Unreviewed build fix for chromium/mac & clang.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-09-11  Fumitoshi Ukai  <ukai@chromium.org>
2
3         Unreviewed build fix for chromium/mac & clang.
4
5         Fix the macro redefinition error by r94927, because chromium set
6         ENABLE_JSC_MULTIPLE_THREADS=0 in WebKit/chromium/features.gypi and
7         it is not PLATFORM(QT).
8          ../../JavaScriptCore/wtf/Platform.h:512:9: error: 'ENABLE_JSC_MULTIPLE_THREADS' macro redefined [-Werror]
9          #define ENABLE_JSC_MULTIPLE_THREADS 1
10          <command line>:43:9: note: previous definition is here
11          #define ENABLE_JSC_MULTIPLE_THREADS 0
12          1 error generated.
13
14         * wtf/Platform.h:
15
16 2011-09-11  Sam Weinig  <sam@webkit.org>
17
18         Remove JSCell::isPropertyNameIterator(), it is unused
19         https://bugs.webkit.org/show_bug.cgi?id=67911
20
21         Reviewed by Oliver Hunt.
22
23         * runtime/JSCell.h:
24         * runtime/JSPropertyNameIterator.h:
25
26 2011-09-11  Sam Weinig  <sam@webkit.org>
27
28         De-virtualize JSCell::isAPIValueWrapper
29         https://bugs.webkit.org/show_bug.cgi?id=67909
30
31         Reviewed by Oliver Hunt.
32
33         * runtime/JSAPIValueWrapper.h:
34         (JSC::JSAPIValueWrapper::createStructure):
35         Set the correct type on structure creation.
36
37         * runtime/JSCell.h:
38         Remove virtual keyword and default implementation.
39
40         * runtime/JSType.h:
41         Add type for APIValueWrapper. It must come after CompoundType since
42         the APIValueWrapper has children in need of marking.
43
44         * runtime/Structure.h:
45         (JSC::JSCell::isAPIValueWrapper):
46         Implement predicate using type info.
47
48 2011-09-10  Sam Weinig  <sam@webkit.org>
49
50         De-virtualize JSCell::isGetterSetter, type information is available for it
51         https://bugs.webkit.org/show_bug.cgi?id=67902
52
53         Reviewed by Dan Bernstein.
54
55         * runtime/GetterSetter.cpp:
56         * runtime/GetterSetter.h:
57         Remove override of isGetterSetter.
58
59         * runtime/JSCell.cpp:
60         * runtime/JSCell.h:
61         De-virtualize and remove silly base implementation.
62
63         * runtime/Structure.h:
64         (JSC::JSCell::isGetterSetter):
65         Use type info to determine getter-setter-hood.
66
67 2011-09-09  Oliver Hunt  <oliver@apple.com>
68
69         Remove support for anonymous storage from jsobjects
70         https://bugs.webkit.org/show_bug.cgi?id=67881
71
72         Reviewed by Sam Weinig.
73
74         Remove all use of anonymous slots, essentially a mechanical change
75         in JavaScriptCore
76
77         * API/JSCallbackConstructor.h:
78         (JSC::JSCallbackConstructor::createStructure):
79         * API/JSCallbackFunction.h:
80         (JSC::JSCallbackFunction::createStructure):
81         * API/JSCallbackObject.h:
82         (JSC::JSCallbackObject::createStructure):
83         * JavaScriptCore.exp:
84         * debugger/DebuggerActivation.h:
85         (JSC::DebuggerActivation::createStructure):
86         * heap/MarkStack.cpp:
87         (JSC::MarkStack::validateValue):
88         * heap/MarkStack.h:
89         * runtime/Arguments.h:
90         (JSC::Arguments::createStructure):
91         * runtime/ArrayConstructor.h:
92         (JSC::ArrayConstructor::createStructure):
93         * runtime/ArrayPrototype.cpp:
94         (JSC::ArrayPrototype::finishCreation):
95         * runtime/ArrayPrototype.h:
96         (JSC::ArrayPrototype::createStructure):
97         * runtime/BooleanObject.h:
98         (JSC::BooleanObject::createStructure):
99         * runtime/BooleanPrototype.cpp:
100         (JSC::BooleanPrototype::BooleanPrototype):
101         * runtime/BooleanPrototype.h:
102         (JSC::BooleanPrototype::createStructure):
103         * runtime/DateConstructor.h:
104         (JSC::DateConstructor::createStructure):
105         * runtime/DateInstance.h:
106         (JSC::DateInstance::createStructure):
107         * runtime/DatePrototype.cpp:
108         (JSC::DatePrototype::DatePrototype):
109         * runtime/DatePrototype.h:
110         (JSC::DatePrototype::createStructure):
111         * runtime/ErrorInstance.h:
112         (JSC::ErrorInstance::createStructure):
113         * runtime/ErrorPrototype.cpp:
114         (JSC::ErrorPrototype::finishCreation):
115         * runtime/ErrorPrototype.h:
116         (JSC::ErrorPrototype::createStructure):
117         * runtime/ExceptionHelpers.h:
118         (JSC::InterruptedExecutionError::createStructure):
119         (JSC::TerminatedExecutionError::createStructure):
120         * runtime/Executable.h:
121         (JSC::ExecutableBase::createStructure):
122         (JSC::NativeExecutable::createStructure):
123         (JSC::EvalExecutable::createStructure):
124         (JSC::ProgramExecutable::createStructure):
125         (JSC::FunctionExecutable::createStructure):
126         * runtime/FunctionPrototype.h:
127         (JSC::FunctionPrototype::createStructure):
128         * runtime/GetterSetter.h:
129         (JSC::GetterSetter::createStructure):
130         * runtime/InternalFunction.h:
131         (JSC::InternalFunction::createStructure):
132         * runtime/JSAPIValueWrapper.h:
133         (JSC::JSAPIValueWrapper::createStructure):
134         * runtime/JSActivation.h:
135         (JSC::JSActivation::createStructure):
136         * runtime/JSArray.h:
137         (JSC::JSArray::createStructure):
138         * runtime/JSByteArray.cpp:
139         (JSC::JSByteArray::createStructure):
140         * runtime/JSCell.h:
141         * runtime/JSFunction.h:
142         (JSC::JSFunction::createStructure):
143         * runtime/JSGlobalObject.h:
144         (JSC::JSGlobalObject::finishCreation):
145         (JSC::JSGlobalObject::createStructure):
146         * runtime/JSNotAnObject.h:
147         (JSC::JSNotAnObject::createStructure):
148         * runtime/JSONObject.h:
149         (JSC::JSONObject::createStructure):
150         * runtime/JSObject.h:
151         (JSC::JSObject::createStructure):
152         (JSC::JSNonFinalObject::createStructure):
153         (JSC::JSFinalObject::createStructure):
154         * runtime/JSPropertyNameIterator.cpp:
155         (JSC::JSPropertyNameIterator::create):
156         * runtime/JSPropertyNameIterator.h:
157         (JSC::JSPropertyNameIterator::createStructure):
158         * runtime/JSStaticScopeObject.h:
159         (JSC::JSStaticScopeObject::createStructure):
160         * runtime/JSString.h:
161         (JSC::RopeBuilder::createStructure):
162         * runtime/JSVariableObject.h:
163         (JSC::JSVariableObject::createStructure):
164         * runtime/JSWrapperObject.h:
165         (JSC::JSWrapperObject::createStructure):
166         * runtime/MathObject.h:
167         (JSC::MathObject::createStructure):
168         * runtime/NativeErrorConstructor.h:
169         (JSC::NativeErrorConstructor::createStructure):
170         * runtime/NumberConstructor.h:
171         (JSC::NumberConstructor::createStructure):
172         * runtime/NumberObject.h:
173         (JSC::NumberObject::createStructure):
174         * runtime/NumberPrototype.cpp:
175         (JSC::NumberPrototype::NumberPrototype):
176         * runtime/NumberPrototype.h:
177         (JSC::NumberPrototype::createStructure):
178         * runtime/ObjectConstructor.h:
179         (JSC::ObjectConstructor::createStructure):
180         * runtime/ObjectPrototype.cpp:
181         (JSC::ObjectPrototype::finishCreation):
182         * runtime/ObjectPrototype.h:
183         (JSC::ObjectPrototype::createStructure):
184         * runtime/RegExp.h:
185         (JSC::RegExp::createStructure):
186         * runtime/RegExpConstructor.h:
187         (JSC::RegExpConstructor::createStructure):
188         * runtime/RegExpObject.h:
189         (JSC::RegExpObject::createStructure):
190         * runtime/RegExpPrototype.h:
191         (JSC::RegExpPrototype::createStructure):
192         * runtime/ScopeChain.h:
193         (JSC::ScopeChainNode::createStructure):
194         * runtime/StrictEvalActivation.h:
195         (JSC::StrictEvalActivation::createStructure):
196         * runtime/StringConstructor.h:
197         (JSC::StringConstructor::createStructure):
198         * runtime/StringObject.h:
199         (JSC::StringObject::createStructure):
200         * runtime/StringObjectThatMasqueradesAsUndefined.h:
201         (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
202         * runtime/StringPrototype.cpp:
203         (JSC::StringPrototype::StringPrototype):
204         * runtime/StringPrototype.h:
205         (JSC::StringPrototype::createStructure):
206         * runtime/Structure.cpp:
207         (JSC::Structure::Structure):
208         (JSC::Structure::materializePropertyMap):
209         (JSC::Structure::addPropertyTransitionToExistingStructure):
210         (JSC::Structure::addPropertyTransition):
211         (JSC::Structure::removePropertyTransition):
212         (JSC::Structure::changePrototypeTransition):
213         (JSC::Structure::despecifyFunctionTransition):
214         (JSC::Structure::getterSetterTransition):
215         (JSC::Structure::toDictionaryTransition):
216         (JSC::Structure::preventExtensionsTransition):
217         (JSC::Structure::flattenDictionaryStructure):
218         (JSC::Structure::addPropertyWithoutTransition):
219         (JSC::Structure::removePropertyWithoutTransition):
220         (JSC::Structure::get):
221         (JSC::Structure::putSpecificValue):
222         (JSC::Structure::remove):
223         (JSC::Structure::checkConsistency):
224         * runtime/Structure.h:
225         (JSC::Structure::create):
226         (JSC::Structure::propertyStorageSize):
227         (JSC::Structure::get):
228         * runtime/StructureChain.h:
229         (JSC::StructureChain::createStructure):
230
231 2011-09-11  Jarred Nicholls  <jarred@sencha.com>
232
233         [Qt] Win32 build broken due to MachineStackMarker.cpp/.o failing to link against pthreads library
234         https://bugs.webkit.org/show_bug.cgi?id=67864
235         
236         Qt Win32 is not pthread compatible and cannot participate in multithreaded JSC or it fails to build.
237
238         Reviewed by Csaba Osztrogonác.
239
240         * wtf/Platform.h:
241
242 2011-09-11  Filip Pizlo  <fpizlo@apple.com>
243
244         ARM and MIPS assemblers still refer to executable pools.
245         https://bugs.webkit.org/show_bug.cgi?id=67903
246
247         Reviewed by Csaba Osztrogonác.
248
249         * assembler/ARMAssembler.cpp:
250         (JSC::ARMAssembler::executableCopy):
251         * assembler/ARMAssembler.h:
252         * assembler/AssemblerBufferWithConstantPool.h:
253         * assembler/MIPSAssembler.h:
254         (JSC::MIPSAssembler::executableCopy):
255
256 2011-09-08  Filip Pizlo  <fpizlo@apple.com>
257
258         The executable allocator makes it difficult to free individual
259         chunks of executable memory
260         https://bugs.webkit.org/show_bug.cgi?id=66363
261
262         Reviewed by Oliver Hunt.
263         
264         Introduced a best-fit, balanced-tree based allocator. The allocator
265         required a balanced tree that does not allocate memory and that
266         permits the removal of individual nodes directly (as opposed to by
267         key); neither AVLTree nor WebCore's PODRedBlackTree supported this.
268         Changed all references to executable code to use a reference counted
269         handle.
270
271         * GNUmakefile.list.am:
272         * JavaScriptCore.exp:
273         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
274         * JavaScriptCore.xcodeproj/project.pbxproj:
275         * assembler/AssemblerBuffer.h:
276         (JSC::AssemblerBuffer::executableCopy):
277         * assembler/LinkBuffer.h:
278         (JSC::LinkBuffer::LinkBuffer):
279         (JSC::LinkBuffer::finalizeCode):
280         (JSC::LinkBuffer::linkCode):
281         * assembler/MacroAssemblerCodeRef.h:
282         (JSC::MacroAssemblerCodeRef::MacroAssemblerCodeRef):
283         (JSC::MacroAssemblerCodeRef::createSelfManagedCodeRef):
284         (JSC::MacroAssemblerCodeRef::executableMemory):
285         (JSC::MacroAssemblerCodeRef::code):
286         (JSC::MacroAssemblerCodeRef::size):
287         (JSC::MacroAssemblerCodeRef::operator!):
288         * assembler/X86Assembler.h:
289         (JSC::X86Assembler::executableCopy):
290         (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
291         * bytecode/CodeBlock.h:
292         * bytecode/Instruction.h:
293         * bytecode/StructureStubInfo.h:
294         * dfg/DFGJITCompiler.cpp:
295         (JSC::DFG::JITCompiler::compile):
296         (JSC::DFG::JITCompiler::compileFunction):
297         * dfg/DFGRepatch.cpp:
298         (JSC::DFG::generateProtoChainAccessStub):
299         (JSC::DFG::tryCacheGetByID):
300         (JSC::DFG::tryBuildGetByIDList):
301         (JSC::DFG::tryBuildGetByIDProtoList):
302         (JSC::DFG::tryCachePutByID):
303         * jit/ExecutableAllocator.cpp:
304         (JSC::ExecutableAllocator::initializeAllocator):
305         (JSC::ExecutableAllocator::ExecutableAllocator):
306         (JSC::ExecutableAllocator::allocate):
307         (JSC::ExecutableAllocator::committedByteCount):
308         (JSC::ExecutableAllocator::dumpProfile):
309         * jit/ExecutableAllocator.h:
310         (JSC::ExecutableAllocator::dumpProfile):
311         * jit/ExecutableAllocatorFixedVMPool.cpp:
312         (JSC::ExecutableAllocator::initializeAllocator):
313         (JSC::ExecutableAllocator::ExecutableAllocator):
314         (JSC::ExecutableAllocator::isValid):
315         (JSC::ExecutableAllocator::underMemoryPressure):
316         (JSC::ExecutableAllocator::allocate):
317         (JSC::ExecutableAllocator::committedByteCount):
318         (JSC::ExecutableAllocator::dumpProfile):
319         * jit/JIT.cpp:
320         (JSC::JIT::privateCompile):
321         * jit/JIT.h:
322         (JSC::JIT::compileCTIMachineTrampolines):
323         (JSC::JIT::compileCTINativeCall):
324         * jit/JITCode.h:
325         (JSC::JITCode::operator !):
326         (JSC::JITCode::addressForCall):
327         (JSC::JITCode::offsetOf):
328         (JSC::JITCode::execute):
329         (JSC::JITCode::start):
330         (JSC::JITCode::size):
331         (JSC::JITCode::getExecutableMemory):
332         (JSC::JITCode::HostFunction):
333         (JSC::JITCode::JITCode):
334         * jit/JITOpcodes.cpp:
335         (JSC::JIT::privateCompileCTIMachineTrampolines):
336         (JSC::JIT::privateCompileCTINativeCall):
337         * jit/JITOpcodes32_64.cpp:
338         (JSC::JIT::privateCompileCTIMachineTrampolines):
339         (JSC::JIT::privateCompileCTINativeCall):
340         * jit/JITPropertyAccess.cpp:
341         (JSC::JIT::stringGetByValStubGenerator):
342         (JSC::JIT::emitSlow_op_get_by_val):
343         (JSC::JIT::privateCompilePutByIdTransition):
344         (JSC::JIT::privateCompilePatchGetArrayLength):
345         (JSC::JIT::privateCompileGetByIdProto):
346         (JSC::JIT::privateCompileGetByIdSelfList):
347         (JSC::JIT::privateCompileGetByIdProtoList):
348         (JSC::JIT::privateCompileGetByIdChainList):
349         (JSC::JIT::privateCompileGetByIdChain):
350         * jit/JITPropertyAccess32_64.cpp:
351         (JSC::JIT::stringGetByValStubGenerator):
352         (JSC::JIT::emitSlow_op_get_by_val):
353         (JSC::JIT::privateCompilePutByIdTransition):
354         (JSC::JIT::privateCompilePatchGetArrayLength):
355         (JSC::JIT::privateCompileGetByIdProto):
356         (JSC::JIT::privateCompileGetByIdSelfList):
357         (JSC::JIT::privateCompileGetByIdProtoList):
358         (JSC::JIT::privateCompileGetByIdChainList):
359         (JSC::JIT::privateCompileGetByIdChain):
360         * jit/JITStubs.cpp:
361         (JSC::JITThunks::JITThunks):
362         (JSC::DEFINE_STUB_FUNCTION):
363         (JSC::getPolymorphicAccessStructureListSlot):
364         (JSC::JITThunks::ctiStub):
365         (JSC::JITThunks::hostFunctionStub):
366         * jit/JITStubs.h:
367         * jit/SpecializedThunkJIT.h:
368         (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
369         (JSC::SpecializedThunkJIT::finalize):
370         * jit/ThunkGenerators.cpp:
371         (JSC::charCodeAtThunkGenerator):
372         (JSC::charAtThunkGenerator):
373         (JSC::fromCharCodeThunkGenerator):
374         (JSC::sqrtThunkGenerator):
375         (JSC::floorThunkGenerator):
376         (JSC::ceilThunkGenerator):
377         (JSC::roundThunkGenerator):
378         (JSC::expThunkGenerator):
379         (JSC::logThunkGenerator):
380         (JSC::absThunkGenerator):
381         (JSC::powThunkGenerator):
382         * jit/ThunkGenerators.h:
383         * runtime/Executable.h:
384         (JSC::NativeExecutable::create):
385         * runtime/InitializeThreading.cpp:
386         (JSC::initializeThreadingOnce):
387         * runtime/JSGlobalData.cpp:
388         (JSC::JSGlobalData::JSGlobalData):
389         (JSC::JSGlobalData::dumpSampleData):
390         * runtime/JSGlobalData.h:
391         (JSC::JSGlobalData::getCTIStub):
392         * wtf/CMakeLists.txt:
393         * wtf/MetaAllocator.cpp: Added.
394         (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
395         (WTF::MetaAllocatorHandle::~MetaAllocatorHandle):
396         (WTF::MetaAllocatorHandle::shrink):
397         (WTF::MetaAllocator::MetaAllocator):
398         (WTF::MetaAllocator::allocate):
399         (WTF::MetaAllocator::currentStatistics):
400         (WTF::MetaAllocator::findAndRemoveFreeSpace):
401         (WTF::MetaAllocator::addFreeSpaceFromReleasedHandle):
402         (WTF::MetaAllocator::addFreshFreeSpace):
403         (WTF::MetaAllocator::debugFreeSpaceSize):
404         (WTF::MetaAllocator::addFreeSpace):
405         (WTF::MetaAllocator::incrementPageOccupancy):
406         (WTF::MetaAllocator::decrementPageOccupancy):
407         (WTF::MetaAllocator::roundUp):
408         (WTF::MetaAllocator::allocFreeSpaceNode):
409         (WTF::MetaAllocator::freeFreeSpaceNode):
410         (WTF::MetaAllocator::dumpProfile):
411         * wtf/MetaAllocator.h: Added.
412         (WTF::MetaAllocator::bytesAllocated):
413         (WTF::MetaAllocator::bytesReserved):
414         (WTF::MetaAllocator::bytesCommitted):
415         (WTF::MetaAllocator::dumpProfile):
416         (WTF::MetaAllocator::~MetaAllocator):
417         * wtf/MetaAllocatorHandle.h: Added.
418         * wtf/RedBlackTree.h: Added.
