DFG JIT method_check implementation does not link to optimized get_by_id
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
2
3         DFG JIT method_check implementation does not link to optimized get_by_id
4         slow path.
5         https://bugs.webkit.org/show_bug.cgi?id=64073
6
7         Reviewed by Gavin Barraclough.
8
9         * dfg/DFGRepatch.cpp:
10         (JSC::DFG::dfgRepatchGetMethodFast):
11
12 2011-07-07  Oliver Hunt  <oliver@apple.com>
13
14         Encode jump and link sizes into the appropriate enums
15         https://bugs.webkit.org/show_bug.cgi?id=64123
16
17         Reviewed by Sam Weinig.
18
19         Finally kill off the out of line jump and link size arrays, 
20         so we can avoid icky loads and constant fold the linking arithmetic.
21
22         * assembler/ARMv7Assembler.cpp:
23         * assembler/ARMv7Assembler.h:
24         (JSC::ARMv7Assembler::jumpSizeDelta):
25         (JSC::ARMv7Assembler::computeJumpType):
26
27 2011-07-06  Juan C. Montemayor  <jmont@apple.com>
28
29         ASSERT_NOT_REACHED running test 262
30         https://bugs.webkit.org/show_bug.cgi?id=63951
31         
32         Added a case to the switch statement where the code was failing. Fixed
33         some logic as well that gave faulty error messages.
34
35         Reviewed by Gavin Barraclough.
36
37         * parser/JSParser.cpp:
38         (JSC::JSParser::getTokenName):
39         (JSC::JSParser::updateErrorMessageSpecialCase):
40         (JSC::JSParser::updateErrorMessage):
41
42 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
43
44         DFG JIT implementation of op_call results in regressions on sunspider
45         controlflow-recursive.
46         https://bugs.webkit.org/show_bug.cgi?id=64039
47
48         Reviewed by Gavin Barraclough.
49
50         * dfg/DFGByteCodeParser.cpp:
51         (JSC::DFG::ByteCodeParser::isSmallInt32Constant):
52         (JSC::DFG::ByteCodeParser::parseBlock):
53         * dfg/DFGSpeculativeJIT.h:
54         (JSC::DFG::SpeculativeJIT::isInteger):
55
56 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
57
58         DFG JIT does not support method_check
59         https://bugs.webkit.org/show_bug.cgi?id=63972
60
61         Reviewed by Gavin Barraclough.
62
63         * assembler/CodeLocation.h:
64         (JSC::CodeLocationPossiblyNearCall::CodeLocationPossiblyNearCall):
65         * bytecode/CodeBlock.cpp:
66         (JSC::CodeBlock::visitAggregate):
67         * bytecode/CodeBlock.h:
68         (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
69         (JSC::MethodCallLinkInfo::seenOnce):
70         (JSC::MethodCallLinkInfo::setSeen):
71         * dfg/DFGAliasTracker.h:
72         (JSC::DFG::AliasTracker::recordGetMethod):
73         * dfg/DFGByteCodeParser.cpp:
74         (JSC::DFG::ByteCodeParser::parseBlock):
75         * dfg/DFGJITCodeGenerator.cpp:
76         (JSC::DFG::JITCodeGenerator::cachedGetById):
77         (JSC::DFG::JITCodeGenerator::cachedGetMethod):
78         * dfg/DFGJITCodeGenerator.h:
79         * dfg/DFGJITCompiler.cpp:
80         (JSC::DFG::JITCompiler::compileFunction):
81         * dfg/DFGJITCompiler.h:
82         (JSC::DFG::JITCompiler::addMethodGet):
83         (JSC::DFG::JITCompiler::MethodGetRecord::MethodGetRecord):
84         * dfg/DFGNode.h:
85         (JSC::DFG::Node::hasIdentifier):
86         * dfg/DFGNonSpeculativeJIT.cpp:
87         (JSC::DFG::NonSpeculativeJIT::compile):
88         * dfg/DFGOperations.cpp:
89         * dfg/DFGOperations.h:
90         * dfg/DFGRepatch.cpp:
91         (JSC::DFG::dfgRepatchGetMethodFast):
92         (JSC::DFG::tryCacheGetMethod):
93         (JSC::DFG::dfgRepatchGetMethod):
94         * dfg/DFGRepatch.h:
95         * dfg/DFGSpeculativeJIT.cpp:
96         (JSC::DFG::SpeculativeJIT::compile):
97         * jit/JITWriteBarrier.h:
98         (JSC::JITWriteBarrier::set):
99
100 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
101
102         DFG JIT op_call implementation will flush registers even when those registers are dead
103         https://bugs.webkit.org/show_bug.cgi?id=64023
104
105         Reviewed by Gavin Barraclough.
106
107         * dfg/DFGJITCodeGenerator.cpp:
108         (JSC::DFG::JITCodeGenerator::emitCall):
109         * dfg/DFGJITCodeGenerator.h:
110         (JSC::DFG::JITCodeGenerator::integerResult):
111         (JSC::DFG::JITCodeGenerator::noResult):
112         (JSC::DFG::JITCodeGenerator::cellResult):
113         (JSC::DFG::JITCodeGenerator::jsValueResult):
114         (JSC::DFG::JITCodeGenerator::doubleResult):
115         * dfg/DFGNonSpeculativeJIT.cpp:
116         (JSC::DFG::NonSpeculativeJIT::compile):
117         * dfg/DFGSpeculativeJIT.cpp:
118         (JSC::DFG::SpeculativeJIT::compile):
119
120 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
121
122         DFG speculative JIT may crash when speculating int on a non-int JSConstant.
123         https://bugs.webkit.org/show_bug.cgi?id=64017
124
125         Reviewed by Gavin Barraclough.
126
127         * dfg/DFGSpeculativeJIT.cpp:
128         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
129         (JSC::DFG::SpeculativeJIT::compile):
130
131 2011-07-06  Dmitriy Vyukov  <dvyukov@google.com>
132
133         Reviewed by David Levin.
134
135         Allow substitution of dynamic annotations and prevent identical code folding by the linker.
136         https://bugs.webkit.org/show_bug.cgi?id=62443
137
138         * wtf/DynamicAnnotations.cpp:
139         (WTFAnnotateBenignRaceSized):
140         (WTFAnnotateHappensBefore):
141         (WTFAnnotateHappensAfter):
142
143 2011-07-06  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
144
145         Calls on 32 bit machines are failed after r90423
146         https://bugs.webkit.org/show_bug.cgi?id=63980
147
148         Reviewed by Gavin Barraclough.
149
150         Copy the necessary lines from JITCall.cpp.
151
152         * jit/JITCall32_64.cpp:
153         (JSC::JIT::compileOpCall):
154
155 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
156
157         DFG JIT virtual call implementation is inefficient.
158         https://bugs.webkit.org/show_bug.cgi?id=63974
159
160         Reviewed by Gavin Barraclough.
161
162         * dfg/DFGOperations.cpp:
163         * runtime/Executable.h:
164         (JSC::ExecutableBase::generatedJITCodeForCallWithArityCheck):
165         (JSC::ExecutableBase::generatedJITCodeForConstructWithArityCheck):
166         (JSC::ExecutableBase::generatedJITCodeWithArityCheckFor):
167         (JSC::ExecutableBase::hasJITCodeForCall):
168         (JSC::ExecutableBase::hasJITCodeForConstruct):
169         (JSC::ExecutableBase::hasJITCodeFor):
170         * runtime/JSFunction.h:
171         (JSC::JSFunction::scopeUnchecked):
172
173 2011-07-05  Oliver Hunt  <oliver@apple.com>
174
175         Force inlining of simple functions that show up as not being inlined
176         https://bugs.webkit.org/show_bug.cgi?id=63964
177
178         Reviewed by Gavin Barraclough.
179
180         Looking at profile data indicates the gcc is failing to inline a
181         number of trivial functions.  This patch hits the ones that show
182         up in profiles with the ALWAYS_INLINE hammer.
183
184         We also replace the memcpy() call in linking with a manual loop.
185         Apparently memcpy() is almost never faster than an inlined loop.
186
187         * assembler/ARMv7Assembler.h:
188         (JSC::ARMv7Assembler::add):
189         (JSC::ARMv7Assembler::add_S):
190         (JSC::ARMv7Assembler::ARM_and):
191         (JSC::ARMv7Assembler::asr):
192         (JSC::ARMv7Assembler::b):
193         (JSC::ARMv7Assembler::blx):
194         (JSC::ARMv7Assembler::bx):
195         (JSC::ARMv7Assembler::clz):
196         (JSC::ARMv7Assembler::cmn):
197         (JSC::ARMv7Assembler::cmp):
198         (JSC::ARMv7Assembler::eor):
199         (JSC::ARMv7Assembler::it):
200         (JSC::ARMv7Assembler::ldr):
201         (JSC::ARMv7Assembler::ldrCompact):
202         (JSC::ARMv7Assembler::ldrh):
203         (JSC::ARMv7Assembler::ldrb):
204         (JSC::ARMv7Assembler::lsl):
205         (JSC::ARMv7Assembler::lsr):
206         (JSC::ARMv7Assembler::movT3):
207         (JSC::ARMv7Assembler::mov):
208         (JSC::ARMv7Assembler::movt):
209         (JSC::ARMv7Assembler::mvn):
210         (JSC::ARMv7Assembler::neg):
211         (JSC::ARMv7Assembler::orr):
212         (JSC::ARMv7Assembler::orr_S):
213         (JSC::ARMv7Assembler::ror):
214         (JSC::ARMv7Assembler::smull):
215         (JSC::ARMv7Assembler::str):
216         (JSC::ARMv7Assembler::sub):
217         (JSC::ARMv7Assembler::sub_S):
218         (JSC::ARMv7Assembler::tst):
219         (JSC::ARMv7Assembler::linkRecordSourceComparator):
220         (JSC::ARMv7Assembler::link):
221         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Reg3Imm8):
222         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Imm5Reg3Reg3):
223         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp7Reg3Reg3Reg3):
224         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8Imm8):
225         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8RegReg143):
226         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp9Imm7):
227         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp10Reg3Reg3):
228         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4FourFours):
229         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16FourFours):
230         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16Op16):
231         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp5i6Imm4Reg4EncodedImm):
232         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4Reg4Imm12):
233         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp):
234         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp):
235         * assembler/LinkBuffer.h:
236         (JSC::LinkBuffer::linkCode):
237         * assembler/MacroAssemblerARMv7.h:
238         (JSC::MacroAssemblerARMv7::nearCall):
239         (JSC::MacroAssemblerARMv7::call):
240         (JSC::MacroAssemblerARMv7::ret):
241         (JSC::MacroAssemblerARMv7::moveWithPatch):
242         (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
243         (JSC::MacroAssemblerARMv7::storePtrWithPatch):
244         (JSC::MacroAssemblerARMv7::tailRecursiveCall):
245         (JSC::MacroAssemblerARMv7::makeTailRecursiveCall):
246         (JSC::MacroAssemblerARMv7::jump):
247         (JSC::MacroAssemblerARMv7::makeBranch):
248
249 2011-07-05  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
250
251         Make "Add optimised paths for a few maths functions" work on Qt
252         https://bugs.webkit.org/show_bug.cgi?id=63893
253
254         Reviewed by Oliver Hunt.
255
256         Move the generated code to the .text section instead of .data section.
257         Fix alignment for the 32 bit thunk code.
258
259         * jit/ThunkGenerators.cpp:
260
261 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
262
263         DFG JIT does not implement op_call.
264         https://bugs.webkit.org/show_bug.cgi?id=63858
265
266         Reviewed by Gavin Barraclough.
267
268         * bytecode/CodeBlock.cpp:
269         (JSC::CodeBlock::unlinkCalls):
270         * bytecode/CodeBlock.h:
271         (JSC::CodeBlock::setNumberOfCallLinkInfos):
272         (JSC::CodeBlock::numberOfCallLinkInfos):
273         * bytecompiler/BytecodeGenerator.cpp:
274         (JSC::BytecodeGenerator::emitCall):
275         (JSC::BytecodeGenerator::emitConstruct):
276         * dfg/DFGAliasTracker.h:
277         (JSC::DFG::AliasTracker::lookupGetByVal):
278         (JSC::DFG::AliasTracker::recordCall):
279         (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
280         * dfg/DFGByteCodeParser.cpp:
281         (JSC::DFG::ByteCodeParser::ByteCodeParser):
282         (JSC::DFG::ByteCodeParser::getLocal):
283         (JSC::DFG::ByteCodeParser::getArgument):
284         (JSC::DFG::ByteCodeParser::toInt32):
285         (JSC::DFG::ByteCodeParser::addToGraph):
286         (JSC::DFG::ByteCodeParser::addVarArgChild):
287         (JSC::DFG::ByteCodeParser::predictInt32):
288         (JSC::DFG::ByteCodeParser::parseBlock):
289         (JSC::DFG::ByteCodeParser::processPhiStack):
290         (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
291         * dfg/DFGGraph.cpp:
292         (JSC::DFG::Graph::opName):
293         (JSC::DFG::Graph::dump):
294         (JSC::DFG::Graph::refChildren):
295         * dfg/DFGGraph.h:
296         * dfg/DFGJITCodeGenerator.cpp:
297         (JSC::DFG::JITCodeGenerator::useChildren):
298         (JSC::DFG::JITCodeGenerator::emitCall):
299         * dfg/DFGJITCodeGenerator.h:
300         (JSC::DFG::JITCodeGenerator::addressOfCallData):
301         * dfg/DFGJITCompiler.cpp:
302         (JSC::DFG::JITCompiler::compileFunction):
303         * dfg/DFGJITCompiler.h:
304         (JSC::DFG::CallRecord::CallRecord):
305         (JSC::DFG::JITCompiler::notifyCall):
306         (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
307         (JSC::DFG::JITCompiler::addJSCall):
308         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
309         (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
310         * dfg/DFGNode.h:
311         (JSC::DFG::Node::Node):
312         (JSC::DFG::Node::child1):
313         (JSC::DFG::Node::child2):
314         (JSC::DFG::Node::child3):
315         (JSC::DFG::Node::firstChild):
316         (JSC::DFG::Node::numChildren):
317         * dfg/DFGNonSpeculativeJIT.cpp:
318         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
319         (JSC::DFG::NonSpeculativeJIT::compare):
320         (JSC::DFG::NonSpeculativeJIT::compile):
321         * dfg/DFGOperations.cpp:
322         * dfg/DFGOperations.h:
323         * dfg/DFGRepatch.cpp:
324         (JSC::DFG::dfgLinkCall):
325         * dfg/DFGRepatch.h:
326         * dfg/DFGSpeculativeJIT.cpp:
327         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
328         (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
329         (JSC::DFG::SpeculativeJIT::compile):
330         * dfg/DFGSpeculativeJIT.h:
331         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
332         * interpreter/CallFrame.h:
333         (JSC::ExecState::calleeAsValue):
334         * jit/JIT.cpp:
335         (JSC::JIT::JIT):
336         (JSC::JIT::privateCompileMainPass):
337         (JSC::JIT::privateCompileSlowCases):
338         (JSC::JIT::privateCompile):
339         (JSC::JIT::linkCall):
340         (JSC::JIT::linkConstruct):
341         * jit/JITCall.cpp:
342         (JSC::JIT::compileOpCall):
343         * jit/JITCode.h:
344         (JSC::JITCode::JITCode):
345         (JSC::JITCode::jitType):
346         (JSC::JITCode::HostFunction):
347         * runtime/JSFunction.h:
348         * runtime/JSGlobalData.h:
349
350 2011-07-05  Oliver Hunt  <oliver@apple.com>
351
352         Initialize new MarkStack member
353
354         * heap/MarkStack.h:
355         (JSC::MarkStack::MarkStack):
356
357 2011-07-05  Oliver Hunt  <oliver@apple.com>
358
359         Don't throw out compiled code repeatedly
360         https://bugs.webkit.org/show_bug.cgi?id=63960
361
362         Reviewed by Gavin Barraclough.
363
364         Stop throwing away all compiled code every time
365         we're told to do a full GC.  Instead unlink all
366         callsites during such GC passes to maximise the
367         number of collectable functions, but otherwise
368         leave compiled functions alone.
369
370         * API/JSBase.cpp:
371         (JSGarbageCollect):
372         * bytecode/CodeBlock.cpp:
373         (JSC::CodeBlock::visitAggregate):
374         * heap/Heap.cpp:
375         (JSC::Heap::collectAllGarbage):
376         * heap/MarkStack.h:
377         (JSC::MarkStack::shouldUnlinkCalls):
378         (JSC::MarkStack::setShouldUnlinkCalls):
379         * runtime/JSGlobalData.cpp:
380         (JSC::JSGlobalData::recompileAllJSFunctions):
381         (JSC::JSGlobalData::releaseExecutableMemory):
382         * runtime/RegExp.cpp:
383         (JSC::RegExp::compile):
384         (JSC::RegExp::invalidateCode):
385         * runtime/RegExp.h:
386
387 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
388
389         JSC JIT has code duplication for the handling of call and construct
390         https://bugs.webkit.org/show_bug.cgi?id=63957
391
392         Reviewed by Gavin Barraclough.
393
394         * jit/JIT.cpp:
395         (JSC::JIT::linkFor):
396         * jit/JIT.h:
397         * jit/JITStubs.cpp:
398         (JSC::jitCompileFor):
399         (JSC::DEFINE_STUB_FUNCTION):
400         (JSC::arityCheckFor):
401         (JSC::lazyLinkFor):
402         * runtime/Executable.h:
403         (JSC::ExecutableBase::generatedJITCodeFor):
404         (JSC::FunctionExecutable::compileFor):
405         (JSC::FunctionExecutable::isGeneratedFor):
406         (JSC::FunctionExecutable::generatedBytecodeFor):
407         (JSC::FunctionExecutable::generatedJITCodeWithArityCheckFor):
408
409 2011-07-05  Gavin Barraclough  <barraclough@apple.com>
410
411         Build fix following last patch.
412
413         * runtime/JSFunction.cpp:
414         (JSC::createPrototypeProperty):
415
416 2011-07-05  Gavin Barraclough  <barraclough@apple.com>
417
418         https://bugs.webkit.org/show_bug.cgi?id=63947
419         ASSERT running Object.preventExtensions(Math.sin)
420
421         Reviewed by Oliver Hunt.
422
423         This is due to calling scope() on a hostFunction as a part of
424         calling createPrototypeProperty to reify the prototype property.
425         But host functions don't have a prototype property anyway!
426
427         Prevent callling createPrototypeProperty on a host function.
428
429         * runtime/JSFunction.cpp:
430         (JSC::JSFunction::createPrototypeProperty):
431         (JSC::JSFunction::preventExtensions):
432
433 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
434
435         https://bugs.webkit.org/show_bug.cgi?id=63880
436         Evaluation order of conversions of operands to >, >= incorrect.
437
438         Reviewed by Sam Weinig.
439
440         Add 'leftFirst' parameter to jsLess, jsLessEq matching that described in the ES5
441         spec. This allows these methods to be reused to perform >, >= relational compares
442         with correct ordering of type conversions.
443
444         * dfg/DFGOperations.cpp:
445         * interpreter/Interpreter.cpp:
446         (JSC::Interpreter::privateExecute):
447         * jit/JITStubs.cpp:
448         (JSC::DEFINE_STUB_FUNCTION):
449         * runtime/Operations.h:
450         (JSC::jsLess):
451         (JSC::jsLessEq):
452
453 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
454
455         Reviewed by Sam Weinig.
456
457         https://bugs.webkit.org/show_bug.cgi?id=16652
458         Firefox and JavaScriptCore differ in Number.toString(integer)
459
460         Our arbitrary radix (2..36) toString conversion is inaccurate.
461         This is partly because it uses doubles to perform math that requires
462         higher accuracy, and partly becasue it does not attempt to correctly
463         detect where to terminate, instead relying on a simple 'epsilon'.
464
465         * runtime/NumberPrototype.cpp:
466         (JSC::decomposeDouble):
467             - helper function to extract sign, exponent, mantissa from IEEE doubles.
468         (JSC::Uint16WithFraction::Uint16WithFraction):
469             - helper class, u16int with infinite precision fraction, used to convert
470               the fractional part of the number to a string.
471         (JSC::Uint16WithFraction::operator*=):
472             - Multiply by a uint16.
473         (JSC::Uint16WithFraction::operator<):
474             - Compare two Uint16WithFractions.
475         (JSC::Uint16WithFraction::floorAndSubtract):
476             - Extract the integer portion of the number, and subtract it (clears the integer portion).
477         (JSC::Uint16WithFraction::comparePoint5):
478             - Compare to 0.5.
479         (JSC::Uint16WithFraction::sumGreaterThanOne):
480             - Passed a second Uint16WithFraction, returns true if the result of adding
481               the two values would be greater than one.
482         (JSC::Uint16WithFraction::isNormalized):
483             - Used by ASSERTs to consistency check internal representation.
484         (JSC::BigInteger::BigInteger):
485             - helper class, unbounded integer value, used to convert the integer part
486               of the number to a string.
487         (JSC::BigInteger::divide):
488             - Divide this value through by a uint32.
489         (JSC::BigInteger::operator!):
490             - test for zero.
491         (JSC::toStringWithRadix):
492             - Performs number to string conversion, with the given radix (2..36).
493         (JSC::numberProtoFuncToString):
494             - Changed to use toStringWithRadix.
495
496 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
497
498         https://bugs.webkit.org/show_bug.cgi?id=63881
499         Need separate bytecodes for handling >, >= comparisons.
500
501         Reviewed by Oliver Hunt.
502
503         This clears the way to fix Bug#63880. We currently handle greater-than comparisons
504         as being using the corresponding op_less, etc opcodes.  This is incorrect with
505         respect to evaluation ordering of the implicit conversions performed on operands -
506         we should be calling ToPrimitive on the LHS and RHS operands to the greater than,
507         but instead convert RHS then LHS.
508
509         This patch adds opcodes for greater-than comparisons mirroring existing ones used
510         for less-than.
511
512         * bytecode/CodeBlock.cpp:
513         (JSC::CodeBlock::dump):
514         * bytecode/Opcode.h:
515         * bytecompiler/BytecodeGenerator.cpp:
516         (JSC::BytecodeGenerator::emitJumpIfTrue):
517         (JSC::BytecodeGenerator::emitJumpIfFalse):
518         * bytecompiler/NodesCodegen.cpp:
519         * dfg/DFGByteCodeParser.cpp:
520         (JSC::DFG::ByteCodeParser::parseBlock):
521         * dfg/DFGNode.h:
522         * dfg/DFGNonSpeculativeJIT.cpp:
523         (JSC::DFG::NonSpeculativeJIT::compare):
524         (JSC::DFG::NonSpeculativeJIT::compile):
525         * dfg/DFGNonSpeculativeJIT.h:
526         * dfg/DFGOperations.cpp:
527         * dfg/DFGOperations.h:
528         * dfg/DFGSpeculativeJIT.cpp:
529         (JSC::DFG::SpeculativeJIT::compare):
530         (JSC::DFG::SpeculativeJIT::compile):
531         * dfg/DFGSpeculativeJIT.h:
532         * interpreter/Interpreter.cpp:
533         (JSC::Interpreter::privateExecute):
534         * jit/JIT.cpp:
535         (JSC::JIT::privateCompileMainPass):
536         (JSC::JIT::privateCompileSlowCases):
537         * jit/JIT.h:
538         (JSC::JIT::emit_op_loop_if_greater):
539         (JSC::JIT::emitSlow_op_loop_if_greater):
540         (JSC::JIT::emit_op_loop_if_greatereq):
541         (JSC::JIT::emitSlow_op_loop_if_greatereq):
542         * jit/JITArithmetic.cpp:
543         (JSC::JIT::emit_op_jgreater):
544         (JSC::JIT::emit_op_jgreatereq):
545         (JSC::JIT::emit_op_jngreater):
546         (JSC::JIT::emit_op_jngreatereq):
547         (JSC::JIT::emitSlow_op_jgreater):
548         (JSC::JIT::emitSlow_op_jgreatereq):
549         (JSC::JIT::emitSlow_op_jngreater):
550         (JSC::JIT::emitSlow_op_jngreatereq):
551         (JSC::JIT::emit_compareAndJumpSlow):
552         * jit/JITArithmetic32_64.cpp:
553         (JSC::JIT::emitBinaryDoubleOp):
554         * jit/JITStubs.cpp:
555         (JSC::DEFINE_STUB_FUNCTION):
556         * jit/JITStubs.h:
557         * parser/NodeConstructors.h:
558         (JSC::GreaterNode::GreaterNode):
559         (JSC::GreaterEqNode::GreaterEqNode):
560         * parser/Nodes.h:
561
562 2011-07-03  Gavin Barraclough  <barraclough@apple.com>
563
564         https://bugs.webkit.org/show_bug.cgi?id=63879
565         Reduce code duplication for op_jless, op_jlesseq, op_jnless, op_jnlesseq.
566
567         Reviewed by Sam Weinig.
568         
569         There is a lot of copy & paste code here; we can reduce duplication by making
570         a shared implementation.
571
572         * assembler/MacroAssembler.h:
573         (JSC::MacroAssembler::branch32):
574         (JSC::MacroAssembler::commute):
575             - Make these function platform agnostic.
576         * assembler/MacroAssemblerX86Common.h:
577             - Moved branch32/commute up to MacroAssembler.
578         * jit/JIT.h:
579         (JSC::JIT::emit_op_loop_if_lesseq):
580         (JSC::JIT::emitSlow_op_loop_if_lesseq):
581             - Add an implementation matching that for op_loop_if_less, which just calls op_jless.
582         * jit/JITArithmetic.cpp:
583         (JSC::JIT::emit_op_jless):
584         (JSC::JIT::emit_op_jlesseq):
585         (JSC::JIT::emit_op_jnless):
586         (JSC::JIT::emit_op_jnlesseq):
587         (JSC::JIT::emitSlow_op_jless):
588         (JSC::JIT::emitSlow_op_jlesseq):
589         (JSC::JIT::emitSlow_op_jnless):
590         (JSC::JIT::emitSlow_op_jnlesseq):
591             - Common implmentations of these methods for JSVALUE64 & JSVALUE32_64.
592         (JSC::JIT::emit_compareAndJump):
593         (JSC::JIT::emit_compareAndJumpSlow):
594             - Internal implmementation of jless etc for JSVALUE64.
595         * jit/JITArithmetic32_64.cpp:
596         (JSC::JIT::emit_compareAndJump):
597         (JSC::JIT::emit_compareAndJumpSlow):
598             - Internal implmementation of jless etc for JSVALUE32_64.
599         * jit/JITOpcodes.cpp:
600         * jit/JITOpcodes32_64.cpp:
601         * jit/JITStubs.cpp:
602         * jit/JITStubs.h:
603             - Remove old implementation of emit_op_loop_if_lesseq.
604
605 2011-07-03  Sheriff Bot  <webkit.review.bot@gmail.com>
606
607         Unreviewed, rolling out r90347.
608         http://trac.webkit.org/changeset/90347
609         https://bugs.webkit.org/show_bug.cgi?id=63886
610
611         Build breaks on Leopard, Chromium-win, WinCairo, and WinCE.
612         (Requested by tkent on #webkit).
613
614         * JavaScriptCore.xcodeproj/project.pbxproj:
615         * runtime/BigInteger.h: Removed.
616         * runtime/NumberPrototype.cpp:
617         (JSC::numberProtoFuncToPrecision):
618         (JSC::numberProtoFuncToString):
619         * runtime/Uint16WithFraction.h: Removed.
620         * wtf/MathExtras.h:
621
622 2011-06-30  Gavin Barraclough  <barraclough@apple.com>
623
624         Reviewed by Sam Weinig.
625
626         https://bugs.webkit.org/show_bug.cgi?id=16652
627         Firefox and JavaScriptCore differ in Number.toString(integer)
628
629         Our arbitrary radix (2..36) toString conversion is inaccurate.
630         This is partly because it uses doubles to perform math that requires
631         higher accuracy, and partly becasue it does not attempt to correctly
632         detect where to terminate, instead relying on a simple 'epsilon'.
633
634         * runtime/NumberPrototype.cpp:
635         (JSC::decomposeDouble):
636             - helper function to extract sign, exponent, mantissa from IEEE doubles.
637         (JSC::Uint16WithFraction::Uint16WithFraction):
638             - helper class, u16int with infinite precision fraction, used to convert
639               the fractional part of the number to a string.
640         (JSC::Uint16WithFraction::operator*=):
641             - Multiply by a uint16.
642         (JSC::Uint16WithFraction::operator<):
643             - Compare two Uint16WithFractions.
644         (JSC::Uint16WithFraction::floorAndSubtract):
645             - Extract the integer portion of the number, and subtract it (clears the integer portion).
646         (JSC::Uint16WithFraction::comparePoint5):
647             - Compare to 0.5.
648         (JSC::Uint16WithFraction::sumGreaterThanOne):
649             - Passed a second Uint16WithFraction, returns true if the result of adding
650               the two values would be greater than one.
651         (JSC::Uint16WithFraction::isNormalized):
652             - Used by ASSERTs to consistency check internal representation.
653         (JSC::BigInteger::BigInteger):
654             - helper class, unbounded integer value, used to convert the integer part
655               of the number to a string.
656         (JSC::BigInteger::divide):
657             - Divide this value through by a uint32.
658         (JSC::BigInteger::operator!):
659             - test for zero.
660         (JSC::toStringWithRadix):
661             - Performs number to string conversion, with the given radix (2..36).
662         (JSC::numberProtoFuncToString):
663             - Changed to use toStringWithRadix.
664
665 2011-07-02  Gavin Barraclough  <barraclough@apple.com>
666
667         https://bugs.webkit.org/show_bug.cgi?id=63866
668         DFG JIT - implement instanceof
669
670         Reviewed by Sam Weinig.
671
672         Add ops CheckHasInstance & InstanceOf to implement bytecodes
673         op_check_has_instance & op_instanceof. This is an initial
674         functional implementation, performance is a wash. We can
675         follow up with changes to fuse the InstanceOf node with
676         a subsequant branch, as we do with other comparisons.
677
678         * dfg/DFGByteCodeParser.cpp:
679         (JSC::DFG::ByteCodeParser::parseBlock):
680         * dfg/DFGJITCompiler.cpp:
681         (JSC::DFG::JITCompiler::jitAssertIsCell):
682         * dfg/DFGJITCompiler.h:
683         (JSC::DFG::JITCompiler::jitAssertIsCell):
684         * dfg/DFGNode.h:
685         * dfg/DFGNonSpeculativeJIT.cpp:
686         (JSC::DFG::NonSpeculativeJIT::compile):
687         * dfg/DFGOperations.cpp:
688         * dfg/DFGOperations.h:
689         * dfg/DFGSpeculativeJIT.cpp:
690         (JSC::DFG::SpeculativeJIT::compile):
691
692 2011-07-01  Oliver Hunt  <oliver@apple.com>
693
694         IE Web Workers demo crashes in JSC::SlotVisitor::visitChildren()
695         https://bugs.webkit.org/show_bug.cgi?id=63732
696
697         Reviewed by Gavin Barraclough.
698
699         Initialise the memory at the head of the new storage so that
700         GC is safe if triggered by reportExtraMemoryCost.
701
702         * runtime/JSArray.cpp:
703         (JSC::JSArray::increaseVectorPrefixLength):
704
705 2011-07-01  Oliver Hunt  <oliver@apple.com>
706
707         GC sweep can occur before an object is completely initialised
708         https://bugs.webkit.org/show_bug.cgi?id=63836
709
710         Reviewed by Gavin Barraclough.
711
712         In rare cases it's possible for a GC sweep to occur while a
713         live, but not completely initialised object is on the stack.
714         In such a case we may incorrectly choose to mark it, even
715         though it has no children that need marking.
716
717         We resolve this by always zeroing out the structure of any
718         value returned from JSCell::operator new(), and making the
719         markstack tolerant of a null structure. 
720
721         * runtime/JSCell.h:
722         (JSC::JSCell::JSCell::~JSCell):
723         (JSC::JSCell::JSCell::operator new):
724         * runtime/Structure.h:
725         (JSC::MarkStack::internalAppend):
726
727 2011-07-01  Filip Pizlo  <fpizlo@apple.com>
728
729         Reviewed by Gavin Barraclough.
730
731         DFG non-speculative JIT always performs slow C calls for div and mod.
732         https://bugs.webkit.org/show_bug.cgi?id=63684
733
734         * dfg/DFGNonSpeculativeJIT.cpp:
735         (JSC::DFG::NonSpeculativeJIT::compile):
736
737 2011-07-01  Juan C. Montemayor  <jmont@apple.com>
738
739         Reviewed by Oliver Hunt.
740
741         Lexer error messages are currently appalling
742         https://bugs.webkit.org/show_bug.cgi?id=63340
743
744         Added error messages for the Lexer. These messages will be displayed
745         instead of the lexer error messages from the parser that are currently
746         shown.
747
748         * parser/Lexer.cpp:
749         (JSC::Lexer::getInvalidCharMessage):
750         (JSC::Lexer::setCode):
751         (JSC::Lexer::parseString):
752         (JSC::Lexer::lex):
753         (JSC::Lexer::clear):
754         * parser/Lexer.h:
755         (JSC::Lexer::getErrorMessage):
756         (JSC::Lexer::setOffset):
757         * parser/Parser.cpp:
758         (JSC::Parser::parse):
759
760 2011-07-01  Jungshik Shin  <jshin@chromium.org>
761
762         Reviewed by Alexey Proskuryakov.
763
764         Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
765         build files for ports not using ICU.
766         Add icu/unicode/uscript.h for ports using ICU. It's taken from 
767         ICU 3.6 (the version used on Mac OS 10.5)
768
769         http://bugs.webkit.org/show_bug.cgi?id=20797
770
771         * GNUmakefile.list.am:
772         * JavaScriptCore.gypi:
773         * icu/unicode/uscript.h: Added for UScriptCode enum.
774         * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
775         * wtf/unicode/icu/UnicodeIcu.h:
776         * wtf/unicode/brew/UnicodeBrew.h:
777         * wtf/unicode/glib/UnicodeGLib.h:
778         * wtf/unicode/qt4/UnicodeQt4.h:
779         * wtf/unicode/wince/UnicodeWinCE.h:
780
781 2011-07-01  Gavin Barraclough  <barraclough@apple.com>
782
783         Reviewed by Sam Weinig.
784
785         https://bugs.webkit.org/show_bug.cgi?id=63819
786         Escaping of forwardslashes in strings incorrect if multiple exist.
787
788         The bug is in the parameters passed to a substring - should be
789         start & length, but we're passing start & end indices!
790
791         * runtime/RegExpObject.cpp:
792         (JSC::regExpObjectSource):
793
794 2011-07-01  Adam Roben  <aroben@apple.com>
795
796         Roll out r90194
797         http://trac.webkit.org/changeset/90194
798         https://bugs.webkit.org/show_bug.cgi?id=63778
799
800         Fixes <http://webkit.org/b/63812> REGRESSION (r90194): Multiple tests intermittently failing
801         assertions in WriteBarrierBase<JSC::Structure>::get
802
803         * runtime/JSCell.h:
804         (JSC::JSCell::JSCell::~JSCell):
805
806 2011-06-30  Oliver Hunt  <oliver@apple.com>
807
808         Reviewed by Gavin Barraclough.
809
810         Add optimised paths for a few maths functions
811         https://bugs.webkit.org/show_bug.cgi?id=63757
812
813         Relanding as a Mac only patch.
814
815         This adds specialised thunks for Math.abs, Math.round, Math.ceil,
816         Math.floor, Math.log, and Math.exp as they are apparently more
817         important in real web content than we thought, which is somewhat
818         mind-boggling.  On average doubles the performance of the common
819         cases (eg. actually passing numbers in).  They're not as efficient
820         as they could be, but this way gives them the most portability.
821
822         * assembler/MacroAssemblerARM.h:
823         (JSC::MacroAssemblerARM::supportsDoubleBitops):
824         (JSC::MacroAssemblerARM::andnotDouble):
825         * assembler/MacroAssemblerARMv7.h:
826         (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
827         (JSC::MacroAssemblerARMv7::andnotDouble):
828         * assembler/MacroAssemblerMIPS.h:
829         (JSC::MacroAssemblerMIPS::andnotDouble):
830         (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
831         * assembler/MacroAssemblerSH4.h:
832         (JSC::MacroAssemblerSH4::supportsDoubleBitops):
833         (JSC::MacroAssemblerSH4::andnotDouble):
834         * assembler/MacroAssemblerX86.h:
835         (JSC::MacroAssemblerX86::supportsDoubleBitops):
836         * assembler/MacroAssemblerX86Common.h:
837         (JSC::MacroAssemblerX86Common::andnotDouble):
838         * assembler/MacroAssemblerX86_64.h:
839         (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
840         * assembler/X86Assembler.h:
841         (JSC::X86Assembler::andnpd_rr):
842         * create_hash_table:
843         * jit/SpecializedThunkJIT.h:
844         (JSC::SpecializedThunkJIT::finalize):
845         (JSC::SpecializedThunkJIT::callDoubleToDouble):
846         * jit/ThunkGenerators.cpp:
847         (JSC::floorThunkGenerator):
848         (JSC::ceilThunkGenerator):
849         (JSC::roundThunkGenerator):
850         (JSC::expThunkGenerator):
851         (JSC::logThunkGenerator):
852         (JSC::absThunkGenerator):
853         * jit/ThunkGenerators.h:
854
855 2011-07-01  David Kilzer  <ddkilzer@apple.com>
856
857         <http://webkit.org/b/63814> Fix clang build error in JITOpcodes32_64.cpp
858
859         Fixes the following build error in clang:
860
861             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:9-741:35}: error: operator '?:' has lower precedence than '+'; '+' will be evaluated first [-Werror,-Wparentheses,3]
862                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
863                      ~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
864             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36: note: place parentheses around the '+' expression to silence this warning [3]
865                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
866                                                 ^
867                      (                         )
868             fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:9-741:9}:"("
869             fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:35-741:35}:")"
870             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:28-741:94}: note: place parentheses around the '?:' expression to evaluate it first [3]
871                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
872                                         ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
873             1 error generated.
874
875         * jit/JITOpcodes32_64.cpp:
876         (JSC::JIT::emit_op_resolve_global): Add parenthesis to make the
877         tertiary expression evaluate first.
878
879 2011-07-01  Sheriff Bot  <webkit.review.bot@gmail.com>
880
881         Unreviewed, rolling out r90177 and r90179.
882         http://trac.webkit.org/changeset/90177
883         http://trac.webkit.org/changeset/90179
884         https://bugs.webkit.org/show_bug.cgi?id=63790
885
886         It caused crashes on Qt in debug mode (Requested by Ossy on
887         #webkit).
888
889         * assembler/MacroAssemblerARM.h:
890         (JSC::MacroAssemblerARM::rshift32):
891         (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
892         (JSC::MacroAssemblerARM::sqrtDouble):
893         * assembler/MacroAssemblerARMv7.h:
894         (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
895         (JSC::MacroAssemblerARMv7::sqrtDouble):
896         * assembler/MacroAssemblerMIPS.h:
897         (JSC::MacroAssemblerMIPS::sqrtDouble):
898         (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
899         * assembler/MacroAssemblerSH4.h:
900         (JSC::MacroAssemblerSH4::sqrtDouble):
901         * assembler/MacroAssemblerX86.h:
902         * assembler/MacroAssemblerX86Common.h:
903         * assembler/MacroAssemblerX86_64.h:
904         * assembler/X86Assembler.h:
905         * create_hash_table:
906         * jit/JSInterfaceJIT.h:
907         (JSC::JSInterfaceJIT::emitLoadDouble):
908         * jit/SpecializedThunkJIT.h:
909         (JSC::SpecializedThunkJIT::finalize):
910         * jit/ThunkGenerators.cpp:
911         * jit/ThunkGenerators.h:
912
913 2011-06-30  Oliver Hunt  <oliver@apple.com>
914
915         Reviewed by Beth Dakin.
916
917         Make GC validation clear cell structure on destruction
918         https://bugs.webkit.org/show_bug.cgi?id=63778
919
920         * runtime/JSCell.h:
921         (JSC::JSCell::JSCell::~JSCell):
922
923 2011-06-30  Geoffrey Garen  <ggaren@apple.com>
924
925         Reviewed by Gavin Barraclough.
926
927         Added write barrier that was missing from put_by_id_transition
928         https://bugs.webkit.org/show_bug.cgi?id=63775
929
930         * dfg/DFGJITCodeGenerator.cpp:
931         (JSC::DFG::JITCodeGenerator::writeBarrier): Made this static with a
932         MacroAssembler& argument so our patching functions could use it.
933
934         (JSC::DFG::JITCodeGenerator::cachedPutById):
935         * dfg/DFGJITCodeGenerator.h:
936         * dfg/DFGNonSpeculativeJIT.cpp:
937         (JSC::DFG::NonSpeculativeJIT::compile): Updated for signature change.
938
939         * dfg/DFGRepatch.cpp:
940         (JSC::DFG::tryCachePutByID): Missing barrier!
941
942         * dfg/DFGSpeculativeJIT.cpp:
943         (JSC::DFG::SpeculativeJIT::compile): Updated for signature change.
944
945         * jit/JITPropertyAccess.cpp:
946         (JSC::JIT::privateCompilePutByIdTransition):
947         * jit/JITPropertyAccess32_64.cpp:
948         (JSC::JIT::privateCompilePutByIdTransition):
949         * jit/JSInterfaceJIT.h: Same game here. Removed storePtrWithWriteBarrier
950         because its meaning isn't clear -- maybe in the future we'll have a
951         clear way to pass all stores through a common function that guarantees
952         a write barrier, but that's not the case right now.
953
954 2011-06-30  Filip Pizlo  <fpizlo@apple.com>
955
956         Reviewed by Gavin Barraclough.
957
958         DFG non-speculative JIT does not reuse registers when compiling comparisons.
959         https://bugs.webkit.org/show_bug.cgi?id=63565
960
961         * dfg/DFGNonSpeculativeJIT.cpp:
962         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
963         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
964         (JSC::DFG::NonSpeculativeJIT::compare):
965
966 2011-06-30  Geoffrey Garen  <ggaren@apple.com>
967
968         Reviewed by Gavin Barraclough.
969
970         Added empty write barrier stubs in all the right places in the DFG JIT
971         https://bugs.webkit.org/show_bug.cgi?id=63764
972         
973         SunSpider thinks this might be a 0.5% speedup. Meh.
974
975         * dfg/DFGJITCodeGenerator.cpp:
976         (JSC::DFG::JITCodeGenerator::writeBarrier): Le stub.
977
978         (JSC::DFG::JITCodeGenerator::cachedPutById): Don't do anything special
979         for the case where base == scratch, since we now require base and scratch
980         to be not equal, for the sake of the write barrier.
981
982         * dfg/DFGJITCodeGenerator.h: Le stub.
983
984         * dfg/DFGNonSpeculativeJIT.cpp:
985         (JSC::DFG::NonSpeculativeJIT::compile): Don't reuse the base register
986         as the scratch register, since that's incompatible with the write barrier,
987         which needs a distinct base and scratch.
988         
989         Do put the global object into a register before loading its var storage,
990         since it needs to be in a register for the write barrier to operate on it.
991
992         * dfg/DFGSpeculativeJIT.cpp:
993         (JSC::DFG::SpeculativeJIT::compile):
994         * jit/JITPropertyAccess.cpp:
995         (JSC::JIT::emitWriteBarrier): Second verse, same as the first.
