-09-03 Akos Kiss <akiss@inf.u-szeged.hu>
2348 Don't generate superfluous mov instructions for move immediate on ARM64.
2349 https://bugs.webkit.org/show_bug.cgi?id=136435
2351 Reviewed by Michael Saboff.
2353 On ARM64, the size of an immediate operand for a mov instruction is 16
2354 bits. Thus, a move immediate offlineasm instruction may potentially be
2355 split up to several machine level instructions. The current
2356 implementation always emits a mov for the least significant 16 bits of
2357 the value. However, if any of the bits 63:16 are significant then the
2358 first emitted mov already filled bits 15:0 with zeroes (or ones, for
2359 negative values). So, if bits 15:0 of the value are all zeroes (or ones)
2360 then the last mov does not need to be emitted.
2362 * offlineasm/arm64.rb:
2364 2014-09-02 Brian J. Burg <burg@cs.washington.edu>
2366 LegacyProfiler: remove redundant ProfileNode members and other cleanup
2367 https://bugs.webkit.org/show_bug.cgi?id=136380
2369 Reviewed by Timothy Hatcher.
2371 ProfileNode's selfTime and totalTime members are redundant and only used
2372 for dumping profile data from debug-only code. Remove the members and compute
2373 the same data on-demand when necessary using a postorder traversal functor.
2375 Remove ProfileNode.head since it is only used to calculate percentages for
2376 dumped profile data. This can be explicitly passed around when needed.
2378 Rename Profile.head to Profile.rootNode, and other various renamings.
2380 Rearrange some header includes so that touching LegacyProfiler-related headers
2381 will no longer cause a full rebuild.
2383 * inspector/JSConsoleClient.cpp: Add header include.
2384 * inspector/agents/InspectorProfilerAgent.cpp:
2385 (Inspector::InspectorProfilerAgent::buildProfileInspectorObject):
2386 * inspector/protocol/Profiler.json: Remove unused Profile.idleTime member.
2387 * jit/JIT.h: Remove header include.
2388 * jit/JITCode.h: Remove header include.
2389 * jit/JITOperations.cpp: Sort and add header include.
2390 * llint/LLIntSlowPaths.cpp: Sort and add header include.
2391 * profiler/Profile.cpp: Rename the debug dumping functions. Move the node
2392 postorder traversal code to ProfileNode so we can traverse any subtree.
2393 (JSC::Profile::Profile):
2394 (JSC::Profile::debugPrint):
2395 (JSC::Profile::debugPrintSampleStyle):
2396 (JSC::Profile::forEach): Deleted.
2397 (JSC::Profile::debugPrintData): Deleted.
2398 (JSC::Profile::debugPrintDataSampleStyle): Deleted.
2399 * profiler/Profile.h:
2400 * profiler/ProfileGenerator.cpp:
2401 (JSC::ProfileGenerator::ProfileGenerator):
2402 (JSC::AddParentForConsoleStartFunctor::AddParentForConsoleStartFunctor):
2403 (JSC::AddParentForConsoleStartFunctor::operator()):
2404 (JSC::ProfileGenerator::addParentForConsoleStart):
2405 (JSC::ProfileGenerator::didExecute):
2406 (JSC::StopProfilingFunctor::operator()):
2407 (JSC::ProfileGenerator::stopProfiling):
2408 (JSC::ProfileGenerator::removeProfileStart):
2409 (JSC::ProfileGenerator::removeProfileEnd):
2410 * profiler/ProfileGenerator.h:
2411 * profiler/ProfileNode.cpp:
2412 (JSC::ProfileNode::ProfileNode):
2413 (JSC::ProfileNode::willExecute):
2414 (JSC::ProfileNode::removeChild):
2415 (JSC::ProfileNode::stopProfiling):
2416 (JSC::ProfileNode::endAndRecordCall):
2417 (JSC::ProfileNode::debugPrint):
2418 (JSC::ProfileNode::debugPrintSampleStyle):
2419 (JSC::ProfileNode::debugPrintRecursively):
2420 (JSC::ProfileNode::debugPrintSampleStyleRecursively):
2421 (JSC::ProfileNode::debugPrintData): Deleted.
2422 (JSC::ProfileNode::debugPrintDataSampleStyle): Deleted.
2423 * profiler/ProfileNode.h: Calculate per-node self and total times using a postorder traversal.
2424 The forEachNodePostorder functor traverses the subtree rooted at |this|.
2425 (JSC::ProfileNode::create):
2426 (JSC::ProfileNode::calls):
2427 (JSC::ProfileNode::forEachNodePostorder):
2428 (JSC::CalculateProfileSubtreeDataFunctor::returnValue):
2429 (JSC::CalculateProfileSubtreeDataFunctor::operator()):
2430 (JSC::ProfileNode::head): Deleted.
2431 (JSC::ProfileNode::setHead): Deleted.
2432 (JSC::ProfileNode::totalTime): Deleted.
2433 (JSC::ProfileNode::setTotalTime): Deleted.
2434 (JSC::ProfileNode::selfTime): Deleted.
2435 (JSC::ProfileNode::setSelfTime): Deleted.
2436 (JSC::ProfileNode::totalPercent): Deleted.
2437 (JSC::ProfileNode::selfPercent): Deleted.
2438 * runtime/ConsoleClient.h: Remove header include.
2440 2014-09-02 Brian J. Burg <burg@cs.washington.edu>
2442 Web Inspector: remove ProfilerAgent and legacy profiler files in the frontend
2443 https://bugs.webkit.org/show_bug.cgi?id=136462
2445 Reviewed by Timothy Hatcher.
2447 It's not used by the frontend anymore.
2450 * DerivedSources.make:
2451 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2452 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2453 * JavaScriptCore.xcodeproj/project.pbxproj:
2455 * inspector/JSConsoleClient.cpp:
2456 (Inspector::JSConsoleClient::JSConsoleClient): Stub out console.profile/profileEnd
2457 methods since they didn't work for JSContexts anyway.
2458 (Inspector::JSConsoleClient::profile):
2459 (Inspector::JSConsoleClient::profileEnd):
2460 * inspector/JSConsoleClient.h:
2462 * inspector/JSGlobalObjectInspectorController.cpp:
2463 (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
2464 * inspector/agents/InspectorProfilerAgent.cpp: Removed.
2465 * inspector/agents/InspectorProfilerAgent.h: Removed.
2466 * inspector/agents/JSGlobalObjectProfilerAgent.cpp: Removed.
2467 * inspector/agents/JSGlobalObjectProfilerAgent.h: Removed.
2468 * inspector/protocol/Profiler.json: Removed.
2470 2014-09-02 Andreas Kling <akling@apple.com>
2472 Optimize own property GetByVals with rope string subscripts.
2473 <https://webkit.org/b/136458>
2475 For simple JSObjects that don't override getOwnPropertySlot to implement
2476 custom properties, we have a fast path that grabs directly at the object
2479 Make this fast path even faster when the property name is an unresolved
2480 rope string by using JSString::toExistingAtomicString(). This is faster
2481 because it avoids allocating a new StringImpl if the string is already
2482 a known Identifier, which is guaranteed to be the case if it's present
2483 as an own property on the object.)
2485 ~10% speed-up on Dromaeo/dom-attr.html
2487 Reviewed by Geoffrey Garen.
2489 * dfg/DFGOperations.cpp:
2490 * jit/JITOperations.cpp:
2492 * llint/LLIntSlowPaths.cpp:
2493 (JSC::LLInt::getByVal):
2495 When using the fastGetOwnProperty() optimization, get the String
2496 out of JSString by using toExistingAtomicString(). This avoids
2497 StringImpl allocation and lets us bypass the PropertyTable lookup
2498 entirely if no AtomicString is found.
2501 * runtime/JSCellInlines.h:
2502 (JSC::JSCell::fastGetOwnProperty):
2504 Make fastGetOwnProperty() take a PropertyName instead of a String.
2505 This avoids churning the ref count, since we don't need to create
2506 a temporary wrapper around the AtomicStringImpl* found in GetByVal.
2508 * runtime/PropertyName.h:
2509 (JSC::PropertyName::PropertyName):
2511 Add constructor: PropertyName(AtomicStringImpl*)
2513 * runtime/PropertyMapHashTable.h:
2514 (JSC::PropertyTable::get):
2515 (JSC::PropertyTable::findWithString): Deleted.
2516 * runtime/Structure.h:
2517 * runtime/StructureInlines.h:
2518 (JSC::Structure::get):
2520 Remove code for querying a PropertyTable with an unhashed string key
2521 since the only client is now gone.
2523 2014-09-02 Dániel Bátyai <dbatyai.u-szeged@partner.samsung.com>
2525 [ARM] MacroAssembler generating incorrect code on ARM32 Traditional
2526 https://bugs.webkit.org/show_bug.cgi?id=136429
2528 Reviewed by Csaba Osztrogonác.
2530 Changed test32 to use tst to check if reg is zero, instead of cmp.
2532 * assembler/MacroAssemblerARM.h:
2533 (JSC::MacroAssemblerARM::test32):
2535 2014-09-02 Michael Saboff <msaboff@apple.com>
2537 Out of bounds write in vmEntryToJavaScript / JSC::JITCode::execute
2538 https://bugs.webkit.org/show_bug.cgi?id=136305
2540 Reviewed by Filip Pizlo.
2542 While preparing the callee's CallFrame, ProtoCallFrame fixes any arity mismatch
2543 and then JITCode::execute() calls the normal entrypoint. This is incompatible
2544 with the expectation of FTL generated functions. Changed ProtoCallFrame to not
2545 perform the arity fix, but just flag an arity mismatch. now JITCode::execute()
2546 uses that arity mismatch condition to select the normal or arity check
2547 entrypoint. The entrypoint selection is only done for functions, programs
2548 and eval always have one parameter.
2550 * interpreter/ProtoCallFrame.cpp:
2551 (JSC::ProtoCallFrame::init): Changed to flag arity mismatch instead of fixing it.
2552 * interpreter/ProtoCallFrame.h:
2553 (JSC::ProtoCallFrame::needArityCheck): New boolean to signify what entrypoint
2556 (JSC::JITCode::execute): Select normal or arity check entrypoint as appropriate.
2558 2014-09-02 peavo@outlook.com <peavo@outlook.com>
2560 [WinCairo] testapi.exe is not built.
2561 https://bugs.webkit.org/show_bug.cgi?id=136369
2563 Reviewed by Alex Christensen.
2565 The testapi project should be of type Application.
2567 * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj: Change project type to Application.
2568 * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj: Ditto.
2569 * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props: Compile and link fix.
2570 * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj: Change project type to Application.
2572 2014-09-01 Akos Kiss <akiss@inf.u-szeged.hu>
2574 [CMAKE] Add missing offlineasm dependencies
2575 https://bugs.webkit.org/show_bug.cgi?id=136437
2577 Reviewed by Csaba Osztrogonác.
2579 Add the ARM64, MIPS and SH4 backends to the dependencies.
2583 2014-09-01 Brian J. Burg <burg@cs.washington.edu>
2585 Provide column numbers to DTrace willExecute/didExecute probes
2586 https://bugs.webkit.org/show_bug.cgi?id=136434
2588 Reviewed by Antti Koivisto.
2590 Provide the columnNumber and update stubs for !HAVE(DTRACE).
2592 * profiler/ProfileGenerator.cpp:
2593 (JSC::ProfileGenerator::willExecute):
2594 (JSC::ProfileGenerator::didExecute):
2595 * runtime/Tracing.d:
2596 * runtime/Tracing.h:
2598 2014-09-01 Gyuyoung Kim <gyuyoung.kim@samsung.com>
2600 [CMAKE] Build warning by INTERFACE_LINK_LIBRARIES
2601 https://bugs.webkit.org/show_bug.cgi?id=136194
2603 Reviewed by Csaba Osztrogonác.
2605 Set the LINK_INTERFACE_LIBRARIES target property on the top level CMakeLists.txt.
2609 2014-08-26 Maciej Stachowiak <mjs@apple.com>
2611 Use RetainPtr::autorelease in some places where it seems appropriate
2612 https://bugs.webkit.org/show_bug.cgi?id=136280
2614 Reviewed by Darin Adler.
2617 (-[JSContext name]): Use RetainPtr::autorelease() in place of ObjC autorelease.
2619 (valueToString): Make appropriate use of RetainPtr
2621 2014-08-29 Akos Kiss <akiss@inf.u-szeged.hu>
2623 Ensure that the call frame passed from doVMEntry to the called function always contains the valid scope chain.
2624 https://bugs.webkit.org/show_bug.cgi?id=136391
2626 Reviewed by Michael Saboff.
2628 Do not rely on calling conventions to fill in the CallerFrame component
2629 of the ExecState* parameter of the called function.
2631 * llint/LowLevelInterpreter32_64.asm:
2632 * llint/LowLevelInterpreter64.asm:
2634 2014-08-29 Saam Barati <sbarati@apple.com>
2636 emit op_profile_type for deconstruction assignments
2637 https://bugs.webkit.org/show_bug.cgi?id=136274
2639 Reviewed by Filip Pizlo.
2641 Enable type profiling for ES6 deconstruction expressions.
2643 * bytecompiler/NodesCodegen.cpp:
2644 (JSC::BindingNode::bindValue):
2646 2014-08-29 Joseph Pecoraro <pecoraro@apple.com>
2648 JavaScriptCore: Use ASCIILiteral where possible
2649 https://bugs.webkit.org/show_bug.cgi?id=136179
2651 Reviewed by Michael Saboff.
2653 General string / character related changes. Use ASCIILiteral where
2654 possible, jsNontrivialString where possible, and replace string
2655 literals with character literals in some places.
2657 No new tests, no changes to functionality.
2659 * bytecode/CodeBlock.cpp:
2660 (JSC::CodeBlock::nameForRegister):
2661 * bytecompiler/NodesCodegen.cpp:
2662 (JSC::PostfixNode::emitBytecode):
2663 (JSC::PrefixNode::emitBytecode):
2664 (JSC::AssignErrorNode::emitBytecode):
2665 (JSC::ForInNode::emitMultiLoopBytecode):
2666 (JSC::ForOfNode::emitBytecode):
2667 (JSC::ObjectPatternNode::toString):
2668 * dfg/DFGFunctionWhitelist.cpp:
2669 (JSC::DFG::FunctionWhitelist::contains):
2670 * dfg/DFGOperations.cpp:
2671 (JSC::DFG::newTypedArrayWithSize):
2672 (JSC::DFG::newTypedArrayWithOneArgument):
2673 * inspector/ConsoleMessage.cpp:
2674 (Inspector::ConsoleMessage::addToFrontend):
2675 * inspector/InspectorBackendDispatcher.cpp:
2676 (Inspector::InspectorBackendDispatcher::dispatch):
2677 * inspector/ScriptCallStackFactory.cpp:
2678 (Inspector::extractSourceInformationFromException):
2679 * inspector/scripts/codegen/generator_templates.py:
2680 * interpreter/StackVisitor.cpp:
2681 (JSC::StackVisitor::Frame::functionName):
2682 (JSC::StackVisitor::Frame::sourceURL):
2683 * jit/JITOperations.cpp:
2685 (functionDescribeArray):
2689 (functionCheckSyntax):
2690 (functionTransferArrayBuffer):
2694 (JSC::Lexer<T>::invalidCharacterMessage):
2695 (JSC::Lexer<T>::parseString):
2696 (JSC::Lexer<T>::parseStringSlowCase):
2697 (JSC::Lexer<T>::lex):
2698 * profiler/Profile.cpp:
2699 (JSC::Profile::Profile):
2700 * runtime/Arguments.cpp:
2701 (JSC::argumentsFuncIterator):
2702 * runtime/ArrayPrototype.cpp:
2703 (JSC::performSlowSort):
2704 (JSC::arrayProtoFuncSort):
2705 * runtime/ExceptionHelpers.cpp:
2707 (JSC::createInvalidParameterError):
2708 (JSC::createNotAConstructorError):
2709 (JSC::createNotAFunctionError):
2710 (JSC::createNotAnObjectError):
2711 (JSC::createErrorForInvalidGlobalAssignment):
2712 * runtime/FunctionPrototype.cpp:
2713 (JSC::insertSemicolonIfNeeded):
2714 * runtime/JSArray.cpp:
2715 (JSC::JSArray::defineOwnProperty):
2716 (JSC::JSArray::pop):
2717 (JSC::JSArray::push):
2718 * runtime/JSArrayBufferConstructor.cpp:
2719 (JSC::JSArrayBufferConstructor::finishCreation):
2720 * runtime/JSArrayBufferPrototype.cpp:
2721 (JSC::arrayBufferProtoFuncSlice):
2722 * runtime/JSDataView.cpp:
2723 (JSC::JSDataView::create):
2724 * runtime/JSDataViewPrototype.cpp:
2727 * runtime/JSGlobalObject.cpp:
2728 (JSC::JSGlobalObject::reset):
2729 * runtime/JSGlobalObjectFunctions.cpp:
2730 (JSC::globalFuncProtoSetter):
2731 * runtime/JSPromiseConstructor.cpp:
2732 (JSC::JSPromiseConstructor::finishCreation):
2733 * runtime/LiteralParser.cpp:
2734 (JSC::LiteralParser<CharType>::Lexer::lex):
2735 (JSC::LiteralParser<CharType>::Lexer::lexString):
2736 (JSC::LiteralParser<CharType>::parse):
2737 * runtime/LiteralParser.h:
2738 (JSC::LiteralParser::getErrorMessage):
2739 * runtime/TypeSet.cpp:
2740 (JSC::TypeSet::seenTypes):
2741 (JSC::TypeSet::displayName):
2742 (JSC::TypeSet::allPrimitiveTypeNames):
2743 (JSC::StructureShape::propertyHash):
2744 (JSC::StructureShape::stringRepresentation):
2746 2014-08-29 Csaba Osztrogonác <ossy@webkit.org>
2748 Unreviwed, remove empty directories.
2752 2014-08-28 Mark Lam <mark.lam@apple.com>
2754 DebuggerCallFrame::scope() should return a DebuggerScope.
2755 <https://webkit.org/b/134420>
2757 Reviewed by Geoffrey Garen.
2759 Rolling back in r170680 with the fix for <https://webkit.org/b/135656>.
2761 Previously, DebuggerCallFrame::scope() returns a JSActivation (and relevant
2762 peers) which the WebInspector will use to introspect CallFrame variables.
2763 Instead, we should be returning a DebuggerScope as an abstraction layer that
2764 provides the introspection functionality that the WebInspector needs. This
2765 is the first step towards not forcing every frame to have a JSActivation
2766 object just because the debugger is enabled.
2768 1. Instantiate the debuggerScopeStructure as a member of the JSGlobalObject
2769 instead of the VM. This allows JSObject::globalObject() to be able to
2770 return the global object for the DebuggerScope.
2772 2. On the DebuggerScope's life-cycle management:
2774 The DebuggerCallFrame is designed to be "valid" only during a debugging session
2775 (while the debugger is broken) through the use of a DebuggerCallFrameScope in
2776 Debugger::pauseIfNeeded(). Once the debugger resumes from the break, the
2777 DebuggerCallFrameScope destructs, and the DebuggerCallFrame will be invalidated.
2778 We can't guarantee (from this code alone) that the Inspector code isn't still
2779 holding a ref to the DebuggerCallFrame (though they shouldn't), but by contract,
2780 the frame will be invalidated, and any attempt to query it will return null values.
2781 This is pre-existing behavior.
2783 Now, we're adding the DebuggerScope into the picture. While a single debugger
2784 pause session is in progress, the Inspector may request the scope from the
2785 DebuggerCallFrame. While the DebuggerCallFrame is still valid, we want
2786 DebuggerCallFrame::scope() to always return the same DebuggerScope object.
2787 This is why we hold on to the DebuggerScope with a strong ref.
2789 If we use a weak ref instead, the following cooky behavior can manifest:
2790 1. The Inspector calls Debugger::scope() to get the top scope.
2791 2. The Inspector iterates down the scope chain and is now only holding a
2792 reference to a parent scope. It is no longer referencing the top scope.
2793 3. A GC occurs, and the DebuggerCallFrame's weak m_scope ref to the top scope
2795 4. The Inspector calls DebuggerCallFrame::scope() to get the top scope again but gets
2796 a different DebuggerScope instance.
2797 5. The Inspector iterates down the scope chain but never sees the parent scope
2798 instance that retained a ref to in step 2 above. This is because when iterating
2799 this new DebuggerScope instance (which has no knowledge of the previous parent
2800 DebuggerScope instance), a new DebuggerScope instance will get created for the
2803 Since the DebuggerScope is a JSObject, its liveness is determined by its reachability.
2804 However, its "validity" is determined by the life-cycle of its owner DebuggerCallFrame.
2805 When the owner DebuggerCallFrame gets invalidated, its debugger scope chain (if
2806 instantiated) will also get invalidated. This is why we need the
2807 DebuggerScope::invalidateChain() method. The Inspector should not be using the
2808 DebuggerScope instance after its owner DebuggerCallFrame is invalidated. If it does,
2809 those methods will do nothing or returned a failed status.
2811 Fix for <https://webkit.org/b/135656>:
2812 3. DebuggerScope::getOwnPropertySlot() and DebuggerScope::put() need to set
2813 m_thisValue in the returned slot to the wrapped scope object. Previously,
2814 it was pointing to the DebuggerScope though the rest of the fields in the
2815 returned slot will be set to data pertaining the wrapped scope object.
2817 4. DebuggerScope::getOwnPropertySlot() will invoke getPropertySlot() on its
2818 wrapped scope. This is because JSObject::getPropertySlot() cannot be
2819 overridden, and when called on a DebuggerScope, will not know to look in
2820 the ptototype chain of the DebuggerScope's wrapped scope. Hence, we'll
2821 treat all properties in the wrapped scope as own properties in the
2822 DebuggerScope. This is fine because the WebInspector does not presently
2823 care about where in the prototype chain the scope property comes from.
2825 Note that the DebuggerScope and the JSActivation objects that it wraps do
2826 not have prototypes. They are always jsNull(). This works perfectly with
2827 the above change to use getPropertySlot() instead of getOwnPropertySlot().
2828 To make this an explicit invariant, I also changed DebuggerScope::createStructure()
2829 and JSActivation::createStructure() to not take a prototype argument, and
2830 to always use jsNull() for their prototype value.
2832 * debugger/Debugger.h:
2833 * debugger/DebuggerCallFrame.cpp:
2834 (JSC::DebuggerCallFrame::scope):
2835 (JSC::DebuggerCallFrame::evaluate):
2836 (JSC::DebuggerCallFrame::invalidate):
2837 * debugger/DebuggerCallFrame.h:
2838 * debugger/DebuggerScope.cpp:
2839 (JSC::DebuggerScope::DebuggerScope):
2840 (JSC::DebuggerScope::finishCreation):
2841 (JSC::DebuggerScope::visitChildren):
2842 (JSC::DebuggerScope::className):
2843 (JSC::DebuggerScope::getOwnPropertySlot):
2844 (JSC::DebuggerScope::put):
2845 (JSC::DebuggerScope::deleteProperty):
2846 (JSC::DebuggerScope::getOwnPropertyNames):
2847 (JSC::DebuggerScope::defineOwnProperty):
2848 (JSC::DebuggerScope::next):
2849 (JSC::DebuggerScope::invalidateChain):
2850 (JSC::DebuggerScope::isWithScope):
2851 (JSC::DebuggerScope::isGlobalScope):
2852 (JSC::DebuggerScope::isFunctionOrEvalScope):
2853 * debugger/DebuggerScope.h:
2854 (JSC::DebuggerScope::create):
2855 (JSC::DebuggerScope::createStructure):
2856 (JSC::DebuggerScope::iterator::iterator):
2857 (JSC::DebuggerScope::iterator::get):
2858 (JSC::DebuggerScope::iterator::operator++):
2859 (JSC::DebuggerScope::iterator::operator==):
2860 (JSC::DebuggerScope::iterator::operator!=):
2861 (JSC::DebuggerScope::isValid):
2862 (JSC::DebuggerScope::jsScope):
2863 (JSC::DebuggerScope::begin):
2864 (JSC::DebuggerScope::end):
2865 * inspector/JSJavaScriptCallFrame.cpp:
2866 (Inspector::JSJavaScriptCallFrame::scopeType):
2867 (Inspector::JSJavaScriptCallFrame::scopeChain):
2868 * inspector/JavaScriptCallFrame.h:
2869 (Inspector::JavaScriptCallFrame::scopeChain):
2870 * inspector/ScriptDebugServer.cpp:
2871 * runtime/JSActivation.h:
2872 (JSC::JSActivation::createStructure):
2873 * runtime/JSGlobalObject.cpp:
2874 (JSC::JSGlobalObject::reset):
2875 (JSC::JSGlobalObject::visitChildren):
2876 * runtime/JSGlobalObject.h:
2877 (JSC::JSGlobalObject::debuggerScopeStructure):
2878 * runtime/JSObject.cpp:
2879 * runtime/JSObject.h:
2880 (JSC::JSObject::isWithScope):
2881 * runtime/JSScope.h:
2882 * runtime/PropertySlot.h:
2883 (JSC::PropertySlot::setThisValue):
2884 * runtime/PutPropertySlot.h:
2885 (JSC::PutPropertySlot::setThisValue):
2890 2014-08-28 Andreas Kling <akling@apple.com>
2892 Use JSString::toIdentifier() in more places.
2893 <https://webkit.org/b/136348>
2895 Call sites that grab the WTF::String from a JSString using value() can
2896 use the more efficient toIdentifier() if the string is going to be used
2897 to construct an Identifier.
2899 If the JSString is a rope that resolves to something that is already
2900 present in the VM's Identifier table, using toIdentifier() can avoid
2901 allocating a new StringImpl.
2903 Reviewed by Geoffrey Garen.
2905 * jit/JITOperations.cpp:
2906 * llint/LLIntSlowPaths.cpp:
2907 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2908 * runtime/CommonSlowPaths.cpp:
2909 (JSC::SLOW_PATH_DECL):
2910 * runtime/CommonSlowPaths.h:
2911 (JSC::CommonSlowPaths::opIn):
2912 * runtime/JSONObject.cpp:
2913 (JSC::Stringifier::Stringifier):
2914 * runtime/ObjectConstructor.cpp:
2915 (JSC::objectConstructorGetOwnPropertyDescriptor):
2916 (JSC::objectConstructorDefineProperty):
2917 * runtime/ObjectPrototype.cpp:
2918 (JSC::objectProtoFuncPropertyIsEnumerable):
2920 2014-08-27 Filip Pizlo <fpizlo@apple.com>
2922 DFG should compute immediate dominators using the O(n log n) form of Lengauer and Tarjan's "A Fast Algorithm for Finding Dominators in a Flowgraph"
2923 https://bugs.webkit.org/show_bug.cgi?id=93361
2925 Reviewed by Mark Hahnenberg.
2927 This patch also adds some new utilities for reasoning about block-keyed maps, block sets,
2928 and block worklists. It changes preexisting code to use these abstractions.
2930 The main effect of this code is that all current clients of dominators end up using the
2931 results of the new idom calculation. We convert the dom tree to a dominance test using
2932 Dietz's pre/post number range check trick.
2935 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2936 * JavaScriptCore.xcodeproj/project.pbxproj:
2937 * dfg/DFGAnalysis.h:
2938 (JSC::DFG::Analysis::computeIfNecessary):
2939 (JSC::DFG::Analysis::computeDependencies):
2940 * dfg/DFGBlockMap.h: Added.
2941 (JSC::DFG::BlockMap::BlockMap):
2942 (JSC::DFG::BlockMap::size):
2943 (JSC::DFG::BlockMap::atIndex):
2944 (JSC::DFG::BlockMap::operator[]):
2945 * dfg/DFGBlockMapInlines.h: Added.
2946 (JSC::DFG::BlockMap<T>::BlockMap):
2947 * dfg/DFGBlockSet.h: Added.
2948 (JSC::DFG::BlockSet::BlockSet):
2949 (JSC::DFG::BlockSet::add):
2950 (JSC::DFG::BlockSet::contains):
2951 * dfg/DFGBlockWorklist.cpp: Added.
2952 (JSC::DFG::BlockWorklist::BlockWorklist):
2953 (JSC::DFG::BlockWorklist::~BlockWorklist):
2954 (JSC::DFG::BlockWorklist::push):
2955 (JSC::DFG::BlockWorklist::pop):
2956 (JSC::DFG::PostOrderBlockWorklist::PostOrderBlockWorklist):
2957 (JSC::DFG::PostOrderBlockWorklist::~PostOrderBlockWorklist):
2958 (JSC::DFG::PostOrderBlockWorklist::pushPre):
2959 (JSC::DFG::PostOrderBlockWorklist::pushPost):
2960 (JSC::DFG::PostOrderBlockWorklist::pop):
2961 * dfg/DFGBlockWorklist.h: Added.
2962 (JSC::DFG::BlockWorklist::notEmpty):
2963 (JSC::DFG::BlockWith::BlockWith):
2964 (JSC::DFG::BlockWith::operator UnspecifiedBoolType*):
2965 (JSC::DFG::ExtendedBlockWorklist::ExtendedBlockWorklist):
2966 (JSC::DFG::ExtendedBlockWorklist::forcePush):
2967 (JSC::DFG::ExtendedBlockWorklist::push):
2968 (JSC::DFG::ExtendedBlockWorklist::notEmpty):
2969 (JSC::DFG::ExtendedBlockWorklist::pop):
2970 (JSC::DFG::BlockWithOrder::BlockWithOrder):
2971 (JSC::DFG::BlockWithOrder::operator UnspecifiedBoolType*):
2972 (JSC::DFG::PostOrderBlockWorklist::push):
2973 (JSC::DFG::PostOrderBlockWorklist::notEmpty):
2974 * dfg/DFGCSEPhase.cpp:
2975 * dfg/DFGDominators.cpp:
2976 (JSC::DFG::Dominators::compute):
2977 (JSC::DFG::Dominators::naiveDominates):
2978 (JSC::DFG::Dominators::dump):
2979 (JSC::DFG::Dominators::pruneDominators): Deleted.
2980 * dfg/DFGDominators.h:
2981 (JSC::DFG::Dominators::strictlyDominates):
2982 (JSC::DFG::Dominators::dominates):
2983 (JSC::DFG::Dominators::BlockData::BlockData):
2985 (JSC::DFG::Graph::dumpBlockHeader):
2986 (JSC::DFG::Graph::getBlocksInPreOrder):
2987 (JSC::DFG::Graph::getBlocksInPostOrder):
2988 * dfg/DFGInvalidationPointInjectionPhase.cpp:
2989 (JSC::DFG::InvalidationPointInjectionPhase::run):
2990 * dfg/DFGNaiveDominators.cpp: Added.
2991 (JSC::DFG::NaiveDominators::NaiveDominators):
2992 (JSC::DFG::NaiveDominators::~NaiveDominators):
2993 (JSC::DFG::NaiveDominators::compute):
2994 (JSC::DFG::NaiveDominators::pruneDominators):
2995 (JSC::DFG::NaiveDominators::dump):
2996 * dfg/DFGNaiveDominators.h: Added.
2997 (JSC::DFG::NaiveDominators::dominates):
2998 * dfg/DFGNaturalLoops.cpp:
2999 (JSC::DFG::NaturalLoops::computeDependencies):
3000 (JSC::DFG::NaturalLoops::compute):
3001 * dfg/DFGNaturalLoops.h:
3003 2014-08-27 Filip Pizlo <fpizlo@apple.com>
3005 FTL should be able to do polymorphic call inlining
3006 https://bugs.webkit.org/show_bug.cgi?id=135145
3008 Reviewed by Geoffrey Garen.
3010 Added a log-based high-fidelity call edge profiler that runs in DFG JIT (and optionally
3011 baseline JIT) code. Used it to do precise polymorphic inlining in the FTL. Potential
3012 inlining sites use the call edge profile if it is available, but they will still fall back
3013 on the call inline cache and rare case counts if it's not. Polymorphic inlining means that
3014 multiple possible callees can be inlined with a switch to guard them. The slow path may
3015 either be an OSR exit or a virtual call.
3017 The call edge profiling added in this patch is very precise - it will tell you about every
3018 call that has ever happened. It took some effort to reduce the overhead of this profiling.
3019 This mostly involved ensuring that we don't do it unnecessarily. For example, we avoid it
3020 in the baseline JIT (you can conditionally enable it but it's off by default) and we only do
3021 it in the DFG JIT if we know that the regular inline cache profiling wasn't precise enough.
3022 I also experimented with reducing the precision of the profiling. This led to a significant
3023 reduction in the speed-up, so I avoided this approach. I also explored making log processing
3024 concurrent, but that didn't help. Also, I tested the overhead of the log processing and
3025 found that most of the overhead of this profiling is actually in putting things into the log
3026 rather than in processing the log - that part appears to be surprisingly cheap.
3028 Polymorphic inlining could be enabled in the DFG if we enabled baseline call edge profiling,
3029 and if we guarded such inlining sites with some profiling mechanism to detect
3030 polyvariant monomorphisation opportunities (where the callsite being inlined reveals that
3031 it's actually monomorphic).
3033 This is a ~28% speed-up on deltablue and a ~7% speed-up on richards, with small speed-ups on
3034 other programs as well. It's about a 2% speed-up on Octane version 2, and never a regression
3035 on anything we care about. Some aggregates, like V8Spider, see a regression. This is
3036 highlighting the increase in profiling overhead. But since this doesn't show up on any major
3037 score (code-load or SunSpider), it's probably not relevant.
3039 Relanding after fixing debug assertions in fast/storage/serialized-script-value.html.
3042 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3043 * JavaScriptCore.xcodeproj/project.pbxproj:
3044 * bytecode/CallEdge.cpp: Added.
3045 (JSC::CallEdge::dump):
3046 * bytecode/CallEdge.h: Added.
3047 (JSC::CallEdge::operator!):
3048 (JSC::CallEdge::callee):
3049 (JSC::CallEdge::count):
3050 (JSC::CallEdge::despecifiedClosure):
3051 (JSC::CallEdge::CallEdge):
3052 * bytecode/CallEdgeProfile.cpp: Added.
3053 (JSC::CallEdgeProfile::callEdges):
3054 (JSC::CallEdgeProfile::numCallsToKnownCells):
3055 (JSC::worthDespecifying):
3056 (JSC::CallEdgeProfile::worthDespecifying):
3057 (JSC::CallEdgeProfile::visitWeak):
3058 (JSC::CallEdgeProfile::addSlow):
3059 (JSC::CallEdgeProfile::mergeBack):
3060 (JSC::CallEdgeProfile::fadeByHalf):
3061 (JSC::CallEdgeLog::CallEdgeLog):
3062 (JSC::CallEdgeLog::~CallEdgeLog):
3063 (JSC::CallEdgeLog::isEnabled):
3064 (JSC::operationProcessCallEdgeLog):
3065 (JSC::CallEdgeLog::emitLogCode):
3066 (JSC::CallEdgeLog::processLog):
3067 * bytecode/CallEdgeProfile.h: Added.
3068 (JSC::CallEdgeProfile::numCallsToNotCell):
3069 (JSC::CallEdgeProfile::numCallsToUnknownCell):
3070 (JSC::CallEdgeProfile::totalCalls):
3071 * bytecode/CallEdgeProfileInlines.h: Added.
3072 (JSC::CallEdgeProfile::CallEdgeProfile):
3073 (JSC::CallEdgeProfile::add):
3074 * bytecode/CallLinkInfo.cpp:
3075 (JSC::CallLinkInfo::visitWeak):
3076 * bytecode/CallLinkInfo.h:
3077 * bytecode/CallLinkStatus.cpp:
3078 (JSC::CallLinkStatus::CallLinkStatus):
3079 (JSC::CallLinkStatus::computeFromLLInt):
3080 (JSC::CallLinkStatus::computeFor):
3081 (JSC::CallLinkStatus::computeExitSiteData):
3082 (JSC::CallLinkStatus::computeFromCallLinkInfo):
3083 (JSC::CallLinkStatus::computeFromCallEdgeProfile):
3084 (JSC::CallLinkStatus::computeDFGStatuses):
3085 (JSC::CallLinkStatus::isClosureCall):
3086 (JSC::CallLinkStatus::makeClosureCall):
3087 (JSC::CallLinkStatus::dump):
3088 (JSC::CallLinkStatus::function): Deleted.
3089 (JSC::CallLinkStatus::internalFunction): Deleted.
3090 (JSC::CallLinkStatus::intrinsicFor): Deleted.
3091 * bytecode/CallLinkStatus.h:
3092 (JSC::CallLinkStatus::CallLinkStatus):
3093 (JSC::CallLinkStatus::isSet):
3094 (JSC::CallLinkStatus::couldTakeSlowPath):
3095 (JSC::CallLinkStatus::edges):
3096 (JSC::CallLinkStatus::size):
3097 (JSC::CallLinkStatus::at):
3098 (JSC::CallLinkStatus::operator[]):
3099 (JSC::CallLinkStatus::canOptimize):
3100 (JSC::CallLinkStatus::canTrustCounts):
3101 (JSC::CallLinkStatus::isClosureCall): Deleted.
3102 (JSC::CallLinkStatus::callTarget): Deleted.
3103 (JSC::CallLinkStatus::executable): Deleted.
3104 (JSC::CallLinkStatus::makeClosureCall): Deleted.
3105 * bytecode/CallVariant.cpp: Added.
3106 (JSC::CallVariant::dump):
3107 * bytecode/CallVariant.h: Added.
3108 (JSC::CallVariant::CallVariant):
3109 (JSC::CallVariant::operator!):
3110 (JSC::CallVariant::despecifiedClosure):
3111 (JSC::CallVariant::rawCalleeCell):
3112 (JSC::CallVariant::internalFunction):
3113 (JSC::CallVariant::function):
3114 (JSC::CallVariant::isClosureCall):
3115 (JSC::CallVariant::executable):
3116 (JSC::CallVariant::nonExecutableCallee):
3117 (JSC::CallVariant::intrinsicFor):
3118 (JSC::CallVariant::functionExecutable):
3119 (JSC::CallVariant::isHashTableDeletedValue):
3120 (JSC::CallVariant::operator==):
3121 (JSC::CallVariant::operator!=):
3122 (JSC::CallVariant::operator<):
3123 (JSC::CallVariant::operator>):
3124 (JSC::CallVariant::operator<=):
3125 (JSC::CallVariant::operator>=):
3126 (JSC::CallVariant::hash):
3127 (JSC::CallVariant::deletedToken):
3128 (JSC::CallVariantHash::hash):
3129 (JSC::CallVariantHash::equal):
3130 * bytecode/CodeOrigin.h:
3131 (JSC::InlineCallFrame::isNormalCall):
3132 * bytecode/ExitKind.cpp:
3133 (JSC::exitKindToString):
3134 * bytecode/ExitKind.h:
3135 * bytecode/GetByIdStatus.cpp:
3136 (JSC::GetByIdStatus::computeForStubInfo):
3137 * bytecode/PutByIdStatus.cpp:
3138 (JSC::PutByIdStatus::computeForStubInfo):
3139 * dfg/DFGAbstractInterpreterInlines.h:
3140 (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3141 * dfg/DFGBackwardsPropagationPhase.cpp:
3142 (JSC::DFG::BackwardsPropagationPhase::propagate):
3143 * dfg/DFGBasicBlock.cpp:
3144 (JSC::DFG::BasicBlock::~BasicBlock):
3145 * dfg/DFGBasicBlock.h:
3146 (JSC::DFG::BasicBlock::takeLast):
3147 (JSC::DFG::BasicBlock::didLink):
3148 * dfg/DFGByteCodeParser.cpp:
3149 (JSC::DFG::ByteCodeParser::processSetLocalQueue):
3150 (JSC::DFG::ByteCodeParser::removeLastNodeFromGraph):
3151 (JSC::DFG::ByteCodeParser::addCallWithoutSettingResult):
3152 (JSC::DFG::ByteCodeParser::addCall):
3153 (JSC::DFG::ByteCodeParser::handleCall):
3154 (JSC::DFG::ByteCodeParser::emitFunctionChecks):
3155 (JSC::DFG::ByteCodeParser::undoFunctionChecks):
3156 (JSC::DFG::ByteCodeParser::inliningCost):
3157 (JSC::DFG::ByteCodeParser::inlineCall):
3158 (JSC::DFG::ByteCodeParser::cancelLinkingForBlock):
3159 (JSC::DFG::ByteCodeParser::attemptToInlineCall):
3160 (JSC::DFG::ByteCodeParser::handleInlining):
3161 (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
3162 (JSC::DFG::ByteCodeParser::prepareToParseBlock):
3163 (JSC::DFG::ByteCodeParser::clearCaches):
3164 (JSC::DFG::ByteCodeParser::parseBlock):
3165 (JSC::DFG::ByteCodeParser::linkBlock):
3166 (JSC::DFG::ByteCodeParser::linkBlocks):
3167 (JSC::DFG::ByteCodeParser::parseCodeBlock):
3168 * dfg/DFGCPSRethreadingPhase.cpp:
3169 (JSC::DFG::CPSRethreadingPhase::freeUnnecessaryNodes):
3170 * dfg/DFGClobberize.h:
3171 (JSC::DFG::clobberize):
3173 * dfg/DFGConstantFoldingPhase.cpp:
3174 (JSC::DFG::ConstantFoldingPhase::foldConstants):
3175 * dfg/DFGDoesGC.cpp:
3177 * dfg/DFGDriver.cpp:
3178 (JSC::DFG::compileImpl):
3179 * dfg/DFGFixupPhase.cpp:
3180 (JSC::DFG::FixupPhase::fixupNode):
3182 (JSC::DFG::Graph::dump):
3183 (JSC::DFG::Graph::getBlocksInPreOrder):
3184 (JSC::DFG::Graph::visitChildren):
3185 * dfg/DFGJITCompiler.cpp:
3186 (JSC::DFG::JITCompiler::link):
3187 * dfg/DFGLazyJSValue.cpp:
3188 (JSC::DFG::LazyJSValue::switchLookupValue):
3189 * dfg/DFGLazyJSValue.h:
3190 (JSC::DFG::LazyJSValue::switchLookupValue): Deleted.
3192 (WTF::printInternal):
3194 (JSC::DFG::OpInfo::OpInfo):
3195 (JSC::DFG::Node::hasHeapPrediction):
3196 (JSC::DFG::Node::hasCellOperand):
3197 (JSC::DFG::Node::cellOperand):
3198 (JSC::DFG::Node::setCellOperand):
3199 (JSC::DFG::Node::canBeKnownFunction): Deleted.
3200 (JSC::DFG::Node::hasKnownFunction): Deleted.
3201 (JSC::DFG::Node::knownFunction): Deleted.
3202 (JSC::DFG::Node::giveKnownFunction): Deleted.
3203 (JSC::DFG::Node::hasFunction): Deleted.
3204 (JSC::DFG::Node::function): Deleted.
3205 (JSC::DFG::Node::hasExecutable): Deleted.
3206 (JSC::DFG::Node::executable): Deleted.
3207 * dfg/DFGNodeType.h:
3208 * dfg/DFGPhantomCanonicalizationPhase.cpp:
3209 (JSC::DFG::PhantomCanonicalizationPhase::run):
3210 * dfg/DFGPhantomRemovalPhase.cpp:
3211 (JSC::DFG::PhantomRemovalPhase::run):
3212 * dfg/DFGPredictionPropagationPhase.cpp:
3213 (JSC::DFG::PredictionPropagationPhase::propagate):
3214 * dfg/DFGSafeToExecute.h:
3215 (JSC::DFG::safeToExecute):
3216 * dfg/DFGSpeculativeJIT.cpp:
3217 (JSC::DFG::SpeculativeJIT::emitSwitch):
3218 * dfg/DFGSpeculativeJIT32_64.cpp:
3219 (JSC::DFG::SpeculativeJIT::emitCall):
3220 (JSC::DFG::SpeculativeJIT::compile):
3221 * dfg/DFGSpeculativeJIT64.cpp:
3222 (JSC::DFG::SpeculativeJIT::emitCall):
3223 (JSC::DFG::SpeculativeJIT::compile):
3224 * dfg/DFGStructureRegistrationPhase.cpp:
3225 (JSC::DFG::StructureRegistrationPhase::run):
3226 * dfg/DFGTierUpCheckInjectionPhase.cpp:
3227 (JSC::DFG::TierUpCheckInjectionPhase::run):
3228 (JSC::DFG::TierUpCheckInjectionPhase::removeFTLProfiling):
3229 * dfg/DFGValidate.cpp:
3230 (JSC::DFG::Validate::validate):
3231 * dfg/DFGWatchpointCollectionPhase.cpp:
3232 (JSC::DFG::WatchpointCollectionPhase::handle):
3233 * ftl/FTLCapabilities.cpp:
3234 (JSC::FTL::canCompile):
3235 * ftl/FTLLowerDFGToLLVM.cpp:
3236 (JSC::FTL::ftlUnreachable):
3237 (JSC::FTL::LowerDFGToLLVM::lower):
3238 (JSC::FTL::LowerDFGToLLVM::compileNode):
3239 (JSC::FTL::LowerDFGToLLVM::compileCheckCell):
3240 (JSC::FTL::LowerDFGToLLVM::compileCheckBadCell):
3241 (JSC::FTL::LowerDFGToLLVM::compileGetExecutable):
3242 (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
3243 (JSC::FTL::LowerDFGToLLVM::compileSwitch):
3244 (JSC::FTL::LowerDFGToLLVM::buildSwitch):
3245 (JSC::FTL::LowerDFGToLLVM::compileCheckFunction): Deleted.
3246 (JSC::FTL::LowerDFGToLLVM::compileCheckExecutable): Deleted.
3248 (JSC::Heap::collect):
3249 * jit/AssemblyHelpers.h:
3250 (JSC::AssemblyHelpers::storeValue):
3251 (JSC::AssemblyHelpers::loadValue):
3252 * jit/CCallHelpers.h:
3253 (JSC::CCallHelpers::setupArguments):
3255 (JSC::JSValueRegs::uses):
3257 (JSC::JIT::compileOpCall):
3258 * jit/JITCall32_64.cpp:
3259 (JSC::JIT::compileOpCall):
3260 * runtime/Options.h:
3262 (JSC::VM::ensureCallEdgeLog):
3264 * tests/stress/fold-profiled-call-to-call.js: Added. This test pinpoints the problem we saw in fast/storage/serialized-script-value.html.
3265 * tests/stress/new-array-then-exit.js: Added.
3266 * tests/stress/poly-call-exit-this.js: Added.
3267 * tests/stress/poly-call-exit.js: Added.
3269 2014-08-28 Julien Brianceau <jbriance@cisco.com>
3271 Correct GC length unit and prevent division by 0 in showObjectStatistics.
3272 https://bugs.webkit.org/show_bug.cgi?id=136340
3274 Reviewed by Mark Hahnenberg.
3276 * heap/HeapStatistics.cpp:
3277 (JSC::HeapStatistics::showObjectStatistics):
3279 2014-08-27 Akos Kiss <akiss@inf.u-szeged.hu>
3281 Ensure that the call frame passed from JIT code via JSC::operationCallEval to JSC::eval always contains the valid scope chain.
3282 https://bugs.webkit.org/show_bug.cgi?id=136313
3284 Reviewed by Michael Saboff.
3286 Do not rely on calling conventions to fill in the CallerFrame component
3287 of the execCallee parameter of JSC::operationCallEval.
3289 * jit/JITOperations.cpp:
3291 2014-08-27 Saam Barati <sbarati@apple.com>
3293 Deconstruction object pattern node emits the wrong start/end text positions
3294 https://bugs.webkit.org/show_bug.cgi?id=136304
3296 Reviewed by Geoffrey Garen.
3298 Object pattern nodes that used the syntactic sugar binding:
3299 'var {foo} = {foo:20}' instead of 'var {foo:foo} = {foo:20}'
3300 would get the wrong text position for variable 'foo'. The position
3301 would be placed on the comma(s)/closing brace instead of the identifier.
3302 This patch fixes this bug by caching the identifier's JSToken before
3303 trying to parse an optional colon.
3305 * parser/Parser.cpp:
3306 (JSC::Parser<LexerType>::parseVarDeclarationList):
3307 (JSC::Parser<LexerType>::createBindingPattern):
3308 (JSC::Parser<LexerType>::parseDeconstructionPattern):
3311 2014-08-27 Brent Fulgham <bfulgham@apple.com>
3313 [Win] Build fix after last commit.
3315 Check in new DLLLauncherMain.cpp file.
3317 * JavaScriptCore.vcxproj/jsc/DLLLauncherMain.cpp: Added.
3318 (enableTerminationOnHeapCorruption):
3320 (applePathFromRegistry):
3321 (appleApplicationSupportDirectory):
3322 (copyEnvironmentVariable):
3327 (getLastErrorString):
3330 2014-08-27 Brent Fulgham <bfulgham@apple.com>
3332 [Win] testapi and testRegExp need to find support libraries.
3333 https://bugs.webkit.org/show_bug.cgi?id=136008.
3335 Reviewed by Dean Jackson.
3337 Revise the Windows build of jsc, testapi, and testRegExp so that they
3338 find and use the proper runtime support libraries.
3340 These locations vary between the Apple Windows build and WinCairo, and
3341 are generally not in the system PATH environment setting. Consequently,
3342 these applications fail on launch unless the user modifies their
3345 This patch revises these tools to work like WinLauncher and DumpRenderTree
3346 so that they run reliably.
3348 * API/tests/testapi.c:
3349 (dllLauncherEntryPoint): Added.
3350 * JavaScriptCore.vcxproj/JavaScriptCore.sln: Add new build projects and
3351 provide proper dependencies with existing projects.
3352 * JavaScriptCore.vcxproj/JavaScriptCore.submit.sln: Ditto.
3353 * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: Switch to build
3354 a DLL, rather than an executable.
3355 * JavaScriptCore.vcxproj/jsc/jscCommon.props: Add shlwapi.lib
3356 to the list of libraries needed at link-time, and to use
3357 the DLL/Console combination entry point.
3358 * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj: Added.
3359 * JavaScriptCore.vcxproj/jsc/jscLauncherPostBuild.cmd: Copied from JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd.
git://git.webkit.org / WebKit-https.git / blob