2011-07-06 Dmitriy Vyukov <dvyukov@google.com>
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-07-06  Dmitriy Vyukov  <dvyukov@google.com>
2
3         Reviewed by David Levin.
4
5         Allow substitution of dynamic annotations and prevent identical code folding by the linker.
6         https://bugs.webkit.org/show_bug.cgi?id=62443
7
8         * wtf/DynamicAnnotations.cpp:
9         (WTFAnnotateBenignRaceSized):
10         (WTFAnnotateHappensBefore):
11         (WTFAnnotateHappensAfter):
12
13 2011-07-06  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
14
15         Calls on 32 bit machines are failed after r90423
16         https://bugs.webkit.org/show_bug.cgi?id=63980
17
18         Reviewed by Gavin Barraclough.
19
20         Copy the necessary lines from JITCall.cpp.
21
22         * jit/JITCall32_64.cpp:
23         (JSC::JIT::compileOpCall):
24
25 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
26
27         DFG JIT virtual call implementation is inefficient.
28         https://bugs.webkit.org/show_bug.cgi?id=63974
29
30         Reviewed by Gavin Barraclough.
31
32         * dfg/DFGOperations.cpp:
33         * runtime/Executable.h:
34         (JSC::ExecutableBase::generatedJITCodeForCallWithArityCheck):
35         (JSC::ExecutableBase::generatedJITCodeForConstructWithArityCheck):
36         (JSC::ExecutableBase::generatedJITCodeWithArityCheckFor):
37         (JSC::ExecutableBase::hasJITCodeForCall):
38         (JSC::ExecutableBase::hasJITCodeForConstruct):
39         (JSC::ExecutableBase::hasJITCodeFor):
40         * runtime/JSFunction.h:
41         (JSC::JSFunction::scopeUnchecked):
42
43 2011-07-05  Oliver Hunt  <oliver@apple.com>
44
45         Force inlining of simple functions that show up as not being inlined
46         https://bugs.webkit.org/show_bug.cgi?id=63964
47
48         Reviewed by Gavin Barraclough.
49
50         Looking at profile data indicates the gcc is failing to inline a
51         number of trivial functions.  This patch hits the ones that show
52         up in profiles with the ALWAYS_INLINE hammer.
53
54         We also replace the memcpy() call in linking with a manual loop.
55         Apparently memcpy() is almost never faster than an inlined loop.
56
57         * assembler/ARMv7Assembler.h:
58         (JSC::ARMv7Assembler::add):
59         (JSC::ARMv7Assembler::add_S):
60         (JSC::ARMv7Assembler::ARM_and):
61         (JSC::ARMv7Assembler::asr):
62         (JSC::ARMv7Assembler::b):
63         (JSC::ARMv7Assembler::blx):
64         (JSC::ARMv7Assembler::bx):
65         (JSC::ARMv7Assembler::clz):
66         (JSC::ARMv7Assembler::cmn):
67         (JSC::ARMv7Assembler::cmp):
68         (JSC::ARMv7Assembler::eor):
69         (JSC::ARMv7Assembler::it):
70         (JSC::ARMv7Assembler::ldr):
71         (JSC::ARMv7Assembler::ldrCompact):
72         (JSC::ARMv7Assembler::ldrh):
73         (JSC::ARMv7Assembler::ldrb):
74         (JSC::ARMv7Assembler::lsl):
75         (JSC::ARMv7Assembler::lsr):
76         (JSC::ARMv7Assembler::movT3):
77         (JSC::ARMv7Assembler::mov):
78         (JSC::ARMv7Assembler::movt):
79         (JSC::ARMv7Assembler::mvn):
80         (JSC::ARMv7Assembler::neg):
81         (JSC::ARMv7Assembler::orr):
82         (JSC::ARMv7Assembler::orr_S):
83         (JSC::ARMv7Assembler::ror):
84         (JSC::ARMv7Assembler::smull):
85         (JSC::ARMv7Assembler::str):
86         (JSC::ARMv7Assembler::sub):
87         (JSC::ARMv7Assembler::sub_S):
88         (JSC::ARMv7Assembler::tst):
89         (JSC::ARMv7Assembler::linkRecordSourceComparator):
90         (JSC::ARMv7Assembler::link):
91         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Reg3Imm8):
92         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Imm5Reg3Reg3):
93         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp7Reg3Reg3Reg3):
94         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8Imm8):
95         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8RegReg143):
96         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp9Imm7):
97         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp10Reg3Reg3):
98         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4FourFours):
99         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16FourFours):
100         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16Op16):
101         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp5i6Imm4Reg4EncodedImm):
102         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4Reg4Imm12):
103         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp):
104         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp):
105         * assembler/LinkBuffer.h:
106         (JSC::LinkBuffer::linkCode):
107         * assembler/MacroAssemblerARMv7.h:
108         (JSC::MacroAssemblerARMv7::nearCall):
109         (JSC::MacroAssemblerARMv7::call):
110         (JSC::MacroAssemblerARMv7::ret):
111         (JSC::MacroAssemblerARMv7::moveWithPatch):
112         (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
113         (JSC::MacroAssemblerARMv7::storePtrWithPatch):
114         (JSC::MacroAssemblerARMv7::tailRecursiveCall):
115         (JSC::MacroAssemblerARMv7::makeTailRecursiveCall):
116         (JSC::MacroAssemblerARMv7::jump):
117         (JSC::MacroAssemblerARMv7::makeBranch):
118
119 2011-07-05  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
120
121         Make "Add optimised paths for a few maths functions" work on Qt
122         https://bugs.webkit.org/show_bug.cgi?id=63893
123
124         Reviewed by Oliver Hunt.
125
126         Move the generated code to the .text section instead of .data section.
127         Fix alignment for the 32 bit thunk code.
128
129         * jit/ThunkGenerators.cpp:
130
131 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
132
133         DFG JIT does not implement op_call.
134         https://bugs.webkit.org/show_bug.cgi?id=63858
135
136         Reviewed by Gavin Barraclough.
137
138         * bytecode/CodeBlock.cpp:
139         (JSC::CodeBlock::unlinkCalls):
140         * bytecode/CodeBlock.h:
141         (JSC::CodeBlock::setNumberOfCallLinkInfos):
142         (JSC::CodeBlock::numberOfCallLinkInfos):
143         * bytecompiler/BytecodeGenerator.cpp:
144         (JSC::BytecodeGenerator::emitCall):
145         (JSC::BytecodeGenerator::emitConstruct):
146         * dfg/DFGAliasTracker.h:
147         (JSC::DFG::AliasTracker::lookupGetByVal):
148         (JSC::DFG::AliasTracker::recordCall):
149         (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
150         * dfg/DFGByteCodeParser.cpp:
151         (JSC::DFG::ByteCodeParser::ByteCodeParser):
152         (JSC::DFG::ByteCodeParser::getLocal):
153         (JSC::DFG::ByteCodeParser::getArgument):
154         (JSC::DFG::ByteCodeParser::toInt32):
155         (JSC::DFG::ByteCodeParser::addToGraph):
156         (JSC::DFG::ByteCodeParser::addVarArgChild):
157         (JSC::DFG::ByteCodeParser::predictInt32):
158         (JSC::DFG::ByteCodeParser::parseBlock):
159         (JSC::DFG::ByteCodeParser::processPhiStack):
160         (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
161         * dfg/DFGGraph.cpp:
162         (JSC::DFG::Graph::opName):
163         (JSC::DFG::Graph::dump):
164         (JSC::DFG::Graph::refChildren):
165         * dfg/DFGGraph.h:
166         * dfg/DFGJITCodeGenerator.cpp:
167         (JSC::DFG::JITCodeGenerator::useChildren):
168         (JSC::DFG::JITCodeGenerator::emitCall):
169         * dfg/DFGJITCodeGenerator.h:
170         (JSC::DFG::JITCodeGenerator::addressOfCallData):
171         * dfg/DFGJITCompiler.cpp:
172         (JSC::DFG::JITCompiler::compileFunction):
173         * dfg/DFGJITCompiler.h:
174         (JSC::DFG::CallRecord::CallRecord):
175         (JSC::DFG::JITCompiler::notifyCall):
176         (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
177         (JSC::DFG::JITCompiler::addJSCall):
178         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
179         (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
180         * dfg/DFGNode.h:
181         (JSC::DFG::Node::Node):
182         (JSC::DFG::Node::child1):
183         (JSC::DFG::Node::child2):
184         (JSC::DFG::Node::child3):
185         (JSC::DFG::Node::firstChild):
186         (JSC::DFG::Node::numChildren):
187         * dfg/DFGNonSpeculativeJIT.cpp:
188         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
189         (JSC::DFG::NonSpeculativeJIT::compare):
190         (JSC::DFG::NonSpeculativeJIT::compile):
191         * dfg/DFGOperations.cpp:
192         * dfg/DFGOperations.h:
193         * dfg/DFGRepatch.cpp:
194         (JSC::DFG::dfgLinkCall):
195         * dfg/DFGRepatch.h:
196         * dfg/DFGSpeculativeJIT.cpp:
197         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
198         (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
199         (JSC::DFG::SpeculativeJIT::compile):
200         * dfg/DFGSpeculativeJIT.h:
201         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
202         * interpreter/CallFrame.h:
203         (JSC::ExecState::calleeAsValue):
204         * jit/JIT.cpp:
205         (JSC::JIT::JIT):
206         (JSC::JIT::privateCompileMainPass):
207         (JSC::JIT::privateCompileSlowCases):
208         (JSC::JIT::privateCompile):
209         (JSC::JIT::linkCall):
210         (JSC::JIT::linkConstruct):
211         * jit/JITCall.cpp:
212         (JSC::JIT::compileOpCall):
213         * jit/JITCode.h:
214         (JSC::JITCode::JITCode):
215         (JSC::JITCode::jitType):
216         (JSC::JITCode::HostFunction):
217         * runtime/JSFunction.h:
218         * runtime/JSGlobalData.h:
219
220 2011-07-05  Oliver Hunt  <oliver@apple.com>
221
222         Initialize new MarkStack member
223
224         * heap/MarkStack.h:
225         (JSC::MarkStack::MarkStack):
226
227 2011-07-05  Oliver Hunt  <oliver@apple.com>
228
229         Don't throw out compiled code repeatedly
230         https://bugs.webkit.org/show_bug.cgi?id=63960
231
232         Reviewed by Gavin Barraclough.
233
234         Stop throwing away all compiled code every time
235         we're told to do a full GC.  Instead unlink all
236         callsites during such GC passes to maximise the
237         number of collectable functions, but otherwise
238         leave compiled functions alone.
239
240         * API/JSBase.cpp:
241         (JSGarbageCollect):
242         * bytecode/CodeBlock.cpp:
243         (JSC::CodeBlock::visitAggregate):
244         * heap/Heap.cpp:
245         (JSC::Heap::collectAllGarbage):
246         * heap/MarkStack.h:
247         (JSC::MarkStack::shouldUnlinkCalls):
248         (JSC::MarkStack::setShouldUnlinkCalls):
249         * runtime/JSGlobalData.cpp:
250         (JSC::JSGlobalData::recompileAllJSFunctions):
251         (JSC::JSGlobalData::releaseExecutableMemory):
252         * runtime/RegExp.cpp:
253         (JSC::RegExp::compile):
254         (JSC::RegExp::invalidateCode):
255         * runtime/RegExp.h:
256
257 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
258
259         JSC JIT has code duplication for the handling of call and construct
260         https://bugs.webkit.org/show_bug.cgi?id=63957
261
262         Reviewed by Gavin Barraclough.
263
264         * jit/JIT.cpp:
265         (JSC::JIT::linkFor):
266         * jit/JIT.h:
267         * jit/JITStubs.cpp:
268         (JSC::jitCompileFor):
269         (JSC::DEFINE_STUB_FUNCTION):
270         (JSC::arityCheckFor):
271         (JSC::lazyLinkFor):
272         * runtime/Executable.h:
273         (JSC::ExecutableBase::generatedJITCodeFor):
274         (JSC::FunctionExecutable::compileFor):
275         (JSC::FunctionExecutable::isGeneratedFor):
276         (JSC::FunctionExecutable::generatedBytecodeFor):
277         (JSC::FunctionExecutable::generatedJITCodeWithArityCheckFor):
278
279 2011-07-05  Gavin Barraclough  <barraclough@apple.com>
280
281         Build fix following last patch.
282
283         * runtime/JSFunction.cpp:
284         (JSC::createPrototypeProperty):
285
286 2011-07-05  Gavin Barraclough  <barraclough@apple.com>
287
288         https://bugs.webkit.org/show_bug.cgi?id=63947
289         ASSERT running Object.preventExtensions(Math.sin)
290
291         Reviewed by Oliver Hunt.
292
293         This is due to calling scope() on a hostFunction as a part of
294         calling createPrototypeProperty to reify the prototype property.
295         But host functions don't have a prototype property anyway!
296
297         Prevent callling createPrototypeProperty on a host function.
298
299         * runtime/JSFunction.cpp:
300         (JSC::JSFunction::createPrototypeProperty):
301         (JSC::JSFunction::preventExtensions):
302
303 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
304
305         https://bugs.webkit.org/show_bug.cgi?id=63880
306         Evaluation order of conversions of operands to >, >= incorrect.
307
308         Reviewed by Sam Weinig.
309
310         Add 'leftFirst' parameter to jsLess, jsLessEq matching that described in the ES5
311         spec. This allows these methods to be reused to perform >, >= relational compares
312         with correct ordering of type conversions.
313
314         * dfg/DFGOperations.cpp:
315         * interpreter/Interpreter.cpp:
316         (JSC::Interpreter::privateExecute):
317         * jit/JITStubs.cpp:
318         (JSC::DEFINE_STUB_FUNCTION):
319         * runtime/Operations.h:
320         (JSC::jsLess):
321         (JSC::jsLessEq):
322
323 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
324
325         Reviewed by Sam Weinig.
326
327         https://bugs.webkit.org/show_bug.cgi?id=16652
328         Firefox and JavaScriptCore differ in Number.toString(integer)
329
330         Our arbitrary radix (2..36) toString conversion is inaccurate.
331         This is partly because it uses doubles to perform math that requires
332         higher accuracy, and partly becasue it does not attempt to correctly
333         detect where to terminate, instead relying on a simple 'epsilon'.
334
335         * runtime/NumberPrototype.cpp:
336         (JSC::decomposeDouble):
337             - helper function to extract sign, exponent, mantissa from IEEE doubles.
338         (JSC::Uint16WithFraction::Uint16WithFraction):
339             - helper class, u16int with infinite precision fraction, used to convert
340               the fractional part of the number to a string.
341         (JSC::Uint16WithFraction::operator*=):
342             - Multiply by a uint16.
343         (JSC::Uint16WithFraction::operator<):
344             - Compare two Uint16WithFractions.
345         (JSC::Uint16WithFraction::floorAndSubtract):
346             - Extract the integer portion of the number, and subtract it (clears the integer portion).
347         (JSC::Uint16WithFraction::comparePoint5):
348             - Compare to 0.5.
349         (JSC::Uint16WithFraction::sumGreaterThanOne):
350             - Passed a second Uint16WithFraction, returns true if the result of adding
351               the two values would be greater than one.
352         (JSC::Uint16WithFraction::isNormalized):
353             - Used by ASSERTs to consistency check internal representation.
354         (JSC::BigInteger::BigInteger):
355             - helper class, unbounded integer value, used to convert the integer part
356               of the number to a string.
357         (JSC::BigInteger::divide):
358             - Divide this value through by a uint32.
359         (JSC::BigInteger::operator!):
360             - test for zero.
361         (JSC::toStringWithRadix):
362             - Performs number to string conversion, with the given radix (2..36).
363         (JSC::numberProtoFuncToString):
364             - Changed to use toStringWithRadix.
365
366 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
367
368         https://bugs.webkit.org/show_bug.cgi?id=63881
369         Need separate bytecodes for handling >, >= comparisons.
370
371         Reviewed by Oliver Hunt.
372
373         This clears the way to fix Bug#63880. We currently handle greater-than comparisons
374         as being using the corresponding op_less, etc opcodes.  This is incorrect with
375         respect to evaluation ordering of the implicit conversions performed on operands -
376         we should be calling ToPrimitive on the LHS and RHS operands to the greater than,
377         but instead convert RHS then LHS.
378
379         This patch adds opcodes for greater-than comparisons mirroring existing ones used
380         for less-than.
381
382         * bytecode/CodeBlock.cpp:
383         (JSC::CodeBlock::dump):
384         * bytecode/Opcode.h:
385         * bytecompiler/BytecodeGenerator.cpp:
386         (JSC::BytecodeGenerator::emitJumpIfTrue):
387         (JSC::BytecodeGenerator::emitJumpIfFalse):
388         * bytecompiler/NodesCodegen.cpp:
389         * dfg/DFGByteCodeParser.cpp:
390         (JSC::DFG::ByteCodeParser::parseBlock):
391         * dfg/DFGNode.h:
392         * dfg/DFGNonSpeculativeJIT.cpp:
393         (JSC::DFG::NonSpeculativeJIT::compare):
394         (JSC::DFG::NonSpeculativeJIT::compile):
395         * dfg/DFGNonSpeculativeJIT.h:
396         * dfg/DFGOperations.cpp:
397         * dfg/DFGOperations.h:
398         * dfg/DFGSpeculativeJIT.cpp:
399         (JSC::DFG::SpeculativeJIT::compare):
400         (JSC::DFG::SpeculativeJIT::compile):
401         * dfg/DFGSpeculativeJIT.h:
402         * interpreter/Interpreter.cpp:
403         (JSC::Interpreter::privateExecute):
404         * jit/JIT.cpp:
405         (JSC::JIT::privateCompileMainPass):
406         (JSC::JIT::privateCompileSlowCases):
407         * jit/JIT.h:
408         (JSC::JIT::emit_op_loop_if_greater):
409         (JSC::JIT::emitSlow_op_loop_if_greater):
410         (JSC::JIT::emit_op_loop_if_greatereq):
411         (JSC::JIT::emitSlow_op_loop_if_greatereq):
412         * jit/JITArithmetic.cpp:
413         (JSC::JIT::emit_op_jgreater):
414         (JSC::JIT::emit_op_jgreatereq):
415         (JSC::JIT::emit_op_jngreater):
416         (JSC::JIT::emit_op_jngreatereq):
417         (JSC::JIT::emitSlow_op_jgreater):
418         (JSC::JIT::emitSlow_op_jgreatereq):
419         (JSC::JIT::emitSlow_op_jngreater):
420         (JSC::JIT::emitSlow_op_jngreatereq):
421         (JSC::JIT::emit_compareAndJumpSlow):
422         * jit/JITArithmetic32_64.cpp:
423         (JSC::JIT::emitBinaryDoubleOp):
424         * jit/JITStubs.cpp:
425         (JSC::DEFINE_STUB_FUNCTION):
426         * jit/JITStubs.h:
427         * parser/NodeConstructors.h:
428         (JSC::GreaterNode::GreaterNode):
429         (JSC::GreaterEqNode::GreaterEqNode):
430         * parser/Nodes.h:
431
432 2011-07-03  Gavin Barraclough  <barraclough@apple.com>
433
434         https://bugs.webkit.org/show_bug.cgi?id=63879
435         Reduce code duplication for op_jless, op_jlesseq, op_jnless, op_jnlesseq.
436
437         Reviewed by Sam Weinig.
438         
439         There is a lot of copy & paste code here; we can reduce duplication by making
440         a shared implementation.
441
442         * assembler/MacroAssembler.h:
443         (JSC::MacroAssembler::branch32):
444         (JSC::MacroAssembler::commute):
445             - Make these function platform agnostic.
446         * assembler/MacroAssemblerX86Common.h:
447             - Moved branch32/commute up to MacroAssembler.
448         * jit/JIT.h:
449         (JSC::JIT::emit_op_loop_if_lesseq):
450         (JSC::JIT::emitSlow_op_loop_if_lesseq):
451             - Add an implementation matching that for op_loop_if_less, which just calls op_jless.
452         * jit/JITArithmetic.cpp:
453         (JSC::JIT::emit_op_jless):
454         (JSC::JIT::emit_op_jlesseq):
455         (JSC::JIT::emit_op_jnless):
456         (JSC::JIT::emit_op_jnlesseq):
457         (JSC::JIT::emitSlow_op_jless):
458         (JSC::JIT::emitSlow_op_jlesseq):
459         (JSC::JIT::emitSlow_op_jnless):
460         (JSC::JIT::emitSlow_op_jnlesseq):
461             - Common implmentations of these methods for JSVALUE64 & JSVALUE32_64.
462         (JSC::JIT::emit_compareAndJump):
463         (JSC::JIT::emit_compareAndJumpSlow):
464             - Internal implmementation of jless etc for JSVALUE64.
465         * jit/JITArithmetic32_64.cpp:
466         (JSC::JIT::emit_compareAndJump):
467         (JSC::JIT::emit_compareAndJumpSlow):
468             - Internal implmementation of jless etc for JSVALUE32_64.
469         * jit/JITOpcodes.cpp:
470         * jit/JITOpcodes32_64.cpp:
471         * jit/JITStubs.cpp:
472         * jit/JITStubs.h:
473             - Remove old implementation of emit_op_loop_if_lesseq.
474
475 2011-07-03  Sheriff Bot  <webkit.review.bot@gmail.com>
476
477         Unreviewed, rolling out r90347.
478         http://trac.webkit.org/changeset/90347
479         https://bugs.webkit.org/show_bug.cgi?id=63886
480
481         Build breaks on Leopard, Chromium-win, WinCairo, and WinCE.
482         (Requested by tkent on #webkit).
483
484         * JavaScriptCore.xcodeproj/project.pbxproj:
485         * runtime/BigInteger.h: Removed.
486         * runtime/NumberPrototype.cpp:
487         (JSC::numberProtoFuncToPrecision):
488         (JSC::numberProtoFuncToString):
489         * runtime/Uint16WithFraction.h: Removed.