996
997         * jit/JITPropertyAccess.cpp:
998         (JSC::JIT::emit_op_get_scoped_var):
999         (JSC::JIT::emit_op_put_scoped_var):
1000         (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
1001         places.
1002
1003         (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
1004         is a little more than meaningless.
1005
1006         * jit/JITPropertyAccess32_64.cpp:
1007         (JSC::JIT::emit_op_get_scoped_var):
1008         (JSC::JIT::emit_op_put_scoped_var):
1009         (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
1010         places.
1011
1012         (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
1013         is a little more than meaningless.
1014
1015         * runtime/JSVariableObject.h:
1016         (JSC::JSVariableObject::offsetOfRegisters): Now used by the JIT, since
1017         we put the global object in a register and only then load its var storage
1018         by offset.
1019
1020         (JSC::JIT::emitWriteBarrier):
1021
1022 2011-06-30  Oliver Hunt  <oliver@apple.com>
1023
1024         Fix ARMv6 build
1025
1026         * assembler/MacroAssemblerARM.h:
1027         (JSC::MacroAssemblerARM::rshift32):
1028
1029 2011-06-30  Oliver Hunt  <oliver@apple.com>
1030
1031         Reviewed by Gavin Barraclough.
1032
1033         Add optimised paths for a few maths functions
1034         https://bugs.webkit.org/show_bug.cgi?id=63757
1035
1036         This adds specialised thunks for Math.abs, Math.round, Math.ceil,
1037         Math.floor, Math.log, and Math.exp as they are apparently more
1038         important in real web content than we thought, which is somewhat
1039         mind-boggling.  On average doubles the performance of the common
1040         cases (eg. actually passing numbers in).  They're not as efficient
1041         as they could be, but this way gives them the most portability.
1042
1043         * assembler/MacroAssemblerARM.h:
1044         (JSC::MacroAssemblerARM::supportsDoubleBitops):
1045         (JSC::MacroAssemblerARM::andnotDouble):
1046         * assembler/MacroAssemblerARMv7.h:
1047         (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
1048         (JSC::MacroAssemblerARMv7::andnotDouble):
1049         * assembler/MacroAssemblerMIPS.h:
1050         (JSC::MacroAssemblerMIPS::andnotDouble):
1051         (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
1052         * assembler/MacroAssemblerSH4.h:
1053         (JSC::MacroAssemblerSH4::supportsDoubleBitops):
1054         (JSC::MacroAssemblerSH4::andnotDouble):
1055         * assembler/MacroAssemblerX86.h:
1056         (JSC::MacroAssemblerX86::supportsDoubleBitops):
1057         * assembler/MacroAssemblerX86Common.h:
1058         (JSC::MacroAssemblerX86Common::andnotDouble):
1059         * assembler/MacroAssemblerX86_64.h:
1060         (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
1061         * assembler/X86Assembler.h:
1062         (JSC::X86Assembler::andnpd_rr):
1063         * create_hash_table:
1064         * jit/SpecializedThunkJIT.h:
1065         (JSC::SpecializedThunkJIT::finalize):
1066         (JSC::SpecializedThunkJIT::callDoubleToDouble):
1067         * jit/ThunkGenerators.cpp:
1068         (JSC::floorThunkGenerator):
1069         (JSC::ceilThunkGenerator):
1070         (JSC::roundThunkGenerator):
1071         (JSC::expThunkGenerator):
1072         (JSC::logThunkGenerator):
1073         (JSC::absThunkGenerator):
1074         * jit/ThunkGenerators.h:
1075
1076 2011-06-30  Cary Clark  <caryclark@google.com>
1077
1078         Reviewed by James Robinson.
1079
1080         Use Skia if Skia on Mac Chrome is enabled
1081         https://bugs.webkit.org/show_bug.cgi?id=62999
1082
1083         * wtf/Platform.h:
1084         Add switch to use Skia if, externally,
1085         Skia has been enabled by a gyp define.
1086
1087 2011-06-30  Juan C. Montemayor  <jmont@apple.com>
1088
1089         Reviewed by Geoffrey Garen.
1090
1091         Web Inspector fails to display source for eval with syntax error
1092         https://bugs.webkit.org/show_bug.cgi?id=63583
1093
1094         Web Inspector now displays a link to an eval statement that contains
1095         a syntax error.
1096
1097         * parser/Parser.h:
1098         (JSC::isEvalNode):
1099         (JSC::EvalNode):
1100         (JSC::Parser::parse):
1101
1102 2011-06-30  Filip Pizlo  <fpizlo@apple.com>
1103
1104         Reviewed by Gavin Barraclough.
1105
1106         X86Assembler does not encode byte registers in 64-bit mode correctly.
1107         https://bugs.webkit.org/show_bug.cgi?id=63665
1108
1109         * assembler/X86Assembler.h:
1110         (JSC::X86Assembler::testb_rr):
1111         (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
1112
1113 2011-06-30  Sheriff Bot  <webkit.review.bot@gmail.com>
1114
1115         Unreviewed, rolling out r90102.
1116         http://trac.webkit.org/changeset/90102
1117         https://bugs.webkit.org/show_bug.cgi?id=63714
1118
1119         Lots of tests asserting beneath
1120         SVGSMILElement::findInstanceTime (Requested by aroben on
1121         #webkit).
1122
1123         * wtf/StdLibExtras.h:
1124         (WTF::binarySearch):
1125
1126 2011-06-30  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
1127
1128         Reviewed by Nikolas Zimmermann.
1129
1130         Speed up SVGSMILElement::findInstanceTime.
1131         https://bugs.webkit.org/show_bug.cgi?id=61025
1132
1133         Add a new parameter to StdlibExtras.h::binarySerarch function
1134         to also handle cases when the array does not contain the key value.
1135         This is needed for an svg function.
1136
1137         * wtf/StdLibExtras.h:
1138         (WTF::binarySearch):
1139
1140 2011-06-29  Gavin Barraclough  <barraclough@apple.com>
1141
1142         Reviewed by Geoff Garen.
1143
1144         https://bugs.webkit.org/show_bug.cgi?id=63669
1145         DFG JIT - fix spectral-norm regression
1146
1147         The problem is a mis-speculation leading to us falling off the speculative path.
1148         Make the speculation logic slightly smarter, don't predict int if one of the
1149         operands is already loaded as a double (we use this logic already for compares).
1150
1151         * dfg/DFGSpeculativeJIT.cpp:
1152         (JSC::DFG::SpeculativeJIT::compile):
1153         * dfg/DFGSpeculativeJIT.h:
1154         (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
1155
1156 2011-06-29  Filip Pizlo  <fpizlo@apple.com>
1157
1158         Reviewed by Gavin Barraclough.
1159
1160         DFG JIT does not do put_by_id transition caching.
1161         https://bugs.webkit.org/show_bug.cgi?id=63662
1162
1163         * dfg/DFGJITCodeGenerator.cpp:
1164         (JSC::DFG::JITCodeGenerator::cachedPutById):
1165         * dfg/DFGJITCompiler.h:
1166         (JSC::DFG::JITCompiler::addPropertyAccess):
1167         * dfg/DFGRepatch.cpp:
1168         (JSC::DFG::testPrototype):
1169         (JSC::DFG::tryCachePutByID):
1170
1171 2011-06-29  Geoffrey Garen  <ggaren@apple.com>
1172
1173         Reviewed by Oliver Hunt.
1174
1175         Added a dummy write barrier emitting function in all the right places in the old JIT
1176         https://bugs.webkit.org/show_bug.cgi?id=63667
1177         
1178         SunSpider reports no change.
1179
1180         * jit/JIT.h:
1181         * jit/JITPropertyAccess.cpp:
1182         (JSC::JIT::emit_op_put_by_id):
1183         (JSC::JIT::emit_op_put_scoped_var): Do it.
1184
1185         (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
1186         for the sake of the write barrier.
1187
1188         (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
1189
1190         * jit/JITPropertyAccess32_64.cpp:
1191         (JSC::JIT::emit_op_put_by_val):
1192         (JSC::JIT::emit_op_put_by_id):
1193         (JSC::JIT::emit_op_put_scoped_var): Do it.
1194
1195         (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
1196         for the sake of the write barrier.
1197
1198         (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
1199
1200 2011-06-29  Filip Pizlo  <fpizlo@apple.com>
1201
1202         Reviewed by Gavin Barraclough.
1203
1204         DFG JIT does not perform get_by_id self list caching.
1205         https://bugs.webkit.org/show_bug.cgi?id=63605
1206
1207         * bytecode/StructureStubInfo.h:
1208         * dfg/DFGJITCompiler.cpp:
1209         (JSC::DFG::JITCompiler::compileFunction):
1210         * dfg/DFGOperations.cpp:
1211         * dfg/DFGOperations.h:
1212         * dfg/DFGRepatch.cpp:
1213         (JSC::DFG::tryCacheGetByID):
1214         (JSC::DFG::tryBuildGetByIDList):
1215         (JSC::DFG::dfgBuildGetByIDList):
1216         * dfg/DFGRepatch.h:
1217
1218 2011-06-28  Filip Pizlo  <fpizlo@apple.com>
1219
1220         Reviewed by Gavin Barraclough.
1221
1222         DFG JIT lacks array.length caching.
1223         https://bugs.webkit.org/show_bug.cgi?id=63505
1224
1225         * bytecode/StructureStubInfo.h:
1226         * dfg/DFGJITCodeGenerator.cpp:
1227         (JSC::DFG::JITCodeGenerator::cachedGetById):
1228         (JSC::DFG::JITCodeGenerator::cachedPutById):
1229         * dfg/DFGJITCodeGenerator.h:
1230         (JSC::DFG::JITCodeGenerator::tryAllocate):
1231         (JSC::DFG::JITCodeGenerator::selectScratchGPR):
1232         (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
1233         * dfg/DFGJITCompiler.cpp:
1234         (JSC::DFG::JITCompiler::compileFunction):
1235         * dfg/DFGJITCompiler.h:
1236         (JSC::DFG::JITCompiler::addPropertyAccess):
1237         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
1238         * dfg/DFGRegisterBank.h:
1239         (JSC::DFG::RegisterBank::tryAllocate):
1240         * dfg/DFGRepatch.cpp:
1241         (JSC::DFG::tryCacheGetByID):
1242
1243 2011-06-28  Pierre Rossi  <pierre.rossi@gmail.com>
1244
1245         Reviewed by Eric Seidel.
1246
1247         Warnings in JSC's JIT on 32 bit
1248         https://bugs.webkit.org/show_bug.cgi?id=63259
1249
1250         Fairly straightforward, just use ASSERT_JIT_OFFSET_UNUSED when it applies.
1251
1252         * jit/JITPropertyAccess32_64.cpp:
1253         (JSC::JIT::emit_op_method_check):
1254         (JSC::JIT::compileGetByIdHotPath):
1255         (JSC::JIT::emit_op_put_by_id):
1256
1257 2011-06-28  Sheriff Bot  <webkit.review.bot@gmail.com>
1258
1259         Unreviewed, rolling out r89968.
1260         http://trac.webkit.org/changeset/89968
1261         https://bugs.webkit.org/show_bug.cgi?id=63581
1262
1263         Broke chromium windows compile (Requested by jamesr on
1264         #webkit).
1265
1266         * wtf/Platform.h:
1267
1268 2011-06-28  Oliver Hunt  <oliver@apple.com>
1269
1270         Reviewed by Gavin Barraclough.
1271
1272         Fix sampling build
1273         https://bugs.webkit.org/show_bug.cgi?id=63579
1274
1275         Gets opcode sampling building again, doesn't seem to work alas
1276
1277         * bytecode/SamplingTool.cpp:
1278         (JSC::SamplingTool::notifyOfScope):
1279         * bytecode/SamplingTool.h:
1280         (JSC::SamplingTool::SamplingTool):
1281         * interpreter/Interpreter.cpp:
1282         (JSC::Interpreter::enableSampler):
1283         * runtime/Executable.h:
1284         (JSC::ScriptExecutable::ScriptExecutable):
1285
1286 2011-06-28  Cary Clark  <caryclark@google.com>
1287
1288         Reviewed by James Robinson.
1289
1290         Use Skia if Skia on Mac Chrome is enabled
1291         https://bugs.webkit.org/show_bug.cgi?id=62999
1292
1293         * wtf/Platform.h:
1294         Add switch to use Skia if, externally,
1295         Skia has been enabled by a gyp define.
1296
1297 2011-06-28  Oliver Hunt  <oliver@apple.com>
1298
1299         Reviewed by Gavin Barraclough.
1300
1301         ASSERT when launching debug builds with interpreter and jit enabled
1302         https://bugs.webkit.org/show_bug.cgi?id=63566
1303
1304         Add appropriate guards to the various Executable's memory reporting
1305         logic.
1306
1307         * runtime/Executable.cpp:
1308         (JSC::EvalExecutable::compileInternal):
1309         (JSC::ProgramExecutable::compileInternal):
1310         (JSC::FunctionExecutable::compileForCallInternal):
1311         (JSC::FunctionExecutable::compileForConstructInternal):
1312
1313 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1314
1315         Reviewed by Oliver Hunt.
1316
1317         https://bugs.webkit.org/show_bug.cgi?id=63563
1318         DFG JIT - add support for double arith to speculative path
1319
1320         Add integer support for div & mod, add double support for div, mod,
1321         add, sub & mul, dynamically selecting based on operand types.
1322
1323         * dfg/DFGJITCodeGenerator.cpp:
1324         (JSC::DFG::FPRTemporary::FPRTemporary):
1325         * dfg/DFGJITCodeGenerator.h:
1326         * dfg/DFGJITCompiler.h:
1327         (JSC::DFG::JITCompiler::assembler):
1328         * dfg/DFGSpeculativeJIT.cpp:
1329         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1330         (JSC::DFG::SpeculativeJIT::compile):
1331         * dfg/DFGSpeculativeJIT.h:
1332         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
1333         (JSC::DFG::SpeculateDoubleOperand::~SpeculateDoubleOperand):
1334         (JSC::DFG::SpeculateDoubleOperand::index):
1335         (JSC::DFG::SpeculateDoubleOperand::fpr):
1336
1337 2011-06-28  Oliver Hunt  <oliver@apple.com>
1338
1339         Fix interpreter build.
1340
1341         * interpreter/Interpreter.cpp:
1342         (JSC::Interpreter::privateExecute):
1343
1344 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1345
1346         Reviewed by Oliver Hunt.
1347
1348         https://bugs.webkit.org/show_bug.cgi?id=63561
1349         DFG JIT - don't always assume integer in relational compare
1350
1351         If neither operand is known integer, or either is in double representation,
1352         then at least use a function call (don't bail off the speculative path).
1353
1354         * dfg/DFGSpeculativeJIT.cpp:
1355         (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
1356         (JSC::DFG::SpeculativeJIT::compile):
1357         * dfg/DFGSpeculativeJIT.h:
1358         (JSC::DFG::SpeculativeJIT::isDataFormatDouble):
1359         (JSC::DFG::SpeculativeJIT::compareIsInteger):
1360
1361 2011-06-28  Oliver Hunt  <oliver@apple.com>
1362
1363         Reviewed by Gavin Barraclough.
1364
1365         Make constant array optimisation less strict about what constitutes a constant
1366         https://bugs.webkit.org/show_bug.cgi?id=63554
1367
1368         Now allow string constants in array literals to actually be considered constant,
1369         and so avoid codegen in array literals with strings in them.
1370
1371         * bytecode/CodeBlock.h:
1372         (JSC::CodeBlock::addConstantBuffer):
1373         (JSC::CodeBlock::constantBuffer):
1374         * bytecompiler/BytecodeGenerator.cpp:
1375         (JSC::BytecodeGenerator::addConstantBuffer):
1376         (JSC::BytecodeGenerator::addStringConstant):
1377         (JSC::BytecodeGenerator::emitNewArray):
1378         * bytecompiler/BytecodeGenerator.h:
1379         * interpreter/Interpreter.cpp:
1380         (JSC::Interpreter::privateExecute):
1381         * jit/JITStubs.cpp:
1382         (JSC::DEFINE_STUB_FUNCTION):
1383
1384 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1385
1386         Reviewed by Oliver Hunt.
1387
1388         https://bugs.webkit.org/show_bug.cgi?id=63560
1389         DFG_JIT allow allocation of specific machine registers
1390
1391         This allow us to allocate the registers necessary to perform x86
1392         idiv instructions for div/mod, and may be useful for shifts, too.
1393
1394         * dfg/DFGJITCodeGenerator.cpp:
1395         (JSC::DFG::GPRTemporary::GPRTemporary):
1396         * dfg/DFGJITCodeGenerator.h:
1397         (JSC::DFG::JITCodeGenerator::allocate):
1398         (JSC::DFG::GPRResult::GPRResult):
1399         * dfg/DFGRegisterBank.h:
1400         (JSC::DFG::RegisterBank::allocateSpecific):
1401         * dfg/DFGSpeculativeJIT.h:
1402         (JSC::DFG::SpeculativeJIT::isInteger):
1403
1404 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1405
1406         Reviewed by Oliver Hunt.
1407
1408         https://bugs.webkit.org/show_bug.cgi?id=55040
1409         RegExp constructor returns the argument regexp instead of a new object
1410
1411         Per 15.10.3.1, our current behaviour is correct if called as a function,
1412         but incorrect when called as a constructor.
1413
1414         * runtime/RegExpConstructor.cpp:
1415         (JSC::constructRegExp):
1416         (JSC::constructWithRegExpConstructor):
1417         * runtime/RegExpConstructor.h:
1418
1419 2011-06-28  Luke Macpherson   <macpherson@chromium.org>
1420
1421         Reviewed by Darin Adler.
1422
1423         Clean up integer clamping functions in MathExtras.h and support arbitrary numeric types and limits.
1424         https://bugs.webkit.org/show_bug.cgi?id=63469
1425
1426         * wtf/MathExtras.h:
1427         (defaultMinimumForClamp):
1428         Version of std::numeric_limits::min() that returns the largest negative value for floating point types.
1429         (defaultMaximumForClamp):
1430         Symmetric alias for std::numeric_limits::max()
1431         (clampTo):
1432         New templated clamping function that supports arbitrary output types.
1433         (clampToInteger):
1434         Use new clampTo template.
1435         (clampToFloat):
1436         Use new clampTo template.
1437         (clampToPositiveInteger):
1438         Use new clampTo template.
1439
1440 2011-06-28  Adam Roben  <aroben@apple.com>
1441
1442         Windows Debug build fix after r89885
1443
1444         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported
1445         JSGlobalData::releaseExecutableMemory for jsc.exe's benefit.
1446
1447 2011-06-28  Shinya Kawanaka  <shinyak@google.com>
1448
1449         Reviewed by Kent Tamura.
1450
1451         Add const to show() method in WTFString and AtomicString.
1452         https://bugs.webkit.org/show_bug.cgi?id=63515
1453
1454         The lack of const in show() method is painful when
1455         doing something like printf-debug.
1456
1457         * wtf/text/AtomicString.cpp:
1458         (WTF::AtomicString::show):
1459         * wtf/text/AtomicString.h:
1460         * wtf/text/WTFString.cpp:
1461         (String::show):
1462         * wtf/text/WTFString.h:
1463
1464 2011-06-27  Ryosuke Niwa  <rniwa@webkit.org>
1465
1466         Build fix attempt after r89885.
1467
1468         * JavaScriptCore.exp:
1469         * jsc.cpp:
1470
1471 2011-06-27  Oliver Hunt  <oliver@apple.com>
1472
1473         Reviewed by Geoffrey Garen.
1474
1475         Support throwing away non-running code even while other code is running
1476         https://bugs.webkit.org/show_bug.cgi?id=63485
1477
1478         Add a function to CodeBlock to support unlinking direct linked callsites,
1479         and then with that in place add logic to discard code from any function
1480         that is not currently on the stack.
1481
1482         The unlinking completely reverts any optimized call sites, such that they
1483         may be relinked again in future.
1484
1485         * JavaScriptCore.exp:
1486         * bytecode/CodeBlock.cpp:
1487         (JSC::CodeBlock::unlinkCalls):
1488         (JSC::CodeBlock::clearEvalCache):
1489         * bytecode/CodeBlock.h:
1490         (JSC::CallLinkInfo::CallLinkInfo):
1491         (JSC::CallLinkInfo::unlink):
1492         * bytecode/EvalCodeCache.h:
1493         (JSC::EvalCodeCache::clear):
1494         * heap/Heap.cpp:
1495         (JSC::Heap::getConservativeRegisterRoots):
1496         * heap/Heap.h:
1497         * jit/JIT.cpp:
1498         (JSC::JIT::privateCompile):
1499         * jit/JIT.h:
1500         * jit/JITCall.cpp:
1501         (JSC::JIT::compileOpCall):
1502         * jit/JITWriteBarrier.h:
1503         (JSC::JITWriteBarrierBase::clear):
1504         * jsc.cpp:
1505         (GlobalObject::GlobalObject):
1506         (functionReleaseExecutableMemory):
1507         * runtime/Executable.cpp:
1508         (JSC::EvalExecutable::unlinkCalls):
1509         (JSC::ProgramExecutable::unlinkCalls):
1510         (JSC::FunctionExecutable::discardCode):
1511         (JSC::FunctionExecutable::unlinkCalls):
1512         * runtime/Executable.h:
1513         * runtime/JSGlobalData.cpp:
1514         (JSC::SafeRecompiler::returnValue):
1515         (JSC::SafeRecompiler::operator()):
1516         (JSC::JSGlobalData::releaseExecutableMemory):
1517
1518 2011-06-27  Gavin Barraclough  <barraclough@apple.com>
1519
1520         Reviewed by Darin Adler & Oliver Hunt.
1521
1522         https://bugs.webkit.org/show_bug.cgi?id=50554
1523         RegExp.prototype.toString does not escape slashes
1524
1525         The problem here is that we don't escape forwards slashes when converting
1526         a RegExp to a string. This means that RegExp("/").toString() is "///",
1527         which is not a valid RegExp literal. Also, we return an invalid literal
1528         for RegExp.prototype.toString() ("//", which is an empty single-line comment).
1529
1530         From ES5:
1531         "NOTE: The returned String has the form of a RegularExpressionLiteral that
1532         evaluates to another RegExp object with the same behaviour as this object."
1533
1534         * runtime/RegExpObject.cpp:
1535         (JSC::regExpObjectSource):
1536             - Escape forward slashes when getting the source of a RegExp.
1537         * runtime/RegExpPrototype.cpp:
1538         (JSC::regExpProtoFuncToString):
1539             - Remove unnecessary and erroneous hack to return "//" as the string
1540             representation of RegExp.prototype. This is not a valid RegExp literal
1541             (it is an empty single-line comment).
1542
1543 2011-06-27  Gavin Barraclough  <barraclough@apple.com>
1544
1545         Reviewed by Oliver Hunt.
1546
1547         https://bugs.webkit.org/show_bug.cgi?id=63497
1548         Add DEBUG_WITH_BREAKPOINT support to the DFG JIT.
1549
1550         * dfg/DFGByteCodeParser.cpp:
1551         (JSC::DFG::ByteCodeParser::parseBlock):
1552         * dfg/DFGNode.h:
1553         * dfg/DFGNonSpeculativeJIT.cpp:
1554         (JSC::DFG::NonSpeculativeJIT::compile):
1555         * dfg/DFGSpeculativeJIT.cpp:
1556         (JSC::DFG::SpeculativeJIT::compile):
1557
1558 2011-06-27  Juan C. Montemayor  <jmont@apple.com>
1559
1560         Reviewed by Mark Rowe.
1561
1562         Indirectly including TextPosition.h and XPathGrammar.h causes compile errors
1563         https://bugs.webkit.org/show_bug.cgi?id=63392
1564         
1565         When both TextPosition.h and XPathGrammar.h are included a compile-error
1566         is caused, since XPathGrammar.h defines a macro called NUMBER and 
1567         TextPosition has a typedef named NUMBER.
1568
1569         * wtf/text/TextPosition.h:
1570         (WTF::TextPosition::TextPosition):
1571         (WTF::TextPosition::minimumPosition):
1572         (WTF::TextPosition::belowRangePosition):
1573
1574 2011-06-27  Filip Pizlo  <fpizlo@apple.com>
1575
1576         Reviewed by Gavin Barraclough.
1577
1578         DFG JIT does not perform put_by_id caching.
1579         https://bugs.webkit.org/show_bug.cgi?id=63409
1580
1581         * bytecode/StructureStubInfo.h:
1582         * dfg/DFGJITCodeGenerator.cpp:
1583         (JSC::DFG::JITCodeGenerator::cachedPutById):
1584         * dfg/DFGJITCodeGenerator.h:
1585         * dfg/DFGJITCompiler.cpp:
1586         (JSC::DFG::JITCompiler::compileFunction):
1587         * dfg/DFGJITCompiler.h:
1588         (JSC::DFG::JITCompiler::addPropertyAccess):
1589         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
1590         * dfg/DFGNonSpeculativeJIT.cpp:
1591         (JSC::DFG::NonSpeculativeJIT::compile):
1592         * dfg/DFGOperations.cpp:
1593         * dfg/DFGOperations.h:
1594         * dfg/DFGRepatch.cpp:
1595         (JSC::DFG::dfgRepatchByIdSelfAccess):
1596         (JSC::DFG::tryCacheGetByID):
1597         (JSC::DFG::appropriatePutByIdFunction):
1598         (JSC::DFG::tryCachePutByID):
1599         (JSC::DFG::dfgRepatchPutByID):
1600         * dfg/DFGRepatch.h:
1601         * dfg/DFGSpeculativeJIT.cpp:
1602         (JSC::DFG::SpeculativeJIT::compile):
1603
1604 2011-06-27  Gustavo Noronha Silva  <gns@gnome.org>
1605
1606         Unreviewed build fix. One more filed missing during distcheck, for
1607         the MIPS build.
1608
1609         * GNUmakefile.list.am:
1610
1611 2011-06-26  Filip Pizlo  <fpizlo@apple.com>
1612
1613         Reviewed by Gavin Barraclough.
1614
1615         DFG non-speculative JIT has potentially harmful speculations with respect to arithmetic operations.
1616         https://bugs.webkit.org/show_bug.cgi?id=63347
1617
1618         * dfg/DFGNonSpeculativeJIT.cpp:
1619             - Changed arithmetic operations to speculate in favor of integers.
1620         (JSC::DFG::NonSpeculativeJIT::valueToNumber):
1621         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1622         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1623         (JSC::DFG::NonSpeculativeJIT::compile):
1624         * dfg/DFGNonSpeculativeJIT.h:
1625         * dfg/DFGOperations.cpp:
1626             - Added slow-path routines for arithmetic that perform no speculation; the
1627               non-speculative JIT will generate calls to these in cases where its
1628               speculation fails.
1629         * dfg/DFGOperations.h:
1630
1631 2011-06-24  Nikolas Zimmermann  <nzimmermann@rim.com>
1632
1633         Reviewed by Rob Buis.
1634
1635         Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
1636         https://bugs.webkit.org/show_bug.cgi?id=59085
1637
1638         * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
1639
1640 2011-06-24  Michael Saboff  <msaboff@apple.com>
1641
1642         Reviewed by Gavin Barraclough.
1643
1644         Arm Assembler, Immediate stack offset values truncated to 8 bits for add & sub
1645         https://bugs.webkit.org/show_bug.cgi?id=63345
1646
1647         The methods ARMThumbImmediate::getUInt9 and ARMThumbImmediate::getUInt10
1648         return 9 and 10 bit quantities, therefore changed their return type from
1649         uint8_t to uint16_t.  Also casted the places where they are used as they
1650         are currently shifted and used as 7 or 8 bit values.
1651
1652         These methods are currently used for literals for stack offsets, 
1653         including creating and destroying stack frames.  The prior truncation of
1654         the upper bits caused stack frames to be too small, thus allowing a
1655         JIT'ed function to access and overwrite stack space outside of the
1656         incorrectly sized stack frame.
1657
1658         * assembler/ARMv7Assembler.h:
1659         (JSC::ARMThumbImmediate::getUInt9):
1660         (JSC::ARMThumbImmediate::getUInt10):
1661         (JSC::ARMv7Assembler::add):
1662         (JSC::ARMv7Assembler::ldr):
1663         (JSC::ARMv7Assembler::str):
1664         (JSC::ARMv7Assembler::sub):
1665         (JSC::ARMv7Assembler::sub_S):
1666
1667 2011-06-24  Michael Saboff  <msaboff@apple.com>
1668
1669         Reviewed by Geoffrey Garen.
1670
1671         releaseFastMallocFreeMemory doesn't adjust free counts for scavenger
1672         https://bugs.webkit.org/show_bug.cgi?id=63015
1673
1674         Added code to adjust class TCMalloc_PageHeap variables free_committed_pages_ and
1675         min_free_committed_pages_since_last_scavenge_ in ReleaseFreeList().  These 
1676         adjustments are a bug.  These need to reflect the pages that are released
1677         in ReleaseFreeLsit so that scavenge doesn't try to free that many pages as well.
1678         Made ReleaseFreeList a member of TCMalloc_PageHeap in the process.  Updated
1679         Check() and helper method CheckList() to check the number of actual free pages
1680         with free_committed_pages_.
1681
1682         The symptom of the problem of the existing code is that the scavenger may
1683         run unneccesarily without any real work to do, i.e. pages on the free lists.
1684         The scanvenger would also end up freeing too many pages, that is going below 
1685         the current 528 target free pages.
1686
1687         Note that the style of the changes was kept consistent with the
1688         existing style.
1689
1690         * wtf/FastMalloc.cpp:
1691         (WTF::TCMalloc_PageHeap::Check):
1692         (WTF::TCMalloc_PageHeap::CheckList):
1693         (WTF::TCMalloc_PageHeap::ReleaseFreeList):
1694
1695 2011-06-24  Abhishek Arya  <inferno@chromium.org>
1696
1697         Reviewed by Darin Adler.
1698
1699         Match other clampTo* functions in style with clampToInteger(float)
1700         function.
1701         https://bugs.webkit.org/show_bug.cgi?id=53449
1702
1703         * wtf/MathExtras.h:
1704         (clampToInteger):
1705         (clampToFloat):
1706         (clampToPositiveInteger):
1707
1708 2011-06-24  Sheriff Bot  <webkit.review.bot@gmail.com>
1709
1710         Unreviewed, rolling out r89594.
1711         http://trac.webkit.org/changeset/89594
1712         https://bugs.webkit.org/show_bug.cgi?id=63316
1713
1714         It broke 5 tests on the Qt bot (Requested by Ossy_DC on
1715         #webkit).
1716
1717         * GNUmakefile.list.am:
1718         * JavaScriptCore.gypi:
1719         * icu/unicode/uscript.h: Removed.
1720         * wtf/unicode/ScriptCodesFromICU.h: Removed.
1721         * wtf/unicode/brew/UnicodeBrew.h:
1722         * wtf/unicode/glib/UnicodeGLib.h:
1723         * wtf/unicode/icu/UnicodeIcu.h:
1724         * wtf/unicode/qt4/UnicodeQt4.h:
1725         * wtf/unicode/wince/UnicodeWinCE.h:
1726
1727 2011-06-23  Filip Pizlo  <fpizlo@apple.com>
1728
1729         Reviewed by Gavin Barraclough.
1730
1731         DFG non-speculative JIT should have obvious optimizations for GetById and GetByVal
1732         https://bugs.webkit.org/show_bug.cgi?id=63173
1733
1734         * dfg/DFGJITCodeGenerator.cpp:
1735         (JSC::DFG::JITCodeGenerator::cachedGetById):
1736         * dfg/DFGJITCodeGenerator.h:
1737         * dfg/DFGNonSpeculativeJIT.cpp:
1738         (JSC::DFG::NonSpeculativeJIT::compile):
1739         * dfg/DFGSpeculativeJIT.cpp:
1740         (JSC::DFG::SpeculativeJIT::compile):
1741
1742 2011-06-23  Oliver Hunt  <oliver@apple.com>
1743
1744         Fix Qt again.
1745
1746         * assembler/ARMAssembler.h:
1747         (JSC::ARMAssembler::readPointer):
1748
1749 2011-06-23  Oliver Hunt  <oliver@apple.com>
1750
1751         Fix Qt Build
1752
1753         * assembler/ARMAssembler.h:
1754         (JSC::ARMAssembler::readPointer):
1755
1756 2011-06-23  Stephanie Lewis  <slewis@apple.com>
1757
1758         Reviewed by Darin Adler.
1759
1760         https://bugs.webkit.org/show_bug.cgi?id=63298
1761         Replace Malloc with FastMalloc to match the rest of wtf.
1762
1763         * wtf/BlockStack.h:
1764         (WTF::::~BlockStack):
1765         (WTF::::grow):
1766         (WTF::::shrink):
1767
1768 2011-06-23  Oliver Hunt  <oliver@apple.com>
1769
1770         Reviewed by Gavin Barraclough.
1771
1772         Add the ability to dynamically modify linked call sites
1773         https://bugs.webkit.org/show_bug.cgi?id=63291
1774
1775         Add JITWriteBarrier as a writebarrier class that allows
1776         reading and writing directly into the code stream.
1777
1778         This required adding logic to all the assemblers to allow
1779         us to read values back out of the instruction stream.
1780
1781         * JavaScriptCore.xcodeproj/project.pbxproj:
1782         * assembler/ARMAssembler.h:
1783         (JSC::ARMAssembler::readPointer):
1784         * assembler/ARMv7Assembler.h:
1785         (JSC::ARMv7Assembler::readPointer):
1786         (JSC::ARMv7Assembler::readInt32):
1787         (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmFirst):
1788         (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmSecond):
1789         * assembler/AbstractMacroAssembler.h:
1790         (JSC::AbstractMacroAssembler::readPointer):
1791         * assembler/MIPSAssembler.h:
1792         (JSC::MIPSAssembler::readInt32):
1793         (JSC::MIPSAssembler::readPointer):
1794         * assembler/MacroAssemblerCodeRef.h:
1795         (JSC::MacroAssemblerCodePtr::operator!):
1796         * assembler/SH4Assembler.h:
1797         (JSC::SH4Assembler::readPCrelativeAddress):
1798         (JSC::SH4Assembler::readPointer):
1799         (JSC::SH4Assembler::readInt32):
1800         * assembler/X86Assembler.h:
1801         (JSC::X86Assembler::readPointer):
1802         * bytecode/CodeBlock.cpp:
1803         (JSC::CodeBlock::visitAggregate):
1804         * bytecode/CodeBlock.h:
1805         (JSC::MethodCallLinkInfo::seenOnce):
1806         (JSC::MethodCallLinkInfo::setSeen):
1807         * heap/MarkStack.h:
1808         * jit/JIT.cpp:
1809         (JSC::JIT::privateCompile):
1810         (JSC::JIT::linkCall):
1811         (JSC::JIT::linkConstruct):
1812         * jit/JITPropertyAccess.cpp:
1813         (JSC::JIT::patchMethodCallProto):
1814         * jit/JITPropertyAccess32_64.cpp:
1815         * jit/JITWriteBarrier.h: Added.
1816         (JSC::JITWriteBarrierBase::operator UnspecifiedBoolType*):
1817         (JSC::JITWriteBarrierBase::operator!):
1818         (JSC::JITWriteBarrierBase::setFlagOnBarrier):
1819         (JSC::JITWriteBarrierBase::isFlagged):
1820         (JSC::JITWriteBarrierBase::setLocation):
1821         (JSC::JITWriteBarrierBase::location):
1822         (JSC::JITWriteBarrierBase::JITWriteBarrierBase):
1823         (JSC::JITWriteBarrierBase::set):
1824         (JSC::JITWriteBarrierBase::get):
1825         (JSC::JITWriteBarrier::JITWriteBarrier):
1826         (JSC::JITWriteBarrier::set):
1827         (JSC::JITWriteBarrier::get):
1828         (JSC::MarkStack::append):
1829
1830 2011-06-23  Gavin Barraclough  <barraclough@apple.com>
1831
1832         Reviewed by Oliver Hunt.
1833
1834         https://bugs.webkit.org/show_bug.cgi?id=61585
1835         Crash running regexp /(?:(?=g))|(?:m).{2147483648,}/
1836
1837         This is due to use of int instead of unsigned, bad math around
1838         the 2^31 boundary.
1839
1840         * yarr/YarrInterpreter.cpp:
1841         (JSC::Yarr::ByteCompiler::emitDisjunction):
1842             - Change some uses of int to unsigned, refactor compare logic to
1843               restrict to the range 0..2^32-1 (rather than -2^32-1..2^32-1).
1844         * yarr/YarrJIT.cpp:
1845         (JSC::Yarr::YarrGenerator::generate):
1846         (JSC::Yarr::YarrGenerator::backtrack):
1847             - Ditto.
1848
1849 2011-06-22  Gavin Barraclough  <barraclough@apple.com>
1850
1851         Reviewed by Sam Weinig.
1852
1853         https://bugs.webkit.org/show_bug.cgi?id=63218
1854         DFG JIT - remove machine type guarantees from graph
1855
1856         The DFG JIT currently makes assumptions about the types of machine registers
1857         that certain nodes will be loaded into. This will be broken as we generate
1858         nodes to produce both integer and double code paths. Remove int<->double
1859         conversions nodes. This design decision also gave rise to multiple types of
1860         constant nodes, requiring separate handling for each type. Merge these back
1861         into JSConstant.
1862
1863         * dfg/DFGAliasTracker.h:
1864         (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
1865         * dfg/DFGByteCodeParser.cpp:
1866         (JSC::DFG::ByteCodeParser::getToInt32):
1867         (JSC::DFG::ByteCodeParser::getToNumber):
1868         (JSC::DFG::ByteCodeParser::toInt32):
1869         (JSC::DFG::ByteCodeParser::toNumber):
1870         (JSC::DFG::ByteCodeParser::isInt32Constant):
1871         (JSC::DFG::ByteCodeParser::isDoubleConstant):
1872         (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
1873         (JSC::DFG::ByteCodeParser::valueOfDoubleConstant):
1874         (JSC::DFG::ByteCodeParser::one):
1875         (JSC::DFG::ByteCodeParser::predictInt32):
1876         * dfg/DFGGraph.cpp:
1877         (JSC::DFG::Graph::dump):
1878         * dfg/DFGJITCodeGenerator.h:
1879         (JSC::DFG::JITCodeGenerator::silentFillGPR):
1880         (JSC::DFG::JITCodeGenerator::silentFillFPR):
1881         (JSC::DFG::JITCodeGenerator::isJSConstant):
1882         (JSC::DFG::JITCodeGenerator::isDoubleConstant):
1883         (JSC::DFG::JITCodeGenerator::valueOfJSConstantAsImmPtr):
1884         * dfg/DFGJITCompiler.cpp:
1885         (JSC::DFG::JITCompiler::fillNumericToDouble):
1886         (JSC::DFG::JITCompiler::fillInt32ToInteger):
1887         * dfg/DFGJITCompiler.h:
1888         (JSC::DFG::JITCompiler::isJSConstant):
1889         (JSC::DFG::JITCompiler::isInt32Constant):
1890         (JSC::DFG::JITCompiler::isDoubleConstant):
1891         (JSC::DFG::JITCompiler::valueOfJSConstant):
1892         (JSC::DFG::JITCompiler::valueOfInt32Constant):
1893         (JSC::DFG::JITCompiler::valueOfDoubleConstant):
1894         * dfg/DFGNode.h:
1895         (JSC::DFG::Node::Node):
1896         (JSC::DFG::Node::isConstant):
1897         (JSC::DFG::Node::notTakenBytecodeOffset):
1898         * dfg/DFGNonSpeculativeJIT.cpp:
1899         (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
1900         (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
1901         (JSC::DFG::NonSpeculativeJIT::compile):
1902         * dfg/DFGSpeculativeJIT.cpp:
1903         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1904         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1905         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
1906         (JSC::DFG::SpeculativeJIT::compile):
1907
1908 2011-06-23  Jungshik Shin  <jshin@chromium.org>
1909
1910         Reviewed by Alexey Proskuryakov.
1911
1912         Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
1913         build files for ports not using ICU.
1914         Add icu/unicode/uscript.h for ports using ICU. It's taken from 
1915         ICU 3.6 (the version used on Mac OS 10.5)
1916
1917         http://bugs.webkit.org/show_bug.cgi?id=20797
1918
1919         * GNUmakefile.list.am:
1920         * JavaScriptCore.gypi:
1921         * icu/unicode/uscript.h: Added for UScriptCode enum.
1922         * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
1923         * wtf/unicode/icu/UnicodeIcu.h:
1924         * wtf/unicode/brew/UnicodeBrew.h:
1925         * wtf/unicode/glib/UnicodeGLib.h:
1926         * wtf/unicode/qt4/UnicodeQt4.h:
1927         * wtf/unicode/wince/UnicodeWinCE.h:
1928
1929 2011-06-23  Ryuan Choi  <ryuan.choi@samsung.com>
1930
1931         Reviewed by Andreas Kling.
1932
1933         [EFL][WK2] Add PLATFORM(EFL) to use UNIX_DOMAIN_SOCKETS.
1934         https://bugs.webkit.org/show_bug.cgi?id=63228
1935
1936         * wtf/Platform.h: Add PLATFORM(EFL) guard.
1937
1938 2011-06-23  Sheriff Bot  <webkit.review.bot@gmail.com>
1939
1940         Unreviewed, rolling out r89547.
1941         http://trac.webkit.org/changeset/89547
1942         https://bugs.webkit.org/show_bug.cgi?id=63252
1943
1944         "Chrmium crash on start" (Requested by yurys on #webkit).
1945
1946         * wtf/DynamicAnnotations.cpp:
1947         (WTFAnnotateBenignRaceSized):
1948         (WTFAnnotateHappensBefore):
1949         (WTFAnnotateHappensAfter):
1950         * wtf/DynamicAnnotations.h:
1951
1952 2011-06-23  Timur Iskhodzhanov  <timurrrr@google.com>
1953
1954         Reviewed by David Levin.
1955
1956         Make dynamic annotations weak symbols and prevent identical code folding by the linker
1957         https://bugs.webkit.org/show_bug.cgi?id=62443
1958
1959         * wtf/DynamicAnnotations.cpp:
1960         (WTFAnnotateBenignRaceSized):
1961         (WTFAnnotateHappensBefore):
1962         (WTFAnnotateHappensAfter):
1963         * wtf/DynamicAnnotations.h:
1964
1965 2011-06-22  Yael Aharon  <yael.aharon@nokia.com>
1966
1967         Reviewed by Andreas Kling.
1968
1969         [Qt] Add a build flag for building with libxml2 and libxslt.
1970         https://bugs.webkit.org/show_bug.cgi?id=63113
1971
1972         * wtf/Platform.h:
1973
1974 2011-06-22  Sheriff Bot  <webkit.review.bot@gmail.com>
1975
1976         Unreviewed, rolling out r89489.
1977         http://trac.webkit.org/changeset/89489
1978         https://bugs.webkit.org/show_bug.cgi?id=63203
1979
1980         Broke chromium mac build on build.webkit.org (Requested by
1981         abarth on #webkit).
1982
1983         * wtf/Platform.h:
1984
1985 2011-06-22  Cary Clark  <caryclark@google.com>
1986
1987         Reviewed by Darin Fisher.
1988
1989         Use Skia if Skia on Mac Chrome is enabled
1990         https://bugs.webkit.org/show_bug.cgi?id=62999
1991
1992         * wtf/Platform.h:
1993         Add switch to use Skia if, externally,
1994         Skia has been enabled by a gyp define.
1995
1996 2011-06-22  Geoffrey Garen  <ggaren@apple.com>
1997
1998         Reviewed by Oliver Hunt.
1999
2000         * interpreter/RegisterFile.h: Removed unnecessary #include <stdio.h>.
2001
2002 2011-06-22  Geoffrey Garen  <ggaren@apple.com>
2003
2004         Reviewed by Oliver Hunt.
2005
2006         Removed the conceit that global variables are local variables when running global code
2007         https://bugs.webkit.org/show_bug.cgi?id=63106
2008         
2009         This is required for write barrier correctness.
2010         
2011         SunSpider reports about a 0.5% regression, mostly from bitops-bitwise-and.js.
2012         I was able to reduce the regression with a tiny peephole optimization in
2013         the bytecompiler, but not eliminate it. I'm committing this assuming
2014         that turning on generational GC will win back at least 0.5%.
2015
2016         (FWIW, the DFG JIT can easily eliminate any regression by sharing loads of
2017         the global object's var storage. I considered doing the same kind of
2018         optimization in the existing JIT, but it seemed like moving in the wrong
2019         direction.)
2020
2021         * bytecompiler/BytecodeGenerator.cpp:
2022         (JSC::BytecodeGenerator::addGlobalVar):
2023         (JSC::BytecodeGenerator::BytecodeGenerator): Don't give global variables
2024         negative indices, since they're no longer negatively offset from the
2025         current stack frame.
2026         
2027         Do give global variables monotonically increasing positive indices, since
2028         that's much easier to work with.
2029         
2030         Don't limit the number of optimizable global variables, since it's no
2031         longer limited by the register file, since they're no longer stored in
2032         the register file.
2033
2034         (JSC::BytecodeGenerator::registerFor): Global code never has any local
2035         registers because a var in global code is actually a property of the
2036         global object.
2037
2038         (JSC::BytecodeGenerator::constRegisterFor): Ditto.
2039
2040         (JSC::BytecodeGenerator::emitResolve): Did a tiny bit of constant
2041         propagation and dead code elimination to speed up our compiles and
2042         reduce WTFs / minute.
2043
2044         * bytecompiler/BytecodeGenerator.h:
2045         (JSC::BytecodeGenerator::registerFor): Removed special handling of globals.
2046
2047         (JSC::BytecodeGenerator::shouldOptimizeLocals): Don't optimize locals in
2048         global code, since there are none.
2049
2050         (JSC::BytecodeGenerator::canOptimizeNonLocals): Do optimize non-locals
2051         in global code (i.e., global vars), since there are some.
2052
2053         * interpreter/Interpreter.cpp:
2054         (JSC::Interpreter::callEval):
2055         (JSC::Interpreter::Interpreter):
2056         (JSC::Interpreter::dumpRegisters):
2057         (JSC::Interpreter::execute):
2058         * interpreter/Interpreter.h: Updated for deleted / renamed code.
2059
2060         * interpreter/RegisterFile.cpp:
2061         (JSC::RegisterFile::gatherConservativeRoots):
2062         (JSC::RegisterFile::releaseExcessCapacity): Updated for deleted / renamed
2063         data members.
2064
2065         * interpreter/RegisterFile.h:
2066         (JSC::RegisterFile::begin):
2067         (JSC::RegisterFile::size):
2068         (JSC::RegisterFile::RegisterFile):
2069         (JSC::RegisterFile::shrink): Removed all code and comments dealing with
2070         global variables stored in the register file.
2071
2072         (JSC::RegisterFile::grow): Updated for same.
2073         
2074         Also, a slight correctness fix: Test the VM commit end, and not just the
2075         in-use end, when checking for stack overflow. In theory, it's invalid to
2076         commit past the end of your allocation, even if you never touch that
2077         memory. This makes the usable size of the stack slightly smaller. No test
2078         because we don't know of any case in practice where this crashes.
2079
2080         * runtime/JSGlobalData.cpp:
2081         (JSC::JSGlobalData::JSGlobalData): Updated for changes above.
2082
2083         * runtime/JSGlobalObject.cpp:
2084         (JSC::JSGlobalObject::resizeRegisters):
2085         (JSC::JSGlobalObject::addStaticGlobals):
2086         * runtime/JSGlobalObject.h: Simplified globals to have monotonically 
2087         increasing indexes, always located in our external storage.
2088
2089 2011-06-21  MORITA Hajime  <morrita@google.com>
2090
2091         Unreviewed, rolling out r89401 and r89403.
2092         http://trac.webkit.org/changeset/89401
2093         http://trac.webkit.org/changeset/89403
2094         https://bugs.webkit.org/show_bug.cgi?id=62970
2095
2096         Breaks mac build and mistakenly enables the spellcheck API
2097
2098         * Configurations/FeatureDefines.xcconfig:
2099         * JavaScriptCore.xcodeproj/project.pbxproj:
2100
2101 2011-06-21  Kent Tamura  <tkent@chromium.org>
2102
2103         [Mac] Sort Xcode project files.
2104
2105         * JavaScriptCore.xcodeproj/project.pbxproj:
2106
2107 2011-06-20  MORITA Hajime  <morrita@google.com>
2108
2109         Reviewed by Kent Tamura.
2110
2111         Spellcheck API should be build-able.
2112         https://bugs.webkit.org/show_bug.cgi?id=62970
2113
2114         No new tests, changing only build related files
2115         
2116         * Configurations/FeatureDefines.xcconfig:
2117
2118 2011-06-21  Geoffrey Garen  <ggaren@apple.com>
2119
2120         Reviewed by Oliver Hunt.
2121
2122         Moved 'const' off the global-variable-as-local-variable crack pipe
2123         https://bugs.webkit.org/show_bug.cgi?id=63105
2124         
2125         This is necessary for moving the rest of the code off of same.
2126         
2127         Many problems remain in our handling of const. I have fixed none of them.
2128
2129         * bytecompiler/BytecodeGenerator.h:
2130         (JSC::BytecodeGenerator::scopeChain): New accessor, needed to enable
2131         const to directly implement its unique scoping rules.
2132
2133         * bytecompiler/NodesCodegen.cpp:
2134         (JSC::PrefixResolveNode::emitBytecode): Do specify that our resolve is
2135         for writing, so we don't overwrite const variables.
2136
2137         (JSC::ConstDeclNode::emitCodeSingle): Don't assume that all declared const
2138         variables are available as local variables, since this won't be the case
2139         once global variables are not available as local variables. Instead, use
2140         put_scoped_var in the case where there is no local variable. Like a local
2141         variable, put_scoped_var succeeds even though const properties are
2142         read-only, since put_scoped_var skips read-only checks. (Yay?)
2143
2144 2011-06-21  Oliver Hunt  <oliver@apple.com>
2145
2146         Reviewed by Alexey Proskuryakov.
2147
2148         REGRESSION(r89257): It broke 2 jscore tests (Requested by Ossy_away on #webkit).
2149         https://bugs.webkit.org/show_bug.cgi?id=63052
2150
2151         Release mode only failure, the stack overflow guards were getting there error
2152         handling inlined, so that they were essentially causing their own demise.
2153
2154         * parser/JSParser.cpp:
2155         (JSC::JSParser::updateErrorMessage):
2156         (JSC::JSParser::updateErrorWithNameAndMessage):
2157
2158 2011-06-20  Kenneth Russell  <kbr@google.com>
2159
2160         Unreviewed.
2161
2162         Rolled out r89233 and r89235 because of crashes in http/tests/misc/acid3.html on Snow Leopard and other platforms
2163         https://bugs.webkit.org/show_bug.cgi?id=63022
2164
2165         * wtf/Platform.h:
2166
2167 2011-06-18  Anders Carlsson  <andersca@apple.com>
2168
2169         Reviewed by Darin Adler.
2170
2171         Disallow assigning into PassOwnArrayPtr, PassOwnPtr and PassRefPtr
2172         https://bugs.webkit.org/show_bug.cgi?id=62940
2173
2174         Remove clear() and all assignment operators except one which now has a COMPILE_ASSERT.
2175
2176         * wtf/PassOwnArrayPtr.h:
2177         (WTF::PassOwnArrayPtr::operator=):
2178         * wtf/PassOwnPtr.h:
2179         (WTF::PassOwnPtr::operator=):
2180         * wtf/PassRefPtr.h:
2181         (WTF::PassRefPtr::operator=):
2182         (WTF::NonNullPassRefPtr::operator=):
2183
2184 2011-06-20  Oliver Hunt  <oliver@apple.com>
2185
2186         Reviewed by Darin Adler.
2187
2188         REGRESSION (r79060): Searching for a flight at united.com fails
2189         https://bugs.webkit.org/show_bug.cgi?id=63003
2190
2191         This original change also broke Twitter, and we attempted to refine the fix to 
2192         address that problem (http://trac.webkit.org/changeset/80542), but since it still breaks United,
2193         we need to revert the change until we understand the problem better.
2194
2195         * wtf/DateMath.cpp:
2196         (WTF::parseDateFromNullTerminatedCharacters):
2197
2198 2011-06-20  Juan C. Montemayor  <jmont@apple.com>
2199
2200         Reviewed by Oliver Hunt.
2201
2202         No context for javascript parse errors.
2203         https://bugs.webkit.org/show_bug.cgi?id=62613
2204         
2205         Parse errors now show more details like:
2206         "Unexpected token: ]"
2207         or
2208         "Expected token: while"
2209         
2210         For reserved names, numbers, indentifiers, strings, lexer errors, 
2211         and EOFs, the following error messages are printed:
2212         
2213         "Use of reserved word: super"
2214         "Unexpected number: 42"
2215         "Unexpected identifier: "
2216         "Unexpected string: "foobar""
2217         "Invalid token character sequence: \u4023"
2218         "Unexpected EOF"
2219
2220         * parser/JSParser.cpp:
2221         (JSC::JSParser::consume):
2222         (JSC::JSParser::getToken):
2223         (JSC::JSParser::getTokenName):
2224         (JSC::JSParser::updateErrorMessageSpecialCase):
2225         (JSC::JSParser::updateErrorMessage):
2226         (JSC::JSParser::updateErrorWithNameAndMessage):
2227         (JSC::jsParse):
2228         (JSC::JSParser::JSParser):
2229         (JSC::JSParser::parseProgram):
2230         (JSC::JSParser::parseVarDeclarationList):
2231         (JSC::JSParser::parseForStatement):
2232         (JSC::JSParser::parseBreakStatement):
2233         (JSC::JSParser::parseContinueStatement):
2234         (JSC::JSParser::parseWithStatement):
2235         (JSC::JSParser::parseTryStatement):
2236         (JSC::JSParser::parseStatement):
2237         (JSC::JSParser::parseFormalParameters):
2238         (JSC::JSParser::parseFunctionInfo):
2239         (JSC::JSParser::parseAssignmentExpression):
2240         (JSC::JSParser::parsePrimaryExpression):
2241         (JSC::JSParser::parseMemberExpression):
2242         (JSC::JSParser::parseUnaryExpression):
2243         * parser/JSParser.h:
2244         * parser/Lexer.cpp:
2245         (JSC::Lexer::lex):
2246         * parser/Parser.cpp:
2247         (JSC::Parser::parse):
2248
2249 2011-06-20  Nikolas Zimmermann  <nzimmermann@rim.com>
2250
2251         Reviewed by Rob Buis.
2252
2253         Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
2254         https://bugs.webkit.org/show_bug.cgi?id=59085
2255
2256         * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
2257
2258 2011-06-19  Oliver Hunt  <oliver@apple.com>
2259
2260         Reviewed by Sam Weinig.
2261
2262         Correct logic for putting errors on the correct line when handling JSONP
2263         https://bugs.webkit.org/show_bug.cgi?id=62962
2264
2265         Minor fix for the minor fix.  *sigh*
2266
2267         * interpreter/Interpreter.cpp:
2268         (JSC::Interpreter::execute):
2269
2270 2011-06-19  Oliver Hunt  <oliver@apple.com>
2271
2272         Minor fix to correct layout test results.
2273
2274         * interpreter/Interpreter.cpp:
2275         (JSC::Interpreter::execute):
2276
2277 2011-06-17  Oliver Hunt  <oliver@apple.com>
2278
2279         Reviewed by Gavin Barraclough.
2280
2281         JSONP is unnecessarily slow
2282         https://bugs.webkit.org/show_bug.cgi?id=62920
2283
2284         JSONP has unfortunately become a fairly common idiom online, yet
2285         it triggers very poor performance in JSC as we end up doing codegen
2286         for a large number of property accesses that will
2287            * only be run once, so the vast amount of logic we dump to handle
2288              caching of accesses is unnecessary.
2289            * We are doing codegen that is directly proportional to just
2290              creating the object in the first place.
2291
2292         This patch extends the use of the literal parser to JSONP-like structures
2293         in global code, handling a number of different forms I have seen online.
2294         In an extreme case this improves performance of JSONP by more than 2x
2295         due to removal of code generation and execution time, and a few optimisations
2296         that I made to the parser itself.
2297
2298         * API/JSValueRef.cpp:
2299         (JSValueMakeFromJSONString):
2300         * interpreter/Interpreter.cpp:
2301         (JSC::Interpreter::callEval):
2302         (JSC::Interpreter::execute):
2303         * parser/Lexer.cpp:
2304         (JSC::Lexer::isKeyword):
2305         * parser/Lexer.h:
2306         * runtime/JSGlobalObjectFunctions.cpp:
2307         (JSC::globalFuncEval):
2308         * runtime/JSONObject.cpp:
2309         (JSC::JSONProtoFuncParse):
2310         * runtime/LiteralParser.cpp:
2311         (JSC::LiteralParser::tryJSONPParse):
2312         (JSC::LiteralParser::makeIdentifier):
2313         (JSC::LiteralParser::Lexer::lex):
2314         (JSC::LiteralParser::Lexer::next):
2315         (JSC::isSafeStringCharacter):
2316         (JSC::LiteralParser::Lexer::lexString):
2317         (JSC::LiteralParser::Lexer::lexNumber):
2318         (JSC::LiteralParser::parse):
2319         * runtime/LiteralParser.h:
2320         (JSC::LiteralParser::LiteralParser):
2321         (JSC::LiteralParser::tryLiteralParse):
2322         (JSC::LiteralParser::Lexer::Lexer):
2323
2324 2011-06-18  Sheriff Bot  <webkit.review.bot@gmail.com>
2325
2326         Unreviewed, rolling out r89184.
2327         http://trac.webkit.org/changeset/89184
2328         https://bugs.webkit.org/show_bug.cgi?id=62927
2329
2330         It broke 22 tests on all bot (Requested by Ossy_weekend on
2331         #webkit).
2332
2333         * API/JSValueRef.cpp:
2334         (JSValueMakeFromJSONString):
2335         * interpreter/Interpreter.cpp:
2336         (JSC::Interpreter::callEval):
2337         (JSC::Interpreter::execute):
2338         * parser/Lexer.cpp:
2339         * parser/Lexer.h:
2340         * runtime/JSGlobalObjectFunctions.cpp:
2341         (JSC::globalFuncEval):
2342         * runtime/JSONObject.cpp:
2343         (JSC::JSONProtoFuncParse):
2344         * runtime/LiteralParser.cpp:
2345         (JSC::LiteralParser::Lexer::lex):
2346         (JSC::isSafeStringCharacter):
2347         (JSC::LiteralParser::Lexer::lexString):
2348         (JSC::LiteralParser::Lexer::lexNumber):
2349         (JSC::LiteralParser::parse):
2350         * runtime/LiteralParser.h:
2351         (JSC::LiteralParser::LiteralParser):
2352         (JSC::LiteralParser::tryLiteralParse):
2353         (JSC::LiteralParser::Lexer::Lexer):
2354         (JSC::LiteralParser::Lexer::next):
2355
2356 2011-06-17  Oliver Hunt  <oliver@apple.com>
2357
2358         Reviewed by Gavin Barraclough.
2359
2360         JSONP is unnecessarily slow
2361         https://bugs.webkit.org/show_bug.cgi?id=62920
2362
2363         JSONP has unfortunately become a fairly common idiom online, yet
2364         it triggers very poor performance in JSC as we end up doing codegen
2365         for a large number of property accesses that will
2366            * only be run once, so the vast amount of logic we dump to handle
2367              caching of accesses is unnecessary.
2368            * We are doing codegen that is directly proportional to just
2369              creating the object in the first place.
2370
2371         This patch extends the use of the literal parser to JSONP-like structures
2372         in global code, handling a number of different forms I have seen online.
2373         In an extreme case this improves performance of JSONP by more than 2x
2374         due to removal of code generation and execution time, and a few optimisations
2375         that I made to the parser itself.
2376
2377         * API/JSValueRef.cpp:
2378         (JSValueMakeFromJSONString):
2379         * interpreter/Interpreter.cpp:
2380         (JSC::Interpreter::callEval):
2381         (JSC::Interpreter::execute):
2382         * parser/Lexer.cpp:
2383         (JSC::Lexer::isKeyword):
2384         * parser/Lexer.h:
2385         * runtime/JSGlobalObjectFunctions.cpp:
2386         (JSC::globalFuncEval):
2387         * runtime/JSONObject.cpp:
2388         (JSC::JSONProtoFuncParse):
2389         * runtime/LiteralParser.cpp:
2390         (JSC::LiteralParser::tryJSONPParse):
2391         (JSC::LiteralParser::makeIdentifier):
2392         (JSC::LiteralParser::Lexer::lex):
2393         (JSC::LiteralParser::Lexer::next):
2394         (JSC::isSafeStringCharacter):
2395         (JSC::LiteralParser::Lexer::lexString):
2396         (JSC::LiteralParser::Lexer::lexNumber):
2397         (JSC::LiteralParser::parse):
2398         * runtime/LiteralParser.h:
2399         (JSC::LiteralParser::LiteralParser):
2400         (JSC::LiteralParser::tryLiteralParse):
2401         (JSC::LiteralParser::Lexer::Lexer):
2402
2403 2011-06-17  Geoffrey Garen  <ggaren@apple.com>
2404
2405         Reviewed by Oliver Hunt.
2406
2407         Moved some property access JIT code into property access JIT files
2408         https://bugs.webkit.org/show_bug.cgi?id=62906
2409
2410         * jit/JITOpcodes.cpp:
2411         * jit/JITOpcodes32_64.cpp:
2412         * jit/JITPropertyAccess.cpp:
2413         (JSC::JIT::emitSlow_op_put_by_val):
2414         (JSC::JIT::emit_op_get_scoped_var):
2415         (JSC::JIT::emit_op_put_scoped_var):
2416         (JSC::JIT::emit_op_get_global_var):
2417         (JSC::JIT::emit_op_put_global_var):
2418         * jit/JITPropertyAccess32_64.cpp:
2419         (JSC::JIT::emit_op_get_scoped_var):
2420         (JSC::JIT::emit_op_put_scoped_var):
2421         (JSC::JIT::emit_op_get_global_var):
2422         (JSC::JIT::emit_op_put_global_var):
2423
2424 2011-06-17  Anders Carlsson  <andersca@apple.com>
2425
2426         Build fix.
2427
2428         * JavaScriptCore.xcodeproj/project.pbxproj:
2429
2430 2011-06-17  Geoffrey Garen  <ggaren@apple.com>
2431
2432         Try to fix the Leopard build?
2433
2434         * JavaScriptCore.xcodeproj/project.pbxproj:
2435
2436 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2437
2438         Reviewed by Oliver Hunt.
2439
2440         Added some write barrier action, compiled out by default
2441         https://bugs.webkit.org/show_bug.cgi?id=62844
2442
2443         * JavaScriptCore.exp: Build!
2444
2445         * JavaScriptCore.xcodeproj/project.pbxproj: Fixed an incremental build
2446         issue with Heap.cpp.
2447
2448         * heap/Heap.cpp:
2449         (JSC::Heap::writeBarrierSlowCase):
2450         * heap/Heap.h:
2451         (JSC::Heap::writeBarrier):
2452         * heap/MarkedBlock.h:
2453         (JSC::MarkedBlock::isAtomAligned):
2454         (JSC::MarkedBlock::blockFor):
2455         (JSC::MarkedBlock::atomNumber):
2456         (JSC::MarkedBlock::ownerSetNumber):
2457         (JSC::MarkedBlock::addOldSpaceOwner):
2458         (JSC::MarkedBlock::OwnerSet::OwnerSet):
2459         (JSC::MarkedBlock::OwnerSet::add):
2460         (JSC::MarkedBlock::OwnerSet::clear):
2461         (JSC::MarkedBlock::OwnerSet::size):
2462         (JSC::MarkedBlock::OwnerSet::didOverflow):
2463         (JSC::MarkedBlock::OwnerSet::owners): Added a basic write barrier that
2464         tracks owners for regions within blocks. Currently unused.
2465
2466 2011-06-17  Raphael Kubo da Costa  <kubo@profusion.mobi>
2467
2468         Reviewed by Eric Seidel.
2469
2470         [EFL] Add some OwnPtr specializations for EFL types.
2471         For now there are specializations for Ecore_Evas and Evas_Object.
2472         https://bugs.webkit.org/show_bug.cgi?id=62877
2473
2474         * wtf/CMakeListsEfl.txt:
2475         * wtf/OwnPtrCommon.h:
2476         * wtf/efl/OwnPtrEfl.cpp: Added.
2477         (WTF::deleteOwnedPtr):
2478
2479 2011-06-17  Joone Hur  <joone.hur@collabora.co.uk>
2480
2481         Reviewed by Martin Robinson.
2482
2483         [GTK] Replace GdkRectangle by cairo_rectangle_int_t
2484         https://bugs.webkit.org/show_bug.cgi?id=60687
2485
2486         Replace GdkRectangle by cairo_rectangle_int_t.
2487
2488         * wtf/gobject/GTypedefs.h: Replace GdkRectangle by cairo_rectangle_int_t.
2489
2490 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
2491
2492         Reviewed by Oliver Hunt.
2493
2494         https://bugs.webkit.org/show_bug.cgi?id=53014
2495         ES5 strict mode keyword restrictions aren't implemented
2496
2497         The following are future restricted words is strict mode code:
2498             implements, interface, let, package, private, protected, public, static, yield
2499
2500         * parser/JSParser.h:
2501             - Add RESERVED_IF_STRICT token.
2502         * parser/Keywords.table:
2503             - Add new future restricted words.
2504         * parser/Lexer.cpp:
2505         (JSC::Lexer::parseIdentifier):
2506             - Check for RESERVED_IF_STRICT; in nonstrict code this is converted to IDENT.
2507         (JSC::Lexer::lex):
2508             - Pass strictMode flag to parseIdentifier.
2509         * parser/Lexer.h:
2510             - parseIdentifier needs a strictMode flag.
2511         * runtime/CommonIdentifiers.h:
2512             - Add identifiers for new reserved words.
2513
2514 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
2515
2516         Reviewed by Oliver Hunt.
2517
2518         https://bugs.webkit.org/show_bug.cgi?id=23611
2519         Multiline Javascript comments cause incorrect parsing of following script.
2520
2521         From the spec:
2522         "A MultiLineComment [is] simply discarded if it contains no line terminator,
2523         but if a MultiLineComment contains one or more line terminators, then it is
2524         replaced with a single line terminator, which becomes part of the stream of
2525         inputs for the syntactic grammar." 
2526
2527         This may result in behavioural changes, due to automatic semicolon insertion.
2528
2529         * parser/Lexer.cpp:
2530         (JSC::Lexer::parseMultilineComment):
2531             - Set m_terminator is we see a line terminator in a multiline comment.
2532
2533 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
2534
2535         Reviewed by Sam Weinig.
2536
2537         https://bugs.webkit.org/show_bug.cgi?id=62824
2538         DFG JIT - add support for branch-fusion of compareEq, JSValue comparisons in SpeculativeJIT
2539
2540         CompareEq of non-integer values is the most common cause of speculation failure.
2541
2542         * dfg/DFGSpeculativeJIT.cpp:
2543         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
2544             - Support Equals.
2545         (JSC::DFG::SpeculativeJIT::compilePeepHoleEq):
2546             - new! - peephole optimized Eq of JSValues.
2547         (JSC::DFG::SpeculativeJIT::compile):
2548             - Add peephole optimization for CompareEq.
2549         * dfg/DFGSpeculativeJIT.h:
2550         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
2551             - Add support for dead nodes between compare & branch.
2552         (JSC::DFG::SpeculativeJIT::isInteger):
2553             - Added to determine which form of peephole to do in CompareEq.
2554
2555 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2556
2557         Try to fix the Windows build.
2558
2559         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export another
2560         symbol.
2561
2562         * bytecode/EvalCodeCache.h:
2563         * heap/HandleHeap.h:
2564         * heap/HeapRootVisitor.h:
2565         * heap/NewSpace.h:
2566         * runtime/ArgList.h:
2567         * runtime/ScopeChain.h:
2568         * runtime/SmallStrings.h:
2569         * runtime/Structure.h: Stop forward-declaring things that don't really
2570         exist anymore.
2571
2572 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2573
2574         Try to fix the Mac build: Removed and re-added SlotVisitor.h to the Xcode
2575         project while crossing my fingers and facing west.
2576
2577         * JavaScriptCore.xcodeproj/project.pbxproj:
2578
2579 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2580
2581         Build fix: Removed an incorrect symbol on Windows.
2582
2583         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2584
2585 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2586
2587         Build fix: Removed an accidental commit from the future.
2588
2589         * CMakeLists.txt:
2590
2591 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2592
2593         Reviewed by Oliver Hunt.
2594
2595         Introduced SlotVisitor into the project
2596         https://bugs.webkit.org/show_bug.cgi?id=62820
2597         
2598         This resolves a class vs typedef forward declaration issue, and gives all
2599         exported symbols the correct names.
2600
2601         * CMakeLists.txt:
2602         * GNUmakefile.list.am:
2603         * JavaScriptCore.exp:
2604         * JavaScriptCore.gypi:
2605         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2606         * JavaScriptCore.xcodeproj/project.pbxproj: Build!
2607
2608         * bytecode/EvalCodeCache.h:
2609         * heap/HandleHeap.h:
2610         * heap/Heap.cpp:
2611         (JSC::Heap::Heap):
2612         (JSC::Heap::markRoots):
2613         * heap/Heap.h:
2614         * heap/HeapRootVisitor.h: Replaced MarkStack with SlotVisitor. Now no
2615         clients operate on a MarkStack.
2616
2617         * heap/MarkStack.cpp:
2618         (JSC::SlotVisitor::visitChildren):
2619         (JSC::SlotVisitor::drain):
2620         * heap/SlotVisitor.h: Added.
2621         (JSC::SlotVisitor::SlotVisitor): Used 'protected' and a little cheesy
2622         inheritance to give SlotVisitor all the attributes of MarkStack without
2623         making this change giant. Over time, we will move more behavior into
2624         SlotVisitor and its subclasses.
2625
2626         * heap/MarkStack.h:
2627         * heap/NewSpace.h: Replaced MarkStack with SlotVisitor. Now no
2628         clients operate on a MarkStack.
2629
2630         * runtime/ArgList.h:
2631         * runtime/JSCell.h:
2632         * runtime/JSObject.h:
2633         * runtime/ScopeChain.h:
2634         * runtime/SmallStrings.h:
2635         * runtime/Structure.h: Replaced MarkStack with SlotVisitor. Now no
2636         clients operate on a MarkStack.
2637
2638 2011-06-15  Oliver Hunt  <oliver@apple.com>
2639
2640         Reviewed by Geoffrey Garen.
2641
2642         Reduce memory usage of resolve_global
2643         https://bugs.webkit.org/show_bug.cgi?id=62765
2644
2645         If we have a large number of resolve_globals in a single
2646         block start planting plain resolve instructions instead 
2647         whenever we aren't in a loop.  This allows us to reduce
2648         the code size for extremely large functions without
2649         losing the performance benefits of op_resolve_global.
2650
2651         * bytecode/CodeBlock.h:
2652         (JSC::CodeBlock::globalResolveInfoCount):
2653         * bytecompiler/BytecodeGenerator.cpp:
2654         (JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
2655         (JSC::BytecodeGenerator::emitResolve):
2656         (JSC::BytecodeGenerator::emitResolveWithBase):
2657         * bytecompiler/BytecodeGenerator.h:
2658
2659 2011-06-16  Qi Zhang  <qi.2.zhang@nokia.com>
2660
2661         Reviewed by Laszlo Gombos.
2662
2663         [Qt] Fix building with CONFIG(use_system_icu)
2664         https://bugs.webkit.org/show_bug.cgi?id=62744
2665
2666         Do not define WTF_USE_QT4_UNICODE if WTF_USE_ICU_UNICODE is set.
2667
2668         * wtf/Platform.h:
2669
2670 2011-06-15  Darin Adler  <darin@apple.com>
2671
2672         Reviewed by Adam Barth.
2673
2674         Remove obsolete LOOSE_OWN_PTR code
2675         https://bugs.webkit.org/show_bug.cgi?id=59909
2676
2677         The internal Apple dependency on this is gone now.
2678
2679         * wtf/OwnArrayPtr.h: Removed constructor that takes a raw pointer,
2680         set function that takes a raw pointer.
2681
2682         * wtf/OwnPtr.h: Removed constructor that takes a raw pointer,
2683         set functino that takes a raw pointer.
2684
2685         * wtf/PassOwnArrayPtr.h: Made constructor that takes a nullptr
2686         and assignment operator that takes a nullptr unconditional.
2687         Made constructor that takes a raw pointer private and explicit,
2688         and removed assignment operator that takes a raw pointer.
2689
2690         * wtf/PassOwnPtr.h: Made assignment operator that takes a nullptr
2691         unconditional. Made constructor that takes a raw pointer private
2692         and explicit, and removed assignment operator that takes a raw pointer.
2693
2694 2011-06-15  Sam Weinig  <sam@webkit.org>
2695
2696         Reviewed by Geoffrey Garen and Gavin Barraclough.
2697
2698         Make access-nseive ~9x faster on the non-speculative path by
2699         adding special casing for doubles that can lossless-ly be converted
2700         to a uint32_t in getByVal and putByVal. This avoids calls to stringification
2701         and the hash lookup.  Long term, we should try and get property of a getByVal
2702         and putByVal to be an integer immediate even in the non-speculative path.
2703
2704         * dfg/DFGOperations.cpp:
2705         (JSC::DFG::putByVal):
2706         (JSC::DFG::operationPutByValInternal):
2707
2708 2011-06-15  Oliver Hunt  <oliver@apple.com>
2709
2710         Reviewed by Darin Adler.
2711
2712         REGRESSION (r88719): 5by5.tv schedule is not visible
2713         https://bugs.webkit.org/show_bug.cgi?id=62720
2714
2715         Problem here is that the lexer wasn't considering '$' to be
2716         a valid character in an identifier.
2717
2718         * parser/Lexer.h:
2719         (JSC::Lexer::lexExpectIdentifier):
2720
2721 2011-06-15  Oliver Hunt  <oliver@apple.com>
2722
2723         Reviewed by Sam Weinig.
2724
2725         Reduce the size of global_resolve
2726         https://bugs.webkit.org/show_bug.cgi?id=62738
2727
2728         Reduce the code size of global_resolve in the JIT by replacing
2729         multiple pointer loads with a single pointer move + two offset
2730         loads.
2731
2732         * jit/JITOpcodes.cpp:
2733         (JSC::JIT::emit_op_resolve_global):
2734         * jit/JITOpcodes32_64.cpp:
2735         (JSC::JIT::emit_op_resolve_global):
2736
2737 2011-06-14  Geoffrey Garen  <ggaren@apple.com>
2738
2739         Reviewed by Dan Bernstein.
2740
2741         Fixed an inavlid ASSERT I found while investigating
2742         <rdar://problem/9580254> Crash in JSC::HandleHeap::finalizeWeakHandles + 92
2743         https://bugs.webkit.org/show_bug.cgi?id=62699        
2744
2745         No test since we don't know of a way to get WebCore to deallocate the
2746         next-to-finalize handle, which is also the last handle in the list,
2747         while finalizing the second-to-last handle in the list.
2748
2749         * heap/HandleHeap.h:
2750         (JSC::HandleHeap::deallocate): Don't ASSERT that m_nextToFinalize has a
2751         non-0 next() after updating it, since it is valid to update m_nextToFinalize
2752         to point to the tail sentinel.
2753         
2754         Do ASSERT that m_nextToFinalize has a non-0 next() before updating it,
2755         since it is not valid to update m_nextToFinalize to point past the tail
2756         sentinel.
2757         
2758         Also, use m_nextToFinalize consistently for clarity.
2759
2760 2011-06-14  Gavin Barraclough  <barraclough@apple.com>
2761
2762         Reviewed by Sam Weinig.
2763
2764         https://bugs.webkit.org/show_bug.cgi?id=43841
2765         SegmentedVector::operator== typo
2766
2767         * wtf/SegmentedVector.h:
2768         (WTF::SegmentedVectorIterator::operator==):
2769         (WTF::SegmentedVectorIterator::operator!=):
2770
2771 2011-06-14  Oliver Hunt  <oliver@apple.com>
2772
2773         Reviewed by Gavin Barraclough.
2774
2775         Constant array literals result in unnecessarily large amounts of code
2776         https://bugs.webkit.org/show_bug.cgi?id=62658
2777
2778         Add a new version of op_new_array that simply copies values from a buffer
2779         we hang off of the CodeBlock, rather than generating code to place each
2780         entry into the registerfile, and then copying it from the registerfile into
2781         the array.  This is a slight improvement on some sunspider tests, but no
2782         measurable overall change.  That's okay though as our goal was to reduce
2783         code size without hurting performance.
2784
2785         * bytecode/CodeBlock.cpp:
2786         (JSC::CodeBlock::dump):
2787         * bytecode/CodeBlock.h:
2788         (JSC::CodeBlock::addImmediateBuffer):
2789         (JSC::CodeBlock::immediateBuffer):
2790         * bytecode/Opcode.h:
2791         * bytecompiler/BytecodeGenerator.cpp:
2792         (JSC::BytecodeGenerator::addImmediateBuffer):
2793         (JSC::BytecodeGenerator::emitNewArray):
2794         * bytecompiler/BytecodeGenerator.h:
2795         * bytecompiler/NodesCodegen.cpp:
2796         (JSC::ArrayNode::emitBytecode):
2797         * interpreter/Interpreter.cpp:
2798         (JSC::Interpreter::privateExecute):
2799         * jit/JIT.cpp:
2800         (JSC::JIT::privateCompileMainPass):
2801         * jit/JIT.h:
2802         * jit/JITOpcodes.cpp:
2803         (JSC::JIT::emit_op_new_array):
2804         (JSC::JIT::emit_op_new_array_buffer):
2805         * jit/JITOpcodes32_64.cpp:
2806         * jit/JITStubs.cpp:
2807         (JSC::DEFINE_STUB_FUNCTION):
2808         * jit/JITStubs.h:
2809
2810 2011-06-14  Sheriff Bot  <webkit.review.bot@gmail.com>
2811
2812         Unreviewed, rolling out r88841.
2813         http://trac.webkit.org/changeset/88841
2814         https://bugs.webkit.org/show_bug.cgi?id=62672
2815
2816         Caused many tests to crash (Requested by rniwa on #webkit).
2817
2818         * bytecode/CodeBlock.cpp:
2819         (JSC::CodeBlock::dump):
2820         * bytecode/CodeBlock.h:
2821         * bytecode/Opcode.h:
2822         * bytecompiler/BytecodeGenerator.cpp:
2823         (JSC::BytecodeGenerator::emitNewArray):
2824         * bytecompiler/BytecodeGenerator.h:
2825         * bytecompiler/NodesCodegen.cpp:
2826         (JSC::ArrayNode::emitBytecode):
2827         * interpreter/Interpreter.cpp:
2828         (JSC::Interpreter::privateExecute):
2829         * jit/JIT.cpp:
2830         (JSC::JIT::privateCompileMainPass):
2831         * jit/JIT.h:
2832         * jit/JITOpcodes.cpp:
2833         (JSC::JIT::emit_op_new_array):
2834         * jit/JITOpcodes32_64.cpp:
2835         (JSC::JIT::emit_op_new_array):
2836         * jit/JITStubs.cpp:
2837         * jit/JITStubs.h:
2838
2839 2011-06-14  Oliver Hunt  <oliver@apple.com>
2840
2841         Reviewed by Gavin Barraclough.
2842
2843         Constant array literals result in unnecessarily large amounts of code
2844         https://bugs.webkit.org/show_bug.cgi?id=62658
2845
2846         Add a new version of op_new_array that simply copies values from a buffer
2847         we hang off of the CodeBlock, rather than generating code to place each
2848         entry into the registerfile, and then copying it from the registerfile into
2849         the array.  This is a slight improvement on some sunspider tests, but no
2850         measurable overall change.  That's okay though as our goal was to reduce
2851         code size without hurting performance.
2852
2853         * bytecode/CodeBlock.cpp:
2854         (JSC::CodeBlock::dump):
2855         * bytecode/CodeBlock.h:
2856         (JSC::CodeBlock::addImmediateBuffer):
2857         (JSC::CodeBlock::immediateBuffer):
2858         * bytecode/Opcode.h:
2859         * bytecompiler/BytecodeGenerator.cpp:
2860         (JSC::BytecodeGenerator::addImmediateBuffer):
2861         (JSC::BytecodeGenerator::emitNewArray):
2862         * bytecompiler/BytecodeGenerator.h:
2863         * bytecompiler/NodesCodegen.cpp:
2864         (JSC::ArrayNode::emitBytecode):
2865         * interpreter/Interpreter.cpp:
2866         (JSC::Interpreter::privateExecute):
2867         * jit/JIT.cpp:
2868         (JSC::JIT::privateCompileMainPass):
2869         * jit/JIT.h:
2870         * jit/JITOpcodes.cpp:
2871         (JSC::JIT::emit_op_new_array):
2872         (JSC::JIT::emit_op_new_array_buffer):
2873         * jit/JITOpcodes32_64.cpp:
2874         * jit/JITStubs.cpp:
2875         (JSC::DEFINE_STUB_FUNCTION):
2876         * jit/JITStubs.h:
2877
2878 2011-06-14  Stephanie Lewis  <slewis@apple.com>
2879
2880         Rubber stamped by Oliver Hunt.
2881
2882         <rdar://problem/9511169>
2883         Update order files.
2884
2885         * JavaScriptCore.order:
2886
2887 2011-06-14  Sam Weinig  <sam@webkit.org>
2888
2889         Reviewed by Geoffrey Garen.
2890
2891         Fix dumping of constants to have the correct constant number.
2892
2893         * bytecode/CodeBlock.cpp:
2894         (JSC::CodeBlock::dump):
2895
2896 2011-06-14  Benjamin Poulain  <benjamin@webkit.org>
2897
2898         Reviewed by Eric Seidel.
2899
2900         KeywordLookupGenerator's Trie does not work with Python 3
2901         https://bugs.webkit.org/show_bug.cgi?id=62635
2902
2903         With Python 3, dict.items() return an iterator. Since the iterator
2904         protocol changed between Python 2 and 3, the easiest way to get the
2905         values is to have something that use the iterator implicitely, like a
2906         for() loop.
2907
2908         * KeywordLookupGenerator.py:
2909
2910 2011-06-13  Oliver Hunt  <oliver@apple.com>
2911
2912         Reviewed by Gavin Barraclough.
2913
2914         Fix llocp and lvalp names in the lexer to something more meaningful
2915         https://bugs.webkit.org/show_bug.cgi?id=62605
2916
2917         A simple rename
2918
2919         * parser/Lexer.cpp:
2920         (JSC::Lexer::parseIdentifier):
2921         (JSC::Lexer::parseString):
2922         (JSC::Lexer::lex):
2923         * parser/Lexer.h:
2924         (JSC::Lexer::lexExpectIdentifier):
2925
2926 2011-06-13  Oliver Hunt  <oliver@apple.com>
2927
2928         Reviewed by Gavin Barraclough.
2929
2930         Make it possible to inline the common case of identifier lexing
2931         https://bugs.webkit.org/show_bug.cgi?id=62600
2932
2933         Add a lexing function that expects to lex an "normal" alpha numeric
2934         identifier (that ignores keywords) so it's possible to inline the
2935         common parsing cases.  This comes out as a reasonable parsing speed
2936         boost.
2937
2938         * parser/JSParser.cpp:
2939         (JSC::JSParser::nextExpectIdentifier):
2940         (JSC::JSParser::parseProperty):
2941         (JSC::JSParser::parseMemberExpression):
2942         * parser/Lexer.cpp:
2943         * parser/Lexer.h:
2944         (JSC::Lexer::makeIdentifier):
2945         (JSC::Lexer::lexExpectIdentifier):
2946
2947 2011-06-13  Xan Lopez  <xlopez@igalia.com>
2948
2949         Reviewed by Martin Robinson.
2950
2951         Distcheck fixes.
2952
2953         * GNUmakefile.am:
2954         * GNUmakefile.list.am:
2955
2956 2011-06-13  Oliver Hunt  <oliver@apple.com>
2957
2958         Reviewed by Simon Fraser.
2959
2960         Make it possible to inline Identifier::equal
2961         https://bugs.webkit.org/show_bug.cgi?id=62584
2962
2963         Move Identifier::equal to the Identifier header file.
2964
2965         * runtime/Identifier.cpp:
2966         * runtime/Identifier.h:
2967         (JSC::Identifier::equal):
2968
2969 2011-06-13  Tony Chang  <tony@chromium.org>
2970
2971         Reviewed by Dimitri Glazkov.
2972
2973         rename ENABLE_NEW_FLEXBOX to ENABLE_CSS3_FLEXBOX
2974         https://bugs.webkit.org/show_bug.cgi?id=62578
2975
2976         * Configurations/FeatureDefines.xcconfig:
2977
2978 2011-06-13  Tony Chang  <tony@chromium.org>
2979
2980         Reviewed by Adam Barth.
2981
2982         rename ENABLE_FLEXBOX to ENABLE_NEW_FLEXBOX
2983         https://bugs.webkit.org/show_bug.cgi?id=62545
2984
2985         * Configurations/FeatureDefines.xcconfig:
2986
2987 2011-06-12  Patrick Gansterer  <paroga@webkit.org>
2988
2989         Unreviewed. Build fix for !ENABLE(JIT) after r88604.
2990
2991         * bytecode/CodeBlock.cpp:
2992         (JSC::CodeBlock::visitAggregate):
2993
2994 2011-06-11  Gavin Barraclough  <barraclough@apple.com>
2995
2996         Reviewed by Darin Adler.
2997
2998         https://bugs.webkit.org/show_bug.cgi?id=16777
2999
3000         Remove #define NaN per Darin's comments.
3001
3002         * runtime/JSGlobalObjectFunctions.cpp:
3003         (JSC::parseIntOverflow):
3004         (JSC::parseInt):
3005         (JSC::jsStrDecimalLiteral):
3006         (JSC::jsToNumber):
3007         (JSC::parseFloat):
3008         * wtf/DateMath.cpp:
3009         (WTF::equivalentYearForDST):
3010         (WTF::parseES5DateFromNullTerminatedCharacters):
3011         (WTF::parseDateFromNullTerminatedCharacters):
3012         (WTF::timeClip):
3013         (JSC::parseDateFromNullTerminatedCharacters):
3014
3015 2011-06-11  Gavin Barraclough  <barraclough@apple.com>
3016
3017         Rubber stamped by Geoff Garen.
3018
3019         https://bugs.webkit.org/show_bug.cgi?id=62503
3020         Remove JIT_OPTIMIZE_* switches
3021
3022         The alternative code paths are untested, and not well maintained.
3023         These were useful when there was more churn in the JIT, but now
3024         are a maintenance overhead. Time to move on, removing.
3025
3026         * bytecode/CodeBlock.cpp:
3027         (JSC::CodeBlock::visitAggregate):
3028         * jit/JIT.cpp:
3029         (JSC::JIT::privateCompileSlowCases):
3030         (JSC::JIT::privateCompile):
3031         (JSC::JIT::linkConstruct):
3032         * jit/JIT.h:
3033         * jit/JITCall.cpp:
3034         * jit/JITCall32_64.cpp:
3035         * jit/JITOpcodes.cpp:
3036         (JSC::JIT::privateCompileCTIMachineTrampolines):
3037         (JSC::JIT::privateCompileCTINativeCall):
3038         * jit/JITOpcodes32_64.cpp:
3039         (JSC::JIT::privateCompileCTIMachineTrampolines):
3040         (JSC::JIT::privateCompileCTINativeCall):
3041         (JSC::JIT::softModulo):
3042         * jit/JITPropertyAccess.cpp:
3043         * jit/JITPropertyAccess32_64.cpp:
3044         * jit/JITStubs.cpp:
3045         (JSC::DEFINE_STUB_FUNCTION):
3046         * runtime/Lookup.cpp:
3047         (JSC::setUpStaticFunctionSlot):
3048         * runtime/Lookup.h:
3049         * wtf/Platform.h:
3050
3051 2011-06-10  Gavin Barraclough  <barraclough@apple.com>
3052
3053         Reviewed by Sam Weinig.
3054
3055         https://bugs.webkit.org/show_bug.cgi?id=16777
3056         Eliminate JSC::NaN and JSC::Inf
3057
3058         There's no good reason for -K-J-S- JSC to have its own NAN and infinity constants.
3059         The ones in std::numeric_limits are perfectly good.
3060         Remove JSC::Inf, JSC::NaN, switch some cases of (isnan || isinf) to !isfinite.
3061
3062         * API/JSCallbackObjectFunctions.h:
3063         (JSC::::toNumber):
3064         * API/JSValueRef.cpp:
3065         (JSValueMakeNumber):
3066         (JSValueToNumber):
3067         * JavaScriptCore.exp:
3068         * runtime/CachedTranscendentalFunction.h:
3069         (JSC::CachedTranscendentalFunction::initialize):
3070         * runtime/DateConstructor.cpp:
3071         (JSC::constructDate):
3072         * runtime/DateInstanceCache.h:
3073         (JSC::DateInstanceData::DateInstanceData):
3074         (JSC::DateInstanceCache::reset):
3075         * runtime/JSCell.cpp:
3076         * runtime/JSCell.h:
3077         (JSC::JSCell::JSValue::getPrimitiveNumber):
3078         (JSC::JSCell::JSValue::toNumber):
3079         * runtime/JSGlobalData.cpp:
3080         (JSC::JSGlobalData::JSGlobalData):
3081         (JSC::JSGlobalData::resetDateCache):
3082         * runtime/JSGlobalObject.cpp:
3083         (JSC::JSGlobalObject::reset):
3084         * runtime/JSGlobalObjectFunctions.cpp:
3085         (JSC::globalFuncParseInt):
3086         (JSC::globalFuncIsFinite):
3087         * runtime/JSNotAnObject.cpp:
3088         (JSC::JSNotAnObject::toNumber):
3089         * runtime/JSValue.cpp:
3090         * runtime/JSValue.h:
3091         * runtime/JSValueInlineMethods.h:
3092         (JSC::jsNaN):
3093         * runtime/MathObject.cpp:
3094         (JSC::mathProtoFuncMax):
3095         (JSC::mathProtoFuncMin):
3096         * runtime/NumberConstructor.cpp:
3097         (JSC::numberConstructorNegInfinity):
3098         (JSC::numberConstructorPosInfinity):
3099         * runtime/NumberPrototype.cpp:
3100         (JSC::numberProtoFuncToExponential):
3101         (JSC::numberProtoFuncToFixed):
3102         (JSC::numberProtoFuncToPrecision):
3103         (JSC::numberProtoFuncToString):
3104         * runtime/UString.cpp:
3105         * wtf/DecimalNumber.h:
3106         (WTF::DecimalNumber::DecimalNumber):
3107         * wtf/dtoa.cpp:
3108         (WTF::dtoa):
3109
3110 2011-06-10  Tony Chang  <tony@chromium.org>
3111
3112         Reviewed by Ojan Vafai.
3113
3114         add a compile guard ENABLE(FLEXBOX)
3115         https://bugs.webkit.org/show_bug.cgi?id=62049
3116
3117         * Configurations/FeatureDefines.xcconfig:
3118
3119 2011-06-10  Gavin Barraclough  <barraclough@apple.com>
3120
3121         Reviewed by Sam Weinig.
3122
3123         https://bugs.webkit.org/show_bug.cgi?id=55347
3124         "name" and "message" enumerable on *Error.prototype
3125
3126         This arises from chapter 15 of the spec:
3127             "Every other property described in this clause has the attributes
3128             { [[Writable]]: true, [[Enumerable]]: false, [[Configurable]]: true }
3129             unless otherwise specified."
3130         Standardized properties are not enumerable.
3131
3132         * runtime/ErrorInstance.cpp:
3133         (JSC::ErrorInstance::ErrorInstance):
3134         * runtime/NativeErrorPrototype.cpp:
3135         (JSC::NativeErrorPrototype::NativeErrorPrototype):
3136
3137 2011-06-09  Geoffrey Garen  <ggaren@apple.com>
3138
3139         Build fix: Corrected header spelling.
3140
3141         * heap/OldSpace.h:
3142
3143 2011-06-09  Geoffrey Garen  <ggaren@apple.com>
3144
3145         Reviewed by Oliver Hunt.
3146
3147         Added OldSpace to the project
3148         https://bugs.webkit.org/show_bug.cgi?id=62417
3149         
3150         Currently unused.
3151         
3152         Added OldSpace, the ability to iterate NewSpace vs OldSpace, and a
3153         per-block flag for testing whether you're in NewSpace vs OldSpace.
3154
3155         * CMakeLists.txt:
3156         * GNUmakefile.list.am:
3157         * JavaScriptCore.gypi:
3158         * JavaScriptCore.pro:
3159         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3160         * JavaScriptCore.xcodeproj/project.pbxproj: Build!
3161
3162         * heap/MarkedBlock.cpp:
3163         (JSC::MarkedBlock::MarkedBlock):
3164         * heap/MarkedBlock.h:
3165         (JSC::MarkedBlock::inNewSpace):
3166         (JSC::MarkedBlock::setInNewSpace): Added inNewSpace flag, for use in
3167         write barrier.
3168
3169         * heap/NewSpace.cpp:
3170         (JSC::NewSpace::addBlock):
3171         (JSC::NewSpace::removeBlock):
3172         * heap/NewSpace.h:
3173         (JSC::NewSpace::forEachBlock): Added forEachBlock, to use for
3174         NewSpace-specific operations.
3175
3176         * heap/OldSpace.cpp: Added.
3177         (JSC::OldSpace::OldSpace):
3178         (JSC::OldSpace::addBlock):
3179         (JSC::OldSpace::removeBlock):
3180         * heap/OldSpace.h: Added.
3181         (JSC::OldSpace::forEachBlock): New class for holding promoted blocks.
3182         Not in use yet.
3183
3184 2011-06-09  Hyowon Kim  <hw1008.kim@samsung.com>
3185
3186         Reviewed by Antonio Gomes.
3187
3188         [EFL] Make accelerated compositing build in Webkit-EFL
3189         https://bugs.webkit.org/show_bug.cgi?id=62361
3190
3191         Add PLATFORM(EFL) to enable ACCELERATED_COMPOSITING on EFL port.
3192
3193         * wtf/Platform.h:
3194
3195 2011-06-09  Gavin Barraclough  <barraclough@apple.com>
3196
3197         Reviewed by Geoff Garen.
3198
3199         Bug 62405 - Fix integer overflow in Array.prototype.push
3200
3201         Fix geoff's review comments re static_cast.
3202
3203         * runtime/ArrayPrototype.cpp:
3204         (JSC::arrayProtoFuncPush):
3205
3206 2011-06-09  Geoffrey Garen  <ggaren@apple.com>
3207
3208         Reviewed by Oliver Hunt.
3209
3210         Factored MarkedBlock set management into a helper class with a fast case Bloom filter
3211         https://bugs.webkit.org/show_bug.cgi?id=62413
3212         
3213         SunSpider reports a small speedup.
3214         
3215         This is in preparation for having ConservativeSet operate on arbitrary
3216         sets of MarkedBlocks, and in preparation for conservative scanning
3217         becoming proportionally more important than other GC activities.
3218
3219         * GNUmakefile.list.am:
3220         * JavaScriptCore.gypi:
3221         * JavaScriptCore.xcodeproj/project.pbxproj: Build-o.
3222
3223         * heap/ConservativeRoots.cpp:
3224         (JSC::ConservativeRoots::add):
3225         * heap/ConservativeRoots.h:
3226         (JSC::ConservativeRoots::ConservativeRoots): Operate on a MarkedBlockSet
3227         directly, instead of a Heap, so we can operate on subsets of the Heap
3228         instead.
3229         
3230         Use a TinyBloomFilter for single-cycle exclusion of most pointers. This
3231         is particularly important since we expect not to find our subject pointer
3232         in the MarkedBlock hash, and hash misses are more expensive than typical
3233         hash lookups because they have high collision rates.
3234         
3235         No need for single-pointer add() to be public anymore, since nobody uses it.
3236
3237         * heap/Heap.cpp:
3238         (JSC::Heap::markRoots):
3239         * heap/Heap.h:
3240         (JSC::Heap::forEachCell):
3241         (JSC::Heap::forEachBlock): Use MarkedBlockSet since that's what
3242         ConservativeRoots relies on.
3243         
3244         Nixed contains(), since nobody uses it anymore.
3245
3246         * heap/MarkedBlock.h:
3247         (WTF::MarkedBlockHash::hash): Added a faster hash taking advantage of
3248         the VM layout properties of MarkedBlocks.
3249
3250         * heap/MarkedBlockSet.h: Added.
3251         (JSC::MarkedBlockSet::add):
3252         (JSC::MarkedBlockSet::remove):
3253         (JSC::MarkedBlockSet::recomputeFilter):
3254         (JSC::MarkedBlockSet::filter):
3255         (JSC::MarkedBlockSet::set):
3256         * heap/TinyBloomFilter.h: Added.
3257         (JSC::TinyBloomFilter::TinyBloomFilter):
3258         (JSC::TinyBloomFilter::add):
3259         (JSC::TinyBloomFilter::ruleOut): New helper class, used above.
3260
3261         * interpreter/RegisterFile.cpp:
3262         (JSC::RegisterFile::gatherConservativeRoots): No need to specifically
3263         exclude values by tag -- the tiny bloom filter is already a register-register
3264         compare, so adding another "rule out" factor just slows things down.
3265
3266 2011-06-09  Gavin Barraclough  <barraclough@apple.com>
3267
3268         Reviewed by Oliver Hunt.
3269
3270         Bug 62405 - Fix integer overflow in Array.prototype.push
3271
3272         There are three integer overflows here, leading to safe (not a security risk)
3273         but incorrect (non-spec-compliant) behaviour.
3274
3275         Two overflows occur when calculating the new length after pushing (one in the
3276         fast version of push in JSArray, one in the generic version in ArrayPrototype).
3277         The other occurs calculating indices to write to when multiple items are pushed.
3278
3279         These errors result in three test-262 failures.
3280
3281         * runtime/ArrayPrototype.cpp:
3282         (JSC::arrayProtoFuncPush):
3283         * runtime/JSArray.cpp:
3284         (JSC::JSArray::put):
3285         (JSC::JSArray::push):
3286
3287 2011-06-09  Dan Bernstein  <mitz@apple.com>
3288
3289         Reviewed by Anders Carlsson.
3290
3291         Add Vector::reverse()
3292         https://bugs.webkit.org/show_bug.cgi?id=62393
3293
3294         * wtf/Vector.h:
3295         (WTF::Vector::reverse): Added
3296
3297 2011-06-08  Geoffrey Garen  <ggaren@apple.com>
3298
3299         Reviewed by Oliver Hunt.
3300
3301         Factored a bunch of Heap functionality into stand-alone functors
3302         https://bugs.webkit.org/show_bug.cgi?id=62337
3303         
3304         This is in preparation for making these functors operate on arbitrary
3305         sets of MarkedBlocks.
3306
3307         * JavaScriptCore.exp: This file is a small tragedy.
3308
3309         * debugger/Debugger.cpp:
3310         (JSC::Debugger::recompileAllJSFunctions): Updated for type change and rename.
3311
3312         * heap/HandleHeap.h:
3313         (JSC::HandleHeap::forEachStrongHandle): New function for iterating all
3314         strong handles, so we can play along in the functor game.
3315
3316         * heap/Heap.cpp:
3317         (JSC::CountFunctor::CountFunctor::CountFunctor):
3318         (JSC::CountFunctor::CountFunctor::count):
3319         (JSC::CountFunctor::CountFunctor::returnValue):
3320         (JSC::CountFunctor::ClearMarks::operator()):
3321         (JSC::CountFunctor::ResetAllocator::operator()):
3322         (JSC::CountFunctor::Sweep::operator()):
3323         (JSC::CountFunctor::MarkCount::operator()):
3324         (JSC::CountFunctor::Size::operator()):
3325         (JSC::CountFunctor::Capacity::operator()):
3326         (JSC::CountFunctor::Count::operator()):
3327         (JSC::CountFunctor::CountIfGlobalObject::operator()):
3328         (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
3329         (JSC::CountFunctor::TakeIfEmpty::operator()):
3330         (JSC::CountFunctor::TakeIfEmpty::returnValue):
3331         (JSC::CountFunctor::RecordType::RecordType):
3332         (JSC::CountFunctor::RecordType::typeName):
3333         (JSC::CountFunctor::RecordType::operator()):
3334         (JSC::CountFunctor::RecordType::returnValue): These functors factor out
3335         behavior that used to be in the functions below.
3336
3337         (JSC::Heap::clearMarks):
3338         (JSC::Heap::sweep):
3339         (JSC::Heap::objectCount):
3340         (JSC::Heap::size):
3341         (JSC::Heap::capacity):
3342         (JSC::Heap::protectedGlobalObjectCount):
3343         (JSC::Heap::protectedObjectCount):
3344         (JSC::Heap::protectedObjectTypeCounts):
3345         (JSC::Heap::objectTypeCounts):
3346         (JSC::Heap::resetAllocator):
3347         (JSC::Heap::freeBlocks):
3348         (JSC::Heap::shrink): Factored out behavior into the functors above.
3349
3350         * heap/Heap.h:
3351         (JSC::Heap::forEachProtectedCell):
3352         (JSC::Heap::forEachCell):
3353         (JSC::Heap::forEachBlock): Added forEach* iteration templates. I chose
3354         functor-based templates instead of plain iterators because they're simpler
3355         to implement in this case and they require a lot less code at the call site.
3356
3357         * heap/MarkedBlock.h:
3358         (JSC::MarkedBlock::VoidFunctor::returnValue): Default parent class for
3359         trivial functors.
3360
3361         (JSC::MarkedBlock::forEachCell): Renamed forEach to forEachCell because
3362         we have a few different kind of "for each" now.
3363
3364         * runtime/JSGlobalData.cpp:
3365         (WTF::Recompile::operator()):
3366         (JSC::JSGlobalData::JSGlobalData):
3367         (JSC::JSGlobalData::recompileAllJSFunctions): Updated for type change and rename.
3368
3369         * runtime/JSGlobalData.h: Removed globalObjectCount because it was unused.
3370
3371 2011-06-08  Mikołaj Małecki  <m.malecki@samsung.com>
3372
3373         Reviewed by Pavel Feldman.
3374
3375         Web Inspector: Crash by buffer overrun crash when serializing inspector object tree.
3376         https://bugs.webkit.org/show_bug.cgi?id=52791
3377
3378         No new tests. The problem can be reproduced by trying to create InspectorValue
3379         from 1.0e-100 and call ->toJSONString() on this.
3380
3381         * JavaScriptCore.exp:
3382         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3383         export 2 functions DecimalNumber::bufferLengthForStringExponential and
3384         DecimalNumber::toStringExponential.
3385
3386 2011-06-08  Sheriff Bot  <webkit.review.bot@gmail.com>
3387
3388         Unreviewed, rolling out r88404.
3389         http://trac.webkit.org/changeset/88404
3390         https://bugs.webkit.org/show_bug.cgi?id=62342
3391
3392         broke win and mac build (Requested by tony^work on #webkit).
3393
3394         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3395
3396 2011-06-08  Evan Martin  <evan@chromium.org>
3397
3398         Reviewed by Adam Barth.
3399
3400         [chromium] use gyp 'settings' type for settings target
3401         https://bugs.webkit.org/show_bug.cgi?id=62323
3402
3403         The 'settings' gyp target type is for targets that exist solely
3404         for their settings (no build rules).  The comment above this target
3405         says it's for this, but it incorrectly uses 'none'.
3406
3407         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3408
3409 2011-06-08  Sailesh Agrawal  <sail@chromium.org>
3410
3411         Reviewed by Mihai Parparita.
3412
3413         Chromium Mac: Enable overlay scrollbars
3414         https://bugs.webkit.org/show_bug.cgi?id=59756
3415
3416         Enable WTF_USE_WK_SCROLLBAR_PAINTER for Chromium Mac. This allows us to use overlay scrollbars on future versions of Mac OS X.
3417
3418         * wtf/Platform.h:
3419
3420 2011-06-08  Oliver Hunt  <oliver@apple.com>
3421
3422         Reviewed by Geoffrey Garen.
3423
3424         Add faster lookup cache for multi character identifiers
3425         https://bugs.webkit.org/show_bug.cgi?id=62327
3426
3427         Add a non-hash lookup for mutiple character identifiers.  This saves us from
3428         adding repeated identifiers to the ParserArena's identifier list as people
3429         tend to not start all their variables and properties with the same character
3430         and happily identifier locality works in our favour.
3431
3432         * parser/ParserArena.h:
3433         (JSC::IdentifierArena::isEmpty):
3434         (JSC::IdentifierArena::clear):
3435         (JSC::IdentifierArena::makeIdentifier):
3436
3437 2011-06-08  Geoffrey Garen  <ggaren@apple.com>
3438
3439         Reviewed by Oliver Hunt.
3440
3441         Took some responsibilities away from NewSpace
3442         https://bugs.webkit.org/show_bug.cgi?id=62325
3443         
3444         NewSpace is basically just an allocator now.
3445         
3446         Heap acts as a controller, responsible for managing the set of all
3447         MarkedBlocks.
3448         
3449         This is in preparation for moving parts of the controller logic into
3450         separate helper classes that can act on arbitrary sets of MarkedBlocks
3451         that may or may not be in NewSpace.
3452
3453         * heap/Heap.cpp:
3454         (JSC::Heap::Heap):
3455         (JSC::Heap::destroy):
3456         (JSC::Heap::allocate):
3457         (JSC::Heap::markRoots):
3458         (JSC::Heap::clearMarks):
3459         (JSC::Heap::sweep):
3460         (JSC::Heap::objectCount):
3461         (JSC::Heap::size):
3462         (JSC::Heap::capacity):
3463         (JSC::Heap::collect):
3464         (JSC::Heap::resetAllocator):
3465         (JSC::Heap::allocateBlock):
3466         (JSC::Heap::freeBlocks):
3467         (JSC::Heap::shrink): Moved the set of MarkedBlocks from NewSpace to Heap,
3468         along with all functions that operate on the set of MarkedBlocks. Also
3469         moved responsibility for deciding whether to allocate a new MarkedBlock,
3470         and for allocating it.
3471
3472         * heap/Heap.h:
3473         (JSC::Heap::contains):
3474         (JSC::Heap::forEach): Ditto.
3475
3476         * heap/NewSpace.cpp:
3477         (JSC::NewSpace::addBlock):
3478         (JSC::NewSpace::removeBlock):
3479         (JSC::NewSpace::resetAllocator):
3480         * heap/NewSpace.h:
3481         (JSC::NewSpace::waterMark):
3482         (JSC::NewSpace::allocate): Ditto.
3483
3484 2011-06-08  Geoffrey Garen  <ggaren@apple.com>
3485
3486         Reviewed by Oliver Hunt.
3487
3488         Some more MarkedSpace => NewSpace renaming
3489         https://bugs.webkit.org/show_bug.cgi?id=62305
3490
3491         * JavaScriptCore.exp:
3492         * JavaScriptCore.order:
3493         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3494         * heap/Heap.cpp:
3495         (JSC::Heap::Heap):
3496         (JSC::Heap::destroy):
3497         (JSC::Heap::reportExtraMemoryCostSlowCase):
3498         (JSC::Heap::allocate):
3499         (JSC::Heap::markRoots):
3500         (JSC::Heap::objectCount):
3501         (JSC::Heap::size):
3502         (JSC::Heap::capacity):
3503         (JSC::Heap::collect):
3504         (JSC::Heap::isValidAllocation):
3505         * heap/Heap.h:
3506         (JSC::Heap::markedSpace):
3507         (JSC::Heap::contains):
3508         (JSC::Heap::forEach):
3509         (JSC::Heap::allocate):
3510         * runtime/JSCell.h:
3511
3512 2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
3513
3514         Reviewed by Eric Seidel.
3515
3516         Add export macros to profiler headers.
3517         https://bugs.webkit.org/show_bug.cgi?id=27551
3518
3519         * profiler/Profiler.h:
3520
3521 2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
3522
3523         Reviewed by Eric Seidel.
3524
3525         Add export symbols to parser headers.
3526         https://bugs.webkit.org/show_bug.cgi?id=27551
3527
3528         * parser/SourceProviderCache.h:
3529
3530 2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
3531
3532         Reviewed by Eric Seidel.
3533
3534         Add export symbols to interpreter headers.
3535         https://bugs.webkit.org/show_bug.cgi?id=27551
3536
3537         * interpreter/Interpreter.h:
3538
3539 2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
3540
3541         Reviewed by Eric Seidel.
3542
3543         Add export symbols to debugger headers.
3544         https://bugs.webkit.org/show_bug.cgi?id=27551
3545
3546         * debugger/Debugger.h:
3547         * debugger/DebuggerCallFrame.h:
3548
3549 2011-06-08  Geoffrey Garen  <ggaren@apple.com>
3550
3551         Reviewed by Darin Adler.
3552
3553         Moved MarkedSpace.* to NewSpace.* in preparation for more renaming
3554         https://bugs.webkit.org/show_bug.cgi?id=62268
3555
3556         * CMakeLists.txt:
3557         * GNUmakefile.list.am:
3558         * JavaScriptCore.gypi:
3559         * JavaScriptCore.pro:
3560         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3561         * JavaScriptCore.xcodeproj/project.pbxproj:
3562         * heap/Heap.h:
3563         * heap/MarkedBlock.h:
3564         * heap/MarkedSpace.cpp: Removed.
3565         * heap/MarkedSpace.h: Removed.
3566         * heap/NewSpace.cpp: Copied from Source/JavaScriptCore/heap/MarkedSpace.cpp.
3567         * heap/NewSpace.h: Copied from Source/JavaScriptCore/heap/MarkedSpace.h.
3568
3569 2011-06-08  Sheriff Bot  <webkit.review.bot@gmail.com>
3570
3571         Unreviewed, rolling out r88365.
3572         http://trac.webkit.org/changeset/88365
3573         https://bugs.webkit.org/show_bug.cgi?id=62301
3574
3575         windows bots broken (Requested by loislo_ on #webkit).
3576
3577         * JavaScriptCore.exp:
3578
3579 2011-06-08  Ryan Sleevi  <rsleevi@chromium.org>
3580
3581         Reviewed by Tony Chang.
3582
3583         Suppress C++0x compat warnings when compiling Chromium port with GCC 4.6
3584
3585         Compiling Chromium port under GCC 4.6 produces warnings about nullptr
3586         https://bugs.webkit.org/show_bug.cgi?id=62242
3587
3588         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3589
3590 2011-06-08  Ademar de Souza Reis Jr.  <ademar.reis@openbossa.org>
3591
3592         Reviewed by Andreas Kling.
3593
3594         Webkit on SPARC Solaris has wrong endian
3595         https://bugs.webkit.org/show_bug.cgi?id=29407
3596
3597         Bug 57256 fixed one crash on misaligned reads on sparc/solaris, but
3598         there are more ocurrences of the same code pattern in webkit.
3599
3600         This patch includes the check on these other parts of the code.
3601
3602         This is a speculative fix, I don't have a sparc machine to test and
3603         don't know which kind of test would trigger a crash (but it's quite
3604         obvious that it's the same code duplicated in different files).
3605
3606         * runtime/UString.h:
3607         (JSC::UStringHash::equal):
3608         * wtf/text/StringHash.h:
3609         (WTF::StringHash::equal):
3610
3611 2011-06-08  Yael Aharon  <yael.aharon@nokia.com>
3612
3613         Reviewed by Andreas Kling.
3614
3615         [Qt] Build fix for building QtWebKit inside of Qt.
3616         https://bugs.webkit.org/show_bug.cgi?id=62280
3617
3618         Remove CONFIG=staticlib, because it causes the configure script to add -ljavascriptcore
3619         into QtWebKit.prl.
3620
3621         No new tests, as this is just a build fix.
3622
3623         * JavaScriptCore.pri:
3624
3625 2011-06-07  Geoffrey Garen  <ggaren@apple.com>
3626
3627         Reviewed by Oliver Hunt.
3628
3629         Split 'reset' into 'collect' and 'resetAllocator'
3630         https://bugs.webkit.org/show_bug.cgi?id=62267
3631
3632         * heap/Heap.cpp:
3633         (JSC::Heap::allocate):
3634         (JSC::Heap::collectAllGarbage):
3635         (JSC::Heap::collect):
3636         * heap/Heap.h:
3637         * heap/MarkedBlock.h:
3638         (JSC::MarkedBlock::resetAllocator):
3639         * heap/MarkedSpace.cpp:
3640         (JSC::MarkedSpace::resetAllocator):
3641         * heap/MarkedSpace.h:
3642         (JSC::MarkedSpace::SizeClass::resetAllocator):
3643
3644 2011-06-07  Geoffrey Garen  <ggaren@apple.com>
3645
3646         Reviewed by Sam Weinig.
3647
3648         Renamed some more marks to visits
3649         https://bugs.webkit.org/show_bug.cgi?id=62254
3650
3651         * heap/HandleHeap.cpp:
3652         (JSC::HandleHeap::visitStrongHandles):
3653         (JSC::HandleHeap::visitWeakHandles):
3654         * heap/HandleHeap.h:
3655         * heap/HandleStack.cpp:
3656         (JSC::HandleStack::visit):
3657         * heap/HandleStack.h:
3658         * heap/Heap.cpp:
3659         (JSC::Heap::markProtectedObjects):
3660         (JSC::Heap::markTempSortVectors):
3661         (JSC::Heap::markRoots):
3662         * heap/HeapRootVisitor.h:
3663         (JSC::HeapRootVisitor::visit):
3664         * runtime/ArgList.cpp:
3665         (JSC::MarkedArgumentBuffer::markLists):
3666
3667 2011-06-07  Gavin Barraclough  <barraclough@apple.com>
3668
3669         Reviewed by Sam Weinig
3670
3671         https://bugs.webkit.org/show_bug.cgi?id=55537
3672         Functions claim to have 'callee' which they actually don't (and shouldn't)
3673
3674         * JavaScriptCore.xcodeproj/project.pbxproj:
3675         * runtime/JSFunction.cpp:
3676         (JSC::JSFunction::getOwnPropertyNames):
3677
3678 2011-06-07  Juan C. Montemayor  <jmont@apple.com>
3679
3680         Reviewed by Darin Adler.
3681
3682         Make JSStaticFunction and JSStaticValue less "const"
3683         https://bugs.webkit.org/show_bug.cgi?id=62222
3684
3685         * API/JSObjectRef.h:
3686         * API/tests/testapi.c:
3687         (checkConstnessInJSObjectNames):
3688         (main):
3689         * JavaScriptCore.xcodeproj/project.pbxproj:
3690
3691 2011-06-07  Gavin Barraclough  <barraclough@apple.com>
3692
3693         Reviewed by Sam Weinig.
3694
3695         https://bugs.webkit.org/show_bug.cgi?id=62240
3696         DFG JIT - add support for for-loop array initialization.
3697
3698         Support put by val beyond vector length.
3699         Add a operationPutByValBeyondArrayBounds operation, make
3700         PutValVal call this if the vector length check fails.
3701
3702         * dfg/DFGJITCodeGenerator.h:
3703         (JSC::DFG::JITCodeGenerator::silentSpillGPR):
3704         (JSC::DFG::JITCodeGenerator::silentFillGPR):
3705         (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
3706         (JSC::DFG::JITCodeGenerator::isDoubleConstantWithInt32Value):
3707         (JSC::DFG::JITCodeGenerator::isJSConstantWithInt32Value):
3708         (JSC::DFG::JITCodeGenerator::isIntegerConstant):
3709         (JSC::DFG::JITCodeGenerator::valueOfIntegerConstant):
3710         * dfg/DFGOperations.cpp:
3711         (JSC::DFG::operationPutByValInternal):
3712         * dfg/DFGOperations.h:
3713         * dfg/DFGSpeculativeJIT.cpp:
3714         (JSC::DFG::SpeculativeJIT::compile):
3715         * dfg/DFGSpeculativeJIT.h:
3716
3717 2011-06-06  James Simonsen  <simonjam@chromium.org>
3718
3719         Reviewed by James Robinson.
3720
3721         Add monotonicallyIncreasingTime() to get monotonically increasing time
3722         https://bugs.webkit.org/show_bug.cgi?id=37743
3723
3724         * wtf/CurrentTime.cpp: Add monotonicallyIncreasingTime() for mac and a fallback implementation that just wraps currentTime().
3725         (WTF::monotonicallyIncreasingTime):
3726         * wtf/CurrentTime.h: Add monotonicallyIncreasingTime().
3727
3728 2011-06-06  Alexandru Chiculita  <achicu@adobe.com>
3729
3730         Reviewed by Kent Tamura.
3731
3732         Add ENABLE_CSS_EXCLUSIONS support for build-webkit script
3733         https://bugs.webkit.org/show_bug.cgi?id=61628
3734
3735         * Configurations/FeatureDefines.xcconfig:
3736
3737 2011-06-06  Mihnea Ovidenie  <mihnea@adobe.com>
3738
3739         Reviewed by Kent Tamura.
3740
3741         Add ENABLE(CSS_REGIONS) guard for CSS Regions support
3742         https://bugs.webkit.org/show_bug.cgi?id=61631
3743
3744         * Configurations/FeatureDefines.xcconfig:
3745
3746 2011-06-06  Carlos Garcia Campos  <cgarcia@igalia.com>
3747
3748         Unreviewed. Fix the GTK+ build.
3749
3750         * GNUmakefile.am: Add javascriptcore_cflags variable.
3751
3752 2011-06-04  Kevin Ollivier  <kevino@theolliviers.com>
3753
3754         [wx] Unreviewed build fix. Restore the PPC build and allow users to specify architectures
3755         to build on Mac.
3756
3757         * wtf/Platform.h:
3758
3759 2011-06-04  Gustavo Noronha Silva  <gns@gnome.org>
3760
3761         Unreviewed, MIPS build fix.
3762
3763         WebKitGTK+ tarball fails to build on MIPS.
3764         https://buildd.debian.org/status/fetch.php?pkg=webkitgtk%2B&arch=mips&ver=1.4.0-1&stamp=1304786691
3765
3766         * GNUmakefile.list.am: Add missing MIPS-related file to the list
3767         of files that are added to the tarball on make dist, and fix
3768         sorting.
3769
3770 2011-06-04  Sam Weinig  <sam@webkit.org>
3771
3772         Reviewed by Darin Adler.
3773
3774         Fix formatting of the output generated by KeywordLookupGenerator.py
3775         https://bugs.webkit.org/show_bug.cgi?id=62083
3776
3777         - Uses correct year for copyright.
3778         - Puts ending brace on same line as "else if"
3779         - Puts starting brace of function on its own line.
3780         - Adds some tasteful whitespace.
3781         - Adds comments to make clear that scopes are ending
3782         - Make macros actually split on two lines.
3783
3784         * KeywordLookupGenerator.py:
3785
3786 2011-06-04  Adam Barth  <abarth@webkit.org>
3787
3788         Reviewed by Eric Seidel.
3789
3790         KeywordLookupGenerator.py spams stdout in Chromium Linux build
3791         https://bugs.webkit.org/show_bug.cgi?id=62087
3792
3793         This action does not appear to be needed.
3794
3795         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3796
3797 2011-06-03  Oliver Hunt  <oliver@apple.com>
3798
3799         Reviewed by Maciej Stachowiak.
3800
3801         Lexer needs to provide Identifier for reserved words
3802         https://bugs.webkit.org/show_bug.cgi?id=62086
3803
3804         Alas it is necessary to provide an Identifier reference for keywords
3805         so that we can do the right thing when they're used in object literals.
3806         We now keep Identifiers for all reserved words in the CommonIdentifiers
3807         structure so that we can access them without a hash lookup.
3808
3809         * KeywordLookupGenerator.py:
3810         * parser/Lexer.cpp:
3811         (JSC::Lexer::parseIdentifier):
3812         * parser/Lexer.h:
3813         * runtime/CommonIdentifiers.cpp:
3814         (JSC::CommonIdentifiers::CommonIdentifiers):
3815         * runtime/CommonIdentifiers.h:
3816
3817 2011-06-03  Gavin Barraclough  <barraclough@apple.com>
3818
3819         Reviewed by Sam Weinig.
3820
3821         Add debug code to break on speculation failures.
3822
3823         * dfg/DFGJITCompiler.cpp:
3824         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
3825         (JSC::DFG::JITCompiler::compileFunction):
3826         * dfg/DFGNode.h:
3827
3828 2011-06-03  Gavin Barraclough  <barraclough@apple.com>
3829
3830         Reviewed by Sam Weinig.
3831
3832         https://bugs.webkit.org/show_bug.cgi?id=62082
3833         DFG JIT - bug passing arguments that need swap
3834
3835         This is really just a typo.
3836         When setting up the arguments for a call out to a C operation, we'll
3837         fail to swap arguments where this is necessary. For example, in the
3838         case of 2 arg calls, where the first argument is in %rdx & the second
3839         is in %rsi we should swap (exec will be passed in %rdi), but we don't.
3840
3841         This can also affect function calls passing three arguments.
3842
3843         * dfg/DFGJITCodeGenerator.h:
3844         (JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
3845             - Call swap with the correct arguments.
3846
3847 2011-06-03  Oliver Hunt  <oliver@apple.com>
3848
3849         Reviewed by Gavin Barraclough.
3850
3851         Force inlining of some hot lexer functions
3852         https://bugs.webkit.org/show_bug.cgi?id=62079
3853
3854         Fix more GCC stupidity
3855
3856         * parser/Lexer.h:
3857         (JSC::Lexer::isWhiteSpace):
3858         (JSC::Lexer::isLineTerminator):
3859
3860 2011-06-03  Oliver Hunt  <oliver@apple.com>
3861
3862         Reviewed by Gavin Barraclough.
3863
3864         GCC not inlining some functions that it really should be
3865         https://bugs.webkit.org/show_bug.cgi?id=62075
3866
3867         Add ALWAYS_INLINE to a number of parsing and lexing functions
3868         that should always be inlined.  This gets us ~1.4% on my ad hoc
3869         parser test.
3870
3871         * KeywordLookupGenerator.py:
3872         * parser/JSParser.cpp:
3873         (JSC::JSParser::next):
3874         (JSC::JSParser::nextTokenIsColon):
3875         (JSC::JSParser::consume):
3876         (JSC::JSParser::match):
3877         (JSC::JSParser::tokenStart):
3878         (JSC::JSParser::tokenLine):
3879         (JSC::JSParser::tokenEnd):
3880         * parser/Lexer.cpp:
3881         (JSC::isIdentPart):
3882
3883 2011-06-03  Oliver Hunt  <oliver@apple.com>
3884
3885         Whoops, fix last minute bug.
3886
3887         * parser/Lexer.cpp:
3888         (JSC::Lexer::parseIdentifier):
3889
3890 2011-06-03  Martin Robinson  <mrobinson@igalia.com>
3891
3892         Try to fix the GTK+ build.
3893
3894         * GNUmakefile.am: Clean up some spaces that should be tabs.
3895         * GNUmakefile.list.am: Add KeywordLookup.h to the source list
3896         and clean up some spaces that should be tabs.
3897
3898 2011-06-03  Oliver Hunt  <oliver@apple.com>
3899
3900         Reviewed by Geoffrey Garen.
3901
3902         Improve keyword lookup
3903         https://bugs.webkit.org/show_bug.cgi?id=61913
3904
3905         Rather than doing multiple hash lookups as we currently
3906         do when trying to identify keywords we now use an 
3907         automatically generated decision tree (essentially it's
3908         a hard coded patricia trie).  We still use the regular
3909         lookup table for the last few characters of an input as
3910         this allows us to completely skip all bounds checks.
3911
3912         * CMakeLists.txt:
3913         * DerivedSources.make:
3914         * DerivedSources.pro:
3915         * GNUmakefile.am:
3916         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3917         * JavaScriptCore.xcodeproj/project.pbxproj:
3918         * KeywordLookupGenerator.py: Added.
3919         * make-generated-sources.sh:
3920         * parser/Lexer.cpp:
3921         (JSC::Lexer::internalShift):
3922         (JSC::Lexer::shift):
3923         (JSC::Lexer::parseIdentifier):
3924         * parser/Lexer.h:
3925
3926 2011-06-03  Siddharth Mathur  <siddharth.mathur@nokia.com>
3927
3928         Reviewed by Benjamin Poulain.
3929
3930         [Qt] Build flag for experimental ICU library support
3931         https://bugs.webkit.org/show_bug.cgi?id=60786
3932
3933         Adds a build-time flag (CONFIG+=use_system_icu) that enables experimental 
3934         ICU powered Unicode support. 
3935
3936         * JavaScriptCore.pri: Support for use_system_icu CONFIG flag.
3937         * wtf/unicode/qt4/UnicodeQt4.h: Guard an include file with USE(ICU_UNICODE). 
3938
3939 2011-06-03  Alexis Menard  <alexis.menard@openbossa.org>
3940
3941         Reviewed by Benjamin Poulain.
3942
3943         [Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6.
3944         https://bugs.webkit.org/show_bug.cgi?id=61957
3945
3946         When building inside the Qt source tree, qmake always append the mkspecs
3947         defines after ours. We have to workaround and make sure that we append 
3948         our flags after the qmake variable used inside Qt. This workaround was provided 
3949         by our qmake folks. We need to append in both case because qmake behave differently
3950         when called with -spec or via SUBDIR+=. This patch unbreak r87950 on Mac for Qt port.
3951
3952         * JavaScriptCore.pro:
3953
3954 2011-06-02  Jay Civelli  <jcivelli@chromium.org>
3955
3956         Reviewed by Adam Barth.
3957
3958         Added a method to generate RFC 2822 compliant date strings.
3959         https://bugs.webkit.org/show_bug.cgi?id=7169
3960
3961         * wtf/DateMath.cpp:
3962         (WTF::twoDigitStringFromNumber):
3963         (WTF::makeRFC2822DateString):
3964         * wtf/DateMath.h:
3965
3966 2011-06-02  Alexis Menard  <alexis.menard@openbossa.org>
3967
3968         Reviewed by Andreas Kling.
3969
3970         [Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6.
3971         https://bugs.webkit.org/show_bug.cgi?id=61957
3972
3973         When building inside the Qt source tree, qmake always append the mkspecs
3974         defines after ours. We have to workaround and make sure that we append  
3975         our flags after the qmake variable used inside Qt. This workaround was provided
3976         by our qmake folks.
3977
3978         * JavaScriptCore.pro:
3979
3980 2011-06-01  Oliver Hunt  <oliver@apple.com>
3981
3982         Reviewed by Geoffrey Garen.
3983
3984         Add single character lookup cache to IdentifierArena
3985         https://bugs.webkit.org/show_bug.cgi?id=61879
3986
3987         Add a simple lookup cache for single ascii character
3988         identifiers.  Produces around a 2% improvement in parse
3989         time for my adhoc parser test.
3990
3991         * parser/ParserArena.h:
3992         (JSC::IdentifierArena::IdentifierArena):
3993         (JSC::IdentifierArena::clear):
3994         (JSC::IdentifierArena::makeIdentifier):
3995
3996 2011-05-31  Oliver Hunt  <oliver@apple.com>
3997
3998         Reviewed by Geoffrey Garen.
3999
4000         Freezing a function and its prototype causes browser to crash.
4001         https://bugs.webkit.org/show_bug.cgi?id=61758
4002
4003         Make JSObject::preventExtensions virtual so that we can override it
4004         and instantiate all lazy
4005
4006         * JavaScriptCore.exp:
4007         * runtime/JSFunction.cpp:
4008         (JSC::createPrototypeProperty):
4009         (JSC::JSFunction::preventExtensions):
4010         (JSC::JSFunction::getOwnPropertySlot):
4011         * runtime/JSFunction.h:
4012         * runtime/JSObject.h:
4013         * runtime/JSObject.cpp:
4014         (JSC::JSObject::seal):
4015         (JSC::JSObject::seal):
4016
4017 2011-06-01  Sheriff Bot  <webkit.review.bot@gmail.com>
4018
4019         Unreviewed, rolling out r87788.
4020         http://trac.webkit.org/changeset/87788
4021         https://bugs.webkit.org/show_bug.cgi?id=61856
4022
4023         breaks windows chromium canary (Requested by jknotten on
4024         #webkit).
4025
4026         * wtf/DateMath.cpp:
4027         (WTF::timeClip):
4028         * wtf/DateMath.h:
4029
4030 2011-06-01  Jay Civelli  <jcivelli@chromium.org>
4031
4032         Reviewed by Adam Barth.
4033
4034         Added a method to generate RFC 2822 compliant date strings.
4035         https://bugs.webkit.org/show_bug.cgi?id=7169
4036
4037         * wtf/DateMath.cpp:
4038         (WTF::twoDigitStringFromNumber):
4039         (WTF::makeRFC2822DateString):
4040         * wtf/DateMath.h:
4041
4042 2011-05-31  Yong Li  <yoli@rim.com>
4043
4044         Reviewed by Eric Seidel.
4045
4046         https://bugs.webkit.org/show_bug.cgi?id=54807
4047         We have been assuming plain bitfields (like "int a : 31") are always signed integers.
4048         However some compilers can treat them as unsigned. For example, RVCT 4.0 states plain
4049         bitfields (declared without either signed or unsigned qualifiers) are treats as unsigned.
4050         http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0348c/Babjddhe.html
4051         Although we can use "--signed-bitfields" flag to make RVCT 4.0 behave as most other compilers,
4052         always using "signed"/"unsigned" qualifier to declare integral type bitfields is still a good
4053         rule we should have in order to make our code independent from compilers and compiler flags.
4054
4055         No new test added because this change is not known to fix any issue.
4056
4057         * bytecode/StructureStubInfo.h:
4058
4059 2011-05-30  Hojong Han  <hojong.han@samsung.com>
4060
4061         Reviewed by Geoffrey Garen.
4062
4063         [JSC] malfunction during arithmetic condition check with negative number (-2147483648)
4064         https://bugs.webkit.org/show_bug.cgi?id=61416
4065
4066         * assembler/MacroAssemblerARM.h: