[Qt] Unreviewed 64 bit buildfix after r121925.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-07-05  Csaba Osztrogonác  <ossy@webkit.org>
2
3         [Qt] Unreviewed 64 bit buildfix after r121925.
4
5         * bytecode/PutByIdStatus.cpp:
6         (JSC::PutByIdStatus::computeFromLLInt):
7
8 2012-07-05  Michael Saboff  <msaboff@apple.com>
9
10         JSString::tryHashConstLock() fails to get exclusive lock
11         https://bugs.webkit.org/show_bug.cgi?id=90639
12
13         Reviewed by Oliver Hunt.
14
15         Added check that the string is already locked even before compare and swap.
16
17         * heap/MarkStack.cpp:
18         (JSC::JSString::tryHashConstLock):
19
20 2012-07-04  Filip Pizlo  <fpizlo@apple.com>
21
22         Inline property storage should not be wasted when it is exhausted
23         https://bugs.webkit.org/show_bug.cgi?id=90347
24
25         Reviewed by Gavin Barraclough.
26         
27         Previously, if we switched an object from using inline storage to out-of-line
28         storage, we would abandon the inline storage. This would have two main implications:
29         (i) all accesses to the object, even for properties that were previously in inline
30         storage, must now take an extra indirection; and (ii) we waste a non-trivial amount
31         of space since we must allocate additional out-of-line storage to hold properties
32         that would have fit in the inline storage. There's also the copying cost when
33         switching to out-of-line storage - we must copy all inline properties into ouf-of-line
34         storage.
35         
36         This patch changes the way that object property storage works so that we can use both
37         inline and out-of-line storage concurrently. This is accomplished by introducing a
38         new notion of property offset. This PropertyOffset is a 32-bit signed integer and it
39         behaves as follows:
40         
41         offset == -1: invalid offset, indicating a property that does not exist.
42         
43         0 <= offset <= inlineStorageCapacity: offset into inline storage.
44         
45         inlineStorageCapacity < offset: offset into out-of-line storage.
46         
47         Because non-final objects don't have inline storage, the only valid PropertyOffsets
48         for those objects' properties are -1 or > inlineStorageCapacity.
49         
50         This now means that the decision to use inline or out-of-line storage for an access is
51         made based on the offset, rather than the structure. It also means that any access
52         where the offset is a variable must have an extra branch, unless the type of the
53         object is also known (if it's known to be a non-final object then we can just assert
54         that the offset is >= inlineStorageCapacity).
55         
56         This looks like a big Kraken speed-up and a slight V8 speed-up.
57
58         * GNUmakefile.list.am:
59         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
60         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
61         * JavaScriptCore.xcodeproj/project.pbxproj:
62         * assembler/ARMv7Assembler.h:
63         (ARMv7Assembler):
64         (JSC::ARMv7Assembler::ldrWide8BitImmediate):
65         (JSC::ARMv7Assembler::replaceWithLoad):
66         (JSC::ARMv7Assembler::replaceWithAddressComputation):
67         * assembler/AbstractMacroAssembler.h:
68         (AbstractMacroAssembler):
69         (ConvertibleLoadLabel):
70         (JSC::AbstractMacroAssembler::ConvertibleLoadLabel::ConvertibleLoadLabel):
71         (JSC::AbstractMacroAssembler::ConvertibleLoadLabel::isSet):
72         (JSC::AbstractMacroAssembler::labelIgnoringWatchpoints):
73         (JSC::AbstractMacroAssembler::replaceWithLoad):
74         (JSC::AbstractMacroAssembler::replaceWithAddressComputation):
75         * assembler/CodeLocation.h:
76         (JSC):
77         (CodeLocationCommon):
78         (CodeLocationConvertibleLoad):
79         (JSC::CodeLocationConvertibleLoad::CodeLocationConvertibleLoad):
80         (JSC::CodeLocationCommon::convertibleLoadAtOffset):
81         * assembler/LinkBuffer.cpp:
82         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
83         * assembler/LinkBuffer.h:
84         (LinkBuffer):
85         (JSC::LinkBuffer::locationOf):
86         * assembler/MacroAssemblerARMv7.h:
87         (MacroAssemblerARMv7):
88         (JSC::MacroAssemblerARMv7::convertibleLoadPtr):
89         * assembler/MacroAssemblerX86.h:
90         (JSC::MacroAssemblerX86::convertibleLoadPtr):
91         (MacroAssemblerX86):
92         * assembler/MacroAssemblerX86_64.h:
93         (JSC::MacroAssemblerX86_64::convertibleLoadPtr):
94         (MacroAssemblerX86_64):
95         * assembler/RepatchBuffer.h:
96         (RepatchBuffer):
97         (JSC::RepatchBuffer::replaceWithLoad):
98         (JSC::RepatchBuffer::replaceWithAddressComputation):
99         (JSC::RepatchBuffer::setLoadInstructionIsActive):
100         * assembler/X86Assembler.h:
101         (JSC::X86Assembler::replaceWithLoad):
102         (X86Assembler):
103         (JSC::X86Assembler::replaceWithAddressComputation):
104         * bytecode/CodeBlock.cpp:
105         (JSC::CodeBlock::printGetByIdOp):
106         (JSC::CodeBlock::dump):
107         (JSC::CodeBlock::finalizeUnconditionally):
108         * bytecode/GetByIdStatus.cpp:
109         (JSC::GetByIdStatus::computeFromLLInt):
110         (JSC::GetByIdStatus::computeForChain):
111         (JSC::GetByIdStatus::computeFor):
112         * bytecode/GetByIdStatus.h:
113         (JSC::GetByIdStatus::GetByIdStatus):
114         (JSC::GetByIdStatus::offset):
115         (GetByIdStatus):
116         * bytecode/Opcode.h:
117         (JSC):
118         (JSC::padOpcodeName):
119         * bytecode/PutByIdStatus.cpp:
120         (JSC::PutByIdStatus::computeFromLLInt):
121         (JSC::PutByIdStatus::computeFor):
122         * bytecode/PutByIdStatus.h:
123         (JSC::PutByIdStatus::PutByIdStatus):
124         (JSC::PutByIdStatus::offset):
125         (PutByIdStatus):
126         * bytecode/ResolveGlobalStatus.cpp:
127         (JSC):
128         (JSC::computeForStructure):
129         * bytecode/ResolveGlobalStatus.h:
130         (JSC::ResolveGlobalStatus::ResolveGlobalStatus):
131         (JSC::ResolveGlobalStatus::offset):
132         (ResolveGlobalStatus):
133         * bytecode/StructureSet.h:
134         (StructureSet):
135         * bytecode/StructureStubInfo.h:
136         * dfg/DFGByteCodeParser.cpp:
137         (ByteCodeParser):
138         (JSC::DFG::ByteCodeParser::handleGetByOffset):
139         (JSC::DFG::ByteCodeParser::handleGetById):
140         (JSC::DFG::ByteCodeParser::parseBlock):
141         * dfg/DFGCapabilities.h:
142         (JSC::DFG::canCompileOpcode):
143         * dfg/DFGJITCompiler.cpp:
144         (JSC::DFG::JITCompiler::link):
145         * dfg/DFGJITCompiler.h:
146         (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
147         (PropertyAccessRecord):
148         * dfg/DFGRepatch.cpp:
149         (JSC::DFG::dfgRepatchByIdSelfAccess):
150         (JSC::DFG::generateProtoChainAccessStub):
151         (JSC::DFG::tryCacheGetByID):
152         (JSC::DFG::tryBuildGetByIDList):
153         (JSC::DFG::tryBuildGetByIDProtoList):
154         (JSC::DFG::emitPutReplaceStub):
155         (JSC::DFG::emitPutTransitionStub):
156         (JSC::DFG::tryCachePutByID):
157         (JSC::DFG::tryBuildPutByIdList):
158         * dfg/DFGSpeculativeJIT.h:
159         (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
160         * dfg/DFGSpeculativeJIT32_64.cpp:
161         (JSC::DFG::SpeculativeJIT::cachedGetById):
162         (JSC::DFG::SpeculativeJIT::cachedPutById):
163         (JSC::DFG::SpeculativeJIT::compile):
164         * dfg/DFGSpeculativeJIT64.cpp:
165         (JSC::DFG::SpeculativeJIT::cachedGetById):
166         (JSC::DFG::SpeculativeJIT::cachedPutById):
167         (JSC::DFG::SpeculativeJIT::compile):
168         * heap/MarkStack.cpp:
169         (JSC::visitChildren):
170         * interpreter/Interpreter.cpp:
171         (JSC::Interpreter::tryCacheGetByID):
172         (JSC::Interpreter::privateExecute):
173         * jit/JIT.cpp:
174         (JSC::JIT::privateCompileMainPass):
175         (JSC::JIT::privateCompileSlowCases):
176         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
177         * jit/JIT.h:
178         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
179         (JSC::JIT::compileGetByIdProto):
180         (JSC::JIT::compileGetByIdSelfList):
181         (JSC::JIT::compileGetByIdProtoList):
182         (JSC::JIT::compileGetByIdChainList):
183         (JSC::JIT::compileGetByIdChain):
184         (JSC::JIT::compilePutByIdTransition):
185         (JIT):
186         * jit/JITInlineMethods.h:
187         (JSC::JIT::emitAllocateBasicJSObject):
188         * jit/JITOpcodes.cpp:
189         (JSC::JIT::emit_op_resolve_global):
190         * jit/JITOpcodes32_64.cpp:
191         (JSC::JIT::emit_op_resolve_global):
192         * jit/JITPropertyAccess.cpp:
193         (JSC::JIT::compileGetDirectOffset):
194         (JSC::JIT::emit_op_method_check):
195         (JSC::JIT::compileGetByIdHotPath):
196         (JSC::JIT::emit_op_put_by_id):
197         (JSC::JIT::compilePutDirectOffset):
198         (JSC::JIT::privateCompilePutByIdTransition):
199         (JSC::JIT::patchGetByIdSelf):
200         (JSC::JIT::patchPutByIdReplace):
201         (JSC::JIT::privateCompileGetByIdProto):
202         (JSC::JIT::privateCompileGetByIdSelfList):
203         (JSC::JIT::privateCompileGetByIdProtoList):
204         (JSC::JIT::privateCompileGetByIdChainList):
205         (JSC::JIT::privateCompileGetByIdChain):
206         * jit/JITPropertyAccess32_64.cpp:
207         (JSC::JIT::emit_op_method_check):
208         (JSC::JIT::compileGetByIdHotPath):
209         (JSC::JIT::emit_op_put_by_id):
210         (JSC::JIT::compilePutDirectOffset):
211         (JSC::JIT::compileGetDirectOffset):
212         (JSC::JIT::privateCompilePutByIdTransition):
213         (JSC::JIT::patchGetByIdSelf):
214         (JSC::JIT::patchPutByIdReplace):
215         (JSC::JIT::privateCompileGetByIdProto):
216         (JSC::JIT::privateCompileGetByIdSelfList):
217         (JSC::JIT::privateCompileGetByIdProtoList):
218         (JSC::JIT::privateCompileGetByIdChainList):
219         (JSC::JIT::privateCompileGetByIdChain):
220         (JSC::JIT::emit_op_get_by_pname):
221         * jit/JITStubs.cpp:
222         (JSC::JITThunks::tryCacheGetByID):
223         (JSC::DEFINE_STUB_FUNCTION):
224         * llint/LLIntSlowPaths.cpp:
225         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
226         * llint/LowLevelInterpreter.asm:
227         * llint/LowLevelInterpreter32_64.asm:
228         * llint/LowLevelInterpreter64.asm:
229         * offlineasm/x86.rb:
230         * runtime/JSGlobalObject.h:
231         (JSGlobalObject):
232         (JSC::JSGlobalObject::functionNameOffset):
233         * runtime/JSObject.cpp:
234         (JSC::JSObject::visitChildren):
235         (JSC):
236         (JSC::JSFinalObject::visitChildren):
237         (JSC::JSObject::put):
238         (JSC::JSObject::deleteProperty):
239         (JSC::JSObject::getPropertySpecificValue):
240         (JSC::JSObject::removeDirect):
241         (JSC::JSObject::growOutOfLineStorage):
242         (JSC::JSObject::getOwnPropertyDescriptor):
243         * runtime/JSObject.h:
244         (JSObject):
245         (JSC::JSObject::getDirect):
246         (JSC::JSObject::getDirectLocation):
247         (JSC::JSObject::hasInlineStorage):
248         (JSC::JSObject::inlineStorageUnsafe):
249         (JSC::JSObject::inlineStorage):
250         (JSC::JSObject::outOfLineStorage):
251         (JSC::JSObject::locationForOffset):
252         (JSC::JSObject::offsetForLocation):
253         (JSC::JSObject::getDirectOffset):
254         (JSC::JSObject::putDirectOffset):
255         (JSC::JSObject::putUndefinedAtDirectOffset):
256         (JSC::JSObject::addressOfOutOfLineStorage):
257         (JSC::JSObject::finishCreation):
258         (JSC::JSNonFinalObject::JSNonFinalObject):
259         (JSC::JSNonFinalObject::finishCreation):
260         (JSFinalObject):
261         (JSC::JSFinalObject::finishCreation):
262         (JSC::JSFinalObject::JSFinalObject):
263         (JSC::JSObject::offsetOfOutOfLineStorage):
264         (JSC::JSObject::setOutOfLineStorage):
265         (JSC::JSObject::JSObject):
266         (JSC):
267         (JSC::JSCell::fastGetOwnProperty):
268         (JSC::JSObject::putDirectInternal):
269         (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
270         (JSC::JSObject::putDirectWithoutTransition):
271         (JSC::offsetRelativeToPatchedStorage):
272         (JSC::indexRelativeToBase):
273         (JSC::offsetRelativeToBase):
274         * runtime/JSPropertyNameIterator.cpp:
275         (JSC::JSPropertyNameIterator::create):
276         * runtime/JSPropertyNameIterator.h:
277         (JSPropertyNameIterator):
278         (JSC::JSPropertyNameIterator::getOffset):
279         (JSC::JSPropertyNameIterator::finishCreation):
280         * runtime/JSValue.cpp:
281         (JSC::JSValue::putToPrimitive):
282         * runtime/Operations.h:
283         (JSC::normalizePrototypeChain):
284         * runtime/Options.cpp:
285         (JSC):
286         (JSC::Options::initialize):
287         * runtime/PropertyMapHashTable.h:
288         (PropertyMapEntry):
289         (JSC::PropertyMapEntry::PropertyMapEntry):
290         (PropertyTable):
291         (JSC::PropertyTable::PropertyTable):
292         (JSC::PropertyTable::getDeletedOffset):
293         (JSC::PropertyTable::addDeletedOffset):
294         (JSC::PropertyTable::nextOffset):
295         (JSC):
296         (JSC::PropertyTable::sizeInMemory):
297         * runtime/PropertyOffset.h: Added.
298         (JSC):
299         (JSC::checkOffset):
300         (JSC::validateOffset):
301         (JSC::isValidOffset):
302         (JSC::isInlineOffset):
303         (JSC::isOutOfLineOffset):
304         (JSC::offsetInInlineStorage):
305         (JSC::offsetInOutOfLineStorage):
306         (JSC::offsetInRespectiveStorage):
307         (JSC::numberOfOutOfLineSlotsForLastOffset):
308         (JSC::numberOfSlotsForLastOffset):
309         (JSC::nextPropertyOffsetFor):
310         (JSC::firstPropertyOffsetFor):
311         * runtime/PropertySlot.h:
312         (JSC::PropertySlot::cachedOffset):
313         (JSC::PropertySlot::setValue):
314         (JSC::PropertySlot::setCacheableGetterSlot):
315         (JSC::PropertySlot::clearOffset):
316         * runtime/PutPropertySlot.h:
317         (JSC::PutPropertySlot::setExistingProperty):
318         (JSC::PutPropertySlot::setNewProperty):
319         (JSC::PutPropertySlot::cachedOffset):
320         (PutPropertySlot):
321         * runtime/Structure.cpp:
322         (JSC::Structure::Structure):
323         (JSC::Structure::materializePropertyMap):
324         (JSC::nextOutOfLineStorageCapacity):
325         (JSC::Structure::growOutOfLineCapacity):
326         (JSC::Structure::suggestedNewOutOfLineStorageCapacity):
327         (JSC::Structure::addPropertyTransitionToExistingStructure):
328         (JSC::Structure::addPropertyTransition):
329         (JSC::Structure::removePropertyTransition):
330         (JSC::Structure::flattenDictionaryStructure):
331         (JSC::Structure::addPropertyWithoutTransition):
332         (JSC::Structure::removePropertyWithoutTransition):
333         (JSC::Structure::copyPropertyTableForPinning):
334         (JSC::Structure::get):
335         (JSC::Structure::putSpecificValue):
336         (JSC::Structure::remove):
337         * runtime/Structure.h:
338         (Structure):
339         (JSC::Structure::putWillGrowOutOfLineStorage):
340         (JSC::Structure::previousID):
341         (JSC::Structure::outOfLineCapacity):
342         (JSC::Structure::outOfLineSizeForKnownFinalObject):
343         (JSC::Structure::outOfLineSizeForKnownNonFinalObject):
344         (JSC::Structure::outOfLineSize):
345         (JSC::Structure::hasInlineStorage):
346         (JSC::Structure::inlineCapacity):
347         (JSC::Structure::inlineSizeForKnownFinalObject):
348         (JSC::Structure::inlineSize):
349         (JSC::Structure::totalStorageSize):
350         (JSC::Structure::totalStorageCapacity):
351         (JSC::Structure::firstValidOffset):
352         (JSC::Structure::lastValidOffset):
353         (JSC::Structure::isValidOffset):
354         (JSC::Structure::isEmpty):
355         (JSC::Structure::transitionCount):
356         (JSC::Structure::get):
357
358 2012-07-05  Oliver Hunt  <oliver@apple.com>
359
360         JSObjectCallAsFunction should thisConvert the provided thisObject
361         https://bugs.webkit.org/show_bug.cgi?id=90628
362
363         Reviewed by Gavin Barraclough.
364
365         Perform this conversion on the provided this object.
366
367         * API/JSObjectRef.cpp:
368         (JSObjectCallAsFunction):
369
370 2012-07-05  Zoltan Herczeg  <zherczeg@webkit.org>
371
372         [Qt] Unreviewed buildfix after r121886. Typo fix.
373
374         * assembler/MacroAssemblerARM.cpp:
375         (JSC::MacroAssemblerARM::load32WithUnalignedHalfWords):
376
377 2012-07-05  Zoltan Herczeg  <zherczeg@webkit.org>
378
379         Port DFG JIT to traditional ARM
380         https://bugs.webkit.org/show_bug.cgi?id=90198
381
382         Reviewed by Filip Pizlo.
383
384         This patch contains the macro assembler part of the
385         DFG JIT support on ARM systems with fixed 32 bit instruction
386         width. A large amount of old code was refactored, and the ARMv4
387         or lower support is removed from the macro assembler.
388
389         Sunspider is improved by 8%, and V8 is 92%.
390
391         * assembler/ARMAssembler.cpp:
392         (JSC::ARMAssembler::dataTransfer32):
393         (JSC::ARMAssembler::baseIndexTransfer32):
394         (JSC):
395         (JSC::ARMAssembler::dataTransfer16):
396         (JSC::ARMAssembler::baseIndexTransfer16):
397         (JSC::ARMAssembler::dataTransferFloat):
398         (JSC::ARMAssembler::baseIndexTransferFloat):
399         (JSC::ARMAssembler::executableCopy):
400         * assembler/ARMAssembler.h:
401         (JSC::ARMAssembler::ARMAssembler):
402         (JSC::ARMAssembler::emitInst):
403         (JSC::ARMAssembler::vmov_f64_r):
404         (ARMAssembler):
405         (JSC::ARMAssembler::vabs_f64_r):
406         (JSC::ARMAssembler::vneg_f64_r):
407         (JSC::ARMAssembler::ldr_imm):
408         (JSC::ARMAssembler::ldr_un_imm):
409         (JSC::ARMAssembler::dtr_u):
410         (JSC::ARMAssembler::dtr_ur):
411         (JSC::ARMAssembler::dtr_d):
412         (JSC::ARMAssembler::dtr_dr):
413         (JSC::ARMAssembler::dtrh_u):
414         (JSC::ARMAssembler::dtrh_ur):
415         (JSC::ARMAssembler::dtrh_d):
416         (JSC::ARMAssembler::dtrh_dr):
417         (JSC::ARMAssembler::fdtr_u):
418         (JSC::ARMAssembler::fdtr_d):
419         (JSC::ARMAssembler::push_r):
420         (JSC::ARMAssembler::pop_r):
421         (JSC::ARMAssembler::poke_r):
422         (JSC::ARMAssembler::peek_r):
423         (JSC::ARMAssembler::vmov_vfp64_r):
424         (JSC::ARMAssembler::vmov_arm64_r):
425         (JSC::ARMAssembler::vmov_vfp32_r):
426         (JSC::ARMAssembler::vmov_arm32_r):
427         (JSC::ARMAssembler::vcvt_u32_f64_r):
428         (JSC::ARMAssembler::vcvt_f64_f32_r):
429         (JSC::ARMAssembler::vcvt_f32_f64_r):
430         (JSC::ARMAssembler::clz_r):
431         (JSC::ARMAssembler::bkpt):
432         (JSC::ARMAssembler::bx):
433         (JSC::ARMAssembler::blx):
434         (JSC::ARMAssembler::labelIgnoringWatchpoints):
435         (JSC::ARMAssembler::labelForWatchpoint):
436         (JSC::ARMAssembler::label):
437         (JSC::ARMAssembler::getLdrImmAddress):
438         (JSC::ARMAssembler::replaceWithJump):
439         (JSC::ARMAssembler::maxJumpReplacementSize):
440         (JSC::ARMAssembler::getOp2Byte):
441         (JSC::ARMAssembler::getOp2Half):
442         (JSC::ARMAssembler::RM):
443         (JSC::ARMAssembler::RS):
444         (JSC::ARMAssembler::RD):
445         (JSC::ARMAssembler::RN):
446         * assembler/AssemblerBufferWithConstantPool.h:
447         (JSC::AssemblerBufferWithConstantPool::ensureSpaceForAnyInstruction):
448         * assembler/MacroAssemblerARM.cpp:
449         (JSC::MacroAssemblerARM::load32WithUnalignedHalfWords):
450         * assembler/MacroAssemblerARM.h:
451         (JSC::MacroAssemblerARM::add32):
452         (MacroAssemblerARM):
453         (JSC::MacroAssemblerARM::and32):
454         (JSC::MacroAssemblerARM::lshift32):
455         (JSC::MacroAssemblerARM::mul32):
456         (JSC::MacroAssemblerARM::neg32):
457         (JSC::MacroAssemblerARM::rshift32):
458         (JSC::MacroAssemblerARM::urshift32):
459         (JSC::MacroAssemblerARM::xor32):
460         (JSC::MacroAssemblerARM::load8):
461         (JSC::MacroAssemblerARM::load8Signed):
462         (JSC::MacroAssemblerARM::load16):
463         (JSC::MacroAssemblerARM::load16Signed):
464         (JSC::MacroAssemblerARM::load32):
465         (JSC::MacroAssemblerARM::load32WithAddressOffsetPatch):
466         (JSC::MacroAssemblerARM::store32WithAddressOffsetPatch):
467         (JSC::MacroAssemblerARM::store8):
468         (JSC::MacroAssemblerARM::store16):
469         (JSC::MacroAssemblerARM::store32):
470         (JSC::MacroAssemblerARM::move):
471         (JSC::MacroAssemblerARM::jump):
472         (JSC::MacroAssemblerARM::branchAdd32):
473         (JSC::MacroAssemblerARM::mull32):
474         (JSC::MacroAssemblerARM::branchMul32):
475         (JSC::MacroAssemblerARM::nearCall):
476         (JSC::MacroAssemblerARM::compare32):
477         (JSC::MacroAssemblerARM::test32):
478         (JSC::MacroAssemblerARM::sub32):
479         (JSC::MacroAssemblerARM::call):
480         (JSC::MacroAssemblerARM::loadFloat):
481         (JSC::MacroAssemblerARM::loadDouble):
482         (JSC::MacroAssemblerARM::storeFloat):
483         (JSC::MacroAssemblerARM::storeDouble):
484         (JSC::MacroAssemblerARM::moveDouble):
485         (JSC::MacroAssemblerARM::addDouble):
486         (JSC::MacroAssemblerARM::divDouble):
487         (JSC::MacroAssemblerARM::subDouble):
488         (JSC::MacroAssemblerARM::mulDouble):
489         (JSC::MacroAssemblerARM::absDouble):
490         (JSC::MacroAssemblerARM::negateDouble):
491         (JSC::MacroAssemblerARM::convertInt32ToDouble):
492         (JSC::MacroAssemblerARM::convertFloatToDouble):
493         (JSC::MacroAssemblerARM::convertDoubleToFloat):
494         (JSC::MacroAssemblerARM::branchTruncateDoubleToInt32):
495         (JSC::MacroAssemblerARM::branchTruncateDoubleToUint32):
496         (JSC::MacroAssemblerARM::truncateDoubleToInt32):
497         (JSC::MacroAssemblerARM::truncateDoubleToUint32):
498         (JSC::MacroAssemblerARM::branchConvertDoubleToInt32):
499         (JSC::MacroAssemblerARM::branchDoubleNonZero):
500         (JSC::MacroAssemblerARM::branchDoubleZeroOrNaN):
501         (JSC::MacroAssemblerARM::invert):
502         (JSC::MacroAssemblerARM::replaceWithJump):
503         (JSC::MacroAssemblerARM::maxJumpReplacementSize):
504         (JSC::MacroAssemblerARM::call32):
505         * assembler/SH4Assembler.h:
506         (JSC::SH4Assembler::label):
507         * dfg/DFGAssemblyHelpers.h:
508         (JSC::DFG::AssemblyHelpers::debugCall):
509         (JSC::DFG::AssemblyHelpers::boxDouble):
510         (JSC::DFG::AssemblyHelpers::unboxDouble):
511         * dfg/DFGCCallHelpers.h:
512         (CCallHelpers):
513         (JSC::DFG::CCallHelpers::setupArguments):
514         * dfg/DFGFPRInfo.h:
515         (DFG):
516         * dfg/DFGGPRInfo.h:
517         (DFG):
518         (GPRInfo):
519         * dfg/DFGOperations.cpp:
520         (JSC):
521         * dfg/DFGSpeculativeJIT.h:
522         (SpeculativeJIT):
523         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
524         (JSC::DFG::SpeculativeJIT::appendCallSetResult):
525         * jit/JITStubs.cpp:
526         (JSC):
527         * jit/JITStubs.h:
528         (JITStackFrame):
529         * jit/JSInterfaceJIT.h:
530         (JSInterfaceJIT):
531
532 2012-07-04  Anthony Scian  <ascian@rim.com>
533
534         Web Inspector [JSC]: Implement ScriptCallStack::stackTrace
535         https://bugs.webkit.org/show_bug.cgi?id=40118
536
537         Reviewed by Yong Li.
538
539         Added member functions to expose function name, urlString, and line #.
540         Refactored toString to make use of these member functions to reduce
541         duplicated code for future maintenance.
542
543         Manually tested refactoring of toString by tracing thrown exceptions.
544
545         * interpreter/Interpreter.h:
546         (JSC::StackFrame::toString):
547         (JSC::StackFrame::friendlySourceURL):
548         (JSC::StackFrame::friendlyFunctionName):
549         (JSC::StackFrame::friendlyLineNumber):
550
551 2012-07-04  Andy Wingo  <wingo@igalia.com>
552
553         [GTK] Enable parallel GC
554         https://bugs.webkit.org/show_bug.cgi?id=90568
555
556         Reviewed by Martin Robinson.
557
558         * runtime/Options.cpp: Include <algorithm.h> for std::min.
559
560 2012-07-04  John Mellor  <johnme@chromium.org>
561
562         Text Autosizing: Add compile flag and runtime setting
563         https://bugs.webkit.org/show_bug.cgi?id=87394
564
565         This patch renames Font Boosting to Text Autosizing.
566
567         Reviewed by Adam Barth.
568
569         * Configurations/FeatureDefines.xcconfig:
570
571 2012-07-03  Michael Saboff  <msaboff@apple.com>
572
573         Enh: Hash Const JSString in Backing Stores to Save Memory
574         https://bugs.webkit.org/show_bug.cgi?id=86024
575
576         Reviewed by Oliver Hunt.
577
578         During garbage collection, each marking thread keeps a HashMap of
579         strings.  While visiting via MarkStack::copyAndAppend(), we check to
580         see if the string we are visiting is already in the HashMap.  If not
581         we add it. If so, we change the reference to the current string we're
582         visiting to the prior string.
583
584         To reduce the performance impact of this change, two throttles have
585         ben added.  1) We only try hash consting if a significant number of new 
586         strings have been created since the last hash const.  Currently this is
587         set at 100 strings.  2) If a string is unique at the end of a marking
588         it will not be checked during further GC phases. In some cases this
589         won't catch all duplicates, but we are trying to catch the growth of
590         duplicate strings.
591
592         * heap/Heap.cpp:
593         (JSC::Heap::markRoots):
594         * heap/MarkStack.cpp:
595         (JSC::MarkStackThreadSharedData::resetChildren):
596         (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
597         (JSC::MarkStackThreadSharedData::reset):
598         (JSC::MarkStack::setup): Check to see if enough strings have been created
599         to hash const.
600         (JSC::MarkStack::reset): Added call to clear m_uniqueStrings.
601         (JSC::JSString::tryHashConstLock): New method to lock JSString for
602         hash consting.
603         (JSC::JSString::releaseHashConstLock): New unlock method.
604         (JSC::JSString::shouldTryHashConst): Set of checks to see if we should
605         try to hash const the string.
606         (JSC::MarkStack::internalAppend): New method that performs the hash consting.
607         (JSC::SlotVisitor::copyAndAppend): Changed to call the new hash
608         consting internalAppend().
609         * heap/MarkStack.h:
610         (MarkStackThreadSharedData):
611         (MarkStack):
612         * runtime/JSGlobalData.cpp:
613         (JSC::JSGlobalData::JSGlobalData):
614         * runtime/JSGlobalData.h:
615         (JSGlobalData):
616         (JSC::JSGlobalData::haveEnoughNewStringsToHashConst):
617         (JSC::JSGlobalData::resetNewStringsSinceLastHashConst):
618         * runtime/JSString.h:
619         (JSString): Changed from using bool flags to using an unsigned
620         m_flags field.  This works better with the weakCompareAndSwap in
621         JSString::tryHashConstLock(). Changed the 8bitness setting and
622         checking to use new accessors.
623         (JSC::JSString::JSString):
624         (JSC::JSString::finishCreation):
625         (JSC::JSString::is8Bit): Updated for new m_flags.
626         (JSC::JSString::setIs8Bit): New setter.
627         New hash const flags accessors:
628         (JSC::JSString::isHashConstSingleton):
629         (JSC::JSString::clearHashConstSingleton):
630         (JSC::JSString::setHashConstSingleton):
631         (JSC::JSRopeString::finishCreation):
632         (JSC::JSRopeString::append):
633
634 2012-07-03  Tony Chang  <tony@chromium.org>
635
636         [chromium] Unreviewed, update .gitignore to handle VS2010 files.
637
638         * JavaScriptCore.gyp/.gitignore:
639
640 2012-07-03  Mark Lam  <mark.lam@apple.com>
641
642         Add ability to symbolically set and dump JSC VM options.
643         See comments in runtime/Options.h for details on how the options work.
644         https://bugs.webkit.org/show_bug.cgi?id=90420
645
646         Reviewed by Filip Pizlo.
647
648         * assembler/LinkBuffer.cpp:
649         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
650         * assembler/LinkBuffer.h:
651         (JSC):
652         * bytecode/CodeBlock.cpp:
653         (JSC::CodeBlock::shouldOptimizeNow):
654         * bytecode/CodeBlock.h:
655         (JSC::CodeBlock::likelyToTakeSlowCase):
656         (JSC::CodeBlock::couldTakeSlowCase):
657         (JSC::CodeBlock::likelyToTakeSpecialFastCase):
658         (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
659         (JSC::CodeBlock::likelyToTakeAnySlowCase):
660         (JSC::CodeBlock::jitAfterWarmUp):
661         (JSC::CodeBlock::jitSoon):
662         (JSC::CodeBlock::reoptimizationRetryCounter):
663         (JSC::CodeBlock::countReoptimization):
664         (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
665         (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
666         (JSC::CodeBlock::optimizeSoon):
667         (JSC::CodeBlock::exitCountThresholdForReoptimization):
668         (JSC::CodeBlock::exitCountThresholdForReoptimizationFromLoop):
669         * bytecode/ExecutionCounter.h:
670         (JSC::ExecutionCounter::clippedThreshold):
671         * dfg/DFGByteCodeParser.cpp:
672         (JSC::DFG::ByteCodeParser::handleInlining):
673         * dfg/DFGCapabilities.h:
674         (JSC::DFG::mightCompileEval):
675         (JSC::DFG::mightCompileProgram):
676         (JSC::DFG::mightCompileFunctionForCall):
677         (JSC::DFG::mightCompileFunctionForConstruct):
678         (JSC::DFG::mightInlineFunctionForCall):
679         (JSC::DFG::mightInlineFunctionForConstruct):
680         * dfg/DFGCommon.h:
681         (JSC::DFG::shouldShowDisassembly):
682         * dfg/DFGDriver.cpp:
683         (JSC::DFG::compile):
684         * dfg/DFGOSRExit.cpp:
685         (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
686         * dfg/DFGVariableAccessData.h:
687         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
688         * heap/MarkStack.cpp:
689         (JSC::MarkStackSegmentAllocator::allocate):
690         (JSC::MarkStackSegmentAllocator::shrinkReserve):
691         (JSC::MarkStackArray::MarkStackArray):
692         (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
693         (JSC::SlotVisitor::donateKnownParallel):
694         (JSC::SlotVisitor::drain):
695         (JSC::SlotVisitor::drainFromShared):
696         * heap/MarkStack.h:
697         (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
698         (JSC::MarkStack::addOpaqueRoot):
699         * heap/SlotVisitor.h:
700         (JSC::SlotVisitor::donate):
701         * jit/JIT.cpp:
702         (JSC::JIT::emitOptimizationCheck):
703         * jsc.cpp:
704         (printUsageStatement):
705         (parseArguments):
706         * runtime/InitializeThreading.cpp:
707         (JSC::initializeThreadingOnce):
708         * runtime/JSGlobalData.cpp:
709         (JSC::enableAssembler):
710         * runtime/JSGlobalObject.cpp:
711         (JSC::JSGlobalObject::JSGlobalObject):
712         * runtime/Options.cpp:
713         (JSC):
714         (JSC::overrideOptionWithHeuristic):
715         (JSC::Options::initialize):
716         (JSC::Options::setOption):
717         (JSC::Options::dumpAllOptions):
718         (JSC::Options::dumpOption):
719         * runtime/Options.h:
720         (JSC):
721         (Options):
722         (EntryInfo):
723
724 2012-07-03  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>  Joel Dillon <joel.dillon@codethink.co.uk>
725
726         [Qt][Win] Fix broken QtWebKit5.lib linking
727         https://bugs.webkit.org/show_bug.cgi?id=88321
728
729         Reviewed by Kenneth Rohde Christiansen.
730
731         The goal is to have different ports build systems define STATICALLY_LINKED_WITH_WTF
732         when building JavaScriptCore, if both are packaged in the same DLL, instead
733         of relying on the code to handle this.
734         The effects of BUILDING_* and STATICALLY_LINKED_WITH_* are currently the same
735         except for a check in Source/JavaScriptCore/config.h.
736
737         Keeping the old way for the WX port as requested by the port's contributors.
738         For non-Windows ports there is no difference between IMPORT and EXPORT, no
739         change is needed.
740
741         * API/JSBase.h:
742           JS symbols shouldn't be included by WTF objects anymore. Remove the export when BUILDING_WTF.
743         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
744           Make sure that JavaScriptCore uses import symbols of WTF for the Win port.
745         * runtime/JSExportMacros.h:
746
747 2012-07-02  Filip Pizlo  <fpizlo@apple.com>
748
749         DFG OSR exit value recoveries should be computed lazily
750         https://bugs.webkit.org/show_bug.cgi?id=82155
751
752         Reviewed by Gavin Barraclough.
753         
754         This change aims to reduce one aspect of DFG compile times: the fact
755         that we currently compute the value recoveries for each local and
756         argument on every speculation check. We compile many speculation checks,
757         so this can add up quick. The strategy that this change takes is to
758         have the DFG save just enough information about how the compiler is
759         choosing to represent state, that the DFG::OSRExitCompiler can reify
760         the value recoveries lazily.
761         
762         This appears to be an 0.3% SunSpider speed-up and is neutral elsewhere.
763         
764         I also took the opportunity to fix the sampling regions profiler (it
765         was missing an export macro) and to put in more sampling regions in
766         the DFG (which are disabled so long as ENABLE(SAMPLING_REGIONS) is
767         false).
768         
769         * CMakeLists.txt:
770         * GNUmakefile.list.am:
771         * JavaScriptCore.xcodeproj/project.pbxproj:
772         * Target.pri:
773         * bytecode/CodeBlock.cpp:
774         (JSC):
775         (JSC::CodeBlock::shrinkDFGDataToFit):
776         * bytecode/CodeBlock.h:
777         (CodeBlock):
778         (JSC::CodeBlock::minifiedDFG):
779         (JSC::CodeBlock::variableEventStream):
780         (DFGData):
781         * bytecode/Operands.h:
782         (JSC::Operands::hasOperand):
783         (Operands):
784         (JSC::Operands::size):
785         (JSC::Operands::at):
786         (JSC::Operands::operator[]):
787         (JSC::Operands::isArgument):
788         (JSC::Operands::isVariable):
789         (JSC::Operands::argumentForIndex):
790         (JSC::Operands::variableForIndex):
791         (JSC::Operands::operandForIndex):
792         (JSC):
793         (JSC::dumpOperands):
794         * bytecode/SamplingTool.h:
795         (SamplingRegion):
796         * dfg/DFGByteCodeParser.cpp:
797         (JSC::DFG::parse):
798         * dfg/DFGCFAPhase.cpp:
799         (JSC::DFG::performCFA):
800         * dfg/DFGCSEPhase.cpp:
801         (JSC::DFG::performCSE):
802         * dfg/DFGFixupPhase.cpp:
803         (JSC::DFG::performFixup):
804         * dfg/DFGGenerationInfo.h:
805         (JSC::DFG::GenerationInfo::GenerationInfo):
806         (JSC::DFG::GenerationInfo::initConstant):
807         (JSC::DFG::GenerationInfo::initInteger):
808         (JSC::DFG::GenerationInfo::initJSValue):
809         (JSC::DFG::GenerationInfo::initCell):
810         (JSC::DFG::GenerationInfo::initBoolean):
811         (JSC::DFG::GenerationInfo::initDouble):
812         (JSC::DFG::GenerationInfo::initStorage):
813         (GenerationInfo):
814         (JSC::DFG::GenerationInfo::noticeOSRBirth):
815         (JSC::DFG::GenerationInfo::use):
816         (JSC::DFG::GenerationInfo::spill):
817         (JSC::DFG::GenerationInfo::setSpilled):
818         (JSC::DFG::GenerationInfo::fillJSValue):
819         (JSC::DFG::GenerationInfo::fillCell):
820         (JSC::DFG::GenerationInfo::fillInteger):
821         (JSC::DFG::GenerationInfo::fillBoolean):
822         (JSC::DFG::GenerationInfo::fillDouble):
823         (JSC::DFG::GenerationInfo::fillStorage):
824         (JSC::DFG::GenerationInfo::appendFill):
825         (JSC::DFG::GenerationInfo::appendSpill):
826         * dfg/DFGJITCompiler.cpp:
827         (JSC::DFG::JITCompiler::link):
828         (JSC::DFG::JITCompiler::compile):
829         (JSC::DFG::JITCompiler::compileFunction):
830         * dfg/DFGMinifiedGraph.h: Added.
831         (DFG):
832         (MinifiedGraph):
833         (JSC::DFG::MinifiedGraph::MinifiedGraph):
834         (JSC::DFG::MinifiedGraph::at):
835         (JSC::DFG::MinifiedGraph::append):
836         (JSC::DFG::MinifiedGraph::prepareAndShrink):
837         (JSC::DFG::MinifiedGraph::setOriginalGraphSize):
838         (JSC::DFG::MinifiedGraph::originalGraphSize):
839         * dfg/DFGMinifiedNode.cpp: Added.
840         (DFG):
841         (JSC::DFG::MinifiedNode::fromNode):
842         * dfg/DFGMinifiedNode.h: Added.
843         (DFG):
844         (JSC::DFG::belongsInMinifiedGraph):
845         (MinifiedNode):
846         (JSC::DFG::MinifiedNode::MinifiedNode):
847         (JSC::DFG::MinifiedNode::index):
848         (JSC::DFG::MinifiedNode::op):
849         (JSC::DFG::MinifiedNode::hasChild1):
850         (JSC::DFG::MinifiedNode::child1):
851         (JSC::DFG::MinifiedNode::hasConstant):
852         (JSC::DFG::MinifiedNode::hasConstantNumber):
853         (JSC::DFG::MinifiedNode::constantNumber):
854         (JSC::DFG::MinifiedNode::hasWeakConstant):
855         (JSC::DFG::MinifiedNode::weakConstant):
856         (JSC::DFG::MinifiedNode::getIndex):
857         (JSC::DFG::MinifiedNode::compareByNodeIndex):
858         (JSC::DFG::MinifiedNode::hasChild):
859         * dfg/DFGNode.h:
860         (Node):
861         * dfg/DFGOSRExit.cpp:
862         (JSC::DFG::OSRExit::OSRExit):
863         * dfg/DFGOSRExit.h:
864         (OSRExit):
865         * dfg/DFGOSRExitCompiler.cpp:
866         * dfg/DFGOSRExitCompiler.h:
867         (OSRExitCompiler):
868         * dfg/DFGOSRExitCompiler32_64.cpp:
869         (JSC::DFG::OSRExitCompiler::compileExit):
870         * dfg/DFGOSRExitCompiler64.cpp:
871         (JSC::DFG::OSRExitCompiler::compileExit):
872         * dfg/DFGPredictionPropagationPhase.cpp:
873         (JSC::DFG::performPredictionPropagation):
874         * dfg/DFGRedundantPhiEliminationPhase.cpp:
875         (JSC::DFG::performRedundantPhiElimination):
876         * dfg/DFGSpeculativeJIT.cpp:
877         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
878         (DFG):
879         (JSC::DFG::SpeculativeJIT::fillStorage):
880         (JSC::DFG::SpeculativeJIT::noticeOSRBirth):
881         (JSC::DFG::SpeculativeJIT::compileMovHint):
882         (JSC::DFG::SpeculativeJIT::compile):
883         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
884         * dfg/DFGSpeculativeJIT.h:
885         (DFG):
886         (JSC::DFG::SpeculativeJIT::use):
887         (SpeculativeJIT):
888         (JSC::DFG::SpeculativeJIT::spill):
889         (JSC::DFG::SpeculativeJIT::speculationCheck):
890         (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
891         (JSC::DFG::SpeculativeJIT::recordSetLocal):
892         * dfg/DFGSpeculativeJIT32_64.cpp:
893         (JSC::DFG::SpeculativeJIT::fillInteger):
894         (JSC::DFG::SpeculativeJIT::fillDouble):
895         (JSC::DFG::SpeculativeJIT::fillJSValue):
896         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
897         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
898         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
899         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
900         (JSC::DFG::SpeculativeJIT::compile):
901         * dfg/DFGSpeculativeJIT64.cpp:
902         (JSC::DFG::SpeculativeJIT::fillInteger):
903         (JSC::DFG::SpeculativeJIT::fillDouble):
904         (JSC::DFG::SpeculativeJIT::fillJSValue):
905         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
906         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
907         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
908         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
909         (JSC::DFG::SpeculativeJIT::compile):
910         * dfg/DFGValueRecoveryOverride.h: Added.
911         (DFG):
912         (ValueRecoveryOverride):
913         (JSC::DFG::ValueRecoveryOverride::ValueRecoveryOverride):
914         * dfg/DFGValueSource.cpp: Added.
915         (DFG):
916         (JSC::DFG::ValueSource::dump):
917         * dfg/DFGValueSource.h: Added.
918         (DFG):
919         (JSC::DFG::dataFormatToValueSourceKind):
920         (JSC::DFG::valueSourceKindToDataFormat):
921         (JSC::DFG::isInRegisterFile):
922         (ValueSource):
923         (JSC::DFG::ValueSource::ValueSource):
924         (JSC::DFG::ValueSource::forPrediction):
925         (JSC::DFG::ValueSource::forDataFormat):
926         (JSC::DFG::ValueSource::isSet):
927         (JSC::DFG::ValueSource::kind):
928         (JSC::DFG::ValueSource::isInRegisterFile):
929         (JSC::DFG::ValueSource::dataFormat):
930         (JSC::DFG::ValueSource::valueRecovery):
931         (JSC::DFG::ValueSource::nodeIndex):
932         (JSC::DFG::ValueSource::nodeIndexFromKind):
933         (JSC::DFG::ValueSource::kindFromNodeIndex):
934         * dfg/DFGVariableEvent.cpp: Added.
935         (DFG):
936         (JSC::DFG::VariableEvent::dump):
937         (JSC::DFG::VariableEvent::dumpFillInfo):
938         (JSC::DFG::VariableEvent::dumpSpillInfo):
939         * dfg/DFGVariableEvent.h: Added.
940         (DFG):
941         (VariableEvent):
942         (JSC::DFG::VariableEvent::VariableEvent):
943         (JSC::DFG::VariableEvent::reset):
944         (JSC::DFG::VariableEvent::fillGPR):
945         (JSC::DFG::VariableEvent::fillPair):
946         (JSC::DFG::VariableEvent::fillFPR):
947         (JSC::DFG::VariableEvent::spill):
948         (JSC::DFG::VariableEvent::death):
949         (JSC::DFG::VariableEvent::setLocal):
950         (JSC::DFG::VariableEvent::movHint):
951         (JSC::DFG::VariableEvent::kind):
952         (JSC::DFG::VariableEvent::nodeIndex):
953         (JSC::DFG::VariableEvent::dataFormat):
954         (JSC::DFG::VariableEvent::gpr):
955         (JSC::DFG::VariableEvent::tagGPR):
956         (JSC::DFG::VariableEvent::payloadGPR):
957         (JSC::DFG::VariableEvent::fpr):
958         (JSC::DFG::VariableEvent::virtualRegister):
959         (JSC::DFG::VariableEvent::operand):
960         (JSC::DFG::VariableEvent::variableRepresentation):
961         * dfg/DFGVariableEventStream.cpp: Added.
962         (DFG):
963         (JSC::DFG::VariableEventStream::logEvent):
964         (MinifiedGenerationInfo):
965         (JSC::DFG::MinifiedGenerationInfo::MinifiedGenerationInfo):
966         (JSC::DFG::MinifiedGenerationInfo::update):
967         (JSC::DFG::VariableEventStream::reconstruct):
968         * dfg/DFGVariableEventStream.h: Added.
969         (DFG):
970         (VariableEventStream):
971         (JSC::DFG::VariableEventStream::appendAndLog):
972         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
973         (JSC::DFG::performVirtualRegisterAllocation):
974
975 2012-07-02  Filip Pizlo  <fpizlo@apple.com>
976
977         DFG::ArgumentsSimplificationPhase should assert that the PhantomArguments nodes it creates are not shouldGenerate()
978         https://bugs.webkit.org/show_bug.cgi?id=90407
979
980         Reviewed by Mark Hahnenberg.
981
982         * dfg/DFGArgumentsSimplificationPhase.cpp:
983         (JSC::DFG::ArgumentsSimplificationPhase::run):
984
985 2012-07-02  Gavin Barraclough  <barraclough@apple.com>
986
987         Array.prototype.pop should throw if property is not configurable
988         https://bugs.webkit.org/show_bug.cgi?id=75788
989
990         Rubber Stamped by Oliver Hunt.
991
992         No real bug here any more, but the error we throw sometimes has a misleading message.
993  
994         * runtime/JSArray.cpp:
995         (JSC::JSArray::pop):
996
997 2012-06-29  Filip Pizlo  <fpizlo@apple.com>
998
999         JSObject wastes too much memory on unused property slots
1000         https://bugs.webkit.org/show_bug.cgi?id=90255
1001
1002         Reviewed by Mark Hahnenberg.
1003         
1004         Rolling back in after applying a simple fix: it appears that
1005         JSObject::setStructureAndReallocateStorageIfNecessary() was allocating more
1006         property storage than necessary. Fixing this appears to resolve the crash.
1007         
1008         This does a few things:
1009         
1010         - JSNonFinalObject no longer has inline property storage.
1011         
1012         - Initial out-of-line property storage size is 4 slots for JSNonFinalObject,
1013           or 2x the inline storage for JSFinalObject.
1014         
1015         - Property storage is only reallocated if it needs to be. Previously, we
1016           would reallocate the property storage on any transition where the original
1017           structure said shouldGrowProperyStorage(), but this led to spurious
1018           reallocations when doing transitionless property adds and there are
1019           deleted property slots available. That in turn led to crashes, because we
1020           would switch to out-of-line storage even if the capacity matched the
1021           criteria for inline storage.
1022         
1023         - Inline JSFunction allocation is killed off because we don't have a good
1024           way of inlining property storage allocation. This didn't hurt performance.
1025           Killing off code is better than fixing it if that code wasn't doing any
1026           good.
1027         
1028         This looks like a 1% progression on V8.
1029
1030         * interpreter/Interpreter.cpp:
1031         (JSC::Interpreter::privateExecute):
1032         * jit/JIT.cpp:
1033         (JSC::JIT::privateCompileSlowCases):
1034         * jit/JIT.h:
1035         * jit/JITInlineMethods.h:
1036         (JSC::JIT::emitAllocateBasicJSObject):
1037         (JSC):
1038         * jit/JITOpcodes.cpp:
1039         (JSC::JIT::emit_op_new_func):
1040         (JSC):
1041         (JSC::JIT::emit_op_new_func_exp):
1042         * runtime/JSFunction.cpp:
1043         (JSC::JSFunction::finishCreation):
1044         * runtime/JSObject.h:
1045         (JSC::JSObject::isUsingInlineStorage):
1046         (JSObject):
1047         (JSC::JSObject::finishCreation):
1048         (JSC):
1049         (JSC::JSNonFinalObject::hasInlineStorage):
1050         (JSNonFinalObject):
1051         (JSC::JSNonFinalObject::JSNonFinalObject):
1052         (JSC::JSNonFinalObject::finishCreation):
1053         (JSC::JSFinalObject::hasInlineStorage):
1054         (JSC::JSFinalObject::finishCreation):
1055         (JSC::JSObject::offsetOfInlineStorage):
1056         (JSC::JSObject::setPropertyStorage):
1057         (JSC::Structure::inlineStorageCapacity):
1058         (JSC::Structure::isUsingInlineStorage):
1059         (JSC::JSObject::putDirectInternal):
1060         (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
1061         (JSC::JSObject::putDirectWithoutTransition):
1062         * runtime/Structure.cpp:
1063         (JSC::Structure::Structure):
1064         (JSC::nextPropertyStorageCapacity):
1065         (JSC):
1066         (JSC::Structure::growPropertyStorageCapacity):
1067         (JSC::Structure::suggestedNewPropertyStorageSize):
1068         * runtime/Structure.h:
1069         (JSC::Structure::putWillGrowPropertyStorage):
1070         (Structure):
1071
1072 2012-06-29  Filip Pizlo  <fpizlo@apple.com>
1073
1074         Webkit crashes in DFG on Google Docs when creating a new document
1075         https://bugs.webkit.org/show_bug.cgi?id=90209
1076
1077         Reviewed by Gavin Barraclough.
1078         
1079         Don't attempt to short-circuit Phantom(GetLocal) if the GetLocal is for a
1080         captured variable.
1081
1082         * dfg/DFGCFGSimplificationPhase.cpp:
1083         (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
1084
1085 2012-06-30  Zan Dobersek  <zandobersek@gmail.com>
1086
1087         Unreviewed, rolling out r121605.
1088         http://trac.webkit.org/changeset/121605
1089         https://bugs.webkit.org/show_bug.cgi?id=90336
1090
1091         Changes caused flaky crashes in sputnik/Unicode tests on Apple
1092         WK1 and GTK Linux builders
1093
1094         * interpreter/Interpreter.cpp:
1095         (JSC::Interpreter::privateExecute):
1096         * jit/JIT.cpp:
1097         (JSC::JIT::privateCompileSlowCases):
1098         * jit/JIT.h:
1099         * jit/JITInlineMethods.h:
1100         (JSC::JIT::emitAllocateBasicJSObject):
1101         (JSC::JIT::emitAllocateJSFinalObject):
1102         (JSC):
1103         (JSC::JIT::emitAllocateJSFunction):
1104         * jit/JITOpcodes.cpp:
1105         (JSC::JIT::emit_op_new_func):
1106         (JSC::JIT::emitSlow_op_new_func):
1107         (JSC):
1108         (JSC::JIT::emit_op_new_func_exp):
1109         (JSC::JIT::emitSlow_op_new_func_exp):
1110         * runtime/JSFunction.cpp:
1111         (JSC::JSFunction::finishCreation):
1112         * runtime/JSObject.h:
1113         (JSC::JSObject::isUsingInlineStorage):
1114         (JSObject):
1115         (JSC::JSObject::finishCreation):
1116         (JSC):
1117         (JSNonFinalObject):
1118         (JSC::JSNonFinalObject::JSNonFinalObject):
1119         (JSC::JSNonFinalObject::finishCreation):
1120         (JSFinalObject):
1121         (JSC::JSFinalObject::finishCreation):
1122         (JSC::JSObject::offsetOfInlineStorage):
1123         (JSC::JSObject::setPropertyStorage):
1124         (JSC::Structure::isUsingInlineStorage):
1125         (JSC::JSObject::putDirectInternal):
1126         (JSC::JSObject::putDirectWithoutTransition):
1127         (JSC::JSObject::transitionTo):
1128         * runtime/Structure.cpp:
1129         (JSC::Structure::Structure):
1130         (JSC):
1131         (JSC::Structure::growPropertyStorageCapacity):
1132         (JSC::Structure::suggestedNewPropertyStorageSize):
1133         * runtime/Structure.h:
1134         (JSC::Structure::shouldGrowPropertyStorage):
1135         (JSC::Structure::propertyStorageSize):
1136
1137 2012-06-29  Mark Hahnenberg  <mhahnenberg@apple.com>
1138
1139         Remove warning about protected values when the Heap is being destroyed
1140         https://bugs.webkit.org/show_bug.cgi?id=90302
1141
1142         Reviewed by Geoffrey Garen.
1143
1144         Having to do book-keeping about whether values allocated from a certain 
1145         VM are or are not protected makes the JSC API much more difficult to use 
1146         correctly. Clients should be able to throw an entire VM away and not have 
1147         to worry about unprotecting all of the values that they protected earlier.
1148
1149         * heap/Heap.cpp:
1150         (JSC::Heap::lastChanceToFinalize):
1151
1152 2012-06-29  Filip Pizlo  <fpizlo@apple.com>
1153
1154         JSObject wastes too much memory on unused property slots
1155         https://bugs.webkit.org/show_bug.cgi?id=90255
1156
1157         Reviewed by Mark Hahnenberg.
1158         
1159         This does a few things:
1160         
1161         - JSNonFinalObject no longer has inline property storage.
1162         
1163         - Initial out-of-line property storage size is 4 slots for JSNonFinalObject,
1164           or 2x the inline storage for JSFinalObject.
1165         
1166         - Property storage is only reallocated if it needs to be. Previously, we
1167           would reallocate the property storage on any transition where the original
1168           structure said shouldGrowProperyStorage(), but this led to spurious
1169           reallocations when doing transitionless property adds and there are
1170           deleted property slots available. That in turn led to crashes, because we
1171           would switch to out-of-line storage even if the capacity matched the
1172           criteria for inline storage.
1173         
1174         - Inline JSFunction allocation is killed off because we don't have a good
1175           way of inlining property storage allocation. This didn't hurt performance.
1176           Killing off code is better than fixing it if that code wasn't doing any
1177           good.
1178         
1179         This looks like a 1% progression on V8.
1180
1181         * interpreter/Interpreter.cpp:
1182         (JSC::Interpreter::privateExecute):
1183         * jit/JIT.cpp:
1184         (JSC::JIT::privateCompileSlowCases):
1185         * jit/JIT.h:
1186         * jit/JITInlineMethods.h:
1187         (JSC::JIT::emitAllocateBasicJSObject):
1188         (JSC):
1189         * jit/JITOpcodes.cpp:
1190         (JSC::JIT::emit_op_new_func):
1191         (JSC):
1192         (JSC::JIT::emit_op_new_func_exp):
1193         * runtime/JSFunction.cpp:
1194         (JSC::JSFunction::finishCreation):
1195         * runtime/JSObject.h:
1196         (JSC::JSObject::isUsingInlineStorage):
1197         (JSObject):
1198         (JSC::JSObject::finishCreation):
1199         (JSC):
1200         (JSC::JSNonFinalObject::hasInlineStorage):
1201         (JSNonFinalObject):
1202         (JSC::JSNonFinalObject::JSNonFinalObject):
1203         (JSC::JSNonFinalObject::finishCreation):
1204         (JSC::JSFinalObject::hasInlineStorage):
1205         (JSC::JSFinalObject::finishCreation):
1206         (JSC::JSObject::offsetOfInlineStorage):
1207         (JSC::JSObject::setPropertyStorage):
1208         (JSC::Structure::inlineStorageCapacity):
1209         (JSC::Structure::isUsingInlineStorage):
1210         (JSC::JSObject::putDirectInternal):
1211         (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
1212         (JSC::JSObject::putDirectWithoutTransition):
1213         * runtime/Structure.cpp:
1214         (JSC::Structure::Structure):
1215         (JSC::nextPropertyStorageCapacity):
1216         (JSC):
1217         (JSC::Structure::growPropertyStorageCapacity):
1218         (JSC::Structure::suggestedNewPropertyStorageSize):
1219         * runtime/Structure.h:
1220         (JSC::Structure::putWillGrowPropertyStorage):
1221         (Structure):
1222
1223 2012-06-28  Filip Pizlo  <fpizlo@apple.com>
1224
1225         DFG recompilation heuristics should be based on count, not rate
1226         https://bugs.webkit.org/show_bug.cgi?id=90146
1227
1228         Reviewed by Oliver Hunt.
1229         
1230         This removes a bunch of code that was previously trying to prevent spurious
1231         reoptimizations if a large enough majority of executions of a code block did
1232         not result in OSR exit. It turns out that this code was purely harmful. This
1233         patch removes all of that logic and replaces it with a dead-simple
1234         heuristic: if you exit more than N times (where N is an exponential function
1235         of the number of times the code block has already been recompiled) then we
1236         will recompile.
1237         
1238         This appears to be a broad ~1% win on many benchmarks large and small.
1239
1240         * bytecode/CodeBlock.cpp:
1241         (JSC::CodeBlock::CodeBlock):
1242         * bytecode/CodeBlock.h:
1243         (JSC::CodeBlock::osrExitCounter):
1244         (JSC::CodeBlock::countOSRExit):
1245         (CodeBlock):
1246         (JSC::CodeBlock::addressOfOSRExitCounter):
1247         (JSC::CodeBlock::offsetOfOSRExitCounter):
1248         (JSC::CodeBlock::adjustedExitCountThreshold):
1249         (JSC::CodeBlock::exitCountThresholdForReoptimization):
1250         (JSC::CodeBlock::exitCountThresholdForReoptimizationFromLoop):
1251         (JSC::CodeBlock::shouldReoptimizeNow):
1252         (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
1253         * bytecode/ExecutionCounter.cpp:
1254         (JSC::ExecutionCounter::setThreshold):
1255         * bytecode/ExecutionCounter.h:
1256         (ExecutionCounter):
1257         (JSC::ExecutionCounter::clippedThreshold):
1258         * dfg/DFGJITCompiler.cpp:
1259         (JSC::DFG::JITCompiler::compileBody):
1260         * dfg/DFGOSRExit.cpp:
1261         (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
1262         * dfg/DFGOSRExitCompiler.cpp:
1263         (JSC::DFG::OSRExitCompiler::handleExitCounts):
1264         * dfg/DFGOperations.cpp:
1265         * jit/JITStubs.cpp:
1266         (JSC::DEFINE_STUB_FUNCTION):
1267         * runtime/Options.cpp:
1268         (Options):
1269         (JSC::Options::initializeOptions):
1270         * runtime/Options.h:
1271         (Options):
1272
1273 2012-06-28  Mark Lam  <mark.lam@apple.com>
1274
1275         Adding a commenting utility to record BytecodeGenerator comments
1276         with opcodes that are emitted.  Presently, the comments can only
1277         be constant strings.  Adding comments for opcodes is optional.
