Encode jump and link sizes into the appropriate enums
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-07-07  Oliver Hunt  <oliver@apple.com>
2
3         Encode jump and link sizes into the appropriate enums
4         https://bugs.webkit.org/show_bug.cgi?id=64123
5
6         Reviewed by Sam Weinig.
7
8         Finally kill off the out of line jump and link size arrays, 
9         so we can avoid icky loads and constant fold the linking arithmetic.
10
11         * assembler/ARMv7Assembler.cpp:
12         * assembler/ARMv7Assembler.h:
13         (JSC::ARMv7Assembler::jumpSizeDelta):
14         (JSC::ARMv7Assembler::computeJumpType):
15
16 2011-07-06  Juan C. Montemayor  <jmont@apple.com>
17
18         ASSERT_NOT_REACHED running test 262
19         https://bugs.webkit.org/show_bug.cgi?id=63951
20         
21         Added a case to the switch statement where the code was failing. Fixed
22         some logic as well that gave faulty error messages.
23
24         Reviewed by Gavin Barraclough.
25
26         * parser/JSParser.cpp:
27         (JSC::JSParser::getTokenName):
28         (JSC::JSParser::updateErrorMessageSpecialCase):
29         (JSC::JSParser::updateErrorMessage):
30
31 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
32
33         DFG JIT implementation of op_call results in regressions on sunspider
34         controlflow-recursive.
35         https://bugs.webkit.org/show_bug.cgi?id=64039
36
37         Reviewed by Gavin Barraclough.
38
39         * dfg/DFGByteCodeParser.cpp:
40         (JSC::DFG::ByteCodeParser::isSmallInt32Constant):
41         (JSC::DFG::ByteCodeParser::parseBlock):
42         * dfg/DFGSpeculativeJIT.h:
43         (JSC::DFG::SpeculativeJIT::isInteger):
44
45 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
46
47         DFG JIT does not support method_check
48         https://bugs.webkit.org/show_bug.cgi?id=63972
49
50         Reviewed by Gavin Barraclough.
51
52         * assembler/CodeLocation.h:
53         (JSC::CodeLocationPossiblyNearCall::CodeLocationPossiblyNearCall):
54         * bytecode/CodeBlock.cpp:
55         (JSC::CodeBlock::visitAggregate):
56         * bytecode/CodeBlock.h:
57         (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
58         (JSC::MethodCallLinkInfo::seenOnce):
59         (JSC::MethodCallLinkInfo::setSeen):
60         * dfg/DFGAliasTracker.h:
61         (JSC::DFG::AliasTracker::recordGetMethod):
62         * dfg/DFGByteCodeParser.cpp:
63         (JSC::DFG::ByteCodeParser::parseBlock):
64         * dfg/DFGJITCodeGenerator.cpp:
65         (JSC::DFG::JITCodeGenerator::cachedGetById):
66         (JSC::DFG::JITCodeGenerator::cachedGetMethod):
67         * dfg/DFGJITCodeGenerator.h:
68         * dfg/DFGJITCompiler.cpp:
69         (JSC::DFG::JITCompiler::compileFunction):
70         * dfg/DFGJITCompiler.h:
71         (JSC::DFG::JITCompiler::addMethodGet):
72         (JSC::DFG::JITCompiler::MethodGetRecord::MethodGetRecord):
73         * dfg/DFGNode.h:
74         (JSC::DFG::Node::hasIdentifier):
75         * dfg/DFGNonSpeculativeJIT.cpp:
76         (JSC::DFG::NonSpeculativeJIT::compile):
77         * dfg/DFGOperations.cpp:
78         * dfg/DFGOperations.h:
79         * dfg/DFGRepatch.cpp:
80         (JSC::DFG::dfgRepatchGetMethodFast):
81         (JSC::DFG::tryCacheGetMethod):
82         (JSC::DFG::dfgRepatchGetMethod):
83         * dfg/DFGRepatch.h:
84         * dfg/DFGSpeculativeJIT.cpp:
85         (JSC::DFG::SpeculativeJIT::compile):
86         * jit/JITWriteBarrier.h:
87         (JSC::JITWriteBarrier::set):
88
89 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
90
91         DFG JIT op_call implementation will flush registers even when those registers are dead
92         https://bugs.webkit.org/show_bug.cgi?id=64023
93
94         Reviewed by Gavin Barraclough.
95
96         * dfg/DFGJITCodeGenerator.cpp:
97         (JSC::DFG::JITCodeGenerator::emitCall):
98         * dfg/DFGJITCodeGenerator.h:
99         (JSC::DFG::JITCodeGenerator::integerResult):
100         (JSC::DFG::JITCodeGenerator::noResult):
101         (JSC::DFG::JITCodeGenerator::cellResult):
102         (JSC::DFG::JITCodeGenerator::jsValueResult):
103         (JSC::DFG::JITCodeGenerator::doubleResult):
104         * dfg/DFGNonSpeculativeJIT.cpp:
105         (JSC::DFG::NonSpeculativeJIT::compile):
106         * dfg/DFGSpeculativeJIT.cpp:
107         (JSC::DFG::SpeculativeJIT::compile):
108
109 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
110
111         DFG speculative JIT may crash when speculating int on a non-int JSConstant.
112         https://bugs.webkit.org/show_bug.cgi?id=64017
113
114         Reviewed by Gavin Barraclough.
115
116         * dfg/DFGSpeculativeJIT.cpp:
117         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
118         (JSC::DFG::SpeculativeJIT::compile):
119
120 2011-07-06  Dmitriy Vyukov  <dvyukov@google.com>
121
122         Reviewed by David Levin.
123
124         Allow substitution of dynamic annotations and prevent identical code folding by the linker.
125         https://bugs.webkit.org/show_bug.cgi?id=62443
126
127         * wtf/DynamicAnnotations.cpp:
128         (WTFAnnotateBenignRaceSized):
129         (WTFAnnotateHappensBefore):
130         (WTFAnnotateHappensAfter):
131
132 2011-07-06  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
133
134         Calls on 32 bit machines are failed after r90423
135         https://bugs.webkit.org/show_bug.cgi?id=63980
136
137         Reviewed by Gavin Barraclough.
138
139         Copy the necessary lines from JITCall.cpp.
140
141         * jit/JITCall32_64.cpp:
142         (JSC::JIT::compileOpCall):
143
144 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
145
146         DFG JIT virtual call implementation is inefficient.
147         https://bugs.webkit.org/show_bug.cgi?id=63974
148
149         Reviewed by Gavin Barraclough.
150
151         * dfg/DFGOperations.cpp:
152         * runtime/Executable.h:
153         (JSC::ExecutableBase::generatedJITCodeForCallWithArityCheck):
154         (JSC::ExecutableBase::generatedJITCodeForConstructWithArityCheck):
155         (JSC::ExecutableBase::generatedJITCodeWithArityCheckFor):
156         (JSC::ExecutableBase::hasJITCodeForCall):
157         (JSC::ExecutableBase::hasJITCodeForConstruct):
158         (JSC::ExecutableBase::hasJITCodeFor):
159         * runtime/JSFunction.h:
160         (JSC::JSFunction::scopeUnchecked):
161
162 2011-07-05  Oliver Hunt  <oliver@apple.com>
163
164         Force inlining of simple functions that show up as not being inlined
165         https://bugs.webkit.org/show_bug.cgi?id=63964
166
167         Reviewed by Gavin Barraclough.
168
169         Looking at profile data indicates the gcc is failing to inline a
170         number of trivial functions.  This patch hits the ones that show
171         up in profiles with the ALWAYS_INLINE hammer.
172
173         We also replace the memcpy() call in linking with a manual loop.
174         Apparently memcpy() is almost never faster than an inlined loop.
175
176         * assembler/ARMv7Assembler.h:
177         (JSC::ARMv7Assembler::add):
178         (JSC::ARMv7Assembler::add_S):
179         (JSC::ARMv7Assembler::ARM_and):
180         (JSC::ARMv7Assembler::asr):
181         (JSC::ARMv7Assembler::b):
182         (JSC::ARMv7Assembler::blx):
183         (JSC::ARMv7Assembler::bx):
184         (JSC::ARMv7Assembler::clz):
185         (JSC::ARMv7Assembler::cmn):
186         (JSC::ARMv7Assembler::cmp):
187         (JSC::ARMv7Assembler::eor):
188         (JSC::ARMv7Assembler::it):
189         (JSC::ARMv7Assembler::ldr):
190         (JSC::ARMv7Assembler::ldrCompact):
191         (JSC::ARMv7Assembler::ldrh):
192         (JSC::ARMv7Assembler::ldrb):
193         (JSC::ARMv7Assembler::lsl):
194         (JSC::ARMv7Assembler::lsr):
195         (JSC::ARMv7Assembler::movT3):
196         (JSC::ARMv7Assembler::mov):
197         (JSC::ARMv7Assembler::movt):
198         (JSC::ARMv7Assembler::mvn):
199         (JSC::ARMv7Assembler::neg):
200         (JSC::ARMv7Assembler::orr):
201         (JSC::ARMv7Assembler::orr_S):
202         (JSC::ARMv7Assembler::ror):
203         (JSC::ARMv7Assembler::smull):
204         (JSC::ARMv7Assembler::str):
205         (JSC::ARMv7Assembler::sub):
206         (JSC::ARMv7Assembler::sub_S):
207         (JSC::ARMv7Assembler::tst):
208         (JSC::ARMv7Assembler::linkRecordSourceComparator):
209         (JSC::ARMv7Assembler::link):
210         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Reg3Imm8):
211         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Imm5Reg3Reg3):
212         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp7Reg3Reg3Reg3):
213         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8Imm8):
214         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8RegReg143):
215         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp9Imm7):
216         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp10Reg3Reg3):
217         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4FourFours):
218         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16FourFours):
219         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16Op16):
220         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp5i6Imm4Reg4EncodedImm):
221         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4Reg4Imm12):
222         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp):
223         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp):
224         * assembler/LinkBuffer.h:
225         (JSC::LinkBuffer::linkCode):
226         * assembler/MacroAssemblerARMv7.h:
227         (JSC::MacroAssemblerARMv7::nearCall):
228         (JSC::MacroAssemblerARMv7::call):
229         (JSC::MacroAssemblerARMv7::ret):
230         (JSC::MacroAssemblerARMv7::moveWithPatch):
231         (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
232         (JSC::MacroAssemblerARMv7::storePtrWithPatch):
233         (JSC::MacroAssemblerARMv7::tailRecursiveCall):
234         (JSC::MacroAssemblerARMv7::makeTailRecursiveCall):
235         (JSC::MacroAssemblerARMv7::jump):
236         (JSC::MacroAssemblerARMv7::makeBranch):
237
238 2011-07-05  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
239
240         Make "Add optimised paths for a few maths functions" work on Qt
241         https://bugs.webkit.org/show_bug.cgi?id=63893
242
243         Reviewed by Oliver Hunt.
244
245         Move the generated code to the .text section instead of .data section.
246         Fix alignment for the 32 bit thunk code.
247
248         * jit/ThunkGenerators.cpp:
249
250 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
251
252         DFG JIT does not implement op_call.
253         https://bugs.webkit.org/show_bug.cgi?id=63858
254
255         Reviewed by Gavin Barraclough.
256
257         * bytecode/CodeBlock.cpp:
258         (JSC::CodeBlock::unlinkCalls):
259         * bytecode/CodeBlock.h:
260         (JSC::CodeBlock::setNumberOfCallLinkInfos):
261         (JSC::CodeBlock::numberOfCallLinkInfos):
262         * bytecompiler/BytecodeGenerator.cpp:
263         (JSC::BytecodeGenerator::emitCall):
264         (JSC::BytecodeGenerator::emitConstruct):
265         * dfg/DFGAliasTracker.h:
266         (JSC::DFG::AliasTracker::lookupGetByVal):
267         (JSC::DFG::AliasTracker::recordCall):
268         (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
269         * dfg/DFGByteCodeParser.cpp:
270         (JSC::DFG::ByteCodeParser::ByteCodeParser):
271         (JSC::DFG::ByteCodeParser::getLocal):
272         (JSC::DFG::ByteCodeParser::getArgument):
273         (JSC::DFG::ByteCodeParser::toInt32):
274         (JSC::DFG::ByteCodeParser::addToGraph):
275         (JSC::DFG::ByteCodeParser::addVarArgChild):
276         (JSC::DFG::ByteCodeParser::predictInt32):
277         (JSC::DFG::ByteCodeParser::parseBlock):
278         (JSC::DFG::ByteCodeParser::processPhiStack):
279         (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
280         * dfg/DFGGraph.cpp:
281         (JSC::DFG::Graph::opName):
282         (JSC::DFG::Graph::dump):
283         (JSC::DFG::Graph::refChildren):
284         * dfg/DFGGraph.h:
285         * dfg/DFGJITCodeGenerator.cpp:
286         (JSC::DFG::JITCodeGenerator::useChildren):
287         (JSC::DFG::JITCodeGenerator::emitCall):
288         * dfg/DFGJITCodeGenerator.h:
289         (JSC::DFG::JITCodeGenerator::addressOfCallData):
290         * dfg/DFGJITCompiler.cpp:
291         (JSC::DFG::JITCompiler::compileFunction):
292         * dfg/DFGJITCompiler.h:
293         (JSC::DFG::CallRecord::CallRecord):
294         (JSC::DFG::JITCompiler::notifyCall):
295         (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
296         (JSC::DFG::JITCompiler::addJSCall):
297         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
298         (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
299         * dfg/DFGNode.h:
300         (JSC::DFG::Node::Node):
301         (JSC::DFG::Node::child1):
302         (JSC::DFG::Node::child2):
303         (JSC::DFG::Node::child3):
304         (JSC::DFG::Node::firstChild):
305         (JSC::DFG::Node::numChildren):
306         * dfg/DFGNonSpeculativeJIT.cpp:
307         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
308         (JSC::DFG::NonSpeculativeJIT::compare):
309         (JSC::DFG::NonSpeculativeJIT::compile):
310         * dfg/DFGOperations.cpp:
311         * dfg/DFGOperations.h:
312         * dfg/DFGRepatch.cpp:
313         (JSC::DFG::dfgLinkCall):
314         * dfg/DFGRepatch.h:
315         * dfg/DFGSpeculativeJIT.cpp:
316         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
317         (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
318         (JSC::DFG::SpeculativeJIT::compile):
319         * dfg/DFGSpeculativeJIT.h:
320         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
321         * interpreter/CallFrame.h:
322         (JSC::ExecState::calleeAsValue):
323         * jit/JIT.cpp:
324         (JSC::JIT::JIT):
325         (JSC::JIT::privateCompileMainPass):
326         (JSC::JIT::privateCompileSlowCases):
327         (JSC::JIT::privateCompile):
328         (JSC::JIT::linkCall):
329         (JSC::JIT::linkConstruct):
330         * jit/JITCall.cpp:
331         (JSC::JIT::compileOpCall):
332         * jit/JITCode.h:
333         (JSC::JITCode::JITCode):
334         (JSC::JITCode::jitType):
335         (JSC::JITCode::HostFunction):
336         * runtime/JSFunction.h:
337         * runtime/JSGlobalData.h:
338
339 2011-07-05  Oliver Hunt  <oliver@apple.com>
340
341         Initialize new MarkStack member
342
343         * heap/MarkStack.h:
344         (JSC::MarkStack::MarkStack):
345
346 2011-07-05  Oliver Hunt  <oliver@apple.com>
347
348         Don't throw out compiled code repeatedly
349         https://bugs.webkit.org/show_bug.cgi?id=63960
350
351         Reviewed by Gavin Barraclough.
352
353         Stop throwing away all compiled code every time
354         we're told to do a full GC.  Instead unlink all
355         callsites during such GC passes to maximise the
356         number of collectable functions, but otherwise
357         leave compiled functions alone.
358
359         * API/JSBase.cpp:
360         (JSGarbageCollect):
361         * bytecode/CodeBlock.cpp:
362         (JSC::CodeBlock::visitAggregate):
363         * heap/Heap.cpp:
364         (JSC::Heap::collectAllGarbage):
365         * heap/MarkStack.h:
366         (JSC::MarkStack::shouldUnlinkCalls):
367         (JSC::MarkStack::setShouldUnlinkCalls):
368         * runtime/JSGlobalData.cpp:
369         (JSC::JSGlobalData::recompileAllJSFunctions):
370         (JSC::JSGlobalData::releaseExecutableMemory):
371         * runtime/RegExp.cpp:
372         (JSC::RegExp::compile):
373         (JSC::RegExp::invalidateCode):
374         * runtime/RegExp.h:
375
376 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
377
378         JSC JIT has code duplication for the handling of call and construct
379         https://bugs.webkit.org/show_bug.cgi?id=63957
380
381         Reviewed by Gavin Barraclough.
382
383         * jit/JIT.cpp:
384         (JSC::JIT::linkFor):
385         * jit/JIT.h:
386         * jit/JITStubs.cpp:
387         (JSC::jitCompileFor):
388         (JSC::DEFINE_STUB_FUNCTION):
389         (JSC::arityCheckFor):
390         (JSC::lazyLinkFor):
391         * runtime/Executable.h:
392         (JSC::ExecutableBase::generatedJITCodeFor):
393         (JSC::FunctionExecutable::compileFor):
394         (JSC::FunctionExecutable::isGeneratedFor):
395         (JSC::FunctionExecutable::generatedBytecodeFor):
396         (JSC::FunctionExecutable::generatedJITCodeWithArityCheckFor):
397
398 2011-07-05  Gavin Barraclough  <barraclough@apple.com>
399
400         Build fix following last patch.
401
402         * runtime/JSFunction.cpp:
403         (JSC::createPrototypeProperty):
404
405 2011-07-05  Gavin Barraclough  <barraclough@apple.com>
406
407         https://bugs.webkit.org/show_bug.cgi?id=63947
408         ASSERT running Object.preventExtensions(Math.sin)
409
410         Reviewed by Oliver Hunt.
411
412         This is due to calling scope() on a hostFunction as a part of
413         calling createPrototypeProperty to reify the prototype property.
414         But host functions don't have a prototype property anyway!
415
416         Prevent callling createPrototypeProperty on a host function.
417
418         * runtime/JSFunction.cpp:
419         (JSC::JSFunction::createPrototypeProperty):
420         (JSC::JSFunction::preventExtensions):
421
422 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
423
424         https://bugs.webkit.org/show_bug.cgi?id=63880
425         Evaluation order of conversions of operands to >, >= incorrect.
426
427         Reviewed by Sam Weinig.
428
429         Add 'leftFirst' parameter to jsLess, jsLessEq matching that described in the ES5
430         spec. This allows these methods to be reused to perform >, >= relational compares
431         with correct ordering of type conversions.
432
433         * dfg/DFGOperations.cpp:
434         * interpreter/Interpreter.cpp:
435         (JSC::Interpreter::privateExecute):
436         * jit/JITStubs.cpp:
437         (JSC::DEFINE_STUB_FUNCTION):
438         * runtime/Operations.h:
439         (JSC::jsLess):
440         (JSC::jsLessEq):
441
442 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
443
444         Reviewed by Sam Weinig.
445
446         https://bugs.webkit.org/show_bug.cgi?id=16652
447         Firefox and JavaScriptCore differ in Number.toString(integer)
448
449         Our arbitrary radix (2..36) toString conversion is inaccurate.
450         This is partly because it uses doubles to perform math that requires
451         higher accuracy, and partly becasue it does not attempt to correctly
452         detect where to terminate, instead relying on a simple 'epsilon'.
453
454         * runtime/NumberPrototype.cpp:
455         (JSC::decomposeDouble):
456             - helper function to extract sign, exponent, mantissa from IEEE doubles.
457         (JSC::Uint16WithFraction::Uint16WithFraction):
458             - helper class, u16int with infinite precision fraction, used to convert
459               the fractional part of the number to a string.
460         (JSC::Uint16WithFraction::operator*=):
461             - Multiply by a uint16.
462         (JSC::Uint16WithFraction::operator<):
463             - Compare two Uint16WithFractions.
464         (JSC::Uint16WithFraction::floorAndSubtract):
465             - Extract the integer portion of the number, and subtract it (clears the integer portion).
466         (JSC::Uint16WithFraction::comparePoint5):
467             - Compare to 0.5.
468         (JSC::Uint16WithFraction::sumGreaterThanOne):
469             - Passed a second Uint16WithFraction, returns true if the result of adding
470               the two values would be greater than one.
471         (JSC::Uint16WithFraction::isNormalized):
472             - Used by ASSERTs to consistency check internal representation.
473         (JSC::BigInteger::BigInteger):
474             - helper class, unbounded integer value, used to convert the integer part
475               of the number to a string.
476         (JSC::BigInteger::divide):
477             - Divide this value through by a uint32.
478         (JSC::BigInteger::operator!):
479             - test for zero.
480         (JSC::toStringWithRadix):
481             - Performs number to string conversion, with the given radix (2..36).
482         (JSC::numberProtoFuncToString):
483             - Changed to use toStringWithRadix.
484
485 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
486
487         https://bugs.webkit.org/show_bug.cgi?id=63881
488         Need separate bytecodes for handling >, >= comparisons.
489
490         Reviewed by Oliver Hunt.
491
492         This clears the way to fix Bug#63880. We currently handle greater-than comparisons
493         as being using the corresponding op_less, etc opcodes.  This is incorrect with
494         respect to evaluation ordering of the implicit conversions performed on operands -
495         we should be calling ToPrimitive on the LHS and RHS operands to the greater than,
496         but instead convert RHS then LHS.
497
498         This patch adds opcodes for greater-than comparisons mirroring existing ones used
499         for less-than.
500
501         * bytecode/CodeBlock.cpp:
502         (JSC::CodeBlock::dump):
503         * bytecode/Opcode.h:
504         * bytecompiler/BytecodeGenerator.cpp:
505         (JSC::BytecodeGenerator::emitJumpIfTrue):
506         (JSC::BytecodeGenerator::emitJumpIfFalse):
507         * bytecompiler/NodesCodegen.cpp:
508         * dfg/DFGByteCodeParser.cpp:
509         (JSC::DFG::ByteCodeParser::parseBlock):
510         * dfg/DFGNode.h:
511         * dfg/DFGNonSpeculativeJIT.cpp:
512         (JSC::DFG::NonSpeculativeJIT::compare):
513         (JSC::DFG::NonSpeculativeJIT::compile):
514         * dfg/DFGNonSpeculativeJIT.h:
515         * dfg/DFGOperations.cpp:
516         * dfg/DFGOperations.h:
517         * dfg/DFGSpeculativeJIT.cpp:
518         (JSC::DFG::SpeculativeJIT::compare):
519         (JSC::DFG::SpeculativeJIT::compile):
520         * dfg/DFGSpeculativeJIT.h:
521         * interpreter/Interpreter.cpp:
522         (JSC::Interpreter::privateExecute):
523         * jit/JIT.cpp:
524         (JSC::JIT::privateCompileMainPass):
525         (JSC::JIT::privateCompileSlowCases):
526         * jit/JIT.h:
527         (JSC::JIT::emit_op_loop_if_greater):
528         (JSC::JIT::emitSlow_op_loop_if_greater):
529         (JSC::JIT::emit_op_loop_if_greatereq):
530         (JSC::JIT::emitSlow_op_loop_if_greatereq):
531         * jit/JITArithmetic.cpp:
532         (JSC::JIT::emit_op_jgreater):
533         (JSC::JIT::emit_op_jgreatereq):
534         (JSC::JIT::emit_op_jngreater):
535         (JSC::JIT::emit_op_jngreatereq):
536         (JSC::JIT::emitSlow_op_jgreater):
537         (JSC::JIT::emitSlow_op_jgreatereq):
538         (JSC::JIT::emitSlow_op_jngreater):
539         (JSC::JIT::emitSlow_op_jngreatereq):
540         (JSC::JIT::emit_compareAndJumpSlow):
541         * jit/JITArithmetic32_64.cpp:
542         (JSC::JIT::emitBinaryDoubleOp):
543         * jit/JITStubs.cpp:
544         (JSC::DEFINE_STUB_FUNCTION):
545         * jit/JITStubs.h:
546         * parser/NodeConstructors.h:
547         (JSC::GreaterNode::GreaterNode):
548         (JSC::GreaterEqNode::GreaterEqNode):
549         * parser/Nodes.h:
550
551 2011-07-03  Gavin Barraclough  <barraclough@apple.com>
552
553         https://bugs.webkit.org/show_bug.cgi?id=63879
554         Reduce code duplication for op_jless, op_jlesseq, op_jnless, op_jnlesseq.
555
556         Reviewed by Sam Weinig.
557         
558         There is a lot of copy & paste code here; we can reduce duplication by making
559         a shared implementation.
560
561         * assembler/MacroAssembler.h:
562         (JSC::MacroAssembler::branch32):
563         (JSC::MacroAssembler::commute):
564             - Make these function platform agnostic.
565         * assembler/MacroAssemblerX86Common.h:
566             - Moved branch32/commute up to MacroAssembler.
567         * jit/JIT.h:
568         (JSC::JIT::emit_op_loop_if_lesseq):
569         (JSC::JIT::emitSlow_op_loop_if_lesseq):
570             - Add an implementation matching that for op_loop_if_less, which just calls op_jless.
571         * jit/JITArithmetic.cpp:
572         (JSC::JIT::emit_op_jless):
573         (JSC::JIT::emit_op_jlesseq):
574         (JSC::JIT::emit_op_jnless):
575         (JSC::JIT::emit_op_jnlesseq):
576         (JSC::JIT::emitSlow_op_jless):
577         (JSC::JIT::emitSlow_op_jlesseq):
578         (JSC::JIT::emitSlow_op_jnless):
579         (JSC::JIT::emitSlow_op_jnlesseq):
580             - Common implmentations of these methods for JSVALUE64 & JSVALUE32_64.
581         (JSC::JIT::emit_compareAndJump):
582         (JSC::JIT::emit_compareAndJumpSlow):
583             - Internal implmementation of jless etc for JSVALUE64.
584         * jit/JITArithmetic32_64.cpp:
585         (JSC::JIT::emit_compareAndJump):
586         (JSC::JIT::emit_compareAndJumpSlow):
587             - Internal implmementation of jless etc for JSVALUE32_64.
588         * jit/JITOpcodes.cpp:
589         * jit/JITOpcodes32_64.cpp:
590         * jit/JITStubs.cpp:
591         * jit/JITStubs.h:
592             - Remove old implementation of emit_op_loop_if_lesseq.
593
594 2011-07-03  Sheriff Bot  <webkit.review.bot@gmail.com>
595
596         Unreviewed, rolling out r90347.
597         http://trac.webkit.org/changeset/90347
598         https://bugs.webkit.org/show_bug.cgi?id=63886
599
600         Build breaks on Leopard, Chromium-win, WinCairo, and WinCE.
601         (Requested by tkent on #webkit).
602
603         * JavaScriptCore.xcodeproj/project.pbxproj:
604         * runtime/BigInteger.h: Removed.
605         * runtime/NumberPrototype.cpp:
606         (JSC::numberProtoFuncToPrecision):
607         (JSC::numberProtoFuncToString):
608         * runtime/Uint16WithFraction.h: Removed.
609         * wtf/MathExtras.h:
610
611 2011-06-30  Gavin Barraclough  <barraclough@apple.com>
612
613         Reviewed by Sam Weinig.
614
615         https://bugs.webkit.org/show_bug.cgi?id=16652
616         Firefox and JavaScriptCore differ in Number.toString(integer)
617
618         Our arbitrary radix (2..36) toString conversion is inaccurate.
619         This is partly because it uses doubles to perform math that requires
620         higher accuracy, and partly becasue it does not attempt to correctly
621         detect where to terminate, instead relying on a simple 'epsilon'.
622
623         * runtime/NumberPrototype.cpp:
624         (JSC::decomposeDouble):
625             - helper function to extract sign, exponent, mantissa from IEEE doubles.
626         (JSC::Uint16WithFraction::Uint16WithFraction):
627             - helper class, u16int with infinite precision fraction, used to convert
628               the fractional part of the number to a string.
629         (JSC::Uint16WithFraction::operator*=):
630             - Multiply by a uint16.
631         (JSC::Uint16WithFraction::operator<):
632             - Compare two Uint16WithFractions.
633         (JSC::Uint16WithFraction::floorAndSubtract):
634             - Extract the integer portion of the number, and subtract it (clears the integer portion).
635         (JSC::Uint16WithFraction::comparePoint5):
636             - Compare to 0.5.
637         (JSC::Uint16WithFraction::sumGreaterThanOne):
638             - Passed a second Uint16WithFraction, returns true if the result of adding
639               the two values would be greater than one.
640         (JSC::Uint16WithFraction::isNormalized):
641             - Used by ASSERTs to consistency check internal representation.
642         (JSC::BigInteger::BigInteger):
643             - helper class, unbounded integer value, used to convert the integer part
644               of the number to a string.
645         (JSC::BigInteger::divide):
646             - Divide this value through by a uint32.
647         (JSC::BigInteger::operator!):
648             - test for zero.
649         (JSC::toStringWithRadix):
650             - Performs number to string conversion, with the given radix (2..36).
651         (JSC::numberProtoFuncToString):
652             - Changed to use toStringWithRadix.
653
654 2011-07-02  Gavin Barraclough  <barraclough@apple.com>
655
656         https://bugs.webkit.org/show_bug.cgi?id=63866
657         DFG JIT - implement instanceof
658
659         Reviewed by Sam Weinig.
660
661         Add ops CheckHasInstance & InstanceOf to implement bytecodes
662         op_check_has_instance & op_instanceof. This is an initial
663         functional implementation, performance is a wash. We can
664         follow up with changes to fuse the InstanceOf node with
665         a subsequant branch, as we do with other comparisons.
666
667         * dfg/DFGByteCodeParser.cpp:
668         (JSC::DFG::ByteCodeParser::parseBlock):
669         * dfg/DFGJITCompiler.cpp:
670         (JSC::DFG::JITCompiler::jitAssertIsCell):
671         * dfg/DFGJITCompiler.h:
672         (JSC::DFG::JITCompiler::jitAssertIsCell):
673         * dfg/DFGNode.h:
674         * dfg/DFGNonSpeculativeJIT.cpp:
675         (JSC::DFG::NonSpeculativeJIT::compile):
676         * dfg/DFGOperations.cpp:
677         * dfg/DFGOperations.h:
678         * dfg/DFGSpeculativeJIT.cpp:
679         (JSC::DFG::SpeculativeJIT::compile):
680
681 2011-07-01  Oliver Hunt  <oliver@apple.com>
682
683         IE Web Workers demo crashes in JSC::SlotVisitor::visitChildren()
684         https://bugs.webkit.org/show_bug.cgi?id=63732
685
686         Reviewed by Gavin Barraclough.
687
688         Initialise the memory at the head of the new storage so that
689         GC is safe if triggered by reportExtraMemoryCost.
690
691         * runtime/JSArray.cpp:
692         (JSC::JSArray::increaseVectorPrefixLength):
693
694 2011-07-01  Oliver Hunt  <oliver@apple.com>
695
696         GC sweep can occur before an object is completely initialised
697         https://bugs.webkit.org/show_bug.cgi?id=63836
698
699         Reviewed by Gavin Barraclough.
700
701         In rare cases it's possible for a GC sweep to occur while a
702         live, but not completely initialised object is on the stack.
703         In such a case we may incorrectly choose to mark it, even
704         though it has no children that need marking.
705
706         We resolve this by always zeroing out the structure of any
707         value returned from JSCell::operator new(), and making the
708         markstack tolerant of a null structure. 
709
710         * runtime/JSCell.h:
711         (JSC::JSCell::JSCell::~JSCell):
712         (JSC::JSCell::JSCell::operator new):
713         * runtime/Structure.h:
714         (JSC::MarkStack::internalAppend):
715
716 2011-07-01  Filip Pizlo  <fpizlo@apple.com>
717
718         Reviewed by Gavin Barraclough.
719
720         DFG non-speculative JIT always performs slow C calls for div and mod.
721         https://bugs.webkit.org/show_bug.cgi?id=63684
722
723         * dfg/DFGNonSpeculativeJIT.cpp:
724         (JSC::DFG::NonSpeculativeJIT::compile):
725
726 2011-07-01  Juan C. Montemayor  <jmont@apple.com>
727
728         Reviewed by Oliver Hunt.
729
730         Lexer error messages are currently appalling
731         https://bugs.webkit.org/show_bug.cgi?id=63340
732
733         Added error messages for the Lexer. These messages will be displayed
734         instead of the lexer error messages from the parser that are currently
735         shown.
736
737         * parser/Lexer.cpp:
738         (JSC::Lexer::getInvalidCharMessage):
739         (JSC::Lexer::setCode):
740         (JSC::Lexer::parseString):
741         (JSC::Lexer::lex):
742         (JSC::Lexer::clear):
743         * parser/Lexer.h:
744         (JSC::Lexer::getErrorMessage):
745         (JSC::Lexer::setOffset):
746         * parser/Parser.cpp:
747         (JSC::Parser::parse):
748
749 2011-07-01  Jungshik Shin  <jshin@chromium.org>
750
751         Reviewed by Alexey Proskuryakov.
752
753         Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
754         build files for ports not using ICU.
755         Add icu/unicode/uscript.h for ports using ICU. It's taken from 
756         ICU 3.6 (the version used on Mac OS 10.5)
757
758         http://bugs.webkit.org/show_bug.cgi?id=20797
759
760         * GNUmakefile.list.am:
761         * JavaScriptCore.gypi:
762         * icu/unicode/uscript.h: Added for UScriptCode enum.
763         * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
764         * wtf/unicode/icu/UnicodeIcu.h:
765         * wtf/unicode/brew/UnicodeBrew.h:
766         * wtf/unicode/glib/UnicodeGLib.h:
767         * wtf/unicode/qt4/UnicodeQt4.h:
768         * wtf/unicode/wince/UnicodeWinCE.h:
769
770 2011-07-01  Gavin Barraclough  <barraclough@apple.com>
771
772         Reviewed by Sam Weinig.
773
774         https://bugs.webkit.org/show_bug.cgi?id=63819
775         Escaping of forwardslashes in strings incorrect if multiple exist.
776
777         The bug is in the parameters passed to a substring - should be
778         start & length, but we're passing start & end indices!
779
780         * runtime/RegExpObject.cpp:
781         (JSC::regExpObjectSource):
782
783 2011-07-01  Adam Roben  <aroben@apple.com>
784
785         Roll out r90194
786         http://trac.webkit.org/changeset/90194
787         https://bugs.webkit.org/show_bug.cgi?id=63778
788
789         Fixes <http://webkit.org/b/63812> REGRESSION (r90194): Multiple tests intermittently failing
790         assertions in WriteBarrierBase<JSC::Structure>::get
791
792         * runtime/JSCell.h:
793         (JSC::JSCell::JSCell::~JSCell):
794
795 2011-06-30  Oliver Hunt  <oliver@apple.com>
796
797         Reviewed by Gavin Barraclough.
798
799         Add optimised paths for a few maths functions
800         https://bugs.webkit.org/show_bug.cgi?id=63757
801
802         Relanding as a Mac only patch.
803
804         This adds specialised thunks for Math.abs, Math.round, Math.ceil,
805         Math.floor, Math.log, and Math.exp as they are apparently more
806         important in real web content than we thought, which is somewhat
807         mind-boggling.  On average doubles the performance of the common
808         cases (eg. actually passing numbers in).  They're not as efficient
809         as they could be, but this way gives them the most portability.
810
811         * assembler/MacroAssemblerARM.h:
812         (JSC::MacroAssemblerARM::supportsDoubleBitops):
813         (JSC::MacroAssemblerARM::andnotDouble):
814         * assembler/MacroAssemblerARMv7.h:
815         (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
816         (JSC::MacroAssemblerARMv7::andnotDouble):
817         * assembler/MacroAssemblerMIPS.h:
818         (JSC::MacroAssemblerMIPS::andnotDouble):
819         (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
820         * assembler/MacroAssemblerSH4.h:
821         (JSC::MacroAssemblerSH4::supportsDoubleBitops):
822         (JSC::MacroAssemblerSH4::andnotDouble):
823         * assembler/MacroAssemblerX86.h:
824         (JSC::MacroAssemblerX86::supportsDoubleBitops):
825         * assembler/MacroAssemblerX86Common.h:
826         (JSC::MacroAssemblerX86Common::andnotDouble):
827         * assembler/MacroAssemblerX86_64.h:
828         (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
829         * assembler/X86Assembler.h:
830         (JSC::X86Assembler::andnpd_rr):
831         * create_hash_table:
832         * jit/SpecializedThunkJIT.h:
833         (JSC::SpecializedThunkJIT::finalize):
834         (JSC::SpecializedThunkJIT::callDoubleToDouble):
835         * jit/ThunkGenerators.cpp:
836         (JSC::floorThunkGenerator):
837         (JSC::ceilThunkGenerator):
838         (JSC::roundThunkGenerator):
839         (JSC::expThunkGenerator):
840         (JSC::logThunkGenerator):
841         (JSC::absThunkGenerator):
842         * jit/ThunkGenerators.h:
843
844 2011-07-01  David Kilzer  <ddkilzer@apple.com>
845
846         <http://webkit.org/b/63814> Fix clang build error in JITOpcodes32_64.cpp
847
848         Fixes the following build error in clang:
849
850             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:9-741:35}: error: operator '?:' has lower precedence than '+'; '+' will be evaluated first [-Werror,-Wparentheses,3]
851                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
852                      ~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
853             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36: note: place parentheses around the '+' expression to silence this warning [3]
854                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
855                                                 ^
856                      (                         )
857             fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:9-741:9}:"("
858             fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:35-741:35}:")"
859             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:28-741:94}: note: place parentheses around the '?:' expression to evaluate it first [3]
860                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
861                                         ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
862             1 error generated.
863
864         * jit/JITOpcodes32_64.cpp:
865         (JSC::JIT::emit_op_resolve_global): Add parenthesis to make the
866         tertiary expression evaluate first.
867
868 2011-07-01  Sheriff Bot  <webkit.review.bot@gmail.com>
869
870         Unreviewed, rolling out r90177 and r90179.
871         http://trac.webkit.org/changeset/90177
872         http://trac.webkit.org/changeset/90179
873         https://bugs.webkit.org/show_bug.cgi?id=63790
874
875         It caused crashes on Qt in debug mode (Requested by Ossy on
876         #webkit).
877
878         * assembler/MacroAssemblerARM.h:
879         (JSC::MacroAssemblerARM::rshift32):
880         (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
881         (JSC::MacroAssemblerARM::sqrtDouble):
882         * assembler/MacroAssemblerARMv7.h:
883         (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
884         (JSC::MacroAssemblerARMv7::sqrtDouble):
885         * assembler/MacroAssemblerMIPS.h:
886         (JSC::MacroAssemblerMIPS::sqrtDouble):
887         (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
888         * assembler/MacroAssemblerSH4.h:
889         (JSC::MacroAssemblerSH4::sqrtDouble):
890         * assembler/MacroAssemblerX86.h:
891         * assembler/MacroAssemblerX86Common.h:
892         * assembler/MacroAssemblerX86_64.h:
893         * assembler/X86Assembler.h:
894         * create_hash_table:
895         * jit/JSInterfaceJIT.h:
896         (JSC::JSInterfaceJIT::emitLoadDouble):
897         * jit/SpecializedThunkJIT.h:
898         (JSC::SpecializedThunkJIT::finalize):
899         * jit/ThunkGenerators.cpp:
900         * jit/ThunkGenerators.h:
901
902 2011-06-30  Oliver Hunt  <oliver@apple.com>
903
904         Reviewed by Beth Dakin.
905
906         Make GC validation clear cell structure on destruction
907         https://bugs.webkit.org/show_bug.cgi?id=63778
908
909         * runtime/JSCell.h:
910         (JSC::JSCell::JSCell::~JSCell):
911
912 2011-06-30  Geoffrey Garen  <ggaren@apple.com>
913
914         Reviewed by Gavin Barraclough.
915
916         Added write barrier that was missing from put_by_id_transition
917         https://bugs.webkit.org/show_bug.cgi?id=63775
918
919         * dfg/DFGJITCodeGenerator.cpp:
920         (JSC::DFG::JITCodeGenerator::writeBarrier): Made this static with a
921         MacroAssembler& argument so our patching functions could use it.
922
923         (JSC::DFG::JITCodeGenerator::cachedPutById):
924         * dfg/DFGJITCodeGenerator.h:
925         * dfg/DFGNonSpeculativeJIT.cpp:
926         (JSC::DFG::NonSpeculativeJIT::compile): Updated for signature change.
927
928         * dfg/DFGRepatch.cpp:
929         (JSC::DFG::tryCachePutByID): Missing barrier!
930
931         * dfg/DFGSpeculativeJIT.cpp:
932         (JSC::DFG::SpeculativeJIT::compile): Updated for signature change.
933
934         * jit/JITPropertyAccess.cpp:
935         (JSC::JIT::privateCompilePutByIdTransition):
936         * jit/JITPropertyAccess32_64.cpp:
937         (JSC::JIT::privateCompilePutByIdTransition):
938         * jit/JSInterfaceJIT.h: Same game here. Removed storePtrWithWriteBarrier
939         because its meaning isn't clear -- maybe in the future we'll have a
940         clear way to pass all stores through a common function that guarantees
941         a write barrier, but that's not the case right now.
942
943 2011-06-30  Filip Pizlo  <fpizlo@apple.com>
944
945         Reviewed by Gavin Barraclough.
946
947         DFG non-speculative JIT does not reuse registers when compiling comparisons.
948         https://bugs.webkit.org/show_bug.cgi?id=63565
949
950         * dfg/DFGNonSpeculativeJIT.cpp:
951         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
952         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
953         (JSC::DFG::NonSpeculativeJIT::compare):
954
955 2011-06-30  Geoffrey Garen  <ggaren@apple.com>
956
957         Reviewed by Gavin Barraclough.
958
959         Added empty write barrier stubs in all the right places in the DFG JIT
960         https://bugs.webkit.org/show_bug.cgi?id=63764
961         
962         SunSpider thinks this might be a 0.5% speedup. Meh.
963
964         * dfg/DFGJITCodeGenerator.cpp:
965         (JSC::DFG::JITCodeGenerator::writeBarrier): Le stub.
966
967         (JSC::DFG::JITCodeGenerator::cachedPutById): Don't do anything special
968         for the case where base == scratch, since we now require base and scratch
969         to be not equal, for the sake of the write barrier.
970
971         * dfg/DFGJITCodeGenerator.h: Le stub.
972
973         * dfg/DFGNonSpeculativeJIT.cpp:
974         (JSC::DFG::NonSpeculativeJIT::compile): Don't reuse the base register
975         as the scratch register, since that's incompatible with the write barrier,
976         which needs a distinct base and scratch.
977         
978         Do put the global object into a register before loading its var storage,
979         since it needs to be in a register for the write barrier to operate on it.
980
981         * dfg/DFGSpeculativeJIT.cpp:
982         (JSC::DFG::SpeculativeJIT::compile):
983         * jit/JITPropertyAccess.cpp:
984         (JSC::JIT::emitWriteBarrier): Second verse, same as the first.
985
986         * jit/JITPropertyAccess.cpp:
987         (JSC::JIT::emit_op_get_scoped_var):
988         (JSC::JIT::emit_op_put_scoped_var):
989         (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
990         places.
991
992         (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
993         is a little more than meaningless.
994
995         * jit/JITPropertyAccess32_64.cpp:
996         (JSC::JIT::emit_op_get_scoped_var):
997         (JSC::JIT::emit_op_put_scoped_var):
998         (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
999         places.
1000
1001         (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
1002         is a little more than meaningless.
1003
1004         * runtime/JSVariableObject.h:
1005         (JSC::JSVariableObject::offsetOfRegisters): Now used by the JIT, since
1006         we put the global object in a register and only then load its var storage
1007         by offset.
1008
1009         (JSC::JIT::emitWriteBarrier):
1010
1011 2011-06-30  Oliver Hunt  <oliver@apple.com>
1012
1013         Fix ARMv6 build
1014
1015         * assembler/MacroAssemblerARM.h:
1016         (JSC::MacroAssemblerARM::rshift32):
1017
1018 2011-06-30  Oliver Hunt  <oliver@apple.com>
1019
1020         Reviewed by Gavin Barraclough.
1021
1022         Add optimised paths for a few maths functions
1023         https://bugs.webkit.org/show_bug.cgi?id=63757
1024
1025         This adds specialised thunks for Math.abs, Math.round, Math.ceil,
1026         Math.floor, Math.log, and Math.exp as they are apparently more
1027         important in real web content than we thought, which is somewhat
1028         mind-boggling.  On average doubles the performance of the common
1029         cases (eg. actually passing numbers in).  They're not as efficient
1030         as they could be, but this way gives them the most portability.
1031
1032         * assembler/MacroAssemblerARM.h:
1033         (JSC::MacroAssemblerARM::supportsDoubleBitops):
1034         (JSC::MacroAssemblerARM::andnotDouble):
1035         * assembler/MacroAssemblerARMv7.h:
1036         (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
1037         (JSC::MacroAssemblerARMv7::andnotDouble):
1038         * assembler/MacroAssemblerMIPS.h:
1039         (JSC::MacroAssemblerMIPS::andnotDouble):
1040         (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
1041         * assembler/MacroAssemblerSH4.h:
1042         (JSC::MacroAssemblerSH4::supportsDoubleBitops):
1043         (JSC::MacroAssemblerSH4::andnotDouble):
1044         * assembler/MacroAssemblerX86.h:
1045         (JSC::MacroAssemblerX86::supportsDoubleBitops):
1046         * assembler/MacroAssemblerX86Common.h:
1047         (JSC::MacroAssemblerX86Common::andnotDouble):
1048         * assembler/MacroAssemblerX86_64.h:
1049         (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
1050         * assembler/X86Assembler.h:
1051         (JSC::X86Assembler::andnpd_rr):
1052         * create_hash_table:
1053         * jit/SpecializedThunkJIT.h:
1054         (JSC::SpecializedThunkJIT::finalize):
1055         (JSC::SpecializedThunkJIT::callDoubleToDouble):
1056         * jit/ThunkGenerators.cpp:
1057         (JSC::floorThunkGenerator):
1058         (JSC::ceilThunkGenerator):
1059         (JSC::roundThunkGenerator):
1060         (JSC::expThunkGenerator):
1061         (JSC::logThunkGenerator):
1062         (JSC::absThunkGenerator):
1063         * jit/ThunkGenerators.h:
1064
1065 2011-06-30  Cary Clark  <caryclark@google.com>
1066
1067         Reviewed by James Robinson.
1068
1069         Use Skia if Skia on Mac Chrome is enabled
1070         https://bugs.webkit.org/show_bug.cgi?id=62999
1071
1072         * wtf/Platform.h:
1073         Add switch to use Skia if, externally,
1074         Skia has been enabled by a gyp define.
1075
1076 2011-06-30  Juan C. Montemayor  <jmont@apple.com>
1077
1078         Reviewed by Geoffrey Garen.
1079
1080         Web Inspector fails to display source for eval with syntax error
1081         https://bugs.webkit.org/show_bug.cgi?id=63583
1082
1083         Web Inspector now displays a link to an eval statement that contains
1084         a syntax error.
1085
1086         * parser/Parser.h:
1087         (JSC::isEvalNode):
1088         (JSC::EvalNode):
1089         (JSC::Parser::parse):
1090
1091 2011-06-30  Filip Pizlo  <fpizlo@apple.com>
1092
1093         Reviewed by Gavin Barraclough.
1094
1095         X86Assembler does not encode byte registers in 64-bit mode correctly.
1096         https://bugs.webkit.org/show_bug.cgi?id=63665
1097
1098         * assembler/X86Assembler.h:
1099         (JSC::X86Assembler::testb_rr):
1100         (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
1101
1102 2011-06-30  Sheriff Bot  <webkit.review.bot@gmail.com>
1103
1104         Unreviewed, rolling out r90102.
1105         http://trac.webkit.org/changeset/90102
1106         https://bugs.webkit.org/show_bug.cgi?id=63714
1107
1108         Lots of tests asserting beneath
1109         SVGSMILElement::findInstanceTime (Requested by aroben on
1110         #webkit).
1111
1112         * wtf/StdLibExtras.h:
1113         (WTF::binarySearch):
1114
1115 2011-06-30  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
1116
1117         Reviewed by Nikolas Zimmermann.
1118
1119         Speed up SVGSMILElement::findInstanceTime.
1120         https://bugs.webkit.org/show_bug.cgi?id=61025
1121
1122         Add a new parameter to StdlibExtras.h::binarySerarch function
1123         to also handle cases when the array does not contain the key value.
1124         This is needed for an svg function.
1125
1126         * wtf/StdLibExtras.h:
1127         (WTF::binarySearch):
1128
1129 2011-06-29  Gavin Barraclough  <barraclough@apple.com>
1130
1131         Reviewed by Geoff Garen.
1132
1133         https://bugs.webkit.org/show_bug.cgi?id=63669
1134         DFG JIT - fix spectral-norm regression
1135
1136         The problem is a mis-speculation leading to us falling off the speculative path.
1137         Make the speculation logic slightly smarter, don't predict int if one of the
1138         operands is already loaded as a double (we use this logic already for compares).
1139
1140         * dfg/DFGSpeculativeJIT.cpp:
1141         (JSC::DFG::SpeculativeJIT::compile):
1142         * dfg/DFGSpeculativeJIT.h:
1143         (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
1144
1145 2011-06-29  Filip Pizlo  <fpizlo@apple.com>
1146
1147         Reviewed by Gavin Barraclough.
1148
1149         DFG JIT does not do put_by_id transition caching.
1150         https://bugs.webkit.org/show_bug.cgi?id=63662
1151
1152         * dfg/DFGJITCodeGenerator.cpp:
1153         (JSC::DFG::JITCodeGenerator::cachedPutById):
1154         * dfg/DFGJITCompiler.h:
1155         (JSC::DFG::JITCompiler::addPropertyAccess):
1156         * dfg/DFGRepatch.cpp:
1157         (JSC::DFG::testPrototype):
1158         (JSC::DFG::tryCachePutByID):
1159
1160 2011-06-29  Geoffrey Garen  <ggaren@apple.com>
1161
1162         Reviewed by Oliver Hunt.
1163
1164         Added a dummy write barrier emitting function in all the right places in the old JIT
1165         https://bugs.webkit.org/show_bug.cgi?id=63667
1166         
1167         SunSpider reports no change.
1168
1169         * jit/JIT.h:
1170         * jit/JITPropertyAccess.cpp:
1171         (JSC::JIT::emit_op_put_by_id):
1172         (JSC::JIT::emit_op_put_scoped_var): Do it.
1173
1174         (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
1175         for the sake of the write barrier.
1176
1177         (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
1178
1179         * jit/JITPropertyAccess32_64.cpp:
1180         (JSC::JIT::emit_op_put_by_val):
1181         (JSC::JIT::emit_op_put_by_id):
1182         (JSC::JIT::emit_op_put_scoped_var): Do it.
1183
1184         (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
1185         for the sake of the write barrier.
1186
1187         (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
1188
1189 2011-06-29  Filip Pizlo  <fpizlo@apple.com>
1190
1191         Reviewed by Gavin Barraclough.
1192
1193         DFG JIT does not perform get_by_id self list caching.
1194         https://bugs.webkit.org/show_bug.cgi?id=63605
1195
1196         * bytecode/StructureStubInfo.h:
1197         * dfg/DFGJITCompiler.cpp:
1198         (JSC::DFG::JITCompiler::compileFunction):
1199         * dfg/DFGOperations.cpp:
1200         * dfg/DFGOperations.h:
1201         * dfg/DFGRepatch.cpp:
1202         (JSC::DFG::tryCacheGetByID):
1203         (JSC::DFG::tryBuildGetByIDList):
1204         (JSC::DFG::dfgBuildGetByIDList):
1205         * dfg/DFGRepatch.h:
1206
1207 2011-06-28  Filip Pizlo  <fpizlo@apple.com>
1208
1209         Reviewed by Gavin Barraclough.
1210
1211         DFG JIT lacks array.length caching.
1212         https://bugs.webkit.org/show_bug.cgi?id=63505
1213
1214         * bytecode/StructureStubInfo.h:
1215         * dfg/DFGJITCodeGenerator.cpp:
1216         (JSC::DFG::JITCodeGenerator::cachedGetById):
1217         (JSC::DFG::JITCodeGenerator::cachedPutById):
1218         * dfg/DFGJITCodeGenerator.h:
1219         (JSC::DFG::JITCodeGenerator::tryAllocate):
1220         (JSC::DFG::JITCodeGenerator::selectScratchGPR):
1221         (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
1222         * dfg/DFGJITCompiler.cpp:
1223         (JSC::DFG::JITCompiler::compileFunction):
1224         * dfg/DFGJITCompiler.h:
1225         (JSC::DFG::JITCompiler::addPropertyAccess):
1226         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
1227         * dfg/DFGRegisterBank.h:
1228         (JSC::DFG::RegisterBank::tryAllocate):
1229         * dfg/DFGRepatch.cpp:
1230         (JSC::DFG::tryCacheGetByID):
1231
1232 2011-06-28  Pierre Rossi  <pierre.rossi@gmail.com>
1233
1234         Reviewed by Eric Seidel.
1235
1236         Warnings in JSC's JIT on 32 bit
1237         https://bugs.webkit.org/show_bug.cgi?id=63259
1238
1239         Fairly straightforward, just use ASSERT_JIT_OFFSET_UNUSED when it applies.
1240
1241         * jit/JITPropertyAccess32_64.cpp:
1242         (JSC::JIT::emit_op_method_check):
1243         (JSC::JIT::compileGetByIdHotPath):
1244         (JSC::JIT::emit_op_put_by_id):
1245
1246 2011-06-28  Sheriff Bot  <webkit.review.bot@gmail.com>
1247
1248         Unreviewed, rolling out r89968.
1249         http://trac.webkit.org/changeset/89968
1250         https://bugs.webkit.org/show_bug.cgi?id=63581
1251
1252         Broke chromium windows compile (Requested by jamesr on
1253         #webkit).
1254
1255         * wtf/Platform.h:
1256
1257 2011-06-28  Oliver Hunt  <oliver@apple.com>
1258
1259         Reviewed by Gavin Barraclough.
1260
1261         Fix sampling build
1262         https://bugs.webkit.org/show_bug.cgi?id=63579
1263
1264         Gets opcode sampling building again, doesn't seem to work alas
1265
1266         * bytecode/SamplingTool.cpp:
1267         (JSC::SamplingTool::notifyOfScope):
1268         * bytecode/SamplingTool.h:
1269         (JSC::SamplingTool::SamplingTool):
1270         * interpreter/Interpreter.cpp:
1271         (JSC::Interpreter::enableSampler):
1272         * runtime/Executable.h:
1273         (JSC::ScriptExecutable::ScriptExecutable):
1274
1275 2011-06-28  Cary Clark  <caryclark@google.com>
1276
1277         Reviewed by James Robinson.
1278
1279         Use Skia if Skia on Mac Chrome is enabled
1280         https://bugs.webkit.org/show_bug.cgi?id=62999
1281
1282         * wtf/Platform.h:
1283         Add switch to use Skia if, externally,
1284         Skia has been enabled by a gyp define.
1285
1286 2011-06-28  Oliver Hunt  <oliver@apple.com>
1287
1288         Reviewed by Gavin Barraclough.
1289
1290         ASSERT when launching debug builds with interpreter and jit enabled
1291         https://bugs.webkit.org/show_bug.cgi?id=63566
1292
1293         Add appropriate guards to the various Executable's memory reporting
1294         logic.
1295
1296         * runtime/Executable.cpp:
1297         (JSC::EvalExecutable::compileInternal):
1298         (JSC::ProgramExecutable::compileInternal):
1299         (JSC::FunctionExecutable::compileForCallInternal):
1300         (JSC::FunctionExecutable::compileForConstructInternal):
1301
1302 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1303
1304         Reviewed by Oliver Hunt.
1305
1306         https://bugs.webkit.org/show_bug.cgi?id=63563
1307         DFG JIT - add support for double arith to speculative path
1308
1309         Add integer support for div & mod, add double support for div, mod,
1310         add, sub & mul, dynamically selecting based on operand types.
1311
1312         * dfg/DFGJITCodeGenerator.cpp:
1313         (JSC::DFG::FPRTemporary::FPRTemporary):
1314         * dfg/DFGJITCodeGenerator.h:
1315         * dfg/DFGJITCompiler.h:
1316         (JSC::DFG::JITCompiler::assembler):
1317         * dfg/DFGSpeculativeJIT.cpp:
1318         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1319         (JSC::DFG::SpeculativeJIT::compile):
1320         * dfg/DFGSpeculativeJIT.h:
1321         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
1322         (JSC::DFG::SpeculateDoubleOperand::~SpeculateDoubleOperand):
1323         (JSC::DFG::SpeculateDoubleOperand::index):
1324         (JSC::DFG::SpeculateDoubleOperand::fpr):
1325
1326 2011-06-28  Oliver Hunt  <oliver@apple.com>
1327
1328         Fix interpreter build.
1329
1330         * interpreter/Interpreter.cpp:
1331         (JSC::Interpreter::privateExecute):
1332
1333 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1334
1335         Reviewed by Oliver Hunt.
1336
1337         https://bugs.webkit.org/show_bug.cgi?id=63561
1338         DFG JIT - don't always assume integer in relational compare
1339
1340         If neither operand is known integer, or either is in double representation,
1341         then at least use a function call (don't bail off the speculative path).
1342
1343         * dfg/DFGSpeculativeJIT.cpp:
1344         (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
1345         (JSC::DFG::SpeculativeJIT::compile):
1346         * dfg/DFGSpeculativeJIT.h:
1347         (JSC::DFG::SpeculativeJIT::isDataFormatDouble):
1348         (JSC::DFG::SpeculativeJIT::compareIsInteger):
1349
1350 2011-06-28  Oliver Hunt  <oliver@apple.com>
1351
1352         Reviewed by Gavin Barraclough.
1353
1354         Make constant array optimisation less strict about what constitutes a constant
1355         https://bugs.webkit.org/show_bug.cgi?id=63554
1356
1357         Now allow string constants in array literals to actually be considered constant,
1358         and so avoid codegen in array literals with strings in them.
1359
1360         * bytecode/CodeBlock.h:
1361         (JSC::CodeBlock::addConstantBuffer):
1362         (JSC::CodeBlock::constantBuffer):
1363         * bytecompiler/BytecodeGenerator.cpp:
1364         (JSC::BytecodeGenerator::addConstantBuffer):
1365         (JSC::BytecodeGenerator::addStringConstant):
1366         (JSC::BytecodeGenerator::emitNewArray):
1367         * bytecompiler/BytecodeGenerator.h:
1368         * interpreter/Interpreter.cpp:
1369         (JSC::Interpreter::privateExecute):
1370         * jit/JITStubs.cpp:
1371         (JSC::DEFINE_STUB_FUNCTION):
1372
1373 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1374
1375         Reviewed by Oliver Hunt.
1376
1377         https://bugs.webkit.org/show_bug.cgi?id=63560
1378         DFG_JIT allow allocation of specific machine registers
1379
1380         This allow us to allocate the registers necessary to perform x86
1381         idiv instructions for div/mod, and may be useful for shifts, too.
1382
1383         * dfg/DFGJITCodeGenerator.cpp:
1384         (JSC::DFG::GPRTemporary::GPRTemporary):
1385         * dfg/DFGJITCodeGenerator.h:
1386         (JSC::DFG::JITCodeGenerator::allocate):
1387         (JSC::DFG::GPRResult::GPRResult):
1388         * dfg/DFGRegisterBank.h:
1389         (JSC::DFG::RegisterBank::allocateSpecific):
1390         * dfg/DFGSpeculativeJIT.h:
1391         (JSC::DFG::SpeculativeJIT::isInteger):
1392
1393 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1394
1395         Reviewed by Oliver Hunt.
1396
1397         https://bugs.webkit.org/show_bug.cgi?id=55040
1398         RegExp constructor returns the argument regexp instead of a new object
1399
1400         Per 15.10.3.1, our current behaviour is correct if called as a function,
1401         but incorrect when called as a constructor.
1402
1403         * runtime/RegExpConstructor.cpp:
1404         (JSC::constructRegExp):
1405         (JSC::constructWithRegExpConstructor):
1406         * runtime/RegExpConstructor.h:
1407
1408 2011-06-28  Luke Macpherson   <macpherson@chromium.org>
1409
1410         Reviewed by Darin Adler.
1411
1412         Clean up integer clamping functions in MathExtras.h and support arbitrary numeric types and limits.
1413         https://bugs.webkit.org/show_bug.cgi?id=63469
1414
1415         * wtf/MathExtras.h:
1416         (defaultMinimumForClamp):
1417         Version of std::numeric_limits::min() that returns the largest negative value for floating point types.
1418         (defaultMaximumForClamp):
1419         Symmetric alias for std::numeric_limits::max()
1420         (clampTo):
1421         New templated clamping function that supports arbitrary output types.
1422         (clampToInteger):
1423         Use new clampTo template.
1424         (clampToFloat):
1425         Use new clampTo template.
1426         (clampToPositiveInteger):
1427         Use new clampTo template.
1428
1429 2011-06-28  Adam Roben  <aroben@apple.com>
1430
1431         Windows Debug build fix after r89885
1432
1433         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported
1434         JSGlobalData::releaseExecutableMemory for jsc.exe's benefit.
1435
1436 2011-06-28  Shinya Kawanaka  <shinyak@google.com>
1437
1438         Reviewed by Kent Tamura.
1439
1440         Add const to show() method in WTFString and AtomicString.
1441         https://bugs.webkit.org/show_bug.cgi?id=63515
1442
1443         The lack of const in show() method is painful when
1444         doing something like printf-debug.
1445
1446         * wtf/text/AtomicString.cpp:
1447         (WTF::AtomicString::show):
1448         * wtf/text/AtomicString.h:
1449         * wtf/text/WTFString.cpp:
1450         (String::show):
1451         * wtf/text/WTFString.h:
1452
1453 2011-06-27  Ryosuke Niwa  <rniwa@webkit.org>
1454
1455         Build fix attempt after r89885.
1456
1457         * JavaScriptCore.exp:
1458         * jsc.cpp:
1459
1460 2011-06-27  Oliver Hunt  <oliver@apple.com>
1461
1462         Reviewed by Geoffrey Garen.
1463
1464         Support throwing away non-running code even while other code is running
1465         https://bugs.webkit.org/show_bug.cgi?id=63485
1466
1467         Add a function to CodeBlock to support unlinking direct linked callsites,
1468         and then with that in place add logic to discard code from any function
1469         that is not currently on the stack.
1470
1471         The unlinking completely reverts any optimized call sites, such that they
1472         may be relinked again in future.
1473
1474         * JavaScriptCore.exp:
1475         * bytecode/CodeBlock.cpp:
1476         (JSC::CodeBlock::unlinkCalls):
1477         (JSC::CodeBlock::clearEvalCache):
1478         * bytecode/CodeBlock.h:
1479         (JSC::CallLinkInfo::CallLinkInfo):
1480         (JSC::CallLinkInfo::unlink):
1481         * bytecode/EvalCodeCache.h:
1482         (JSC::EvalCodeCache::clear):
1483         * heap/Heap.cpp:
1484         (JSC::Heap::getConservativeRegisterRoots):
1485         * heap/Heap.h:
1486         * jit/JIT.cpp:
1487         (JSC::JIT::privateCompile):
1488         * jit/JIT.h:
1489         * jit/JITCall.cpp:
1490         (JSC::JIT::compileOpCall):
1491         * jit/JITWriteBarrier.h:
1492         (JSC::JITWriteBarrierBase::clear):
1493         * jsc.cpp:
1494         (GlobalObject::GlobalObject):
1495         (functionReleaseExecutableMemory):
1496         * runtime/Executable.cpp:
1497         (JSC::EvalExecutable::unlinkCalls):
1498         (JSC::ProgramExecutable::unlinkCalls):
1499         (JSC::FunctionExecutable::discardCode):
1500         (JSC::FunctionExecutable::unlinkCalls):
1501         * runtime/Executable.h:
1502         * runtime/JSGlobalData.cpp:
1503         (JSC::SafeRecompiler::returnValue):
1504         (JSC::SafeRecompiler::operator()):
1505         (JSC::JSGlobalData::releaseExecutableMemory):
1506
1507 2011-06-27  Gavin Barraclough  <barraclough@apple.com>
1508
1509         Reviewed by Darin Adler & Oliver Hunt.
1510
1511         https://bugs.webkit.org/show_bug.cgi?id=50554
1512         RegExp.prototype.toString does not escape slashes
1513
1514         The problem here is that we don't escape forwards slashes when converting
1515         a RegExp to a string. This means that RegExp("/").toString() is "///",
1516         which is not a valid RegExp literal. Also, we return an invalid literal
1517         for RegExp.prototype.toString() ("//", which is an empty single-line comment).
1518
1519         From ES5:
1520         "NOTE: The returned String has the form of a RegularExpressionLiteral that
1521         evaluates to another RegExp object with the same behaviour as this object."
1522
1523         * runtime/RegExpObject.cpp:
1524         (JSC::regExpObjectSource):
1525             - Escape forward slashes when getting the source of a RegExp.
1526         * runtime/RegExpPrototype.cpp:
1527         (JSC::regExpProtoFuncToString):
1528             - Remove unnecessary and erroneous hack to return "//" as the string
1529             representation of RegExp.prototype. This is not a valid RegExp literal
1530             (it is an empty single-line comment).
1531
1532 2011-06-27  Gavin Barraclough  <barraclough@apple.com>
1533
1534         Reviewed by Oliver Hunt.
1535
1536         https://bugs.webkit.org/show_bug.cgi?id=63497
1537         Add DEBUG_WITH_BREAKPOINT support to the DFG JIT.
1538
1539         * dfg/DFGByteCodeParser.cpp:
1540         (JSC::DFG::ByteCodeParser::parseBlock):
1541         * dfg/DFGNode.h:
1542         * dfg/DFGNonSpeculativeJIT.cpp:
1543         (JSC::DFG::NonSpeculativeJIT::compile):
1544         * dfg/DFGSpeculativeJIT.cpp:
1545         (JSC::DFG::SpeculativeJIT::compile):
1546
1547 2011-06-27  Juan C. Montemayor  <jmont@apple.com>
1548
1549         Reviewed by Mark Rowe.
1550
1551         Indirectly including TextPosition.h and XPathGrammar.h causes compile errors
1552         https://bugs.webkit.org/show_bug.cgi?id=63392
1553         
1554         When both TextPosition.h and XPathGrammar.h are included a compile-error
1555         is caused, since XPathGrammar.h defines a macro called NUMBER and 
1556         TextPosition has a typedef named NUMBER.
1557
1558         * wtf/text/TextPosition.h:
1559         (WTF::TextPosition::TextPosition):
1560         (WTF::TextPosition::minimumPosition):
1561         (WTF::TextPosition::belowRangePosition):
1562
1563 2011-06-27  Filip Pizlo  <fpizlo@apple.com>
1564
1565         Reviewed by Gavin Barraclough.
1566
1567         DFG JIT does not perform put_by_id caching.
1568         https://bugs.webkit.org/show_bug.cgi?id=63409
1569
1570         * bytecode/StructureStubInfo.h:
1571         * dfg/DFGJITCodeGenerator.cpp:
1572         (JSC::DFG::JITCodeGenerator::cachedPutById):
1573         * dfg/DFGJITCodeGenerator.h:
1574         * dfg/DFGJITCompiler.cpp:
1575         (JSC::DFG::JITCompiler::compileFunction):
1576         * dfg/DFGJITCompiler.h:
1577         (JSC::DFG::JITCompiler::addPropertyAccess):
1578         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
1579         * dfg/DFGNonSpeculativeJIT.cpp:
1580         (JSC::DFG::NonSpeculativeJIT::compile):
1581         * dfg/DFGOperations.cpp:
1582         * dfg/DFGOperations.h:
1583         * dfg/DFGRepatch.cpp:
1584         (JSC::DFG::dfgRepatchByIdSelfAccess):
1585         (JSC::DFG::tryCacheGetByID):
1586         (JSC::DFG::appropriatePutByIdFunction):
1587         (JSC::DFG::tryCachePutByID):
1588         (JSC::DFG::dfgRepatchPutByID):
1589         * dfg/DFGRepatch.h:
1590         * dfg/DFGSpeculativeJIT.cpp:
1591         (JSC::DFG::SpeculativeJIT::compile):
1592
1593 2011-06-27  Gustavo Noronha Silva  <gns@gnome.org>
1594
1595         Unreviewed build fix. One more filed missing during distcheck, for
1596         the MIPS build.
1597
1598         * GNUmakefile.list.am:
1599
1600 2011-06-26  Filip Pizlo  <fpizlo@apple.com>
1601
1602         Reviewed by Gavin Barraclough.
1603
1604         DFG non-speculative JIT has potentially harmful speculations with respect to arithmetic operations.
1605         https://bugs.webkit.org/show_bug.cgi?id=63347
1606
1607         * dfg/DFGNonSpeculativeJIT.cpp:
1608             - Changed arithmetic operations to speculate in favor of integers.
1609         (JSC::DFG::NonSpeculativeJIT::valueToNumber):
1610         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1611         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1612         (JSC::DFG::NonSpeculativeJIT::compile):
1613         * dfg/DFGNonSpeculativeJIT.h:
1614         * dfg/DFGOperations.cpp:
1615             - Added slow-path routines for arithmetic that perform no speculation; the
1616               non-speculative JIT will generate calls to these in cases where its
1617               speculation fails.
1618         * dfg/DFGOperations.h:
1619
1620 2011-06-24  Nikolas Zimmermann  <nzimmermann@rim.com>
1621
1622         Reviewed by Rob Buis.
1623
1624         Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
1625         https://bugs.webkit.org/show_bug.cgi?id=59085
1626
1627         * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
1628
1629 2011-06-24  Michael Saboff  <msaboff@apple.com>
1630
1631         Reviewed by Gavin Barraclough.
1632
1633         Arm Assembler, Immediate stack offset values truncated to 8 bits for add & sub
1634         https://bugs.webkit.org/show_bug.cgi?id=63345
1635
1636         The methods ARMThumbImmediate::getUInt9 and ARMThumbImmediate::getUInt10
1637         return 9 and 10 bit quantities, therefore changed their return type from
1638         uint8_t to uint16_t.  Also casted the places where they are used as they
1639         are currently shifted and used as 7 or 8 bit values.
1640
1641         These methods are currently used for literals for stack offsets, 
1642         including creating and destroying stack frames.  The prior truncation of
1643         the upper bits caused stack frames to be too small, thus allowing a
1644         JIT'ed function to access and overwrite stack space outside of the
1645         incorrectly sized stack frame.
1646
1647         * assembler/ARMv7Assembler.h:
1648         (JSC::ARMThumbImmediate::getUInt9):
1649         (JSC::ARMThumbImmediate::getUInt10):
1650         (JSC::ARMv7Assembler::add):
1651         (JSC::ARMv7Assembler::ldr):
1652         (JSC::ARMv7Assembler::str):
1653         (JSC::ARMv7Assembler::sub):
1654         (JSC::ARMv7Assembler::sub_S):
1655
1656 2011-06-24  Michael Saboff  <msaboff@apple.com>
1657
1658         Reviewed by Geoffrey Garen.
1659
1660         releaseFastMallocFreeMemory doesn't adjust free counts for scavenger
1661         https://bugs.webkit.org/show_bug.cgi?id=63015
1662
1663         Added code to adjust class TCMalloc_PageHeap variables free_committed_pages_ and
1664         min_free_committed_pages_since_last_scavenge_ in ReleaseFreeList().  These 
1665         adjustments are a bug.  These need to reflect the pages that are released
1666         in ReleaseFreeLsit so that scavenge doesn't try to free that many pages as well.
1667         Made ReleaseFreeList a member of TCMalloc_PageHeap in the process.  Updated
1668         Check() and helper method CheckList() to check the number of actual free pages
1669         with free_committed_pages_.
1670
1671         The symptom of the problem of the existing code is that the scavenger may
1672         run unneccesarily without any real work to do, i.e. pages on the free lists.
1673         The scanvenger would also end up freeing too many pages, that is going below 
1674         the current 528 target free pages.
1675
1676         Note that the style of the changes was kept consistent with the
1677         existing style.
1678
1679         * wtf/FastMalloc.cpp:
1680         (WTF::TCMalloc_PageHeap::Check):
1681         (WTF::TCMalloc_PageHeap::CheckList):
1682         (WTF::TCMalloc_PageHeap::ReleaseFreeList):
1683
1684 2011-06-24  Abhishek Arya  <inferno@chromium.org>
1685
1686         Reviewed by Darin Adler.
1687
1688         Match other clampTo* functions in style with clampToInteger(float)
1689         function.
1690         https://bugs.webkit.org/show_bug.cgi?id=53449
1691
1692         * wtf/MathExtras.h:
1693         (clampToInteger):
1694         (clampToFloat):
1695         (clampToPositiveInteger):
1696
1697 2011-06-24  Sheriff Bot  <webkit.review.bot@gmail.com>
1698
1699         Unreviewed, rolling out r89594.
1700         http://trac.webkit.org/changeset/89594
1701         https://bugs.webkit.org/show_bug.cgi?id=63316
1702
1703         It broke 5 tests on the Qt bot (Requested by Ossy_DC on
1704         #webkit).
1705
1706         * GNUmakefile.list.am:
1707         * JavaScriptCore.gypi:
1708         * icu/unicode/uscript.h: Removed.
1709         * wtf/unicode/ScriptCodesFromICU.h: Removed.
1710         * wtf/unicode/brew/UnicodeBrew.h:
1711         * wtf/unicode/glib/UnicodeGLib.h:
1712         * wtf/unicode/icu/UnicodeIcu.h:
1713         * wtf/unicode/qt4/UnicodeQt4.h:
1714         * wtf/unicode/wince/UnicodeWinCE.h:
1715
1716 2011-06-23  Filip Pizlo  <fpizlo@apple.com>
1717
1718         Reviewed by Gavin Barraclough.
1719
1720         DFG non-speculative JIT should have obvious optimizations for GetById and GetByVal
1721         https://bugs.webkit.org/show_bug.cgi?id=63173
1722
1723         * dfg/DFGJITCodeGenerator.cpp:
1724         (JSC::DFG::JITCodeGenerator::cachedGetById):
1725         * dfg/DFGJITCodeGenerator.h:
1726         * dfg/DFGNonSpeculativeJIT.cpp:
1727         (JSC::DFG::NonSpeculativeJIT::compile):
1728         * dfg/DFGSpeculativeJIT.cpp:
1729         (JSC::DFG::SpeculativeJIT::compile):
1730
1731 2011-06-23  Oliver Hunt  <oliver@apple.com>
1732
1733         Fix Qt again.
1734
1735         * assembler/ARMAssembler.h:
1736         (JSC::ARMAssembler::readPointer):
1737
1738 2011-06-23  Oliver Hunt  <oliver@apple.com>
1739
1740         Fix Qt Build
1741
1742         * assembler/ARMAssembler.h:
1743         (JSC::ARMAssembler::readPointer):
1744
1745 2011-06-23  Stephanie Lewis  <slewis@apple.com>
1746
1747         Reviewed by Darin Adler.
1748
1749         https://bugs.webkit.org/show_bug.cgi?id=63298
1750         Replace Malloc with FastMalloc to match the rest of wtf.
1751
1752         * wtf/BlockStack.h:
1753         (WTF::::~BlockStack):
1754         (WTF::::grow):
1755         (WTF::::shrink):
1756
1757 2011-06-23  Oliver Hunt  <oliver@apple.com>
1758
1759         Reviewed by Gavin Barraclough.
1760
1761         Add the ability to dynamically modify linked call sites
1762         https://bugs.webkit.org/show_bug.cgi?id=63291
1763
1764         Add JITWriteBarrier as a writebarrier class that allows
1765         reading and writing directly into the code stream.
1766
1767         This required adding logic to all the assemblers to allow
1768         us to read values back out of the instruction stream.
1769
1770         * JavaScriptCore.xcodeproj/project.pbxproj:
1771         * assembler/ARMAssembler.h:
1772         (JSC::ARMAssembler::readPointer):
1773         * assembler/ARMv7Assembler.h:
1774         (JSC::ARMv7Assembler::readPointer):
1775         (JSC::ARMv7Assembler::readInt32):
1776         (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmFirst):
1777         (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmSecond):
1778         * assembler/AbstractMacroAssembler.h:
1779         (JSC::AbstractMacroAssembler::readPointer):
1780         * assembler/MIPSAssembler.h:
1781         (JSC::MIPSAssembler::readInt32):
1782         (JSC::MIPSAssembler::readPointer):
1783         * assembler/MacroAssemblerCodeRef.h:
1784         (JSC::MacroAssemblerCodePtr::operator!):
1785         * assembler/SH4Assembler.h:
1786         (JSC::SH4Assembler::readPCrelativeAddress):
1787         (JSC::SH4Assembler::readPointer):
1788         (JSC::SH4Assembler::readInt32):
1789         * assembler/X86Assembler.h:
1790         (JSC::X86Assembler::readPointer):
1791         * bytecode/CodeBlock.cpp:
1792         (JSC::CodeBlock::visitAggregate):
1793         * bytecode/CodeBlock.h:
1794         (JSC::MethodCallLinkInfo::seenOnce):
1795         (JSC::MethodCallLinkInfo::setSeen):
1796         * heap/MarkStack.h:
1797         * jit/JIT.cpp:
1798         (JSC::JIT::privateCompile):
1799         (JSC::JIT::linkCall):
1800         (JSC::JIT::linkConstruct):
1801         * jit/JITPropertyAccess.cpp:
1802         (JSC::JIT::patchMethodCallProto):
1803         * jit/JITPropertyAccess32_64.cpp:
1804         * jit/JITWriteBarrier.h: Added.
1805         (JSC::JITWriteBarrierBase::operator UnspecifiedBoolType*):
1806         (JSC::JITWriteBarrierBase::operator!):
1807         (JSC::JITWriteBarrierBase::setFlagOnBarrier):
1808         (JSC::JITWriteBarrierBase::isFlagged):
1809         (JSC::JITWriteBarrierBase::setLocation):
1810         (JSC::JITWriteBarrierBase::location):
1811         (JSC::JITWriteBarrierBase::JITWriteBarrierBase):
1812         (JSC::JITWriteBarrierBase::set):
1813         (JSC::JITWriteBarrierBase::get):
1814         (JSC::JITWriteBarrier::JITWriteBarrier):
1815         (JSC::JITWriteBarrier::set):
1816         (JSC::JITWriteBarrier::get):
1817         (JSC::MarkStack::append):
1818
1819 2011-06-23  Gavin Barraclough  <barraclough@apple.com>
1820
1821         Reviewed by Oliver Hunt.
1822
1823         https://bugs.webkit.org/show_bug.cgi?id=61585
1824         Crash running regexp /(?:(?=g))|(?:m).{2147483648,}/
1825
1826         This is due to use of int instead of unsigned, bad math around
1827         the 2^31 boundary.
1828
1829         * yarr/YarrInterpreter.cpp:
1830         (JSC::Yarr::ByteCompiler::emitDisjunction):
1831             - Change some uses of int to unsigned, refactor compare logic to
1832               restrict to the range 0..2^32-1 (rather than -2^32-1..2^32-1).
1833         * yarr/YarrJIT.cpp:
1834         (JSC::Yarr::YarrGenerator::generate):
1835         (JSC::Yarr::YarrGenerator::backtrack):
1836             - Ditto.
1837
1838 2011-06-22  Gavin Barraclough  <barraclough@apple.com>
1839
1840         Reviewed by Sam Weinig.
1841
1842         https://bugs.webkit.org/show_bug.cgi?id=63218
1843         DFG JIT - remove machine type guarantees from graph
1844
1845         The DFG JIT currently makes assumptions about the types of machine registers
1846         that certain nodes will be loaded into. This will be broken as we generate
1847         nodes to produce both integer and double code paths. Remove int<->double
1848         conversions nodes. This design decision also gave rise to multiple types of
1849         constant nodes, requiring separate handling for each type. Merge these back
1850         into JSConstant.
1851
1852         * dfg/DFGAliasTracker.h:
1853         (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
1854         * dfg/DFGByteCodeParser.cpp:
1855         (JSC::DFG::ByteCodeParser::getToInt32):
1856         (JSC::DFG::ByteCodeParser::getToNumber):
1857         (JSC::DFG::ByteCodeParser::toInt32):
1858         (JSC::DFG::ByteCodeParser::toNumber):
1859         (JSC::DFG::ByteCodeParser::isInt32Constant):
1860         (JSC::DFG::ByteCodeParser::isDoubleConstant):
1861         (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
1862         (JSC::DFG::ByteCodeParser::valueOfDoubleConstant):
1863         (JSC::DFG::ByteCodeParser::one):
1864         (JSC::DFG::ByteCodeParser::predictInt32):
1865         * dfg/DFGGraph.cpp:
1866         (JSC::DFG::Graph::dump):
1867         * dfg/DFGJITCodeGenerator.h:
1868         (JSC::DFG::JITCodeGenerator::silentFillGPR):
1869         (JSC::DFG::JITCodeGenerator::silentFillFPR):
1870         (JSC::DFG::JITCodeGenerator::isJSConstant):
1871         (JSC::DFG::JITCodeGenerator::isDoubleConstant):
1872         (JSC::DFG::JITCodeGenerator::valueOfJSConstantAsImmPtr):
1873         * dfg/DFGJITCompiler.cpp:
1874         (JSC::DFG::JITCompiler::fillNumericToDouble):
1875         (JSC::DFG::JITCompiler::fillInt32ToInteger):
1876         * dfg/DFGJITCompiler.h:
1877         (JSC::DFG::JITCompiler::isJSConstant):
1878         (JSC::DFG::JITCompiler::isInt32Constant):
1879         (JSC::DFG::JITCompiler::isDoubleConstant):
1880         (JSC::DFG::JITCompiler::valueOfJSConstant):
1881         (JSC::DFG::JITCompiler::valueOfInt32Constant):
1882         (JSC::DFG::JITCompiler::valueOfDoubleConstant):
1883         * dfg/DFGNode.h:
1884         (JSC::DFG::Node::Node):
1885         (JSC::DFG::Node::isConstant):
1886         (JSC::DFG::Node::notTakenBytecodeOffset):
1887         * dfg/DFGNonSpeculativeJIT.cpp:
1888         (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
1889         (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
1890         (JSC::DFG::NonSpeculativeJIT::compile):
1891         * dfg/DFGSpeculativeJIT.cpp:
1892         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1893         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1894         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
1895         (JSC::DFG::SpeculativeJIT::compile):
1896
1897 2011-06-23  Jungshik Shin  <jshin@chromium.org>
1898
1899         Reviewed by Alexey Proskuryakov.
1900
1901         Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
1902         build files for ports not using ICU.
1903         Add icu/unicode/uscript.h for ports using ICU. It's taken from 
1904         ICU 3.6 (the version used on Mac OS 10.5)
1905
1906         http://bugs.webkit.org/show_bug.cgi?id=20797
1907
1908         * GNUmakefile.list.am:
1909         * JavaScriptCore.gypi:
1910         * icu/unicode/uscript.h: Added for UScriptCode enum.
1911         * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
1912         * wtf/unicode/icu/UnicodeIcu.h:
1913         * wtf/unicode/brew/UnicodeBrew.h:
1914         * wtf/unicode/glib/UnicodeGLib.h:
1915         * wtf/unicode/qt4/UnicodeQt4.h:
1916         * wtf/unicode/wince/UnicodeWinCE.h:
1917
1918 2011-06-23  Ryuan Choi  <ryuan.choi@samsung.com>
1919
1920         Reviewed by Andreas Kling.
1921
1922         [EFL][WK2] Add PLATFORM(EFL) to use UNIX_DOMAIN_SOCKETS.
1923         https://bugs.webkit.org/show_bug.cgi?id=63228
1924
1925         * wtf/Platform.h: Add PLATFORM(EFL) guard.
1926
1927 2011-06-23  Sheriff Bot  <webkit.review.bot@gmail.com>
1928
1929         Unreviewed, rolling out r89547.
1930         http://trac.webkit.org/changeset/89547
1931         https://bugs.webkit.org/show_bug.cgi?id=63252
1932
1933         "Chrmium crash on start" (Requested by yurys on #webkit).
1934
1935         * wtf/DynamicAnnotations.cpp:
1936         (WTFAnnotateBenignRaceSized):
1937         (WTFAnnotateHappensBefore):
1938         (WTFAnnotateHappensAfter):
1939         * wtf/DynamicAnnotations.h:
1940
1941 2011-06-23  Timur Iskhodzhanov  <timurrrr@google.com>
1942
1943         Reviewed by David Levin.
1944
1945         Make dynamic annotations weak symbols and prevent identical code folding by the linker
1946         https://bugs.webkit.org/show_bug.cgi?id=62443
1947
1948         * wtf/DynamicAnnotations.cpp:
1949         (WTFAnnotateBenignRaceSized):
1950         (WTFAnnotateHappensBefore):
1951         (WTFAnnotateHappensAfter):
1952         * wtf/DynamicAnnotations.h:
1953
1954 2011-06-22  Yael Aharon  <yael.aharon@nokia.com>
1955
1956         Reviewed by Andreas Kling.
1957
1958         [Qt] Add a build flag for building with libxml2 and libxslt.
1959         https://bugs.webkit.org/show_bug.cgi?id=63113
1960
1961         * wtf/Platform.h:
1962
1963 2011-06-22  Sheriff Bot  <webkit.review.bot@gmail.com>
1964
1965         Unreviewed, rolling out r89489.
1966         http://trac.webkit.org/changeset/89489
1967         https://bugs.webkit.org/show_bug.cgi?id=63203
1968
1969         Broke chromium mac build on build.webkit.org (Requested by
1970         abarth on #webkit).
1971
1972         * wtf/Platform.h:
1973
1974 2011-06-22  Cary Clark  <caryclark@google.com>
1975
1976         Reviewed by Darin Fisher.
1977
1978         Use Skia if Skia on Mac Chrome is enabled
1979         https://bugs.webkit.org/show_bug.cgi?id=62999
1980
1981         * wtf/Platform.h:
1982         Add switch to use Skia if, externally,
1983         Skia has been enabled by a gyp define.
1984
1985 2011-06-22  Geoffrey Garen  <ggaren@apple.com>
1986
1987         Reviewed by Oliver Hunt.
1988
1989         * interpreter/RegisterFile.h: Removed unnecessary #include <stdio.h>.
1990
1991 2011-06-22  Geoffrey Garen  <ggaren@apple.com>
1992
1993         Reviewed by Oliver Hunt.
1994
1995         Removed the conceit that global variables are local variables when running global code
1996         https://bugs.webkit.org/show_bug.cgi?id=63106
1997         
1998         This is required for write barrier correctness.
1999         
2000         SunSpider reports about a 0.5% regression, mostly from bitops-bitwise-and.js.
2001         I was able to reduce the regression with a tiny peephole optimization in
2002         the bytecompiler, but not eliminate it. I'm committing this assuming
2003         that turning on generational GC will win back at least 0.5%.
2004
2005         (FWIW, the DFG JIT can easily eliminate any regression by sharing loads of
2006         the global object's var storage. I considered doing the same kind of
2007         optimization in the existing JIT, but it seemed like moving in the wrong
2008         direction.)
2009
2010         * bytecompiler/BytecodeGenerator.cpp:
2011         (JSC::BytecodeGenerator::addGlobalVar):
2012         (JSC::BytecodeGenerator::BytecodeGenerator): Don't give global variables
2013         negative indices, since they're no longer negatively offset from the
2014         current stack frame.
2015         
2016         Do give global variables monotonically increasing positive indices, since
2017         that's much easier to work with.
2018         
2019         Don't limit the number of optimizable global variables, since it's no
2020         longer limited by the register file, since they're no longer stored in
2021         the register file.
2022
2023         (JSC::BytecodeGenerator::registerFor): Global code never has any local
2024         registers because a var in global code is actually a property of the
2025         global object.
2026
2027         (JSC::BytecodeGenerator::constRegisterFor): Ditto.
2028
2029         (JSC::BytecodeGenerator::emitResolve): Did a tiny bit of constant
2030         propagation and dead code elimination to speed up our compiles and
2031         reduce WTFs / minute.
2032
2033         * bytecompiler/BytecodeGenerator.h:
2034         (JSC::BytecodeGenerator::registerFor): Removed special handling of globals.
2035
2036         (JSC::BytecodeGenerator::shouldOptimizeLocals): Don't optimize locals in
2037         global code, since there are none.
2038
2039         (JSC::BytecodeGenerator::canOptimizeNonLocals): Do optimize non-locals
2040         in global code (i.e., global vars), since there are some.
2041
2042         * interpreter/Interpreter.cpp:
2043         (JSC::Interpreter::callEval):
2044         (JSC::Interpreter::Interpreter):
2045         (JSC::Interpreter::dumpRegisters):
2046         (JSC::Interpreter::execute):
2047         * interpreter/Interpreter.h: Updated for deleted / renamed code.
2048
2049         * interpreter/RegisterFile.cpp:
2050         (JSC::RegisterFile::gatherConservativeRoots):
2051         (JSC::RegisterFile::releaseExcessCapacity): Updated for deleted / renamed
2052         data members.
2053
2054         * interpreter/RegisterFile.h:
2055         (JSC::RegisterFile::begin):
2056         (JSC::RegisterFile::size):
2057         (JSC::RegisterFile::RegisterFile):
2058         (JSC::RegisterFile::shrink): Removed all code and comments dealing with
2059         global variables stored in the register file.
2060
2061         (JSC::RegisterFile::grow): Updated for same.
2062         
2063         Also, a slight correctness fix: Test the VM commit end, and not just the
2064         in-use end, when checking for stack overflow. In theory, it's invalid to
2065         commit past the end of your allocation, even if you never touch that
2066         memory. This makes the usable size of the stack slightly smaller. No test
2067         because we don't know of any case in practice where this crashes.
2068
2069         * runtime/JSGlobalData.cpp:
2070         (JSC::JSGlobalData::JSGlobalData): Updated for changes above.
2071
2072         * runtime/JSGlobalObject.cpp:
2073         (JSC::JSGlobalObject::resizeRegisters):
2074         (JSC::JSGlobalObject::addStaticGlobals):
2075         * runtime/JSGlobalObject.h: Simplified globals to have monotonically 
2076         increasing indexes, always located in our external storage.
2077
2078 2011-06-21  MORITA Hajime  <morrita@google.com>
2079
2080         Unreviewed, rolling out r89401 and r89403.
2081         http://trac.webkit.org/changeset/89401
2082         http://trac.webkit.org/changeset/89403
2083         https://bugs.webkit.org/show_bug.cgi?id=62970
2084
2085         Breaks mac build and mistakenly enables the spellcheck API
2086
2087         * Configurations/FeatureDefines.xcconfig:
2088         * JavaScriptCore.xcodeproj/project.pbxproj:
2089
2090 2011-06-21  Kent Tamura  <tkent@chromium.org>
2091
2092         [Mac] Sort Xcode project files.
2093
2094         * JavaScriptCore.xcodeproj/project.pbxproj:
2095
2096 2011-06-20  MORITA Hajime  <morrita@google.com>
2097
2098         Reviewed by Kent Tamura.
2099
2100         Spellcheck API should be build-able.
2101         https://bugs.webkit.org/show_bug.cgi?id=62970
2102
2103         No new tests, changing only build related files
2104         
2105         * Configurations/FeatureDefines.xcconfig:
2106
2107 2011-06-21  Geoffrey Garen  <ggaren@apple.com>
2108
2109         Reviewed by Oliver Hunt.
2110
2111         Moved 'const' off the global-variable-as-local-variable crack pipe
2112         https://bugs.webkit.org/show_bug.cgi?id=63105
2113         
2114         This is necessary for moving the rest of the code off of same.
2115         
2116         Many problems remain in our handling of const. I have fixed none of them.
2117
2118         * bytecompiler/BytecodeGenerator.h:
2119         (JSC::BytecodeGenerator::scopeChain): New accessor, needed to enable
2120         const to directly implement its unique scoping rules.
2121
2122         * bytecompiler/NodesCodegen.cpp:
2123         (JSC::PrefixResolveNode::emitBytecode): Do specify that our resolve is
2124         for writing, so we don't overwrite const variables.
2125
2126         (JSC::ConstDeclNode::emitCodeSingle): Don't assume that all declared const
2127         variables are available as local variables, since this won't be the case
2128         once global variables are not available as local variables. Instead, use
2129         put_scoped_var in the case where there is no local variable. Like a local
2130         variable, put_scoped_var succeeds even though const properties are
2131         read-only, since put_scoped_var skips read-only checks. (Yay?)
2132
2133 2011-06-21  Oliver Hunt  <oliver@apple.com>
2134
2135         Reviewed by Alexey Proskuryakov.
2136
2137         REGRESSION(r89257): It broke 2 jscore tests (Requested by Ossy_away on #webkit).
2138         https://bugs.webkit.org/show_bug.cgi?id=63052
2139
2140         Release mode only failure, the stack overflow guards were getting there error
2141         handling inlined, so that they were essentially causing their own demise.
2142
2143         * parser/JSParser.cpp:
2144         (JSC::JSParser::updateErrorMessage):
2145         (JSC::JSParser::updateErrorWithNameAndMessage):
2146
2147 2011-06-20  Kenneth Russell  <kbr@google.com>
2148
2149         Unreviewed.
2150
2151         Rolled out r89233 and r89235 because of crashes in http/tests/misc/acid3.html on Snow Leopard and other platforms
2152         https://bugs.webkit.org/show_bug.cgi?id=63022
2153
2154         * wtf/Platform.h:
2155
2156 2011-06-18  Anders Carlsson  <andersca@apple.com>
2157
2158         Reviewed by Darin Adler.
2159
2160         Disallow assigning into PassOwnArrayPtr, PassOwnPtr and PassRefPtr
2161         https://bugs.webkit.org/show_bug.cgi?id=62940
2162
2163         Remove clear() and all assignment operators except one which now has a COMPILE_ASSERT.
2164
2165         * wtf/PassOwnArrayPtr.h:
2166         (WTF::PassOwnArrayPtr::operator=):
2167         * wtf/PassOwnPtr.h:
2168         (WTF::PassOwnPtr::operator=):
2169         * wtf/PassRefPtr.h:
2170         (WTF::PassRefPtr::operator=):
2171         (WTF::NonNullPassRefPtr::operator=):
2172
2173 2011-06-20  Oliver Hunt  <oliver@apple.com>
2174
2175         Reviewed by Darin Adler.
2176
2177         REGRESSION (r79060): Searching for a flight at united.com fails
2178         https://bugs.webkit.org/show_bug.cgi?id=63003
2179
2180         This original change also broke Twitter, and we attempted to refine the fix to 
2181         address that problem (http://trac.webkit.org/changeset/80542), but since it still breaks United,
2182         we need to revert the change until we understand the problem better.
2183
2184         * wtf/DateMath.cpp:
2185         (WTF::parseDateFromNullTerminatedCharacters):
2186
2187 2011-06-20  Juan C. Montemayor  <jmont@apple.com>
2188
2189         Reviewed by Oliver Hunt.
2190
2191         No context for javascript parse errors.
2192         https://bugs.webkit.org/show_bug.cgi?id=62613
2193         
2194         Parse errors now show more details like:
2195         "Unexpected token: ]"
2196         or
2197         "Expected token: while"
2198         
2199         For reserved names, numbers, indentifiers, strings, lexer errors, 
2200         and EOFs, the following error messages are printed:
2201         
2202         "Use of reserved word: super"
2203         "Unexpected number: 42"
2204         "Unexpected identifier: "
2205         "Unexpected string: "foobar""
2206         "Invalid token character sequence: \u4023"
2207         "Unexpected EOF"
2208
2209         * parser/JSParser.cpp:
2210         (JSC::JSParser::consume):
2211         (JSC::JSParser::getToken):
2212         (JSC::JSParser::getTokenName):
2213         (JSC::JSParser::updateErrorMessageSpecialCase):
2214         (JSC::JSParser::updateErrorMessage):
2215         (JSC::JSParser::updateErrorWithNameAndMessage):
2216         (JSC::jsParse):
2217         (JSC::JSParser::JSParser):
2218         (JSC::JSParser::parseProgram):
2219         (JSC::JSParser::parseVarDeclarationList):
2220         (JSC::JSParser::parseForStatement):
2221         (JSC::JSParser::parseBreakStatement):
2222         (JSC::JSParser::parseContinueStatement):
2223         (JSC::JSParser::parseWithStatement):
2224         (JSC::JSParser::parseTryStatement):
2225         (JSC::JSParser::parseStatement):
2226         (JSC::JSParser::parseFormalParameters):
2227         (JSC::JSParser::parseFunctionInfo):
2228         (JSC::JSParser::parseAssignmentExpression):
2229         (JSC::JSParser::parsePrimaryExpression):
2230         (JSC::JSParser::parseMemberExpression):
2231         (JSC::JSParser::parseUnaryExpression):
2232         * parser/JSParser.h:
2233         * parser/Lexer.cpp:
2234         (JSC::Lexer::lex):
2235         * parser/Parser.cpp:
2236         (JSC::Parser::parse):
2237
2238 2011-06-20  Nikolas Zimmermann  <nzimmermann@rim.com>
2239
2240         Reviewed by Rob Buis.
2241
2242         Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
2243         https://bugs.webkit.org/show_bug.cgi?id=59085
2244
2245         * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
2246
2247 2011-06-19  Oliver Hunt  <oliver@apple.com>
2248
2249         Reviewed by Sam Weinig.
2250
2251         Correct logic for putting errors on the correct line when handling JSONP
2252         https://bugs.webkit.org/show_bug.cgi?id=62962
2253
2254         Minor fix for the minor fix.  *sigh*
2255
2256         * interpreter/Interpreter.cpp:
2257         (JSC::Interpreter::execute):
2258
2259 2011-06-19  Oliver Hunt  <oliver@apple.com>
2260
2261         Minor fix to correct layout test results.
2262
2263         * interpreter/Interpreter.cpp:
2264         (JSC::Interpreter::execute):
2265
2266 2011-06-17  Oliver Hunt  <oliver@apple.com>
2267
2268         Reviewed by Gavin Barraclough.
2269
2270         JSONP is unnecessarily slow
2271         https://bugs.webkit.org/show_bug.cgi?id=62920
2272
2273         JSONP has unfortunately become a fairly common idiom online, yet
2274         it triggers very poor performance in JSC as we end up doing codegen
2275         for a large number of property accesses that will
2276            * only be run once, so the vast amount of logic we dump to handle
2277              caching of accesses is unnecessary.
2278            * We are doing codegen that is directly proportional to just
2279              creating the object in the first place.
2280
2281         This patch extends the use of the literal parser to JSONP-like structures
2282         in global code, handling a number of different forms I have seen online.
2283         In an extreme case this improves performance of JSONP by more than 2x
2284         due to removal of code generation and execution time, and a few optimisations
2285         that I made to the parser itself.
2286
2287         * API/JSValueRef.cpp:
2288         (JSValueMakeFromJSONString):
2289         * interpreter/Interpreter.cpp:
2290         (JSC::Interpreter::callEval):
2291         (JSC::Interpreter::execute):
2292         * parser/Lexer.cpp:
2293         (JSC::Lexer::isKeyword):
2294         * parser/Lexer.h:
2295         * runtime/JSGlobalObjectFunctions.cpp:
2296         (JSC::globalFuncEval):
2297         * runtime/JSONObject.cpp:
2298         (JSC::JSONProtoFuncParse):
2299         * runtime/LiteralParser.cpp:
2300         (JSC::LiteralParser::tryJSONPParse):
2301         (JSC::LiteralParser::makeIdentifier):
2302         (JSC::LiteralParser::Lexer::lex):
2303         (JSC::LiteralParser::Lexer::next):
2304         (JSC::isSafeStringCharacter):
2305         (JSC::LiteralParser::Lexer::lexString):
2306         (JSC::LiteralParser::Lexer::lexNumber):
2307         (JSC::LiteralParser::parse):
2308         * runtime/LiteralParser.h:
2309         (JSC::LiteralParser::LiteralParser):
2310         (JSC::LiteralParser::tryLiteralParse):
2311         (JSC::LiteralParser::Lexer::Lexer):
2312
2313 2011-06-18  Sheriff Bot  <webkit.review.bot@gmail.com>
2314
2315         Unreviewed, rolling out r89184.
2316         http://trac.webkit.org/changeset/89184
2317         https://bugs.webkit.org/show_bug.cgi?id=62927
2318
2319         It broke 22 tests on all bot (Requested by Ossy_weekend on
2320         #webkit).
2321
2322         * API/JSValueRef.cpp:
2323         (JSValueMakeFromJSONString):
2324         * interpreter/Interpreter.cpp:
2325         (JSC::Interpreter::callEval):
2326         (JSC::Interpreter::execute):
2327         * parser/Lexer.cpp:
2328         * parser/Lexer.h:
2329         * runtime/JSGlobalObjectFunctions.cpp:
2330         (JSC::globalFuncEval):
2331         * runtime/JSONObject.cpp:
2332         (JSC::JSONProtoFuncParse):
2333         * runtime/LiteralParser.cpp:
2334         (JSC::LiteralParser::Lexer::lex):
2335         (JSC::isSafeStringCharacter):
2336         (JSC::LiteralParser::Lexer::lexString):
2337         (JSC::LiteralParser::Lexer::lexNumber):
2338         (JSC::LiteralParser::parse):
2339         * runtime/LiteralParser.h:
2340         (JSC::LiteralParser::LiteralParser):
2341         (JSC::LiteralParser::tryLiteralParse):
2342         (JSC::LiteralParser::Lexer::Lexer):
2343         (JSC::LiteralParser::Lexer::next):
2344
2345 2011-06-17  Oliver Hunt  <oliver@apple.com>
2346
2347         Reviewed by Gavin Barraclough.
2348
2349         JSONP is unnecessarily slow
2350         https://bugs.webkit.org/show_bug.cgi?id=62920
2351
2352         JSONP has unfortunately become a fairly common idiom online, yet
2353         it triggers very poor performance in JSC as we end up doing codegen
2354         for a large number of property accesses that will
2355            * only be run once, so the vast amount of logic we dump to handle
2356              caching of accesses is unnecessary.
2357            * We are doing codegen that is directly proportional to just
2358              creating the object in the first place.
2359
2360         This patch extends the use of the literal parser to JSONP-like structures
2361         in global code, handling a number of different forms I have seen online.
2362         In an extreme case this improves performance of JSONP by more than 2x
2363         due to removal of code generation and execution time, and a few optimisations
2364         that I made to the parser itself.
2365
2366         * API/JSValueRef.cpp:
2367         (JSValueMakeFromJSONString):
2368         * interpreter/Interpreter.cpp:
2369         (JSC::Interpreter::callEval):
2370         (JSC::Interpreter::execute):
2371         * parser/Lexer.cpp:
2372         (JSC::Lexer::isKeyword):
2373         * parser/Lexer.h:
2374         * runtime/JSGlobalObjectFunctions.cpp:
2375         (JSC::globalFuncEval):
2376         * runtime/JSONObject.cpp:
2377         (JSC::JSONProtoFuncParse):
2378         * runtime/LiteralParser.cpp:
2379         (JSC::LiteralParser::tryJSONPParse):
2380         (JSC::LiteralParser::makeIdentifier):
2381         (JSC::LiteralParser::Lexer::lex):
2382         (JSC::LiteralParser::Lexer::next):
2383         (JSC::isSafeStringCharacter):
2384         (JSC::LiteralParser::Lexer::lexString):
2385         (JSC::LiteralParser::Lexer::lexNumber):
2386         (JSC::LiteralParser::parse):
2387         * runtime/LiteralParser.h:
2388         (JSC::LiteralParser::LiteralParser):
2389         (JSC::LiteralParser::tryLiteralParse):
2390         (JSC::LiteralParser::Lexer::Lexer):
2391
2392 2011-06-17  Geoffrey Garen  <ggaren@apple.com>
2393
2394         Reviewed by Oliver Hunt.
2395
2396         Moved some property access JIT code into property access JIT files
2397         https://bugs.webkit.org/show_bug.cgi?id=62906
2398
2399         * jit/JITOpcodes.cpp:
2400         * jit/JITOpcodes32_64.cpp:
2401         * jit/JITPropertyAccess.cpp:
2402         (JSC::JIT::emitSlow_op_put_by_val):
2403         (JSC::JIT::emit_op_get_scoped_var):
2404         (JSC::JIT::emit_op_put_scoped_var):
2405         (JSC::JIT::emit_op_get_global_var):
2406         (JSC::JIT::emit_op_put_global_var):
2407         * jit/JITPropertyAccess32_64.cpp:
2408         (JSC::JIT::emit_op_get_scoped_var):
2409         (JSC::JIT::emit_op_put_scoped_var):
2410         (JSC::JIT::emit_op_get_global_var):
2411         (JSC::JIT::emit_op_put_global_var):
2412
2413 2011-06-17  Anders Carlsson  <andersca@apple.com>
2414
2415         Build fix.
2416
2417         * JavaScriptCore.xcodeproj/project.pbxproj:
2418
2419 2011-06-17  Geoffrey Garen  <ggaren@apple.com>
2420
2421         Try to fix the Leopard build?
2422
2423         * JavaScriptCore.xcodeproj/project.pbxproj:
2424
2425 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2426
2427         Reviewed by Oliver Hunt.
2428
2429         Added some write barrier action, compiled out by default
2430         https://bugs.webkit.org/show_bug.cgi?id=62844
2431
2432         * JavaScriptCore.exp: Build!
2433
2434         * JavaScriptCore.xcodeproj/project.pbxproj: Fixed an incremental build
2435         issue with Heap.cpp.
2436
2437         * heap/Heap.cpp:
2438         (JSC::Heap::writeBarrierSlowCase):
2439         * heap/Heap.h:
2440         (JSC::Heap::writeBarrier):
2441         * heap/MarkedBlock.h:
2442         (JSC::MarkedBlock::isAtomAligned):
2443         (JSC::MarkedBlock::blockFor):
2444         (JSC::MarkedBlock::atomNumber):
2445         (JSC::MarkedBlock::ownerSetNumber):
2446         (JSC::MarkedBlock::addOldSpaceOwner):
2447         (JSC::MarkedBlock::OwnerSet::OwnerSet):
2448         (JSC::MarkedBlock::OwnerSet::add):
2449         (JSC::MarkedBlock::OwnerSet::clear):
2450         (JSC::MarkedBlock::OwnerSet::size):
2451         (JSC::MarkedBlock::OwnerSet::didOverflow):
2452         (JSC::MarkedBlock::OwnerSet::owners): Added a basic write barrier that
2453         tracks owners for regions within blocks. Currently unused.
2454
2455 2011-06-17  Raphael Kubo da Costa  <kubo@profusion.mobi>
2456
2457         Reviewed by Eric Seidel.
2458
2459         [EFL] Add some OwnPtr specializations for EFL types.
2460         For now there are specializations for Ecore_Evas and Evas_Object.
2461         https://bugs.webkit.org/show_bug.cgi?id=62877
2462
2463         * wtf/CMakeListsEfl.txt:
2464         * wtf/OwnPtrCommon.h:
2465         * wtf/efl/OwnPtrEfl.cpp: Added.
2466         (WTF::deleteOwnedPtr):
2467
2468 2011-06-17  Joone Hur  <joone.hur@collabora.co.uk>
2469
2470         Reviewed by Martin Robinson.
2471
2472         [GTK] Replace GdkRectangle by cairo_rectangle_int_t
2473         https://bugs.webkit.org/show_bug.cgi?id=60687
2474
2475         Replace GdkRectangle by cairo_rectangle_int_t.
2476
2477         * wtf/gobject/GTypedefs.h: Replace GdkRectangle by cairo_rectangle_int_t.
2478
2479 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
2480
2481         Reviewed by Oliver Hunt.
2482
2483         https://bugs.webkit.org/show_bug.cgi?id=53014
2484         ES5 strict mode keyword restrictions aren't implemented
2485
2486         The following are future restricted words is strict mode code:
2487             implements, interface, let, package, private, protected, public, static, yield
2488
2489         * parser/JSParser.h:
2490             - Add RESERVED_IF_STRICT token.
2491         * parser/Keywords.table:
2492             - Add new future restricted words.
2493         * parser/Lexer.cpp:
2494         (JSC::Lexer::parseIdentifier):
2495             - Check for RESERVED_IF_STRICT; in nonstrict code this is converted to IDENT.
2496         (JSC::Lexer::lex):
2497             - Pass strictMode flag to parseIdentifier.
2498         * parser/Lexer.h:
2499             - parseIdentifier needs a strictMode flag.
2500         * runtime/CommonIdentifiers.h:
2501             - Add identifiers for new reserved words.
2502
2503 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
2504
2505         Reviewed by Oliver Hunt.
2506
2507         https://bugs.webkit.org/show_bug.cgi?id=23611
2508         Multiline Javascript comments cause incorrect parsing of following script.
2509
2510         From the spec:
2511         "A MultiLineComment [is] simply discarded if it contains no line terminator,
2512         but if a MultiLineComment contains one or more line terminators, then it is
2513         replaced with a single line terminator, which becomes part of the stream of
2514         inputs for the syntactic grammar." 
2515
2516         This may result in behavioural changes, due to automatic semicolon insertion.
2517
2518         * parser/Lexer.cpp:
2519         (JSC::Lexer::parseMultilineComment):
2520             - Set m_terminator is we see a line terminator in a multiline comment.
2521
2522 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
2523
2524         Reviewed by Sam Weinig.
2525
2526         https://bugs.webkit.org/show_bug.cgi?id=62824
2527         DFG JIT - add support for branch-fusion of compareEq, JSValue comparisons in SpeculativeJIT
2528
2529         CompareEq of non-integer values is the most common cause of speculation failure.
2530
2531         * dfg/DFGSpeculativeJIT.cpp:
2532         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
2533             - Support Equals.
2534         (JSC::DFG::SpeculativeJIT::compilePeepHoleEq):
2535             - new! - peephole optimized Eq of JSValues.
2536         (JSC::DFG::SpeculativeJIT::compile):
2537             - Add peephole optimization for CompareEq.
2538         * dfg/DFGSpeculativeJIT.h:
2539         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
2540             - Add support for dead nodes between compare & branch.
2541         (JSC::DFG::SpeculativeJIT::isInteger):
2542             - Added to determine which form of peephole to do in CompareEq.
2543
2544 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2545
2546         Try to fix the Windows build.
2547
2548         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export another
2549         symbol.
2550
2551         * bytecode/EvalCodeCache.h:
2552         * heap/HandleHeap.h:
2553         * heap/HeapRootVisitor.h:
2554         * heap/NewSpace.h:
2555         * runtime/ArgList.h:
2556         * runtime/ScopeChain.h:
2557         * runtime/SmallStrings.h:
2558         * runtime/Structure.h: Stop forward-declaring things that don't really
2559         exist anymore.
2560
2561 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2562
2563         Try to fix the Mac build: Removed and re-added SlotVisitor.h to the Xcode
2564         project while crossing my fingers and facing west.
2565
2566         * JavaScriptCore.xcodeproj/project.pbxproj:
2567
2568 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2569
2570         Build fix: Removed an incorrect symbol on Windows.
2571
2572         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2573
2574 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2575
2576         Build fix: Removed an accidental commit from the future.
2577
2578         * CMakeLists.txt:
2579
2580 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2581
2582         Reviewed by Oliver Hunt.
2583
2584         Introduced SlotVisitor into the project
2585         https://bugs.webkit.org/show_bug.cgi?id=62820
2586         
2587         This resolves a class vs typedef forward declaration issue, and gives all
2588         exported symbols the correct names.
2589
2590         * CMakeLists.txt:
2591         * GNUmakefile.list.am:
2592         * JavaScriptCore.exp:
2593         * JavaScriptCore.gypi:
2594         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2595         * JavaScriptCore.xcodeproj/project.pbxproj: Build!
2596
2597         * bytecode/EvalCodeCache.h:
2598         * heap/HandleHeap.h:
2599         * heap/Heap.cpp:
2600         (JSC::Heap::Heap):
2601         (JSC::Heap::markRoots):
2602         * heap/Heap.h:
2603         * heap/HeapRootVisitor.h: Replaced MarkStack with SlotVisitor. Now no
2604         clients operate on a MarkStack.
2605
2606         * heap/MarkStack.cpp:
2607         (JSC::SlotVisitor::visitChildren):
2608         (JSC::SlotVisitor::drain):
2609         * heap/SlotVisitor.h: Added.
2610         (JSC::SlotVisitor::SlotVisitor): Used 'protected' and a little cheesy
2611         inheritance to give SlotVisitor all the attributes of MarkStack without
2612         making this change giant. Over time, we will move more behavior into
2613         SlotVisitor and its subclasses.
2614
2615         * heap/MarkStack.h:
2616         * heap/NewSpace.h: Replaced MarkStack with SlotVisitor. Now no
2617         clients operate on a MarkStack.
2618
2619         * runtime/ArgList.h:
2620         * runtime/JSCell.h:
2621         * runtime/JSObject.h:
2622         * runtime/ScopeChain.h:
2623         * runtime/SmallStrings.h:
2624         * runtime/Structure.h: Replaced MarkStack with SlotVisitor. Now no
2625         clients operate on a MarkStack.
2626
2627 2011-06-15  Oliver Hunt  <oliver@apple.com>
2628
2629         Reviewed by Geoffrey Garen.
2630
2631         Reduce memory usage of resolve_global
2632         https://bugs.webkit.org/show_bug.cgi?id=62765
2633
2634         If we have a large number of resolve_globals in a single
2635         block start planting plain resolve instructions instead 
2636         whenever we aren't in a loop.  This allows us to reduce
2637         the code size for extremely large functions without
2638         losing the performance benefits of op_resolve_global.
2639
2640         * bytecode/CodeBlock.h:
2641         (JSC::CodeBlock::globalResolveInfoCount):
2642         * bytecompiler/BytecodeGenerator.cpp:
2643         (JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
2644         (JSC::BytecodeGenerator::emitResolve):
2645         (JSC::BytecodeGenerator::emitResolveWithBase):
2646         * bytecompiler/BytecodeGenerator.h:
2647
2648 2011-06-16  Qi Zhang  <qi.2.zhang@nokia.com>
2649
2650         Reviewed by Laszlo Gombos.
2651
2652         [Qt] Fix building with CONFIG(use_system_icu)
2653         https://bugs.webkit.org/show_bug.cgi?id=62744
2654
2655         Do not define WTF_USE_QT4_UNICODE if WTF_USE_ICU_UNICODE is set.
2656
2657         * wtf/Platform.h:
2658
2659 2011-06-15  Darin Adler  <darin@apple.com>
2660
2661         Reviewed by Adam Barth.
2662
2663         Remove obsolete LOOSE_OWN_PTR code
2664         https://bugs.webkit.org/show_bug.cgi?id=59909
2665
2666         The internal Apple dependency on this is gone now.
2667
2668         * wtf/OwnArrayPtr.h: Removed constructor that takes a raw pointer,
2669         set function that takes a raw pointer.
2670
2671         * wtf/OwnPtr.h: Removed constructor that takes a raw pointer,
2672         set functino that takes a raw pointer.
2673
2674         * wtf/PassOwnArrayPtr.h: Made constructor that takes a nullptr
2675         and assignment operator that takes a nullptr unconditional.
2676         Made constructor that takes a raw pointer private and explicit,
2677         and removed assignment operator that takes a raw pointer.
2678
2679         * wtf/PassOwnPtr.h: Made assignment operator that takes a nullptr
2680         unconditional. Made constructor that takes a raw pointer private
2681         and explicit, and removed assignment operator that takes a raw pointer.
2682
2683 2011-06-15  Sam Weinig  <sam@webkit.org>
2684
2685         Reviewed by Geoffrey Garen and Gavin Barraclough.
2686
2687         Make access-nseive ~9x faster on the non-speculative path by
2688         adding special casing for doubles that can lossless-ly be converted
2689         to a uint32_t in getByVal and putByVal. This avoids calls to stringification
2690         and the hash lookup.  Long term, we should try and get property of a getByVal
2691         and putByVal to be an integer immediate even in the non-speculative path.
2692
2693         * dfg/DFGOperations.cpp:
2694         (JSC::DFG::putByVal):
2695         (JSC::DFG::operationPutByValInternal):
2696
2697 2011-06-15  Oliver Hunt  <oliver@apple.com>
2698
2699         Reviewed by Darin Adler.
2700
2701         REGRESSION (r88719): 5by5.tv schedule is not visible
2702         https://bugs.webkit.org/show_bug.cgi?id=62720
2703
2704         Problem here is that the lexer wasn't considering '$' to be
2705         a valid character in an identifier.
2706
2707         * parser/Lexer.h:
2708         (JSC::Lexer::lexExpectIdentifier):
2709
2710 2011-06-15  Oliver Hunt  <oliver@apple.com>
2711
2712         Reviewed by Sam Weinig.
2713
2714         Reduce the size of global_resolve
2715         https://bugs.webkit.org/show_bug.cgi?id=62738
2716
2717         Reduce the code size of global_resolve in the JIT by replacing
2718         multiple pointer loads with a single pointer move + two offset
2719         loads.
2720
2721         * jit/JITOpcodes.cpp:
2722         (JSC::JIT::emit_op_resolve_global):
2723         * jit/JITOpcodes32_64.cpp:
2724         (JSC::JIT::emit_op_resolve_global):
2725
2726 2011-06-14  Geoffrey Garen  <ggaren@apple.com>
2727
2728         Reviewed by Dan Bernstein.
2729
2730         Fixed an inavlid ASSERT I found while investigating
2731         <rdar://problem/9580254> Crash in JSC::HandleHeap::finalizeWeakHandles + 92
2732         https://bugs.webkit.org/show_bug.cgi?id=62699        
2733
2734         No test since we don't know of a way to get WebCore to deallocate the
2735         next-to-finalize handle, which is also the last handle in the list,
2736         while finalizing the second-to-last handle in the list.
2737
2738         * heap/HandleHeap.h:
2739         (JSC::HandleHeap::deallocate): Don't ASSERT that m_nextToFinalize has a
2740         non-0 next() after updating it, since it is valid to update m_nextToFinalize
2741         to point to the tail sentinel.
2742         
2743         Do ASSERT that m_nextToFinalize has a non-0 next() before updating it,
2744         since it is not valid to update m_nextToFinalize to point past the tail
2745         sentinel.
2746         
2747         Also, use m_nextToFinalize consistently for clarity.
2748
2749 2011-06-14  Gavin Barraclough  <barraclough@apple.com>
2750
2751         Reviewed by Sam Weinig.
2752
2753         https://bugs.webkit.org/show_bug.cgi?id=43841
2754         SegmentedVector::operator== typo
2755
2756         * wtf/SegmentedVector.h:
2757         (WTF::SegmentedVectorIterator::operator==):
2758         (WTF::SegmentedVectorIterator::operator!=):
2759
2760 2011-06-14  Oliver Hunt  <oliver@apple.com>
2761
2762         Reviewed by Gavin Barraclough.
2763
2764         Constant array literals result in unnecessarily large amounts of code
2765         https://bugs.webkit.org/show_bug.cgi?id=62658
2766
2767         Add a new version of op_new_array that simply copies values from a buffer
2768         we hang off of the CodeBlock, rather than generating code to place each
2769         entry into the registerfile, and then copying it from the registerfile into
2770         the array.  This is a slight improvement on some sunspider tests, but no
2771         measurable overall change.  That's okay though as our goal was to reduce
2772         code size without hurting performance.
2773
2774         * bytecode/CodeBlock.cpp:
2775         (JSC::CodeBlock::dump):
2776         * bytecode/CodeBlock.h:
2777         (JSC::CodeBlock::addImmediateBuffer):
2778         (JSC::CodeBlock::immediateBuffer):
2779         * bytecode/Opcode.h:
2780         * bytecompiler/BytecodeGenerator.cpp:
2781         (JSC::BytecodeGenerator::addImmediateBuffer):
2782         (JSC::BytecodeGenerator::emitNewArray):
2783         * bytecompiler/BytecodeGenerator.h:
2784         * bytecompiler/NodesCodegen.cpp:
2785         (JSC::ArrayNode::emitBytecode):
2786         * interpreter/Interpreter.cpp:
2787         (JSC::Interpreter::privateExecute):
2788         * jit/JIT.cpp:
2789         (JSC::JIT::privateCompileMainPass):
2790         * jit/JIT.h:
2791         * jit/JITOpcodes.cpp:
2792         (JSC::JIT::emit_op_new_array):
2793         (JSC::JIT::emit_op_new_array_buffer):
2794         * jit/JITOpcodes32_64.cpp:
2795         * jit/JITStubs.cpp:
2796         (JSC::DEFINE_STUB_FUNCTION):
2797         * jit/JITStubs.h:
2798
2799 2011-06-14  Sheriff Bot  <webkit.review.bot@gmail.com>
2800
2801         Unreviewed, rolling out r88841.
2802         http://trac.webkit.org/changeset/88841
2803         https://bugs.webkit.org/show_bug.cgi?id=62672
2804
2805         Caused many tests to crash (Requested by rniwa on #webkit).
2806
2807         * bytecode/CodeBlock.cpp:
2808         (JSC::CodeBlock::dump):
2809         * bytecode/CodeBlock.h:
2810         * bytecode/Opcode.h:
2811         * bytecompiler/BytecodeGenerator.cpp:
2812         (JSC::BytecodeGenerator::emitNewArray):
2813         * bytecompiler/BytecodeGenerator.h:
2814         * bytecompiler/NodesCodegen.cpp:
2815         (JSC::ArrayNode::emitBytecode):
2816         * interpreter/Interpreter.cpp:
2817         (JSC::Interpreter::privateExecute):
2818         * jit/JIT.cpp:
2819         (JSC::JIT::privateCompileMainPass):
2820         * jit/JIT.h:
2821         * jit/JITOpcodes.cpp:
2822         (JSC::JIT::emit_op_new_array):
2823         * jit/JITOpcodes32_64.cpp:
2824         (JSC::JIT::emit_op_new_array):
2825         * jit/JITStubs.cpp:
2826         * jit/JITStubs.h:
2827
2828 2011-06-14  Oliver Hunt  <oliver@apple.com>
2829
2830         Reviewed by Gavin Barraclough.
2831
2832         Constant array literals result in unnecessarily large amounts of code
2833         https://bugs.webkit.org/show_bug.cgi?id=62658
2834
2835         Add a new version of op_new_array that simply copies values from a buffer
2836         we hang off of the CodeBlock, rather than generating code to place each
2837         entry into the registerfile, and then copying it from the registerfile into
2838         the array.  This is a slight improvement on some sunspider tests, but no
2839         measurable overall change.  That's okay though as our goal was to reduce
2840         code size without hurting performance.
2841
2842         * bytecode/CodeBlock.cpp:
2843         (JSC::CodeBlock::dump):
2844         * bytecode/CodeBlock.h:
2845         (JSC::CodeBlock::addImmediateBuffer):
2846         (JSC::CodeBlock::immediateBuffer):
2847         * bytecode/Opcode.h:
2848         * bytecompiler/BytecodeGenerator.cpp:
2849         (JSC::BytecodeGenerator::addImmediateBuffer):
2850         (JSC::BytecodeGenerator::emitNewArray):
2851         * bytecompiler/BytecodeGenerator.h:
2852         * bytecompiler/NodesCodegen.cpp:
2853         (JSC::ArrayNode::emitBytecode):
2854         * interpreter/Interpreter.cpp:
2855         (JSC::Interpreter::privateExecute):
2856         * jit/JIT.cpp:
2857         (JSC::JIT::privateCompileMainPass):
2858         * jit/JIT.h:
2859         * jit/JITOpcodes.cpp:
2860         (JSC::JIT::emit_op_new_array):
2861         (JSC::JIT::emit_op_new_array_buffer):
2862         * jit/JITOpcodes32_64.cpp:
2863         * jit/JITStubs.cpp:
2864         (JSC::DEFINE_STUB_FUNCTION):
2865         * jit/JITStubs.h:
2866
2867 2011-06-14  Stephanie Lewis  <slewis@apple.com>
2868
2869         Rubber stamped by Oliver Hunt.
2870
2871         <rdar://problem/9511169>
2872         Update order files.
2873
2874         * JavaScriptCore.order:
2875
2876 2011-06-14  Sam Weinig  <sam@webkit.org>
2877
2878         Reviewed by Geoffrey Garen.
2879
2880         Fix dumping of constants to have the correct constant number.
2881
2882         * bytecode/CodeBlock.cpp:
2883         (JSC::CodeBlock::dump):
2884
2885 2011-06-14  Benjamin Poulain  <benjamin@webkit.org>
2886
2887         Reviewed by Eric Seidel.
2888
2889         KeywordLookupGenerator's Trie does not work with Python 3
2890         https://bugs.webkit.org/show_bug.cgi?id=62635
2891
2892         With Python 3, dict.items() return an iterator. Since the iterator
2893         protocol changed between Python 2 and 3, the easiest way to get the
2894         values is to have something that use the iterator implicitely, like a
2895         for() loop.
2896
2897         * KeywordLookupGenerator.py:
2898
2899 2011-06-13  Oliver Hunt  <oliver@apple.com>
2900
2901         Reviewed by Gavin Barraclough.
2902
2903         Fix llocp and lvalp names in the lexer to something more meaningful
2904         https://bugs.webkit.org/show_bug.cgi?id=62605
2905
2906         A simple rename
2907
2908         * parser/Lexer.cpp:
2909         (JSC::Lexer::parseIdentifier):
2910         (JSC::Lexer::parseString):
2911         (JSC::Lexer::lex):
2912         * parser/Lexer.h:
2913         (JSC::Lexer::lexExpectIdentifier):
2914
2915 2011-06-13  Oliver Hunt  <oliver@apple.com>
2916
2917         Reviewed by Gavin Barraclough.
2918
2919         Make it possible to inline the common case of identifier lexing
2920         https://bugs.webkit.org/show_bug.cgi?id=62600
2921
2922         Add a lexing function that expects to lex an "normal" alpha numeric
2923         identifier (that ignores keywords) so it's possible to inline the
2924         common parsing cases.  This comes out as a reasonable parsing speed
2925         boost.
2926
2927         * parser/JSParser.cpp:
2928         (JSC::JSParser::nextExpectIdentifier):
2929         (JSC::JSParser::parseProperty):
2930         (JSC::JSParser::parseMemberExpression):
2931         * parser/Lexer.cpp:
2932         * parser/Lexer.h:
2933         (JSC::Lexer::makeIdentifier):
2934         (JSC::Lexer::lexExpectIdentifier):
2935
2936 2011-06-13  Xan Lopez  <xlopez@igalia.com>
2937
2938         Reviewed by Martin Robinson.
2939
2940         Distcheck fixes.
2941
2942         * GNUmakefile.am:
2943         * GNUmakefile.list.am:
2944
2945 2011-06-13  Oliver Hunt  <oliver@apple.com>
2946
2947         Reviewed by Simon Fraser.
2948
2949         Make it possible to inline Identifier::equal
2950         https://bugs.webkit.org/show_bug.cgi?id=62584
2951
2952         Move Identifier::equal to the Identifier header file.
2953
2954         * runtime/Identifier.cpp:
2955         * runtime/Identifier.h:
2956         (JSC::Identifier::equal):
2957
2958 2011-06-13  Tony Chang  <tony@chromium.org>
2959
2960         Reviewed by Dimitri Glazkov.
2961
2962         rename ENABLE_NEW_FLEXBOX to ENABLE_CSS3_FLEXBOX
2963         https://bugs.webkit.org/show_bug.cgi?id=62578
2964
2965         * Configurations/FeatureDefines.xcconfig:
2966
2967 2011-06-13  Tony Chang  <tony@chromium.org>
2968
2969         Reviewed by Adam Barth.
2970
2971         rename ENABLE_FLEXBOX to ENABLE_NEW_FLEXBOX
2972         https://bugs.webkit.org/show_bug.cgi?id=62545
2973
2974         * Configurations/FeatureDefines.xcconfig:
2975
2976 2011-06-12  Patrick Gansterer  <paroga@webkit.org>
2977
2978         Unreviewed. Build fix for !ENABLE(JIT) after r88604.
2979
2980         * bytecode/CodeBlock.cpp:
2981         (JSC::CodeBlock::visitAggregate):
2982
2983 2011-06-11  Gavin Barraclough  <barraclough@apple.com>
2984
2985         Reviewed by Darin Adler.
2986
2987         https://bugs.webkit.org/show_bug.cgi?id=16777
2988
2989         Remove #define NaN per Darin's comments.
2990
2991         * runtime/JSGlobalObjectFunctions.cpp:
2992         (JSC::parseIntOverflow):
2993         (JSC::parseInt):
2994         (JSC::jsStrDecimalLiteral):
2995         (JSC::jsToNumber):
2996         (JSC::parseFloat):
2997         * wtf/DateMath.cpp:
2998         (WTF::equivalentYearForDST):
2999         (WTF::parseES5DateFromNullTerminatedCharacters):
3000         (WTF::parseDateFromNullTerminatedCharacters):
3001         (WTF::timeClip):
3002         (JSC::parseDateFromNullTerminatedCharacters):
3003
3004 2011-06-11  Gavin Barraclough  <barraclough@apple.com>
3005
3006         Rubber stamped by Geoff Garen.
3007
3008         https://bugs.webkit.org/show_bug.cgi?id=62503
3009         Remove JIT_OPTIMIZE_* switches
3010
3011         The alternative code paths are untested, and not well maintained.
3012         These were useful when there was more churn in the JIT, but now
3013         are a maintenance overhead. Time to move on, removing.
3014
3015         * bytecode/CodeBlock.cpp:
3016         (JSC::CodeBlock::visitAggregate):
3017         * jit/JIT.cpp:
3018         (JSC::JIT::privateCompileSlowCases):
3019         (JSC::JIT::privateCompile):
3020         (JSC::JIT::linkConstruct):
3021         * jit/JIT.h:
3022         * jit/JITCall.cpp:
3023         * jit/JITCall32_64.cpp:
3024         * jit/JITOpcodes.cpp:
3025         (JSC::JIT::privateCompileCTIMachineTrampolines):
3026         (JSC::JIT::privateCompileCTINativeCall):
3027         * jit/JITOpcodes32_64.cpp:
3028         (JSC::JIT::privateCompileCTIMachineTrampolines):
3029         (JSC::JIT::privateCompileCTINativeCall):
3030         (JSC::JIT::softModulo):
3031         * jit/JITPropertyAccess.cpp:
3032         * jit/JITPropertyAccess32_64.cpp:
3033         * jit/JITStubs.cpp:
3034         (JSC::DEFINE_STUB_FUNCTION):
3035         * runtime/Lookup.cpp:
3036         (JSC::setUpStaticFunctionSlot):
3037         * runtime/Lookup.h:
3038         * wtf/Platform.h:
3039
3040 2011-06-10  Gavin Barraclough  <barraclough@apple.com>
3041
3042         Reviewed by Sam Weinig.
3043
3044         https://bugs.webkit.org/show_bug.cgi?id=16777
3045         Eliminate JSC::NaN and JSC::Inf
3046
3047         There's no good reason for -K-J-S- JSC to have its own NAN and infinity constants.
3048         The ones in std::numeric_limits are perfectly good.
3049         Remove JSC::Inf, JSC::NaN, switch some cases of (isnan || isinf) to !isfinite.
3050
3051         * API/JSCallbackObjectFunctions.h:
3052         (JSC::::toNumber):
3053         * API/JSValueRef.cpp:
3054         (JSValueMakeNumber):
3055         (JSValueToNumber):
3056         * JavaScriptCore.exp:
3057         * runtime/CachedTranscendentalFunction.h:
3058         (JSC::CachedTranscendentalFunction::initialize):
3059         * runtime/DateConstructor.cpp:
3060         (JSC::constructDate):
3061         * runtime/DateInstanceCache.h:
3062         (JSC::DateInstanceData::DateInstanceData):
3063         (JSC::DateInstanceCache::reset):
3064         * runtime/JSCell.cpp:
3065         * runtime/JSCell.h:
3066         (JSC::JSCell::JSValue::getPrimitiveNumber):
3067         (JSC::JSCell::JSValue::toNumber):
3068         * runtime/JSGlobalData.cpp:
3069         (JSC::JSGlobalData::JSGlobalData):
3070         (JSC::JSGlobalData::resetDateCache):
3071         * runtime/JSGlobalObject.cpp:
3072         (JSC::JSGlobalObject::reset):
3073         * runtime/JSGlobalObjectFunctions.cpp:
3074         (JSC::globalFuncParseInt):
3075         (JSC::globalFuncIsFinite):
3076         * runtime/JSNotAnObject.cpp:
3077         (JSC::JSNotAnObject::toNumber):
3078         * runtime/JSValue.cpp:
3079         * runtime/JSValue.h:
3080         * runtime/JSValueInlineMethods.h:
3081         (JSC::jsNaN):
3082         * runtime/MathObject.cpp:
3083         (JSC::mathProtoFuncMax):
3084         (JSC::mathProtoFuncMin):
3085         * runtime/NumberConstructor.cpp:
3086         (JSC::numberConstructorNegInfinity):
3087         (JSC::numberConstructorPosInfinity):
3088         * runtime/NumberPrototype.cpp:
3089         (JSC::numberProtoFuncToExponential):
3090         (JSC::numberProtoFuncToFixed):
3091         (JSC::numberProtoFuncToPrecision):
3092         (JSC::numberProtoFuncToString):
3093         * runtime/UString.cpp:
3094         * wtf/DecimalNumber.h:
3095         (WTF::DecimalNumber::DecimalNumber):
3096         * wtf/dtoa.cpp:
3097         (WTF::dtoa):
3098
3099 2011-06-10  Tony Chang  <tony@chromium.org>
3100
3101         Reviewed by Ojan Vafai.
3102
3103         add a compile guard ENABLE(FLEXBOX)
3104         https://bugs.webkit.org/show_bug.cgi?id=62049
3105
3106         * Configurations/FeatureDefines.xcconfig:
3107
3108 2011-06-10  Gavin Barraclough  <barraclough@apple.com>
3109
3110         Reviewed by Sam Weinig.
3111
3112         https://bugs.webkit.org/show_bug.cgi?id=55347
3113         "name" and "message" enumerable on *Error.prototype
3114
3115         This arises from chapter 15 of the spec:
3116             "Every other property described in this clause has the attributes
3117             { [[Writable]]: true, [[Enumerable]]: false, [[Configurable]]: true }
3118             unless otherwise specified."
3119         Standardized properties are not enumerable.
3120
3121         * runtime/ErrorInstance.cpp:
3122         (JSC::ErrorInstance::ErrorInstance):
3123         * runtime/NativeErrorPrototype.cpp:
3124         (JSC::NativeErrorPrototype::NativeErrorPrototype):
3125
3126 2011-06-09  Geoffrey Garen  <ggaren@apple.com>
3127
3128         Build fix: Corrected header spelling.
3129
3130         * heap/OldSpace.h:
3131
3132 2011-06-09  Geoffrey Garen  <ggaren@apple.com>
3133
3134         Reviewed by Oliver Hunt.
3135
3136         Added OldSpace to the project
3137         https://bugs.webkit.org/show_bug.cgi?id=62417
3138         
3139         Currently unused.
3140         
3141         Added OldSpace, the ability to iterate NewSpace vs OldSpace, and a
3142         per-block flag for testing whether you're in NewSpace vs OldSpace.
3143
3144         * CMakeLists.txt:
3145         * GNUmakefile.list.am:
3146         * JavaScriptCore.gypi:
3147         * JavaScriptCore.pro:
3148         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3149         * JavaScriptCore.xcodeproj/project.pbxproj: Build!
3150
3151         * heap/MarkedBlock.cpp:
3152         (JSC::MarkedBlock::MarkedBlock):
3153         * heap/MarkedBlock.h:
3154         (JSC::MarkedBlock::inNewSpace):
3155         (JSC::MarkedBlock::setInNewSpace): Added inNewSpace flag, for use in
3156         write barrier.
3157
3158         * heap/NewSpace.cpp:
3159         (JSC::NewSpace::addBlock):
3160         (JSC::NewSpace::removeBlock):
3161         * heap/NewSpace.h:
3162         (JSC::NewSpace::forEachBlock): Added forEachBlock, to use for
3163         NewSpace-specific operations.
3164
3165         * heap/OldSpace.cpp: Added.
3166         (JSC::OldSpace::OldSpace):
3167         (JSC::OldSpace::addBlock):
3168         (JSC::OldSpace::removeBlock):
3169         * heap/OldSpace.h: Added.
3170         (JSC::OldSpace::forEachBlock): New class for holding promoted blocks.
3171         Not in use yet.
3172
3173 2011-06-09  Hyowon Kim  <hw1008.kim@samsung.com>
3174
3175         Reviewed by Antonio Gomes.
3176
3177         [EFL] Make accelerated compositing build in Webkit-EFL
3178         https://bugs.webkit.org/show_bug.cgi?id=62361
3179
3180         Add PLATFORM(EFL) to enable ACCELERATED_COMPOSITING on EFL port.
3181
3182         * wtf/Platform.h:
3183
3184 2011-06-09  Gavin Barraclough  <barraclough@apple.com>
3185
3186         Reviewed by Geoff Garen.
3187
3188         Bug 62405 - Fix integer overflow in Array.prototype.push
3189
3190         Fix geoff's review comments re static_cast.
3191
3192         * runtime/ArrayPrototype.cpp:
3193         (JSC::arrayProtoFuncPush):
3194
3195 2011-06-09  Geoffrey Garen  <ggaren@apple.com>
3196
3197         Reviewed by Oliver Hunt.
3198
3199         Factored MarkedBlock set management into a helper class with a fast case Bloom filter
3200         https://bugs.webkit.org/show_bug.cgi?id=62413
3201         
3202         SunSpider reports a small speedup.
3203         
3204         This is in preparation for having ConservativeSet operate on arbitrary
3205         sets of MarkedBlocks, and in preparation for conservative scanning
3206         becoming proportionally more important than other GC activities.
3207
3208         * GNUmakefile.list.am:
3209         * JavaScriptCore.gypi:
3210         * JavaScriptCore.xcodeproj/project.pbxproj: Build-o.
3211
3212         * heap/ConservativeRoots.cpp:
3213         (JSC::ConservativeRoots::add):
3214         * heap/ConservativeRoots.h:
3215         (JSC::ConservativeRoots::ConservativeRoots): Operate on a MarkedBlockSet
3216         directly, instead of a Heap, so we can operate on subsets of the Heap
3217         instead.
3218         
3219         Use a TinyBloomFilter for single-cycle exclusion of most pointers. This
3220         is particularly important since we expect not to find our subject pointer
3221         in the MarkedBlock hash, and hash misses are more expensive than typical
3222         hash lookups because they have high collision rates.
3223         
3224         No need for single-pointer add() to be public anymore, since nobody uses it.
3225
3226         * heap/Heap.cpp:
3227         (JSC::Heap::markRoots):
3228         * heap/Heap.h:
3229         (JSC::Heap::forEachCell):
3230         (JSC::Heap::forEachBlock): Use MarkedBlockSet since that's what
3231         ConservativeRoots relies on.
3232         
3233         Nixed contains(), since nobody uses it anymore.
3234
3235         * heap/MarkedBlock.h:
3236         (WTF::MarkedBlockHash::hash): Added a faster hash taking advantage of
3237         the VM layout properties of MarkedBlocks.
3238
3239         * heap/MarkedBlockSet.h: Added.
3240         (JSC::MarkedBlockSet::add):
3241         (JSC::MarkedBlockSet::remove):
3242         (JSC::MarkedBlockSet::recomputeFilter):
3243         (JSC::MarkedBlockSet::filter):
3244         (JSC::MarkedBlockSet::set):
3245         * heap/TinyBloomFilter.h: Added.
3246         (JSC::TinyBloomFilter::TinyBloomFilter):
3247         (JSC::TinyBloomFilter::add):
3248         (JSC::TinyBloomFilter::ruleOut): New helper class, used above.
3249
3250         * interpreter/RegisterFile.cpp:
3251         (JSC::RegisterFile::gatherConservativeRoots): No need to specifically
3252         exclude values by tag -- the tiny bloom filter is already a register-register
3253         compare, so adding another "rule out" factor just slows things down.
3254
3255 2011-06-09  Gavin Barraclough  <barraclough@apple.com>
3256
3257         Reviewed by Oliver Hunt.
3258
3259         Bug 62405 - Fix integer overflow in Array.prototype.push
3260
3261         There are three integer overflows here, leading to safe (not a security risk)
3262         but incorrect (non-spec-compliant) behaviour.
3263
3264         Two overflows occur when calculating the new length after pushing (one in the
3265         fast version of push in JSArray, one in the generic version in ArrayPrototype).
3266         The other occurs calculating indices to write to when multiple items are pushed.
3267
3268         These errors result in three test-262 failures.
3269
3270         * runtime/ArrayPrototype.cpp:
3271         (JSC::arrayProtoFuncPush):
3272         * runtime/JSArray.cpp:
3273         (JSC::JSArray::put):
3274         (JSC::JSArray::push):
3275
3276 2011-06-09  Dan Bernstein  <mitz@apple.com>
3277
3278         Reviewed by Anders Carlsson.
3279
3280         Add Vector::reverse()
3281         https://bugs.webkit.org/show_bug.cgi?id=62393
3282
3283         * wtf/Vector.h:
3284         (WTF::Vector::reverse): Added
3285
3286 2011-06-08  Geoffrey Garen  <ggaren@apple.com>
3287
3288         Reviewed by Oliver Hunt.
3289
3290         Factored a bunch of Heap functionality into stand-alone functors
3291         https://bugs.webkit.org/show_bug.cgi?id=62337
3292         
3293         This is in preparation for making these functors operate on arbitrary
3294         sets of MarkedBlocks.
3295
3296         * JavaScriptCore.exp: This file is a small tragedy.
3297
3298         * debugger/Debugger.cpp:
3299         (JSC::Debugger::recompileAllJSFunctions): Updated for type change and rename.
3300
3301         * heap/HandleHeap.h:
3302         (JSC::HandleHeap::forEachStrongHandle): New function for iterating all
3303         strong handles, so we can play along in the functor game.
3304
3305         * heap/Heap.cpp:
3306         (JSC::CountFunctor::CountFunctor::CountFunctor):
3307         (JSC::CountFunctor::CountFunctor::count):
3308         (JSC::CountFunctor::CountFunctor::returnValue):
3309         (JSC::CountFunctor::ClearMarks::operator()):
3310         (JSC::CountFunctor::ResetAllocator::operator()):
3311         (JSC::CountFunctor::Sweep::operator()):
3312         (JSC::CountFunctor::MarkCount::operator()):
3313         (JSC::CountFunctor::Size::operator()):
3314         (JSC::CountFunctor::Capacity::operator()):
3315         (JSC::CountFunctor::Count::operator()):
3316         (JSC::CountFunctor::CountIfGlobalObject::operator()):
3317         (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
3318         (JSC::CountFunctor::TakeIfEmpty::operator()):
3319         (JSC::CountFunctor::TakeIfEmpty::returnValue):
3320         (JSC::CountFunctor::RecordType::RecordType):
3321         (JSC::CountFunctor::RecordType::typeName):
3322         (JSC::CountFunctor::RecordType::operator()):
3323         (JSC::CountFunctor::RecordType::returnValue): These functors factor out
3324         behavior that used to be in the functions below.
3325
3326         (JSC::Heap::clearMarks):
3327         (JSC::Heap::sweep):
3328         (JSC::Heap::objectCount):
3329         (JSC::Heap::size):
3330         (JSC::Heap::capacity):
3331         (JSC::Heap::protectedGlobalObjectCount):
3332         (JSC::Heap::protectedObjectCount):
3333         (JSC::Heap::protectedObjectTypeCounts):
3334         (JSC::Heap::objectTypeCounts):
3335         (JSC::Heap::resetAllocator):
3336         (JSC::Heap::freeBlocks):
3337         (JSC::Heap::shrink): Factored out behavior into the functors above.
3338
3339         * heap/Heap.h:
3340         (JSC::Heap::forEachProtectedCell):
3341         (JSC::Heap::forEachCell):
3342         (JSC::Heap::forEachBlock): Added forEach* iteration templates. I chose
3343         functor-based templates instead of plain iterators because they're simpler
3344         to implement in this case and they require a lot less code at the call site.
3345
3346         * heap/MarkedBlock.h:
3347         (JSC::MarkedBlock::VoidFunctor::returnValue): Default parent class for
3348         trivial functors.
3349
3350         (JSC::MarkedBlock::forEachCell): Renamed forEach to forEachCell because
3351         we have a few different kind of "for each" now.
3352
3353         * runtime/JSGlobalData.cpp:
3354         (WTF::Recompile::operator()):
3355         (JSC::JSGlobalData::JSGlobalData):
3356         (JSC::JSGlobalData::recompileAllJSFunctions): Updated for type change and rename.
3357
3358         * runtime/JSGlobalData.h: Removed globalObjectCount because it was unused.
3359
3360 2011-06-08  Mikołaj Małecki  <m.malecki@samsung.com>
3361
3362         Reviewed by Pavel Feldman.
3363
3364         Web Inspector: Crash by buffer overrun crash when serializing inspector object tree.
3365         https://bugs.webkit.org/show_bug.cgi?id=52791
3366
3367         No new tests. The problem can be reproduced by trying to create InspectorValue
3368         from 1.0e-100 and call ->toJSONString() on this.
3369
3370         * JavaScriptCore.exp:
3371         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3372         export 2 functions DecimalNumber::bufferLengthForStringExponential and
3373         DecimalNumber::toStringExponential.
3374
3375 2011-06-08  Sheriff Bot  <webkit.review.bot@gmail.com>
3376
3377         Unreviewed, rolling out r88404.
3378         http://trac.webkit.org/changeset/88404
3379         https://bugs.webkit.org/show_bug.cgi?id=62342
3380
3381         broke win and mac build (Requested by tony^work on #webkit).
3382
3383         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3384
3385 2011-06-08  Evan Martin  <evan@chromium.org>
3386
3387         Reviewed by Adam Barth.
3388
3389         [chromium] use gyp 'settings' type for settings target
3390         https://bugs.webkit.org/show_bug.cgi?id=62323
3391
3392         The 'settings' gyp target type is for targets that exist solely
3393         for their settings (no build rules).  The comment above this target
3394         says it's for this, but it incorrectly uses 'none'.
3395
3396         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3397
3398 2011-06-08  Sailesh Agrawal  <sail@chromium.org>
3399
3400         Reviewed by Mihai Parparita.
3401
3402         Chromium Mac: Enable overlay scrollbars
3403         https://bugs.webkit.org/show_bug.cgi?id=59756
3404
3405         Enable WTF_USE_WK_SCROLLBAR_PAINTER for Chromium Mac. This allows us to use overlay scrollbars on future versions of Mac OS X.
3406
3407         * wtf/Platform.h:
3408
3409 2011-06-08  Oliver Hunt  <oliver@apple.com>
3410
3411         Reviewed by Geoffrey Garen.
3412
3413         Add faster lookup cache for multi character identifiers
3414         https://bugs.webkit.org/show_bug.cgi?id=62327
3415
3416         Add a non-hash lookup for mutiple character identifiers.  This saves us from
3417         adding repeated identifiers to the ParserArena's identifier list as people
3418         tend to not start all their variables and properties with the same character
3419         and happily identifier locality works in our favour.
3420
3421         * parser/ParserArena.h:
3422         (JSC::IdentifierArena::isEmpty):
3423         (JSC::IdentifierArena::clear):
3424         (JSC::IdentifierArena::makeIdentifier):
3425
3426 2011-06-08  Geoffrey Garen  <ggaren@apple.com>
3427
3428         Reviewed by Oliver Hunt.
3429
3430         Took some responsibilities away from NewSpace
3431         https://bugs.webkit.org/show_bug.cgi?id=62325
3432         
3433         NewSpace is basically just an allocator now.
3434         
3435         Heap acts as a controller, responsible for managing the set of all
3436         MarkedBlocks.
3437         
3438         This is in preparation for moving parts of the controller logic into
3439         separate helper classes that can act on arbitrary sets of MarkedBlocks
3440         that may or may not be in NewSpace.
3441
3442         * heap/Heap.cpp:
3443         (JSC::Heap::Heap):
3444         (JSC::Heap::destroy):
3445         (JSC::Heap::allocate):
3446         (JSC::Heap::markRoots):
3447         (JSC::Heap::clearMarks):
3448         (JSC::Heap::sweep):
3449         (JSC::Heap::objectCount):
3450         (JSC::Heap::size):
3451         (JSC::Heap::capacity):
3452         (JSC::Heap::collect):
3453         (JSC::Heap::resetAllocator):
3454         (JSC::Heap::allocateBlock):
3455         (JSC::Heap::freeBlocks):
3456         (JSC::Heap::shrink): Moved the set of MarkedBlocks from NewSpace to Heap,
3457         along with all functions that operate on the set of MarkedBlocks. Also
3458         moved responsibility for deciding whether to allocate a new MarkedBlock,
3459         and for allocating it.
3460
3461         * heap/Heap.h:
3462         (JSC::Heap::contains):
3463         (JSC::Heap::forEach): Ditto.
3464
3465         * heap/NewSpace.cpp:
3466         (JSC::NewSpace::addBlock):
3467         (JSC::NewSpace::removeBlock):
3468         (JSC::NewSpace::resetAllocator):
3469         * heap/NewSpace.h:
3470         (JSC::NewSpace::waterMark):
3471         (JSC::NewSpace::allocate): Ditto.
3472
3473 2011-06-08  Geoffrey Garen  <ggaren@apple.com>
3474
3475         Reviewed by Oliver Hunt.
3476
3477         Some more MarkedSpace => NewSpace renaming
3478         https://bugs.webkit.org/show_bug.cgi?id=62305
3479
3480         * JavaScriptCore.exp:
3481         * JavaScriptCore.order:
3482         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3483         * heap/Heap.cpp:
3484         (JSC::Heap::Heap):
3485         (JSC::Heap::destroy):
3486         (JSC::Heap::reportExtraMemoryCostSlowCase):
3487         (JSC::Heap::allocate):
3488         (JSC::Heap::markRoots):
3489         (JSC::Heap::objectCount):
3490         (JSC::Heap::size):
3491         (JSC::Heap::capacity):
3492         (JSC::Heap::collect):
3493         (JSC::Heap::isValidAllocation):
3494         * heap/Heap.h:
3495         (JSC::Heap::markedSpace):
3496         (JSC::Heap::contains):
3497         (JSC::Heap::forEach):
3498         (JSC::Heap::allocate):
3499         * runtime/JSCell.h:
3500
3501 2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
3502
3503         Reviewed by Eric Seidel.
3504
3505         Add export macros to profiler headers.
3506         https://bugs.webkit.org/show_bug.cgi?id=27551
3507
3508         * profiler/Profiler.h:
3509
3510 2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
3511
3512         Reviewed by Eric Seidel.
3513
3514         Add export symbols to parser headers.
3515         https://bugs.webkit.org/show_bug.cgi?id=27551
3516
3517         * parser/SourceProviderCache.h:
3518
3519 2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
3520
3521         Reviewed by Eric Seidel.
3522
3523         Add export symbols to interpreter headers.
3524         https://bugs.webkit.org/show_bug.cgi?id=27551
3525
3526         * interpreter/Interpreter.h:
3527
3528 2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
3529
3530         Reviewed by Eric Seidel.
3531
3532         Add export symbols to debugger headers.
3533         https://bugs.webkit.org/show_bug.cgi?id=27551
3534
3535         * debugger/Debugger.h:
3536         * debugger/DebuggerCallFrame.h:
3537
3538 2011-06-08  Geoffrey Garen  <ggaren@apple.com>
3539
3540         Reviewed by Darin Adler.
3541
3542         Moved MarkedSpace.* to NewSpace.* in preparation for more renaming
3543         https://bugs.webkit.org/show_bug.cgi?id=62268
3544
3545         * CMakeLists.txt:
3546         * GNUmakefile.list.am:
3547         * JavaScriptCore.gypi:
3548         * JavaScriptCore.pro:
3549         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3550         * JavaScriptCore.xcodeproj/project.pbxproj:
3551         * heap/Heap.h:
3552         * heap/MarkedBlock.h:
3553         * heap/MarkedSpace.cpp: Removed.
3554         * heap/MarkedSpace.h: Removed.
3555         * heap/NewSpace.cpp: Copied from Source/JavaScriptCore/heap/MarkedSpace.cpp.
3556         * heap/NewSpace.h: Copied from Source/JavaScriptCore/heap/MarkedSpace.h.
3557
3558 2011-06-08  Sheriff Bot  <webkit.review.bot@gmail.com>
3559
3560         Unreviewed, rolling out r88365.
3561         http://trac.webkit.org/changeset/88365
3562         https://bugs.webkit.org/show_bug.cgi?id=62301
3563
3564         windows bots broken (Requested by loislo_ on #webkit).
3565
3566         * JavaScriptCore.exp:
3567
3568 2011-06-08  Ryan Sleevi  <rsleevi@chromium.org>
3569
3570         Reviewed by Tony Chang.
3571
3572         Suppress C++0x compat warnings when compiling Chromium port with GCC 4.6
3573
3574         Compiling Chromium port under GCC 4.6 produces warnings about nullptr
3575         https://bugs.webkit.org/show_bug.cgi?id=62242
3576
3577         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3578
3579 2011-06-08  Ademar de Souza Reis Jr.  <ademar.reis@openbossa.org>
3580
3581         Reviewed by Andreas Kling.
3582
3583         Webkit on SPARC Solaris has wrong endian
3584         https://bugs.webkit.org/show_bug.cgi?id=29407
3585
3586         Bug 57256 fixed one crash on misaligned reads on sparc/solaris, but
3587         there are more ocurrences of the same code pattern in webkit.
3588
3589         This patch includes the check on these other parts of the code.
3590
3591         This is a speculative fix, I don't have a sparc machine to test and
3592         don't know which kind of test would trigger a crash (but it's quite
3593         obvious that it's the same code duplicated in different files).
3594
3595         * runtime/UString.h:
3596         (JSC::UStringHash::equal):
3597         * wtf/text/StringHash.h:
3598         (WTF::StringHash::equal):
3599
3600 2011-06-08  Yael Aharon  <yael.aharon@nokia.com>
3601
3602         Reviewed by Andreas Kling.
3603
3604         [Qt] Build fix for building QtWebKit inside of Qt.
3605         https://bugs.webkit.org/show_bug.cgi?id=62280
3606
3607         Remove CONFIG=staticlib, because it causes the configure script to add -ljavascriptcore
3608         into QtWebKit.prl.
3609
3610         No new tests, as this is just a build fix.
3611
3612         * JavaScriptCore.pri:
3613
3614 2011-06-07  Geoffrey Garen  <ggaren@apple.com>
3615
3616         Reviewed by Oliver Hunt.
3617
3618         Split 'reset' into 'collect' and 'resetAllocator'
3619         https://bugs.webkit.org/show_bug.cgi?id=62267
3620
3621         * heap/Heap.cpp:
3622         (JSC::Heap::allocate):
3623         (JSC::Heap::collectAllGarbage):
3624         (JSC::Heap::collect):
3625         * heap/Heap.h:
3626         * heap/MarkedBlock.h:
3627         (JSC::MarkedBlock::resetAllocator):
3628         * heap/MarkedSpace.cpp:
3629         (JSC::MarkedSpace::resetAllocator):
3630         * heap/MarkedSpace.h:
3631         (JSC::MarkedSpace::SizeClass::resetAllocator):
3632
3633 2011-06-07  Geoffrey Garen  <ggaren@apple.com>
3634
3635         Reviewed by Sam Weinig.
3636
3637         Renamed some more marks to visits
3638         https://bugs.webkit.org/show_bug.cgi?id=62254
3639
3640         * heap/HandleHeap.cpp:
3641         (JSC::HandleHeap::visitStrongHandles):
3642         (JSC::HandleHeap::visitWeakHandles):
3643         * heap/HandleHeap.h:
3644         * heap/HandleStack.cpp:
3645         (JSC::HandleStack::visit):
3646         * heap/HandleStack.h:
3647         * heap/Heap.cpp:
3648         (JSC::Heap::markProtectedObjects):
3649         (JSC::Heap::markTempSortVectors):
3650         (JSC::Heap::markRoots):
3651         * heap/HeapRootVisitor.h:
3652         (JSC::HeapRootVisitor::visit):
3653         * runtime/ArgList.cpp:
3654         (JSC::MarkedArgumentBuffer::markLists):
3655
3656 2011-06-07  Gavin Barraclough  <barraclough@apple.com>
3657
3658         Reviewed by Sam Weinig
3659
3660         https://bugs.webkit.org/show_bug.cgi?id=55537
3661         Functions claim to have 'callee' which they actually don't (and shouldn't)
3662
3663         * JavaScriptCore.xcodeproj/project.pbxproj:
3664         * runtime/JSFunction.cpp:
3665         (JSC::JSFunction::getOwnPropertyNames):
3666
3667 2011-06-07  Juan C. Montemayor  <jmont@apple.com>
3668
3669         Reviewed by Darin Adler.
3670
3671         Make JSStaticFunction and JSStaticValue less "const"
3672         https://bugs.webkit.org/show_bug.cgi?id=62222
3673
3674         * API/JSObjectRef.h:
3675         * API/tests/testapi.c:
3676         (checkConstnessInJSObjectNames):
3677         (main):
3678         * JavaScriptCore.xcodeproj/project.pbxproj:
3679
3680 2011-06-07  Gavin Barraclough  <barraclough@apple.com>
3681
3682         Reviewed by Sam Weinig.
3683
3684         https://bugs.webkit.org/show_bug.cgi?id=62240
3685         DFG JIT - add support for for-loop array initialization.
3686
3687         Support put by val beyond vector length.
3688         Add a operationPutByValBeyondArrayBounds operation, make
3689         PutValVal call this if the vector length check fails.
3690
3691         * dfg/DFGJITCodeGenerator.h:
3692         (JSC::DFG::JITCodeGenerator::silentSpillGPR):
3693         (JSC::DFG::JITCodeGenerator::silentFillGPR):
3694         (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
3695         (JSC::DFG::JITCodeGenerator::isDoubleConstantWithInt32Value):
3696         (JSC::DFG::JITCodeGenerator::isJSConstantWithInt32Value):
3697         (JSC::DFG::JITCodeGenerator::isIntegerConstant):
3698         (JSC::DFG::JITCodeGenerator::valueOfIntegerConstant):
3699         * dfg/DFGOperations.cpp:
3700         (JSC::DFG::operationPutByValInternal):
3701         * dfg/DFGOperations.h:
3702         * dfg/DFGSpeculativeJIT.cpp:
3703         (JSC::DFG::SpeculativeJIT::compile):
3704         * dfg/DFGSpeculativeJIT.h:
3705
3706 2011-06-06  James Simonsen  <simonjam@chromium.org>
3707
3708         Reviewed by James Robinson.
3709
3710         Add monotonicallyIncreasingTime() to get monotonically increasing time
3711         https://bugs.webkit.org/show_bug.cgi?id=37743
3712
3713         * wtf/CurrentTime.cpp: Add monotonicallyIncreasingTime() for mac and a fallback implementation that just wraps currentTime().
3714         (WTF::monotonicallyIncreasingTime):
3715         * wtf/CurrentTime.h: Add monotonicallyIncreasingTime().
3716
3717 2011-06-06  Alexandru Chiculita  <achicu@adobe.com>
3718
3719         Reviewed by Kent Tamura.
3720
3721         Add ENABLE_CSS_EXCLUSIONS support for build-webkit script
3722         https://bugs.webkit.org/show_bug.cgi?id=61628
3723
3724         * Configurations/FeatureDefines.xcconfig:
3725
3726 2011-06-06  Mihnea Ovidenie  <mihnea@adobe.com>
3727
3728         Reviewed by Kent Tamura.
3729
3730         Add ENABLE(CSS_REGIONS) guard for CSS Regions support
3731         https://bugs.webkit.org/show_bug.cgi?id=61631
3732
3733         * Configurations/FeatureDefines.xcconfig:
3734
3735 2011-06-06  Carlos Garcia Campos  <cgarcia@igalia.com>
3736
3737         Unreviewed. Fix the GTK+ build.
3738
3739         * GNUmakefile.am: Add javascriptcore_cflags variable.
3740
3741 2011-06-04  Kevin Ollivier  <kevino@theolliviers.com>
3742
3743         [wx] Unreviewed build fix. Restore the PPC build and allow users to specify architectures
3744         to build on Mac.
3745
3746         * wtf/Platform.h:
3747
3748 2011-06-04  Gustavo Noronha Silva  <gns@gnome.org>
3749
3750         Unreviewed, MIPS build fix.
3751
3752         WebKitGTK+ tarball fails to build on MIPS.
3753         https://buildd.debian.org/status/fetch.php?pkg=webkitgtk%2B&arch=mips&ver=1.4.0-1&stamp=1304786691
3754
3755         * GNUmakefile.list.am: Add missing MIPS-related file to the list
3756         of files that are added to the tarball on make dist, and fix
3757         sorting.
3758
3759 2011-06-04  Sam Weinig  <sam@webkit.org>
3760
3761         Reviewed by Darin Adler.
3762
3763         Fix formatting of the output generated by KeywordLookupGenerator.py
3764         https://bugs.webkit.org/show_bug.cgi?id=62083
3765
3766         - Uses correct year for copyright.
3767         - Puts ending brace on same line as "else if"
3768         - Puts starting brace of function on its own line.
3769         - Adds some tasteful whitespace.
3770         - Adds comments to make clear that scopes are ending
3771         - Make macros actually split on two lines.
3772
3773         * KeywordLookupGenerator.py:
3774
3775 2011-06-04  Adam Barth  <abarth@webkit.org>
3776
3777         Reviewed by Eric Seidel.
3778
3779         KeywordLookupGenerator.py spams stdout in Chromium Linux build
3780         https://bugs.webkit.org/show_bug.cgi?id=62087
3781
3782         This action does not appear to be needed.
3783
3784         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3785
3786 2011-06-03  Oliver Hunt  <oliver@apple.com>
3787
3788         Reviewed by Maciej Stachowiak.
3789
3790         Lexer needs to provide Identifier for reserved words
3791         https://bugs.webkit.org/show_bug.cgi?id=62086
3792
3793         Alas it is necessary to provide an Identifier reference for keywords
3794         so that we can do the right thing when they're used in object literals.
3795         We now keep Identifiers for all reserved words in the CommonIdentifiers
3796         structure so that we can access them without a hash lookup.
3797
3798         * KeywordLookupGenerator.py:
3799         * parser/Lexer.cpp:
3800         (JSC::Lexer::parseIdentifier):
3801         * parser/Lexer.h:
3802         * runtime/CommonIdentifiers.cpp:
3803         (JSC::CommonIdentifiers::CommonIdentifiers):
3804         * runtime/CommonIdentifiers.h:
3805
3806 2011-06-03  Gavin Barraclough  <barraclough@apple.com>
3807
3808         Reviewed by Sam Weinig.
3809
3810         Add debug code to break on speculation failures.
3811
3812         * dfg/DFGJITCompiler.cpp:
3813         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
3814         (JSC::DFG::JITCompiler::compileFunction):
3815         * dfg/DFGNode.h:
3816
3817 2011-06-03  Gavin Barraclough  <barraclough@apple.com>
3818
3819         Reviewed by Sam Weinig.
3820
3821         https://bugs.webkit.org/show_bug.cgi?id=62082
3822         DFG JIT - bug passing arguments that need swap
3823
3824         This is really just a typo.
3825         When setting up the arguments for a call out to a C operation, we'll
3826         fail to swap arguments where this is necessary. For example, in the
3827         case of 2 arg calls, where the first argument is in %rdx & the second
3828         is in %rsi we should swap (exec will be passed in %rdi), but we don't.
3829
3830         This can also affect function calls passing three arguments.
3831
3832         * dfg/DFGJITCodeGenerator.h:
3833         (JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
3834             - Call swap with the correct arguments.
3835
3836 2011-06-03  Oliver Hunt  <oliver@apple.com>
3837
3838         Reviewed by Gavin Barraclough.
3839
3840         Force inlining of some hot lexer functions
3841         https://bugs.webkit.org/show_bug.cgi?id=62079
3842
3843         Fix more GCC stupidity
3844
3845         * parser/Lexer.h:
3846         (JSC::Lexer::isWhiteSpace):
3847         (JSC::Lexer::isLineTerminator):
3848
3849 2011-06-03  Oliver Hunt  <oliver@apple.com>
3850
3851         Reviewed by Gavin Barraclough.
3852
3853         GCC not inlining some functions that it really should be
3854         https://bugs.webkit.org/show_bug.cgi?id=62075
3855
3856         Add ALWAYS_INLINE to a number of parsing and lexing functions
3857         that should always be inlined.  This gets us ~1.4% on my ad hoc
3858         parser test.
3859
3860         * KeywordLookupGenerator.py:
3861         * parser/JSParser.cpp:
3862         (JSC::JSParser::next):
3863         (JSC::JSParser::nextTokenIsColon):
3864         (JSC::JSParser::consume):
3865         (JSC::JSParser::match):
3866         (JSC::JSParser::tokenStart):
3867         (JSC::JSParser::tokenLine):
3868         (JSC::JSParser::tokenEnd):
3869         * parser/Lexer.cpp:
3870         (JSC::isIdentPart):
3871
3872 2011-06-03  Oliver Hunt  <oliver@apple.com>
3873
3874         Whoops, fix last minute bug.
3875
3876         * parser/Lexer.cpp:
3877         (JSC::Lexer::parseIdentifier):
3878
3879 2011-06-03  Martin Robinson  <mrobinson@igalia.com>
3880
3881         Try to fix the GTK+ build.
3882
3883         * GNUmakefile.am: Clean up some spaces that should be tabs.
3884         * GNUmakefile.list.am: Add KeywordLookup.h to the source list
3885         and clean up some spaces that should be tabs.
3886
3887 2011-06-03  Oliver Hunt  <oliver@apple.com>
3888
3889         Reviewed by Geoffrey Garen.
3890
3891         Improve keyword lookup
3892         https://bugs.webkit.org/show_bug.cgi?id=61913
3893
3894         Rather than doing multiple hash lookups as we currently
3895         do when trying to identify keywords we now use an 
3896         automatically generated decision tree (essentially it's
3897         a hard coded patricia trie).  We still use the regular
3898         lookup table for the last few characters of an input as
3899         this allows us to completely skip all bounds checks.
3900
3901         * CMakeLists.txt:
3902         * DerivedSources.make:
3903         * DerivedSources.pro:
3904         * GNUmakefile.am:
3905         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3906         * JavaScriptCore.xcodeproj/project.pbxproj:
3907         * KeywordLookupGenerator.py: Added.
3908         * make-generated-sources.sh:
3909         * parser/Lexer.cpp:
3910         (JSC::Lexer::internalShift):
3911         (JSC::Lexer::shift):
3912         (JSC::Lexer::parseIdentifier):
3913         * parser/Lexer.h:
3914
3915 2011-06-03  Siddharth Mathur  <siddharth.mathur@nokia.com>
3916
3917         Reviewed by Benjamin Poulain.
3918
3919         [Qt] Build flag for experimental ICU library support
3920         https://bugs.webkit.org/show_bug.cgi?id=60786
3921
3922         Adds a build-time flag (CONFIG+=use_system_icu) that enables experimental 
3923         ICU powered Unicode support. 
3924
3925         * JavaScriptCore.pri: Support for use_system_icu CONFIG flag.
3926         * wtf/unicode/qt4/UnicodeQt4.h: Guard an include file with USE(ICU_UNICODE). 
3927
3928 2011-06-03  Alexis Menard  <alexis.menard@openbossa.org>
3929
3930         Reviewed by Benjamin Poulain.
3931
3932         [Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6.
3933         https://bugs.webkit.org/show_bug.cgi?id=61957
3934
3935         When building inside the Qt source tree, qmake always append the mkspecs
3936         defines after ours. We have to workaround and make sure that we append 
3937         our flags after the qmake variable used inside Qt. This workaround was provided 
3938         by our qmake folks. We need to append in both case because qmake behave differently
3939         when called with -spec or via SUBDIR+=. This patch unbreak r87950 on Mac for Qt port.
3940
3941         * JavaScriptCore.pro:
3942
3943 2011-06-02  Jay Civelli  <jcivelli@chromium.org>
3944
3945         Reviewed by Adam Barth.
3946
3947         Added a method to generate RFC 2822 compliant date strings.
3948         https://bugs.webkit.org/show_bug.cgi?id=7169
3949
3950         * wtf/DateMath.cpp:
3951         (WTF::twoDigitStringFromNumber):
3952         (WTF::makeRFC2822DateString):
3953         * wtf/DateMath.h:
3954
3955 2011-06-02  Alexis Menard  <alexis.menard@openbossa.org>
3956
3957         Reviewed by Andreas Kling.
3958
3959         [Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6.
3960         https://bugs.webkit.org/show_bug.cgi?id=61957
3961
3962         When building inside the Qt source tree, qmake always append the mkspecs
3963         defines after ours. We have to workaround and make sure that we append  
3964         our flags after the qmake variable used inside Qt. This workaround was provided
3965         by our qmake folks.
3966
3967         * JavaScriptCore.pro:
3968
3969 2011-06-01  Oliver Hunt  <oliver@apple.com>
3970
3971         Reviewed by Geoffrey Garen.
3972
3973         Add single character lookup cache to IdentifierArena
3974         https://bugs.webkit.org/show_bug.cgi?id=61879
3975
3976         Add a simple lookup cache for single ascii character
3977         identifiers.  Produces around a 2% improvement in parse
3978         time for my adhoc parser test.
3979
3980         * parser/ParserArena.h:
3981         (JSC::IdentifierArena::IdentifierArena):
3982         (JSC::IdentifierArena::clear):
3983         (JSC::IdentifierArena::makeIdentifier):
3984
3985 2011-05-31  Oliver Hunt  <oliver@apple.com>
3986
3987         Reviewed by Geoffrey Garen.
3988
3989         Freezing a function and its prototype causes browser to crash.
3990         https://bugs.webkit.org/show_bug.cgi?id=61758
3991
3992         Make JSObject::preventExtensions virtual so that we can override it
3993         and instantiate all lazy
3994
3995         * JavaScriptCore.exp:
3996         * runtime/JSFunction.cpp:
3997         (JSC::createPrototypeProperty):
3998         (JSC::JSFunction::preventExtensions):
3999         (JSC::JSFunction::getOwnPropertySlot):
4000         * runtime/JSFunction.h:
4001         * runtime/JSObject.h:
4002         * runtime/JSObject.cpp:
4003         (JSC::JSObject::seal):
4004         (JSC::JSObject::seal):
4005
4006 2011-06-01  Sheriff Bot  <webkit.review.bot@gmail.com>
4007
4008         Unreviewed, rolling out r87788.
4009         http://trac.webkit.org/changeset/87788
4010         https://bugs.webkit.org/show_bug.cgi?id=61856
4011
4012         breaks windows chromium canary (Requested by jknotten on
4013         #webkit).
4014
4015         * wtf/DateMath.cpp:
4016         (WTF::timeClip):
4017         * wtf/DateMath.h:
4018
4019 2011-06-01  Jay Civelli  <jcivelli@chromium.org>
4020
4021         Reviewed by Adam Barth.
4022
4023         Added a method to generate RFC 2822 compliant date strings.
4024         https://bugs.webkit.org/show_bug.cgi?id=7169
4025
4026         * wtf/DateMath.cpp:
4027         (WTF::twoDigitStringFromNumber):
4028         (WTF::makeRFC2822DateString):
4029         * wtf/DateMath.h:
4030
4031 2011-05-31  Yong Li  <yoli@rim.com>
4032
4033         Reviewed by Eric Seidel.
4034
4035         https://bugs.webkit.org/show_bug.cgi?id=54807
4036         We have been assuming plain bitfields (like "int a : 31") are always signed integers.
4037         However some compilers can treat them as unsigned. For example, RVCT 4.0 states plain
4038         bitfields (declared without either signed or unsigned qualifiers) are treats as unsigned.
4039         http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0348c/Babjddhe.html
4040         Although we can use "--signed-bitfields" flag to make RVCT 4.0 behave as most other compilers,
4041         always using "signed"/"unsigned" qualifier to declare integral type bitfields is still a good
4042         rule we should have in order to make our code independent from compilers and compiler flags.
4043
4044         No new test added because this change is not known to fix any issue.
4045
4046         * bytecode/StructureStubInfo.h:
4047
4048 2011-05-30  Hojong Han  <hojong.han@samsung.com>
4049
4050         Reviewed by Geoffrey Garen.
4051
4052         [JSC] malfunction during arithmetic condition check with negative number (-2147483648)
4053         https://bugs.webkit.org/show_bug.cgi?id=61416
4054
4055         * assembler/MacroAssemblerARM.h:
4056         (JSC::MacroAssemblerARM::branch32):
4057         * tests/mozilla/ecma/Expressions/11.12-1.js:
4058         (getTestCases):
4059
4060 2011-05-29  Geoffrey Garen  <ggaren@apple.com>
4061
4062         Reviewed by Sam Weinig.
4063
4064         Some heap refactoring
4065         https://bugs.webkit.org/show_bug.cgi?id=61704
4066