419         (WTF::RedBlackTree::Node::Node):
420         (WTF::RedBlackTree::Node::successor):
421         (WTF::RedBlackTree::Node::predecessor):
422         (WTF::RedBlackTree::Node::reset):
423         (WTF::RedBlackTree::Node::parent):
424         (WTF::RedBlackTree::Node::setParent):
425         (WTF::RedBlackTree::Node::left):
426         (WTF::RedBlackTree::Node::setLeft):
427         (WTF::RedBlackTree::Node::right):
428         (WTF::RedBlackTree::Node::setRight):
429         (WTF::RedBlackTree::Node::color):
430         (WTF::RedBlackTree::Node::setColor):
431         (WTF::RedBlackTree::RedBlackTree):
432         (WTF::RedBlackTree::insert):
433         (WTF::RedBlackTree::remove):
434         (WTF::RedBlackTree::findExact):
435         (WTF::RedBlackTree::findLeastGreaterThanOrEqual):
436         (WTF::RedBlackTree::findGreatestLessThanOrEqual):
437         (WTF::RedBlackTree::first):
438         (WTF::RedBlackTree::last):
439         (WTF::RedBlackTree::size):
440         (WTF::RedBlackTree::isEmpty):
441         (WTF::RedBlackTree::treeMinimum):
442         (WTF::RedBlackTree::treeMaximum):
443         (WTF::RedBlackTree::treeInsert):
444         (WTF::RedBlackTree::leftRotate):
445         (WTF::RedBlackTree::rightRotate):
446         (WTF::RedBlackTree::removeFixup):
447         * wtf/wtf.pri:
448         * yarr/YarrJIT.cpp:
449         (JSC::Yarr::YarrGenerator::compile):
450         * yarr/YarrJIT.h:
451         (JSC::Yarr::YarrCodeBlock::execute):
452         (JSC::Yarr::YarrCodeBlock::getAddr):
453
454 2011-09-10  Sam Weinig  <sam@webkit.org>
455
456         Remove JSC::isZombie() function, it did nothing and was called by no-one.
457         https://bugs.webkit.org/show_bug.cgi?id=67901
458
459         Reviewed by Andy Estes.
460
461         * JavaScriptCore.exp:
462         * runtime/JSCell.cpp:
463         * runtime/JSValue.h:
464
465 2011-09-10  Sam Weinig  <sam@webkit.org>
466
467         Add isInterruptedExecutionException and isTerminatedExecutionException predicates
468         https://bugs.webkit.org/show_bug.cgi?id=67892
469
470         Reviewed by Andy "First Time Reviewer" Estes.
471
472         * JavaScriptCore.exp:
473         Add symbols.
474
475         * interpreter/Interpreter.cpp:
476         (JSC::Interpreter::throwException):
477         Use new predicates.
478
479         * runtime/ExceptionHelpers.cpp:
480         (JSC::createInterruptedExecutionException):
481         (JSC::isInterruptedExecutionException):
482         (JSC::createTerminatedExecutionException):
483         (JSC::isTerminatedExecutionException):
484         * runtime/ExceptionHelpers.h:
485         (JSC::InterruptedExecutionError::InterruptedExecutionError):
486         Add predicates.
487
488 2011-09-10  Filip Pizlo  <fpizlo@apple.com>
489
490         DFG JIT completely undoes speculative compilation even in the case of
491         a partial static speculation failure
492         https://bugs.webkit.org/show_bug.cgi?id=67798
493
494         Reviewed by Geoffrey Garen.
495         
496         This is a regression with static speculation, so it is turned off by
497         default.  But it is a necessary prerequisite for further work on
498         dynamic speculation.
499
500         * dfg/DFGJITCodeGenerator.cpp:
501         (JSC::DFG::JITCodeGenerator::clearGenerationInfo):
502         * dfg/DFGJITCodeGenerator.h:
503         * dfg/DFGSpeculativeJIT.cpp:
504         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
505         (JSC::DFG::SpeculativeJIT::compile):
506         * dfg/DFGSpeculativeJIT.h:
507         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
508
509 2011-09-09  Chris Marrin  <cmarrin@apple.com>
510
511         requestAnimationFrame doesn't throttle on Mac
512         https://bugs.webkit.org/show_bug.cgi?id=67171
513
514         Reviewed by Simon Fraser.
515
516         Added WTF_USE_REQUEST_ANIMATION_FRAME_TIMER to allow any platform to run
517         requestAnimationFrame callbacks on a Timer defined in ScriptedAnimationController.
518         Currently only enabled for PLATFORM(MAC)
519
520         * wtf/Platform.h:
521
522 2011-09-09  Geoffrey Garen  <ggaren@apple.com>
523
524         Reviewed by Dan Bernstein.
525
526         Removed ENABLE(SINGLE_THREADED) support, since it is always false
527         https://bugs.webkit.org/show_bug.cgi?id=67862
528
529         Next step toward making the baseline platform assumption that threads exist.
530
531         * wtf/wtf.pri:
532         * JavaScriptCore.gypi:
533         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed references to
534         ThreadingNone.cpp, which was only compiled in single-threaded mode.
535
536         * wtf/Platform.h:
537         * wtf/ThreadSpecific.h:
538         (WTF::::destroy):
539         * wtf/qt/ThreadingQt.cpp: Removed now-dead code.
540
541         * wtf/ThreadingNone.cpp: Removed.
542
543 2011-09-09  Mark Hahnenberg  <mhahnenberg@apple.com>
544
545         Unzip initialization lists and constructors in JSCell hierarchy (5/7)
546         https://bugs.webkit.org/show_bug.cgi?id=67420
547
548         Reviewed by Geoffrey Garen.
549
550         Completed the fifth level of the refactoring to add finishCreation() 
551         methods to all classes within the JSCell hierarchy with non-trivial 
552         constructor bodies.
553
554         This primarily consists of pushing the calls to finishCreation() down 
555         into the constructors of the subclasses of the second level of the hierarchy 
556         as well as pulling the finishCreation() calls out into the class's corresponding
557         create() method if it has one.  Doing both simultaneously allows us to 
558         maintain the invariant that the finishCreation() method chain is called exactly 
559         once during the creation of an object, since calling it any other number of 
560         times (0, 2, or more) will cause an assertion failure.
561
562         * API/JSCallbackConstructor.cpp:
563         (JSC::JSCallbackConstructor::JSCallbackConstructor):
564         * API/JSCallbackConstructor.h:
565         (JSC::JSCallbackConstructor::create):
566         * API/JSCallbackFunction.cpp:
567         (JSC::JSCallbackFunction::JSCallbackFunction):
568         (JSC::JSCallbackFunction::finishCreation):
569         * API/JSCallbackFunction.h:
570         * API/JSCallbackObject.h:
571         * API/JSCallbackObjectFunctions.h:
572         (JSC::::JSCallbackObject):
573         (JSC::::finishCreation):
574         * JavaScriptCore.exp:
575         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
576         * debugger/DebuggerActivation.cpp:
577         * debugger/DebuggerActivation.h:
578         (JSC::DebuggerActivation::create):
579         * jsc.cpp:
580         (GlobalObject::finishCreation):
581         (GlobalObject::GlobalObject):
582         * runtime/ArrayConstructor.cpp:
583         (JSC::ArrayConstructor::ArrayConstructor):
584         (JSC::ArrayConstructor::finishCreation):
585         * runtime/ArrayConstructor.h:
586         * runtime/ArrayPrototype.cpp:
587         (JSC::ArrayPrototype::ArrayPrototype):
588         * runtime/ArrayPrototype.h:
589         (JSC::ArrayPrototype::create):
590         * runtime/BooleanConstructor.cpp:
591         (JSC::BooleanConstructor::BooleanConstructor):
592         (JSC::BooleanConstructor::finishCreation):
593         * runtime/BooleanConstructor.h:
594         * runtime/BooleanObject.cpp:
595         (JSC::BooleanObject::BooleanObject):
596         * runtime/BooleanObject.h:
597         (JSC::BooleanObject::create):
598         * runtime/BooleanPrototype.cpp:
599         (JSC::BooleanPrototype::BooleanPrototype):
600         (JSC::BooleanPrototype::finishCreation):
601         * runtime/BooleanPrototype.h:
602         * runtime/DateConstructor.cpp:
603         (JSC::DateConstructor::DateConstructor):
604         (JSC::DateConstructor::finishCreation):
605         * runtime/DateConstructor.h:
606         * runtime/DateInstance.cpp:
607         (JSC::DateInstance::DateInstance):
608         * runtime/DateInstance.h:
609         (JSC::DateInstance::create):
610         * runtime/DatePrototype.cpp:
611         (JSC::DatePrototype::DatePrototype):
612         (JSC::DatePrototype::finishCreation):
613         * runtime/DatePrototype.h:
614         * runtime/Error.cpp:
615         (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
616         * runtime/ErrorConstructor.cpp:
617         (JSC::ErrorConstructor::ErrorConstructor):
618         (JSC::ErrorConstructor::finishCreation):
619         * runtime/ErrorConstructor.h:
620         * runtime/ErrorPrototype.cpp:
621         (JSC::ErrorPrototype::ErrorPrototype):
622         * runtime/ErrorPrototype.h:
623         (JSC::ErrorPrototype::create):
624         * runtime/FunctionConstructor.cpp:
625         (JSC::FunctionConstructor::FunctionConstructor):
626         (JSC::FunctionConstructor::finishCreation):
627         * runtime/FunctionConstructor.h:
628         * runtime/FunctionPrototype.cpp:
629         (JSC::FunctionPrototype::FunctionPrototype):
630         (JSC::FunctionPrototype::finishCreation):
631         * runtime/FunctionPrototype.h:
632         * runtime/InternalFunction.cpp:
633         (JSC::InternalFunction::InternalFunction):
634         * runtime/InternalFunction.h:
635         * runtime/JSActivation.cpp:
636         (JSC::JSActivation::JSActivation):
637         * runtime/JSActivation.h:
638         (JSC::JSActivation::create):
639         * runtime/JSGlobalObject.h:
640         (JSC::JSGlobalObject::create):
641         (JSC::JSGlobalObject::JSGlobalObject):
642         * runtime/JSONObject.cpp:
643         (JSC::JSONObject::JSONObject):
644         * runtime/JSONObject.h:
645         (JSC::JSONObject::create):
646         * runtime/JSStaticScopeObject.h:
647         (JSC::JSStaticScopeObject::create):
648         (JSC::JSStaticScopeObject::JSStaticScopeObject):
649         * runtime/JSString.cpp:
650         (JSC::StringObject::create):
651         * runtime/MathObject.cpp:
652         (JSC::MathObject::MathObject):
653         * runtime/MathObject.h:
654         (JSC::MathObject::create):
655         * runtime/NativeErrorConstructor.cpp:
656         (JSC::NativeErrorConstructor::NativeErrorConstructor):
657         * runtime/NativeErrorConstructor.h:
658         (JSC::NativeErrorConstructor::finishCreation):
659         * runtime/NativeErrorPrototype.cpp:
660         (JSC::NativeErrorPrototype::NativeErrorPrototype):
661         (JSC::NativeErrorPrototype::finishCreation):
662         * runtime/NativeErrorPrototype.h:
663         * runtime/NumberConstructor.cpp:
664         (JSC::NumberConstructor::NumberConstructor):
665         (JSC::NumberConstructor::finishCreation):
666         * runtime/NumberConstructor.h:
667         * runtime/NumberObject.cpp:
668         (JSC::NumberObject::NumberObject):
669         * runtime/NumberObject.h:
670         (JSC::NumberObject::create):
671         * runtime/NumberPrototype.cpp:
672         (JSC::NumberPrototype::NumberPrototype):
673         (JSC::NumberPrototype::finishCreation):
674         * runtime/NumberPrototype.h:
675         * runtime/ObjectConstructor.cpp:
676         (JSC::ObjectConstructor::ObjectConstructor):
677         (JSC::ObjectConstructor::finishCreation):
678         * runtime/ObjectConstructor.h:
679         * runtime/RegExpConstructor.cpp:
680         (JSC::RegExpConstructor::RegExpConstructor):
681         (JSC::RegExpConstructor::finishCreation):
682         (JSC::RegExpMatchesArray::RegExpMatchesArray):
683         * runtime/RegExpConstructor.h:
684         * runtime/RegExpMatchesArray.h:
685         (JSC::RegExpMatchesArray::create):
686         * runtime/RegExpObject.cpp:
687         (JSC::RegExpObject::RegExpObject):
688         * runtime/RegExpObject.h:
689         (JSC::RegExpObject::create):
690         * runtime/RegExpPrototype.cpp:
691         (JSC::RegExpPrototype::RegExpPrototype):
692         * runtime/StringConstructor.cpp:
693         (JSC::StringConstructor::StringConstructor):
694         (JSC::StringConstructor::finishCreation):
695         * runtime/StringConstructor.h:
696         * runtime/StringObject.cpp:
697         (JSC::StringObject::StringObject):
698         * runtime/StringObject.h:
699         (JSC::StringObject::create):
700         * runtime/StringObjectThatMasqueradesAsUndefined.h:
701         (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
702         * runtime/StringPrototype.cpp:
703         (JSC::StringPrototype::StringPrototype):
704         (JSC::StringPrototype::finishCreation):
705         * runtime/StringPrototype.h:
706
707 2011-09-09  Geoffrey Garen  <ggaren@apple.com>
708
709         Build fix: Guard against double-#define for something already #defined
710         by the build system.
711
712         * wtf/Platform.h:
713
714 2011-09-09  Geoffrey Garen  <ggaren@apple.com>
715
716         Reviewed by Dan Bernstein.
717
718         Never #define ENABLE_SINGLE_THREADED, !ENABLE_JSC_MULTIPLE_THREADS, or
719         !ENABLE_WTF_MULTIPLE_THREADS
720         https://bugs.webkit.org/show_bug.cgi?id=67860
721
722         First step toward making the baseline platform assumption that threads
723         exist: Never #define ENABLE_SINGLE_THREADED, !ENABLE_JSC_MULTIPLE_THREADS,
724         or !ENABLE_WTF_MULTIPLE_THREADS.
725
726         * wtf/Platform.h:
727
728 2011-09-09  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
729
730         [Qt] Remove common.pri
731         https://bugs.webkit.org/show_bug.cgi?id=67814
732
733         Reviewed by Andreas Kling.
734
735         * JavaScriptCore.pri:
736
737 2011-09-08  Mark Hahnenberg  <mhahnenberg@apple.com>
738
739         REGRESSION(r94811): Assertion failure in 2 worker tests
740         https://bugs.webkit.org/show_bug.cgi?id=67829
741
742         Reviewed by Sam Weinig.
743
744         Fixing a couple tests that were broken due to the wrong values being 
745         set in the parent class pointers in the ClassInfo structs for 
746         TerminatedExecutionError and InterruptedExecutionError.
747
748         * runtime/ExceptionHelpers.cpp:
749
750 2011-09-08  Oliver Hunt  <oliver@apple.com>
751
752         Use bump allocator for initial property storage
753         https://bugs.webkit.org/show_bug.cgi?id=67494
754
755         Reviewed by Geoffrey Garen.
756
757         Use a bump allocator for initial allocation of property storage,
758         and promote to fastMalloc memory only if it survives a GC pass.
759
760         Comes out as a 1% win on v8, and is a useful step on the way to
761         GC allocation of all property storage.
762
763         * JavaScriptCore.exp:
764         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
765         * JavaScriptCore.xcodeproj/project.pbxproj:
766         * heap/Heap.cpp:
767         (JSC::Heap::collect):
768         * heap/Heap.h:
769         (JSC::Heap::allocatePropertyStorage):
770         (JSC::Heap::inPropertyStorageNursery):
771         * heap/MarkedBlock.h:
772         * heap/NewSpace.cpp:
773         (JSC::NewSpace::NewSpace):
774         * heap/NewSpace.h:
775         (JSC::NewSpace::resetPropertyStorageNursery):
776         (JSC::NewSpace::allocatePropertyStorage):
777         (JSC::NewSpace::inPropertyStorageNursery):
778         * jit/JITStubs.cpp:
779         (JSC::DEFINE_STUB_FUNCTION):
780         * runtime/JSObject.cpp:
781         (JSC::JSObject::allocatePropertyStorage):
782         * runtime/JSObject.h:
783         (JSC::JSObject::isUsingInlineStorage):
784         (JSC::JSObject::JSObject):
785         (JSC::JSObject::propertyStorage):
786         (JSC::JSObject::~JSObject):
787         (JSC::JSObject::putDirectInternal):
788         (JSC::JSObject::putDirectWithoutTransition):
789         (JSC::JSObject::putDirectFunctionWithoutTransition):
790         (JSC::JSObject::transitionTo):
791         (JSC::JSObject::visitChildrenDirect):
792         * runtime/StorageBarrier.h: Added.
793         (JSC::StorageBarrier::StorageBarrier):
794         (JSC::StorageBarrier::set):
795         (JSC::StorageBarrier::operator->):
796         (JSC::StorageBarrier::operator*):
797         (JSC::StorageBarrier::operator[]):
798         (JSC::StorageBarrier::get):
799
800 2011-09-08  Sam Weinig  <sam@webkit.org>
801
802         Remove the Completion object from JSC, I have never liked it
803         https://bugs.webkit.org/show_bug.cgi?id=67755
804
805         Reviewed by Gavin Barraclough.
806
807         - Removes the Completion object and replaces its use with out parameter exceptions.
808         - Remove ComplType and virtual exceptionType() function on JSObject. Replace with
809           ClassInfo for InterruptedExecutionError and TerminatedExecutionError.
810
811         * API/JSBase.cpp:
812         (JSEvaluateScript):
813         (JSCheckScriptSyntax):
814         * JavaScriptCore.exp:
815         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
816         * interpreter/Interpreter.cpp:
817         (JSC::Interpreter::throwException):
818         * jsc.cpp:
819         (functionLoad):
820         (functionCheckSyntax):
821         (runWithScripts):
822         (runInteractive):
823         * runtime/Completion.cpp:
824         (JSC::checkSyntax):
825         (JSC::evaluate):
826         * runtime/Completion.h:
827         * runtime/ExceptionHelpers.cpp:
828         (JSC::InterruptedExecutionError::toString):
829         (JSC::TerminatedExecutionError::toString):
830         (JSC::createInterruptedExecutionException):
831         * runtime/ExceptionHelpers.h:
832         (JSC::InterruptedExecutionError::InterruptedExecutionError):
833         (JSC::InterruptedExecutionError::create):
834         (JSC::InterruptedExecutionError::createStructure):
835         (JSC::TerminatedExecutionError::TerminatedExecutionError):
836         (JSC::TerminatedExecutionError::create):
837         (JSC::TerminatedExecutionError::createStructure):
838         * runtime/JSGlobalData.cpp:
839         (JSC::JSGlobalData::JSGlobalData):
840         * runtime/JSObject.h:
841
842 2011-09-08  Ryosuke Niwa  <rniwa@webkit.org>
843
844         Build fix.
845
846         * dfg/DFGCapabilities.cpp:
847
848 2011-09-08  Filip Pizlo  <fpizlo@apple.com>
849
850         Value profling and execution count profiling is performed even for
851         code that cannot be optimized
852         https://bugs.webkit.org/show_bug.cgi?id=67694
853
854         Reviewed by Gavin Barraclough.
855         
856         This is a 2% speed-up on V8 when tiered compilation is enabled.
857
858         * JavaScriptCore.xcodeproj/project.pbxproj:
859         * bytecode/CodeBlock.cpp:
860         (JSC::ProgramCodeBlock::canCompileWithDFG):
861         (JSC::EvalCodeBlock::canCompileWithDFG):
862         (JSC::FunctionCodeBlock::canCompileWithDFG):
863         * bytecode/CodeBlock.h:
864         * dfg/DFGCapabilities.cpp: Added.
865         (JSC::DFG::canCompileOpcodes):
866         * dfg/DFGCapabilities.h: Added.
867         (JSC::DFG::mightCompileEval):
868         (JSC::DFG::mightCompileProgram):
869         (JSC::DFG::mightCompileFunctionForCall):
870         (JSC::DFG::mightCompileFunctionForConstruct):
871         (JSC::DFG::canCompileOpcode):
872         (JSC::DFG::canCompileEval):
873         (JSC::DFG::canCompileProgram):
874         (JSC::DFG::canCompileFunctionForCall):
875         (JSC::DFG::canCompileFunctionForConstruct):
876         * jit/JIT.cpp:
877         (JSC::JIT::emitOptimizationCheck):
878         (JSC::JIT::privateCompile):
879         * jit/JIT.h:
880         (JSC::JIT::shouldEmitProfiling):
881         * jit/JITInlineMethods.h:
882         (JSC::JIT::emitValueProfilingSite):
883
884 2011-09-08  Filip Pizlo  <fpizlo@apple.com>
885
886         DFG speculative JIT does not initialize integer tags for PredictInt32 temporaries
887         https://bugs.webkit.org/show_bug.cgi?id=67840
888
889         Reviewed by Gavin Barraclough.
890
891         * dfg/DFGSpeculativeJIT.cpp:
892         (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
893
894 2011-09-08  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
895
896         https://bugs.webkit.org/show_bug.cgi?id=67771
897
898         Fix sequenceGetByIdSlowCaseInstructionSpace, sequenceGetByIdSlowCaseConstantSpace
899         and patchOffsetGetByIdSlowCaseCall
900         and enables DOUBLE_CONVERSION_CORRECT_DOUBLE_OPERATIONS flag for SH4 platforms.
901
902         Reviewed by Gavin Barraclough.
903
904         * jit/JIT.h:
905         * wtf/dtoa/utils.h:
906
907 2011-09-08  Mark Hahnenberg  <mhahnenberg@apple.com>
908
909         Remove getUInt32 from JSCell
910         https://bugs.webkit.org/show_bug.cgi?id=67691
911
912         Reviewed by Oliver Hunt.
913
914          We don't use JSCell::getUInt32 anymore, so it has been removed.
915
916         * JavaScriptCore.exp:
917         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
918         * runtime/JSCell.cpp:
919         * runtime/JSCell.h:
920
921 2011-09-07  Filip Pizlo  <fpizlo@apple.com>
922
923         PPC build fix.
924
925         * bytecode/CodeBlock.cpp:
926         (JSC::CodeBlock::~CodeBlock):
927
928 2011-09-07  Oliver Hunt  <oliver@apple.com>
929
930         Release mode build fix.
931
932         * API/JSCallbackObject.h:
933         (JSC::JSCallbackObject::create):
934
935 2011-09-06  Oliver Hunt  <oliver@apple.com>
936
937         Remove JSObjectWithGlobalObject
938         https://bugs.webkit.org/show_bug.cgi?id=67689
939
940         Reviewed by Geoff Garen.
941
942         Remove JSObjectWithGlobalObject, and update code to stop using anonymous
943         storage to access the global object that a JSObject comes from.  Largely
944         mechanical change to remove the use of anonymous storage and JSObjectWithGlobalObject.
945
946         * API/JSCallbackConstructor.cpp:
947         (JSC::JSCallbackConstructor::JSCallbackConstructor):
948         (JSC::JSCallbackConstructor::finishCreation):
949         * API/JSCallbackConstructor.h:
950         * API/JSCallbackObject.cpp:
951         * API/JSCallbackObject.h:
952         (JSC::JSCallbackObject::create):
953         * API/JSCallbackObjectFunctions.h:
954         (JSC::::JSCallbackObject):
955         (JSC::::finishCreation):
956         (JSC::::staticFunctionGetter):
957         * API/JSClassRef.cpp:
958         (OpaqueJSClass::prototype):
959         * API/JSObjectRef.cpp:
960         (JSObjectMake):
961         (JSObjectGetPrivate):
962         (JSObjectSetPrivate):
963         (JSObjectGetPrivateProperty):
964         (JSObjectSetPrivateProperty):
965         (JSObjectDeletePrivateProperty):
966         * API/JSValueRef.cpp:
967         (JSValueIsObjectOfClass):
968         * API/JSWeakObjectMapRefPrivate.cpp:
969         * JavaScriptCore.exp:
970         * JavaScriptCore.xcodeproj/project.pbxproj:
971         * bytecode/CodeBlock.h:
972         * dfg/DFGRepatch.cpp:
973         (JSC::DFG::dfgRepatchGetMethodFast):
974         (JSC::DFG::tryCacheGetMethod):
975         * jit/JIT.h:
976         * jit/JITInlineMethods.h:
977         (JSC::JIT::emitAllocateJSFunction):
978         * jit/JITPropertyAccess.cpp:
979         (JSC::JIT::patchMethodCallProto):
980         * jit/JITStubs.cpp:
981         (JSC::DEFINE_STUB_FUNCTION):
982         * runtime/DatePrototype.cpp:
983         * runtime/InternalFunction.cpp:
984         (JSC::InternalFunction::InternalFunction):
985         (JSC::InternalFunction::finishCreation):
986         * runtime/InternalFunction.h:
987         * runtime/JSFunction.cpp:
988         (JSC::JSFunction::JSFunction):
989         (JSC::JSFunction::finishCreation):
990         * runtime/JSFunction.h:
991         (JSC::JSFunction::create):
992         (JSC::JSFunction::createStructure):
993         * runtime/JSGlobalObject.cpp:
994         (JSC::JSGlobalObject::reset):
995         * runtime/JSONObject.cpp:
996         (JSC::JSONObject::JSONObject):
997         (JSC::JSONObject::finishCreation):
998         * runtime/JSONObject.h:
999         * runtime/JSObject.h:
1000         (JSC::JSObject::globalObject):
1001         * runtime/JSObjectWithGlobalObject.cpp: Removed.
1002         * runtime/JSObjectWithGlobalObject.h: Removed.
1003         * runtime/JSValue.cpp:
1004         (JSC::JSValue::isValidCallee):
1005         * runtime/Lookup.cpp:
1006         (JSC::setUpStaticFunctionSlot):
1007         * runtime/Lookup.h:
1008         * runtime/MathObject.cpp:
1009         (JSC::MathObject::MathObject):
1010         (JSC::MathObject::finishCreation):
1011         * runtime/MathObject.h:
1012         * runtime/NumberPrototype.cpp:
1013         * runtime/RegExpObject.cpp:
1014         (JSC::RegExpObject::RegExpObject):
1015         (JSC::RegExpObject::finishCreation):
1016         * runtime/RegExpObject.h:
1017         * runtime/Structure.cpp:
1018         (JSC::Structure::Structure):
1019         * runtime/Structure.h:
1020         (JSC::Structure::create):
1021         (JSC::Structure::globalObject):
1022
1023 2011-09-07  Gavin Barraclough  <barraclough@apple.com>
1024
1025         Refactor JIT checks for ObjectType into helper functions.
1026
1027         Rubber stamped by Sam Weinig.
1028
1029         * dfg/DFGJITCompiler.h:
1030         (JSC::DFG::JITCompiler::branchIfNotObject):
1031         * dfg/DFGNonSpeculativeJIT.cpp:
1032         (JSC::DFG::NonSpeculativeJIT::compile):
1033         * dfg/DFGSpeculativeJIT.cpp:
1034         (JSC::DFG::SpeculativeJIT::compile):
1035         * jit/JIT.h:
1036         * jit/JITCall32_64.cpp:
1037         (JSC::JIT::emit_op_ret_object_or_this):
1038         * jit/JITInlineMethods.h:
1039         (JSC::JIT::emitJumpIfNotObject):
1040         * jit/JITOpcodes.cpp:
1041         (JSC::JIT::emit_op_instanceof):
1042         (JSC::JIT::emit_op_ret_object_or_this):
1043         (JSC::JIT::emit_op_get_pnames):
1044         (JSC::JIT::emit_op_create_this):
1045         * jit/JITOpcodes32_64.cpp:
1046         (JSC::JIT::emit_op_instanceof):
1047         (JSC::JIT::emit_op_get_pnames):
1048         (JSC::JIT::emit_op_create_this):
1049
1050 2011-09-07  Sheriff Bot  <webkit.review.bot@gmail.com>
1051
1052         Unreviewed, rolling out r94627 and r94632.
1053         http://trac.webkit.org/changeset/94627
1054         http://trac.webkit.org/changeset/94632
1055         https://bugs.webkit.org/show_bug.cgi?id=67698
1056
1057         It broke tests on GTK and Qt (Requested by Ossy on #webkit).
1058
1059         * API/JSCallbackConstructor.cpp:
1060         (JSC::JSCallbackConstructor::JSCallbackConstructor):
1061         * API/JSCallbackConstructor.h:
1062         (JSC::JSCallbackConstructor::create):
1063         * API/JSCallbackFunction.cpp:
1064         (JSC::JSCallbackFunction::JSCallbackFunction):
1065         * API/JSCallbackFunction.h:
1066         * JavaScriptCore.exp:
1067         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1068         * debugger/DebuggerActivation.cpp:
1069         (JSC::DebuggerActivation::create):
1070         * debugger/DebuggerActivation.h:
1071         * jsc.cpp:
1072         (GlobalObject::constructorBody):
1073         (GlobalObject::GlobalObject):
1074         * runtime/ArrayConstructor.cpp:
1075         (JSC::ArrayConstructor::ArrayConstructor):
1076         * runtime/ArrayConstructor.h:
1077         * runtime/ArrayPrototype.cpp:
1078         (JSC::ArrayPrototype::ArrayPrototype):
1079         * runtime/ArrayPrototype.h:
1080         (JSC::ArrayPrototype::create):
1081         * runtime/BooleanConstructor.cpp:
1082         (JSC::BooleanConstructor::BooleanConstructor):
1083         * runtime/BooleanConstructor.h:
1084         * runtime/BooleanObject.cpp:
1085         (JSC::BooleanObject::BooleanObject):
1086         * runtime/BooleanObject.h:
1087         (JSC::BooleanObject::create):
1088         * runtime/BooleanPrototype.cpp:
1089         (JSC::BooleanPrototype::BooleanPrototype):
1090         * runtime/BooleanPrototype.h:
1091         * runtime/DateConstructor.cpp:
1092         (JSC::DateConstructor::DateConstructor):
1093         * runtime/DateConstructor.h:
1094         * runtime/DateInstance.cpp:
1095         (JSC::DateInstance::DateInstance):
1096         * runtime/DateInstance.h:
1097         (JSC::DateInstance::create):
1098         * runtime/DatePrototype.cpp:
1099         (JSC::DatePrototype::DatePrototype):
1100         * runtime/DatePrototype.h:
1101         * runtime/Error.cpp:
1102         (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
1103         * runtime/ErrorConstructor.cpp:
1104         (JSC::ErrorConstructor::ErrorConstructor):
1105         * runtime/ErrorConstructor.h:
1106         (JSC::ErrorConstructor::create):
1107         * runtime/ErrorPrototype.cpp:
1108         (JSC::ErrorPrototype::ErrorPrototype):
1109         * runtime/ErrorPrototype.h:
1110         (JSC::ErrorPrototype::create):
1111         * runtime/FunctionConstructor.cpp:
1112         (JSC::FunctionConstructor::FunctionConstructor):
1113         * runtime/FunctionConstructor.h:
1114         * runtime/FunctionPrototype.cpp:
1115         (JSC::FunctionPrototype::FunctionPrototype):
1116         * runtime/FunctionPrototype.h:
1117         * runtime/InternalFunction.cpp:
1118         (JSC::InternalFunction::InternalFunction):
1119         * runtime/InternalFunction.h:
1120         * runtime/JSActivation.cpp:
1121         (JSC::JSActivation::JSActivation):
1122         * runtime/JSActivation.h:
1123         (JSC::JSActivation::create):
1124         * runtime/JSGlobalObject.h:
1125         (JSC::JSGlobalObject::create):
1126         (JSC::JSGlobalObject::JSGlobalObject):
1127         * runtime/JSONObject.cpp:
1128         (JSC::JSONObject::JSONObject):
1129         * runtime/JSONObject.h:
1130         (JSC::JSONObject::create):
1131         * runtime/JSStaticScopeObject.h:
1132         (JSC::JSStaticScopeObject::create):
1133         (JSC::JSStaticScopeObject::JSStaticScopeObject):
1134         * runtime/JSString.cpp:
1135         (JSC::StringObject::create):
1136         * runtime/MathObject.cpp:
1137         (JSC::MathObject::MathObject):
1138         * runtime/MathObject.h:
1139         (JSC::MathObject::create):
1140         * runtime/NativeErrorConstructor.cpp:
1141         (JSC::NativeErrorConstructor::NativeErrorConstructor):
1142         * runtime/NativeErrorConstructor.h:
1143         (JSC::NativeErrorConstructor::constructorBody):
1144         * runtime/NativeErrorPrototype.cpp:
1145         (JSC::NativeErrorPrototype::NativeErrorPrototype):
1146         (JSC::NativeErrorPrototype::constructorBody):
1147         * runtime/NativeErrorPrototype.h:
1148         * runtime/NumberConstructor.cpp:
1149         (JSC::NumberConstructor::NumberConstructor):
1150         * runtime/NumberConstructor.h:
1151         * runtime/NumberObject.cpp:
1152         (JSC::NumberObject::NumberObject):
1153         * runtime/NumberObject.h:
1154         (JSC::NumberObject::create):
1155         * runtime/NumberPrototype.cpp:
1156         (JSC::NumberPrototype::NumberPrototype):
1157         * runtime/NumberPrototype.h:
1158         * runtime/ObjectConstructor.cpp:
1159         (JSC::ObjectConstructor::ObjectConstructor):
1160         * runtime/ObjectConstructor.h:
1161         * runtime/RegExpConstructor.cpp:
1162         (JSC::RegExpConstructor::RegExpConstructor):
1163         (JSC::RegExpMatchesArray::RegExpMatchesArray):
1164         * runtime/RegExpConstructor.h:
1165         * runtime/RegExpMatchesArray.h:
1166         (JSC::RegExpMatchesArray::create):
1167         * runtime/RegExpObject.cpp:
1168         (JSC::RegExpObject::RegExpObject):
1169         * runtime/RegExpObject.h:
1170         (JSC::RegExpObject::create):
1171         * runtime/RegExpPrototype.cpp:
1172         (JSC::RegExpPrototype::RegExpPrototype):
1173         * runtime/StringConstructor.cpp:
1174         (JSC::StringConstructor::StringConstructor):
1175         * runtime/StringConstructor.h:
1176         * runtime/StringObject.cpp:
1177         (JSC::StringObject::StringObject):
1178         * runtime/StringObject.h:
1179         (JSC::StringObject::create):
1180         * runtime/StringObjectThatMasqueradesAsUndefined.h:
1181         (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
1182         * runtime/StringPrototype.cpp:
1183         (JSC::StringPrototype::StringPrototype):
1184         * runtime/StringPrototype.h:
1185
1186 2011-09-06  Xianzhu Wang  <wangxianzhu@chromium.org>
1187
1188         Replace usages of Vector<UChar> with existing StringBuilder
1189         https://bugs.webkit.org/show_bug.cgi?id=67079
1190
1191         Reviewed by Gavin Barraclough.
1192
1193         This is part of work to support 8-bit string buffers.
1194         Adds StringBuilder::characters() because the original Vector<UChar>::data()
1195         is widely used.
1196         Sets the minimum size of buffer to 16 to prevent possible performance
1197         regression. Further performance investigation should be done in
1198         https://bugs.webkit.org/show_bug.cgi?id=67084.
1199
1200         * wtf/Forward.h:
1201         * wtf/text/StringBuilder.cpp:
1202         (WTF::StringBuilder::appendUninitialized): Sets minimum buffer size to 16 bytes.
1203         * wtf/text/StringBuilder.h:
1204         (WTF::StringBuilder::operator[]):
1205         (WTF::StringBuilder::characters): Added.
1206
1207 2011-09-06  Mark Hahnenberg  <mhahnenberg@apple.com>
1208
1209         Fix broken snow leopard build
1210         https://bugs.webkit.org/show_bug.cgi?id=67693
1211
1212         Reviewed by Daniel Bates.
1213
1214         Removed unnecessary symbol export.
1215
1216         * JavaScriptCore.exp:
1217
1218 2011-09-06  Filip Pizlo  <fpizlo@apple.com>
1219
1220         DFG JIT does not optimize booleans
1221         https://bugs.webkit.org/show_bug.cgi?id=67670
1222
1223         Reviewed by Gavin Barraclough.
1224         
1225         This adds boolean value profiling, boolean prediction in the DFG,
1226         boolean forward flow propagation in the DFGPropagator, boolean
1227         data format in DFG generation info, and comprehensive optimizations
1228         based on both boolean prediction and boolean generation info.
1229         This is brings the speed-up on v8-richards to 12%, and gives slight
1230         speed-ups elsewhere as well.
1231         
1232         Making this work right required navigating some subtleties in
1233         value profiling.  Some functions get compiled with insufficient
1234         information because some important path of the function never
1235         executed.  In these cases, we wish to fall back on static
1236         speculation.  But to do so, we need to ensure that predictions that
1237         are inherent in the code (like that GetById almost certainly takes
1238         a cell operand) are reflected in predictions that we make in
1239         DFGPropagator.  Thus, DFGPropagator now does both backward and
1240         forward flow, using a both forward and backward fixpoint.
1241         
1242         The backward flow in DFGPropagator is a separate static analysis,
1243         and needs to keep a set of backward flow abstract values for
1244         variables, arguments, and globals.  To make this easy, this patch
1245         factors out DFGGraph's prediction tracking capability into
1246         DFGPredictionTracker, which now gets used by both DFGGraph (for
1247         forward flow predictions) and DFGPropagator (for backward flow
1248         predictions).  Backward flow predictions eventually get merged
1249         into forward flow ones, but the two are not equivalent: a forward
1250         flow prediction is a superset of the backward flow prediction.
1251         
1252         Debugging these prediction issues required a better understanding
1253         of where we fail speculation, and what our value predictions look
1254         like.  This patch also adds optional verbose speculation failure
1255         (so an informative printf fires whenever speculation failure occurs)
1256         and slight improvements to the verbosity in other places.
1257
1258         * bytecode/ValueProfile.h:
1259         (JSC::ValueProfile::numberOfBooleans):
1260         (JSC::ValueProfile::probabilityOfBoolean):
1261         (JSC::ValueProfile::dump):
1262         (JSC::ValueProfile::computeStatistics):
1263         * dfg/DFGByteCodeParser.cpp:
1264         (JSC::DFG::ByteCodeParser::stronglyPredict):
1265         (JSC::DFG::ByteCodeParser::parseBlock):
1266         * dfg/DFGGenerationInfo.h:
1267         (JSC::DFG::dataFormatToString):
1268         (JSC::DFG::needDataFormatConversion):
1269         * dfg/DFGGraph.cpp:
1270         (JSC::DFG::Graph::dump):
1271         (JSC::DFG::Graph::predictArgumentTypes):
1272         * dfg/DFGGraph.h:
1273         (JSC::DFG::Graph::Graph):
1274         (JSC::DFG::Graph::predictions):
1275         (JSC::DFG::Graph::predict):
1276         (JSC::DFG::Graph::predictGlobalVar):
1277         (JSC::DFG::Graph::getPrediction):
1278         (JSC::DFG::Graph::getGlobalVarPrediction):
1279         (JSC::DFG::Graph::isBooleanConstant):
1280         (JSC::DFG::Graph::valueOfBooleanConstant):
1281         * dfg/DFGJITCodeGenerator.cpp:
1282         (JSC::DFG::JITCodeGenerator::fillInteger):
1283         (JSC::DFG::JITCodeGenerator::fillDouble):
1284         (JSC::DFG::JITCodeGenerator::fillJSValue):
1285         (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
1286         (JSC::DFG::JITCodeGenerator::isKnownBoolean):
1287         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
1288         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
1289         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
1290         (JSC::DFG::JITCodeGenerator::emitBranch):
1291         (JSC::DFG::JITCodeGenerator::speculationCheck):
1292         (JSC::DFG::GPRTemporary::GPRTemporary):
1293         * dfg/DFGJITCodeGenerator.h:
1294         (JSC::DFG::JITCodeGenerator::isBooleanConstant):
1295         (JSC::DFG::JITCodeGenerator::valueOfBooleanConstant):
1296         * dfg/DFGJITCompiler.cpp:
1297         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
1298         (JSC::DFG::JITCompiler::link):
1299         * dfg/DFGJITCompiler.h:
1300         (JSC::DFG::JITCompiler::debugCall):
1301         (JSC::DFG::JITCompiler::isBooleanConstant):
1302         (JSC::DFG::JITCompiler::valueOfBooleanConstant):
1303         * dfg/DFGNode.h:
1304         (JSC::DFG::isBooleanPrediction):
1305         (JSC::DFG::predictionToString):
1306         (JSC::DFG::mergePredictions):
1307         (JSC::DFG::makePrediction):
1308         (JSC::DFG::Node::isBooleanConstant):
1309         (JSC::DFG::Node::valueOfBooleanConstant):
1310         (JSC::DFG::Node::hasBooleanResult):
1311         (JSC::DFG::Node::hasNumericResult):
1312         (JSC::DFG::Node::predict):
1313         * dfg/DFGOperations.cpp:
1314         * dfg/DFGOperations.h:
1315         * dfg/DFGPredictionTracker.h: Added.
1316         (JSC::DFG::operandIsArgument):
1317         (JSC::DFG::PredictionSlot::PredictionSlot):
1318         (JSC::DFG::PredictionTracker::PredictionTracker):
1319         (JSC::DFG::PredictionTracker::initializeSimilarTo):
1320         (JSC::DFG::PredictionTracker::numberOfArguments):
1321         (JSC::DFG::PredictionTracker::numberOfVariables):
1322         (JSC::DFG::PredictionTracker::argumentIndexForOperand):
1323         (JSC::DFG::PredictionTracker::predictArgument):
1324         (JSC::DFG::PredictionTracker::predict):
1325         (JSC::DFG::PredictionTracker::predictGlobalVar):
1326         (JSC::DFG::PredictionTracker::getArgumentPrediction):
1327         (JSC::DFG::PredictionTracker::getPrediction):
1328         (JSC::DFG::PredictionTracker::getGlobalVarPrediction):
1329         * dfg/DFGPropagator.cpp:
1330         (JSC::DFG::Propagator::Propagator):
1331         (JSC::DFG::Propagator::fixpoint):
1332         (JSC::DFG::Propagator::setPrediction):
1333         (JSC::DFG::Propagator::mergeUse):
1334         (JSC::DFG::Propagator::mergePrediction):
1335         (JSC::DFG::Propagator::propagateNode):
1336         * dfg/DFGSpeculativeJIT.cpp:
1337         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1338         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1339         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1340         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1341         (JSC::DFG::SpeculativeJIT::compare):
1342         (JSC::DFG::SpeculativeJIT::compile):
1343         * dfg/DFGSpeculativeJIT.h:
1344         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
1345         (JSC::DFG::SpeculateBooleanOperand::~SpeculateBooleanOperand):
1346         (JSC::DFG::SpeculateBooleanOperand::index):
1347         (JSC::DFG::SpeculateBooleanOperand::gpr):
1348         (JSC::DFG::SpeculateBooleanOperand::use):
1349         * runtime/JSGlobalData.h:
1350         * runtime/JSValue.cpp:
1351         (JSC::JSValue::description):
1352
1353 2011-09-06  Mark Hahnenberg  <mhahnenberg@apple.com>
1354
1355         Unzip initialization lists and constructors in JSCell hierarchy (5/7)
1356         https://bugs.webkit.org/show_bug.cgi?id=67420
1357
1358         Reviewed by Geoffrey Garen.
1359
1360         Completed the fifth level of the refactoring to add finishCreation() 
1361         methods to all classes within the JSCell hierarchy with non-trivial 
1362         constructor bodies.
1363
1364         This primarily consists of pushing the calls to finishCreation() down 
1365         into the constructors of the subclasses of the second level of the hierarchy 
1366         as well as pulling the finishCreation() calls out into the class's corresponding
1367         create() method if it has one.  Doing both simultaneously allows us to 
1368         maintain the invariant that the finishCreation() method chain is called exactly 
1369         once during the creation of an object, since calling it any other number of 
1370         times (0, 2, or more) will cause an assertion failure.
1371
1372         * API/JSCallbackConstructor.cpp:
1373         (JSC::JSCallbackConstructor::JSCallbackConstructor):
1374         * API/JSCallbackConstructor.h:
1375         (JSC::JSCallbackConstructor::create):
1376         * API/JSCallbackFunction.cpp:
1377         (JSC::JSCallbackFunction::JSCallbackFunction):
1378         (JSC::JSCallbackFunction::finishCreation):
1379         * API/JSCallbackFunction.h:
1380         * JavaScriptCore.exp:
1381         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1382         * debugger/DebuggerActivation.cpp:
1383         * debugger/DebuggerActivation.h:
1384         (JSC::DebuggerActivation::create):
1385         * jsc.cpp:
1386         (GlobalObject::finishCreation):
1387         (GlobalObject::GlobalObject):
1388         * runtime/ArrayConstructor.cpp:
1389         (JSC::ArrayConstructor::ArrayConstructor):
1390         (JSC::ArrayConstructor::finishCreation):
1391         * runtime/ArrayConstructor.h:
1392         * runtime/ArrayPrototype.cpp:
1393         (JSC::ArrayPrototype::ArrayPrototype):
1394         * runtime/ArrayPrototype.h:
1395         (JSC::ArrayPrototype::create):
1396         * runtime/BooleanConstructor.cpp:
1397         (JSC::BooleanConstructor::BooleanConstructor):
1398         (JSC::BooleanConstructor::finishCreation):
1399         * runtime/BooleanConstructor.h:
1400         * runtime/BooleanObject.cpp:
1401         (JSC::BooleanObject::BooleanObject):
1402         * runtime/BooleanObject.h:
1403         (JSC::BooleanObject::create):
1404         * runtime/BooleanPrototype.cpp:
1405         (JSC::BooleanPrototype::BooleanPrototype):
1406         (JSC::BooleanPrototype::finishCreation):
1407         * runtime/BooleanPrototype.h:
1408         * runtime/DateConstructor.cpp:
1409         (JSC::DateConstructor::DateConstructor):
1410         (JSC::DateConstructor::finishCreation):
1411         * runtime/DateConstructor.h:
1412         * runtime/DateInstance.cpp:
1413         (JSC::DateInstance::DateInstance):
1414         * runtime/DateInstance.h:
1415         (JSC::DateInstance::create):
1416         * runtime/DatePrototype.cpp:
1417         (JSC::DatePrototype::DatePrototype):
1418         (JSC::DatePrototype::finishCreation):
1419         * runtime/DatePrototype.h:
1420         * runtime/Error.cpp:
1421         (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
1422         * runtime/ErrorConstructor.cpp:
1423         (JSC::ErrorConstructor::ErrorConstructor):
1424         (JSC::ErrorConstructor::finishCreation):
1425         * runtime/ErrorConstructor.h:
1426         * runtime/ErrorPrototype.cpp:
1427         (JSC::ErrorPrototype::ErrorPrototype):
1428         * runtime/ErrorPrototype.h:
1429         (JSC::ErrorPrototype::create):
1430         * runtime/FunctionConstructor.cpp:
1431         (JSC::FunctionConstructor::FunctionConstructor):
1432         (JSC::FunctionConstructor::finishCreation):
1433         * runtime/FunctionConstructor.h:
1434         * runtime/FunctionPrototype.cpp:
1435         (JSC::FunctionPrototype::FunctionPrototype):
1436         (JSC::FunctionPrototype::finishCreation):
1437         * runtime/FunctionPrototype.h:
1438         * runtime/InternalFunction.cpp:
1439         (JSC::InternalFunction::InternalFunction):
1440         * runtime/InternalFunction.h:
1441         * runtime/JSActivation.cpp:
1442         (JSC::JSActivation::JSActivation):
1443         * runtime/JSActivation.h:
1444         (JSC::JSActivation::create):
1445         * runtime/JSGlobalObject.h:
1446         (JSC::JSGlobalObject::create):
1447         (JSC::JSGlobalObject::JSGlobalObject):
1448         * runtime/JSONObject.cpp:
1449         (JSC::JSONObject::JSONObject):
1450         * runtime/JSONObject.h:
1451         (JSC::JSONObject::create):
1452         * runtime/JSStaticScopeObject.h:
1453         (JSC::JSStaticScopeObject::create):
1454         (JSC::JSStaticScopeObject::JSStaticScopeObject):
1455         * runtime/JSString.cpp:
1456         (JSC::StringObject::create):
1457         * runtime/MathObject.cpp:
1458         (JSC::MathObject::MathObject):
1459         * runtime/MathObject.h:
1460         (JSC::MathObject::create):
1461         * runtime/NativeErrorConstructor.cpp:
1462         (JSC::NativeErrorConstructor::NativeErrorConstructor):
1463         * runtime/NativeErrorConstructor.h:
1464         (JSC::NativeErrorConstructor::finishCreation):
1465         * runtime/NativeErrorPrototype.cpp:
1466         (JSC::NativeErrorPrototype::NativeErrorPrototype):
1467         (JSC::NativeErrorPrototype::finishCreation):
1468         * runtime/NativeErrorPrototype.h:
1469         * runtime/NumberConstructor.cpp:
1470         (JSC::NumberConstructor::NumberConstructor):
1471         (JSC::NumberConstructor::finishCreation):
1472         * runtime/NumberConstructor.h:
1473         * runtime/NumberObject.cpp:
1474         (JSC::NumberObject::NumberObject):
1475         * runtime/NumberObject.h:
1476         (JSC::NumberObject::create):
1477         * runtime/NumberPrototype.cpp:
1478         (JSC::NumberPrototype::NumberPrototype):
1479         (JSC::NumberPrototype::finishCreation):
1480         * runtime/NumberPrototype.h:
1481         * runtime/ObjectConstructor.cpp:
1482         (JSC::ObjectConstructor::ObjectConstructor):
1483         (JSC::ObjectConstructor::finishCreation):
1484         * runtime/ObjectConstructor.h:
1485         * runtime/RegExpConstructor.cpp:
1486         (JSC::RegExpConstructor::RegExpConstructor):
1487         (JSC::RegExpConstructor::finishCreation):
1488         (JSC::RegExpMatchesArray::RegExpMatchesArray):
1489         * runtime/RegExpConstructor.h:
1490         * runtime/RegExpMatchesArray.h:
1491         (JSC::RegExpMatchesArray::create):
1492         * runtime/RegExpObject.cpp:
1493         (JSC::RegExpObject::RegExpObject):
1494         * runtime/RegExpObject.h:
1495         (JSC::RegExpObject::create):
1496         * runtime/RegExpPrototype.cpp:
1497         (JSC::RegExpPrototype::RegExpPrototype):
1498         * runtime/StringConstructor.cpp:
1499         (JSC::StringConstructor::StringConstructor):
1500         (JSC::StringConstructor::finishCreation):
1501         * runtime/StringConstructor.h:
1502         * runtime/StringObject.cpp:
1503         (JSC::StringObject::StringObject):
1504         * runtime/StringObject.h:
1505         (JSC::StringObject::create):
1506         * runtime/StringObjectThatMasqueradesAsUndefined.h:
1507         (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
1508         * runtime/StringPrototype.cpp:
1509         (JSC::StringPrototype::StringPrototype):
1510         (JSC::StringPrototype::finishCreation):
1511         * runtime/StringPrototype.h:
1512
1513 2011-09-06  Filip Pizlo  <fpizlo@apple.com>
1514
1515         Accessibility tests crashing in BasicRawSentinelNode code
1516         https://bugs.webkit.org/show_bug.cgi?id=67682
1517
1518         Reviewed by Geoffrey Garen.
1519         
1520         A CodeBlock should ensure that no other CodeBlocks have references to it after
1521         it is destroyed.
1522
1523         * bytecode/CodeBlock.cpp:
1524         (JSC::CodeBlock::~CodeBlock):
1525
1526 2011-09-06  Yong Li  <yoli@rim.com>
1527
1528         https://bugs.webkit.org/show_bug.cgi?id=67486
1529         This reverts r65993 which gives wrong results for rshift
1530         in some corner cases (see the test).
1531
1532         Reviewed by Gavin Barraclough.
1533
1534         New test: fast/js/floating-point-truncate-rshift.html
1535
1536         * assembler/ARMAssembler.h:
1537         * assembler/MacroAssemblerARM.h:
1538         (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
1539         (JSC::MacroAssemblerARM::branchTruncateDoubleToInt32):
1540
1541 2011-09-06  Filip Pizlo  <fpizlo@apple.com>
1542
1543         Unreviewed build fix for r94559.
1544         
1545         Marked the relevant parameters as unused if !ENABLE(JIT), and surrounded
1546         new out-of-line JIT-specific method definitions with !ENABLE(JIT).
1547
1548         * bytecode/CodeBlock.cpp:
1549         * runtime/Executable.cpp:
1550         (JSC::EvalExecutable::compileInternal):
1551         (JSC::ProgramExecutable::compileInternal):
1552         (JSC::FunctionExecutable::compileForCallInternal):
1553
1554 2011-09-06  Mark Hahnenberg  <mhahnenberg@apple.com>
1555
1556         Fix broken PPC build due to new dtoa library
1557         https://bugs.webkit.org/show_bug.cgi?id=67654
1558
1559         Reviewed by Dan Bernstein.
1560
1561         Added condition for PPC in the new dtoa compatibility check so that
1562         building won't fail.
1563
1564         * wtf/dtoa/utils.h:
1565
1566 2011-09-05  Oliver Hunt  <oliver@apple.com>
1567
1568         An object's structure should reference the global object responsible for its creation
1569         https://bugs.webkit.org/show_bug.cgi?id=67624
1570
1571         Reviewed by Gavin Barraclough.
1572
1573         Add a reference to a GlobalObject to Structure, and update all calls to
1574         Structure::create() to pass the global object that is the origin for that
1575         structure.  For objects where the appropriate global object isn't available
1576         at construction time (global object prototypes, etc), or objects that
1577         logically don't have a global object (strings, etc) we just pass null.
1578
1579         This change is largely mechanical (passing a new globalObject parameter
1580         around).
1581
1582         * API/JSCallbackConstructor.h:
1583         (JSC::JSCallbackConstructor::createStructure):
1584         * API/JSCallbackFunction.h:
1585         (JSC::JSCallbackFunction::createStructure):
1586         * API/JSCallbackObject.h:
1587         (JSC::JSCallbackObject::createStructure):
1588         * API/JSContextRef.cpp:
1589         * JavaScriptCore.exp:
1590         * debugger/DebuggerActivation.h:
1591         (JSC::DebuggerActivation::createStructure):
1592         * runtime/Arguments.h:
1593         (JSC::Arguments::createStructure):
1594         * runtime/ArrayConstructor.h:
1595         (JSC::ArrayConstructor::createStructure):
1596         * runtime/ArrayPrototype.h:
1597         (JSC::ArrayPrototype::createStructure):
1598         * runtime/BooleanObject.h:
1599         (JSC::BooleanObject::createStructure):
1600         * runtime/BooleanPrototype.h:
1601         (JSC::BooleanPrototype::createStructure):
1602         * runtime/DateConstructor.h:
1603         (JSC::DateConstructor::createStructure):
1604         * runtime/DateInstance.h:
1605         (JSC::DateInstance::createStructure):
1606         * runtime/DatePrototype.h:
1607         (JSC::DatePrototype::createStructure):
1608         * runtime/ErrorInstance.h:
1609         (JSC::ErrorInstance::createStructure):
1610         * runtime/ErrorPrototype.h:
1611         (JSC::ErrorPrototype::createStructure):
1612         * runtime/Executable.h:
1613         (JSC::ExecutableBase::createStructure):
1614         (JSC::NativeExecutable::createStructure):
1615         (JSC::EvalExecutable::createStructure):
1616         (JSC::ProgramExecutable::createStructure):
1617         (JSC::FunctionExecutable::createStructure):
1618         * runtime/FunctionPrototype.h:
1619         (JSC::FunctionPrototype::createStructure):
1620         * runtime/GetterSetter.h:
1621         (JSC::GetterSetter::createStructure):
1622         * runtime/InternalFunction.h:
1623         (JSC::InternalFunction::createStructure):
1624         * runtime/JSAPIValueWrapper.h:
1625         (JSC::JSAPIValueWrapper::createStructure):
1626         * runtime/JSActivation.h:
1627         (JSC::JSActivation::createStructure):
1628         * runtime/JSArray.h:
1629         (JSC::JSArray::createStructure):
1630         * runtime/JSByteArray.cpp:
1631         (JSC::JSByteArray::createStructure):
1632         * runtime/JSByteArray.h:
1633         * runtime/JSFunction.h:
1634         (JSC::JSFunction::createStructure):
1635         * runtime/JSGlobalData.cpp:
1636         (JSC::JSGlobalData::JSGlobalData):
1637         * runtime/JSGlobalObject.cpp:
1638         (JSC::JSGlobalObject::reset):
1639         * runtime/JSGlobalObject.h:
1640         (JSC::JSGlobalObject::finishCreation):
1641         (JSC::JSGlobalObject::createStructure):
1642         * runtime/JSNotAnObject.h:
1643         (JSC::JSNotAnObject::createStructure):
1644         * runtime/JSONObject.h:
1645         (JSC::JSONObject::createStructure):
1646         * runtime/JSObject.cpp:
1647         (JSC::JSObject::createInheritorID):
1648         * runtime/JSObject.h:
1649         (JSC::JSObject::createStructure):
1650         (JSC::JSNonFinalObject::createStructure):
1651         (JSC::JSFinalObject::createStructure):
1652         (JSC::createEmptyObjectStructure):
1653         * runtime/JSObjectWithGlobalObject.h:
1654         (JSC::JSObjectWithGlobalObject::createStructure):
1655         * runtime/JSPropertyNameIterator.h:
1656         (JSC::JSPropertyNameIterator::createStructure):
1657         * runtime/JSStaticScopeObject.h:
1658         (JSC::JSStaticScopeObject::createStructure):
1659         * runtime/JSString.h:
1660         (JSC::RopeBuilder::createStructure):
1661         * runtime/JSVariableObject.h:
1662         (JSC::JSVariableObject::createStructure):
1663         * runtime/JSWrapperObject.h:
1664         (JSC::JSWrapperObject::createStructure):
1665         * runtime/MathObject.h:
1666         (JSC::MathObject::createStructure):
1667         * runtime/NativeErrorConstructor.h:
1668         (JSC::NativeErrorConstructor::createStructure):
1669         (JSC::NativeErrorConstructor::constructorBody):
1670         * runtime/NumberConstructor.h:
1671         (JSC::NumberConstructor::createStructure):
1672         * runtime/NumberObject.h:
1673         (JSC::NumberObject::createStructure):
1674         * runtime/NumberPrototype.h:
1675         (JSC::NumberPrototype::createStructure):
1676         * runtime/ObjectConstructor.h:
1677         (JSC::ObjectConstructor::createStructure):
1678         * runtime/ObjectPrototype.h:
1679         (JSC::ObjectPrototype::createStructure):
1680         * runtime/RegExp.h:
1681         (JSC::RegExp::createStructure):
1682         * runtime/RegExpConstructor.h:
1683         (JSC::RegExpConstructor::createStructure):
1684         * runtime/RegExpObject.h:
1685         (JSC::RegExpObject::createStructure):
1686         * runtime/RegExpPrototype.h:
1687         (JSC::RegExpPrototype::createStructure):
1688         * runtime/ScopeChain.h:
1689         (JSC::ScopeChainNode::createStructure):
1690         * runtime/StrictEvalActivation.h:
1691         (JSC::StrictEvalActivation::createStructure):
1692         * runtime/StringConstructor.h:
1693         (JSC::StringConstructor::createStructure):
1694         * runtime/StringObject.h:
1695         (JSC::StringObject::createStructure):
1696         * runtime/StringObjectThatMasqueradesAsUndefined.h:
1697         (JSC::StringObjectThatMasqueradesAsUndefined::create):
1698         (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
1699         * runtime/StringPrototype.h:
1700         (JSC::StringPrototype::createStructure):
1701         * runtime/Structure.cpp:
1702         (JSC::Structure::Structure):
1703         (JSC::Structure::visitChildren):
1704         * runtime/Structure.h:
1705         (JSC::Structure::create):
1706         (JSC::Structure::globalObject):
1707         (JSC::Structure::setGlobalObject):
1708         * runtime/StructureChain.h:
1709         (JSC::StructureChain::createStructure):
1710
1711 2011-09-06  Michael Saboff  <msaboff@apple.com>
1712
1713         Add windows changes for JSC:RegExp functional tests
1714         https://bugs.webkit.org/show_bug.cgi?id=67521
1715
1716         Windows build changes for regular expression functional test.
1717
1718         Rubber-stamped by Gavin Barraclough.
1719
1720         * JavaScriptCore.vcproj/JavaScriptCore.sln:
1721         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1722         * JavaScriptCore.vcproj/testRegExp: Added.
1723         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: Added.
1724         * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Added.
1725         * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops: Added.
1726         * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops: Added.
1727         * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops: Added.
1728         * JavaScriptCore.vcproj/testRegExp/testRegExpPostBuild.cmd: Added.
1729         * JavaScriptCore.vcproj/testRegExp/testRegExpPreBuild.cmd: Added.
1730         * JavaScriptCore.vcproj/testRegExp/testRegExpPreLink.cmd: Added.
1731         * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops: Added.
1732         * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops: Added.
1733         * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops: Added.
1734         * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: Added.
1735
1736 2011-09-06  Filip Pizlo  <fpizlo@apple.com>
1737
1738         JavaScriptCore does not have tiered compilation
1739         https://bugs.webkit.org/show_bug.cgi?id=67176
1740
1741         Reviewed by Gavin Barraclough.
1742         
1743         This adds the ability to have multiple CodeBlocks associated with
1744         a particular role in an Executable.  These are stored in
1745         descending order of compiler tier.  CodeBlocks are optimized when
1746         a counter (m_executeCounter) that is incremented in loops and
1747         epilogues becomes positive.  Optimizing means that all calls to
1748         the old CodeBlock are unlinked.
1749         
1750         The DFG can now pull in predictions from ValueProfiles, and
1751         propagate them along the graph.  To support the new phase while
1752         maintaing some level of abstraction, a DFGDriver was introduced
1753         that encapsulates how to run the DFG compiler.
1754         
1755         This is turned off by default because it's not yet a performance
1756         win on all benchmarks.  It speeds up crypto and richards by
1757         10% and 6% respectively, but still does not do as good of a job
1758         as it could.  Notably, the DFG backend has not changed, and
1759         is largely oblivious to the new information being made available
1760         to it.
1761         
1762         When turned off (the default), this patch is performance neutral.
1763
1764         * CMakeLists.txt:
1765         * GNUmakefile.am:
1766         * GNUmakefile.list.am:
1767         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1768         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
1769         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
1770         * JavaScriptCore.xcodeproj/project.pbxproj:
1771         * assembler/MacroAssemblerX86.h:
1772         (JSC::MacroAssemblerX86::branchAdd32):
1773         * assembler/MacroAssemblerX86_64.h:
1774         (JSC::MacroAssemblerX86_64::branchAdd32):
1775         * bytecode/CodeBlock.cpp:
1776         (JSC::CodeBlock::CodeBlock):
1777         (JSC::CodeBlock::~CodeBlock):
1778         (JSC::CodeBlock::visitAggregate):
1779         (JSC::CallLinkInfo::unlink):
1780         (JSC::CodeBlock::unlinkCalls):
1781         (JSC::CodeBlock::unlinkIncomingCalls):
1782         (JSC::CodeBlock::clearEvalCache):
1783         (JSC::replaceExistingEntries):
1784         (JSC::CodeBlock::copyDataFromAlternative):
1785         (JSC::ProgramCodeBlock::replacement):
1786         (JSC::EvalCodeBlock::replacement):
1787         (JSC::FunctionCodeBlock::replacement):
1788         (JSC::ProgramCodeBlock::compileOptimized):
1789         (JSC::EvalCodeBlock::compileOptimized):
1790         (JSC::FunctionCodeBlock::compileOptimized):
1791         * bytecode/CodeBlock.h:
1792         (JSC::GlobalCodeBlock::GlobalCodeBlock):
1793         (JSC::ProgramCodeBlock::ProgramCodeBlock):
1794         (JSC::EvalCodeBlock::EvalCodeBlock):
1795         (JSC::FunctionCodeBlock::FunctionCodeBlock):
1796         * bytecode/ValueProfile.h:
1797         (JSC::ValueProfile::dump):
1798         (JSC::ValueProfile::computeStatistics):
1799         * bytecompiler/BytecodeGenerator.cpp:
1800         (JSC::BytecodeGenerator::BytecodeGenerator):
1801         * bytecompiler/BytecodeGenerator.h:
1802         * dfg/DFGByteCodeParser.cpp:
1803         (JSC::DFG::ByteCodeParser::ByteCodeParser):
1804         (JSC::DFG::ByteCodeParser::addCall):
1805         (JSC::DFG::ByteCodeParser::dynamicallyPredict):
1806         (JSC::DFG::ByteCodeParser::parseBlock):
1807         (JSC::DFG::parse):
1808         * dfg/DFGDriver.cpp: Added.
1809         (JSC::DFG::compile):
1810         (JSC::DFG::tryCompile):
1811         (JSC::DFG::tryCompileFunction):
1812         * dfg/DFGDriver.h: Added.
1813         (JSC::DFG::tryCompile):
1814         (JSC::DFG::tryCompileFunction):
1815         * dfg/DFGGraph.cpp:
1816         (JSC::DFG::Graph::dump):
1817         (JSC::DFG::Graph::predictArgumentTypes):
1818         * dfg/DFGGraph.h:
1819         (JSC::DFG::Graph::predict):
1820         (JSC::DFG::Graph::predictGlobalVar):
1821         (JSC::DFG::Graph::isConstant):
1822         (JSC::DFG::Graph::isJSConstant):
1823         (JSC::DFG::Graph::isInt32Constant):
1824         (JSC::DFG::Graph::isDoubleConstant):
1825         (JSC::DFG::Graph::valueOfJSConstant):
1826         (JSC::DFG::Graph::valueOfInt32Constant):
1827         (JSC::DFG::Graph::valueOfDoubleConstant):
1828         * dfg/DFGJITCompiler.cpp:
1829         (JSC::DFG::JITCompiler::link):
1830         * dfg/DFGJITCompiler.h:
1831         (JSC::DFG::JITCompiler::isConstant):
1832         (JSC::DFG::JITCompiler::isJSConstant):
1833         (JSC::DFG::JITCompiler::isInt32Constant):
1834         (JSC::DFG::JITCompiler::isDoubleConstant):
1835         (JSC::DFG::JITCompiler::valueOfJSConstant):
1836         (JSC::DFG::JITCompiler::valueOfInt32Constant):
1837         (JSC::DFG::JITCompiler::valueOfDoubleConstant):
1838         * dfg/DFGNode.h:
1839         (JSC::DFG::isCellPrediction):
1840         (JSC::DFG::isNumberPrediction):
1841         (JSC::DFG::predictionToString):
1842         (JSC::DFG::mergePrediction):
1843         (JSC::DFG::makePrediction):
1844         (JSC::DFG::Node::valueOfJSConstant):
1845         (JSC::DFG::Node::isInt32Constant):
1846         (JSC::DFG::Node::isDoubleConstant):
1847         (JSC::DFG::Node::valueOfInt32Constant):
1848         (JSC::DFG::Node::valueOfDoubleConstant):
1849         (JSC::DFG::Node::predict):
1850         * dfg/DFGPropagation.cpp: Added.
1851         (JSC::DFG::Propagator::Propagator):
1852         (JSC::DFG::Propagator::fixpoint):
1853         (JSC::DFG::Propagator::setPrediction):
1854         (JSC::DFG::Propagator::mergePrediction):
1855         (JSC::DFG::Propagator::propagateNode):
1856         (JSC::DFG::Propagator::propagateForward):
1857         (JSC::DFG::Propagator::propagateBackward):
1858         (JSC::DFG::propagate):
1859         * dfg/DFGPropagation.h: Added.
1860         (JSC::DFG::propagate):
1861         * dfg/DFGRepatch.cpp:
1862         (JSC::DFG::dfgLinkFor):
1863         * heap/HandleHeap.h:
1864         (JSC::HandleHeap::Node::Node):
1865         * jit/JIT.cpp:
1866         (JSC::JIT::emitOptimizationCheck):
1867         (JSC::JIT::emitTimeoutCheck):
1868         (JSC::JIT::privateCompile):
1869         (JSC::JIT::linkFor):
1870         * jit/JIT.h:
1871         (JSC::JIT::emitOptimizationCheck):
1872         * jit/JITCall32_64.cpp:
1873         (JSC::JIT::emit_op_ret):
1874         (JSC::JIT::emit_op_ret_object_or_this):
1875         * jit/JITCode.h:
1876         (JSC::JITCode::JITCode):
1877         (JSC::JITCode::bottomTierJIT):
1878         (JSC::JITCode::topTierJIT):
1879         (JSC::JITCode::nextTierJIT):
1880         * jit/JITOpcodes.cpp:
1881         (JSC::JIT::emit_op_ret):
1882         (JSC::JIT::emit_op_ret_object_or_this):
1883         * jit/JITStubs.cpp:
1884         (JSC::DEFINE_STUB_FUNCTION):
1885         * jit/JITStubs.h:
1886         * runtime/Executable.cpp:
1887         (JSC::EvalExecutable::compileOptimized):
1888         (JSC::EvalExecutable::compileInternal):
1889         (JSC::ProgramExecutable::compileOptimized):
1890         (JSC::ProgramExecutable::compileInternal):
1891         (JSC::FunctionExecutable::compileOptimizedForCall):
1892         (JSC::FunctionExecutable::compileOptimizedForConstruct):
1893         (JSC::FunctionExecutable::compileForCallInternal):
1894         (JSC::FunctionExecutable::compileForConstructInternal):
1895         * runtime/Executable.h:
1896         (JSC::EvalExecutable::compile):
1897         (JSC::ProgramExecutable::compile):
1898         (JSC::FunctionExecutable::compileForCall):
1899         (JSC::FunctionExecutable::compileForConstruct):
1900         (JSC::FunctionExecutable::compileOptimizedFor):
1901         * wtf/Platform.h:
1902         * wtf/SentinelLinkedList.h:
1903         (WTF::BasicRawSentinelNode::BasicRawSentinelNode):
1904         (WTF::BasicRawSentinelNode::setPrev):
1905         (WTF::BasicRawSentinelNode::setNext):
1906         (WTF::BasicRawSentinelNode::prev):
1907         (WTF::BasicRawSentinelNode::next):
1908         (WTF::BasicRawSentinelNode::isOnList):
1909         (WTF::::remove):
1910         (WTF::::SentinelLinkedList):
1911         (WTF::::begin):
1912         (WTF::::end):
1913         (WTF::::push):
1914
1915 2011-09-05  Sheriff Bot  <webkit.review.bot@gmail.com>
1916
1917         Unreviewed, rolling out r94445 and r94448.
1918         http://trac.webkit.org/changeset/94445
1919         http://trac.webkit.org/changeset/94448
1920         https://bugs.webkit.org/show_bug.cgi?id=67595
1921
1922         It broke everything (Requested by ossy on #webkit).
1923
1924         * JavaScriptCore.exp:
1925         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1926         * heap/Heap.cpp:
1927         (JSC::Heap::collect):
1928         * heap/Heap.h:
1929         * heap/NewSpace.cpp:
1930         (JSC::NewSpace::NewSpace):
1931         * heap/NewSpace.h:
1932         * jit/JITStubs.cpp:
1933         (JSC::DEFINE_STUB_FUNCTION):
1934         * runtime/JSObject.cpp:
1935         (JSC::JSObject::allocatePropertyStorage):
1936         * runtime/JSObject.h:
1937         (JSC::JSObject::~JSObject):
1938         (JSC::JSObject::putDirectInternal):
1939         (JSC::JSObject::putDirectWithoutTransition):
1940         (JSC::JSObject::putDirectFunctionWithoutTransition):
1941         (JSC::JSObject::transitionTo):
1942         (JSC::JSObject::visitChildrenDirect):
1943
1944 2011-09-05  Patrick Gansterer  <paroga@webkit.org>
1945
1946         Unreviewed build fix for r94452.
1947
1948         Add config.h as the first header to the cc files as required by the coding style.
1949         Reuse macros from Assertions.h instead of adding addional #ifdefs.
1950
1951         * wtf/dtoa/bignum-dtoa.cc:
1952         * wtf/dtoa/bignum.cc:
1953         * wtf/dtoa/cached-powers.cc:
1954         * wtf/dtoa/diy-fp.cc:
1955         * wtf/dtoa/double-conversion.cc:
1956         * wtf/dtoa/fast-dtoa.cc:
1957         * wtf/dtoa/fixed-dtoa.cc:
1958         * wtf/dtoa/strtod.cc:
1959         * wtf/dtoa/utils.h:
1960
1961 2011-09-05  Andras Becsi  <andras.becsi@nokia.com>
1962
1963         [Qt][WK2] Fix the build
1964
1965         Rubber-stamped by Csaba Osztrogonác.
1966
1967         * wtf/dtoa/double-conversion.cc: Remove dead variable in file added in r94452.
1968         The variable fractional_part is only set but never used.
1969
1970 2011-09-04  Mark Hahnenberg  <mhahnenberg@apple.com>
1971
1972         REGRESSION (r94452): 20 http/tests tests failing on Qt Linux Release
1973         https://bugs.webkit.org/show_bug.cgi?id=67562
1974
1975         Reviewed by Darin Adler.
1976
1977         Fixing the build (again which was broken by the dtoa patch.  Needed 
1978         to make sure WTF::double_conversion::initialize() is called for Qt
1979         as well as adding a check for WinCE in dtoa/utils.h
1980
1981         * runtime/InitializeThreading.cpp:
1982         (JSC::initializeThreadingOnce):
1983         * wtf/dtoa/cached-powers.cc:
1984         * wtf/dtoa/utils.h:
1985
1986 2011-09-03  Filip Pizlo  <fpizlo@apple.com>
1987
1988         ThunkGenerators does not convert positive double zero into integer zero
1989         https://bugs.webkit.org/show_bug.cgi?id=67553
1990
1991         Reviewed by Gavin Barraclough.
1992         
1993         This is an 0.5% speed-up on V8 and neutral elsewhere.
1994
1995         * jit/SpecializedThunkJIT.h:
1996         (JSC::SpecializedThunkJIT::returnDouble):
1997
1998 2011-09-03  Kevin Ollivier  <kevino@theolliviers.com>
1999
2000         [wx] Unreviewed build fix. Add wtf/dtoa directory to build.
2001
2002         * wscript:
2003
2004 2011-09-03  Filip Pizlo  <fpizlo@apple.com>
2005
2006         DFG variable predictions only work for local variables, not temporaries
2007         https://bugs.webkit.org/show_bug.cgi?id=67554
2008
2009         Reviewed by Gavin Barraclough.
2010         
2011         This appears to be a slight speed-up in Kraken (0.3% but significant)
2012         and neutral elsewhere.
2013
2014         * dfg/DFGGraph.h:
2015         (JSC::DFG::Graph::predict):
2016
2017 2011-09-02  Filip Pizlo  <fpizlo@apple.com>
2018
2019         DFG JIT speculation failure does recovery of additions in reverse and
2020         doesn't rebox
2021         https://bugs.webkit.org/show_bug.cgi?id=67551
2022
2023         Reviewed by Sam Weinig.
2024
2025         * dfg/DFGJITCompiler.cpp:
2026         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
2027
2028 2011-09-02  Filip Pizlo  <fpizlo@apple.com>
2029
2030         ValueProfile does not make it safe to introspect cell values
2031         after garbage collection
2032         https://bugs.webkit.org/show_bug.cgi?id=67354
2033
2034         Reviewed by Gavin Barraclough.
2035         
2036         ValueProfile buckets are now weak references, implemented using a
2037         light-weight weak reference mechanism that this patch also adds (the
2038         WeakReferenceHarvester).  If a cell stored in a ValueProfile bucket
2039         is not marked, then the bucket is transformed into a Structure
2040         pointer.  If the Structure is not marked either, then it is turned
2041         into a ClassInfo pointer.
2042
2043         * JavaScriptCore.xcodeproj/project.pbxproj:
2044         * bytecode/CodeBlock.cpp:
2045         (JSC::CodeBlock::~CodeBlock):
2046         (JSC::CodeBlock::visitAggregate):
2047         (JSC::CodeBlock::visitWeakReferences):
2048         * bytecode/CodeBlock.h:
2049         * bytecode/ValueProfile.h:
2050         (JSC::ValueProfile::ValueProfile):
2051         (JSC::ValueProfile::classInfo):
2052         (JSC::ValueProfile::numberOfInt32s):
2053         (JSC::ValueProfile::numberOfDoubles):
2054         (JSC::ValueProfile::numberOfCells):
2055         (JSC::ValueProfile::numberOfArrays):
2056         (JSC::ValueProfile::probabilityOfArray):
2057         (JSC::ValueProfile::WeakBucket::WeakBucket):
2058         (JSC::ValueProfile::WeakBucket::operator!):
2059         (JSC::ValueProfile::WeakBucket::isEmpty):
2060         (JSC::ValueProfile::WeakBucket::isClassInfo):
2061         (JSC::ValueProfile::WeakBucket::isStructure):
2062         (JSC::ValueProfile::WeakBucket::asStructure):
2063         (JSC::ValueProfile::WeakBucket::asClassInfo):
2064         (JSC::ValueProfile::WeakBucket::getClassInfo):
2065         * heap/Heap.cpp:
2066         (JSC::Heap::harvestWeakReferences):
2067         (JSC::Heap::markRoots):
2068         * heap/Heap.h:
2069         * heap/MarkStack.cpp:
2070         (JSC::SlotVisitor::drain):
2071         (JSC::SlotVisitor::harvestWeakReferences):
2072         * heap/MarkStack.h:
2073         (JSC::MarkStack::addWeakReferenceHarvester):
2074         (JSC::MarkStack::MarkStack):
2075         (JSC::MarkStack::appendUnbarrieredPointer):
2076         * heap/SlotVisitor.h:
2077         * heap/WeakReferenceHarvester.h: Added.
2078         (JSC::WeakReferenceHarvester::WeakReferenceHarvester):
2079         (JSC::WeakReferenceHarvester::~WeakReferenceHarvester):
2080
2081 2011-09-02  Michael Saboff  <msaboff@apple.com>
2082
2083         Replace local implementation of string equals() methods with UString versions
2084         https://bugs.webkit.org/show_bug.cgi?id=67342
2085
2086         In preparation to allowing StringImpl to be backed by 8 bit 
2087         characters when appropriate, we need to eliminate or change the
2088         usage of StringImpl::characters(). Change the uses of characters()
2089         that are used to implement redundant equals() methods.
2090
2091         Reviewed by Gavin Barraclough.
2092
2093         * runtime/Identifier.cpp:
2094         (JSC::Identifier::equal):
2095         * runtime/Identifier.h:
2096         (JSC::Identifier::equal):
2097         * wtf/text/AtomicString.cpp:
2098         (WTF::CStringTranslator::equal): Moved an optimized method to here.
2099         (WTF::operator==):
2100         * wtf/text/StringImpl.cpp:
2101         (WTF::equal):
2102         * wtf/text/StringImpl.h:
2103
2104 2011-09-02  Michael Saboff  <msaboff@apple.com>
2105
2106         Add JSC:RegExp functional tests
2107         https://bugs.webkit.org/show_bug.cgi?id=67339
2108
2109         Added new test driver program (testRegExp) and corresponding data file
2110         along with build scripts changes.
2111
2112         Reviewed by Gavin Barraclough.
2113
2114         * JavaScriptCore.exp:
2115         * JavaScriptCore.xcodeproj/project.pbxproj:
2116         * testRegExp.cpp: Added.
2117         (Options::Options):
2118         (StopWatch::start):
2119         (StopWatch::stop):
2120         (StopWatch::getElapsedMS):
2121         (RegExpTest::RegExpTest):
2122         (GlobalObject::create):
2123         (GlobalObject::className):
2124         (GlobalObject::GlobalObject):
2125         (main):
2126         (cleanupGlobalData):
2127         (testOneRegExp):
2128         (scanString):
2129         (parseRegExpLine):
2130         (parseTestLine):
2131         (runFromFiles):
2132         (printUsageStatement):
2133         (parseArguments):
2134         (realMain):
2135         * tests/regexp: Added.
2136         * tests/regexp/RegExpTest.data: Added.
2137
2138 2011-09-02  Michael Saboff  <msaboff@apple.com>
2139
2140         Add JSC:RegExp functional test data generator
2141         https://bugs.webkit.org/show_bug.cgi?id=67519
2142
2143         Add a data generator for regular expressions.  To enable, change the
2144         #undef REGEXP_FUNC_TEST_DATA_GEN to #define.  Then compile and use
2145         regular expressions.  The resulting data will be in /tmp/RegExpTestsData.
2146
2147         Reviewed by Gavin Barraclough.
2148
2149         * runtime/RegExp.cpp:
2150         (JSC::regExpFlags):
2151         (JSC::RegExpFunctionalTestCollector::clearRegExp):
2152         (JSC::RegExpFunctionalTestCollector::get):
2153         (JSC::RegExpFunctionalTestCollector::outputOneTest):
2154         (JSC::RegExpFunctionalTestCollector::RegExpFunctionalTestCollector):
2155         (JSC::RegExpFunctionalTestCollector::~RegExpFunctionalTestCollector):
2156         (JSC::RegExpFunctionalTestCollector::outputEscapedUString):
2157         (JSC::RegExp::~RegExp):
2158         (JSC::RegExp::compile):
2159         (JSC::RegExp::match):
2160         (JSC::RegExp::matchCompareWithInterpreter):
2161
2162 2011-09-02  Mark Hahnenberg  <mhahnenberg@apple.com>
2163
2164         Fix the broken build due to dtoa patch
2165         https://bugs.webkit.org/show_bug.cgi?id=67534
2166
2167         Reviewed by Oliver Hunt.
2168
2169         Fixing the build.
2170
2171         * GNUmakefile.list.am:
2172         * wtf/dtoa/bignum.cc:
2173         * wtf/dtoa/fast-dtoa.cc:
2174         * wtf/dtoa/utils.h:
2175
2176 2011-09-02  Oliver Hunt  <oliver@apple.com>
2177
2178         Remove OldSpace classes
2179         https://bugs.webkit.org/show_bug.cgi?id=67533
2180
2181         Reviewed by Gavin Barraclough.
2182
2183         Remove the unused OldSpace classes
2184
2185         * CMakeLists.txt:
2186         * GNUmakefile.list.am:
2187         * JavaScriptCore.gypi:
2188         * JavaScriptCore.pro:
2189         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2190         * JavaScriptCore.xcodeproj/project.pbxproj:
2191         * heap/Heap.cpp:
2192         (JSC::Heap::writeBarrierSlowCase):
2193         * heap/MarkedBlock.h:
2194         * heap/OldSpace.cpp: Removed.
2195         * heap/OldSpace.h: Removed.
2196
2197 2011-09-02  James Robinson  <jamesr@chromium.org>
2198
2199         Compile fix for mac build.
2200
2201         * wtf/CheckedArithmetic.h:
2202         (WTF::operator+):
2203         (WTF::operator-):
2204         (WTF::operator*):
2205
2206 2011-08-30  Matthew Delaney  <mdelaney@apple.com>
2207
2208         Read out of bounds in sUnpremultiplyData_RGBA8888 / ImageBufferData::getData
2209         https://bugs.webkit.org/show_bug.cgi?id=65352
2210
2211         Reviewed by Simon Fraser.
2212
2213         New test: fast/canvas/canvas-getImageData-large-crash.html
2214
2215         This patch prevents overflows from happening in getImageData, createImageData, and canvas creation
2216         calls that specify widths and heights that end up overflowing the ints that we store those values in
2217         as well as derived values such as area and maxX / maxY of the bounding rects involved. Overflow of integer
2218         arithmetic is detected via the use of the new Checked type that was introduced in r94207. The change to JSC
2219         is just to add a new helper method described below.
2220
2221         * wtf/MathExtras.h:
2222         (isWithinIntRange): Reports if a float's value is within the range expressible by an int.
2223
2224 2011-09-02  Mark Hahnenberg  <mhahnenberg@apple.com>
2225
2226         Incorporate newer, faster dtoa library
2227         https://bugs.webkit.org/show_bug.cgi?id=66346
2228
2229         Reviewed by Oliver Hunt.
2230
2231         Added new dtoa library at http://code.google.com/p/double-conversion/.
2232         Replaced old call to dtoa.  The new library is much faster than the old one.
2233         We still use the old dtoa for some stuff in WebCore as well as the old strtod, 
2234         but we can phase these out eventually as well.
2235
2236         * GNUmakefile.list.am:
2237         * JavaScriptCore.exp:
2238         * JavaScriptCore.gypi:
2239         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2240         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2241         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
2242         * JavaScriptCore.xcodeproj/project.pbxproj:
2243         * runtime/InitializeThreading.cpp:
2244         * runtime/NumberPrototype.cpp:
2245         (JSC::numberProtoFuncToExponential):
2246         (JSC::numberProtoFuncToFixed):
2247         (JSC::numberProtoFuncToPrecision):
2248         * runtime/UString.cpp:
2249         (JSC::UString::number):
2250         * wtf/CMakeLists.txt:
2251         * wtf/ThreadingPthreads.cpp:
2252         (WTF::initializeThreading):
2253         * wtf/ThreadingWin.cpp:
2254         (WTF::initializeThreading):
2255         * wtf/dtoa.cpp:
2256         (WTF::dtoa):
2257         * wtf/dtoa.h:
2258         * wtf/dtoa/COPYING: Added.
2259         * wtf/dtoa/LICENSE: Added.
2260         * wtf/dtoa/README: Added.
2261         * wtf/dtoa/bignum-dtoa.cc: Added.
2262         * wtf/dtoa/bignum-dtoa.h: Added.
2263         * wtf/dtoa/bignum.cc: Added.
2264         * wtf/dtoa/bignum.h: Added.
2265         (WTF::double_conversion::Bignum::Times10):
2266         (WTF::double_conversion::Bignum::Equal):
2267         (WTF::double_conversion::Bignum::LessEqual):
2268         (WTF::double_conversion::Bignum::Less):
2269         (WTF::double_conversion::Bignum::PlusEqual):
2270         (WTF::double_conversion::Bignum::PlusLessEqual):
2271         (WTF::double_conversion::Bignum::PlusLess):
2272         (WTF::double_conversion::Bignum::EnsureCapacity):
2273         (WTF::double_conversion::Bignum::BigitLength):
2274         * wtf/dtoa/cached-powers.cc: Added.
2275         * wtf/dtoa/cached-powers.h: Added.
2276         * wtf/dtoa/diy-fp.cc: Added.
2277         * wtf/dtoa/diy-fp.h: Added.
2278         (WTF::double_conversion::DiyFp::DiyFp):
2279         (WTF::double_conversion::DiyFp::Subtract):
2280         (WTF::double_conversion::DiyFp::Minus):
2281         (WTF::double_conversion::DiyFp::Times):
2282         (WTF::double_conversion::DiyFp::Normalize):
2283         (WTF::double_conversion::DiyFp::f):
2284         (WTF::double_conversion::DiyFp::e):
2285         (WTF::double_conversion::DiyFp::set_f):
2286         (WTF::double_conversion::DiyFp::set_e):
2287         * wtf/dtoa/double-conversion.cc: Added.
2288         * wtf/dtoa/double-conversion.h: Added.
2289         (WTF::double_conversion::DoubleToStringConverter::DoubleToStringConverter):
2290         (WTF::double_conversion::StringToDoubleConverter::StringToDoubleConverter):
2291         * wtf/dtoa/double.h: Added.
2292         (WTF::double_conversion::double_to_uint64):
2293         (WTF::double_conversion::uint64_to_double):
2294         (WTF::double_conversion::Double::Double):
2295         (WTF::double_conversion::Double::AsDiyFp):
2296         (WTF::double_conversion::Double::AsNormalizedDiyFp):
2297         (WTF::double_conversion::Double::AsUint64):
2298         (WTF::double_conversion::Double::NextDouble):
2299         (WTF::double_conversion::Double::Exponent):
2300         (WTF::double_conversion::Double::Significand):
2301         (WTF::double_conversion::Double::IsDenormal):
2302         (WTF::double_conversion::Double::IsSpecial):
2303         (WTF::double_conversion::Double::IsNan):
2304         (WTF::double_conversion::Double::IsInfinite):
2305         (WTF::double_conversion::Double::Sign):
2306         (WTF::double_conversion::Double::UpperBoundary):
2307         (WTF::double_conversion::Double::NormalizedBoundaries):
2308         (WTF::double_conversion::Double::value):
2309         (WTF::double_conversion::Double::SignificandSizeForOrderOfMagnitude):
2310         (WTF::double_conversion::Double::Infinity):
2311         (WTF::double_conversion::Double::NaN):
2312         (WTF::double_conversion::Double::DiyFpToUint64):
2313         * wtf/dtoa/fast-dtoa.cc: Added.
2314         * wtf/dtoa/fast-dtoa.h: Added.
2315         * wtf/dtoa/fixed-dtoa.cc: Added.
2316         * wtf/dtoa/fixed-dtoa.h: Added.
2317         * wtf/dtoa/strtod.cc: Added.
2318         * wtf/dtoa/strtod.h: Added.
2319         * wtf/dtoa/utils.h: Added.
2320         (WTF::double_conversion::Max):
2321         (WTF::double_conversion::Min):
2322         (WTF::double_conversion::StrLength):
2323         (WTF::double_conversion::Vector::Vector):
2324         (WTF::double_conversion::Vector::SubVector):
2325         (WTF::double_conversion::Vector::length):
2326         (WTF::double_conversion::Vector::is_empty):
2327         (WTF::double_conversion::Vector::start):
2328         (WTF::double_conversion::Vector::operator[]):
2329         (WTF::double_conversion::Vector::first):
2330         (WTF::double_conversion::Vector::last):
2331         (WTF::double_conversion::StringBuilder::StringBuilder):
2332         (WTF::double_conversion::StringBuilder::~StringBuilder):
2333         (WTF::double_conversion::StringBuilder::size):
2334         (WTF::double_conversion::StringBuilder::position):
2335         (WTF::double_conversion::StringBuilder::Reset):
2336         (WTF::double_conversion::StringBuilder::AddCharacter):
2337         (WTF::double_conversion::StringBuilder::AddString):
2338         (WTF::double_conversion::StringBuilder::AddSubstring):
2339         (WTF::double_conversion::StringBuilder::AddPadding):
2340         (WTF::double_conversion::StringBuilder::Finalize):
2341         (WTF::double_conversion::StringBuilder::is_finalized):
2342         (WTF::double_conversion::BitCast):
2343         * wtf/wtf.pri:
2344
2345 2011-09-02  Filip Pizlo  <fpizlo@apple.com>
2346
2347         DFG graph has no way of distinguishing or reconciling between static
2348         and dynamic predictions
2349         https://bugs.webkit.org/show_bug.cgi?id=67343
2350
2351         Reviewed by Gavin Barraclough.
2352         
2353         PredictedType now stores the source of the prediction.  Merging predictions,
2354         which was previously done with a bitwise or, is now done via the
2355         mergePredictions (equivalent to |) and mergePrediction (equivalent to |=)
2356         functions, which correctly handle combinations of static and dynamic.
2357         
2358         This is performance-neutral, since all predictions are currently static and
2359         so the code has no visible effects.
2360
2361         * dfg/DFGByteCodeParser.cpp:
2362         (JSC::DFG::ByteCodeParser::set):
2363         (JSC::DFG::ByteCodeParser::staticallyPredictArray):
2364         (JSC::DFG::ByteCodeParser::staticallyPredictInt32):
2365         (JSC::DFG::ByteCodeParser::parseBlock):
2366         * dfg/DFGGraph.h:
2367         (JSC::DFG::Graph::predict):
2368         (JSC::DFG::Graph::predictGlobalVar):
2369         * dfg/DFGNode.h:
2370         (JSC::DFG::isArrayPrediction):
2371         (JSC::DFG::isInt32Prediction):
2372         (JSC::DFG::isDoublePrediction):
2373         (JSC::DFG::isDynamicPrediction):
2374         (JSC::DFG::mergePredictions):
2375         (JSC::DFG::mergePrediction):
2376         (JSC::DFG::makePrediction):
2377         (JSC::DFG::Node::predict):
2378
2379 2011-09-02  Oliver Hunt  <oliver@apple.com>
2380
2381         Fix 32bit build.
2382
2383         * heap/NewSpace.h:
2384         (JSC::NewSpace::allocatePropertyStorage):
2385         (JSC::NewSpace::inPropertyStorageNursery):
2386
2387 2011-09-02  Oliver Hunt  <oliver@apple.com>
2388
2389         Use bump allocator for initial property storage
2390         https://bugs.webkit.org/show_bug.cgi?id=67494
2391
2392         Reviewed by Gavin Barraclough.
2393
2394         Switch to a bump allocator for the initial out of line
2395         property storage.  This gives us slightly faster allocation
2396         for short lived objects that need out of line storage at
2397         the cost of an additional memcpy when the object survives
2398         a GC pass.
2399
2400         No performance impact.
2401
2402         * JavaScriptCore.exp:
2403         * heap/Heap.cpp:
2404         (JSC::Heap::collect):
2405         * heap/Heap.h:
2406         (JSC::Heap::allocatePropertyStorage):
2407         (JSC::Heap::inPropertyStorageNursary):
2408         * heap/NewSpace.cpp:
2409         (JSC::NewSpace::NewSpace):
2410         * heap/NewSpace.h:
2411         (JSC::NewSpace::resetPropertyStorageNursary):
2412         (JSC::NewSpace::allocatePropertyStorage):
2413         (JSC::NewSpace::inPropertyStorageNursary):
2414         * jit/JITStubs.cpp:
2415         (JSC::DEFINE_STUB_FUNCTION):
2416         * runtime/JSObject.cpp:
2417         (JSC::JSObject::allocatePropertyStorage):
2418         * runtime/JSObject.h:
2419         (JSC::JSObject::~JSObject):
2420         (JSC::JSObject::putDirectInternal):
2421         (JSC::JSObject::putDirectWithoutTransition):
2422         (JSC::JSObject::putDirectFunctionWithoutTransition):
2423         (JSC::JSObject::transitionTo):
2424         (JSC::JSObject::visitChildrenDirect):
2425
2426 2011-09-01  Mark Rowe  <mrowe@apple.com>
2427
2428         Fix the build.
2429
2430         * JavaScriptCore.JSVALUE32_64only.exp:
2431         * JavaScriptCore.JSVALUE64only.exp:
2432         * JavaScriptCore.exp:
2433
2434 2011-09-01  Mark Hahnenberg  <mhahnenberg@apple.com>
2435
2436         Unzip initialization lists and constructors in JSCell hierarchy (4/7)
2437         https://bugs.webkit.org/show_bug.cgi?id=67174
2438
2439         Reviewed by Oliver Hunt.
2440
2441         Completed the fourth level of the refactoring to add finishCreation() 
2442         methods to all classes within the JSCell hierarchy with non-trivial 
2443         constructor bodies.
2444
2445         This primarily consists of pushing the calls to finishCreation() down 
2446         into the constructors of the subclasses of the second level of the hierarchy 
2447         as well as pulling the finishCreation() calls out into the class's corresponding
2448         create() method if it has one.  Doing both simultaneously allows us to 
2449         maintain the invariant that the finishCreation() method chain is called exactly 
2450         once during the creation of an object, since calling it any other number of 
2451         times (0, 2, or more) will cause an assertion failure.
2452
2453         * API/JSCallbackConstructor.cpp:
2454         (JSC::JSCallbackConstructor::JSCallbackConstructor):
2455         (JSC::JSCallbackConstructor::finishCreation):
2456         * API/JSCallbackConstructor.h:
2457         * API/JSCallbackObject.h:
2458         (JSC::JSCallbackObject::create):
2459         * API/JSCallbackObjectFunctions.h:
2460         (JSC::::JSCallbackObject):
2461         (JSC::::finishCreation):
2462         * JavaScriptCore.JSVALUE64only.exp:
2463         * JavaScriptCore.exp:
2464         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2465         * debugger/DebuggerActivation.cpp:
2466         (JSC::DebuggerActivation::DebuggerActivation):
2467         (JSC::DebuggerActivation::create):
2468         * debugger/DebuggerActivation.h:
2469         * runtime/Arguments.h:
2470         (JSC::Arguments::create):
2471         (JSC::Arguments::createNoParameters):
2472         (JSC::Arguments::Arguments):
2473         * runtime/ArrayPrototype.cpp:
2474         (JSC::ArrayPrototype::ArrayPrototype):
2475         (JSC::ArrayPrototype::finishCreation):
2476         * runtime/ArrayPrototype.h:
2477         * runtime/BooleanObject.cpp:
2478         (JSC::BooleanObject::BooleanObject):
2479         (JSC::BooleanObject::finishCreation):
2480         * runtime/BooleanObject.h:
2481         * runtime/DateInstance.cpp:
2482         (JSC::DateInstance::DateInstance):
2483         (JSC::DateInstance::finishCreation):
2484         * runtime/DateInstance.h:
2485         * runtime/ErrorInstance.cpp:
2486         (JSC::ErrorInstance::ErrorInstance):
2487         * runtime/ErrorInstance.h:
2488         (JSC::ErrorInstance::create):
2489         * runtime/ErrorPrototype.cpp:
2490         (JSC::ErrorPrototype::ErrorPrototype):
2491         (JSC::ErrorPrototype::finishCreation):
2492         * runtime/ErrorPrototype.h:
2493         * runtime/ExceptionHelpers.cpp:
2494         (JSC::InterruptedExecutionError::InterruptedExecutionError):
2495         (JSC::InterruptedExecutionError::create):
2496         (JSC::TerminatedExecutionError::TerminatedExecutionError):
2497         (JSC::TerminatedExecutionError::create):
2498         * runtime/Executable.cpp:
2499         (JSC::EvalExecutable::EvalExecutable):
2500         (JSC::ProgramExecutable::ProgramExecutable):
2501         (JSC::FunctionExecutable::FunctionExecutable):
2502         * runtime/Executable.h:
2503         (JSC::NativeExecutable::create):
2504         (JSC::NativeExecutable::NativeExecutable):
2505         (JSC::EvalExecutable::create):
2506         (JSC::ProgramExecutable::create):
2507         (JSC::FunctionExecutable::create):
2508         * runtime/InternalFunction.cpp:
2509         (JSC::InternalFunction::InternalFunction):
2510         (JSC::InternalFunction::finishCreation):
2511         * runtime/InternalFunction.h:
2512         * runtime/JSActivation.cpp:
2513         (JSC::JSActivation::JSActivation):
2514         (JSC::JSActivation::finishCreation):
2515         * runtime/JSActivation.h:
2516         * runtime/JSArray.cpp:
2517         (JSC::JSArray::JSArray):
2518         * runtime/JSArray.h:
2519         (JSC::JSArray::create):
2520         * runtime/JSByteArray.cpp:
2521         (JSC::JSByteArray::JSByteArray):
2522         * runtime/JSByteArray.h:
2523         (JSC::JSByteArray::create):
2524         * runtime/JSFunction.cpp:
2525         (JSC::JSFunction::JSFunction):
2526         (JSC::JSFunction::finishCreation):
2527         * runtime/JSFunction.h:
2528         (JSC::JSFunction::create):
2529         * runtime/JSGlobalObject.h:
2530         (JSC::JSGlobalObject::JSGlobalObject):
2531         (JSC::JSGlobalObject::finishCreation):
2532         * runtime/JSNotAnObject.h:
2533         (JSC::JSNotAnObject::JSNotAnObject):
2534         (JSC::JSNotAnObject::create):
2535         * runtime/JSONObject.cpp:
2536         (JSC::JSONObject::JSONObject):
2537         (JSC::JSONObject::finishCreation):
2538         * runtime/JSONObject.h:
2539         * runtime/JSObjectWithGlobalObject.cpp:
2540         (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
2541         * runtime/JSObjectWithGlobalObject.h:
2542         * runtime/JSStaticScopeObject.h:
2543         (JSC::JSStaticScopeObject::create):
2544         (JSC::JSStaticScopeObject::finishCreation):
2545         (JSC::JSStaticScopeObject::JSStaticScopeObject):
2546         * runtime/JSVariableObject.h:
2547         (JSC::JSVariableObject::JSVariableObject):
2548         * runtime/JSWrapperObject.h:
2549         (JSC::JSWrapperObject::JSWrapperObject):
2550         * runtime/MathObject.cpp:
2551         (JSC::MathObject::MathObject):
2552         (JSC::MathObject::finishCreation):
2553         * runtime/MathObject.h:
2554         * runtime/NumberObject.cpp:
2555         (JSC::NumberObject::NumberObject):
2556         (JSC::NumberObject::finishCreation):
2557         * runtime/NumberObject.h:
2558         * runtime/ObjectPrototype.cpp:
2559         (JSC::ObjectPrototype::ObjectPrototype):
2560         * runtime/ObjectPrototype.h:
2561         (JSC::ObjectPrototype::create):
2562         * runtime/RegExpConstructor.cpp:
2563         (JSC::RegExpMatchesArray::RegExpMatchesArray):
2564         (JSC::RegExpMatchesArray::finishCreation):
2565         * runtime/RegExpMatchesArray.h:
2566         * runtime/RegExpObject.cpp:
2567         (JSC::RegExpObject::RegExpObject):
2568         (JSC::RegExpObject::finishCreation):
2569         * runtime/RegExpObject.h:
2570         * runtime/StrictEvalActivation.cpp:
2571         (JSC::StrictEvalActivation::StrictEvalActivation):
2572         * runtime/StrictEvalActivation.h:
2573         (JSC::StrictEvalActivation::create):
2574         * runtime/StringObject.cpp:
2575         (JSC::StringObject::StringObject):
2576         (JSC::StringObject::finishCreation):
2577         * runtime/StringObject.h:
2578
2579 2011-09-01  Daniel Bates  <dbates@rim.com>
2580
2581         QNX GCC distribution doesn't support vasprintf()
2582         https://bugs.webkit.org/show_bug.cgi?id=67423
2583
2584         Reviewed by Antonio Gomes.
2585
2586         * wtf/Platform.h: Don't enable HAVE_VASPRINTF when building with GCC on QNX.
2587
2588 2011-09-01  Michael Saboff  <msaboff@apple.com>
2589
2590         Remove simple usage of UString::characters() from JavaScriptCore
2591         https://bugs.webkit.org/show_bug.cgi?id=67340
2592
2593         In preparation to allowing StringImpl to be backed by 8 bit 
2594         characters when appropriate, we need to eliminate or change the
2595         usage of StringImpl::characters().  Most of the changes below
2596         change s->characters()[0] to s[0].
2597
2598         Reviewed by Geoffrey Garen.
2599
2600         * bytecompiler/BytecodeGenerator.cpp:
2601         (JSC::keyForCharacterSwitch):
2602         * bytecompiler/NodesCodegen.cpp:
2603         (JSC::processClauseList):
2604         * interpreter/Interpreter.cpp:
2605         (JSC::Interpreter::privateExecute):
2606         * jit/JITStubs.cpp:
2607         (JSC::DEFINE_STUB_FUNCTION):
2608         * runtime/Identifier.cpp:
2609         (JSC::Identifier::addSlowCase):
2610         * runtime/JSGlobalObjectFunctions.cpp:
2611         (JSC::jsToNumber):
2612         (JSC::parseFloat):
2613         * runtime/JSString.cpp:
2614         (JSC::JSString::substringFromRope):
2615         * runtime/JSString.h:
2616         (JSC::jsSingleCharacterSubstring):
2617         (JSC::jsString):
2618         (JSC::jsSubstring):
2619         (JSC::jsOwnedString):
2620         * runtime/RegExp.cpp:
2621         (JSC::regExpFlags):
2622         * wtf/text/StringBuilder.h:
2623         (WTF::StringBuilder::operator[]):
2624
2625 2011-09-01  Ada Chan  <adachan@apple.com>
2626
2627         Export fastMallocStatistics and Heap::objectTypeCounts for https://bugs.webkit.org/show_bug.cgi?id=67160.
2628
2629         Reviewed by Darin Adler.
2630
2631         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2632
2633 2011-09-01  Hao Zheng  <zhenghao@chromium.org>
2634
2635         Define PTHREAD_KEYS_MAX to fix Android port build.
2636         https://bugs.webkit.org/show_bug.cgi?id=67362
2637
2638         Reviewed by Adam Barth.
2639
2640         PTHREAD_KEYS_MAX is not defined in bionic, so explicitly define it.
2641
2642         * wtf/ThreadIdentifierDataPthreads.cpp:
2643
2644 2011-08-31  Oliver Hunt  <oliver@apple.com>
2645
2646         Fix build.
2647
2648         * wtf/CheckedArithmetic.h:
2649         (WTF::Checked::Checked):
2650         (WTF::Checked::operator=):
2651
2652 2011-08-31  Oliver Hunt  <oliver@apple.com>
2653
2654         fast/regex/overflow.html asserts in debug builds
2655         https://bugs.webkit.org/show_bug.cgi?id=67326
2656
2657         Reviewed by Gavin Barraclough.
2658
2659         The deliberate overflows in these expressions don't interact nicely
2660         with Checked<32bit-type> so we just bump up to Checked<int64_t> for the
2661         intermediate calculations.
2662
2663         * yarr/YarrJIT.cpp:
2664         (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
2665         (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
2666
2667 2011-08-31  Jeff Miller  <jeffm@apple.com>
2668
2669         REGRESSION(92210): AVFoundation media engine is disabled on OS X
2670         https://bugs.webkit.org/show_bug.cgi?id=67316
2671
2672         Move the definition of WTF_USE_AVFOUNDATION on the Mac back to JavaScriptCore/wtf/Platform.h,
2673         since WebKit2 doesn't have access to WebCore/config.h on this platform. This reverts the
2674         changes that were made in r92210.
2675
2676         Reviewed by Darin Adler.
2677
2678         * wtf/Platform.h: Added definition of WTF_USE_AVFOUNDATION on the Mac.
2679
2680 2011-08-31  Peter Beverloo  <peter@chromium.org>
2681
2682         Add Android's platform specification and the right atomic functions.
2683         https://bugs.webkit.org/show_bug.cgi?id=66687
2684
2685         Reviewed by Adam Barth.
2686
2687         * wtf/Atomics.h:
2688         (WTF::atomicIncrement):
2689         (WTF::atomicDecrement):
2690         * wtf/Platform.h:
2691
2692 2011-08-30  Oliver Hunt  <oliver@apple.com>
2693
2694         Add support for checked arithmetic
2695         https://bugs.webkit.org/show_bug.cgi?id=67095
2696
2697         Reviewed by Sam Weinig.
2698
2699         Add a checked arithmetic class Checked<T> that provides overflow-safe
2700         arithmetic over all integral types.  Checked<T> supports addition, subtraction
2701         and multiplication, along with "bool" conversions and equality operators.
2702
2703         Checked<> can be used in either CRASH() on overflow or delayed failure modes,
2704         although the default is to CRASH().
2705
2706         To ensure the code is actually in use (rather than checking in dead code) I've
2707         made a couple of properties in YARR use Checked<int> and Checked<unsigned>
2708         instead of raw value arithmetic.  This has resulted in a moderate set of changes,
2709         to YARR - mostly adding .get() calls, but a couple of casts from unsigned long
2710         to unsigned for some uses of sizeof, as Checked<> currently does not support
2711         mixed signed-ness of types wider that 32 bits.
2712
2713         Happily the increased type safety of Checked<> means that it's not possible to
2714         accidentally assign away precision, nor accidentally call integer overload of
2715         a function instead of the bool version.
2716
2717         No measurable regression in performance, and SunSpider claims this patch to be
2718         a progression of 0.3%.
2719
2720         * GNUmakefile.list.am:
2721         * JavaScriptCore.gypi:
2722         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
2723         * JavaScriptCore.xcodeproj/project.pbxproj:
2724         * wtf/CheckedArithmetic.h: Added.
2725         (WTF::CrashOnOverflow::overflowed):
2726         (WTF::CrashOnOverflow::clearOverflow):
2727         (WTF::CrashOnOverflow::hasOverflowed):
2728         (WTF::RecordOverflow::RecordOverflow):
2729         (WTF::RecordOverflow::overflowed):
2730         (WTF::RecordOverflow::clearOverflow):
2731         (WTF::RecordOverflow::hasOverflowed):
2732         (WTF::isInBounds):
2733         (WTF::safeAdd):
2734         (WTF::safeSub):
2735         (WTF::safeMultiply):
2736         (WTF::safeEquals):
2737         (WTF::workAroundClangBug):
2738         (WTF::Checked::Checked):
2739         (WTF::Checked::operator=):
2740         (WTF::Checked::operator++):
2741         (WTF::Checked::operator--):
2742         (WTF::Checked::operator!):
2743         (WTF::Checked::operator UnspecifiedBoolType*):
2744         (WTF::Checked::get):
2745         (WTF::Checked::operator+=):
2746         (WTF::Checked::operator-=):
2747         (WTF::Checked::operator*=):
2748         (WTF::Checked::operator==):
2749         (WTF::Checked::operator!=):
2750         (WTF::operator+):
2751         (WTF::operator-):
2752         (WTF::operator*):
2753         * yarr/YarrInterpreter.cpp:
2754         (JSC::Yarr::ByteCompiler::atomPatternCharacter):
2755         (JSC::Yarr::ByteCompiler::atomCharacterClass):
2756         (JSC::Yarr::ByteCompiler::atomBackReference):
2757         (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
2758         (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
2759         (JSC::Yarr::ByteCompiler::atomParenthesesOnceEnd):
2760         (JSC::Yarr::ByteCompiler::atomParenthesesTerminalEnd):
2761         * yarr/YarrInterpreter.h:
2762         (JSC::Yarr::ByteTerm::ByteTerm):
2763         (JSC::Yarr::ByteTerm::CheckInput):
2764         (JSC::Yarr::ByteTerm::UncheckInput):
2765         * yarr/YarrJIT.cpp:
2766         (JSC::Yarr::YarrGenerator::generateAssertionEOL):
2767         (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
2768         (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
2769         (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
2770         (JSC::Yarr::YarrGenerator::generateCharacterClassOnce):
2771         (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
2772         (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
2773         (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
2774         * yarr/YarrPattern.cpp:
2775         (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
2776         * yarr/YarrPattern.h:
2777
2778 2011-08-31  Andrei Popescu  <andreip@google.com>
2779
2780         Investigate current uses of OS(ANDROID)
2781         https://bugs.webkit.org/show_bug.cgi?id=66761
2782
2783         Unreviewed, build fix for ARM platforms.
2784
2785         * wtf/Platform.h:
2786
2787 2011-08-31  Andrei Popescu  <andreip@google.com>
2788
2789         Investigate current uses of OS(ANDROID)
2790         https://bugs.webkit.org/show_bug.cgi?id=66761
2791
2792         Reviewed by Darin Adler.
2793
2794         Remove the last legacy Android code.
2795
2796         No new tests needed as the code wasn't tested in the first place.
2797
2798         * wtf/Atomics.h:
2799         * wtf/Platform.h:
2800         * wtf/ThreadingPthreads.cpp:
2801         (WTF::createThreadInternal):
2802
2803 2011-08-30  Aaron Colwell  <acolwell@chromium.org>
2804
2805         Add MediaSource API to HTMLMediaElement
2806         https://bugs.webkit.org/show_bug.cgi?id=64731
2807
2808         Reviewed by Eric Carlson.
2809
2810         * Configurations/FeatureDefines.xcconfig:
2811
2812 2011-08-30  Oliver Hunt  <oliver@apple.com>
2813
2814         TypedArrays don't ensure that denormalised values are normalised
2815         https://bugs.webkit.org/show_bug.cgi?id=67178
2816
2817         Reviewed by Gavin Barraclough.
2818
2819         Add a couple of assertions to jsNumber() to ensure that
2820         we block signaling NaNs
2821
2822         * runtime/JSValue.h:
2823         (JSC::jsDoubleNumber):
2824         (JSC::jsNumber):
2825
2826 2011-08-30  Ademar de Souza Reis Jr.  <ademar.reis@openbossa.org>
2827
2828         [Qt] Do not unconditionally use pkg-config in .pro files
2829         https://bugs.webkit.org/show_bug.cgi?id=67055
2830
2831         Reviewed by Andreas Kling.
2832
2833         Original patch from Rohan McGovern <rohan.mcgovern@nokia.com>
2834
2835         Using the first pkg-config in PATH is prone to errors when cross
2836         compiling inside the Qt repository (using Qt's build-system).
2837
2838         This patch protect calls for pkg-config with
2839         !contains(QT_CONFIG, no-pkg-config). no-pkg-config is added to
2840         QT_CONFIG by Qt's 'configure' when cross-compiling on systems
2841         without pkg-config.
2842
2843         The respective change in Qt's configure has been submited already.
2844
2845         No new tests as this is just a build change.
2846
2847         * wtf/wtf.pri: protect pkg-config calls
2848
2849 2011-08-29  Daniel Bates  <dbates@webkit.org>
2850
2851         Add HAVE(VASPRINTF) macro to test for vasprintf() support
2852         https://bugs.webkit.org/show_bug.cgi?id=67156
2853
2854         Reviewed by Darin Adler.
2855
2856         Encapsulate testing of vasprintf() support in a HAVE macro
2857         instead of hardcoding the list of supported/unsupported
2858         compilers at the call site.
2859
2860         * wtf/Platform.h:
2861
2862 2011-08-29  Mark Hahnenberg  <mhahnenberg@apple.com>
2863
2864         Unzip initialization lists and constructors in JSCell hierarchy (3/7)
2865         https://bugs.webkit.org/show_bug.cgi?id=67064
2866
2867         Reviewed by Darin Adler.
2868
2869         Completed the third level of the refactoring to add finishCreation() 
2870         methods to all classes within the JSCell hierarchy with non-trivial 
2871         constructor bodies.
2872
2873         This primarily consists of pushing the calls to finishCreation() down 
2874         into the constructors of the subclasses of the second level of the hierarchy 
2875         as well as pulling the finishCreation() calls out into the class's corresponding
2876         create() method if it has one.  Doing both simultaneously allows us to 
2877         maintain the invariant that the finishCreation() method chain is called exactly 
2878         once during the creation of an object, since calling it any other number of 
2879         times (0, 2, or more) will cause an assertion failure.
2880
2881         * debugger/DebuggerActivation.cpp:
2882         (JSC::DebuggerActivation::DebuggerActivation):
2883         (JSC::DebuggerActivation::finishCreation):
2884         * debugger/DebuggerActivation.h:
2885         (JSC::DebuggerActivation::create):
2886         * runtime/Arguments.h:
2887         (JSC::Arguments::create):
2888         (JSC::Arguments::createNoParameters):
2889         (JSC::Arguments::Arguments):
2890         (JSC::Arguments::finishCreation):
2891         * runtime/ErrorInstance.cpp:
2892         (JSC::ErrorInstance::ErrorInstance):
2893         * runtime/ErrorInstance.h:
2894         (JSC::ErrorInstance::finishCreation):
2895         * runtime/ExceptionHelpers.cpp:
2896         (JSC::InterruptedExecutionError::InterruptedExecutionError):
2897         (JSC::TerminatedExecutionError::TerminatedExecutionError):
2898         * runtime/Executable.cpp:
2899         (JSC::EvalExecutable::EvalExecutable):
2900         (JSC::ProgramExecutable::ProgramExecutable):
2901         (JSC::FunctionExecutable::FunctionExecutable):
2902         Moved the assignment of m_firstLine and m_lastLine into the 
2903         FunctionExecutable::finishCreation() method in Executable.h
2904         * runtime/Executable.h:
2905         (JSC::ScriptExecutable::ScriptExecutable):
2906         (JSC::EvalExecutable::create):
2907         (JSC::ProgramExecutable::create):
2908         (JSC::FunctionExecutable::create):
2909         (JSC::FunctionExecutable::finishCreation):
2910         * runtime/JSArray.cpp:
2911         (JSC::JSArray::JSArray):
2912         (JSC::JSArray::finishCreation):
2913         * runtime/JSArray.h:
2914         * runtime/JSByteArray.cpp:
2915         (JSC::JSByteArray::JSByteArray):
2916         * runtime/JSByteArray.h:
2917         (JSC::JSByteArray::finishCreation):
2918         * runtime/JSNotAnObject.h:
2919         (JSC::JSNotAnObject::JSNotAnObject):
2920         * runtime/JSObject.h:
2921         (JSC::JSNonFinalObject::JSNonFinalObject):
2922         * runtime/JSObjectWithGlobalObject.cpp:
2923         (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
2924         (JSC::JSObjectWithGlobalObject::finishCreation):
2925         * runtime/JSObjectWithGlobalObject.h:
2926         * runtime/JSVariableObject.h:
2927         (JSC::JSVariableObject::JSVariableObject):
2928         (JSC::JSVariableObject::finishCreation):
2929         * runtime/JSWrapperObject.h:
2930         (JSC::JSWrapperObject::JSWrapperObject):
2931         * runtime/ObjectPrototype.cpp:
2932         (JSC::ObjectPrototype::ObjectPrototype):
2933         (JSC::ObjectPrototype::finishCreation):
2934         * runtime/ObjectPrototype.h:
2935         * runtime/StrictEvalActivation.cpp:
2936         (JSC::StrictEvalActivation::StrictEvalActivation):
2937
2938 2011-08-29  Andreas Kling  <kling@webkit.org>
2939
2940         Unreviewed build fix after r93990.
2941
2942         * wtf/HashTable.h:
2943
2944 2011-08-29  Andreas Kling  <kling@webkit.org>
2945
2946         Viewing a post on reddit.com wastes a lot of memory on event listeners.
2947         https://bugs.webkit.org/show_bug.cgi?id=67133
2948
2949         Reviewed by Darin Adler.
2950
2951         Add a minimum table size to the HashTraits, instead of having it hard coded.
2952         The default value remains at 64, but can now be specialized.
2953
2954         * runtime/StructureTransitionTable.h:
2955         * wtf/HashTable.h:
2956         (WTF::HashTable::shouldShrink):
2957         (WTF::::expand):
2958         (WTF::::checkTableConsistencyExceptSize):
2959         * wtf/HashTraits.h:
2960
2961 2011-08-28  Jonathan Liu  <net147@gmail.com>
2962
2963         Fix build error when compiling with MinGW-w64 by disabling JIT
2964         on Windows 64-bit
2965         https://bugs.webkit.org/show_bug.cgi?id=61235
2966
2967         Reviewed by Gavin Barraclough.
2968
2969         The fixed mmap executable allocator for JIT on x86_64 requires
2970         sys/mman.h which is not available on Windows.
2971
2972         * wtf/Platform.h:
2973
2974 2011-08-27  Filip Pizlo  <fpizlo@apple.com>
2975
2976         JSC::Executable is inconsistent about using weak handle finalizers
2977         and destructors for releasing memory
2978         https://bugs.webkit.org/show_bug.cgi?id=67072
2979
2980         Reviewed by Darin Adler.
2981         
2982         Moved more of the destruction of Executable state into the finalizer,
2983         which also resulted in an opportunity to mostly combine this with
2984         discardCode().  This also means that the finalizer is now enabled even
2985         when the JIT is turned off.  This is performance neutral on SunSpider,
2986         V8, and Kraken.
2987
2988         * runtime/Executable.cpp:
2989         (JSC::ExecutableBase::clearCode):
2990         (JSC::ExecutableFinalizer::finalize):
2991         (JSC::EvalExecutable::clearCode):
2992         (JSC::ProgramExecutable::clearCode):
2993         (JSC::FunctionExecutable::discardCode):
2994         (JSC::FunctionExecutable::clearCode):
2995         * runtime/Executable.h:
2996         (JSC::ExecutableBase::finishCreation):
2997
2998 2011-08-26  Gavin Barraclough  <barraclough@apple.com>
2999
3000         DFG JIT - ArithMod may clobber operands.
3001         https://bugs.webkit.org/show_bug.cgi?id=67085
3002
3003         Reviewed by Sam Weinig.
3004
3005         unboxDouble must be called on a temporary.
3006
3007         * dfg/DFGJITCodeGenerator.cpp:
3008         (JSC::DFG::JITCodeGenerator::fillDouble):
3009         * dfg/DFGJITCodeGenerator.h:
3010         (JSC::DFG::JITCodeGenerator::boxDouble):
3011         * dfg/DFGNonSpeculativeJIT.cpp:
3012         (JSC::DFG::NonSpeculativeJIT::compile):
3013         * dfg/DFGSpeculativeJIT.cpp:
3014         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3015
3016 2011-08-26  Mark Hahnenberg  <mhahnenberg@apple.com>
3017
3018         Unzip initialization lists and constructors in JSCell hierarchy (2/7)
3019         https://bugs.webkit.org/show_bug.cgi?id=66957
3020
3021         Reviewed by Darin Adler.
3022
3023         Completed the second level of the refactoring to add finishCreation()
3024         methods to all classes within the JSCell hierarchy with non-trivial 
3025         constructor bodies.
3026
3027         * runtime/Executable.h:
3028         (JSC::ExecutableBase::ExecutableBase):
3029         (JSC::ExecutableBase::create):
3030         (JSC::NativeExecutable::create):
3031         (JSC::NativeExecutable::finishCreation):
3032         (JSC::NativeExecutable::NativeExecutable):
3033         (JSC::ScriptExecutable::ScriptExecutable):
3034         (JSC::ScriptExecutable::finishCreation):
3035         * runtime/GetterSetter.h:
3036         (JSC::GetterSetter::GetterSetter):
3037         (JSC::GetterSetter::create):
3038         * runtime/JSAPIValueWrapper.h:
3039         (JSC::JSAPIValueWrapper::create):
3040         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
3041         * runtime/JSObject.h:
3042         (JSC::JSNonFinalObject::JSNonFinalObject):
3043         (JSC::JSNonFinalObject::finishCreation):
3044         (JSC::JSFinalObject::create):
3045         (JSC::JSFinalObject::finishCreation):
3046         (JSC::JSFinalObject::JSFinalObject):
3047         (JSC::JSObject::JSObject):
3048         * runtime/JSPropertyNameIterator.cpp:
3049         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
3050         (JSC::JSPropertyNameIterator::create):
3051         * runtime/JSPropertyNameIterator.h:
3052         (JSC::JSPropertyNameIterator::create):
3053         * runtime/RegExp.cpp:
3054         (JSC::RegExp::RegExp):
3055         (JSC::RegExp::createWithoutCaching):
3056         * runtime/ScopeChain.h:
3057         (JSC::ScopeChainNode::ScopeChainNode):
3058         (JSC::ScopeChainNode::create):
3059         * runtime/Structure.cpp:
3060         (JSC::Structure::Structure):
3061         * runtime/Structure.h:
3062         (JSC::Structure::create):
3063         (JSC::Structure::finishCreation):
3064         (JSC::Structure::createStructure):
3065         * runtime/StructureChain.cpp:
3066         (JSC::StructureChain::StructureChain):
3067         * runtime/StructureChain.h:
3068         (JSC::StructureChain::create):
3069
3070 2011-08-26  Filip Pizlo  <fpizlo@apple.com>
3071
3072         The GC does not have a facility for profiling the kinds of objects
3073         that occupy the heap
3074         https://bugs.webkit.org/show_bug.cgi?id=66849
3075
3076         Reviewed by Geoffrey Garen.
3077         
3078         Destructor calls and object scans are now optionally counted, per
3079         vtable. When the heap is destroyed and profiling is enabled, the
3080         counts are dumped, with care taken to print the names of classes
3081         (modulo C++ mangling) sorted in descending commonality.
3082
3083         * GNUmakefile.list.am:
3084         * JavaScriptCore.exp:
3085         * JavaScriptCore.pro:
3086         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3087         * JavaScriptCore.xcodeproj/project.pbxproj:
3088         * heap/Heap.cpp:
3089         (JSC::Heap::destroy):
3090         * heap/Heap.h:
3091         * heap/MarkStack.cpp:
3092         (JSC::SlotVisitor::visitChildren):
3093         (JSC::SlotVisitor::drain):
3094         * heap/MarkStack.h:
3095         * heap/MarkedBlock.cpp:
3096         (JSC::MarkedBlock::callDestructor):
3097         * heap/MarkedBlock.h:
3098         * heap/VTableSpectrum.cpp: Added.
3099         (JSC::VTableSpectrum::VTableSpectrum):
3100         (JSC::VTableSpectrum::~VTableSpectrum):
3101         (JSC::VTableSpectrum::countVPtr):
3102         (JSC::VTableSpectrum::count):
3103         (JSC::VTableAndCount::VTableAndCount):
3104         (JSC::VTableAndCount::operator<):
3105         (JSC::VTableSpectrum::dump):
3106         * heap/VTableSpectrum.h: Added.
3107         * wtf/Platform.h:
3108
3109 2011-08-26  Juan C. Montemayor  <jmont@apple.com>
3110
3111         Update topCallFrame when calling host functions in the JIT
3112         https://bugs.webkit.org/show_bug.cgi?id=67010
3113
3114         Reviewed by Oliver Hunt.
3115         
3116         The topCallFrame is not being updated when a host function is
3117         called by the JIT. This causes problems when trying to create a
3118         stack trace (https://bugs.webkit.org/show_bug.cgi?id=66994).
3119
3120         * jit/JITOpcodes.cpp:
3121         (JSC::JIT::privateCompileCTIMachineTrampolines):
3122         (JSC::JIT::privateCompileCTINativeCall):
3123
3124 2011-08-26  Alexey Proskuryakov  <ap@apple.com>
3125
3126         Get rid of frame life support timer
3127         https://bugs.webkit.org/show_bug.cgi?id=66874
3128
3129         Reviewed by Geoff Garen.
3130
3131         * runtime/JSGlobalObject.h:
3132         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3133         globalExec() no longer needs to be virtual, its only override was in JSDOMWindowBase.
3134
3135 2011-08-26  Chao-ying Fu  <fu@mips.com>
3136
3137         Fix MIPS patchOffsetGetByIdSlowCaseCall
3138         https://bugs.webkit.org/show_bug.cgi?id=67046
3139
3140         Reviewed by Gavin Barraclough.
3141
3142         * jit/JIT.h:
3143
3144 2011-08-25  Mark Hahnenberg  <mhahnenberg@apple.com>
3145
3146         Fixing broken build due to unused variables in release mode
3147         https://bugs.webkit.org/show_bug.cgi?id=67004
3148
3149         Unreviewed, release build fix.
3150
3151         Fixing broken build due to unused variables in ASSERTs in release build.
3152
3153         * runtime/JSObject.h:
3154         (JSC::JSObject::finishCreation):
3155         * runtime/JSString.h:
3156         (JSC::RopeBuilder::finishCreation):
3157         * runtime/ScopeChain.h:
3158         (JSC::ScopeChainNode::finishCreation):
3159
3160 2011-08-25  Mark Hahnenberg  <mhahnenberg@apple.com>
3161
3162         Unzip initialization lists and constructors in JSCell hierarchy (1/7)
3163         https://bugs.webkit.org/show_bug.cgi?id=66827
3164
3165         Reviewed by Geoffrey Garen.
3166
3167         Added finishCreation() methods to all immediately subclasses of JSCell with
3168         non-empty constructors.  Part of a larger refactoring to "unzip" initialization
3169         lists and constructor bodies.  Also renamed JSCell's constructorBody() method
3170         to finishCreation().
3171
3172         * runtime/Executable.h:
3173         (JSC::ExecutableBase::ExecutableBase):
3174         (JSC::ExecutableBase::constructorBody):
3175         * runtime/GetterSetter.h:
3176         (JSC::GetterSetter::GetterSetter):
3177         * runtime/JSAPIValueWrapper.h:
3178         (JSC::JSAPIValueWrapper::constructorBody):
3179         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
3180         * runtime/JSCell.h:
3181         (JSC::JSCell::JSCell::JSCell):
3182         (JSC::JSCell::JSCell::constructorBody):
3183         * runtime/JSObject.h:
3184         (JSC::JSObject::constructorBody):
3185         (JSC::JSObject::JSObject):
3186         * runtime/JSPropertyNameIterator.h:
3187         (JSC::JSPropertyNameIterator::constructorBody):
3188         * runtime/JSString.h:
3189         (JSC::RopeBuilder::JSString):
3190         (JSC::RopeBuilder::constructorBody):
3191         * runtime/RegExp.cpp:
3192         (JSC::RegExp::RegExp):
3193         (JSC::RegExp::constructorBody):
3194         * runtime/RegExp.h:
3195         * runtime/ScopeChain.h:
3196         (JSC::ScopeChainNode::ScopeChainNode):
3197         (JSC::ScopeChainNode::constructorBody):
3198         * runtime/Structure.cpp:
3199         (JSC::Structure::Structure):
3200         * runtime/StructureChain.cpp:
3201         (JSC::StructureChain::StructureChain):
3202         * runtime/StructureChain.h:
3203         (JSC::StructureChain::create):
3204         (JSC::StructureChain::constructorBody):
3205
3206 2011-08-25  Gabor Loki  <loki@webkit.org>
3207
3208         REGRESSION(r93755): It made 14 jsc test and ~500 layout test fail on Qt-ARM bot
3209         https://bugs.webkit.org/show_bug.cgi?id=66956
3210
3211         Rebaseline constants for patching GetByIdSlowCaseCall on ARM.
3212
3213         Reviewed by Oliver Hunt.
3214
3215         * jit/JIT.h:
3216
3217 2011-08-24  Juan C. Montemayor  <jmont@apple.com>
3218
3219         Keep track of topCallFrame for Stack traces
3220         https://bugs.webkit.org/show_bug.cgi?id=66571
3221
3222         Reviewed by Geoffrey Garen.
3223
3224         This patch adds a TopCallFrame to JSC in order to have that information
3225         when an error is thrown to create a stack trace. The TopCallFrame is
3226         updated throughout select points in the Interpreter and the JSC.
3227
3228         * interpreter/Interpreter.cpp:
3229         (JSC::Interpreter::unwindCallFrame):
3230         (JSC::Interpreter::throwException):
3231         (JSC::Interpreter::execute):
3232         (JSC::Interpreter::executeCall):
3233         (JSC::Interpreter::executeConstruct):
3234         (JSC::Interpreter::privateExecute):
3235         * interpreter/Interpreter.h:
3236         (JSC::TopCallFrameSetter::TopCallFrameSetter):
3237         (JSC::TopCallFrameSetter::~TopCallFrameSetter):
3238         * jit/JIT.h:
3239         * jit/JITInlineMethods.h:
3240         (JSC::JIT::updateTopCallFrame):
3241         * jit/JITStubCall.h:
3242         (JSC::JITStubCall::call):
3243         * jit/JITStubs.cpp:
3244         (JSC::throwExceptionFromOpCall):
3245         (JSC::DEFINE_STUB_FUNCTION):
3246         (JSC::arityCheckFor):
3247         * runtime/JSGlobalData.cpp:
3248         (JSC::JSGlobalData::JSGlobalData):
3249         * runtime/JSGlobalData.h:
3250
3251 2011-08-24  Filip Pizlo  <fpizlo@apple.com>
3252
3253         ErrorInstance::create sometimes has two heap object constructions
3254         in flight at once
3255         https://bugs.webkit.org/show_bug.cgi?id=66845
3256
3257         Reviewed by Darin Adler.
3258         
3259         The fix is simple since there is already a second create() method
3260         that takes a UString.
3261
3262         * runtime/ErrorInstance.cpp:
3263         (JSC::ErrorInstance::create):
3264
3265 2011-08-24  Filip Pizlo  <fpizlo@apple.com>
3266
3267         There is no facility for profiling how the write barrier is used
3268         https://bugs.webkit.org/show_bug.cgi?id=66747
3269
3270         Reviewed by Geoffrey Garen.
3271         
3272         Added facilities for the JIT to specify the kind of write barrier
3273         being executed.  Added code for profiling the number of each kind
3274         of barrier encountered.
3275
3276         * GNUmakefile.list.am:
3277         * JavaScriptCore.exp:
3278         * JavaScriptCore.pro:
3279         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3280         * JavaScriptCore.xcodeproj/project.pbxproj:
3281         * dfg/DFGJITCodeGenerator.cpp:
3282         (JSC::DFG::JITCodeGenerator::writeBarrier):
3283         (JSC::DFG::JITCodeGenerator::cachedPutById):
3284         * dfg/DFGJITCodeGenerator.h:
3285         * dfg/DFGJITCompiler.cpp:
3286         (JSC::DFG::JITCompiler::emitCount):
3287         * dfg/DFGJITCompiler.h:
3288         (JSC::DFG::JITCompiler::emitCount):
3289         * dfg/DFGNonSpeculativeJIT.cpp:
3290         (JSC::DFG::NonSpeculativeJIT::compile):
3291         * dfg/DFGRepatch.cpp:
3292         (JSC::DFG::tryCachePutByID):
3293         * dfg/DFGSpeculativeJIT.cpp:
3294         (JSC::DFG::SpeculativeJIT::compile):
3295         * heap/Heap.h:
3296         (JSC::Heap::writeBarrier):
3297         * heap/WriteBarrierSupport.cpp: Added.
3298         (JSC::WriteBarrierCounters::initialize):
3299         * heap/WriteBarrierSupport.h: Added.
3300         (JSC::WriteBarrierCounters::WriteBarrierCounters):
3301         (JSC::WriteBarrierCounters::jitCounterFor):
3302         (JSC::WriteBarrierCounters::countWriteBarrier):
3303         * jit/JIT.h:
3304         * jit/JITPropertyAccess.cpp:
3305         (JSC::JIT::emit_op_put_by_id):
3306         (JSC::JIT::privateCompilePutByIdTransition):
3307         (JSC::JIT::emit_op_put_scoped_var):
3308         (JSC::JIT::emit_op_put_global_var):
3309         (JSC::JIT::emitWriteBarrier):
3310         * jit/JITPropertyAccess32_64.cpp:
3311         (JSC::JIT::emit_op_put_by_val):
3312         (JSC::JIT::emit_op_put_by_id):
3313         (JSC::JIT::privateCompilePutByIdTransition):
3314         (JSC::JIT::emit_op_put_scoped_var):
3315         (JSC::JIT::emit_op_put_global_var):
3316         (JSC::JIT::emitWriteBarrier):
3317         * runtime/InitializeThreading.cpp:
3318         (JSC::initializeThreadingOnce):
3319         * runtime/WriteBarrier.h:
3320         (JSC::WriteBarrierBase::setWithoutWriteBarrier):
3321
3322 2011-08-23  Mark Hahnenberg  <mhahnenberg@apple.com>
3323
3324         Add checks to ensure allocation does not take place during initialization of GC-managed objects
3325         https://bugs.webkit.org/show_bug.cgi?id=65288
3326
3327         Reviewed by Darin Adler.
3328
3329         Adding the new validation functionality.  In its current state, it will performs checks, 
3330         but they don't fail unless you do allocation in the arguments to the parent constructor in the 
3331         initialization list of a class.  The allocateCell() method turns on the global flag disallowing any new 
3332         allocations, and the constructorBody() method in JSCell turns it off.  This way, allocation is still 
3333         allowed in constructor bodies while other refactoring efforts continue.
3334
3335         * runtime/JSCell.h:
3336         (JSC::JSCell::JSCell::constructorBody):
3337         (JSC::JSCell::JSCell::JSCell):
3338         (JSC::JSCell::allocateCell):
3339         * runtime/JSGlobalData.cpp:
3340         (JSC::JSGlobalData::JSGlobalData):
3341         * runtime/JSGlobalData.h:
3342         (JSC::JSGlobalData::isInitializingObject):
3343         (JSC::JSGlobalData::setInitializingObject):
3344         * runtime/StringObjectThatMasqueradesAsUndefined.h:
3345         (JSC::StringObjectThatMasqueradesAsUndefined::create):
3346
3347 2011-08-23  Gavin Barraclough  <barraclough@apple.com>
3348
3349         https://bugs.webkit.org/show_bug.cgi?id=55347
3350         "name" and "message" enumerable on *Error.prototype
3351
3352         Reviewed by Sam Weinig.
3353
3354         The default value of a NativeErrorPrototype's message
3355         property is "", not the name of the error.
3356
3357         * runtime/NativeErrorConstructor.cpp:
3358         (JSC::NativeErrorConstructor::NativeErrorConstructor):
3359         * runtime/NativeErrorConstructor.h:
3360         (JSC::NativeErrorConstructor::create):
3361         (JSC::NativeErrorConstructor::constructorBody):
3362         * runtime/NativeErrorPrototype.cpp:
3363         (JSC::NativeErrorPrototype::NativeErrorPrototype):
3364         (JSC::NativeErrorPrototype::constructorBody):
3365         * runtime/NativeErrorPrototype.h:
3366         (JSC::NativeErrorPrototype::create):
3367         * runtime/StringPrototype.cpp:
3368         (JSC::StringPrototype::StringPrototype):
3369         * runtime/StringPrototype.h:
3370         (JSC::StringPrototype::create):
3371
3372 2011-08-23  Steve Block  <steveblock@google.com>
3373
3374         Remove last occurrences of PLATFORM(ANDROID)
3375         https://bugs.webkit.org/show_bug.cgi?id=66763
3376
3377         Reviewed by Tony Gentilcore.
3378
3379         * wtf/Platform.h:
3380
3381 2011-08-23  Steve Block  <steveblock@google.com>
3382
3383         Remove all mention of removed Android files from build scripts
3384         https://bugs.webkit.org/show_bug.cgi?id=66755
3385
3386         Reviewed by Tony Gentilcore.
3387
3388         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3389         * JavaScriptCore.gypi:
3390         * gyp/JavaScriptCore.gyp:
3391
3392 2011-08-23  Adam Barth  <abarth@webkit.org>
3393
3394         Remove WebCore/editing/android and other Android-specific directories
3395         https://bugs.webkit.org/show_bug.cgi?id=66739
3396
3397         Reviewed by Steve Block.
3398
3399         Now that Android shares more code with Chromium, we don't need these
3400         Android-specific files.
3401
3402         * wtf/android: Removed.
3403         * wtf/android/AndroidThreading.h: Removed.
3404         * wtf/android/MainThreadAndroid.cpp: Removed.
3405
3406 2011-08-23  Ilya Tikhonovsky  <loislo@chromium.org>
3407
3408         Unreviewed build fix for compile error on Windows for r93560.
3409
3410         * runtime/SamplingCounter.h:
3411
3412 2011-08-22  Filip Pizlo  <fpizlo@apple.com>
3413
3414         Sampling counter support is in the bytecode directory
3415         https://bugs.webkit.org/show_bug.cgi?id=66724
3416
3417         Reviewed by Darin Adler.
3418         
3419         Moved SamplingCounter to a separate header in runtime/.
3420
3421         * GNUmakefile.list.am:
3422         * JavaScriptCore.pro:
3423         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3424         * JavaScriptCore.xcodeproj/project.pbxproj:
3425         * bytecode/SamplingTool.cpp:
3426         * bytecode/SamplingTool.h:
3427         * runtime/SamplingCounter.cpp: Added.
3428         (JSC::AbstractSamplingCounter::dump):
3429         * runtime/SamplingCounter.h: Added.
3430         (JSC::AbstractSamplingCounter::count):
3431         (JSC::AbstractSamplingCounter::addressOfCounter):
3432         (JSC::AbstractSamplingCounter::init):
3433         (JSC::SamplingCounter::SamplingCounter):
3434         (JSC::GlobalSamplingCounter::name):
3435         (JSC::DeletableSamplingCounter::DeletableSamplingCounter):
3436         (JSC::DeletableSamplingCounter::~DeletableSamplingCounter):
3437
3438 2011-08-21  Martin Robinson  <mrobinson@igalia.com>
3439
3440         Fix 'make dist' for WebKitGTK+.
3441
3442         * GNUmakefile.list.am: Add a missing header to the sources list.
3443
3444 2011-08-20  Filip Pizlo  <fpizlo@apple.com>
3445
3446         JavaScriptCore bytecompiler does not compute scope depth correctly