490         * wtf/MathExtras.h:
491
492 2011-06-30  Gavin Barraclough  <barraclough@apple.com>
493
494         Reviewed by Sam Weinig.
495
496         https://bugs.webkit.org/show_bug.cgi?id=16652
497         Firefox and JavaScriptCore differ in Number.toString(integer)
498
499         Our arbitrary radix (2..36) toString conversion is inaccurate.
500         This is partly because it uses doubles to perform math that requires
501         higher accuracy, and partly becasue it does not attempt to correctly
502         detect where to terminate, instead relying on a simple 'epsilon'.
503
504         * runtime/NumberPrototype.cpp:
505         (JSC::decomposeDouble):
506             - helper function to extract sign, exponent, mantissa from IEEE doubles.
507         (JSC::Uint16WithFraction::Uint16WithFraction):
508             - helper class, u16int with infinite precision fraction, used to convert
509               the fractional part of the number to a string.
510         (JSC::Uint16WithFraction::operator*=):
511             - Multiply by a uint16.
512         (JSC::Uint16WithFraction::operator<):
513             - Compare two Uint16WithFractions.
514         (JSC::Uint16WithFraction::floorAndSubtract):
515             - Extract the integer portion of the number, and subtract it (clears the integer portion).
516         (JSC::Uint16WithFraction::comparePoint5):
517             - Compare to 0.5.
518         (JSC::Uint16WithFraction::sumGreaterThanOne):
519             - Passed a second Uint16WithFraction, returns true if the result of adding
520               the two values would be greater than one.
521         (JSC::Uint16WithFraction::isNormalized):
522             - Used by ASSERTs to consistency check internal representation.
523         (JSC::BigInteger::BigInteger):
524             - helper class, unbounded integer value, used to convert the integer part
525               of the number to a string.
526         (JSC::BigInteger::divide):
527             - Divide this value through by a uint32.
528         (JSC::BigInteger::operator!):
529             - test for zero.
530         (JSC::toStringWithRadix):
531             - Performs number to string conversion, with the given radix (2..36).
532         (JSC::numberProtoFuncToString):
533             - Changed to use toStringWithRadix.
534
535 2011-07-02  Gavin Barraclough  <barraclough@apple.com>
536
537         https://bugs.webkit.org/show_bug.cgi?id=63866
538         DFG JIT - implement instanceof
539
540         Reviewed by Sam Weinig.
541
542         Add ops CheckHasInstance & InstanceOf to implement bytecodes
543         op_check_has_instance & op_instanceof. This is an initial
544         functional implementation, performance is a wash. We can
545         follow up with changes to fuse the InstanceOf node with
546         a subsequant branch, as we do with other comparisons.
547
548         * dfg/DFGByteCodeParser.cpp:
549         (JSC::DFG::ByteCodeParser::parseBlock):
550         * dfg/DFGJITCompiler.cpp:
551         (JSC::DFG::JITCompiler::jitAssertIsCell):
552         * dfg/DFGJITCompiler.h:
553         (JSC::DFG::JITCompiler::jitAssertIsCell):
554         * dfg/DFGNode.h:
555         * dfg/DFGNonSpeculativeJIT.cpp:
556         (JSC::DFG::NonSpeculativeJIT::compile):
557         * dfg/DFGOperations.cpp:
558         * dfg/DFGOperations.h:
559         * dfg/DFGSpeculativeJIT.cpp:
560         (JSC::DFG::SpeculativeJIT::compile):
561
562 2011-07-01  Oliver Hunt  <oliver@apple.com>
563
564         IE Web Workers demo crashes in JSC::SlotVisitor::visitChildren()
565         https://bugs.webkit.org/show_bug.cgi?id=63732
566
567         Reviewed by Gavin Barraclough.
568
569         Initialise the memory at the head of the new storage so that
570         GC is safe if triggered by reportExtraMemoryCost.
571
572         * runtime/JSArray.cpp:
573         (JSC::JSArray::increaseVectorPrefixLength):
574
575 2011-07-01  Oliver Hunt  <oliver@apple.com>
576
577         GC sweep can occur before an object is completely initialised
578         https://bugs.webkit.org/show_bug.cgi?id=63836
579
580         Reviewed by Gavin Barraclough.
581
582         In rare cases it's possible for a GC sweep to occur while a
583         live, but not completely initialised object is on the stack.
584         In such a case we may incorrectly choose to mark it, even
585         though it has no children that need marking.
586
587         We resolve this by always zeroing out the structure of any
588         value returned from JSCell::operator new(), and making the
589         markstack tolerant of a null structure. 
590
591         * runtime/JSCell.h:
592         (JSC::JSCell::JSCell::~JSCell):
593         (JSC::JSCell::JSCell::operator new):
594         * runtime/Structure.h:
595         (JSC::MarkStack::internalAppend):
596
597 2011-07-01  Filip Pizlo  <fpizlo@apple.com>
598
599         Reviewed by Gavin Barraclough.
600
601         DFG non-speculative JIT always performs slow C calls for div and mod.
602         https://bugs.webkit.org/show_bug.cgi?id=63684
603
604         * dfg/DFGNonSpeculativeJIT.cpp:
605         (JSC::DFG::NonSpeculativeJIT::compile):
606
607 2011-07-01  Juan C. Montemayor  <jmont@apple.com>
608
609         Reviewed by Oliver Hunt.
610
611         Lexer error messages are currently appalling
612         https://bugs.webkit.org/show_bug.cgi?id=63340
613
614         Added error messages for the Lexer. These messages will be displayed
615         instead of the lexer error messages from the parser that are currently
616         shown.
617
618         * parser/Lexer.cpp:
619         (JSC::Lexer::getInvalidCharMessage):
620         (JSC::Lexer::setCode):
621         (JSC::Lexer::parseString):
622         (JSC::Lexer::lex):
623         (JSC::Lexer::clear):
624         * parser/Lexer.h:
625         (JSC::Lexer::getErrorMessage):
626         (JSC::Lexer::setOffset):
627         * parser/Parser.cpp:
628         (JSC::Parser::parse):
629
630 2011-07-01  Jungshik Shin  <jshin@chromium.org>
631
632         Reviewed by Alexey Proskuryakov.
633
634         Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
635         build files for ports not using ICU.
636         Add icu/unicode/uscript.h for ports using ICU. It's taken from 
637         ICU 3.6 (the version used on Mac OS 10.5)
638
639         http://bugs.webkit.org/show_bug.cgi?id=20797
640
641         * GNUmakefile.list.am:
642         * JavaScriptCore.gypi:
643         * icu/unicode/uscript.h: Added for UScriptCode enum.
644         * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
645         * wtf/unicode/icu/UnicodeIcu.h:
646         * wtf/unicode/brew/UnicodeBrew.h:
647         * wtf/unicode/glib/UnicodeGLib.h:
648         * wtf/unicode/qt4/UnicodeQt4.h:
649         * wtf/unicode/wince/UnicodeWinCE.h:
650
651 2011-07-01  Gavin Barraclough  <barraclough@apple.com>
652
653         Reviewed by Sam Weinig.
654
655         https://bugs.webkit.org/show_bug.cgi?id=63819
656         Escaping of forwardslashes in strings incorrect if multiple exist.
657
658         The bug is in the parameters passed to a substring - should be
659         start & length, but we're passing start & end indices!
660
661         * runtime/RegExpObject.cpp:
662         (JSC::regExpObjectSource):
663
664 2011-07-01  Adam Roben  <aroben@apple.com>
665
666         Roll out r90194
667         http://trac.webkit.org/changeset/90194
668         https://bugs.webkit.org/show_bug.cgi?id=63778
669
670         Fixes <http://webkit.org/b/63812> REGRESSION (r90194): Multiple tests intermittently failing
671         assertions in WriteBarrierBase<JSC::Structure>::get
672
673         * runtime/JSCell.h:
674         (JSC::JSCell::JSCell::~JSCell):
675
676 2011-06-30  Oliver Hunt  <oliver@apple.com>
677
678         Reviewed by Gavin Barraclough.
679
680         Add optimised paths for a few maths functions
681         https://bugs.webkit.org/show_bug.cgi?id=63757
682
683         Relanding as a Mac only patch.
684
685         This adds specialised thunks for Math.abs, Math.round, Math.ceil,
686         Math.floor, Math.log, and Math.exp as they are apparently more
687         important in real web content than we thought, which is somewhat
688         mind-boggling.  On average doubles the performance of the common
689         cases (eg. actually passing numbers in).  They're not as efficient
690         as they could be, but this way gives them the most portability.
691
692         * assembler/MacroAssemblerARM.h:
693         (JSC::MacroAssemblerARM::supportsDoubleBitops):
694         (JSC::MacroAssemblerARM::andnotDouble):
695         * assembler/MacroAssemblerARMv7.h:
696         (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
697         (JSC::MacroAssemblerARMv7::andnotDouble):
698         * assembler/MacroAssemblerMIPS.h:
699         (JSC::MacroAssemblerMIPS::andnotDouble):
700         (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
701         * assembler/MacroAssemblerSH4.h:
702         (JSC::MacroAssemblerSH4::supportsDoubleBitops):
703         (JSC::MacroAssemblerSH4::andnotDouble):
704         * assembler/MacroAssemblerX86.h:
705         (JSC::MacroAssemblerX86::supportsDoubleBitops):
706         * assembler/MacroAssemblerX86Common.h:
707         (JSC::MacroAssemblerX86Common::andnotDouble):
708         * assembler/MacroAssemblerX86_64.h:
709         (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
710         * assembler/X86Assembler.h:
711         (JSC::X86Assembler::andnpd_rr):
712         * create_hash_table:
713         * jit/SpecializedThunkJIT.h:
714         (JSC::SpecializedThunkJIT::finalize):
715         (JSC::SpecializedThunkJIT::callDoubleToDouble):
716         * jit/ThunkGenerators.cpp:
717         (JSC::floorThunkGenerator):
718         (JSC::ceilThunkGenerator):
719         (JSC::roundThunkGenerator):
720         (JSC::expThunkGenerator):
721         (JSC::logThunkGenerator):
722         (JSC::absThunkGenerator):
723         * jit/ThunkGenerators.h:
724
725 2011-07-01  David Kilzer  <ddkilzer@apple.com>
726
727         <http://webkit.org/b/63814> Fix clang build error in JITOpcodes32_64.cpp
728
729         Fixes the following build error in clang:
730
731             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:9-741:35}: error: operator '?:' has lower precedence than '+'; '+' will be evaluated first [-Werror,-Wparentheses,3]
732                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
733                      ~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
734             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36: note: place parentheses around the '+' expression to silence this warning [3]
735                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
736                                                 ^
737                      (                         )
738             fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:9-741:9}:"("
739             fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:35-741:35}:")"
740             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:28-741:94}: note: place parentheses around the '?:' expression to evaluate it first [3]
741                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
742                                         ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
743             1 error generated.
744
745         * jit/JITOpcodes32_64.cpp:
746         (JSC::JIT::emit_op_resolve_global): Add parenthesis to make the
747         tertiary expression evaluate first.
748
749 2011-07-01  Sheriff Bot  <webkit.review.bot@gmail.com>
750
751         Unreviewed, rolling out r90177 and r90179.
752         http://trac.webkit.org/changeset/90177
753         http://trac.webkit.org/changeset/90179
754         https://bugs.webkit.org/show_bug.cgi?id=63790
755
756         It caused crashes on Qt in debug mode (Requested by Ossy on
757         #webkit).
758
759         * assembler/MacroAssemblerARM.h:
760         (JSC::MacroAssemblerARM::rshift32):
761         (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
762         (JSC::MacroAssemblerARM::sqrtDouble):
763         * assembler/MacroAssemblerARMv7.h:
764         (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
765         (JSC::MacroAssemblerARMv7::sqrtDouble):
766         * assembler/MacroAssemblerMIPS.h:
767         (JSC::MacroAssemblerMIPS::sqrtDouble):
768         (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
769         * assembler/MacroAssemblerSH4.h:
770         (JSC::MacroAssemblerSH4::sqrtDouble):
771         * assembler/MacroAssemblerX86.h:
772         * assembler/MacroAssemblerX86Common.h:
773         * assembler/MacroAssemblerX86_64.h:
774         * assembler/X86Assembler.h:
775         * create_hash_table:
776         * jit/JSInterfaceJIT.h:
777         (JSC::JSInterfaceJIT::emitLoadDouble):
778         * jit/SpecializedThunkJIT.h:
779         (JSC::SpecializedThunkJIT::finalize):
780         * jit/ThunkGenerators.cpp:
781         * jit/ThunkGenerators.h:
782
783 2011-06-30  Oliver Hunt  <oliver@apple.com>
784
785         Reviewed by Beth Dakin.
786
787         Make GC validation clear cell structure on destruction
788         https://bugs.webkit.org/show_bug.cgi?id=63778
789
790         * runtime/JSCell.h:
791         (JSC::JSCell::JSCell::~JSCell):
792
793 2011-06-30  Geoffrey Garen  <ggaren@apple.com>
794
795         Reviewed by Gavin Barraclough.
796
797         Added write barrier that was missing from put_by_id_transition
798         https://bugs.webkit.org/show_bug.cgi?id=63775
799
800         * dfg/DFGJITCodeGenerator.cpp:
801         (JSC::DFG::JITCodeGenerator::writeBarrier): Made this static with a
802         MacroAssembler& argument so our patching functions could use it.
803
804         (JSC::DFG::JITCodeGenerator::cachedPutById):
805         * dfg/DFGJITCodeGenerator.h:
806         * dfg/DFGNonSpeculativeJIT.cpp:
807         (JSC::DFG::NonSpeculativeJIT::compile): Updated for signature change.
808
809         * dfg/DFGRepatch.cpp:
810         (JSC::DFG::tryCachePutByID): Missing barrier!
811
812         * dfg/DFGSpeculativeJIT.cpp:
813         (JSC::DFG::SpeculativeJIT::compile): Updated for signature change.
814
815         * jit/JITPropertyAccess.cpp:
816         (JSC::JIT::privateCompilePutByIdTransition):
817         * jit/JITPropertyAccess32_64.cpp:
818         (JSC::JIT::privateCompilePutByIdTransition):
819         * jit/JSInterfaceJIT.h: Same game here. Removed storePtrWithWriteBarrier
820         because its meaning isn't clear -- maybe in the future we'll have a
821         clear way to pass all stores through a common function that guarantees
822         a write barrier, but that's not the case right now.
823
824 2011-06-30  Filip Pizlo  <fpizlo@apple.com>
825
826         Reviewed by Gavin Barraclough.
827
828         DFG non-speculative JIT does not reuse registers when compiling comparisons.
829         https://bugs.webkit.org/show_bug.cgi?id=63565
830
831         * dfg/DFGNonSpeculativeJIT.cpp:
832         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
833         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
834         (JSC::DFG::NonSpeculativeJIT::compare):
835
836 2011-06-30  Geoffrey Garen  <ggaren@apple.com>
837
838         Reviewed by Gavin Barraclough.
839
840         Added empty write barrier stubs in all the right places in the DFG JIT
841         https://bugs.webkit.org/show_bug.cgi?id=63764
842         
843         SunSpider thinks this might be a 0.5% speedup. Meh.
844
845         * dfg/DFGJITCodeGenerator.cpp:
846         (JSC::DFG::JITCodeGenerator::writeBarrier): Le stub.
847
848         (JSC::DFG::JITCodeGenerator::cachedPutById): Don't do anything special
849         for the case where base == scratch, since we now require base and scratch
850         to be not equal, for the sake of the write barrier.
851
852         * dfg/DFGJITCodeGenerator.h: Le stub.
853
854         * dfg/DFGNonSpeculativeJIT.cpp:
855         (JSC::DFG::NonSpeculativeJIT::compile): Don't reuse the base register
856         as the scratch register, since that's incompatible with the write barrier,
857         which needs a distinct base and scratch.
858         
859         Do put the global object into a register before loading its var storage,
860         since it needs to be in a register for the write barrier to operate on it.
861
862         * dfg/DFGSpeculativeJIT.cpp:
863         (JSC::DFG::SpeculativeJIT::compile):
864         * jit/JITPropertyAccess.cpp:
865         (JSC::JIT::emitWriteBarrier): Second verse, same as the first.
866
867         * jit/JITPropertyAccess.cpp:
868         (JSC::JIT::emit_op_get_scoped_var):
869         (JSC::JIT::emit_op_put_scoped_var):
870         (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
871         places.
872
873         (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
874         is a little more than meaningless.
875
876         * jit/JITPropertyAccess32_64.cpp:
877         (JSC::JIT::emit_op_get_scoped_var):
878         (JSC::JIT::emit_op_put_scoped_var):
879         (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
880         places.
881
882         (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
883         is a little more than meaningless.
884
885         * runtime/JSVariableObject.h:
886         (JSC::JSVariableObject::offsetOfRegisters): Now used by the JIT, since
887         we put the global object in a register and only then load its var storage
888         by offset.
889
890         (JSC::JIT::emitWriteBarrier):
891
892 2011-06-30  Oliver Hunt  <oliver@apple.com>
893
894         Fix ARMv6 build
895
896         * assembler/MacroAssemblerARM.h:
897         (JSC::MacroAssemblerARM::rshift32):
898
899 2011-06-30  Oliver Hunt  <oliver@apple.com>
900
901         Reviewed by Gavin Barraclough.
902
903         Add optimised paths for a few maths functions
904         https://bugs.webkit.org/show_bug.cgi?id=63757
905
906         This adds specialised thunks for Math.abs, Math.round, Math.ceil,
907         Math.floor, Math.log, and Math.exp as they are apparently more
908         important in real web content than we thought, which is somewhat
909         mind-boggling.  On average doubles the performance of the common
910         cases (eg. actually passing numbers in).  They're not as efficient
911         as they could be, but this way gives them the most portability.
912
913         * assembler/MacroAssemblerARM.h:
914         (JSC::MacroAssemblerARM::supportsDoubleBitops):
915         (JSC::MacroAssemblerARM::andnotDouble):
916         * assembler/MacroAssemblerARMv7.h:
917         (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
918         (JSC::MacroAssemblerARMv7::andnotDouble):
919         * assembler/MacroAssemblerMIPS.h:
920         (JSC::MacroAssemblerMIPS::andnotDouble):
921         (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
922         * assembler/MacroAssemblerSH4.h:
923         (JSC::MacroAssemblerSH4::supportsDoubleBitops):
924         (JSC::MacroAssemblerSH4::andnotDouble):
925         * assembler/MacroAssemblerX86.h:
926         (JSC::MacroAssemblerX86::supportsDoubleBitops):
927         * assembler/MacroAssemblerX86Common.h:
928         (JSC::MacroAssemblerX86Common::andnotDouble):
929         * assembler/MacroAssemblerX86_64.h:
930         (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
931         * assembler/X86Assembler.h:
932         (JSC::X86Assembler::andnpd_rr):
933         * create_hash_table:
934         * jit/SpecializedThunkJIT.h:
935         (JSC::SpecializedThunkJIT::finalize):
936         (JSC::SpecializedThunkJIT::callDoubleToDouble):
937         * jit/ThunkGenerators.cpp:
938         (JSC::floorThunkGenerator):
939         (JSC::ceilThunkGenerator):
940         (JSC::roundThunkGenerator):
941         (JSC::expThunkGenerator):
942         (JSC::logThunkGenerator):
943         (JSC::absThunkGenerator):
944         * jit/ThunkGenerators.h:
945
946 2011-06-30  Cary Clark  <caryclark@google.com>
947
948         Reviewed by James Robinson.
949
950         Use Skia if Skia on Mac Chrome is enabled
951         https://bugs.webkit.org/show_bug.cgi?id=62999
952
953         * wtf/Platform.h:
954         Add switch to use Skia if, externally,
955         Skia has been enabled by a gyp define.
956
957 2011-06-30  Juan C. Montemayor  <jmont@apple.com>
958
959         Reviewed by Geoffrey Garen.
960
961         Web Inspector fails to display source for eval with syntax error
962         https://bugs.webkit.org/show_bug.cgi?id=63583
963
964         Web Inspector now displays a link to an eval statement that contains
965         a syntax error.
966
967         * parser/Parser.h:
968         (JSC::isEvalNode):
969         (JSC::EvalNode):
970         (JSC::Parser::parse):
971
972 2011-06-30  Filip Pizlo  <fpizlo@apple.com>
973
974         Reviewed by Gavin Barraclough.
975
976         X86Assembler does not encode byte registers in 64-bit mode correctly.
977         https://bugs.webkit.org/show_bug.cgi?id=63665
978
979         * assembler/X86Assembler.h:
980         (JSC::X86Assembler::testb_rr):
981         (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
982
983 2011-06-30  Sheriff Bot  <webkit.review.bot@gmail.com>
984
985         Unreviewed, rolling out r90102.
986         http://trac.webkit.org/changeset/90102
987         https://bugs.webkit.org/show_bug.cgi?id=63714
988
989         Lots of tests asserting beneath
990         SVGSMILElement::findInstanceTime (Requested by aroben on
991         #webkit).
992
993         * wtf/StdLibExtras.h:
994         (WTF::binarySearch):
995
996 2011-06-30  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
997
998         Reviewed by Nikolas Zimmermann.
999
1000         Speed up SVGSMILElement::findInstanceTime.
1001         https://bugs.webkit.org/show_bug.cgi?id=61025
1002
1003         Add a new parameter to StdlibExtras.h::binarySerarch function
1004         to also handle cases when the array does not contain the key value.
1005         This is needed for an svg function.
1006
1007         * wtf/StdLibExtras.h:
1008         (WTF::binarySearch):
1009
1010 2011-06-29  Gavin Barraclough  <barraclough@apple.com>
1011
1012         Reviewed by Geoff Garen.
1013
1014         https://bugs.webkit.org/show_bug.cgi?id=63669
1015         DFG JIT - fix spectral-norm regression
1016
1017         The problem is a mis-speculation leading to us falling off the speculative path.
1018         Make the speculation logic slightly smarter, don't predict int if one of the
1019         operands is already loaded as a double (we use this logic already for compares).
