Fix unaligned userspace access for SH4 platforms.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-07-09  Thouraya Andolsi  <thouraya.andolsi@st.com>
2
3         Fix unaligned userspace access for SH4 platforms. 
4         https://bugs.webkit.org/show_bug.cgi?id=62993
5
6         * wtf/Platform.h:
7
8 2011-07-09  Chao-ying Fu  <fu@mips.com>
9
10         Fix MIPS build due to readInt32 and readPointer
11         https://bugs.webkit.org/show_bug.cgi?id=63962
12
13         * assembler/MIPSAssembler.h:
14         (JSC::MIPSAssembler::readInt32):
15         (JSC::MIPSAssembler::readPointer):
16         * assembler/MacroAssemblerMIPS.h:
17         (JSC::MacroAssemblerMIPS::rshift32):
18
19 2011-07-08  Gavin Barraclough  <barraclough@apple.com>
20
21         https://bugs.webkit.org/show_bug.cgi?id=64181
22         REGRESSION (r90602): Gmail doesn't load
23
24         Rolling out r90601, r90602.
25
26         * dfg/DFGAliasTracker.h:
27         * dfg/DFGByteCodeParser.cpp:
28         (JSC::DFG::ByteCodeParser::addVarArgChild):
29         (JSC::DFG::ByteCodeParser::parseBlock):
30         * dfg/DFGJITCodeGenerator.cpp:
31         (JSC::DFG::JITCodeGenerator::emitCall):
32         * dfg/DFGNode.h:
33         * dfg/DFGNonSpeculativeJIT.cpp:
34         (JSC::DFG::NonSpeculativeJIT::compile):
35         * dfg/DFGOperations.cpp:
36         * dfg/DFGOperations.h:
37         * dfg/DFGRepatch.cpp:
38         (JSC::DFG::tryCacheGetByID):
39         (JSC::DFG::dfgLinkCall):
40         * dfg/DFGRepatch.h:
41         * dfg/DFGSpeculativeJIT.cpp:
42         (JSC::DFG::SpeculativeJIT::compile):
43         * runtime/JSObject.h:
44         (JSC::JSObject::isUsingInlineStorage):
45
46 2011-07-08  Kalev Lember  <kalev@smartlink.ee>
47
48         Reviewed by Adam Roben.
49
50         Add missing _WIN32_WINNT and WINVER definitions
51         https://bugs.webkit.org/show_bug.cgi?id=59702
52
53         Moved _WIN32_WINNT and WINVER definitions to config.h so that they are
54         available for all source files.
55
56         In particular, wtf/FastMalloc.cpp uses CreateTimerQueueTimer and
57         DeleteTimerQueueTimer which are both guarded by
58         #if (_WIN32_WINNT >= 0x0500)
59         in MinGW headers.
60
61         * config.h:
62         * wtf/Assertions.cpp:
63
64 2011-07-08  Chang Shu  <cshu@webkit.org>
65
66         Rename "makeSecure" to "fill" and remove the support for displaying last character
67         to avoid layering violatation.
68         https://bugs.webkit.org/show_bug.cgi?id=59114
69
70         Reviewed by Alexey Proskuryakov.
71
72         * JavaScriptCore.exp:
73         * JavaScriptCore.order:
74         * wtf/text/StringImpl.cpp:
75         (WTF::StringImpl::fill):
76         * wtf/text/StringImpl.h:
77         * wtf/text/WTFString.h:
78         (WTF::String::fill):
79
80 2011-07-08  Benjamin Poulain  <benjamin@webkit.org>
81
82         [WK2] Do not forward touch events to the web process when it does not need them
83         https://bugs.webkit.org/show_bug.cgi?id=64164
84
85         Reviewed by Kenneth Rohde Christiansen.
86
87         Add a convenience function to obtain a reference to the last element of a Deque.
88
89         * wtf/Deque.h:
90         (WTF::Deque::last):
91
92 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
93
94         DFG JIT does not implement op_construct.
95         https://bugs.webkit.org/show_bug.cgi?id=64066
96
97         Reviewed by Gavin Barraclough.
98
99         * dfg/DFGAliasTracker.h:
100         (JSC::DFG::AliasTracker::recordConstruct):
101         * dfg/DFGByteCodeParser.cpp:
102         (JSC::DFG::ByteCodeParser::addCall):
103         (JSC::DFG::ByteCodeParser::parseBlock):
104         * dfg/DFGJITCodeGenerator.cpp:
105         (JSC::DFG::JITCodeGenerator::emitCall):
106         * dfg/DFGNode.h:
107         * dfg/DFGNonSpeculativeJIT.cpp:
108         (JSC::DFG::NonSpeculativeJIT::compile):
109         * dfg/DFGOperations.cpp:
110         * dfg/DFGOperations.h:
111         * dfg/DFGRepatch.cpp:
112         (JSC::DFG::dfgLinkFor):
113         * dfg/DFGRepatch.h:
114         * dfg/DFGSpeculativeJIT.cpp:
115         (JSC::DFG::SpeculativeJIT::compile):
116
117 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
118
119         DFG JIT does not implement get_by_id prototype caching.
120         https://bugs.webkit.org/show_bug.cgi?id=64077
121
122         Reviewed by Gavin Barraclough.
123
124         * dfg/DFGRepatch.cpp:
125         (JSC::DFG::emitRestoreScratch):
126         (JSC::DFG::linkRestoreScratch):
127         (JSC::DFG::tryCacheGetByID):
128         * runtime/JSObject.h:
129         (JSC::JSObject::addressOfPropertyAtOffset):
130
131 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
132
133         DFG JIT method_check implementation does not link to optimized get_by_id
134         slow path.
135         https://bugs.webkit.org/show_bug.cgi?id=64073
136
137         Reviewed by Gavin Barraclough.
138
139         * dfg/DFGRepatch.cpp:
140         (JSC::DFG::dfgRepatchGetMethodFast):
141
142 2011-07-07  Oliver Hunt  <oliver@apple.com>
143
144         Encode jump and link sizes into the appropriate enums
145         https://bugs.webkit.org/show_bug.cgi?id=64123
146
147         Reviewed by Sam Weinig.
148
149         Finally kill off the out of line jump and link size arrays, 
150         so we can avoid icky loads and constant fold the linking arithmetic.
151
152         * assembler/ARMv7Assembler.cpp:
153         * assembler/ARMv7Assembler.h:
154         (JSC::ARMv7Assembler::jumpSizeDelta):
155         (JSC::ARMv7Assembler::computeJumpType):
156
157 2011-07-06  Juan C. Montemayor  <jmont@apple.com>
158
159         ASSERT_NOT_REACHED running test 262
160         https://bugs.webkit.org/show_bug.cgi?id=63951
161         
162         Added a case to the switch statement where the code was failing. Fixed
163         some logic as well that gave faulty error messages.
164
165         Reviewed by Gavin Barraclough.
166
167         * parser/JSParser.cpp:
168         (JSC::JSParser::getTokenName):
169         (JSC::JSParser::updateErrorMessageSpecialCase):
170         (JSC::JSParser::updateErrorMessage):
171
172 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
173
174         DFG JIT implementation of op_call results in regressions on sunspider
175         controlflow-recursive.
176         https://bugs.webkit.org/show_bug.cgi?id=64039
177
178         Reviewed by Gavin Barraclough.
179
180         * dfg/DFGByteCodeParser.cpp:
181         (JSC::DFG::ByteCodeParser::isSmallInt32Constant):
182         (JSC::DFG::ByteCodeParser::parseBlock):
183         * dfg/DFGSpeculativeJIT.h:
184         (JSC::DFG::SpeculativeJIT::isInteger):
185
186 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
187
188         DFG JIT does not support method_check
189         https://bugs.webkit.org/show_bug.cgi?id=63972
190
191         Reviewed by Gavin Barraclough.
192
193         * assembler/CodeLocation.h:
194         (JSC::CodeLocationPossiblyNearCall::CodeLocationPossiblyNearCall):
195         * bytecode/CodeBlock.cpp:
196         (JSC::CodeBlock::visitAggregate):
197         * bytecode/CodeBlock.h:
198         (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
199         (JSC::MethodCallLinkInfo::seenOnce):
200         (JSC::MethodCallLinkInfo::setSeen):
201         * dfg/DFGAliasTracker.h:
202         (JSC::DFG::AliasTracker::recordGetMethod):
203         * dfg/DFGByteCodeParser.cpp:
204         (JSC::DFG::ByteCodeParser::parseBlock):
205         * dfg/DFGJITCodeGenerator.cpp:
206         (JSC::DFG::JITCodeGenerator::cachedGetById):
207         (JSC::DFG::JITCodeGenerator::cachedGetMethod):
208         * dfg/DFGJITCodeGenerator.h:
209         * dfg/DFGJITCompiler.cpp:
210         (JSC::DFG::JITCompiler::compileFunction):
211         * dfg/DFGJITCompiler.h:
212         (JSC::DFG::JITCompiler::addMethodGet):
213         (JSC::DFG::JITCompiler::MethodGetRecord::MethodGetRecord):
214         * dfg/DFGNode.h:
215         (JSC::DFG::Node::hasIdentifier):
216         * dfg/DFGNonSpeculativeJIT.cpp:
217         (JSC::DFG::NonSpeculativeJIT::compile):
218         * dfg/DFGOperations.cpp:
219         * dfg/DFGOperations.h:
220         * dfg/DFGRepatch.cpp:
221         (JSC::DFG::dfgRepatchGetMethodFast):
222         (JSC::DFG::tryCacheGetMethod):
223         (JSC::DFG::dfgRepatchGetMethod):
224         * dfg/DFGRepatch.h:
225         * dfg/DFGSpeculativeJIT.cpp:
226         (JSC::DFG::SpeculativeJIT::compile):
227         * jit/JITWriteBarrier.h:
228         (JSC::JITWriteBarrier::set):
229
230 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
231
232         DFG JIT op_call implementation will flush registers even when those registers are dead
233         https://bugs.webkit.org/show_bug.cgi?id=64023
234
235         Reviewed by Gavin Barraclough.
236
237         * dfg/DFGJITCodeGenerator.cpp:
238         (JSC::DFG::JITCodeGenerator::emitCall):
239         * dfg/DFGJITCodeGenerator.h:
240         (JSC::DFG::JITCodeGenerator::integerResult):
241         (JSC::DFG::JITCodeGenerator::noResult):
242         (JSC::DFG::JITCodeGenerator::cellResult):
243         (JSC::DFG::JITCodeGenerator::jsValueResult):
244         (JSC::DFG::JITCodeGenerator::doubleResult):
245         * dfg/DFGNonSpeculativeJIT.cpp:
246         (JSC::DFG::NonSpeculativeJIT::compile):
247         * dfg/DFGSpeculativeJIT.cpp:
248         (JSC::DFG::SpeculativeJIT::compile):
249
250 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
251
252         DFG speculative JIT may crash when speculating int on a non-int JSConstant.
253         https://bugs.webkit.org/show_bug.cgi?id=64017
254
255         Reviewed by Gavin Barraclough.
256
257         * dfg/DFGSpeculativeJIT.cpp:
258         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
259         (JSC::DFG::SpeculativeJIT::compile):
260
261 2011-07-06  Dmitriy Vyukov  <dvyukov@google.com>
262
263         Reviewed by David Levin.
264
265         Allow substitution of dynamic annotations and prevent identical code folding by the linker.
266         https://bugs.webkit.org/show_bug.cgi?id=62443
267
268         * wtf/DynamicAnnotations.cpp:
269         (WTFAnnotateBenignRaceSized):
270         (WTFAnnotateHappensBefore):
271         (WTFAnnotateHappensAfter):
272
273 2011-07-06  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
274
275         Calls on 32 bit machines are failed after r90423
276         https://bugs.webkit.org/show_bug.cgi?id=63980
277
278         Reviewed by Gavin Barraclough.
279
280         Copy the necessary lines from JITCall.cpp.
281
282         * jit/JITCall32_64.cpp:
283         (JSC::JIT::compileOpCall):
284
285 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
286
287         DFG JIT virtual call implementation is inefficient.
288         https://bugs.webkit.org/show_bug.cgi?id=63974
289
290         Reviewed by Gavin Barraclough.
291
292         * dfg/DFGOperations.cpp:
293         * runtime/Executable.h:
294         (JSC::ExecutableBase::generatedJITCodeForCallWithArityCheck):
295         (JSC::ExecutableBase::generatedJITCodeForConstructWithArityCheck):
296         (JSC::ExecutableBase::generatedJITCodeWithArityCheckFor):
297         (JSC::ExecutableBase::hasJITCodeForCall):
298         (JSC::ExecutableBase::hasJITCodeForConstruct):
299         (JSC::ExecutableBase::hasJITCodeFor):
300         * runtime/JSFunction.h:
301         (JSC::JSFunction::scopeUnchecked):
302
303 2011-07-05  Oliver Hunt  <oliver@apple.com>
304
305         Force inlining of simple functions that show up as not being inlined
306         https://bugs.webkit.org/show_bug.cgi?id=63964
307
308         Reviewed by Gavin Barraclough.
309
310         Looking at profile data indicates the gcc is failing to inline a
311         number of trivial functions.  This patch hits the ones that show
312         up in profiles with the ALWAYS_INLINE hammer.
313
314         We also replace the memcpy() call in linking with a manual loop.
315         Apparently memcpy() is almost never faster than an inlined loop.
316
317         * assembler/ARMv7Assembler.h:
318         (JSC::ARMv7Assembler::add):
319         (JSC::ARMv7Assembler::add_S):
320         (JSC::ARMv7Assembler::ARM_and):
321         (JSC::ARMv7Assembler::asr):
322         (JSC::ARMv7Assembler::b):
323         (JSC::ARMv7Assembler::blx):
324         (JSC::ARMv7Assembler::bx):
325         (JSC::ARMv7Assembler::clz):
326         (JSC::ARMv7Assembler::cmn):
327         (JSC::ARMv7Assembler::cmp):
328         (JSC::ARMv7Assembler::eor):
329         (JSC::ARMv7Assembler::it):
330         (JSC::ARMv7Assembler::ldr):
331         (JSC::ARMv7Assembler::ldrCompact):
332         (JSC::ARMv7Assembler::ldrh):
333         (JSC::ARMv7Assembler::ldrb):
334         (JSC::ARMv7Assembler::lsl):
335         (JSC::ARMv7Assembler::lsr):
336         (JSC::ARMv7Assembler::movT3):
337         (JSC::ARMv7Assembler::mov):
338         (JSC::ARMv7Assembler::movt):
339         (JSC::ARMv7Assembler::mvn):
340         (JSC::ARMv7Assembler::neg):
341         (JSC::ARMv7Assembler::orr):
342         (JSC::ARMv7Assembler::orr_S):
343         (JSC::ARMv7Assembler::ror):
344         (JSC::ARMv7Assembler::smull):
345         (JSC::ARMv7Assembler::str):
346         (JSC::ARMv7Assembler::sub):
347         (JSC::ARMv7Assembler::sub_S):
348         (JSC::ARMv7Assembler::tst):
349         (JSC::ARMv7Assembler::linkRecordSourceComparator):
350         (JSC::ARMv7Assembler::link):
351         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Reg3Imm8):
352         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Imm5Reg3Reg3):
353         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp7Reg3Reg3Reg3):
354         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8Imm8):
355         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8RegReg143):
356         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp9Imm7):
357         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp10Reg3Reg3):
358         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4FourFours):
359         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16FourFours):
360         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16Op16):
361         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp5i6Imm4Reg4EncodedImm):
362         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4Reg4Imm12):
363         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp):
364         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp):
365         * assembler/LinkBuffer.h:
366         (JSC::LinkBuffer::linkCode):
367         * assembler/MacroAssemblerARMv7.h:
368         (JSC::MacroAssemblerARMv7::nearCall):
369         (JSC::MacroAssemblerARMv7::call):
370         (JSC::MacroAssemblerARMv7::ret):
371         (JSC::MacroAssemblerARMv7::moveWithPatch):
372         (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
373         (JSC::MacroAssemblerARMv7::storePtrWithPatch):
374         (JSC::MacroAssemblerARMv7::tailRecursiveCall):
375         (JSC::MacroAssemblerARMv7::makeTailRecursiveCall):
376         (JSC::MacroAssemblerARMv7::jump):
377         (JSC::MacroAssemblerARMv7::makeBranch):
378
379 2011-07-05  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
380
381         Make "Add optimised paths for a few maths functions" work on Qt
382         https://bugs.webkit.org/show_bug.cgi?id=63893
383
384         Reviewed by Oliver Hunt.
385
386         Move the generated code to the .text section instead of .data section.
387         Fix alignment for the 32 bit thunk code.
388
389         * jit/ThunkGenerators.cpp:
390
391 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
392
393         DFG JIT does not implement op_call.
394         https://bugs.webkit.org/show_bug.cgi?id=63858
395
396         Reviewed by Gavin Barraclough.
397
398         * bytecode/CodeBlock.cpp:
399         (JSC::CodeBlock::unlinkCalls):
400         * bytecode/CodeBlock.h:
401         (JSC::CodeBlock::setNumberOfCallLinkInfos):
402         (JSC::CodeBlock::numberOfCallLinkInfos):
403         * bytecompiler/BytecodeGenerator.cpp:
404         (JSC::BytecodeGenerator::emitCall):
405         (JSC::BytecodeGenerator::emitConstruct):
406         * dfg/DFGAliasTracker.h:
407         (JSC::DFG::AliasTracker::lookupGetByVal):
408         (JSC::DFG::AliasTracker::recordCall):
409         (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
410         * dfg/DFGByteCodeParser.cpp:
411         (JSC::DFG::ByteCodeParser::ByteCodeParser):
412         (JSC::DFG::ByteCodeParser::getLocal):
413         (JSC::DFG::ByteCodeParser::getArgument):
414         (JSC::DFG::ByteCodeParser::toInt32):
415         (JSC::DFG::ByteCodeParser::addToGraph):
416         (JSC::DFG::ByteCodeParser::addVarArgChild):
417         (JSC::DFG::ByteCodeParser::predictInt32):
418         (JSC::DFG::ByteCodeParser::parseBlock):
419         (JSC::DFG::ByteCodeParser::processPhiStack):
420         (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
421         * dfg/DFGGraph.cpp:
422         (JSC::DFG::Graph::opName):
423         (JSC::DFG::Graph::dump):
424         (JSC::DFG::Graph::refChildren):
425         * dfg/DFGGraph.h:
426         * dfg/DFGJITCodeGenerator.cpp:
427         (JSC::DFG::JITCodeGenerator::useChildren):
428         (JSC::DFG::JITCodeGenerator::emitCall):
429         * dfg/DFGJITCodeGenerator.h:
430         (JSC::DFG::JITCodeGenerator::addressOfCallData):
431         * dfg/DFGJITCompiler.cpp:
432         (JSC::DFG::JITCompiler::compileFunction):
433         * dfg/DFGJITCompiler.h:
434         (JSC::DFG::CallRecord::CallRecord):
435         (JSC::DFG::JITCompiler::notifyCall):
436         (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
437         (JSC::DFG::JITCompiler::addJSCall):
438         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
439         (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
440         * dfg/DFGNode.h:
441         (JSC::DFG::Node::Node):
442         (JSC::DFG::Node::child1):
443         (JSC::DFG::Node::child2):
444         (JSC::DFG::Node::child3):
445         (JSC::DFG::Node::firstChild):
446         (JSC::DFG::Node::numChildren):
447         * dfg/DFGNonSpeculativeJIT.cpp:
448         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
449         (JSC::DFG::NonSpeculativeJIT::compare):
450         (JSC::DFG::NonSpeculativeJIT::compile):
451         * dfg/DFGOperations.cpp:
452         * dfg/DFGOperations.h:
453         * dfg/DFGRepatch.cpp:
454         (JSC::DFG::dfgLinkCall):
455         * dfg/DFGRepatch.h:
456         * dfg/DFGSpeculativeJIT.cpp:
457         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
458         (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
459         (JSC::DFG::SpeculativeJIT::compile):
460         * dfg/DFGSpeculativeJIT.h:
461         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
462         * interpreter/CallFrame.h:
463         (JSC::ExecState::calleeAsValue):
464         * jit/JIT.cpp:
465         (JSC::JIT::JIT):
466         (JSC::JIT::privateCompileMainPass):
467         (JSC::JIT::privateCompileSlowCases):
468         (JSC::JIT::privateCompile):
469         (JSC::JIT::linkCall):
470         (JSC::JIT::linkConstruct):
471         * jit/JITCall.cpp:
472         (JSC::JIT::compileOpCall):
473         * jit/JITCode.h:
474         (JSC::JITCode::JITCode):
475         (JSC::JITCode::jitType):
476         (JSC::JITCode::HostFunction):
477         * runtime/JSFunction.h:
478         * runtime/JSGlobalData.h:
479
480 2011-07-05  Oliver Hunt  <oliver@apple.com>
481
482         Initialize new MarkStack member
483
484         * heap/MarkStack.h:
485         (JSC::MarkStack::MarkStack):
486
487 2011-07-05  Oliver Hunt  <oliver@apple.com>
488
489         Don't throw out compiled code repeatedly
490         https://bugs.webkit.org/show_bug.cgi?id=63960
491
492         Reviewed by Gavin Barraclough.
493
494         Stop throwing away all compiled code every time
495         we're told to do a full GC.  Instead unlink all
496         callsites during such GC passes to maximise the
497         number of collectable functions, but otherwise
498         leave compiled functions alone.
499
500         * API/JSBase.cpp:
501         (JSGarbageCollect):
502         * bytecode/CodeBlock.cpp:
503         (JSC::CodeBlock::visitAggregate):
504         * heap/Heap.cpp:
505         (JSC::Heap::collectAllGarbage):
506         * heap/MarkStack.h:
507         (JSC::MarkStack::shouldUnlinkCalls):
508         (JSC::MarkStack::setShouldUnlinkCalls):
509         * runtime/JSGlobalData.cpp:
510         (JSC::JSGlobalData::recompileAllJSFunctions):
511         (JSC::JSGlobalData::releaseExecutableMemory):
512         * runtime/RegExp.cpp:
513         (JSC::RegExp::compile):
514         (JSC::RegExp::invalidateCode):
515         * runtime/RegExp.h:
516
517 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
518
519         JSC JIT has code duplication for the handling of call and construct
520         https://bugs.webkit.org/show_bug.cgi?id=63957
521
522         Reviewed by Gavin Barraclough.
523
524         * jit/JIT.cpp:
525         (JSC::JIT::linkFor):
526         * jit/JIT.h:
527         * jit/JITStubs.cpp:
528         (JSC::jitCompileFor):
529         (JSC::DEFINE_STUB_FUNCTION):
530         (JSC::arityCheckFor):
531         (JSC::lazyLinkFor):
532         * runtime/Executable.h:
533         (JSC::ExecutableBase::generatedJITCodeFor):
534         (JSC::FunctionExecutable::compileFor):
535         (JSC::FunctionExecutable::isGeneratedFor):
536         (JSC::FunctionExecutable::generatedBytecodeFor):
537         (JSC::FunctionExecutable::generatedJITCodeWithArityCheckFor):
538
539 2011-07-05  Gavin Barraclough  <barraclough@apple.com>
540
541         Build fix following last patch.
542
543         * runtime/JSFunction.cpp:
544         (JSC::createPrototypeProperty):
545
546 2011-07-05  Gavin Barraclough  <barraclough@apple.com>
547
548         https://bugs.webkit.org/show_bug.cgi?id=63947
549         ASSERT running Object.preventExtensions(Math.sin)
550
551         Reviewed by Oliver Hunt.
552
553         This is due to calling scope() on a hostFunction as a part of
554         calling createPrototypeProperty to reify the prototype property.
555         But host functions don't have a prototype property anyway!
556
557         Prevent callling createPrototypeProperty on a host function.
558
559         * runtime/JSFunction.cpp:
560         (JSC::JSFunction::createPrototypeProperty):
561         (JSC::JSFunction::preventExtensions):
562
563 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
564
565         https://bugs.webkit.org/show_bug.cgi?id=63880
566         Evaluation order of conversions of operands to >, >= incorrect.
567
568         Reviewed by Sam Weinig.
569
570         Add 'leftFirst' parameter to jsLess, jsLessEq matching that described in the ES5
571         spec. This allows these methods to be reused to perform >, >= relational compares
572         with correct ordering of type conversions.
573
574         * dfg/DFGOperations.cpp:
575         * interpreter/Interpreter.cpp:
576         (JSC::Interpreter::privateExecute):
577         * jit/JITStubs.cpp:
578         (JSC::DEFINE_STUB_FUNCTION):
579         * runtime/Operations.h:
580         (JSC::jsLess):
581         (JSC::jsLessEq):
582
583 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
584
585         Reviewed by Sam Weinig.
586
587         https://bugs.webkit.org/show_bug.cgi?id=16652
588         Firefox and JavaScriptCore differ in Number.toString(integer)
589
590         Our arbitrary radix (2..36) toString conversion is inaccurate.
591         This is partly because it uses doubles to perform math that requires
592         higher accuracy, and partly becasue it does not attempt to correctly
593         detect where to terminate, instead relying on a simple 'epsilon'.
594
595         * runtime/NumberPrototype.cpp:
596         (JSC::decomposeDouble):
597             - helper function to extract sign, exponent, mantissa from IEEE doubles.
598         (JSC::Uint16WithFraction::Uint16WithFraction):
599             - helper class, u16int with infinite precision fraction, used to convert
600               the fractional part of the number to a string.
601         (JSC::Uint16WithFraction::operator*=):
602             - Multiply by a uint16.
603         (JSC::Uint16WithFraction::operator<):
604             - Compare two Uint16WithFractions.
605         (JSC::Uint16WithFraction::floorAndSubtract):
606             - Extract the integer portion of the number, and subtract it (clears the integer portion).
607         (JSC::Uint16WithFraction::comparePoint5):
608             - Compare to 0.5.
609         (JSC::Uint16WithFraction::sumGreaterThanOne):
610             - Passed a second Uint16WithFraction, returns true if the result of adding
611               the two values would be greater than one.
612         (JSC::Uint16WithFraction::isNormalized):
613             - Used by ASSERTs to consistency check internal representation.
614         (JSC::BigInteger::BigInteger):
615             - helper class, unbounded integer value, used to convert the integer part
616               of the number to a string.
617         (JSC::BigInteger::divide):
618             - Divide this value through by a uint32.
619         (JSC::BigInteger::operator!):
620             - test for zero.
621         (JSC::toStringWithRadix):
622             - Performs number to string conversion, with the given radix (2..36).
623         (JSC::numberProtoFuncToString):
624             - Changed to use toStringWithRadix.
625
626 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
627
628         https://bugs.webkit.org/show_bug.cgi?id=63881
629         Need separate bytecodes for handling >, >= comparisons.
630
631         Reviewed by Oliver Hunt.
632
633         This clears the way to fix Bug#63880. We currently handle greater-than comparisons
634         as being using the corresponding op_less, etc opcodes.  This is incorrect with
635         respect to evaluation ordering of the implicit conversions performed on operands -
636         we should be calling ToPrimitive on the LHS and RHS operands to the greater than,
637         but instead convert RHS then LHS.
638
639         This patch adds opcodes for greater-than comparisons mirroring existing ones used
640         for less-than.
641
642         * bytecode/CodeBlock.cpp:
643         (JSC::CodeBlock::dump):
644         * bytecode/Opcode.h:
645         * bytecompiler/BytecodeGenerator.cpp:
646         (JSC::BytecodeGenerator::emitJumpIfTrue):
647         (JSC::BytecodeGenerator::emitJumpIfFalse):
648         * bytecompiler/NodesCodegen.cpp:
649         * dfg/DFGByteCodeParser.cpp:
650         (JSC::DFG::ByteCodeParser::parseBlock):
651         * dfg/DFGNode.h:
652         * dfg/DFGNonSpeculativeJIT.cpp:
653         (JSC::DFG::NonSpeculativeJIT::compare):
654         (JSC::DFG::NonSpeculativeJIT::compile):
655         * dfg/DFGNonSpeculativeJIT.h:
656         * dfg/DFGOperations.cpp:
657         * dfg/DFGOperations.h:
658         * dfg/DFGSpeculativeJIT.cpp:
659         (JSC::DFG::SpeculativeJIT::compare):
660         (JSC::DFG::SpeculativeJIT::compile):
661         * dfg/DFGSpeculativeJIT.h:
662         * interpreter/Interpreter.cpp:
663         (JSC::Interpreter::privateExecute):
664         * jit/JIT.cpp:
665         (JSC::JIT::privateCompileMainPass):
666         (JSC::JIT::privateCompileSlowCases):
667         * jit/JIT.h:
668         (JSC::JIT::emit_op_loop_if_greater):
669         (JSC::JIT::emitSlow_op_loop_if_greater):
670         (JSC::JIT::emit_op_loop_if_greatereq):
671         (JSC::JIT::emitSlow_op_loop_if_greatereq):
672         * jit/JITArithmetic.cpp:
673         (JSC::JIT::emit_op_jgreater):
674         (JSC::JIT::emit_op_jgreatereq):
675         (JSC::JIT::emit_op_jngreater):
676         (JSC::JIT::emit_op_jngreatereq):
677         (JSC::JIT::emitSlow_op_jgreater):
678         (JSC::JIT::emitSlow_op_jgreatereq):
679         (JSC::JIT::emitSlow_op_jngreater):
680         (JSC::JIT::emitSlow_op_jngreatereq):
681         (JSC::JIT::emit_compareAndJumpSlow):
682         * jit/JITArithmetic32_64.cpp:
683         (JSC::JIT::emitBinaryDoubleOp):
684         * jit/JITStubs.cpp:
685         (JSC::DEFINE_STUB_FUNCTION):
686         * jit/JITStubs.h:
687         * parser/NodeConstructors.h:
688         (JSC::GreaterNode::GreaterNode):
689         (JSC::GreaterEqNode::GreaterEqNode):
690         * parser/Nodes.h:
691
692 2011-07-03  Gavin Barraclough  <barraclough@apple.com>
693
694         https://bugs.webkit.org/show_bug.cgi?id=63879
695         Reduce code duplication for op_jless, op_jlesseq, op_jnless, op_jnlesseq.
696
697         Reviewed by Sam Weinig.
698         
699         There is a lot of copy & paste code here; we can reduce duplication by making
700         a shared implementation.
701
702         * assembler/MacroAssembler.h:
703         (JSC::MacroAssembler::branch32):
704         (JSC::MacroAssembler::commute):
705             - Make these function platform agnostic.
706         * assembler/MacroAssemblerX86Common.h:
707             - Moved branch32/commute up to MacroAssembler.
708         * jit/JIT.h:
709         (JSC::JIT::emit_op_loop_if_lesseq):
710         (JSC::JIT::emitSlow_op_loop_if_lesseq):
711             - Add an implementation matching that for op_loop_if_less, which just calls op_jless.
712         * jit/JITArithmetic.cpp:
713         (JSC::JIT::emit_op_jless):
714         (JSC::JIT::emit_op_jlesseq):
715         (JSC::JIT::emit_op_jnless):
716         (JSC::JIT::emit_op_jnlesseq):
717         (JSC::JIT::emitSlow_op_jless):
718         (JSC::JIT::emitSlow_op_jlesseq):
719         (JSC::JIT::emitSlow_op_jnless):
720         (JSC::JIT::emitSlow_op_jnlesseq):
721             - Common implmentations of these methods for JSVALUE64 & JSVALUE32_64.
722         (JSC::JIT::emit_compareAndJump):
723         (JSC::JIT::emit_compareAndJumpSlow):
724             - Internal implmementation of jless etc for JSVALUE64.
725         * jit/JITArithmetic32_64.cpp:
726         (JSC::JIT::emit_compareAndJump):
727         (JSC::JIT::emit_compareAndJumpSlow):
728             - Internal implmementation of jless etc for JSVALUE32_64.
729         * jit/JITOpcodes.cpp:
730         * jit/JITOpcodes32_64.cpp:
731         * jit/JITStubs.cpp:
732         * jit/JITStubs.h:
733             - Remove old implementation of emit_op_loop_if_lesseq.
734
735 2011-07-03  Sheriff Bot  <webkit.review.bot@gmail.com>
736
737         Unreviewed, rolling out r90347.
738         http://trac.webkit.org/changeset/90347
739         https://bugs.webkit.org/show_bug.cgi?id=63886
740
741         Build breaks on Leopard, Chromium-win, WinCairo, and WinCE.
742         (Requested by tkent on #webkit).
743
744         * JavaScriptCore.xcodeproj/project.pbxproj:
745         * runtime/BigInteger.h: Removed.
746         * runtime/NumberPrototype.cpp:
747         (JSC::numberProtoFuncToPrecision):
748         (JSC::numberProtoFuncToString):
749         * runtime/Uint16WithFraction.h: Removed.
750         * wtf/MathExtras.h:
751
752 2011-06-30  Gavin Barraclough  <barraclough@apple.com>
753
754         Reviewed by Sam Weinig.
755
756         https://bugs.webkit.org/show_bug.cgi?id=16652
757         Firefox and JavaScriptCore differ in Number.toString(integer)
758
759         Our arbitrary radix (2..36) toString conversion is inaccurate.
760         This is partly because it uses doubles to perform math that requires
761         higher accuracy, and partly becasue it does not attempt to correctly
762         detect where to terminate, instead relying on a simple 'epsilon'.
763
764         * runtime/NumberPrototype.cpp:
765         (JSC::decomposeDouble):
766             - helper function to extract sign, exponent, mantissa from IEEE doubles.
767         (JSC::Uint16WithFraction::Uint16WithFraction):
768             - helper class, u16int with infinite precision fraction, used to convert
769               the fractional part of the number to a string.
770         (JSC::Uint16WithFraction::operator*=):
771             - Multiply by a uint16.
772         (JSC::Uint16WithFraction::operator<):
773             - Compare two Uint16WithFractions.
774         (JSC::Uint16WithFraction::floorAndSubtract):
775             - Extract the integer portion of the number, and subtract it (clears the integer portion).
776         (JSC::Uint16WithFraction::comparePoint5):
777             - Compare to 0.5.
778         (JSC::Uint16WithFraction::sumGreaterThanOne):
779             - Passed a second Uint16WithFraction, returns true if the result of adding
780               the two values would be greater than one.
781         (JSC::Uint16WithFraction::isNormalized):
782             - Used by ASSERTs to consistency check internal representation.
783         (JSC::BigInteger::BigInteger):
784             - helper class, unbounded integer value, used to convert the integer part
785               of the number to a string.
786         (JSC::BigInteger::divide):
787             - Divide this value through by a uint32.
788         (JSC::BigInteger::operator!):
789             - test for zero.
790         (JSC::toStringWithRadix):
791             - Performs number to string conversion, with the given radix (2..36).
792         (JSC::numberProtoFuncToString):
793             - Changed to use toStringWithRadix.
794
795 2011-07-02  Gavin Barraclough  <barraclough@apple.com>
796
797         https://bugs.webkit.org/show_bug.cgi?id=63866
798         DFG JIT - implement instanceof
799
800         Reviewed by Sam Weinig.
801
802         Add ops CheckHasInstance & InstanceOf to implement bytecodes
803         op_check_has_instance & op_instanceof. This is an initial
804         functional implementation, performance is a wash. We can
805         follow up with changes to fuse the InstanceOf node with
806         a subsequant branch, as we do with other comparisons.
807
808         * dfg/DFGByteCodeParser.cpp:
809         (JSC::DFG::ByteCodeParser::parseBlock):
810         * dfg/DFGJITCompiler.cpp:
811         (JSC::DFG::JITCompiler::jitAssertIsCell):
812         * dfg/DFGJITCompiler.h:
813         (JSC::DFG::JITCompiler::jitAssertIsCell):
814         * dfg/DFGNode.h:
815         * dfg/DFGNonSpeculativeJIT.cpp:
816         (JSC::DFG::NonSpeculativeJIT::compile):
817         * dfg/DFGOperations.cpp:
818         * dfg/DFGOperations.h:
819         * dfg/DFGSpeculativeJIT.cpp:
820         (JSC::DFG::SpeculativeJIT::compile):
821
822 2011-07-01  Oliver Hunt  <oliver@apple.com>
823
824         IE Web Workers demo crashes in JSC::SlotVisitor::visitChildren()
825         https://bugs.webkit.org/show_bug.cgi?id=63732
826
827         Reviewed by Gavin Barraclough.
828
829         Initialise the memory at the head of the new storage so that
830         GC is safe if triggered by reportExtraMemoryCost.
831
832         * runtime/JSArray.cpp:
833         (JSC::JSArray::increaseVectorPrefixLength):
834
835 2011-07-01  Oliver Hunt  <oliver@apple.com>
836
837         GC sweep can occur before an object is completely initialised
838         https://bugs.webkit.org/show_bug.cgi?id=63836
839
840         Reviewed by Gavin Barraclough.
841
842         In rare cases it's possible for a GC sweep to occur while a
843         live, but not completely initialised object is on the stack.
844         In such a case we may incorrectly choose to mark it, even
845         though it has no children that need marking.
846
847         We resolve this by always zeroing out the structure of any
848         value returned from JSCell::operator new(), and making the
849         markstack tolerant of a null structure. 
850
851         * runtime/JSCell.h:
852         (JSC::JSCell::JSCell::~JSCell):
853         (JSC::JSCell::JSCell::operator new):
854         * runtime/Structure.h:
855         (JSC::MarkStack::internalAppend):
856
857 2011-07-01  Filip Pizlo  <fpizlo@apple.com>
858
859         Reviewed by Gavin Barraclough.
860
861         DFG non-speculative JIT always performs slow C calls for div and mod.
862         https://bugs.webkit.org/show_bug.cgi?id=63684
863
864         * dfg/DFGNonSpeculativeJIT.cpp:
865         (JSC::DFG::NonSpeculativeJIT::compile):
866
867 2011-07-01  Juan C. Montemayor  <jmont@apple.com>
868
869         Reviewed by Oliver Hunt.
870
871         Lexer error messages are currently appalling
872         https://bugs.webkit.org/show_bug.cgi?id=63340
873
874         Added error messages for the Lexer. These messages will be displayed
875         instead of the lexer error messages from the parser that are currently
876         shown.
877
878         * parser/Lexer.cpp:
879         (JSC::Lexer::getInvalidCharMessage):
880         (JSC::Lexer::setCode):
881         (JSC::Lexer::parseString):
882         (JSC::Lexer::lex):
883         (JSC::Lexer::clear):
884         * parser/Lexer.h:
885         (JSC::Lexer::getErrorMessage):
886         (JSC::Lexer::setOffset):
887         * parser/Parser.cpp:
888         (JSC::Parser::parse):
889
890 2011-07-01  Jungshik Shin  <jshin@chromium.org>
891
892         Reviewed by Alexey Proskuryakov.
893
894         Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
895         build files for ports not using ICU.
896         Add icu/unicode/uscript.h for ports using ICU. It's taken from 
897         ICU 3.6 (the version used on Mac OS 10.5)
898
899         http://bugs.webkit.org/show_bug.cgi?id=20797
900
901         * GNUmakefile.list.am:
902         * JavaScriptCore.gypi:
903         * icu/unicode/uscript.h: Added for UScriptCode enum.
904         * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
905         * wtf/unicode/icu/UnicodeIcu.h:
906         * wtf/unicode/brew/UnicodeBrew.h:
907         * wtf/unicode/glib/UnicodeGLib.h:
908         * wtf/unicode/qt4/UnicodeQt4.h:
909         * wtf/unicode/wince/UnicodeWinCE.h:
910
911 2011-07-01  Gavin Barraclough  <barraclough@apple.com>
912
913         Reviewed by Sam Weinig.
914
915         https://bugs.webkit.org/show_bug.cgi?id=63819
916         Escaping of forwardslashes in strings incorrect if multiple exist.
917
918         The bug is in the parameters passed to a substring - should be
919         start & length, but we're passing start & end indices!
920
921         * runtime/RegExpObject.cpp:
922         (JSC::regExpObjectSource):
923
924 2011-07-01  Adam Roben  <aroben@apple.com>
925
926         Roll out r90194
927         http://trac.webkit.org/changeset/90194
928         https://bugs.webkit.org/show_bug.cgi?id=63778
929
930         Fixes <http://webkit.org/b/63812> REGRESSION (r90194): Multiple tests intermittently failing
931         assertions in WriteBarrierBase<JSC::Structure>::get
932
933         * runtime/JSCell.h:
934         (JSC::JSCell::JSCell::~JSCell):
935
936 2011-06-30  Oliver Hunt  <oliver@apple.com>
937
938         Reviewed by Gavin Barraclough.
939
940         Add optimised paths for a few maths functions
941         https://bugs.webkit.org/show_bug.cgi?id=63757
942
943         Relanding as a Mac only patch.
944
945         This adds specialised thunks for Math.abs, Math.round, Math.ceil,
946         Math.floor, Math.log, and Math.exp as they are apparently more
947         important in real web content than we thought, which is somewhat
948         mind-boggling.  On average doubles the performance of the common
949         cases (eg. actually passing numbers in).  They're not as efficient
950         as they could be, but this way gives them the most portability.
951
952         * assembler/MacroAssemblerARM.h:
953         (JSC::MacroAssemblerARM::supportsDoubleBitops):
954         (JSC::MacroAssemblerARM::andnotDouble):
955         * assembler/MacroAssemblerARMv7.h:
956         (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
957         (JSC::MacroAssemblerARMv7::andnotDouble):
958         * assembler/MacroAssemblerMIPS.h:
959         (JSC::MacroAssemblerMIPS::andnotDouble):
960         (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
961         * assembler/MacroAssemblerSH4.h:
962         (JSC::MacroAssemblerSH4::supportsDoubleBitops):
963         (JSC::MacroAssemblerSH4::andnotDouble):
964         * assembler/MacroAssemblerX86.h:
965         (JSC::MacroAssemblerX86::supportsDoubleBitops):
966         * assembler/MacroAssemblerX86Common.h:
967         (JSC::MacroAssemblerX86Common::andnotDouble):
968         * assembler/MacroAssemblerX86_64.h:
969         (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
970         * assembler/X86Assembler.h:
971         (JSC::X86Assembler::andnpd_rr):
972         * create_hash_table:
973         * jit/SpecializedThunkJIT.h:
974         (JSC::SpecializedThunkJIT::finalize):
975         (JSC::SpecializedThunkJIT::callDoubleToDouble):
976         * jit/ThunkGenerators.cpp:
977         (JSC::floorThunkGenerator):
978         (JSC::ceilThunkGenerator):
979         (JSC::roundThunkGenerator):
980         (JSC::expThunkGenerator):
981         (JSC::logThunkGenerator):
982         (JSC::absThunkGenerator):
983         * jit/ThunkGenerators.h:
984
985 2011-07-01  David Kilzer  <ddkilzer@apple.com>
986
987         <http://webkit.org/b/63814> Fix clang build error in JITOpcodes32_64.cpp
988
989         Fixes the following build error in clang:
990
991             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:9-741:35}: error: operator '?:' has lower precedence than '+'; '+' will be evaluated first [-Werror,-Wparentheses,3]
992                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
993                      ~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
994             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36: note: place parentheses around the '+' expression to silence this warning [3]
995                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
996                                                 ^
997                      (                         )
998             fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:9-741:9}:"("
999             fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:35-741:35}:")"
1000             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:28-741:94}: note: place parentheses around the '?:' expression to evaluate it first [3]
1001                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
1002                                         ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1003             1 error generated.
1004
1005         * jit/JITOpcodes32_64.cpp:
1006         (JSC::JIT::emit_op_resolve_global): Add parenthesis to make the
1007         tertiary expression evaluate first.
1008
1009 2011-07-01  Sheriff Bot  <webkit.review.bot@gmail.com>
1010
1011         Unreviewed, rolling out r90177 and r90179.
1012         http://trac.webkit.org/changeset/90177
1013         http://trac.webkit.org/changeset/90179
1014         https://bugs.webkit.org/show_bug.cgi?id=63790
1015
1016         It caused crashes on Qt in debug mode (Requested by Ossy on
1017         #webkit).
1018
1019         * assembler/MacroAssemblerARM.h:
1020         (JSC::MacroAssemblerARM::rshift32):
1021         (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
1022         (JSC::MacroAssemblerARM::sqrtDouble):
1023         * assembler/MacroAssemblerARMv7.h:
1024         (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
1025         (JSC::MacroAssemblerARMv7::sqrtDouble):
1026         * assembler/MacroAssemblerMIPS.h:
1027         (JSC::MacroAssemblerMIPS::sqrtDouble):
1028         (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
1029         * assembler/MacroAssemblerSH4.h:
1030         (JSC::MacroAssemblerSH4::sqrtDouble):
1031         * assembler/MacroAssemblerX86.h:
1032         * assembler/MacroAssemblerX86Common.h:
1033         * assembler/MacroAssemblerX86_64.h:
1034         * assembler/X86Assembler.h:
1035         * create_hash_table:
1036         * jit/JSInterfaceJIT.h:
1037         (JSC::JSInterfaceJIT::emitLoadDouble):
1038         * jit/SpecializedThunkJIT.h:
1039         (JSC::SpecializedThunkJIT::finalize):
1040         * jit/ThunkGenerators.cpp:
1041         * jit/ThunkGenerators.h:
1042
1043 2011-06-30  Oliver Hunt  <oliver@apple.com>
1044
1045         Reviewed by Beth Dakin.
1046
1047         Make GC validation clear cell structure on destruction
1048         https://bugs.webkit.org/show_bug.cgi?id=63778
1049
1050         * runtime/JSCell.h:
1051         (JSC::JSCell::JSCell::~JSCell):
1052
1053 2011-06-30  Geoffrey Garen  <ggaren@apple.com>
1054
1055         Reviewed by Gavin Barraclough.
1056
1057         Added write barrier that was missing from put_by_id_transition
1058         https://bugs.webkit.org/show_bug.cgi?id=63775
1059
1060         * dfg/DFGJITCodeGenerator.cpp:
1061         (JSC::DFG::JITCodeGenerator::writeBarrier): Made this static with a
1062         MacroAssembler& argument so our patching functions could use it.
1063
1064         (JSC::DFG::JITCodeGenerator::cachedPutById):
1065         * dfg/DFGJITCodeGenerator.h:
1066         * dfg/DFGNonSpeculativeJIT.cpp:
1067         (JSC::DFG::NonSpeculativeJIT::compile): Updated for signature change.
1068
1069         * dfg/DFGRepatch.cpp:
1070         (JSC::DFG::tryCachePutByID): Missing barrier!
1071
1072         * dfg/DFGSpeculativeJIT.cpp:
1073         (JSC::DFG::SpeculativeJIT::compile): Updated for signature change.
1074
1075         * jit/JITPropertyAccess.cpp:
1076         (JSC::JIT::privateCompilePutByIdTransition):
1077         * jit/JITPropertyAccess32_64.cpp:
1078         (JSC::JIT::privateCompilePutByIdTransition):
1079         * jit/JSInterfaceJIT.h: Same game here. Removed storePtrWithWriteBarrier
1080         because its meaning isn't clear -- maybe in the future we'll have a
1081         clear way to pass all stores through a common function that guarantees
1082         a write barrier, but that's not the case right now.
1083
1084 2011-06-30  Filip Pizlo  <fpizlo@apple.com>
1085
1086         Reviewed by Gavin Barraclough.
1087
1088         DFG non-speculative JIT does not reuse registers when compiling comparisons.
1089         https://bugs.webkit.org/show_bug.cgi?id=63565
1090
1091         * dfg/DFGNonSpeculativeJIT.cpp:
1092         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1093         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1094         (JSC::DFG::NonSpeculativeJIT::compare):
1095
1096 2011-06-30  Geoffrey Garen  <ggaren@apple.com>
1097
1098         Reviewed by Gavin Barraclough.
1099
1100         Added empty write barrier stubs in all the right places in the DFG JIT
1101         https://bugs.webkit.org/show_bug.cgi?id=63764
1102         
1103         SunSpider thinks this might be a 0.5% speedup. Meh.
1104
1105         * dfg/DFGJITCodeGenerator.cpp:
1106         (JSC::DFG::JITCodeGenerator::writeBarrier): Le stub.
1107
1108         (JSC::DFG::JITCodeGenerator::cachedPutById): Don't do anything special
1109         for the case where base == scratch, since we now require base and scratch
1110         to be not equal, for the sake of the write barrier.
1111
1112         * dfg/DFGJITCodeGenerator.h: Le stub.
1113
1114         * dfg/DFGNonSpeculativeJIT.cpp:
1115         (JSC::DFG::NonSpeculativeJIT::compile): Don't reuse the base register
1116         as the scratch register, since that's incompatible with the write barrier,
1117         which needs a distinct base and scratch.
1118         
1119         Do put the global object into a register before loading its var storage,
1120         since it needs to be in a register for the write barrier to operate on it.
1121
1122         * dfg/DFGSpeculativeJIT.cpp:
1123         (JSC::DFG::SpeculativeJIT::compile):
1124         * jit/JITPropertyAccess.cpp:
1125         (JSC::JIT::emitWriteBarrier): Second verse, same as the first.
1126
1127         * jit/JITPropertyAccess.cpp:
1128         (JSC::JIT::emit_op_get_scoped_var):
1129         (JSC::JIT::emit_op_put_scoped_var):
1130         (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
1131         places.
1132
1133         (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
1134         is a little more than meaningless.
1135
1136         * jit/JITPropertyAccess32_64.cpp:
1137         (JSC::JIT::emit_op_get_scoped_var):
1138         (JSC::JIT::emit_op_put_scoped_var):
1139         (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
1140         places.
1141
1142         (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
1143         is a little more than meaningless.
1144
1145         * runtime/JSVariableObject.h:
1146         (JSC::JSVariableObject::offsetOfRegisters): Now used by the JIT, since
1147         we put the global object in a register and only then load its var storage
1148         by offset.
1149
1150         (JSC::JIT::emitWriteBarrier):
1151
1152 2011-06-30  Oliver Hunt  <oliver@apple.com>
1153
1154         Fix ARMv6 build
1155
1156         * assembler/MacroAssemblerARM.h:
1157         (JSC::MacroAssemblerARM::rshift32):
1158
1159 2011-06-30  Oliver Hunt  <oliver@apple.com>
1160
1161         Reviewed by Gavin Barraclough.
1162
1163         Add optimised paths for a few maths functions
1164         https://bugs.webkit.org/show_bug.cgi?id=63757
1165
1166         This adds specialised thunks for Math.abs, Math.round, Math.ceil,
1167         Math.floor, Math.log, and Math.exp as they are apparently more
1168         important in real web content than we thought, which is somewhat
1169         mind-boggling.  On average doubles the performance of the common
1170         cases (eg. actually passing numbers in).  They're not as efficient
1171         as they could be, but this way gives them the most portability.
1172
1173         * assembler/MacroAssemblerARM.h:
1174         (JSC::MacroAssemblerARM::supportsDoubleBitops):
1175         (JSC::MacroAssemblerARM::andnotDouble):
1176         * assembler/MacroAssemblerARMv7.h:
1177         (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
1178         (JSC::MacroAssemblerARMv7::andnotDouble):
1179         * assembler/MacroAssemblerMIPS.h:
1180         (JSC::MacroAssemblerMIPS::andnotDouble):
1181         (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
1182         * assembler/MacroAssemblerSH4.h:
1183         (JSC::MacroAssemblerSH4::supportsDoubleBitops):
1184         (JSC::MacroAssemblerSH4::andnotDouble):
1185         * assembler/MacroAssemblerX86.h:
1186         (JSC::MacroAssemblerX86::supportsDoubleBitops):
1187         * assembler/MacroAssemblerX86Common.h:
1188         (JSC::MacroAssemblerX86Common::andnotDouble):
1189         * assembler/MacroAssemblerX86_64.h:
1190         (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
1191         * assembler/X86Assembler.h:
1192         (JSC::X86Assembler::andnpd_rr):
1193         * create_hash_table:
1194         * jit/SpecializedThunkJIT.h:
1195         (JSC::SpecializedThunkJIT::finalize):
1196         (JSC::SpecializedThunkJIT::callDoubleToDouble):
1197         * jit/ThunkGenerators.cpp:
1198         (JSC::floorThunkGenerator):
1199         (JSC::ceilThunkGenerator):
1200         (JSC::roundThunkGenerator):
1201         (JSC::expThunkGenerator):
1202         (JSC::logThunkGenerator):
1203         (JSC::absThunkGenerator):
1204         * jit/ThunkGenerators.h:
1205
1206 2011-06-30  Cary Clark  <caryclark@google.com>
1207
1208         Reviewed by James Robinson.
1209
1210         Use Skia if Skia on Mac Chrome is enabled
1211         https://bugs.webkit.org/show_bug.cgi?id=62999
1212
1213         * wtf/Platform.h:
1214         Add switch to use Skia if, externally,
1215         Skia has been enabled by a gyp define.
1216
1217 2011-06-30  Juan C. Montemayor  <jmont@apple.com>
1218
1219         Reviewed by Geoffrey Garen.
1220
1221         Web Inspector fails to display source for eval with syntax error
1222         https://bugs.webkit.org/show_bug.cgi?id=63583
1223
1224         Web Inspector now displays a link to an eval statement that contains
1225         a syntax error.
1226
1227         * parser/Parser.h:
1228         (JSC::isEvalNode):
1229         (JSC::EvalNode):
1230         (JSC::Parser::parse):
1231
1232 2011-06-30  Filip Pizlo  <fpizlo@apple.com>
1233
1234         Reviewed by Gavin Barraclough.
1235
1236         X86Assembler does not encode byte registers in 64-bit mode correctly.
1237         https://bugs.webkit.org/show_bug.cgi?id=63665
1238
1239         * assembler/X86Assembler.h:
1240         (JSC::X86Assembler::testb_rr):
1241         (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
1242
1243 2011-06-30  Sheriff Bot  <webkit.review.bot@gmail.com>
1244
1245         Unreviewed, rolling out r90102.
1246         http://trac.webkit.org/changeset/90102
1247         https://bugs.webkit.org/show_bug.cgi?id=63714
1248
1249         Lots of tests asserting beneath
1250         SVGSMILElement::findInstanceTime (Requested by aroben on
1251         #webkit).
1252
1253         * wtf/StdLibExtras.h:
1254         (WTF::binarySearch):
1255
1256 2011-06-30  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
1257
1258         Reviewed by Nikolas Zimmermann.
1259
1260         Speed up SVGSMILElement::findInstanceTime.
1261         https://bugs.webkit.org/show_bug.cgi?id=61025
1262
1263         Add a new parameter to StdlibExtras.h::binarySerarch function
1264         to also handle cases when the array does not contain the key value.
1265         This is needed for an svg function.
1266
1267         * wtf/StdLibExtras.h:
1268         (WTF::binarySearch):
1269
1270 2011-06-29  Gavin Barraclough  <barraclough@apple.com>
1271
1272         Reviewed by Geoff Garen.
1273
1274         https://bugs.webkit.org/show_bug.cgi?id=63669
1275         DFG JIT - fix spectral-norm regression
1276
1277         The problem is a mis-speculation leading to us falling off the speculative path.
1278         Make the speculation logic slightly smarter, don't predict int if one of the
1279         operands is already loaded as a double (we use this logic already for compares).
1280
1281         * dfg/DFGSpeculativeJIT.cpp:
1282         (JSC::DFG::SpeculativeJIT::compile):
1283         * dfg/DFGSpeculativeJIT.h:
1284         (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
1285
1286 2011-06-29  Filip Pizlo  <fpizlo@apple.com>
1287
1288         Reviewed by Gavin Barraclough.
1289
1290         DFG JIT does not do put_by_id transition caching.
1291         https://bugs.webkit.org/show_bug.cgi?id=63662
1292
1293         * dfg/DFGJITCodeGenerator.cpp:
1294         (JSC::DFG::JITCodeGenerator::cachedPutById):
1295         * dfg/DFGJITCompiler.h:
1296         (JSC::DFG::JITCompiler::addPropertyAccess):
1297         * dfg/DFGRepatch.cpp:
1298         (JSC::DFG::testPrototype):
1299         (JSC::DFG::tryCachePutByID):
1300
1301 2011-06-29  Geoffrey Garen  <ggaren@apple.com>
1302
1303         Reviewed by Oliver Hunt.
1304
1305         Added a dummy write barrier emitting function in all the right places in the old JIT
1306         https://bugs.webkit.org/show_bug.cgi?id=63667
1307         
1308         SunSpider reports no change.
1309
1310         * jit/JIT.h:
1311         * jit/JITPropertyAccess.cpp:
1312         (JSC::JIT::emit_op_put_by_id):
1313         (JSC::JIT::emit_op_put_scoped_var): Do it.
1314
1315         (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
1316         for the sake of the write barrier.
1317
1318         (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
1319
1320         * jit/JITPropertyAccess32_64.cpp:
1321         (JSC::JIT::emit_op_put_by_val):
1322         (JSC::JIT::emit_op_put_by_id):
1323         (JSC::JIT::emit_op_put_scoped_var): Do it.
1324
1325         (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
1326         for the sake of the write barrier.
1327
1328         (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
1329
1330 2011-06-29  Filip Pizlo  <fpizlo@apple.com>
1331
1332         Reviewed by Gavin Barraclough.
1333
1334         DFG JIT does not perform get_by_id self list caching.
1335         https://bugs.webkit.org/show_bug.cgi?id=63605
1336
1337         * bytecode/StructureStubInfo.h:
1338         * dfg/DFGJITCompiler.cpp:
1339         (JSC::DFG::JITCompiler::compileFunction):
1340         * dfg/DFGOperations.cpp:
1341         * dfg/DFGOperations.h:
1342         * dfg/DFGRepatch.cpp:
1343         (JSC::DFG::tryCacheGetByID):
1344         (JSC::DFG::tryBuildGetByIDList):
1345         (JSC::DFG::dfgBuildGetByIDList):
1346         * dfg/DFGRepatch.h:
1347
1348 2011-06-28  Filip Pizlo  <fpizlo@apple.com>
1349
1350         Reviewed by Gavin Barraclough.
1351
1352         DFG JIT lacks array.length caching.
1353         https://bugs.webkit.org/show_bug.cgi?id=63505
1354
1355         * bytecode/StructureStubInfo.h:
1356         * dfg/DFGJITCodeGenerator.cpp:
1357         (JSC::DFG::JITCodeGenerator::cachedGetById):
1358         (JSC::DFG::JITCodeGenerator::cachedPutById):
1359         * dfg/DFGJITCodeGenerator.h:
1360         (JSC::DFG::JITCodeGenerator::tryAllocate):
1361         (JSC::DFG::JITCodeGenerator::selectScratchGPR):
1362         (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
1363         * dfg/DFGJITCompiler.cpp:
1364         (JSC::DFG::JITCompiler::compileFunction):
1365         * dfg/DFGJITCompiler.h:
1366         (JSC::DFG::JITCompiler::addPropertyAccess):
1367         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
1368         * dfg/DFGRegisterBank.h:
1369         (JSC::DFG::RegisterBank::tryAllocate):
1370         * dfg/DFGRepatch.cpp:
1371         (JSC::DFG::tryCacheGetByID):
1372
1373 2011-06-28  Pierre Rossi  <pierre.rossi@gmail.com>
1374
1375         Reviewed by Eric Seidel.
1376
1377         Warnings in JSC's JIT on 32 bit
1378         https://bugs.webkit.org/show_bug.cgi?id=63259
1379
1380         Fairly straightforward, just use ASSERT_JIT_OFFSET_UNUSED when it applies.
1381
1382         * jit/JITPropertyAccess32_64.cpp:
1383         (JSC::JIT::emit_op_method_check):
1384         (JSC::JIT::compileGetByIdHotPath):
1385         (JSC::JIT::emit_op_put_by_id):
1386
1387 2011-06-28  Sheriff Bot  <webkit.review.bot@gmail.com>
1388
1389         Unreviewed, rolling out r89968.
1390         http://trac.webkit.org/changeset/89968
1391         https://bugs.webkit.org/show_bug.cgi?id=63581
1392
1393         Broke chromium windows compile (Requested by jamesr on
1394         #webkit).
1395
1396         * wtf/Platform.h:
1397
1398 2011-06-28  Oliver Hunt  <oliver@apple.com>
1399
1400         Reviewed by Gavin Barraclough.
1401
1402         Fix sampling build
1403         https://bugs.webkit.org/show_bug.cgi?id=63579
1404
1405         Gets opcode sampling building again, doesn't seem to work alas
1406
1407         * bytecode/SamplingTool.cpp:
1408         (JSC::SamplingTool::notifyOfScope):
1409         * bytecode/SamplingTool.h:
1410         (JSC::SamplingTool::SamplingTool):
1411         * interpreter/Interpreter.cpp:
1412         (JSC::Interpreter::enableSampler):
1413         * runtime/Executable.h:
1414         (JSC::ScriptExecutable::ScriptExecutable):
1415
1416 2011-06-28  Cary Clark  <caryclark@google.com>
1417
1418         Reviewed by James Robinson.
1419
1420         Use Skia if Skia on Mac Chrome is enabled
1421         https://bugs.webkit.org/show_bug.cgi?id=62999
1422
1423         * wtf/Platform.h:
1424         Add switch to use Skia if, externally,
1425         Skia has been enabled by a gyp define.
1426
1427 2011-06-28  Oliver Hunt  <oliver@apple.com>
1428
1429         Reviewed by Gavin Barraclough.
1430
1431         ASSERT when launching debug builds with interpreter and jit enabled
1432         https://bugs.webkit.org/show_bug.cgi?id=63566
1433
1434         Add appropriate guards to the various Executable's memory reporting
1435         logic.
1436
1437         * runtime/Executable.cpp:
1438         (JSC::EvalExecutable::compileInternal):
1439         (JSC::ProgramExecutable::compileInternal):
1440         (JSC::FunctionExecutable::compileForCallInternal):
1441         (JSC::FunctionExecutable::compileForConstructInternal):
1442
1443 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1444
1445         Reviewed by Oliver Hunt.
1446
1447         https://bugs.webkit.org/show_bug.cgi?id=63563
1448         DFG JIT - add support for double arith to speculative path
1449
1450         Add integer support for div & mod, add double support for div, mod,
1451         add, sub & mul, dynamically selecting based on operand types.
1452
1453         * dfg/DFGJITCodeGenerator.cpp:
1454         (JSC::DFG::FPRTemporary::FPRTemporary):
1455         * dfg/DFGJITCodeGenerator.h:
1456         * dfg/DFGJITCompiler.h:
1457         (JSC::DFG::JITCompiler::assembler):
1458         * dfg/DFGSpeculativeJIT.cpp:
1459         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1460         (JSC::DFG::SpeculativeJIT::compile):
1461         * dfg/DFGSpeculativeJIT.h:
1462         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
1463         (JSC::DFG::SpeculateDoubleOperand::~SpeculateDoubleOperand):
1464         (JSC::DFG::SpeculateDoubleOperand::index):
1465         (JSC::DFG::SpeculateDoubleOperand::fpr):
1466
1467 2011-06-28  Oliver Hunt  <oliver@apple.com>
1468
1469         Fix interpreter build.
1470
1471         * interpreter/Interpreter.cpp:
1472         (JSC::Interpreter::privateExecute):
1473
1474 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1475
1476         Reviewed by Oliver Hunt.
1477
1478         https://bugs.webkit.org/show_bug.cgi?id=63561
1479         DFG JIT - don't always assume integer in relational compare
1480
1481         If neither operand is known integer, or either is in double representation,
1482         then at least use a function call (don't bail off the speculative path).
1483
1484         * dfg/DFGSpeculativeJIT.cpp:
1485         (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
1486         (JSC::DFG::SpeculativeJIT::compile):
1487         * dfg/DFGSpeculativeJIT.h:
1488         (JSC::DFG::SpeculativeJIT::isDataFormatDouble):
1489         (JSC::DFG::SpeculativeJIT::compareIsInteger):
1490
1491 2011-06-28  Oliver Hunt  <oliver@apple.com>
1492
1493         Reviewed by Gavin Barraclough.
1494
1495         Make constant array optimisation less strict about what constitutes a constant
1496         https://bugs.webkit.org/show_bug.cgi?id=63554
1497
1498         Now allow string constants in array literals to actually be considered constant,
1499         and so avoid codegen in array literals with strings in them.
1500
1501         * bytecode/CodeBlock.h:
1502         (JSC::CodeBlock::addConstantBuffer):
1503         (JSC::CodeBlock::constantBuffer):
1504         * bytecompiler/BytecodeGenerator.cpp:
1505         (JSC::BytecodeGenerator::addConstantBuffer):
1506         (JSC::BytecodeGenerator::addStringConstant):
1507         (JSC::BytecodeGenerator::emitNewArray):
1508         * bytecompiler/BytecodeGenerator.h:
1509         * interpreter/Interpreter.cpp:
1510         (JSC::Interpreter::privateExecute):
1511         * jit/JITStubs.cpp:
1512         (JSC::DEFINE_STUB_FUNCTION):
1513
1514 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1515
1516         Reviewed by Oliver Hunt.
1517
1518         https://bugs.webkit.org/show_bug.cgi?id=63560
1519         DFG_JIT allow allocation of specific machine registers
1520
1521         This allow us to allocate the registers necessary to perform x86
1522         idiv instructions for div/mod, and may be useful for shifts, too.
1523
1524         * dfg/DFGJITCodeGenerator.cpp:
1525         (JSC::DFG::GPRTemporary::GPRTemporary):
1526         * dfg/DFGJITCodeGenerator.h:
1527         (JSC::DFG::JITCodeGenerator::allocate):
1528         (JSC::DFG::GPRResult::GPRResult):
1529         * dfg/DFGRegisterBank.h:
1530         (JSC::DFG::RegisterBank::allocateSpecific):
1531         * dfg/DFGSpeculativeJIT.h:
1532         (JSC::DFG::SpeculativeJIT::isInteger):
1533
1534 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1535
1536         Reviewed by Oliver Hunt.
1537
1538         https://bugs.webkit.org/show_bug.cgi?id=55040
1539         RegExp constructor returns the argument regexp instead of a new object
1540
1541         Per 15.10.3.1, our current behaviour is correct if called as a function,
1542         but incorrect when called as a constructor.
1543
1544         * runtime/RegExpConstructor.cpp:
1545         (JSC::constructRegExp):
1546         (JSC::constructWithRegExpConstructor):
1547         * runtime/RegExpConstructor.h:
1548
1549 2011-06-28  Luke Macpherson   <macpherson@chromium.org>
1550
1551         Reviewed by Darin Adler.
1552
1553         Clean up integer clamping functions in MathExtras.h and support arbitrary numeric types and limits.
1554         https://bugs.webkit.org/show_bug.cgi?id=63469
1555
1556         * wtf/MathExtras.h:
1557         (defaultMinimumForClamp):
1558         Version of std::numeric_limits::min() that returns the largest negative value for floating point types.
1559         (defaultMaximumForClamp):
1560         Symmetric alias for std::numeric_limits::max()
1561         (clampTo):
1562         New templated clamping function that supports arbitrary output types.
1563         (clampToInteger):
1564         Use new clampTo template.
1565         (clampToFloat):
1566         Use new clampTo template.
1567         (clampToPositiveInteger):
1568         Use new clampTo template.
1569
1570 2011-06-28  Adam Roben  <aroben@apple.com>
1571
1572         Windows Debug build fix after r89885
1573
1574         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported
1575         JSGlobalData::releaseExecutableMemory for jsc.exe's benefit.
1576
1577 2011-06-28  Shinya Kawanaka  <shinyak@google.com>
1578
1579         Reviewed by Kent Tamura.
1580
1581         Add const to show() method in WTFString and AtomicString.
1582         https://bugs.webkit.org/show_bug.cgi?id=63515
1583
1584         The lack of const in show() method is painful when
1585         doing something like printf-debug.
1586
1587         * wtf/text/AtomicString.cpp:
1588         (WTF::AtomicString::show):
1589         * wtf/text/AtomicString.h:
1590         * wtf/text/WTFString.cpp:
1591         (String::show):
1592         * wtf/text/WTFString.h:
1593
1594 2011-06-27  Ryosuke Niwa  <rniwa@webkit.org>
1595
1596         Build fix attempt after r89885.
1597
1598         * JavaScriptCore.exp:
1599         * jsc.cpp:
1600
1601 2011-06-27  Oliver Hunt  <oliver@apple.com>
1602
1603         Reviewed by Geoffrey Garen.
1604
1605         Support throwing away non-running code even while other code is running
1606         https://bugs.webkit.org/show_bug.cgi?id=63485
1607
1608         Add a function to CodeBlock to support unlinking direct linked callsites,
1609         and then with that in place add logic to discard code from any function
1610         that is not currently on the stack.
1611
1612         The unlinking completely reverts any optimized call sites, such that they
1613         may be relinked again in future.
1614
1615         * JavaScriptCore.exp:
1616         * bytecode/CodeBlock.cpp:
1617         (JSC::CodeBlock::unlinkCalls):
1618         (JSC::CodeBlock::clearEvalCache):
1619         * bytecode/CodeBlock.h:
1620         (JSC::CallLinkInfo::CallLinkInfo):
1621         (JSC::CallLinkInfo::unlink):
1622         * bytecode/EvalCodeCache.h:
1623         (JSC::EvalCodeCache::clear):
1624         * heap/Heap.cpp:
1625         (JSC::Heap::getConservativeRegisterRoots):
1626         * heap/Heap.h:
1627         * jit/JIT.cpp:
1628         (JSC::JIT::privateCompile):
1629         * jit/JIT.h:
1630         * jit/JITCall.cpp:
1631         (JSC::JIT::compileOpCall):
1632         * jit/JITWriteBarrier.h:
1633         (JSC::JITWriteBarrierBase::clear):
1634         * jsc.cpp:
1635         (GlobalObject::GlobalObject):
1636         (functionReleaseExecutableMemory):
1637         * runtime/Executable.cpp:
1638         (JSC::EvalExecutable::unlinkCalls):
1639         (JSC::ProgramExecutable::unlinkCalls):
1640         (JSC::FunctionExecutable::discardCode):
1641         (JSC::FunctionExecutable::unlinkCalls):
1642         * runtime/Executable.h:
1643         * runtime/JSGlobalData.cpp:
1644         (JSC::SafeRecompiler::returnValue):
1645         (JSC::SafeRecompiler::operator()):
1646         (JSC::JSGlobalData::releaseExecutableMemory):
1647
1648 2011-06-27  Gavin Barraclough  <barraclough@apple.com>
1649
1650         Reviewed by Darin Adler & Oliver Hunt.
1651
1652         https://bugs.webkit.org/show_bug.cgi?id=50554
1653         RegExp.prototype.toString does not escape slashes
1654
1655         The problem here is that we don't escape forwards slashes when converting
1656         a RegExp to a string. This means that RegExp("/").toString() is "///",
1657         which is not a valid RegExp literal. Also, we return an invalid literal
1658         for RegExp.prototype.toString() ("//", which is an empty single-line comment).
1659
1660         From ES5:
1661         "NOTE: The returned String has the form of a RegularExpressionLiteral that
1662         evaluates to another RegExp object with the same behaviour as this object."
1663
1664         * runtime/RegExpObject.cpp:
1665         (JSC::regExpObjectSource):
1666             - Escape forward slashes when getting the source of a RegExp.
1667         * runtime/RegExpPrototype.cpp:
1668         (JSC::regExpProtoFuncToString):
1669             - Remove unnecessary and erroneous hack to return "//" as the string
1670             representation of RegExp.prototype. This is not a valid RegExp literal
1671             (it is an empty single-line comment).
1672
1673 2011-06-27  Gavin Barraclough  <barraclough@apple.com>
1674
1675         Reviewed by Oliver Hunt.
1676
1677         https://bugs.webkit.org/show_bug.cgi?id=63497
1678         Add DEBUG_WITH_BREAKPOINT support to the DFG JIT.
1679
1680         * dfg/DFGByteCodeParser.cpp:
1681         (JSC::DFG::ByteCodeParser::parseBlock):
1682         * dfg/DFGNode.h:
1683         * dfg/DFGNonSpeculativeJIT.cpp:
1684         (JSC::DFG::NonSpeculativeJIT::compile):
1685         * dfg/DFGSpeculativeJIT.cpp:
1686         (JSC::DFG::SpeculativeJIT::compile):
1687
1688 2011-06-27  Juan C. Montemayor  <jmont@apple.com>
1689
1690         Reviewed by Mark Rowe.
1691
1692         Indirectly including TextPosition.h and XPathGrammar.h causes compile errors
1693         https://bugs.webkit.org/show_bug.cgi?id=63392
1694         
1695         When both TextPosition.h and XPathGrammar.h are included a compile-error
1696         is caused, since XPathGrammar.h defines a macro called NUMBER and 
1697         TextPosition has a typedef named NUMBER.
1698
1699         * wtf/text/TextPosition.h:
1700         (WTF::TextPosition::TextPosition):
1701         (WTF::TextPosition::minimumPosition):
1702         (WTF::TextPosition::belowRangePosition):
1703
1704 2011-06-27  Filip Pizlo  <fpizlo@apple.com>
1705
1706         Reviewed by Gavin Barraclough.
1707
1708         DFG JIT does not perform put_by_id caching.
1709         https://bugs.webkit.org/show_bug.cgi?id=63409
1710
1711         * bytecode/StructureStubInfo.h:
1712         * dfg/DFGJITCodeGenerator.cpp:
1713         (JSC::DFG::JITCodeGenerator::cachedPutById):
1714         * dfg/DFGJITCodeGenerator.h:
1715         * dfg/DFGJITCompiler.cpp:
1716         (JSC::DFG::JITCompiler::compileFunction):
1717         * dfg/DFGJITCompiler.h:
1718         (JSC::DFG::JITCompiler::addPropertyAccess):
1719         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
1720         * dfg/DFGNonSpeculativeJIT.cpp:
1721         (JSC::DFG::NonSpeculativeJIT::compile):
1722         * dfg/DFGOperations.cpp:
1723         * dfg/DFGOperations.h:
1724         * dfg/DFGRepatch.cpp:
1725         (JSC::DFG::dfgRepatchByIdSelfAccess):
1726         (JSC::DFG::tryCacheGetByID):
1727         (JSC::DFG::appropriatePutByIdFunction):
1728         (JSC::DFG::tryCachePutByID):
1729         (JSC::DFG::dfgRepatchPutByID):
1730         * dfg/DFGRepatch.h:
1731         * dfg/DFGSpeculativeJIT.cpp:
1732         (JSC::DFG::SpeculativeJIT::compile):
1733
1734 2011-06-27  Gustavo Noronha Silva  <gns@gnome.org>
1735
1736         Unreviewed build fix. One more filed missing during distcheck, for
1737         the MIPS build.
1738
1739         * GNUmakefile.list.am:
1740
1741 2011-06-26  Filip Pizlo  <fpizlo@apple.com>
1742
1743         Reviewed by Gavin Barraclough.
1744
1745         DFG non-speculative JIT has potentially harmful speculations with respect to arithmetic operations.
1746         https://bugs.webkit.org/show_bug.cgi?id=63347
1747
1748         * dfg/DFGNonSpeculativeJIT.cpp:
1749             - Changed arithmetic operations to speculate in favor of integers.
1750         (JSC::DFG::NonSpeculativeJIT::valueToNumber):
1751         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1752         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1753         (JSC::DFG::NonSpeculativeJIT::compile):
1754         * dfg/DFGNonSpeculativeJIT.h:
1755         * dfg/DFGOperations.cpp:
1756             - Added slow-path routines for arithmetic that perform no speculation; the
1757               non-speculative JIT will generate calls to these in cases where its
1758               speculation fails.
1759         * dfg/DFGOperations.h:
1760
1761 2011-06-24  Nikolas Zimmermann  <nzimmermann@rim.com>
1762
1763         Reviewed by Rob Buis.
1764
1765         Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
1766         https://bugs.webkit.org/show_bug.cgi?id=59085
1767
1768         * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
1769
1770 2011-06-24  Michael Saboff  <msaboff@apple.com>
1771
1772         Reviewed by Gavin Barraclough.
1773
1774         Arm Assembler, Immediate stack offset values truncated to 8 bits for add & sub
1775         https://bugs.webkit.org/show_bug.cgi?id=63345
1776
1777         The methods ARMThumbImmediate::getUInt9 and ARMThumbImmediate::getUInt10
1778         return 9 and 10 bit quantities, therefore changed their return type from
1779         uint8_t to uint16_t.  Also casted the places where they are used as they
1780         are currently shifted and used as 7 or 8 bit values.
1781
1782         These methods are currently used for literals for stack offsets, 
1783         including creating and destroying stack frames.  The prior truncation of
1784         the upper bits caused stack frames to be too small, thus allowing a
1785         JIT'ed function to access and overwrite stack space outside of the
1786         incorrectly sized stack frame.
1787
1788         * assembler/ARMv7Assembler.h:
1789         (JSC::ARMThumbImmediate::getUInt9):
1790         (JSC::ARMThumbImmediate::getUInt10):
1791         (JSC::ARMv7Assembler::add):
1792         (JSC::ARMv7Assembler::ldr):
1793         (JSC::ARMv7Assembler::str):
1794         (JSC::ARMv7Assembler::sub):
1795         (JSC::ARMv7Assembler::sub_S):
1796
1797 2011-06-24  Michael Saboff  <msaboff@apple.com>
1798
1799         Reviewed by Geoffrey Garen.
1800
1801         releaseFastMallocFreeMemory doesn't adjust free counts for scavenger
1802         https://bugs.webkit.org/show_bug.cgi?id=63015
1803
1804         Added code to adjust class TCMalloc_PageHeap variables free_committed_pages_ and
1805         min_free_committed_pages_since_last_scavenge_ in ReleaseFreeList().  These 
1806         adjustments are a bug.  These need to reflect the pages that are released
1807         in ReleaseFreeLsit so that scavenge doesn't try to free that many pages as well.
1808         Made ReleaseFreeList a member of TCMalloc_PageHeap in the process.  Updated
1809         Check() and helper method CheckList() to check the number of actual free pages
1810         with free_committed_pages_.
1811
1812         The symptom of the problem of the existing code is that the scavenger may
1813         run unneccesarily without any real work to do, i.e. pages on the free lists.
1814         The scanvenger would also end up freeing too many pages, that is going below 
1815         the current 528 target free pages.
1816
1817         Note that the style of the changes was kept consistent with the
1818         existing style.
1819
1820         * wtf/FastMalloc.cpp:
1821         (WTF::TCMalloc_PageHeap::Check):
1822         (WTF::TCMalloc_PageHeap::CheckList):
1823         (WTF::TCMalloc_PageHeap::ReleaseFreeList):
1824
1825 2011-06-24  Abhishek Arya  <inferno@chromium.org>
1826
1827         Reviewed by Darin Adler.
1828
1829         Match other clampTo* functions in style with clampToInteger(float)
1830         function.
1831         https://bugs.webkit.org/show_bug.cgi?id=53449
1832
1833         * wtf/MathExtras.h:
1834         (clampToInteger):
1835         (clampToFloat):
1836         (clampToPositiveInteger):
1837
1838 2011-06-24  Sheriff Bot  <webkit.review.bot@gmail.com>
1839
1840         Unreviewed, rolling out r89594.
1841         http://trac.webkit.org/changeset/89594
1842         https://bugs.webkit.org/show_bug.cgi?id=63316
1843
1844         It broke 5 tests on the Qt bot (Requested by Ossy_DC on
1845         #webkit).
1846
1847         * GNUmakefile.list.am:
1848         * JavaScriptCore.gypi:
1849         * icu/unicode/uscript.h: Removed.
1850         * wtf/unicode/ScriptCodesFromICU.h: Removed.
1851         * wtf/unicode/brew/UnicodeBrew.h:
1852         * wtf/unicode/glib/UnicodeGLib.h:
1853         * wtf/unicode/icu/UnicodeIcu.h:
1854         * wtf/unicode/qt4/UnicodeQt4.h:
1855         * wtf/unicode/wince/UnicodeWinCE.h:
1856
1857 2011-06-23  Filip Pizlo  <fpizlo@apple.com>
1858
1859         Reviewed by Gavin Barraclough.
1860
1861         DFG non-speculative JIT should have obvious optimizations for GetById and GetByVal
1862         https://bugs.webkit.org/show_bug.cgi?id=63173
1863
1864         * dfg/DFGJITCodeGenerator.cpp:
1865         (JSC::DFG::JITCodeGenerator::cachedGetById):
1866         * dfg/DFGJITCodeGenerator.h:
1867         * dfg/DFGNonSpeculativeJIT.cpp:
1868         (JSC::DFG::NonSpeculativeJIT::compile):
1869         * dfg/DFGSpeculativeJIT.cpp:
1870         (JSC::DFG::SpeculativeJIT::compile):
1871
1872 2011-06-23  Oliver Hunt  <oliver@apple.com>
1873
1874         Fix Qt again.
1875
1876         * assembler/ARMAssembler.h:
1877         (JSC::ARMAssembler::readPointer):
1878
1879 2011-06-23  Oliver Hunt  <oliver@apple.com>
1880
1881         Fix Qt Build
1882
1883         * assembler/ARMAssembler.h:
1884         (JSC::ARMAssembler::readPointer):
1885
1886 2011-06-23  Stephanie Lewis  <slewis@apple.com>
1887
1888         Reviewed by Darin Adler.
1889
1890         https://bugs.webkit.org/show_bug.cgi?id=63298
1891         Replace Malloc with FastMalloc to match the rest of wtf.
1892
1893         * wtf/BlockStack.h:
1894         (WTF::::~BlockStack):
1895         (WTF::::grow):
1896         (WTF::::shrink):
1897
1898 2011-06-23  Oliver Hunt  <oliver@apple.com>
1899
1900         Reviewed by Gavin Barraclough.
1901
1902         Add the ability to dynamically modify linked call sites
1903         https://bugs.webkit.org/show_bug.cgi?id=63291
1904
1905         Add JITWriteBarrier as a writebarrier class that allows
1906         reading and writing directly into the code stream.
1907
1908         This required adding logic to all the assemblers to allow
1909         us to read values back out of the instruction stream.
1910
1911         * JavaScriptCore.xcodeproj/project.pbxproj:
1912         * assembler/ARMAssembler.h:
1913         (JSC::ARMAssembler::readPointer):
1914         * assembler/ARMv7Assembler.h:
1915         (JSC::ARMv7Assembler::readPointer):
1916         (JSC::ARMv7Assembler::readInt32):
1917         (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmFirst):
1918         (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmSecond):
1919         * assembler/AbstractMacroAssembler.h:
1920         (JSC::AbstractMacroAssembler::readPointer):
1921         * assembler/MIPSAssembler.h:
1922         (JSC::MIPSAssembler::readInt32):
1923         (JSC::MIPSAssembler::readPointer):
1924         * assembler/MacroAssemblerCodeRef.h:
1925         (JSC::MacroAssemblerCodePtr::operator!):
1926         * assembler/SH4Assembler.h:
1927         (JSC::SH4Assembler::readPCrelativeAddress):
1928         (JSC::SH4Assembler::readPointer):
1929         (JSC::SH4Assembler::readInt32):
1930         * assembler/X86Assembler.h:
1931         (JSC::X86Assembler::readPointer):
1932         * bytecode/CodeBlock.cpp:
1933         (JSC::CodeBlock::visitAggregate):
1934         * bytecode/CodeBlock.h:
1935         (JSC::MethodCallLinkInfo::seenOnce):
1936         (JSC::MethodCallLinkInfo::setSeen):
1937         * heap/MarkStack.h:
1938         * jit/JIT.cpp:
1939         (JSC::JIT::privateCompile):
1940         (JSC::JIT::linkCall):
1941         (JSC::JIT::linkConstruct):
1942         * jit/JITPropertyAccess.cpp:
1943         (JSC::JIT::patchMethodCallProto):
1944         * jit/JITPropertyAccess32_64.cpp:
1945         * jit/JITWriteBarrier.h: Added.
1946         (JSC::JITWriteBarrierBase::operator UnspecifiedBoolType*):
1947         (JSC::JITWriteBarrierBase::operator!):
1948         (JSC::JITWriteBarrierBase::setFlagOnBarrier):
1949         (JSC::JITWriteBarrierBase::isFlagged):
1950         (JSC::JITWriteBarrierBase::setLocation):
1951         (JSC::JITWriteBarrierBase::location):
1952         (JSC::JITWriteBarrierBase::JITWriteBarrierBase):
1953         (JSC::JITWriteBarrierBase::set):
1954         (JSC::JITWriteBarrierBase::get):
1955         (JSC::JITWriteBarrier::JITWriteBarrier):
1956         (JSC::JITWriteBarrier::set):
1957         (JSC::JITWriteBarrier::get):
1958         (JSC::MarkStack::append):
1959
1960 2011-06-23  Gavin Barraclough  <barraclough@apple.com>
1961
1962         Reviewed by Oliver Hunt.
1963
1964         https://bugs.webkit.org/show_bug.cgi?id=61585
1965         Crash running regexp /(?:(?=g))|(?:m).{2147483648,}/
1966
1967         This is due to use of int instead of unsigned, bad math around
1968         the 2^31 boundary.
1969
1970         * yarr/YarrInterpreter.cpp:
1971         (JSC::Yarr::ByteCompiler::emitDisjunction):
1972             - Change some uses of int to unsigned, refactor compare logic to
1973               restrict to the range 0..2^32-1 (rather than -2^32-1..2^32-1).
1974         * yarr/YarrJIT.cpp:
1975         (JSC::Yarr::YarrGenerator::generate):
1976         (JSC::Yarr::YarrGenerator::backtrack):
1977             - Ditto.
1978
1979 2011-06-22  Gavin Barraclough  <barraclough@apple.com>
1980
1981         Reviewed by Sam Weinig.
1982
1983         https://bugs.webkit.org/show_bug.cgi?id=63218
1984         DFG JIT - remove machine type guarantees from graph
1985
1986         The DFG JIT currently makes assumptions about the types of machine registers
1987         that certain nodes will be loaded into. This will be broken as we generate
1988         nodes to produce both integer and double code paths. Remove int<->double
1989         conversions nodes. This design decision also gave rise to multiple types of
1990         constant nodes, requiring separate handling for each type. Merge these back
1991         into JSConstant.
1992
1993         * dfg/DFGAliasTracker.h:
1994         (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
1995         * dfg/DFGByteCodeParser.cpp:
1996         (JSC::DFG::ByteCodeParser::getToInt32):
1997         (JSC::DFG::ByteCodeParser::getToNumber):
1998         (JSC::DFG::ByteCodeParser::toInt32):
1999         (JSC::DFG::ByteCodeParser::toNumber):
2000         (JSC::DFG::ByteCodeParser::isInt32Constant):
2001         (JSC::DFG::ByteCodeParser::isDoubleConstant):
2002         (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
2003         (JSC::DFG::ByteCodeParser::valueOfDoubleConstant):
2004         (JSC::DFG::ByteCodeParser::one):
2005         (JSC::DFG::ByteCodeParser::predictInt32):
2006         * dfg/DFGGraph.cpp:
2007         (JSC::DFG::Graph::dump):
2008         * dfg/DFGJITCodeGenerator.h:
2009         (JSC::DFG::JITCodeGenerator::silentFillGPR):
2010         (JSC::DFG::JITCodeGenerator::silentFillFPR):
2011         (JSC::DFG::JITCodeGenerator::isJSConstant):
2012         (JSC::DFG::JITCodeGenerator::isDoubleConstant):
2013         (JSC::DFG::JITCodeGenerator::valueOfJSConstantAsImmPtr):
2014         * dfg/DFGJITCompiler.cpp:
2015         (JSC::DFG::JITCompiler::fillNumericToDouble):
2016         (JSC::DFG::JITCompiler::fillInt32ToInteger):
2017         * dfg/DFGJITCompiler.h:
2018         (JSC::DFG::JITCompiler::isJSConstant):
2019         (JSC::DFG::JITCompiler::isInt32Constant):
2020         (JSC::DFG::JITCompiler::isDoubleConstant):
2021         (JSC::DFG::JITCompiler::valueOfJSConstant):
2022         (JSC::DFG::JITCompiler::valueOfInt32Constant):
2023         (JSC::DFG::JITCompiler::valueOfDoubleConstant):
2024         * dfg/DFGNode.h:
2025         (JSC::DFG::Node::Node):
2026         (JSC::DFG::Node::isConstant):
2027         (JSC::DFG::Node::notTakenBytecodeOffset):
2028         * dfg/DFGNonSpeculativeJIT.cpp:
2029         (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
2030         (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
2031         (JSC::DFG::NonSpeculativeJIT::compile):
2032         * dfg/DFGSpeculativeJIT.cpp:
2033         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
2034         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2035         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
2036         (JSC::DFG::SpeculativeJIT::compile):
2037
2038 2011-06-23  Jungshik Shin  <jshin@chromium.org>
2039
2040         Reviewed by Alexey Proskuryakov.
2041
2042         Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
2043         build files for ports not using ICU.
2044         Add icu/unicode/uscript.h for ports using ICU. It's taken from 
2045         ICU 3.6 (the version used on Mac OS 10.5)
2046
2047         http://bugs.webkit.org/show_bug.cgi?id=20797
2048
2049         * GNUmakefile.list.am:
2050         * JavaScriptCore.gypi:
2051         * icu/unicode/uscript.h: Added for UScriptCode enum.
2052         * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
2053         * wtf/unicode/icu/UnicodeIcu.h:
2054         * wtf/unicode/brew/UnicodeBrew.h:
2055         * wtf/unicode/glib/UnicodeGLib.h:
2056         * wtf/unicode/qt4/UnicodeQt4.h:
2057         * wtf/unicode/wince/UnicodeWinCE.h:
2058
2059 2011-06-23  Ryuan Choi  <ryuan.choi@samsung.com>
2060
2061         Reviewed by Andreas Kling.
2062
2063         [EFL][WK2] Add PLATFORM(EFL) to use UNIX_DOMAIN_SOCKETS.
2064         https://bugs.webkit.org/show_bug.cgi?id=63228
2065
2066         * wtf/Platform.h: Add PLATFORM(EFL) guard.
2067
2068 2011-06-23  Sheriff Bot  <webkit.review.bot@gmail.com>
2069
2070         Unreviewed, rolling out r89547.
2071         http://trac.webkit.org/changeset/89547
2072         https://bugs.webkit.org/show_bug.cgi?id=63252
2073
2074         "Chrmium crash on start" (Requested by yurys on #webkit).
2075
2076         * wtf/DynamicAnnotations.cpp:
2077         (WTFAnnotateBenignRaceSized):
2078         (WTFAnnotateHappensBefore):
2079         (WTFAnnotateHappensAfter):
2080         * wtf/DynamicAnnotations.h:
2081
2082 2011-06-23  Timur Iskhodzhanov  <timurrrr@google.com>
2083
2084         Reviewed by David Levin.
2085
2086         Make dynamic annotations weak symbols and prevent identical code folding by the linker
2087         https://bugs.webkit.org/show_bug.cgi?id=62443
2088
2089         * wtf/DynamicAnnotations.cpp:
2090         (WTFAnnotateBenignRaceSized):
2091         (WTFAnnotateHappensBefore):
2092         (WTFAnnotateHappensAfter):
2093         * wtf/DynamicAnnotations.h:
2094
2095 2011-06-22  Yael Aharon  <yael.aharon@nokia.com>
2096
2097         Reviewed by Andreas Kling.
2098
2099         [Qt] Add a build flag for building with libxml2 and libxslt.
2100         https://bugs.webkit.org/show_bug.cgi?id=63113
2101
2102         * wtf/Platform.h:
2103
2104 2011-06-22  Sheriff Bot  <webkit.review.bot@gmail.com>
2105
2106         Unreviewed, rolling out r89489.
2107         http://trac.webkit.org/changeset/89489
2108         https://bugs.webkit.org/show_bug.cgi?id=63203
2109
2110         Broke chromium mac build on build.webkit.org (Requested by
2111         abarth on #webkit).
2112
2113         * wtf/Platform.h:
2114
2115 2011-06-22  Cary Clark  <caryclark@google.com>
2116
2117         Reviewed by Darin Fisher.
2118
2119         Use Skia if Skia on Mac Chrome is enabled
2120         https://bugs.webkit.org/show_bug.cgi?id=62999
2121
2122         * wtf/Platform.h:
2123         Add switch to use Skia if, externally,
2124         Skia has been enabled by a gyp define.
2125
2126 2011-06-22  Geoffrey Garen  <ggaren@apple.com>
2127
2128         Reviewed by Oliver Hunt.
2129
2130         * interpreter/RegisterFile.h: Removed unnecessary #include <stdio.h>.
2131
2132 2011-06-22  Geoffrey Garen  <ggaren@apple.com>
2133
2134         Reviewed by Oliver Hunt.
2135
2136         Removed the conceit that global variables are local variables when running global code
2137         https://bugs.webkit.org/show_bug.cgi?id=63106
2138         
2139         This is required for write barrier correctness.
2140         
2141         SunSpider reports about a 0.5% regression, mostly from bitops-bitwise-and.js.
2142         I was able to reduce the regression with a tiny peephole optimization in
2143         the bytecompiler, but not eliminate it. I'm committing this assuming
2144         that turning on generational GC will win back at least 0.5%.
2145
2146         (FWIW, the DFG JIT can easily eliminate any regression by sharing loads of
2147         the global object's var storage. I considered doing the same kind of
2148         optimization in the existing JIT, but it seemed like moving in the wrong
2149         direction.)
2150
2151         * bytecompiler/BytecodeGenerator.cpp:
2152         (JSC::BytecodeGenerator::addGlobalVar):
2153         (JSC::BytecodeGenerator::BytecodeGenerator): Don't give global variables
2154         negative indices, since they're no longer negatively offset from the
2155         current stack frame.
2156         
2157         Do give global variables monotonically increasing positive indices, since
2158         that's much easier to work with.
2159         
2160         Don't limit the number of optimizable global variables, since it's no
2161         longer limited by the register file, since they're no longer stored in
2162         the register file.
2163
2164         (JSC::BytecodeGenerator::registerFor): Global code never has any local
2165         registers because a var in global code is actually a property of the
2166         global object.
2167
2168         (JSC::BytecodeGenerator::constRegisterFor): Ditto.
2169
2170         (JSC::BytecodeGenerator::emitResolve): Did a tiny bit of constant
2171         propagation and dead code elimination to speed up our compiles and
2172         reduce WTFs / minute.
2173
2174         * bytecompiler/BytecodeGenerator.h:
2175         (JSC::BytecodeGenerator::registerFor): Removed special handling of globals.
2176
2177         (JSC::BytecodeGenerator::shouldOptimizeLocals): Don't optimize locals in
2178         global code, since there are none.
2179
2180         (JSC::BytecodeGenerator::canOptimizeNonLocals): Do optimize non-locals
2181         in global code (i.e., global vars), since there are some.
2182
2183         * interpreter/Interpreter.cpp:
2184         (JSC::Interpreter::callEval):
2185         (JSC::Interpreter::Interpreter):
2186         (JSC::Interpreter::dumpRegisters):
2187         (JSC::Interpreter::execute):
2188         * interpreter/Interpreter.h: Updated for deleted / renamed code.
2189
2190         * interpreter/RegisterFile.cpp:
2191         (JSC::RegisterFile::gatherConservativeRoots):
2192         (JSC::RegisterFile::releaseExcessCapacity): Updated for deleted / renamed
2193         data members.
2194
2195         * interpreter/RegisterFile.h:
2196         (JSC::RegisterFile::begin):
2197         (JSC::RegisterFile::size):
2198         (JSC::RegisterFile::RegisterFile):
2199         (JSC::RegisterFile::shrink): Removed all code and comments dealing with
2200         global variables stored in the register file.
2201
2202         (JSC::RegisterFile::grow): Updated for same.
2203         
2204         Also, a slight correctness fix: Test the VM commit end, and not just the
2205         in-use end, when checking for stack overflow. In theory, it's invalid to
2206         commit past the end of your allocation, even if you never touch that
2207         memory. This makes the usable size of the stack slightly smaller. No test
2208         because we don't know of any case in practice where this crashes.
2209
2210         * runtime/JSGlobalData.cpp:
2211         (JSC::JSGlobalData::JSGlobalData): Updated for changes above.
2212
2213         * runtime/JSGlobalObject.cpp:
2214         (JSC::JSGlobalObject::resizeRegisters):
2215         (JSC::JSGlobalObject::addStaticGlobals):
2216         * runtime/JSGlobalObject.h: Simplified globals to have monotonically 
2217         increasing indexes, always located in our external storage.
2218
2219 2011-06-21  MORITA Hajime  <morrita@google.com>
2220
2221         Unreviewed, rolling out r89401 and r89403.
2222         http://trac.webkit.org/changeset/89401
2223         http://trac.webkit.org/changeset/89403
2224         https://bugs.webkit.org/show_bug.cgi?id=62970
2225
2226         Breaks mac build and mistakenly enables the spellcheck API
2227
2228         * Configurations/FeatureDefines.xcconfig:
2229         * JavaScriptCore.xcodeproj/project.pbxproj:
2230
2231 2011-06-21  Kent Tamura  <tkent@chromium.org>
2232
2233         [Mac] Sort Xcode project files.
2234
2235         * JavaScriptCore.xcodeproj/project.pbxproj:
2236
2237 2011-06-20  MORITA Hajime  <morrita@google.com>
2238
2239         Reviewed by Kent Tamura.
2240
2241         Spellcheck API should be build-able.
2242         https://bugs.webkit.org/show_bug.cgi?id=62970
2243
2244         No new tests, changing only build related files
2245         
2246         * Configurations/FeatureDefines.xcconfig:
2247
2248 2011-06-21  Geoffrey Garen  <ggaren@apple.com>
2249
2250         Reviewed by Oliver Hunt.
2251
2252         Moved 'const' off the global-variable-as-local-variable crack pipe
2253         https://bugs.webkit.org/show_bug.cgi?id=63105
2254         
2255         This is necessary for moving the rest of the code off of same.
2256         
2257         Many problems remain in our handling of const. I have fixed none of them.
2258
2259         * bytecompiler/BytecodeGenerator.h:
2260         (JSC::BytecodeGenerator::scopeChain): New accessor, needed to enable
2261         const to directly implement its unique scoping rules.
2262
2263         * bytecompiler/NodesCodegen.cpp:
2264         (JSC::PrefixResolveNode::emitBytecode): Do specify that our resolve is
2265         for writing, so we don't overwrite const variables.
2266
2267         (JSC::ConstDeclNode::emitCodeSingle): Don't assume that all declared const
2268         variables are available as local variables, since this won't be the case
2269         once global variables are not available as local variables. Instead, use
2270         put_scoped_var in the case where there is no local variable. Like a local
2271         variable, put_scoped_var succeeds even though const properties are
2272         read-only, since put_scoped_var skips read-only checks. (Yay?)
2273
2274 2011-06-21  Oliver Hunt  <oliver@apple.com>
2275
2276         Reviewed by Alexey Proskuryakov.
2277
2278         REGRESSION(r89257): It broke 2 jscore tests (Requested by Ossy_away on #webkit).
2279         https://bugs.webkit.org/show_bug.cgi?id=63052
2280
2281         Release mode only failure, the stack overflow guards were getting there error
2282         handling inlined, so that they were essentially causing their own demise.
2283
2284         * parser/JSParser.cpp:
2285         (JSC::JSParser::updateErrorMessage):
2286         (JSC::JSParser::updateErrorWithNameAndMessage):
2287
2288 2011-06-20  Kenneth Russell  <kbr@google.com>
2289
2290         Unreviewed.
2291
2292         Rolled out r89233 and r89235 because of crashes in http/tests/misc/acid3.html on Snow Leopard and other platforms
2293         https://bugs.webkit.org/show_bug.cgi?id=63022
2294
2295         * wtf/Platform.h:
2296
2297 2011-06-18  Anders Carlsson  <andersca@apple.com>
2298
2299         Reviewed by Darin Adler.
2300
2301         Disallow assigning into PassOwnArrayPtr, PassOwnPtr and PassRefPtr
2302         https://bugs.webkit.org/show_bug.cgi?id=62940
2303
2304         Remove clear() and all assignment operators except one which now has a COMPILE_ASSERT.
2305
2306         * wtf/PassOwnArrayPtr.h:
2307         (WTF::PassOwnArrayPtr::operator=):
2308         * wtf/PassOwnPtr.h:
2309         (WTF::PassOwnPtr::operator=):
2310         * wtf/PassRefPtr.h:
2311         (WTF::PassRefPtr::operator=):
2312         (WTF::NonNullPassRefPtr::operator=):
2313
2314 2011-06-20  Oliver Hunt  <oliver@apple.com>
2315
2316         Reviewed by Darin Adler.
2317
2318         REGRESSION (r79060): Searching for a flight at united.com fails
2319         https://bugs.webkit.org/show_bug.cgi?id=63003
2320
2321         This original change also broke Twitter, and we attempted to refine the fix to 
2322         address that problem (http://trac.webkit.org/changeset/80542), but since it still breaks United,
2323         we need to revert the change until we understand the problem better.
2324
2325         * wtf/DateMath.cpp:
2326         (WTF::parseDateFromNullTerminatedCharacters):
2327
2328 2011-06-20  Juan C. Montemayor  <jmont@apple.com>
2329
2330         Reviewed by Oliver Hunt.
2331
2332         No context for javascript parse errors.
2333         https://bugs.webkit.org/show_bug.cgi?id=62613
2334         
2335         Parse errors now show more details like:
2336         "Unexpected token: ]"
2337         or
2338         "Expected token: while"
2339         
2340         For reserved names, numbers, indentifiers, strings, lexer errors, 
2341         and EOFs, the following error messages are printed:
2342         
2343         "Use of reserved word: super"
2344         "Unexpected number: 42"
2345         "Unexpected identifier: "
2346         "Unexpected string: "foobar""
2347         "Invalid token character sequence: \u4023"
2348         "Unexpected EOF"
2349
2350         * parser/JSParser.cpp:
2351         (JSC::JSParser::consume):
2352         (JSC::JSParser::getToken):
2353         (JSC::JSParser::getTokenName):
2354         (JSC::JSParser::updateErrorMessageSpecialCase):
2355         (JSC::JSParser::updateErrorMessage):
2356         (JSC::JSParser::updateErrorWithNameAndMessage):
2357         (JSC::jsParse):
2358         (JSC::JSParser::JSParser):
2359         (JSC::JSParser::parseProgram):
2360         (JSC::JSParser::parseVarDeclarationList):
2361         (JSC::JSParser::parseForStatement):
2362         (JSC::JSParser::parseBreakStatement):
2363         (JSC::JSParser::parseContinueStatement):
2364         (JSC::JSParser::parseWithStatement):
2365         (JSC::JSParser::parseTryStatement):
2366         (JSC::JSParser::parseStatement):
2367         (JSC::JSParser::parseFormalParameters):
2368         (JSC::JSParser::parseFunctionInfo):
2369         (JSC::JSParser::parseAssignmentExpression):
2370         (JSC::JSParser::parsePrimaryExpression):
2371         (JSC::JSParser::parseMemberExpression):
2372         (JSC::JSParser::parseUnaryExpression):
2373         * parser/JSParser.h:
2374         * parser/Lexer.cpp:
2375         (JSC::Lexer::lex):
2376         * parser/Parser.cpp:
2377         (JSC::Parser::parse):
2378
2379 2011-06-20  Nikolas Zimmermann  <nzimmermann@rim.com>
2380
2381         Reviewed by Rob Buis.
2382
2383         Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
2384         https://bugs.webkit.org/show_bug.cgi?id=59085
2385
2386         * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
2387
2388 2011-06-19  Oliver Hunt  <oliver@apple.com>
2389
2390         Reviewed by Sam Weinig.
2391
2392         Correct logic for putting errors on the correct line when handling JSONP
2393         https://bugs.webkit.org/show_bug.cgi?id=62962
2394
2395         Minor fix for the minor fix.  *sigh*
2396
2397         * interpreter/Interpreter.cpp:
2398         (JSC::Interpreter::execute):
2399
2400 2011-06-19  Oliver Hunt  <oliver@apple.com>
2401
2402         Minor fix to correct layout test results.
2403
2404         * interpreter/Interpreter.cpp:
2405         (JSC::Interpreter::execute):
2406
2407 2011-06-17  Oliver Hunt  <oliver@apple.com>
2408
2409         Reviewed by Gavin Barraclough.
2410
2411         JSONP is unnecessarily slow
2412         https://bugs.webkit.org/show_bug.cgi?id=62920
2413
2414         JSONP has unfortunately become a fairly common idiom online, yet
2415         it triggers very poor performance in JSC as we end up doing codegen
2416         for a large number of property accesses that will
2417            * only be run once, so the vast amount of logic we dump to handle
2418              caching of accesses is unnecessary.
2419            * We are doing codegen that is directly proportional to just
2420              creating the object in the first place.
2421
2422         This patch extends the use of the literal parser to JSONP-like structures
2423         in global code, handling a number of different forms I have seen online.
2424         In an extreme case this improves performance of JSONP by more than 2x
2425         due to removal of code generation and execution time, and a few optimisations
2426         that I made to the parser itself.
2427
2428         * API/JSValueRef.cpp:
2429         (JSValueMakeFromJSONString):
2430         * interpreter/Interpreter.cpp:
2431         (JSC::Interpreter::callEval):
2432         (JSC::Interpreter::execute):
2433         * parser/Lexer.cpp:
2434         (JSC::Lexer::isKeyword):
2435         * parser/Lexer.h:
2436         * runtime/JSGlobalObjectFunctions.cpp:
2437         (JSC::globalFuncEval):
2438         * runtime/JSONObject.cpp:
2439         (JSC::JSONProtoFuncParse):
2440         * runtime/LiteralParser.cpp:
2441         (JSC::LiteralParser::tryJSONPParse):
2442         (JSC::LiteralParser::makeIdentifier):
2443         (JSC::LiteralParser::Lexer::lex):
2444         (JSC::LiteralParser::Lexer::next):
2445         (JSC::isSafeStringCharacter):
2446         (JSC::LiteralParser::Lexer::lexString):
2447         (JSC::LiteralParser::Lexer::lexNumber):
2448         (JSC::LiteralParser::parse):
2449         * runtime/LiteralParser.h:
2450         (JSC::LiteralParser::LiteralParser):
2451         (JSC::LiteralParser::tryLiteralParse):
2452         (JSC::LiteralParser::Lexer::Lexer):
2453
2454 2011-06-18  Sheriff Bot  <webkit.review.bot@gmail.com>
2455
2456         Unreviewed, rolling out r89184.
2457         http://trac.webkit.org/changeset/89184
2458         https://bugs.webkit.org/show_bug.cgi?id=62927
2459
2460         It broke 22 tests on all bot (Requested by Ossy_weekend on
2461         #webkit).
2462
2463         * API/JSValueRef.cpp:
2464         (JSValueMakeFromJSONString):
2465         * interpreter/Interpreter.cpp:
2466         (JSC::Interpreter::callEval):
2467         (JSC::Interpreter::execute):
2468         * parser/Lexer.cpp:
2469         * parser/Lexer.h:
2470         * runtime/JSGlobalObjectFunctions.cpp:
2471         (JSC::globalFuncEval):
2472         * runtime/JSONObject.cpp:
2473         (JSC::JSONProtoFuncParse):
2474         * runtime/LiteralParser.cpp:
2475         (JSC::LiteralParser::Lexer::lex):
2476         (JSC::isSafeStringCharacter):
2477         (JSC::LiteralParser::Lexer::lexString):
2478         (JSC::LiteralParser::Lexer::lexNumber):
2479         (JSC::LiteralParser::parse):
2480         * runtime/LiteralParser.h:
2481         (JSC::LiteralParser::LiteralParser):
2482         (JSC::LiteralParser::tryLiteralParse):
2483         (JSC::LiteralParser::Lexer::Lexer):
2484         (JSC::LiteralParser::Lexer::next):
2485
2486 2011-06-17  Oliver Hunt  <oliver@apple.com>
2487
2488         Reviewed by Gavin Barraclough.
2489
2490         JSONP is unnecessarily slow
2491         https://bugs.webkit.org/show_bug.cgi?id=62920
2492
2493         JSONP has unfortunately become a fairly common idiom online, yet
2494         it triggers very poor performance in JSC as we end up doing codegen
2495         for a large number of property accesses that will
2496            * only be run once, so the vast amount of logic we dump to handle
2497              caching of accesses is unnecessary.
2498            * We are doing codegen that is directly proportional to just
2499              creating the object in the first place.
2500
2501         This patch extends the use of the literal parser to JSONP-like structures
2502         in global code, handling a number of different forms I have seen online.
2503         In an extreme case this improves performance of JSONP by more than 2x
2504         due to removal of code generation and execution time, and a few optimisations
2505         that I made to the parser itself.
2506
2507         * API/JSValueRef.cpp:
2508         (JSValueMakeFromJSONString):
2509         * interpreter/Interpreter.cpp:
2510         (JSC::Interpreter::callEval):
2511         (JSC::Interpreter::execute):
2512         * parser/Lexer.cpp:
2513         (JSC::Lexer::isKeyword):
2514         * parser/Lexer.h:
2515         * runtime/JSGlobalObjectFunctions.cpp:
2516         (JSC::globalFuncEval):
2517         * runtime/JSONObject.cpp:
2518         (JSC::JSONProtoFuncParse):
2519         * runtime/LiteralParser.cpp:
2520         (JSC::LiteralParser::tryJSONPParse):
2521         (JSC::LiteralParser::makeIdentifier):
2522         (JSC::LiteralParser::Lexer::lex):
2523         (JSC::LiteralParser::Lexer::next):
2524         (JSC::isSafeStringCharacter):
2525         (JSC::LiteralParser::Lexer::lexString):
2526         (JSC::LiteralParser::Lexer::lexNumber):
2527         (JSC::LiteralParser::parse):
2528         * runtime/LiteralParser.h:
2529         (JSC::LiteralParser::LiteralParser):
2530         (JSC::LiteralParser::tryLiteralParse):
2531         (JSC::LiteralParser::Lexer::Lexer):
2532
2533 2011-06-17  Geoffrey Garen  <ggaren@apple.com>
2534
2535         Reviewed by Oliver Hunt.
2536
2537         Moved some property access JIT code into property access JIT files
2538         https://bugs.webkit.org/show_bug.cgi?id=62906
2539
2540         * jit/JITOpcodes.cpp:
2541         * jit/JITOpcodes32_64.cpp:
2542         * jit/JITPropertyAccess.cpp:
2543         (JSC::JIT::emitSlow_op_put_by_val):
2544         (JSC::JIT::emit_op_get_scoped_var):
2545         (JSC::JIT::emit_op_put_scoped_var):
2546         (JSC::JIT::emit_op_get_global_var):
2547         (JSC::JIT::emit_op_put_global_var):
2548         * jit/JITPropertyAccess32_64.cpp:
2549         (JSC::JIT::emit_op_get_scoped_var):
2550         (JSC::JIT::emit_op_put_scoped_var):
2551         (JSC::JIT::emit_op_get_global_var):
2552         (JSC::JIT::emit_op_put_global_var):
2553
2554 2011-06-17  Anders Carlsson  <andersca@apple.com>
2555
2556         Build fix.
2557
2558         * JavaScriptCore.xcodeproj/project.pbxproj:
2559
2560 2011-06-17  Geoffrey Garen  <ggaren@apple.com>
2561
2562         Try to fix the Leopard build?
2563
2564         * JavaScriptCore.xcodeproj/project.pbxproj:
2565
2566 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2567
2568         Reviewed by Oliver Hunt.
2569
2570         Added some write barrier action, compiled out by default
2571         https://bugs.webkit.org/show_bug.cgi?id=62844
2572
2573         * JavaScriptCore.exp: Build!
2574
2575         * JavaScriptCore.xcodeproj/project.pbxproj: Fixed an incremental build
2576         issue with Heap.cpp.
2577
2578         * heap/Heap.cpp:
2579         (JSC::Heap::writeBarrierSlowCase):
2580         * heap/Heap.h:
2581         (JSC::Heap::writeBarrier):
2582         * heap/MarkedBlock.h:
2583         (JSC::MarkedBlock::isAtomAligned):
2584         (JSC::MarkedBlock::blockFor):
2585         (JSC::MarkedBlock::atomNumber):
2586         (JSC::MarkedBlock::ownerSetNumber):
2587         (JSC::MarkedBlock::addOldSpaceOwner):
2588         (JSC::MarkedBlock::OwnerSet::OwnerSet):
2589         (JSC::MarkedBlock::OwnerSet::add):
2590         (JSC::MarkedBlock::OwnerSet::clear):
2591         (JSC::MarkedBlock::OwnerSet::size):
2592         (JSC::MarkedBlock::OwnerSet::didOverflow):
2593         (JSC::MarkedBlock::OwnerSet::owners): Added a basic write barrier that
2594         tracks owners for regions within blocks. Currently unused.
2595
2596 2011-06-17  Raphael Kubo da Costa  <kubo@profusion.mobi>
2597
2598         Reviewed by Eric Seidel.
2599
2600         [EFL] Add some OwnPtr specializations for EFL types.
2601         For now there are specializations for Ecore_Evas and Evas_Object.
2602         https://bugs.webkit.org/show_bug.cgi?id=62877
2603
2604         * wtf/CMakeListsEfl.txt:
2605         * wtf/OwnPtrCommon.h:
2606         * wtf/efl/OwnPtrEfl.cpp: Added.
2607         (WTF::deleteOwnedPtr):
2608
2609 2011-06-17  Joone Hur  <joone.hur@collabora.co.uk>
2610
2611         Reviewed by Martin Robinson.
2612
2613         [GTK] Replace GdkRectangle by cairo_rectangle_int_t
2614         https://bugs.webkit.org/show_bug.cgi?id=60687
2615
2616         Replace GdkRectangle by cairo_rectangle_int_t.
2617
2618         * wtf/gobject/GTypedefs.h: Replace GdkRectangle by cairo_rectangle_int_t.
2619
2620 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
2621
2622         Reviewed by Oliver Hunt.
2623
2624         https://bugs.webkit.org/show_bug.cgi?id=53014
2625         ES5 strict mode keyword restrictions aren't implemented
2626
2627         The following are future restricted words is strict mode code:
2628             implements, interface, let, package, private, protected, public, static, yield
2629
2630         * parser/JSParser.h:
2631             - Add RESERVED_IF_STRICT token.
2632         * parser/Keywords.table:
2633             - Add new future restricted words.
2634         * parser/Lexer.cpp:
2635         (JSC::Lexer::parseIdentifier):
2636             - Check for RESERVED_IF_STRICT; in nonstrict code this is converted to IDENT.
2637         (JSC::Lexer::lex):
2638             - Pass strictMode flag to parseIdentifier.
2639         * parser/Lexer.h:
2640             - parseIdentifier needs a strictMode flag.
2641         * runtime/CommonIdentifiers.h:
2642             - Add identifiers for new reserved words.
2643
2644 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
2645
2646         Reviewed by Oliver Hunt.
2647
2648         https://bugs.webkit.org/show_bug.cgi?id=23611
2649         Multiline Javascript comments cause incorrect parsing of following script.
2650
2651         From the spec:
2652         "A MultiLineComment [is] simply discarded if it contains no line terminator,
2653         but if a MultiLineComment contains one or more line terminators, then it is
2654         replaced with a single line terminator, which becomes part of the stream of
2655         inputs for the syntactic grammar." 
2656
2657         This may result in behavioural changes, due to automatic semicolon insertion.
2658
2659         * parser/Lexer.cpp:
2660         (JSC::Lexer::parseMultilineComment):
2661             - Set m_terminator is we see a line terminator in a multiline comment.
2662
2663 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
2664
2665         Reviewed by Sam Weinig.
2666
2667         https://bugs.webkit.org/show_bug.cgi?id=62824
2668         DFG JIT - add support for branch-fusion of compareEq, JSValue comparisons in SpeculativeJIT
2669
2670         CompareEq of non-integer values is the most common cause of speculation failure.
2671
2672         * dfg/DFGSpeculativeJIT.cpp:
2673         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
2674             - Support Equals.
2675         (JSC::DFG::SpeculativeJIT::compilePeepHoleEq):
2676             - new! - peephole optimized Eq of JSValues.
2677         (JSC::DFG::SpeculativeJIT::compile):
2678             - Add peephole optimization for CompareEq.
2679         * dfg/DFGSpeculativeJIT.h:
2680         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
2681             - Add support for dead nodes between compare & branch.
2682         (JSC::DFG::SpeculativeJIT::isInteger):
2683             - Added to determine which form of peephole to do in CompareEq.
2684
2685 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2686
2687         Try to fix the Windows build.
2688
2689         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export another
2690         symbol.
2691
2692         * bytecode/EvalCodeCache.h:
2693         * heap/HandleHeap.h:
2694         * heap/HeapRootVisitor.h:
2695         * heap/NewSpace.h:
2696         * runtime/ArgList.h:
2697         * runtime/ScopeChain.h:
2698         * runtime/SmallStrings.h:
2699         * runtime/Structure.h: Stop forward-declaring things that don't really
2700         exist anymore.
2701
2702 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2703
2704         Try to fix the Mac build: Removed and re-added SlotVisitor.h to the Xcode
2705         project while crossing my fingers and facing west.
2706
2707         * JavaScriptCore.xcodeproj/project.pbxproj:
2708
2709 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2710
2711         Build fix: Removed an incorrect symbol on Windows.
2712
2713         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2714
2715 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2716
2717         Build fix: Removed an accidental commit from the future.
2718
2719         * CMakeLists.txt:
2720
2721 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2722
2723         Reviewed by Oliver Hunt.
2724
2725         Introduced SlotVisitor into the project
2726         https://bugs.webkit.org/show_bug.cgi?id=62820
2727         
2728         This resolves a class vs typedef forward declaration issue, and gives all
2729         exported symbols the correct names.
2730
2731         * CMakeLists.txt:
2732         * GNUmakefile.list.am:
2733         * JavaScriptCore.exp:
2734         * JavaScriptCore.gypi:
2735         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2736         * JavaScriptCore.xcodeproj/project.pbxproj: Build!
2737
2738         * bytecode/EvalCodeCache.h:
2739         * heap/HandleHeap.h:
2740         * heap/Heap.cpp:
2741         (JSC::Heap::Heap):
2742         (JSC::Heap::markRoots):
2743         * heap/Heap.h:
2744         * heap/HeapRootVisitor.h: Replaced MarkStack with SlotVisitor. Now no
2745         clients operate on a MarkStack.
2746
2747         * heap/MarkStack.cpp:
2748         (JSC::SlotVisitor::visitChildren):
2749         (JSC::SlotVisitor::drain):
2750         * heap/SlotVisitor.h: Added.
2751         (JSC::SlotVisitor::SlotVisitor): Used 'protected' and a little cheesy
2752         inheritance to give SlotVisitor all the attributes of MarkStack without
2753         making this change giant. Over time, we will move more behavior into
2754         SlotVisitor and its subclasses.
2755
2756         * heap/MarkStack.h:
2757         * heap/NewSpace.h: Replaced MarkStack with SlotVisitor. Now no
2758         clients operate on a MarkStack.
2759
2760         * runtime/ArgList.h:
2761         * runtime/JSCell.h:
2762         * runtime/JSObject.h:
2763         * runtime/ScopeChain.h:
2764         * runtime/SmallStrings.h:
2765         * runtime/Structure.h: Replaced MarkStack with SlotVisitor. Now no
2766         clients operate on a MarkStack.
2767
2768 2011-06-15  Oliver Hunt  <oliver@apple.com>
2769
2770         Reviewed by Geoffrey Garen.
2771
2772         Reduce memory usage of resolve_global
2773         https://bugs.webkit.org/show_bug.cgi?id=62765
2774
2775         If we have a large number of resolve_globals in a single
2776         block start planting plain resolve instructions instead 
2777         whenever we aren't in a loop.  This allows us to reduce
2778         the code size for extremely large functions without
2779         losing the performance benefits of op_resolve_global.
2780
2781         * bytecode/CodeBlock.h:
2782         (JSC::CodeBlock::globalResolveInfoCount):
2783         * bytecompiler/BytecodeGenerator.cpp:
2784         (JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
2785         (JSC::BytecodeGenerator::emitResolve):
2786         (JSC::BytecodeGenerator::emitResolveWithBase):
2787         * bytecompiler/BytecodeGenerator.h:
2788
2789 2011-06-16  Qi Zhang  <qi.2.zhang@nokia.com>
2790
2791         Reviewed by Laszlo Gombos.
2792
2793         [Qt] Fix building with CONFIG(use_system_icu)
2794         https://bugs.webkit.org/show_bug.cgi?id=62744
2795
2796         Do not define WTF_USE_QT4_UNICODE if WTF_USE_ICU_UNICODE is set.
2797
2798         * wtf/Platform.h:
2799
2800 2011-06-15  Darin Adler  <darin@apple.com>
2801
2802         Reviewed by Adam Barth.
2803
2804         Remove obsolete LOOSE_OWN_PTR code
2805         https://bugs.webkit.org/show_bug.cgi?id=59909
2806
2807         The internal Apple dependency on this is gone now.
2808
2809         * wtf/OwnArrayPtr.h: Removed constructor that takes a raw pointer,
2810         set function that takes a raw pointer.
2811
2812         * wtf/OwnPtr.h: Removed constructor that takes a raw pointer,
2813         set functino that takes a raw pointer.
2814
2815         * wtf/PassOwnArrayPtr.h: Made constructor that takes a nullptr
2816         and assignment operator that takes a nullptr unconditional.
2817         Made constructor that takes a raw pointer private and explicit,
2818         and removed assignment operator that takes a raw pointer.
2819
2820         * wtf/PassOwnPtr.h: Made assignment operator that takes a nullptr
2821         unconditional. Made constructor that takes a raw pointer private
2822         and explicit, and removed assignment operator that takes a raw pointer.
2823
2824 2011-06-15  Sam Weinig  <sam@webkit.org>
2825
2826         Reviewed by Geoffrey Garen and Gavin Barraclough.
2827
2828         Make access-nseive ~9x faster on the non-speculative path by
2829         adding special casing for doubles that can lossless-ly be converted
2830         to a uint32_t in getByVal and putByVal. This avoids calls to stringification
2831         and the hash lookup.  Long term, we should try and get property of a getByVal
2832         and putByVal to be an integer immediate even in the non-speculative path.
2833
2834         * dfg/DFGOperations.cpp:
2835         (JSC::DFG::putByVal):
2836         (JSC::DFG::operationPutByValInternal):
2837
2838 2011-06-15  Oliver Hunt  <oliver@apple.com>
2839
2840         Reviewed by Darin Adler.
2841
2842         REGRESSION (r88719): 5by5.tv schedule is not visible
2843         https://bugs.webkit.org/show_bug.cgi?id=62720
2844
2845         Problem here is that the lexer wasn't considering '$' to be
2846         a valid character in an identifier.
2847
2848         * parser/Lexer.h:
2849         (JSC::Lexer::lexExpectIdentifier):
2850
2851 2011-06-15  Oliver Hunt  <oliver@apple.com>
2852
2853         Reviewed by Sam Weinig.
2854
2855         Reduce the size of global_resolve
2856         https://bugs.webkit.org/show_bug.cgi?id=62738
2857
2858         Reduce the code size of global_resolve in the JIT by replacing
2859         multiple pointer loads with a single pointer move + two offset
2860         loads.
2861
2862         * jit/JITOpcodes.cpp:
2863         (JSC::JIT::emit_op_resolve_global):
2864         * jit/JITOpcodes32_64.cpp:
2865         (JSC::JIT::emit_op_resolve_global):
2866
2867 2011-06-14  Geoffrey Garen  <ggaren@apple.com>
2868
2869         Reviewed by Dan Bernstein.
2870
2871         Fixed an inavlid ASSERT I found while investigating
2872         <rdar://problem/9580254> Crash in JSC::HandleHeap::finalizeWeakHandles + 92
2873         https://bugs.webkit.org/show_bug.cgi?id=62699        
2874
2875         No test since we don't know of a way to get WebCore to deallocate the
2876         next-to-finalize handle, which is also the last handle in the list,
2877         while finalizing the second-to-last handle in the list.
2878
2879         * heap/HandleHeap.h:
2880         (JSC::HandleHeap::deallocate): Don't ASSERT that m_nextToFinalize has a
2881         non-0 next() after updating it, since it is valid to update m_nextToFinalize
2882         to point to the tail sentinel.
2883         
2884         Do ASSERT that m_nextToFinalize has a non-0 next() before updating it,
2885         since it is not valid to update m_nextToFinalize to point past the tail
2886         sentinel.
2887         
2888         Also, use m_nextToFinalize consistently for clarity.
2889
2890 2011-06-14  Gavin Barraclough  <barraclough@apple.com>
2891
2892         Reviewed by Sam Weinig.
2893
2894         https://bugs.webkit.org/show_bug.cgi?id=43841
2895         SegmentedVector::operator== typo
2896
2897         * wtf/SegmentedVector.h:
2898         (WTF::SegmentedVectorIterator::operator==):
2899         (WTF::SegmentedVectorIterator::operator!=):
2900
2901 2011-06-14  Oliver Hunt  <oliver@apple.com>
2902
2903         Reviewed by Gavin Barraclough.
2904
2905         Constant array literals result in unnecessarily large amounts of code
2906         https://bugs.webkit.org/show_bug.cgi?id=62658
2907
2908         Add a new version of op_new_array that simply copies values from a buffer
2909         we hang off of the CodeBlock, rather than generating code to place each
2910         entry into the registerfile, and then copying it from the registerfile into
2911         the array.  This is a slight improvement on some sunspider tests, but no
2912         measurable overall change.  That's okay though as our goal was to reduce
2913         code size without hurting performance.
2914
2915         * bytecode/CodeBlock.cpp:
2916         (JSC::CodeBlock::dump):
2917         * bytecode/CodeBlock.h:
2918         (JSC::CodeBlock::addImmediateBuffer):
2919         (JSC::CodeBlock::immediateBuffer):
2920         * bytecode/Opcode.h:
2921         * bytecompiler/BytecodeGenerator.cpp:
2922         (JSC::BytecodeGenerator::addImmediateBuffer):
2923         (JSC::BytecodeGenerator::emitNewArray):
2924         * bytecompiler/BytecodeGenerator.h:
2925         * bytecompiler/NodesCodegen.cpp:
2926         (JSC::ArrayNode::emitBytecode):
2927         * interpreter/Interpreter.cpp:
2928         (JSC::Interpreter::privateExecute):
2929         * jit/JIT.cpp:
2930         (JSC::JIT::privateCompileMainPass):
2931         * jit/JIT.h:
2932         * jit/JITOpcodes.cpp:
2933         (JSC::JIT::emit_op_new_array):
2934         (JSC::JIT::emit_op_new_array_buffer):
2935         * jit/JITOpcodes32_64.cpp:
2936         * jit/JITStubs.cpp:
2937         (JSC::DEFINE_STUB_FUNCTION):
2938         * jit/JITStubs.h:
2939
2940 2011-06-14  Sheriff Bot  <webkit.review.bot@gmail.com>
2941
2942         Unreviewed, rolling out r88841.
2943         http://trac.webkit.org/changeset/88841
2944         https://bugs.webkit.org/show_bug.cgi?id=62672
2945
2946         Caused many tests to crash (Requested by rniwa on #webkit).
2947
2948         * bytecode/CodeBlock.cpp:
2949         (JSC::CodeBlock::dump):
2950         * bytecode/CodeBlock.h:
2951         * bytecode/Opcode.h:
2952         * bytecompiler/BytecodeGenerator.cpp:
2953         (JSC::BytecodeGenerator::emitNewArray):
2954         * bytecompiler/BytecodeGenerator.h:
2955         * bytecompiler/NodesCodegen.cpp:
2956         (JSC::ArrayNode::emitBytecode):
2957         * interpreter/Interpreter.cpp:
2958         (JSC::Interpreter::privateExecute):
2959         * jit/JIT.cpp:
2960         (JSC::JIT::privateCompileMainPass):
2961         * jit/JIT.h:
2962         * jit/JITOpcodes.cpp:
2963         (JSC::JIT::emit_op_new_array):
2964         * jit/JITOpcodes32_64.cpp:
2965         (JSC::JIT::emit_op_new_array):
2966         * jit/JITStubs.cpp:
2967         * jit/JITStubs.h:
2968
2969 2011-06-14  Oliver Hunt  <oliver@apple.com>
2970
2971         Reviewed by Gavin Barraclough.
2972
2973         Constant array literals result in unnecessarily large amounts of code
2974         https://bugs.webkit.org/show_bug.cgi?id=62658
2975
2976         Add a new version of op_new_array that simply copies values from a buffer
2977         we hang off of the CodeBlock, rather than generating code to place each
2978         entry into the registerfile, and then copying it from the registerfile into
2979         the array.  This is a slight improvement on some sunspider tests, but no
2980         measurable overall change.  That's okay though as our goal was to reduce
2981         code size without hurting performance.
2982
2983         * bytecode/CodeBlock.cpp:
2984         (JSC::CodeBlock::dump):
2985         * bytecode/CodeBlock.h:
2986         (JSC::CodeBlock::addImmediateBuffer):
2987         (JSC::CodeBlock::immediateBuffer):
2988         * bytecode/Opcode.h:
2989         * bytecompiler/BytecodeGenerator.cpp:
2990         (JSC::BytecodeGenerator::addImmediateBuffer):
2991         (JSC::BytecodeGenerator::emitNewArray):
2992         * bytecompiler/BytecodeGenerator.h:
2993         * bytecompiler/NodesCodegen.cpp:
2994         (JSC::ArrayNode::emitBytecode):
2995         * interpreter/Interpreter.cpp:
2996         (JSC::Interpreter::privateExecute):
2997         * jit/JIT.cpp:
2998         (JSC::JIT::privateCompileMainPass):
2999         * jit/JIT.h:
3000         * jit/JITOpcodes.cpp:
3001         (JSC::JIT::emit_op_new_array):
3002         (JSC::JIT::emit_op_new_array_buffer):
3003         * jit/JITOpcodes32_64.cpp:
3004         * jit/JITStubs.cpp:
3005         (JSC::DEFINE_STUB_FUNCTION):
3006         * jit/JITStubs.h:
3007
3008 2011-06-14  Stephanie Lewis  <slewis@apple.com>
3009
3010         Rubber stamped by Oliver Hunt.
3011
3012         <rdar://problem/9511169>
3013         Update order files.
3014
3015         * JavaScriptCore.order:
3016
3017 2011-06-14  Sam Weinig  <sam@webkit.org>
3018
3019         Reviewed by Geoffrey Garen.
3020
3021         Fix dumping of constants to have the correct constant number.
3022
3023         * bytecode/CodeBlock.cpp:
3024         (JSC::CodeBlock::dump):
3025
3026 2011-06-14  Benjamin Poulain  <benjamin@webkit.org>
3027
3028         Reviewed by Eric Seidel.
3029
3030         KeywordLookupGenerator's Trie does not work with Python 3
3031         https://bugs.webkit.org/show_bug.cgi?id=62635
3032
3033         With Python 3, dict.items() return an iterator. Since the iterator
3034         protocol changed between Python 2 and 3, the easiest way to get the
3035         values is to have something that use the iterator implicitely, like a
3036         for() loop.
3037
3038         * KeywordLookupGenerator.py:
3039
3040 2011-06-13  Oliver Hunt  <oliver@apple.com>
3041
3042         Reviewed by Gavin Barraclough.
3043
3044         Fix llocp and lvalp names in the lexer to something more meaningful
3045         https://bugs.webkit.org/show_bug.cgi?id=62605
3046
3047         A simple rename
3048
3049         * parser/Lexer.cpp:
3050         (JSC::Lexer::parseIdentifier):
3051         (JSC::Lexer::parseString):
3052         (JSC::Lexer::lex):
3053         * parser/Lexer.h:
3054         (JSC::Lexer::lexExpectIdentifier):
3055
3056 2011-06-13  Oliver Hunt  <oliver@apple.com>
3057
3058         Reviewed by Gavin Barraclough.
3059
3060         Make it possible to inline the common case of identifier lexing
3061         https://bugs.webkit.org/show_bug.cgi?id=62600
3062
3063         Add a lexing function that expects to lex an "normal" alpha numeric
3064         identifier (that ignores keywords) so it's possible to inline the
3065         common parsing cases.  This comes out as a reasonable parsing speed
3066         boost.
3067
3068         * parser/JSParser.cpp:
3069         (JSC::JSParser::nextExpectIdentifier):
3070         (JSC::JSParser::parseProperty):
3071         (JSC::JSParser::parseMemberExpression):
3072         * parser/Lexer.cpp:
3073         * parser/Lexer.h:
3074         (JSC::Lexer::makeIdentifier):
3075         (JSC::Lexer::lexExpectIdentifier):
3076
3077 2011-06-13  Xan Lopez  <xlopez@igalia.com>
3078
3079         Reviewed by Martin Robinson.
3080
3081         Distcheck fixes.
3082
3083         * GNUmakefile.am:
3084         * GNUmakefile.list.am:
3085
3086 2011-06-13  Oliver Hunt  <oliver@apple.com>
3087
3088         Reviewed by Simon Fraser.
3089
3090         Make it possible to inline Identifier::equal
3091         https://bugs.webkit.org/show_bug.cgi?id=62584
3092
3093         Move Identifier::equal to the Identifier header file.
3094
3095         * runtime/Identifier.cpp:
3096         * runtime/Identifier.h:
3097         (JSC::Identifier::equal):
3098
3099 2011-06-13  Tony Chang  <tony@chromium.org>
3100
3101         Reviewed by Dimitri Glazkov.
3102
3103         rename ENABLE_NEW_FLEXBOX to ENABLE_CSS3_FLEXBOX
3104         https://bugs.webkit.org/show_bug.cgi?id=62578
3105
3106         * Configurations/FeatureDefines.xcconfig:
3107
3108 2011-06-13  Tony Chang  <tony@chromium.org>
3109
3110         Reviewed by Adam Barth.
3111
3112         rename ENABLE_FLEXBOX to ENABLE_NEW_FLEXBOX
3113         https://bugs.webkit.org/show_bug.cgi?id=62545
3114
3115         * Configurations/FeatureDefines.xcconfig:
3116
3117 2011-06-12  Patrick Gansterer  <paroga@webkit.org>
3118
3119         Unreviewed. Build fix for !ENABLE(JIT) after r88604.
3120
3121         * bytecode/CodeBlock.cpp:
3122         (JSC::CodeBlock::visitAggregate):
3123
3124 2011-06-11  Gavin Barraclough  <barraclough@apple.com>
3125
3126         Reviewed by Darin Adler.
3127
3128         https://bugs.webkit.org/show_bug.cgi?id=16777
3129
3130         Remove #define NaN per Darin's comments.
3131
3132         * runtime/JSGlobalObjectFunctions.cpp:
3133         (JSC::parseIntOverflow):
3134         (JSC::parseInt):
3135         (JSC::jsStrDecimalLiteral):
3136         (JSC::jsToNumber):
3137         (JSC::parseFloat):
3138         * wtf/DateMath.cpp:
3139         (WTF::equivalentYearForDST):
3140         (WTF::parseES5DateFromNullTerminatedCharacters):
3141         (WTF::parseDateFromNullTerminatedCharacters):
3142         (WTF::timeClip):
3143         (JSC::parseDateFromNullTerminatedCharacters):
3144
3145 2011-06-11  Gavin Barraclough  <barraclough@apple.com>
3146
3147         Rubber stamped by Geoff Garen.
3148
3149         https://bugs.webkit.org/show_bug.cgi?id=62503
3150         Remove JIT_OPTIMIZE_* switches
3151
3152         The alternative code paths are untested, and not well maintained.
3153         These were useful when there was more churn in the JIT, but now
3154         are a maintenance overhead. Time to move on, removing.
3155
3156         * bytecode/CodeBlock.cpp:
3157         (JSC::CodeBlock::visitAggregate):
3158         * jit/JIT.cpp:
3159         (JSC::JIT::privateCompileSlowCases):
3160         (JSC::JIT::privateCompile):
3161         (JSC::JIT::linkConstruct):
3162         * jit/JIT.h:
3163         * jit/JITCall.cpp:
3164         * jit/JITCall32_64.cpp:
3165         * jit/JITOpcodes.cpp:
3166         (JSC::JIT::privateCompileCTIMachineTrampolines):
3167         (JSC::JIT::privateCompileCTINativeCall):
3168         * jit/JITOpcodes32_64.cpp:
3169         (JSC::JIT::privateCompileCTIMachineTrampolines):
3170         (JSC::JIT::privateCompileCTINativeCall):
3171         (JSC::JIT::softModulo):
3172         * jit/JITPropertyAccess.cpp:
3173         * jit/JITPropertyAccess32_64.cpp:
3174         * jit/JITStubs.cpp:
3175         (JSC::DEFINE_STUB_FUNCTION):
3176         * runtime/Lookup.cpp:
3177         (JSC::setUpStaticFunctionSlot):
3178         * runtime/Lookup.h:
3179         * wtf/Platform.h:
3180
3181 2011-06-10  Gavin Barraclough  <barraclough@apple.com>
3182
3183         Reviewed by Sam Weinig.
3184
3185         https://bugs.webkit.org/show_bug.cgi?id=16777
3186         Eliminate JSC::NaN and JSC::Inf
3187
3188         There's no good reason for -K-J-S- JSC to have its own NAN and infinity constants.
3189         The ones in std::numeric_limits are perfectly good.
3190         Remove JSC::Inf, JSC::NaN, switch some cases of (isnan || isinf) to !isfinite.
3191
3192         * API/JSCallbackObjectFunctions.h:
3193         (JSC::::toNumber):
3194         * API/JSValueRef.cpp:
3195         (JSValueMakeNumber):
3196         (JSValueToNumber):
3197         * JavaScriptCore.exp:
3198         * runtime/CachedTranscendentalFunction.h:
3199         (JSC::CachedTranscendentalFunction::initialize):
3200         * runtime/DateConstructor.cpp:
3201         (JSC::constructDate):
3202         * runtime/DateInstanceCache.h:
3203         (JSC::DateInstanceData::DateInstanceData):
3204         (JSC::DateInstanceCache::reset):
3205         * runtime/JSCell.cpp:
3206         * runtime/JSCell.h:
3207         (JSC::JSCell::JSValue::getPrimitiveNumber):
3208         (JSC::JSCell::JSValue::toNumber):
3209         * runtime/JSGlobalData.cpp:
3210         (JSC::JSGlobalData::JSGlobalData):
3211         (JSC::JSGlobalData::resetDateCache):
3212         * runtime/JSGlobalObject.cpp:
3213         (JSC::JSGlobalObject::reset):
3214         * runtime/JSGlobalObjectFunctions.cpp:
3215         (JSC::globalFuncParseInt):
3216         (JSC::globalFuncIsFinite):
3217         * runtime/JSNotAnObject.cpp:
3218         (JSC::JSNotAnObject::toNumber):
3219         * runtime/JSValue.cpp:
3220         * runtime/JSValue.h:
3221         * runtime/JSValueInlineMethods.h:
3222         (JSC::jsNaN):
3223         * runtime/MathObject.cpp:
3224         (JSC::mathProtoFuncMax):
3225         (JSC::mathProtoFuncMin):
3226         * runtime/NumberConstructor.cpp:
3227         (JSC::numberConstructorNegInfinity):
3228         (JSC::numberConstructorPosInfinity):
3229         * runtime/NumberPrototype.cpp:
3230         (JSC::numberProtoFuncToExponential):
3231         (JSC::numberProtoFuncToFixed):
3232         (JSC::numberProtoFuncToPrecision):
3233         (JSC::numberProtoFuncToString):
3234         * runtime/UString.cpp:
3235         * wtf/DecimalNumber.h:
3236         (WTF::DecimalNumber::DecimalNumber):
3237         * wtf/dtoa.cpp:
3238         (WTF::dtoa):
3239
3240 2011-06-10  Tony Chang  <tony@chromium.org>
3241
3242         Reviewed by Ojan Vafai.
3243
3244         add a compile guard ENABLE(FLEXBOX)
3245         https://bugs.webkit.org/show_bug.cgi?id=62049
3246
3247         * Configurations/FeatureDefines.xcconfig:
3248
3249 2011-06-10  Gavin Barraclough  <barraclough@apple.com>
3250
3251         Reviewed by Sam Weinig.
3252
3253         https://bugs.webkit.org/show_bug.cgi?id=55347
3254         "name" and "message" enumerable on *Error.prototype
3255
3256         This arises from chapter 15 of the spec:
3257             "Every other property described in this clause has the attributes
3258             { [[Writable]]: true, [[Enumerable]]: false, [[Configurable]]: true }
3259             unless otherwise specified."
3260         Standardized properties are not enumerable.
3261
3262         * runtime/ErrorInstance.cpp:
3263         (JSC::ErrorInstance::ErrorInstance):
3264         * runtime/NativeErrorPrototype.cpp:
3265         (JSC::NativeErrorPrototype::NativeErrorPrototype):
3266
3267 2011-06-09  Geoffrey Garen  <ggaren@apple.com>
3268
3269         Build fix: Corrected header spelling.
3270
3271         * heap/OldSpace.h:
3272
3273 2011-06-09  Geoffrey Garen  <ggaren@apple.com>
3274
3275         Reviewed by Oliver Hunt.
3276
3277         Added OldSpace to the project
3278         https://bugs.webkit.org/show_bug.cgi?id=62417
3279         
3280         Currently unused.
3281         
3282         Added OldSpace, the ability to iterate NewSpace vs OldSpace, and a
3283         per-block flag for testing whether you're in NewSpace vs OldSpace.
3284
3285         * CMakeLists.txt:
3286         * GNUmakefile.list.am:
3287         * JavaScriptCore.gypi:
3288         * JavaScriptCore.pro:
3289         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3290         * JavaScriptCore.xcodeproj/project.pbxproj: Build!
3291
3292         * heap/MarkedBlock.cpp:
3293         (JSC::MarkedBlock::MarkedBlock):
3294         * heap/MarkedBlock.h:
3295         (JSC::MarkedBlock::inNewSpace):
3296         (JSC::MarkedBlock::setInNewSpace): Added inNewSpace flag, for use in
3297         write barrier.
3298
3299         * heap/NewSpace.cpp:
3300         (JSC::NewSpace::addBlock):
3301         (JSC::NewSpace::removeBlock):
3302         * heap/NewSpace.h:
3303         (JSC::NewSpace::forEachBlock): Added forEachBlock, to use for
3304         NewSpace-specific operations.
3305
3306         * heap/OldSpace.cpp: Added.
3307         (JSC::OldSpace::OldSpace):
3308         (JSC::OldSpace::addBlock):
3309         (JSC::OldSpace::removeBlock):
3310         * heap/OldSpace.h: Added.
3311         (JSC::OldSpace::forEachBlock): New class for holding promoted blocks.
3312         Not in use yet.
3313
3314 2011-06-09  Hyowon Kim  <hw1008.kim@samsung.com>
3315
3316         Reviewed by Antonio Gomes.
3317
3318         [EFL] Make accelerated compositing build in Webkit-EFL
3319         https://bugs.webkit.org/show_bug.cgi?id=62361
3320
3321         Add PLATFORM(EFL) to enable ACCELERATED_COMPOSITING on EFL port.
3322
3323         * wtf/Platform.h:
3324
3325 2011-06-09  Gavin Barraclough  <barraclough@apple.com>
3326
3327         Reviewed by Geoff Garen.
3328
3329         Bug 62405 - Fix integer overflow in Array.prototype.push
3330
3331         Fix geoff's review comments re static_cast.
3332
3333         * runtime/ArrayPrototype.cpp:
3334         (JSC::arrayProtoFuncPush):
3335
3336 2011-06-09  Geoffrey Garen  <ggaren@apple.com>
3337
3338         Reviewed by Oliver Hunt.
3339
3340         Factored MarkedBlock set management into a helper class with a fast case Bloom filter
3341         https://bugs.webkit.org/show_bug.cgi?id=62413
3342         
3343         SunSpider reports a small speedup.
3344         
3345         This is in preparation for having ConservativeSet operate on arbitrary
3346         sets of MarkedBlocks, and in preparation for conservative scanning
3347         becoming proportionally more important than other GC activities.
3348
3349         * GNUmakefile.list.am:
3350         * JavaScriptCore.gypi:
3351         * JavaScriptCore.xcodeproj/project.pbxproj: Build-o.
3352
3353         * heap/ConservativeRoots.cpp:
3354         (JSC::ConservativeRoots::add):
3355         * heap/ConservativeRoots.h:
3356         (JSC::ConservativeRoots::ConservativeRoots): Operate on a MarkedBlockSet
3357         directly, instead of a Heap, so we can operate on subsets of the Heap
3358         instead.
3359         
3360         Use a TinyBloomFilter for single-cycle exclusion of most pointers. This
3361         is particularly important since we expect not to find our subject pointer
3362         in the MarkedBlock hash, and hash misses are more expensive than typical
3363         hash lookups because they have high collision rates.
3364         
3365         No need for single-pointer add() to be public anymore, since nobody uses it.
3366
3367         * heap/Heap.cpp:
3368         (JSC::Heap::markRoots):
3369         * heap/Heap.h:
3370         (JSC::Heap::forEachCell):
3371         (JSC::Heap::forEachBlock): Use MarkedBlockSet since that's what
3372         ConservativeRoots relies on.
3373         
3374         Nixed contains(), since nobody uses it anymore.
3375
3376         * heap/MarkedBlock.h:
3377         (WTF::MarkedBlockHash::hash): Added a faster hash taking advantage of
3378         the VM layout properties of MarkedBlocks.
3379
3380         * heap/MarkedBlockSet.h: Added.
3381         (JSC::MarkedBlockSet::add):
3382         (JSC::MarkedBlockSet::remove):
3383         (JSC::MarkedBlockSet::recomputeFilter):
3384         (JSC::MarkedBlockSet::filter):
3385         (JSC::MarkedBlockSet::set):
3386         * heap/TinyBloomFilter.h: Added.
3387         (JSC::TinyBloomFilter::TinyBloomFilter):
3388         (JSC::TinyBloomFilter::add):
3389         (JSC::TinyBloomFilter::ruleOut): New helper class, used above.
3390
3391         * interpreter/RegisterFile.cpp:
3392         (JSC::RegisterFile::gatherConservativeRoots): No need to specifically
3393         exclude values by tag -- the tiny bloom filter is already a register-register
3394         compare, so adding another "rule out" factor just slows things down.
3395
3396 2011-06-09  Gavin Barraclough  <barraclough@apple.com>
3397
3398         Reviewed by Oliver Hunt.
3399
3400         Bug 62405 - Fix integer overflow in Array.prototype.push
3401
3402         There are three integer overflows here, leading to safe (not a security risk)
3403         but incorrect (non-spec-compliant) behaviour.
3404
3405         Two overflows occur when calculating the new length after pushing (one in the
3406         fast version of push in JSArray, one in the generic version in ArrayPrototype).
3407         The other occurs calculating indices to write to when multiple items are pushed.
3408
3409         These errors result in three test-262 failures.
3410
3411         * runtime/ArrayPrototype.cpp:
3412         (JSC::arrayProtoFuncPush):
3413         * runtime/JSArray.cpp:
3414         (JSC::JSArray::put):
3415         (JSC::JSArray::push):
3416
3417 2011-06-09  Dan Bernstein  <mitz@apple.com>
3418
3419         Reviewed by Anders Carlsson.
3420
3421         Add Vector::reverse()
3422         https://bugs.webkit.org/show_bug.cgi?id=62393
3423
3424         * wtf/Vector.h:
3425         (WTF::Vector::reverse): Added
3426
3427 2011-06-08  Geoffrey Garen  <ggaren@apple.com>
3428
3429         Reviewed by Oliver Hunt.
3430
3431         Factored a bunch of Heap functionality into stand-alone functors
3432         https://bugs.webkit.org/show_bug.cgi?id=62337
3433         
3434         This is in preparation for making these functors operate on arbitrary
3435         sets of MarkedBlocks.
3436
3437         * JavaScriptCore.exp: This file is a small tragedy.
3438
3439         * debugger/Debugger.cpp:
3440         (JSC::Debugger::recompileAllJSFunctions): Updated for type change and rename.
3441
3442         * heap/HandleHeap.h:
3443         (JSC::HandleHeap::forEachStrongHandle): New function for iterating all
3444         strong handles, so we can play along in the functor game.
3445
3446         * heap/Heap.cpp:
3447         (JSC::CountFunctor::CountFunctor::CountFunctor):
3448         (JSC::CountFunctor::CountFunctor::count):
3449         (JSC::CountFunctor::CountFunctor::returnValue):
3450         (JSC::CountFunctor::ClearMarks::operator()):
3451         (JSC::CountFunctor::ResetAllocator::operator()):
3452         (JSC::CountFunctor::Sweep::operator()):
3453         (JSC::CountFunctor::MarkCount::operator()):
3454         (JSC::CountFunctor::Size::operator()):
3455         (JSC::CountFunctor::Capacity::operator()):
3456         (JSC::CountFunctor::Count::operator()):
3457         (JSC::CountFunctor::CountIfGlobalObject::operator()):
3458         (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
3459         (JSC::CountFunctor::TakeIfEmpty::operator()):
3460         (JSC::CountFunctor::TakeIfEmpty::returnValue):
3461         (JSC::CountFunctor::RecordType::RecordType):
3462         (JSC::CountFunctor::RecordType::typeName):
3463         (JSC::CountFunctor::RecordType::operator()):
3464         (JSC::CountFunctor::RecordType::returnValue): These functors factor out
3465         behavior that used to be in the functions below.
3466
3467         (JSC::Heap::clearMarks):
3468         (JSC::Heap::sweep):
3469         (JSC::Heap::objectCount):
3470         (JSC::Heap::size):
3471         (JSC::Heap::capacity):
3472         (JSC::Heap::protectedGlobalObjectCount):
3473         (JSC::Heap::protectedObjectCount):
3474         (JSC::Heap::protectedObjectTypeCounts):
3475         (JSC::Heap::objectTypeCounts):
3476         (JSC::Heap::resetAllocator):
3477         (JSC::Heap::freeBlocks):
3478         (JSC::Heap::shrink): Factored out behavior into the functors above.
3479
3480         * heap/Heap.h:
3481         (JSC::Heap::forEachProtectedCell):
3482         (JSC::Heap::forEachCell):
3483         (JSC::Heap::forEachBlock): Added forEach* iteration templates. I chose
3484         functor-based templates instead of plain iterators because they're simpler
3485         to implement in this case and they require a lot less code at the call site.
3486
3487         * heap/MarkedBlock.h:
3488         (JSC::MarkedBlock::VoidFunctor::returnValue): Default parent class for
3489         trivial functors.
3490
3491         (JSC::MarkedBlock::forEachCell): Renamed forEach to forEachCell because
3492         we have a few different kind of "for each" now.
3493
3494         * runtime/JSGlobalData.cpp:
3495         (WTF::Recompile::operator()):
3496         (JSC::JSGlobalData::JSGlobalData):
3497         (JSC::JSGlobalData::recompileAllJSFunctions): Updated for type change and rename.
3498
3499         * runtime/JSGlobalData.h: Removed globalObjectCount because it was unused.
3500
3501 2011-06-08  Mikołaj Małecki  <m.malecki@samsung.com>
3502
3503         Reviewed by Pavel Feldman.
3504
3505         Web Inspector: Crash by buffer overrun crash when serializing inspector object tree.
3506         https://bugs.webkit.org/show_bug.cgi?id=52791
3507
3508         No new tests. The problem can be reproduced by trying to create InspectorValue
3509         from 1.0e-100 and call ->toJSONString() on this.
3510
3511         * JavaScriptCore.exp:
3512         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3513         export 2 functions DecimalNumber::bufferLengthForStringExponential and
3514         DecimalNumber::toStringExponential.
3515
3516 2011-06-08  Sheriff Bot  <webkit.review.bot@gmail.com>
3517
3518         Unreviewed, rolling out r88404.
3519         http://trac.webkit.org/changeset/88404
3520         https://bugs.webkit.org/show_bug.cgi?id=62342
3521
3522         broke win and mac build (Requested by tony^work on #webkit).
3523
3524         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3525
3526 2011-06-08  Evan Martin  <evan@chromium.org>
3527
3528         Reviewed by Adam Barth.
3529
3530         [chromium] use gyp 'settings' type for settings target
3531         https://bugs.webkit.org/show_bug.cgi?id=62323
3532
3533         The 'settings' gyp target type is for targets that exist solely
3534         for their settings (no build rules).  The comment above this target
3535         says it's for this, but it incorrectly uses 'none'.
3536
3537         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3538
3539 2011-06-08  Sailesh Agrawal  <sail@chromium.org>
3540
3541         Reviewed by Mihai Parparita.
3542
3543         Chromium Mac: Enable overlay scrollbars
3544         https://bugs.webkit.org/show_bug.cgi?id=59756
3545
3546         Enable WTF_USE_WK_SCROLLBAR_PAINTER for Chromium Mac. This allows us to use overlay scrollbars on future versions of Mac OS X.
3547
3548         * wtf/Platform.h:
3549
3550 2011-06-08  Oliver Hunt  <oliver@apple.com>
3551
3552         Reviewed by Geoffrey Garen.
3553
3554         Add faster lookup cache for multi character identifiers
3555         https://bugs.webkit.org/show_bug.cgi?id=62327
3556
3557         Add a non-hash lookup for mutiple character identifiers.  This saves us from
3558         adding repeated identifiers to the ParserArena's identifier list as people
3559         tend to not start all their variables and properties with the same character
3560         and happily identifier locality works in our favour.
3561
3562         * parser/ParserArena.h:
3563         (JSC::IdentifierArena::isEmpty):
3564         (JSC::IdentifierArena::clear):
3565         (JSC::IdentifierArena::makeIdentifier):
3566
3567 2011-06-08  Geoffrey Garen  <ggaren@apple.com>
3568
3569         Reviewed by Oliver Hunt.
3570
3571         Took some responsibilities away from NewSpace
3572         https://bugs.webkit.org/show_bug.cgi?id=62325
3573         
3574         NewSpace is basically just an allocator now.
3575         
3576         Heap acts as a controller, responsible for managing the set of all
3577         MarkedBlocks.
3578         
3579         This is in preparation for moving parts of the controller logic into
3580         separate helper classes that can act on arbitrary sets of MarkedBlocks
3581         that may or may not be in NewSpace.
3582
3583         * heap/Heap.cpp:
3584         (JSC::Heap::Heap):
3585         (JSC::Heap::destroy):
3586         (JSC::Heap::allocate):
3587         (JSC::Heap::markRoots):
3588         (JSC::Heap::clearMarks):
3589         (JSC::Heap::sweep):
3590         (JSC::Heap::objectCount):
3591         (JSC::Heap::size):
3592         (JSC::Heap::capacity):
3593         (JSC::Heap::collect):
3594         (JSC::Heap::resetAllocator):
3595         (JSC::Heap::allocateBlock):
3596         (JSC::Heap::freeBlocks):
3597         (JSC::Heap::shrink): Moved the set of MarkedBlocks from NewSpace to Heap,
3598         along with all functions that operate on the set of MarkedBlocks. Also
3599         moved responsibility for deciding whether to allocate a new MarkedBlock,
3600         and for allocating it.
3601
3602         * heap/Heap.h:
3603         (JSC::Heap::contains):
3604         (JSC::Heap::forEach): Ditto.
3605
3606         * heap/NewSpace.cpp:
3607         (JSC::NewSpace::addBlock):
3608         (JSC::NewSpace::removeBlock):
3609         (JSC::NewSpace::resetAllocator):
3610         * heap/NewSpace.h:
3611         (JSC::NewSpace::waterMark):
3612         (JSC::NewSpace::allocate): Ditto.
3613
3614 2011-06-08  Geoffrey Garen  <ggaren@apple.com>
3615
3616         Reviewed by Oliver Hunt.
3617
3618         Some more MarkedSpace => NewSpace renaming
3619         https://bugs.webkit.org/show_bug.cgi?id=62305
3620
3621         * JavaScriptCore.exp:
3622         * JavaScriptCore.order:
3623         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3624         * heap/Heap.cpp:
3625         (JSC::Heap::Heap):
3626         (JSC::Heap::destroy):
3627         (JSC::Heap::reportExtraMemoryCostSlowCase):
3628         (JSC::Heap::allocate):
3629         (JSC::Heap::markRoots):
3630         (JSC::Heap::objectCount):
3631         (JSC::Heap::size):
3632         (JSC::Heap::capacity):
3633         (JSC::Heap::collect):
3634         (JSC::Heap::isValidAllocation):
3635         * heap/Heap.h:
3636         (JSC::Heap::markedSpace):
3637         (JSC::Heap::contains):
3638         (JSC::Heap::forEach):
3639         (JSC::Heap::allocate):
3640         * runtime/JSCell.h:
3641
3642 2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
3643
3644         Reviewed by Eric Seidel.
3645
3646         Add export macros to profiler headers.
3647         https://bugs.webkit.org/show_bug.cgi?id=27551
3648
3649         * profiler/Profiler.h:
3650
3651 2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
3652
3653         Reviewed by Eric Seidel.
3654
3655         Add export symbols to parser headers.
3656         https://bugs.webkit.org/show_bug.cgi?id=27551
3657
3658         * parser/SourceProviderCache.h:
3659
3660 2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
3661
3662         Reviewed by Eric Seidel.
3663
3664         Add export symbols to interpreter headers.
3665         https://bugs.webkit.org/show_bug.cgi?id=27551
3666
3667         * interpreter/Interpreter.h:
3668
3669 2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
3670
3671         Reviewed by Eric Seidel.
3672
3673         Add export symbols to debugger headers.
3674         https://bugs.webkit.org/show_bug.cgi?id=27551
3675
3676         * debugger/Debugger.h:
3677         * debugger/DebuggerCallFrame.h:
3678
3679 2011-06-08  Geoffrey Garen  <ggaren@apple.com>
3680
3681         Reviewed by Darin Adler.
3682
3683         Moved MarkedSpace.* to NewSpace.* in preparation for more renaming
3684         https://bugs.webkit.org/show_bug.cgi?id=62268
3685
3686         * CMakeLists.txt:
3687         * GNUmakefile.list.am:
3688         * JavaScriptCore.gypi:
3689         * JavaScriptCore.pro:
3690         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3691         * JavaScriptCore.xcodeproj/project.pbxproj:
3692         * heap/Heap.h:
3693         * heap/MarkedBlock.h:
3694         * heap/MarkedSpace.cpp: Removed.
3695         * heap/MarkedSpace.h: Removed.
3696         * heap/NewSpace.cpp: Copied from Source/JavaScriptCore/heap/MarkedSpace.cpp.
3697         * heap/NewSpace.h: Copied from Source/JavaScriptCore/heap/MarkedSpace.h.
3698
3699 2011-06-08  Sheriff Bot  <webkit.review.bot@gmail.com>
3700
3701         Unreviewed, rolling out r88365.
3702         http://trac.webkit.org/changeset/88365
3703         https://bugs.webkit.org/show_bug.cgi?id=62301
3704
3705         windows bots broken (Requested by loislo_ on #webkit).
3706
3707         * JavaScriptCore.exp:
3708
3709 2011-06-08  Ryan Sleevi  <rsleevi@chromium.org>
3710
3711         Reviewed by Tony Chang.
3712
3713         Suppress C++0x compat warnings when compiling Chromium port with GCC 4.6
3714
3715         Compiling Chromium port under GCC 4.6 produces warnings about nullptr
3716         https://bugs.webkit.org/show_bug.cgi?id=62242
3717
3718         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3719
3720 2011-06-08  Ademar de Souza Reis Jr.  <ademar.reis@openbossa.org>
3721
3722         Reviewed by Andreas Kling.
3723
3724         Webkit on SPARC Solaris has wrong endian
3725         https://bugs.webkit.org/show_bug.cgi?id=29407
3726
3727         Bug 57256 fixed one crash on misaligned reads on sparc/solaris, but
3728         there are more ocurrences of the same code pattern in webkit.
3729
3730         This patch includes the check on these other parts of the code.
3731
3732         This is a speculative fix, I don't have a sparc machine to test and
3733         don't know which kind of test would trigger a crash (but it's quite
3734         obvious that it's the same code duplicated in different files).
3735
3736         * runtime/UString.h:
3737         (JSC::UStringHash::equal):
3738         * wtf/text/StringHash.h:
3739         (WTF::StringHash::equal):
3740
3741 2011-06-08  Yael Aharon  <yael.aharon@nokia.com>
3742
3743         Reviewed by Andreas Kling.
3744
3745         [Qt] Build fix for building QtWebKit inside of Qt.
3746         https://bugs.webkit.org/show_bug.cgi?id=62280
3747
3748         Remove CONFIG=staticlib, because it causes the configure script to add -ljavascriptcore
3749         into QtWebKit.prl.
3750
3751         No new tests, as this is just a build fix.
3752
3753         * JavaScriptCore.pri:
3754
3755 2011-06-07  Geoffrey Garen  <ggaren@apple.com>
3756
3757         Reviewed by Oliver Hunt.
3758
3759         Split 'reset' into 'collect' and 'resetAllocator'
3760         https://bugs.webkit.org/show_bug.cgi?id=62267
3761
3762         * heap/Heap.cpp:
3763         (JSC::Heap::allocate):
3764         (JSC::Heap::collectAllGarbage):
3765         (JSC::Heap::collect):
3766         * heap/Heap.h:
3767         * heap/MarkedBlock.h:
3768         (JSC::MarkedBlock::resetAllocator):
3769         * heap/MarkedSpace.cpp:
3770         (JSC::MarkedSpace::resetAllocator):
3771         * heap/MarkedSpace.h:
3772         (JSC::MarkedSpace::SizeClass::resetAllocator):
3773
3774 2011-06-07  Geoffrey Garen  <ggaren@apple.com>
3775
3776         Reviewed by Sam Weinig.
3777
3778         Renamed some more marks to visits
3779         https://bugs.webkit.org/show_bug.cgi?id=62254
3780
3781         * heap/HandleHeap.cpp:
3782         (JSC::HandleHeap::visitStrongHandles):
3783         (JSC::HandleHeap::visitWeakHandles):
3784         * heap/HandleHeap.h:
3785         * heap/HandleStack.cpp:
3786         (JSC::HandleStack::visit):
3787         * heap/HandleStack.h:
3788         * heap/Heap.cpp:
3789         (JSC::Heap::markProtectedObjects):
3790         (JSC::Heap::markTempSortVectors):
3791         (JSC::Heap::markRoots):
3792         * heap/HeapRootVisitor.h:
3793         (JSC::HeapRootVisitor::visit):
3794         * runtime/ArgList.cpp:
3795         (JSC::MarkedArgumentBuffer::markLists):
3796
3797 2011-06-07  Gavin Barraclough  <barraclough@apple.com>
3798
3799         Reviewed by Sam Weinig
3800
3801         https://bugs.webkit.org/show_bug.cgi?id=55537
3802         Functions claim to have 'callee' which they actually don't (and shouldn't)
3803
3804         * JavaScriptCore.xcodeproj/project.pbxproj:
3805         * runtime/JSFunction.cpp:
3806         (JSC::JSFunction::getOwnPropertyNames):
3807
3808 2011-06-07  Juan C. Montemayor  <jmont@apple.com>
3809
3810         Reviewed by Darin Adler.
3811
3812         Make JSStaticFunction and JSStaticValue less "const"
3813         https://bugs.webkit.org/show_bug.cgi?id=62222
3814
3815         * API/JSObjectRef.h:
3816         * API/tests/testapi.c:
3817         (checkConstnessInJSObjectNames):
3818         (main):
3819         * JavaScriptCore.xcodeproj/project.pbxproj:
3820
3821 2011-06-07  Gavin Barraclough  <barraclough@apple.com>
3822
3823         Reviewed by Sam Weinig.
3824
3825         https://bugs.webkit.org/show_bug.cgi?id=62240
3826         DFG JIT - add support for for-loop array initialization.
3827
3828         Support put by val beyond vector length.
3829         Add a operationPutByValBeyondArrayBounds operation, make
3830         PutValVal call this if the vector length check fails.
3831
3832         * dfg/DFGJITCodeGenerator.h:
3833         (JSC::DFG::JITCodeGenerator::silentSpillGPR):
3834         (JSC::DFG::JITCodeGenerator::silentFillGPR):
3835         (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
3836         (JSC::DFG::JITCodeGenerator::isDoubleConstantWithInt32Value):
3837         (JSC::DFG::JITCodeGenerator::isJSConstantWithInt32Value):
3838         (JSC::DFG::JITCodeGenerator::isIntegerConstant):
3839         (JSC::DFG::JITCodeGenerator::valueOfIntegerConstant):
3840         * dfg/DFGOperations.cpp:
3841         (JSC::DFG::operationPutByValInternal):
3842         * dfg/DFGOperations.h:
3843         * dfg/DFGSpeculativeJIT.cpp:
3844         (JSC::DFG::SpeculativeJIT::compile):
3845         * dfg/DFGSpeculativeJIT.h:
3846
3847 2011-06-06  James Simonsen  <simonjam@chromium.org>
3848
3849         Reviewed by James Robinson.
3850
3851         Add monotonicallyIncreasingTime() to get monotonically increasing time
3852         https://bugs.webkit.org/show_bug.cgi?id=37743
3853
3854         * wtf/CurrentTime.cpp: Add monotonicallyIncreasingTime() for mac and a fallback implementation that just wraps currentTime().
3855         (WTF::monotonicallyIncreasingTime):
3856         * wtf/CurrentTime.h: Add monotonicallyIncreasingTime().
3857
3858 2011-06-06  Alexandru Chiculita  <achicu@adobe.com>
3859
3860         Reviewed by Kent Tamura.
3861
3862         Add ENABLE_CSS_EXCLUSIONS support for build-webkit script
3863         https://bugs.webkit.org/show_bug.cgi?id=61628
3864
3865         * Configurations/FeatureDefines.xcconfig:
3866
3867 2011-06-06  Mihnea Ovidenie  <mihnea@adobe.com>
3868
3869         Reviewed by Kent Tamura.
3870
3871         Add ENABLE(CSS_REGIONS) guard for CSS Regions support
3872         https://bugs.webkit.org/show_bug.cgi?id=61631
3873
3874         * Configurations/FeatureDefines.xcconfig:
3875
3876 2011-06-06  Carlos Garcia Campos  <cgarcia@igalia.com>
3877
3878         Unreviewed. Fix the GTK+ build.
3879
3880         * GNUmakefile.am: Add javascriptcore_cflags variable.
3881
3882 2011-06-04  Kevin Ollivier  <kevino@theolliviers.com>
3883
3884         [wx] Unreviewed build fix. Restore the PPC build and allow users to specify architectures
3885         to build on Mac.
3886
3887         * wtf/Platform.h:
3888
3889 2011-06-04  Gustavo Noronha Silva  <gns@gnome.org>
3890
3891         Unreviewed, MIPS build fix.
3892
3893         WebKitGTK+ tarball fails to build on MIPS.
3894         https://buildd.debian.org/status/fetch.php?pkg=webkitgtk%2B&arch=mips&ver=1.4.0-1&stamp=1304786691
3895
3896         * GNUmakefile.list.am: Add missing MIPS-related file to the list
3897         of files that are added to the tarball on make dist, and fix
3898         sorting.
3899
3900 2011-06-04  Sam Weinig  <sam@webkit.org>
3901
3902         Reviewed by Darin Adler.
3903
3904         Fix formatting of the output generated by KeywordLookupGenerator.py
3905         https://bugs.webkit.org/show_bug.cgi?id=62083
3906
3907         - Uses correct year for copyright.
3908         - Puts ending brace on same line as "else if"
3909         - Puts starting brace of function on its own line.
3910         - Adds some tasteful whitespace.
3911         - Adds comments to make clear that scopes are ending
3912         - Make macros actually split on two lines.
3913
3914         * KeywordLookupGenerator.py:
3915
3916 2011-06-04  Adam Barth  <abarth@webkit.org>
3917
3918         Reviewed by Eric Seidel.
3919
3920         KeywordLookupGenerator.py spams stdout in Chromium Linux build
3921         https://bugs.webkit.org/show_bug.cgi?id=62087
3922
3923         This action does not appear to be needed.
3924
3925         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3926
3927 2011-06-03  Oliver Hunt  <oliver@apple.com>
3928
3929         Reviewed by Maciej Stachowiak.
3930
3931         Lexer needs to provide Identifier for reserved words
3932         https://bugs.webkit.org/show_bug.cgi?id=62086
3933
3934         Alas it is necessary to provide an Identifier reference for keywords
3935         so that we can do the right thing when they're used in object literals.
3936         We now keep Identifiers for all reserved words in the CommonIdentifiers
3937         structure so that we can access them without a hash lookup.
3938
3939         * KeywordLookupGenerator.py:
3940         * parser/Lexer.cpp:
3941         (JSC::Lexer::parseIdentifier):
3942         * parser/Lexer.h:
3943         * runtime/CommonIdentifiers.cpp:
3944         (JSC::CommonIdentifiers::CommonIdentifiers):
3945         * runtime/CommonIdentifiers.h:
3946
3947 2011-06-03  Gavin Barraclough  <barraclough@apple.com>
3948
3949         Reviewed by Sam Weinig.
3950
3951         Add debug code to break on speculation failures.
3952
3953         * dfg/DFGJITCompiler.cpp:
3954         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
3955         (JSC::DFG::JITCompiler::compileFunction):
3956         * dfg/DFGNode.h:
3957
3958 2011-06-03  Gavin Barraclough  <barraclough@apple.com>
3959
3960         Reviewed by Sam Weinig.
3961
3962         https://bugs.webkit.org/show_bug.cgi?id=62082
3963         DFG JIT - bug passing arguments that need swap
3964
3965         This is really just a typo.
3966         When setting up the arguments for a call out to a C operation, we'll
3967         fail to swap arguments where this is necessary. For example, in the
3968         case of 2 arg calls, where the first argument is in %rdx & the second
3969         is in %rsi we should swap (exec will be passed in %rdi), but we don't.
3970
3971         This can also affect function calls passing three arguments.
3972
3973         * dfg/DFGJITCodeGenerator.h:
3974         (JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
3975             - Call swap with the correct arguments.
3976
3977 2011-06-03  Oliver Hunt  <oliver@apple.com>
3978
3979         Reviewed by Gavin Barraclough.
3980
3981         Force inlining of some hot lexer functions
3982         https://bugs.webkit.org/show_bug.cgi?id=62079
3983
3984         Fix more GCC stupidity
3985
3986         * parser/Lexer.h:
3987         (JSC::Lexer::isWhiteSpace):
3988         (JSC::Lexer::isLineTerminator):
3989
3990 2011-06-03  Oliver Hunt  <oliver@apple.com>
3991
3992         Reviewed by Gavin Barraclough.
3993
3994         GCC not inlining some functions that it really should be
3995         https://bugs.webkit.org/show_bug.cgi?id=62075
3996
3997         Add ALWAYS_INLINE to a number of parsing and lexing functions
3998         that should always be inlined.  This gets us ~1.4% on my ad hoc
3999         parser test.
4000
4001         * KeywordLookupGenerator.py:
4002         * parser/JSParser.cpp:
4003         (JSC::JSParser::next):
4004         (JSC::JSParser::nextTokenIsColon):
4005         (JSC::JSParser::consume):
4006         (JSC::JSParser::match):
4007         (JSC::JSParser::tokenStart):
4008         (JSC::JSParser::tokenLine):
4009         (JSC::JSParser::tokenEnd):
4010         * parser/Lexer.cpp:
4011         (JSC::isIdentPart):
4012
4013 2011-06-03  Oliver Hunt  <oliver@apple.com>
4014
4015         Whoops, fix last minute bug.
4016
4017         * parser/Lexer.cpp:
4018         (JSC::Lexer::parseIdentifier):
4019
4020 2011-06-03  Martin Robinson  <mrobinson@igalia.com>
4021
4022         Try to fix the GTK+ build.
4023
4024         * GNUmakefile.am: Clean up some spaces that should be tabs.
4025         * GNUmakefile.list.am: Add KeywordLookup.h to the source list
4026         and clean up some spaces that should be tabs.
4027
4028 2011-06-03  Oliver Hunt  <oliver@apple.com>
4029
4030         Reviewed by Geoffrey Garen.
4031
4032         Improve keyword lookup
4033         https://bugs.webkit.org/show_bug.cgi?id=61913
4034
4035         Rather than doing multiple hash lookups as we currently
4036         do when trying to identify keywords we now use an 
4037         automatically generated decision tree (essentially it's
4038         a hard coded patricia trie).  We still use the regular
4039         lookup table for the last few characters of an input as
4040         this allows us to completely skip all bounds checks.
4041
4042         * CMakeLists.txt:
4043         * DerivedSources.make:
4044         * DerivedSources.pro:
4045         * GNUmakefile.am:
4046         * JavaScriptCore.gyp/JavaScriptCore.gyp:
4047         * JavaScriptCore.xcodeproj/project.pbxproj:
4048         * KeywordLookupGenerator.py: Added.
4049         * make-generated-sources.sh:
4050         * parser/Lexer.cpp:
4051         (JSC::Lexer::internalShift):
4052         (JSC::Lexer::shift):
4053         (JSC::Lexer::parseIdentifier):
4054         * parser/Lexer.h:
4055
4056 2011-06-03  Siddharth Mathur  <siddharth.mathur@nokia.com>
4057
4058         Reviewed by Benjamin Poulain.
4059
4060         [Qt] Build flag for experimental ICU library support
4061         https://bugs.webkit.org/show_bug.cgi?id=60786
4062
4063         Adds a build-time flag (CONFIG+=use_system_icu) that enables experimental 
4064         ICU powered Unicode support. 
4065
4066         * JavaScriptCore.pri: Support for use_system_icu CONFIG flag.
4067         * wtf/unicode/qt4/UnicodeQt4.h: Guard an include file with USE(ICU_UNICODE). 
4068
4069 2011-06-03  Alexis Menard  <alexis.menard@openbossa.org>
4070
4071         Reviewed by Benjamin Poulain.