1278         If a comment is added, the comment will be printed following the
1279         opcode when CodeBlock::dump() is called.
1280
1281         This utility is disabled by default, and is only meant for VM
1282         development purposes.  It should not be enabled for product builds.
1283
1284         To enable this utility, set ENABLE_BYTECODE_COMMENTS in CodeBlock.h
1285         to 1.
1286
1287         https://bugs.webkit.org/show_bug.cgi?id=90095
1288
1289         Reviewed by Geoffrey Garen.
1290
1291         * GNUmakefile.list.am:
1292         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1293         * JavaScriptCore.xcodeproj/project.pbxproj:
1294         * bytecode/CodeBlock.cpp:
1295         (JSC::CodeBlock::dumpBytecodeCommentAndNewLine): Dumps the comment.
1296         (JSC):
1297         (JSC::CodeBlock::printUnaryOp): Add comment dumps.
1298         (JSC::CodeBlock::printBinaryOp): Add comment dumps.
1299         (JSC::CodeBlock::printConditionalJump): Add comment dumps.
1300         (JSC::CodeBlock::printCallOp): Add comment dumps.
1301         (JSC::CodeBlock::printPutByIdOp): Add comment dumps.
1302         (JSC::CodeBlock::dump): Add comment dumps.
1303         (JSC::CodeBlock::CodeBlock):
1304         (JSC::CodeBlock::commentForBytecodeOffset):
1305             Finds the comment for an opcode if available.
1306         (JSC::CodeBlock::dumpBytecodeComments):
1307             For debugging whether comments are collected.
1308             It is not being called anywhere.
1309         * bytecode/CodeBlock.h:
1310         (CodeBlock):
1311         (JSC::CodeBlock::bytecodeComments):
1312         * bytecode/Comment.h: Added.
1313         (JSC):
1314         (Comment):
1315         * bytecompiler/BytecodeGenerator.cpp:
1316         (JSC::BytecodeGenerator::BytecodeGenerator):
1317         (JSC::BytecodeGenerator::emitOpcode): Calls emitComment().
1318         (JSC):
1319         (JSC::BytecodeGenerator::emitComment): Adds comment to CodeBlock.
1320         (JSC::BytecodeGenerator::prependComment):
1321             Registers a comment for emitComemnt() to use later.
1322         * bytecompiler/BytecodeGenerator.h:
1323         (BytecodeGenerator):
1324         (JSC::BytecodeGenerator::emitComment):
1325         (JSC::BytecodeGenerator::prependComment):
1326             These are inlined versions of these functions that nullify them
1327             when ENABLE_BYTECODE_COMMENTS is 0.
1328         (JSC::BytecodeGenerator::comments):
1329
1330 2012-06-28  Oliver Hunt  <oliver@apple.com>
1331
1332         32bit DFG incorrectly claims an fpr is fillable even if it has not been proven double
1333         https://bugs.webkit.org/show_bug.cgi?id=90127
1334
1335         Reviewed by Filip Pizlo.
1336
1337         The 32-bit version of fillSpeculateDouble doesn't handle Number->fpr loads
1338         correctly.  This patch fixes this by killing the fill info in the GenerationInfo
1339         when the spillFormat doesn't guarantee the value is a double.
1340
1341         * dfg/DFGSpeculativeJIT32_64.cpp:
1342         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1343
1344 2012-06-28  Kent Tamura  <tkent@chromium.org>
1345
1346         Classify form control states by their owner forms
1347         https://bugs.webkit.org/show_bug.cgi?id=89950
1348
1349         Reviewed by Hajime Morita.
1350
1351         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1352         Expose WTF::StringBuilder::canShrink()
1353
1354 2012-06-27  Michael Saboff  <msaboff@apple.com>
1355
1356         [Win] jscore-tests flakey
1357         https://bugs.webkit.org/show_bug.cgi?id=88118
1358
1359         Reviewed by Jessie Berlin.
1360
1361         jsDriver.pl on windows intermittently doesn't get the returned value from jsc,
1362         instead it gets 126.  Added a new option to jsc (-x) which prints the exit
1363         code before exiting.  jsDriver.pl uses this option on Windows and parses the
1364         exit code output for the exit code, removing it before comparing the actual
1365         and expected outputs.  Filed a follow on "FIXME" defect:
1366         [WIN] Intermittent failure for jsc return value to propagate through jsDriver.pl
1367         https://bugs.webkit.org/show_bug.cgi?id=90119
1368
1369         * jsc.cpp:
1370         (CommandLine::CommandLine):
1371         (CommandLine):
1372         (printUsageStatement):
1373         (parseArguments):
1374         (jscmain):
1375         * tests/mozilla/jsDriver.pl:
1376         (execute_tests):
1377
1378 2012-06-27  Sheriff Bot  <webkit.review.bot@gmail.com>
1379
1380         Unreviewed, rolling out r121359.
1381         http://trac.webkit.org/changeset/121359
1382         https://bugs.webkit.org/show_bug.cgi?id=90115
1383
1384         Broke many inspector tests (Requested by jpfau on #webkit).
1385
1386         * interpreter/Interpreter.h:
1387         (JSC::StackFrame::toString):
1388
1389 2012-06-27  Filip Pizlo  <fpizlo@apple.com>
1390
1391         Javascript SHA-512 gives wrong hash on second and subsequent runs unless Web Inspector Javascript Debugging is on
1392         https://bugs.webkit.org/show_bug.cgi?id=90053
1393         <rdar://problem/11764613>
1394
1395         Reviewed by Mark Hahnenberg.
1396         
1397         The problem is that the code was assuming that the recovery should be Undefined if the source of
1398         the SetLocal was !shouldGenerate(). But that's wrong, since the DFG optimizer may skip around a
1399         UInt32ToNumber node (hence making it !shouldGenerate()) and keep the source of that node alive.
1400         In that case we should base the recovery on the source of the UInt32ToNumber. The logic for this
1401         was already in place but the fast check for !shouldGenerate() broke it.
1402
1403         * dfg/DFGSpeculativeJIT.cpp:
1404         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
1405
1406 2012-06-27  Filip Pizlo  <fpizlo@apple.com>
1407
1408         DFG disassembly should be easier to read
1409         https://bugs.webkit.org/show_bug.cgi?id=90106
1410
1411         Reviewed by Mark Hahnenberg.
1412         
1413         Did a few things:
1414         
1415         - Options::showDFGDisassembly now shows OSR exit disassembly as well.
1416         
1417         - Phi node dumping doesn't attempt to do line wrapping since it just made the dump harder
1418           to read.
1419         
1420         - DFG graph disassembly view shows a few additional node types that turn out to be
1421           essential for understanding OSR exits.
1422         
1423         Put together, these changes reinforce the philosophy that anything needed for computing
1424         OSR exit is just as important as the machine code itself. Of course, we still don't take
1425         that philosophy to its full extreme - for example Phantom nodes are not dumped. We may
1426         revisit that in the future.
1427
1428         * assembler/LinkBuffer.cpp:
1429         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
1430         * assembler/LinkBuffer.h:
1431         (JSC):
1432         * dfg/DFGDisassembler.cpp:
1433         (JSC::DFG::Disassembler::dump):
1434         * dfg/DFGGraph.cpp:
1435         (JSC::DFG::Graph::dumpBlockHeader):
1436         * dfg/DFGNode.h:
1437         (JSC::DFG::Node::willHaveCodeGenOrOSR):
1438         * dfg/DFGOSRExitCompiler.cpp:
1439         * jit/JIT.cpp:
1440         (JSC::JIT::privateCompile):
1441
1442 2012-06-25  Mark Hahnenberg  <mhahnenberg@apple.com>
1443
1444         JSLock should be per-JSGlobalData
1445         https://bugs.webkit.org/show_bug.cgi?id=89123
1446
1447         Reviewed by Geoffrey Garen.
1448
1449         * API/APIShims.h:
1450         (APIEntryShimWithoutLock):
1451         (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): Added an extra parameter to the constructor to 
1452         determine whether we should ref the JSGlobalData or not. We want to ref all the time except for in the 
1453         HeapTimer class because timerDidFire could run after somebody has started to tear down that particular 
1454         JSGlobalData, so we wouldn't want to resurrect the ref count of that JSGlobalData from 0 back to 1 after 
1455         its destruction has begun. 
1456         (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
1457         (JSC::APIEntryShim::APIEntryShim):
1458         (APIEntryShim):
1459         (JSC::APIEntryShim::~APIEntryShim):
1460         (JSC::APIEntryShim::init): Factored out common initialization code for the various APIEntryShim constructors.
1461         Also moved the timeoutChecker stop and start here because we need to start after we've grabbed the API lock
1462         and before we've released it, which can only done in APIEntryShim.
1463         (JSC::APICallbackShim::~APICallbackShim): We no longer need to synchronize here.
1464         * API/JSContextRef.cpp:
1465         (JSGlobalContextCreate):
1466         (JSGlobalContextCreateInGroup):
1467         (JSGlobalContextRelease):
1468         (JSContextCreateBacktrace):
1469         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1470         * heap/CopiedSpace.cpp:
1471         (JSC::CopiedSpace::tryAllocateSlowCase):
1472         * heap/Heap.cpp:
1473         (JSC::Heap::protect):
1474         (JSC::Heap::unprotect):
1475         (JSC::Heap::collect):
1476         (JSC::Heap::setActivityCallback):
1477         (JSC::Heap::activityCallback):
1478         (JSC::Heap::sweeper):
1479         * heap/Heap.h: Changed m_activityCallback and m_sweeper to be raw pointers rather than OwnPtrs because they 
1480         are now responsible for their own lifetime. Also changed the order of declaration of the GCActivityCallback
1481         and the IncrementalSweeper to make sure they're the last things that get initialized during construction to 
1482         prevent any issues with uninitialized memory in the JSGlobalData/Heap they might care about.
1483         (Heap):
1484         * heap/HeapTimer.cpp: Refactored to allow for thread-safe operation and shutdown.
1485         (JSC::HeapTimer::~HeapTimer):
1486         (JSC::HeapTimer::invalidate):
1487         (JSC):
1488         (JSC::HeapTimer::didStartVMShutdown): Called at the beginning of ~JSGlobalData. If we're on the same thread 
1489         that the HeapTimer is running on, we kill the HeapTimer ourselves. If not, then we set some state in the 
1490         HeapTimer and schedule it to fire immediately so that it can notice and kill itself.
1491         (JSC::HeapTimer::timerDidFire): We grab our mutex and check our JSGlobalData pointer. If it has been zero-ed
1492         out, then we know the VM has started to shutdown and we should kill ourselves. Otherwise, grab the APIEntryShim,
1493         but without ref-ing the JSGlobalData (we don't want to bring the JSGlobalData's ref-count from 0 to 1) in case 
1494         we were interrupted between releasing our mutex and trying to grab the APILock.
1495         * heap/HeapTimer.h:
1496         (HeapTimer):
1497         * heap/IncrementalSweeper.cpp:
1498         (JSC::IncrementalSweeper::doWork): We no longer need the API shim here since HeapTimer::timerDidFire handles 
1499         all of that for us. 
1500         (JSC::IncrementalSweeper::create):
1501         * heap/IncrementalSweeper.h:
1502         (IncrementalSweeper):
1503         * heap/MarkedAllocator.cpp:
1504         (JSC::MarkedAllocator::allocateSlowCase):
1505         * heap/WeakBlock.cpp:
1506         (JSC::WeakBlock::reap):
1507         * jsc.cpp:
1508         (functionGC):
1509         (functionReleaseExecutableMemory):
1510         (jscmain):
1511         * runtime/Completion.cpp:
1512         (JSC::checkSyntax):
1513         (JSC::evaluate):
1514         * runtime/GCActivityCallback.h:
1515         (DefaultGCActivityCallback):
1516         (JSC::DefaultGCActivityCallback::create):
1517         * runtime/JSGlobalData.cpp:
1518         (JSC::JSGlobalData::JSGlobalData):
1519         (JSC::JSGlobalData::~JSGlobalData): Signals to the two HeapTimers (GCActivityCallback and IncrementalSweeper)
1520         that the VM has started shutting down. It then waits until the HeapTimer is done with whatever activity 
1521         it needs to do before continuing with any further destruction. Also asserts that we do not currently hold the 
1522         APILock because this could potentially cause deadlock when we try to signal to the HeapTimers using their mutexes.
1523         (JSC::JSGlobalData::sharedInstance): Protect the initialization for the shared instance with the GlobalJSLock.
1524         (JSC::JSGlobalData::sharedInstanceInternal):
1525         * runtime/JSGlobalData.h: Change to be ThreadSafeRefCounted so that we don't have to worry about refing and 
1526         de-refing JSGlobalDatas on separate threads since we don't do it that often anyways.
1527         (JSGlobalData):
1528         (JSC::JSGlobalData::apiLock):
1529         * runtime/JSGlobalObject.cpp:
1530         (JSC::JSGlobalObject::~JSGlobalObject):
1531         (JSC::JSGlobalObject::init):
1532         * runtime/JSLock.cpp:
1533         (JSC):
1534         (JSC::GlobalJSLock::GlobalJSLock): For accessing the shared instance.
1535         (JSC::GlobalJSLock::~GlobalJSLock):
1536         (JSC::JSLockHolder::JSLockHolder): MutexLocker for JSLock. Also refs the JSGlobalData to keep it alive so that 
1537         it can successfully unlock it later without it disappearing from underneath it.
1538         (JSC::JSLockHolder::~JSLockHolder):
1539         (JSC::JSLock::JSLock):
1540         (JSC::JSLock::~JSLock):
1541         (JSC::JSLock::lock): Uses the spin lock for guarding the lock count and owner thread fields. Uses the mutex for 
1542         actually waiting for long periods. 
1543         (JSC::JSLock::unlock):
1544         (JSC::JSLock::currentThreadIsHoldingLock):
1545         (JSC::JSLock::dropAllLocks):
1546         (JSC::JSLock::dropAllLocksUnconditionally):
1547         (JSC::JSLock::grabAllLocks):
1548         (JSC::JSLock::DropAllLocks::DropAllLocks):
1549         (JSC::JSLock::DropAllLocks::~DropAllLocks):
1550         * runtime/JSLock.h:
1551         (JSC):
1552         (GlobalJSLock):
1553         (JSLockHolder):
1554         (JSLock):
1555         (DropAllLocks):
1556         * runtime/WeakGCMap.h:
1557         (JSC::WeakGCMap::set):
1558         * testRegExp.cpp:
1559         (realMain):
1560
1561 2012-06-27  Filip Pizlo  <fpizlo@apple.com>
1562
1563         x86 disassembler confuses immediates with addresses
1564         https://bugs.webkit.org/show_bug.cgi?id=90099
1565
1566         Reviewed by Mark Hahnenberg.
1567         
1568         Prepend "$" to immediates to disambiguate between immediates and addresses. This is in
1569         accordance with the gas and AT&T syntax.
1570
1571         * disassembler/udis86/udis86_syn-att.c:
1572         (gen_operand):
1573
1574 2012-06-27  Filip Pizlo  <fpizlo@apple.com>
1575
1576         Add a comment clarifying Options::showDisassembly versus Options::showDFGDisassembly.
1577
1578         Rubber stamped by Mark Hahnenberg.
1579
1580         * runtime/Options.cpp:
1581         (JSC::Options::initializeOptions):
1582
1583 2012-06-27  Anthony Scian  <ascian@rim.com>
1584
1585         Web Inspector [JSC]: Implement ScriptCallStack::stackTrace
1586         https://bugs.webkit.org/show_bug.cgi?id=40118
1587
1588         Reviewed by Yong Li.
1589
1590         Added member functions to expose function name, urlString, and line #.
1591         Refactored toString to make use of these member functions to reduce
1592         duplicated code for future maintenance.
1593
1594         Manually tested refactoring of toString by tracing thrown exceptions.
1595
1596         * interpreter/Interpreter.h:
1597         (StackFrame):
1598         (JSC::StackFrame::toString):
1599         (JSC::StackFrame::friendlySourceURL):
1600         (JSC::StackFrame::friendlyFunctionName):
1601         (JSC::StackFrame::friendlyLineNumber):
1602
1603 2012-06-27  Oswald Buddenhagen  <oswald.buddenhagen@nokia.com>
1604
1605         [Qt] Remove redundant c++11 warning suppression code
1606
1607         This is already handled in default_post.
1608
1609         Reviewed by Tor Arne Vestbø.
1610
1611         * Target.pri:
1612
1613 2012-06-26  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
1614
1615         [Qt] Add missing heades to HEADERS
1616
1617         For JavaScriptCore there aren't any Qt specific files, so we include all
1618         headers for easy editing in Qt Creator.
1619
1620         Reviewed by Simon Hausmann.
1621
1622         * Target.pri:
1623
1624 2012-06-26  Dominic Cooney  <dominicc@chromium.org>
1625
1626         [Chromium] Remove unused build scripts and empty folders for JavaScriptCore w/ gyp
1627         https://bugs.webkit.org/show_bug.cgi?id=90029
1628
1629         Reviewed by Adam Barth.
1630
1631         * gyp: Removed.
1632         * gyp/generate-derived-sources.sh: Removed.
1633         * gyp/generate-dtrace-header.sh: Removed.
1634         * gyp/run-if-exists.sh: Removed.
1635         * gyp/update-info-plist.sh: Removed.
1636
1637 2012-06-26  Geoffrey Garen  <ggaren@apple.com>
1638
1639         Reduced (but did not eliminate) use of "berzerker GC"
1640         https://bugs.webkit.org/show_bug.cgi?id=89237
1641
1642         Reviewed by Gavin Barraclough.
1643
1644         (PART 2)
1645
1646         This part turns off "berzerker GC" and turns on incremental shrinking.
1647
1648         * heap/IncrementalSweeper.cpp:
1649         (JSC::IncrementalSweeper::doSweep): Free or shrink after sweeping to
1650         maintain the behavior we used to get from the occasional berzerker GC,
1651         which would run all finalizers and then free or shrink all blocks
1652         synchronously.
1653
1654         * heap/MarkedBlock.h:
1655         (JSC::MarkedBlock::needsSweeping): Sweep zapped blocks, too. It's always
1656         safe to sweep a zapped block (that's the point of zapping), and it's
1657         sometimes profitable. For example, consider this case: Block A does some
1658         allocation (transitioning Block A from Marked to FreeListed), then GC
1659         happens (transitioning Block A to Zapped), then all objects in Block A
1660         are free, then the incremental sweeper visits Block A. If we skipped
1661         Zapped blocks, we'd skip Block A, even though it would be profitable to
1662         run its destructors and free its memory.
1663
1664         * runtime/GCActivityCallback.cpp:
1665         (JSC::DefaultGCActivityCallback::doWork): Don't sweep eagerly; we'll do
1666         this incrementally.
1667
1668 2012-06-26  Filip Pizlo  <fpizlo@apple.com>
1669
1670         DFG PutByValAlias is too aggressive
1671         https://bugs.webkit.org/show_bug.cgi?id=90026
1672         <rdar://problem/11751830>
1673
1674         Reviewed by Gavin Barraclough.
1675         
1676         For CSE on normal arrays, we now treat PutByVal as impure. This does not appear to affect
1677         performance by much.
1678         
1679         For CSE on typed arrays, we fix PutByValAlias by making GetByVal speculate that the access
1680         is within bounds. This also has the effect of making our out-of-bounds handling consistent
1681         with WebCore.
1682
1683         * dfg/DFGCSEPhase.cpp:
1684         (JSC::DFG::CSEPhase::performNodeCSE):
1685         * dfg/DFGGraph.h:
1686         (JSC::DFG::Graph::byValIsPure):
1687         (JSC::DFG::Graph::clobbersWorld):
1688         * dfg/DFGNodeType.h:
1689         (DFG):
1690         * dfg/DFGSpeculativeJIT.cpp:
1691         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
1692         (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
1693
1694 2012-06-26  Yong Li  <yoli@rim.com>
1695
1696         [BlackBerry] Add JSC statistics into about:memory
1697         https://bugs.webkit.org/show_bug.cgi?id=89779
1698
1699         Reviewed by Rob Buis.
1700
1701         Fix non-JIT build on BlackBerry broken by r121196.
1702
1703         * runtime/MemoryStatistics.cpp:
1704         (JSC::globalMemoryStatistics):
1705
1706 2012-06-25  Filip Pizlo  <fpizlo@apple.com>
1707
1708         DFG::operationNewArray is unnecessarily slow, and may use the wrong array
1709         prototype when inlined
1710         https://bugs.webkit.org/show_bug.cgi?id=89821
1711
1712         Reviewed by Geoffrey Garen.
1713         
1714         Fixes all array allocations to use the right structure, and hence the right prototype. Adds
1715         inlining of new Array(...) with a non-zero number of arguments. Optimizes allocations of
1716         empty arrays.
1717
1718         * dfg/DFGAbstractState.cpp:
1719         (JSC::DFG::AbstractState::execute):
1720         * dfg/DFGByteCodeParser.cpp:
1721         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
1722         * dfg/DFGCCallHelpers.h:
1723         (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
1724         (CCallHelpers):
1725         * dfg/DFGNodeType.h:
1726         (DFG):
1727         * dfg/DFGOperations.cpp:
1728         * dfg/DFGOperations.h:
1729         * dfg/DFGPredictionPropagationPhase.cpp:
1730         (JSC::DFG::PredictionPropagationPhase::propagate):
1731         * dfg/DFGSpeculativeJIT.h:
1732         (JSC::DFG::SpeculativeJIT::callOperation):
1733         * dfg/DFGSpeculativeJIT32_64.cpp:
1734         (JSC::DFG::SpeculativeJIT::compile):
1735         * dfg/DFGSpeculativeJIT64.cpp:
1736         (JSC::DFG::SpeculativeJIT::compile):
1737         * runtime/JSArray.h:
1738         (JSC):
1739         (JSC::constructArray):
1740         * runtime/JSGlobalObject.h:
1741         (JSC):
1742         (JSC::constructArray):
1743
1744 2012-06-26  Filip Pizlo  <fpizlo@apple.com>
1745
1746         New fast/js/dfg-store-unexpected-value-into-argument-and-osr-exit.html fails on 32 bit
1747         https://bugs.webkit.org/show_bug.cgi?id=89953
1748
1749         Reviewed by Zoltan Herczeg.
1750         
1751         DFG 32-bit JIT was confused about the difference between a predicted type and a
1752         proven type. This is easy to get confused about, since a local that is predicted int32
1753         almost always means that the local must be an int32 since speculations are hoisted to
1754         stores to locals. But that is less likely to be the case for arguments, where there is
1755         an additional least-upper-bounding step: any store to an argument with a weird type
1756         may force the argument to be any type.
1757         
1758         This patch basically duplicates the functionality in DFGSpeculativeJIT64.cpp for
1759         GetLocal: the decision of whether to load a local as an int32 (or as an array, or as
1760         a boolean) is made based on the AbstractValue::m_type, which is a type proof, rather
1761         than the VariableAccessData::prediction(), which is a predicted type.
1762
1763         * dfg/DFGSpeculativeJIT32_64.cpp:
1764         (JSC::DFG::SpeculativeJIT::compile):
1765
1766 2012-06-25  Filip Pizlo  <fpizlo@apple.com>
1767
1768         JSC should try to make profiling deterministic because otherwise reproducing failures is
1769         nearly impossible
1770         https://bugs.webkit.org/show_bug.cgi?id=89940
1771
1772         Rubber stamped by Gavin Barraclough.
1773         
1774         This rolls out the part of http://trac.webkit.org/changeset/121215 that introduced randomness
1775         into the system. Now, instead of randomizing the tier-up threshold, we always set it to an
1776         artificially low (and statically predetermined!) value. This gives most of the benefit of
1777         threshold randomization without actually making the system behave completely differently on
1778         each invocation.
1779
1780         * bytecode/ExecutionCounter.cpp:
1781         (JSC::ExecutionCounter::setThreshold):
1782         * runtime/Options.cpp:
1783         (Options):
1784         (JSC::Options::initializeOptions):
1785         * runtime/Options.h:
1786         (Options):
1787
1788 2012-06-22  Filip Pizlo  <fpizlo@apple.com>
1789
1790         Value profiling should use tier-up threshold randomization to get more coverage
1791         https://bugs.webkit.org/show_bug.cgi?id=89802
1792
1793         Reviewed by Gavin Barraclough.
1794         
1795         This patch causes both LLInt and Baseline JIT code to take the OSR slow path several
1796         times before actually doing OSR. If we take the OSR slow path before the execution
1797         count threshold is reached, then we just call CodeBlock::updateAllPredictions() to
1798         compute the current latest least-upper-bound SpecType of all values seen in each
1799         ValueProfile.
1800
1801         * bytecode/CodeBlock.cpp:
1802         (JSC::CodeBlock::stronglyVisitStrongReferences):
1803         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
1804         (JSC):
1805         (JSC::CodeBlock::updateAllPredictions):
1806         (JSC::CodeBlock::shouldOptimizeNow):
1807         * bytecode/CodeBlock.h:
1808         (JSC::CodeBlock::llintExecuteCounter):
1809         (JSC::CodeBlock::jitExecuteCounter):
1810         (CodeBlock):
1811         (JSC::CodeBlock::updateAllPredictions):
1812         * bytecode/ExecutionCounter.cpp:
1813         (JSC::ExecutionCounter::setThreshold):
1814         (JSC::ExecutionCounter::status):
1815         (JSC):
1816         * bytecode/ExecutionCounter.h:
1817         (JSC::ExecutionCounter::count):
1818         (ExecutionCounter):
1819         * dfg/DFGAbstractState.cpp:
1820         (JSC::DFG::AbstractState::execute):
1821         * dfg/DFGOperations.cpp:
1822         * dfg/DFGSpeculativeJIT.cpp:
1823         (JSC::DFG::SpeculativeJIT::compile):
1824         * jit/JITStubs.cpp:
1825         (JSC::DEFINE_STUB_FUNCTION):
1826         * llint/LLIntSlowPaths.cpp:
1827         (JSC::LLInt::jitCompileAndSetHeuristics):
1828         (JSC::LLInt::entryOSR):
1829         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1830         * runtime/JSGlobalObject.cpp:
1831         (JSC::JSGlobalObject::JSGlobalObject):
1832         (JSC):
1833         * runtime/JSGlobalObject.h:
1834         (JSGlobalObject):
1835         (JSC::JSGlobalObject::weakRandomInteger):
1836         * runtime/Options.cpp:
1837         (Options):
1838         (JSC::Options::initializeOptions):
1839         * runtime/Options.h:
1840         (Options):
1841         * runtime/WeakRandom.h:
1842         (WeakRandom):
1843         (JSC::WeakRandom::seedUnsafe):
1844
1845 2012-06-25  Yong Li  <yoli@rim.com>
1846
1847         [BlackBerry] Add JSC statistics into about:memory
1848         https://bugs.webkit.org/show_bug.cgi?id=89779
1849
1850         Reviewed by Rob Buis.
1851
1852         Add MemoryStatistics.cpp into build, and fill JITBytes for BlackBerry port.
1853
1854         * PlatformBlackBerry.cmake:
1855         * runtime/MemoryStatistics.cpp:
1856         (JSC::globalMemoryStatistics):
1857
1858 2012-06-23  Sheriff Bot  <webkit.review.bot@gmail.com>
1859
1860         Unreviewed, rolling out r121058.
1861         http://trac.webkit.org/changeset/121058
1862         https://bugs.webkit.org/show_bug.cgi?id=89809
1863
1864         Patch causes plugins tests to crash in GTK debug builds
1865         (Requested by zdobersek on #webkit).
1866
1867         * API/APIShims.h:
1868         (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
1869         (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
1870         (APIEntryShimWithoutLock):
1871         (JSC::APIEntryShim::APIEntryShim):
1872         (APIEntryShim):
1873         (JSC::APICallbackShim::~APICallbackShim):
1874         * API/JSContextRef.cpp:
1875         (JSGlobalContextCreate):
1876         (JSGlobalContextCreateInGroup):
1877         (JSGlobalContextRelease):
1878         (JSContextCreateBacktrace):
1879         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1880         * heap/CopiedSpace.cpp:
1881         (JSC::CopiedSpace::tryAllocateSlowCase):
1882         * heap/Heap.cpp:
1883         (JSC::Heap::protect):
1884         (JSC::Heap::unprotect):
1885         (JSC::Heap::collect):
1886         (JSC::Heap::setActivityCallback):
1887         (JSC::Heap::activityCallback):
1888         (JSC::Heap::sweeper):
1889         * heap/Heap.h:
1890         (Heap):
1891         * heap/HeapTimer.cpp:
1892         (JSC::HeapTimer::~HeapTimer):
1893         (JSC::HeapTimer::invalidate):
1894         (JSC::HeapTimer::timerDidFire):
1895         (JSC):
1896         * heap/HeapTimer.h:
1897         (HeapTimer):
1898         * heap/IncrementalSweeper.cpp:
1899         (JSC::IncrementalSweeper::doWork):
1900         (JSC::IncrementalSweeper::create):
1901         * heap/IncrementalSweeper.h:
1902         (IncrementalSweeper):
1903         * heap/MarkedAllocator.cpp:
1904         (JSC::MarkedAllocator::allocateSlowCase):
1905         * heap/WeakBlock.cpp:
1906         (JSC::WeakBlock::reap):
1907         * jsc.cpp:
1908         (functionGC):
1909         (functionReleaseExecutableMemory):
1910         (jscmain):
1911         * runtime/Completion.cpp:
1912         (JSC::checkSyntax):
1913         (JSC::evaluate):
1914         * runtime/GCActivityCallback.h:
1915         (DefaultGCActivityCallback):
1916         (JSC::DefaultGCActivityCallback::create):
1917         * runtime/JSGlobalData.cpp:
1918         (JSC::JSGlobalData::JSGlobalData):
1919         (JSC::JSGlobalData::~JSGlobalData):
1920         (JSC::JSGlobalData::sharedInstance):
1921         (JSC::JSGlobalData::sharedInstanceInternal):
1922         * runtime/JSGlobalData.h:
1923         (JSGlobalData):
1924         * runtime/JSGlobalObject.cpp:
1925         (JSC::JSGlobalObject::~JSGlobalObject):
1926         (JSC::JSGlobalObject::init):
1927         * runtime/JSLock.cpp:
1928         (JSC):
1929         (JSC::createJSLockCount):
1930         (JSC::JSLock::lockCount):
1931         (JSC::setLockCount):
1932         (JSC::JSLock::JSLock):
1933         (JSC::JSLock::lock):
1934         (JSC::JSLock::unlock):
1935         (JSC::JSLock::currentThreadIsHoldingLock):
1936         (JSC::JSLock::DropAllLocks::DropAllLocks):
1937         (JSC::JSLock::DropAllLocks::~DropAllLocks):
1938         * runtime/JSLock.h:
1939         (JSC):
1940         (JSLock):
1941         (JSC::JSLock::JSLock):
1942         (JSC::JSLock::~JSLock):
1943         (DropAllLocks):
1944         * runtime/WeakGCMap.h:
1945         (JSC::WeakGCMap::set):
1946         * testRegExp.cpp:
1947         (realMain):
1948
1949 2012-06-22  Alexandru Chiculita  <achicu@adobe.com>
1950
1951         [CSS Shaders] Re-enable the CSS Shaders compile time flag on Safari Mac
1952         https://bugs.webkit.org/show_bug.cgi?id=89781
1953
1954         Reviewed by Dean Jackson.
1955
1956         Added ENABLE_CSS_SHADERS flag as enabled by default on Safari for Mac.
1957
1958         * Configurations/FeatureDefines.xcconfig:
1959
1960 2012-06-22  Filip Pizlo  <fpizlo@apple.com>
1961
1962         DFG tier-up should happen in prologues, not epilogues
1963         https://bugs.webkit.org/show_bug.cgi?id=89752
1964
1965         Reviewed by Geoffrey Garen.
1966
1967         This change has two outcomes:
1968         
1969         1) Slightly reduces the likelihood that a function will be optimized both
1970         standalone and via inlining.  Previously, if you had a call sequence like foo() 
1971         calls bar() exactly once, and nobody else calls bar(), then bar() would get
1972         optimized first (because it returns first) and then foo() gets optimized.  If foo()
1973         can inline bar() then that means that bar() gets optimized twice.  But now, if we
1974         optimize in prologues, then foo() will be optimized first.  If it inlines bar(),
1975         that means that there will no longer be any calls to bar().
1976         
1977         2) It lets us kill some code in JITStubs.  Epilogue tier-up was very different from
1978         loop tier-up, since epilogue tier-up should not attempt OSR.  But prologue tier-up
1979         requires OSR (albeit really easy OSR since it's the top of the compilation unit),
1980         so it becomes just like loop tier-up.  As a result, we now have one optimization
1981         hook (cti_optimize) instead of two (cti_optimize_from_loop and
1982         cti_optimize_from_ret).
1983         
1984         As a consequence of not having an optimization check in epilogues, the OSR exit
1985         code must now trigger reoptimization itself instead of just signaling the epilogue
1986         check to fire.
1987         
1988         This also adds the ability to count the number of DFG compilations, which was
1989         useful for debugging this patch and might be useful for other things in the future.
1990
1991         * bytecode/CodeBlock.cpp:
1992         (JSC::CodeBlock::reoptimize):
1993         (JSC):
1994         * bytecode/CodeBlock.h:
1995         (CodeBlock):
1996         * dfg/DFGByteCodeParser.cpp:
1997         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1998         * dfg/DFGDriver.cpp:
1999         (DFG):
2000         (JSC::DFG::getNumCompilations):
2001         (JSC::DFG::compile):
2002         * dfg/DFGDriver.h:
2003         (DFG):
2004         * dfg/DFGOSRExitCompiler.cpp:
2005         (JSC::DFG::OSRExitCompiler::handleExitCounts):
2006         * dfg/DFGOperations.cpp:
2007         * dfg/DFGOperations.h:
2008         * jit/JIT.cpp:
2009         (JSC::JIT::emitOptimizationCheck):
2010         * jit/JIT.h:
2011         * jit/JITCall32_64.cpp:
2012         (JSC::JIT::emit_op_ret):
2013         (JSC::JIT::emit_op_ret_object_or_this):
2014         * jit/JITOpcodes.cpp:
2015         (JSC::JIT::emit_op_ret):
2016         (JSC::JIT::emit_op_ret_object_or_this):
2017         (JSC::JIT::emit_op_enter):
2018         * jit/JITOpcodes32_64.cpp:
2019         (JSC::JIT::emit_op_enter):
2020         * jit/JITStubs.cpp:
2021         (JSC::DEFINE_STUB_FUNCTION):
2022         * jit/JITStubs.h:
2023
2024 2012-06-20  Mark Hahnenberg  <mhahnenberg@apple.com>
2025
2026         JSLock should be per-JSGlobalData
2027         https://bugs.webkit.org/show_bug.cgi?id=89123
2028
2029         Reviewed by Gavin Barraclough.
2030
2031         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2032         * API/APIShims.h:
2033         (APIEntryShimWithoutLock):
2034         (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): Added an extra parameter to the constructor to 
2035         determine whether we should ref the JSGlobalData or not. We want to ref all the time except for in the 
2036         HeapTimer class because timerDidFire could run after somebody has started to tear down that particular 
2037         JSGlobalData, so we wouldn't want to resurrect the ref count of that JSGlobalData from 0 back to 1 after 
2038         its destruction has begun. 
2039         (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock): Now derefs if it also refed.
2040         (JSC::APIEntryShim::APIEntryShim):
2041         (APIEntryShim):
2042         (JSC::APIEntryShim::~APIEntryShim):
2043         (JSC::APIEntryShim::init): Factored out common initialization code for the various APIEntryShim constructors.
2044         Also moved the timeoutChecker stop and start here because we need to start after we've grabbed the API lock
2045         and before we've released it, which can only done in APIEntryShim.
2046         (JSC::APICallbackShim::~APICallbackShim): We no longer need to synchronize here.
2047         * API/JSContextRef.cpp:
2048         (JSGlobalContextCreate):
2049         (JSGlobalContextCreateInGroup):
2050         (JSGlobalContextRelease):
2051         (JSContextCreateBacktrace):
2052         * heap/CopiedSpace.cpp:
2053         (JSC::CopiedSpace::tryAllocateSlowCase):
2054         * heap/Heap.cpp:
2055         (JSC::Heap::protect):
2056         (JSC::Heap::unprotect):
2057         (JSC::Heap::collect):
2058         (JSC::Heap::setActivityCallback):
2059         (JSC::Heap::activityCallback):
2060         (JSC::Heap::sweeper):
2061         * heap/Heap.h: Changed m_activityCallback and m_sweeper to be raw pointers rather than OwnPtrs because they 
2062         are now responsible for their own lifetime. Also changed the order of declaration of the GCActivityCallback
2063         and the IncrementalSweeper to make sure they're the last things that get initialized during construction to 
2064         prevent any issues with uninitialized memory in the JSGlobalData/Heap they might care about.
2065         (Heap):
2066         * heap/HeapTimer.cpp: Refactored to allow for thread-safe operation and shutdown.
2067         (JSC::HeapTimer::~HeapTimer):
2068         (JSC::HeapTimer::invalidate):
2069         (JSC):
2070         (JSC::HeapTimer::didStartVMShutdown): Called at the beginning of ~JSGlobalData. If we're on the same thread 
2071         that the HeapTimer is running on, we kill the HeapTimer ourselves. If not, then we set some state in the 
2072         HeapTimer and schedule it to fire immediately so that it can notice and kill itself.
2073         (JSC::HeapTimer::timerDidFire): We grab our mutex and check our JSGlobalData pointer. If it has been zero-ed
2074         out, then we know the VM has started to shutdown and we should kill ourselves. Otherwise, grab the APIEntryShim,
2075         but without ref-ing the JSGlobalData (we don't want to bring the JSGlobalData's ref-count from 0 to 1) in case 
2076         we were interrupted between releasing our mutex and trying to grab the APILock.
2077         * heap/HeapTimer.h: 
2078         (HeapTimer):
2079         * heap/IncrementalSweeper.cpp:
2080         (JSC::IncrementalSweeper::doWork): We no longer need the API shim here since HeapTimer::timerDidFire handles 
2081         all of that for us. 
2082         (JSC::IncrementalSweeper::create):
2083         * heap/IncrementalSweeper.h:
2084         (IncrementalSweeper):
2085         * heap/MarkedAllocator.cpp:
2086         (JSC::MarkedAllocator::allocateSlowCase):
2087         * heap/WeakBlock.cpp:
2088         (JSC::WeakBlock::reap):
2089         * jsc.cpp:
2090         (functionGC):
2091         (functionReleaseExecutableMemory):
2092         (jscmain):
2093         * runtime/Completion.cpp:
2094         (JSC::checkSyntax):
2095         (JSC::evaluate):
2096         * runtime/GCActivityCallback.h:
2097         (DefaultGCActivityCallback):
2098         (JSC::DefaultGCActivityCallback::create):
2099         * runtime/JSGlobalData.cpp:
2100         (JSC::JSGlobalData::JSGlobalData):
2101         (JSC::JSGlobalData::~JSGlobalData): Signals to the two HeapTimers (GCActivityCallback and IncrementalSweeper)
2102         that the VM has started shutting down. It then waits until the HeapTimer is done with whatever activity 
2103         it needs to do before continuing with any further destruction. Also asserts that we do not currently hold the 
2104         APILock because this could potentially cause deadlock when we try to signal to the HeapTimers using their mutexes.
2105         (JSC::JSGlobalData::sharedInstance): Protect the initialization for the shared instance with the GlobalJSLock.
2106         (JSC::JSGlobalData::sharedInstanceInternal):
2107         * runtime/JSGlobalData.h: Change to be ThreadSafeRefCounted so that we don't have to worry about refing and 
2108         de-refing JSGlobalDatas on separate threads since we don't do it that often anyways.
2109         (JSGlobalData):
2110         (JSC::JSGlobalData::apiLock):
2111         * runtime/JSGlobalObject.cpp:
2112         (JSC::JSGlobalObject::~JSGlobalObject):
2113         (JSC::JSGlobalObject::init):
2114         * runtime/JSLock.cpp:
2115         (JSC):
2116         (JSC::GlobalJSLock::GlobalJSLock): For accessing the shared instance.
2117         (JSC::GlobalJSLock::~GlobalJSLock):
2118         (JSC::JSLockHolder::JSLockHolder): MutexLocker for JSLock. Also refs the JSGlobalData to keep it alive so that 
2119         it can successfully unlock it later without it disappearing from underneath it.
2120         (JSC::JSLockHolder::~JSLockHolder):
2121         (JSC::JSLock::JSLock):
2122         (JSC::JSLock::~JSLock):
2123         (JSC::JSLock::lock): Uses the spin lock for guarding the lock count and owner thread fields. Uses the mutex for 
2124         actually waiting for long periods. 
2125         (JSC::JSLock::unlock):
2126         (JSC::JSLock::currentThreadIsHoldingLock): 
2127         (JSC::JSLock::dropAllLocks):
2128         (JSC::JSLock::dropAllLocksUnconditionally):
2129         (JSC::JSLock::grabAllLocks):
2130         (JSC::JSLock::DropAllLocks::DropAllLocks):
2131         (JSC::JSLock::DropAllLocks::~DropAllLocks):
2132         * runtime/JSLock.h:
2133         (JSC):
2134         (GlobalJSLock):
2135         (JSLockHolder):
2136         (JSLock):
2137         (DropAllLocks):
2138         * runtime/WeakGCMap.h:
2139         (JSC::WeakGCMap::set):
2140         * testRegExp.cpp:
2141         (realMain):
2142
2143 2012-06-22  Peter Beverloo  <peter@chromium.org>
2144
2145         [Chromium] Disable c++0x compatibility warnings in JavaScriptCore.gyp when building for Android
2146         https://bugs.webkit.org/show_bug.cgi?id=88853
2147
2148         Reviewed by Steve Block.
2149
2150         The Android exclusions were necessary to fix a gyp generation error, as
2151         the gcc_version variable wasn't being defined for Android. Remove these
2152         exceptions when Chromium is able to define the gcc_version variable.
2153
2154         * JavaScriptCore.gyp/JavaScriptCore.gyp:
2155
2156 2012-06-21  Filip Pizlo  <fpizlo@apple.com>
2157
2158         op_resolve_global should not prevent DFG inlining
2159         https://bugs.webkit.org/show_bug.cgi?id=89726
2160
2161         Reviewed by Gavin Barraclough.
2162
2163         * bytecode/CodeBlock.cpp:
2164         (JSC::CodeBlock::CodeBlock):
2165         (JSC::CodeBlock::shrinkToFit):
2166         * bytecode/GlobalResolveInfo.h:
2167         (JSC::GlobalResolveInfo::GlobalResolveInfo):
2168         (GlobalResolveInfo):
2169         * dfg/DFGByteCodeParser.cpp:
2170         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2171         * dfg/DFGCapabilities.h:
2172         (JSC::DFG::canInlineOpcode):
2173         * dfg/DFGOperations.cpp:
2174         * dfg/DFGOperations.h:
2175         * dfg/DFGSpeculativeJIT.h:
2176         (JSC::DFG::SpeculativeJIT::callOperation):
2177         * dfg/DFGSpeculativeJIT32_64.cpp:
2178         (JSC::DFG::SpeculativeJIT::compile):
2179         * dfg/DFGSpeculativeJIT64.cpp:
2180         (JSC::DFG::SpeculativeJIT::compile):
2181
2182 2012-06-20  Filip Pizlo  <fpizlo@apple.com>
2183
2184         DFG should inline 'new Array()'
2185         https://bugs.webkit.org/show_bug.cgi?id=89632
2186
2187         Reviewed by Geoffrey Garen.
2188         
2189         This adds support for treating InternalFunction like intrinsics. The code
2190         to do so is actually quite clean, so I don't feel bad about perpetuating
2191         the InternalFunction vs. JSFunction-with-NativeExecutable dichotomy.
2192         
2193         Currently this newfound power is only used to inline 'new Array()'.
2194         
2195         * dfg/DFGByteCodeParser.cpp:
2196         (ByteCodeParser):
2197         (JSC::DFG::ByteCodeParser::handleCall):
2198         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
2199         (DFG):
2200         * dfg/DFGGraph.h:
2201         (JSC::DFG::Graph::isInternalFunctionConstant):
2202         (JSC::DFG::Graph::valueOfInternalFunctionConstant):
2203
2204 2012-06-21  Mark Hahnenberg  <mhahnenberg@apple.com>
2205
2206         Adding copyrights to new files.
2207
2208         * heap/HeapTimer.cpp:
2209         * heap/HeapTimer.h:
2210         * heap/IncrementalSweeper.cpp:
2211         * heap/IncrementalSweeper.h:
2212
2213 2012-06-21  Arnaud Renevier  <arno@renevier.net>
2214
2215         make sure headers are included only once per file
2216         https://bugs.webkit.org/show_bug.cgi?id=88922
2217
2218         Reviewed by Alexey Proskuryakov.
2219
2220         * bytecode/CodeBlock.h:
2221         * heap/MachineStackMarker.cpp:
2222         * runtime/JSVariableObject.h:
2223
2224 2012-06-21  Ryuan Choi  <ryuan.choi@gmail.com>
2225
2226         [EFL][WK2] Make WebKit2/Efl headers and resources installable.
2227         https://bugs.webkit.org/show_bug.cgi?id=88207
2228
2229         Reviewed by Chang Shu.
2230
2231         * shell/CMakeLists.txt: Use ${EXEC_INSTALL_DIR} instead of hardcoding "bin"
2232
2233 2012-06-20  Geoffrey Garen  <ggaren@apple.com>
2234
2235         Reduced (but did not eliminate) use of "berzerker GC"
2236         https://bugs.webkit.org/show_bug.cgi?id=89237
2237
2238         Reviewed by Gavin Barraclough.
2239
2240         (PART 1)
2241
2242         This patch turned out to be crashy, so I'm landing the non-crashy bits
2243         first.
2244
2245         This part is pre-requisite refactoring. I didn't actually turn off
2246         "berzerker GC" or turn on incremental shrinking.
2247
2248         * heap/MarkedAllocator.cpp:
2249         (JSC::MarkedAllocator::removeBlock): Make sure to clear the free list when
2250         we throw away the block we're currently allocating out of. Otherwise, we'll
2251         allocate out of a stale free list.
2252
2253         * heap/MarkedSpace.cpp:
2254         (JSC::Free::Free):
2255         (JSC::Free::operator()):
2256         (JSC::Free::returnValue): Refactored this functor to use a shared helper
2257         function, so we can share our implementation with the incremental sweeper.
2258
2259         Also changed to freeing individual blocks immediately instead of linking
2260         them into a list for later freeing. This makes the programming interface
2261         simpler, and it's slightly more efficient to boot.
2262
2263         (JSC::MarkedSpace::~MarkedSpace): Updated for rename.
2264
2265         (JSC::MarkedSpace::freeBlock):
2266         (JSC::MarkedSpace::freeOrShrinkBlock): New helper functions to share behavior
2267         with the incremental sweeper.
2268
2269         (JSC::MarkedSpace::shrink): Updated for new functor behavior.
2270
2271         * heap/MarkedSpace.h: Statically typed languages are awesome.
2272
2273 2012-06-20  Filip Pizlo  <fpizlo@apple.com>
2274
2275         DFG should optimize ResolveGlobal
2276         https://bugs.webkit.org/show_bug.cgi?id=89617
2277
2278         Reviewed by Oliver Hunt.
2279         
2280         This adds inlining of ResolveGlobal accesses that are known monomorphic. It also
2281         adds the specific function optimization to ResolveGlobal, when it is inlined. And,
2282         it makes internal functions act like specific functions, since that will be the
2283         most common use-case of this optimization.
2284         
2285         This is only a slighy speed-up (sub 1%), since we don't yet do the obvious thing
2286         with this optimization, which is to completely inline common "globally resolved"
2287         function and constructor calls, like "new Array()".
2288
2289         * CMakeLists.txt:
2290         * GNUmakefile.list.am:
2291         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2292         * JavaScriptCore.xcodeproj/project.pbxproj:
2293         * Target.pri:
2294         * bytecode/CodeBlock.cpp:
2295         (JSC::CodeBlock::globalResolveInfoForBytecodeOffset):
2296         * bytecode/CodeBlock.h:
2297         (CodeBlock):
2298         (JSC::CodeBlock::numberOfGlobalResolveInfos):
2299         * bytecode/GlobalResolveInfo.h:
2300         (JSC::getGlobalResolveInfoBytecodeOffset):
2301         (JSC):
2302         * bytecode/ResolveGlobalStatus.cpp: Added.
2303         (JSC):
2304         (JSC::computeForStructure):
2305         (JSC::computeForLLInt):
2306         (JSC::ResolveGlobalStatus::computeFor):
2307         * bytecode/ResolveGlobalStatus.h: Added.
2308         (JSC):
2309         (ResolveGlobalStatus):
2310         (JSC::ResolveGlobalStatus::ResolveGlobalStatus):
2311         (JSC::ResolveGlobalStatus::state):
2312         (JSC::ResolveGlobalStatus::isSet):
2313         (JSC::ResolveGlobalStatus::operator!):
2314         (JSC::ResolveGlobalStatus::isSimple):
2315         (JSC::ResolveGlobalStatus::takesSlowPath):
2316         (JSC::ResolveGlobalStatus::structure):
2317         (JSC::ResolveGlobalStatus::offset):
2318         (JSC::ResolveGlobalStatus::specificValue):
2319         * dfg/DFGByteCodeParser.cpp:
2320         (ByteCodeParser):
2321         (JSC::DFG::ByteCodeParser::handleGetByOffset):
2322         (DFG):
2323         (JSC::DFG::ByteCodeParser::handleGetById):
2324         (JSC::DFG::ByteCodeParser::parseBlock):
2325         * runtime/JSObject.cpp:
2326         (JSC::getCallableObjectSlow):
2327         (JSC):
2328         (JSC::JSObject::put):
2329         (JSC::JSObject::putDirectVirtual):
2330         (JSC::JSObject::putDirectAccessor):
2331         * runtime/JSObject.h:
2332         (JSC):
2333         (JSC::getCallableObject):
2334         (JSC::JSObject::putOwnDataProperty):
2335         (JSC::JSObject::putDirect):
2336         (JSC::JSObject::putDirectWithoutTransition):
2337
2338 2012-06-20  Filip Pizlo  <fpizlo@apple.com>
2339
2340         Functions on global objects should be specializable
2341         https://bugs.webkit.org/show_bug.cgi?id=89615
2342
2343         Reviewed by Oliver Hunt.
2344         
2345         I tested to see if this brought back the bug in https://bugs.webkit.org/show_bug.cgi?id=33343,
2346         and it didn't. Bug 33343 was the reason why we disabled global object function specialization
2347         to begin with. So I'm guessing this is safe.
2348
2349         * runtime/JSGlobalObject.cpp:
2350         (JSC::JSGlobalObject::init):
2351
2352 2012-06-20  Filip Pizlo  <fpizlo@apple.com>
2353
2354         build-webkit failure due to illegal 32-bit integer constants in code
2355         generated by offlineasm
2356         https://bugs.webkit.org/show_bug.cgi?id=89347
2357
2358         Reviewed by Geoffrey Garen.
2359         
2360         The offending constants are the magic numbers used by offlineasm to find
2361         offsets in the generated machine code. Added code to turn them into what
2362         the C++ compiler will believe to be valid 32-bit values.
2363
2364         * offlineasm/offsets.rb:
2365
2366 2012-06-19  Geoffrey Garen  <ggaren@apple.com>
2367
2368         Made the incremental sweeper more aggressive
2369         https://bugs.webkit.org/show_bug.cgi?id=89527
2370
2371         Reviewed by Oliver Hunt.
2372
2373         This is a pre-requisite to getting rid of "berzerker GC" because we need
2374         the sweeper to reclaim memory in a timely fashion, or we'll see a memory
2375         footprint regression.
2376
2377         * heap/IncrementalSweeper.h:
2378         * heap/IncrementalSweeper.cpp:
2379         (JSC::IncrementalSweeper::scheduleTimer): Since the time slice is predictable,
2380         no need to use a data member to record it.
2381
2382         (JSC::IncrementalSweeper::doSweep): Sweep as many blocks as we can in a
2383         small time slice. This is better than sweeping only one block per timer
2384         fire because that strategy has a heavy timer overhead, and artificially
2385         delays memory reclamation.
2386
2387 2012-06-20  Filip Pizlo  <fpizlo@apple.com>
2388
2389         DFG should be able to print disassembly interleaved with the IR
2390         https://bugs.webkit.org/show_bug.cgi?id=89551
2391
2392         Reviewed by Geoffrey Garen.
2393         
2394         This change also removes running Dominators unconditionally on every DFG
2395         compile. Dominators are designed to be computed on-demand, and currently
2396         the only demand is graph dumps.
2397
2398         * CMakeLists.txt:
2399         * GNUmakefile.list.am:
2400         * JavaScriptCore.xcodeproj/project.pbxproj:
2401         * Target.pri:
2402         * assembler/ARMv7Assembler.h:
2403         (JSC::ARMv7Assembler::labelIgnoringWatchpoints):
2404         (ARMv7Assembler):
2405         * assembler/AbstractMacroAssembler.h:
2406         (AbstractMacroAssembler):
2407         (JSC::AbstractMacroAssembler::labelIgnoringWatchpoints):
2408         * assembler/X86Assembler.h:
2409         (X86Assembler):
2410         (JSC::X86Assembler::labelIgnoringWatchpoints):
2411         * dfg/DFGCommon.h:
2412         (JSC::DFG::shouldShowDisassembly):
2413         (DFG):
2414         * dfg/DFGDisassembler.cpp: Added.
2415         (DFG):
2416         (JSC::DFG::Disassembler::Disassembler):
2417         (JSC::DFG::Disassembler::dump):
2418         (JSC::DFG::Disassembler::dumpDisassembly):
2419         * dfg/DFGDisassembler.h: Added.
2420         (DFG):
2421         (Disassembler):
2422         (JSC::DFG::Disassembler::setStartOfCode):
2423         (JSC::DFG::Disassembler::setForBlock):
2424         (JSC::DFG::Disassembler::setForNode):
2425         (JSC::DFG::Disassembler::setEndOfMainPath):
2426         (JSC::DFG::Disassembler::setEndOfCode):
2427         * dfg/DFGDriver.cpp:
2428         (JSC::DFG::compile):
2429         * dfg/DFGGraph.cpp:
2430         (JSC::DFG::Graph::dumpCodeOrigin):
2431         (JSC::DFG::Graph::amountOfNodeWhiteSpace):
2432         (DFG):
2433         (JSC::DFG::Graph::printNodeWhiteSpace):
2434         (JSC::DFG::Graph::dump):
2435         (JSC::DFG::Graph::dumpBlockHeader):
2436         * dfg/DFGGraph.h:
2437         * dfg/DFGJITCompiler.cpp:
2438         (JSC::DFG::JITCompiler::JITCompiler):
2439         (DFG):
2440         (JSC::DFG::JITCompiler::compile):
2441         (JSC::DFG::JITCompiler::compileFunction):
2442         * dfg/DFGJITCompiler.h:
2443         (JITCompiler):
2444         (JSC::DFG::JITCompiler::setStartOfCode):
2445         (JSC::DFG::JITCompiler::setForBlock):
2446         (JSC::DFG::JITCompiler::setForNode):
2447         (JSC::DFG::JITCompiler::setEndOfMainPath):
2448         (JSC::DFG::JITCompiler::setEndOfCode):
2449         * dfg/DFGNode.h:
2450         (Node):
2451         (JSC::DFG::Node::willHaveCodeGen):
2452         * dfg/DFGNodeFlags.cpp:
2453         (JSC::DFG::nodeFlagsAsString):
2454         * dfg/DFGSpeculativeJIT.cpp:
2455         (JSC::DFG::SpeculativeJIT::compile):
2456         * dfg/DFGSpeculativeJIT.h:
2457         (SpeculativeJIT):
2458         * runtime/Options.cpp:
2459         (Options):
2460         (JSC::Options::initializeOptions):
2461         * runtime/Options.h:
2462         (Options):
2463
2464 2012-06-19  Filip Pizlo  <fpizlo@apple.com>
2465
2466         JSC should be able to show disassembly for all generated JIT code
2467         https://bugs.webkit.org/show_bug.cgi?id=89536
2468
2469         Reviewed by Gavin Barraclough.
2470         
2471         Now instead of doing linkBuffer.finalizeCode(), you do
2472         FINALIZE_CODE(linkBuffer, (... explanation ...)). FINALIZE_CODE() then
2473         prints your explanation and the disassembled code, if
2474         Options::showDisassembly is set to true.
2475
2476         * CMakeLists.txt:
2477         * GNUmakefile.list.am:
2478         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2479         * JavaScriptCore.xcodeproj/project.pbxproj:
2480         * Target.pri:
2481         * assembler/LinkBuffer.cpp: Added.
2482         (JSC):
2483         (JSC::LinkBuffer::finalizeCodeWithoutDisassembly):
2484         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
2485         (JSC::LinkBuffer::linkCode):
2486         (JSC::LinkBuffer::performFinalization):
2487         (JSC::LinkBuffer::dumpLinkStatistics):
2488         (JSC::LinkBuffer::dumpCode):
2489         * assembler/LinkBuffer.h:
2490         (LinkBuffer):
2491         (JSC):
2492         * assembler/MacroAssemblerCodeRef.h:
2493         (JSC::MacroAssemblerCodeRef::tryToDisassemble):
2494         (MacroAssemblerCodeRef):
2495         * dfg/DFGJITCompiler.cpp:
2496         (JSC::DFG::JITCompiler::compile):
2497         (JSC::DFG::JITCompiler::compileFunction):
2498         * dfg/DFGOSRExitCompiler.cpp:
2499         * dfg/DFGRepatch.cpp:
2500         (JSC::DFG::generateProtoChainAccessStub):
2501         (JSC::DFG::tryCacheGetByID):
2502         (JSC::DFG::tryBuildGetByIDList):
2503         (JSC::DFG::emitPutReplaceStub):
2504         (JSC::DFG::emitPutTransitionStub):
2505         * dfg/DFGThunks.cpp:
2506         (JSC::DFG::osrExitGenerationThunkGenerator):
2507         * disassembler/Disassembler.h:
2508         (JSC):
2509         (JSC::tryToDisassemble):
2510         * disassembler/UDis86Disassembler.cpp:
2511         (JSC::tryToDisassemble):
2512         * jit/JIT.cpp:
2513         (JSC::JIT::privateCompile):
2514         * jit/JITCode.h:
2515         (JSC::JITCode::tryToDisassemble):
2516         * jit/JITOpcodes.cpp:
2517         (JSC::JIT::privateCompileCTIMachineTrampolines):
2518         * jit/JITOpcodes32_64.cpp:
2519         (JSC::JIT::privateCompileCTIMachineTrampolines):
2520         (JSC::JIT::privateCompileCTINativeCall):
2521         * jit/JITPropertyAccess.cpp:
2522         (JSC::JIT::stringGetByValStubGenerator):
2523         (JSC::JIT::privateCompilePutByIdTransition):
2524         (JSC::JIT::privateCompilePatchGetArrayLength):
2525         (JSC::JIT::privateCompileGetByIdProto):
2526         (JSC::JIT::privateCompileGetByIdSelfList):
2527         (JSC::JIT::privateCompileGetByIdProtoList):
2528         (JSC::JIT::privateCompileGetByIdChainList):
2529         (JSC::JIT::privateCompileGetByIdChain):
2530         * jit/JITPropertyAccess32_64.cpp:
2531         (JSC::JIT::stringGetByValStubGenerator):
2532         (JSC::JIT::privateCompilePutByIdTransition):
2533         (JSC::JIT::privateCompilePatchGetArrayLength):
2534         (JSC::JIT::privateCompileGetByIdProto):
2535         (JSC::JIT::privateCompileGetByIdSelfList):
2536         (JSC::JIT::privateCompileGetByIdProtoList):
2537         (JSC::JIT::privateCompileGetByIdChainList):
2538         (JSC::JIT::privateCompileGetByIdChain):
2539         * jit/SpecializedThunkJIT.h:
2540         (JSC::SpecializedThunkJIT::finalize):
2541         * jit/ThunkGenerators.cpp:
2542         (JSC::charCodeAtThunkGenerator):
2543         (JSC::charAtThunkGenerator):
2544         (JSC::fromCharCodeThunkGenerator):
2545         (JSC::sqrtThunkGenerator):
2546         (JSC::floorThunkGenerator):
2547         (JSC::ceilThunkGenerator):
2548         (JSC::roundThunkGenerator):
2549         (JSC::expThunkGenerator):
2550         (JSC::logThunkGenerator):
2551         (JSC::absThunkGenerator):
2552         (JSC::powThunkGenerator):
2553         * llint/LLIntThunks.cpp:
2554         (JSC::LLInt::generateThunkWithJumpTo):
2555         (JSC::LLInt::functionForCallEntryThunkGenerator):
2556         (JSC::LLInt::functionForConstructEntryThunkGenerator):
2557         (JSC::LLInt::functionForCallArityCheckThunkGenerator):
2558         (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
2559         (JSC::LLInt::evalEntryThunkGenerator):
2560         (JSC::LLInt::programEntryThunkGenerator):
2561         * runtime/Options.cpp:
2562         (Options):
2563         (JSC::Options::initializeOptions):
2564         * runtime/Options.h:
2565         (Options):
2566         * yarr/YarrJIT.cpp:
2567         (JSC::Yarr::YarrGenerator::compile):
2568
2569 2012-06-19  Mark Hahnenberg  <mhahnenberg@apple.com>
2570
2571         [Qt][Mac] REGRESSION(r120742): It broke the build
2572         https://bugs.webkit.org/show_bug.cgi?id=89516
2573
2574         Reviewed by Geoffrey Garen.
2575
2576         Removing GCActivityCallbackCF.cpp because it doesn't mesh well with cross-platform 
2577         code on Darwin (e.g. Qt). We now use plain ol' vanilla ifdefs to handle platforms 
2578         without CF support. These if-defs will probably disappear in the future when we 
2579         use cross-platform timers in HeapTimer.
2580
2581         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2582         * JavaScriptCore.xcodeproj/project.pbxproj:
2583         * runtime/GCActivityCallback.cpp:
2584         (JSC):
2585         (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
2586         (JSC::DefaultGCActivityCallback::doWork):
2587         (JSC::DefaultGCActivityCallback::scheduleTimer):
2588         (JSC::DefaultGCActivityCallback::cancelTimer):
2589         (JSC::DefaultGCActivityCallback::didAllocate):
2590         (JSC::DefaultGCActivityCallback::willCollect):
2591         (JSC::DefaultGCActivityCallback::cancel):
2592         * runtime/GCActivityCallbackCF.cpp: Removed.
2593
2594 2012-06-19  Filip Pizlo  <fpizlo@apple.com>
2595
2596         DFG CFA forgets to notify subsequent phases of found constants if it proves LogicalNot to be a constant
2597         https://bugs.webkit.org/show_bug.cgi?id=89511
2598         <rdar://problem/11700089>
2599
2600         Reviewed by Geoffrey Garen.
2601
2602         * dfg/DFGAbstractState.cpp:
2603         (JSC::DFG::AbstractState::execute):
2604
2605 2012-06-19  Mark Lam  <mark.lam@apple.com>
2606
2607         CodeBlock::needsCallReturnIndices() is no longer needed.
2608         https://bugs.webkit.org/show_bug.cgi?id=89490
2609
2610         Reviewed by Geoffrey Garen.
2611
2612         * bytecode/CodeBlock.h:
2613         (JSC::CodeBlock::needsCallReturnIndices): removed.
2614         * dfg/DFGJITCompiler.cpp:
2615         (JSC::DFG::JITCompiler::link):
2616         * jit/JIT.cpp:
2617         (JSC::JIT::privateCompile):
2618
2619 2012-06-19  Filip Pizlo  <fpizlo@apple.com>
2620
2621         Unreviewed, try to fix Windows build.
2622
2623         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2624
2625 2012-06-17  Filip Pizlo  <fpizlo@apple.com>
2626
2627         It should be possible to look at disassembly
2628         https://bugs.webkit.org/show_bug.cgi?id=89319
2629
2630         Reviewed by Sam Weinig.
2631         
2632         This imports the udis86 disassembler library. The library is placed
2633         behind an abstraction in disassembler/Disassembler.h, so that we can
2634         in the future use other disassemblers (for other platforms) whenever
2635         appropriate. As a first step, the disassembler is being invoked for
2636         DFG verbose dumps.
2637         
2638         If we ever want to merge a new version of udis86 in the future, I've
2639         made notes about changes I made to the library in
2640         disassembler/udis86/differences.txt.
2641
2642         * CMakeLists.txt:
2643         * DerivedSources.make:
2644         * GNUmakefile.list.am:
2645         * JavaScriptCore.pri:
2646         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2647         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
2648         * JavaScriptCore.xcodeproj/project.pbxproj:
2649         * dfg/DFGJITCompiler.cpp:
2650         (JSC::DFG::JITCompiler::compile):
2651         (JSC::DFG::JITCompiler::compileFunction):
2652         * disassembler: Added.
2653         * disassembler/Disassembler.h: Added.
2654         (JSC):
2655         (JSC::tryToDisassemble):
2656         * disassembler/UDis86Disassembler.cpp: Added.
2657         (JSC):
2658         (JSC::tryToDisassemble):
2659         * disassembler/udis86: Added.
2660         * disassembler/udis86/differences.txt: Added.
2661         * disassembler/udis86/itab.py: Added.
2662         (UdItabGenerator):
2663         (UdItabGenerator.__init__):
2664         (UdItabGenerator.toGroupId):
2665         (UdItabGenerator.genLookupTable):
2666         (UdItabGenerator.genLookupTableList):
2667         (UdItabGenerator.genInsnTable):
2668         (genItabH):
2669         (genItabH.UD_ITAB_H):
2670         (genItabC):
2671         (genItab):
2672         (main):
2673         * disassembler/udis86/optable.xml: Added.
2674         * disassembler/udis86/ud_opcode.py: Added.
2675         (UdOpcodeTables):
2676         (UdOpcodeTables.sizeOfTable):
2677         (UdOpcodeTables.nameOfTable):
2678         (UdOpcodeTables.updateTable):
2679         (UdOpcodeTables.Insn):
2680         (UdOpcodeTables.Insn.__init__):
2681         (UdOpcodeTables.Insn.__init__.opcode):
2682         (UdOpcodeTables.parse):
2683         (UdOpcodeTables.addInsnDef):
2684         (UdOpcodeTables.print_table):
2685         (UdOpcodeTables.print_tree):
2686         * disassembler/udis86/ud_optable.py: Added.
2687         (UdOptableXmlParser):
2688         (UdOptableXmlParser.parseDef):
2689         (UdOptableXmlParser.parse):
2690         (printFn):
2691         (parse):
2692         (main):
2693         * disassembler/udis86/udis86.c: Added.
2694         (ud_init):
2695         (ud_disassemble):
2696         (ud_set_mode):
2697         (ud_set_vendor):
2698         (ud_set_pc):
2699         (ud):
2700         (ud_insn_asm):
2701         (ud_insn_off):
2702         (ud_insn_hex):
2703         (ud_insn_ptr):
2704         (ud_insn_len):
2705         * disassembler/udis86/udis86.h: Added.
2706         * disassembler/udis86/udis86_decode.c: Added.
2707         (eff_adr_mode):
2708         (ud_lookup_mnemonic):
2709         (decode_prefixes):
2710         (modrm):
2711         (resolve_operand_size):
2712         (resolve_mnemonic):
2713         (decode_a):
2714         (decode_gpr):
2715         (resolve_gpr64):
2716         (resolve_gpr32):
2717         (resolve_reg):
2718         (decode_imm):
2719         (decode_modrm_reg):
2720         (decode_modrm_rm):
2721         (decode_o):
2722         (decode_operand):
2723         (decode_operands):
2724         (clear_insn):
2725         (resolve_mode):
2726         (gen_hex):
2727         (decode_insn):
2728         (decode_3dnow):
2729         (decode_ssepfx):
2730         (decode_ext):
2731         (decode_opcode):
2732         (ud_decode):
2733         * disassembler/udis86/udis86_decode.h: Added.
2734         (ud_itab_entry_operand):
2735         (ud_itab_entry):
2736         (ud_lookup_table_list_entry):
2737         (sse_pfx_idx):
2738         (mode_idx):
2739         (modrm_mod_idx):
2740         (vendor_idx):
2741         (is_group_ptr):
2742         (group_idx):
2743         * disassembler/udis86/udis86_extern.h: Added.
2744         * disassembler/udis86/udis86_input.c: Added.
2745         (inp_buff_hook):
2746         (inp_file_hook):
2747         (ud):
2748         (ud_set_user_opaque_data):
2749         (ud_get_user_opaque_data):
2750         (ud_set_input_buffer):
2751         (ud_set_input_file):
2752         (ud_input_skip):
2753         (ud_input_end):
2754         (ud_inp_next):
2755         (ud_inp_back):
2756         (ud_inp_peek):
2757         (ud_inp_move):
2758         (ud_inp_uint8):
2759         (ud_inp_uint16):
2760         (ud_inp_uint32):
2761         (ud_inp_uint64):
2762         * disassembler/udis86/udis86_input.h: Added.
2763         * disassembler/udis86/udis86_itab_holder.c: Added.
2764         * disassembler/udis86/udis86_syn-att.c: Added.
2765         (opr_cast):
2766         (gen_operand):
2767         (ud_translate_att):
2768         * disassembler/udis86/udis86_syn-intel.c: Added.
2769         (opr_cast):
2770         (gen_operand):
2771         (ud_translate_intel):
2772         * disassembler/udis86/udis86_syn.c: Added.
2773         * disassembler/udis86/udis86_syn.h: Added.
2774         (mkasm):
2775         * disassembler/udis86/udis86_types.h: Added.
2776         (ud_operand):
2777         (ud):
2778         * jit/JITCode.h:
2779         (JITCode):
2780         (JSC::JITCode::tryToDisassemble):
2781
2782 2012-06-19  Mark Hahnenberg  <mhahnenberg@apple.com>
2783
2784         GCActivityCallback and IncrementalSweeper should share code
2785         https://bugs.webkit.org/show_bug.cgi?id=89400
2786
2787         Reviewed by Geoffrey Garen.
2788
2789         A lot of functionality is duplicated between GCActivityCallback and IncrementalSweeper. 
2790         We should extract the common functionality out into a separate class that both of them 
2791         can inherit from. This refactoring will be an even greater boon when we add the ability 
2792         to shut these two agents down in a thread-safe fashion
2793
2794         * CMakeLists.txt:
2795         * GNUmakefile.list.am:
2796         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2797         * JavaScriptCore.xcodeproj/project.pbxproj:
2798         * Target.pri:
2799         * heap/Heap.cpp:
2800         (JSC::Heap::Heap): Move initialization down so that the JSGlobalData has a valid Heap when 
2801         we're initializing the GCActivityCallback and the IncrementalSweeper.
2802         * heap/Heap.h:
2803         (Heap):
2804         * heap/HeapTimer.cpp: Added.
2805         (JSC):
2806         (JSC::HeapTimer::HeapTimer): Initialize the various base class data that
2807         DefaultGCActivityCallback::commonConstructor() used to do.
2808         (JSC::HeapTimer::~HeapTimer): Call to invalidate().
2809         (JSC::HeapTimer::synchronize): Same functionality as the old DefaultGCActivityCallback::synchronize().
2810         Virtual so that non-CF subclasses can override.
2811         (JSC::HeapTimer::invalidate): Tears down the runloop timer to prevent any future firing.
2812         (JSC::HeapTimer::timerDidFire): Callback to pass to the timer function. Casts and calls the virtual doWork().
2813         * heap/HeapTimer.h: Added. This is the class that serves as the common base class for 
2814         both GCActivityCallback and IncrementalSweeper. It handles setting up and tearing down run loops and synchronizing 
2815         across threads for its subclasses. 
2816         (JSC):
2817         (HeapTimer):
2818         * heap/IncrementalSweeper.cpp: Changes to accomodate the extraction of common functionality 
2819         between IncrementalSweeper and GCActivityCallback into a common ancestor.
2820         (JSC):
2821         (JSC::IncrementalSweeper::doWork): 
2822         (JSC::IncrementalSweeper::IncrementalSweeper):
2823         (JSC::IncrementalSweeper::cancelTimer):
2824         (JSC::IncrementalSweeper::create):
2825         * heap/IncrementalSweeper.h:
2826         (IncrementalSweeper):
2827         * runtime/GCActivityCallback.cpp:
2828         (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
2829         (JSC::DefaultGCActivityCallback::doWork):
2830         * runtime/GCActivityCallback.h:
2831         (GCActivityCallback):
2832         (JSC::GCActivityCallback::willCollect):
2833         (JSC::GCActivityCallback::GCActivityCallback):
2834         (JSC):
2835         (DefaultGCActivityCallback): Remove the platform data struct. The platform data should be kept in 
2836         the class itself so as to be accessible by doWork(). Most of the platform data for CF is kept in 
2837         HeapTimer anyways, so we only need the m_delay field now.
2838         * runtime/GCActivityCallbackBlackBerry.cpp:
2839         (JSC):
2840         (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
2841         (JSC::DefaultGCActivityCallback::doWork):
2842         (JSC::DefaultGCActivityCallback::didAllocate):
2843         * runtime/GCActivityCallbackCF.cpp:
2844         (JSC):
2845         (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
2846         (JSC::DefaultGCActivityCallback::doWork):
2847         (JSC::DefaultGCActivityCallback::scheduleTimer):
2848         (JSC::DefaultGCActivityCallback::cancelTimer):
2849         (JSC::DefaultGCActivityCallback::didAllocate):
2850         (JSC::DefaultGCActivityCallback::willCollect):
2851         (JSC::DefaultGCActivityCallback::cancel):
2852
2853
2854 2012-06-19  Mike West  <mkwst@chromium.org>
2855
2856         Introduce ENABLE_CSP_NEXT configuration flag.
2857         https://bugs.webkit.org/show_bug.cgi?id=89300
2858
2859         Reviewed by Adam Barth.
2860
2861         The 1.0 draft of the Content Security Policy spec is just about to
2862         move to Last Call. We'll hide work on the upcoming 1.1 spec behind
2863         this ENABLE flag, disabled by default.
2864
2865         Spec: https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html
2866
2867         * Configurations/FeatureDefines.xcconfig:
2868
2869 2012-06-18  Mark Lam  <mark.lam@apple.com>
2870
2871         Changed JSC to always record line number information so that error.stack
2872         and window.onerror() can report proper line numbers.
2873         https://bugs.webkit.org/show_bug.cgi?id=89410
2874
2875         Reviewed by Geoffrey Garen.
2876
2877         * bytecode/CodeBlock.cpp:
2878         (JSC::CodeBlock::CodeBlock):
2879         (JSC::CodeBlock::lineNumberForBytecodeOffset):
2880         (JSC::CodeBlock::shrinkToFit): m_lineInfo is now available unconditionally.
2881
2882         * bytecode/CodeBlock.h:
2883         (JSC::CodeBlock::addLineInfo):
2884         (JSC::CodeBlock::hasLineInfo): Unused.  Now removed.
2885         (JSC::CodeBlock::needsCallReturnIndices):
2886         (CodeBlock):
2887         (RareData):  Hoisted m_lineInfo out of m_rareData.  m_lineInfo is now
2888         filled in unconditionally.
2889
2890         * bytecompiler/BytecodeGenerator.h:
2891         (JSC::BytecodeGenerator::addLineInfo):
2892
2893 2012-06-18  Andy Estes  <aestes@apple.com>
2894
2895         Fix r120663, which didn't land the change that was reviewed.
2896
2897 2012-06-18  Andy Estes  <aestes@apple.com>
2898
2899         [JSC] In JSGlobalData.cpp, enableAssembler() sometimes leaks two CF objects
2900         https://bugs.webkit.org/show_bug.cgi?id=89415
2901
2902         Reviewed by Sam Weinig.
2903
2904         In the case where canUseJIT was a non-NULL CFBooleanRef,
2905         enableAssembler() would leak both canUseJITKey and canUseJIT by
2906         returning before calling CFRelease. Fix this by using RetainPtr.
2907
2908         * runtime/JSGlobalData.cpp:
2909         (JSC::enableAssembler):
2910
2911 2012-06-17  Geoffrey Garen  <ggaren@apple.com>
2912
2913         GC copy phase spends needless cycles zero-filling blocks
2914         https://bugs.webkit.org/show_bug.cgi?id=89128
2915
2916         Reviewed by Gavin Barraclough.
2917
2918         We only need to zero-fill when we're allocating memory that might not
2919         get fully initialized before GC.
2920
2921         * heap/CopiedBlock.h:
2922         (JSC::CopiedBlock::createNoZeroFill):
2923         (JSC::CopiedBlock::create): Added a way to create without zero-filling.
2924         This is our optimization.
2925
2926         (JSC::CopiedBlock::zeroFillToEnd):
2927         (JSC::CopiedBlock::CopiedBlock): Split zero-filling out from creation,
2928         so we can sometimes create without zero-filling.
2929
2930         * heap/CopiedSpace.cpp:
2931         (JSC::CopiedSpace::init):
2932         (JSC::CopiedSpace::tryAllocateSlowCase):
2933         (JSC::CopiedSpace::doneCopying): Renamed addNewBlock to allocateBlock()
2934         to clarify that the new block is always newly-allocated.
2935
2936         (JSC::CopiedSpace::doneFillingBlock): Make sure to zero-fill to the end
2937         of a block that might be used in the future for allocation. (Most of the
2938         time, this is a no-op, since we've already filled the block completely.)
2939
2940         (JSC::CopiedSpace::getFreshBlock): Removed this function because the
2941         abstraction of "allocation must succeed" is no longer useful.
2942
2943         * heap/CopiedSpace.h: Updated declarations to match.
2944
2945         * heap/CopiedSpaceInlineMethods.h:
2946         (JSC::CopiedSpace::allocateBlockForCopyingPhase): New function, which
2947         knows that it can skip zero-filling.
2948
2949         Added tighter scoping to our lock, to improve parallelism.
2950
2951         (JSC::CopiedSpace::allocateBlock): Folded getFreshBlock functionality
2952         into this function, for simplicity.
2953
2954         * heap/MarkStack.cpp:
2955         (JSC::SlotVisitor::startCopying):
2956         (JSC::SlotVisitor::allocateNewSpace): Use our new zero-fill-free helper
2957         function for great good.
2958
2959 2012-06-17  Filip Pizlo  <fpizlo@apple.com>
2960
2961         DFG should attempt to use structure watchpoints for all inlined get_by_id's and put_by_id's
2962         https://bugs.webkit.org/show_bug.cgi?id=89316
2963
2964         Reviewed by Oliver Hunt.
2965
2966         * dfg/DFGByteCodeParser.cpp:
2967         (JSC::DFG::ByteCodeParser::addStructureTransitionCheck):
2968         (ByteCodeParser):
2969         (JSC::DFG::ByteCodeParser::handleGetById):
2970         (JSC::DFG::ByteCodeParser::parseBlock):
2971
2972 2012-06-15  Yong Li  <yoli@rim.com>
2973
2974         [BlackBerry] Put platform-specific GC policy in GCActivityCallback
2975         https://bugs.webkit.org/show_bug.cgi?id=89236
2976
2977         Reviewed by Rob Buis.
2978
2979         Add GCActivityCallbackBlackBerry.cpp and implement platform-specific
2980         low memory GC policy there.
2981
2982         * PlatformBlackBerry.cmake:
2983         * heap/Heap.h:
2984         (JSC::Heap::isSafeToCollect): Added.
2985         * runtime/GCActivityCallbackBlackBerry.cpp: Added.
2986         (JSC):
2987         (JSC::DefaultGCActivityCallbackPlatformData::DefaultGCActivityCallbackPlatformData):
2988         (DefaultGCActivityCallbackPlatformData):
2989         (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
2990         (JSC::DefaultGCActivityCallback::~DefaultGCActivityCallback):
2991         (JSC::DefaultGCActivityCallback::didAllocate):
2992         (JSC::DefaultGCActivityCallback::willCollect):
2993         (JSC::DefaultGCActivityCallback::synchronize):
2994         (JSC::DefaultGCActivityCallback::cancel):
2995
2996 2012-06-15  Filip Pizlo  <fpizlo@apple.com>
2997
2998         DFG should be able to set watchpoints on structure transitions in the
2999         method check prototype chain
3000         https://bugs.webkit.org/show_bug.cgi?id=89058
3001
3002         Adding the same assertion to 32-bit that I added to 64-bit. This change
3003         does not affect correctness but it's a good thing for assertion coverage.
3004
3005         * dfg/DFGSpeculativeJIT32_64.cpp:
3006         (JSC::DFG::SpeculativeJIT::compile):
3007
3008 2012-06-13  Filip Pizlo  <fpizlo@apple.com>
3009
3010         DFG should be able to set watchpoints on structure transitions in the
3011         method check prototype chain
3012         https://bugs.webkit.org/show_bug.cgi?id=89058
3013
3014         Reviewed by Gavin Barraclough.
3015         
3016         This adds the ability to set watchpoints on Structures, and then does
3017         the most modest thing we can do with this ability: the DFG now sets
3018         watchpoints on structure transitions in the prototype chain of method
3019         checks.
3020         
3021         This appears to be a >1% speed-up on V8.
3022
3023         * bytecode/PutByIdStatus.cpp:
3024         (JSC::PutByIdStatus::computeFromLLInt):
3025         (JSC::PutByIdStatus::computeFor):
3026         * bytecode/StructureSet.h:
3027         (JSC::StructureSet::containsOnly):
3028         (StructureSet):
3029         * bytecode/Watchpoint.cpp:
3030         (JSC::WatchpointSet::WatchpointSet):
3031         (JSC::InlineWatchpointSet::add):
3032         (JSC):
3033         (JSC::InlineWatchpointSet::inflateSlow):
3034         (JSC::InlineWatchpointSet::freeFat):
3035         * bytecode/Watchpoint.h:
3036         (WatchpointSet):
3037         (JSC):
3038         (InlineWatchpointSet):
3039         (JSC::InlineWatchpointSet::InlineWatchpointSet):
3040         (JSC::InlineWatchpointSet::~InlineWatchpointSet):
3041         (JSC::InlineWatchpointSet::hasBeenInvalidated):
3042         (JSC::InlineWatchpointSet::isStillValid):
3043         (JSC::InlineWatchpointSet::startWatching):
3044         (JSC::InlineWatchpointSet::notifyWrite):
3045         (JSC::InlineWatchpointSet::isFat):
3046         (JSC::InlineWatchpointSet::fat):
3047         (JSC::InlineWatchpointSet::inflate):
3048         * dfg/DFGAbstractState.cpp:
3049         (JSC::DFG::AbstractState::execute):
3050         * dfg/DFGByteCodeParser.cpp:
3051         (JSC::DFG::ByteCodeParser::addStructureTransitionCheck):
3052         (ByteCodeParser):
3053         (JSC::DFG::ByteCodeParser::parseBlock):
3054         * dfg/DFGCSEPhase.cpp:
3055         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
3056         (CSEPhase):
3057         (JSC::DFG::CSEPhase::performNodeCSE):
3058         * dfg/DFGCommon.h:
3059         * dfg/DFGGraph.cpp:
3060         (JSC::DFG::Graph::dump):
3061         * dfg/DFGGraph.h:
3062         (JSC::DFG::Graph::isCellConstant):
3063         * dfg/DFGJITCompiler.h:
3064         (JSC::DFG::JITCompiler::addWeakReferences):
3065         (JITCompiler):
3066         * dfg/DFGNode.h:
3067         (JSC::DFG::Node::hasStructure):
3068         (Node):
3069         (JSC::DFG::Node::structure):
3070         * dfg/DFGNodeType.h:
3071         (DFG):
3072         * dfg/DFGPredictionPropagationPhase.cpp:
3073         (JSC::DFG::PredictionPropagationPhase::propagate):
3074         * dfg/DFGRepatch.cpp:
3075         (JSC::DFG::emitPutTransitionStub):
3076         * dfg/DFGSpeculativeJIT64.cpp:
3077         (JSC::DFG::SpeculativeJIT::compile):
3078         * jit/JITStubs.cpp:
3079         (JSC::JITThunks::tryCachePutByID):
3080         * llint/LLIntSlowPaths.cpp:
3081         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3082         * runtime/Structure.cpp:
3083         (JSC::Structure::Structure):
3084         * runtime/Structure.h:
3085         (JSC::Structure::transitionWatchpointSetHasBeenInvalidated):
3086         (Structure):
3087         (JSC::Structure::transitionWatchpointSetIsStillValid):
3088         (JSC::Structure::addTransitionWatchpoint):
3089         (JSC::Structure::notifyTransitionFromThisStructure):
3090         (JSC::JSCell::setStructure):
3091         * runtime/SymbolTable.cpp:
3092         (JSC::SymbolTableEntry::attemptToWatch):
3093
3094 2012-06-13  Filip Pizlo  <fpizlo@apple.com>
3095
3096         DFG should be able to set watchpoints on global variables
3097         https://bugs.webkit.org/show_bug.cgi?id=88692
3098
3099         Reviewed by Geoffrey Garen.
3100         
3101         Rolling back in after fixing Windows build issues, and implementing
3102         branchTest8 for the Qt port's strange assemblers.
3103         
3104         This implements global variable constant folding by allowing the optimizing
3105         compiler to set a "watchpoint" on globals that it wishes to constant fold.
3106         If the watchpoint fires, then an OSR exit is forced by overwriting the
3107         machine code that the optimizing compiler generated with a jump.
3108         
3109         As such, this patch is adding quite a bit of stuff:
3110         
3111         - Jump replacement on those hardware targets supported by the optimizing
3112           JIT. It is now possible to patch in a jump instruction over any recorded
3113           watchpoint label. The jump must be "local" in the sense that it must be
3114           within the range of the largest jump distance supported by a one
3115           instruction jump.
3116           
3117         - WatchpointSets and Watchpoints. A Watchpoint is a doubly-linked list node
3118           that records the location where a jump must be inserted and the
3119           destination to which it should jump. Watchpoints can be added to a
3120           WatchpointSet. The WatchpointSet can be fired all at once, which plants
3121           all jumps. WatchpointSet also remembers if it had ever been invalidated,
3122           which allows for monotonicity: we typically don't want to optimize using
3123           watchpoints on something for which watchpoints had previously fired. The
3124           act of notifying a WatchpointSet has a trivial fast path in case no
3125           Watchpoints are registered (one-byte load+branch).
3126         
3127         - SpeculativeJIT::speculationWatchpoint(). It's like speculationCheck(),
3128           except that you don't have to emit branches. But, you need to know what
3129           WatchpointSet to add the resulting Watchpoint to. Not everything that
3130           you could write a speculationCheck() for will have a WatchpointSet that
3131           would get notified if the condition you were speculating against became
3132           invalid.
3133           
3134         - SymbolTableEntry now has the ability to refer to a WatchpointSet. It can
3135           do so without incurring any space overhead for those entries that don't
3136           have WatchpointSets.
3137           
3138         - The bytecode generator infers all global function variables to be
3139           watchable, and makes all stores perform the WatchpointSet's write check,
3140           and marks all loads as being potentially watchable (i.e. you can compile
3141           them to a watchpoint and a constant).
3142         
3143         Put together, this allows for fully sleazy inlining of calls to globally
3144         declared functions. The inline prologue will no longer contain the load of
3145         the function, or any checks of the function you're calling. I.e. it's
3146         pretty much like the kind of inlining you would see in Java or C++.
3147         Furthermore, the watchpointing functionality is built to be fairly general,
3148         and should allow setting watchpoints on all sorts of interesting things
3149         in the future.
3150         
3151         The sleazy inlining means that we will now sometimes inline in code paths
3152         that have never executed. Previously, to inline we would have either had
3153         to have executed the call (to read the call's inline cache) or have
3154         executed the method check (to read the method check's inline cache). Now,
3155         we might inline when the callee is a watched global variable. This
3156         revealed some humorous bugs. First, constant folding disagreed with CFA
3157         over what kinds of operations can clobber (example: code path A is dead
3158         but stores a String into variable X, all other code paths store 0 into
3159         X, and then you do CompareEq(X, 0) - CFA will say that this is a non-
3160         clobbering constant, but constant folding thought it was clobbering
3161         because it saw the String prediction). Second, inlining would crash if
3162         the inline callee had not been compiled. This patch fixes both bugs,
3163         since otherwise run-javascriptcore-tests would report regressions.
3164
3165         * CMakeLists.txt:
3166         * GNUmakefile.list.am:
3167         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3168         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3169         * JavaScriptCore.xcodeproj/project.pbxproj:
3170         * Target.pri:
3171         * assembler/ARMv7Assembler.h:
3172         (ARMv7Assembler):
3173         (JSC::ARMv7Assembler::ARMv7Assembler):
3174         (JSC::ARMv7Assembler::labelForWatchpoint):
3175         (JSC::ARMv7Assembler::label):
3176         (JSC::ARMv7Assembler::replaceWithJump):
3177         (JSC::ARMv7Assembler::maxJumpReplacementSize):
3178         * assembler/AbstractMacroAssembler.h:
3179         (JSC):
3180         (AbstractMacroAssembler):
3181         (Label):
3182         (JSC::AbstractMacroAssembler::watchpointLabel):
3183         (JSC::AbstractMacroAssembler::readPointer):
3184         * assembler/AssemblerBuffer.h:
3185         * assembler/MacroAssemblerARM.h:
3186         (JSC::MacroAssemblerARM::branchTest8):
3187         (MacroAssemblerARM):
3188         (JSC::MacroAssemblerARM::replaceWithJump):
3189         (JSC::MacroAssemblerARM::maxJumpReplacementSize):
3190         * assembler/MacroAssemblerARMv7.h:
3191         (JSC::MacroAssemblerARMv7::load8Signed):
3192         (JSC::MacroAssemblerARMv7::load16Signed):
3193         (MacroAssemblerARMv7):
3194         (JSC::MacroAssemblerARMv7::replaceWithJump):
3195         (JSC::MacroAssemblerARMv7::maxJumpReplacementSize):
3196         (JSC::MacroAssemblerARMv7::branchTest8):
3197         (JSC::MacroAssemblerARMv7::jump):
3198         (JSC::MacroAssemblerARMv7::makeBranch):
3199         * assembler/MacroAssemblerMIPS.h:
3200         (JSC::MacroAssemblerMIPS::branchTest8):
3201         (MacroAssemblerMIPS):
3202         (JSC::MacroAssemblerMIPS::replaceWithJump):
3203         (JSC::MacroAssemblerMIPS::maxJumpReplacementSize):
3204         * assembler/MacroAssemblerSH4.h:
3205         (JSC::MacroAssemblerSH4::branchTest8):
3206         (MacroAssemblerSH4):
3207         (JSC::MacroAssemblerSH4::replaceWithJump):
3208         (JSC::MacroAssemblerSH4::maxJumpReplacementSize):
3209         * assembler/MacroAssemblerX86.h:
3210         (MacroAssemblerX86):
3211         (JSC::MacroAssemblerX86::branchTest8):
3212         * assembler/MacroAssemblerX86Common.h:
3213         (JSC::MacroAssemblerX86Common::replaceWithJump):
3214         (MacroAssemblerX86Common):
3215         (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
3216         * assembler/MacroAssemblerX86_64.h:
3217         (MacroAssemblerX86_64):
3218         (JSC::MacroAssemblerX86_64::branchTest8):
3219         * assembler/X86Assembler.h:
3220         (JSC::X86Assembler::X86Assembler):
3221         (X86Assembler):
3222         (JSC::X86Assembler::cmpb_im):
3223         (JSC::X86Assembler::testb_im):
3224         (JSC::X86Assembler::labelForWatchpoint):
3225         (JSC::X86Assembler::label):
3226         (JSC::X86Assembler::replaceWithJump):
3227         (JSC::X86Assembler::maxJumpReplacementSize):
3228         (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
3229         * bytecode/CodeBlock.cpp:
3230         (JSC):
3231         (JSC::CodeBlock::printGetByIdCacheStatus):
3232         (JSC::CodeBlock::dump):
3233         * bytecode/CodeBlock.h:
3234         (JSC::CodeBlock::appendOSRExit):
3235         (JSC::CodeBlock::appendSpeculationRecovery):
3236         (CodeBlock):
3237         (JSC::CodeBlock::appendWatchpoint):
3238         (JSC::CodeBlock::numberOfWatchpoints):
3239         (JSC::CodeBlock::watchpoint):
3240         (DFGData):
3241         * bytecode/DFGExitProfile.h:
3242         (JSC::DFG::exitKindToString):
3243         (JSC::DFG::exitKindIsCountable):
3244         * bytecode/GetByIdStatus.cpp:
3245         (JSC::GetByIdStatus::computeForChain):
3246         * bytecode/Instruction.h:
3247         (Instruction):
3248         (JSC::Instruction::Instruction):
3249         * bytecode/Opcode.h:
3250         (JSC):
3251         (JSC::padOpcodeName):
3252         * bytecode/Watchpoint.cpp: Added.
3253         (JSC):
3254         (JSC::Watchpoint::~Watchpoint):
3255         (JSC::Watchpoint::correctLabels):
3256         (JSC::Watchpoint::fire):
3257         (JSC::WatchpointSet::WatchpointSet):
3258         (JSC::WatchpointSet::~WatchpointSet):
3259         (JSC::WatchpointSet::add):
3260         (JSC::WatchpointSet::notifyWriteSlow):
3261         (JSC::WatchpointSet::fireAllWatchpoints):
3262         * bytecode/Watchpoint.h: Added.
3263         (JSC):
3264         (Watchpoint):
3265         (JSC::Watchpoint::Watchpoint):
3266         (JSC::Watchpoint::setDestination):
3267         (WatchpointSet):
3268         (JSC::WatchpointSet::isStillValid):
3269         (JSC::WatchpointSet::hasBeenInvalidated):
3270         (JSC::WatchpointSet::startWatching):
3271         (JSC::WatchpointSet::notifyWrite):
3272         (JSC::WatchpointSet::addressOfIsWatched):
3273         * bytecompiler/BytecodeGenerator.cpp:
3274         (JSC::ResolveResult::checkValidity):
3275         (JSC::BytecodeGenerator::addGlobalVar):
3276         (JSC::BytecodeGenerator::BytecodeGenerator):
3277         (JSC::BytecodeGenerator::resolve):
3278         (JSC::BytecodeGenerator::emitResolve):
3279         (JSC::BytecodeGenerator::emitResolveWithBase):
3280         (JSC::BytecodeGenerator::emitResolveWithThis):
3281         (JSC::BytecodeGenerator::emitGetStaticVar):
3282         (JSC::BytecodeGenerator::emitPutStaticVar):
3283         * bytecompiler/BytecodeGenerator.h:
3284         (BytecodeGenerator):
3285         * bytecompiler/NodesCodegen.cpp:
3286         (JSC::FunctionCallResolveNode::emitBytecode):
3287         (JSC::PostfixResolveNode::emitBytecode):
3288         (JSC::PrefixResolveNode::emitBytecode):
3289         (JSC::ReadModifyResolveNode::emitBytecode):
3290         (JSC::AssignResolveNode::emitBytecode):
3291         (JSC::ConstDeclNode::emitCodeSingle):
3292         * dfg/DFGAbstractState.cpp:
3293         (JSC::DFG::AbstractState::execute):
3294         (JSC::DFG::AbstractState::clobberStructures):
3295         * dfg/DFGAbstractState.h:
3296         (AbstractState):
3297         (JSC::DFG::AbstractState::didClobber):
3298         * dfg/DFGByteCodeParser.cpp:
3299         (JSC::DFG::ByteCodeParser::handleInlining):
3300         (JSC::DFG::ByteCodeParser::parseBlock):
3301         * dfg/DFGCCallHelpers.h:
3302         (CCallHelpers):
3303         (JSC::DFG::CCallHelpers::setupArguments):
3304         * dfg/DFGCSEPhase.cpp:
3305         (JSC::DFG::CSEPhase::globalVarWatchpointElimination):
3306         (CSEPhase):
3307         (JSC::DFG::CSEPhase::globalVarStoreElimination):
3308         (JSC::DFG::CSEPhase::performNodeCSE):
3309         * dfg/DFGCapabilities.h:
3310         (JSC::DFG::canCompileOpcode):
3311         * dfg/DFGConstantFoldingPhase.cpp:
3312         (JSC::DFG::ConstantFoldingPhase::run):
3313         * dfg/DFGCorrectableJumpPoint.h:
3314         (JSC::DFG::CorrectableJumpPoint::isSet):
3315         (CorrectableJumpPoint):
3316         * dfg/DFGJITCompiler.cpp:
3317         (JSC::DFG::JITCompiler::linkOSRExits):
3318         (JSC::DFG::JITCompiler::link):
3319         * dfg/DFGNode.h:
3320         (JSC::DFG::Node::hasIdentifierNumberForCheck):
3321         (Node):
3322         (JSC::DFG::Node::identifierNumberForCheck):
3323         (JSC::DFG::Node::hasRegisterPointer):
3324         * dfg/DFGNodeType.h:
3325         (DFG):
3326         * dfg/DFGOSRExit.cpp:
3327         (JSC::DFG::OSRExit::OSRExit):
3328         * dfg/DFGOSRExit.h:
3329         (OSRExit):
3330         * dfg/DFGOperations.cpp:
3331         * dfg/DFGOperations.h:
3332         * dfg/DFGPredictionPropagationPhase.cpp:
3333         (JSC::DFG::PredictionPropagationPhase::propagate):
3334         * dfg/DFGSpeculativeJIT.h:
3335         (JSC::DFG::SpeculativeJIT::callOperation):
3336         (JSC::DFG::SpeculativeJIT::appendCall):
3337         (SpeculativeJIT):
3338         (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
3339         * dfg/DFGSpeculativeJIT32_64.cpp:
3340         (JSC::DFG::SpeculativeJIT::compile):
3341         * dfg/DFGSpeculativeJIT64.cpp:
3342         (JSC::DFG::SpeculativeJIT::compile):
3343         * interpreter/Interpreter.cpp:
3344         (JSC::Interpreter::privateExecute):
3345         * jit/JIT.cpp:
3346         (JSC::JIT::privateCompileMainPass):
3347         (JSC::JIT::privateCompileSlowCases):
3348         * jit/JIT.h:
3349         * jit/JITPropertyAccess.cpp:
3350         (JSC::JIT::emit_op_put_global_var_check):
3351         (JSC):
3352         (JSC::JIT::emitSlow_op_put_global_var_check):
3353         * jit/JITPropertyAccess32_64.cpp:
3354         (JSC::JIT::emit_op_put_global_var_check):
3355         (JSC):
3356         (JSC::JIT::emitSlow_op_put_global_var_check):
3357         * jit/JITStubs.cpp:
3358         (JSC::DEFINE_STUB_FUNCTION):
3359         (JSC):
3360         * jit/JITStubs.h:
3361         * llint/LLIntSlowPaths.cpp:
3362         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3363         (LLInt):
3364         * llint/LLIntSlowPaths.h:
3365         (LLInt):
3366         * llint/LowLevelInterpreter32_64.asm:
3367         * llint/LowLevelInterpreter64.asm:
3368         * runtime/JSObject.cpp:
3369         (JSC::JSObject::removeDirect):
3370         * runtime/JSObject.h:
3371         (JSObject):
3372         * runtime/JSSymbolTableObject.h:
3373         (JSC::symbolTableGet):
3374         (JSC::symbolTablePut):
3375         (JSC::symbolTablePutWithAttributes):
3376         * runtime/SymbolTable.cpp: Added.
3377         (JSC):
3378         (JSC::SymbolTableEntry::copySlow):
3379         (JSC::SymbolTableEntry::freeFatEntrySlow):
3380         (JSC::SymbolTableEntry::couldBeWatched):
3381         (JSC::SymbolTableEntry::attemptToWatch):
3382         (JSC::SymbolTableEntry::addressOfIsWatched):
3383         (JSC::Symbo