1020
1021         * dfg/DFGSpeculativeJIT.cpp:
1022         (JSC::DFG::SpeculativeJIT::compile):
1023         * dfg/DFGSpeculativeJIT.h:
1024         (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
1025
1026 2011-06-29  Filip Pizlo  <fpizlo@apple.com>
1027
1028         Reviewed by Gavin Barraclough.
1029
1030         DFG JIT does not do put_by_id transition caching.
1031         https://bugs.webkit.org/show_bug.cgi?id=63662
1032
1033         * dfg/DFGJITCodeGenerator.cpp:
1034         (JSC::DFG::JITCodeGenerator::cachedPutById):
1035         * dfg/DFGJITCompiler.h:
1036         (JSC::DFG::JITCompiler::addPropertyAccess):
1037         * dfg/DFGRepatch.cpp:
1038         (JSC::DFG::testPrototype):
1039         (JSC::DFG::tryCachePutByID):
1040
1041 2011-06-29  Geoffrey Garen  <ggaren@apple.com>
1042
1043         Reviewed by Oliver Hunt.
1044
1045         Added a dummy write barrier emitting function in all the right places in the old JIT
1046         https://bugs.webkit.org/show_bug.cgi?id=63667
1047         
1048         SunSpider reports no change.
1049
1050         * jit/JIT.h:
1051         * jit/JITPropertyAccess.cpp:
1052         (JSC::JIT::emit_op_put_by_id):
1053         (JSC::JIT::emit_op_put_scoped_var): Do it.
1054
1055         (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
1056         for the sake of the write barrier.
1057
1058         (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
1059
1060         * jit/JITPropertyAccess32_64.cpp:
1061         (JSC::JIT::emit_op_put_by_val):
1062         (JSC::JIT::emit_op_put_by_id):
1063         (JSC::JIT::emit_op_put_scoped_var): Do it.
1064
1065         (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
1066         for the sake of the write barrier.
1067
1068         (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
1069
1070 2011-06-29  Filip Pizlo  <fpizlo@apple.com>
1071
1072         Reviewed by Gavin Barraclough.
1073
1074         DFG JIT does not perform get_by_id self list caching.
1075         https://bugs.webkit.org/show_bug.cgi?id=63605
1076
1077         * bytecode/StructureStubInfo.h:
1078         * dfg/DFGJITCompiler.cpp:
1079         (JSC::DFG::JITCompiler::compileFunction):
1080         * dfg/DFGOperations.cpp:
1081         * dfg/DFGOperations.h:
1082         * dfg/DFGRepatch.cpp:
1083         (JSC::DFG::tryCacheGetByID):
1084         (JSC::DFG::tryBuildGetByIDList):
1085         (JSC::DFG::dfgBuildGetByIDList):
1086         * dfg/DFGRepatch.h:
1087
1088 2011-06-28  Filip Pizlo  <fpizlo@apple.com>
1089
1090         Reviewed by Gavin Barraclough.
1091
1092         DFG JIT lacks array.length caching.
1093         https://bugs.webkit.org/show_bug.cgi?id=63505
1094
1095         * bytecode/StructureStubInfo.h:
1096         * dfg/DFGJITCodeGenerator.cpp:
1097         (JSC::DFG::JITCodeGenerator::cachedGetById):
1098         (JSC::DFG::JITCodeGenerator::cachedPutById):
1099         * dfg/DFGJITCodeGenerator.h:
1100         (JSC::DFG::JITCodeGenerator::tryAllocate):
1101         (JSC::DFG::JITCodeGenerator::selectScratchGPR):
1102         (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
1103         * dfg/DFGJITCompiler.cpp:
1104         (JSC::DFG::JITCompiler::compileFunction):
1105         * dfg/DFGJITCompiler.h:
1106         (JSC::DFG::JITCompiler::addPropertyAccess):
1107         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
1108         * dfg/DFGRegisterBank.h:
1109         (JSC::DFG::RegisterBank::tryAllocate):
1110         * dfg/DFGRepatch.cpp:
1111         (JSC::DFG::tryCacheGetByID):
1112
1113 2011-06-28  Pierre Rossi  <pierre.rossi@gmail.com>
1114
1115         Reviewed by Eric Seidel.
1116
1117         Warnings in JSC's JIT on 32 bit
1118         https://bugs.webkit.org/show_bug.cgi?id=63259
1119
1120         Fairly straightforward, just use ASSERT_JIT_OFFSET_UNUSED when it applies.
1121
1122         * jit/JITPropertyAccess32_64.cpp:
1123         (JSC::JIT::emit_op_method_check):
1124         (JSC::JIT::compileGetByIdHotPath):
1125         (JSC::JIT::emit_op_put_by_id):
1126
1127 2011-06-28  Sheriff Bot  <webkit.review.bot@gmail.com>
1128
1129         Unreviewed, rolling out r89968.
1130         http://trac.webkit.org/changeset/89968
1131         https://bugs.webkit.org/show_bug.cgi?id=63581
1132
1133         Broke chromium windows compile (Requested by jamesr on
1134         #webkit).
1135
1136         * wtf/Platform.h:
1137
1138 2011-06-28  Oliver Hunt  <oliver@apple.com>
1139
1140         Reviewed by Gavin Barraclough.
1141
1142         Fix sampling build
1143         https://bugs.webkit.org/show_bug.cgi?id=63579
1144
1145         Gets opcode sampling building again, doesn't seem to work alas
1146
1147         * bytecode/SamplingTool.cpp:
1148         (JSC::SamplingTool::notifyOfScope):
1149         * bytecode/SamplingTool.h:
1150         (JSC::SamplingTool::SamplingTool):
1151         * interpreter/Interpreter.cpp:
1152         (JSC::Interpreter::enableSampler):
1153         * runtime/Executable.h:
1154         (JSC::ScriptExecutable::ScriptExecutable):
1155
1156 2011-06-28  Cary Clark  <caryclark@google.com>
1157
1158         Reviewed by James Robinson.
1159
1160         Use Skia if Skia on Mac Chrome is enabled
1161         https://bugs.webkit.org/show_bug.cgi?id=62999
1162
1163         * wtf/Platform.h:
1164         Add switch to use Skia if, externally,
1165         Skia has been enabled by a gyp define.
1166
1167 2011-06-28  Oliver Hunt  <oliver@apple.com>
1168
1169         Reviewed by Gavin Barraclough.
1170
1171         ASSERT when launching debug builds with interpreter and jit enabled
1172         https://bugs.webkit.org/show_bug.cgi?id=63566
1173
1174         Add appropriate guards to the various Executable's memory reporting
1175         logic.
1176
1177         * runtime/Executable.cpp:
1178         (JSC::EvalExecutable::compileInternal):
1179         (JSC::ProgramExecutable::compileInternal):
1180         (JSC::FunctionExecutable::compileForCallInternal):
1181         (JSC::FunctionExecutable::compileForConstructInternal):
1182
1183 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1184
1185         Reviewed by Oliver Hunt.
1186
1187         https://bugs.webkit.org/show_bug.cgi?id=63563
1188         DFG JIT - add support for double arith to speculative path
1189
1190         Add integer support for div & mod, add double support for div, mod,
1191         add, sub & mul, dynamically selecting based on operand types.
1192
1193         * dfg/DFGJITCodeGenerator.cpp:
1194         (JSC::DFG::FPRTemporary::FPRTemporary):
1195         * dfg/DFGJITCodeGenerator.h:
1196         * dfg/DFGJITCompiler.h:
1197         (JSC::DFG::JITCompiler::assembler):
1198         * dfg/DFGSpeculativeJIT.cpp:
1199         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1200         (JSC::DFG::SpeculativeJIT::compile):
1201         * dfg/DFGSpeculativeJIT.h:
1202         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
1203         (JSC::DFG::SpeculateDoubleOperand::~SpeculateDoubleOperand):
1204         (JSC::DFG::SpeculateDoubleOperand::index):
1205         (JSC::DFG::SpeculateDoubleOperand::fpr):
1206
1207 2011-06-28  Oliver Hunt  <oliver@apple.com>
1208
1209         Fix interpreter build.
1210
1211         * interpreter/Interpreter.cpp:
1212         (JSC::Interpreter::privateExecute):
1213
1214 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1215
1216         Reviewed by Oliver Hunt.
1217
1218         https://bugs.webkit.org/show_bug.cgi?id=63561
1219         DFG JIT - don't always assume integer in relational compare
1220
1221         If neither operand is known integer, or either is in double representation,
1222         then at least use a function call (don't bail off the speculative path).
1223
1224         * dfg/DFGSpeculativeJIT.cpp:
1225         (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
1226         (JSC::DFG::SpeculativeJIT::compile):
1227         * dfg/DFGSpeculativeJIT.h:
1228         (JSC::DFG::SpeculativeJIT::isDataFormatDouble):
1229         (JSC::DFG::SpeculativeJIT::compareIsInteger):
1230
1231 2011-06-28  Oliver Hunt  <oliver@apple.com>
1232
1233         Reviewed by Gavin Barraclough.
1234
1235         Make constant array optimisation less strict about what constitutes a constant
1236         https://bugs.webkit.org/show_bug.cgi?id=63554
1237
1238         Now allow string constants in array literals to actually be considered constant,
1239         and so avoid codegen in array literals with strings in them.
1240
1241         * bytecode/CodeBlock.h:
1242         (JSC::CodeBlock::addConstantBuffer):
1243         (JSC::CodeBlock::constantBuffer):
1244         * bytecompiler/BytecodeGenerator.cpp:
1245         (JSC::BytecodeGenerator::addConstantBuffer):
1246         (JSC::BytecodeGenerator::addStringConstant):
1247         (JSC::BytecodeGenerator::emitNewArray):
1248         * bytecompiler/BytecodeGenerator.h:
1249         * interpreter/Interpreter.cpp:
1250         (JSC::Interpreter::privateExecute):
1251         * jit/JITStubs.cpp:
1252         (JSC::DEFINE_STUB_FUNCTION):
1253
1254 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1255
1256         Reviewed by Oliver Hunt.
1257
1258         https://bugs.webkit.org/show_bug.cgi?id=63560
1259         DFG_JIT allow allocation of specific machine registers
1260
1261         This allow us to allocate the registers necessary to perform x86
1262         idiv instructions for div/mod, and may be useful for shifts, too.
1263
1264         * dfg/DFGJITCodeGenerator.cpp:
1265         (JSC::DFG::GPRTemporary::GPRTemporary):
1266         * dfg/DFGJITCodeGenerator.h:
1267         (JSC::DFG::JITCodeGenerator::allocate):
1268         (JSC::DFG::GPRResult::GPRResult):
1269         * dfg/DFGRegisterBank.h:
1270         (JSC::DFG::RegisterBank::allocateSpecific):
1271         * dfg/DFGSpeculativeJIT.h:
1272         (JSC::DFG::SpeculativeJIT::isInteger):
1273
1274 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1275
1276         Reviewed by Oliver Hunt.
1277
1278         https://bugs.webkit.org/show_bug.cgi?id=55040
1279         RegExp constructor returns the argument regexp instead of a new object
1280
1281         Per 15.10.3.1, our current behaviour is correct if called as a function,
1282         but incorrect when called as a constructor.
1283
1284         * runtime/RegExpConstructor.cpp:
1285         (JSC::constructRegExp):
1286         (JSC::constructWithRegExpConstructor):
1287         * runtime/RegExpConstructor.h:
1288
1289 2011-06-28  Luke Macpherson   <macpherson@chromium.org>
1290
1291         Reviewed by Darin Adler.
1292
1293         Clean up integer clamping functions in MathExtras.h and support arbitrary numeric types and limits.
1294         https://bugs.webkit.org/show_bug.cgi?id=63469
1295
1296         * wtf/MathExtras.h:
1297         (defaultMinimumForClamp):
1298         Version of std::numeric_limits::min() that returns the largest negative value for floating point types.
1299         (defaultMaximumForClamp):
1300         Symmetric alias for std::numeric_limits::max()
1301         (clampTo):
1302         New templated clamping function that supports arbitrary output types.
1303         (clampToInteger):
1304         Use new clampTo template.
1305         (clampToFloat):
1306         Use new clampTo template.
1307         (clampToPositiveInteger):
1308         Use new clampTo template.
1309
1310 2011-06-28  Adam Roben  <aroben@apple.com>
1311
1312         Windows Debug build fix after r89885
1313
1314         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported
1315         JSGlobalData::releaseExecutableMemory for jsc.exe's benefit.
1316
1317 2011-06-28  Shinya Kawanaka  <shinyak@google.com>
1318
1319         Reviewed by Kent Tamura.
1320
1321         Add const to show() method in WTFString and AtomicString.
1322         https://bugs.webkit.org/show_bug.cgi?id=63515
1323
1324         The lack of const in show() method is painful when
1325         doing something like printf-debug.
1326
1327         * wtf/text/AtomicString.cpp:
1328         (WTF::AtomicString::show):
1329         * wtf/text/AtomicString.h:
1330         * wtf/text/WTFString.cpp:
1331         (String::show):
1332         * wtf/text/WTFString.h:
1333
1334 2011-06-27  Ryosuke Niwa  <rniwa@webkit.org>
1335
1336         Build fix attempt after r89885.
1337
1338         * JavaScriptCore.exp:
1339         * jsc.cpp:
1340
1341 2011-06-27  Oliver Hunt  <oliver@apple.com>
1342
1343         Reviewed by Geoffrey Garen.
1344
1345         Support throwing away non-running code even while other code is running
1346         https://bugs.webkit.org/show_bug.cgi?id=63485
1347
1348         Add a function to CodeBlock to support unlinking direct linked callsites,
1349         and then with that in place add logic to discard code from any function
1350         that is not currently on the stack.
1351
1352         The unlinking completely reverts any optimized call sites, such that they
1353         may be relinked again in future.
1354
1355         * JavaScriptCore.exp:
1356         * bytecode/CodeBlock.cpp:
1357         (JSC::CodeBlock::unlinkCalls):
1358         (JSC::CodeBlock::clearEvalCache):
1359         * bytecode/CodeBlock.h:
1360         (JSC::CallLinkInfo::CallLinkInfo):
1361         (JSC::CallLinkInfo::unlink):
1362         * bytecode/EvalCodeCache.h:
1363         (JSC::EvalCodeCache::clear):
1364         * heap/Heap.cpp:
1365         (JSC::Heap::getConservativeRegisterRoots):
1366         * heap/Heap.h:
1367         * jit/JIT.cpp:
1368         (JSC::JIT::privateCompile):
1369         * jit/JIT.h:
1370         * jit/JITCall.cpp:
1371         (JSC::JIT::compileOpCall):
1372         * jit/JITWriteBarrier.h:
1373         (JSC::JITWriteBarrierBase::clear):
1374         * jsc.cpp:
1375         (GlobalObject::GlobalObject):
1376         (functionReleaseExecutableMemory):
1377         * runtime/Executable.cpp:
1378         (JSC::EvalExecutable::unlinkCalls):
1379         (JSC::ProgramExecutable::unlinkCalls):
1380         (JSC::FunctionExecutable::discardCode):
1381         (JSC::FunctionExecutable::unlinkCalls):
1382         * runtime/Executable.h:
1383         * runtime/JSGlobalData.cpp:
1384         (JSC::SafeRecompiler::returnValue):
1385         (JSC::SafeRecompiler::operator()):
1386         (JSC::JSGlobalData::releaseExecutableMemory):
1387
1388 2011-06-27  Gavin Barraclough  <barraclough@apple.com>
1389
1390         Reviewed by Darin Adler & Oliver Hunt.
1391
1392         https://bugs.webkit.org/show_bug.cgi?id=50554
1393         RegExp.prototype.toString does not escape slashes
1394
1395         The problem here is that we don't escape forwards slashes when converting
1396         a RegExp to a string. This means that RegExp("/").toString() is "///",
1397         which is not a valid RegExp literal. Also, we return an invalid literal
1398         for RegExp.prototype.toString() ("//", which is an empty single-line comment).
1399
1400         From ES5:
1401         "NOTE: The returned String has the form of a RegularExpressionLiteral that
1402         evaluates to another RegExp object with the same behaviour as this object."
1403
1404         * runtime/RegExpObject.cpp:
1405         (JSC::regExpObjectSource):
1406             - Escape forward slashes when getting the source of a RegExp.
1407         * runtime/RegExpPrototype.cpp:
1408         (JSC::regExpProtoFuncToString):
1409             - Remove unnecessary and erroneous hack to return "//" as the string
1410             representation of RegExp.prototype. This is not a valid RegExp literal
1411             (it is an empty single-line comment).
1412
1413 2011-06-27  Gavin Barraclough  <barraclough@apple.com>
1414
1415         Reviewed by Oliver Hunt.
1416
1417         https://bugs.webkit.org/show_bug.cgi?id=63497
1418         Add DEBUG_WITH_BREAKPOINT support to the DFG JIT.
1419
1420         * dfg/DFGByteCodeParser.cpp:
1421         (JSC::DFG::ByteCodeParser::parseBlock):
1422         * dfg/DFGNode.h:
1423         * dfg/DFGNonSpeculativeJIT.cpp:
1424         (JSC::DFG::NonSpeculativeJIT::compile):
1425         * dfg/DFGSpeculativeJIT.cpp:
1426         (JSC::DFG::SpeculativeJIT::compile):
1427
1428 2011-06-27  Juan C. Montemayor  <jmont@apple.com>
1429
1430         Reviewed by Mark Rowe.
1431
1432         Indirectly including TextPosition.h and XPathGrammar.h causes compile errors
1433         https://bugs.webkit.org/show_bug.cgi?id=63392
1434         
1435         When both TextPosition.h and XPathGrammar.h are included a compile-error
1436         is caused, since XPathGrammar.h defines a macro called NUMBER and 
1437         TextPosition has a typedef named NUMBER.
1438
1439         * wtf/text/TextPosition.h:
1440         (WTF::TextPosition::TextPosition):
1441         (WTF::TextPosition::minimumPosition):
1442         (WTF::TextPosition::belowRangePosition):
1443
1444 2011-06-27  Filip Pizlo  <fpizlo@apple.com>
1445
1446         Reviewed by Gavin Barraclough.
1447
1448         DFG JIT does not perform put_by_id caching.
1449         https://bugs.webkit.org/show_bug.cgi?id=63409
1450
1451         * bytecode/StructureStubInfo.h:
1452         * dfg/DFGJITCodeGenerator.cpp:
1453         (JSC::DFG::JITCodeGenerator::cachedPutById):
1454         * dfg/DFGJITCodeGenerator.h:
1455         * dfg/DFGJITCompiler.cpp:
1456         (JSC::DFG::JITCompiler::compileFunction):
1457         * dfg/DFGJITCompiler.h:
1458         (JSC::DFG::JITCompiler::addPropertyAccess):
1459         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
1460         * dfg/DFGNonSpeculativeJIT.cpp:
1461         (JSC::DFG::NonSpeculativeJIT::compile):
1462         * dfg/DFGOperations.cpp:
1463         * dfg/DFGOperations.h:
1464         * dfg/DFGRepatch.cpp:
1465         (JSC::DFG::dfgRepatchByIdSelfAccess):
1466         (JSC::DFG::tryCacheGetByID):
1467         (JSC::DFG::appropriatePutByIdFunction):
1468         (JSC::DFG::tryCachePutByID):
1469         (JSC::DFG::dfgRepatchPutByID):
1470         * dfg/DFGRepatch.h:
1471         * dfg/DFGSpeculativeJIT.cpp:
1472         (JSC::DFG::SpeculativeJIT::compile):
1473
1474 2011-06-27  Gustavo Noronha Silva  <gns@gnome.org>
1475
1476         Unreviewed build fix. One more filed missing during distcheck, for
1477         the MIPS build.
1478
1479         * GNUmakefile.list.am:
1480
1481 2011-06-26  Filip Pizlo  <fpizlo@apple.com>
1482
1483         Reviewed by Gavin Barraclough.
1484
1485         DFG non-speculative JIT has potentially harmful speculations with respect to arithmetic operations.
1486         https://bugs.webkit.org/show_bug.cgi?id=63347
1487
1488         * dfg/DFGNonSpeculativeJIT.cpp:
1489             - Changed arithmetic operations to speculate in favor of integers.
1490         (JSC::DFG::NonSpeculativeJIT::valueToNumber):
1491         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1492         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1493         (JSC::DFG::NonSpeculativeJIT::compile):
1494         * dfg/DFGNonSpeculativeJIT.h:
1495         * dfg/DFGOperations.cpp:
1496             - Added slow-path routines for arithmetic that perform no speculation; the
1497               non-speculative JIT will generate calls to these in cases where its
1498               speculation fails.
1499         * dfg/DFGOperations.h:
1500
1501 2011-06-24  Nikolas Zimmermann  <nzimmermann@rim.com>
1502
1503         Reviewed by Rob Buis.
1504
1505         Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
1506         https://bugs.webkit.org/show_bug.cgi?id=59085
1507
1508         * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
1509
1510 2011-06-24  Michael Saboff  <msaboff@apple.com>
1511
1512         Reviewed by Gavin Barraclough.
1513
1514         Arm Assembler, Immediate stack offset values truncated to 8 bits for add & sub
1515         https://bugs.webkit.org/show_bug.cgi?id=63345
1516
1517         The methods ARMThumbImmediate::getUInt9 and ARMThumbImmediate::getUInt10
1518         return 9 and 10 bit quantities, therefore changed their return type from
1519         uint8_t to uint16_t.  Also casted the places where they are used as they
1520         are currently shifted and used as 7 or 8 bit values.
1521
1522         These methods are currently used for literals for stack offsets, 
1523         including creating and destroying stack frames.  The prior truncation of
1524         the upper bits caused stack frames to be too small, thus allowing a
1525         JIT'ed function to access and overwrite stack space outside of the
1526         incorrectly sized stack frame.
1527
1528         * assembler/ARMv7Assembler.h:
1529         (JSC::ARMThumbImmediate::getUInt9):
1530         (JSC::ARMThumbImmediate::getUInt10):
1531         (JSC::ARMv7Assembler::add):
1532         (JSC::ARMv7Assembler::ldr):
1533         (JSC::ARMv7Assembler::str):
1534         (JSC::ARMv7Assembler::sub):
1535         (JSC::ARMv7Assembler::sub_S):
1536
1537 2011-06-24  Michael Saboff  <msaboff@apple.com>
1538
1539         Reviewed by Geoffrey Garen.
1540
1541         releaseFastMallocFreeMemory doesn't adjust free counts for scavenger
1542         https://bugs.webkit.org/show_bug.cgi?id=63015
1543
1544         Added code to adjust class TCMalloc_PageHeap variables free_committed_pages_ and
1545         min_free_committed_pages_since_last_scavenge_ in ReleaseFreeList().  These 
1546         adjustments are a bug.  These need to reflect the pages that are released
1547         in ReleaseFreeLsit so that scavenge doesn't try to free that many pages as well.
1548         Made ReleaseFreeList a member of TCMalloc_PageHeap in the process.  Updated
1549         Check() and helper method CheckList() to check the number of actual free pages
1550         with free_committed_pages_.
1551
1552         The symptom of the problem of the existing code is that the scavenger may
1553         run unneccesarily without any real work to do, i.e. pages on the free lists.
1554         The scanvenger would also end up freeing too many pages, that is going below 
1555         the current 528 target free pages.
1556
1557         Note that the style of the changes was kept consistent with the
1558         existing style.
1559
1560         * wtf/FastMalloc.cpp:
1561         (WTF::TCMalloc_PageHeap::Check):
1562         (WTF::TCMalloc_PageHeap::CheckList):
1563         (WTF::TCMalloc_PageHeap::ReleaseFreeList):
1564
1565 2011-06-24  Abhishek Arya  <inferno@chromium.org>
1566
1567         Reviewed by Darin Adler.
1568
1569         Match other clampTo* functions in style with clampToInteger(float)
1570         function.
1571         https://bugs.webkit.org/show_bug.cgi?id=53449
1572
1573         * wtf/MathExtras.h:
1574         (clampToInteger):
1575         (clampToFloat):
1576         (clampToPositiveInteger):
1577
1578 2011-06-24  Sheriff Bot  <webkit.review.bot@gmail.com>
1579
1580         Unreviewed, rolling out r89594.
1581         http://trac.webkit.org/changeset/89594
1582         https://bugs.webkit.org/show_bug.cgi?id=63316
1583
1584         It broke 5 tests on the Qt bot (Requested by Ossy_DC on
1585         #webkit).
1586
1587         * GNUmakefile.list.am:
1588         * JavaScriptCore.gypi:
1589         * icu/unicode/uscript.h: Removed.
1590         * wtf/unicode/ScriptCodesFromICU.h: Removed.
1591         * wtf/unicode/brew/UnicodeBrew.h:
1592         * wtf/unicode/glib/UnicodeGLib.h:
1593         * wtf/unicode/icu/UnicodeIcu.h:
1594         * wtf/unicode/qt4/UnicodeQt4.h:
1595         * wtf/unicode/wince/UnicodeWinCE.h:
1596
1597 2011-06-23  Filip Pizlo  <fpizlo@apple.com>
1598
1599         Reviewed by Gavin Barraclough.
1600
1601         DFG non-speculative JIT should have obvious optimizations for GetById and GetByVal
1602         https://bugs.webkit.org/show_bug.cgi?id=63173
1603
1604         * dfg/DFGJITCodeGenerator.cpp:
1605         (JSC::DFG::JITCodeGenerator::cachedGetById):
1606         * dfg/DFGJITCodeGenerator.h:
1607         * dfg/DFGNonSpeculativeJIT.cpp:
1608         (JSC::DFG::NonSpeculativeJIT::compile):
1609         * dfg/DFGSpeculativeJIT.cpp:
1610         (JSC::DFG::SpeculativeJIT::compile):
1611
1612 2011-06-23  Oliver Hunt  <oliver@apple.com>
1613
1614         Fix Qt again.
1615
1616         * assembler/ARMAssembler.h:
1617         (JSC::ARMAssembler::readPointer):
1618
1619 2011-06-23  Oliver Hunt  <oliver@apple.com>
1620
1621         Fix Qt Build
1622
1623         * assembler/ARMAssembler.h:
1624         (JSC::ARMAssembler::readPointer):
1625
1626 2011-06-23  Stephanie Lewis  <slewis@apple.com>
1627
1628         Reviewed by Darin Adler.
1629
1630         https://bugs.webkit.org/show_bug.cgi?id=63298
1631         Replace Malloc with FastMalloc to match the rest of wtf.
1632
1633         * wtf/BlockStack.h:
1634         (WTF::::~BlockStack):
1635         (WTF::::grow):
1636         (WTF::::shrink):
1637
1638 2011-06-23  Oliver Hunt  <oliver@apple.com>
1639
1640         Reviewed by Gavin Barraclough.
1641
1642         Add the ability to dynamically modify linked call sites
1643         https://bugs.webkit.org/show_bug.cgi?id=63291
1644
1645         Add JITWriteBarrier as a writebarrier class that allows
1646         reading and writing directly into the code stream.
1647
1648         This required adding logic to all the assemblers to allow
1649         us to read values back out of the instruction stream.
1650
1651         * JavaScriptCore.xcodeproj/project.pbxproj:
1652         * assembler/ARMAssembler.h:
1653         (JSC::ARMAssembler::readPointer):
1654         * assembler/ARMv7Assembler.h:
1655         (JSC::ARMv7Assembler::readPointer):
1656         (JSC::ARMv7Assembler::readInt32):
1657         (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmFirst):
1658         (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmSecond):
1659         * assembler/AbstractMacroAssembler.h:
1660         (JSC::AbstractMacroAssembler::readPointer):
1661         * assembler/MIPSAssembler.h:
1662         (JSC::MIPSAssembler::readInt32):
1663         (JSC::MIPSAssembler::readPointer):
1664         * assembler/MacroAssemblerCodeRef.h:
1665         (JSC::MacroAssemblerCodePtr::operator!):
1666         * assembler/SH4Assembler.h:
1667         (JSC::SH4Assembler::readPCrelativeAddress):
1668         (JSC::SH4Assembler::readPointer):
1669         (JSC::SH4Assembler::readInt32):
1670         * assembler/X86Assembler.h:
1671         (JSC::X86Assembler::readPointer):
1672         * bytecode/CodeBlock.cpp:
1673         (JSC::CodeBlock::visitAggregate):
1674         * bytecode/CodeBlock.h:
1675         (JSC::MethodCallLinkInfo::seenOnce):
1676         (JSC::MethodCallLinkInfo::setSeen):
1677         * heap/MarkStack.h:
1678         * jit/JIT.cpp:
1679         (JSC::JIT::privateCompile):
1680         (JSC::JIT::linkCall):
1681         (JSC::JIT::linkConstruct):
1682         * jit/JITPropertyAccess.cpp:
1683         (JSC::JIT::patchMethodCallProto):
1684         * jit/JITPropertyAccess32_64.cpp:
1685         * jit/JITWriteBarrier.h: Added.
1686         (JSC::JITWriteBarrierBase::operator UnspecifiedBoolType*):
1687         (JSC::JITWriteBarrierBase::operator!):
1688         (JSC::JITWriteBarrierBase::setFlagOnBarrier):
1689         (JSC::JITWriteBarrierBase::isFlagged):
1690         (JSC::JITWriteBarrierBase::setLocation):
1691         (JSC::JITWriteBarrierBase::location):
1692         (JSC::JITWriteBarrierBase::JITWriteBarrierBase):
1693         (JSC::JITWriteBarrierBase::set):
1694         (JSC::JITWriteBarrierBase::get):
1695         (JSC::JITWriteBarrier::JITWriteBarrier):
1696         (JSC::JITWriteBarrier::set):
1697         (JSC::JITWriteBarrier::get):
1698         (JSC::MarkStack::append):
1699
1700 2011-06-23  Gavin Barraclough  <barraclough@apple.com>
1701
1702         Reviewed by Oliver Hunt.
1703
1704         https://bugs.webkit.org/show_bug.cgi?id=61585
1705         Crash running regexp /(?:(?=g))|(?:m).{2147483648,}/
1706
1707         This is due to use of int instead of unsigned, bad math around
1708         the 2^31 boundary.
1709
1710         * yarr/YarrInterpreter.cpp:
1711         (JSC::Yarr::ByteCompiler::emitDisjunction):
1712             - Change some uses of int to unsigned, refactor compare logic to
1713               restrict to the range 0..2^32-1 (rather than -2^32-1..2^32-1).
1714         * yarr/YarrJIT.cpp:
1715         (JSC::Yarr::YarrGenerator::generate):
1716         (JSC::Yarr::YarrGenerator::backtrack):
1717             - Ditto.
1718
1719 2011-06-22  Gavin Barraclough  <barraclough@apple.com>
1720
1721         Reviewed by Sam Weinig.
1722
1723         https://bugs.webkit.org/show_bug.cgi?id=63218
1724         DFG JIT - remove machine type guarantees from graph
1725
1726         The DFG JIT currently makes assumptions about the types of machine registers
1727         that certain nodes will be loaded into. This will be broken as we generate
1728         nodes to produce both integer and double code paths. Remove int<->double
1729         conversions nodes. This design decision also gave rise to multiple types of
1730         constant nodes, requiring separate handling for each type. Merge these back
1731         into JSConstant.
1732
1733         * dfg/DFGAliasTracker.h:
1734         (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
1735         * dfg/DFGByteCodeParser.cpp:
1736         (JSC::DFG::ByteCodeParser::getToInt32):
1737         (JSC::DFG::ByteCodeParser::getToNumber):
1738         (JSC::DFG::ByteCodeParser::toInt32):
1739         (JSC::DFG::ByteCodeParser::toNumber):
1740         (JSC::DFG::ByteCodeParser::isInt32Constant):
1741         (JSC::DFG::ByteCodeParser::isDoubleConstant):
1742         (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
1743         (JSC::DFG::ByteCodeParser::valueOfDoubleConstant):
1744         (JSC::DFG::ByteCodeParser::one):
1745         (JSC::DFG::ByteCodeParser::predictInt32):
1746         * dfg/DFGGraph.cpp:
1747         (JSC::DFG::Graph::dump):
1748         * dfg/DFGJITCodeGenerator.h:
1749         (JSC::DFG::JITCodeGenerator::silentFillGPR):
1750         (JSC::DFG::JITCodeGenerator::silentFillFPR):
1751         (JSC::DFG::JITCodeGenerator::isJSConstant):
1752         (JSC::DFG::JITCodeGenerator::isDoubleConstant):
1753         (JSC::DFG::JITCodeGenerator::valueOfJSConstantAsImmPtr):
1754         * dfg/DFGJITCompiler.cpp:
1755         (JSC::DFG::JITCompiler::fillNumericToDouble):
1756         (JSC::DFG::JITCompiler::fillInt32ToInteger):
1757         * dfg/DFGJITCompiler.h:
1758         (JSC::DFG::JITCompiler::isJSConstant):
1759         (JSC::DFG::JITCompiler::isInt32Constant):
1760         (JSC::DFG::JITCompiler::isDoubleConstant):
1761         (JSC::DFG::JITCompiler::valueOfJSConstant):
1762         (JSC::DFG::JITCompiler::valueOfInt32Constant):
1763         (JSC::DFG::JITCompiler::valueOfDoubleConstant):
1764         * dfg/DFGNode.h:
1765         (JSC::DFG::Node::Node):
1766         (JSC::DFG::Node::isConstant):
1767         (JSC::DFG::Node::notTakenBytecodeOffset):
1768         * dfg/DFGNonSpeculativeJIT.cpp:
1769         (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
1770         (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
1771         (JSC::DFG::NonSpeculativeJIT::compile):
1772         * dfg/DFGSpeculativeJIT.cpp:
1773         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1774         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1775         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
1776         (JSC::DFG::SpeculativeJIT::compile):
1777
1778 2011-06-23  Jungshik Shin  <jshin@chromium.org>
1779
1780         Reviewed by Alexey Proskuryakov.
1781
1782         Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
1783         build files for ports not using ICU.
1784         Add icu/unicode/uscript.h for ports using ICU. It's taken from 
1785         ICU 3.6 (the version used on Mac OS 10.5)
1786
1787         http://bugs.webkit.org/show_bug.cgi?id=20797
1788
1789         * GNUmakefile.list.am:
1790         * JavaScriptCore.gypi:
1791         * icu/unicode/uscript.h: Added for UScriptCode enum.
1792         * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
1793         * wtf/unicode/icu/UnicodeIcu.h:
1794         * wtf/unicode/brew/UnicodeBrew.h:
1795         * wtf/unicode/glib/UnicodeGLib.h:
1796         * wtf/unicode/qt4/UnicodeQt4.h:
1797         * wtf/unicode/wince/UnicodeWinCE.h:
1798
1799 2011-06-23  Ryuan Choi  <ryuan.choi@samsung.com>
1800
1801         Reviewed by Andreas Kling.
1802
1803         [EFL][WK2] Add PLATFORM(EFL) to use UNIX_DOMAIN_SOCKETS.
1804         https://bugs.webkit.org/show_bug.cgi?id=63228
1805
1806         * wtf/Platform.h: Add PLATFORM(EFL) guard.
1807
1808 2011-06-23  Sheriff Bot  <webkit.review.bot@gmail.com>
1809
1810         Unreviewed, rolling out r89547.
1811         http://trac.webkit.org/changeset/89547
1812         https://bugs.webkit.org/show_bug.cgi?id=63252
1813
1814         "Chrmium crash on start" (Requested by yurys on #webkit).
1815
1816         * wtf/DynamicAnnotations.cpp:
1817         (WTFAnnotateBenignRaceSized):
1818         (WTFAnnotateHappensBefore):
1819         (WTFAnnotateHappensAfter):
1820         * wtf/DynamicAnnotations.h:
1821
1822 2011-06-23  Timur Iskhodzhanov  <timurrrr@google.com>
1823
1824         Reviewed by David Levin.
1825
1826         Make dynamic annotations weak symbols and prevent identical code folding by the linker
1827         https://bugs.webkit.org/show_bug.cgi?id=62443
1828
1829         * wtf/DynamicAnnotations.cpp:
1830         (WTFAnnotateBenignRaceSized):
1831         (WTFAnnotateHappensBefore):
1832         (WTFAnnotateHappensAfter):
1833         * wtf/DynamicAnnotations.h:
1834
1835 2011-06-22  Yael Aharon  <yael.aharon@nokia.com>
1836
1837         Reviewed by Andreas Kling.
1838
1839         [Qt] Add a build flag for building with libxml2 and libxslt.
1840         https://bugs.webkit.org/show_bug.cgi?id=63113
1841
1842         * wtf/Platform.h:
1843
1844 2011-06-22  Sheriff Bot  <webkit.review.bot@gmail.com>
1845
1846         Unreviewed, rolling out r89489.
1847         http://trac.webkit.org/changeset/89489
1848         https://bugs.webkit.org/show_bug.cgi?id=63203
1849
1850         Broke chromium mac build on build.webkit.org (Requested by
1851         abarth on #webkit).
1852
1853         * wtf/Platform.h:
1854
1855 2011-06-22  Cary Clark  <caryclark@google.com>
1856
1857         Reviewed by Darin Fisher.
1858
1859         Use Skia if Skia on Mac Chrome is enabled
1860         https://bugs.webkit.org/show_bug.cgi?id=62999
1861
1862         * wtf/Platform.h:
1863         Add switch to use Skia if, externally,
1864         Skia has been enabled by a gyp define.
1865
1866 2011-06-22  Geoffrey Garen  <ggaren@apple.com>
1867
1868         Reviewed by Oliver Hunt.
1869
1870         * interpreter/RegisterFile.h: Removed unnecessary #include <stdio.h>.
1871
1872 2011-06-22  Geoffrey Garen  <ggaren@apple.com>
1873
1874         Reviewed by Oliver Hunt.
1875
1876         Removed the conceit that global variables are local variables when running global code
1877         https://bugs.webkit.org/show_bug.cgi?id=63106
1878         
1879         This is required for write barrier correctness.
1880         
1881         SunSpider reports about a 0.5% regression, mostly from bitops-bitwise-and.js.
1882         I was able to reduce the regression with a tiny peephole optimization in
1883         the bytecompiler, but not eliminate it. I'm committing this assuming
1884         that turning on generational GC will win back at least 0.5%.
1885
1886         (FWIW, the DFG JIT can easily eliminate any regression by sharing loads of
1887         the global object's var storage. I considered doing the same kind of
1888         optimization in the existing JIT, but it seemed like moving in the wrong
1889         direction.)
1890
1891         * bytecompiler/BytecodeGenerator.cpp:
1892         (JSC::BytecodeGenerator::addGlobalVar):
1893         (JSC::BytecodeGenerator::BytecodeGenerator): Don't give global variables
1894         negative indices, since they're no longer negatively offset from the
1895         current stack frame.
1896         
1897         Do give global variables monotonically increasing positive indices, since
1898         that's much easier to work with.
1899         
1900         Don't limit the number of optimizable global variables, since it's no
1901         longer limited by the register file, since they're no longer stored in
1902         the register file.
1903
1904         (JSC::BytecodeGenerator::registerFor): Global code never has any local
1905         registers because a var in global code is actually a property of the
1906         global object.
1907
1908         (JSC::BytecodeGenerator::constRegisterFor): Ditto.
1909
1910         (JSC::BytecodeGenerator::emitResolve): Did a tiny bit of constant
1911         propagation and dead code elimination to speed up our compiles and
1912         reduce WTFs / minute.
1913
1914         * bytecompiler/BytecodeGenerator.h:
1915         (JSC::BytecodeGenerator::registerFor): Removed special handling of globals.
1916
1917         (JSC::BytecodeGenerator::shouldOptimizeLocals): Don't optimize locals in
1918         global code, since there are none.
1919
1920         (JSC::BytecodeGenerator::canOptimizeNonLocals): Do optimize non-locals
1921         in global code (i.e., global vars), since there are some.
1922
1923         * interpreter/Interpreter.cpp:
1924         (JSC::Interpreter::callEval):
1925         (JSC::Interpreter::Interpreter):
1926         (JSC::Interpreter::dumpRegisters):
1927         (JSC::Interpreter::execute):
1928         * interpreter/Interpreter.h: Updated for deleted / renamed code.
1929
1930         * interpreter/RegisterFile.cpp:
1931         (JSC::RegisterFile::gatherConservativeRoots):
1932         (JSC::RegisterFile::releaseExcessCapacity): Updated for deleted / renamed
1933         data members.
1934
1935         * interpreter/RegisterFile.h:
1936         (JSC::RegisterFile::begin):
1937         (JSC::RegisterFile::size):
1938         (JSC::RegisterFile::RegisterFile):
1939         (JSC::RegisterFile::shrink): Removed all code and comments dealing with
1940         global variables stored in the register file.
1941
1942         (JSC::RegisterFile::grow): Updated for same.
1943         
1944         Also, a slight correctness fix: Test the VM commit end, and not just the
1945         in-use end, when checking for stack overflow. In theory, it's invalid to
1946         commit past the end of your allocation, even if you never touch that
1947         memory. This makes the usable size of the stack slightly smaller. No test
1948         because we don't know of any case in practice where this crashes.
1949
1950         * runtime/JSGlobalData.cpp:
1951         (JSC::JSGlobalData::JSGlobalData): Updated for changes above.
1952
1953         * runtime/JSGlobalObject.cpp:
1954         (JSC::JSGlobalObject::resizeRegisters):
1955         (JSC::JSGlobalObject::addStaticGlobals):
1956         * runtime/JSGlobalObject.h: Simplified globals to have monotonically 
1957         increasing indexes, always located in our external storage.
1958
1959 2011-06-21  MORITA Hajime  <morrita@google.com>
1960
1961         Unreviewed, rolling out r89401 and r89403.
1962         http://trac.webkit.org/changeset/89401
1963         http://trac.webkit.org/changeset/89403
1964         https://bugs.webkit.org/show_bug.cgi?id=62970
1965
1966         Breaks mac build and mistakenly enables the spellcheck API
1967
1968         * Configurations/FeatureDefines.xcconfig:
1969         * JavaScriptCore.xcodeproj/project.pbxproj:
1970
1971 2011-06-21  Kent Tamura  <tkent@chromium.org>
1972
1973         [Mac] Sort Xcode project files.
1974
1975         * JavaScriptCore.xcodeproj/project.pbxproj:
1976
1977 2011-06-20  MORITA Hajime  <morrita@google.com>
1978
1979         Reviewed by Kent Tamura.
1980
1981         Spellcheck API should be build-able.
1982         https://bugs.webkit.org/show_bug.cgi?id=62970
1983
1984         No new tests, changing only build related files
1985         
1986         * Configurations/FeatureDefines.xcconfig:
1987
1988 2011-06-21  Geoffrey Garen  <ggaren@apple.com>
1989
1990         Reviewed by Oliver Hunt.
1991
1992         Moved 'const' off the global-variable-as-local-variable crack pipe
1993         https://bugs.webkit.org/show_bug.cgi?id=63105
1994         
1995         This is necessary for moving the rest of the code off of same.
1996         
1997         Many problems remain in our handling of const. I have fixed none of them.
1998
1999         * bytecompiler/BytecodeGenerator.h:
2000         (JSC::BytecodeGenerator::scopeChain): New accessor, needed to enable
2001         const to directly implement its unique scoping rules.
2002
2003         * bytecompiler/NodesCodegen.cpp:
2004         (JSC::PrefixResolveNode::emitBytecode): Do specify that our resolve is
2005         for writing, so we don't overwrite const variables.
2006
2007         (JSC::ConstDeclNode::emitCodeSingle): Don't assume that all declared const
2008         variables are available as local variables, since this won't be the case
2009         once global variables are not available as local variables. Instead, use
2010         put_scoped_var in the case where there is no local variable. Like a local
2011         variable, put_scoped_var succeeds even though const properties are
2012         read-only, since put_scoped_var skips read-only checks. (Yay?)
2013
2014 2011-06-21  Oliver Hunt  <oliver@apple.com>
2015
2016         Reviewed by Alexey Proskuryakov.
2017
2018         REGRESSION(r89257): It broke 2 jscore tests (Requested by Ossy_away on #webkit).
2019         https://bugs.webkit.org/show_bug.cgi?id=63052
2020
2021         Release mode only failure, the stack overflow guards were getting there error
2022         handling inlined, so that they were essentially causing their own demise.
2023
2024         * parser/JSParser.cpp:
2025         (JSC::JSParser::updateErrorMessage):
2026         (JSC::JSParser::updateErrorWithNameAndMessage):
2027
2028 2011-06-20  Kenneth Russell  <kbr@google.com>
2029
2030         Unreviewed.
2031
2032         Rolled out r89233 and r89235 because of crashes in http/tests/misc/acid3.html on Snow Leopard and other platforms
2033         https://bugs.webkit.org/show_bug.cgi?id=63022
2034
2035         * wtf/Platform.h:
2036
2037 2011-06-18  Anders Carlsson  <andersca@apple.com>
2038
2039         Reviewed by Darin Adler.
2040
2041         Disallow assigning into PassOwnArrayPtr, PassOwnPtr and PassRefPtr
2042         https://bugs.webkit.org/show_bug.cgi?id=62940
2043
2044         Remove clear() and all assignment operators except one which now has a COMPILE_ASSERT.
2045
2046         * wtf/PassOwnArrayPtr.h:
2047         (WTF::PassOwnArrayPtr::operator=):
2048         * wtf/PassOwnPtr.h:
2049         (WTF::PassOwnPtr::operator=):
2050         * wtf/PassRefPtr.h:
2051         (WTF::PassRefPtr::operator=):
2052         (WTF::NonNullPassRefPtr::operator=):
2053
2054 2011-06-20  Oliver Hunt  <oliver@apple.com>
2055
2056         Reviewed by Darin Adler.
2057
2058         REGRESSION (r79060): Searching for a flight at united.com fails
2059         https://bugs.webkit.org/show_bug.cgi?id=63003
2060
2061         This original change also broke Twitter, and we attempted to refine the fix to 
2062         address that problem (http://trac.webkit.org/changeset/80542), but since it still breaks United,
2063         we need to revert the change until we understand the problem better.
2064
2065         * wtf/DateMath.cpp:
2066         (WTF::parseDateFromNullTerminatedCharacters):
2067
2068 2011-06-20  Juan C. Montemayor  <jmont@apple.com>
2069
2070         Reviewed by Oliver Hunt.
2071
2072         No context for javascript parse errors.
2073         https://bugs.webkit.org/show_bug.cgi?id=62613
2074         
2075         Parse errors now show more details like:
2076         "Unexpected token: ]"
2077         or
2078         "Expected token: while"
2079         
2080         For reserved names, numbers, indentifiers, strings, lexer errors, 
2081         and EOFs, the following error messages are printed:
2082         
2083         "Use of reserved word: super"
2084         "Unexpected number: 42"
2085         "Unexpected identifier: "
2086         "Unexpected string: "foobar""
2087         "Invalid token character sequence: \u4023"
2088         "Unexpected EOF"
2089
2090         * parser/JSParser.cpp:
2091         (JSC::JSParser::consume):
2092         (JSC::JSParser::getToken):
2093         (JSC::JSParser::getTokenName):
2094         (JSC::JSParser::updateErrorMessageSpecialCase):
2095         (JSC::JSParser::updateErrorMessage):
2096         (JSC::JSParser::updateErrorWithNameAndMessage):
2097         (JSC::jsParse):
2098         (JSC::JSParser::JSParser):
2099         (JSC::JSParser::parseProgram):
2100         (JSC::JSParser::parseVarDeclarationList):
2101         (JSC::JSParser::parseForStatement):
2102         (JSC::JSParser::parseBreakStatement):
2103         (JSC::JSParser::parseContinueStatement):
2104         (JSC::JSParser::parseWithStatement):
2105         (JSC::JSParser::parseTryStatement):
2106         (JSC::JSParser::parseStatement):
2107         (JSC::JSParser::parseFormalParameters):
2108         (JSC::JSParser::parseFunctionInfo):
2109         (JSC::JSParser::parseAssignmentExpression):
2110         (JSC::JSParser::parsePrimaryExpression):
2111         (JSC::JSParser::parseMemberExpression):
2112         (JSC::JSParser::parseUnaryExpression):
2113         * parser/JSParser.h:
2114         * parser/Lexer.cpp:
2115         (JSC::Lexer::lex):
2116         * parser/Parser.cpp:
2117         (JSC::Parser::parse):
2118
2119 2011-06-20  Nikolas Zimmermann  <nzimmermann@rim.com>
2120
2121         Reviewed by Rob Buis.
2122
2123         Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
2124         https://bugs.webkit.org/show_bug.cgi?id=59085
2125
2126         * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
2127
2128 2011-06-19  Oliver Hunt  <oliver@apple.com>
2129
2130         Reviewed by Sam Weinig.
2131
2132         Correct logic for putting errors on the correct line when handling JSONP
2133         https://bugs.webkit.org/show_bug.cgi?id=62962
2134
2135         Minor fix for the minor fix.  *sigh*
2136
2137         * interpreter/Interpreter.cpp:
2138         (JSC::Interpreter::execute):
2139
2140 2011-06-19  Oliver Hunt  <oliver@apple.com>
2141
2142         Minor fix to correct layout test results.
2143
2144         * interpreter/Interpreter.cpp:
2145         (JSC::Interpreter::execute):
2146
2147 2011-06-17  Oliver Hunt  <oliver@apple.com>
2148
2149         Reviewed by Gavin Barraclough.
2150
2151         JSONP is unnecessarily slow
2152         https://bugs.webkit.org/show_bug.cgi?id=62920
2153
2154         JSONP has unfortunately become a fairly common idiom online, yet
2155         it triggers very poor performance in JSC as we end up doing codegen
2156         for a large number of property accesses that will
2157            * only be run once, so the vast amount of logic we dump to handle
2158              caching of accesses is unnecessary.
2159            * We are doing codegen that is directly proportional to just
2160              creating the object in the first place.
2161
2162         This patch extends the use of the literal parser to JSONP-like structures
2163         in global code, handling a number of different forms I have seen online.
2164         In an extreme case this improves performance of JSONP by more than 2x
2165         due to removal of code generation and execution time, and a few optimisations
2166         that I made to the parser itself.
2167
2168         * API/JSValueRef.cpp:
2169         (JSValueMakeFromJSONString):
2170         * interpreter/Interpreter.cpp:
2171         (JSC::Interpreter::callEval):
2172         (JSC::Interpreter::execute):
2173         * parser/Lexer.cpp:
2174         (JSC::Lexer::isKeyword):
2175         * parser/Lexer.h:
2176         * runtime/JSGlobalObjectFunctions.cpp:
2177         (JSC::globalFuncEval):
2178         * runtime/JSONObject.cpp:
2179         (JSC::JSONProtoFuncParse):
2180         * runtime/LiteralParser.cpp:
2181         (JSC::LiteralParser::tryJSONPParse):
2182         (JSC::LiteralParser::makeIdentifier):
2183         (JSC::LiteralParser::Lexer::lex):
2184         (JSC::LiteralParser::Lexer::next):
2185         (JSC::isSafeStringCharacter):
2186         (JSC::LiteralParser::Lexer::lexString):
2187         (JSC::LiteralParser::Lexer::lexNumber):
2188         (JSC::LiteralParser::parse):
2189         * runtime/LiteralParser.h:
2190         (JSC::LiteralParser::LiteralParser):
2191         (JSC::LiteralParser::tryLiteralParse):
2192         (JSC::LiteralParser::Lexer::Lexer):
2193
2194 2011-06-18  Sheriff Bot  <webkit.review.bot@gmail.com>
2195
2196         Unreviewed, rolling out r89184.
2197         http://trac.webkit.org/changeset/89184
2198         https://bugs.webkit.org/show_bug.cgi?id=62927
2199
2200         It broke 22 tests on all bot (Requested by Ossy_weekend on
2201         #webkit).
2202
2203         * API/JSValueRef.cpp:
2204         (JSValueMakeFromJSONString):
2205         * interpreter/Interpreter.cpp:
2206         (JSC::Interpreter::callEval):
2207         (JSC::Interpreter::execute):
2208         * parser/Lexer.cpp:
2209         * parser/Lexer.h:
2210         * runtime/JSGlobalObjectFunctions.cpp:
2211         (JSC::globalFuncEval):
2212         * runtime/JSONObject.cpp:
2213         (JSC::JSONProtoFuncParse):
2214         * runtime/LiteralParser.cpp:
2215         (JSC::LiteralParser::Lexer::lex):
2216         (JSC::isSafeStringCharacter):
2217         (JSC::LiteralParser::Lexer::lexString):
2218         (JSC::LiteralParser::Lexer::lexNumber):
2219         (JSC::LiteralParser::parse):
2220         * runtime/LiteralParser.h:
2221         (JSC::LiteralParser::LiteralParser):
2222         (JSC::LiteralParser::tryLiteralParse):
2223         (JSC::LiteralParser::Lexer::Lexer):
2224         (JSC::LiteralParser::Lexer::next):
2225
2226 2011-06-17  Oliver Hunt  <oliver@apple.com>
2227
2228         Reviewed by Gavin Barraclough.
2229
2230         JSONP is unnecessarily slow
2231         https://bugs.webkit.org/show_bug.cgi?id=62920
2232
2233         JSONP has unfortunately become a fairly common idiom online, yet
2234         it triggers very poor performance in JSC as we end up doing codegen
2235         for a large number of property accesses that will
2236            * only be run once, so the vast amount of logic we dump to handle
2237              caching of accesses is unnecessary.
2238            * We are doing codegen that is directly proportional to just
2239              creating the object in the first place.
2240
2241         This patch extends the use of the literal parser to JSONP-like structures
2242         in global code, handling a number of different forms I have seen online.
2243         In an extreme case this improves performance of JSONP by more than 2x
2244         due to removal of code generation and execution time, and a few optimisations
2245         that I made to the parser itself.
2246
2247         * API/JSValueRef.cpp:
2248         (JSValueMakeFromJSONString):
2249         * interpreter/Interpreter.cpp:
2250         (JSC::Interpreter::callEval):
2251         (JSC::Interpreter::execute):
2252         * parser/Lexer.cpp:
2253         (JSC::Lexer::isKeyword):
2254         * parser/Lexer.h:
2255         * runtime/JSGlobalObjectFunctions.cpp:
2256         (JSC::globalFuncEval):
2257         * runtime/JSONObject.cpp:
2258         (JSC::JSONProtoFuncParse):
2259         * runtime/LiteralParser.cpp:
2260         (JSC::LiteralParser::tryJSONPParse):
2261         (JSC::LiteralParser::makeIdentifier):
2262         (JSC::LiteralParser::Lexer::lex):
2263         (JSC::LiteralParser::Lexer::next):
2264         (JSC::isSafeStringCharacter):
2265         (JSC::LiteralParser::Lexer::lexString):
2266         (JSC::LiteralParser::Lexer::lexNumber):
2267         (JSC::LiteralParser::parse):
2268         * runtime/LiteralParser.h:
2269         (JSC::LiteralParser::LiteralParser):
2270         (JSC::LiteralParser::tryLiteralParse):
2271         (JSC::LiteralParser::Lexer::Lexer):
2272
2273 2011-06-17  Geoffrey Garen  <ggaren@apple.com>
2274
2275         Reviewed by Oliver Hunt.
2276
2277         Moved some property access JIT code into property access JIT files
2278         https://bugs.webkit.org/show_bug.cgi?id=62906
2279
2280         * jit/JITOpcodes.cpp:
2281         * jit/JITOpcodes32_64.cpp:
2282         * jit/JITPropertyAccess.cpp:
2283         (JSC::JIT::emitSlow_op_put_by_val):
2284         (JSC::JIT::emit_op_get_scoped_var):
2285         (JSC::JIT::emit_op_put_scoped_var):
2286         (JSC::JIT::emit_op_get_global_var):
2287         (JSC::JIT::emit_op_put_global_var):
2288         * jit/JITPropertyAccess32_64.cpp:
2289         (JSC::JIT::emit_op_get_scoped_var):
2290         (JSC::JIT::emit_op_put_scoped_var):
2291         (JSC::JIT::emit_op_get_global_var):
2292         (JSC::JIT::emit_op_put_global_var):
2293
2294 2011-06-17  Anders Carlsson  <andersca@apple.com>
2295
2296         Build fix.
2297
2298         * JavaScriptCore.xcodeproj/project.pbxproj:
2299
2300 2011-06-17  Geoffrey Garen  <ggaren@apple.com>
2301
2302         Try to fix the Leopard build?
2303
2304         * JavaScriptCore.xcodeproj/project.pbxproj:
2305
2306 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2307
2308         Reviewed by Oliver Hunt.
2309
2310         Added some write barrier action, compiled out by default
2311         https://bugs.webkit.org/show_bug.cgi?id=62844
2312
2313         * JavaScriptCore.exp: Build!
2314
2315         * JavaScriptCore.xcodeproj/project.pbxproj: Fixed an incremental build
2316         issue with Heap.cpp.
2317
2318         * heap/Heap.cpp:
2319         (JSC::Heap::writeBarrierSlowCase):
2320         * heap/Heap.h:
2321         (JSC::Heap::writeBarrier):
2322         * heap/MarkedBlock.h:
2323         (JSC::MarkedBlock::isAtomAligned):
2324         (JSC::MarkedBlock::blockFor):
2325         (JSC::MarkedBlock::atomNumber):
2326         (JSC::MarkedBlock::ownerSetNumber):
2327         (JSC::MarkedBlock::addOldSpaceOwner):
2328         (JSC::MarkedBlock::OwnerSet::OwnerSet):
2329         (JSC::MarkedBlock::OwnerSet::add):
2330         (JSC::MarkedBlock::OwnerSet::clear):
2331         (JSC::MarkedBlock::OwnerSet::size):
2332         (JSC::MarkedBlock::OwnerSet::didOverflow):
2333         (JSC::MarkedBlock::OwnerSet::owners): Added a basic write barrier that
2334         tracks owners for regions within blocks. Currently unused.
2335
2336 2011-06-17  Raphael Kubo da Costa  <kubo@profusion.mobi>
2337
2338         Reviewed by Eric Seidel.
2339
2340         [EFL] Add some OwnPtr specializations for EFL types.
2341         For now there are specializations for Ecore_Evas and Evas_Object.
2342         https://bugs.webkit.org/show_bug.cgi?id=62877
2343
2344         * wtf/CMakeListsEfl.txt:
2345         * wtf/OwnPtrCommon.h:
2346         * wtf/efl/OwnPtrEfl.cpp: Added.
2347         (WTF::deleteOwnedPtr):
2348
2349 2011-06-17  Joone Hur  <joone.hur@collabora.co.uk>
2350
2351         Reviewed by Martin Robinson.
2352
2353         [GTK] Replace GdkRectangle by cairo_rectangle_int_t
2354         https://bugs.webkit.org/show_bug.cgi?id=60687
2355
2356         Replace GdkRectangle by cairo_rectangle_int_t.
2357
2358         * wtf/gobject/GTypedefs.h: Replace GdkRectangle by cairo_rectangle_int_t.
2359
2360 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
2361
2362         Reviewed by Oliver Hunt.
2363
2364         https://bugs.webkit.org/show_bug.cgi?id=53014
2365         ES5 strict mode keyword restrictions aren't implemented
2366
2367         The following are future restricted words is strict mode code:
2368             implements, interface, let, package, private, protected, public, static, yield
2369
2370         * parser/JSParser.h:
2371             - Add RESERVED_IF_STRICT token.
2372         * parser/Keywords.table:
2373             - Add new future restricted words.
2374         * parser/Lexer.cpp:
2375         (JSC::Lexer::parseIdentifier):
2376             - Check for RESERVED_IF_STRICT; in nonstrict code this is converted to IDENT.
2377         (JSC::Lexer::lex):
2378             - Pass strictMode flag to parseIdentifier.
2379         * parser/Lexer.h:
2380             - parseIdentifier needs a strictMode flag.
2381         * runtime/CommonIdentifiers.h:
2382             - Add identifiers for new reserved words.
2383
2384 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
2385
2386         Reviewed by Oliver Hunt.
2387
2388         https://bugs.webkit.org/show_bug.cgi?id=23611
2389         Multiline Javascript comments cause incorrect parsing of following script.
2390
2391         From the spec:
2392         "A MultiLineComment [is] simply discarded if it contains no line terminator,
2393         but if a MultiLineComment contains one or more line terminators, then it is
2394         replaced with a single line terminator, which becomes part of the stream of
2395         inputs for the syntactic grammar." 
2396
2397         This may result in behavioural changes, due to automatic semicolon insertion.
2398
2399         * parser/Lexer.cpp:
2400         (JSC::Lexer::parseMultilineComment):
2401             - Set m_terminator is we see a line terminator in a multiline comment.
2402
2403 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
2404
2405         Reviewed by Sam Weinig.
2406
2407         https://bugs.webkit.org/show_bug.cgi?id=62824
2408         DFG JIT - add support for branch-fusion of compareEq, JSValue comparisons in SpeculativeJIT
2409
2410         CompareEq of non-integer values is the most common cause of speculation failure.
2411
2412         * dfg/DFGSpeculativeJIT.cpp:
2413         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
2414             - Support Equals.
2415         (JSC::DFG::SpeculativeJIT::compilePeepHoleEq):
2416             - new! - peephole optimized Eq of JSValues.
2417         (JSC::DFG::SpeculativeJIT::compile):
2418             - Add peephole optimization for CompareEq.
2419         * dfg/DFGSpeculativeJIT.h:
2420         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
2421             - Add support for dead nodes between compare & branch.
2422         (JSC::DFG::SpeculativeJIT::isInteger):
2423             - Added to determine which form of peephole to do in CompareEq.
2424
2425 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2426
2427         Try to fix the Windows build.
2428
2429         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export another
2430         symbol.
2431
2432         * bytecode/EvalCodeCache.h:
2433         * heap/HandleHeap.h:
2434         * heap/HeapRootVisitor.h:
2435         * heap/NewSpace.h:
2436         * runtime/ArgList.h:
2437         * runtime/ScopeChain.h:
2438         * runtime/SmallStrings.h:
2439         * runtime/Structure.h: Stop forward-declaring things that don't really
2440         exist anymore.
2441
2442 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2443
2444         Try to fix the Mac build: Removed and re-added SlotVisitor.h to the Xcode
2445         project while crossing my fingers and facing west.
2446
2447         * JavaScriptCore.xcodeproj/project.pbxproj:
2448
2449 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2450
2451         Build fix: Removed an incorrect symbol on Windows.
2452
2453         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2454
2455 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2456
2457         Build fix: Removed an accidental commit from the future.
2458
2459         * CMakeLists.txt:
2460
2461 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2462
2463         Reviewed by Oliver Hunt.
2464
2465         Introduced SlotVisitor into the project
2466         https://bugs.webkit.org/show_bug.cgi?id=62820
2467         
2468         This resolves a class vs typedef forward declaration issue, and gives all
2469         exported symbols the correct names.
2470
2471         * CMakeLists.txt:
2472         * GNUmakefile.list.am:
2473         * JavaScriptCore.exp:
2474         * JavaScriptCore.gypi:
2475         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2476         * JavaScriptCore.xcodeproj/project.pbxproj: Build!
2477
2478         * bytecode/EvalCodeCache.h:
2479         * heap/HandleHeap.h:
2480         * heap/Heap.cpp:
2481         (JSC::Heap::Heap):
2482         (JSC::Heap::markRoots):
2483         * heap/Heap.h:
2484         * heap/HeapRootVisitor.h: Replaced MarkStack with SlotVisitor. Now no
2485         clients operate on a MarkStack.
2486
2487         * heap/MarkStack.cpp:
2488         (JSC::SlotVisitor::visitChildren):
2489         (JSC::SlotVisitor::drain):
2490         * heap/SlotVisitor.h: Added.
2491         (JSC::SlotVisitor::SlotVisitor): Used 'protected' and a little cheesy
2492         inheritance to give SlotVisitor all the attributes of MarkStack without
2493         making this change giant. Over time, we will move more behavior into
2494         SlotVisitor and its subclasses.
2495
2496         * heap/MarkStack.h:
2497         * heap/NewSpace.h: Replaced MarkStack with SlotVisitor. Now no
2498         clients operate on a MarkStack.
2499
2500         * runtime/ArgList.h:
2501         * runtime/JSCell.h:
2502         * runtime/JSObject.h:
2503         * runtime/ScopeChain.h:
2504         * runtime/SmallStrings.h:
2505         * runtime/Structure.h: Replaced MarkStack with SlotVisitor. Now no
2506         clients operate on a MarkStack.
2507
2508 2011-06-15  Oliver Hunt  <oliver@apple.com>
2509
2510         Reviewed by Geoffrey Garen.
2511
2512         Reduce memory usage of resolve_global
2513         https://bugs.webkit.org/show_bug.cgi?id=62765
2514
2515         If we have a large number of resolve_globals in a single
2516         block start planting plain resolve instructions instead 
2517         whenever we aren't in a loop.  This allows us to reduce
2518         the code size for extremely large functions without
2519         losing the performance benefits of op_resolve_global.
2520
2521         * bytecode/CodeBlock.h:
2522         (JSC::CodeBlock::globalResolveInfoCount):
2523         * bytecompiler/BytecodeGenerator.cpp:
2524         (JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
2525         (JSC::BytecodeGenerator::emitResolve):
2526         (JSC::BytecodeGenerator::emitResolveWithBase):
2527         * bytecompiler/BytecodeGenerator.h:
2528
2529 2011-06-16  Qi Zhang  <qi.2.zhang@nokia.com>
2530
2531         Reviewed by Laszlo Gombos.
2532
2533         [Qt] Fix building with CONFIG(use_system_icu)
2534         https://bugs.webkit.org/show_bug.cgi?id=62744
2535
2536         Do not define WTF_USE_QT4_UNICODE if WTF_USE_ICU_UNICODE is set.
2537
2538         * wtf/Platform.h:
2539
2540 2011-06-15  Darin Adler  <darin@apple.com>
2541
2542         Reviewed by Adam Barth.
2543
2544         Remove obsolete LOOSE_OWN_PTR code
2545         https://bugs.webkit.org/show_bug.cgi?id=59909
2546
2547         The internal Apple dependency on this is gone now.
2548
2549         * wtf/OwnArrayPtr.h: Removed constructor that takes a raw pointer,
2550         set function that takes a raw pointer.
2551
2552         * wtf/OwnPtr.h: Removed constructor that takes a raw pointer,
2553         set functino that takes a raw pointer.
2554
2555         * wtf/PassOwnArrayPtr.h: Made constructor that takes a nullptr
2556         and assignment operator that takes a nullptr unconditional.
2557         Made constructor that takes a raw pointer private and explicit,
2558         and removed assignment operator that takes a raw pointer.
2559
2560         * wtf/PassOwnPtr.h: Made assignment operator that takes a nullptr
2561         unconditional. Made constructor that takes a raw pointer private
2562         and explicit, and removed assignment operator that takes a raw pointer.
2563
2564 2011-06-15  Sam Weinig  <sam@webkit.org>
2565
2566         Reviewed by Geoffrey Garen and Gavin Barraclough.
2567
2568         Make access-nseive ~9x faster on the non-speculative path by
2569         adding special casing for doubles that can lossless-ly be converted
2570         to a uint32_t in getByVal and putByVal. This avoids calls to stringification
2571         and the hash lookup.  Long term, we should try and get property of a getByVal
2572         and putByVal to be an integer immediate even in the non-speculative path.
2573
2574         * dfg/DFGOperations.cpp:
2575         (JSC::DFG::putByVal):
2576         (JSC::DFG::operationPutByValInternal):
2577
2578 2011-06-15  Oliver Hunt  <oliver@apple.com>
2579
2580         Reviewed by Darin Adler.
2581
2582         REGRESSION (r88719): 5by5.tv schedule is not visible
2583         https://bugs.webkit.org/show_bug.cgi?id=62720
2584
2585         Problem here is that the lexer wasn't considering '$' to be
2586         a valid character in an identifier.
2587
2588         * parser/Lexer.h:
2589         (JSC::Lexer::lexExpectIdentifier):
2590
2591 2011-06-15  Oliver Hunt  <oliver@apple.com>
2592
2593         Reviewed by Sam Weinig.
2594
2595         Reduce the size of global_resolve
2596         https://bugs.webkit.org/show_bug.cgi?id=62738
2597
2598         Reduce the code size of global_resolve in the JIT by replacing
2599         multiple pointer loads with a single pointer move + two offset
2600         loads.
2601
2602         * jit/JITOpcodes.cpp:
2603         (JSC::JIT::emit_op_resolve_global):
2604         * jit/JITOpcodes32_64.cpp:
2605         (JSC::JIT::emit_op_resolve_global):
2606
2607 2011-06-14  Geoffrey Garen  <ggaren@apple.com>
2608
2609         Reviewed by Dan Bernstein.
2610
2611         Fixed an inavlid ASSERT I found while investigating
2612         <rdar://problem/9580254> Crash in JSC::HandleHeap::finalizeWeakHandles + 92
2613         https://bugs.webkit.org/show_bug.cgi?id=62699        
2614
2615         No test since we don't know of a way to get WebCore to deallocate the
2616         next-to-finalize handle, which is also the last handle in the list,
2617         while finalizing the second-to-last handle in the list.
2618
2619         * heap/HandleHeap.h:
2620         (JSC::HandleHeap::deallocate): Don't ASSERT that m_nextToFinalize has a
2621         non-0 next() after updating it, since it is valid to update m_nextToFinalize
2622         to point to the tail sentinel.
2623         
2624         Do ASSERT that m_nextToFinalize has a non-0 next() before updating it,
2625         since it is not valid to update m_nextToFinalize to point past the tail
2626         sentinel.
2627         
2628         Also, use m_nextToFinalize consistently for clarity.
2629
2630 2011-06-14  Gavin Barraclough  <barraclough@apple.com>
2631
2632         Reviewed by Sam Weinig.
2633
2634         https://bugs.webkit.org/show_bug.cgi?id=43841
2635         SegmentedVector::operator== typo
2636
2637         * wtf/SegmentedVector.h:
2638         (WTF::SegmentedVectorIterator::operator==):
2639         (WTF::SegmentedVectorIterator::operator!=):
2640
2641 2011-06-14  Oliver Hunt  <oliver@apple.com>
2642
2643         Reviewed by Gavin Barraclough.
2644
2645         Constant array literals result in unnecessarily large amounts of code
2646         https://bugs.webkit.org/show_bug.cgi?id=62658
2647
2648         Add a new version of op_new_array that simply copies values from a buffer
2649         we hang off of the CodeBlock, rather than generating code to place each
2650         entry into the registerfile, and then copying it from the registerfile into
2651         the array.  This is a slight improvement on some sunspider tests, but no
2652         measurable overall change.  That's okay though as our goal was to reduce
2653         code size without hurting performance.
2654
2655         * bytecode/CodeBlock.cpp:
2656         (JSC::CodeBlock::dump):
2657         * bytecode/CodeBlock.h:
2658         (JSC::CodeBlock::addImmediateBuffer):
2659         (JSC::CodeBlock::immediateBuffer):
2660         * bytecode/Opcode.h:
2661         * bytecompiler/BytecodeGenerator.cpp:
2662         (JSC::BytecodeGenerator::addImmediateBuffer):
2663         (JSC::BytecodeGenerator::emitNewArray):
2664         * bytecompiler/BytecodeGenerator.h:
2665         * bytecompiler/NodesCodegen.cpp:
2666         (JSC::ArrayNode::emitBytecode):
2667         * interpreter/Interpreter.cpp:
2668         (JSC::Interpreter::privateExecute):
2669         * jit/JIT.cpp:
2670         (JSC::JIT::privateCompileMainPass):
2671         * jit/JIT.h:
2672         * jit/JITOpcodes.cpp:
2673         (JSC::JIT::emit_op_new_array):
2674         (JSC::JIT::emit_op_new_array_buffer):
2675         * jit/JITOpcodes32_64.cpp:
2676         * jit/JITStubs.cpp:
2677         (JSC::DEFINE_STUB_FUNCTION):
2678         * jit/JITStubs.h:
2679
2680 2011-06-14  Sheriff Bot  <webkit.review.bot@gmail.com>
2681
2682         Unreviewed, rolling out r88841.
2683         http://trac.webkit.org/changeset/88841
2684         https://bugs.webkit.org/show_bug.cgi?id=62672
2685
2686         Caused many tests to crash (Requested by rniwa on #webkit).
2687
2688         * bytecode/CodeBlock.cpp:
2689         (JSC::CodeBlock::dump):
2690         * bytecode/CodeBlock.h:
2691         * bytecode/Opcode.h:
2692         * bytecompiler/BytecodeGenerator.cpp:
2693         (JSC::BytecodeGenerator::emitNewArray):
2694         * bytecompiler/BytecodeGenerator.h:
2695         * bytecompiler/NodesCodegen.cpp:
2696         (JSC::ArrayNode::emitBytecode):
2697         * interpreter/Interpreter.cpp:
2698         (JSC::Interpreter::privateExecute):
2699         * jit/JIT.cpp:
2700         (JSC::JIT::privateCompileMainPass):
2701         * jit/JIT.h:
2702         * jit/JITOpcodes.cpp:
2703         (JSC::JIT::emit_op_new_array):
2704         * jit/JITOpcodes32_64.cpp:
2705         (JSC::JIT::emit_op_new_array):
2706         * jit/JITStubs.cpp:
2707         * jit/JITStubs.h:
2708
2709 2011-06-14  Oliver Hunt  <oliver@apple.com>
2710
2711         Reviewed by Gavin Barraclough.
2712
2713         Constant array literals result in unnecessarily large amounts of code
2714         https://bugs.webkit.org/show_bug.cgi?id=62658
2715
2716         Add a new version of op_new_array that simply copies values from a buffer
2717         we hang off of the CodeBlock, rather than generating code to place each
2718         entry into the registerfile, and then copying it from the registerfile into
2719         the array.  This is a slight improvement on some sunspider tests, but no
2720         measurable overall change.  That's okay though as our goal was to reduce
2721         code size without hurting performance.
2722
2723         * bytecode/CodeBlock.cpp:
2724         (JSC::CodeBlock::dump):
2725         * bytecode/CodeBlock.h:
2726         (JSC::CodeBlock::addImmediateBuffer):
2727         (JSC::CodeBlock::immediateBuffer):
2728         * bytecode/Opcode.h:
2729         * bytecompiler/BytecodeGenerator.cpp:
2730         (JSC::BytecodeGenerator::addImmediateBuffer):
2731         (JSC::BytecodeGenerator::emitNewArray):
2732         * bytecompiler/BytecodeGenerator.h:
2733         * bytecompiler/NodesCodegen.cpp:
2734         (JSC::ArrayNode::emitBytecode):
2735         * interpreter/Interpreter.cpp:
2736         (JSC::Interpreter::privateExecute):
2737         * jit/JIT.cpp:
2738         (JSC::JIT::privateCompileMainPass):
2739         * jit/JIT.h:
2740         * jit/JITOpcodes.cpp:
2741         (JSC::JIT::emit_op_new_array):
2742         (JSC::JIT::emit_op_new_array_buffer):
2743         * jit/JITOpcodes32_64.cpp:
2744         * jit/JITStubs.cpp:
2745         (JSC::DEFINE_STUB_FUNCTION):
2746         * jit/JITStubs.h:
2747
2748 2011-06-14  Stephanie Lewis  <slewis@apple.com>
2749
2750         Rubber stamped by Oliver Hunt.
2751
2752         <rdar://problem/9511169>
2753         Update order files.
2754
2755         * JavaScriptCore.order:
2756
2757 2011-06-14  Sam Weinig  <sam@webkit.org>
2758
2759         Reviewed by Geoffrey Garen.
2760
2761         Fix dumping of constants to have the correct constant number.
2762
2763         * bytecode/CodeBlock.cpp:
2764         (JSC::CodeBlock::dump):
2765
2766 2011-06-14  Benjamin Poulain  <benjamin@webkit.org>
2767
2768         Reviewed by Eric Seidel.
2769
2770         KeywordLookupGenerator's Trie does not work with Python 3
2771         https://bugs.webkit.org/show_bug.cgi?id=62635
2772
2773         With Python 3, dict.items() return an iterator. Since the iterator
2774         protocol changed between Python 2 and 3, the easiest way to get the
2775         values is to have something that use the iterator implicitely, like a
2776         for() loop.
2777
2778         * KeywordLookupGenerator.py:
2779
2780 2011-06-13  Oliver Hunt  <oliver@apple.com>
2781
2782         Reviewed by Gavin Barraclough.
2783
2784         Fix llocp and lvalp names in the lexer to something more meaningful
2785         https://bugs.webkit.org/show_bug.cgi?id=62605
2786
2787         A simple rename
2788
2789         * parser/Lexer.cpp:
2790         (JSC::Lexer::parseIdentifier):
2791         (JSC::Lexer::parseString):
2792         (JSC::Lexer::lex):
2793         * parser/Lexer.h:
2794         (JSC::Lexer::lexExpectIdentifier):
2795
2796 2011-06-13  Oliver Hunt  <oliver@apple.com>
2797
2798         Reviewed by Gavin Barraclough.
2799
2800         Make it possible to inline the common case of identifier lexing
2801         https://bugs.webkit.org/show_bug.cgi?id=62600
2802
2803         Add a lexing function that expects to lex an "normal" alpha numeric
2804         identifier (that ignores keywords) so it's possible to inline the
2805         common parsing cases.  This comes out as a reasonable parsing speed
2806         boost.
2807
2808         * parser/JSParser.cpp:
2809         (JSC::JSParser::nextExpectIdentifier):
2810         (JSC::JSParser::parseProperty):
2811         (JSC::JSParser::parseMemberExpression):
2812         * parser/Lexer.cpp:
2813         * parser/Lexer.h:
2814         (JSC::Lexer::makeIdentifier):
2815         (JSC::Lexer::lexExpectIdentifier):
2816
2817 2011-06-13  Xan Lopez  <xlopez@igalia.com>
2818
2819         Reviewed by Martin Robinson.
2820
2821         Distcheck fixes.
2822
2823         * GNUmakefile.am:
2824         * GNUmakefile.list.am:
2825
2826 2011-06-13  Oliver Hunt  <oliver@apple.com>
2827
2828         Reviewed by Simon Fraser.
2829
2830         Make it possible to inline Identifier::equal
2831         https://bugs.webkit.org/show_bug.cgi?id=62584
2832
2833         Move Identifier::equal to the Identifier header file.
2834
2835         * runtime/Identifier.cpp:
2836         * runtime/Identifier.h:
2837         (JSC::Identifier::equal):
2838
2839 2011-06-13  Tony Chang  <tony@chromium.org>
2840
2841         Reviewed by Dimitri Glazkov.
2842
2843         rename ENABLE_NEW_FLEXBOX to ENABLE_CSS3_FLEXBOX
2844         https://bugs.webkit.org/show_bug.cgi?id=62578
2845
2846         * Configurations/FeatureDefines.xcconfig:
2847
2848 2011-06-13  Tony Chang  <tony@chromium.org>
2849
2850         Reviewed by Adam Barth.
2851
2852         rename ENABLE_FLEXBOX to ENABLE_NEW_FLEXBOX
2853         https://bugs.webkit.org/show_bug.cgi?id=62545
2854
2855         * Configurations/FeatureDefines.xcconfig:
2856
2857 2011-06-12  Patrick Gansterer  <paroga@webkit.org>
2858
2859         Unreviewed. Build fix for !ENABLE(JIT) after r88604.
2860
2861         * bytecode/CodeBlock.cpp:
2862         (JSC::CodeBlock::visitAggregate):
2863
2864 2011-06-11  Gavin Barraclough  <barraclough@apple.com>
2865
2866         Reviewed by Darin Adler.
2867
2868         https://bugs.webkit.org/show_bug.cgi?id=16777
2869
2870         Remove #define NaN per Darin's comments.
2871
2872         * runtime/JSGlobalObjectFunctions.cpp:
2873         (JSC::parseIntOverflow):
2874         (JSC::parseInt):
2875         (JSC::jsStrDecimalLiteral):
2876         (JSC::jsToNumber):
2877         (JSC::parseFloat):
2878         * wtf/DateMath.cpp:
2879         (WTF::equivalentYearForDST):
2880         (WTF::parseES5DateFromNullTerminatedCharacters):
2881         (WTF::parseDateFromNullTerminatedCharacters):
2882         (WTF::timeClip):
2883         (JSC::parseDateFromNullTerminatedCharacters):
2884
2885 2011-06-11  Gavin Barraclough  <barraclough@apple.com>
2886
2887         Rubber stamped by Geoff Garen.
2888
2889         https://bugs.webkit.org/show_bug.cgi?id=62503
2890         Remove JIT_OPTIMIZE_* switches
2891
2892         The alternative code paths are untested, and not well maintained.
2893         These were useful when there was more churn in the JIT, but now
2894         are a maintenance overhead. Time to move on, removing.
2895
2896         * bytecode/CodeBlock.cpp:
2897         (JSC::CodeBlock::visitAggregate):
2898         * jit/JIT.cpp:
2899         (JSC::JIT::privateCompileSlowCases):
2900         (JSC::JIT::privateCompile):
2901         (JSC::JIT::linkConstruct):
2902         * jit/JIT.h:
2903         * jit/JITCall.cpp:
2904         * jit/JITCall32_64.cpp:
2905         * jit/JITOpcodes.cpp:
2906         (JSC::JIT::privateCompileCTIMachineTrampolines):
2907         (JSC::JIT::privateCompileCTINativeCall):
2908         * jit/JITOpcodes32_64.cpp:
2909         (JSC::JIT::privateCompileCTIMachineTrampolines):
2910         (JSC::JIT::privateCompileCTINativeCall):
2911         (JSC::JIT::softModulo):
2912         * jit/JITPropertyAccess.cpp:
2913         * jit/JITPropertyAccess32_64.cpp:
2914         * jit/JITStubs.cpp:
2915         (JSC::DEFINE_STUB_FUNCTION):
2916         * runtime/Lookup.cpp:
2917         (JSC::setUpStaticFunctionSlot):
2918         * runtime/Lookup.h:
2919         * wtf/Platform.h:
2920
2921 2011-06-10  Gavin Barraclough  <barraclough@apple.com>
2922
2923         Reviewed by Sam Weinig.
2924
2925         https://bugs.webkit.org/show_bug.cgi?id=16777
2926         Eliminate JSC::NaN and JSC::Inf
2927
2928         There's no good reason for -K-J-S- JSC to have its own NAN and infinity constants.
2929         The ones in std::numeric_limits are perfectly good.
2930         Remove JSC::Inf, JSC::NaN, switch some cases of (isnan || isinf) to !isfinite.
2931
2932         * API/JSCallbackObjectFunctions.h:
2933         (JSC::::toNumber):
2934         * API/JSValueRef.cpp:
2935         (JSValueMakeNumber):
2936         (JSValueToNumber):
2937         * JavaScriptCore.exp:
2938         * runtime/CachedTranscendentalFunction.h:
2939         (JSC::CachedTranscendentalFunction::initialize):
2940         * runtime/DateConstructor.cpp:
2941         (JSC::constructDate):
2942         * runtime/DateInstanceCache.h:
2943         (JSC::DateInstanceData::DateInstanceData):
2944         (JSC::DateInstanceCache::reset):
2945         * runtime/JSCell.cpp:
2946         * runtime/JSCell.h:
2947         (JSC::JSCell::JSValue::getPrimitiveNumber):
2948         (JSC::JSCell::JSValue::toNumber):
2949         * runtime/JSGlobalData.cpp:
2950         (JSC::JSGlobalData::JSGlobalData):
2951         (JSC::JSGlobalData::resetDateCache):
2952         * runtime/JSGlobalObject.cpp:
2953         (JSC::JSGlobalObject::reset):
2954         * runtime/JSGlobalObjectFunctions.cpp:
2955         (JSC::globalFuncParseInt):
2956         (JSC::globalFuncIsFinite):
2957         * runtime/JSNotAnObject.cpp:
2958         (JSC::JSNotAnObject::toNumber):
2959         * runtime/JSValue.cpp:
2960         * runtime/JSValue.h:
2961         * runtime/JSValueInlineMethods.h:
2962         (JSC::jsNaN):
2963         * runtime/MathObject.cpp:
2964         (JSC::mathProtoFuncMax):
2965         (JSC::mathProtoFuncMin):
2966         * runtime/NumberConstructor.cpp:
2967         (JSC::numberConstructorNegInfinity):
2968         (JSC::numberConstructorPosInfinity):
2969         * runtime/NumberPrototype.cpp:
2970         (JSC::numberProtoFuncToExponential):
2971         (JSC::numberProtoFuncToFixed):
2972         (JSC::numberProtoFuncToPrecision):
2973         (JSC::numberProtoFuncToString):
2974         * runtime/UString.cpp:
2975         * wtf/DecimalNumber.h:
2976         (WTF::DecimalNumber::DecimalNumber):
2977         * wtf/dtoa.cpp:
2978         (WTF::dtoa):
2979
2980 2011-06-10  Tony Chang  <tony@chromium.org>
2981
2982         Reviewed by Ojan Vafai.
2983
2984         add a compile guard ENABLE(FLEXBOX)
2985         https://bugs.webkit.org/show_bug.cgi?id=62049
2986
2987         * Configurations/FeatureDefines.xcconfig:
2988
2989 2011-06-10  Gavin Barraclough  <barraclough@apple.com>
2990
2991         Reviewed by Sam Weinig.
2992
2993         https://bugs.webkit.org/show_bug.cgi?id=55347
2994         "name" and "message" enumerable on *Error.prototype
2995
2996         This arises from chapter 15 of the spec:
2997             "Every other property described in this clause has the attributes
2998             { [[Writable]]: true, [[Enumerable]]: false, [[Configurable]]: true }
2999             unless otherwise specified."
3000         Standardized properties are not enumerable.
3001
3002         * runtime/ErrorInstance.cpp:
3003         (JSC::ErrorInstance::ErrorInstance):
3004         * runtime/NativeErrorPrototype.cpp:
3005         (JSC::NativeErrorPrototype::NativeErrorPrototype):
3006
3007 2011-06-09  Geoffrey Garen  <ggaren@apple.com>
3008
3009         Build fix: Corrected header spelling.
3010
3011         * heap/OldSpace.h:
3012
3013 2011-06-09  Geoffrey Garen  <ggaren@apple.com>
3014
3015         Reviewed by Oliver Hunt.
3016
3017         Added OldSpace to the project
3018         https://bugs.webkit.org/show_bug.cgi?id=62417
3019         
3020         Currently unused.
3021         
3022         Added OldSpace, the ability to iterate NewSpace vs OldSpace, and a
3023         per-block flag for testing whether you're in NewSpace vs OldSpace.
3024
3025         * CMakeLists.txt:
3026         * GNUmakefile.list.am:
3027         * JavaScriptCore.gypi:
3028         * JavaScriptCore.pro:
3029         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3030         * JavaScriptCore.xcodeproj/project.pbxproj: Build!
3031
3032         * heap/MarkedBlock.cpp:
3033         (JSC::MarkedBlock::MarkedBlock):
3034         * heap/MarkedBlock.h:
3035         (JSC::MarkedBlock::inNewSpace):
3036         (JSC::MarkedBlock::setInNewSpace): Added inNewSpace flag, for use in
3037         write barrier.
3038
3039         * heap/NewSpace.cpp:
3040         (JSC::NewSpace::addBlock):
3041         (JSC::NewSpace::removeBlock):
3042         * heap/NewSpace.h:
3043         (JSC::NewSpace::forEachBlock): Added forEachBlock, to use for
3044         NewSpace-specific operations.
3045
3046         * heap/OldSpace.cpp: Added.
3047         (JSC::OldSpace::OldSpace):
3048         (JSC::OldSpace::addBlock):
3049         (JSC::OldSpace::removeBlock):
3050         * heap/OldSpace.h: Added.
3051         (JSC::OldSpace::forEachBlock): New class for holding promoted blocks.
3052         Not in use yet.
3053
3054 2011-06-09  Hyowon Kim  <hw1008.kim@samsung.com>
3055
3056         Reviewed by Antonio Gomes.
3057
3058         [EFL] Make accelerated compositing build in Webkit-EFL
3059         https://bugs.webkit.org/show_bug.cgi?id=62361
3060
3061         Add PLATFORM(EFL) to enable ACCELERATED_COMPOSITING on EFL port.
3062
3063         * wtf/Platform.h:
3064
3065 2011-06-09  Gavin Barraclough  <barraclough@apple.com>
3066
3067         Reviewed by Geoff Garen.
3068
3069         Bug 62405 - Fix integer overflow in Array.prototype.push
3070
3071         Fix geoff's review comments re static_cast.
3072
3073         * runtime/ArrayPrototype.cpp:
3074         (JSC::arrayProtoFuncPush):
3075
3076 2011-06-09  Geoffrey Garen  <ggaren@apple.com>
3077
3078         Reviewed by Oliver Hunt.
3079
3080         Factored MarkedBlock set management into a helper class with a fast case Bloom filter
3081         https://bugs.webkit.org/show_bug.cgi?id=62413
3082         
3083         SunSpider reports a small speedup.
3084         
3085         This is in preparation for having ConservativeSet operate on arbitrary
3086         sets of MarkedBlocks, and in preparation for conservative scanning
3087         becoming proportionally more important than other GC activities.
3088
3089         * GNUmakefile.list.am:
3090         * JavaScriptCore.gypi:
3091         * JavaScriptCore.xcodeproj/project.pbxproj: Build-o.
3092
3093         * heap/ConservativeRoots.cpp:
3094         (JSC::ConservativeRoots::add):
3095         * heap/ConservativeRoots.h:
3096         (JSC::ConservativeRoots::ConservativeRoots): Operate on a MarkedBlockSet
3097         directly, instead of a Heap, so we can operate on subsets of the Heap
3098         instead.
3099         
3100         Use a TinyBloomFilter for single-cycle exclusion of most pointers. This
3101         is particularly important since we expect not to find our subject pointer
3102         in the MarkedBlock hash, and hash misses are more expensive than typical
3103         hash lookups because they have high collision rates.
3104         
3105         No need for single-pointer add() to be public anymore, since nobody uses it.
3106
3107         * heap/Heap.cpp:
3108         (JSC::Heap::markRoots):
3109         * heap/Heap.h:
3110         (JSC::Heap::forEachCell):
3111         (JSC::Heap::forEachBlock): Use MarkedBlockSet since that's what
3112         ConservativeRoots relies on.
3113         
3114         Nixed contains(), since nobody uses it anymore.
3115
3116         * heap/MarkedBlock.h:
3117         (WTF::MarkedBlockHash::hash): Added a faster hash taking advantage of
3118         the VM layout properties of MarkedBlocks.
3119
3120         * heap/MarkedBlockSet.h: Added.
3121         (JSC::MarkedBlockSet::add):
3122         (JSC::MarkedBlockSet::remove):
3123         (JSC::MarkedBlockSet::recomputeFilter):
3124         (JSC::MarkedBlockSet::filter):
3125         (JSC::MarkedBlockSet::set):
3126         * heap/TinyBloomFilter.h: Added.
3127         (JSC::TinyBloomFilter::TinyBloomFilter):
3128         (JSC::TinyBloomFilter::add):
3129         (JSC::TinyBloomFilter::ruleOut): New helper class, used above.
3130
3131         * interpreter/RegisterFile.cpp:
3132         (JSC::RegisterFile::gatherConservativeRoots): No need to specifically
3133         exclude values by tag -- the tiny bloom filter is already a register-register
3134         compare, so adding another "rule out" factor just slows things down.
3135
3136 2011-06-09  Gavin Barraclough  <barraclough@apple.com>
3137
3138         Reviewed by Oliver Hunt.
3139
3140         Bug 62405 - Fix integer overflow in Array.prototype.push
3141
3142         There are three integer overflows here, leading to safe (not a security risk)
3143         but incorrect (non-spec-compliant) behaviour.
3144
3145         Two overflows occur when calculating the new length after pushing (one in the
3146         fast version of push in JSArray, one in the generic version in ArrayPrototype).
3147         The other occurs calculating indices to write to when multiple items are pushed.
3148
3149         These errors result in three test-262 failures.
3150
3151         * runtime/ArrayPrototype.cpp:
3152         (JSC::arrayProtoFuncPush):
3153         * runtime/JSArray.cpp:
3154         (JSC::JSArray::put):
3155         (JSC::JSArray::push):
3156
3157 2011-06-09  Dan Bernstein  <mitz@apple.com>
3158
3159         Reviewed by Anders Carlsson.
3160
3161         Add Vector::reverse()
3162         https://bugs.webkit.org/show_bug.cgi?id=62393
3163
3164         * wtf/Vector.h:
3165         (WTF::Vector::reverse): Added
3166
3167 2011-06-08  Geoffrey Garen  <ggaren@apple.com>
3168
3169         Reviewed by Oliver Hunt.
3170
3171         Factored a bunch of Heap functionality into stand-alone functors
3172         https://bugs.webkit.org/show_bug.cgi?id=62337
3173         
3174         This is in preparation for making these functors operate on arbitrary
3175         sets of MarkedBlocks.
3176
3177         * JavaScriptCore.exp: This file is a small tragedy.
3178
3179         * debugger/Debugger.cpp:
3180         (JSC::Debugger::recompileAllJSFunctions): Updated for type change and rename.
3181
3182         * heap/HandleHeap.h:
3183         (JSC::HandleHeap::forEachStrongHandle): New function for iterating all
3184         strong handles, so we can play along in the functor game.
3185
3186         * heap/Heap.cpp:
3187         (JSC::CountFunctor::CountFunctor::CountFunctor):
3188         (JSC::CountFunctor::CountFunctor::count):
3189         (JSC::CountFunctor::CountFunctor::returnValue):
3190         (JSC::CountFunctor::ClearMarks::operator()):
3191         (JSC::CountFunctor::ResetAllocator::operator()):
3192         (JSC::CountFunctor::Sweep::operator()):
3193         (JSC::CountFunctor::MarkCount::operator()):
3194         (JSC::CountFunctor::Size::operator()):
3195         (JSC::CountFunctor::Capacity::operator()):
3196         (JSC::CountFunctor::Count::operator()):
3197         (JSC::CountFunctor::CountIfGlobalObject::operator()):
3198         (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
3199         (JSC::CountFunctor::TakeIfEmpty::operator()):
3200         (JSC::CountFunctor::TakeIfEmpty::returnValue):
3201         (JSC::CountFunctor::RecordType::RecordType):
3202         (JSC::CountFunctor::RecordType::typeName):
3203         (JSC::CountFunctor::RecordType::operator()):
3204         (JSC::CountFunctor::RecordType::returnValue): These functors factor out
3205         behavior that used to be in the functions below.
3206
3207         (JSC::Heap::clearMarks):
3208         (JSC::Heap::sweep):
3209         (JSC::Heap::objectCount):
3210         (JSC::Heap::size):
3211         (JSC::Heap::capacity):
3212         (JSC::Heap::protectedGlobalObjectCount):
3213         (JSC::Heap::protectedObjectCount):
3214         (JSC::Heap::protectedObjectTypeCounts):
3215         (JSC::Heap::objectTypeCounts):
3216         (JSC::Heap::resetAllocator):
3217         (JSC::Heap::freeBlocks):
3218         (JSC::Heap::shrink): Factored out behavior into the functors above.
3219
3220         * heap/Heap.h:
3221         (JSC::Heap::forEachProtectedCell):
3222         (JSC::Heap::forEachCell):
3223         (JSC::Heap::forEachBlock): Added forEach* iteration templates. I chose
3224         functor-based templates instead of plain iterators because they're simpler
3225         to implement in this case and they require a lot less code at the call site.
3226
3227         * heap/MarkedBlock.h:
3228         (JSC::MarkedBlock::VoidFunctor::returnValue): Default parent class for
3229         trivial functors.
3230
3231         (JSC::MarkedBlock::forEachCell): Renamed forEach to forEachCell because
3232         we have a few different kind of "for each" now.
3233
3234         * runtime/JSGlobalData.cpp:
3235         (WTF::Recompile::operator()):
3236         (JSC::JSGlobalData::JSGlobalData):
3237         (JSC::JSGlobalData::recompileAllJSFunctions): Updated for type change and rename.
3238
3239         * runtime/JSGlobalData.h: Removed globalObjectCount because it was unused.
3240
3241 2011-06-08  Mikołaj Małecki  <m.malecki@samsung.com>
3242
3243         Reviewed by Pavel Feldman.
3244
3245         Web Inspector: Crash by buffer overrun crash when serializing inspector object tree.
3246         https://bugs.webkit.org/show_bug.cgi?id=52791
3247
3248         No new tests. The problem can be reproduced by trying to create InspectorValue
3249         from 1.0e-100 and call ->toJSONString() on this.
3250
3251         * JavaScriptCore.exp:
3252         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3253         export 2 functions DecimalNumber::bufferLengthForStringExponential and
3254         DecimalNumber::toStringExponential.
3255
3256 2011-06-08  Sheriff Bot  <webkit.review.bot@gmail.com>
3257
3258         Unreviewed, rolling out r88404.
3259         http://trac.webkit.org/changeset/88404
3260         https://bugs.webkit.org/show_bug.cgi?id=62342
3261
3262         broke win and mac build (Requested by tony^work on #webkit).
3263
3264         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3265
3266 2011-06-08  Evan Martin  <evan@chromium.org>
3267
3268         Reviewed by Adam Barth.
3269
3270         [chromium] use gyp 'settings' type for settings target
3271         https://bugs.webkit.org/show_bug.cgi?id=62323
3272
3273         The 'settings' gyp target type is for targets that exist solely
3274         for their settings (no build rules).  The comment above this target
3275         says it's for this, but it incorrectly uses 'none'.
3276
3277         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3278
3279 2011-06-08  Sailesh Agrawal  <sail@chromium.org>
3280
3281         Reviewed by Mihai Parparita.
3282
3283         Chromium Mac: Enable overlay scrollbars
3284         https://bugs.webkit.org/show_bug.cgi?id=59756
3285
3286         Enable WTF_USE_WK_SCROLLBAR_PAINTER for Chromium Mac. This allows us to use overlay scrollbars on future versions of Mac OS X.
3287
3288         * wtf/Platform.h:
3289
3290 2011-06-08  Oliver Hunt  <oliver@apple.com>
3291
3292         Reviewed by Geoffrey Garen.
3293
3294         Add faster lookup cache for multi character identifiers
3295         https://bugs.webkit.org/show_bug.cgi?id=62327
3296
3297         Add a non-hash lookup for mutiple character identifiers.  This saves us from
3298         adding repeated identifiers to the ParserArena's identifier list as people
3299         tend to not start all their variables and properties with the same character
3300         and happily identifier locality works in our favour.
3301
3302         * parser/ParserArena.h:
3303         (JSC::IdentifierArena::isEmpty):
3304         (JSC::IdentifierArena::clear):
3305         (JSC::IdentifierArena::makeIdentifier):
3306
3307 2011-06-08  Geoffrey Garen  <ggaren@apple.com>
3308
3309         Reviewed by Oliver Hunt.
3310
3311         Took some responsibilities away from NewSpace
3312         https://bugs.webkit.org/show_bug.cgi?id=62325
3313         
3314         NewSpace is basically just an allocator now.
3315         
3316         Heap acts as a controller, responsible for managing the set of all
3317         MarkedBlocks.
3318         
3319         This is in preparation for moving parts of the controller logic into
3320         separate helper classes that can act on arbitrary sets of MarkedBlocks
3321         that may or may not be in NewSpace.
3322
3323         * heap/Heap.cpp:
3324         (JSC::Heap::Heap):
3325         (JSC::Heap::destroy):
3326         (JSC::Heap::allocate):
3327         (JSC::Heap::markRoots):
3328         (JSC::Heap::clearMarks):
3329         (JSC::Heap::sweep):
3330         (JSC::Heap::objectCount):
3331         (JSC::Heap::size):
3332         (JSC::Heap::capacity):
3333         (JSC::Heap::collect):
3334         (JSC::Heap::resetAllocator):
3335         (JSC::Heap::allocateBlock):
3336         (JSC::Heap::freeBlocks):
3337         (JSC::Heap::shrink): Moved the set of MarkedBlocks from NewSpace to Heap,
3338         along with all functions that operate on the set of MarkedBlocks. Also
3339         moved responsibility for deciding whether to allocate a new MarkedBlock,
3340         and for allocating it.
3341
3342         * heap/Heap.h:
3343         (JSC::Heap::contains):
3344         (JSC::Heap::forEach): Ditto.
3345
3346         * heap/NewSpace.cpp:
3347         (JSC::NewSpace::addBlock):
3348         (JSC::NewSpace::removeBlock):
3349         (JSC::NewSpace::resetAllocator):
3350         * heap/NewSpace.h:
3351         (JSC::NewSpace::waterMark):
3352         (JSC::NewSpace::allocate): Ditto.
3353
3354 2011-06-08  Geoffrey Garen  <ggaren@apple.com>
3355
3356         Reviewed by Oliver Hunt.
3357
3358         Some more MarkedSpace => NewSpace renaming
3359         https://bugs.webkit.org/show_bug.cgi?id=62305
3360
3361         * JavaScriptCore.exp:
3362         * JavaScriptCore.order:
3363         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3364         * heap/Heap.cpp:
3365         (JSC::Heap::Heap):
3366         (JSC::Heap::destroy):
3367         (JSC::Heap::reportExtraMemoryCostSlowCase):
3368         (JSC::Heap::allocate):
3369         (JSC::Heap::markRoots):
3370         (JSC::Heap::objectCount):
3371         (JSC::Heap::size):
3372         (JSC::Heap::capacity):
3373         (JSC::Heap::collect):
3374         (JSC::Heap::isValidAllocation):
3375         * heap/Heap.h:
3376         (JSC::Heap::markedSpace):
3377         (JSC::Heap::contains):
3378         (JSC::Heap::forEach):
3379         (JSC::Heap::allocate):
3380         * runtime/JSCell.h:
3381
3382 2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
3383
3384         Reviewed by Eric Seidel.
3385
3386         Add export macros to profiler headers.
3387         https://bugs.webkit.org/show_bug.cgi?id=27551
3388
3389         * profiler/Profiler.h:
3390
3391 2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
3392
3393         Reviewed by Eric Seidel.
3394
3395         Add export symbols to parser headers.
3396         https://bugs.webkit.org/show_bug.cgi?id=27551
3397
3398         * parser/SourceProviderCache.h:
3399
3400 2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
3401
3402         Reviewed by Eric Seidel.
3403
3404         Add export symbols to interpreter headers.
3405         https://bugs.webkit.org/show_bug.cgi?id=27551
3406
3407         * interpreter/Interpreter.h:
3408
3409 2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
3410
3411         Reviewed by Eric Seidel.
3412
3413         Add export symbols to debugger headers.
3414         https://bugs.webkit.org/show_bug.cgi?id=27551
3415
3416         * debugger/Debugger.h:
3417         * debugger/DebuggerCallFrame.h:
3418
3419 2011-06-08  Geoffrey Garen  <ggaren@apple.com>
3420
3421         Reviewed by Darin Adler.
3422
3423         Moved MarkedSpace.* to NewSpace.* in preparation for more renaming
3424         https://bugs.webkit.org/show_bug.cgi?id=62268
3425
3426         * CMakeLists.txt:
3427         * GNUmakefile.list.am:
3428         * JavaScriptCore.gypi:
3429         * JavaScriptCore.pro:
3430         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3431         * JavaScriptCore.xcodeproj/project.pbxproj:
3432         * heap/Heap.h:
3433         * heap/MarkedBlock.h:
3434         * heap/MarkedSpace.cpp: Removed.
3435         * heap/MarkedSpace.h: Removed.
3436         * heap/NewSpace.cpp: Copied from Source/JavaScriptCore/heap/MarkedSpace.cpp.
3437         * heap/NewSpace.h: Copied from Source/JavaScriptCore/heap/MarkedSpace.h.
3438
3439 2011-06-08  Sheriff Bot  <webkit.review.bot@gmail.com>
3440
3441         Unreviewed, rolling out r88365.
3442         http://trac.webkit.org/changeset/88365
3443         https://bugs.webkit.org/show_bug.cgi?id=62301
3444
3445         windows bots broken (Requested by loislo_ on #webkit).
3446
3447         * JavaScriptCore.exp:
3448
3449 2011-06-08  Ryan Sleevi  <rsleevi@chromium.org>
3450
3451         Reviewed by Tony Chang.
3452
3453         Suppress C++0x compat warnings when compiling Chromium port with GCC 4.6
3454
3455         Compiling Chromium port under GCC 4.6 produces warnings about nullptr
3456         https://bugs.webkit.org/show_bug.cgi?id=62242
3457
3458         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3459
3460 2011-06-08  Ademar de Souza Reis Jr.  <ademar.reis@openbossa.org>
3461
3462         Reviewed by Andreas Kling.
3463
3464         Webkit on SPARC Solaris has wrong endian
3465         https://bugs.webkit.org/show_bug.cgi?id=29407
3466
3467         Bug 57256 fixed one crash on misaligned reads on sparc/solaris, but
3468         there are more ocurrences of the same code pattern in webkit.
3469
3470         This patch includes the check on these other parts of the code.
3471
3472         This is a speculative fix, I don't have a sparc machine to test and
3473         don't know which kind of test would trigger a crash (but it's quite
3474         obvious that it's the same code duplicated in different files).
3475
3476         * runtime/UString.h:
3477         (JSC::UStringHash::equal):
3478         * wtf/text/StringHash.h:
3479         (WTF::StringHash::equal):
3480
3481 2011-06-08  Yael Aharon  <yael.aharon@nokia.com>
3482
3483         Reviewed by Andreas Kling.
3484
3485         [Qt] Build fix for building QtWebKit inside of Qt.
3486         https://bugs.webkit.org/show_bug.cgi?id=62280
3487
3488         Remove CONFIG=staticlib, because it causes the configure script to add -ljavascriptcore
3489         into QtWebKit.prl.
3490
3491         No new tests, as this is just a build fix.
3492
3493         * JavaScriptCore.pri:
3494
3495 2011-06-07  Geoffrey Garen  <ggaren@apple.com>
3496
3497         Reviewed by Oliver Hunt.
3498
3499         Split 'reset' into 'collect' and 'resetAllocator'
3500         https://bugs.webkit.org/show_bug.cgi?id=62267
3501
3502         * heap/Heap.cpp:
3503         (JSC::Heap::allocate):
3504         (JSC::Heap::collectAllGarbage):
3505         (JSC::Heap::collect):
3506         * heap/Heap.h:
3507         * heap/MarkedBlock.h:
3508         (JSC::MarkedBlock::resetAllocator):
3509         * heap/MarkedSpace.cpp:
3510         (JSC::MarkedSpace::resetAllocator):
3511         * heap/MarkedSpace.h:
3512         (JSC::MarkedSpace::SizeClass::resetAllocator):
3513
3514 2011-06-07  Geoffrey Garen  <ggaren@apple.com>
3515
3516         Reviewed by Sam Weinig.
3517
3518         Renamed some more marks to visits
3519         https://bugs.webkit.org/show_bug.cgi?id=62254
3520
3521         * heap/HandleHeap.cpp:
3522         (JSC::HandleHeap::visitStrongHandles):
3523         (JSC::HandleHeap::visitWeakHandles):
3524         * heap/HandleHeap.h:
3525         * heap/HandleStack.cpp:
3526         (JSC::HandleStack::visit):
3527         * heap/HandleStack.h:
3528         * heap/Heap.cpp:
3529         (JSC::Heap::markProtectedObjects):
3530         (JSC::Heap::markTempSortVectors):
3531         (JSC::Heap::markRoots):
3532         * heap/HeapRootVisitor.h:
3533         (JSC::HeapRootVisitor::visit):
3534         * runtime/ArgList.cpp:
3535         (JSC::MarkedArgumentBuffer::markLists):
3536
3537 2011-06-07  Gavin Barraclough  <barraclough@apple.com>
3538
3539         Reviewed by Sam Weinig
3540
3541         https://bugs.webkit.org/show_bug.cgi?id=55537
3542         Functions claim to have 'callee' which they actually don't (and shouldn't)
3543
3544         * JavaScriptCore.xcodeproj/project.pbxproj:
3545         * runtime/JSFunction.cpp:
3546         (JSC::JSFunction::getOwnPropertyNames):
3547
3548 2011-06-07  Juan C. Montemayor  <jmont@apple.com>
3549
3550         Reviewed by Darin Adler.
3551
3552         Make JSStaticFunction and JSStaticValue less "const"
3553         https://bugs.webkit.org/show_bug.cgi?id=62222
3554
3555         * API/JSObjectRef.h:
3556         * API/tests/testapi.c:
3557         (checkConstnessInJSObjectNames):
3558         (main):
3559         * JavaScriptCore.xcodeproj/project.pbxproj:
3560
3561 2011-06-07  Gavin Barraclough  <barraclough@apple.com>
3562
3563         Reviewed by Sam Weinig.
3564
3565         https://bugs.webkit.org/show_bug.cgi?id=62240
3566         DFG JIT - add support for for-loop array initialization.
3567
3568         Support put by val beyond vector length.
3569         Add a operationPutByValBeyondArrayBounds operation, make
3570         PutValVal call this if the vector length check fails.
3571
3572         * dfg/DFGJITCodeGenerator.h:
3573         (JSC::DFG::JITCodeGenerator::silentSpillGPR):
3574         (JSC::DFG::JITCodeGenerator::silentFillGPR):
3575         (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
3576         (JSC::DFG::JITCodeGenerator::isDoubleConstantWithInt32Value):
3577         (JSC::DFG::JITCodeGenerator::isJSConstantWithInt32Value):
3578         (JSC::DFG::JITCodeGenerator::isIntegerConstant):
3579         (JSC::DFG::JITCodeGenerator::valueOfIntegerConstant):
3580         * dfg/DFGOperations.cpp:
3581         (JSC::DFG::operationPutByValInternal):
3582         * dfg/DFGOperations.h:
3583         * dfg/DFGSpeculativeJIT.cpp:
3584         (JSC::DFG::SpeculativeJIT::compile):
3585         * dfg/DFGSpeculativeJIT.h:
3586
3587 2011-06-06  James Simonsen  <simonjam@chromium.org>
3588
3589         Reviewed by James Robinson.
3590
3591         Add monotonicallyIncreasingTime() to get monotonically increasing time
3592         https://bugs.webkit.org/show_bug.cgi?id=37743
3593
3594         * wtf/CurrentTime.cpp: Add monotonicallyIncreasingTime() for mac and a fallback implementation that just wraps currentTime().
3595         (WTF::monotonicallyIncreasingTime):
3596         * wtf/CurrentTime.h: Add monotonicallyIncreasingTime().
3597
3598 2011-06-06  Alexandru Chiculita  <achicu@adobe.com>
3599
3600         Reviewed by Kent Tamura.
3601
3602         Add ENABLE_CSS_EXCLUSIONS support for build-webkit script
3603         https://bugs.webkit.org/show_bug.cgi?id=61628
3604
3605         * Configurations/FeatureDefines.xcconfig:
3606
3607 2011-06-06  Mihnea Ovidenie  <mihnea@adobe.com>
3608
3609         Reviewed by Kent Tamura.
3610
3611         Add ENABLE(CSS_REGIONS) guard for CSS Regions support
3612         https://bugs.webkit.org/show_bug.cgi?id=61631
3613
3614         * Configurations/FeatureDefines.xcconfig:
3615
3616 2011-06-06  Carlos Garcia Campos  <cgarcia@igalia.com>
3617
3618         Unreviewed. Fix the GTK+ build.
3619
3620         * GNUmakefile.am: Add javascriptcore_cflags variable.
3621
3622 2011-06-04  Kevin Ollivier  <kevino@theolliviers.com>
3623
3624         [wx] Unreviewed build fix. Restore the PPC build and allow users to specify architectures
3625         to build on Mac.
3626
3627         * wtf/Platform.h:
3628
3629 2011-06-04  Gustavo Noronha Silva  <gns@gnome.org>
3630
3631         Unreviewed, MIPS build fix.
3632
3633         WebKitGTK+ tarball fails to build on MIPS.
3634         https://buildd.debian.org/status/fetch.php?pkg=webkitgtk%2B&arch=mips&ver=1.4.0-1&stamp=1304786691
3635
3636         * GNUmakefile.list.am: Add missing MIPS-related file to the list
3637         of files that are added to the tarball on make dist, and fix
3638         sorting.
3639
3640 2011-06-04  Sam Weinig  <sam@webkit.org>
3641
3642         Reviewed by Darin Adler.
3643
3644         Fix formatting of the output generated by KeywordLookupGenerator.py
3645         https://bugs.webkit.org/show_bug.cgi?id=62083
3646
3647         - Uses correct year for copyright.
3648         - Puts ending brace on same line as "else if"
3649         - Puts starting brace of function on its own line.
3650         - Adds some tasteful whitespace.
3651         - Adds comments to make clear that scopes are ending
3652         - Make macros actually split on two lines.
3653
3654         * KeywordLookupGenerator.py:
3655
3656 2011-06-04  Adam Barth  <abarth@webkit.org>
3657
3658         Reviewed by Eric Seidel.
3659
3660         KeywordLookupGenerator.py spams stdout in Chromium Linux build
3661         https://bugs.webkit.org/show_bug.cgi?id=62087
3662
3663         This action does not appear to be needed.
3664
3665         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3666
3667 2011-06-03  Oliver Hunt  <oliver@apple.com>
3668
3669         Reviewed by Maciej Stachowiak.
3670
3671         Lexer needs to provide Identifier for reserved words
3672         https://bugs.webkit.org/show_bug.cgi?id=62086
3673
3674         Alas it is necessary to provide an Identifier reference for keywords
3675         so that we can do the right thing when they're used in object literals.
3676         We now keep Identifiers for all reserved words in the CommonIdentifiers
3677         structure so that we can access them without a hash lookup.
3678
3679         * KeywordLookupGenerator.py:
3680         * parser/Lexer.cpp:
3681         (JSC::Lexer::parseIdentifier):
3682         * parser/Lexer.h:
3683         * runtime/CommonIdentifiers.cpp:
3684         (JSC::CommonIdentifiers::CommonIdentifiers):
3685         * runtime/CommonIdentifiers.h:
3686
3687 2011-06-03  Gavin Barraclough  <barraclough@apple.com>
3688
3689         Reviewed by Sam Weinig.
3690
3691         Add debug code to break on speculation failures.
3692
3693         * dfg/DFGJITCompiler.cpp:
3694         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
3695         (JSC::DFG::JITCompiler::compileFunction):
3696         * dfg/DFGNode.h:
3697
3698 2011-06-03  Gavin Barraclough  <barraclough@apple.com>
3699
3700         Reviewed by Sam Weinig.
3701
3702         https://bugs.webkit.org/show_bug.cgi?id=62082
3703         DFG JIT - bug passing arguments that need swap
3704
3705         This is really just a typo.
3706         When setting up the arguments for a call out to a C operation, we'll
3707         fail to swap arguments where this is necessary. For example, in the
3708         case of 2 arg calls, where the first argument is in %rdx & the second
3709         is in %rsi we should swap (exec will be passed in %rdi), but we don't.
3710
3711         This can also affect function calls passing three arguments.
3712
3713         * dfg/DFGJITCodeGenerator.h:
3714         (JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
3715             - Call swap with the correct arguments.
3716
3717 2011-06-03  Oliver Hunt  <oliver@apple.com>
3718
3719         Reviewed by Gavin Barraclough.
3720
3721         Force inlining of some hot lexer functions
3722         https://bugs.webkit.org/show_bug.cgi?id=62079
3723
3724         Fix more GCC stupidity
3725
3726         * parser/Lexer.h:
3727         (JSC::Lexer::isWhiteSpace):
3728         (JSC::Lexer::isLineTerminator):
3729
3730 2011-06-03  Oliver Hunt  <oliver@apple.com>
3731
3732         Reviewed by Gavin Barraclough.
3733
3734         GCC not inlining some functions that it really should be
3735         https://bugs.webkit.org/show_bug.cgi?id=62075
3736
3737         Add ALWAYS_INLINE to a number of parsing and lexing functions
3738         that should always be inlined.  This gets us ~1.4% on my ad hoc
3739         parser test.
3740
3741         * KeywordLookupGenerator.py:
3742         * parser/JSParser.cpp:
3743         (JSC::JSParser::next):
3744         (JSC::JSParser::nextTokenIsColon):
3745         (JSC::JSParser::consume):
3746         (JSC::JSParser::match):
3747         (JSC::JSParser::tokenStart):
3748         (JSC::JSParser::tokenLine):
3749         (JSC::JSParser::tokenEnd):
3750         * parser/Lexer.cpp:
3751         (JSC::isIdentPart):
3752
3753 2011-06-03  Oliver Hunt  <oliver@apple.com>
3754
3755         Whoops, fix last minute bug.
3756
3757         * parser/Lexer.cpp:
3758         (JSC::Lexer::parseIdentifier):
3759
3760 2011-06-03  Martin Robinson  <mrobinson@igalia.com>
3761
3762         Try to fix the GTK+ build.
3763
3764         * GNUmakefile.am: Clean up some spaces that should be tabs.
3765         * GNUmakefile.list.am: Add KeywordLookup.h to the source list
3766         and clean up some spaces that should be tabs.
3767
3768 2011-06-03  Oliver Hunt  <oliver@apple.com>
3769
3770         Reviewed by Geoffrey Garen.
3771
3772         Improve keyword lookup
3773         https://bugs.webkit.org/show_bug.cgi?id=61913
3774
3775         Rather than doing multiple hash lookups as we currently
3776         do when trying to identify keywords we now use an 
3777         automatically generated decision tree (essentially it's
3778         a hard coded patricia trie).  We still use the regular
3779         lookup table for the last few characters of an input as
3780         this allows us to completely skip all bounds checks.
3781
3782         * CMakeLists.txt:
3783         * DerivedSources.make:
3784         * DerivedSources.pro:
3785         * GNUmakefile.am:
3786         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3787         * JavaScriptCore.xcodeproj/project.pbxproj:
3788         * KeywordLookupGenerator.py: Added.
3789         * make-generated-sources.sh:
3790         * parser/Lexer.cpp:
3791         (JSC::Lexer::internalShift):
3792         (JSC::Lexer::shift):
3793         (JSC::Lexer::parseIdentifier):
3794         * parser/Lexer.h:
3795
3796 2011-06-03  Siddharth Mathur  <siddharth.mathur@nokia.com>
3797
3798         Reviewed by Benjamin Poulain.
3799
3800         [Qt] Build flag for experimental ICU library support
3801         https://bugs.webkit.org/show_bug.cgi?id=60786
3802
3803         Adds a build-time flag (CONFIG+=use_system_icu) that enables experimental 
3804         ICU powered Unicode support. 
3805
3806         * JavaScriptCore.pri: Support for use_system_icu CONFIG flag.
3807         * wtf/unicode/qt4/UnicodeQt4.h: Guard an include file with USE(ICU_UNICODE). 
3808
3809 2011-06-03  Alexis Menard  <alexis.menard@openbossa.org>
3810
3811         Reviewed by Benjamin Poulain.
3812
3813         [Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6.
3814         https://bugs.webkit.org/show_bug.cgi?id=61957
3815
3816         When building inside the Qt source tree, qmake always append the mkspecs
3817         defines after ours. We have to workaround and make sure that we append 
3818         our flags after the qmake variable used inside Qt. This workaround was provided 
3819         by our qmake folks. We need to append in both case because qmake behave differently
3820         when called with -spec or via SUBDIR+=. This patch unbreak r87950 on Mac for Qt port.
3821
3822         * JavaScriptCore.pro:
3823
3824 2011-06-02  Jay Civelli  <jcivelli@chromium.org>
3825
3826         Reviewed by Adam Barth.
3827
3828         Added a method to generate RFC 2822 compliant date strings.
3829         https://bugs.webkit.org/show_bug.cgi?id=7169
3830
3831         * wtf/DateMath.cpp:
3832         (WTF::twoDigitStringFromNumber):
3833         (WTF::makeRFC2822DateString):
3834         * wtf/DateMath.h:
3835
3836 2011-06-02  Alexis Menard  <alexis.menard@openbossa.org>
3837
3838         Reviewed by Andreas Kling.
3839
3840         [Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6.
3841         https://bugs.webkit.org/show_bug.cgi?id=61957
3842
3843         When building inside the Qt source tree, qmake always append the mkspecs
3844         defines after ours. We have to workaround and make sure that we append  
3845         our flags after the qmake variable used inside Qt. This workaround was provided
3846         by our qmake folks.
3847
3848         * JavaScriptCore.pro:
3849
3850 2011-06-01  Oliver Hunt  <oliver@apple.com>
3851
3852         Reviewed by Geoffrey Garen.
3853
3854         Add single character lookup cache to IdentifierArena
3855         https://bugs.webkit.org/show_bug.cgi?id=61879
3856
3857         Add a simple lookup cache for single ascii character
3858         identifiers.  Produces around a 2% improvement in parse
3859         time for my adhoc parser test.
3860
3861         * parser/ParserArena.h:
3862         (JSC::IdentifierArena::IdentifierArena):
3863         (JSC::IdentifierArena::clear):
3864         (JSC::IdentifierArena::makeIdentifier):
3865
3866 2011-05-31  Oliver Hunt  <oliver@apple.com>
3867
3868         Reviewed by Geoffrey Garen.
3869
3870         Freezing a function and its prototype causes browser to crash.
3871         https://bugs.webkit.org/show_bug.cgi?id=61758
3872
3873         Make JSObject::preventExtensions virtual so that we can override it
3874         and instantiate all lazy
3875
3876         * JavaScriptCore.exp:
3877         * runtime/JSFunction.cpp:
3878         (JSC::createPrototypeProperty):
3879         (JSC::JSFunction::preventExtensions):
3880         (JSC::JSFunction::getOwnPropertySlot):
3881         * runtime/JSFunction.h:
3882         * runtime/JSObject.h:
3883         * runtime/JSObject.cpp:
3884         (JSC::JSObject::seal):
3885         (JSC::JSObject::seal):
3886
3887 2011-06-01  Sheriff Bot  <webkit.review.bot@gmail.com>
3888
3889         Unreviewed, rolling out r87788.
3890         http://trac.webkit.org/changeset/87788
3891         https://bugs.webkit.org/show_bug.cgi?id=61856
3892
3893         breaks windows chromium canary (Requested by jknotten on
3894         #webkit).
3895
3896         * wtf/DateMath.cpp:
3897         (WTF::timeClip):
3898         * wtf/DateMath.h:
3899
3900 2011-06-01  Jay Civelli  <jcivelli@chromium.org>
3901
3902         Reviewed by Adam Barth.
3903
3904         Added a method to generate RFC 2822 compliant date strings.
3905         https://bugs.webkit.org/show_bug.cgi?id=7169
3906
3907         * wtf/DateMath.cpp:
3908         (WTF::twoDigitStringFromNumber):
3909         (WTF::makeRFC2822DateString):
3910         * wtf/DateMath.h:
3911
3912 2011-05-31  Yong Li  <yoli@rim.com>
3913
3914         Reviewed by Eric Seidel.
3915
3916         https://bugs.webkit.org/show_bug.cgi?id=54807
3917         We have been assuming plain bitfields (like "int a : 31") are always signed integers.
3918         However some compilers can treat them as unsigned. For example, RVCT 4.0 states plain
3919         bitfields (declared without either signed or unsigned qualifiers) are treats as unsigned.
3920         http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0348c/Babjddhe.html
3921         Although we can use "--signed-bitfields" flag to make RVCT 4.0 behave as most other compilers,
3922         always using "signed"/"unsigned" qualifier to declare integral type bitfields is still a good
3923         rule we should have in order to make our code independent from compilers and compiler flags.
3924
3925         No new test added because this change is not known to fix any issue.
3926
3927         * bytecode/StructureStubInfo.h:
3928
3929 2011-05-30  Hojong Han  <hojong.han@samsung.com>
3930
3931         Reviewed by Geoffrey Garen.
3932
3933         [JSC] malfunction during arithmetic condition check with negative number (-2147483648)
3934         https://bugs.webkit.org/show_bug.cgi?id=61416
3935
3936         * assembler/MacroAssemblerARM.h:
3937         (JSC::MacroAssemblerARM::branch32):
3938         * tests/mozilla/ecma/Expressions/11.12-1.js:
3939         (getTestCases):
3940
3941 2011-05-29  Geoffrey Garen  <ggaren@apple.com>
3942
3943         Reviewed by Sam Weinig.
3944
3945         Some heap refactoring
3946         https://bugs.webkit.org/show_bug.cgi?id=61704
3947         
3948         SunSpider says no change.
3949
3950         * JavaScriptCore.exp: Export!
3951
3952         * heap/Heap.cpp: COLLECT_ON_EVERY_ALLOCATION can actually do so now.
3953
3954         (JSC::Heap::Heap): Changed Heap sub-objects to point to the heap.
3955
3956         (JSC::Heap::allocate): Changed inline allocation code to only select the
3957         size class, since this can be optimized out at compile time -- everything
3958         else is now inlined into this out-of-line function.
3959         
3960         No need to duplicate ASSERTs made in our caller.
3961
3962         * heap/Heap.h:
3963         (JSC::Heap::heap):
3964         (JSC::Heap::isMarked):
3965         (JSC::Heap::testAndSetMarked):
3966         (JSC::Heap::testAndClearMarked):
3967         (JSC::Heap::setMarked): Call directly into MarkedBlock instead of adding
3968         a layer of indirection through MarkedSpace.
3969
3970         (JSC::Heap::allocate): See above.
3971
3972         * heap/MarkedBlock.cpp:
3973         (JSC::MarkedBlock::create):
3974         (JSC::MarkedBlock::MarkedBlock):
3975         * heap/MarkedBlock.h: Changed Heap sub-objects to point to the heap.
3976
3977         * heap/MarkedSpace.cpp:
3978         (JSC::MarkedSpace::MarkedSpace):
3979         (JSC::MarkedSpace::allocateBlock):
3980         * heap/MarkedSpace.h:
3981         (JSC::MarkedSpace::allocate): Updated to match changes above.
3982
3983 2011-05-28  David Kilzer  <ddkilzer@apple.com>
3984
3985         BUILD FIX when building only the interpreter
3986
3987         Fixes the following compiler warning:
3988
3989             JavaScriptCore/runtime/JSGlobalData.cpp:462:6: error: no previous prototype for function 'releaseExecutableMemory' [-Werror,-Wmissing-prototypes,3]
3990              void releaseExecutableMemory(JSGlobalData& globalData)
3991                   ^
3992
3993         * jit/ExecutableAllocator.h: Moved declaration of
3994         JSC::releaseExecutableMemory().
3995
3996 2011-05-28  David Kilzer  <ddkilzer@apple.com>
3997
3998         BUILD FIX after r87527 with ENABLE(BRANCH_COMPACTION)
3999
4000         * assembler/LinkBuffer.h:
4001         (JSC::LinkBuffer::linkCode): Added missing argument.
4002
4003 2011-05-27  Geoffrey Garen  <ggaren@apple.com>
4004
4005         Reviewed by Oliver Hunt.
4006
4007         JS API is too aggressive about throwing exceptions for NULL get or set operations
4008         https://bugs.webkit.org/show_bug.cgi?id=61678
4009
4010         * API/JSCallbackObject.h: Changed our staticValueGetter to a regular
4011         function that returns a JSValue, so it can fail and still forward to
4012         normal property lookup.
4013
4014         * API/JSCallbackObjectFunctions.h:
4015         (JSC::::getOwnPropertySlot): Don't throw an exception when failing to
4016         access a static property -- just forward the access. This allows objects
4017         to observe get/set operations but still let the JS object manage lifetime.
4018
4019         (JSC::::put): Ditto.
4020
4021         (JSC::::getStaticValue): Same as JSCallbackObject.h.
4022
4023         * API/tests/testapi.c:
4024         (MyObject_set_nullGetForwardSet):
4025         * API/tests/testapi.js: Updated tests to reflect slightly less strict
4026         behavior, which matches headerdoc claims.
4027
4028 2011-05-27  Geoffrey Garen  <ggaren@apple.com>
4029
4030         Reviewed by Oliver Hunt.
4031
4032         Property caching is too aggressive for API objects
4033         https://bugs.webkit.org/show_bug.cgi?id=61677
4034
4035         * API/JSCallbackObject.h: Opt in to ProhibitsPropertyCaching, since our
4036         callback APIs allow the client to change its mind about our propertis at
4037         any time.
4038
4039         * API/tests/testapi.c:
4040         (PropertyCatchalls_getProperty):
4041         (PropertyCatchalls_setProperty):
4042         (PropertyCatchalls_getPropertyNames):
4043         (PropertyCatchalls_class):
4044         (main):
4045         * API/tests/testapi.js: Some tests for dynamic API objects.
4046
4047         * interpreter/Interpreter.cpp:
4048         (JSC::Interpreter::tryCachePutByID):
4049         (JSC::Interpreter::tryCacheGetByID):
4050         * jit/JITStubs.cpp:
4051         (JSC::JITThunks::tryCachePutByID):
4052         (JSC::JITThunks::tryCacheGetByID):
4053         (JSC::DEFINE_STUB_FUNCTION): Opt out of property caching if the client
4054         requires it.
4055
4056         * runtime/JSTypeInfo.h:
4057         (JSC::TypeInfo::TypeInfo):
4058         (JSC::TypeInfo::isFinal):
4059         (JSC::TypeInfo::prohibitsPropertyCaching):
4060         (JSC::TypeInfo::flags): Added a flag to track opting out of property
4061         caching. Fixed an "&&" vs "&" typo that was previously harmless, but
4062         is now harmful since m_flags2 can have more than one bit set.
4063