Add JSC:RegExp functional tests
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-09-02  Michael Saboff  <msaboff@apple.com>
2
3         Add JSC:RegExp functional tests
4         https://bugs.webkit.org/show_bug.cgi?id=67339
5
6         Added new test driver program (testRegExp) and corresponding data file
7         along with build scripts changes.
8
9         Reviewed by Gavin Barraclough.
10
11         * JavaScriptCore.exp:
12         * JavaScriptCore.xcodeproj/project.pbxproj:
13         * testRegExp.cpp: Added.
14         (Options::Options):
15         (StopWatch::start):
16         (StopWatch::stop):
17         (StopWatch::getElapsedMS):
18         (RegExpTest::RegExpTest):
19         (GlobalObject::create):
20         (GlobalObject::className):
21         (GlobalObject::GlobalObject):
22         (main):
23         (cleanupGlobalData):
24         (testOneRegExp):
25         (scanString):
26         (parseRegExpLine):
27         (parseTestLine):
28         (runFromFiles):
29         (printUsageStatement):
30         (parseArguments):
31         (realMain):
32         * tests/regexp: Added.
33         * tests/regexp/RegExpTest.data: Added.
34
35 2011-09-02  Michael Saboff  <msaboff@apple.com>
36
37         Add JSC:RegExp functional test data generator
38         https://bugs.webkit.org/show_bug.cgi?id=67519
39
40         Add a data generator for regular expressions.  To enable, change the
41         #undef REGEXP_FUNC_TEST_DATA_GEN to #define.  Then compile and use
42         regular expressions.  The resulting data will be in /tmp/RegExpTestsData.
43
44         Reviewed by Gavin Barraclough.
45
46         * runtime/RegExp.cpp:
47         (JSC::regExpFlags):
48         (JSC::RegExpFunctionalTestCollector::clearRegExp):
49         (JSC::RegExpFunctionalTestCollector::get):
50         (JSC::RegExpFunctionalTestCollector::outputOneTest):
51         (JSC::RegExpFunctionalTestCollector::RegExpFunctionalTestCollector):
52         (JSC::RegExpFunctionalTestCollector::~RegExpFunctionalTestCollector):
53         (JSC::RegExpFunctionalTestCollector::outputEscapedUString):
54         (JSC::RegExp::~RegExp):
55         (JSC::RegExp::compile):
56         (JSC::RegExp::match):
57         (JSC::RegExp::matchCompareWithInterpreter):
58
59 2011-09-02  Mark Hahnenberg  <mhahnenberg@apple.com>
60
61         Fix the broken build due to dtoa patch
62         https://bugs.webkit.org/show_bug.cgi?id=67534
63
64         Reviewed by Oliver Hunt.
65
66         Fixing the build.
67
68         * GNUmakefile.list.am:
69         * wtf/dtoa/bignum.cc:
70         * wtf/dtoa/fast-dtoa.cc:
71         * wtf/dtoa/utils.h:
72
73 2011-09-02  Oliver Hunt  <oliver@apple.com>
74
75         Remove OldSpace classes
76         https://bugs.webkit.org/show_bug.cgi?id=67533
77
78         Reviewed by Gavin Barraclough.
79
80         Remove the unused OldSpace classes
81
82         * CMakeLists.txt:
83         * GNUmakefile.list.am:
84         * JavaScriptCore.gypi:
85         * JavaScriptCore.pro:
86         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
87         * JavaScriptCore.xcodeproj/project.pbxproj:
88         * heap/Heap.cpp:
89         (JSC::Heap::writeBarrierSlowCase):
90         * heap/MarkedBlock.h:
91         * heap/OldSpace.cpp: Removed.
92         * heap/OldSpace.h: Removed.
93
94 2011-09-02  James Robinson  <jamesr@chromium.org>
95
96         Compile fix for mac build.
97
98         * wtf/CheckedArithmetic.h:
99         (WTF::operator+):
100         (WTF::operator-):
101         (WTF::operator*):
102
103 2011-08-30  Matthew Delaney  <mdelaney@apple.com>
104
105         Read out of bounds in sUnpremultiplyData_RGBA8888 / ImageBufferData::getData
106         https://bugs.webkit.org/show_bug.cgi?id=65352
107
108         Reviewed by Simon Fraser.
109
110         New test: fast/canvas/canvas-getImageData-large-crash.html
111
112         This patch prevents overflows from happening in getImageData, createImageData, and canvas creation
113         calls that specify widths and heights that end up overflowing the ints that we store those values in
114         as well as derived values such as area and maxX / maxY of the bounding rects involved. Overflow of integer
115         arithmetic is detected via the use of the new Checked type that was introduced in r94207. The change to JSC
116         is just to add a new helper method described below.
117
118         * wtf/MathExtras.h:
119         (isWithinIntRange): Reports if a float's value is within the range expressible by an int.
120
121 2011-09-02  Mark Hahnenberg  <mhahnenberg@apple.com>
122
123         Incorporate newer, faster dtoa library
124         https://bugs.webkit.org/show_bug.cgi?id=66346
125
126         Reviewed by Oliver Hunt.
127
128         Added new dtoa library at http://code.google.com/p/double-conversion/.
129         Replaced old call to dtoa.  The new library is much faster than the old one.
130         We still use the old dtoa for some stuff in WebCore as well as the old strtod, 
131         but we can phase these out eventually as well.
132
133         * GNUmakefile.list.am:
134         * JavaScriptCore.exp:
135         * JavaScriptCore.gypi:
136         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
137         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
138         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
139         * JavaScriptCore.xcodeproj/project.pbxproj:
140         * runtime/InitializeThreading.cpp:
141         * runtime/NumberPrototype.cpp:
142         (JSC::numberProtoFuncToExponential):
143         (JSC::numberProtoFuncToFixed):
144         (JSC::numberProtoFuncToPrecision):
145         * runtime/UString.cpp:
146         (JSC::UString::number):
147         * wtf/CMakeLists.txt:
148         * wtf/ThreadingPthreads.cpp:
149         (WTF::initializeThreading):
150         * wtf/ThreadingWin.cpp:
151         (WTF::initializeThreading):
152         * wtf/dtoa.cpp:
153         (WTF::dtoa):
154         * wtf/dtoa.h:
155         * wtf/dtoa/COPYING: Added.
156         * wtf/dtoa/LICENSE: Added.
157         * wtf/dtoa/README: Added.
158         * wtf/dtoa/bignum-dtoa.cc: Added.
159         * wtf/dtoa/bignum-dtoa.h: Added.
160         * wtf/dtoa/bignum.cc: Added.
161         * wtf/dtoa/bignum.h: Added.
162         (WTF::double_conversion::Bignum::Times10):
163         (WTF::double_conversion::Bignum::Equal):
164         (WTF::double_conversion::Bignum::LessEqual):
165         (WTF::double_conversion::Bignum::Less):
166         (WTF::double_conversion::Bignum::PlusEqual):
167         (WTF::double_conversion::Bignum::PlusLessEqual):
168         (WTF::double_conversion::Bignum::PlusLess):
169         (WTF::double_conversion::Bignum::EnsureCapacity):
170         (WTF::double_conversion::Bignum::BigitLength):
171         * wtf/dtoa/cached-powers.cc: Added.
172         * wtf/dtoa/cached-powers.h: Added.
173         * wtf/dtoa/diy-fp.cc: Added.
174         * wtf/dtoa/diy-fp.h: Added.
175         (WTF::double_conversion::DiyFp::DiyFp):
176         (WTF::double_conversion::DiyFp::Subtract):
177         (WTF::double_conversion::DiyFp::Minus):
178         (WTF::double_conversion::DiyFp::Times):
179         (WTF::double_conversion::DiyFp::Normalize):
180         (WTF::double_conversion::DiyFp::f):
181         (WTF::double_conversion::DiyFp::e):
182         (WTF::double_conversion::DiyFp::set_f):
183         (WTF::double_conversion::DiyFp::set_e):
184         * wtf/dtoa/double-conversion.cc: Added.
185         * wtf/dtoa/double-conversion.h: Added.
186         (WTF::double_conversion::DoubleToStringConverter::DoubleToStringConverter):
187         (WTF::double_conversion::StringToDoubleConverter::StringToDoubleConverter):
188         * wtf/dtoa/double.h: Added.
189         (WTF::double_conversion::double_to_uint64):
190         (WTF::double_conversion::uint64_to_double):
191         (WTF::double_conversion::Double::Double):
192         (WTF::double_conversion::Double::AsDiyFp):
193         (WTF::double_conversion::Double::AsNormalizedDiyFp):
194         (WTF::double_conversion::Double::AsUint64):
195         (WTF::double_conversion::Double::NextDouble):
196         (WTF::double_conversion::Double::Exponent):
197         (WTF::double_conversion::Double::Significand):
198         (WTF::double_conversion::Double::IsDenormal):
199         (WTF::double_conversion::Double::IsSpecial):
200         (WTF::double_conversion::Double::IsNan):
201         (WTF::double_conversion::Double::IsInfinite):
202         (WTF::double_conversion::Double::Sign):
203         (WTF::double_conversion::Double::UpperBoundary):
204         (WTF::double_conversion::Double::NormalizedBoundaries):
205         (WTF::double_conversion::Double::value):
206         (WTF::double_conversion::Double::SignificandSizeForOrderOfMagnitude):
207         (WTF::double_conversion::Double::Infinity):
208         (WTF::double_conversion::Double::NaN):
209         (WTF::double_conversion::Double::DiyFpToUint64):
210         * wtf/dtoa/fast-dtoa.cc: Added.
211         * wtf/dtoa/fast-dtoa.h: Added.
212         * wtf/dtoa/fixed-dtoa.cc: Added.
213         * wtf/dtoa/fixed-dtoa.h: Added.
214         * wtf/dtoa/strtod.cc: Added.
215         * wtf/dtoa/strtod.h: Added.
216         * wtf/dtoa/utils.h: Added.
217         (WTF::double_conversion::Max):
218         (WTF::double_conversion::Min):
219         (WTF::double_conversion::StrLength):
220         (WTF::double_conversion::Vector::Vector):
221         (WTF::double_conversion::Vector::SubVector):
222         (WTF::double_conversion::Vector::length):
223         (WTF::double_conversion::Vector::is_empty):
224         (WTF::double_conversion::Vector::start):
225         (WTF::double_conversion::Vector::operator[]):
226         (WTF::double_conversion::Vector::first):
227         (WTF::double_conversion::Vector::last):
228         (WTF::double_conversion::StringBuilder::StringBuilder):
229         (WTF::double_conversion::StringBuilder::~StringBuilder):
230         (WTF::double_conversion::StringBuilder::size):
231         (WTF::double_conversion::StringBuilder::position):
232         (WTF::double_conversion::StringBuilder::Reset):
233         (WTF::double_conversion::StringBuilder::AddCharacter):
234         (WTF::double_conversion::StringBuilder::AddString):
235         (WTF::double_conversion::StringBuilder::AddSubstring):
236         (WTF::double_conversion::StringBuilder::AddPadding):
237         (WTF::double_conversion::StringBuilder::Finalize):
238         (WTF::double_conversion::StringBuilder::is_finalized):
239         (WTF::double_conversion::BitCast):
240         * wtf/wtf.pri:
241
242 2011-09-02  Filip Pizlo  <fpizlo@apple.com>
243
244         DFG graph has no way of distinguishing or reconciling between static
245         and dynamic predictions
246         https://bugs.webkit.org/show_bug.cgi?id=67343
247
248         Reviewed by Gavin Barraclough.
249         
250         PredictedType now stores the source of the prediction.  Merging predictions,
251         which was previously done with a bitwise or, is now done via the
252         mergePredictions (equivalent to |) and mergePrediction (equivalent to |=)
253         functions, which correctly handle combinations of static and dynamic.
254         
255         This is performance-neutral, since all predictions are currently static and
256         so the code has no visible effects.
257
258         * dfg/DFGByteCodeParser.cpp:
259         (JSC::DFG::ByteCodeParser::set):
260         (JSC::DFG::ByteCodeParser::staticallyPredictArray):
261         (JSC::DFG::ByteCodeParser::staticallyPredictInt32):
262         (JSC::DFG::ByteCodeParser::parseBlock):
263         * dfg/DFGGraph.h:
264         (JSC::DFG::Graph::predict):
265         (JSC::DFG::Graph::predictGlobalVar):
266         * dfg/DFGNode.h:
267         (JSC::DFG::isArrayPrediction):
268         (JSC::DFG::isInt32Prediction):
269         (JSC::DFG::isDoublePrediction):
270         (JSC::DFG::isDynamicPrediction):
271         (JSC::DFG::mergePredictions):
272         (JSC::DFG::mergePrediction):
273         (JSC::DFG::makePrediction):
274         (JSC::DFG::Node::predict):
275
276 2011-09-02  Oliver Hunt  <oliver@apple.com>
277
278         Fix 32bit build.
279
280         * heap/NewSpace.h:
281         (JSC::NewSpace::allocatePropertyStorage):
282         (JSC::NewSpace::inPropertyStorageNursery):
283
284 2011-09-02  Oliver Hunt  <oliver@apple.com>
285
286         Use bump allocator for initial property storage
287         https://bugs.webkit.org/show_bug.cgi?id=67494
288
289         Reviewed by Gavin Barraclough.
290
291         Switch to a bump allocator for the initial out of line
292         property storage.  This gives us slightly faster allocation
293         for short lived objects that need out of line storage at
294         the cost of an additional memcpy when the object survives
295         a GC pass.
296
297         No performance impact.
298
299         * JavaScriptCore.exp:
300         * heap/Heap.cpp:
301         (JSC::Heap::collect):
302         * heap/Heap.h:
303         (JSC::Heap::allocatePropertyStorage):
304         (JSC::Heap::inPropertyStorageNursary):
305         * heap/NewSpace.cpp:
306         (JSC::NewSpace::NewSpace):
307         * heap/NewSpace.h:
308         (JSC::NewSpace::resetPropertyStorageNursary):
309         (JSC::NewSpace::allocatePropertyStorage):
310         (JSC::NewSpace::inPropertyStorageNursary):
311         * jit/JITStubs.cpp:
312         (JSC::DEFINE_STUB_FUNCTION):
313         * runtime/JSObject.cpp:
314         (JSC::JSObject::allocatePropertyStorage):
315         * runtime/JSObject.h:
316         (JSC::JSObject::~JSObject):
317         (JSC::JSObject::putDirectInternal):
318         (JSC::JSObject::putDirectWithoutTransition):
319         (JSC::JSObject::putDirectFunctionWithoutTransition):
320         (JSC::JSObject::transitionTo):
321         (JSC::JSObject::visitChildrenDirect):
322
323 2011-09-01  Mark Rowe  <mrowe@apple.com>
324
325         Fix the build.
326
327         * JavaScriptCore.JSVALUE32_64only.exp:
328         * JavaScriptCore.JSVALUE64only.exp:
329         * JavaScriptCore.exp:
330
331 2011-09-01  Mark Hahnenberg  <mhahnenberg@apple.com>
332
333         Unzip initialization lists and constructors in JSCell hierarchy (4/7)
334         https://bugs.webkit.org/show_bug.cgi?id=67174
335
336         Reviewed by Oliver Hunt.
337
338         Completed the fourth level of the refactoring to add finishCreation() 
339         methods to all classes within the JSCell hierarchy with non-trivial 
340         constructor bodies.
341
342         This primarily consists of pushing the calls to finishCreation() down 
343         into the constructors of the subclasses of the second level of the hierarchy 
344         as well as pulling the finishCreation() calls out into the class's corresponding
345         create() method if it has one.  Doing both simultaneously allows us to 
346         maintain the invariant that the finishCreation() method chain is called exactly 
347         once during the creation of an object, since calling it any other number of 
348         times (0, 2, or more) will cause an assertion failure.
349
350         * API/JSCallbackConstructor.cpp:
351         (JSC::JSCallbackConstructor::JSCallbackConstructor):
352         (JSC::JSCallbackConstructor::finishCreation):
353         * API/JSCallbackConstructor.h:
354         * API/JSCallbackObject.h:
355         (JSC::JSCallbackObject::create):
356         * API/JSCallbackObjectFunctions.h:
357         (JSC::::JSCallbackObject):
358         (JSC::::finishCreation):
359         * JavaScriptCore.JSVALUE64only.exp:
360         * JavaScriptCore.exp:
361         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
362         * debugger/DebuggerActivation.cpp:
363         (JSC::DebuggerActivation::DebuggerActivation):
364         (JSC::DebuggerActivation::create):
365         * debugger/DebuggerActivation.h:
366         * runtime/Arguments.h:
367         (JSC::Arguments::create):
368         (JSC::Arguments::createNoParameters):
369         (JSC::Arguments::Arguments):
370         * runtime/ArrayPrototype.cpp:
371         (JSC::ArrayPrototype::ArrayPrototype):
372         (JSC::ArrayPrototype::finishCreation):
373         * runtime/ArrayPrototype.h:
374         * runtime/BooleanObject.cpp:
375         (JSC::BooleanObject::BooleanObject):
376         (JSC::BooleanObject::finishCreation):
377         * runtime/BooleanObject.h:
378         * runtime/DateInstance.cpp:
379         (JSC::DateInstance::DateInstance):
380         (JSC::DateInstance::finishCreation):
381         * runtime/DateInstance.h:
382         * runtime/ErrorInstance.cpp:
383         (JSC::ErrorInstance::ErrorInstance):
384         * runtime/ErrorInstance.h:
385         (JSC::ErrorInstance::create):
386         * runtime/ErrorPrototype.cpp:
387         (JSC::ErrorPrototype::ErrorPrototype):
388         (JSC::ErrorPrototype::finishCreation):
389         * runtime/ErrorPrototype.h:
390         * runtime/ExceptionHelpers.cpp:
391         (JSC::InterruptedExecutionError::InterruptedExecutionError):
392         (JSC::InterruptedExecutionError::create):
393         (JSC::TerminatedExecutionError::TerminatedExecutionError):
394         (JSC::TerminatedExecutionError::create):
395         * runtime/Executable.cpp:
396         (JSC::EvalExecutable::EvalExecutable):
397         (JSC::ProgramExecutable::ProgramExecutable):
398         (JSC::FunctionExecutable::FunctionExecutable):
399         * runtime/Executable.h:
400         (JSC::NativeExecutable::create):
401         (JSC::NativeExecutable::NativeExecutable):
402         (JSC::EvalExecutable::create):
403         (JSC::ProgramExecutable::create):
404         (JSC::FunctionExecutable::create):
405         * runtime/InternalFunction.cpp:
406         (JSC::InternalFunction::InternalFunction):
407         (JSC::InternalFunction::finishCreation):
408         * runtime/InternalFunction.h:
409         * runtime/JSActivation.cpp:
410         (JSC::JSActivation::JSActivation):
411         (JSC::JSActivation::finishCreation):
412         * runtime/JSActivation.h:
413         * runtime/JSArray.cpp:
414         (JSC::JSArray::JSArray):
415         * runtime/JSArray.h:
416         (JSC::JSArray::create):
417         * runtime/JSByteArray.cpp:
418         (JSC::JSByteArray::JSByteArray):
419         * runtime/JSByteArray.h:
420         (JSC::JSByteArray::create):
421         * runtime/JSFunction.cpp:
422         (JSC::JSFunction::JSFunction):
423         (JSC::JSFunction::finishCreation):
424         * runtime/JSFunction.h:
425         (JSC::JSFunction::create):
426         * runtime/JSGlobalObject.h:
427         (JSC::JSGlobalObject::JSGlobalObject):
428         (JSC::JSGlobalObject::finishCreation):
429         * runtime/JSNotAnObject.h:
430         (JSC::JSNotAnObject::JSNotAnObject):
431         (JSC::JSNotAnObject::create):
432         * runtime/JSONObject.cpp:
433         (JSC::JSONObject::JSONObject):
434         (JSC::JSONObject::finishCreation):
435         * runtime/JSONObject.h:
436         * runtime/JSObjectWithGlobalObject.cpp:
437         (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
438         * runtime/JSObjectWithGlobalObject.h:
439         * runtime/JSStaticScopeObject.h:
440         (JSC::JSStaticScopeObject::create):
441         (JSC::JSStaticScopeObject::finishCreation):
442         (JSC::JSStaticScopeObject::JSStaticScopeObject):
443         * runtime/JSVariableObject.h:
444         (JSC::JSVariableObject::JSVariableObject):
445         * runtime/JSWrapperObject.h:
446         (JSC::JSWrapperObject::JSWrapperObject):
447         * runtime/MathObject.cpp:
448         (JSC::MathObject::MathObject):
449         (JSC::MathObject::finishCreation):
450         * runtime/MathObject.h:
451         * runtime/NumberObject.cpp:
452         (JSC::NumberObject::NumberObject):
453         (JSC::NumberObject::finishCreation):
454         * runtime/NumberObject.h:
455         * runtime/ObjectPrototype.cpp:
456         (JSC::ObjectPrototype::ObjectPrototype):
457         * runtime/ObjectPrototype.h:
458         (JSC::ObjectPrototype::create):
459         * runtime/RegExpConstructor.cpp:
460         (JSC::RegExpMatchesArray::RegExpMatchesArray):
461         (JSC::RegExpMatchesArray::finishCreation):
462         * runtime/RegExpMatchesArray.h:
463         * runtime/RegExpObject.cpp:
464         (JSC::RegExpObject::RegExpObject):
465         (JSC::RegExpObject::finishCreation):
466         * runtime/RegExpObject.h:
467         * runtime/StrictEvalActivation.cpp:
468         (JSC::StrictEvalActivation::StrictEvalActivation):
469         * runtime/StrictEvalActivation.h:
470         (JSC::StrictEvalActivation::create):
471         * runtime/StringObject.cpp:
472         (JSC::StringObject::StringObject):
473         (JSC::StringObject::finishCreation):
474         * runtime/StringObject.h:
475
476 2011-09-01  Daniel Bates  <dbates@rim.com>
477
478         QNX GCC distribution doesn't support vasprintf()
479         https://bugs.webkit.org/show_bug.cgi?id=67423
480
481         Reviewed by Antonio Gomes.
482
483         * wtf/Platform.h: Don't enable HAVE_VASPRINTF when building with GCC on QNX.
484
485 2011-09-01  Michael Saboff  <msaboff@apple.com>
486
487         Remove simple usage of UString::characters() from JavaScriptCore
488         https://bugs.webkit.org/show_bug.cgi?id=67340
489
490         In preparation to allowing StringImpl to be backed by 8 bit 
491         characters when appropriate, we need to eliminate or change the
492         usage of StringImpl::characters().  Most of the changes below
493         change s->characters()[0] to s[0].
494
495         Reviewed by Geoffrey Garen.
496
497         * bytecompiler/BytecodeGenerator.cpp:
498         (JSC::keyForCharacterSwitch):
499         * bytecompiler/NodesCodegen.cpp:
500         (JSC::processClauseList):
501         * interpreter/Interpreter.cpp:
502         (JSC::Interpreter::privateExecute):
503         * jit/JITStubs.cpp:
504         (JSC::DEFINE_STUB_FUNCTION):
505         * runtime/Identifier.cpp:
506         (JSC::Identifier::addSlowCase):
507         * runtime/JSGlobalObjectFunctions.cpp:
508         (JSC::jsToNumber):
509         (JSC::parseFloat):
510         * runtime/JSString.cpp:
511         (JSC::JSString::substringFromRope):
512         * runtime/JSString.h:
513         (JSC::jsSingleCharacterSubstring):
514         (JSC::jsString):
515         (JSC::jsSubstring):
516         (JSC::jsOwnedString):
517         * runtime/RegExp.cpp:
518         (JSC::regExpFlags):
519         * wtf/text/StringBuilder.h:
520         (WTF::StringBuilder::operator[]):
521
522 2011-09-01  Ada Chan  <adachan@apple.com>
523
524         Export fastMallocStatistics and Heap::objectTypeCounts for https://bugs.webkit.org/show_bug.cgi?id=67160.
525
526         Reviewed by Darin Adler.
527
528         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
529
530 2011-09-01  Hao Zheng  <zhenghao@chromium.org>
531
532         Define PTHREAD_KEYS_MAX to fix Android port build.
533         https://bugs.webkit.org/show_bug.cgi?id=67362
534
535         Reviewed by Adam Barth.
536
537         PTHREAD_KEYS_MAX is not defined in bionic, so explicitly define it.
538
539         * wtf/ThreadIdentifierDataPthreads.cpp:
540
541 2011-08-31  Oliver Hunt  <oliver@apple.com>
542
543         Fix build.
544
545         * wtf/CheckedArithmetic.h:
546         (WTF::Checked::Checked):
547         (WTF::Checked::operator=):
548
549 2011-08-31  Oliver Hunt  <oliver@apple.com>
550
551         fast/regex/overflow.html asserts in debug builds
552         https://bugs.webkit.org/show_bug.cgi?id=67326
553
554         Reviewed by Gavin Barraclough.
555
556         The deliberate overflows in these expressions don't interact nicely
557         with Checked<32bit-type> so we just bump up to Checked<int64_t> for the
558         intermediate calculations.
559
560         * yarr/YarrJIT.cpp:
561         (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
562         (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
563
564 2011-08-31  Jeff Miller  <jeffm@apple.com>
565
566         REGRESSION(92210): AVFoundation media engine is disabled on OS X
567         https://bugs.webkit.org/show_bug.cgi?id=67316
568
569         Move the definition of WTF_USE_AVFOUNDATION on the Mac back to JavaScriptCore/wtf/Platform.h,
570         since WebKit2 doesn't have access to WebCore/config.h on this platform. This reverts the
571         changes that were made in r92210.
572
573         Reviewed by Darin Adler.
574
575         * wtf/Platform.h: Added definition of WTF_USE_AVFOUNDATION on the Mac.
576
577 2011-08-31  Peter Beverloo  <peter@chromium.org>
578
579         Add Android's platform specification and the right atomic functions.
580         https://bugs.webkit.org/show_bug.cgi?id=66687
581
582         Reviewed by Adam Barth.
583
584         * wtf/Atomics.h:
585         (WTF::atomicIncrement):
586         (WTF::atomicDecrement):
587         * wtf/Platform.h:
588
589 2011-08-30  Oliver Hunt  <oliver@apple.com>
590
591         Add support for checked arithmetic
592         https://bugs.webkit.org/show_bug.cgi?id=67095
593
594         Reviewed by Sam Weinig.
595
596         Add a checked arithmetic class Checked<T> that provides overflow-safe
597         arithmetic over all integral types.  Checked<T> supports addition, subtraction
598         and multiplication, along with "bool" conversions and equality operators.
599
600         Checked<> can be used in either CRASH() on overflow or delayed failure modes,
601         although the default is to CRASH().
602
603         To ensure the code is actually in use (rather than checking in dead code) I've
604         made a couple of properties in YARR use Checked<int> and Checked<unsigned>
605         instead of raw value arithmetic.  This has resulted in a moderate set of changes,
606         to YARR - mostly adding .get() calls, but a couple of casts from unsigned long
607         to unsigned for some uses of sizeof, as Checked<> currently does not support
608         mixed signed-ness of types wider that 32 bits.
609
610         Happily the increased type safety of Checked<> means that it's not possible to
611         accidentally assign away precision, nor accidentally call integer overload of
612         a function instead of the bool version.
613
614         No measurable regression in performance, and SunSpider claims this patch to be
615         a progression of 0.3%.
616
617         * GNUmakefile.list.am:
618         * JavaScriptCore.gypi:
619         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
620         * JavaScriptCore.xcodeproj/project.pbxproj:
621         * wtf/CheckedArithmetic.h: Added.
622         (WTF::CrashOnOverflow::overflowed):
623         (WTF::CrashOnOverflow::clearOverflow):
624         (WTF::CrashOnOverflow::hasOverflowed):
625         (WTF::RecordOverflow::RecordOverflow):
626         (WTF::RecordOverflow::overflowed):
627         (WTF::RecordOverflow::clearOverflow):
628         (WTF::RecordOverflow::hasOverflowed):
629         (WTF::isInBounds):
630         (WTF::safeAdd):
631         (WTF::safeSub):
632         (WTF::safeMultiply):
633         (WTF::safeEquals):
634         (WTF::workAroundClangBug):
635         (WTF::Checked::Checked):
636         (WTF::Checked::operator=):
637         (WTF::Checked::operator++):
638         (WTF::Checked::operator--):
639         (WTF::Checked::operator!):
640         (WTF::Checked::operator UnspecifiedBoolType*):
641         (WTF::Checked::get):
642         (WTF::Checked::operator+=):
643         (WTF::Checked::operator-=):
644         (WTF::Checked::operator*=):
645         (WTF::Checked::operator==):
646         (WTF::Checked::operator!=):
647         (WTF::operator+):
648         (WTF::operator-):
649         (WTF::operator*):
650         * yarr/YarrInterpreter.cpp:
651         (JSC::Yarr::ByteCompiler::atomPatternCharacter):
652         (JSC::Yarr::ByteCompiler::atomCharacterClass):
653         (JSC::Yarr::ByteCompiler::atomBackReference):
654         (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
655         (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
656         (JSC::Yarr::ByteCompiler::atomParenthesesOnceEnd):
657         (JSC::Yarr::ByteCompiler::atomParenthesesTerminalEnd):
658         * yarr/YarrInterpreter.h:
659         (JSC::Yarr::ByteTerm::ByteTerm):
660         (JSC::Yarr::ByteTerm::CheckInput):
661         (JSC::Yarr::ByteTerm::UncheckInput):
662         * yarr/YarrJIT.cpp:
663         (JSC::Yarr::YarrGenerator::generateAssertionEOL):
664         (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
665         (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
666         (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
667         (JSC::Yarr::YarrGenerator::generateCharacterClassOnce):
668         (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
669         (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
670         (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
671         * yarr/YarrPattern.cpp:
672         (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
673         * yarr/YarrPattern.h:
674
675 2011-08-31  Andrei Popescu  <andreip@google.com>
676
677         Investigate current uses of OS(ANDROID)
678         https://bugs.webkit.org/show_bug.cgi?id=66761
679
680         Unreviewed, build fix for ARM platforms.
681
682         * wtf/Platform.h:
683
684 2011-08-31  Andrei Popescu  <andreip@google.com>
685
686         Investigate current uses of OS(ANDROID)
687         https://bugs.webkit.org/show_bug.cgi?id=66761
688
689         Reviewed by Darin Adler.
690
691         Remove the last legacy Android code.
692
693         No new tests needed as the code wasn't tested in the first place.
694
695         * wtf/Atomics.h:
696         * wtf/Platform.h:
697         * wtf/ThreadingPthreads.cpp:
698         (WTF::createThreadInternal):
699
700 2011-08-30  Aaron Colwell  <acolwell@chromium.org>
701
702         Add MediaSource API to HTMLMediaElement
703         https://bugs.webkit.org/show_bug.cgi?id=64731
704
705         Reviewed by Eric Carlson.
706
707         * Configurations/FeatureDefines.xcconfig:
708
709 2011-08-30  Oliver Hunt  <oliver@apple.com>
710
711         TypedArrays don't ensure that denormalised values are normalised
712         https://bugs.webkit.org/show_bug.cgi?id=67178
713
714         Reviewed by Gavin Barraclough.
715
716         Add a couple of assertions to jsNumber() to ensure that
717         we block signaling NaNs
718
719         * runtime/JSValue.h:
720         (JSC::jsDoubleNumber):
721         (JSC::jsNumber):
722
723 2011-08-30  Ademar de Souza Reis Jr.  <ademar.reis@openbossa.org>
724
725         [Qt] Do not unconditionally use pkg-config in .pro files
726         https://bugs.webkit.org/show_bug.cgi?id=67055
727
728         Reviewed by Andreas Kling.
729
730         Original patch from Rohan McGovern <rohan.mcgovern@nokia.com>
731
732         Using the first pkg-config in PATH is prone to errors when cross
733         compiling inside the Qt repository (using Qt's build-system).
734
735         This patch protect calls for pkg-config with
736         !contains(QT_CONFIG, no-pkg-config). no-pkg-config is added to
737         QT_CONFIG by Qt's 'configure' when cross-compiling on systems
738         without pkg-config.
739
740         The respective change in Qt's configure has been submited already.
741
742         No new tests as this is just a build change.
743
744         * wtf/wtf.pri: protect pkg-config calls
745
746 2011-08-29  Daniel Bates  <dbates@webkit.org>
747
748         Add HAVE(VASPRINTF) macro to test for vasprintf() support
749         https://bugs.webkit.org/show_bug.cgi?id=67156
750
751         Reviewed by Darin Adler.
752
753         Encapsulate testing of vasprintf() support in a HAVE macro
754         instead of hardcoding the list of supported/unsupported
755         compilers at the call site.
756
757         * wtf/Platform.h:
758
759 2011-08-29  Mark Hahnenberg  <mhahnenberg@apple.com>
760
761         Unzip initialization lists and constructors in JSCell hierarchy (3/7)
762         https://bugs.webkit.org/show_bug.cgi?id=67064
763
764         Reviewed by Darin Adler.
765
766         Completed the third level of the refactoring to add finishCreation() 
767         methods to all classes within the JSCell hierarchy with non-trivial 
768         constructor bodies.
769
770         This primarily consists of pushing the calls to finishCreation() down 
771         into the constructors of the subclasses of the second level of the hierarchy 
772         as well as pulling the finishCreation() calls out into the class's corresponding
773         create() method if it has one.  Doing both simultaneously allows us to 
774         maintain the invariant that the finishCreation() method chain is called exactly 
775         once during the creation of an object, since calling it any other number of 
776         times (0, 2, or more) will cause an assertion failure.
777
778         * debugger/DebuggerActivation.cpp:
779         (JSC::DebuggerActivation::DebuggerActivation):
780         (JSC::DebuggerActivation::finishCreation):
781         * debugger/DebuggerActivation.h:
782         (JSC::DebuggerActivation::create):
783         * runtime/Arguments.h:
784         (JSC::Arguments::create):
785         (JSC::Arguments::createNoParameters):
786         (JSC::Arguments::Arguments):
787         (JSC::Arguments::finishCreation):
788         * runtime/ErrorInstance.cpp:
789         (JSC::ErrorInstance::ErrorInstance):
790         * runtime/ErrorInstance.h:
791         (JSC::ErrorInstance::finishCreation):
792         * runtime/ExceptionHelpers.cpp:
793         (JSC::InterruptedExecutionError::InterruptedExecutionError):
794         (JSC::TerminatedExecutionError::TerminatedExecutionError):
795         * runtime/Executable.cpp:
796         (JSC::EvalExecutable::EvalExecutable):
797         (JSC::ProgramExecutable::ProgramExecutable):
798         (JSC::FunctionExecutable::FunctionExecutable):
799         Moved the assignment of m_firstLine and m_lastLine into the 
800         FunctionExecutable::finishCreation() method in Executable.h
801         * runtime/Executable.h:
802         (JSC::ScriptExecutable::ScriptExecutable):
803         (JSC::EvalExecutable::create):
804         (JSC::ProgramExecutable::create):
805         (JSC::FunctionExecutable::create):
806         (JSC::FunctionExecutable::finishCreation):
807         * runtime/JSArray.cpp:
808         (JSC::JSArray::JSArray):
809         (JSC::JSArray::finishCreation):
810         * runtime/JSArray.h:
811         * runtime/JSByteArray.cpp:
812         (JSC::JSByteArray::JSByteArray):
813         * runtime/JSByteArray.h:
814         (JSC::JSByteArray::finishCreation):
815         * runtime/JSNotAnObject.h:
816         (JSC::JSNotAnObject::JSNotAnObject):
817         * runtime/JSObject.h:
818         (JSC::JSNonFinalObject::JSNonFinalObject):
819         * runtime/JSObjectWithGlobalObject.cpp:
820         (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
821         (JSC::JSObjectWithGlobalObject::finishCreation):
822         * runtime/JSObjectWithGlobalObject.h:
823         * runtime/JSVariableObject.h:
824         (JSC::JSVariableObject::JSVariableObject):
825         (JSC::JSVariableObject::finishCreation):
826         * runtime/JSWrapperObject.h:
827         (JSC::JSWrapperObject::JSWrapperObject):
828         * runtime/ObjectPrototype.cpp:
829         (JSC::ObjectPrototype::ObjectPrototype):
830         (JSC::ObjectPrototype::finishCreation):
831         * runtime/ObjectPrototype.h:
832         * runtime/StrictEvalActivation.cpp:
833         (JSC::StrictEvalActivation::StrictEvalActivation):
834
835 2011-08-29  Andreas Kling  <kling@webkit.org>
836
837         Unreviewed build fix after r93990.
838
839         * wtf/HashTable.h:
840
841 2011-08-29  Andreas Kling  <kling@webkit.org>
842
843         Viewing a post on reddit.com wastes a lot of memory on event listeners.
844         https://bugs.webkit.org/show_bug.cgi?id=67133
845
846         Reviewed by Darin Adler.
847
848         Add a minimum table size to the HashTraits, instead of having it hard coded.
849         The default value remains at 64, but can now be specialized.
850
851         * runtime/StructureTransitionTable.h:
852         * wtf/HashTable.h:
853         (WTF::HashTable::shouldShrink):
854         (WTF::::expand):
855         (WTF::::checkTableConsistencyExceptSize):
856         * wtf/HashTraits.h:
857
858 2011-08-28  Jonathan Liu  <net147@gmail.com>
859
860         Fix build error when compiling with MinGW-w64 by disabling JIT
861         on Windows 64-bit
862         https://bugs.webkit.org/show_bug.cgi?id=61235
863
864         Reviewed by Gavin Barraclough.
865
866         The fixed mmap executable allocator for JIT on x86_64 requires
867         sys/mman.h which is not available on Windows.
868
869         * wtf/Platform.h:
870
871 2011-08-27  Filip Pizlo  <fpizlo@apple.com>
872
873         JSC::Executable is inconsistent about using weak handle finalizers
874         and destructors for releasing memory
875         https://bugs.webkit.org/show_bug.cgi?id=67072
876
877         Reviewed by Darin Adler.
878         
879         Moved more of the destruction of Executable state into the finalizer,
880         which also resulted in an opportunity to mostly combine this with
881         discardCode().  This also means that the finalizer is now enabled even
882         when the JIT is turned off.  This is performance neutral on SunSpider,
883         V8, and Kraken.
884
885         * runtime/Executable.cpp:
886         (JSC::ExecutableBase::clearCode):
887         (JSC::ExecutableFinalizer::finalize):
888         (JSC::EvalExecutable::clearCode):
889         (JSC::ProgramExecutable::clearCode):
890         (JSC::FunctionExecutable::discardCode):
891         (JSC::FunctionExecutable::clearCode):
892         * runtime/Executable.h:
893         (JSC::ExecutableBase::finishCreation):
894
895 2011-08-26  Gavin Barraclough  <barraclough@apple.com>
896
897         DFG JIT - ArithMod may clobber operands.
898         https://bugs.webkit.org/show_bug.cgi?id=67085
899
900         Reviewed by Sam Weinig.
901
902         unboxDouble must be called on a temporary.
903
904         * dfg/DFGJITCodeGenerator.cpp:
905         (JSC::DFG::JITCodeGenerator::fillDouble):
906         * dfg/DFGJITCodeGenerator.h:
907         (JSC::DFG::JITCodeGenerator::boxDouble):
908         * dfg/DFGNonSpeculativeJIT.cpp:
909         (JSC::DFG::NonSpeculativeJIT::compile):
910         * dfg/DFGSpeculativeJIT.cpp:
911         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
912
913 2011-08-26  Mark Hahnenberg  <mhahnenberg@apple.com>
914
915         Unzip initialization lists and constructors in JSCell hierarchy (2/7)
916         https://bugs.webkit.org/show_bug.cgi?id=66957
917
918         Reviewed by Darin Adler.
919
920         Completed the second level of the refactoring to add finishCreation()
921         methods to all classes within the JSCell hierarchy with non-trivial 
922         constructor bodies.
923
924         * runtime/Executable.h:
925         (JSC::ExecutableBase::ExecutableBase):
926         (JSC::ExecutableBase::create):
927         (JSC::NativeExecutable::create):
928         (JSC::NativeExecutable::finishCreation):
929         (JSC::NativeExecutable::NativeExecutable):
930         (JSC::ScriptExecutable::ScriptExecutable):
931         (JSC::ScriptExecutable::finishCreation):
932         * runtime/GetterSetter.h:
933         (JSC::GetterSetter::GetterSetter):
934         (JSC::GetterSetter::create):
935         * runtime/JSAPIValueWrapper.h:
936         (JSC::JSAPIValueWrapper::create):
937         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
938         * runtime/JSObject.h:
939         (JSC::JSNonFinalObject::JSNonFinalObject):
940         (JSC::JSNonFinalObject::finishCreation):
941         (JSC::JSFinalObject::create):
942         (JSC::JSFinalObject::finishCreation):
943         (JSC::JSFinalObject::JSFinalObject):
944         (JSC::JSObject::JSObject):
945         * runtime/JSPropertyNameIterator.cpp:
946         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
947         (JSC::JSPropertyNameIterator::create):
948         * runtime/JSPropertyNameIterator.h:
949         (JSC::JSPropertyNameIterator::create):
950         * runtime/RegExp.cpp:
951         (JSC::RegExp::RegExp):
952         (JSC::RegExp::createWithoutCaching):
953         * runtime/ScopeChain.h:
954         (JSC::ScopeChainNode::ScopeChainNode):
955         (JSC::ScopeChainNode::create):
956         * runtime/Structure.cpp:
957         (JSC::Structure::Structure):
958         * runtime/Structure.h:
959         (JSC::Structure::create):
960         (JSC::Structure::finishCreation):
961         (JSC::Structure::createStructure):
962         * runtime/StructureChain.cpp:
963         (JSC::StructureChain::StructureChain):
964         * runtime/StructureChain.h:
965         (JSC::StructureChain::create):
966
967 2011-08-26  Filip Pizlo  <fpizlo@apple.com>
968
969         The GC does not have a facility for profiling the kinds of objects
970         that occupy the heap
971         https://bugs.webkit.org/show_bug.cgi?id=66849
972
973         Reviewed by Geoffrey Garen.
974         
975         Destructor calls and object scans are now optionally counted, per
976         vtable. When the heap is destroyed and profiling is enabled, the
977         counts are dumped, with care taken to print the names of classes
978         (modulo C++ mangling) sorted in descending commonality.
979
980         * GNUmakefile.list.am:
981         * JavaScriptCore.exp:
982         * JavaScriptCore.pro:
983         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
984         * JavaScriptCore.xcodeproj/project.pbxproj:
985         * heap/Heap.cpp:
986         (JSC::Heap::destroy):
987         * heap/Heap.h:
988         * heap/MarkStack.cpp:
989         (JSC::SlotVisitor::visitChildren):
990         (JSC::SlotVisitor::drain):
991         * heap/MarkStack.h:
992         * heap/MarkedBlock.cpp:
993         (JSC::MarkedBlock::callDestructor):
994         * heap/MarkedBlock.h:
995         * heap/VTableSpectrum.cpp: Added.
996         (JSC::VTableSpectrum::VTableSpectrum):
997         (JSC::VTableSpectrum::~VTableSpectrum):
998         (JSC::VTableSpectrum::countVPtr):
999         (JSC::VTableSpectrum::count):
1000         (JSC::VTableAndCount::VTableAndCount):
1001         (JSC::VTableAndCount::operator<):
1002         (JSC::VTableSpectrum::dump):
1003         * heap/VTableSpectrum.h: Added.
1004         * wtf/Platform.h:
1005
1006 2011-08-26  Juan C. Montemayor  <jmont@apple.com>
1007
1008         Update topCallFrame when calling host functions in the JIT
1009         https://bugs.webkit.org/show_bug.cgi?id=67010
1010
1011         Reviewed by Oliver Hunt.
1012         
1013         The topCallFrame is not being updated when a host function is
1014         called by the JIT. This causes problems when trying to create a
1015         stack trace (https://bugs.webkit.org/show_bug.cgi?id=66994).
1016
1017         * jit/JITOpcodes.cpp:
1018         (JSC::JIT::privateCompileCTIMachineTrampolines):
1019         (JSC::JIT::privateCompileCTINativeCall):
1020
1021 2011-08-26  Alexey Proskuryakov  <ap@apple.com>
1022
1023         Get rid of frame life support timer
1024         https://bugs.webkit.org/show_bug.cgi?id=66874
1025
1026         Reviewed by Geoff Garen.
1027
1028         * runtime/JSGlobalObject.h:
1029         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1030         globalExec() no longer needs to be virtual, its only override was in JSDOMWindowBase.
1031
1032 2011-08-26  Chao-ying Fu  <fu@mips.com>
1033
1034         Fix MIPS patchOffsetGetByIdSlowCaseCall
1035         https://bugs.webkit.org/show_bug.cgi?id=67046
1036
1037         Reviewed by Gavin Barraclough.
1038
1039         * jit/JIT.h:
1040
1041 2011-08-25  Mark Hahnenberg  <mhahnenberg@apple.com>
1042
1043         Fixing broken build due to unused variables in release mode
1044         https://bugs.webkit.org/show_bug.cgi?id=67004
1045
1046         Unreviewed, release build fix.
1047
1048         Fixing broken build due to unused variables in ASSERTs in release build.
1049
1050         * runtime/JSObject.h:
1051         (JSC::JSObject::finishCreation):
1052         * runtime/JSString.h:
1053         (JSC::RopeBuilder::finishCreation):
1054         * runtime/ScopeChain.h:
1055         (JSC::ScopeChainNode::finishCreation):
1056
1057 2011-08-25  Mark Hahnenberg  <mhahnenberg@apple.com>
1058
1059         Unzip initialization lists and constructors in JSCell hierarchy (1/7)
1060         https://bugs.webkit.org/show_bug.cgi?id=66827
1061
1062         Reviewed by Geoffrey Garen.
1063
1064         Added finishCreation() methods to all immediately subclasses of JSCell with
1065         non-empty constructors.  Part of a larger refactoring to "unzip" initialization
1066         lists and constructor bodies.  Also renamed JSCell's constructorBody() method
1067         to finishCreation().
1068
1069         * runtime/Executable.h:
1070         (JSC::ExecutableBase::ExecutableBase):
1071         (JSC::ExecutableBase::constructorBody):
1072         * runtime/GetterSetter.h:
1073         (JSC::GetterSetter::GetterSetter):
1074         * runtime/JSAPIValueWrapper.h:
1075         (JSC::JSAPIValueWrapper::constructorBody):
1076         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
1077         * runtime/JSCell.h:
1078         (JSC::JSCell::JSCell::JSCell):
1079         (JSC::JSCell::JSCell::constructorBody):
1080         * runtime/JSObject.h:
1081         (JSC::JSObject::constructorBody):
1082         (JSC::JSObject::JSObject):
1083         * runtime/JSPropertyNameIterator.h:
1084         (JSC::JSPropertyNameIterator::constructorBody):
1085         * runtime/JSString.h:
1086         (JSC::RopeBuilder::JSString):
1087         (JSC::RopeBuilder::constructorBody):
1088         * runtime/RegExp.cpp:
1089         (JSC::RegExp::RegExp):
1090         (JSC::RegExp::constructorBody):
1091         * runtime/RegExp.h:
1092         * runtime/ScopeChain.h:
1093         (JSC::ScopeChainNode::ScopeChainNode):
1094         (JSC::ScopeChainNode::constructorBody):
1095         * runtime/Structure.cpp:
1096         (JSC::Structure::Structure):
1097         * runtime/StructureChain.cpp:
1098         (JSC::StructureChain::StructureChain):
1099         * runtime/StructureChain.h:
1100         (JSC::StructureChain::create):
1101         (JSC::StructureChain::constructorBody):
1102
1103 2011-08-25  Gabor Loki  <loki@webkit.org>
1104
1105         REGRESSION(r93755): It made 14 jsc test and ~500 layout test fail on Qt-ARM bot
1106         https://bugs.webkit.org/show_bug.cgi?id=66956
1107
1108         Rebaseline constants for patching GetByIdSlowCaseCall on ARM.
1109
1110         Reviewed by Oliver Hunt.
1111
1112         * jit/JIT.h:
1113
1114 2011-08-24  Juan C. Montemayor  <jmont@apple.com>
1115
1116         Keep track of topCallFrame for Stack traces
1117         https://bugs.webkit.org/show_bug.cgi?id=66571
1118
1119         Reviewed by Geoffrey Garen.
1120
1121         This patch adds a TopCallFrame to JSC in order to have that information
1122         when an error is thrown to create a stack trace. The TopCallFrame is
1123         updated throughout select points in the Interpreter and the JSC.
1124
1125         * interpreter/Interpreter.cpp:
1126         (JSC::Interpreter::unwindCallFrame):
1127         (JSC::Interpreter::throwException):
1128         (JSC::Interpreter::execute):
1129         (JSC::Interpreter::executeCall):
1130         (JSC::Interpreter::executeConstruct):
1131         (JSC::Interpreter::privateExecute):
1132         * interpreter/Interpreter.h:
1133         (JSC::TopCallFrameSetter::TopCallFrameSetter):
1134         (JSC::TopCallFrameSetter::~TopCallFrameSetter):
1135         * jit/JIT.h:
1136         * jit/JITInlineMethods.h:
1137         (JSC::JIT::updateTopCallFrame):
1138         * jit/JITStubCall.h:
1139         (JSC::JITStubCall::call):
1140         * jit/JITStubs.cpp:
1141         (JSC::throwExceptionFromOpCall):
1142         (JSC::DEFINE_STUB_FUNCTION):
1143         (JSC::arityCheckFor):
1144         * runtime/JSGlobalData.cpp:
1145         (JSC::JSGlobalData::JSGlobalData):
1146         * runtime/JSGlobalData.h:
1147
1148 2011-08-24  Filip Pizlo  <fpizlo@apple.com>
1149
1150         ErrorInstance::create sometimes has two heap object constructions
1151         in flight at once
1152         https://bugs.webkit.org/show_bug.cgi?id=66845
1153
1154         Reviewed by Darin Adler.
1155         
1156         The fix is simple since there is already a second create() method
1157         that takes a UString.
1158
1159         * runtime/ErrorInstance.cpp:
1160         (JSC::ErrorInstance::create):
1161
1162 2011-08-24  Filip Pizlo  <fpizlo@apple.com>
1163
1164         There is no facility for profiling how the write barrier is used
1165         https://bugs.webkit.org/show_bug.cgi?id=66747
1166
1167         Reviewed by Geoffrey Garen.
1168         
1169         Added facilities for the JIT to specify the kind of write barrier
1170         being executed.  Added code for profiling the number of each kind
1171         of barrier encountered.
1172
1173         * GNUmakefile.list.am:
1174         * JavaScriptCore.exp:
1175         * JavaScriptCore.pro:
1176         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1177         * JavaScriptCore.xcodeproj/project.pbxproj:
1178         * dfg/DFGJITCodeGenerator.cpp:
1179         (JSC::DFG::JITCodeGenerator::writeBarrier):
1180         (JSC::DFG::JITCodeGenerator::cachedPutById):
1181         * dfg/DFGJITCodeGenerator.h:
1182         * dfg/DFGJITCompiler.cpp:
1183         (JSC::DFG::JITCompiler::emitCount):
1184         * dfg/DFGJITCompiler.h:
1185         (JSC::DFG::JITCompiler::emitCount):
1186         * dfg/DFGNonSpeculativeJIT.cpp:
1187         (JSC::DFG::NonSpeculativeJIT::compile):
1188         * dfg/DFGRepatch.cpp:
1189         (JSC::DFG::tryCachePutByID):
1190         * dfg/DFGSpeculativeJIT.cpp:
1191         (JSC::DFG::SpeculativeJIT::compile):
1192         * heap/Heap.h:
1193         (JSC::Heap::writeBarrier):
1194         * heap/WriteBarrierSupport.cpp: Added.
1195         (JSC::WriteBarrierCounters::initialize):
1196         * heap/WriteBarrierSupport.h: Added.
1197         (JSC::WriteBarrierCounters::WriteBarrierCounters):
1198         (JSC::WriteBarrierCounters::jitCounterFor):
1199         (JSC::WriteBarrierCounters::countWriteBarrier):
1200         * jit/JIT.h:
1201         * jit/JITPropertyAccess.cpp:
1202         (JSC::JIT::emit_op_put_by_id):
1203         (JSC::JIT::privateCompilePutByIdTransition):
1204         (JSC::JIT::emit_op_put_scoped_var):
1205         (JSC::JIT::emit_op_put_global_var):
1206         (JSC::JIT::emitWriteBarrier):
1207         * jit/JITPropertyAccess32_64.cpp:
1208         (JSC::JIT::emit_op_put_by_val):
1209         (JSC::JIT::emit_op_put_by_id):
1210         (JSC::JIT::privateCompilePutByIdTransition):
1211         (JSC::JIT::emit_op_put_scoped_var):
1212         (JSC::JIT::emit_op_put_global_var):
1213         (JSC::JIT::emitWriteBarrier):
1214         * runtime/InitializeThreading.cpp:
1215         (JSC::initializeThreadingOnce):
1216         * runtime/WriteBarrier.h:
1217         (JSC::WriteBarrierBase::setWithoutWriteBarrier):
1218
1219 2011-08-23  Mark Hahnenberg  <mhahnenberg@apple.com>
1220
1221         Add checks to ensure allocation does not take place during initialization of GC-managed objects
1222         https://bugs.webkit.org/show_bug.cgi?id=65288
1223
1224         Reviewed by Darin Adler.
1225
1226         Adding the new validation functionality.  In its current state, it will performs checks, 
1227         but they don't fail unless you do allocation in the arguments to the parent constructor in the 
1228         initialization list of a class.  The allocateCell() method turns on the global flag disallowing any new 
1229         allocations, and the constructorBody() method in JSCell turns it off.  This way, allocation is still 
1230         allowed in constructor bodies while other refactoring efforts continue.
1231
1232         * runtime/JSCell.h:
1233         (JSC::JSCell::JSCell::constructorBody):
1234         (JSC::JSCell::JSCell::JSCell):
1235         (JSC::JSCell::allocateCell):
1236         * runtime/JSGlobalData.cpp:
1237         (JSC::JSGlobalData::JSGlobalData):
1238         * runtime/JSGlobalData.h:
1239         (JSC::JSGlobalData::isInitializingObject):
1240         (JSC::JSGlobalData::setInitializingObject):
1241         * runtime/StringObjectThatMasqueradesAsUndefined.h:
1242         (JSC::StringObjectThatMasqueradesAsUndefined::create):
1243
1244 2011-08-23  Gavin Barraclough  <barraclough@apple.com>
1245
1246         https://bugs.webkit.org/show_bug.cgi?id=55347
1247         "name" and "message" enumerable on *Error.prototype
1248
1249         Reviewed by Sam Weinig.
1250
1251         The default value of a NativeErrorPrototype's message
1252         property is "", not the name of the error.
1253
1254         * runtime/NativeErrorConstructor.cpp:
1255         (JSC::NativeErrorConstructor::NativeErrorConstructor):
1256         * runtime/NativeErrorConstructor.h:
1257         (JSC::NativeErrorConstructor::create):
1258         (JSC::NativeErrorConstructor::constructorBody):
1259         * runtime/NativeErrorPrototype.cpp:
1260         (JSC::NativeErrorPrototype::NativeErrorPrototype):
1261         (JSC::NativeErrorPrototype::constructorBody):
1262         * runtime/NativeErrorPrototype.h:
1263         (JSC::NativeErrorPrototype::create):
1264         * runtime/StringPrototype.cpp:
1265         (JSC::StringPrototype::StringPrototype):
1266         * runtime/StringPrototype.h:
1267         (JSC::StringPrototype::create):
1268
1269 2011-08-23  Steve Block  <steveblock@google.com>
1270
1271         Remove last occurrences of PLATFORM(ANDROID)
1272         https://bugs.webkit.org/show_bug.cgi?id=66763
1273
1274         Reviewed by Tony Gentilcore.
1275
1276         * wtf/Platform.h:
1277
1278 2011-08-23  Steve Block  <steveblock@google.com>
1279
1280         Remove all mention of removed Android files from build scripts
1281         https://bugs.webkit.org/show_bug.cgi?id=66755
1282
1283         Reviewed by Tony Gentilcore.
1284
1285         * JavaScriptCore.gyp/JavaScriptCore.gyp:
1286         * JavaScriptCore.gypi:
1287         * gyp/JavaScriptCore.gyp:
1288
1289 2011-08-23  Adam Barth  <abarth@webkit.org>
1290
1291         Remove WebCore/editing/android and other Android-specific directories
1292         https://bugs.webkit.org/show_bug.cgi?id=66739
1293
1294         Reviewed by Steve Block.
1295
1296         Now that Android shares more code with Chromium, we don't need these
1297         Android-specific files.
1298
1299         * wtf/android: Removed.
1300         * wtf/android/AndroidThreading.h: Removed.
1301         * wtf/android/MainThreadAndroid.cpp: Removed.
1302
1303 2011-08-23  Ilya Tikhonovsky  <loislo@chromium.org>
1304
1305         Unreviewed build fix for compile error on Windows for r93560.
1306
1307         * runtime/SamplingCounter.h:
1308
1309 2011-08-22  Filip Pizlo  <fpizlo@apple.com>
1310
1311         Sampling counter support is in the bytecode directory
1312         https://bugs.webkit.org/show_bug.cgi?id=66724
1313
1314         Reviewed by Darin Adler.
1315         
1316         Moved SamplingCounter to a separate header in runtime/.
1317
1318         * GNUmakefile.list.am:
1319         * JavaScriptCore.pro:
1320         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1321         * JavaScriptCore.xcodeproj/project.pbxproj:
1322         * bytecode/SamplingTool.cpp:
1323         * bytecode/SamplingTool.h:
1324         * runtime/SamplingCounter.cpp: Added.
1325         (JSC::AbstractSamplingCounter::dump):
1326         * runtime/SamplingCounter.h: Added.
1327         (JSC::AbstractSamplingCounter::count):
1328         (JSC::AbstractSamplingCounter::addressOfCounter):
1329         (JSC::AbstractSamplingCounter::init):
1330         (JSC::SamplingCounter::SamplingCounter):
1331         (JSC::GlobalSamplingCounter::name):
1332         (JSC::DeletableSamplingCounter::DeletableSamplingCounter):
1333         (JSC::DeletableSamplingCounter::~DeletableSamplingCounter):
1334
1335 2011-08-21  Martin Robinson  <mrobinson@igalia.com>
1336
1337         Fix 'make dist' for WebKitGTK+.
1338
1339         * GNUmakefile.list.am: Add a missing header to the sources list.
1340
1341 2011-08-20  Filip Pizlo  <fpizlo@apple.com>
1342
1343         JavaScriptCore bytecompiler does not compute scope depth correctly
1344         in the case of constant declarations
1345         https://bugs.webkit.org/show_bug.cgi?id=66572
1346
1347         Reviewed by Oliver Hunt.
1348         
1349         Changed the handling of const to add the dynamic scope depth.
1350
1351         * bytecompiler/NodesCodegen.cpp:
1352         (JSC::ConstDeclNode::emitCodeSingle):
1353
1354 2011-08-19  Daniel Bates  <dbates@webkit.org>
1355
1356         Only #include <signal.h> and require SA_RESTART when building with JSC_MULTIPLE_THREADS
1357         https://bugs.webkit.org/show_bug.cgi?id=66617
1358
1359         Both <signal.h> and SA_RESTART usage are guarded behind ENABLE(JSC_MULTIPLE_THREADS).
1360         But we cause a compile error if the platform doesn't support SA_RESTART regardless of
1361         whether JSC_MULTIPLE_THREADS is enabled for the port. Instead, we shouldn't require
1362         SA_RESTART support unless we are building with JSC_MULTIPLE_THREADS enabled.
1363
1364         Reviewed by Antonio Gomes.
1365
1366         * heap/MachineStackMarker.cpp:
1367
1368 2011-08-19  Filip Pizlo  <fpizlo@apple.com>
1369
1370         The JSC JIT currently has no facility to profile and report
1371         the types of values
1372         https://bugs.webkit.org/show_bug.cgi?id=65901
1373
1374         Reviewed by Gavin Barraclough.
1375         
1376         Added the ability to profile the values seen at function calls (both
1377         arguments and results) and heap loads.  This is done with emphasis
1378         on performance.  A value profiling site consists of: add, and,
1379         move, and store; no branching is necessary.  Each value profiling
1380         site (called a ValueProfile) has a ring buffer of 8 recently-seen
1381         values.  ValueProfiles are stored in the CodeBlock; there will be
1382         one for each argument (excluding this) and each heap load or callsite.
1383         Each time a value profiling site executes, it stores the value into
1384         a pseudo-random element in the ValueProfile buffer.  The point is
1385         that for frequently executed code, we will have 8 somewhat recent
1386         values in the buffer and will be able to not only figure out what
1387         type it is, but also to be able to reason about the actual values
1388         if we wish to do so.
1389         
1390         This feature is currently disabled by default.  When enabled, it
1391         results in a 3.7% slow-down on SunSpider.
1392
1393         * JavaScriptCore.xcodeproj/project.pbxproj:
1394         * bytecode/CodeBlock.cpp:
1395         (JSC::CodeBlock::~CodeBlock):
1396         * bytecode/CodeBlock.h:
1397         (JSC::CodeBlock::addValueProfile):
1398         (JSC::CodeBlock::numberOfValueProfiles):
1399         (JSC::CodeBlock::valueProfile):
1400         (JSC::CodeBlock::valueProfileForBytecodeOffset):
1401         * bytecode/ValueProfile.h: Added.
1402         (JSC::ValueProfile::ValueProfile):
1403         (JSC::ValueProfile::numberOfSamples):
1404         (JSC::ValueProfile::computeProbability):
1405         (JSC::ValueProfile::numberOfInt32s):
1406         (JSC::ValueProfile::numberOfDoubles):
1407         (JSC::ValueProfile::numberOfCells):
1408         (JSC::ValueProfile::probabilityOfInt32):
1409         (JSC::ValueProfile::probabilityOfDouble):
1410         (JSC::ValueProfile::probabilityOfCell):
1411         (JSC::getValueProfileBytecodeOffset):
1412         * jit/JIT.cpp:
1413         (JSC::JIT::privateCompileSlowCases):
1414         (JSC::JIT::privateCompile):
1415         * jit/JIT.h:
1416         (JSC::JIT::emitValueProfilingSite):
1417         * jit/JITCall.cpp:
1418         (JSC::JIT::emit_op_call_put_result):
1419         * jit/JITInlineMethods.h:
1420         (JSC::JIT::emitValueProfilingSite):
1421         * jit/JITPropertyAccess.cpp:
1422         (JSC::JIT::emit_op_get_by_val):
1423         (JSC::JIT::emitSlow_op_get_by_val):
1424         (JSC::JIT::emit_op_method_check):
1425         (JSC::JIT::emit_op_get_by_id):
1426         (JSC::JIT::emitSlow_op_get_by_id):
1427         * jit/JSInterfaceJIT.h:
1428         * wtf/Platform.h:
1429         * wtf/StdLibExtras.h:
1430         (WTF::binarySearch):
1431         (WTF::genericBinarySearch):
1432
1433 2011-08-19  Daniel Bates  <dbates@webkit.org>
1434
1435         Don't include DisallowCType.h when building on QNX
1436         https://bugs.webkit.org/show_bug.cgi?id=66616
1437
1438         Reviewed by Antonio Gomes.
1439
1440         * config.h:
1441
1442 2011-08-19  Daniel Bates  <dbates@webkit.org>
1443
1444         Implement ExecutableAllocator::cacheFlush() for QNX
1445         https://bugs.webkit.org/show_bug.cgi?id=66611
1446
1447         Reviewed by Antonio Gomes.
1448
1449         * jit/ExecutableAllocator.h:
1450         (JSC::ExecutableAllocator::cacheFlush):
1451
1452 2011-08-19  Daniel Bates  <dbates@webkit.org>
1453
1454         Implement WTF::atomic{Increment, Decrement}() for QNX
1455         https://bugs.webkit.org/show_bug.cgi?id=66605
1456
1457         Reviewed by Darin Adler.
1458
1459         * wtf/Atomics.h:
1460         (WTF::atomicIncrement):
1461         (WTF::atomicDecrement):
1462
1463 2011-08-19  Beth Dakin  <bdakin@apple.com>
1464
1465         https://bugs.webkit.org/show_bug.cgi?id=66590
1466         Re-name scrollbar painter types
1467
1468         Reviewed by Sam Weinig.
1469
1470         WTF_USE_WK_SCROLLBAR_PAINTER is now WTF_USE_SCROLLBAR_PAINTER since WK no longer 
1471         applies.
1472         * wtf/Platform.h:
1473
1474 2011-08-18  Mark Hahnenberg  <mhahnenberg@apple.com>
1475
1476         Move allocation in constructors into separate constructorBody() methods
1477         https://bugs.webkit.org/show_bug.cgi?id=66265
1478
1479         Reviewed by Oliver Hunt.
1480
1481         Refactoring to put all allocations that need to be done after the object's 
1482         initialization list has executed but before the object is ready for use 
1483         into a separate constructorBody() method.  This method is still called by the constructor, 
1484         so the patch doesn't resolve any potential issues, it's just to set up the code for further refactoring.
1485
1486         * JavaScriptCore.exp:
1487         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1488         * jsc.cpp:
1489         (GlobalObject::constructorBody):
1490         (GlobalObject::GlobalObject):
1491         * runtime/ErrorInstance.cpp:
1492         (JSC::ErrorInstance::ErrorInstance):
1493         * runtime/ErrorInstance.h:
1494         (JSC::ErrorInstance::constructorBody):
1495         * runtime/ErrorPrototype.cpp:
1496         (JSC::ErrorPrototype::ErrorPrototype):
1497         (JSC::ErrorPrototype::constructorBody):
1498         * runtime/ErrorPrototype.h:
1499         * runtime/Executable.cpp:
1500         (JSC::FunctionExecutable::FunctionExecutable):
1501         * runtime/Executable.h:
1502         (JSC::FunctionExecutable::constructorBody):
1503         * runtime/InternalFunction.cpp:
1504         (JSC::InternalFunction::InternalFunction):
1505         * runtime/InternalFunction.h:
1506         (JSC::InternalFunction::constructorBody):
1507         * runtime/JSByteArray.cpp:
1508         (JSC::JSByteArray::JSByteArray):
1509         * runtime/JSByteArray.h:
1510         (JSC::JSByteArray::constructorBody):
1511         * runtime/JSFunction.cpp:
1512         (JSC::JSFunction::JSFunction):
1513         (JSC::JSFunction::constructorBody):
1514         * runtime/JSFunction.h:
1515         * runtime/JSGlobalObject.h:
1516         (JSC::JSGlobalObject::JSGlobalObject):
1517         (JSC::JSGlobalObject::constructorBody):
1518         * runtime/JSPropertyNameIterator.cpp:
1519         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
1520         * runtime/JSPropertyNameIterator.h:
1521         (JSC::JSPropertyNameIterator::constructorBody):
1522         * runtime/JSString.h:
1523         (JSC::RopeBuilder::JSString):
1524         (JSC::RopeBuilder::constructorBody):
1525         * runtime/NativeErrorConstructor.cpp:
1526         (JSC::NativeErrorConstructor::NativeErrorConstructor):
1527         * runtime/NativeErrorConstructor.h:
1528         (JSC::NativeErrorConstructor::constructorBody):
1529         * runtime/NativeErrorPrototype.cpp:
1530         (JSC::NativeErrorPrototype::NativeErrorPrototype):
1531         (JSC::NativeErrorPrototype::constructorBody):
1532         * runtime/NativeErrorPrototype.h:
1533         * runtime/StringObject.cpp:
1534         * runtime/StringObject.h:
1535         (JSC::StringObject::create):
1536         * runtime/StringObjectThatMasqueradesAsUndefined.h:
1537         (JSC::StringObjectThatMasqueradesAsUndefined::create):
1538         (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
1539         * runtime/StringPrototype.cpp:
1540         (JSC::StringPrototype::StringPrototype):
1541         * runtime/StringPrototype.h:
1542         (JSC::StringPrototype::create):
1543
1544 2011-08-10  Filip Pizlo  <fpizlo@apple.com>
1545
1546         DFG non-speculative JIT does not inline the double case of ValueAdd
1547         https://bugs.webkit.org/show_bug.cgi?id=66025
1548
1549         Reviewed by Gavin Barraclough.
1550         
1551         This is a 1.3% win on Kraken overall, with >=8% speed-ups on a few
1552         benchmarks (imaging-darkroom, stanford-crypto-pbkdf2,
1553         stanford-crypto-sha256-iterative).  It looks like it might have
1554         a speed-up in SunSpider (though not statistically significant or
1555         particularly reproducible) and a slight slow-down in V8 (0.14%,
1556         not statistically significant).  It does slow down v8-crypto by
1557         1.5%.
1558
1559         * dfg/DFGJITCodeGenerator.cpp:
1560         (JSC::DFG::JITCodeGenerator::isKnownInteger):
1561         (JSC::DFG::JITCodeGenerator::isKnownNumeric):
1562         * dfg/DFGNonSpeculativeJIT.cpp:
1563         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1564         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1565         * dfg/DFGOperations.cpp:
1566
1567 2011-08-18  Filip Pizlo  <fpizlo@apple.com>
1568
1569         [jsfunfuzz] DFG speculative JIT does divide-by-zero checks incorrectly
1570         https://bugs.webkit.org/show_bug.cgi?id=66426
1571
1572         Reviewed by Oliver Hunt.
1573         
1574         Changed the branchTestPtr to branchTest32.
1575
1576         * dfg/DFGSpeculativeJIT.cpp:
1577         (JSC::DFG::SpeculativeJIT::compile):
1578
1579 2011-08-17  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
1580
1581         https://bugs.webkit.org/show_bug.cgi?id=66379
1582         implements load32WithCompactAddressOffsetPatch function 
1583         and fixes store32 and moveWithPatch functions for SH4 platforms.
1584
1585         Reviewed by Gavin Barraclough.
1586
1587         * assembler/MacroAssemblerSH4.h:
1588         (JSC::MacroAssemblerSH4::rshift32):
1589         (JSC::MacroAssemblerSH4::store32):
1590         (JSC::MacroAssemblerSH4::load32WithCompactAddressOffsetPatch):
1591         (JSC::MacroAssemblerSH4::moveWithPatch):
1592         * assembler/SH4Assembler.h:
1593         (JSC::SH4Assembler::movlMemRegCompact):
1594         (JSC::SH4Assembler::readPointer):
1595         (JSC::SH4Assembler::repatchCompact):
1596         * jit/JIT.h:
1597
1598 2011-08-17  Filip Pizlo  <fpizlo@apple.com>
1599
1600         JSC verbose debugging output sometimes doesn't work as expected.
1601         https://bugs.webkit.org/show_bug.cgi?id=66107
1602
1603         Reviewed by Gavin Barraclough.
1604         
1605         Hardened the CodeBlock::dump() code so that it no longer crashes.  Improved
1606         the DFG verbose code so that it prints slightly more useful information.
1607
1608         * assembler/LinkBuffer.h:
1609         (JSC::LinkBuffer::debugSize):
1610         * bytecode/CodeBlock.cpp:
1611         (JSC::valueToSourceString):
1612         (JSC::CodeBlock::dump):
1613         * bytecode/CodeBlock.h:
1614         (JSC::CodeBlock::numberOfRegExps):
1615         * dfg/DFGJITCompiler.cpp:
1616         (JSC::DFG::JITCompiler::link):
1617
1618 2011-08-16  Michael Saboff  <msaboff@apple.com>
1619
1620         Crash in Structure::visitChildren running iAd.js regression test suite under memory pressure
1621         https://bugs.webkit.org/show_bug.cgi?id=66351
1622
1623         JIT::privateCompilePutByIdTransition expects that regT0 and regT1
1624         have the basePayload and baseTag respectively.  In some cases,
1625         we may get to this generated code with one or both of these
1626         registers trash.  One know case is that regT0 on ARM may be
1627         trashed as regT0 (r0) is also arg0 and can be overrun with sp due
1628         to calls to JIT::restoreReturnAddress().  This patch uses the
1629         values on the stack.  A longer term solution is to work out all
1630         cases so that the register entry assumptions can assured.
1631
1632         While fixing this, also determined that the additional stack offset
1633         of sizeof(void*) is not needed for ARM.
1634
1635         Reviewed by Gavin Barraclough.
1636
1637         * jit/JITPropertyAccess32_64.cpp:
1638         (JSC::JIT::privateCompilePutByIdTransition):
1639
1640 2011-08-15  Gavin Barraclough  <barraclough@apple.com>
1641
1642         https://bugs.webkit.org/show_bug.cgi?id=66263
1643         DFG JIT does not always zero extend boolean result of DFG operations
1644
1645         Reviewed by Sam Weinig.
1646
1647         * dfg/DFGOperations.cpp:
1648         * dfg/DFGOperations.h:
1649             - Change bool return values to a 64-bit type.
1650
1651 2011-08-15  Gavin Barraclough  <barraclough@apple.com>
1652
1653         Crash accessing static property on sealed object
1654         https://bugs.webkit.org/show_bug.cgi?id=66242
1655
1656         Reviewed by Sam Weinig.
1657
1658         * runtime/JSObject.h:
1659         (JSC::JSObject::putDirectInternal):
1660             - should only check isExtensible if checkReadOnly.
1661
1662 2011-08-15  Sam Weinig  <sam@webkit.org>
1663
1664         Fix release build when building with Clang.
1665
1666         Reviewed by Anders Carlsson.
1667
1668         * runtime/Identifier.cpp:
1669         (JSC::Identifier::checkCurrentIdentifierTable):
1670         Add NO_RETURN_DUE_TO_CRASH.
1671
1672 2011-08-15  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
1673
1674         Reviewed by Nikolas Zimmermann.
1675
1676         Speed up SVGSMILElement::findInstanceTime.
1677         https://bugs.webkit.org/show_bug.cgi?id=61025
1678
1679         Add a new parameter to StdlibExtras.h::binarySerarch function
1680         to also handle cases when the array does not contain the key value.
1681         This is needed for an svg function.
1682
1683         * wtf/StdLibExtras.h:
1684         (WTF::binarySearch):
1685
1686 2011-08-13  Sam Weinig  <sam@webkit.org>
1687
1688         Add back 0xbbadbeef to CRASH to allow for old habits
1689         https://bugs.webkit.org/show_bug.cgi?id=66190
1690
1691         Reviewed by David Kilzer.
1692
1693         * wtf/Assertions.h:
1694         Add back the assignment to the memory address 0xbbadbeef in the CRASH
1695         macro, as it does not cause issue in the clang static analyzer and many
1696         people use its presence in crash reports to easily identify ASSERTs. 
1697
1698 2011-08-13  Sam Weinig  <sam@webkit.org>
1699
1700         Fix a bunch of minor bugs caught by the clang static analyzer in JavaScriptCore
1701         https://bugs.webkit.org/show_bug.cgi?id=66182
1702
1703         Reviewed by Dan Bernstein.
1704
1705         Fixes 10 warnings in JavaScriptCore and 2 in testapi.
1706
1707         * API/tests/testapi.c:
1708         (main):
1709         Remove dead variables.
1710
1711         * dfg/DFGGraph.cpp:
1712         (JSC::DFG::Graph::dump):
1713         Initialize hasPrinted and silence an unused warning by casting to void (Ok here
1714         since it is debug code and I want to keep it clear that if other cases are added,
1715         the hasPrinted flag would be needed).
1716
1717         * wtf/dtoa.cpp:
1718         (WTF::d2b):
1719         The variable "de" in the else block is always zero, so there is no reason to
1720         use it.
1721
1722 2011-08-12  Sam Weinig  <sam@webkit.org>
1723
1724         Use __builtin_trap() for CRASH when building with clang
1725         https://bugs.webkit.org/show_bug.cgi?id=66152
1726
1727         Reviewed by Anders Carlsson.
1728
1729         * wtf/Assertions.h:
1730         Add Clang specific CRASH macro that calls __builtin_trap() instead
1731         of silly techniques to crash. This allows the static analyzer to understand
1732         that we are intentionally crashing. As a result, we need to mark some functions
1733         as not returning.
1734
1735         Also adds a macros that annotates a function as never returning due to ASSERT or CRASH.
1736
1737         * wtf/Compiler.h:
1738         Add COMPILIER(CLANG) and fix some formatting and spelling mistakes.
1739
1740         * wtf/FastMalloc.cpp:
1741         (WTF::Internal::fastMallocMatchFailed):
1742         Add NO_RETURN_DUE_TO_CRASH.
1743
1744         * yarr/YarrParser.h:
1745         (JSC::Yarr::Parser::CharacterClassParserDelegate::assertionWordBoundary):
1746         (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBackReference):
1747         Add NO_RETURN_DUE_TO_ASSERT.
1748
1749 2011-08-12  Filip Pizlo  <fpizlo@apple.com>
1750
1751         DFG JIT has inconsistent use of boxDouble and unboxDouble,
1752         inconsistent use of assertions regarding doubles, and those
1753         assertions are not turned on in debug builds
1754         https://bugs.webkit.org/show_bug.cgi?id=66160
1755
1756         Reviewed by Gavin Barraclough.
1757         
1758         JIT assertions are now turned on in debug builds.  JIT
1759         assertions are now used for boxing and unboxing doubles, and boxing
1760         and unboxing no longer involves code duplication.
1761
1762         * dfg/DFGJITCodeGenerator.cpp:
1763         (JSC::DFG::JITCodeGenerator::fillDouble):
1764         * dfg/DFGJITCodeGenerator.h:
1765         (JSC::DFG::JITCodeGenerator::boxDouble):
1766         (JSC::DFG::JITCodeGenerator::unboxDouble):
1767         * dfg/DFGJITCompiler.cpp:
1768         (JSC::DFG::JITCompiler::fillNumericToDouble):
1769         (JSC::DFG::GeneralizedRegister::moveTo):
1770         (JSC::DFG::GeneralizedRegister::swapWith):
1771         * dfg/DFGJITCompiler.h:
1772         (JSC::DFG::JITCompiler::boxDouble):
1773         (JSC::DFG::JITCompiler::unboxDouble):
1774         * dfg/DFGNode.h:
1775         * dfg/DFGNonSpeculativeJIT.cpp:
1776         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1777         (JSC::DFG::NonSpeculativeJIT::compile):
1778         * dfg/DFGSpeculativeJIT.cpp:
1779         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1780         (JSC::DFG::SpeculativeJIT::convertToDouble):
1781
1782 2011-08-12  Mark Rowe  <mrowe@apple.com>
1783
1784         Be more forward-looking in the choice of compiler.
1785
1786         Rubber-stamped by Jon Honeycutt.
1787
1788         * Configurations/CompilerVersion.xcconfig:
1789
1790 2011-08-12  Kalev Lember  <kalevlember@gmail.com>
1791
1792         [GTK] Fix non-pthreads build after r91906.
1793         https://bugs.webkit.org/show_bug.cgi?id=66151
1794
1795         Reviewed by David Levin.
1796
1797         r91906 broke the non-pthreads GTK+ build by including a header which
1798         doesn't exist. Fix it by including DateMath.h instead of DateMap.h.
1799
1800         * wtf/gtk/ThreadingGtk.cpp:
1801
1802 2011-08-12  Mark Rowe  <mrowe@apple.com>
1803
1804         Update some configuration settings that were missed back in r92432.
1805
1806         * Configurations/CompilerVersion.xcconfig:
1807
1808 2011-08-12  Filip Pizlo  <fpizlo@apple.com>
1809
1810         REGRESSION (r91610?): Bing Maps fail to initialize (InvalidOperation:
1811         Matrix3D.invert)
1812         https://bugs.webkit.org/show_bug.cgi?id=66038
1813
1814         Reviewed by Gavin Barraclough.
1815         
1816         Simplest and lowest-impact fix for the case where the spilled format
1817         of a DFG node differs from the register format: if the format is
1818         converted then indicate that the spilled value is no longer valid
1819         ("kill the spill").
1820
1821         * dfg/DFGGenerationInfo.h:
1822         (JSC::DFG::GenerationInfo::killSpilled):
1823         * dfg/DFGJITCodeGenerator.cpp:
1824         (JSC::DFG::JITCodeGenerator::fillDouble):
1825         * dfg/DFGSpeculativeJIT.cpp:
1826         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1827
1828 2011-08-12  Sam Weinig  <sam@webkit.org>
1829
1830         Move compiler specific macros to their own header
1831         https://bugs.webkit.org/show_bug.cgi?id=66119
1832
1833         Reviewed by Anders Carlsson.
1834
1835         * JavaScriptCore.gypi:
1836         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
1837         * JavaScriptCore.xcodeproj/project.pbxproj:
1838         * wtf/CMakeLists.txt:
1839         Add Compiler.h
1840
1841         * wtf/AlwaysInline.h:
1842         Move the contents of this file (which no longer was just about ALWAYS_INLINE) to
1843         Compiler.h.  We can remove this file in a later commit.
1844
1845         * wtf/Compiler.h: Added.
1846         Put all compiler specific checks and features in this file.
1847
1848         * wtf/Platform.h:
1849         Move COMPILER macro and definitions (and the odd WARN_UNUSED_RETURN compiler feature)
1850         to Compiler.h.  Include Compiler.h since it is necessary.
1851
1852 2011-08-11  Filip Pizlo  <fpizlo@apple.com>
1853
1854         DFG JIT-specific structure stub info code offset fields are signed
1855         8-bit, but it is possible for the offsets to be greater than 127
1856         https://bugs.webkit.org/show_bug.cgi?id=66122
1857
1858         Reviewed by Gavin Barraclough.
1859
1860         * bytecode/StructureStubInfo.h:
1861         * dfg/DFGJITCodeGenerator.cpp:
1862         (JSC::DFG::JITCodeGenerator::cachedGetById):
1863         (JSC::DFG::JITCodeGenerator::cachedPutById):
1864
1865 2011-08-11  Filip Pizlo  <fpizlo@apple.com>
1866
1867         DFG JIT speculation failure code sometimes picks the wrong register
1868         as a scratch register.
1869         https://bugs.webkit.org/show_bug.cgi?id=66104
1870
1871         Reviewed by Gavin Barraclough.
1872         
1873         Hardened the code with more assertions and fixed the bug.  Now a
1874         spilled register is only used for scratch if it also isn't being
1875         used for shuffling.
1876
1877         * dfg/DFGJITCompiler.cpp:
1878         (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
1879         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
1880
1881 2011-08-11  Sheriff Bot  <webkit.review.bot@gmail.com>
1882
1883         Unreviewed, rolling out r92880.
1884         http://trac.webkit.org/changeset/92880
1885         https://bugs.webkit.org/show_bug.cgi?id=66123
1886
1887         Breaks compile in VS2010 (Requested by jamesr_ on #webkit).
1888
1889         * wtf/PassRefPtr.h:
1890
1891 2011-08-11  Mark Rowe  <mrowe@apple.com>
1892
1893         Don't conditionalize the use of -fomit-frame-pointer on compiler version as
1894         all of our supported compilers are now new enough to have the same, sane behavior.
1895
1896         Rubber-stamped by Sam Weinig.
1897
1898         * Configurations/JavaScriptCore.xcconfig:
1899
1900 2011-08-11  Filip Pizlo  <fpizlo@apple.com>
1901
1902         DFG JIT verbose mode does not report the generated types of nodes
1903         https://bugs.webkit.org/show_bug.cgi?id=65830
1904
1905         Reviewed by Sam Weinig.
1906         
1907         Added code that prints the type selected for each node's result.
1908
1909         * dfg/DFGGenerationInfo.h:
1910         (JSC::DFG::dataFormatToString):
1911         * dfg/DFGNonSpeculativeJIT.cpp:
1912         (JSC::DFG::NonSpeculativeJIT::compile):
1913         * dfg/DFGSpeculativeJIT.cpp:
1914         (JSC::DFG::SpeculativeJIT::compile):
1915
1916 2011-08-11  James Robinson  <jamesr@chromium.org>
1917
1918         nullptr can't be used for PassRefPtr
1919         https://bugs.webkit.org/show_bug.cgi?id=66024
1920
1921         Reviewed by Anders Carlsson.
1922
1923         * wtf/PassRefPtr.h:
1924         (WTF::PassRefPtr::PassRefPtr):
1925
1926 2011-08-11  Daniel Bates  <dbates@rim.com>
1927
1928         Removed unused variable in StackBounds::initialize() to resolve
1929         compiler warning when building on QNX.
1930         https://bugs.webkit.org/show_bug.cgi?id=66072
1931
1932         Reviewed by Antonio Gomes.
1933
1934         * wtf/StackBounds.cpp:
1935         (WTF::StackBounds::initialize):
1936
1937 2011-08-11  Devdatta Deshpande  <pwjd73@motorola.com>
1938
1939         Implementation of monotonically increasing clock on GTK
1940         https://bugs.webkit.org/show_bug.cgi?id=62175
1941
1942         Reviewed by Martin Robinson.
1943
1944         * wtf/CurrentTime.cpp:
1945         (WTF::monotonicallyIncreasingTime):
1946         The default implementation of monotonicallyIncreasingTime only
1947         guarantees the result to be non-decreasing.
1948         If the system time is changed to past then default implementation will
1949         still fail and WebCore timers will not fire.
1950
1951 2011-08-10  Geoffrey Garen  <ggaren@apple.com>
1952
1953         Removed some incorrect code that was dead.
1954
1955         Reviewed by Oliver Hunt.
1956
1957         clearSingleTransition() wasn't resetting m_data. Luckily,
1958         no one cares, because its caller was unused. Removed both.
1959
1960         * runtime/Structure.cpp:
1961         * runtime/StructureTransitionTable.h:
1962         (JSC::StructureTransitionTable::~StructureTransitionTable):
1963
1964 2011-08-10  Filip Pizlo  <fpizlo@apple.com>
1965
1966         REGRESSION(r92670-r92744): WebKit crashes when opening Gmail
1967         https://bugs.webkit.org/show_bug.cgi?id=66010
1968
1969         Reviewed by Oliver Hunt.
1970         
1971         Made sure that Construct calls use() on the this argument.
1972
1973         * dfg/DFGJITCodeGenerator.cpp:
1974         (JSC::DFG::JITCodeGenerator::emitCall):
1975
1976 2011-08-10  Mark Hahnenberg  <mhahnenberg@apple.com>
1977
1978         JSC should always throw when function arg list is too long
1979         https://bugs.webkit.org/show_bug.cgi?id=65869
1980
1981         Reviewed by Oliver Hunt.
1982
1983         Changed the behavior of the interpreter and JIT to throw an exception 
1984         when too many arguments are passed rather than truncating the list.  Added 
1985         a new method to create a "Too many arguments." exception used by this 
1986         new functionality.
1987
1988         * interpreter/Interpreter.cpp:
1989         (JSC::Interpreter::privateExecute):
1990         * jit/JITStubs.cpp:
1991         (JSC::DEFINE_STUB_FUNCTION):
1992         * runtime/ExceptionHelpers.cpp:
1993         (JSC::createTooManyParamsError):
1994         * runtime/ExceptionHelpers.h:
1995
1996 2011-08-10  Oliver Hunt  <oliver@apple.com>
1997
1998         Make GC checks more aggressive in release builds
1999         https://bugs.webkit.org/show_bug.cgi?id=66001
2000
2001         Reviewed by Gavin Barraclough.
2002
2003         * heap/HandleHeap.cpp:
2004         (JSC::HandleHeap::visitStrongHandles):
2005         (JSC::HandleHeap::visitWeakHandles):
2006         (JSC::HandleHeap::finalizeWeakHandles):
2007         (JSC::HandleHeap::writeBarrier):
2008         (JSC::HandleHeap::isLiveNode):
2009         (JSC::HandleHeap::isValidWeakNode):
2010            Increase handle heap validation logic, and make some of
2011            the crashes trigger in release builds as well as debug.
2012         * heap/HandleHeap.h:
2013         (JSC::HandleHeap::allocate):
2014         (JSC::HandleHeap::makeWeak):
2015            Ditto
2016         * runtime/JSGlobalData.cpp:
2017         (WTF::Recompiler::operator()):
2018         * runtime/JSGlobalObject.cpp:
2019         (JSC::JSGlobalObject::visitChildren):
2020            Fix GC bugs found while testing this patch
2021
2022 2011-08-10  Oliver Hunt  <oliver@apple.com>
2023
2024         JSEvaluteScript does not return the correct object when given JSONP data
2025         https://bugs.webkit.org/show_bug.cgi?id=66003
2026
2027         Reviewed by Gavin Barraclough.
2028
2029         Make sure we propagate the result of the function call rather than the
2030         argument.
2031
2032         * interpreter/Interpreter.cpp:
2033         (JSC::Interpreter::execute):
2034
2035 2011-08-10  Filip Pizlo  <fpizlo@apple.com>
2036
2037         DFG JIT heap prediction causes regressions when combined with
2038         aggressive integer prediction
2039         https://bugs.webkit.org/show_bug.cgi?id=65954
2040
2041         Reviewed by Gavin Barraclough.
2042         
2043         Disabled heap prediction, but did not remove the capability.
2044         This improves V8 crypto performance by 20%.
2045
2046         * dfg/DFGGraph.h:
2047         (JSC::DFG::Graph::predict):
2048
2049 2011-08-09  Filip Pizlo  <fpizlo@apple.com>
2050
2051         DFG JIT does not speculative integers as aggressively as it should
2052         https://bugs.webkit.org/show_bug.cgi?id=65949
2053
2054         Reviewed by Gavin Barraclough.
2055         
2056         Added a tree walk to propagate integer predictions through arithmetic
2057         expressions.
2058         
2059         This is a 71% speed-up on Kraken's imaging-gaussian-blur, which
2060         translates to a 19% speed-up on Kraken overall.  It's neutral on
2061         other benchmarks.
2062
2063         * dfg/DFGByteCodeParser.cpp:
2064         (JSC::DFG::ByteCodeParser::predictInt32):
2065
2066 2011-08-09  Filip Pizlo  <fpizlo@apple.com>
2067
2068         DFG JIT has no way of propagating predictions to loads and calls
2069         https://bugs.webkit.org/show_bug.cgi?id=65883
2070
2071         Reviewed by Gavin Barraclough.
2072         
2073         This introduces the capability to store predictions on graph
2074         nodes.  To save space while being somewhat consistent, the
2075         prediction is always stored in the second OpInfo slot (since
2076         a GetById will use the first one for the identifier).  This
2077         change is a natural extension of r92593 (global variable
2078         prediction).
2079         
2080         This is a 1.5% win on V8 in the arithmetic mean, and a 0.6%
2081         win on V8 in the geometric mean.  It is neutral on SunSpider
2082         and Kraken.  Interestingly, on V8 it regresses crypto by 3%
2083         while progressing deltablue and richards by 2.6% and 4.3%,
2084         respectively.
2085
2086         * dfg/DFGByteCodeParser.cpp:
2087         (JSC::DFG::ByteCodeParser::addToGraph):
2088         (JSC::DFG::ByteCodeParser::addCall):
2089         (JSC::DFG::ByteCodeParser::parseBlock):
2090         * dfg/DFGGraph.cpp:
2091         (JSC::DFG::Graph::dump):
2092         * dfg/DFGGraph.h:
2093         (JSC::DFG::Graph::predict):
2094         (JSC::DFG::Graph::getPrediction):
2095         * dfg/DFGNode.h:
2096         (JSC::DFG::isCellPrediction):
2097         (JSC::DFG::isArrayPrediction):
2098         (JSC::DFG::isInt32Prediction):
2099         (JSC::DFG::isDoublePrediction):
2100         (JSC::DFG::isNumberPrediction):
2101         (JSC::DFG::predictionToString):
2102         (JSC::DFG::Node::Node):
2103         (JSC::DFG::Node::hasPrediction):
2104         (JSC::DFG::Node::getPrediction):
2105         (JSC::DFG::Node::predict):
2106
2107 2011-08-09  Filip Pizlo  <fpizlo@apple.com>
2108
2109         DFG JIT passes the this argument to constructors even though
2110         it's not necessary
2111         https://bugs.webkit.org/show_bug.cgi?id=65943
2112
2113         Reviewed by Gavin Barraclough.
2114
2115         * dfg/DFGJITCodeGenerator.cpp:
2116         (JSC::DFG::JITCodeGenerator::emitCall):
2117
2118 2011-08-09  Chao-ying Fu  <fu@mips.com>
2119
2120         Fix one MIPS instruction to call JITStubThunked_##op
2121         https://bugs.webkit.org/show_bug.cgi?id=65942
2122
2123         Reviewed by Gavin Barraclough.
2124
2125         Changed "bal" to "jalr" for a possible processor mode change from
2126         MIPS32 to MIPS16.
2127
2128         * jit/JITStubs.cpp:
2129
2130 2011-08-09  Filip Pizlo  <fpizlo@apple.com>
2131
2132         DFG JIT failure loading web site
2133         https://bugs.webkit.org/show_bug.cgi?id=65930
2134
2135         Reviewed by Oliver Hunt.
2136         
2137         Put the use() call after the fpr()/gpr() calls, since doing otherwise
2138         breaks the register allocator.
2139
2140         * dfg/DFGNonSpeculativeJIT.cpp:
2141         (JSC::DFG::NonSpeculativeJIT::compile):
2142
2143 2011-08-09  Mark Hahnenberg  <mhahnenberg@apple.com>
2144
2145         Add ParentClass typedef in all JSC classes
2146         https://bugs.webkit.org/show_bug.cgi?id=65731
2147
2148         Reviewed by Oliver Hunt.
2149
2150         Just added the Base typedefs in all the classes that are a subclass of JSCell 
2151         to point at their parent classes.  This is a change to support future changes to the way
2152         constructors and destructors are implemented in JS objects, among other things.
2153
2154         * API/JSCallbackConstructor.h:
2155         * API/JSCallbackFunction.h:
2156         * API/JSCallbackObject.h:
2157         (JSC::JSCallbackObject::createStructure):
2158         (JSC::JSCallbackObject::visitChildren):
2159         * API/JSCallbackObjectFunctions.h:
2160         (JSC::::asCallbackObject):
2161         (JSC::::JSCallbackObject):
2162         (JSC::::init):
2163         (JSC::::className):
2164         (JSC::::getOwnPropertySlot):
2165         (JSC::::getOwnPropertyDescriptor):
2166         (JSC::::put):
2167         (JSC::::deleteProperty):
2168         (JSC::::getConstructData):
2169         (JSC::::construct):
2170         (JSC::::hasInstance):
2171         (JSC::::getCallData):
2172         (JSC::::call):
2173         (JSC::::getOwnPropertyNames):
2174         (JSC::::toNumber):
2175         (JSC::::toString):
2176         (JSC::::setPrivate):
2177         (JSC::::getPrivate):
2178         (JSC::::inherits):
2179         (JSC::::getStaticValue):
2180         (JSC::::staticFunctionGetter):
2181         (JSC::::callbackGetter):
2182         * debugger/DebuggerActivation.h:
2183         * jsc.cpp:
2184         * runtime/Arguments.h:
2185         * runtime/ArrayConstructor.h:
2186         * runtime/ArrayPrototype.h:
2187         * runtime/BooleanConstructor.h:
2188         * runtime/BooleanObject.h:
2189         * runtime/BooleanPrototype.h:
2190         * runtime/DateConstructor.h:
2191         * runtime/DateInstance.h:
2192         * runtime/DatePrototype.h:
2193         * runtime/Error.cpp:
2194         * runtime/ErrorConstructor.h:
2195         * runtime/ErrorInstance.h:
2196         * runtime/ErrorPrototype.h:
2197         * runtime/ExceptionHelpers.cpp:
2198         * runtime/Executable.h:
2199         * runtime/FunctionConstructor.h:
2200         * runtime/FunctionPrototype.h:
2201         * runtime/GetterSetter.h:
2202         * runtime/InternalFunction.h:
2203         * runtime/JSAPIValueWrapper.h:
2204         * runtime/JSActivation.h:
2205         * runtime/JSArray.h:
2206         * runtime/JSFunction.h:
2207         * runtime/JSGlobalObject.h:
2208         * runtime/JSNotAnObject.h:
2209         * runtime/JSONObject.h:
2210         * runtime/JSObject.h:
2211         * runtime/JSPropertyNameIterator.h:
2212         * runtime/JSStaticScopeObject.h:
2213         * runtime/JSString.h:
2214         * runtime/JSVariableObject.h:
2215         * runtime/JSWrapperObject.h:
2216         * runtime/MathObject.h:
2217         * runtime/NativeErrorConstructor.h:
2218         * runtime/NativeErrorPrototype.h:
2219         * runtime/NumberConstructor.h:
2220         * runtime/NumberObject.h:
2221         * runtime/NumberPrototype.h:
2222         * runtime/ObjectConstructor.h:
2223         * runtime/ObjectPrototype.h:
2224         * runtime/RegExp.h:
2225         * runtime/RegExpConstructor.h:
2226         * runtime/RegExpMatchesArray.h:
2227         * runtime/RegExpObject.h:
2228         (JSC::RegExpObject::create):
2229         * runtime/RegExpPrototype.h:
2230         * runtime/ScopeChain.h:
2231         * runtime/StrictEvalActivation.h:
2232         * runtime/StringConstructor.h:
2233         * runtime/StringObject.h:
2234         * runtime/StringObjectThatMasqueradesAsUndefined.h:
2235         * runtime/StringPrototype.h:
2236         * runtime/Structure.h:
2237         * runtime/StructureChain.h:
2238
2239 2011-08-08  Oliver Hunt  <oliver@apple.com>
2240
2241         Using mprotect to create guard pages breaks our use of madvise to release executable memory
2242         https://bugs.webkit.org/show_bug.cgi?id=65870
2243
2244         Reviewed by Gavin Barraclough.
2245
2246         Use mmap rather than mprotect to clear guard page permissions.
2247
2248         * wtf/OSAllocatorPosix.cpp:
2249         (WTF::OSAllocator::reserveAndCommit):
2250
2251 2011-08-08  Oliver Hunt  <oliver@apple.com>
2252
2253         Non-extensibility does not prevent mutating [[Prototype]]
2254         https://bugs.webkit.org/show_bug.cgi?id=65832
2255
2256         Reviewed by Gavin Barraclough.
2257
2258         Disallow mutation of __proto__ on objects that are not extensible.
2259
2260         * runtime/JSObject.cpp:
2261         (JSC::JSObject::put):
2262
2263 2011-08-08  Filip Pizlo  <fpizlo@apple.com>
2264
2265         DFG JIT does not track speculation decisions for global variables
2266         https://bugs.webkit.org/show_bug.cgi?id=65825
2267
2268         Reviewed by Gavin Barraclough.
2269         
2270         Added the capability to track predictions for global variables, and
2271         ensured that code can abstract over the source of prediction (local
2272         versus global variable) wherever it is appropriate to do so.  Also
2273         cleaned up the code in SpeculativeJIT that decides how to speculate
2274         based on recorded predictions (for example instead of using isInteger,
2275         which makes sense for local predictions where the GetLocal would
2276         return an integer value, we now tend to use shouldSpeculateInteger,
2277         which checks if the value is either already an integer or should be
2278         speculated to be an integer).
2279         
2280         This is an 0.8% win on SunSpider, almost entirely thanks to a 25%
2281         win on controlflow-recursive.  It's also a 4.8% win on v8-crypto.
2282
2283         * dfg/DFGByteCodeParser.cpp:
2284         (JSC::DFG::ByteCodeParser::predictArray):
2285         (JSC::DFG::ByteCodeParser::predictInt32):
2286         (JSC::DFG::ByteCodeParser::parseBlock):
2287         * dfg/DFGGraph.cpp:
2288         (JSC::DFG::Graph::dump):
2289         * dfg/DFGGraph.h:
2290         (JSC::DFG::Graph::predictGlobalVar):
2291         (JSC::DFG::Graph::predict):
2292         (JSC::DFG::Graph::getGlobalVarPrediction):
2293         (JSC::DFG::Graph::getPrediction):
2294         * dfg/DFGSpeculativeJIT.cpp:
2295         (JSC::DFG::SpeculativeJIT::compile):
2296         * dfg/DFGSpeculativeJIT.h:
2297         (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
2298         (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
2299
2300 2011-08-07  Martin Robinson  <mrobinson@igalia.com>
2301
2302         Distribution fix for GTK+.
2303
2304         * GNUmakefile.list.am: Strip removed files from the source list.
2305
2306 2011-08-06  Gavin Barraclough  <barraclough@apple.com>
2307
2308         https://bugs.webkit.org/show_bug.cgi?id=65821
2309         Don't form identifiers the first time a string is used as a property name.
2310
2311         Reviewed by Oliver Hunt.
2312
2313         This is a 1% win on SunSpider.
2314
2315         * dfg/DFGOperations.cpp:
2316             - Use fastGetOwnProperty.
2317         * jit/JITStubs.cpp:
2318         (JSC::DEFINE_STUB_FUNCTION):
2319             - Use fastGetOwnProperty.
2320         * runtime/JSCell.h:
2321         * runtime/JSObject.h:
2322         (JSC::JSCell::fastGetOwnProperty):
2323             - Fast call to get a property without creating an identifier the first time.
2324         * runtime/PropertyMapHashTable.h:
2325         (JSC::PropertyTable::find):
2326         (JSC::PropertyTable::findWithString):
2327             - Add interface to look up by either strinsg or identifiers.
2328         * runtime/Structure.h:
2329         (JSC::Structure::get):
2330             - Add a get() call that takes a UString, not an Identifier.
2331         * wtf/text/StringImpl.h:
2332         (WTF::StringImpl::hasHash):
2333             - Add a call to check if the has has been set (to detect the first use as a property name).
2334
2335 2011-08-06  Aron Rosenberg  <arosenberg@logitech.com>
2336
2337         Reviewed by Benjamin Poulain.
2338
2339         [Qt] Fix build with Intel compiler on Windows
2340         https://bugs.webkit.org/show_bug.cgi?id=65088
2341
2342         Intel compiler needs .lib suffixes instead of .a
2343         Intel compiler doesn't support nullptr
2344         Intel compiler supports unsized arrays
2345
2346         * JavaScriptCore.pri:
2347         * jsc.cpp:
2348         * wtf/ByteArray.h:
2349         * wtf/NullPtr.h:
2350
2351 2011-08-05  Gavin Barraclough  <barraclough@apple.com>
2352
2353         String replace with the empty string means string removal
2354         https://bugs.webkit.org/show_bug.cgi?id=65799
2355
2356         Reviewed by Sam Weinig.
2357
2358         Optimization for String.prototype.replace([RegExp], ""), this improves v8-regexp by ~3%.
2359
2360         * runtime/StringPrototype.cpp:
2361         (JSC::jsSpliceSubstrings):
2362         (JSC::stringProtoFuncReplace):
2363
2364 2011-08-05  Noel Gordon  <noel.gordon@gmail.com>
2365
2366         [Chromium] Remove JSZombie references from gyp project files.
2367         https://bugs.webkit.org/show_bug.cgi?id=65798
2368
2369         JSC runtime/JSZombie.{cpp,h} were removed in r92046.  Remove references to these
2370         file names from the gyp projects.
2371
2372         Reviewed by Darin Adler.
2373
2374         * JavaScriptCore.gypi: zombies be gone.
2375
2376 2011-08-05  Mark Rowe  <mrowe@apple.com>
2377
2378         <http://webkit.org/b/65785> ThreadRestrictionVerifier needs a mode where an object
2379         is tied to a particular dispatch queue
2380
2381         A RefCounted object can be opted in to this mode by calling setDispatchQueueForVerifier
2382         with the dispatch queue it will be tied to. This will cause ThreadRestrictionVerifier
2383         to ensure that all operations are performed on the given dispatch queue.
2384
2385         Reviewed by Anders Carlsson.
2386
2387         * wtf/RefCounted.h:
2388         (WTF::RefCountedBase::setDispatchQueueForVerifier):
2389         * wtf/ThreadRestrictionVerifier.h:
2390         (WTF::ThreadRestrictionVerifier::ThreadRestrictionVerifier):
2391         (WTF::ThreadRestrictionVerifier::~ThreadRestrictionVerifier):
2392         (WTF::ThreadRestrictionVerifier::setDispatchQueueMode):
2393         (WTF::ThreadRestrictionVerifier::setShared):
2394         (WTF::ThreadRestrictionVerifier::isSafeToUse):
2395
2396 2011-08-05  Oliver Hunt  <oliver@apple.com>
2397
2398         Inline allocation of function objects
2399         https://bugs.webkit.org/show_bug.cgi?id=65779
2400
2401         Reviewed by Gavin Barraclough.
2402
2403         Inline allocation and initilisation of function objects
2404         in generated code.  This ended up being a 60-70% improvement
2405         in function allocation performance.  This improvement shows
2406         up as a ~2% improvement in 32bit sunspider and V8, but is a
2407         wash on 64-bit.
2408
2409         We currently don't inline the allocation of named function
2410         expressions, as that requires being able to gc allocate a
2411         variable object.
2412
2413         * jit/JIT.cpp:
2414         (JSC::JIT::privateCompileSlowCases):
2415         * jit/JIT.h:
2416         (JSC::JIT::emitStoreCell):
2417         * jit/JITInlineMethods.h:
2418         (JSC::JIT::emitAllocateBasicJSObject):
2419         (JSC::JIT::emitAllocateJSFinalObject):
2420         (JSC::JIT::emitAllocateJSFunction):
2421         * jit/JITOpcodes.cpp:
2422         (JSC::JIT::emit_op_new_func):
2423         (JSC::JIT::emitSlow_op_new_func):
2424         (JSC::JIT::emit_op_new_func_exp):
2425         (JSC::JIT::emitSlow_op_new_func_exp):
2426         * jit/JITOpcodes32_64.cpp:
2427             Removed duplicate implementation of op_new_func and op_new_func_exp
2428         * runtime/JSFunction.h:
2429         (JSC::JSFunction::offsetOfScopeChain):
2430         (JSC::JSFunction::offsetOfExecutable):
2431
2432 2011-08-04  David Levin  <levin@chromium.org>
2433
2434         CStringBuffer should have thread safety checks turned on.
2435         https://bugs.webkit.org/show_bug.cgi?id=58093
2436
2437         Reviewed by Dmitry Titov.
2438
2439         * wtf/text/CString.h:
2440         (WTF::CStringBuffer::CStringBuffer): Removed the ifdef that
2441         turned this off for Chromium.
2442
2443 2011-08-04  Mark Rowe  <mrowe@apple.com>
2444
2445         Future-proof Xcode configuration settings.
2446
2447         * Configurations/Base.xcconfig:
2448         * Configurations/DebugRelease.xcconfig:
2449         * Configurations/JavaScriptCore.xcconfig:
2450         * Configurations/Version.xcconfig:
2451
2452 2011-08-04  Mark Hahnenberg  <mhahnenberg@apple.com>
2453
2454         Interpreter can potentially GC in the middle of initializing a structure chain
2455         https://bugs.webkit.org/show_bug.cgi?id=65638
2456
2457         Reviewed by Oliver Hunt.
2458
2459         Moved the allocation of a prototype StructureChain before the initialization of 
2460         the structure chain within the interpreter that was causing intermittent GC crashes.
2461
2462         * interpreter/Interpreter.cpp:
2463         (JSC::Interpreter::tryCachePutByID):
2464         * wtf/Platform.h:
2465
2466 2011-08-04  Filip Pizlo  <fpizlo@apple.com>
2467
2468         Eval handling attempts literal parsing even when the eval
2469         string is in the cache
2470         https://bugs.webkit.org/show_bug.cgi?id=65675
2471
2472         Reviewed by Oliver Hunt.
2473         
2474         This is a 25% speed-up on date-format-tofte and a 1.5% speed-up overall
2475         in SunSpider.  It's neutral on V8.
2476
2477         * bytecode/EvalCodeCache.h:
2478         (JSC::EvalCodeCache::tryGet):
2479         (JSC::EvalCodeCache::getSlow):
2480         (JSC::EvalCodeCache::get):
2481         * interpreter/Interpreter.cpp:
2482         (JSC::Interpreter::callEval):
2483
2484 2011-08-03  Mark Rowe  <mrowe@apple.com>
2485
2486         Bring some order to FeatureDefines.xcconfig to make it easier to follow.
2487
2488         Reviewed by Sam Weinig.
2489
2490         * Configurations/FeatureDefines.xcconfig:
2491
2492 2011-08-03  Mark Rowe  <mrowe@apple.com>
2493
2494         Clean up FeatureDefines.xcconfig to remove some unnecessary conditional settings
2495
2496         Reviewed by Dave Kilzer.
2497
2498         * Configurations/FeatureDefines.xcconfig:
2499
2500 2011-08-03  Filip Pizlo  <fpizlo@apple.com>
2501
2502         JSC GC heap size improvement breaks build on some platforms due to
2503         unused parameter
2504         https://bugs.webkit.org/show_bug.cgi?id=65641
2505
2506         Reviewed by Darin Adler.
2507         
2508         Fix build on non-x86 platforms, by ensuring that the relevant
2509         parameter always appears to be used even when it isn't.
2510
2511         * heap/Heap.cpp:
2512
2513 2011-08-03  Carlos Garcia Campos  <cgarcia@igalia.com>
2514
2515         [GTK] Reorganize pkg-config files
2516         https://bugs.webkit.org/show_bug.cgi?id=65548
2517
2518         Reviewed by Martin Robinson.
2519
2520         * GNUmakefile.am:
2521         * javascriptcoregtk.pc.in: Renamed from Source/WebKit/gtk/javascriptcoregtk.pc.in.
2522
2523 2011-08-01  David Levin  <levin@chromium.org>
2524
2525         Add asserts to RefCounted to make sure ref/deref happens on the right thread.
2526         https://bugs.webkit.org/show_bug.cgi?id=31639
2527
2528         Reviewed by Dmitry Titov.
2529
2530         * GNUmakefile.list.am: Added new files to the build.
2531         * JavaScriptCore.gypi: Ditto.
2532         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
2533         * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
2534         * jit/ExecutableAllocator.h:
2535         (JSC::ExecutablePool::ExecutablePool): Turned off checks for this
2536         due to not being able to figure out what was guarding it (bug 58091).
2537         * parser/SourceProvider.h:
2538         (JSC::SourceProvider::SourceProvider): Ditto.
2539         * wtf/CMakeLists.txt: Added new files to the build.
2540         * wtf/ThreadRestrictionVerifier.h: Added.
2541         Everything is done in the header to avoid the issue with exports
2542         that are only useful in debug but still needing to export them.
2543         * wtf/RefCounted.h:
2544         (WTF::RefCountedBase::ref): Added checks using the non thread safe verifier.
2545         and filed bug 58171 about making it stricter.
2546         (WTF::RefCountedBase::hasOneRef): Ditto.
2547         (WTF::RefCountedBase::refCount): Ditto.
2548         (WTF::RefCountedBase::setMutexForVerifier): Expose a way to change the checks to be based
2549         on a mutex. This is in the header to avoid adding more exports from JavaScriptCore.
2550         (WTF::RefCountedBase::deprecatedTurnOffVerifier): Temporary way to turn off verification.
2551         Filed bug 58174 to remove this method.
2552         (WTF::RefCountedBase::derefBase):
2553         * wtf/SizeLimits.cpp: Adjusted the debug size check for RefCounted.
2554         * wtf/text/CString.h:
2555         (WTF::CStringBuffer::CStringBuffer): Turned off checks for this while a fix is being
2556         done in Chromium (bug 58093).
2557
2558 2011-08-02  Filip Pizlo  <fpizlo@apple.com>
2559
2560         JSC GC may not be able to reuse partially-free blocks after a
2561         full collection
2562         https://bugs.webkit.org/show_bug.cgi?id=65585
2563
2564         Reviewed by Darin Adler.
2565         
2566         This fixes the linked list management bug.  This fix is performance
2567         neutral on SunSpider.
2568
2569         * heap/NewSpace.cpp:
2570         (JSC::NewSpace::removeBlock):
2571
2572 2011-07-30  Oliver Hunt  <oliver@apple.com>
2573
2574         Simplify JSFunction creation for functions written in JS
2575         https://bugs.webkit.org/show_bug.cgi?id=65422
2576
2577         Reviewed by Gavin Barraclough.
2578
2579         Remove hash lookups used to write name property and transition
2580         function structure by caching the resultant structure and property
2581         offset in JSGlobalObject.  This doesn't impact performance, but
2582         we can use this change to make other improvements later.
2583
2584         * runtime/Executable.cpp:
2585         (JSC::FunctionExecutable::FunctionExecutable):
2586         * runtime/Executable.h:
2587         (JSC::ScriptExecutable::ScriptExecutable):
2588         (JSC::FunctionExecutable::jsName):
2589         * runtime/JSFunction.cpp:
2590         (JSC::JSFunction::JSFunction):
2591         * runtime/JSGlobalObject.cpp:
2592         (JSC::JSGlobalObject::reset):
2593         * runtime/JSGlobalObject.h:
2594         (JSC::JSGlobalObject::namedFunctionStructure):
2595         (JSC::JSGlobalObject::functionNameOffset):
2596
2597 2011-08-02  Filip Pizlo  <fpizlo@apple.com>
2598
2599         JSC GC uses dummy cells to avoid having to remember which cells
2600         it has already destroyed
2601         https://bugs.webkit.org/show_bug.cgi?id=65556
2602
2603         Reviewed by Oliver Hunt.
2604         
2605         This gets rid of dummy cells, and ensures that it's not necessary
2606         to invoke a destructor on cells that have already been swept.  In
2607         the common case, a block knows that either all of its free cells
2608         still need to have destructors called, or none of them do, which
2609         minimizes the amount of branching that needs to happen per cell
2610         when performing a sweep.
2611         
2612         This is performance neutral on SunSpider and V8.  It is meant as
2613         a stepping stone to simplify the implementation of more
2614         sophisticated sweeping algorithms.
2615
2616         * heap/Heap.cpp:
2617         (JSC::CountFunctor::ClearMarks::operator()):
2618         * heap/MarkedBlock.cpp:
2619         (JSC::MarkedBlock::initForCellSize):
2620         (JSC::MarkedBlock::callDestructor):
2621         (JSC::MarkedBlock::specializedReset):
2622         (JSC::MarkedBlock::reset):
2623         (JSC::MarkedBlock::specializedSweep):
2624         (JSC::MarkedBlock::sweep):
2625         (JSC::MarkedBlock::produceFreeList):
2626         (JSC::MarkedBlock::lazySweep):
2627         (JSC::MarkedBlock::blessNewBlockForFastPath):
2628         (JSC::MarkedBlock::blessNewBlockForSlowPath):
2629         (JSC::MarkedBlock::canonicalizeBlock):
2630         * heap/MarkedBlock.h:
2631         (JSC::MarkedBlock::FreeCell::setNoObject):
2632         (JSC::MarkedBlock::setDestructorState):
2633         (JSC::MarkedBlock::destructorState):
2634         (JSC::MarkedBlock::notifyMayHaveFreshFreeCells):
2635         * runtime/JSCell.cpp:
2636         * runtime/JSCell.h:
2637         (JSC::JSCell::JSCell::JSCell):
2638         * runtime/JSGlobalData.cpp:
2639         (JSC::JSGlobalData::JSGlobalData):
2640         (JSC::JSGlobalData::clearBuiltinStructures):
2641         * runtime/JSGlobalData.h:
2642         * runtime/Structure.h:
2643
2644 2011-08-01  Michael Saboff  <msaboff@apple.com>
2645
2646         Virtual copying of FastMalloc allocated memory causes madvise MADV_FREE_REUSABLE errors
2647         https://bugs.webkit.org/show_bug.cgi?id=65502
2648
2649         Reviewed by Anders Carlsson.
2650
2651         With the fix of the issues causing madvise MADV_FREE_REUSABLE to fail,
2652         added an assert to the return code of madvise to catch any regressions.
2653
2654         * wtf/TCSystemAlloc.cpp:
2655         (TCMalloc_SystemRelease):
2656
2657 2011-08-02  Anders Carlsson  <andersca@apple.com>
2658
2659         Fix Windows build.
2660
2661         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2662
2663 2011-08-02  Anders Carlsson  <andersca@apple.com>
2664
2665         Fix a Windows build error.
2666
2667         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2668
2669 2011-08-02  Filip Pizlo  <fpizlo@apple.com>
2670
2671         JSC GC is far too conservative about growing the heap size, particularly
2672         on desktop platforms
2673         https://bugs.webkit.org/show_bug.cgi?id=65438
2674
2675         Reviewed by Oliver Hunt.
2676
2677         The minimum heap size is now 16MB instead of 512KB, provided all of the
2678         following are true:
2679         a) ENABLE(LARGE_HEAP) is set, which currently only happens on
2680            x86 targets, but could reasonably happen on any platform that is
2681            known to have a decent amount of RAM.
2682         b) JSGlobalData is initialized with HeapSize = LargeHeap, which
2683            currently only happens when it's the JSDOMWindowBase in WebCore or
2684            in the jsc command-line tool.
2685            
2686         This is a 4.1% speed-up on SunSpider.
2687
2688         * JavaScriptCore.exp:
2689         * heap/Heap.cpp:
2690         (JSC::Heap::Heap):
2691         (JSC::Heap::collect):
2692         * heap/Heap.h:
2693         * jsc.cpp:
2694         (main):
2695         * runtime/JSGlobalData.cpp:
2696         (JSC::JSGlobalData::JSGlobalData):
2697         (JSC::JSGlobalData::createContextGroup):
2698         (JSC::JSGlobalData::create):
2699         (JSC::JSGlobalData::createLeaked):
2700         (JSC::JSGlobalData::sharedInstance):
2701         * runtime/JSGlobalData.h:
2702         * wtf/Platform.h:
2703
2704 2011-08-02  Filip Pizlo  <fpizlo@apple.com>
2705
2706         JSC does a GC even when the heap still has free pages
2707         https://bugs.webkit.org/show_bug.cgi?id=65445
2708
2709         Reviewed by Oliver Hunt.
2710         
2711         If the high watermark is not reached, then we allocate new blocks as
2712         before.  If the current watermark does reach (or exceed) the high
2713         watermark, then we check if there is a block on the free block pool.
2714         If there is, we simply allocation from it.  If there isn't, we
2715         invoke a collectin as before.  This effectively couples the elastic
2716         scavenging to the collector's decision function.  That is, if an
2717         application rapidly varies its heap usage (sometimes using more and
2718         sometimes less) then the collector will not thrash as it used to.
2719         But if heap usage drops and stays low then the scavenger thread and
2720         the GC will eventually reach a kind of consensus: the GC will set
2721         the watermark low because of low heap usage, and the scavenger thread
2722         will steadily eliminate pages from the free page pool, until the size
2723         of the free pool is below the high watermark.
2724         
2725         On command-line, this is neutral on SunSpider and Kraken and a 3% win
2726         on V8.  In browser, this is a 1% win on V8 and neutral on the other
2727         two.
2728
2729         * heap/Heap.cpp:
2730         (JSC::Heap::allocateSlowCase):
2731         (JSC::Heap::allocateBlock):
2732         * heap/Heap.h:
2733
2734 2011-08-02  Jeff Miller  <jeffm@apple.com>
2735
2736         Move WTF_USE_AVFOUNDATION from JavaScriptCore/wtf/platform.h to WebCore/config.h
2737         https://bugs.webkit.org/show_bug.cgi?id=65552
2738         
2739         Since this is a WebCore feature, there's no need to define it in JavaScriptCore/wtf/platform.h.
2740
2741         Reviewed by Adam Roben.
2742
2743         * wtf/Platform.h: Removed WTF_USE_AVFOUNDATION.
2744
2745 2011-08-01  Jean-luc Brouillet  <jeanluc@chromium.org>
2746
2747         Removing old source files in gyp files that slow build
2748         https://bugs.webkit.org/show_bug.cgi?id=65503
2749
2750         Reviewed by Adam Barth.
2751
2752         A number of stale files are listed in the gyp files. These slow the
2753         build on Visual Studio 2010. Removing them.
2754
2755         * JavaScriptCore.gypi:
2756
2757 2011-07-14  David Levin  <levin@chromium.org>
2758
2759         currentThread is too slow!
2760         https://bugs.webkit.org/show_bug.cgi?id=64577
2761
2762         Reviewed by Darin Adler and Dmitry Titov.
2763
2764         The problem is that currentThread results in a pthread_once call which always takes a lock.
2765         With this change, currentThread is 10% faster than isMainThread in release mode and only
2766         5% slower than isMainThread in debug.
2767
2768         * wtf/ThreadIdentifierDataPthreads.cpp:
2769         (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
2770         which is no longer needed because this is called from initializeThreading().
2771         (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
2772         intialization of the pthread key should already be done.
2773         (WTF::ThreadIdentifierData::initialize): Ditto.
2774         * wtf/ThreadIdentifierDataPthreads.h:
2775         * wtf/ThreadingPthreads.cpp:
2776         (WTF::initializeThreading): Acquire the pthread key here.
2777
2778 2011-08-01  Filip Pizlo  <fpizlo@apple.com>
2779
2780         DFG JIT sometimes creates speculation check data structures that have
2781         invalid information about the format of a register
2782         https://bugs.webkit.org/show_bug.cgi?id=65490
2783
2784         Reviewed by Gavin Barraclough.
2785         
2786         The code now makes sure to (1) always have correct and up-to-date
2787         information about register format at the time that a speculation
2788         check is emitted, (2) assert that speculation data is correct
2789         inside the speculation check implementation, and (3) avoid creating
2790         speculation data altogether if compilation has already failed, since
2791         at that point the format data is almost guaranteed to be bogus.
2792
2793         * dfg/DFGNonSpeculativeJIT.cpp:
2794         (JSC::DFG::EntryLocation::EntryLocation):
2795         * dfg/DFGSpeculativeJIT.cpp:
2796         (JSC::DFG::SpeculationCheck::SpeculationCheck):
2797         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2798         (JSC::DFG::SpeculativeJIT::compile):
2799         * dfg/DFGSpeculativeJIT.h:
2800         (JSC::DFG::SpeculativeJIT::speculationCheck):
2801
2802 2011-08-01  Filip Pizlo  <fpizlo@apple.com>
2803
2804         REGRESSION(r92092): Build fails on 64 bit
2805         https://bugs.webkit.org/show_bug.cgi?id=65458
2806
2807         Reviewed by Oliver Hunt.
2808         
2809         The build was broken because some compilers were smart enough to see
2810         an array index out of bounds due to the decision fuction for when to
2811         go from precise size classes to imprecise size classes being broken:
2812         it would assume that sizes in the range 97..128 belonged to a precise
2813         size class when in fact they belonged to an imprecise one.
2814         
2815         In fact, the code would have run correctly, by way of a fluke, because
2816         though the 4th precise size class (for 97..128) didn't exist, the next
2817         array over from m_preciseSizeClasses was m_impreciseSizeClasses, and
2818         its first entry would have been a size class that is appropriate for
2819         allocations in the range 97..128.  However, this relies on specific
2820         ordering of fields in NewSpace, so it's still a bug.
2821         
2822         This fixes the bug by ensuring that allocations larger than 96 use
2823         the imprecise size classes.
2824
2825         * heap/NewSpace.h:
2826         (JSC::NewSpace::sizeClassFor):
2827
2828 2011-07-31  Gavin Barraclough  <barraclough@apple.com>
2829
2830         https://bugs.webkit.org/show_bug.cgi?id=64679
2831         Fix bugs in Array.prototype this handling.
2832
2833         Unreviewed - rolling out r91290.
2834
2835         Looks like the wild wild web isn't ready for this yet.
2836
2837         This change broke http://slides.html5rocks.com/#landing-slide.
2838         Interestingly, this might only be due to our lack of bind support -
2839         it looks like this site is calling  Array.prototype.slice as a part
2840         of its bind implementation.
2841
2842         * runtime/ArrayPrototype.cpp:
2843         (JSC::arrayProtoFuncJoin):
2844         (JSC::arrayProtoFuncConcat):
2845         (JSC::arrayProtoFuncPop):
2846         (JSC::arrayProtoFuncPush):
2847         (JSC::arrayProtoFuncReverse):
2848         (JSC::arrayProtoFuncShift):
2849         (JSC::arrayProtoFuncSlice):
2850         (JSC::arrayProtoFuncSort):
2851         (JSC::arrayProtoFuncSplice):
2852         (JSC::arrayProtoFuncUnShift):
2853         (JSC::arrayProtoFuncFilter):
2854         (JSC::arrayProtoFuncMap):
2855         (JSC::arrayProtoFuncEvery):
2856         (JSC::arrayProtoFuncForEach):
2857         (JSC::arrayProtoFuncSome):
2858         (JSC::arrayProtoFuncReduce):
2859         (JSC::arrayProtoFuncReduceRight):
2860         (JSC::arrayProtoFuncIndexOf):
2861         (JSC::arrayProtoFuncLastIndexOf):
2862
2863 2011-07-31  Filip Pizlo  <fpizlo@apple.com>
2864
2865         JSC GC lays out size classes under wrong assumptions about expected
2866         object size.
2867         https://bugs.webkit.org/show_bug.cgi?id=65437
2868
2869         Reviewed by Oliver Hunt.
2870         
2871         Changed the atom size - which is both the smallest allocation size and
2872         the smallest possible stepping unit for size class spacing - from
2873         8 bytes to 4 pointer-size words.  This is a 1% win on SunSpider.
2874
2875         * heap/MarkedBlock.h:
2876
2877 2011-07-31  Filip Pizlo  <fpizlo@apple.com>
2878
2879         DFG non-speculative JIT does not optimize PutByVal
2880         https://bugs.webkit.org/show_bug.cgi?id=65424
2881
2882         Reviewed by Gavin Barraclough.
2883         
2884         Added code to emit PutByVal inline fast path.
2885
2886         * dfg/DFGNonSpeculativeJIT.cpp:
2887         (JSC::DFG::NonSpeculativeJIT::compile):
2888
2889 2011-07-31  Filip Pizlo  <fpizlo@apple.com>
2890
2891         The JSC garbage collector returns memory to the operating system too
2892         eagerly.
2893         https://bugs.webkit.org/show_bug.cgi?id=65382
2894
2895         Reviewed by Oliver Hunt.
2896         
2897         This introduces a memory reuse model similar to the one in FastMalloc.
2898         A periodic scavenger thread runs in the background and returns half the
2899         free memory to the OS on each timer fire.  New block allocations first
2900         attempt to get the memory from the collector's internal pool, reverting
2901         to OS allocation only when this pool is empty.
2902
2903         * heap/Heap.cpp:
2904         (JSC::Heap::Heap):
2905         (JSC::Heap::~Heap):
2906         (JSC::Heap::destroy):
2907         (JSC::Heap::waitForRelativeTimeWhileHoldingLock):
2908         (JSC::Heap::waitForRelativeTime):
2909         (JSC::Heap::blockFreeingThreadStartFunc):
2910         (JSC::Heap::blockFreeingThreadMain):
2911         (JSC::Heap::allocateBlock):
2912         (JSC::Heap::freeBlocks):
2913         (JSC::Heap::releaseFreeBlocks):
2914         * heap/Heap.h:
2915         * heap/MarkedBlock.cpp:
2916         (JSC::MarkedBlock::destroy):
2917         (JSC::MarkedBlock::MarkedBlock):
2918         (JSC::MarkedBlock::initForCellSize):
2919         (JSC::MarkedBlock::reset):
2920         * heap/MarkedBlock.h:
2921         * wtf/Platform.h:
2922
2923 2011-07-30  Filip Pizlo  <fpizlo@apple.com>
2924
2925         DFG JIT speculation failure pass sometimes forgets to emit code to
2926         move certain registers.
2927         https://bugs.webkit.org/show_bug.cgi?id=65421
2928
2929         Reviewed by Oliver Hunt.
2930         
2931         Restructured the offending loops (for gprs and fprs).  It's once again
2932         possible to use spreadsheets on docs.google.com.
2933
2934         * dfg/DFGJITCompiler.cpp:
2935         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
2936
2937 2011-07-30  Patrick Gansterer  <paroga@webkit.org>
2938
2939         Remove inclusion of MainThread.h from Threading.h
2940         https://bugs.webkit.org/show_bug.cgi?id=65081
2941
2942         Reviewed by Darin Adler.
2943
2944         Add missing and remove unneeded include statements for MainThread.
2945
2946         * wtf/CryptographicallyRandomNumber.cpp:
2947         * wtf/Threading.h:
2948         * wtf/ThreadingPthreads.cpp:
2949         * wtf/text/StringStatics.cpp:
2950
2951 2011-07-30  Oliver Hunt  <oliver@apple.com>
2952
2953         Reduce the size of JSGlobalObject slightly
2954         https://bugs.webkit.org/show_bug.cgi?id=65417
2955
2956         Reviewed by Dan Bernstein.
2957
2958         Push a few members that either aren't commonly used,
2959         or aren't frequently accessed into a separate struct.
2960
2961         * runtime/JSGlobalObject.cpp:
2962         (JSC::JSGlobalObject::init):
2963         (JSC::JSGlobalObject::WeakMapsFinalizer::finalize):
2964         * runtime/JSGlobalObject.h:
2965         (JSC::JSGlobalObject::JSGlobalObjectRareData::JSGlobalObjectRareData):
2966         (JSC::JSGlobalObject::createRareDataIfNeeded):
2967         (JSC::JSGlobalObject::setProfileGroup):
2968         (JSC::JSGlobalObject::profileGroup):
2969         (JSC::JSGlobalObject::registerWeakMap):
2970         (JSC::JSGlobalObject::deregisterWeakMap):
2971
2972 2011-07-30  Balazs Kelemen  <kbalazs@webkit.org>
2973
2974         MessageQueue::waitForMessageFilteredWithTimeout can triggers an assertion
2975         https://bugs.webkit.org/show_bug.cgi?id=65263
2976
2977         Reviewed by Dmitry Titov.
2978
2979         * wtf/Deque.h:
2980         (WTF::::operator): Don't check the validity of an iterator
2981         that will be reassigned right now.
2982         * wtf/MessageQueue.h:
2983         (WTF::::removeIf): Revert r51198 as I beleave this is the better
2984         solution for the problem that was solved by that.
2985
2986 2011-07-29  Filip Pizlo  <fpizlo@apple.com>
2987
2988         JSC GC zombie support no longer works, and is likely no longer needed.
2989         https://bugs.webkit.org/show_bug.cgi?id=65404
2990
2991         Reviewed by Darin Adler.
2992         
2993         This removes zombies, because they no longer work, are not tested, are
2994         probably not needed, and are getting in the way of GC optimization
2995         work.
2996
2997         * JavaScriptCore.xcodeproj/project.pbxproj:
2998         * heap/Handle.h:
2999         (JSC::HandleConverter::operator->):
3000         (JSC::HandleConverter::operator*):
3001         * heap/HandleHeap.cpp:
3002         (JSC::HandleHeap::isValidWeakNode):
3003         * heap/Heap.cpp:
3004         (JSC::Heap::destroy):
3005         (JSC::Heap::collect):
3006         * heap/MarkedBlock.cpp:
3007         (JSC::MarkedBlock::sweep):
3008         * heap/MarkedBlock.h:
3009         (JSC::MarkedBlock::clearMarks):
3010         * interpreter/Register.h:
3011         (JSC::Register::Register):
3012         (JSC::Register::operator=):
3013         * runtime/ArgList.h:
3014         (JSC::MarkedArgumentBuffer::append):
3015         (JSC::ArgList::ArgList):
3016         * runtime/JSCell.cpp:
3017         (JSC::isZombie):
3018         * runtime/JSCell.h:
3019         * runtime/JSGlobalData.cpp:
3020         (JSC::JSGlobalData::JSGlobalData):
3021         (JSC::JSGlobalData::clearBuiltinStructures):
3022         * runtime/JSGlobalData.h:
3023         * runtime/JSValue.h:
3024         * runtime/JSValueInlineMethods.h:
3025         (JSC::JSValue::JSValue):
3026         * runtime/JSZombie.cpp: Removed.
3027         * runtime/JSZombie.h: Removed.
3028         * runtime/WriteBarrier.h:
3029         (JSC::WriteBarrierBase::setEarlyValue):
3030         (JSC::WriteBarrierBase::operator*):
3031         (JSC::WriteBarrierBase::setWithoutWriteBarrier):
3032         * wtf/Platform.h:
3033
3034 2011-07-29  Filip Pizlo  <fpizlo@apple.com>
3035
3036         DFG JIT verbose mode provides no details about predictions
3037         https://bugs.webkit.org/show_bug.cgi?id=65389
3038
3039         Reviewed by Darin Adler.
3040         
3041         Added a print-out of the predictions to the IR dump, with names as follows:
3042         "p-bottom" = the parser made no predictions
3043         "p-int32" = the parser predicted int32
3044         ... (same for array, cell, double, number)
3045         "p-top" = the parser made conflicting predictions which will be ignored.
3046
3047         * dfg/DFGGraph.cpp:
3048         (JSC::DFG::Graph::dump):
3049         * dfg/DFGGraph.h:
3050         (JSC::DFG::predictionToString):
3051
3052 2011-07-29  Filip Pizlo  <fpizlo@apple.com>
3053
3054         DFG JIT does not have any way of undoing double speculation.
3055         https://bugs.webkit.org/show_bug.cgi?id=65334
3056
3057         Reviewed by Gavin Barraclough.
3058         
3059         This adds code to do a branchConvertDoubleToInt on specualtion failure.
3060         This is performance-neutral on most benchmarks but does result in
3061         a slight improvement in Kraken.
3062
3063         * dfg/DFGJITCompiler.cpp:
3064         (JSC::DFG::GeneralizedRegister::moveTo):
3065         (JSC::DFG::GeneralizedRegister::swapWith):
3066         (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
3067         (JSC::DFG::ShuffledRegister::handleCyclingPermutation):
3068         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
3069
3070 2011-07-29  Filip Pizlo  <fpizlo@apple.com>
3071
3072         Crash when opening docs.google.com
3073         https://bugs.webkit.org/show_bug.cgi?id=65327
3074
3075         Reviewed by Gavin Barraclough.
3076         
3077         The speculative JIT was only checking whether a value is an array when
3078         we had already checked that it was, rather then when we hadn't.
3079
3080         * dfg/DFGSpeculativeJIT.cpp:
3081         (JSC::DFG::SpeculativeJIT::compile):
3082
3083 2011-07-28  Oliver Hunt  <oliver@apple.com>
3084
3085         *_list instructions are only used in one place, where the code is wrong.
3086         https://bugs.webkit.org/show_bug.cgi?id=65348
3087
3088         Reviewed by Darin Adler.
3089
3090         Simply remove the instructions and all users.  Speeds up the interpreter
3091         slightly due to code motion, but otherwise has no effect (because none
3092         of the _list instructions are ever used).
3093
3094         * bytecode/CodeBlock.cpp:
3095         (JSC::isPropertyAccess):
3096         (JSC::CodeBlock::dump):
3097         (JSC::CodeBlock::visitStructures):
3098         * bytecode/Instruction.h:
3099         * bytecode/Opcode.h:
3100         * interpreter/Interpreter.cpp:
3101         (JSC::Interpreter::privateExecute):
3102         * jit/JIT.cpp:
3103         (JSC::JIT::privateCompileMainPass):
3104
3105 2011-07-28  Gavin Barraclough  <barraclough@apple.com>
3106
3107         https://bugs.webkit.org/show_bug.cgi?id=65325
3108         Performance tweak to parseInt
3109
3110         Reviewed by Oliver Hunt.
3111
3112         * runtime/JSGlobalObjectFunctions.cpp:
3113         (JSC::globalFuncParseInt):
3114             - This change may an existing optimization redundant,
3115               cleanup from Darin's comments, plus fix existing bugs.
3116
3117 2011-07-28  Gavin Barraclough  <barraclough@apple.com>
3118
3119         https://bugs.webkit.org/show_bug.cgi?id=65325
3120         Performance tweak to parseInt
3121
3122         Reviewed by Oliver Hunt.
3123
3124         * runtime/JSGlobalObjectFunctions.cpp:
3125         (JSC::globalFuncParseInt):
3126             - parseInt applied to small positive numbers = floor.
3127
3128 2011-07-28  Dan Bernstein  <mitz@apple.com>
3129
3130         Build fix.
3131
3132         * runtime/Executable.cpp:
3133         (JSC::FunctionExecutable::compileForCallInternal):
3134
3135 2011-07-28  Kent Tamura  <tkent@chromium.org>
3136
3137         Improve StringImpl::stripWhiteSpace() and simplifyWhiteSpace().
3138         https://bugs.webkit.org/show_bug.cgi?id=65300
3139
3140         Reviewed by Darin Adler.
3141
3142         r91837 had performance regression of StringImpl::stripWhiteSpace()
3143         and simplifyWhiteSpace(). This changes the code so that compilers
3144         generates code equivalent to r91836 or piror.
3145
3146         * wtf/text/StringImpl.cpp:
3147         (WTF::StringImpl::stripMatchedCharacters):
3148         A template member function for stripWhiteSpace(). This function takes a functor.
3149         (WTF::UCharPredicate):
3150         A functor for generic predicate for single UChar argument.
3151         (WTF::SpaceOrNewlinePredicate):
3152         A special functor for isSpaceOrNewline().
3153         (WTF::StringImpl::stripWhiteSpace):
3154         Use stripmatchedCharacters().
3155         (WTF::StringImpl::simplifyMatchedCharactersToSpace):
3156         A template member function for simplifyWhiteSpace().
3157         (WTF::StringImpl::simplifyWhiteSpace):
3158         Use simplifyMatchedCharactersToSpace().
3159         * wtf/text/StringImpl.h:
3160
3161 2011-07-27  Dmitry Lomov  <dslomov@google.com>
3162
3163         [chromium] Turn on WTF_MULTIPLE_THREADS.
3164         https://bugs.webkit.org/show_bug.cgi?id=61017
3165         The patch turns on WTF_MULTIPLE_THREADS in chromium and 
3166         pushes some relevant initializations from JSC::initializeThreading
3167         to WTF::initializeThreading.
3168
3169         Reviewed by David Levin.
3170
3171         * runtime/InitializeThreading.cpp:
3172         (JSC::initializeThreadingOnce):
3173         * wtf/FastMalloc.cpp:
3174         (WTF::isForbidden):
3175         (WTF::fastMallocForbid):
3176         (WTF::fastMallocAllow):
3177         * wtf/Platform.h:
3178         * wtf/ThreadingPthreads.cpp:
3179         (WTF::initializeThreading):
3180         * wtf/ThreadingWin.cpp:
3181         (WTF::initializeThreading):
3182         * wtf/gtk/ThreadingGtk.cpp:
3183         (WTF::initializeThreading):
3184         * wtf/qt/ThreadingQt.cpp:
3185         (WTF::initializeThreading):
3186
3187 2011-07-27  Mark Hahnenberg  <mhahnenberg@apple.com>
3188
3189         Remove operator new from JSCell
3190         https://bugs.webkit.org/show_bug.cgi?id=64999
3191
3192         Reviewed by Oliver Hunt.
3193
3194         Removed the implementation of operator new in JSCell, so any further uses
3195         will not successfully link.  Also removed any remaining uses of operator new.
3196
3197         * API/JSContextRef.cpp:
3198         * debugger/DebuggerActivation.h:
3199         (JSC::DebuggerActivation::create):
3200         * interpreter/Interpreter.cpp:
3201         (JSC::Interpreter::execute):
3202         (JSC::Interpreter::createExceptionScope):
3203         (JSC::Interpreter::privateExecute):
3204         * jit/JITStubs.cpp:
3205         (JSC::DEFINE_STUB_FUNCTION):
3206         * runtime/JSCell.h:
3207         * runtime/JSGlobalObject.h:
3208         (JSC::JSGlobalObject::create):
3209         * runtime/JSStaticScopeObject.h:
3210         (JSC::JSStaticScopeObject::create):
3211         (JSC::JSStaticScopeObject::JSStaticScopeObject):
3212         * runtime/StrictEvalActivation.h:
3213         (JSC::StrictEvalActivation::create):
3214
3215 2011-07-27  Filip Pizlo  <fpizlo@apple.com>
3216
3217         DFG graph has no notion of double prediction.
3218         https://bugs.webkit.org/show_bug.cgi?id=65234
3219
3220         Reviewed by Gavin Barraclough.
3221         
3222         Added the notion of PredictDouble, and PredictNumber, which is the least
3223         upper bound of PredictInt32 and PredictDouble.  Least upper bound is
3224         defined as the bitwise-or of two predictions.  Bottom is defined as 0,
3225         and Top is defined as all bits being set.  Added the ability to explicitly
3226         distinguish between a node having had a prediction associated with it,
3227         and that prediction still being valid (i.e. no conflicting predictions
3228         have also been added).  Used this to guard the speculative JIT from
3229         speculating Int32 in cases where the graph knows that the value is
3230         double, which currently only happens for GetLocal nodes on arguments
3231         which were double at compile-time.
3232
3233         * dfg/DFGGraph.cpp:
3234         (JSC::DFG::Graph::predictArgumentTypes):
3235         * dfg/DFGGraph.h:
3236         (JSC::DFG::isCellPrediction):
3237         (JSC::DFG::isArrayPrediction):
3238         (JSC::DFG::isInt32Prediction):
3239         (JSC::DFG::isDoublePrediction):
3240         (JSC::DFG::isNumberPrediction):
3241         * dfg/DFGSpeculativeJIT.cpp:
3242         (JSC::DFG::SpeculativeJIT::compile):
3243         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
3244         (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
3245         * dfg/DFGSpeculativeJIT.h:
3246         (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
3247
3248 2011-07-27  Gavin Barraclough  <barraclough@apple.com>
3249
3250         https://bugs.webkit.org/show_bug.cgi?id=65294
3251         DFG JIT - may speculate based on wrong arguments.
3252
3253         Reviewed by Oliver Hunt
3254
3255         In the case of a DFG compiled function calling to and compiling a second function that
3256         also compiles through the DFG JIT (i.e. compilation triggered with DFGOperations.cpp),
3257         we call compileFor passing the caller functions exec state, rather than the callee's.
3258         This may lead to mis-optimization, since the DFG compiler will example the exec state's
3259         arguments on the assumption that these will be passed to the callee - it is wanting the
3260         callee exec state, not the caller's exec state.
3261
3262         Fixing this for all cases of compilation is tricksy, due to the way the numeric sort
3263         function is compiled, & the structure of the calls in the Interpreter::execute methods.
3264         Only fix for compilation from the JIT, in other calls don't speculate based on arguments
3265         for now.
3266
3267         * dfg/DFGOperations.cpp:
3268         * runtime/Executable.cpp:
3269         (JSC::tryDFGCompile):
3270         (JSC::tryDFGCompileFunction):
3271         (JSC::FunctionExecutable::compileForCallInternal):
3272         * runtime/Executable.h:
3273         (JSC::FunctionExecutable::compileForCall):
3274         (JSC::FunctionExecutable::compileFor):
3275
3276 2011-07-27  Oliver Hunt  <oliver@apple.com>
3277
3278         Handle callback oriented JSONP
3279         https://bugs.webkit.org/show_bug.cgi?id=65271
3280
3281         Reviewed by Gavin Barraclough.
3282
3283         Handle the callback oriented versions of JSONP.  The Literal parser
3284         now handles <Identifier> (. <Identifier>)* (jsonData).
3285
3286         * interpreter/Interpreter.cpp:
3287         (JSC::Interpreter::execute):
3288         * runtime/LiteralParser.cpp:
3289         (JSC::LiteralParser::tryJSONPParse):
3290         (JSC::LiteralParser::Lexer::lex):
3291         * runtime/LiteralParser.h:
3292
3293 2011-07-27  Stephanie Lewis  <slewis@apple.com>
3294
3295         Revert http://trac.webkit.org/changeset/90415.
3296         Caused a 5% sunspider regression in-browser.
3297
3298         Unreviewed rollout.
3299
3300         * bytecode/CodeBlock.cpp:
3301         (JSC::CodeBlock::visitAggregate):
3302         * heap/Heap.cpp:
3303         (JSC::Heap::collectAllGarbage):
3304         * heap/MarkStack.h:
3305         (JSC::MarkStack::MarkStack):
3306         * runtime/JSGlobalData.cpp:
3307         (JSC::JSGlobalData::releaseExecutableMemory):
3308         * runtime/RegExp.cpp:
3309         (JSC::RegExp::compile):
3310         (JSC::RegExp::invalidateCode):
3311         * runtime/RegExp.h:
3312
3313 2011-07-27  Shinya Kawanaka  <shinyak@google.com>
3314
3315         Added an interface to take IsWhiteSpaceFunctionPtr.
3316         https://bugs.webkit.org/show_bug.cgi?id=57746
3317
3318         Reviewed by Kent Tamura.
3319
3320         * wtf/text/StringImpl.cpp:
3321         (WTF::StringImpl::stripWhiteSpace):
3322           Added an interface to take IsWhiteSpaceFunctionPtr.
3323         (WTF::StringImpl::simplifyWhiteSpace): ditto.
3324         * wtf/text/StringImpl.h:
3325         * wtf/text/WTFString.cpp:
3326         (WTF::String::stripWhiteSpace): ditto.
3327         (WTF::String::simplifyWhiteSpace): ditto.
3328         * wtf/text/WTFString.h:
3329
3330 2011-07-27  Filip Pizlo  <fpizlo@apple.com>
3331
3332         DFG JIT speculation failure code performs incorrect conversions in
3333         the case where two registers need to be swapped.
3334         https://bugs.webkit.org/show_bug.cgi?id=65233
3335
3336         Reviewed by Gavin Barraclough.
3337         
3338         * dfg/DFGJITCompiler.cpp:
3339         (JSC::DFG::GeneralizedRegister::swapWith):
3340
3341 2011-07-26  Mark Hahnenberg  <mhahnenberg@apple.com>
3342
3343         reduce and reduceRight bind callback's this to null rather than undefined
3344         https://bugs.webkit.org/show_bug.cgi?id=62264
3345
3346         Reviewed by Oliver Hunt.
3347
3348         Fixed Array.prototype.reduce and Array.prototype.reduceRight so that they behave correctly
3349         when calling the callback function without an argument for this, which means it should 
3350         be undefined according to ES 15.4.4.21 and 15.4.4.22.
3351
3352         * runtime/ArrayPrototype.cpp:
3353         (JSC::arrayProtoFuncReduce):
3354         (JSC::arrayProtoFuncReduceRight):
3355
3356 2011-07-26  Filip Pizlo  <fpizlo@apple.com>
3357
3358         JSC command-line tool does not come with any facility for
3359         measuring time precisely.
3360         https://bugs.webkit.org/show_bug.cgi?id=65223
3361
3362         Reviewed by Gavin Barraclough.
3363         
3364         Exposed WTF::currentTime() as currentTimePrecise().
3365
3366         * jsc.cpp:
3367         (GlobalObject::GlobalObject):
3368         (functionPreciseTime):
3369
3370 2011-07-26  Filip Pizlo  <fpizlo@apple.com>
3371
3372         DFG speculative JIT never emits inline double comparisons, even when it
3373         would be obvious more efficient to do so.
3374         https://bugs.webkit.org/show_bug.cgi?id=65212
3375
3376         Reviewed by Gavin Barraclough.
3377         
3378         This handles the obvious case of inlining double comparisons: it only addresses
3379         the speculative JIT, and only for fused compare/branch sequences.  But it does
3380         handle the case where both operands are double (and there is no slow path),
3381         or where one operand is double and the other is unknown type (in which case it
3382         attempts to unbox the double, otherwise taking slow path).  This is an 0.8%
3383         speed-up on SunSpider.
3384
3385         * dfg/DFGSpeculativeJIT.cpp:
3386         (JSC::DFG::SpeculativeJIT::convertToDouble):
3387         (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
3388         (JSC::DFG::SpeculativeJIT::compare):
3389         (JSC::DFG::SpeculativeJIT::compile):
3390         * dfg/DFGSpeculativeJIT.h:
3391         (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
3392         (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
3393
3394 2011-07-26  Filip Pizlo  <fpizlo@apple.com>
3395
3396         https://bugs.webkit.org/show_bug.cgi?id=64969
3397         DFG JIT generates inefficient code for speculation failures.
3398
3399         Reviewed by Gavin Barraclough.
3400         
3401         This implements a speculation failure strategy where (1) values spilled on
3402         non-speculative but not spilled on speculative are spilled, (2) values that
3403         are in registers on both paths are rearranged without ever touching memory,
3404         and (3) values spilled on speculative but not spilled on non-speculative are
3405         filled.
3406         
3407         The register shuffling is the most interesting part of this patch.  It
3408         constructs a permutation graph for registers.  Each node represents a
3409         register, and each directed edge corresponds to the register's value having
3410         to be moved to a different register as part of the shuffling.  This is a
3411         directed graph where each node may only have 0 or 1 incoming edges, and
3412         0 or 1 outgoing edges.  The algorithm then first finds maximal non-cyclic
3413         subgraphs where all nodes in the subgraph are reachable from a start node.
3414         Such subgraphs always resemble linked lists, and correspond to simply
3415         moving the value in the second-to-last register into the last register, and
3416         then moving the value in the third-to-last register into the second-to-last
3417         register, and so on.  Once these subgraphs are taken care of, the remaining
3418         subgraphs are cycles, and are handled using either (a) conversion or no-op
3419         if the cycle involves one node, (b) swap if it involves two nodes, or (c)
3420         a cyclic shuffle involving a scratch register if there are three or more
3421         nodes.
3422         
3423         * dfg/DFGGenerationInfo.h:
3424         (JSC::DFG::needDataFormatConversion):
3425         * dfg/DFGJITCompiler.cpp:
3426         (JSC::DFG::GeneralizedRegister::GeneralizedRegister):
3427         (JSC::DFG::GeneralizedRegister::createGPR):
3428         (JSC::DFG::GeneralizedRegister::createFPR):
3429         (JSC::DFG::GeneralizedRegister::dump):
3430         (JSC::DFG::GeneralizedRegister::findInSpeculationCheck):
3431         (JSC::DFG::GeneralizedRegister::findInEntryLocation):
3432         (JSC::DFG::GeneralizedRegister::previousDataFormat):
3433         (JSC::DFG::GeneralizedRegister::nextDataFormat):
3434         (JSC::DFG::GeneralizedRegister::convert):
3435         (JSC::DFG::GeneralizedRegister::moveTo):
3436         (JSC::DFG::GeneralizedRegister::swapWith):
3437         (JSC::DFG::ShuffledRegister::ShuffledRegister):
3438         (JSC::DFG::ShuffledRegister::isEndOfNonCyclingPermutation):
3439         (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
3440         (JSC::DFG::ShuffledRegister::handleCyclingPermutation):
3441         (JSC::DFG::ShuffledRegister::lookup):
3442         (JSC::DFG::lookupForRegister):
3443         (JSC::DFG::NodeToRegisterMap::Tuple::Tuple):
3444         (JSC::DFG::NodeToRegisterMap::NodeToRegisterMap):
3445         (JSC::DFG::NodeToRegisterMap::set):
3446         (JSC::DFG::NodeToRegisterMap::end):
3447         (JSC::DFG::NodeToRegisterMap::find):
3448         (JSC::DFG::NodeToRegisterMap::clear):
3449         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
3450         (JSC::DFG::JITCompiler::linkSpeculationChecks):
3451         * dfg/DFGJITCompiler.h:
3452         * dfg/DFGNonSpeculativeJIT.cpp:
3453         (JSC::DFG::EntryLocation::EntryLocation):
3454         * dfg/DFGNonSpeculativeJIT.h:
3455         * dfg/DFGSpeculativeJIT.cpp: