fourthTier: Landing the initial FTL logic in a single commit to avoid spurious
authoroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 25 Jul 2013 03:58:38 +0000 (03:58 +0000)
committeroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 25 Jul 2013 03:58:38 +0000 (03:58 +0000)
broken builds.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@153121 268f45cc-cd09-0410-ab3c-d52691b4dbfc

107 files changed:
LayoutTests/ChangeLog
LayoutTests/fast/js/regress/marsaglia-expected.txt [new file with mode: 0644]
LayoutTests/fast/js/regress/marsaglia.html [new file with mode: 0644]
LayoutTests/fast/js/regress/script-tests/marsaglia.js [new file with mode: 0644]
LayoutTests/platform/mac/TestExpectations
Source/JavaScriptCore/CMakeLists.txt
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/Configurations/FeatureDefines.xcconfig
Source/JavaScriptCore/Configurations/JavaScriptCore.xcconfig
Source/JavaScriptCore/GNUmakefile.list.am
Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
Source/JavaScriptCore/Target.pri
Source/JavaScriptCore/assembler/AbstractMacroAssembler.h
Source/JavaScriptCore/assembler/LinkBuffer.h
Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h
Source/JavaScriptCore/assembler/RepatchBuffer.h
Source/JavaScriptCore/bytecode/CodeBlock.cpp
Source/JavaScriptCore/bytecode/CodeBlock.h
Source/JavaScriptCore/bytecode/Operands.h
Source/JavaScriptCore/dfg/DFGAbstractState.cpp
Source/JavaScriptCore/dfg/DFGAbstractState.h
Source/JavaScriptCore/dfg/DFGDriver.cpp
Source/JavaScriptCore/dfg/DFGGPRInfo.h
Source/JavaScriptCore/dfg/DFGMinifiedNode.h
Source/JavaScriptCore/dfg/DFGNodeType.h
Source/JavaScriptCore/dfg/DFGOSRExit.cpp
Source/JavaScriptCore/dfg/DFGOSRExit.h
Source/JavaScriptCore/dfg/DFGOSRExitBase.cpp [new file with mode: 0644]
Source/JavaScriptCore/dfg/DFGOSRExitBase.h [new file with mode: 0644]
Source/JavaScriptCore/dfg/DFGOSRExitCompiler.cpp
Source/JavaScriptCore/dfg/DFGOSRExitCompiler64.cpp
Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp
Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.h
Source/JavaScriptCore/dfg/DFGOSRExitPreparation.cpp [new file with mode: 0644]
Source/JavaScriptCore/dfg/DFGOSRExitPreparation.h [new file with mode: 0644]
Source/JavaScriptCore/dfg/DFGOperations.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
Source/JavaScriptCore/dfg/DFGUseKind.h
Source/JavaScriptCore/dfg/DFGValueSource.h
Source/JavaScriptCore/dfg/DFGVariableEventStream.cpp
Source/JavaScriptCore/ftl/FTLAbbreviations.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLAbstractHeap.cpp [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLAbstractHeap.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.cpp [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLCArgumentGetter.cpp [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLCArgumentGetter.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLCapabilities.cpp [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLCapabilities.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLCommonValues.cpp [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLCommonValues.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLCompile.cpp [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLCompile.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLExitArgument.cpp [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLExitArgument.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLExitArgumentForOperand.cpp [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLExitArgumentForOperand.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLExitArgumentList.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLExitThunkGenerator.cpp [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLExitThunkGenerator.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLExitValue.cpp [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLExitValue.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLFormattedValue.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLIntrinsicRepository.cpp [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLIntrinsicRepository.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLJITCode.cpp [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLJITCode.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLLLVMHeaders.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLOSRExit.cpp [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLOSRExit.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLOSRExitCompilationInfo.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLOSRExitCompiler.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLOutput.cpp [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLOutput.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLState.cpp [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLState.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLThunks.cpp [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLThunks.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLTypedPointer.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLValueFormat.cpp [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLValueFormat.h [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLValueSource.cpp [new file with mode: 0644]
Source/JavaScriptCore/ftl/FTLValueSource.h [new file with mode: 0644]
Source/JavaScriptCore/jit/JITCode.h
Source/JavaScriptCore/runtime/InitializeThreading.cpp
Source/JavaScriptCore/runtime/Options.h
Source/WTF/ChangeLog
Source/WTF/Configurations/Base.xcconfig
Source/WTF/wtf/MathExtras.h
Source/WTF/wtf/StringPrintStream.h
Source/WebCore/Configurations/FeatureDefines.xcconfig
Source/WebKit/mac/Configurations/FeatureDefines.xcconfig
Source/WebKit2/Configurations/FeatureDefines.xcconfig
Tools/ChangeLog
Tools/Scripts/build-jsc
Tools/Scripts/build-webkit
Tools/Scripts/copy-webkitlibraries-to-product-directory
Tools/Scripts/export-llvm-build [new file with mode: 0755]
Tools/Scripts/webkitperl/FeatureList.pm
WebKitLibraries/ChangeLog
WebKitLibraries/LLVMIncludesMountainLion.tar.bz2 [new file with mode: 0644]
WebKitLibraries/LLVMLibrariesMountainLion.tar.bz2 [new file with mode: 0644]

index 7e9ef7c..2c802f2 100644 (file)
@@ -1,3 +1,26 @@
+2013-04-03  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: Just linking LLVM into JSC causes all plugin tests to fail
+        https://bugs.webkit.org/show_bug.cgi?id=113915
+
+        Reviewed by nobody.
+        
+        This is pretty funny. I don't know, yet, what is going on, but I don't want it to block other work.
+
+        * platform/mac/TestExpectations:
+
+2013-03-29  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: FTL JIT should be able to compile the Marsaglia random number generator
+        https://bugs.webkit.org/show_bug.cgi?id=113635
+
+        Reviewed by Oliver Hunt.
+
+        * fast/js/regress/marsaglia-expected.txt: Added.
+        * fast/js/regress/marsaglia.html: Added.
+        * fast/js/regress/script-tests/marsaglia.js: Added.
+        (marsaglia):
+
 2013-07-24  Daniel Bates  <dabates@apple.com>
 
         Add DRT test to ensure don't override z-index for overflow: scroll, -webkit-overflow-scrolling: touch
diff --git a/LayoutTests/fast/js/regress/marsaglia-expected.txt b/LayoutTests/fast/js/regress/marsaglia-expected.txt
new file mode 100644 (file)
index 0000000..3aa1c6b
--- /dev/null
@@ -0,0 +1,10 @@
+JSRegress/marsaglia
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS no exception thrown
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/fast/js/regress/marsaglia.html b/LayoutTests/fast/js/regress/marsaglia.html
new file mode 100644 (file)
index 0000000..2099709
--- /dev/null
@@ -0,0 +1,12 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script src="resources/regress-pre.js"></script>
+<script src="script-tests/marsaglia.js"></script>
+<script src="resources/regress-post.js"></script>
+<script src="../resources/js-test-post.js"></script>
+</body>
+</html>
diff --git a/LayoutTests/fast/js/regress/script-tests/marsaglia.js b/LayoutTests/fast/js/regress/script-tests/marsaglia.js
new file mode 100644 (file)
index 0000000..5f2ce01
--- /dev/null
@@ -0,0 +1,15 @@
+function marsaglia(m_z, m_w, n) {
+    var result;
+    for (var i = 0; i < n; ++i) {
+        m_z = (36969 * (m_z & 65535) + (m_z >> 16)) | 0;
+        m_w = (18000 * (m_w & 65535) + (m_w >> 16)) | 0;
+        result = ((m_z << 16) + m_w) | 0;
+    }
+    return result;
+}
+
+var result = 0;
+for (var i = 0; i < 100; ++i)
+    result += marsaglia(i, i + 1, 1000000);
+
+print(result);
index 25e9e66..aec5d1a 100644 (file)
@@ -47,7 +47,8 @@ accessibility/multiselect-list-reports-active-option.html
 fast/history/back-forward-reset-after-error-handling.html
 
 # Need to implement this in plugins code in WebKit
-plugins/reloadplugins-and-pages.html
+# Skipped for fourthTier, see https://bugs.webkit.org/show_bug.cgi?id=113915
+plugins/reloadplugins-and-pages.html [ Skip ]
 
 # This test requires ogg codecs
 media/media-can-play-ogg.html
@@ -72,7 +73,8 @@ http/tests/misc/image-checks-for-accept.html
 fast/dom/HTMLProgressElement/progress-element.html
 
 # eventSender needs to propagate the event to the calling window, not the main frame always.
-http/tests/plugins/plugin-document-has-focus.html
+# Skipped for fourthTier, see https://bugs.webkit.org/show_bug.cgi?id=113915
+http/tests/plugins/plugin-document-has-focus.html [ Skip ]
 
 # Requires testRunner.setMediaType() and implementation
 fast/media/print-restores-previous-mediatype.html
@@ -301,9 +303,13 @@ http/tests/websocket/tests/hybi/send-file-blob-fail.html
 fast/dom/MutationObserver/filesystem-callback-delivery.html
 
 # The WebKit plugin implementation does not support iframe shims.
-webkit.org/b/46223 plugins/iframe-shims.html
+# Skipped for fourthTier, see https://bugs.webkit.org/show_bug.cgi?id=113915
+webkit.org/b/46223 plugins/iframe-shims.html [ Skip ]
 
-webkit.org/b/116640 plugins/plugin-initiate-popup-window.html
+# This new test runs differently on the buildbot than it doesn on user
+# machines.  I'll ask jnd to fix it once he's back from vacation.
+# Skipped for fourthTier, see https://bugs.webkit.org/show_bug.cgi?id=113915
+webkit.org/b/116640 plugins/plugin-initiate-popup-window.html [ Skip ]
 
 # Requires WebP support.
 fast/canvas/canvas-toDataURL-webp.html
@@ -314,8 +320,9 @@ fast/images/webp-color-profile-lossy.html
 http/tests/images/webp-partial-load.html
 http/tests/images/webp-progressive-load.html
 
-# Times out because plugins aren't allowed to execute JS after NPP_Destroy has been called in WebKit1's OOP plugins implementation
-webkit.org/b/48929 plugins/evaluate-js-after-removing-plugin-element.html
+# Times out because plugins aren't allowed to execute JS after NPP_Destroy has been called in WebKit1's OOP plugins implementation http://webkit.org/b/48929
+# Skipped for fourthTier, see https://bugs.webkit.org/show_bug.cgi?id=113915
+webkit.org/b/48929 plugins/evaluate-js-after-removing-plugin-element.html [ Skip ]
 
 webkit.org/b/49182 animations/stop-animation-on-suspend.html [ Pass Failure ]
 
@@ -369,7 +376,8 @@ fast/dom/HTMLAnchorElement/anchor-download-unset.html
 
 # Timing out for unknown reasons.  Passes on Chromium, QT and GTK+.
 # https://bugs.webkit.org/show_bug.cgi?id=58924
-plugins/mouse-click-iframe-to-plugin.html
+# Skipped for fourthTier, see https://bugs.webkit.org/show_bug.cgi?id=113915
+# plugins/mouse-click-iframe-to-plugin.html [ Skip ]
 
 # HTTP 204 (No Content) should be ignored
 # https://bugs.webkit.org/show_bug.cgi?id=60206
@@ -568,6 +576,10 @@ webkit.org/b/82665 webarchive/test-css-url-resources-in-stylesheets.html [ Failu
 webkit.org/b/82665 webarchive/test-css-url-resources-inline-styles.html [ Failure ]
 
 webkit.org/b/82671 http/tests/inspector/resource-har-conversion.html [ Failure ]
+# https://bugs.webkit.org/show_bug.cgi?id=82668
+# Skipped for fourthTier, see https://bugs.webkit.org/show_bug.cgi?id=113915
+plugins/mouse-events.html [ Skip ]
+plugins/mouse-move-over-plugin-in-frame.html [ Skip ]
 
 webkit.org/b/82672 http/tests/xmlhttprequest/range-test.html [ Failure ]
 
@@ -600,6 +612,12 @@ webkit.org/b/82978 inspector/styles/svg-style.xhtml [ Pass Failure ]
 
 webkit.org/b/82979 fast/canvas/2d.text.draw.fill.maxWidth.gradient.html [ Pass Failure ]
 webkit.org/b/82979 canvas/philip/tests/2d.text.draw.align.center.html [ Pass Failure ]
+# https://bugs.webkit.org/show_bug.cgi?id=82972
+# Skipped for fourthTier, see https://bugs.webkit.org/show_bug.cgi?id=113915
+plugins/keyboard-events.html [ Skip ]
+plugins/layout-in-beforeload-listener-affects-plugin-loading.html [ Skip ]
+plugins/mouse-events-fixedpos.html [ Skip ]
+plugins/multiple-plugins.html [ Skip ]
 
 webkit.org/b/82980 http/tests/navigation/back-twice-without-commit.html [ Timeout ]
 
@@ -641,9 +659,11 @@ webkit.org/b/85969 http/tests/loading/post-in-iframe-with-back-navigation.html
 webkit.org/b/85709 inspector/extensions/extensions-eval-content-script.html
 webkit.org/b/85709 inspector/extensions/extensions-audits-content-script.html
 
-webkit.org/b/86480 plugins/npruntime/delete-plugin-within-setProperty.html [ Failure ]
-webkit.org/b/86480 plugins/npruntime/delete-plugin-within-hasProperty-return-true.html [ Failure ]
-webkit.org/b/86480 plugins/npruntime/delete-plugin-within-hasProperty-return-false.html [ Failure ]
+# https://bugs.webkit.org/show_bug.cgi?id=86480
+# Skipped for fourthTier, see https://bugs.webkit.org/show_bug.cgi?id=113915
+webkit.org/b/86480 plugins/npruntime/delete-plugin-within-setProperty.html [ Skip ]
+webkit.org/b/86480 plugins/npruntime/delete-plugin-within-hasProperty-return-true.html [ Skip ]
+webkit.org/b/86480 plugins/npruntime/delete-plugin-within-hasProperty-return-false.html [ Skip ]
 
 webkit.org/b/87347 fast/frames/flattening/iframe-tiny.html [ Pass Failure ]
 
@@ -674,6 +694,33 @@ compositing/iframes/overlapped-nested-iframes.html [ Pass Failure ]
 
 webkit.org/b/90725 media/media-blocked-by-beforeload.html [ Pass Failure ]
 
+# https://bugs.webkit.org/show_bug.cgi?id=90711
+fast/canvas/webgl/gl-vertexattribpointer.html
+
+# https://bugs.webkit.org/show_bug.cgi?id=90722
+inspector/profiler/heap-snapshot-comparison-show-next.html
+inspector/profiler/heap-snapshot-comparison-shown-node-count-preserved-when-sorting.html
+inspector/profiler/heap-snapshot-comparison-sorting.html
+inspector/profiler/heap-snapshot-containment-expansion-preserved-when-sorting.html
+
+# https://bugs.webkit.org/show_bug.cgi?id=90723
+inspector/debugger/set-breakpoint.html
+
+# https://bugs.webkit.org/show_bug.cgi?id=90724
+compositing/iframes/iframe-size-from-zero.html
+
+compositing/iframes/overlapped-nested-iframes.html [ Failure Pass ]
+
+# https://bugs.webkit.org/show_bug.cgi?id=90725
+media/media-blocked-by-beforeload.html
+
+# https://bugs.webkit.org/show_bug.cgi?id=90833
+fast/js/global-constructors.html
+
+# https://bugs.webkit.org/show_bug.cgi?id=91505
+# Skipped for fourthTier, see https://bugs.webkit.org/show_bug.cgi?id=113915
+platform/mac/plugins/root-object-premature-delete-crash.html [ Skip ]
+
 # This test depends on subpixel layout.
 webkit.org/b/92352 css3/flexbox/flex-rounding.html
 
@@ -880,17 +927,20 @@ platform/mac/fast/overflow/overflow-scrollbar-hit-test.html
 
 # --- Plugins ---
 # WebKit1 OOP plug-ins: Can't evaluate JavaScript from NPP_Destroy.
-plugins/document-open.html
-plugins/geturlnotify-during-document-teardown.html
-plugins/nested-plugin-objects.html
-plugins/netscape-destroy-plugin-script-objects.html
-plugins/open-and-close-window-with-plugin.html
+# Skipped for fourthTier, see https://bugs.webkit.org/show_bug.cgi?id=113915
+plugins/document-open.html [ Skip ]
+plugins/geturlnotify-during-document-teardown.html [ Skip ]
+plugins/nested-plugin-objects.html [ Skip ]
+plugins/netscape-destroy-plugin-script-objects.html [ Skip ]
+plugins/open-and-close-window-with-plugin.html [ Skip ]
 
 # WebKit1 OOP plug-ins: No support for getting the form value.
-plugins/form-value.html
+# Skipped for fourthTier, see https://bugs.webkit.org/show_bug.cgi?id=113915
+plugins/form-value.html [ Skip ]
 
 # WebKit1 OOP plug-ins: Exceptions aren't thrown on invoke failure.
-plugins/npruntime/invoke-failure.html
+# Skipped for fourthTier, see https://bugs.webkit.org/show_bug.cgi?id=113915
+plugins/npruntime/invoke-failure.html [ Skip ]
 
 # https://bugs.webkit.org/show_bug.cgi?id=93589
 # Very flaky, often failing on retry, too.
@@ -944,24 +994,29 @@ webkit.org/b/57688 fast/text/international/bidi-CS-after-AN.html [ Failure Pass
 webkit.org/b/57688 fast/text/international/thai-line-breaks.html [ Failure Pass ]
 
 # Fails on WK1, but passes on WK2.  (No syntax available for this situation.)
-webkit.org/b/58192 plugins/npp-set-window-called-during-destruction.html [ Failure Pass ]
+# Skipped for fourthTier, see https://bugs.webkit.org/show_bug.cgi?id=113915
+webkit.org/b/58192 plugins/npp-set-window-called-during-destruction.html [ Skip ]
 
-webkit.org/b/112646 plugins/private-browsing-mode.html [ Failure Pass ]
-webkit.org/b/112616 plugins/plugin-clip-subframe.html [ Failure Pass ]
+# Skipped for fourthTier, see https://bugs.webkit.org/show_bug.cgi?id=113915
+webkit.org/b/112646 plugins/private-browsing-mode.html [ Skip ]
+webkit.org/b/112616 plugins/plugin-clip-subframe.html [ Skip ]
 
 # Occasional assertion in JSNPObject::invalidate()
-webkit.org/b/112518 [ Debug ] plugins/object-onfocus-mutation-crash.html [ Crash Pass ]
-webkit.org/b/112518 [ Debug ] plugins/npruntime/evaluate.html [ Crash Pass ]
+# Skipped for fourthTier, see https://bugs.webkit.org/show_bug.cgi?id=113915
+webkit.org/b/112518 [ Debug ] plugins/object-onfocus-mutation-crash.html [ Skip ]
+webkit.org/b/112518 [ Debug ] plugins/npruntime/evaluate.html [ Skip ]
 
 # https://bugs.webkit.org/show_bug.cgi?id=104054
 webkit.org/b/104054 svg/custom/use-href-update-crash.svg [ Failure Pass ]
 
 # Flakey plugin tests
-webkit.org/b/82752 plugins/netscape-dom-access-and-reload.html [ Failure Pass ]
+# Skipped for fourthTier, see https://bugs.webkit.org/show_bug.cgi?id=113915
+webkit.org/b/82752 plugins/netscape-dom-access-and-reload.html [ Skip ]
 
 # Asserts sometimes
 webkit.org/b/111902 [ Debug ] fast/frames/sandboxed-iframe-navigation-allowed.html [ Crash Pass ]
-webkit.org/b/111902 [ Debug ] fast/frames/sandboxed-iframe-plugins.html [ Crash Pass ]
+# Skipped for fourthTier, see https://bugs.webkit.org/show_bug.cgi?id=113915
+webkit.org/b/111902 [ Debug ] fast/frames/sandboxed-iframe-plugins.html [ Skip ]
 webkit.org/b/111902 [ Debug ] http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients.html [ Crash Pass ]
 
 # Flaky tests when run multi-process
@@ -1197,7 +1252,8 @@ webkit.org/b/111647 [ Debug ] sputnik/Conformance/13_Function_Definition/S13_A4_
 webkit.org/b/111647 [ Debug ] sputnik/Unicode/Unicode_218/S7.6_A5.3_T2.html [ Slow ]
 
 webkit.org/b/111650 http/tests/cookies/third-party-cookie-relaxing.html [ Failure Pass ]
-webkit.org/b/111650 http/tests/plugins/third-party-cookie-accept-policy.html [ Failure Pass ]
+# Skipped for fourthTier, see https://bugs.webkit.org/show_bug.cgi?id=113915
+webkit.org/b/111650 http/tests/plugins/third-party-cookie-accept-policy.html [ Skip ]
 
 webkit.org/b/111754 inspector/debugger/debugger-expand-scope.html [ Crash Pass ]
 
@@ -1306,3 +1362,10 @@ webkit.org/b/118856 mathml/presentation/fenced-mi.html [ ImageOnlyFailure ]
 
 # Plug-in blocking callback doesn't exist in WebKit1, so skip and re-enable for WebKit2.
 plugins/unavailable-plugin-indicator-obscurity.html
+
+# fourthTier: Just linking LLVM into JSC causes all plugin tests to fail
+# https://bugs.webkit.org/show_bug.cgi?id=113915
+plugins [ Skip ]
+plugins/npruntime [ Skip ]
+http/tests/plugins [ Skip ]
+platform/mac/plugins [ Skip ]
index 1b89182..723f457 100644 (file)
@@ -102,11 +102,13 @@ set(JavaScriptCore_SOURCES
     dfg/DFGNodeFlags.cpp
     dfg/DFGOSREntry.cpp
     dfg/DFGOSRExit.cpp
+    dfg/DFGOSRExitBase.cpp
     dfg/DFGOSRExitCompiler.cpp
     dfg/DFGOSRExitCompiler32_64.cpp
     dfg/DFGOSRExitCompiler64.cpp
     dfg/DFGOSRExitCompilerCommon.cpp
     dfg/DFGOSRExitJumpPlaceholder.cpp
+    dfg/DFGOSRExitPreparation.cpp
     dfg/DFGOperations.cpp
     dfg/DFGPhase.cpp
     dfg/DFGPredictionPropagationPhase.cpp
index a847bf9..ace562c 100644 (file)
+2013-04-16  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: DFG should be able to query Structure without modifying it
+        https://bugs.webkit.org/show_bug.cgi?id=114708
+
+        Reviewed by Oliver Hunt.
+        
+        This is work towards allowing the DFG, and FTL, to run on a separate thread.
+        The idea is that the most evil thing that the DFG does that has thread-safety
+        issues is fiddling with Structures by calling Structure::get(). This can lead
+        to rematerialization of property tables, which is definitely not thread-safe
+        due to how StringImpl works. So, this patch completely side-steps the problem
+        by creating a new version of Structure::get, called
+        Structure::getWithoutMaterializing, which may choose to do an O(n) search if
+        necessary to avoid materialization. I believe this should be fine - the DFG
+        does't call into these code path often enough for this to matter, and most of
+        the time, the Structure that we call this on will already have a property
+        table because some inline cache would have already called ::get() on that
+        Structure.
+        
+        Also cleaned up the materialization logic: we can stop the search as soon as
+        we find any Structure with a property table rather than searching all the way
+        for a pinned one.
+
+        * bytecode/GetByIdStatus.cpp:
+        (JSC::GetByIdStatus::computeFor):
+        * bytecode/PutByIdStatus.cpp:
+        (JSC::PutByIdStatus::computeFromLLInt):
+        (JSC::PutByIdStatus::computeFor):
+        * runtime/Structure.cpp:
+        (JSC::Structure::findStructuresAndMapForMaterialization):
+        (JSC::Structure::materializePropertyMap):
+        (JSC::Structure::getWithoutMaterializing):
+        (JSC):
+        * runtime/Structure.h:
+        (Structure):
+        * runtime/StructureInlines.h:
+        (JSC::Structure::getWithoutMaterializing):
+        (JSC):
+
+2013-04-13  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: Fix release build.
+
+        * dfg/DFGOSRExitCompilerCommon.cpp:
+        * ftl/FTLExitValue.cpp:
+        * ftl/FTLOSRExitCompiler.cpp:
+
+2013-04-13  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: FTL should have OSR exit
+        https://bugs.webkit.org/show_bug.cgi?id=113623
+
+        Reviewed by Oliver Hunt.
+        
+        This implements OSR exit, and hilariously, it actually works. The idea is to have
+        LLVM call a no-return function on the off-ramp, passing it everything we know about
+        bytecode state that isn't already flushed to the call frame. Our own JIT takes care
+        of the rest.
+        
+        We can now run all of SunSpider, V8, and Kraken with the FTL enabled.
+        
+        The details are described in FTLOSRExit.h.
+
+        * CMakeLists.txt:
+        * GNUmakefile.list.am:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * Target.pri:
+        * assembler/AbstractMacroAssembler.h:
+        (Address):
+        (JSC::AbstractMacroAssembler::Address::withOffset):
+        * assembler/LinkBuffer.h:
+        (JSC::LinkBuffer::offsetOf):
+        (LinkBuffer):
+        * assembler/MacroAssemblerX86Common.h:
+        * assembler/RepatchBuffer.h:
+        (JSC::RepatchBuffer::RepatchBuffer):
+        (JSC::RepatchBuffer::~RepatchBuffer):
+        (RepatchBuffer):
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::tallyFrequentExitSites):
+        * bytecode/Operands.h:
+        (Operands):
+        (JSC):
+        (JSC::::dump):
+        * dfg/DFGAbstractState.cpp:
+        (JSC::DFG::AbstractState::initialize):
+        * dfg/DFGGPRInfo.h:
+        (DFG):
+        (GPRInfo):
+        * dfg/DFGMinifiedNode.h:
+        (JSC::DFG::belongsInMinifiedGraph):
+        * dfg/DFGNodeType.h:
+        (JSC::DFG::needsOSRBackwardRewiring):
+        (DFG):
+        (JSC::DFG::needsOSRForwardRewiring):
+        * dfg/DFGOSRExit.cpp:
+        (JSC::DFG::OSRExit::OSRExit):
+        (DFG):
+        (JSC::DFG::OSRExit::convertToForward):
+        * dfg/DFGOSRExit.h:
+        (OSRExit):
+        * dfg/DFGOSRExitBase.cpp: Added.
+        (DFG):
+        (JSC::DFG::OSRExitBase::considerAddingAsFrequentExitSiteSlow):
+        (JSC::DFG::OSRExitBase::doSearchForForwardConversion):
+        * dfg/DFGOSRExitBase.h: Added.
+        (DFG):
+        (JSC::DFG::OSRExitBase::OSRExitBase):
+        (OSRExitBase):
+        (JSC::DFG::OSRExitBase::considerAddingAsFrequentExitSite):
+        * dfg/DFGOSRExitCompiler.cpp:
+        * dfg/DFGOSRExitCompiler64.cpp:
+        (JSC::DFG::OSRExitCompiler::compileExit):
+        * dfg/DFGOSRExitCompilerCommon.cpp:
+        (JSC::DFG::handleExitCounts):
+        (JSC::DFG::reifyInlinedCallFrames):
+        (JSC::DFG::adjustAndJumpToTarget):
+        * dfg/DFGOSRExitCompilerCommon.h:
+        (DFG):
+        * dfg/DFGOSRExitPreparation.cpp: Added.
+        (DFG):
+        (JSC::DFG::prepareCodeOriginForOSRExit):
+        * dfg/DFGOSRExitPreparation.h: Added.
+        (DFG):
+        * dfg/DFGOperations.cpp:
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+        * dfg/DFGValueSource.h:
+        (JSC::DFG::ValueSource::forSpeculation):
+        * dfg/DFGVariableEventStream.cpp:
+        (JSC::DFG::VariableEventStream::reconstruct):
+        * ftl/FTLAbbreviations.h:
+        (JSC::FTL::functionType):
+        (FTL):
+        (JSC::FTL::typeOf):
+        (JSC::FTL::appendBasicBlock):
+        (JSC::FTL::insertBasicBlock):
+        (JSC::FTL::buildCall):
+        (JSC::FTL::setTailCall):
+        * ftl/FTLCArgumentGetter.cpp: Added.
+        (FTL):
+        (JSC::FTL::CArgumentGetter::loadNextAndBox):
+        * ftl/FTLCArgumentGetter.h: Added.
+        (FTL):
+        (JSC::FTL::isArgumentRegister):
+        (CArgumentGetter):
+        (JSC::FTL::CArgumentGetter::CArgumentGetter):
+        (JSC::FTL::CArgumentGetter::loadNext8):
+        (JSC::FTL::CArgumentGetter::loadNext32):
+        (JSC::FTL::CArgumentGetter::loadNext64):
+        (JSC::FTL::CArgumentGetter::loadNextPtr):
+        (JSC::FTL::CArgumentGetter::loadNextDouble):
+        (JSC::FTL::CArgumentGetter::nextAddress):
+        * ftl/FTLCompile.cpp:
+        (JSC::FTL::compile):
+        * ftl/FTLExitArgument.cpp: Added.
+        (FTL):
+        (JSC::FTL::ExitArgument::dump):
+        * ftl/FTLExitArgument.h: Added.
+        (FTL):
+        (ExitArgumentRepresentation):
+        (ExitArgument):
+        (JSC::FTL::ExitArgument::ExitArgument):
+        (JSC::FTL::ExitArgument::operator!):
+        (JSC::FTL::ExitArgument::format):
+        (JSC::FTL::ExitArgument::argument):
+        (JSC::FTL::ExitArgument::withFormat):
+        (JSC::FTL::ExitArgument::representation):
+        * ftl/FTLExitArgumentForOperand.cpp: Added.
+        (FTL):
+        (JSC::FTL::ExitArgumentForOperand::dump):
+        * ftl/FTLExitArgumentForOperand.h: Added.
+        (FTL):
+        (ExitArgumentForOperand):
+        (JSC::FTL::ExitArgumentForOperand::ExitArgumentForOperand):
+        (JSC::FTL::ExitArgumentForOperand::operator!):
+        (JSC::FTL::ExitArgumentForOperand::exitArgument):
+        (JSC::FTL::ExitArgumentForOperand::operand):
+        (JSC::FTL::lesserArgumentIndex):
+        * ftl/FTLExitArgumentList.h: Added.
+        (FTL):
+        * ftl/FTLExitThunkGenerator.cpp: Added.
+        (FTL):
+        (JSC::FTL::ExitThunkGenerator::ExitThunkGenerator):
+        (JSC::FTL::ExitThunkGenerator::~ExitThunkGenerator):
+        (JSC::FTL::ExitThunkGenerator::emitThunk):
+        * ftl/FTLExitThunkGenerator.h: Added.
+        (FTL):
+        (ExitThunkGenerator):
+        (JSC::FTL::ExitThunkGenerator::didThings):
+        * ftl/FTLExitValue.cpp: Added.
+        (FTL):
+        (JSC::FTL::ExitValue::dump):
+        * ftl/FTLExitValue.h: Added.
+        (FTL):
+        (ExitValue):
+        (JSC::FTL::ExitValue::ExitValue):
+        (JSC::FTL::ExitValue::operator!):
+        (JSC::FTL::ExitValue::dead):
+        (JSC::FTL::ExitValue::inJSStack):
+        (JSC::FTL::ExitValue::inJSStackAsInt32):
+        (JSC::FTL::ExitValue::inJSStackAsDouble):
+        (JSC::FTL::ExitValue::constant):
+        (JSC::FTL::ExitValue::exitArgument):
+        (JSC::FTL::ExitValue::kind):
+        (JSC::FTL::ExitValue::isDead):
+        (JSC::FTL::ExitValue::isInJSStackSomehow):
+        (JSC::FTL::ExitValue::isConstant):
+        (JSC::FTL::ExitValue::isArgument):
+        * ftl/FTLFormattedValue.h:
+        (FTL):
+        (JSC::FTL::noValue):
+        (JSC::FTL::int32Value):
+        (JSC::FTL::uInt32Value):
+        (JSC::FTL::booleanValue):
+        (JSC::FTL::jsValueValue):
+        (JSC::FTL::doubleValue):
+        * ftl/FTLJITCode.cpp:
+        (JSC::FTL::JITCode::initializeExitThunks):
+        (FTL):
+        (JSC::FTL::JITCode::exitThunks):
+        * ftl/FTLJITCode.h:
+        (JITCode):
+        * ftl/FTLLowerDFGToLLVM.cpp:
+        (FTL):
+        (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
+        (JSC::FTL::LowerDFGToLLVM::lower):
+        (JSC::FTL::LowerDFGToLLVM::transferAndCheckArguments):
+        (JSC::FTL::LowerDFGToLLVM::compileBlock):
+        (JSC::FTL::LowerDFGToLLVM::compileNode):
+        (JSC::FTL::LowerDFGToLLVM::compileGetLocal):
+        (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
+        (LowerDFGToLLVM):
+        (JSC::FTL::LowerDFGToLLVM::compileMovHint):
+        (JSC::FTL::LowerDFGToLLVM::compileZombieHint):
+        (JSC::FTL::LowerDFGToLLVM::compileMovHintAndCheck):
+        (JSC::FTL::LowerDFGToLLVM::compileAdd):
+        (JSC::FTL::LowerDFGToLLVM::compileArithSub):
+        (JSC::FTL::LowerDFGToLLVM::compileArithMul):
+        (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
+        (JSC::FTL::LowerDFGToLLVM::compileUInt32ToNumber):
+        (JSC::FTL::LowerDFGToLLVM::compileCheckStructure):
+        (JSC::FTL::LowerDFGToLLVM::compileGetByVal):
+        (JSC::FTL::LowerDFGToLLVM::speculateBackward):
+        (JSC::FTL::LowerDFGToLLVM::speculateForward):
+        (JSC::FTL::LowerDFGToLLVM::speculate):
+        (JSC::FTL::LowerDFGToLLVM::terminate):
+        (JSC::FTL::LowerDFGToLLVM::backwardTypeCheck):
+        (JSC::FTL::LowerDFGToLLVM::forwardTypeCheck):
+        (JSC::FTL::LowerDFGToLLVM::typeCheck):
+        (JSC::FTL::LowerDFGToLLVM::appendTypeCheck):
+        (JSC::FTL::LowerDFGToLLVM::lowInt32):
+        (JSC::FTL::LowerDFGToLLVM::lowCell):
+        (JSC::FTL::LowerDFGToLLVM::lowBoolean):
+        (JSC::FTL::LowerDFGToLLVM::speculateObject):
+        (JSC::FTL::LowerDFGToLLVM::isLive):
+        (JSC::FTL::LowerDFGToLLVM::use):
+        (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
+        (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
+        (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
+        (JSC::FTL::LowerDFGToLLVM::tryToSetConstantExitArgument):
+        (JSC::FTL::LowerDFGToLLVM::addExitArgument):
+        (JSC::FTL::LowerDFGToLLVM::linkOSRExitsAndCompleteInitializationBlocks):
+        (JSC::FTL::LowerDFGToLLVM::observeMovHint):
+        * ftl/FTLOSRExit.cpp: Added.
+        (FTL):
+        (JSC::FTL::OSRExit::OSRExit):
+        (JSC::FTL::OSRExit::codeLocationForRepatch):
+        (JSC::FTL::OSRExit::convertToForward):
+        * ftl/FTLOSRExit.h: Added.
+        (FTL):
+        (OSRExit):
+        * ftl/FTLOSRExitCompilationInfo.h: Added.
+        (FTL):
+        (JSC::FTL::OSRExitCompilationInfo::OSRExitCompilationInfo):
+        (OSRExitCompilationInfo):
+        * ftl/FTLOSRExitCompiler.cpp: Added.
+        (FTL):
+        (JSC::FTL::compileStub):
+        (JSC::FTL::compileFTLOSRExit):
+        * ftl/FTLOSRExitCompiler.h: Added.
+        (FTL):
+        * ftl/FTLOutput.h:
+        (JSC::FTL::Output::newBlock):
+        (JSC::FTL::Output::intToPtr):
+        (JSC::FTL::Output::load):
+        (JSC::FTL::Output::store):
+        (Output):
+        (JSC::FTL::Output::call):
+        (JSC::FTL::Output::convertToTailCall):
+        (FTL):
+        * ftl/FTLState.h:
+        (State):
+        * ftl/FTLThunks.cpp: Added.
+        (FTL):
+        (JSC::FTL::osrExitGenerationThunkGenerator):
+        * ftl/FTLThunks.h: Added.
+        (JSC):
+        (FTL):
+        * ftl/FTLValueFormat.cpp: Added.
+        (WTF):
+        (WTF::printInternal):
+        * ftl/FTLValueFormat.h: Added.
+        (FTL):
+        (WTF):
+        * ftl/FTLValueSource.cpp: Added.
+        (FTL):
+        (JSC::FTL::ValueSource::dump):
+        * ftl/FTLValueSource.h: Added.
+        (FTL):
+        (ValueSource):
+        (JSC::FTL::ValueSource::ValueSource):
+        (JSC::FTL::ValueSource::kind):
+        (JSC::FTL::ValueSource::operator!):
+        (JSC::FTL::ValueSource::node):
+
+2013-04-12  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: switch to using MCJIT and disable frame pointer elimination
+        https://bugs.webkit.org/show_bug.cgi?id=114542
+
+        Reviewed by Oliver Hunt and Michael Saboff.
+
+        * ftl/FTLCompile.cpp:
+        (JSC::FTL::compile):
+        * runtime/InitializeThreading.cpp:
+        (JSC::initializeThreadingOnce):
+
+2013-04-09  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: DFG should provide utilities for common OSR exit tasks
+        https://bugs.webkit.org/show_bug.cgi?id=114306
+
+        Reviewed by Mark Hahnenberg.
+        
+        Just abstract out some things that the FTL will want to use as well.
+
+        * CMakeLists.txt:
+        * GNUmakefile.list.am:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * Target.pri:
+        * dfg/DFGDriver.cpp:
+        (JSC::DFG::compile):
+        * dfg/DFGOSRExitCompiler.cpp:
+        * dfg/DFGOSRExitCompiler.h:
+        (OSRExitCompiler):
+        * dfg/DFGOSRExitCompiler32_64.cpp:
+        (JSC::DFG::OSRExitCompiler::compileExit):
+        * dfg/DFGOSRExitCompiler64.cpp:
+        (JSC::DFG::OSRExitCompiler::compileExit):
+        * dfg/DFGOSRExitCompilerCommon.cpp: Added.
+        (DFG):
+        (JSC::DFG::handleExitCounts):
+        (JSC::DFG::reifyInlinedCallFrames):
+        (JSC::DFG::adjustAndJumpToTarget):
+        * dfg/DFGOSRExitCompilerCommon.h: Added.
+        (DFG):
+
+2013-04-09  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: DFG should better abstract floating point arguments
+        https://bugs.webkit.org/show_bug.cgi?id=114300
+
+        Reviewed by Mark Hahnenberg.
+
+        * dfg/DFGFPRInfo.h:
+        (FPRInfo):
+        (JSC::DFG::FPRInfo::toArgumentRegister):
+
+2013-04-05  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: DFG should better abstract arguments
+        https://bugs.webkit.org/show_bug.cgi?id=114073
+
+        Reviewed by Mark Hahnenberg.
+
+        * dfg/DFGGPRInfo.h:
+        (GPRInfo):
+        (JSC::DFG::GPRInfo::toArgumentRegister):
+
+2013-04-03  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: put DFG data into a DFG::JITCode, and put common DFG and FTL data into something accessible from both DFG::JITCode and FTL::JITCode
+        https://bugs.webkit.org/show_bug.cgi?id=113905
+
+        Reviewed by Geoffrey Garen.
+        
+        This removes one pointer from CodeBlock.
+        
+        It also gives us a framework for having JITType-specific data in CodeBlock, by
+        putting it into the appropriate JITCode class (either DFG::JITCode or
+        FTL::JITCode). And it allows us to have DFG and FTL share some common data,
+        via DFG::CommonData, which is stored in both DFG::JITCode and FTL::JITCode and
+        always accessible via JITCode::dfgCommon().
+
+        * CMakeLists.txt:
+        * GNUmakefile.list.am:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * Target.pri:
+        * bytecode/CodeBlock.cpp:
+        (JSC):
+        (JSC::CodeBlock::dumpBytecode):
+        (JSC::CodeBlock::visitAggregate):
+        (JSC::CodeBlock::performTracingFixpointIteration):
+        (JSC::CodeBlock::finalizeUnconditionally):
+        (JSC::CodeBlock::stronglyVisitWeakReferences):
+        (JSC::CodeBlock::shrinkToFit):
+        (JSC::CodeBlock::tallyFrequentExitSites):
+        * bytecode/CodeBlock.h:
+        (CodeBlock):
+        (JSC::CodeBlock::setJITCode):
+        (JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
+        (JSC::DFGCodeBlocks::mark):
+        * dfg/DFGAssemblyHelpers.h:
+        * dfg/DFGCommonData.cpp: Added.
+        (DFG):
+        (JSC::DFG::CommonData::notifyCompilingStructureTransition):
+        (JSC::DFG::CommonData::shrinkToFit):
+        * dfg/DFGCommonData.h: Added.
+        (JSC):
+        (DFG):
+        (JSC::DFG::WeakReferenceTransition::WeakReferenceTransition):
+        (WeakReferenceTransition):
+        (CommonData):
+        (JSC::DFG::CommonData::CommonData):
+        * dfg/DFGDriver.cpp:
+        (JSC::DFG::compile):
+        (JSC::DFG::tryCompile):
+        (JSC::DFG::tryCompileFunction):
+        * dfg/DFGDriver.h:
+        (DFG):
+        (JSC::DFG::tryCompile):
+        (JSC::DFG::tryCompileFunction):
+        * dfg/DFGGraph.h:
+        (Graph):
+        * dfg/DFGJITCode.cpp: Added.
+        (DFG):
+        (JSC::DFG::JITCode::JITCode):
+        (JSC::DFG::JITCode::~JITCode):
+        (JSC::DFG::JITCode::dfgCommon):
+        (JSC::DFG::JITCode::dfg):
+        (JSC::DFG::JITCode::shrinkToFit):
+        * dfg/DFGJITCode.h: Added.
+        (DFG):
+        (JITCode):
+        (JSC::DFG::JITCode::appendOSREntryData):
+        (JSC::DFG::JITCode::osrEntryDataForBytecodeIndex):
+        (JSC::DFG::JITCode::appendOSRExit):
+        (JSC::DFG::JITCode::lastOSRExit):
+        (JSC::DFG::JITCode::appendSpeculationRecovery):
+        (JSC::DFG::JITCode::appendWatchpoint):
+        * dfg/DFGJITCompiler.cpp:
+        (JSC::DFG::JITCompiler::JITCompiler):
+        (JSC::DFG::JITCompiler::linkOSRExits):
+        (JSC::DFG::JITCompiler::link):
+        (JSC::DFG::JITCompiler::compile):
+        (JSC::DFG::JITCompiler::compileFunction):
+        * dfg/DFGJITCompiler.h:
+        (JITCompiler):
+        (JSC::DFG::JITCompiler::addWeakReference):
+        (JSC::DFG::JITCompiler::noticeOSREntry):
+        (JSC::DFG::JITCompiler::jitCode):
+        * dfg/DFGOSREntry.cpp:
+        (JSC::DFG::prepareOSREntry):
+        * dfg/DFGOSRExit.h:
+        (OSRExit):
+        * dfg/DFGOSRExitCompiler.cpp:
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
+        (JSC::DFG::SpeculativeJIT::backwardSpeculationCheck):
+        (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
+        (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
+        * dfg/DFGSpeculativeJIT32_64.cpp:
+        (JSC::DFG::SpeculativeJIT::compile):
+        * dfg/DFGSpeculativeJIT64.cpp:
+        (JSC::DFG::SpeculativeJIT::compile):
+        * dfg/DFGVariableEventStream.cpp:
+        * ftl/FTLCompile.cpp:
+        (JSC::FTL::compile):
+        * ftl/FTLJITCode.cpp:
+        (JSC::FTL::JITCode::JITCode):
+        (JSC::FTL::JITCode::~JITCode):
+        (FTL):
+        (JSC::FTL::JITCode::initializeCode):
+        (JSC::FTL::JITCode::addressForCall):
+        (JSC::FTL::JITCode::executableAddressAtOffset):
+        (JSC::FTL::JITCode::dataAddressAtOffset):
+        (JSC::FTL::JITCode::offsetOf):
+        (JSC::FTL::JITCode::size):
+        (JSC::FTL::JITCode::contains):
+        (JSC::FTL::JITCode::ftl):
+        (JSC::FTL::JITCode::dfgCommon):
+        * ftl/FTLJITCode.h:
+        (JITCode):
+        * ftl/FTLLowerDFGToLLVM.cpp:
+        (JSC::FTL::LowerDFGToLLVM::compileStructureTransitionWatchpoint):
+        (JSC::FTL::LowerDFGToLLVM::compilePutStructure):
+        (JSC::FTL::LowerDFGToLLVM::compilePhantomPutStructure):
+        (JSC::FTL::LowerDFGToLLVM::addWeakReference):
+        (LowerDFGToLLVM):
+        (JSC::FTL::LowerDFGToLLVM::weakPointer):
+        * ftl/FTLState.cpp:
+        (FTL):
+        (JSC::FTL::State::State):
+        (JSC::FTL::State::dumpState):
+        * ftl/FTLState.h:
+        (State):
+        * heap/DFGCodeBlocks.cpp:
+        (JSC::DFGCodeBlocks::~DFGCodeBlocks):
+        (JSC::DFGCodeBlocks::jettison):
+        (JSC::DFGCodeBlocks::clearMarks):
+        (JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks):
+        (JSC::DFGCodeBlocks::traceMarkedCodeBlocks):
+        * jit/JITCode.cpp:
+        (JSC::JITCode::dfgCommon):
+        (JSC):
+        (JSC::JITCode::dfg):
+        (JSC::JITCode::ftl):
+        (JSC::DirectJITCode::DirectJITCode):
+        (JSC::DirectJITCode::initializeCodeRef):
+        (JSC::DirectJITCode::addressForCall):
+        (JSC::DirectJITCode::executableAddressAtOffset):
+        (JSC::DirectJITCode::dataAddressAtOffset):
+        (JSC::DirectJITCode::offsetOf):
+        (JSC::DirectJITCode::size):
+        (JSC::DirectJITCode::contains):
+        * jit/JITCode.h:
+        (DFG):
+        (FTL):
+        (JSC):
+        (JITCode):
+        (DirectJITCode):
+
+2013-04-03  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: Include LLVM headers with surrounding #pragmas instead of using my #define
+        https://bugs.webkit.org/show_bug.cgi?id=113921
+
+        Reviewed by Oliver Hunt.
+        
+        The LLVM community wants us to continue including all of LLVM's C++ headers. Change
+        to using #pragma's to disable warnings that they cannot handle.
+
+        * ftl/FTLLLVMHeaders.h:
+
+2013-04-03  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: Everyone should know about the FTL
+        https://bugs.webkit.org/show_bug.cgi?id=113897
+
+        Reviewed by Mark Hahnenberg.
+        
+        In order to get OSR exit to work right, we need the distinction between DFG and
+        FTL to be clear even after compilation finishes, since they will have subtly
+        different OSR stories and likely use different data structures.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::resetStubInternal):
+        (JSC::ProgramCodeBlock::compileOptimized):
+        (JSC::EvalCodeBlock::compileOptimized):
+        (JSC::FunctionCodeBlock::compileOptimized):
+        (JSC::CodeBlock::adjustedExitCountThreshold):
+        (JSC::CodeBlock::tallyFrequentExitSites):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::setJITCode):
+        (JSC::CodeBlock::hasOptimizedReplacement):
+        (JSC::ExecState::isInlineCallFrame):
+        * ftl/FTLCompile.cpp:
+        (JSC::FTL::compile):
+        * ftl/FTLJITCode.cpp:
+        (JSC::FTL::JITCode::JITCode):
+        * ftl/FTLState.cpp:
+        (JSC::FTL::State::dumpState):
+        * heap/DFGCodeBlocks.cpp:
+        (JSC::DFGCodeBlocks::jettison):
+        * interpreter/Interpreter.cpp:
+        (JSC::getLineNumberForCallFrame):
+        (JSC::getCallerInfo):
+        * jit/JITCode.cpp:
+        (WTF::printInternal):
+        * jit/JITCode.h:
+        (JSC::JITCode::topTierJIT):
+        (JSC::JITCode::nextTierJIT):
+        (JITCode):
+        (JSC::JITCode::isJIT):
+        (JSC::JITCode::isLowerTier):
+        (JSC::JITCode::isHigherTier):
+        (JSC::JITCode::isLowerOrSameTier):
+        (JSC::JITCode::isHigherOrSameTier):
+        (JSC::JITCode::isOptimizingJIT):
+        * jit/JITDriver.h:
+        (JSC::jitCompileIfAppropriate):
+        (JSC::jitCompileFunctionIfAppropriate):
+        * jit/JITStubs.cpp:
+        (JSC::DEFINE_STUB_FUNCTION):
+        * runtime/Executable.cpp:
+        (JSC::EvalExecutable::compileOptimized):
+        (JSC::samplingDescription):
+        (JSC::ProgramExecutable::compileOptimized):
+        (JSC::FunctionExecutable::compileOptimizedForCall):
+        (JSC::FunctionExecutable::compileOptimizedForConstruct):
+
+2013-04-03  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: DFG should abstract out how it does forward exits, and that code should be simplified
+        https://bugs.webkit.org/show_bug.cgi?id=113894
+
+        Reviewed by Mark Hahnenberg.
+        
+        1) We previously had two different ways of convertingToForward, one path for
+           where we had a ValueRecovery for the current node and one where we didn't.
+           But the paths were doing exactly the same thing except that if you have a
+           ValueRecovery, you also find the last applicable mov hint and do some
+           extra things. This patch combines the two paths and bases both of them on
+           the previous no-ValueRecovery path, which was simpler to begin with.
+        
+        2) This moves the logic into DFG::OSRExit, which further simplifies the code
+           and makes the logic available to the FTL.
+
+        * dfg/DFGOSRExit.cpp:
+        (JSC::DFG::OSRExit::convertToForward):
+        (DFG):
+        * dfg/DFGOSRExit.h:
+        (DFG):
+        (OSRExit):
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
+
+2013-04-02  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: FTL should have the equivalent of a ValueRecovery
+        https://bugs.webkit.org/show_bug.cgi?id=113819
+
+        Reviewed by Mark Hahnenberg.
+        
+        This adds a way of saying that we have a value, we don't want to say what
+        node the value came from, but we know specifics of how the value is
+        formatted. This is the LLVM equivalent of DFG's ValueRecovery.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * ftl/FTLFormattedValue.h: Added.
+        (FTL):
+        (FormattedValue):
+        (JSC::FTL::FormattedValue::FormattedValue):
+        (JSC::FTL::FormattedValue::operator!):
+        (JSC::FTL::FormattedValue::format):
+        (JSC::FTL::FormattedValue::value):
+        * ftl/FTLLowerDFGToLLVM.cpp:
+        (JSC::FTL::LowerDFGToLLVM::compileUInt32ToNumber):
+        (JSC::FTL::LowerDFGToLLVM::speculateForward):
+        (JSC::FTL::LowerDFGToLLVM::weakPointer):
+
+2013-04-02  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: FTL should use the right abstract heap for Int32 array accesses
+        https://bugs.webkit.org/show_bug.cgi?id=113759
+
+        Reviewed by Mark Hahnenberg.
+
+        * ftl/FTLLowerDFGToLLVM.cpp:
+        (JSC::FTL::LowerDFGToLLVM::compileGetByVal):
+
+2013-04-02  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: FTL should support fast property stores
+        https://bugs.webkit.org/show_bug.cgi?id=113757
+
+        Reviewed by Oliver Hunt.
+        
+        Simplified the task of handling property transitions and reduced amount of code
+        duplication between the JITs.
+        
+        Added PutByOffset, PutStructure, PhantomPutStructure, WeakJSConstant, and a
+        stub form of StructureTransitionWatchpoint to the FTL.
+        
+        Also simplified the creation of pointer constants, and fixed a bug in
+        speculateObject().
+
+        * dfg/DFGGraph.h:
+        (JSC::DFG::Graph::notifyCompilingStructureTransition):
+        (Graph):
+        * dfg/DFGJITCompiler.h:
+        (JITCompiler):
+        * dfg/DFGSpeculativeJIT32_64.cpp:
+        (JSC::DFG::SpeculativeJIT::compile):
+        * dfg/DFGSpeculativeJIT64.cpp:
+        (JSC::DFG::SpeculativeJIT::compile):
+        * ftl/FTLCapabilities.cpp:
+        (JSC::FTL::canCompile):
+        * ftl/FTLLowerDFGToLLVM.cpp:
+        (JSC::FTL::LowerDFGToLLVM::lower):
+        (JSC::FTL::LowerDFGToLLVM::compileNode):
+        (JSC::FTL::LowerDFGToLLVM::compileWeakJSConstant):
+        (LowerDFGToLLVM):
+        (JSC::FTL::LowerDFGToLLVM::compileStructureTransitionWatchpoint):
+        (JSC::FTL::LowerDFGToLLVM::compilePutStructure):
+        (JSC::FTL::LowerDFGToLLVM::compilePhantomPutStructure):
+        (JSC::FTL::LowerDFGToLLVM::compilePutByOffset):
+        (JSC::FTL::LowerDFGToLLVM::speculateObject):
+        (JSC::FTL::LowerDFGToLLVM::weakPointer):
+        * ftl/FTLOutput.h:
+        (Output):
+        (JSC::FTL::Output::constIntPtr):
+        (JSC::FTL::Output::absolute):
+
+2013-04-01  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: FTL should support some more integer arithmetic ops (negate, xor, urshift)
+        https://bugs.webkit.org/show_bug.cgi?id=113740
+
+        Reviewed by Geoffrey Garen.
+
+        * ftl/FTLAbbreviations.h:
+        (JSC::FTL::buildNeg):
+        (JSC::FTL::buildLShr):
+        * ftl/FTLCapabilities.cpp:
+        (JSC::FTL::canCompile):
+        * ftl/FTLLowerDFGToLLVM.cpp:
+        (JSC::FTL::LowerDFGToLLVM::compileNode):
+        (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
+        (LowerDFGToLLVM):
+        (JSC::FTL::LowerDFGToLLVM::compileBitXor):
+        (JSC::FTL::LowerDFGToLLVM::compileBitURShift):
+        (JSC::FTL::LowerDFGToLLVM::compileUInt32ToNumber):
+        * ftl/FTLOutput.h:
+        (JSC::FTL::Output::neg):
+        (JSC::FTL::Output::lShr):
+
+2013-04-01  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: FTL should support GetGlobalVar/PutGlobalVar
+        https://bugs.webkit.org/show_bug.cgi?id=113728
+
+        Reviewed by Gavin Barraclough.
+        
+        Removed the macro magic for the globals absolute abstract heap, since for anything
+        with absolute addresses we can just share a common absolute abstract heap. It
+        would only be a problem if we for example were emitting an access to a global but
+        not using an absolute address, and then wanted to say that this access was
+        constrained to global variables. I don't believe we do that, and I don't believe we
+        ever will.
+        
+        Then added Output::absolute(), a convenient way of building a typed pointer for an
+        absolute address.
+        
+        Then added GetGlobalVar/PutGlobalVar.
+
+        * ftl/FTLAbstractHeapRepository.cpp:
+        (JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):
+        * ftl/FTLAbstractHeapRepository.h:
+        (FTL):
+        (AbstractHeapRepository):
+        * ftl/FTLCapabilities.cpp:
+        (JSC::FTL::canCompile):
+        * ftl/FTLLowerDFGToLLVM.cpp:
+        (JSC::FTL::LowerDFGToLLVM::compileNode):
+        (JSC::FTL::LowerDFGToLLVM::compileGetGlobalVar):
+        (LowerDFGToLLVM):
+        (JSC::FTL::LowerDFGToLLVM::compilePutGlobalVar):
+        * ftl/FTLOutput.h:
+        (JSC::FTL::Output::absolute):
+        (Output):
+
+2013-03-31  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: FTL should support ArithSub
+        https://bugs.webkit.org/show_bug.cgi?id=113675
+
+        Reviewed by Oliver Hunt.
+        
+        This does the obvious bit of implementing ArithSub, but it also takes this
+        as an opportunity to clean up how intrinsics and common values (common types
+        and constants) are handled. Previously they were all lumped together in
+        FTL::Output. Now, in an effort to split up the files and make FTL::Output
+        less big, I created a thing called FTL::CommonValues which just tracks the
+        common values, and a thing called FTL::IntrinsicRepository which just tracks
+        intrinsics. These and FTL::Output are all related to each other in a linear
+        hierarchy. Moreover, IntrinsicRepository uses macro-fu to make it easy to
+        declare new intrinsics in the future.
+        
+        I also out-of-lined some things and made .cpp files for each of these classes.
+        Initialize I wasn't going to do this but then I realized that FTL::Output is
+        already included in multiple places. Probably it's better if some of its guts
+        are not inline, and it's also good to now have .cpp "landing pads" if we ever
+        want to add more things to that class.
+        
+        Note that a lot of how these things are designed has to do with the fact
+        that pretty soon here I'll have to switch us from using the LLVM global
+        context to using a context that we create. When that happens, anyone who
+        creates anything will have to know the context; that's why FTL::CommonValues
+        already knows the module but doesn't use it - in the future it will have to
+        do things with it.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * ftl/FTLAbbreviations.h:
+        (JSC::FTL::buildSub):
+        * ftl/FTLAbstractHeapRepository.cpp:
+        (JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):
+        * ftl/FTLCapabilities.cpp:
+        (JSC::FTL::canCompile):
+        * ftl/FTLCommonValues.cpp: Added.
+        (FTL):
+        (JSC::FTL::CommonValues::CommonValues):
+        * ftl/FTLCommonValues.h: Added.
+        (FTL):
+        (CommonValues):
+        (JSC::FTL::CommonValues::initialize):
+        * ftl/FTLIntrinsicRepository.cpp: Added.
+        (FTL):
+        (JSC::FTL::IntrinsicRepository::IntrinsicRepository):
+        * ftl/FTLIntrinsicRepository.h: Added.
+        (FTL):
+        (IntrinsicRepository):
+        * ftl/FTLLowerDFGToLLVM.cpp:
+        (JSC::FTL::LowerDFGToLLVM::compileNode):
+        (JSC::FTL::LowerDFGToLLVM::compileArithSub):
+        (LowerDFGToLLVM):
+        * ftl/FTLOutput.cpp: Added.
+        (FTL):
+        (JSC::FTL::Output::Output):
+        (JSC::FTL::Output::~Output):
+        * ftl/FTLOutput.h:
+        (Output):
+        (JSC::FTL::Output::initialize):
+        (JSC::FTL::Output::sub):
+        (JSC::FTL::Output::addWithOverflow32):
+        (JSC::FTL::Output::subWithOverflow32):
+        (JSC::FTL::Output::mulWithOverflow32):
+
+2013-03-31  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: FTL doesn't need virtual register allocation
+        https://bugs.webkit.org/show_bug.cgi?id=113679
+
+        Reviewed by Mark Hahnenberg.
+
+        * dfg/DFGDriver.cpp:
+        (JSC::DFG::dumpAndVerifyGraph):
+        (DFG):
+        (JSC::DFG::compile):
+
+2013-03-31  Filip Pizlo  <fpizlo@apple.com>
+
+        https://bugs.webkit.org/show_bug.cgi?id=113656
+        Fix Sam's nits.
+
+        Unreviewed.
+
+        * ftl/FTLAbstractHeap.cpp:
+        (JSC::FTL::IndexedAbstractHeap::initialize):
+        * ftl/FTLAbstractHeap.h:
+        (IndexedAbstractHeap):
+        (AbsoluteAbstractHeap):
+        * ftl/FTLAbstractHeapRepository.h:
+        (AbstractHeapRepository):
+
+2013-03-31  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: FTL JIT should support GetByVal on Int32 arrays
+        https://bugs.webkit.org/show_bug.cgi?id=113668
+
+        Reviewed by Sam Weinig.
+        
+        It actually already supported this, but needed to be told that it did.
+        
+        Also adds an option to enable LICM (loop-invariant code motion, i.e.
+        http://llvm.org/docs/Passes.html#licm-loop-invariant-code-motion). LICM
+        isn't doing me any good right now, but I guess I'll have to play with
+        it more. And this adds the ability to tweak the LLVM optimization level
+        from the command-line.
+
+        * ftl/FTLCapabilities.cpp:
+        (JSC::FTL::canCompile):
+        * ftl/FTLCompile.cpp:
+        (JSC::FTL::compile):
+        * ftl/FTLLowerDFGToLLVM.cpp:
+        (JSC::FTL::LowerDFGToLLVM::compileGetByVal):
+        * runtime/Options.h:
+        (JSC):
+
+2013-03-31  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: FTL JIT should supply TBAA meta-data to LLVM
+        https://bugs.webkit.org/show_bug.cgi?id=113656
+
+        Reviewed by Oliver Hunt.
+        
+        This adds support for performing strong typing on the LLVM IR that the FTL
+        generates, by using TBAA meta-data. This will permit LLVM to do aggressive
+        GVN, load elimination, and LICM optimization even if it sees pointer store
+        side-effects. The goal is to precisely model all loads and stores we emit,
+        except for the super crazy ones (GetById that can go all-out polymorphic,
+        or for example a Call where we know nothing).
+        
+        This is accomplished by introducing the notion of an AbstractHeap
+        typesystem. An AbstractHeap is a subset of all possible memory locations
+        that we might store to. For example, JSCell::m_structure and
+        JSObject::m_butterfly are two disjoint AbstractHeaps because we know that
+        a store to one cannot clobber the other. AbstractHeaps follow a
+        single-inheritance hierarchy. There is the root heap, which corresponds to
+        any possible memory location accessible to the JS engine, and then there
+        are heaps for all internal object fields, a heap for each global object,
+        and so on.
+        
+        There are three other tidbits here that make this somewhat more interesting.
+        We have a notion of an AbstractHeap-with-offset, called AbstractField.
+        JSCell::m_structure is actually an AbstractField. This allows us to say
+        things like m_out.loadPtr(base, m_heaps.JSCell_structure); this both
+        gives you the offset of JSCell::m_structure and ascribes TBAA meta-data for
+        the JSCell::m_structure heap to the generated load instrction.
+        
+        Another fun tidbit is the notion of Indexed, Numbered, and Absolute abstract
+        heaps. An indexed abstract heap corresponds to a set of locations that you
+        might access by index from some base. Virtual registers are a great example.
+        Though I call them just "variables" in the FTL. When we access a virtual
+        register, we know that we aren't interfering with accesses to
+        Structure-managed named properties, or with JSCell::m_structure, or with
+        other such disjoint heaps. But we also know that if we access a variable at
+        offset X and then another variable at offset Y and we know that X and Y are
+        unequal, then these two accesses are on disjoint subheaps of the variables
+        heap. This works out naturally for interference between, say, scoped variable
+        access and local variable access: if you access scoped variable r5 and then
+        access a local variable r5, these might interfere - and they will get the
+        same abstract subheap of the variables heap. IndexedAbstractHeaps
+        conveniently remember the size of the elements and will give you an
+        AbstractField (i.e. heap-with-offset) if you give it an index. This is great
+        for conveniently writing code that accesses contiguous arrays of well-typed
+        things. This allows you to literally do things like
+        m_out.load64(callFrameRegister, m_heaps.variables[operand]) and the right
+        thing will happen. You can also get the heap variables.atAnyIndex(), if
+        you're doing an access with an unknown index.
+        
+        Numbered and Absolute abstract heaps are related except that they don't
+        assume that the value used to get the abstract subheap corresponds to any
+        meaningful offset from any base. Numbered heaps, like the properties heap
+        (for named properties tracked by Structure), are "numbered" (not indexed)
+        by the propertyNumber. So you can emit a GetByOffset by separately
+        computing the offset and the propertyNumber (both values are stored in the
+        StorageAccessData), and passing the offset directly to Output::address()
+        and passing m_heaps.properties[propertyNumber] as the field. Absolute heaps
+        are similar, but are keyed on absolute address. This is appropriate for
+        global variables, and possibly other things.
+        
+        Finally, FTL::Output understands the notion of a pointer-with-TBAA-data,
+        and calls it a TypedPointer. TypedPointer is a tuple of a LLVMValueRef
+        referencing an intptr value and a pointer to an AbstractHeap. All load()
+        and store() operations now take a TypedPointer, and will perform the access
+        by casting the intptr to a pointer of the right type and then ascribing the
+        TBAA meta-data from the AbstractHeap.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * ftl/FTLAbbreviations.h:
+        (JSC::FTL::mdKindID):
+        (JSC::FTL::mdString):
+        (JSC::FTL::mdNode):
+        (FTL):
+        (JSC::FTL::setMetadata):
+        * ftl/FTLAbstractHeap.cpp: Added.
+        (FTL):
+        (JSC::FTL::AbstractHeap::tbaaMetadataSlow):
+        (JSC::FTL::AbstractHeap::decorateInstruction):
+        (JSC::FTL::IndexedAbstractHeap::IndexedAbstractHeap):
+        (JSC::FTL::IndexedAbstractHeap::~IndexedAbstractHeap):
+        (JSC::FTL::IndexedAbstractHeap::baseIndex):
+        (JSC::FTL::IndexedAbstractHeap::atSlow):
+        (JSC::FTL::IndexedAbstractHeap::initialize):
+        (JSC::FTL::NumberedAbstractHeap::NumberedAbstractHeap):
+        (JSC::FTL::NumberedAbstractHeap::~NumberedAbstractHeap):
+        (JSC::FTL::AbsoluteAbstractHeap::AbsoluteAbstractHeap):
+        (JSC::FTL::AbsoluteAbstractHeap::~AbsoluteAbstractHeap):
+        * ftl/FTLAbstractHeap.h: Added.
+        (FTL):
+        (AbstractHeap):
+        (JSC::FTL::AbstractHeap::AbstractHeap):
+        (JSC::FTL::AbstractHeap::isInitialized):
+        (JSC::FTL::AbstractHeap::initialize):
+        (JSC::FTL::AbstractHeap::parent):
+        (JSC::FTL::AbstractHeap::heapName):
+        (JSC::FTL::AbstractHeap::tbaaMetadata):
+        (AbstractField):
+        (JSC::FTL::AbstractField::AbstractField):
+        (JSC::FTL::AbstractField::initialize):
+        (JSC::FTL::AbstractField::offset):
+        (IndexedAbstractHeap):
+        (JSC::FTL::IndexedAbstractHeap::atAnyIndex):
+        (JSC::FTL::IndexedAbstractHeap::at):
+        (JSC::FTL::IndexedAbstractHeap::operator[]):
+        (JSC::FTL::IndexedAbstractHeap::returnInitialized):
+        (JSC::FTL::IndexedAbstractHeap::MyHashTraits::constructDeletedValue):
+        (JSC::FTL::IndexedAbstractHeap::MyHashTraits::isDeletedValue):
+        (NumberedAbstractHeap):
+        (JSC::FTL::NumberedAbstractHeap::atAnyNumber):
+        (JSC::FTL::NumberedAbstractHeap::at):
+        (JSC::FTL::NumberedAbstractHeap::operator[]):
+        (AbsoluteAbstractHeap):
+        (JSC::FTL::AbsoluteAbstractHeap::atAnyAddress):
+        (JSC::FTL::AbsoluteAbstractHeap::at):
+        (JSC::FTL::AbsoluteAbstractHeap::operator[]):
+        * ftl/FTLAbstractHeapRepository.cpp: Added.
+        (FTL):
+        (JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):
+        (JSC::FTL::AbstractHeapRepository::~AbstractHeapRepository):
+        * ftl/FTLAbstractHeapRepository.h: Added.
+        (FTL):
+        (AbstractHeapRepository):
+        * ftl/FTLLowerDFGToLLVM.cpp:
+        (JSC::FTL::LowerDFGToLLVM::lower):
+        (JSC::FTL::LowerDFGToLLVM::compileCheckStructure):
+        (JSC::FTL::LowerDFGToLLVM::compileGetButterfly):
+        (JSC::FTL::LowerDFGToLLVM::compileGetArrayLength):
+        (JSC::FTL::LowerDFGToLLVM::compileGetByVal):
+        (JSC::FTL::LowerDFGToLLVM::compileGetByOffset):
+        (JSC::FTL::LowerDFGToLLVM::speculateObject):
+        (JSC::FTL::LowerDFGToLLVM::addressFor):
+        (JSC::FTL::LowerDFGToLLVM::payloadFor):
+        (JSC::FTL::LowerDFGToLLVM::tagFor):
+        (LowerDFGToLLVM):
+        * ftl/FTLOutput.h:
+        (FTL):
+        (JSC::FTL::Output::Output):
+        (JSC::FTL::Output::initialize):
+        (JSC::FTL::Output::set):
+        (JSC::FTL::Output::load):
+        (JSC::FTL::Output::store):
+        (Output):
+        (JSC::FTL::Output::load32):
+        (JSC::FTL::Output::load64):
+        (JSC::FTL::Output::loadPtr):
+        (JSC::FTL::Output::store32):
+        (JSC::FTL::Output::store64):
+        (JSC::FTL::Output::storePtr):
+        (JSC::FTL::Output::addPtr):
+        (JSC::FTL::Output::address):
+        (JSC::FTL::Output::baseIndex):
+        * ftl/FTLTypedPointer.h: Added.
+        (FTL):
+        (TypedPointer):
+        (JSC::FTL::TypedPointer::TypedPointer):
+        (JSC::FTL::TypedPointer::operator!):
+        (JSC::FTL::TypedPointer::heap):
+        (JSC::FTL::TypedPointer::value):
+        * runtime/Options.h:
+        (JSC):
+
+2013-03-30  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: FTL JIT should be able to compile the Array.prototype.findGraphNode function in Kraken/ai-astar
+        https://bugs.webkit.org/show_bug.cgi?id=113646
+
+        Reviewed by Oliver Hunt.
+        
+        This adds enough FTL support to compile Array.prototype.findGraphNode. This isn't
+        a speed-up, yet, because findGraphNode tends to be aggressively inlined by the DFG,
+        and the FTL can't yet compile the things into which it was inlined. In future
+        patches we will get to a point where we can compile the callers, and then we'll be
+        able to see what the performance effects are.
+        
+        But the interesting thing is that it isn't a slow-down, either. This implies that
+        even if we FTL compile a CodeBlock that we shouldn't have (the fact that we
+        compiling things that end up being inlined is dumb, and the fact that the current
+        FTL tiering strategy launches LLVM for those things is even dumber), we still run
+        at OK performance.
+
+        * ftl/FTLCapabilities.cpp:
+        (JSC::FTL::canCompile):
+        * ftl/FTLLowerDFGToLLVM.cpp:
+        (JSC::FTL::LowerDFGToLLVM::transferAndCheckArguments):
+        (JSC::FTL::LowerDFGToLLVM::compileNode):
+        (JSC::FTL::LowerDFGToLLVM::compileCheckStructure):
+        (LowerDFGToLLVM):
+        (JSC::FTL::LowerDFGToLLVM::compileGetButterfly):
+        (JSC::FTL::LowerDFGToLLVM::compileGetArrayLength):
+        (JSC::FTL::LowerDFGToLLVM::compileGetByVal):
+        (JSC::FTL::LowerDFGToLLVM::compileGetByOffset):
+        (JSC::FTL::LowerDFGToLLVM::compileCompareEq):
+        (JSC::FTL::LowerDFGToLLVM::lowInt32):
+        (JSC::FTL::LowerDFGToLLVM::lowCell):
+        (JSC::FTL::LowerDFGToLLVM::lowObject):
+        (JSC::FTL::LowerDFGToLLVM::lowBoolean):
+        (JSC::FTL::LowerDFGToLLVM::lowJSValue):
+        (JSC::FTL::LowerDFGToLLVM::lowStorage):
+        (JSC::FTL::LowerDFGToLLVM::isNotInt32):
+        (JSC::FTL::LowerDFGToLLVM::isNotCell):
+        (JSC::FTL::LowerDFGToLLVM::isNotBoolean):
+        (JSC::FTL::LowerDFGToLLVM::speculate):
+        (JSC::FTL::LowerDFGToLLVM::speculateCell):
+        (JSC::FTL::LowerDFGToLLVM::speculateObject):
+        (JSC::FTL::LowerDFGToLLVM::accountedPointer):
+        (JSC::FTL::LowerDFGToLLVM::weakPointer):
+        * ftl/FTLOutput.h:
+        (JSC::FTL::Output::Output):
+        (JSC::FTL::Output::insertNewBlocksBefore):
+        (JSC::FTL::Output::appendTo):
+        (Output):
+        (JSC::FTL::Output::baseIndex):
+
+2013-03-29  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: FTL JIT should be able to compile the Marsaglia random number generator
+        https://bugs.webkit.org/show_bug.cgi?id=113635
+
+        Reviewed by Oliver Hunt.
+        
+        Just adding missing functionality.
+        
+        Also "fixed" OSR exit to use a call to abort() in addition to using Unreachable
+        since the latter doesn't actually mean trap - quite the opposite, it tells LLVM
+        that the code can never be reached.
+        
+        The Marsaglia function runs ~60% faster with FTL, than DFG. Not a terrible start.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * ftl/FTLAbbreviations.h:
+        (FTL):
+        (JSC::FTL::voidType):
+        (JSC::FTL::structType):
+        (JSC::FTL::functionType):
+        (JSC::FTL::addFunction):
+        (JSC::FTL::setLinkage):
+        (JSC::FTL::setFunctionCallingConv):
+        (JSC::FTL::addExternFunction):
+        (JSC::FTL::constIntToPtr):
+        (JSC::FTL::constBitCast):
+        (JSC::FTL::buildMul):
+        (JSC::FTL::buildOr):
+        (JSC::FTL::buildShl):
+        (JSC::FTL::buildAShr):
+        (JSC::FTL::buildCall):
+        (JSC::FTL::buildExtractValue):
+        (JSC::FTL::dumpModule):
+        (JSC::FTL::verifyModule):
+        * ftl/FTLCapabilities.cpp:
+        (JSC::FTL::canCompile):
+        * ftl/FTLCompile.cpp:
+        (JSC::FTL::compile):
+        * ftl/FTLLowerDFGToLLVM.cpp:
+        (JSC::FTL::LowerDFGToLLVM::lower):
+        (JSC::FTL::LowerDFGToLLVM::compileBlock):
+        (JSC::FTL::LowerDFGToLLVM::compileNode):
+        (JSC::FTL::LowerDFGToLLVM::compileAdd):
+        (LowerDFGToLLVM):
+        (JSC::FTL::LowerDFGToLLVM::compileArithMul):
+        (JSC::FTL::LowerDFGToLLVM::compileBitAnd):
+        (JSC::FTL::LowerDFGToLLVM::compileBitOr):
+        (JSC::FTL::LowerDFGToLLVM::compileBitRShift):
+        (JSC::FTL::LowerDFGToLLVM::compileBitLShift):
+        (JSC::FTL::LowerDFGToLLVM::compileCompareLess):
+        (JSC::FTL::LowerDFGToLLVM::compileBranch):
+        (JSC::FTL::LowerDFGToLLVM::speculateBackward):
+        (JSC::FTL::LowerDFGToLLVM::lowBoolean):
+        * ftl/FTLOutput.h:
+        (JSC::FTL::Output::Output):
+        (JSC::FTL::Output::initialize):
+        (JSC::FTL::Output::appendTo):
+        (Output):
+        (JSC::FTL::Output::mul):
+        (JSC::FTL::Output::bitOr):
+        (JSC::FTL::Output::shl):
+        (JSC::FTL::Output::aShr):
+        (JSC::FTL::Output::addWithOverflow32):
+        (JSC::FTL::Output::mulWithOverflow32):
+        (JSC::FTL::Output::extractValue):
+        (JSC::FTL::Output::call):
+        (JSC::FTL::Output::addWithOverflow32Function):
+        (JSC::FTL::Output::mulWithOverflow32Function):
+        * ftl/FTLState.cpp: Added.
+        (FTL):
+        (JSC::FTL::State::dumpState):
+        * ftl/FTLState.h:
+        (State):
+
+2013-03-29  Filip Pizlo  <fpizlo@apple.com>
+
+        Unreviewed, release mode build fix.
+
+        * ftl/FTLLowerDFGToLLVM.cpp:
+        (JSC::FTL::LowerDFGToLLVM::lowInt32):
+        (JSC::FTL::LowerDFGToLLVM::lowCell):
+        (JSC::FTL::LowerDFGToLLVM::lowBoolean):
+        (JSC::FTL::LowerDFGToLLVM::lowJSValue):
+
+2013-03-29  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: Change DO_NOT_INCLUDE_LLVM_CPP_HEADERS to LLVM_DO_NOT_INCLUDE_CPP_HEADERS
+        https://bugs.webkit.org/show_bug.cgi?id=113634
+
+        Reviewed by Dan Bernstein.
+
+        * ftl/FTLLLVMHeaders.h:
+
+2013-03-29  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: FTL JIT should be able run some simple function
+        https://bugs.webkit.org/show_bug.cgi?id=113481
+
+        Reviewed by Geoffrey Garen.
+        
+        I forgot to make a couple of the requested review changes, so I'm making
+        them now!
+
+        * ftl/FTLCompile.cpp:
+        (JSC::FTL::compile):
+        * ftl/FTLJITCode.h:
+
+2013-03-29  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: FTL JIT should be able run some simple function
+        https://bugs.webkit.org/show_bug.cgi?id=113481
+
+        Reviewed by Geoffrey Garen.
+        
+        This is the initial version of the FTL JIT (Fourth Tier LLVM JIT).
+        It includes a lowering from the DFG IR to LLVM IR (FTL::lowerDFGToLLVM)
+        and a "backend" step that invokes the LLVM and wraps the resulting
+        function in a thunk (FTL::compile).
+        
+        All LLVM IR building functions are wrapped up into a nicer FTL API.
+        First they're wrapped in an abbreviated API (FTLAbbreviations.h) and
+        then again into an object-oriented IR builder (FTLOutput.h).
+        
+        This runs things. I don't know how fast it runs things. And I don't
+        make any claims of stability. The FTL is runtime-disabled by default;
+        you will enable it by doing --useExperimentalFTL=true. Probably if you
+        do this, you will run slower, because of the heavy thunking we do, the
+        fact that we don't have anything resembling a sensible tiering story,
+        and because we only compile ridiculously tiny functions.
+            
+        Finally, this still requires a custom set of LLVM headers to build.
+        I am working on getting that up-streamed to LLVM, and separately I'll
+        make sure that we have a build checked into this branch.
+
+        * Configurations/JavaScriptCore.xcconfig:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bytecode/Operands.h:
+        (Operands):
+        (JSC::Operands::Operands):
+        * dfg/DFGAbstractState.h:
+        (JSC::DFG::AbstractState::needsTypeCheck):
+        (AbstractState):
+        (JSC::DFG::AbstractState::filterEdgeByUse):
+        * dfg/DFGDriver.cpp:
+        (JSC::DFG::compile):
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+        * dfg/DFGSpeculativeJIT.h:
+        (JSC::DFG::SpeculativeJIT::needsTypeCheck):
+        (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
+        (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
+        (DFG):
+        * dfg/DFGUseKind.h:
+        (JSC::DFG::shouldNotHaveTypeCheck):
+        (DFG):
+        (JSC::DFG::mayHaveTypeCheck):
+        (JSC::DFG::isDouble):
+        (JSC::DFG::isCell):
+        * ftl: Added.
+        * ftl/FTLAbbreviations.h: Added.
+        (FTL):
+        (JSC::FTL::int1Type):
+        (JSC::FTL::int32Type):
+        (JSC::FTL::int64Type):
+        (JSC::FTL::intPtrType):
+        (JSC::FTL::pointerType):
+        (JSC::FTL::getParam):
+        (JSC::FTL::constInt):
+        (JSC::FTL::appendBasicBlock):
+        (JSC::FTL::insertBasicBlock):
+        (JSC::FTL::buildAlloca):
+        (JSC::FTL::buildAdd):
+        (JSC::FTL::buildAnd):
+        (JSC::FTL::buildXor):
+        (JSC::FTL::buildLoad):
+        (JSC::FTL::buildStore):
+        (JSC::FTL::buildZExt):
+        (JSC::FTL::buildIntCast):
+        (JSC::FTL::buildIntToPtr):
+        (JSC::FTL::buildPtrToInt):
+        (JSC::FTL::buildICmp):
+        (JSC::FTL::buildSelect):
+        (JSC::FTL::buildBr):
+        (JSC::FTL::buildCondBr):
+        (JSC::FTL::buildRet):
+        (JSC::FTL::buildUnreachable):
+        * ftl/FTLCapabilities.cpp: Added.
+        (FTL):
+        (JSC::FTL::canCompile):
+        * ftl/FTLCapabilities.h: Added.
+        (FTL):
+        * ftl/FTLCompile.cpp: Added.
+        (FTL):
+        (JSC::FTL::compileEntry):
+        (JSC::FTL::compile):
+        * ftl/FTLCompile.h: Added.
+        (FTL):
+        * ftl/FTLJITCode.cpp: Added.
+        (FTL):
+        (JSC::FTL::JITCode::JITCode):
+        (JSC::FTL::JITCode::~JITCode):
+        (JSC::FTL::JITCode::addressForCall):
+        (JSC::FTL::JITCode::executableAddressAtOffset):
+        (JSC::FTL::JITCode::dataAddressAtOffset):
+        (JSC::FTL::JITCode::offsetOf):
+        (JSC::FTL::JITCode::size):
+        (JSC::FTL::JITCode::contains):
+        * ftl/FTLJITCode.h: Added.
+        (FTL):
+        (JITCode):
+        * ftl/FTLLLVMHeaders.h: Added.
+        * ftl/FTLLowerDFGToLLVM.cpp: Added.
+        (FTL):
+        (LowerDFGToLLVM):
+        (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
+        (JSC::FTL::LowerDFGToLLVM::lower):
+        (JSC::FTL::LowerDFGToLLVM::addFlushedLocalOpRoots):
+        (JSC::FTL::LowerDFGToLLVM::closeOverFlushedLocalOps):
+        (JSC::FTL::LowerDFGToLLVM::addFlushedLocalOp):
+        (JSC::FTL::LowerDFGToLLVM::addFlushedLocalEdge):
+        (JSC::FTL::LowerDFGToLLVM::transferAndCheckArguments):
+        (JSC::FTL::LowerDFGToLLVM::compileBlock):
+        (JSC::FTL::LowerDFGToLLVM::compileNode):
+        (JSC::FTL::LowerDFGToLLVM::compileJSConstant):
+        (JSC::FTL::LowerDFGToLLVM::compileGetLocal):
+        (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
+        (JSC::FTL::LowerDFGToLLVM::compileMovHintAndCheck):
+        (JSC::FTL::LowerDFGToLLVM::compilePhantom):
+        (JSC::FTL::LowerDFGToLLVM::compileReturn):
+        (JSC::FTL::LowerDFGToLLVM::speculateBackward):
+        (JSC::FTL::LowerDFGToLLVM::speculateForward):
+        (JSC::FTL::LowerDFGToLLVM::speculate):
+        (JSC::FTL::LowerDFGToLLVM::terminate):
+        (JSC::FTL::LowerDFGToLLVM::backwardTypeCheck):
+        (JSC::FTL::LowerDFGToLLVM::forwardTypeCheck):
+        (JSC::FTL::LowerDFGToLLVM::typeCheck):
+        (JSC::FTL::LowerDFGToLLVM::lowInt32):
+        (JSC::FTL::LowerDFGToLLVM::lowCell):
+        (JSC::FTL::LowerDFGToLLVM::lowBoolean):
+        (JSC::FTL::LowerDFGToLLVM::lowJSValue):
+        (JSC::FTL::LowerDFGToLLVM::checkNotInt32):
+        (JSC::FTL::LowerDFGToLLVM::unboxInt32):
+        (JSC::FTL::LowerDFGToLLVM::boxInt32):
+        (JSC::FTL::LowerDFGToLLVM::checkNotCell):
+        (JSC::FTL::LowerDFGToLLVM::checkNotBoolean):
+        (JSC::FTL::LowerDFGToLLVM::unboxBoolean):
+        (JSC::FTL::LowerDFGToLLVM::boxBoolean):
+        (JSC::FTL::LowerDFGToLLVM::speculateInt32):
+        (JSC::FTL::LowerDFGToLLVM::addressFor):
+        (JSC::FTL::LowerDFGToLLVM::payloadFor):
+        (JSC::FTL::LowerDFGToLLVM::tagFor):
+        (JSC::FTL::LowerDFGToLLVM::globalData):
+        (JSC::FTL::LowerDFGToLLVM::codeBlock):
+        (JSC::FTL::lowerDFGToLLVM):
+        * ftl/FTLLowerDFGToLLVM.h: Added.
+        (FTL):
+        * ftl/FTLOutput.h: Added.
+        (FTL):
+        (Output):
+        (JSC::FTL::Output::Output):
+        (JSC::FTL::Output::~Output):
+        (JSC::FTL::Output::initialize):
+        (JSC::FTL::Output::appendTo):
+        (JSC::FTL::Output::newBlock):
+        (JSC::FTL::Output::param):
+        (JSC::FTL::Output::constBool):
+        (JSC::FTL::Output::constInt32):
+        (JSC::FTL::Output::constIntPtr):
+        (JSC::FTL::Output::constInt64):
+        (JSC::FTL::Output::add):
+        (JSC::FTL::Output::bitAnd):
+        (JSC::FTL::Output::bitXor):
+        (JSC::FTL::Output::zeroExt):
+        (JSC::FTL::Output::intCast):
+        (JSC::FTL::Output::castToInt32):
+        (JSC::FTL::Output::get):
+        (JSC::FTL::Output::set):
+        (JSC::FTL::Output::load):
+        (JSC::FTL::Output::store):
+        (JSC::FTL::Output::load32):
+        (JSC::FTL::Output::load64):
+        (JSC::FTL::Output::loadPtr):
+        (JSC::FTL::Output::store32):
+        (JSC::FTL::Output::store64):
+        (JSC::FTL::Output::storePtr):
+        (JSC::FTL::Output::equal):
+        (JSC::FTL::Output::notEqual):
+        (JSC::FTL::Output::above):
+        (JSC::FTL::Output::aboveOrEqual):
+        (JSC::FTL::Output::below):
+        (JSC::FTL::Output::belowOrEqual):
+        (JSC::FTL::Output::greaterThan):
+        (JSC::FTL::Output::greaterThanOrEqual):
+        (JSC::FTL::Output::lessThan):
+        (JSC::FTL::Output::lessThanOrEqual):
+        (JSC::FTL::Output::isZero64):
+        (JSC::FTL::Output::notZero64):
+        (JSC::FTL::Output::testNonZero64):
+        (JSC::FTL::Output::select):
+        (JSC::FTL::Output::jump):
+        (JSC::FTL::Output::branch):
+        (JSC::FTL::Output::ret):
+        (JSC::FTL::Output::unreachable):
+        * ftl/FTLState.h: Added.
+        (FTL):
+        (State):
+        (JSC::FTL::State::State):
+        * runtime/InitializeThreading.cpp:
+        (JSC::initializeThreadingOnce):
+        * runtime/Options.h:
+        (JSC):
+
+2013-03-27  Filip Pizlo  <fpizlo@apple.com>
+
+        fourthTier: JITCode should abstract exactly how the JIT code is structured and where it was allocated
+        https://bugs.webkit.org/show_bug.cgi?id=113437
+
+        Reviewed by Mark Hahnenberg.
+        
+        JITCode is now a virtual base class, which will allow different JITs to have radically
+        different memory allocation and management conventions in the future. It will also
+        make it easier to store JIT-specific meta-data in CodeBlock just by putting it into
+        an appropriate JITCode subclass.
+        
+        For now there is one subclass, DirectJITCode, which just behaves like JITCode used to
+        behave.
+
+        * assembler/RepatchBuffer.h:
+        (JSC::RepatchBuffer::RepatchBuffer):
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::resetStubInternal):
+        (JSC::CodeBlock::bytecodeOffset):
+        (JSC::CodeBlock::codeOriginForReturn):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::setJITCode):
+        (JSC::CodeBlock::getJITCode):
+        (JSC::CodeBlock::getJITType):
+        (CodeBlock):
+        * dfg/DFGDriver.cpp:
+        (JSC::DFG::compile):
+        (JSC::DFG::tryCompile):
+        (JSC::DFG::tryCompileFunction):
+        * dfg/DFGDriver.h:
+        (DFG):
+        (JSC::DFG::tryCompile):
+        (JSC::DFG::tryCompileFunction):
+        * dfg/DFGJITCompiler.cpp:
+        (JSC::DFG::JITCompiler::compile):
+        (JSC::DFG::JITCompiler::compileFunction):
+        * dfg/DFGJITCompiler.h:
+        (JITCompiler):
+        * dfg/DFGOSREntry.cpp:
+        (JSC::DFG::prepareOSREntry):
+        * dfg/DFGOSRExit.cpp:
+        (JSC::DFG::OSRExit::codeLocationForRepatch):
+        * dfg/DFGOSRExitCompiler32_64.cpp:
+        (JSC::DFG::OSRExitCompiler::compileExit):
+        * dfg/DFGOSRExitCompiler64.cpp:
+        (JSC::DFG::OSRExitCompiler::compileExit):
+        * dfg/DFGOperations.cpp:
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::execute):
+        (JSC::Interpreter::executeCall):
+        (JSC::Interpreter::executeConstruct):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompile):
+        * jit/JIT.h:
+        (JSC::JIT::compile):
+        (JIT):
+        * jit/JITCode.cpp:
+        (JSC):
+        (JSC::JITCode::JITCode):
+        (JSC::JITCode::~JITCode):
+        (JSC::JITCode::execute):
+        (JSC::JITCode::hostFunction):
+        (JSC::DirectJITCode::DirectJITCode):
+        (JSC::DirectJITCode::~DirectJITCode):
+        (JSC::DirectJITCode::addressForCall):
+        (JSC::DirectJITCode::executableAddressAtOffset):
+        (JSC::DirectJITCode::dataAddressAtOffset):
+        (JSC::DirectJITCode::offsetOf):
+        (JSC::DirectJITCode::size):
+        (JSC::DirectJITCode::contains):
+        * jit/JITCode.h:
+        (JSC):
+        (JITCode):
+        (JSC::JITCode::bottomTierJIT):
+        (JSC::JITCode::topTierJIT):
+        (JSC::JITCode::nextTierJIT):
+        (JSC::JITCode::isOptimizingJIT):
+        (JSC::JITCode::isBaselineCode):
+        (JSC::JITCode::jitType):
+        (JSC::JITCode::jitTypeFor):
+        (JSC::JITCode::executableAddress):
+        (JSC::JITCode::start):
+        (JSC::JITCode::end):
+        (DirectJITCode):
+        * jit/JITDriver.h:
+        (JSC::jitCompileIfAppropriate):
+        (JSC::jitCompileFunctionIfAppropriate):
+        * jit/JITStubs.cpp:
+        (JSC::lazyLinkFor):
+        (JSC::DEFINE_STUB_FUNCTION):
+        * jit/ThunkGenerators.cpp:
+        (JSC::virtualForGenerator):
+        * llint/LLIntEntrypoints.cpp:
+        (JSC::LLInt::getFunctionEntrypoint):
+        (JSC::LLInt::getEvalEntrypoint):
+        (JSC::LLInt::getProgramEntrypoint):
+        * llint/LLIntEntrypoints.h:
+        (JSC):
+        (LLInt):
+        (JSC::LLInt::getEntrypoint):
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::jitCompileAndSetHeuristics):
+        (JSC::LLInt::entryOSR):
+        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+        * runtime/Executable.cpp:
+        (JSC::EvalExecutable::compileInternal):
+        (JSC::ProgramExecutable::compileInternal):
+        (JSC::FunctionExecutable::compileForCallInternal):
+        (JSC::FunctionExecutable::compileForConstructInternal):
+        * runtime/Executable.h:
+        (JSC::ExecutableBase::generatedJITCodeForCall):
+        (JSC::ExecutableBase::generatedJITCodeForConstruct):
+        (JSC::ExecutableBase::generatedJITCodeFor):
+        (ExecutableBase):
+        (JSC::ExecutableBase::hostCodeEntryFor):
+        (JSC::ExecutableBase::jsCodeEntryFor):
+        (JSC::ExecutableBase::jsCodeWithArityCheckEntryFor):
+        (JSC::NativeExecutable::create):
+        (JSC::NativeExecutable::finishCreation):
+        (JSC::EvalExecutable::generatedJITCode):
+        (JSC::ProgramExecutable::generatedJITCode):
+        * runtime/ExecutionHarness.h:
+        (JSC::prepareForExecution):
+        (JSC::prepareFunctionForExecution):
+
 2013-07-16  Oliver Hunt  <oliver@apple.com>
 
         Merged dfgFourthTier r148570
 
 2013-07-18  Chris Curtis  <chris_curtis@apple.com>
 
-        Fixed ASSERTION FAILED: callFrame == vm->topCallFrame in JSC::Interpreter::addStackTraceIfNecessary
+        Fixed ASSERTION FAILED: callFrame == globalData->topCallFrame in JSC::Interpreter::addStackTraceIfNecessary
         https://bugs.webkit.org/show_bug.cgi?id=118498
 
         Reviewed by Geoffrey Garen.
         2. The exception needs to be created, and the function pointer takes 2 
             parameters (callFrame->callerFrame(), callFrame.calleeAsValue()).
         3. The exception is already created. In this case, At the time when 
-            the error functor is called, vm.exception is returned. 
+            the error functor is called, globalData.exception is returned. 
 
         * llint/LLIntSlowPaths.cpp:
         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
         Previously, the requiredStack in StackPolicy::StackPolicy() was set to
         to a high value like 256K to reduce the chances of encountering an
         undetected stack overflow in a scenario where we have a combination of
-        deeply nested divs and a large amount recursive re-entries into the VM.
+        deeply nested divs and a large amount recursive re-entries into the JSGlobalData.
 
         However, this high value of requiredStack still does not completely
         ensure that we will never encounter an undetected stack overflow. It
         only lessens the probability of encountering it.
 
         Secondly, on some platforms, the total stack size can be less than 256K
-        to start with. Hence, this high value requiredStack renders the VM
+        to start with. Hence, this high value requiredStack renders the JSGlobalData
         unuseable on those platforms.
 
         This patch will fix the requiredStack to be more reasonable based on
-        real world stack usage by the VM. We won't (and cannot) try to prevent
+        real world stack usage by the JSGlobalData. We won't (and cannot) try to prevent
         undetected stack overflows outside of JSC as well. External code that
         do deep recursion (e.g. Documnet::updateLayout()) should do their own
         stack checks.
         JSManagedValue is destroyed upon deallocation. We would rather have improperly maintained 
         JSManagedValues cause memory leaks than take down the whole app. 
 
-        The fix is to use the callback to the JSC::Weak on the destruction of the VM so that we 
+        The fix is to use the callback to the JSC::Weak on the destruction of the JSGlobalData so that we 
         can safely null it out. This will prevent ~Weak from crashing.
 
         * API/JSManagedValue.mm:
         (JSC::msToGregorianDateTime):
         (JSC::parseDateFromNullTerminatedCharacters):
             - call getLocalTimeOffset instead of getUTCOffset/getDSTOffset
-        * runtime/VM.cpp:
-        (JSC::VM::resetDateCache):
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::resetDateCache):
             - removed cachedUTCOffset, converted DSTOffsetCache -> LocalTimeOffsetCache
-        * runtime/VM.h:
+        * runtime/JSGlobalData.h:
         (JSC::LocalTimeOffsetCache::LocalTimeOffsetCache):
         (JSC::LocalTimeOffsetCache::reset):
         (LocalTimeOffsetCache):
         (JSC::Interpreter::throwException):
         * runtime/JSGlobalObject.cpp:
         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
-        * runtime/VM.cpp:
+        * runtime/JSGlobalData.cpp:
         (JSC):
-        (JSC::VM::clearExceptionStack):
-        * runtime/VM.h:
-        (VM):
-        (JSC::VM::exceptionStack):
+        (JSC::JSGlobalData::clearExceptionStack):
+        * runtime/JSGlobalData.h:
+        (JSGlobalData):
+        (JSC::JSGlobalData::exceptionStack):
 
 2013-05-15  Commit Queue  <commit-queue@webkit.org>
 
 
         If scanExternalObjectGraph creates a new JSVirtualMachine wrapper during collection, when the 
         scanExternalObjectGraph call finishes and the autorelease pool is drained we will dealloc the 
-        JSVirtualMachine which will cause us to try to take the API lock for the corresponding VM
+        JSVirtualMachine which will cause us to try to take the API lock for the corresponding JSGlobalData
         If this happens on a GC thread other than the "main" thread, we will deadlock. The solution 
-        is to just check the VM cache, and if there is no JSVirtualMachine wrapper, return early.
+        is to just check the JSGlobalData cache, and if there is no JSVirtualMachine wrapper, return early.
 
         Reviewed by Darin Adler.
 
         (JSGlobalObject):
         * runtime/JSGlobalObjectFunctions.cpp:
         (JSC::globalFuncEval):
-        * runtime/VM.cpp:
-        (JSC::VM::VM):
-        * runtime/VM.h:
-        (VM):
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        * runtime/JSGlobalData.h:
+        (JSGlobalData):
 
 2013-05-08  Mark Hahnenberg  <mhahnenberg@apple.com>
 
         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::op):
         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::rt2):
         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::rt):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::vm):
+        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::globalData):
         (ARMv7DOpcodeVMOVSinglePrecision):
         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::op):
         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::rt2):
         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::rt):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::vm):
+        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::globalData):
         (ARMv7DOpcodeVMSR):
         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::opL):
         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::rt):
 2013-04-30  Mark Lam  <mark.lam@apple.com>
 
         JSContextGroupSetExecutionTimeLimit() should not pass a callback to the
-        VM watchdog if its client did not pass one in.
+        JSGlobalData watchdog if its client did not pass one in.
         https://bugs.webkit.org/show_bug.cgi?id=115461.
 
         Reviewed by Geoffrey Garen.
 
 2013-04-30  Oliver Hunt  <oliver@apple.com>
 
-        JSC Stack walking logic craches in the face of inlined functions triggering VM re-entry
+        JSC Stack walking logic craches in the face of inlined functions triggering JSGlobalData re-entry
         https://bugs.webkit.org/show_bug.cgi?id=115449
 
         Reviewed by Geoffrey Garen.
 
         Rename callframeishost to something that makes sense, and fix
         getCallerInfo to correctly handle inline functions calling into
-        the VM.
+        the JSGlobalData.
 
         * bytecode/CodeBlock.cpp:
         (JSC::CodeBlock::codeOriginForReturn):
 
         * heap/HeapTimer.cpp:
         (JSC::HeapTimer::HeapTimer):
-        * runtime/VM.cpp:
+        * runtime/JSGlobalData.cpp:
         (JSC::enableAssembler):
         Use adoptCF free function.
 
         It should. This doesn't cause us to leak physical memory, but it does cause us to leak virtual 
         address space (and probably mach ports), which is also bad :-( FixedVMPoolExecutableAllocator 
         also has this bug, but it doesn't matter much because there's only one instance of that class 
-        throughout the entire lifetime of the process, whereas each VM has its own SuperRegion. 
+        throughout the entire lifetime of the process, whereas each JSGlobalData has its own SuperRegion. 
 
         * heap/SuperRegion.cpp:
         (JSC::SuperRegion::~SuperRegion):
         * runtime/MathObject.cpp:
         (JSC):
         (JSC::mathProtoFuncIMul):
-        * runtime/VM.cpp:
+        * runtime/JSGlobalData.cpp:
         (JSC::thunkGeneratorForIntrinsic):
 
 2013-04-25  Filip Pizlo  <fpizlo@apple.com>
 
 2013-04-25  Oliver Hunt  <oliver@apple.com>
 
-        Make checkSyntax take a VM instead of an ExecState
+        Make checkSyntax take a JSGlobalData instead of an ExecState
 
         RS=Tim
 
index 4903d2b..9d6f772 100644 (file)
@@ -184,4 +184,6 @@ ENABLE_WORKERS = ENABLE_WORKERS;
 ENABLE_XHR_TIMEOUT = ENABLE_XHR_TIMEOUT;
 ENABLE_XSLT = ENABLE_XSLT;
 
-FEATURE_DEFINES = $(ENABLE_3D_RENDERING) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_BLOB) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CSP_NEXT) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_EXCLUSIONS) $(ENABLE_CSS_FILTERS) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SHADERS) $(ENABLE_CSS_SHAPES) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_STICKY_POSITION) $(ENABLE_CSS_TRANSFORMS_ANIMATIONS_UNPREFIXED) $(ENABLE_CSS_VARIABLES) $(ENABLE_CSS3_CONDITIONAL_RULES) $(ENABLE_CSS3_TEXT) $(ENABLE_CSS3_TEXT_LINE_BREAK) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DETAILS_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_DIALOG_ELEMENT) $(ENABLE_DIRECTORY_UPLOAD) $(ENABLE_DOM4_EVENTS_CONSTRUCTOR) $(ENABLE_DRAGGABLE_REGION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_ENCRYPTED_MEDIA_V2) $(ENABLE_FILE_SYSTEM) $(ENABLE_FILTERS) $(ENABLE_FONT_LOAD_EVENTS) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_HIDDEN_PAGE_DOM_TIMER_THROTTLING) $(ENABLE_HIGH_DPI_CANVAS) $(ENABLE_ICONDATABASE) $(ENABLE_IFRAME_SEAMLESS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_SPEECH) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_JAVASCRIPT_DEBUGGER) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LEGACY_WEB_AUDIO) $(ENABLE_LINK_PREFETCH) $(ENABLE_MATHML) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MICRODATA) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NOTIFICATIONS) $(ENABLE_PAGE_VISIBILITY_API) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_PLUGIN_PROXY_FOR_VIDEO) $(ENABLE_PROGRESS_ELEMENT) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REQUEST_ANIMATION_FRAME) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_SCRIPTED_SPEECH) $(ENABLE_SHADOW_DOM) $(ENABLE_SHARED_WORKERS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_SQL_DATABASE) $(ENABLE_STYLE_SCOPED) $(ENABLE_SUBPIXEL_LAYOUT) $(ENABLE_SVG) $(ENABLE_SVG_FONTS) $(ENABLE_TEMPLATE_ELEMENT) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_THREADED_HTML_PARSER) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VIDEO) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEBGL) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(ENABLE_WORKERS) $(ENABLE_XHR_TIMEOUT) $(ENABLE_XSLT) $(FEATURE_DEFINES_$(PLATFORM_NAME));
+ENABLE_FTL_JIT = ;
+
+FEATURE_DEFINES = $(ENABLE_3D_RENDERING) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_BLOB) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CSP_NEXT) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_EXCLUSIONS) $(ENABLE_CSS_FILTERS) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SHADERS) $(ENABLE_CSS_SHAPES) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_STICKY_POSITION) $(ENABLE_CSS_TRANSFORMS_ANIMATIONS_UNPREFIXED) $(ENABLE_CSS_VARIABLES) $(ENABLE_CSS3_CONDITIONAL_RULES) $(ENABLE_CSS3_TEXT) $(ENABLE_CSS3_TEXT_LINE_BREAK) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DETAILS_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_DIALOG_ELEMENT) $(ENABLE_DIRECTORY_UPLOAD) $(ENABLE_DOM4_EVENTS_CONSTRUCTOR) $(ENABLE_DRAGGABLE_REGION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_ENCRYPTED_MEDIA_V2) $(ENABLE_FILE_SYSTEM) $(ENABLE_FILTERS) $(ENABLE_FONT_LOAD_EVENTS) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_HIDDEN_PAGE_DOM_TIMER_THROTTLING) $(ENABLE_HIGH_DPI_CANVAS) $(ENABLE_ICONDATABASE) $(ENABLE_IFRAME_SEAMLESS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_SPEECH) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_JAVASCRIPT_DEBUGGER) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LEGACY_WEB_AUDIO) $(ENABLE_LINK_PREFETCH) $(ENABLE_MATHML) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MICRODATA) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NOTIFICATIONS) $(ENABLE_PAGE_VISIBILITY_API) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_PLUGIN_PROXY_FOR_VIDEO) $(ENABLE_PROGRESS_ELEMENT) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REQUEST_ANIMATION_FRAME) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_SCRIPTED_SPEECH) $(ENABLE_SHADOW_DOM) $(ENABLE_SHARED_WORKERS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_SQL_DATABASE) $(ENABLE_STYLE_SCOPED) $(ENABLE_SUBPIXEL_LAYOUT) $(ENABLE_SVG) $(ENABLE_SVG_FONTS) $(ENABLE_TEMPLATE_ELEMENT) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_THREADED_HTML_PARSER) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VIDEO) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEBGL) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(ENABLE_WORKERS) $(ENABLE_XHR_TIMEOUT) $(ENABLE_XSLT) $(ENABLE_FTL_JIT) $(FEATURE_DEFINES_$(PLATFORM_NAME));
index d5101d3..b3f23ae 100644 (file)
@@ -34,11 +34,18 @@ JSVALUE_MODEL_x86_64 = 64;
 
 // Prevent C++ standard library operator new, delete and their related exception types from being exported as weak symbols.
 OTHER_LDFLAGS_HIDE_SYMBOLS = -Wl,-unexported_symbol -Wl,__ZTISt9bad_alloc -Wl,-unexported_symbol -Wl,__ZTISt9exception -Wl,-unexported_symbol -Wl,__ZTSSt9bad_alloc -Wl,-unexported_symbol -Wl,__ZTSSt9exception -Wl,-unexported_symbol -Wl,__ZdlPvS_ -Wl,-unexported_symbol -Wl,__ZnwmPv -Wl,-all_load;
+
+OTHER_LDFLAGS_LLVM = $(OTHER_LDFLAGS_LLVM_$(ENABLE_FTL_JIT));
+OTHER_LDFLAGS_LLVM_ = ;
+OTHER_LDFLAGS_LLVM_ENABLE_FTL_JIT = -lpthread -lm -lgtest_main -lgtest -lLLVMTableGen -lLLVMDebugInfo -lLLVMOption -lLLVMX86Disassembler -lLLVMX86AsmParser -lLLVMX86CodeGen -lLLVMSelectionDAG -lLLVMAsmPrinter -lLLVMX86Desc -lLLVMX86Info -lLLVMX86AsmPrinter -lLLVMX86Utils -lLLVMIRReader -lLLVMAsmParser -lLLVMMCDisassembler -lLLVMMCParser -lLLVMInstrumentation -lLLVMArchive -lLLVMBitReader -lLLVMInterpreter -lLLVMipo -lLLVMVectorize -lLLVMLinker -lLLVMBitWriter -lLLVMMCJIT -lLLVMJIT -lLLVMCodeGen -lLLVMObjCARCOpts -lLLVMScalarOpts -lLLVMInstCombine -lLLVMTransformUtils -lLLVMipa -lLLVMAnalysis -lLLVMRuntimeDyld -lLLVMExecutionEngine -lLLVMTarget -lLLVMMC -lLLVMObject -lLLVMCore -lLLVMSupport;
+
+
+
 OTHER_LDFLAGS_BASE = -lobjc -Wl,-Y,3 $(OTHER_LDFLAGS_HIDE_SYMBOLS);
 OTHER_LDFLAGS = $(OTHER_LDFLAGS_$(PLATFORM_NAME));
 OTHER_LDFLAGS_iphoneos = $(OTHER_LDFLAGS_BASE);
 OTHER_LDFLAGS_iphonesimulator = $(OTHER_LDFLAGS_iphoneos);
-OTHER_LDFLAGS_macosx = $(OTHER_LDFLAGS_BASE) -sub_library libobjc -framework CoreServices;
+OTHER_LDFLAGS_macosx = $(OTHER_LDFLAGS_BASE) $(OTHER_LDFLAGS_LLVM) -sub_library libobjc -framework CoreServices;
 GCC_PREFIX_HEADER = JavaScriptCorePrefix.h;
 GCC_SYMBOLS_PRIVATE_EXTERN = YES;
 HEADER_SEARCH_PATHS = "${BUILT_PRODUCTS_DIR}/DerivedSources/JavaScriptCore" $(HEADER_SEARCH_PATHS);
index 496e289..1c1ced8 100644 (file)
@@ -254,9 +254,13 @@ javascriptcore_sources += \
        Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.h \
        Source/JavaScriptCore/dfg/DFGOSRExit.h \
        Source/JavaScriptCore/dfg/DFGOSRExit.cpp \
+       Source/JavaScriptCore/dfg/DFGOSRExitBase.h \
+       Source/JavaScriptCore/dfg/DFGOSRExitBase.cpp \
        Source/JavaScriptCore/dfg/DFGOSRExitCompilationInfo.h \
        Source/JavaScriptCore/dfg/DFGOSRExitJumpPlaceholder.cpp \
        Source/JavaScriptCore/dfg/DFGOSRExitJumpPlaceholder.h \
+       Source/JavaScriptCore/dfg/DFGOSRExitPreparation.h \
+       Source/JavaScriptCore/dfg/DFGOSRExitPreparation.cpp \
        Source/JavaScriptCore/dfg/DFGPhase.cpp \
        Source/JavaScriptCore/dfg/DFGPhase.h \
        Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp \
index 355921c..e6d032f 100644 (file)
     <ClCompile Include="..\runtime\JSCJSValue.cpp" />\r
     <ClCompile Include="..\runtime\JSDateMath.cpp" />\r
     <ClCompile Include="..\runtime\JSFunction.cpp" />\r
-    <ClCompile Include="..\runtime\VM.cpp" />\r
+    <ClCompile Include="..\runtime\JSGlobalData.cpp" />\r
     <ClCompile Include="..\runtime\JSGlobalObject.cpp" />\r
     <ClCompile Include="..\runtime\JSGlobalObjectFunctions.cpp" />\r
     <ClCompile Include="..\runtime\JSLock.cpp" />\r
     <ClInclude Include="..\runtime\JSDestructibleObject.h" />\r
     <ClInclude Include="..\runtime\JSExportMacros.h" />\r
     <ClInclude Include="..\runtime\JSFunction.h" />\r
-    <ClInclude Include="..\runtime\VM.h" />\r
+    <ClInclude Include="..\runtime\JSGlobalData.h" />\r
     <ClInclude Include="..\runtime\JSGlobalObject.h" />\r
     <ClInclude Include="..\runtime\JSGlobalObjectFunctions.h" />\r
     <ClInclude Include="..\runtime\JSLock.h" />\r
index 040601d..f82446e 100644 (file)
                0F21C27C14BE727600ADC64B /* ExecutionHarness.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F21C27A14BE727300ADC64B /* ExecutionHarness.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0F21C27D14BE727A00ADC64B /* CodeSpecializationKind.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F21C27914BE727300ADC64B /* CodeSpecializationKind.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0F21C27F14BEAA8200ADC64B /* BytecodeConventions.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F21C27E14BEAA8000ADC64B /* BytecodeConventions.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0F235BD117178E1C00690C7F /* FTLCArgumentGetter.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F235BBB17178E1C00690C7F /* FTLCArgumentGetter.cpp */; };
+               0F235BD217178E1C00690C7F /* FTLCArgumentGetter.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F235BBC17178E1C00690C7F /* FTLCArgumentGetter.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0F235BD317178E1C00690C7F /* FTLExitArgument.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F235BBD17178E1C00690C7F /* FTLExitArgument.cpp */; };
+               0F235BD417178E1C00690C7F /* FTLExitArgument.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F235BBE17178E1C00690C7F /* FTLExitArgument.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0F235BD517178E1C00690C7F /* FTLExitArgumentForOperand.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F235BBF17178E1C00690C7F /* FTLExitArgumentForOperand.cpp */; };
+               0F235BD617178E1C00690C7F /* FTLExitArgumentForOperand.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F235BC017178E1C00690C7F /* FTLExitArgumentForOperand.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0F235BD717178E1C00690C7F /* FTLExitArgumentList.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F235BC117178E1C00690C7F /* FTLExitArgumentList.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0F235BD817178E1C00690C7F /* FTLExitThunkGenerator.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F235BC217178E1C00690C7F /* FTLExitThunkGenerator.cpp */; };
+               0F235BD917178E1C00690C7F /* FTLExitThunkGenerator.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F235BC317178E1C00690C7F /* FTLExitThunkGenerator.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0F235BDA17178E1C00690C7F /* FTLExitValue.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F235BC417178E1C00690C7F /* FTLExitValue.cpp */; };
+               0F235BDB17178E1C00690C7F /* FTLExitValue.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F235BC517178E1C00690C7F /* FTLExitValue.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0F235BDC17178E1C00690C7F /* FTLOSRExit.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F235BC617178E1C00690C7F /* FTLOSRExit.cpp */; };
+               0F235BDD17178E1C00690C7F /* FTLOSRExit.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F235BC717178E1C00690C7F /* FTLOSRExit.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0F235BDE17178E1C00690C7F /* FTLOSRExitCompilationInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F235BC817178E1C00690C7F /* FTLOSRExitCompilationInfo.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0F235BDF17178E1C00690C7F /* FTLOSRExitCompiler.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F235BC917178E1C00690C7F /* FTLOSRExitCompiler.cpp */; };
+               0F235BE017178E1C00690C7F /* FTLOSRExitCompiler.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F235BCA17178E1C00690C7F /* FTLOSRExitCompiler.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0F235BE117178E1C00690C7F /* FTLThunks.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F235BCB17178E1C00690C7F /* FTLThunks.cpp */; };
+               0F235BE217178E1C00690C7F /* FTLThunks.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F235BCC17178E1C00690C7F /* FTLThunks.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0F235BE317178E1C00690C7F /* FTLValueFormat.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F235BCD17178E1C00690C7F /* FTLValueFormat.cpp */; };
+               0F235BE417178E1C00690C7F /* FTLValueFormat.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F235BCE17178E1C00690C7F /* FTLValueFormat.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0F235BE517178E1C00690C7F /* FTLValueSource.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F235BCF17178E1C00690C7F /* FTLValueSource.cpp */; };
+               0F235BE617178E1C00690C7F /* FTLValueSource.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F235BD017178E1C00690C7F /* FTLValueSource.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0F235BEB17178E7300690C7F /* DFGOSRExitBase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F235BE717178E7300690C7F /* DFGOSRExitBase.cpp */; };
+               0F235BEC17178E7300690C7F /* DFGOSRExitBase.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F235BE817178E7300690C7F /* DFGOSRExitBase.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0F235BED17178E7300690C7F /* DFGOSRExitPreparation.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F235BE917178E7300690C7F /* DFGOSRExitPreparation.cpp */; };
+               0F235BEE17178E7300690C7F /* DFGOSRExitPreparation.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F235BEA17178E7300690C7F /* DFGOSRExitPreparation.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0F242DA713F3B1E8007ADD4C /* WeakReferenceHarvester.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F242DA513F3B1BB007ADD4C /* WeakReferenceHarvester.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0F256C361627B0AD007F2783 /* DFGCallArrayAllocatorSlowPathGenerator.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F256C341627B0AA007F2783 /* DFGCallArrayAllocatorSlowPathGenerator.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0F2BDC15151C5D4D00CD8910 /* DFGFixupPhase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F2BDC12151C5D4A00CD8910 /* DFGFixupPhase.cpp */; };
                0FDDBFB61666EEDA00C55FEF /* DFGVariableAccessDataDump.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FDDBFB31666EED500C55FEF /* DFGVariableAccessDataDump.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0FE228ED1436AB2700196C48 /* Options.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE228EB1436AB2300196C48 /* Options.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0FE228EE1436AB2C00196C48 /* Options.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FE228EA1436AB2300196C48 /* Options.cpp */; };
-        0FEA0A31170D40BF00BB722C /* DFGCommonData.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FEA0A2D170D40BF00BB722C /* DFGCommonData.cpp */; };
+               0FEA0A08170513DB00BB722C /* FTLAbbreviations.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FEA09FD170513DB00BB722C /* FTLAbbreviations.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0FEA0A09170513DB00BB722C /* FTLCapabilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FEA09FE170513DB00BB722C /* FTLCapabilities.cpp */; };
+               0FEA0A0A170513DB00BB722C /* FTLCapabilities.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FEA09FF170513DB00BB722C /* FTLCapabilities.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0FEA0A0B170513DB00BB722C /* FTLCompile.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FEA0A00170513DB00BB722C /* FTLCompile.cpp */; };
+               0FEA0A0C170513DB00BB722C /* FTLCompile.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FEA0A01170513DB00BB722C /* FTLCompile.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0FEA0A0D170513DB00BB722C /* FTLJITCode.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FEA0A02170513DB00BB722C /* FTLJITCode.cpp */; };
+               0FEA0A0E170513DB00BB722C /* FTLJITCode.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FEA0A03170513DB00BB722C /* FTLJITCode.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0FEA0A0F170513DB00BB722C /* FTLLowerDFGToLLVM.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FEA0A04170513DB00BB722C /* FTLLowerDFGToLLVM.cpp */; };
+               0FEA0A10170513DB00BB722C /* FTLLowerDFGToLLVM.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FEA0A05170513DB00BB722C /* FTLLowerDFGToLLVM.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0FEA0A11170513DB00BB722C /* FTLOutput.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FEA0A06170513DB00BB722C /* FTLOutput.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0FEA0A12170513DB00BB722C /* FTLState.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FEA0A07170513DB00BB722C /* FTLState.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0FEA0A141706363600BB722C /* FTLLLVMHeaders.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FEA0A131706363600BB722C /* FTLLLVMHeaders.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0FEA0A161706BB9000BB722C /* FTLState.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FEA0A151706BB9000BB722C /* FTLState.cpp */; };
+               0FEA0A1C1708B00700BB722C /* FTLAbstractHeap.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FEA0A171708B00700BB722C /* FTLAbstractHeap.cpp */; };
+               0FEA0A1D1708B00700BB722C /* FTLAbstractHeap.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FEA0A181708B00700BB722C /* FTLAbstractHeap.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0FEA0A1E1708B00700BB722C /* FTLAbstractHeapRepository.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FEA0A191708B00700BB722C /* FTLAbstractHeapRepository.cpp */; };
+               0FEA0A1F1708B00700BB722C /* FTLAbstractHeapRepository.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FEA0A1A1708B00700BB722C /* FTLAbstractHeapRepository.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0FEA0A201708B00700BB722C /* FTLTypedPointer.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FEA0A1B1708B00700BB722C /* FTLTypedPointer.h */; };
+               0FEA0A231709606900BB722C /* FTLCommonValues.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FEA0A211709606900BB722C /* FTLCommonValues.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0FEA0A241709606900BB722C /* FTLIntrinsicRepository.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FEA0A221709606900BB722C /* FTLIntrinsicRepository.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0FEA0A271709623B00BB722C /* FTLCommonValues.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FEA0A251709623B00BB722C /* FTLCommonValues.cpp */; };
+               0FEA0A281709623B00BB722C /* FTLIntrinsicRepository.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FEA0A261709623B00BB722C /* FTLIntrinsicRepository.cpp */; };
+               0FEA0A2A1709629600BB722C /* FTLOutput.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FEA0A291709629600BB722C /* FTLOutput.cpp */; };
+               0FEA0A2C170B661900BB722C /* FTLFormattedValue.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FEA0A2B170B661900BB722C /* FTLFormattedValue.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0FEA0A31170D40BF00BB722C /* DFGCommonData.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FEA0A2D170D40BF00BB722C /* DFGCommonData.cpp */; };
                0FEA0A32170D40BF00BB722C /* DFGCommonData.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FEA0A2E170D40BF00BB722C /* DFGCommonData.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0FEA0A33170D40BF00BB722C /* DFGJITCode.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FEA0A2F170D40BF00BB722C /* DFGJITCode.cpp */; };
                0FEA0A34170D40BF00BB722C /* DFGJITCode.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FEA0A30170D40BF00BB722C /* DFGJITCode.h */; settings = {ATTRIBUTES = (Private, ); }; };
                A77F1825164192C700640A47 /* ParserModes.h in Headers */ = {isa = PBXBuildFile; fileRef = A77F18241641925400640A47 /* ParserModes.h */; settings = {ATTRIBUTES = (Private, ); }; };
                A784A26111D16622005776AC /* ASTBuilder.h in Headers */ = {isa = PBXBuildFile; fileRef = A7A7EE7411B98B8D0065A14F /* ASTBuilder.h */; settings = {ATTRIBUTES = (Private, ); }; };
                A784A26411D16622005776AC /* SyntaxChecker.h in Headers */ = {isa = PBXBuildFile; fileRef = A7A7EE7711B98B8D0065A14F /* SyntaxChecker.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               A792A33F179A02C5005C1D7D /* VM.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A792A33D179A02C5005C1D7D /* VM.cpp */; };
+               A792A340179A02C5005C1D7D /* VM.h in Headers */ = {isa = PBXBuildFile; fileRef = A792A33E179A02C5005C1D7D /* VM.h */; settings = {ATTRIBUTES = (Private, ); }; };
                A7AFC17915F7EFE30048F57B /* ResolveOperation.h in Headers */ = {isa = PBXBuildFile; fileRef = A7AFC17715F7EFE30048F57B /* ResolveOperation.h */; settings = {ATTRIBUTES = (Private, ); }; };
                A7B48F490EE8936F00DCBDB6 /* ExecutableAllocator.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A7B48DB60EE74CFC00DCBDB6 /* ExecutableAllocator.cpp */; };
                A7B4ACAF1484C9CE00B38A36 /* JSExportMacros.h in Headers */ = {isa = PBXBuildFile; fileRef = A7B4ACAE1484C9CE00B38A36 /* JSExportMacros.h */; settings = {ATTRIBUTES = (Private, ); }; };
                BC18C41D0E16F5CD00B34460 /* JSClassRef.h in Headers */ = {isa = PBXBuildFile; fileRef = 1440FCE10A51E46B0005F061 /* JSClassRef.h */; settings = {ATTRIBUTES = (Private, ); }; };
                BC18C41E0E16F5CD00B34460 /* JSContextRef.h in Headers */ = {isa = PBXBuildFile; fileRef = 14BD5A2A0A3E91F600BAF59C /* JSContextRef.h */; settings = {ATTRIBUTES = (Public, ); }; };
                BC18C41F0E16F5CD00B34460 /* JSFunction.h in Headers */ = {isa = PBXBuildFile; fileRef = F692A85F0255597D01FF60F7 /* JSFunction.h */; settings = {ATTRIBUTES = (Private, ); }; };
-               BC18C4200E16F5CD00B34460 /* VM.h in Headers */ = {isa = PBXBuildFile; fileRef = E18E3A560DF9278C00D90B34 /* VM.h */; settings = {ATTRIBUTES = (Private, ); }; };
                BC18C4210E16F5CD00B34460 /* JSGlobalObject.h in Headers */ = {isa = PBXBuildFile; fileRef = A8E894330CD0603F00367179 /* JSGlobalObject.h */; settings = {ATTRIBUTES = (Private, ); }; };
                BC18C4230E16F5CD00B34460 /* JSLock.h in Headers */ = {isa = PBXBuildFile; fileRef = 65EA4C9A092AF9E20093D800 /* JSLock.h */; settings = {ATTRIBUTES = (Private, ); }; };
                BC18C4240E16F5CD00B34460 /* JSObject.h in Headers */ = {isa = PBXBuildFile; fileRef = BC22A3990E16E14800AF21C8 /* JSObject.h */; settings = {ATTRIBUTES = (Private, ); }; };
                E124A8F70E555775003091F1 /* OpaqueJSString.h in Headers */ = {isa = PBXBuildFile; fileRef = E124A8F50E555775003091F1 /* OpaqueJSString.h */; settings = {ATTRIBUTES = (Private, ); }; };
                E124A8F80E555775003091F1 /* OpaqueJSString.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E124A8F60E555775003091F1 /* OpaqueJSString.cpp */; };
                E178636D0D9BEEC300D74E75 /* InitializeThreading.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E178636C0D9BEEC300D74E75 /* InitializeThreading.cpp */; };
-               E18E3A590DF9278C00D90B34 /* VM.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E18E3A570DF9278C00D90B34 /* VM.cpp */; };
                E49DC16B12EF293E00184A1F /* SourceProviderCache.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E49DC15512EF277200184A1F /* SourceProviderCache.cpp */; };
                E49DC16C12EF294E00184A1F /* SourceProviderCache.h in Headers */ = {isa = PBXBuildFile; fileRef = E49DC15112EF272200184A1F /* SourceProviderCache.h */; settings = {ATTRIBUTES = (Private, ); }; };
                E49DC16D12EF295300184A1F /* SourceProviderCacheItem.h in Headers */ = {isa = PBXBuildFile; fileRef = E49DC14912EF261A00184A1F /* SourceProviderCacheItem.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0F21C27914BE727300ADC64B /* CodeSpecializationKind.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CodeSpecializationKind.h; sourceTree = "<group>"; };
                0F21C27A14BE727300ADC64B /* ExecutionHarness.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ExecutionHarness.h; sourceTree = "<group>"; };
                0F21C27E14BEAA8000ADC64B /* BytecodeConventions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BytecodeConventions.h; sourceTree = "<group>"; };
+               0F235BBB17178E1C00690C7F /* FTLCArgumentGetter.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLCArgumentGetter.cpp; path = ftl/FTLCArgumentGetter.cpp; sourceTree = "<group>"; };
+               0F235BBC17178E1C00690C7F /* FTLCArgumentGetter.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLCArgumentGetter.h; path = ftl/FTLCArgumentGetter.h; sourceTree = "<group>"; };
+               0F235BBD17178E1C00690C7F /* FTLExitArgument.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLExitArgument.cpp; path = ftl/FTLExitArgument.cpp; sourceTree = "<group>"; };
+               0F235BBE17178E1C00690C7F /* FTLExitArgument.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLExitArgument.h; path = ftl/FTLExitArgument.h; sourceTree = "<group>"; };
+               0F235BBF17178E1C00690C7F /* FTLExitArgumentForOperand.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLExitArgumentForOperand.cpp; path = ftl/FTLExitArgumentForOperand.cpp; sourceTree = "<group>"; };
+               0F235BC017178E1C00690C7F /* FTLExitArgumentForOperand.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLExitArgumentForOperand.h; path = ftl/FTLExitArgumentForOperand.h; sourceTree = "<group>"; };
+               0F235BC117178E1C00690C7F /* FTLExitArgumentList.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLExitArgumentList.h; path = ftl/FTLExitArgumentList.h; sourceTree = "<group>"; };
+               0F235BC217178E1C00690C7F /* FTLExitThunkGenerator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLExitThunkGenerator.cpp; path = ftl/FTLExitThunkGenerator.cpp; sourceTree = "<group>"; };
+               0F235BC317178E1C00690C7F /* FTLExitThunkGenerator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLExitThunkGenerator.h; path = ftl/FTLExitThunkGenerator.h; sourceTree = "<group>"; };
+               0F235BC417178E1C00690C7F /* FTLExitValue.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLExitValue.cpp; path = ftl/FTLExitValue.cpp; sourceTree = "<group>"; };
+               0F235BC517178E1C00690C7F /* FTLExitValue.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLExitValue.h; path = ftl/FTLExitValue.h; sourceTree = "<group>"; };
+               0F235BC617178E1C00690C7F /* FTLOSRExit.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLOSRExit.cpp; path = ftl/FTLOSRExit.cpp; sourceTree = "<group>"; };
+               0F235BC717178E1C00690C7F /* FTLOSRExit.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLOSRExit.h; path = ftl/FTLOSRExit.h; sourceTree = "<group>"; };
+               0F235BC817178E1C00690C7F /* FTLOSRExitCompilationInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLOSRExitCompilationInfo.h; path = ftl/FTLOSRExitCompilationInfo.h; sourceTree = "<group>"; };
+               0F235BC917178E1C00690C7F /* FTLOSRExitCompiler.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLOSRExitCompiler.cpp; path = ftl/FTLOSRExitCompiler.cpp; sourceTree = "<group>"; };
+               0F235BCA17178E1C00690C7F /* FTLOSRExitCompiler.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLOSRExitCompiler.h; path = ftl/FTLOSRExitCompiler.h; sourceTree = "<group>"; };
+               0F235BCB17178E1C00690C7F /* FTLThunks.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLThunks.cpp; path = ftl/FTLThunks.cpp; sourceTree = "<group>"; };
+               0F235BCC17178E1C00690C7F /* FTLThunks.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLThunks.h; path = ftl/FTLThunks.h; sourceTree = "<group>"; };
+               0F235BCD17178E1C00690C7F /* FTLValueFormat.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLValueFormat.cpp; path = ftl/FTLValueFormat.cpp; sourceTree = "<group>"; };
+               0F235BCE17178E1C00690C7F /* FTLValueFormat.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLValueFormat.h; path = ftl/FTLValueFormat.h; sourceTree = "<group>"; };
+               0F235BCF17178E1C00690C7F /* FTLValueSource.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLValueSource.cpp; path = ftl/FTLValueSource.cpp; sourceTree = "<group>"; };
+               0F235BD017178E1C00690C7F /* FTLValueSource.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLValueSource.h; path = ftl/FTLValueSource.h; sourceTree = "<group>"; };
+               0F235BE717178E7300690C7F /* DFGOSRExitBase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGOSRExitBase.cpp; path = dfg/DFGOSRExitBase.cpp; sourceTree = "<group>"; };
+               0F235BE817178E7300690C7F /* DFGOSRExitBase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGOSRExitBase.h; path = dfg/DFGOSRExitBase.h; sourceTree = "<group>"; };
+               0F235BE917178E7300690C7F /* DFGOSRExitPreparation.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGOSRExitPreparation.cpp; path = dfg/DFGOSRExitPreparation.cpp; sourceTree = "<group>"; };
+               0F235BEA17178E7300690C7F /* DFGOSRExitPreparation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGOSRExitPreparation.h; path = dfg/DFGOSRExitPreparation.h; sourceTree = "<group>"; };
                0F242DA513F3B1BB007ADD4C /* WeakReferenceHarvester.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WeakReferenceHarvester.h; sourceTree = "<group>"; };
                0F256C341627B0AA007F2783 /* DFGCallArrayAllocatorSlowPathGenerator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGCallArrayAllocatorSlowPathGenerator.h; path = dfg/DFGCallArrayAllocatorSlowPathGenerator.h; sourceTree = "<group>"; };
                0F2BDC12151C5D4A00CD8910 /* DFGFixupPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGFixupPhase.cpp; path = dfg/DFGFixupPhase.cpp; sourceTree = "<group>"; };
                0FDDBFB31666EED500C55FEF /* DFGVariableAccessDataDump.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGVariableAccessDataDump.h; path = dfg/DFGVariableAccessDataDump.h; sourceTree = "<group>"; };
                0FE228EA1436AB2300196C48 /* Options.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Options.cpp; sourceTree = "<group>"; };
                0FE228EB1436AB2300196C48 /* Options.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Options.h; sourceTree = "<group>"; };
+               0FEA09FD170513DB00BB722C /* FTLAbbreviations.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLAbbreviations.h; path = ftl/FTLAbbreviations.h; sourceTree = "<group>"; };
+               0FEA09FE170513DB00BB722C /* FTLCapabilities.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLCapabilities.cpp; path = ftl/FTLCapabilities.cpp; sourceTree = "<group>"; };
+               0FEA09FF170513DB00BB722C /* FTLCapabilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLCapabilities.h; path = ftl/FTLCapabilities.h; sourceTree = "<group>"; };
+               0FEA0A00170513DB00BB722C /* FTLCompile.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLCompile.cpp; path = ftl/FTLCompile.cpp; sourceTree = "<group>"; };
+               0FEA0A01170513DB00BB722C /* FTLCompile.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLCompile.h; path = ftl/FTLCompile.h; sourceTree = "<group>"; };
+               0FEA0A02170513DB00BB722C /* FTLJITCode.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLJITCode.cpp; path = ftl/FTLJITCode.cpp; sourceTree = "<group>"; };
+               0FEA0A03170513DB00BB722C /* FTLJITCode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLJITCode.h; path = ftl/FTLJITCode.h; sourceTree = "<group>"; };
+               0FEA0A04170513DB00BB722C /* FTLLowerDFGToLLVM.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLLowerDFGToLLVM.cpp; path = ftl/FTLLowerDFGToLLVM.cpp; sourceTree = "<group>"; };
+               0FEA0A05170513DB00BB722C /* FTLLowerDFGToLLVM.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLLowerDFGToLLVM.h; path = ftl/FTLLowerDFGToLLVM.h; sourceTree = "<group>"; };
+               0FEA0A06170513DB00BB722C /* FTLOutput.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLOutput.h; path = ftl/FTLOutput.h; sourceTree = "<group>"; };
+               0FEA0A07170513DB00BB722C /* FTLState.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLState.h; path = ftl/FTLState.h; sourceTree = "<group>"; };
+               0FEA0A131706363600BB722C /* FTLLLVMHeaders.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLLLVMHeaders.h; path = ftl/FTLLLVMHeaders.h; sourceTree = "<group>"; };
+               0FEA0A151706BB9000BB722C /* FTLState.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLState.cpp; path = ftl/FTLState.cpp; sourceTree = "<group>"; };
+               0FEA0A171708B00700BB722C /* FTLAbstractHeap.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLAbstractHeap.cpp; path = ftl/FTLAbstractHeap.cpp; sourceTree = "<group>"; };
+               0FEA0A181708B00700BB722C /* FTLAbstractHeap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLAbstractHeap.h; path = ftl/FTLAbstractHeap.h; sourceTree = "<group>"; };
+               0FEA0A191708B00700BB722C /* FTLAbstractHeapRepository.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLAbstractHeapRepository.cpp; path = ftl/FTLAbstractHeapRepository.cpp; sourceTree = "<group>"; };
+               0FEA0A1A1708B00700BB722C /* FTLAbstractHeapRepository.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLAbstractHeapRepository.h; path = ftl/FTLAbstractHeapRepository.h; sourceTree = "<group>"; };
+               0FEA0A1B1708B00700BB722C /* FTLTypedPointer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLTypedPointer.h; path = ftl/FTLTypedPointer.h; sourceTree = "<group>"; };
+               0FEA0A211709606900BB722C /* FTLCommonValues.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLCommonValues.h; path = ftl/FTLCommonValues.h; sourceTree = "<group>"; };
+               0FEA0A221709606900BB722C /* FTLIntrinsicRepository.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLIntrinsicRepository.h; path = ftl/FTLIntrinsicRepository.h; sourceTree = "<group>"; };
+               0FEA0A251709623B00BB722C /* FTLCommonValues.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLCommonValues.cpp; path = ftl/FTLCommonValues.cpp; sourceTree = "<group>"; };
+               0FEA0A261709623B00BB722C /* FTLIntrinsicRepository.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLIntrinsicRepository.cpp; path = ftl/FTLIntrinsicRepository.cpp; sourceTree = "<group>"; };
+               0FEA0A291709629600BB722C /* FTLOutput.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLOutput.cpp; path = ftl/FTLOutput.cpp; sourceTree = "<group>"; };
+               0FEA0A2B170B661900BB722C /* FTLFormattedValue.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLFormattedValue.h; path = ftl/FTLFormattedValue.h; sourceTree = "<group>"; };
                0FEA0A2D170D40BF00BB722C /* DFGCommonData.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGCommonData.cpp; path = dfg/DFGCommonData.cpp; sourceTree = "<group>"; };
                0FEA0A2E170D40BF00BB722C /* DFGCommonData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGCommonData.h; path = dfg/DFGCommonData.h; sourceTree = "<group>"; };
                0FEA0A2F170D40BF00BB722C /* DFGJITCode.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGJITCode.cpp; path = dfg/DFGJITCode.cpp; sourceTree = "<group>"; };
                A77F181F164088B200640A47 /* CodeCache.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CodeCache.cpp; sourceTree = "<group>"; };
                A77F1820164088B200640A47 /* CodeCache.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CodeCache.h; sourceTree = "<group>"; };
                A77F18241641925400640A47 /* ParserModes.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ParserModes.h; sourceTree = "<group>"; };
+               A792A33D179A02C5005C1D7D /* VM.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = VM.cpp; sourceTree = "<group>"; };
+               A792A33E179A02C5005C1D7D /* VM.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = VM.h; sourceTree = "<group>"; };
                A79E781E15EECBA80047C855 /* UnlinkedCodeBlock.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = UnlinkedCodeBlock.cpp; sourceTree = "<group>"; };
                A79E781F15EECBA80047C855 /* UnlinkedCodeBlock.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = UnlinkedCodeBlock.h; sourceTree = "<group>"; };
                A79EDB0811531CD60019E912 /* JSObjectRefPrivate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSObjectRefPrivate.h; sourceTree = "<group>"; };
                E124A8F60E555775003091F1 /* OpaqueJSString.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = OpaqueJSString.cpp; sourceTree = "<group>"; };
                E178633F0D9BEC0000D74E75 /* InitializeThreading.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = InitializeThreading.h; sourceTree = "<group>"; };
                E178636C0D9BEEC300D74E75 /* InitializeThreading.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = InitializeThreading.cpp; sourceTree = "<group>"; };
-               E18E3A560DF9278C00D90B34 /* VM.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = VM.h; sourceTree = "<group>"; };
-               E18E3A570DF9278C00D90B34 /* VM.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = VM.cpp; sourceTree = "<group>"; };
                E49DC14912EF261A00184A1F /* SourceProviderCacheItem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SourceProviderCacheItem.h; sourceTree = "<group>"; };
                E49DC15112EF272200184A1F /* SourceProviderCache.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SourceProviderCache.h; sourceTree = "<group>"; };
                E49DC15512EF277200184A1F /* SourceProviderCache.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SourceProviderCache.cpp; sourceTree = "<group>"; };
                                86EC9DB31328DF44002B2AD7 /* dfg */,
                                0FF4272E158EBCCE004CB9FF /* disassembler */,
                                0867D69AFE84028FC02AAC07 /* Frameworks */,
+                               0FEA09FC1705137F00BB722C /* ftl */,
                                142E312A134FF0A600AFADB5 /* heap */,
                                1429D77A0ED20D7300B89619 /* interpreter */,
                                1429D92C0ED22D7000B89619 /* jit */,
                        name = llint;
                        sourceTree = "<group>";
                };
+               0FEA09FC1705137F00BB722C /* ftl */ = {
+                       isa = PBXGroup;
+                       children = (
+                               0FEA09FD170513DB00BB722C /* FTLAbbreviations.h */,
+                               0FEA0A171708B00700BB722C /* FTLAbstractHeap.cpp */,
+                               0FEA0A181708B00700BB722C /* FTLAbstractHeap.h */,
+                               0FEA0A191708B00700BB722C /* FTLAbstractHeapRepository.cpp */,
+                               0FEA0A1A1708B00700BB722C /* FTLAbstractHeapRepository.h */,
+                               0FEA09FE170513DB00BB722C /* FTLCapabilities.cpp */,
+                               0FEA09FF170513DB00BB722C /* FTLCapabilities.h */,
+                               0F235BBB17178E1C00690C7F /* FTLCArgumentGetter.cpp */,
+                               0F235BBC17178E1C00690C7F /* FTLCArgumentGetter.h */,
+                               0FEA0A251709623B00BB722C /* FTLCommonValues.cpp */,
+                               0FEA0A211709606900BB722C /* FTLCommonValues.h */,
+                               0FEA0A00170513DB00BB722C /* FTLCompile.cpp */,
+                               0FEA0A01170513DB00BB722C /* FTLCompile.h */,
+                               0F235BBD17178E1C00690C7F /* FTLExitArgument.cpp */,
+                               0F235BBE17178E1C00690C7F /* FTLExitArgument.h */,
+                               0F235BBF17178E1C00690C7F /* FTLExitArgumentForOperand.cpp */,
+                               0F235BC017178E1C00690C7F /* FTLExitArgumentForOperand.h */,
+                               0F235BC117178E1C00690C7F /* FTLExitArgumentList.h */,
+                               0F235BC217178E1C00690C7F /* FTLExitThunkGenerator.cpp */,
+                               0F235BC317178E1C00690C7F /* FTLExitThunkGenerator.h */,
+                               0F235BC417178E1C00690C7F /* FTLExitValue.cpp */,
+                               0F235BC517178E1C00690C7F /* FTLExitValue.h */,
+                               0FEA0A2B170B661900BB722C /* FTLFormattedValue.h */,
+                               0FEA0A261709623B00BB722C /* FTLIntrinsicRepository.cpp */,
+                               0FEA0A221709606900BB722C /* FTLIntrinsicRepository.h */,
+                               0FEA0A02170513DB00BB722C /* FTLJITCode.cpp */,
+                               0FEA0A03170513DB00BB722C /* FTLJITCode.h */,
+                               0FEA0A131706363600BB722C /* FTLLLVMHeaders.h */,
+                               0FEA0A04170513DB00BB722C /* FTLLowerDFGToLLVM.cpp */,
+                               0FEA0A05170513DB00BB722C /* FTLLowerDFGToLLVM.h */,
+                               0F235BC617178E1C00690C7F /* FTLOSRExit.cpp */,
+                               0F235BC717178E1C00690C7F /* FTLOSRExit.h */,
+                               0F235BC817178E1C00690C7F /* FTLOSRExitCompilationInfo.h */,
+                               0F235BC917178E1C00690C7F /* FTLOSRExitCompiler.cpp */,
+                               0F235BCA17178E1C00690C7F /* FTLOSRExitCompiler.h */,
+                               0FEA0A291709629600BB722C /* FTLOutput.cpp */,
+                               0FEA0A06170513DB00BB722C /* FTLOutput.h */,
+                               0FEA0A151706BB9000BB722C /* FTLState.cpp */,
+                               0FEA0A07170513DB00BB722C /* FTLState.h */,
+                               0F235BCB17178E1C00690C7F /* FTLThunks.cpp */,
+                               0F235BCC17178E1C00690C7F /* FTLThunks.h */,
+                               0FEA0A1B1708B00700BB722C /* FTLTypedPointer.h */,
+                               0F235BCD17178E1C00690C7F /* FTLValueFormat.cpp */,
+                               0F235BCE17178E1C00690C7F /* FTLValueFormat.h */,
+                               0F235BCF17178E1C00690C7F /* FTLValueSource.cpp */,
+                               0F235BD017178E1C00690C7F /* FTLValueSource.h */,
+                       );
+                       name = ftl;
+                       sourceTree = "<group>";
+               };
                0FF4272E158EBCCE004CB9FF /* disassembler */ = {
                        isa = PBXGroup;
                        children = (
                                5D53726E0E1C54880021E549 /* Tracing.h */,
                                0FEB3ECB16237F4700AB67AD /* TypedArrayDescriptor.h */,
                                866739D113BFDE710023D87C /* Uint16WithFraction.h */,
-                               E18E3A570DF9278C00D90B34 /* VM.cpp */,
-                               E18E3A560DF9278C00D90B34 /* VM.h */,
+                               A792A33D179A02C5005C1D7D /* VM.cpp */,
+                               A792A33E179A02C5005C1D7D /* VM.h */,
                                FE6617271774E03500495B00 /* VMStackBounds.h */,
                                FED94F2B171E3E2300BE77A4 /* Watchdog.cpp */,
                                FED94F2C171E3E2300BE77A4 /* Watchdog.h */,
                                0FD82E53141DAEDE00179C94 /* DFGOSREntry.h */,
                                0FC0978E146A6F6300CF2442 /* DFGOSRExit.cpp */,
                                0FC097681468A6EF00CF2442 /* DFGOSRExit.h */,
+                               0F235BE717178E7300690C7F /* DFGOSRExitBase.cpp */,
+                               0F235BE817178E7300690C7F /* DFGOSRExitBase.h */,
                                65987F2C167FE84B003C2F8D /* DFGOSRExitCompilationInfo.h */,
                                0FC0978F146A6F6300CF2442 /* DFGOSRExitCompiler.cpp */,
                                0FC0976F14693AEF00CF2442 /* DFGOSRExitCompiler.h */,
                                0F7025A81714B0F800382C0E /* DFGOSRExitCompilerCommon.h */,
                                0FEFC9A71681A3B000567F53 /* DFGOSRExitJumpPlaceholder.cpp */,
                                0FEFC9A81681A3B000567F53 /* DFGOSRExitJumpPlaceholder.h */,
+                               0F235BE917178E7300690C7F /* DFGOSRExitPreparation.cpp */,
+                               0F235BEA17178E7300690C7F /* DFGOSRExitPreparation.h */,
                                0FFFC94F14EF909500C72532 /* DFGPhase.cpp */,
                                0FFFC95014EF909500C72532 /* DFGPhase.h */,
                                0FBE0F6D16C1DB010082C5E8 /* DFGPredictionInjectionPhase.cpp */,
                                0F3B3A281544C997003ED0FF /* DFGCFGSimplificationPhase.h in Headers */,
                                0F2C556F14738F3100121E4F /* DFGCodeBlocks.h in Headers */,
                                0F7B294D14C3CD4C007C3DB1 /* DFGCommon.h in Headers */,
+                               0FEA0A32170D40BF00BB722C /* DFGCommonData.h in Headers */,
                                0F3B3A1B153E68F4003ED0FF /* DFGConstantFoldingPhase.h in Headers */,
                                0FBE0F7316C1DB050082C5E8 /* DFGCPSRethreadingPhase.h in Headers */,
                                0FFFC95A14EF90A900C72532 /* DFGCSEPhase.h in Headers */,
                                86AE6C4E136A11E400963012 /* DFGGPRInfo.h in Headers */,
                                86EC9DC81328DF82002B2AD7 /* DFGGraph.h in Headers */,
                                0F2BDC21151E803B00CD8910 /* DFGInsertionSet.h in Headers */,
+                               0FEA0A34170D40BF00BB722C /* DFGJITCode.h in Headers */,
                                86EC9DCC1328DF82002B2AD7 /* DFGJITCompiler.h in Headers */,
                                0FF0F19B16B729FA005DF95B /* DFGLongLivedState.h in Headers */,
                                0F2BDC451522801B00CD8910 /* DFGMinifiedGraph.h in Headers */,
                                86EC9DD01328DF82002B2AD7 /* DFGOperations.h in Headers */,
                                0FD82E57141DAF1000179C94 /* DFGOSREntry.h in Headers */,
                                0FC0976A1468A6F700CF2442 /* DFGOSRExit.h in Headers */,
+                               0F235BEC17178E7300690C7F /* DFGOSRExitBase.h in Headers */,
                                0FFB921C16D02F110055A5DB /* DFGOSRExitCompilationInfo.h in Headers */,
                                0FC0977114693AF500CF2442 /* DFGOSRExitCompiler.h in Headers */,
+                               0F7025AA1714B0FC00382C0E /* DFGOSRExitCompilerCommon.h in Headers */,
                                0FEFC9AB1681A3B600567F53 /* DFGOSRExitJumpPlaceholder.h in Headers */,
+                               0F235BEE17178E7300690C7F /* DFGOSRExitPreparation.h in Headers */,
                                0FFFC95C14EF90AF00C72532 /* DFGPhase.h in Headers */,
                                0FBE0F7516C1DB0B0082C5E8 /* DFGPredictionInjectionPhase.h in Headers */,
                                0FFFC95E14EF90B700C72532 /* DFGPredictionPropagationPhase.h in Headers */,
                                0F2BDC491522809600CD8910 /* DFGVariableEvent.h in Headers */,
                                0F2BDC4B1522809D00CD8910 /* DFGVariableEventStream.h in Headers */,
                                0FFB921E16D02F470055A5DB /* DFGVariadicFunction.h in Headers */,
-                               0FEA0A32170D40BF00BB722C /* DFGCommonData.h in Headers */,
                                0FFFC96014EF90BD00C72532 /* DFGVirtualRegisterAllocationPhase.h in Headers */,
                                0FF42731158EBD54004CB9FF /* Disassembler.h in Headers */,
                                BC3046070E1F497F003232CF /* Error.h in Headers */,
                                0F21C27C14BE727600ADC64B /* ExecutionHarness.h in Headers */,
                                0FB105861675481200F8AB6E /* ExitKind.h in Headers */,
                                0F0B83AB14BCF5BB00885B4F /* ExpressionRangeInfo.h in Headers */,
+                               0FEA0A08170513DB00BB722C /* FTLAbbreviations.h in Headers */,
+                               0FEA0A1D1708B00700BB722C /* FTLAbstractHeap.h in Headers */,
+                               0FEA0A1F1708B00700BB722C /* FTLAbstractHeapRepository.h in Headers */,
+                               0FEA0A0A170513DB00BB722C /* FTLCapabilities.h in Headers */,
+                               0F235BD217178E1C00690C7F /* FTLCArgumentGetter.h in Headers */,
+                               0FEA0A231709606900BB722C /* FTLCommonValues.h in Headers */,
+                               0FEA0A0C170513DB00BB722C /* FTLCompile.h in Headers */,
+                               0F235BD417178E1C00690C7F /* FTLExitArgument.h in Headers */,
+                               0F235BD617178E1C00690C7F /* FTLExitArgumentForOperand.h in Headers */,
+                               0F235BD717178E1C00690C7F /* FTLExitArgumentList.h in Headers */,
+                               0F235BD917178E1C00690C7F /* FTLExitThunkGenerator.h in Headers */,
+                               0F235BDB17178E1C00690C7F /* FTLExitValue.h in Headers */,
+                               0FEA0A2C170B661900BB722C /* FTLFormattedValue.h in Headers */,
+                               0FEA0A241709606900BB722C /* FTLIntrinsicRepository.h in Headers */,
+                               0FEA0A0E170513DB00BB722C /* FTLJITCode.h in Headers */,
+                               0FEA0A141706363600BB722C /* FTLLLVMHeaders.h in Headers */,
+                               0FEA0A10170513DB00BB722C /* FTLLowerDFGToLLVM.h in Headers */,
+                               0F235BDD17178E1C00690C7F /* FTLOSRExit.h in Headers */,
+                               0F235BDE17178E1C00690C7F /* FTLOSRExitCompilationInfo.h in Headers */,
+                               0F235BE017178E1C00690C7F /* FTLOSRExitCompiler.h in Headers */,
+                               0FEA0A11170513DB00BB722C /* FTLOutput.h in Headers */,
+                               0FEA0A12170513DB00BB722C /* FTLState.h in Headers */,
+                               0F235BE217178E1C00690C7F /* FTLThunks.h in Headers */,
+                               0FEA0A201708B00700BB722C /* FTLTypedPointer.h in Headers */,
+                               0F235BE417178E1C00690C7F /* FTLValueFormat.h in Headers */,
+                               0F235BE617178E1C00690C7F /* FTLValueSource.h in Headers */,
                                BC18C4040E16F5CD00B34460 /* FunctionConstructor.h in Headers */,
                                0FF0F1A016B72A1A005DF95B /* FunctionExecutableDump.h in Headers */,
                                BC18C4050E16F5CD00B34460 /* FunctionPrototype.h in Headers */,
                                6507D29E0E871E5E00D7D896 /* JSTypeInfo.h in Headers */,
                                86E3C612167BABD7006D760A /* JSValue.h in Headers */,
                                86E3C61B167BABEE006D760A /* JSValueInternal.h in Headers */,
-                               0F7025AA1714B0FC00382C0E /* DFGOSRExitCompilerCommon.h in Headers */,
                                BC18C42C0E16F5CD00B34460 /* JSValueRef.h in Headers */,
                                BC18C42D0E16F5CD00B34460 /* JSVariableObject.h in Headers */,
                                86E3C615167BABD7006D760A /* JSVirtualMachine.h in Headers */,
                                BC18C4440E16F5CD00B34460 /* NumberPrototype.h in Headers */,
                                142D3939103E4560007DCB52 /* NumericStrings.h in Headers */,
                                86F3EEBD168CDE930077B92A /* ObjCCallbackFunction.h in Headers */,
-                               0FEA0A34170D40BF00BB722C /* DFGJITCode.h in Headers */,
                                86F3EEBF168CDE930077B92A /* ObjcRuntimeExtras.h in Headers */,
                                14CA958D16AB50FA00938A06 /* ObjectAllocationProfile.h in Headers */,
                                BC18C4450E16F5CD00B34460 /* ObjectConstructor.h in Headers */,
                                0F963B3813FC6FE90002D9B2 /* ValueProfile.h in Headers */,
                                0F426A481460CBB300131F8F /* ValueRecovery.h in Headers */,
                                0F426A491460CBB700131F8F /* VirtualRegister.h in Headers */,
-                               BC18C4200E16F5CD00B34460 /* VM.h in Headers */,
+                               A792A340179A02C5005C1D7D /* VM.h in Headers */,
                                FE4A332015BD2E07006F54F3 /* VMInspector.h in Headers */,
                                FE6617281774E03500495B00 /* VMStackBounds.h in Headers */,
                                0FC815151405119B00CFA603 /* VTableSpectrum.h in Headers */,
                        );
                        runOnlyForDeploymentPostprocessing = 0;
                        shellPath = /bin/sh;
-                       shellScript = "if [ -f ../../Tools/Scripts/check-for-weak-vtables-and-externals ]; then\n    ../../Tools/Scripts/check-for-weak-vtables-and-externals || exit $?\nfi";
+                       shellScript = "# FIXME: <rdar://problem/13539888> LLVM libraries shouldn't have weak vtables\nexit 0\n\nif [ -f ../../Tools/Scripts/check-for-weak-vtables-and-externals ]; then\n    ../../Tools/Scripts/check-for-weak-vtables-and-externals || exit $?\nfi";
                };
                5D2F7CF90C6875BB00B5B72B /* Update Info.plist with version information */ = {
                        isa = PBXShellScriptBuildPhase;
                                147F39BD107EC37600427A48 /* ArgList.cpp in Sources */,
                                147F39BE107EC37600427A48 /* Arguments.cpp in Sources */,
                                86D3B2C310156BDE002865E7 /* ARMAssembler.cpp in Sources */,
-                               0F7025A91714B0FA00382C0E /* DFGOSRExitCompilerCommon.cpp in Sources */,
                                A74DE1D0120B875600D40D5B /* ARMv7Assembler.cpp in Sources */,
                                65C02850171795E200351E35 /* ARMv7Disassembler.cpp in Sources */,
                                65C0285C1717966800351E35 /* ARMv7DOpcode.cpp in Sources */,
                                0F3B3A271544C995003ED0FF /* DFGCFGSimplificationPhase.cpp in Sources */,
                                0F2C557014738F3500121E4F /* DFGCodeBlocks.cpp in Sources */,
                                0FF0F19D16B72A08005DF95B /* DFGCommon.cpp in Sources */,
+                               0FEA0A31170D40BF00BB722C /* DFGCommonData.cpp in Sources */,
                                0F3B3A1A153E68F2003ED0FF /* DFGConstantFoldingPhase.cpp in Sources */,
                                0FBE0F7216C1DB030082C5E8 /* DFGCPSRethreadingPhase.cpp in Sources */,
                                0FFFC95914EF90A600C72532 /* DFGCSEPhase.cpp in Sources */,
                                0FBC0AE71496C7C400D4FBDD /* DFGExitProfile.cpp in Sources */,
                                0F2BDC15151C5D4D00CD8910 /* DFGFixupPhase.cpp in Sources */,
                                86EC9DC71328DF82002B2AD7 /* DFGGraph.cpp in Sources */,
+                               0FEA0A33170D40BF00BB722C /* DFGJITCode.cpp in Sources */,
                                86EC9DCB1328DF82002B2AD7 /* DFGJITCompiler.cpp in Sources */,
                                0FF0F19916B729F6005DF95B /* DFGLongLivedState.cpp in Sources */,
                                0F2BDC4D1522818600CD8910 /* DFGMinifiedNode.cpp in Sources */,
                                86EC9DCF1328DF82002B2AD7 /* DFGOperations.cpp in Sources */,
                                0FD82E56141DAF0800179C94 /* DFGOSREntry.cpp in Sources */,
                                0FC09791146A6F7100CF2442 /* DFGOSRExit.cpp in Sources */,
+                               0F235BEB17178E7300690C7F /* DFGOSRExitBase.cpp in Sources */,
                                0FC09792146A6F7300CF2442 /* DFGOSRExitCompiler.cpp in Sources */,
                                0FC09776146943B000CF2442 /* DFGOSRExitCompiler32_64.cpp in Sources */,
                                0FC0977214693AF900CF2442 /* DFGOSRExitCompiler64.cpp in Sources */,
+                               0F7025A91714B0FA00382C0E /* DFGOSRExitCompilerCommon.cpp in Sources */,
                                0FEFC9AA1681A3B300567F53 /* DFGOSRExitJumpPlaceholder.cpp in Sources */,
+                               0F235BED17178E7300690C7F /* DFGOSRExitPreparation.cpp in Sources */,
                                0FFFC95B14EF90AD00C72532 /* DFGPhase.cpp in Sources */,
                                0FBE0F7416C1DB090082C5E8 /* DFGPredictionInjectionPhase.cpp in Sources */,
                                0FFFC95D14EF90B300C72532 /* DFGPredictionPropagationPhase.cpp in Sources */,
                                86DB64640F95C6FC00D7D921 /* ExecutableAllocatorFixedVMPool.cpp in Sources */,
                                0F56A1D515001CF4002992B1 /* ExecutionCounter.cpp in Sources */,
                                0FB105851675480F00F8AB6E /* ExitKind.cpp in Sources */,
-                               0FEA0A31170D40BF00BB722C /* DFGCommonData.cpp in Sources */,
+                               0FEA0A1C1708B00700BB722C /* FTLAbstractHeap.cpp in Sources */,
+                               0FEA0A1E1708B00700BB722C /* FTLAbstractHeapRepository.cpp in Sources */,
+                               0FEA0A09170513DB00BB722C /* FTLCapabilities.cpp in Sources */,
+                               0F235BD117178E1C00690C7F /* FTLCArgumentGetter.cpp in Sources */,
+                               0FEA0A271709623B00BB722C /* FTLCommonValues.cpp in Sources */,
+                               0FEA0A0B170513DB00BB722C /* FTLCompile.cpp in Sources */,
+                               0F235BD317178E1C00690C7F /* FTLExitArgument.cpp in Sources */,
+                               0F235BD517178E1C00690C7F /* FTLExitArgumentForOperand.cpp in Sources */,
+                               0F235BD817178E1C00690C7F /* FTLExitThunkGenerator.cpp in Sources */,
+                               0F235BDA17178E1C00690C7F /* FTLExitValue.cpp in Sources */,
+                               0FEA0A281709623B00BB722C /* FTLIntrinsicRepository.cpp in Sources */,
+                               0FEA0A0D170513DB00BB722C /* FTLJITCode.cpp in Sources */,
+                               0FEA0A0F170513DB00BB722C /* FTLLowerDFGToLLVM.cpp in Sources */,
+                               0F235BDC17178E1C00690C7F /* FTLOSRExit.cpp in Sources */,
+                               0F235BDF17178E1C00690C7F /* FTLOSRExitCompiler.cpp in Sources */,
+                               0FEA0A2A1709629600BB722C /* FTLOutput.cpp in Sources */,
+                               0FEA0A161706BB9000BB722C /* FTLState.cpp in Sources */,
+                               0F235BE117178E1C00690C7F /* FTLThunks.cpp in Sources */,
+                               0F235BE317178E1C00690C7F /* FTLValueFormat.cpp in Sources */,
+                               0F235BE517178E1C00690C7F /* FTLValueSource.cpp in Sources */,
                                147F39CB107EC37600427A48 /* FunctionConstructor.cpp in Sources */,
                                0FF0F19F16B72A17005DF95B /* FunctionExecutableDump.cpp in Sources */,
                                147F39CC107EC37600427A48 /* FunctionPrototype.cpp in Sources */,
                                0F13912916771C33009CCB07 /* ProfilerBytecodeSequence.cpp in Sources */,
                                0FF729AF166AD35C000F5BA3 /* ProfilerCompilation.cpp in Sources */,
                                0FF729B0166AD35C000F5BA3 /* ProfilerCompilationKind.cpp in Sources */,
-                               0FEA0A33170D40BF00BB722C /* DFGJITCode.cpp in Sources */,
                                0FF729B1166AD35C000F5BA3 /* ProfilerCompiledBytecode.cpp in Sources */,
                                0FF729B2166AD35C000F5BA3 /* ProfilerDatabase.cpp in Sources */,
                                0FF729B3166AD35C000F5BA3 /* ProfilerOrigin.cpp in Sources */,
                                0FF42747158EBE91004CB9FF /* udis86_syn.c in Sources */,
                                0FF42732158EBD58004CB9FF /* UDis86Disassembler.cpp in Sources */,
                                A76F279415F13C9600517D67 /* UnlinkedCodeBlock.cpp in Sources */,
-                               E18E3A590DF9278C00D90B34 /* VM.cpp in Sources */,
+                               A792A33F179A02C5005C1D7D /* VM.cpp in Sources */,
                                FE4A331F15BD2E07006F54F3 /* VMInspector.cpp in Sources */,
                                0FC81516140511B500CFA603 /* VTableSpectrum.cpp in Sources */,
                                FED94F2E171E3E2300BE77A4 /* Watchdog.cpp in Sources */,
index 8066871..f235062 100644 (file)
@@ -141,11 +141,13 @@ SOURCES += \
     dfg/DFGOperations.cpp \
     dfg/DFGOSREntry.cpp \
     dfg/DFGOSRExit.cpp \
+    dfg/DFGOSRExitBase.cpp \
     dfg/DFGOSRExitCompiler.cpp \
     dfg/DFGOSRExitCompiler64.cpp \
     dfg/DFGOSRExitCompiler32_64.cpp \
     dfg/DFGOSRExitCompilerCommon.cpp \
     dfg/DFGOSRExitJumpPlaceholder.cpp \
+    dfg/DFGOSRExitPreparation.cpp \
     dfg/DFGPhase.cpp \
     dfg/DFGPredictionPropagationPhase.cpp \
     dfg/DFGPredictionInjectionPhase.cpp \
index 1861dc1..092bcc1 100644 (file)
@@ -105,6 +105,11 @@ public:
             , offset(offset)
         {
         }
+        
+        Address withOffset(int32_t additionalOffset)
+        {
+            return Address(base, offset + additionalOffset);
+        }
 
         RegisterID base;
         int32_t offset;
index 52630fe..7770ff7 100644 (file)
@@ -199,6 +199,11 @@ public:
         return applyOffset(label.m_label).m_offset;
     }
 
+    unsigned offsetOf(PatchableJump jump)
+    {
+        return applyOffset(jump.m_jump.m_label).m_offset;
+    }
+
     // Upon completion of all patching 'FINALIZE_CODE()' should be called once to
     // complete generation of the code. Alternatively, call
     // finalizeCodeWithoutDisassembly() directly if you have your own way of
index f171dc4..5654e10 100644 (file)
@@ -94,6 +94,7 @@ public:
         DoubleConditionBits_should_not_interfere_with_X86Assembler_Condition_codes);
 
     static const RegisterID stackPointerRegister = X86Registers::esp;
+    static const RegisterID framePointerRegister = X86Registers::ebp;
 
 #if ENABLE(JIT_CONSTANT_BLINDING)
     static bool shouldBlindForSpecificArch(uint32_t value) { return value >= 0x00ffffff; }
index ddc0778..497a56b 100644 (file)
@@ -46,16 +46,22 @@ class RepatchBuffer {
 public:
     RepatchBuffer(CodeBlock* codeBlock)
     {
+#if ENABLE(ASSEMBLER_WX_EXCLUSIVE)
         RefPtr<JITCode> code = codeBlock->getJITCode();
         m_start = code->start();
         m_size = code->size();
 
         ExecutableAllocator::makeWritable(m_start, m_size);
+#else
+        UNUSED_PARAM(codeBlock);
+#endif
     }
 
     ~RepatchBuffer()
     {
+#if ENABLE(ASSEMBLER_WX_EXCLUSIVE)
         ExecutableAllocator::makeExecutable(m_start, m_size);
+#endif
     }
 
     void relink(CodeLocationJump jump, CodeLocationLabel destination)
@@ -170,8 +176,10 @@ public:
     }
 
 private:
+#if ENABLE(ASSEMBLER_WX_EXCLUSIVE)
     void* m_start;
     size_t m_size;
+#endif
 };
 
 } // namespace JSC
index 0ae73b7..b74e8d5 100644 (file)
@@ -37,6 +37,7 @@
 #include "DFGNode.h"
 #include "DFGRepatch.h"
 #include "Debugger.h"
+#include "FTLJITCode.h"
 #include "Interpreter.h"
 #include "JIT.h"
 #include "JITStubs.h"
@@ -3231,16 +3232,45 @@ void CodeBlock::tallyFrequentExitSites()
     
     CodeBlock* profiledBlock = alternative();
     
-    DFG::JITCode* jitCode = m_jitCode->dfg();
-    for (unsigned i = 0; i < jitCode->osrExit.size(); ++i) {
-        DFG::OSRExit& exit = jitCode->osrExit[i];
-        
-        if (!exit.considerAddingAsFrequentExitSite(profiledBlock))
-            continue;
+    switch (getJITType()) {
+    case JITCode::DFGJIT: {
+        DFG::JITCode* jitCode = m_jitCode->dfg();
+        for (unsigned i = 0; i < jitCode->osrExit.size(); ++i) {
+            DFG::OSRExit& exit = jitCode->osrExit[i];
+            
+            if (!exit.considerAddingAsFrequentExitSite(profiledBlock))
+                continue;
+            
+#if DFG_ENABLE(DEBUG_VERBOSE)
+            dataLog("OSR exit #", i, " (bc#", exit.m_codeOrigin.bytecodeIndex, ", ", exit.m_kind, ") for ", *this, " occurred frequently: counting as frequent exit site.\n");
+#endif
+        }
+        break;
+    }
         
+    case JITCode::FTLJIT: {
+        // There is no easy way to avoid duplicating this code since the FTL::JITCode::osrExit
+        // vector contains a totally different type, that just so happens to behave like
+        // DFG::JITCode::osrExit.
+#if ENABLE(FTL_JIT)
+        FTL::JITCode* jitCode = m_jitCode->ftl();
+        for (unsigned i = 0; i < jitCode->osrExit.size(); ++i) {
+            FTL::OSRExit& exit = jitCode->osrExit[i];
+            
+            if (!exit.considerAddingAsFrequentExitSite(this, profiledBlock))
+                continue;
+            
 #if DFG_ENABLE(DEBUG_VERBOSE)
-        dataLog("OSR exit #", i, " (bc#", exit.m_codeOrigin.bytecodeIndex, ", ", exit.m_kind, ") for ", *this, " occurred frequently: counting as frequent exit site.\n");
+            dataLog("OSR exit #", i, " (bc#", exit.m_codeOrigin.bytecodeIndex, ", ", exit.m_kind, ") for ", *this, " occurred frequently: counting as frequent exit site.\n");
+#endif
+        }
 #endif
+        break;
+    }        
+        
+    default:
+        RELEASE_ASSERT_NOT_REACHED();
+        break;
     }
 }
 #endif // ENABLE(DFG_JIT)
index 0eaeb81..52c2696 100644 (file)
 
 namespace JSC {
 
-class DFGCodeBlocks;
-class ExecState;
-class LLIntOffsetsExtractor;
-class RepatchBuffer;
-
-inline int unmodifiedArgumentsRegister(int argumentsRegister) { return argumentsRegister - 1; }
-
-static ALWAYS_INLINE int missingThisObjectMarker() { return std::numeric_limits<int>::max(); }
-
-class CodeBlock : public UnconditionalFinalizer, public WeakReferenceHarvester {
-    WTF_MAKE_FAST_ALLOCATED;
-    friend class JIT;
-    friend class LLIntOffsetsExtractor;
-public:
-    enum CopyParsedBlockTag { CopyParsedBlock };
-protected:
-    CodeBlock(CopyParsedBlockTag, CodeBlock& other);
-        
-    CodeBlock(ScriptExecutable* ownerExecutable, UnlinkedCodeBlock*, JSGlobalObject*, unsigned baseScopeDepth, PassRefPtr<SourceProvider>, unsigned sourceOffset, unsigned firstLineColumnOffset, PassOwnPtr<CodeBlock> alternative);
+    class DFGCodeBlocks;
+    class ExecState;
+    class LLIntOffsetsExtractor;
+    class RepatchBuffer;
 
-    WriteBarrier<JSGlobalObject> m_globalObject;
-    Heap* m_heap;
+    inline int unmodifiedArgumentsRegister(int argumentsRegister) { return argumentsRegister - 1; }
 
-public:
-    JS_EXPORT_PRIVATE virtual ~CodeBlock();
-        
-    UnlinkedCodeBlock* unlinkedCodeBlock() const { return m_unlinkedCode.get(); }
-        
-    String inferredName() const;
-    CodeBlockHash hash() const;
-    String sourceCodeForTools() const; // Not quite the actual source we parsed; this will do things like prefix the source for a function with a reified signature.
-    String sourceCodeOnOneLine() const; // As sourceCodeForTools(), but replaces all whitespace runs with a single space.
-    void dumpAssumingJITType(PrintStream&, JITCode::JITType) const;
-    void dump(PrintStream&) const;
-        
-    int numParameters() const { return m_numParameters; }
-    void setNumParameters(int newValue);
-        
-    int* addressOfNumParameters() { return &m_numParameters; }
-    static ptrdiff_t offsetOfNumParameters() { return OBJECT_OFFSETOF(CodeBlock, m_numParameters); }
+    static ALWAYS_INLINE int missingThisObjectMarker() { return std::numeric_limits<int>::max(); }
+
+    class CodeBlock : public UnconditionalFinalizer, public WeakReferenceHarvester {
+        WTF_MAKE_FAST_ALLOCATED;
+        friend class JIT;
+        friend class LLIntOffsetsExtractor;
+    public:
+        enum CopyParsedBlockTag { CopyParsedBlock };
+    protected:
+        CodeBlock(CopyParsedBlockTag, CodeBlock& other);
+
+        CodeBlock(ScriptExecutable* ownerExecutable, UnlinkedCodeBlock*, JSGlobalObject*, unsigned baseScopeDepth, PassRefPtr<SourceProvider>, unsigned sourceOffset, unsigned firstLineColumnOffset, PassOwnPtr<CodeBlock> alternative);
+
+        WriteBarrier<JSGlobalObject> m_globalObject;
+        Heap* m_heap;
+
+    public:
+        JS_EXPORT_PRIVATE virtual ~CodeBlock();
+
+        UnlinkedCodeBlock* unlinkedCodeBlock() const { return m_unlinkedCode.get(); }
+
+        String inferredName() const;
+        CodeBlockHash hash() const;
+        String sourceCodeForTools() const; // Not quite the actual source we parsed; this will do things like prefix the source for a function with a reified signature.
+        String sourceCodeOnOneLine() const; // As sourceCodeForTools(), but replaces all whitespace runs with a single space.
+        void dumpAssumingJITType(PrintStream&, JITCode::JITType) const;
+        void dump(PrintStream&) const;
+
+        int numParameters() const { return m_numParameters; }
+        void setNumParameters(int newValue);
+
+        int* addressOfNumParameters() { return &m_numParameters; }
+        static ptrdiff_t offsetOfNumParameters() { return OBJECT_OFFSETOF(CodeBlock, m_numParameters); }
+
+        CodeBlock* alternative() { return m_alternative.get(); }
+        PassOwnPtr<CodeBlock> releaseAlternative() { return m_alternative.release(); }
+        void setAlternative(PassOwnPtr<CodeBlock> alternative) { m_alternative = alternative; }
+
+        CodeSpecializationKind specializationKind() const
+        {
+            return specializationFromIsConstruct(m_isConstructor);
+        }
 
-    CodeBlock* alternative() { return m_alternative.get(); }
-    PassOwnPtr<CodeBlock> releaseAlternative() { return m_alternative.release(); }
-    void setAlternative(PassOwnPtr<CodeBlock> alternative) { m_alternative = alternative; }
-        
-    CodeSpecializationKind specializationKind() const
-    {
-        return specializationFromIsConstruct(m_isConstructor);
-    }
-        
 #if ENABLE(JIT)
-    CodeBlock* baselineVersion()
-    {
-        CodeBlock* result = replacement();
-        if (!result)
-            return 0; // This can happen if we're in the process of creating the baseline version.
-        while (result->alternative())
-            result = result->alternative();
-        ASSERT(result);
-        ASSERT(JITCode::isBaselineCode(result->getJITType()));
-        return result;
-    }
+        CodeBlock* baselineVersion()
+        {
+            CodeBlock* result = replacement();
+            if (!result)
+                return 0; // This can happen if we're in the process of creating the baseline version.
+            while (result->alternative())
+                result = result->alternative();
+            ASSERT(result);
+            ASSERT(JITCode::isBaselineCode(result->getJITType()));
+            return result;
+        }
 #else
-    CodeBlock* baselineVersion()
-    {
-        return this;
-    }
+        CodeBlock* baselineVersion()
+        {
+            return this;
+        }
 #endif
 
-    void visitAggregate(SlotVisitor&);
+        void visitAggregate(SlotVisitor&);
 
-    static void dumpStatistics();
+        static void dumpStatistics();
 
-    void dumpBytecode(PrintStream& = WTF::dataFile());
-    void dumpBytecode(PrintStream&, unsigned bytecodeOffset);
-    void printStructures(PrintStream&, const Instruction*);
-    void printStructure(PrintStream&, const char* name, const Instruction*, int operand);
+        void dumpBytecode(PrintStream& = WTF::dataFile());
+        void dumpBytecode(PrintStream&, unsigned bytecodeOffset);
+        void printStructures(PrintStream&, const Instruction*);
+        void printStructure(PrintStream&, const char* name, const Instruction*, int operand);
 
-    bool isStrictMode() const { return m_isStrictMode; }
+        bool isStrictMode() const { return m_isStrictMode; }
 
-    inline bool isKnownNotImmediate(int index)
-    {
-        if (index == m_thisRegister && !m_isStrictMode)
-            return true;
+        inline bool isKnownNotImmediate(int index)
+        {
+            if (index == m_thisRegister && !m_isStrictMode)
+                return true;
 
-        if (isConstantRegisterIndex(index))
-            return getConstant(index).isCell();
+            if (isConstantRegisterIndex(index))
+                return getConstant(index).isCell();
 
-        return false;
-    }
+            return false;
+        }
 
-    ALWAYS_INLINE bool isTemporaryRegisterIndex(int index)
-    {
-        return index >= m_numVars;
-    }
+        ALWAYS_INLINE bool isTemporaryRegisterIndex(int index)
+        {
+            return index >= m_numVars;
+        }
 
-    HandlerInfo* handlerForBytecodeOffset(unsigned bytecodeOffset);
-    unsigned lineNumberForBytecodeOffset(unsigned bytecodeOffset);
-    unsigned columnNumberForBytecodeOffset(unsigned bytecodeOffset);
-    void expressionRangeForBytecodeOffset(unsigned bytecodeOffset, int& divot,
-        int& startOffset, int& endOffset, unsigned& line, unsigned& column);
+        HandlerInfo* handlerForBytecodeOffset(unsigned bytecodeOffset);
+        unsigned lineNumberForBytecodeOffset(unsigned bytecodeOffset);
+        unsigned columnNumberForBytecodeOffset(unsigned bytecodeOffset);
+        void expressionRangeForBytecodeOffset(unsigned bytecodeOffset, int& divot,
+                                              int& startOffset, int& endOffset, unsigned& line, unsigned& column);
 
 #if ENABLE(JIT)
 
-    StructureStubInfo& getStubInfo(ReturnAddressPtr returnAddress)
-    {
-        return *(binarySearch<StructureStubInfo, void*>(m_structureStubInfos, m_structureStubInfos.size(), returnAddress.value(), getStructureStubInfoReturnLocation));
-    }
+        StructureStubInfo& getStubInfo(ReturnAddressPtr returnAddress)
+        {
+            return *(binarySearch<StructureStubInfo, void*>(m_structureStubInfos, m_structureStubInfos.size(), returnAddress.value(), getStructureStubInfoReturnLocation));
+        }
 
-    StructureStubInfo& getStubInfo(unsigned bytecodeIndex)
-    {
-        return *(binarySearch<StructureStubInfo, unsigned>(m_structureStubInfos, m_structureStubInfos.size(), bytecodeIndex, getStructureStubInfoBytecodeIndex));
-    }
-        
-    void resetStub(StructureStubInfo&);
-        
-    ByValInfo& getByValInfo(unsigned bytecodeIndex)
-    {
-        return *(binarySearch<ByValInfo, unsigned>(m_byValInfos, m_byValInfos.size(), bytecodeIndex, getByValInfoBytecodeIndex));
-    }
+        StructureStubInfo& getStubInfo(unsigned bytecodeIndex)
+        {
+            return *(binarySearch<StructureStubInfo, unsigned>(m_structureStubInfos, m_structureStubInfos.size(), bytecodeIndex, getStructureStubInfoBytecodeIndex));
+        }
 
-    CallLinkInfo& getCallLinkInfo(ReturnAddressPtr returnAddress)
-    {
-        return *(binarySearch<CallLinkInfo, void*>(m_callLinkInfos, m_callLinkInfos.size(), returnAddress.value(), getCallLinkInfoReturnLocation));
-    }
-        
-    CallLinkInfo& getCallLinkInfo(unsigned bytecodeIndex)
-    {
-        ASSERT(JITCode::isBaselineCode(getJITType()));
-        return *(binarySearch<CallLinkInfo, unsigned>(m_callLinkInfos, m_callLinkInfos.size(), bytecodeIndex, getCallLinkInfoBytecodeIndex));
-    }
+        void resetStub(StructureStubInfo&);
+
+        ByValInfo& getByValInfo(unsigned bytecodeIndex)
+        {
+            return *(binarySearch<ByValInfo, unsigned>(m_byValInfos, m_byValInfos.size(), bytecodeIndex, getByValInfoBytecodeIndex));
+        }
+
+        CallLinkInfo& getCallLinkInfo(ReturnAddressPtr returnAddress)
+        {
+            return *(binarySearch<CallLinkInfo, void*>(m_callLinkInfos, m_callLinkInfos.size(), returnAddress.value(), getCallLinkInfoReturnLocation));
+        }
+
+        CallLinkInfo& getCallLinkInfo(unsigned bytecodeIndex)
+        {
+            ASSERT(JITCode::isBaselineCode(getJITType()));
+            return *(binarySearch<CallLinkInfo, unsigned>(m_callLinkInfos, m_callLinkInfos.size(), bytecodeIndex, getCallLinkInfoBytecodeIndex));
+        }
 #endif // ENABLE(JIT)
 
 #if ENABLE(LLINT)
-    Instruction* adjustPCIfAtCallSite(Instruction*);
+        Instruction* adjustPCIfAtCallSite(Instruction*);
 #endif
-    unsigned bytecodeOffset(ExecState*, ReturnAddressPtr);
+        unsigned bytecodeOffset(ExecState*, ReturnAddressPtr);
 
 #if ENABLE(JIT)
-    unsigned bytecodeOffsetForCallAtIndex(unsigned index)
-    {
-        if (!m_rareData)
-            return 1;
-        Vector<CallReturnOffsetToBytecodeOffset, 0, UnsafeVectorOverflow>& callIndices = m_rareData->m_callReturnIndexVector;
-        if (!callIndices.size())
-            return 1;
-        // FIXME: Fix places in DFG that call out to C that don't set the CodeOrigin. https://bugs.webkit.org/show_bug.cgi?id=118315 
-        ASSERT(index < m_rareData->m_callReturnIndexVector.size());
-        if (index >= m_rareData->m_callReturnIndexVector.size())
-            return 1;
-        return m_rareData->m_callReturnIndexVector[index].bytecodeOffset;
-    }
+        unsigned bytecodeOffsetForCallAtIndex(unsigned index)
+        {
+            if (!m_rareData)
+                return 1;
+            Vector<CallReturnOffsetToBytecodeOffset, 0, UnsafeVectorOverflow>& callIndices = m_rareData->m_callReturnIndexVector;
+            if (!callIndices.size())
+                return 1;
+            // FIXME: Fix places in DFG that call out to C that don't set the CodeOrigin. https://bugs.webkit.org/show_bug.cgi?id=118315
+            ASSERT(index < m_rareData->m_callReturnIndexVector.size());
+            if (index >= m_rareData->m_callReturnIndexVector.size())
+                return 1;
+            return m_rareData->m_callReturnIndexVector[index].bytecodeOffset;
+        }
 
-    void unlinkCalls();
-        
-    bool hasIncomingCalls() { return m_incomingCalls.begin() != m_incomingCalls.end(); }
-        
-    void linkIncomingCall(CallLinkInfo* incoming)
-    {
-        m_incomingCalls.push(incoming);
-    }
-        
-    bool isIncomingCallAlreadyLinked(CallLinkInfo* incoming)
-    {
-        return m_incomingCalls.isOnList(incoming);
-    }
+        void unlinkCalls();
+
+        bool hasIncomingCalls() { return m_incomingCalls.begin() != m_incomingCalls.end(); }
+
+        void linkIncomingCall(CallLinkInfo* incoming)
+        {
+            m_incomingCalls.push(incoming);
+        }
+
+        bool isIncomingCallAlreadyLinked(CallLinkInfo* incoming)
+        {
+            return m_incomingCalls.isOnList(incoming);
+        }
 #endif // ENABLE(JIT)
 
 #if ENABLE(LLINT)
-    void linkIncomingCall(LLIntCallLinkInfo* incoming)
-    {
-        m_incomingLLIntCalls.push(incoming);
-    }
+        void linkIncomingCall(LLIntCallLinkInfo* incoming)
+        {
+            m_incomingLLIntCalls.push(incoming);
+        }
 #endif // ENABLE(LLINT)
-        
-    void unlinkIncomingCalls();
+
+        void unlinkIncomingCalls();
 
 #if ENABLE(DFG_JIT) || ENABLE(LLINT)
-    void setJITCodeMap(PassOwnPtr<CompactJITCodeMap> jitCodeMap)
-    {
-        m_jitCodeMap = jitCodeMap;
-    }
-    CompactJITCodeMap* jitCodeMap()
-    {
-        return m_jitCodeMap.get();
-    }
+        void setJITCodeMap(PassOwnPtr<CompactJITCodeMap> jitCodeMap)
+        {
+            m_jitCodeMap = jitCodeMap;
+        }
+        CompactJITCodeMap* jitCodeMap()
+        {
+            return m_jitCodeMap.get();
+        }
 #endif
         
-    unsigned bytecodeOffset(Instruction* returnAddress)
-    {
-        RELEASE_ASSERT(returnAddress >= instructions().begin() && returnAddress < instructions().end());
-        return static_cast<Instruction*>(returnAddress) - instructions().begin();
-    }
+        unsigned bytecodeOffset(Instruction* returnAddress)
+        {
+            RELEASE_ASSERT(returnAddress >= instructions().begin() && returnAddress < instructions().end());
+            return static_cast<Instruction*>(returnAddress) - instructions().begin();
+        }
 
-    bool isNumericCompareFunction() { return m_unlinkedCode->isNumericCompareFunction(); }
+        bool isNumericCompareFunction() { return m_unlinkedCode->isNumericCompareFunction(); }
 
-    unsigned numberOfInstructions() const { return m_instructions.size(); }
-    RefCountedArray<Instruction>& instructions() { return m_instructions; }
-    const RefCountedArray<Instruction>& instructions() const { return m_instructions; }
-        
-    size_t predictedMachineCodeSize();
-        
-    bool usesOpcode(OpcodeID);
+        unsigned numberOfInstructions() const { return m_instructions.size(); }
+        RefCountedArray<Instruction>& instructions() { return m_instructions; }
+        const RefCountedArray<Instruction>& instructions() const { return m_instructions; }
 
-    unsigned instructionCount() { return m_instructions.size(); }
+        size_t predictedMachineCodeSize();
 
-    int argumentIndexAfterCapture(size_t argument);
+        bool usesOpcode(OpcodeID);
+
+        unsigned instructionCount() { return m_instructions.size(); }
+
+        int argumentIndexAfterCapture(size_t argument);
 
 #if ENABLE(JIT)
-    void setJITCode(PassRefPtr<JITCode> code, MacroAssemblerCodePtr codeWithArityCheck)
-    {
-        m_jitCode = code;
-        m_jitCodeWithArityCheck = codeWithArityCheck;
+        void setJITCode(PassRefPtr<JITCode> code, MacroAssemblerCodePtr codeWithArityCheck)
+        {
+            m_jitCode = code;
+            m_jitCodeWithArityCheck = codeWithArityCheck;
 #if ENABLE(DFG_JIT)
-        if (JITCode::isOptimizingJIT(JITCode::jitTypeFor(m_jitCode)))
-            m_vm->heap.m_dfgCodeBlocks.m_set.add(this);
+            if (JITCode::isOptimizingJIT(JITCode::jitTypeFor(m_jitCode)))
+                m_vm->heap.m_dfgCodeBlocks.m_set.add(this);
 #endif
-    }
-    PassRefPtr<JITCode> getJITCode() { return m_jitCode; }
-    MacroAssemblerCodePtr getJITCodeWithArityCheck() { return m_jitCodeWithArityCheck; }
-    JITCode::JITType getJITType() const { return JITCode::jitTypeFor(m_jitCode); }
-    virtual JSObject* compileOptimized(ExecState*, JSScope*, unsigned bytecodeIndex) = 0;
-    void jettison();
-    enum JITCompilationResult { AlreadyCompiled, CouldNotCompile, CompiledSuccessfully };
-    JITCompilationResult jitCompile(ExecState* exec)
-    {
-        if (getJITType() != JITCode::InterpreterThunk) {
-            ASSERT(getJITType() == JITCode::BaselineJIT);
-            return AlreadyCompiled;
         }
+        PassRefPtr<JITCode> getJITCode() { return m_jitCode; }
+        MacroAssemblerCodePtr getJITCodeWithArityCheck() { return m_jitCodeWithArityCheck; }
+        JITCode::JITType getJITType() const { return JITCode::jitTypeFor(m_jitCode); }
+        virtual JSObject* compileOptimized(ExecState*, JSScope*, unsigned bytecodeIndex) = 0;
+        void jettison();
+        enum JITCompilationResult { AlreadyCompiled, CouldNotCompile, CompiledSuccessfully };
+        JITCompilationResult jitCompile(ExecState* exec)
+        {
+            if (getJITType() != JITCode::InterpreterThunk) {
+                ASSERT(getJITType() == JITCode::BaselineJIT);
+                return AlreadyCompiled;
+            }
 #if ENABLE(JIT)
-        if (jitCompileImpl(exec))
-            return CompiledSuccessfully;
-        return CouldNotCompile;
+            if (jitCompileImpl(exec))
+                return CompiledSuccessfully;
+            return CouldNotCompile;
 #else
-        UNUSED_PARAM(exec);
-        return CouldNotCompile;
+            UNUSED_PARAM(exec);
+            return CouldNotCompile;
 #endif
-    }
-    virtual CodeBlock* replacement() = 0;
-
-    virtual DFG::CapabilityLevel canCompileWithDFGInternal() = 0;
-    DFG::CapabilityLevel canCompileWithDFG()
-    {
-        DFG::CapabilityLevel result = canCompileWithDFGInternal();
-        m_canCompileWithDFGState = result;
-        return result;
-    }
-    DFG::CapabilityLevel canCompileWithDFGState() { return m_canCompileWithDFGState; }
+        }
+        virtual CodeBlock* replacement() = 0;
+
+        virtual DFG::CapabilityLevel canCompileWithDFGInternal() = 0;
+        DFG::CapabilityLevel canCompileWithDFG()
+        {
+            DFG::CapabilityLevel result = canCompileWithDFGInternal();
+            m_canCompileWithDFGState = result;
+            return result;
+        }
+        DFG::CapabilityLevel canCompileWithDFGState() { return m_canCompileWithDFGState; }
 
-    bool hasOptimizedReplacement()
-    {
-        ASSERT(JITCode::isBaselineCode(getJITType()));
-        bool result = JITCode::isHigherTier(replacement()->getJITType(), getJITType());
+        bool hasOptimizedReplacement()
+        {
+            ASSERT(JITCode::isBaselineCode(getJITType()));
+            bool result = JITCode::isHigherTier(replacement()->getJITType(), getJITType());
 #if !ASSERT_DISABLED
-        if (result)
-            ASSERT(JITCode::isOptimizingJIT(replacement()->getJITType()));
-        else {
-            ASSERT(JITCode::isBaselineCode(replacement()->getJITType()));
-            ASSERT(replacement() == this);
-        }
+            if (result)
+                ASSERT(JITCode::isOptimizingJIT(replacement()->getJITType()));
+            else {
+                ASSERT(JITCode::isBaselineCode(replacement()->getJITType()));
+                ASSERT(replacement() == this);
+            }
 #endif
-        return result;
-    }
+            return result;
+        }
 #else
-    JITCode::JITType getJITType() const { return JITCode::BaselineJIT; }
+        JITCode::JITType getJITType() const { return JITCode::BaselineJIT; }
 #endif
 
-    ScriptExecutable* ownerExecutable() const { return m_ownerExecutable.get(); }
+        ScriptExecutable* ownerExecutable() const { return m_ownerExecutable.get(); }
 
-    void setVM(VM* vm) { m_vm = vm; }
-    VM* vm() { return m_vm; }
+        void setVM(VM* vm) { m_vm = vm; }
+        VM* vm() { return m_vm; }
 
-    void setThisRegister(int thisRegister) { m_thisRegister = thisRegister; }
-    int thisRegister() const { return m_thisRegister; }
+        void setThisRegister(int thisRegister) { m_thisRegister = thisRegister; }
+        int thisRegister() const { return m_thisRegister; }
 
-    bool needsFullScopeChain() const { return m_unlinkedCode->needsFullScopeChain(); }
-    bool usesEval() const { return m_unlinkedCode->usesEval(); }
-        
-    void setArgumentsRegister(int argumentsRegister)
-    {
-        ASSERT(argumentsRegister != -1);
-        m_argumentsRegister = argumentsRegister;
-        ASSERT(usesArguments());
-    }
-    int argumentsRegister() const
-    {
-        ASSERT(usesArguments());
-        return m_argumentsRegister;
-    }
-    int uncheckedArgumentsRegister()
-    {
-        if (!usesArguments())
-            return InvalidVirtualRegister;
-        return argumentsRegister();
-    }
-    void setActivationRegister(int activationRegister)
-    {
-        m_activationRegister = activationRegister;
-    }
-    int activationRegister() const
-    {
-        ASSERT(needsFullScopeChain());
-        return m_activationRegister;
-    }
-    int uncheckedActivationRegister()
-    {
-        if (!needsFullScopeChain())
-            return InvalidVirtualRegister;
-        return activationRegister();
-    }
-    bool usesArguments() const { return m_argumentsRegister != -1; }
-        
-    bool needsActivation() const
-    {
-        return needsFullScopeChain() && codeType() != GlobalCode;
-    }
+        bool needsFullScopeChain() const { return m_unlinkedCode->needsFullScopeChain(); }
+        bool usesEval() const { return m_unlinkedCode->usesEval(); }
 
-    bool isCaptured(int operand, InlineCallFrame* inlineCallFrame = 0) const
-    {
-        if (operandIsArgument(operand))
-            return operandToArgument(operand) && usesArguments();
+        void setArgumentsRegister(int argumentsRegister)
+        {
+            ASSERT(argumentsRegister != -1);
+            m_argumentsRegister = argumentsRegister;
+            ASSERT(usesArguments());
+        }
+        int argumentsRegister() const
+        {
+            ASSERT(usesArguments());
+            return m_argumentsRegister;
+        }
+        int uncheckedArgumentsRegister()
+        {
+            if (!usesArguments())
+                return InvalidVirtualRegister;
+            return argumentsRegister();
+        }
+        void setActivationRegister(int activationRegister)
+        {
+            m_activationRegister = activationRegister;
+        }
+        int activationRegister() const
+        {
+            ASSERT(needsFullScopeChain());
+            return m_activationRegister;
+        }
+        int uncheckedActivationRegister()
+        {
+            if (!needsFullScopeChain())
+                return InvalidVirtualRegister;
+            return activationRegister();
+        }
+        bool usesArguments() const { return m_argumentsRegister != -1; }
+
+        bool needsActivation() const
+        {
+            return needsFullScopeChain() && codeType() != GlobalCode;
+        }
 
-        if (inlineCallFrame)
-            return inlineCallFrame->capturedVars.get(operand);
+        bool isCaptured(int operand, InlineCallFrame* inlineCallFrame = 0) const
+        {
+            if (operandIsArgument(operand))
+                return operandToArgument(operand) && usesArguments();
 
-        // The activation object isn't in the captured region, but it's "captured"
-        // in the sense that stores to its location can be observed indirectly.
-        if (needsActivation() && operand == activationRegister())
-            return true;
+            if (inlineCallFrame)
+                return inlineCallFrame->capturedVars.get(operand);
 
-        // Ditto for the arguments object.
-        if (usesArguments() && operand == argumentsRegister())
-            return true;
+            // The activation object isn't in the captured region, but it's "captured"
+            // in the sense that stores to its location can be observed indirectly.
+            if (needsActivation() && operand == activationRegister())
+                return true;
 
-        // Ditto for the arguments object.
-        if (usesArguments() && operand == unmodifiedArgumentsRegister(argumentsRegister()))
-            return true;
+            // Ditto for the arguments object.
+            if (usesArguments() && operand == argumentsRegister())
+                return true;
 
-        // We're in global code so there are no locals to capture
-        if (!symbolTable())
-            return false;
+            // Ditto for the arguments object.
+            if (usesArguments() && operand == unmodifiedArgumentsRegister(argumentsRegister()))
+                return true;
 
-        return operand >= symbolTable()->captureStart()
+            // We're in global code so there are no locals to capture
+            if (!symbolTable())
+                return false;
+
+            return operand >= symbolTable()->captureStart()
             && operand < symbolTable()->captureEnd();
-    }
+        }
 
-    CodeType codeType() const { return m_unlinkedCode->codeType(); }
+        CodeType codeType() const { return m_unlinkedCode->codeType(); }
 
-    SourceProvider* source() const { return m_source.get(); }
-    unsigned sourceOffset() const { return m_sourceOffset; }
-    unsigned firstLineColumnOffset() const { return m_firstLineColumnOffset; }
+        SourceProvider* source() const { return m_source.get(); }
+        unsigned sourceOffset() const { return m_sourceOffset; }
+        unsigned firstLineColumnOffset() const { return m_firstLineColumnOffset; }
 
-    size_t numberOfJumpTargets() const { return m_unlinkedCode->numberOfJumpTargets(); }
-    unsigned jumpTarget(int index) const { return m_unlinkedCode->jumpTarget(index); }
+        size_t numberOfJumpTargets() const { return m_unlinkedCode->numberOfJumpTargets(); }
+        unsigned jumpTarget(int index) const { return m_unlinkedCode->jumpTarget(index); }
 
-    void createActivation(CallFrame*);
+        void createActivation(CallFrame*);
 
-    void clearEvalCache();
-        
-    String nameForRegister(int registerNumber);
+        void clearEvalCache();
+
+        String nameForRegister(int registerNumber);
 
 #if ENABLE(JIT)
-    void setNumberOfStructureStubInfos(size_t size) { m_structureStubInfos.grow(size); }
-    size_t numberOfStructureStubInfos() const { return m_structureStubInfos.size(); }
-    StructureStubInfo& structureStubInfo(int index) { return m_structureStubInfos[index]; }
-        
-    void setNumberOfByValInfos(size_t size) { m_byValInfos.grow(size); }
-    size_t numberOfByValInfos() const { return m_byValInfos.size(); }
-    ByValInfo& byValInfo(size_t index) { return m_byValInfos[index]; }
+        void setNumberOfStructureStubInfos(size_t size) { m_structureStubInfos.grow(size); }
+        size_t numberOfStructureStubInfos() const { return m_structureStubInfos.size(); }
+        StructureStubInfo& structureStubInfo(int index) { return m_structureStubInfos[index]; }
+
+        void setNumberOfByValInfos(size_t size) { m_byValInfos.grow(size); }
+        size_t numberOfByValInfos() const { return m_byValInfos.size(); }
+        ByValInfo& byValInfo(size_t index) { return m_byValInfos[index]; }
 
-    void setNumberOfCallLinkInfos(size_t size) { m_callLinkInfos.grow(size); }
-    size_t numberOfCallLinkInfos() const { return m_callLinkInfos.size(); }
-    CallLinkInfo& callLinkInfo(int index) { return m_callLinkInfos[index]; }
+        void setNumberOfCallLinkInfos(size_t size) { m_callLinkInfos.grow(size); }
+        size_t numberOfCallLinkInfos() const { return m_callLinkInfos.size(); }
+        CallLinkInfo& callLinkInfo(int index) { return m_callLinkInfos[index]; }
 #endif
-        
+
 #if ENABLE(VALUE_PROFILER)
-    unsigned numberOfArgumentValueProfiles()
-    {
-        ASSERT(m_numParameters >= 0);
-        ASSERT(m_argumentValueProfiles.size() == static_cast<unsigned>(m_numParameters));
-        return m_argumentValueProfiles.size();
-    }
-    ValueProfile* valueProfileForArgument(unsigned argumentIndex)
-    {
-        ValueProfile* result = &m_argumentValueProfiles[argumentIndex];
-        ASSERT(result->m_bytecodeOffset == -1);
-        return result;
-    }
+        unsigned numberOfArgumentValueProfiles()
+        {
+            ASSERT(m_numParameters >= 0);
+            ASSERT(m_argumentValueProfiles.size() == static_cast<unsigned>(m_numParameters));
+            return m_argumentValueProfiles.size();
+        }
+        ValueProfile* valueProfileForArgument(unsigned argumentIndex)
+        {
+            ValueProfile* result = &m_argumentValueProfiles[argumentIndex];
+            ASSERT(result->m_bytecodeOffset == -1);
+            return result;
+        }
 
-    unsigned numberOfValueProfiles() { return m_valueProfiles.size(); }
-    ValueProfile* valueProfile(int index) { return &m_valueProfiles[index]; }
-    ValueProfile* valueProfileForBytecodeOffset(int bytecodeOffset)
-    {
-        ValueProfile* result = binarySearch<ValueProfile, int>(
-            m_valueProfiles, m_valueProfiles.size(), bytecodeOffset,
-            getValueProfileBytecodeOffset<ValueProfile>);
-        ASSERT(result->m_bytecodeOffset != -1);
-        ASSERT(instructions()[bytecodeOffset + opcodeLength(
-            m_vm->interpreter->getOpcodeID(
-                instructions()[
-                    bytecodeOffset].u.opcode)) - 1].u.profile == result);
-        return result;
-    }
-    SpeculatedType valueProfilePredictionForBytecodeOffset(int bytecodeOffset)
-    {
-        return valueProfileForBytecodeOffset(bytecodeOffset)->computeUpdatedPrediction();
-    }
-        
-    unsigned totalNumberOfValueProfiles()
-    {
-        return numberOfArgumentValueProfiles() + numberOfValueProfiles();
-    }
-    ValueProfile* getFromAllValueProfiles(unsigned index)
-    {
-        if (index < numberOfArgumentValueProfiles())
-            return valueProfileForArgument(index);
-        return valueProfile(index - numberOfArgumentValueProfiles());
-    }
-        
-    RareCaseProfile* addRareCaseProfile(int bytecodeOffset)
-    {
-        m_rareCaseProfiles.append(RareCaseProfile(bytecodeOffset));
-        return &m_rareCaseProfiles.last();
-    }
-    unsigned numberOfRareCaseProfiles() { return m_rareCaseProfiles.size(); }
-    RareCaseProfile* rareCaseProfile(int index) { return &m_rareCaseProfiles[index]; }
-    RareCaseProfile* rareCaseProfileForBytecodeOffset(int bytecodeOffset)
-    {
-        return tryBinarySearch<RareCaseProfile, int>(
-            m_rareCaseProfiles, m_rareCaseProfiles.size(), bytecodeOffset,
-            getRareCaseProfileBytecodeOffset);
-    }
-        
-    bool likelyToTakeSlowCase(int bytecodeOffset)
-    {
-        if (!numberOfRareCaseProfiles())
-            return false;
-        unsigned value = rareCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
-        return value >= Options::likelyToTakeSlowCaseMinimumCount();
-    }
-        
-    bool couldTakeSlowCase(int bytecodeOffset)
-    {
-        if (!numberOfRareCaseProfiles())
-            return false;
-        unsigned value = rareCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
-        return value >= Options::couldTakeSlowCaseMinimumCount();
-    }
-        
-    RareCaseProfile* addSpecialFastCaseProfile(int bytecodeOffset)
-    {
-        m_specialFastCaseProfiles.append(RareCaseProfile(bytecodeOffset));
-        return &m_specialFastCaseProfiles.last();
-    }
-    unsigned numberOfSpecialFastCaseProfiles() { return m_specialFastCaseProfiles.size(); }
-    RareCaseProfile* specialFastCaseProfile(int index) { return &m_specialFastCaseProfiles[index]; }
-    RareCaseProfile* specialFastCaseProfileForBytecodeOffset(int bytecodeOffset)
-    {
-        return tryBinarySearch<RareCaseProfile, int>(
-            m_specialFastCaseProfiles, m_specialFastCaseProfiles.size(), bytecodeOffset,
-            getRareCaseProfileBytecodeOffset);
-    }
-        
-    bool likelyToTakeSpecialFastCase(int bytecodeOffset)
-    {
-        if (!numberOfRareCaseProfiles())
-            return false;
-        unsigned specialFastCaseCount = specialFastCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
-        return specialFastCaseCount >= Options::likelyToTakeSlowCaseMinimumCount();
-    }
-        
-    bool couldTakeSpecialFastCase(int bytecodeOffset)
-    {
-        if (!numberOfRareCaseProfiles())
-            return false;
-        unsigned specialFastCaseCount = specialFastCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
-        return specialFastCaseCount >= Options::couldTakeSlowCaseMinimumCount();
-    }
-        
-    bool likelyToTakeDeepestSlowCase(int bytecodeOffset)
-    {
-        if (!numberOfRareCaseProfiles())
-            return false;
-        unsigned slowCaseCount = rareCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
-        unsigned specialFastCaseCount = specialFastCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
-        unsigned value = slowCaseCount - specialFastCaseCount;
-        return value >= Options::likelyToTakeSlowCaseMinimumCount();
-    }
-        
-    bool likelyToTakeAnySlowCase(int bytecodeOffset)
-    {
-        if (!numberOfRareCaseProfiles())
-            return false;
-        unsigned slowCaseCount = rareCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
-        unsigned specialFastCaseCount = specialFastCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
-        unsigned value = slowCaseCount + specialFastCaseCount;
-        return value >= Options::likelyToTakeSlowCaseMinimumCount();
-    }
-        
-    unsigned numberOfArrayProfiles() const { return m_arrayProfiles.size(); }
-    const ArrayProfileVector& arrayProfiles() { return m_arrayProfiles; }
-    ArrayProfile* addArrayProfile(unsigned bytecodeOffset)
-    {
-        m_arrayProfiles.append(ArrayProfile(bytecodeOffset));
-        return &m_arrayProfiles.last();
-    }
-    ArrayProfile* getArrayProfile(unsigned bytecodeOffset);
-    ArrayProfile* getOrAddArrayProfile(unsigned bytecodeOffset);
-#endif
+        unsigned numberOfValueProfiles() { return m_valueProfiles.size(); }
+        ValueProfile* valueProfile(int index) { return &m_valueProfiles[index]; }
+        ValueProfile* valueProfileForBytecodeOffset(int bytecodeOffset)
+        {
+            ValueProfile* result = binarySearch<ValueProfile, int>(
+                                                                   m_valueProfiles, m_valueProfiles.size(), bytecodeOffset,
+                                                                   getValueProfileBytecodeOffset<ValueProfile>);
+            ASSERT(result->m_bytecodeOffset != -1);
+            ASSERT(instructions()[bytecodeOffset + opcodeLength(
+                                                                m_vm->interpreter->getOpcodeID(
+                                                                                               instructions()[
+                                                                                                              bytecodeOffset].u.opcode)) - 1].u.profile == result);
+            return result;
+        }
+        SpeculatedType valueProfilePredictionForBytecodeOffset(int bytecodeOffset)
+        {
+            return valueProfileForBytecodeOffset(bytecodeOffset)->computeUpdatedPrediction();
+        }
 
-    // Exception handling support
+        unsigned totalNumberOfValueProfiles()
+        {
+            return numberOfArgumentValueProfiles() + numberOfValueProfiles();
+        }
+        ValueProfile* getFromAllValueProfiles(unsigned index)
+        {
+            if (index < numberOfArgumentValueProfiles())
+                return valueProfileForArgument(index);
+            return valueProfile(index - numberOfArgumentValueProfiles());
+        }
 
-    size_t numberOfExceptionHandlers() const { return m_rareData ? m_rareData->m_exceptionHandlers.size() : 0; }
-    void allocateHandlers(const Vector<UnlinkedHandlerInfo>& unlinkedHandlers)
-    {
-        size_t count = unlinkedHandlers.size();
-        if (!count)
-            return;
-        createRareDataIfNecessary();
-        m_rareData->m_exceptionHandlers.resize(count);
-        for (size_t i = 0; i < count; ++i) {
-            m_rareData->m_exceptionHandlers[i].start = unlinkedHandlers[i].start;
-            m_rareData->m_exceptionHandlers[i].end = unlinkedHandlers[i].end;
-            m_rareData->m_exceptionHandlers[i].target = unlinkedHandlers[i].target;
-            m_rareData->m_exceptionHandlers[i].scopeDepth = unlinkedHandlers[i].scopeDepth;
+        RareCaseProfile* addRareCaseProfile(int bytecodeOffset)
+        {
+            m_rareCaseProfiles.append(RareCaseProfile(bytecodeOffset));
+            return &m_rareCaseProfiles.last();
+        }
+        unsigned numberOfRareCaseProfiles() { return m_rareCaseProfiles.size(); }
+        RareCaseProfile* rareCaseProfile(int index) { return &m_rareCaseProfiles[index]; }
+        RareCaseProfile* rareCaseProfileForBytecodeOffset(int bytecodeOffset)
+        {
+            return tryBinarySearch<RareCaseProfile, int>(
+                                                         m_rareCaseProfiles, m_rareCaseProfiles.size(), bytecodeOffset,
+                                                         getRareCaseProfileBytecodeOffset);
         }
 
-    }
-    HandlerInfo& exceptionHandler(int index) { RELEASE_ASSERT(m_rareData); return m_rareData->m_exceptionHandlers[index]; }
+        bool likelyToTakeSlowCase(int bytecodeOffset)
+        {
+            if (!numberOfRareCaseProfiles())
+                return false;
+            unsigned value = rareCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
+            return value >= Options::likelyToTakeSlowCaseMinimumCount();
+        }
+
+        bool couldTakeSlowCase(int bytecodeOffset)
+        {
+            if (!numberOfRareCaseProfiles())
+                return false;
+            unsigned value = rareCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
+            return value >= Options::couldTakeSlowCaseMinimumCount();
+        }
 
-    bool hasExpressionInfo() { return m_unlinkedCode->hasExpressionInfo(); }
+        RareCaseProfile* addSpecialFastCaseProfile(int bytecodeOffset)
+        {
+            m_specialFastCaseProfiles.append(RareCaseProfile(bytecodeOffset));
+            return &m_specialFastCaseProfiles.last();
+        }
+        unsigned numberOfSpecialFastCaseProfiles() { return m_specialFastCaseProfiles.size(); }
+        RareCaseProfile* specialFastCaseProfile(int index) { return &m_specialFastCaseProfiles[index]; }
+        RareCaseProfile* specialFastCaseProfileForBytecodeOffset(int bytecodeOffset)
+        {
+            return tryBinarySearch<RareCaseProfile, int>(
+                                                         m_specialFastCaseProfiles, m_specialFastCaseProfiles.size(), bytecodeOffset,
+                                                         getRareCaseProfileBytecodeOffset);
+        }
+
+        bool likelyToTakeSpecialFastCase(int bytecodeOffset)
+        {
+            if (!numberOfRareCaseProfiles())
+                return false;
+            unsigned specialFastCaseCount = specialFastCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
+            return specialFastCaseCount >= Options::likelyToTakeSlowCaseMinimumCount();
+        }
+
+        bool couldTakeSpecialFastCase(int bytecodeOffset)
+        {
+            if (!numberOfRareCaseProfiles())
+                return false;
+            unsigned specialFastCaseCount = specialFastCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
+            return specialFastCaseCount >= Options::couldTakeSlowCaseMinimumCount();
+        }
+
+        bool likelyToTakeDeepestSlowCase(int bytecodeOffset)
+        {
+            if (!numberOfRareCaseProfiles())
+                return false;
+            unsigned slowCaseCount = rareCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
+            unsigned specialFastCaseCount = specialFastCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
+            unsigned value = slowCaseCount - specialFastCaseCount;
+            return value >= Options::likelyToTakeSlowCaseMinimumCount();
+        }
+
+        bool likelyToTakeAnySlowCase(int bytecodeOffset)
+        {
+            if (!numberOfRareCaseProfiles())
+                return false;
+            unsigned slowCaseCount = rareCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
+            unsigned specialFastCaseCount = specialFastCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
+            unsigned value = slowCaseCount + specialFastCaseCount;
+            return value >= Options::likelyToTakeSlowCaseMinimumCount();
+        }
+
+        unsigned numberOfArrayProfiles() const { return m_arrayProfiles.size(); }
+        const ArrayProfileVector& arrayProfiles() { return m_arrayProfiles; }
+        ArrayProfile* addArrayProfile(unsigned bytecodeOffset)
+        {
+            m_arrayProfiles.append(ArrayProfile(bytecodeOffset));
+            return &m_arrayProfiles.last();
+        }
+        ArrayProfile* getArrayProfile(unsigned bytecodeOffset);
+        ArrayProfile* getOrAddArrayProfile(unsigned bytecodeOffset);
+#endif
+
+        // Exception handling support
+
+        size_t numberOfExceptionHandlers() const { return m_rareData ? m_rareData->m_exceptionHandlers.size() : 0; }
+        void allocateHandlers(const Vector<UnlinkedHandlerInfo>& unlinkedHandlers)
+        {
+            size_t count = unlinkedHandlers.size();
+            if (!count)
+                return;
+            createRareDataIfNecessary();
+            m_rareData->m_exceptionHandlers.resize(count);
+            for (size_t i = 0; i < count; ++i) {
+                m_rareData->m_exceptionHandlers[i].start = unlinkedHandlers[i].start;
+                m_rareData->m_exceptionHandlers[i].end = unlinkedHandlers[i].end;
+                m_rareData->m_exceptionHandlers[i].target = unlinkedHandlers[i].target;
+                m_rareData->m_exceptionHandlers[i].scopeDepth = unlinkedHandlers[i].scopeDepth;
+            }
+
+        }
+        HandlerInfo& exceptionHandler(int index) { RELEASE_ASSERT(m_rareData); return m_rareData->m_exceptionHandlers[index]; }
+
+        bool hasExpressionInfo() { return m_unlinkedCode->hasExpressionInfo(); }
 
 #if ENABLE(JIT)
-    Vector<CallReturnOffsetToBytecodeOffset, 0, UnsafeVectorOverflow>& callReturnIndexVector()
-    {
-        createRareDataIfNecessary();
-        return m_rareData->m_callReturnIndexVector;
-    }
+        Vector<CallReturnOffsetToBytecodeOffset, 0, UnsafeVectorOverflow>& callReturnIndexVector()
+        {
+            createRareDataIfNecessary();
+            return m_rareData->m_callReturnIndexVector;
+        }
 #endif
 
 #if ENABLE(DFG_JIT)
-    SegmentedVector<InlineCallFrame, 4>& inlineCallFrames()
-    {
-        createRareDataIfNecessary();
-        return m_rareData->m_inlineCallFrames;
-    }
-        
-    Vector<CodeOriginAtCallReturnOffset, 0, UnsafeVectorOverflow>& codeOrigins()
-    {
-        createRareDataIfNecessary();
-        return m_rareData->m_codeOrigins;
-    }
-        
-    // Having code origins implies that there has been some inlining.
-    bool hasCodeOrigins()
-    {
-        return m_rareData && !!m_rareData->m_codeOrigins.size();
-    }
-        
-    bool codeOriginForReturn(ReturnAddressPtr, CodeOrigin&);
-        
-    bool canGetCodeOrigin(unsigned index)
-    {
-        if (!m_rareData)
-            return false;
-        return m_rareData->m_codeOrigins.size() > index;
-    }
-        
-    CodeOrigin codeOrigin(unsigned index)
-    {
-        RELEASE_ASSERT(m_rareData);
-        return m_rareData->m_codeOrigins[index].codeOrigin;
-    }
-        
-    bool addFrequentExitSite(const DFG::FrequentExitSite& site)
-    {
-        ASSERT(JITCode::isBaselineCode(getJITType()));
-        return m_exitProfile.add(site);
-    }
-        
-    bool hasExitSite(const DFG::FrequentExitSite& site) const { return m_exitProfile.hasExitSite(site); }
+        SegmentedVector<InlineCallFrame, 4>& inlineCallFrames()
+        {
+            createRareDataIfNecessary();
+            return m_rareData->m_inlineCallFrames;
+        }
 
-    DFG::ExitProfile& exitProfile() { return m_exitProfile; }
-        
-    CompressedLazyOperandValueProfileHolder& lazyOperandValueProfiles()
-    {
-        return m_lazyOperandValueProfiles;
-    }
+        Vector<CodeOriginAtCallReturnOffset, 0, UnsafeVectorOverflow>& codeOrigins()
+        {
+            createRareDataIfNecessary();
+            return m_rareData->m_codeOrigins;
+        }
+
+        // Having code origins implies that there has been some inlining.
+        bool hasCodeOrigins()
+        {
+            return m_rareData && !!m_rareData->m_codeOrigins.size();
+        }
+
+        bool codeOriginForReturn(ReturnAddressPtr, CodeOrigin&);
+
+        bool canGetCodeOrigin(unsigned index)
+        {
+            if (!m_rareData)
+                return false;
+            return m_rareData->m_codeOrigins.size() > index;
+        }
+
+        CodeOrigin codeOrigin(unsigned index)
+        {
+            RELEASE_ASSERT(m_rareData);
+            return m_rareData->m_codeOrigins[index].codeOrigin;
+        }
+
+        bool addFrequentExitSite(const DFG::FrequentExitSite& site)
+        {
+            ASSERT(JITCode::isBaselineCode(getJITType()));
+            return m_exitProfile.add(site);
+        }
+
+        bool hasExitSite(const DFG::FrequentExitSite& site) const { return m_exitProfile.hasExitSite(site); }
+
+        DFG::ExitProfile& exitProfile() { return m_exitProfile; }
+
+        CompressedLazyOperandValueProfileHolder& lazyOperandValueProfiles()
+        {
+            return m_lazyOperandValueProfiles;
+        }
 #endif
 
-    // Constant Pool
+        // Constant Pool
 
-    size_t numberOfIdentifiers() const { return m_identifiers.size(); }
-    void addIdentifier(const Identifier& i) { return m_identifiers.append(i); }
-    Identifier& identifier(int index) { return m_identifiers[index]; }
+        size_t numberOfIdentifiers() const { return m_identifiers.size(); }
+        void addIdentifier(const Identifier& i) { return m_identifiers.append(i); }
+        Identifier& identifier(int index) { return m_identifiers[index]; }
 
-    size_t numberOfConstantRegisters() const { return m_constantRegisters.size(); }
-    unsigned addConstant(JSValue v)
-    {
-        unsigned result = m_constantRegisters.size();
-        m_constantRegisters.append(WriteBarrier<Unknown>());
-        m_constantRegisters.last().set(m_globalObject->vm(), m_ownerExecutable.get(), v);
-        return result;
-    }
+        size_t numberOfConstantRegisters() const { return m_constantRegisters.size(); }
+        unsigned addConstant(JSValue v)
+        {
+            unsigned result = m_constantRegisters.size();
+            m_constantRegisters.append(WriteBarrier<Unknown>());
+            m_constantRegisters.last().set(m_globalObject->vm(), m_ownerExecutable.get(), v);
+            return result;
+        }
 
 
-    unsigned addOrFindConstant(JSValue);
-    WriteBarrier<Unknown>& constantRegister(int index) { return m_constantRegisters[index - FirstConstantRegisterIndex]; }
-    ALWAYS_INLINE bool isConstantRegisterIndex(int index) const { return index >= FirstConstantRegisterIndex; }
-    ALWAYS_INLINE JSValue getConstant(int index) const { return m_constantRegisters[index - FirstConstantRegisterIndex].get(); }
+        unsigned addOrFindConstant(JSValue);
+        WriteBarrier<Unknown>& constantRegister(int index) { return m_constantRegisters[index - FirstConstantRegisterIndex]; }
+        ALWAYS_INLINE bool isConstantRegisterIndex(int index) const { return index >= FirstConstantRegisterIndex; }
+        ALWAYS_INLINE JSValue getConstant(int index) const { return m_constantRegisters[index - FirstConstantRegisterIndex].get(); }
 
-    FunctionExecutable* functionDecl(int index) { return m_functionDecls[index].get(); }
-    int numberOfFunctionDecls() { return m_functionDecls.size(); }
-    FunctionExecutable* functionExpr(int index) { return m_functionExprs[index].get(); }
+        FunctionExecutable* functionDecl(int index) { return m_functionDecls[index].get(); }
+        int numberOfFunctionDecls() { return m_functionDecls.size(); }
+        FunctionExecutable* functionExpr(int index) { return m_functionExprs[index].get(); }
 
-    RegExp* regexp(int index) const { return m_unlinkedCode->regexp(index); }
+        RegExp* regexp(int index) const { return m_unlinkedCode->regexp(index); }
 
-    unsigned numberOfConstantBuffers() const
-    {
-        if (!m_rareData)
-            return 0;
-        return m_rareData->m_constantBuffers.size();
-    }
-    unsigned addConstantBuffer(const Vector<JSValue>& buffer)
-    {
-        createRareDataIfNecessary();
-        unsigned size = m_rareData->m_constantBuffers.size();
-        m_rareData->m_constantBuffers.append(buffer);
-        return size;
-    }
+        unsigned numberOfConstantBuffers() const
+        {
+            if (!m_rareData)
+                return 0;
+            return m_rareData->m_constantBuffers.size();
+        }
+        unsigned addConstantBuffer(const Vector<JSValue>& buffer)
+        {
+            createRareDataIfNecessary();
+            unsigned size = m_rareData->m_constantBuffers.size();
+            m_rareData->m_constantBuffers.append(buffer);
+            return size;
+        }
 
-    Vector<JSValue>& constantBufferAsVector(unsigned index)
-    {
-        ASSERT(m_rareData);
-        return m_rareData->m_constantBuffers[index];
-    }
-    JSValue* constantBuffer(unsigned index)
-    {
-        return constantBufferAsVector(index).data();
-    }
+        Vector<JSValue>& constantBufferAsVector(unsigned index)
+        {
+            ASSERT(m_rareData);
+            return m_rareData->m_constantBuffers[index];
+        }
+        JSValue* constantBuffer(unsigned index)
+        {
+            return constantBufferAsVector(index).data();
+        }
 
-    JSGlobalObject* globalObject() { return m_globalObject.get(); }
-        
-    JSGlobalObject* globalObjectFor(CodeOrigin);
+        JSGlobalObject* globalObject() { return m_globalObject.get(); }
 
-    // Jump Tables
+        JSGlobalObject* globalObjectFor(CodeOrigin);
 
-    size_t numberOfImmediateSwitchJumpTables() const { return m_rareData ? m_rareData->m_immediateSwitchJumpTables.size() : 0; }
-    SimpleJumpTable& addImmediateSwitchJumpTable() { createRareDataIfNecessary(); m_rareData->m_immediateSwitchJumpTables.append(SimpleJumpTable()); return m_rareData->m_immediateSwitchJumpTables.last(); }
-    SimpleJumpTable& immediateSwitchJumpTable(int tableIndex) { RELEASE_ASSERT(m_rareData); return m_rareData->m_immediateSwitchJumpTables[tableIndex]; }
+        // Jump Tables
 
-    size_t numberOfCharacterSwitchJumpTables() const { return m_rareData ? m_rareData->m_characterSwitchJumpTables.size() : 0; }
-    SimpleJumpTable& addCharacterSwitchJumpTable() { createRareDataIfNecessary(); m_rareData->m_characterSwitchJumpTables.append(SimpleJumpTable()); return m_rareData->m_characterSwitchJumpTables.last(); }
-    SimpleJumpTable& characterSwitchJumpTable(int tableIndex) { RELEASE_ASSERT(m_rareData); return m_rareData->m_characterSwitchJumpTables[tableIndex]; }
+        size_t numberOfImmediateSwitchJumpTables() const { return m_rareData ? m_rareData->m_immediateSwitchJumpTables.size() : 0; }
+        SimpleJumpTable& addImmediateSwitchJumpTable() { createRareDataIfNecessary(); m_rareData->m_immediateSwitchJumpTables.append(SimpleJumpTable()); return m_rareData->m_immediateSwitchJumpTables.last(); }
+        SimpleJumpTable& immediateSwitchJumpTable(int tableIndex) { RELEASE_ASSERT(m_rareData); return m_rareData->m_immediateSwitchJumpTables[tableIndex]; }
 
-    size_t numberOfStringSwitchJumpTables() const { return m_rareData ? m_rareData->m_stringSwitchJumpTables.size() : 0; }
-    StringJumpTable& addStringSwitchJumpTable() { createRareDataIfNecessary(); m_rareData->m_stringSwitchJumpTables.append(StringJumpTable()); return m_rareData->m_stringSwitchJumpTables.last(); }
-    StringJumpTable& stringSwitchJumpTable(int tableIndex) { RELEASE_ASSERT(m_rareData); return m_rareData->m_stringSwitchJumpTables[tableIndex]; }
+        size_t numberOfCharacterSwitchJumpTables() const { return m_rareData ? m_rareData->m_characterSwitchJumpTables.size() : 0; }
+        SimpleJumpTable& addCharacterSwitchJumpTable() { createRareDataIfNecessary(); m_rareData->m_characterSwitchJumpTables.append(SimpleJumpTable()); return m_rareData->m_characterSwitchJumpTables.last(); }
+        SimpleJumpTable& characterSwitchJumpTable(int tableIndex) { RELEASE_ASSERT(m_rareData); return m_rareData->m_characterSwitchJumpTables[tableIndex]; }
 
+        size_t numberOfStringSwitchJumpTables() const { return m_rareData ? m_rareData->m_stringSwitchJumpTables.size() : 0; }
+        StringJumpTable& addStringSwitchJumpTable() { createRareDataIfNecessary(); m_rareData->m_stringSwitchJumpTables.append(StringJumpTable()); return m_rareData->m_stringSwitchJumpTables.last(); }
+        StringJumpTable& stringSwitchJumpTable(int tableIndex) { RELEASE_ASSERT(m_rareData); return m_rareData->m_stringSwitchJumpTables[tableIndex]; }
 
-    SharedSymbolTable* symbolTable() const { return m_unlinkedCode->symbolTable(); }
 
-    EvalCodeCache& evalCodeCache() { createRareDataIfNecessary(); return m_rareData->m_evalCodeCache; }
+        SharedSymbolTable* symbolTable() const { return m_unlinkedCode->symbolTable(); }
 
-    enum ShrinkMode {
-        // Shrink prior to generating machine code that may point directly into vectors.
-        EarlyShrink,
-            
-        // Shrink after generating machine code, and after possibly creating new vectors
-        // and appending to others. At this time it is not safe to shrink certain vectors
-        // because we would have generated machine code that references them directly.
-        LateShrink
-    };
-    void shrinkToFit(ShrinkMode);
-        
-    void copyPostParseDataFrom(CodeBlock* alternative);
-    void copyPostParseDataFromAlternative();
-        
-    // Functions for controlling when JITting kicks in, in a mixed mode
-    // execution world.
-        
-    bool checkIfJITThresholdReached()
-    {
-        return m_llintExecuteCounter.checkIfThresholdCrossedAndSet(this);
-    }
-        
-    void dontJITAnytimeSoon()
-    {
-        m_llintExecuteCounter.deferIndefinitely();
-    }
-        
-    void jitAfterWarmUp()
-    {
-        m_llintExecuteCounter.setNewThreshold(Options::thresholdForJITAfterWarmUp(), this);
-    }
-        
-    void jitSoon()
-    {
-        m_llintExecuteCounter.setNewThreshold(Options::thresholdForJITSoon(), this);
-    }
-        
-    const ExecutionCounter& llintExecuteCounter() const
-    {
-        return m_llintExecuteCounter;
-    }
-        
-    // Functions for controlling when tiered compilation kicks in. This
-    // controls both when the optimizing compiler is invoked and when OSR
-    // entry happens. Two triggers exist: the loop trigger and the return
-    // trigger. In either case, when an addition to m_jitExecuteCounter
-    // causes it to become non-negative, the optimizing compiler is
-    // invoked. This includes a fast check to see if this CodeBlock has
-    // already been optimized (i.e. replacement() returns a CodeBlock
-    // that was optimized with a higher tier JIT than this one). In the
-    // case of the loop trigger, if the optimized compilation succeeds
-    // (or has already succeeded in the past) then OSR is attempted to
-    // redirect program flow into the optimized code.
-        
-    // These functions are called from within the optimization triggers,
-    // and are used as a single point at which we define the heuristics
-    // for how much warm-up is mandated before the next optimization
-    // trigger files. All CodeBlocks start out with optimizeAfterWarmUp(),
-    // as this is called from the CodeBlock constructor.
-        
-    // When we observe a lot of speculation failures, we trigger a
-    // reoptimization. But each time, we increase the optimization trigger
-    // to avoid thrashing.
-    unsigned reoptimizationRetryCounter() const;
-    void countReoptimization();
+        EvalCodeCache& evalCodeCache() { createRareDataIfNecessary(); return m_rareData->m_evalCodeCache; }
 
-    int32_t codeTypeThresholdMultiplier() const;
-        
-    int32_t counterValueForOptimizeAfterWarmUp();
-    int32_t counterValueForOptimizeAfterLongWarmUp();
-    int32_t counterValueForOptimizeSoon();
-        
-    int32_t* addressOfJITExecuteCounter()
-    {
-        return &m_jitExecuteCounter.m_counter;
-    }
-        
-    static ptrdiff_t offsetOfJITExecuteCounter() { return OBJECT_OFFSETOF(CodeBlock, m_jitExecuteCounter) + OBJECT_OFFSETOF(ExecutionCounter, m_counter); }
-    static ptrdiff_t offsetOfJITExecutionActiveThreshold() { return OBJECT_OFFSETOF(CodeBlock, m_jitExecuteCounter) + OBJECT_OFFSETOF(ExecutionCounter, m_activeThreshold); }
-    static ptrdiff_t offsetOfJITExecutionTotalCount() { return OBJECT_OFFSETOF(CodeBlock, m_jitExecuteCounter) + OBJECT_OFFSETOF(ExecutionCounter, m_totalCount); }
+        enum ShrinkMode {
+            // Shrink prior to generating machine code that may point directly into vectors.
+            EarlyShrink,
 
-    const ExecutionCounter& jitExecuteCounter() const { return m_jitExecuteCounter; }
-        
-    unsigned optimizationDelayCounter() const { return m_optimizationDelayCounter; }
-        
-    // Check if the optimization threshold has been reached, and if not,
-    // adjust the heuristics accordingly. Returns true if the threshold has
-    // been reached.
-    bool checkIfOptimizationThresholdReached();
-        
-    // Call this to force the next optimization trigger to fire. This is
-    // rarely wise, since optimization triggers are typically more
-    // expensive than executing baseline code.
-    void optimizeNextInvocation();
-        
-    // Call this to prevent optimization from happening again. Note that
-    // optimization will still happen after roughly 2^29 invocations,
-    // so this is really meant to delay that as much as possible. This
-    // is called if optimization failed, and we expect it to fail in
-    // the future as well.
-    void dontOptimizeAnytimeSoon();
-        
-    // Call this to reinitialize the counter to its starting state,
-    // forcing a warm-up to happen before the next optimization trigger
-    // fires. This is called in the CodeBlock constructor. It also
-    // makes sense to call this if an OSR exit occurred. Note that
-    // OSR exit code is code generated, so the value of the execute
-    // counter that this corresponds to is also available directly.
-    void optimizeAfterWarmUp();
-        
-    // Call this to force an optimization trigger to fire only after
-    // a lot of warm-up.
-    void optimizeAfterLongWarmUp();
-        
-    // Call this to cause an optimization trigger to fire soon, but
-    // not necessarily the next one. This makes sense if optimization
-    // succeeds. Successfuly optimization means that all calls are
-    // relinked to the optimized code, so this only affects call
-    // frames that are still executing this CodeBlock. The value here
-    // is tuned to strike a balance between the cost of OSR entry
-    // (which is too high to warrant making every loop back edge to
-    // trigger OSR immediately) and the cost of executing baseline
-    // code (which is high enough that we don't necessarily want to
-    // have a full warm-up). The intuition for calling this instead of
-    // optimizeNextInvocation() is for the case of recursive functions
-    // with loops. Consider that there may be N call frames of some
-    // recursive function, for a reasonably large value of N. The top
-    // one triggers optimization, and then returns, and then all of
-    // the others return. We don't want optimization to be triggered on
-    // each return, as that would be superfluous. It only makes sense
-    // to trigger optimization if one of those functions becomes hot
-    // in the baseline code.
-    void optimizeSoon();
-        
-    uint32_t osrExitCounter() const { return m_osrExitCounter; }
-        
-    void countOSRExit() { m_osrExitCounter++; }
-        
-    uint32_t* addressOfOSRExitCounter() { return &m_osrExitCounter; }
-        
-    static ptrdiff_t offsetOfOSRExitCounter() { return OBJECT_OFFSETOF(CodeBlock, m_osrExitCounter); }
+            // Shrink after generating machine code, and after possibly creating new vectors
+            // and appending to others. At this time it is not safe to shrink certain vectors
+            // because we would have generated machine code that references them directly.
+            LateShrink
+        };
+        void shrinkToFit(ShrinkMode);
+
+        void copyPostParseDataFrom(CodeBlock* alternative);
+        void copyPostParseDataFromAlternative();
+
+        // Functions for controlling when JITting kicks in, in a mixed mode
+        // execution world.
+
+        bool checkIfJITThresholdReached()
+        {
+            return m_llintExecuteCounter.checkIfThresholdCrossedAndSet(this);
+        }
+
+        void dontJITAnytimeSoon()
+        {
+            m_llintExecuteCounter.deferIndefinitely();
+        }
+
+        void jitAfterWarmUp()
+        {
+            m_llintExecuteCounter.setNewThreshold(Options::thresholdForJITAfterWarmUp(), this);
+        }
+
+        void jitSoon()
+        {
+            m_llintExecuteCounter.setNewThreshold(Options::thresholdForJITSoon(), this);
+        }
+
+        const ExecutionCounter& llintExecuteCounter() const
+        {
+            return m_llintExecuteCounter;
+        }
+
+        // Functions for controlling when tiered compilation kicks in. This
+        // controls both when the optimizing compiler is invoked and when OSR
+        // entry happens. Two triggers exist: the loop trigger and the return
+        // trigger. In either case, when an addition to m_jitExecuteCounter
+        // causes it to become non-negative, the optimizing compiler is
+        // invoked. This includes a fast check to see if this CodeBlock has
+        // already been optimized (i.e. replacement() returns a CodeBlock
+        // that was optimized with a higher tier JIT than this one). In the
+        // case of the loop trigger, if the optimized compilation succeeds
+        // (or has already succeeded in the past) then OSR is attempted to
+        // redirect program flow into the optimized code.
+
+        // These functions are called from within the optimization triggers,
+        // and are used as a single point at which we define the heuristics
+        // for how much warm-up is mandated before the next optimization
+        // trigger files. All CodeBlocks start out with optimizeAfterWarmUp(),
+        // as this is called from the CodeBlock constructor.
+
+        // When we observe a lot of speculation failures, we trigger a
+        // reoptimization. But each time, we increase the optimization trigger
+        // to avoid thrashing.
+        unsigned reoptimizationRetryCounter() const;
+        void countReoptimization();
+
+        int32_t codeTypeThresholdMultiplier() const;
+
+        int32_t counterValueForOptimizeAfterWarmUp();
+        int32_t counterValueForOptimizeAfterLongWarmUp();
+        int32_t counterValueForOptimizeSoon();
+
+        int32_t* addressOfJITExecuteCounter()
+        {
+            return &m_jitExecuteCounter.m_counter;
+        }
+
+        static ptrdiff_t offsetOfJITExecuteCounter() { return OBJECT_OFFSETOF(CodeBlock, m_jitExecuteCounter) + OBJECT_OFFSETOF(ExecutionCounter, m_counter); }
+        static ptrdiff_t offsetOfJITExecutionActiveThreshold() { return OBJECT_OFFSETOF(CodeBlock, m_jitExecuteCounter) + OBJECT_OFFSETOF(ExecutionCounter, m_activeThreshold); }
+        static ptrdiff_t offsetOfJITExecutionTotalCount() { return OBJECT_OFFSETOF(CodeBlock, m_jitExecuteCounter) + OBJECT_OFFSETOF(ExecutionCounter, m_totalCount); }
+
+        const ExecutionCounter& jitExecuteCounter() const { return m_jitExecuteCounter; }
+
+        unsigned optimizationDelayCounter() const { return m_optimizationDelayCounter; }
+
+        // Check if the optimization threshold has been reached, and if not,
+        // adjust the heuristics accordingly. Returns true if the threshold has
+        // been reached.
+        bool checkIfOptimizationThresholdReached();
+
+        // Call this to force the next optimization trigger to fire. This is
+        // rarely wise, since optimization triggers are typically more
+        // expensive than executing baseline code.
+        void optimizeNextInvocation();
+
+        // Call this to prevent optimization from happening again. Note that
+        // optimization will still happen after roughly 2^29 invocations,
+        // so this is really meant to delay that as much as possible. This
+        // is called if optimization failed, and we expect it to fail in
+        // the future as well.
+        void dontOptimizeAnytimeSoon();
+
+        // Call this to reinitialize the counter to its starting state,
+        // forcing a warm-up to happen before the next optimization trigger
+        // fires. This is called in the CodeBlock constructor. It also
+        // makes sense to call this if an OSR exit occurred. Note that
+        // OSR exit code is code generated, so the value of the execute
+        // counter that this corresponds to is also available directly.
+        void optimizeAfterWarmUp();
+
+        // Call this to force an optimization trigger to fire only after
+        // a lot of warm-up.
+        void optimizeAfterLongWarmUp();
+
+        // Call this to cause an optimization trigger to fire soon, but
+        // not necessarily the next one. This makes sense if optimization
+        // succeeds. Successfuly optimization means that all calls are
+        // relinked to the optimized code, so this only affects call
+        // frames that are still executing this CodeBlock. The value here
+        // is tuned to strike a balance between the cost of OSR entry
+        // (which is too high to warrant making every loop back edge to
+        // trigger OSR immediately) and the cost of executing baseline
+        // code (which is high enough that we don't necessarily want to
+        // have a full warm-up). The intuition for calling this instead of
+        // optimizeNextInvocation() is for the case of recursive functions
+        // with loops. Consider that there may be N call frames of some
+        // recursive function, for a reasonably large value of N. The top
+        // one triggers optimization, and then returns, and then all of
+        // the others return. We don't want optimization to be triggered on
+        // each return, as that would be superfluous. It only makes sense
+        // to trigger optimization if one of those functions becomes hot
+        // in the baseline code.
+        void optimizeSoon();
+
+        uint32_t osrExitCounter() const { return m_osrExitCounter; }
+
+        void countOSRExit() { m_osrExitCounter++; }
+
+        uint32_t* addressOfOSRExitCounter() { return &m_osrExitCounter; }
+
+        static ptrdiff_t offsetOfOSRExitCounter() { return OBJECT_OFFSETOF(CodeBlock, m_osrExitCounter); }
 
 #if ENABLE(JIT)
-    uint32_t adjustedExitCountThreshold(uint32_t desiredThreshold);
-    uint32_t exitCountThresholdForReoptimization();
-    uint32_t exitCountThresholdForReoptimizationFromLoop();
-    bool shouldReoptimizeNow();
-    bool shouldReoptimizeFromLoopNow();
+        uint32_t adjustedExitCountThreshold(uint32_t desiredThreshold);
+        uint32_t exitCountThresholdForReoptimization();
+        uint32_t exitCountThresholdForReoptimizationFromLoop();
+        bool shouldReoptimizeNow();
+        bool shouldReoptimizeFromLoopNow();
 #endif
 
 #if ENABLE(VALUE_PROFILER)
-    bool shouldOptimizeNow();
-    void updateAllValueProfilePredictions(OperationInProgress = NoOperation);
-    void updateAllArrayPredictions(OperationInProgress = NoOperation);
-    void updateAllPredictions(OperationInProgress = NoOperation);
+        bool shouldOptimizeNow();
+        void updateAllValueProfilePredictions(OperationInProgress = NoOperation);
+        void updateAllArrayPredictions(OperationInProgress = NoOperation);
+        void updateAllPredictions(OperationInProgress = NoOperation);
 #else
-    bool shouldOptimizeNow() { return false; }
-    void updateAllValueProfilePredictions(OperationInProgress = NoOperation) { }
-    void updateAllArrayPredictions(OperationInProgress = NoOperation) { }
-    void updateAllPredictions(OperationInProgress = NoOperation) { }
+        bool shouldOptimizeNow() { return false; }
+        void updateAllValueProfilePredictions(OperationInProgress = NoOperation) { }
+        void updateAllArrayPredictions(OperationInProgress = NoOperation) { }
+        void updateAllPredictions(OperationInProgress = NoOperation) { }
 #endif
-        
+
 #if ENABLE(JIT)
-    void reoptimize();
+        void reoptimize();
 #endif
 
 #if ENABLE(VERBOSE_VALUE_PROFILE)
-    void dumpValueProfiles();
+        void dumpValueProfiles();
 #endif
-        
-    // FIXME: Make these remaining members private.
 
-    int m_numCalleeRegisters;
-    int m_numVars;
-    bool m_isConstructor;
+        // FIXME: Make these remaining members private.
+
+        int m_numCalleeRegisters;
+        int m_numVars;
+        bool m_isConstructor;
 
-protected:
+    protected:
 #if ENABLE(JIT)
-    virtual bool jitCompileImpl(ExecState*) = 0;
-    virtual void jettisonImpl() = 0;
+        virtual bool jitCompileImpl(ExecState*) = 0;
+        virtual void jettisonImpl() = 0;
 #endif
-    virtual void visitWeakReferences(SlotVisitor&);
-    virtual void finalizeUnconditionally();
+        virtual void visitWeakReferences(SlotVisitor&);
+        virtual void finalizeUnconditionally();
 
 #if ENABLE(DFG_JIT)
-    void tallyFrequentExitSites();
+        void tallyFrequentExitSites();
 #else
-    void tallyFrequentExitSites() { }
+        void tallyFrequentExitSites() { }
 #endif
 
-private:
-    friend class DFGCodeBlocks;
-        
-    double optimizationThresholdScalingFactor();
+    private:
+        friend class DFGCodeBlocks;
+
+        double optimizationThresholdScalingFactor();
 
 #if ENABLE(JIT)
-    ClosureCallStubRoutine* findClosureCallForReturnPC(ReturnAddressPtr);
+        ClosureCallStubRoutine* findClosureCallForReturnPC(ReturnAddressPtr);
 #endif
-        
+
 #if ENABLE(VALUE_PROFILER)
-    void updateAllPredictionsAndCountLiveness(OperationInProgress, unsigned& numberOfLiveNonArgumentValueProfiles, unsigned& numberOfSamplesInProfiles);
+        void updateAllPredictionsAndCountLiveness(OperationInProgress, unsigned& numberOfLiveNonArgumentValueProfiles, unsigned& numberOfSamplesInProfiles);
 #endif
 
-    void setIdentifiers(const Vector<Identifier>& identifiers)
-    {
-        RELEASE_ASSERT(m_identifiers.isEmpty());
-        m_identifiers.appendVector(identifiers);
-    }
+        void setIdentifiers(const Vector<Identifier>& identifiers)
+        {
+            RELEASE_ASSERT(m_identifiers.isEmpty());
+            m_identifiers.appendVector(identifiers);
+        }
 
-    void setConstantRegisters(const Vector<WriteBarrier<Unknown> >& constants)
-    {
-        size_t count = constants.size();
-        m_constantRegisters.resize(count);
-        for (size_t i = 0; i < count; i++)
-            m_constantRegisters[i].set(*m_vm, ownerExecutable(), constants[i].get());
-    }
+        void setConstantRegisters(const Vector<WriteBarrier<Unknown> >& constants)
+        {
+            size_t count = constants.size();
+            m_constantRegisters.resize(count);
+            for (size_t i = 0; i < count; i++)
+                m_constantRegisters[i].set(*m_vm, ownerExecutable(), constants[i].get());
+        }
 
-    void dumpBytecode(PrintStream&, ExecState*, const Instruction* begin, const Instruction*&);
-
-    CString registerName(ExecState*, int r) const;
-    void printUnaryOp(PrintStream&, ExecState*, int location, const Instruction*&, const char* op);
-    void printBinaryOp(PrintStream&, ExecState*, int location, const Instruction*&, const char* op);
-    void printConditionalJump(PrintStream&, ExecState*, const Instruction*, const Instruction*&, int location, const char* op);
-    void printGetByIdOp(PrintStream&, ExecState*, int location, const Instruction*&);
-    void printGetByIdCacheStatus(PrintStream&, ExecState*, int location);
-    enum CacheDumpMode { DumpCaches, DontDumpCaches };
-    void printCallOp(PrintStream&, ExecState*, int location, const Instruction*&, const char* op, CacheDumpMode);
-    void printPutByIdOp(PrintStream&, ExecState*, int location, const Instruction*&, const char* op);
-    void beginDumpProfiling(PrintStream&, bool& hasPrintedProfiling);
-    void dumpValueProfiling(PrintStream&, const Instruction*&, bool& hasPrintedProfiling);
-    void dumpArrayProfiling(PrintStream&, const Instruction*&, bool& hasPrintedProfiling);
+        void dumpBytecode(PrintStream&, ExecState*, const Instruction* begin, const Instruction*&);
+
+        CString registerName(ExecState*, int r) const;
+        void printUnaryOp(PrintStream&, ExecState*, int location, const Instruction*&, const char* op);
+        void printBinaryOp(PrintStream&, ExecState*, int location, const Instruction*&, const char* op);
+        void printConditionalJump(PrintStream&, ExecState*, const Instruction*, const Instruction*&, int location, const char* op);
+        void printGetByIdOp(PrintStream&, ExecState*, int location, const Instruction*&);
+        void printGetByIdCacheStatus(PrintStream&, ExecState*, int location);
+        enum CacheDumpMode { DumpCaches, DontDumpCaches };
+        void printCallOp(PrintStream&, ExecState*, int location, const Instruction*&, const char* op, CacheDumpMode);
+        void printPutByIdOp(PrintStream&, ExecState*, int location, const Instruction*&, const char* op);
+        void beginDumpProfiling(PrintStream&, bool& hasPrintedProfiling);
+        void dumpValueProfiling(PrintStream&, const Instruction*&, bool& hasPrintedProfiling);
+        void dumpArrayProfiling(PrintStream&, const Instruction*&, bool& hasPrintedProfiling);
 #if ENABLE(VALUE_PROFILER)
-    void dumpRareCaseProfile(PrintStream&, const char* name, RareCaseProfile*, bool& hasPrintedProfiling);
+        void dumpRareCaseProfile(PrintStream&, const char* name, RareCaseProfile*, bool& hasPrintedProfiling);
 #endif
 
-    void visitStructures(SlotVisitor&, Instruction* vPC);
-        
+        void visitStructures(SlotVisitor&, Instruction* vPC);
+
 #if ENABLE(DFG_JIT)
-    bool shouldImmediatelyAssumeLivenessDuringScan()
-    {
-        // Null m_dfgData means that this is a baseline JIT CodeBlock. Baseline JIT
-        // CodeBlocks don't need to be jettisoned when their weak references go
-        // stale. So if a basline JIT CodeBlock gets scanned, we can assume that
-        // this means that it's live.
-        if (!JITCode::isOptimizingJIT(getJITType()))
-            return true;
-            
-        // For simplicity, we don't attempt to jettison code blocks during GC if
-        // they are executing. Instead we strongly mark their weak references to
-        // allow them to continue to execute soundly.
-        if (m_jitCode->dfgCommon()->mayBeExecuting)
-            return true;
-            
-        if (Options::forceDFGCodeBlockLiveness())
-            return true;
-
-        return false;
-    }
+        bool shouldImmediatelyAssumeLivenessDuringScan()
+        {
+            // Null m_dfgData means that this is a baseline JIT CodeBlock. Baseline JIT
+            // CodeBlocks don't need to be jettisoned when their weak references go
+            // stale. So if a basline JIT CodeBlock gets scanned, we can assume that
+            // this means that it's live.
+            if (!JITCode::isOptimizingJIT(getJITType()))
+                return true;
+
+            // For simplicity, we don't attempt to jettison code blocks during GC if
+            // they are executing. Instead we strongly mark their weak references to
+            // allow them to continue to execute soundly.
+            if (m_jitCode->dfgCommon()->mayBeExecuting)
+                return true;
+
+            if (Options::forceDFGCodeBlockLiveness())
+                return true;
+
+            return false;
+        }
 #else
-    bool shouldImmediatelyAssumeLivenessDuringScan() { return true; }
+        bool shouldImmediatelyAssumeLivenessDuringScan() { return true; }
 #endif
-        
-    void performTracingFixpointIteration(SlotVisitor&);
-        
-    void stronglyVisitStrongReferences(SlotVisitor&);
-    void stronglyVisitWeakReferences(SlotVisitor&);
 
-    void createRareDataIfNecessary()
-    {
-        if (!m_rareData)
-            m_rareData = adoptPtr(new RareData);
-    }
+        void performTracingFixpointIteration(SlotVisitor&);
+
+        void stronglyVisitStrongReferences(SlotVisitor&);
+        void stronglyVisitWeakReferences(SlotVisitor&);
+
+        void createRareDataIfNecessary()
+        {
+            if (!m_rareData)
+                m_rareData = adoptPtr(new RareData);
+        }
 
 #if ENABLE(JIT)
-    void resetStubInternal(RepatchBuffer&, StructureStubInfo&);
-    void resetStubDuringGCInternal(RepatchBuffer&, StructureStubInfo&);
+        void resetStubInternal(RepatchBuffer&, StructureStubInfo&);
+        void resetStubDuringGCInternal(RepatchBuffer&, StructureStubInfo&);
 #endif
-    WriteBarrier<UnlinkedCodeBlock> m_unlinkedCode;
-    int m_numParameters;
-    WriteBarrier<ScriptExecutable> m_ownerExecutable;
-    VM* m_vm;
+        WriteBarrier<UnlinkedCodeBlock> m_unlinkedCode;
+        int m_numParameters;
+        WriteBarrier<ScriptExecutable> m_ownerExecutable;
+        VM* m_vm;
 
-    RefCountedArray<Instruction> m_instructions;
-    int m_thisRegister;
-    int m_argumentsRegister;
-    int m_activationRegister;
+        RefCountedArray<Instruction> m_instructions;
+        int m_thisRegister;
+        int m_argumentsRegister;
+        int m_activationRegister;
 
-    bool m_isStrictMode;
-    bool m_needsActivation;
+        bool m_isStrictMode;
+        bool m_needsActivation;
 
-    RefPtr<SourceProvider> m_source;
-    unsigned m_sourceOffset;
-    unsigned m_firstLineColumnOffset;
-    unsigned m_codeType;
+        RefPtr<SourceProvider> m_source;
+        unsigned m_sourceOffset;
+        unsigned m_firstLineColumnOffset;
+        unsigned m_codeType;
 
 #if ENABLE(LLINT)
-    SegmentedVector<LLIntCallLinkInfo, 8> m_llintCallLinkInfos;
-    SentinelLinkedList<LLIntCallLinkInfo, BasicRawSentinelNode<LLIntCallLinkInfo> > m_incomingLLIntCalls;
+        SegmentedVector<LLIntCallLinkInfo, 8> m_llintCallLinkInfos;
+        SentinelLinkedList<LLIntCallLinkInfo, BasicRawSentinelNode<LLIntCallLinkInfo> > m_incomingLLIntCalls;
 #endif
 #if ENABLE(JIT)
-    Vector<StructureStubInfo> m_structureStubInfos;
-    Vector<ByValInfo> m_byValInfos;
-    Vector<CallLinkInfo> m_callLinkInfos;
-    RefPtr<JITCode> m_jitCode;
-    MacroAssemblerCodePtr m_jitCodeWithArityCheck;
-    SentinelLinkedList<CallLinkInfo, BasicRawSentinelNode<CallLinkInfo> > m_incomingCalls;
+        Vector<StructureStubInfo> m_structureStubInfos;
+        Vector<ByValInfo> m_byValInfos;
+        Vector<CallLinkInfo> m_callLinkInfos;
+        RefPtr<JITCode> m_jitCode;
+        MacroAssemblerCodePtr m_jitCodeWithArityCheck;
+        SentinelLinkedList<CallLinkInfo, BasicRawSentinelNode<CallLinkInfo> > m_incomingCalls;
 #endif
 #if ENABLE(DFG_JIT) || ENABLE(LLINT)
-    OwnPtr<CompactJITCodeMap> m_jitCodeMap;
+        OwnPtr<CompactJITCodeMap> m_jitCodeMap;
 #endif
 #if ENABLE(DFG_JIT)
-    // This is relevant to non-DFG code blocks that serve as the profiled code block
-    // for DFG code blocks.
-    DFG::ExitProfile m_exitProfile;
-    CompressedLazyOperandValueProfileHolder m_lazyOperandValueProfiles;
+        // This is relevant to non-DFG code blocks that serve as the profiled code block
+        // for DFG code blocks.
+        DFG::ExitProfile m_exitProfile;
+        CompressedLazyOperandValueProfileHolder m_lazyOperandValueProfiles;
 #endif
 #if ENABLE(VALUE_PROFILER)
-    Vector<ValueProfile> m_argumentValueProfiles;
-    SegmentedVector<ValueProfile, 8> m_valueProfiles;
-    SegmentedVector<RareCaseProfile, 8> m_rareCaseProfiles;
-    SegmentedVector<RareCaseProfile, 8> m_specialFastCaseProfiles;
-    SegmentedVector<ArrayAllocationProfile, 8> m_arrayAllocationProfiles;
-    ArrayProfileVector m_arrayProfiles;
+        Vector<ValueProfile> m_argumentValueProfiles;
+        SegmentedVector<ValueProfile, 8> m_valueProfiles;
+        SegmentedVector<RareCaseProfile, 8> m_rareCaseProfiles;
+        SegmentedVector<RareCaseProfile, 8> m_specialFastCaseProfiles;
+        SegmentedVector<ArrayAllocationProfile, 8> m_arrayAllocationProfiles;
+        ArrayProfileVector m_arrayProfiles;
 #endif
-    SegmentedVector<ObjectAllocationProfile, 8> m_objectAllocationProfiles;
-
-    // Constant Pool
-    Vector<Identifier> m_identifiers;
-    COMPILE_ASSERT(sizeof(Register) == sizeof(WriteBarrier<Unknown>), Register_must_be_same_size_as_WriteBarrier_Unknown);
-    // TODO: This could just be a pointer to m_unlinkedCodeBlock's data, but the DFG mutates
-    // it, so we're stuck with it for now.
-    Vector<WriteBarrier<Unknown> > m_constantRegisters;
-    Vector<WriteBarrier<FunctionExecutable> > m_functionDecls;
-    Vector<WriteBarrier<FunctionExecutable> > m_functionExprs;
-
-    OwnPtr<CodeBlock> m_alternative;
-        
-    ExecutionCounter m_llintExecuteCounter;
-        
-    ExecutionCounter m_jitExecuteCounter;
-    int32_t m_totalJITExecutions;
-    uint32_t m_osrExitCounter;
-    uint16_t m_optimizationDelayCounter;
-    uint16_t m_reoptimizationRetryCounter;
+        SegmentedVector<ObjectAllocationProfile, 8> m_objectAllocationProfiles;
 
-    Vector<ResolveOperations> m_resolveOperations;
-    Vector<PutToBaseOperation, 1> m_putToBaseOperations;
+        // Constant Pool
+        Vector<Identifier> m_identifiers;
+        COMPILE_ASSERT(sizeof(Register) == sizeof(WriteBarrier<Unknown>), Register_must_be_same_size_as_WriteBarrier_Unknown);
+        // TODO: This could just be a pointer to m_unlinkedCodeBlock's data, but the DFG mutates
+        // it, so we're stuck with it for now.
+        Vector<WriteBarrier<Unknown> > m_constantRegisters;
+        Vector<WriteBarrier<FunctionExecutable> > m_functionDecls;
+        Vector<WriteBarrier<FunctionExecutable> > m_functionExprs;
 
-    struct RareData {
-        WTF_MAKE_FAST_ALLOCATED;
-    public:
-        Vector<HandlerInfo> m_exceptionHandlers;
+        OwnPtr<CodeBlock> m_alternative;
 
-        // Buffers used for large array literals
-        Vector<Vector<JSValue> > m_constantBuffers;
-            
-        // Jump Tables
-        Vector<SimpleJumpTable> m_immediateSwitchJumpTables;
-        Vector<SimpleJumpTable> m_characterSwitchJumpTables;
-        Vector<StringJumpTable> m_stringSwitchJumpTables;
+        ExecutionCounter m_llintExecuteCounter;
+
+        ExecutionCounter m_jitExecuteCounter;
+        int32_t m_totalJITExecutions;
+        uint32_t m_osrExitCounter;
+        uint16_t m_optimizationDelayCounter;
+        uint16_t m_reoptimizationRetryCounter;
+
+        Vector<ResolveOperations> m_resolveOperations;
+        Vector<PutToBaseOperation, 1> m_putToBaseOperations;
+
+        struct RareData {
+            WTF_MAKE_FAST_ALLOCATED;
+        public:
+            Vector<HandlerInfo> m_exceptionHandlers;
 
-        EvalCodeCache m_evalCodeCache;
+            // Buffers used for large array literals
+            Vector<Vector<JSValue> > m_constantBuffers;
+
+            // Jump Tables
+            Vector<SimpleJumpTable> m_immediateSwitchJumpTables;
+            Vector<SimpleJumpTable> m_characterSwitchJumpTables;
+            Vector<StringJumpTable> m_stringSwitchJumpTables;
+
+            EvalCodeCache m_evalCodeCache;
 
 #if ENABLE(JIT)
-        Vector<CallReturnOffsetToBytecodeOffset, 0, UnsafeVectorOverflow> m_callReturnIndexVector;
+            Vector<CallReturnOffsetToBytecodeOffset, 0, UnsafeVectorOverflow> m_callReturnIndexVector;
 #endif
 #if ENABLE(DFG_JIT)
-        SegmentedVector<InlineCallFrame, 4> m_inlineCallFrames;
-        Vector<CodeOriginAtCallReturnOffset, 0, UnsafeVectorOverflow> m_codeOrigins;
+            SegmentedVector<InlineCallFrame, 4> m_inlineCallFrames;
+            Vector<CodeOriginAtCallReturnOffset, 0, UnsafeVectorOverflow> m_codeOrigins;
 #endif
-    };
+        };
 #if COMPILER(MSVC)
-    friend void WTF::deleteOwnedPtr<RareData>(RareData*);
+        friend void WTF::deleteOwnedPtr<RareData>(RareData*);
 #endif
-    OwnPtr<RareData> m_rareData;
+        OwnPtr<RareData> m_rareData;
 #if ENABLE(JIT)
-    DFG::CapabilityLevel m_canCompileWithDFGState;
+        DFG::CapabilityLevel m_canCompileWithDFGState;
 #endif
-};
+    };
 
-// Program code is not marked by any function, so we make the global object
-// responsible for marking it.
+    // Program code is not marked by any function, so we make the global object
+    // responsible for marking it.
 
-class GlobalCodeBlock : public CodeBlock {
-protected:
-    GlobalCodeBlock(CopyParsedBlockTag, GlobalCodeBlock& other)
+    class GlobalCodeBlock : public CodeBlock {
+    protected:
+        GlobalCodeBlock(CopyParsedBlockTag, GlobalCodeBlock& other)
         : CodeBlock(CopyParsedBlock, other)
-    {
-    }
-        
-    GlobalCodeBlock(ScriptExecutable* ownerExecutable, UnlinkedCodeBlock* unlinkedCodeBlock, JSGlobalObject* globalObject, unsigned baseScopeDepth, PassRefPtr<SourceProvider> sourceProvider, unsigned sourceOffset, unsigned firstLineColumnOffset, PassOwnPtr<CodeBlock> alternative)
+        {
+        }
+
+        GlobalCodeBlock(ScriptExecutable* ownerExecutable, UnlinkedCodeBlock* unlinkedCodeBlock, JSGlobalObject* globalObject, unsigned baseScopeDepth, PassRefPtr<SourceProvider> sourceProvider, unsigned sourceOffset, unsigned firstLineColumnOffset, PassOwnPtr<CodeBlock> alternative)
         : CodeBlock(ownerExecutable, unlinkedCodeBlock, globalObject, baseScopeDepth, sourceProvider, sourceOffset, firstLineColumnOffset, alternative)
-    {
-    }
-};
+        {
+        }
+    };
 
-class ProgramCodeBlock : public GlobalCodeBlock {
-public:
-    ProgramCodeBlock(CopyParsedBlockTag, ProgramCodeBlock& other)
+    class ProgramCodeBlock : public GlobalCodeBlock {
+    public:
+        ProgramCodeBlock(CopyParsedBlockTag, ProgramCodeBlock& other)
         : GlobalCodeBlock(CopyParsedBlock, other)
-    {
-    }
+        {
+        }
 
-    ProgramCodeBlock(ProgramExecutable* ownerExecutable, UnlinkedProgramCodeBlock* unlinkedCodeBlock, JSGlobalObject* globalObject, PassRefPtr<SourceProvider> sourceProvider, unsigned firstLineColumnOffset, PassOwnPtr<CodeBlock> alternative)
+        ProgramCodeBlock(ProgramExecutable* ownerExecutable, UnlinkedProgramCodeBlock* unlinkedCodeBlock, JSGlobalObject* globalObject, PassRefPtr<SourceProvider> sourceProvider, unsigned firstLineColumnOffset, PassOwnPtr<CodeBlock> alternative)
         : GlobalCodeBlock(ownerExecutable, unlinkedCodeBlock, globalObject, 0, sourceProvider, 0, firstLineColumnOffset, alternative)
-    {
-    }
+        {
+        }
 
 #if ENABLE(JIT)
-protected:
-    virtual JSObject* compileOptimized(ExecState*, JSScope*, unsigned bytecodeIndex);
-    virtual void jettisonImpl();
-    virtual bool jitCompileImpl(ExecState*);
-    virtual CodeBlock* replacement();
-    virtual DFG::CapabilityLevel canCompileWithDFGInternal();
+    protected:
+        virtual JSObject* compileOptimized(ExecState*, JSScope*, unsigned bytecodeIndex);
+        virtual void jettisonImpl();
+        virtual bool jitCompileImpl(ExecState*);
+        virtual CodeBlock* replacement();
+        virtual DFG::CapabilityLevel canCompileWithDFGInternal();
 #endif
-};
+    };
 
-class EvalCodeBlock : public GlobalCodeBlock {
-public:
-    EvalCodeBlock(CopyParsedBlockTag, EvalCodeBlock& other)
+    class EvalCodeBlock : public GlobalCodeBlock {
+    public:
+        EvalCodeBlock(CopyParsedBlockTag, EvalCodeBlock& other)
         : GlobalCodeBlock(CopyParsedBlock, other)
-    {
-    }
+        {
+        }
         
-    EvalCodeBlock(EvalExecutable* ownerExecutable, UnlinkedEvalCodeBlock* unlinkedCodeBlock, JSGlobalObject* globalObject, PassRefPtr<SourceProvider> sourceProvider, int baseScopeDepth, PassOwnPtr<CodeBlock> alternative)
+        EvalCodeBlock(EvalExecutable* ownerExecutable, UnlinkedEvalCodeBlock* unlinkedCodeBlock, JSGlobalObject* globalObject, PassRefPtr<SourceProvider> sourceProvider, int baseScopeDepth, PassOwnPtr<CodeBlock> alternative)
         : GlobalCodeBlock(ownerExecutable, unlinkedCodeBlock, globalObject, baseScopeDepth, sourceProvider, 0, 1, alternative)
-    {
-    }
-
-    const Identifier& variable(unsigned index) { return unlinkedEvalCodeBlock()->variable(index); }
-    unsigned numVariables() { return unlinkedEvalCodeBlock()->numVariables(); }
+        {
+        }
+        
+        const Identifier& variable(unsigned index) { return unlinkedEvalCodeBlock()->variable(index); }
+        unsigned numVariables() { return unlinkedEvalCodeBlock()->numVariables(); }
         
 #if ENABLE(JIT)
-protected:
-    virtual JSObject* compileOptimized(ExecState*, JSScope*, unsigned bytecodeIndex);
-    virtual void jettisonImpl();
-    virtual bool jitCompileImpl(ExecState*);
-    virtual CodeBlock* replacement();
-    virtual DFG::CapabilityLevel canCompileWithDFGInternal();
+    protected:
+        virtual JSObject* compileOptimized(ExecState*, JSScope*, unsigned bytecodeIndex);
+        virtual void jettisonImpl();
+        virtual bool jitCompileImpl(ExecState*);
+        virtual CodeBlock* replacement();
+        virtual DFG::CapabilityLevel canCompileWithDFGInternal();
 #endif
-
-private:
-    UnlinkedEvalCodeBlock* unlinkedEvalCodeBlock() const { return jsCast<UnlinkedEvalCodeBlock*>(unlinkedCodeBlock()); }
-};
-
-class FunctionCodeBlock : public CodeBlock {
-public:
-    FunctionCodeBlock(CopyParsedBlockTag, FunctionCodeBlock& other)
+        
+    private:
+        UnlinkedEvalCodeBlock* unlinkedEvalCodeBlock() const { return jsCast<UnlinkedEvalCodeBlock*>(unlinkedCodeBlock()); }
+    };
+    
+    class FunctionCodeBlock : public CodeBlock {
+    public:
+        FunctionCodeBlock(CopyParsedBlockTag, FunctionCodeBlock& other)
         : CodeBlock(CopyParsedBlock, other)
+        {
+        }
+        
+        FunctionCodeBlock(FunctionExecutable* ownerExecutable, UnlinkedFunctionCodeBlock* unlinkedCodeBlock, JSGlobalObject* globalObject, PassRefPtr<SourceProvider> sourceProvider, unsigned sourceOffset, unsigned firstLineColumnOffset, PassOwnPtr<CodeBlock> alternative = nullptr)
+        : CodeBlock(ownerExecutable, unlinkedCodeBlock, globalObject, 0, sourceProvider, sourceOffset, firstLineColumnOffset, alternative)
+        {
+        }
+        
+#if ENABLE(JIT)
+    protected:
+        virtual JSObject* compileOptimized(ExecState*, JSScope*, unsigned bytecodeIndex);
+        virtual void jettisonImpl();
+        virtual bool jitCompileImpl(ExecState*);
+        virtual CodeBlock* replacement();
+        virtual DFG::CapabilityLevel canCompileWithDFGInternal();
+#endif
+    };
+    
+    inline CodeBlock* baselineCodeBlockForInlineCallFrame(InlineCallFrame* inlineCallFrame)
     {
+        RELEASE_ASSERT(inlineCallFrame);
+        ExecutableBase* executable = inlineCallFrame->executable.get();
+        RELEASE_ASSERT(executable->structure()->classInfo() == &FunctionExecutable::s_info);
+        return static_cast<FunctionExecutable*>(executable)->baselineCodeBlockFor(inlineCallFrame->isCall ? CodeForCall : CodeForConstruct);
     }
-
-    FunctionCodeBlock(FunctionExecutable* ownerExecutable, UnlinkedFunctionCodeBlock* unlinkedCodeBlock, JSGlobalObject* globalObject, PassRefPtr<SourceProvider> sourceProvider, unsigned sourceOffset, unsigned firstLineColumnOffset, PassOwnPtr<CodeBlock> alternative = nullptr)
-        : CodeBlock(ownerExecutable, unlinkedCodeBlock, globalObject, 0, sourceProvider, sourceOffset, firstLineColumnOffset, alternative)
+    
+    inline CodeBlock* baselineCodeBlockForOriginAndBaselineCodeBlock(const CodeOrigin& codeOrigin, CodeBlock* baselineCodeBlock)
     {
+        if (codeOrigin.inlineCallFrame)
+            return baselineCodeBlockForInlineCallFrame(codeOrigin.inlineCallFrame);
+        return baselineCodeBlock;
     }
+    
+    inline int CodeBlock::argumentIndexAfterCapture(size_t argument)
+    {
+        if (argument >= static_cast<size_t>(symbolTable()->parameterCount()))
+            return CallFrame::argumentOffset(argument);
         
-#if ENABLE(JIT)
-protected:
-    virtual JSObject* compileOptimized(ExecState*, JSScope*, unsigned bytecodeIndex);
-    virtual void jettisonImpl();
-    virtual bool jitCompileImpl(ExecState*);
-    virtual CodeBlock* replacement();
-    virtual DFG::CapabilityLevel canCompileWithDFGInternal();
-#endif
-};
-
-inline CodeBlock* baselineCodeBlockForInlineCallFrame(InlineCallFrame* inlineCallFrame)
-{
-    RELEASE_ASSERT(inlineCallFrame);
-    ExecutableBase* executable = inlineCallFrame->executable.get();
-    RELEASE_ASSERT(executable->structure()->classInfo() == &FunctionExecutable::s_info);
-    return static_cast<FunctionExecutable*>(executable)->baselineCodeBlockFor(inlineCallFrame->isCall ? CodeForCall : CodeForConstruct);
-}
+        const SlowArgument* slowArguments = symbolTable()->slowArguments();
+        if (!slowArguments || slowArguments[argument].status == SlowArgument::Normal)
+            return CallFrame::argumentOffset(argument);
+        
+        ASSERT(slowArguments[argument].status == SlowArgument::Captured);
+        return slowArguments[argument].index;
+    }
+    
+    inline Register& ExecState::r(int index)
+    {
+        CodeBlock* codeBlock = this->codeBlock();
+        if (codeBlock->isConstantRegisterIndex(index))
+            return *reinterpret_cast<Register*>(&codeBlock->constantRegister(index));
+        return this[index];
+    }
+    
+    inline Register& ExecState::uncheckedR(int index)
+    {
+        RELEASE_ASSERT(index < FirstConstantRegisterIndex);
+        return this[index];
+    }
     
-inline CodeBlock* baselineCodeBlockForOriginAndBaselineCodeBlock(const CodeOrigin& codeOrigin, CodeBlock* baselineCodeBlock)
-{
-    if (codeOrigin.inlineCallFrame)
-        return baselineCodeBlockForInlineCallFrame(codeOrigin.inlineCallFrame);
-    return baselineCodeBlock;
-}
-
-inline int CodeBlock::argumentIndexAfterCapture(size_t argument)
-{
-    if (argument >= static_cast<size_t>(symbolTable()->parameterCount()))
-        return CallFrame::argumentOffset(argument);
-
-    const SlowArgument* slowArguments = symbolTable()->slowArguments();
-    if (!slowArguments || slowArguments[argument].status == SlowArgument::Normal)
-        return CallFrame::argumentOffset(argument);
-
-    ASSERT(slowArguments[argument].status == SlowArgument::Captured);
-    return slowArguments[argument].index;
-}
-
-inline Register& ExecState::r(int index)
-{
-    CodeBlock* codeBlock = this->codeBlock();
-    if (codeBlock->isConstantRegisterIndex(index))
-        return *reinterpret_cast<Register*>(&codeBlock->constantRegister(index));
-    return this[index];
-}
-
-inline Register& ExecState::uncheckedR(int index)
-{
-    RELEASE_ASSERT(index < FirstConstantRegisterIndex);
-    return this[index];
-}
-
 #if ENABLE(DFG_JIT)
-inline bool ExecState::isInlineCallFrame()
-{
-    if (LIKELY(!codeBlock() || !JITCode::isOptimizingJIT(codeBlock()->getJITType())))
-       return false;
-    return isInlineCallFrameSlow();
-}
+    inline bool ExecState::isInlineCallFrame()
+    {
+        if (LIKELY(!codeBlock() || !JITCode::isOptimizingJIT(codeBlock()->getJITType())))
+            return false;
+        return isInlineCallFrameSlow();
+    }
 #endif
-
-inline JSValue ExecState::argumentAfterCapture(size_t argument)
-{
-    if (argument >= argumentCount())
-        return jsUndefined();
-
-    if (!codeBlock())
-        return this[argumentOffset(argument)].jsValue();
-
-    return this[codeBlock()->argumentIndexAfterCapture(argument)].jsValue();
-}
-
+    
+    inline JSValue ExecState::argumentAfterCapture(size_t argument)
+    {
+        if (argument >= argumentCount())
+            return jsUndefined();
+        
+        if (!codeBlock())
+            return this[argumentOffset(argument)].jsValue();
+        
+        return this[codeBlock()->argumentIndexAfterCapture(argument)].jsValue();
+    }
+    
 #if ENABLE(DFG_JIT)
-inline void DFGCodeBlocks::mark(void* candidateCodeBlock)
-{
-    // We have to check for 0 and -1 because those are used by the HashMap as markers.
-    uintptr_t value = reinterpret_cast<uintptr_t>(candidateCodeBlock);
+    inline void DFGCodeBlocks::mark(void* candidateCodeBlock)
+    {
+        // We have to check for 0 and -1 because those are used by the HashMap as markers.
+        uintptr_t value = reinterpret_cast<uintptr_t>(candidateCodeBlock);
         
-    // This checks for both of those nasty cases in one go.
-    // 0 + 1 = 1
-    // -1 + 1 = 0
-    if (value + 1 <= 1)
-        return;
+        // This checks for both of those nasty cases in one go.
+        // 0 + 1 = 1
+        // -1 + 1 = 0
+        if (value + 1 <= 1)
+            return;
         
-    HashSet<CodeBlock*>::iterator iter = m_set.find(static_cast<CodeBlock*>(candidateCodeBlock));
-    if (iter == m_set.end())
-        return;
+        HashSet<CodeBlock*>::iterator iter = m_set.find(static_cast<CodeBlock*>(candidateCodeBlock));
+        if (iter == m_set.end())
+            return;
         
-    (*iter)->m_jitCode->dfgCommon()->mayBeExecuting = true;
-}
+        (*iter)->m_jitCode->dfgCommon()->mayBeExecuting = true;
+    }
 #endif
     
 } // namespace JSC
index e7b3e24..ae54ca3 100644 (file)
@@ -48,6 +48,8 @@ struct OperandValueTraits {
 
 enum OperandKind { ArgumentOperand, LocalOperand };
 
+enum OperandsLikeTag { OperandsLike };
+
 template<typename T, typename Traits = OperandValueTraits<T> >
 class Operands {
 public:
@@ -59,6 +61,13 @@ public:
         m_locals.fill(Traits::defaultValue(), numLocals);
     }
     
+    template<typename U, typename OtherTraits>
+    explicit Operands(OperandsLikeTag, const Operands<U, OtherTraits>& other)
+    {
+        m_arguments.fill(Traits::defaultValue(), other.numberOfArguments());
+        m_locals.fill(Traits::defaultValue(), other.numberOfLocals());
+    }
+    
     size_t numberOfArguments() const { return m_arguments.size(); }
     size_t numberOfLocals() const { return m_locals.size(); }
     
@@ -208,6 +217,8 @@ public:
             m_locals[i] = Traits::defaultValue();
     }
     
+    void dump(PrintStream& out) const;
+    
 private:
     Vector<T, 8> m_arguments;
     Vector<T, 16> m_locals;
@@ -231,6 +242,12 @@ void dumpOperands(const Operands<T, Traits>& operands, PrintStream& out)
     }
 }
 
+template<typename T, typename Traits>
+inline void Operands<T, Traits>::dump(PrintStream& out) const
+{
+    dumpOperands(*this, out);
+}
+
 } // namespace JSC
 
 #endif // Operands_h
index 2ac79c7..87cf1a2 100644 (file)
@@ -95,7 +95,8 @@ void AbstractState::initialize(Graph& graph)
             continue;
         }
         
-        SpeculatedType prediction = node->variableAccessData()->prediction();
+        SpeculatedType prediction =
+            node->variableAccessData()->argumentAwarePrediction();
         if (isInt32Speculation(prediction))
             root->valuesAtHead.argument(i).set(SpecInt32);
         else if (isBooleanSpeculation(prediction))
index de1f17d..7812328 100644 (file)
@@ -112,6 +112,21 @@ public:
         return m_variables;
     }
     
+    bool needsTypeCheck(Node* node, SpeculatedType typesPassedThrough)
+    {
+        return forNode(node).m_type & ~typesPassedThrough;
+    }
+    
+    bool needsTypeCheck(Edge edge, SpeculatedType typesPassedThrough)
+    {
+        return needsTypeCheck(edge.node(), typesPassedThrough);
+    }
+    
+    bool needsTypeCheck(Edge edge)
+    {
+        return needsTypeCheck(edge, typeFilterFor(edge.useKind()));
+    }
+    
     // Call this before beginning CFA to initialize the abstract values of
     // arguments, and to indicate which blocks should be listed for CFA
     // execution.
@@ -185,19 +200,7 @@ public:
     
     ALWAYS_INLINE void filterEdgeByUse(Node* node, Edge& edge)
     {
-#if !ASSERT_DISABLED
-        switch (edge.useKind()) {
-        case KnownInt32Use:
-        case KnownNumberUse:
-        case KnownCellUse:
-        case KnownStringUse:
-            ASSERT(!(forNode(edge).m_type & ~typeFilterFor(edge.useKind())));
-            break;
-        default:
-            break;
-        }
-#endif // !ASSERT_DISABLED
-        
+        ASSERT(mayHaveTypeCheck(edge.useKind()) || !needsTypeCheck(edge));
         filterByType(node, edge, typeFilterFor(edge.useKind()));
     }
     
index 3507056..2302064 100644 (file)
 #include "DFGUnificationPhase.h"
 #include "DFGValidate.h"
 #include "DFGVirtualRegisterAllocationPhase.h"
+#include "FTLCapabilities.h"
+#include "FTLCompile.h"
+#include "FTLLowerDFGToLLVM.h"
+#include "FTLState.h"
 #include "Operations.h"
 #include "Options.h"
 
@@ -61,6 +65,18 @@ unsigned getNumCompilations()
     return numCompilations;
 }
 
+static void dumpAndVerifyGraph(Graph& graph, const char* text)
+{
+    GraphDumpMode modeForFinalValidate = DumpGraph;
+    if (verboseCompilationEnabled()) {
+        dataLog(text, "\n");
+        graph.dump();
+        modeForFinalValidate = DontDumpGraph;
+    }
+    if (validationEnabled())
+        validate(graph, modeForFinalValidate);
+}
+
 enum CompileMode { CompileFunction, CompileOther };
 static bool compile(CompileMode compileMode, ExecState* exec, CodeBlock* codeBlock, RefPtr<JSC::JITCode>& jitCode, MacroAssemblerCodePtr* jitCodeWithArityCheck, unsigned osrEntryBytecodeIndex)
 {
@@ -145,17 +161,31 @@ static bool compile(CompileMode compileMode, ExecState* exec, CodeBlock* codeBlo
     performStoreElimination(dfg);
     performCPSRethreading(dfg);
     performDCE(dfg);
-    performVirtualRegisterAllocation(dfg);
 
-    GraphDumpMode modeForFinalValidate = DumpGraph;
-    if (verboseCompilationEnabled()) {
-        dataLogF("Graph after optimization:\n");
-        dfg.dump();
-        modeForFinalValidate = DontDumpGraph;
+#if ENABLE(FTL_JIT)
+    if (Options::useExperimentalFTL()
+        && compileMode == CompileFunction
+        && FTL::canCompile(dfg)) {
+        
+        dumpAndVerifyGraph(dfg, "Graph just before FTL lowering:");
+        
+        // FIXME: Support OSR entry.
+        // https://bugs.webkit.org/show_bug.cgi?id=113625
+        
+        FTL::State state(dfg);
+        FTL::lowerDFGToLLVM(state);
+        FTL::compile(state, jitCode, *jitCodeWithArityCheck);
+        
+        // FIXME: Need to add support for the case where JIT memory allocation failed.
+        // https://bugs.webkit.org/show_bug.cgi?id=113620
+        
+        return true;
     }
-    if (validationEnabled())
-        validate(dfg, modeForFinalValidate);
+#endif // ENABLE(FTL_JIT)
     
+    performVirtualRegisterAllocation(dfg);
+    dumpAndVerifyGraph(dfg, "Graph after optimization:");
+
     JITCompiler dataFlowJIT(dfg);
     bool result;
     if (compileMode == CompileFunction) {
index 53366fe..d1534d3 100644 (file)
@@ -36,7 +36,7 @@
 namespace JSC { namespace DFG {
 
 typedef MacroAssembler::RegisterID GPRReg;
-#define InvalidGPRReg ((GPRReg)-1)
+#define InvalidGPRReg ((::JSC::DFG::GPRReg)-1)
 
 #if USE(JSVALUE64)
 class JSValueRegs {
@@ -366,7 +366,7 @@ public:
         static const GPRReg registerForIndex[numberOfArgumentRegisters] = { argumentGPR0, argumentGPR1, argumentGPR2, argumentGPR3, argumentGPR4, argumentGPR5 };
         return registerForIndex[index];
     }
-
+    
     static unsigned toIndex(GPRReg reg)
     {
         ASSERT(reg != InvalidGPRReg);
index a170290..dab269b 100644 (file)
@@ -51,6 +51,7 @@ inline bool belongsInMinifiedGraph(NodeType type)
     case PhantomArguments:
         return true;
     default:
+        ASSERT(!needsOSRBackwardRewiring(type) && !needsOSRForwardRewiring(type));
         return false;
     }
 }
index 9039e3f..4df8aa0 100644 (file)
@@ -293,6 +293,25 @@ inline NodeFlags defaultFlags(NodeType op)
     }
 }
 
+inline bool needsOSRBackwardRewiring(NodeType op)
+{
+    return op == UInt32ToNumber;
+}
+
+inline bool needsOSRForwardRewiring(NodeType op)
+{
+    switch (op) {
+    case Int32ToDouble:
+    case ForwardInt32ToDouble:
+    case ValueToInt32:
+    case UInt32ToNumber:
+    case DoubleAsInt32:
+        return true;
+    default:
+        return false;
+    }
+}
+
 } } // namespace JSC::DFG
 
 #endif // ENABLE(DFG_JIT)
index 56e00da..c9decdf 100644 (file)
 namespace JSC { namespace DFG {
 
 OSRExit::OSRExit(ExitKind kind, JSValueSource jsValueSource, MethodOfGettingAValueProfile valueProfile, SpeculativeJIT* jit, unsigned streamIndex, unsigned recoveryIndex)
-    : m_jsValueSource(jsValueSource)
+    : OSRExitBase(kind, jit->m_codeOriginForOSR)
+    , m_jsValueSource(jsValueSource)
     , m_valueProfile(valueProfile)
     , m_patchableCodeOffset(0)
-    , m_codeOrigin(jit->m_codeOriginForOSR)
-    , m_codeOriginForExitProfile(m_codeOrigin)
     , m_recoveryIndex(recoveryIndex)
     , m_watchpointIndex(std::numeric_limits<unsigned>::max())
-    , m_kind(kind)
-    , m_count(0)
     , m_streamIndex(streamIndex)
     , m_lastSetOperand(jit->m_lastSetOperand)
 {
@@ -73,54 +70,15 @@ void OSRExit::correctJump(LinkBuffer& linkBuffer)
     m_patchableCodeOffset = linkBuffer.offsetOf(label);
 }
 
-bool OSRExit::considerAddingAsFrequentExitSiteSlow(CodeBlock* profiledCodeBlock)
-{
-    FrequentExitSite exitSite;
-    
-    if (m_kind == ArgumentsEscaped) {
-        // Count this one globally. It doesn't matter where in the code block the arguments excaped;
-        // the fact that they did is not associated with any particular instruction.
-        exitSite = FrequentExitSite(m_kind);
-    } else
-        exitSite = FrequentExitSite(m_codeOriginForExitProfile.bytecodeIndex, m_kind);
-    
-    return baselineCodeBlockForOriginAndBaselineCodeBlock(m_codeOriginForExitProfile, profiledCodeBlock)->addFrequentExitSite(exitSite);
-}
-
 void OSRExit::convertToForward(BasicBlock* block, Node* currentNode, unsigned nodeIndex, const ValueRecovery& valueRecovery)
 {
-    // Check that either the current node is a SetLocal, or the preceding node was a
-    // SetLocal with the same code origin, or that we've provided a valueRecovery.
-    if (!ASSERT_DISABLED
-        && !valueRecovery
-        && !currentNode->containsMovHint()) {
-        Node* setLocal = block->at(nodeIndex - 1);
-        ASSERT_UNUSED(setLocal, setLocal->containsMovHint());
-        ASSERT_UNUSED(setLocal, setLocal->codeOrigin == currentNode->codeOrigin);
-    }
-    
-    // Find the first node for the next bytecode instruction. Also track the last mov hint
-    // on this node.
-    unsigned indexInBlock = nodeIndex + 1;
-    Node* node = 0;
-    Node* lastMovHint = 0;
-    for (;;) {
-        if (indexInBlock == block->size()) {
-            // This is an inline return. Give up and do a backwards speculation. This is safe
-            // because an inline return has its own bytecode index and it's always safe to
-            // reexecute that bytecode.
-            ASSERT(node->op() == Jump);
-            return;
-        }
-        node = block->at(indexInBlock);
-        if (node->containsMovHint() && node->child1() == currentNode)
-            lastMovHint = node;
-        if (node->codeOrigin != currentNode->codeOrigin)
-            break;
-        indexInBlock++;
-    }
-    
+    Node* node;
+    Node* lastMovHint;
+    if (!doSearchForForwardConversion(block, currentNode, nodeIndex, !!valueRecovery, node, lastMovHint))
+        return;
+
     ASSERT(node->codeOrigin != currentNode->codeOrigin);
+    
     m_codeOrigin = node->codeOrigin;
     
     if (!valueRecovery)
index 0765c59..50bddd4 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011 Apple Inc. All rights reserved.
+ * Copyright (C) 2011, 2013 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -34,6 +34,7 @@
 #include "DFGCommon.h"
 #include "DFGExitProfile.h"
 #include "DFGGPRInfo.h"
+#include "DFGOSRExitBase.h"
 #include "DFGValueRecoveryOverride.h"
 #include "MacroAssembler.h"
 #include "MethodOfGettingAValueProfile.h"
@@ -84,7 +85,7 @@ private:
 //
 // This structure describes how to exit the speculative path by
 // going into baseline code.
-struct OSRExit {
+struct OSRExit : public OSRExitBase {
     OSRExit(ExitKind, JSValueSource, MethodOfGettingAValueProfile, SpeculativeJIT*, unsigned streamIndex, unsigned recoveryIndex = UINT_MAX);
     
     MacroAssemblerCodeRef m_code;
@@ -93,22 +94,10 @@ struct OSRExit {
     MethodOfGettingAValueProfile m_valueProfile;
 
     unsigned m_patchableCodeOffset;
-    CodeOrigin m_codeOrigin;
-    CodeOrigin m_codeOriginForExitProfile;
     
     unsigned m_recoveryIndex;
     unsigned m_watchpointIndex;
     
-    ExitKind m_kind;
-    uint32_t m_count;
-    
-    bool considerAddingAsFrequentExitSite(CodeBlock* profiledCodeBlock)
-    {
-        if (!m_count || !exitKindIsCountable(m_kind))
-            return false;
-        return considerAddingAsFrequentExitSiteSlow(profiledCodeBlock);
-    }
-
     void setPatchableCodeOffset(MacroAssembler::PatchableJump);
     MacroAssembler::Jump getPatchableCodeOffsetAsJump() const;
     CodeLocationJump codeLocationForRepatch(CodeBlock*) const;
@@ -120,9 +109,6 @@ struct OSRExit {
     int m_lastSetOperand;
     
     RefPtr<ValueRecoveryOverride> m_valueRecoveryOverride;
-
-private:
-    bool considerAddingAsFrequentExitSiteSlow(CodeBlock* profiledCodeBlock);
 };
 
 struct SpeculationFailureDebugInfo {
diff --git a/Source/JavaScriptCore/dfg/DFGOSRExitBase.cpp b/Source/JavaScriptCore/dfg/DFGOSRExitBase.cpp
new file mode 100644 (file)
index 0000000..58d99c1
--- /dev/null
@@ -0,0 +1,94 @@
+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "DFGOSRExitBase.h"
+
+#if ENABLE(DFG_JIT)
+
+#include "CodeBlock.h"
+#include "DFGBasicBlock.h"
+#include "DFGNode.h"
+#include "Operations.h"
+
+namespace JSC { namespace DFG {
+
+bool OSRExitBase::considerAddingAsFrequentExitSiteSlow(CodeBlock* profiledCodeBlock)
+{
+    FrequentExitSite exitSite;
+    
+    if (m_kind == ArgumentsEscaped) {
+        // Count this one globally. It doesn't matter where in the code block the arguments excaped;
+        // the fact that they did is not associated with any particular instruction.
+        exitSite = FrequentExitSite(m_kind);
+    } else
+        exitSite = FrequentExitSite(m_codeOriginForExitProfile.bytecodeIndex, m_kind);
+    
+    return baselineCodeBlockForOriginAndBaselineCodeBlock(m_codeOriginForExitProfile, profiledCodeBlock)->addFrequentExitSite(exitSite);
+}
+
+bool OSRExitBase::doSearchForForwardConversion(
+    BasicBlock* block, Node* currentNode, unsigned nodeIndex, bool hasValueRecovery,
+    Node*& node, Node*& lastMovHint)
+{
+    // Check that either the current node is a SetLocal, or the preceding node was a
+    // SetLocal with the same code origin, or that we've provided a valueRecovery.
+    if (!ASSERT_DISABLED
+        && !hasValueRecovery
+        && !currentNode->containsMovHint()) {
+        Node* setLocal = block->at(nodeIndex - 1);
+        ASSERT_UNUSED(setLocal, setLocal->containsMovHint());
+        ASSERT_UNUSED(setLocal, setLocal->codeOrigin == currentNode->codeOrigin);
+    }
+    
+    // Find the first node for the next bytecode instruction. Also track the last mov hint
+    // on this node.
+    unsigned indexInBlock = nodeIndex + 1;
+    node = 0;
+    lastMovHint = 0;
+    for (;;) {
+        if (indexInBlock == block->size()) {
+            // This is an inline return. Give up and do a backwards speculation. This is safe
+            // because an inline return has its own bytecode index and it's always safe to
+            // reexecute that bytecode.
+            ASSERT(node->op() == Jump);
+            return false;
+        }
+        node = block->at(indexInBlock);
+        if (node->containsMovHint() && node->child1() == currentNode)
+            lastMovHint = node;
+        if (node->codeOrigin != currentNode->codeOrigin)
+            break;
+        indexInBlock++;
+    }
+    
+    ASSERT(node->codeOrigin != currentNode->codeOrigin);
+    return true;
+}
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
diff --git a/Source/JavaScriptCore/dfg/DFGOSRExitBase.h b/Source/JavaScriptCore/dfg/DFGOSRExitBase.h
new file mode 100644 (file)
index 0000000..7f64861
--- /dev/null
@@ -0,0 +1,80 @@
+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef DFGOSRExitBase_h
+#define DFGOSRExitBase_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(DFG_JIT)
+
+#include "CodeOrigin.h"
+#include "DFGExitProfile.h"
+
+namespace JSC { namespace DFG {
+
+struct BasicBlock;
+struct Node;
+
+// Provides for the OSR exit profiling functionality that is common between the DFG
+// and the FTL.
+
+struct OSRExitBase {
+    OSRExitBase(ExitKind kind, CodeOrigin origin)
+        : m_kind(kind)
+        , m_count(0)
+        , m_codeOrigin(origin)
+        , m_codeOriginForExitProfile(origin)
+    {
+    }
+    
+    ExitKind m_kind;
+    uint32_t m_count;
+    
+    CodeOrigin m_codeOrigin;
+    CodeOrigin m_codeOriginForExitProfile;
+
+    bool considerAddingAsFrequentExitSite(CodeBlock* profiledCodeBlock)
+    {
+        if (!m_count || !exitKindIsCountable(m_kind))
+            return false;
+        return considerAddingAsFrequentExitSiteSlow(profiledCodeBlock);
+    }
+    
+    // Returns true if the forward conversion is really needed.
+    bool doSearchForForwardConversion(
+        BasicBlock*, Node* currentNode, unsigned nodeIndex, bool hasValueRecovery,
+        Node*& nextBCNode, Node*& lastMovHint);
+
+private:
+    bool considerAddingAsFrequentExitSiteSlow(CodeBlock* profiledCodeBlock);
+};
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
+#endif // DFGOSRExitBase_h
+
index 18476cd..22f6c6b 100644 (file)
@@ -31,6 +31,7 @@
 #include "CallFrame.h"
 #include "DFGCommon.h"
 #include "DFGJITCode.h"
+#include "DFGOSRExitPreparation.h"
 #include "LinkBuffer.h"
 #include "Operations.h"
 #include "RepatchBuffer.h"
@@ -54,20 +55,7 @@ void compileOSRExit(ExecState* exec)
     uint32_t exitIndex = vm->osrExitIndex;
     OSRExit& exit = codeBlock->getJITCode()->dfg()->osrExit[exitIndex];
     
-    // Make sure all code on our inline stack is JIT compiled. This is necessary since
-    // we may opt to inline a code block even before it had ever been compiled by the
-    // JIT, but our OSR exit infrastructure currently only works if the target of the
-    // OSR exit is JIT code. This could be changed since there is nothing particularly
-    // hard about doing an OSR exit into the interpreter, but for now this seems to make
-    // sense in that if we're OSR exiting from inlined code of a DFG code block, then
-    // probably it's a good sign that the thing we're exiting into is hot. Even more
-    // interestingly, since the code was inlined, it may never otherwise get JIT
-    // compiled since the act of inlining it may ensure that it otherwise never runs.
-    for (CodeOrigin codeOrigin = exit.m_codeOrigin; codeOrigin.inlineCallFrame; codeOrigin = codeOrigin.inlineCallFrame->caller) {
-        static_cast<FunctionExecutable*>(codeOrigin.inlineCallFrame->executable.get())
-            ->baselineCodeBlockFor(codeOrigin.inlineCallFrame->isCall ? CodeForCall : CodeForConstruct)
-            ->jitCompile(exec);
-    }
+    prepareCodeOriginForOSRExit(exec, exit.m_codeOrigin);
     
     // Compute the value recoveries.
     Operands<ValueRecovery> operands;
index 372ed94..064a0be 100644 (file)
@@ -653,7 +653,7 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, const Operands<ValueRecov
     // 16) Load the result of the last bytecode operation into regT0.
     
     if (exit.m_lastSetOperand != std::numeric_limits<int>::max())
-        m_jit.load64(AssemblyHelpers::addressFor((VirtualRegister)exit.m_lastSetOperand), GPRInfo::cachedResultRegister);
+        m_jit.load64(AssemblyHelpers::addressFor(exit.m_lastSetOperand), GPRInfo::cachedResultRegister);
     
     // 17) And finish.
     
index 69836c7..51fdf5a 100644 (file)
 
 #include "DFGOperations.h"
 #include "JSCJSValueInlines.h"
+#include "Operations.h"
 
 namespace JSC { namespace DFG {
 
-void handleExitCounts(CCallHelpers& jit, const OSRExit& exit)
+void handleExitCounts(CCallHelpers& jit, const OSRExitBase& exit)
 {
     jit.add32(AssemblyHelpers::TrustedImm32(1), AssemblyHelpers::AbsoluteAddress(&exit.m_count));
     
@@ -74,7 +75,7 @@ void handleExitCounts(CCallHelpers& jit, const OSRExit& exit)
     doneAdjusting.link(&jit);
 }
 
-void reifyInlinedCallFrames(CCallHelpers& jit, const OSRExit& exit)
+void reifyInlinedCallFrames(CCallHelpers& jit, const OSRExitBase& exit)
 {
 #if USE(JSVALUE64)
     ASSERT(jit.baselineCodeBlock()->getJITType() == JITCode::BaselineJIT);
@@ -148,7 +149,7 @@ void reifyInlinedCallFrames(CCallHelpers& jit, const OSRExit& exit)
 #endif // USE(JSVALUE64) // ending the #else part, so directly above is the 32-bit part
 }
 
-void adjustAndJumpToTarget(CCallHelpers& jit, const OSRExit& exit)
+void adjustAndJumpToTarget(CCallHelpers& jit, const OSRExitBase& exit)
 {
     if (exit.m_codeOrigin.inlineCallFrame)
         jit.addPtr(AssemblyHelpers::TrustedImm32(exit.m_codeOrigin.inlineCallFrame->stackOffset * sizeof(EncodedJSValue)), GPRInfo::callFrameRegister);
index 3d1ff9e..278fef3 100644 (file)
@@ -35,9 +35,9 @@
 
 namespace JSC { namespace DFG {
 
-void handleExitCounts(CCallHelpers&, const OSRExit&);
-void reifyInlinedCallFrames(CCallHelpers&, const OSRExit&);
-void adjustAndJumpToTarget(CCallHelpers&, const OSRExit&);
+void handleExitCounts(CCallHelpers&, const OSRExitBase&);
+void reifyInlinedCallFrames(CCallHelpers&, const OSRExitBase&);
+void adjustAndJumpToTarget(CCallHelpers&, const OSRExitBase&);
 
 } } // namespace JSC::DFG
 
diff --git a/Source/JavaScriptCore/dfg/DFGOSRExitPreparation.cpp b/Source/JavaScriptCore/dfg/DFGOSRExitPreparation.cpp
new file mode 100644 (file)
index 0000000..82ac35b
--- /dev/null
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "DFGOSRExitPreparation.h"
+
+#if ENABLE(DFG_JIT)
+
+#include "CodeBlock.h"
+#include "Executable.h"
+#include "Operations.h"
+
+namespace JSC { namespace DFG {
+
+void prepareCodeOriginForOSRExit(ExecState* exec, CodeOrigin codeOrigin)
+{
+    for (; codeOrigin.inlineCallFrame; codeOrigin = codeOrigin.inlineCallFrame->caller) {
+        static_cast<FunctionExecutable*>(codeOrigin.inlineCallFrame->executable.get())
+            ->baselineCodeBlockFor(codeOrigin.inlineCallFrame->isCall ? CodeForCall : CodeForConstruct)
+            ->jitCompile(exec);
+    }
+}
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
diff --git a/Source/JavaScriptCore/dfg/DFGOSRExitPreparation.h b/Source/JavaScriptCore/dfg/DFGOSRExitPreparation.h
new file mode 100644 (file)
index 0000000..1008e72
--- /dev/null
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef DFGOSRExitPreparation_h
+#define DFGOSRExitPreparation_h
+
+#if ENABLE(DFG_JIT)
+
+#include "CallFrame.h"
+#include "CodeOrigin.h"
+
+namespace JSC { namespace DFG {
+
+// Make sure all code on our inline stack is JIT compiled. This is necessary since
+// we may opt to inline a code block even before it had ever been compiled by the
+// JIT, but our OSR exit infrastructure currently only works if the target of the
+// OSR exit is JIT code. This could be changed since there is nothing particularly
+// hard about doing an OSR exit into the interpreter, but for now this seems to make
+// sense in that if we're OSR exiting from inlined code of a DFG code block, then
+// probably it's a good sign that the thing we're exiting into is hot. Even more
+// interestingly, since the code was inlined, it may never otherwise get JIT
+// compiled since the act of inlining it may ensure that it otherwise never runs.
+void prepareCodeOriginForOSRExit(ExecState*, CodeOrigin);
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
+#endif // DFGOSRExitPreparation_h
+
+
index 46a2e28..00723f3 100644 (file)
@@ -1722,7 +1722,7 @@ extern "C" void DFG_OPERATION triggerReoptimizationNow(CodeBlock* codeBlock)
     // Otherwise, the replacement must be optimized code. Use this as an opportunity
     // to check our logic.
     ASSERT(codeBlock->hasOptimizedReplacement());
-    ASSERT(codeBlock->replacement()->getJITType() == JITCode::DFGJIT);
+    ASSERT(JITCode::isOptimizingJIT(codeBlock->replacement()->getJITType()));
 
     codeBlock->reoptimize();
 }
index 37dec7f..3bf3044 100644 (file)
@@ -1806,11 +1806,11 @@ void SpeculativeJIT::checkArgumentTypes()
         }
         
         VariableAccessData* variableAccessData = node->variableAccessData();
-        if (!variableAccessData->isProfitableToUnbox())
+        if (!variableAccessData->shouldUnboxIfPossible())
             continue;
         
         VirtualRegister virtualRegister = variableAccessData->local();
-        SpeculatedType predictedType = variableAccessData->prediction();
+        SpeculatedType predictedType = variableAccessData->argumentAwarePrediction();
 
         JSValueSource valueSource = JSValueSource(JITCompiler::addressFor(virtualRegister));
         
index b64ca63..35d97ac 100644 (file)
@@ -2106,7 +2106,7 @@ public:
     void terminateSpeculativeExecution(ExitKind, JSValueRegs, Edge);
     
     // Helpers for performing type checks on an edge stored in the given registers.
-    bool needsTypeCheck(Edge edge, SpeculatedType typesPassedThrough) { return m_state.forNode(edge).m_type & ~typesPassedThrough; }
+    bool needsTypeCheck(Edge edge, SpeculatedType typesPassedThrough) { return m_state.needsTypeCheck(edge, typesPassedThrough); }
     void backwardTypeCheck(JSValueSource, Edge, SpeculatedType typesPassedThrough, MacroAssembler::Jump jumpToFail);
     void typeCheck(JSValueSource, Edge, SpeculatedType typesPassedThrough, MacroAssembler::Jump jumpToFail);
     void forwardTypeCheck(JSValueSource, Edge, SpeculatedType typesPassedThrough, MacroAssembler::Jump jumpToFail, const ValueRecovery&);
@@ -2711,7 +2711,7 @@ public:
         , m_fprOrInvalid(InvalidFPRReg)
     {
         ASSERT(m_jit);
-        ASSERT_UNUSED(mode, mode == ManualOperandSpeculation || (edge.useKind() == NumberUse || edge.useKind() == KnownNumberUse || edge.useKind() == RealNumberUse));
+        ASSERT_UNUSED(mode, mode == ManualOperandSpeculation || isDouble(edge.useKind()));
         if (jit->isFilled(node()))
             fpr();
     }
@@ -2760,7 +2760,7 @@ public:
         ASSERT(m_jit);
         if (!edge)
             return;
-        ASSERT_UNUSED(mode, mode == ManualOperandSpeculation || (edge.useKind() == CellUse || edge.useKind() == KnownCellUse || edge.useKind() == ObjectUse || edge.useKind() == StringUse || edge.useKind() == KnownStringUse || edge.useKind() == StringObjectUse || edge.useKind() == StringOrStringObjectUse));
+        ASSERT_UNUSED(mode, mode == ManualOperandSpeculation || isCell(edge.useKind()));
         if (jit->isFilled(node()))
             gpr();
     }
@@ -2868,9 +2868,12 @@ void SpeculativeJIT::speculateStringObjectForStructure(Edge edge, StructureLocat
 }
 
 #define DFG_TYPE_CHECK(source, edge, typesPassedThrough, jumpToFail) do { \
-        if (!needsTypeCheck((edge), (typesPassedThrough)))              \
+        JSValueSource _dtc_source = (source);                           \
+        Edge _dtc_edge = (edge);                                        \
+        SpeculatedType _dtc_typesPassedThrough = typesPassedThrough;    \
+        if (!needsTypeCheck(_dtc_edge, _dtc_typesPassedThrough))        \
             break;                                                      \
-        typeCheck((source), (edge), (typesPassedThrough), (jumpToFail)); \
+        typeCheck(_dtc_source, _dtc_edge, _dtc_typesPassedThrough, (jumpToFail)); \
     } while (0)
 
 } } // namespace JSC::DFG
index afe3d35..98e1a29 100644 (file)
@@ -95,6 +95,25 @@ ALWAYS_INLINE SpeculatedType typeFilterFor(UseKind useKind)
     }
 }
 
+ALWAYS_INLINE bool shouldNotHaveTypeCheck(UseKind kind)
+{
+    switch (kind) {
+    case UntypedUse:
+    case KnownInt32Use:
+    case KnownNumberUse:
+    case KnownCellUse:
+    case KnownStringUse:
+        return true;
+    default:
+        return false;
+    }
+}
+
+ALWAYS_INLINE bool mayHaveTypeCheck(UseKind kind)
+{
+    return !shouldNotHaveTypeCheck(kind);
+}
+
 ALWAYS_INLINE bool isNumerical(UseKind kind)
 {
     switch (kind) {
@@ -108,6 +127,34 @@ ALWAYS_INLINE bool isNumerical(UseKind kind)
     }
 }
 
+ALWAYS_INLINE bool isDouble(UseKind kind)
+{
+    switch (kind) {
+    case KnownInt32Use:
+    case RealNumberUse:
+    case NumberUse:
+        return true;
+    default:
+        return false;
+    }
+}
+
+ALWAYS_INLINE bool isCell(UseKind kind)
+{
+    switch (kind) {
+    case CellUse:
+    case KnownCellUse:
+    case ObjectUse:
+    case StringUse:
+    case KnownStringUse:
+    case StringObjectUse:
+    case StringOrStringObjectUse:
+        return true;
+    default:
+        return false;
+    }
+}
+
 } } // namespace JSC::DFG
 
 namespace WTF {
index 3620726..77469f3 100644 (file)
@@ -131,7 +131,7 @@ public:
     {
         if (isInt32Speculation(prediction))
             return ValueSource(Int32InJSStack);
-        if (isArraySpeculation(prediction) || isCellSpeculation(prediction))
+        if (isCellSpeculation(prediction))
             return ValueSource(CellInJSStack);
         if (isBooleanSpeculation(prediction))
             return ValueSource(BooleanInJSStack);
index bd75dae..b0bb2b4 100644 (file)
@@ -214,7 +214,7 @@ void VariableEventStream::reconstruct(
             
             bool found = false;
             
-            if (node && node->op() == UInt32ToNumber) {
+            if (node && needsOSRBackwardRewiring(node->op())) {
                 MinifiedID id = node->child1();
                 if (tryToSetConstantRecovery(valueRecoveries[i], codeBlock, graph.at(id)))
                     continue;
@@ -257,6 +257,7 @@ void VariableEventStream::reconstruct(
                         doubleAsInt32ID = id;
                         break;
                     default:
+                        ASSERT(!needsOSRForwardRewiring(node->op()));
                         break;
                     }
                 }
diff --git a/Source/JavaScriptCore/ftl/FTLAbbreviations.h b/Source/JavaScriptCore/ftl/FTLAbbreviations.h
new file mode 100644 (file)
index 0000000..4d1d48d
--- /dev/null
@@ -0,0 +1,205 @@
+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef FTLAbbreviations_h
+#define FTLAbbreviations_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(FTL_JIT)
+
+#include "FTLLLVMHeaders.h"
+
+namespace JSC { namespace FTL {
+
+// This file contains short-form calls into the LLVM C API. It is meant to
+// save typing and make the lowering code clearer. If we ever call an LLVM C API
+// function more than once in the FTL lowering code, we should add a shortcut for
+// it here.
+
+#if USE(JSVALUE32_64)
+#error "The FTL backend assumes that pointers are 64-bit."
+#endif
+
+typedef LLVMBasicBlockRef LBasicBlock;
+typedef LLVMBuilderRef LBuilder;
+typedef LLVMCallConv LCallConv;
+typedef LLVMIntPredicate LIntPredicate;
+typedef LLVMLinkage LLinkage;
+typedef LLVMModuleRef LModule;
+typedef LLVMTypeRef LType;
+typedef LLVMValueRef LValue;
+
+static inline LType voidType() { return LLVMVoidType(); }
+static inline LType int1Type() { return LLVMInt1Type(); }
+static inline LType int32Type() { return LLVMInt32Type(); }
+static inline LType int64Type() { return LLVMInt64Type(); }
+static inline LType intPtrType() { return LLVMInt64Type(); }
+
+static inline LType pointerType(LType type) { return LLVMPointerType(type, 0); }
+
+enum PackingMode { NotPacked, Packed };
+static inline LType structType(LType* elementTypes, unsigned elementCount, PackingMode packing = NotPacked)
+{
+    return LLVMStructType(elementTypes, elementCount, packing == Packed);
+}
+static inline LType structType(PackingMode packing = NotPacked)
+{
+    return structType(0, 0, packing);
+}
+static inline LType structType(LType element1, PackingMode packing = NotPacked)
+{
+    return structType(&element1, 1, packing);
+}
+static inline LType structType(LType element1, LType element2, PackingMode packing = NotPacked)
+{
+    LType elements[] = { element1, element2 };
+    return structType(elements, 2, packing);
+}
+
+enum Variadicity { NotVariadic, Variadic };
+static inline LType functionType(LType returnType, const LType* paramTypes, unsigned paramCount, Variadicity variadicity)
+{
+    return LLVMFunctionType(returnType, const_cast<LType*>(paramTypes), paramCount, variadicity == Variadic);
+}
+template<typename VectorType>
+inline LType functionType(LType returnType, const VectorType& vector, Variadicity variadicity = NotVariadic)
+{
+    return functionType(returnType, vector.begin(), vector.size(), variadicity);
+}
+static inline LType functionType(LType returnType, Variadicity variadicity = NotVariadic)
+{
+    return functionType(returnType, 0, 0, variadicity);
+}
+static inline LType functionType(LType returnType, LType param1, Variadicity variadicity = NotVariadic)
+{
+    return functionType(returnType, &param1, 1, variadicity);
+}
+static inline LType functionType(LType returnType, LType param1, LType param2, Variadicity variadicity = NotVariadic)
+{
+    LType paramTypes[] = { param1, param2 };
+    return functionType(returnType, paramTypes, 2, variadicity);
+}
+
+static inline LType typeOf(LValue value) { return LLVMTypeOf(value); }
+
+static inline unsigned mdKindID(const char* string) { return LLVMGetMDKindID(string, strlen(string)); }
+static inline LValue mdString(const char* string, unsigned length) { return LLVMMDString(string, length); }
+static inline LValue mdString(const char* string) { return mdString(string, strlen(string)); }
+static inline LValue mdNode(LValue* args, unsigned numArgs) { return LLVMMDNode(args, numArgs); }
+static inline LValue mdNode() { return mdNode(0, 0); }
+static inline LValue mdNode(LValue arg1) { return mdNode(&arg1, 1); }
+static inline LValue mdNode(LValue arg1, LValue arg2)
+{
+    LValue args[] = { arg1, arg2 };
+    return mdNode(args, 2);
+}
+
+static inline void setMetadata(LValue instruction, unsigned kind, LValue metadata) { LLVMSetMetadata(instruction, kind, metadata); }
+
+static inline LValue addFunction(LModule module, const char* name, LType type) { return LLVMAddFunction(module, name, type); }
+static inline void setLinkage(LValue global, LLinkage linkage) { LLVMSetLinkage(global, linkage); }
+static inline void setFunctionCallingConv(LValue function, LCallConv convention) { LLVMSetFunctionCallConv(function, convention); }
+
+static inline LValue addExternFunction(LModule module, const char* name, LType type)
+{
+    LValue result = addFunction(module, name, type);
+    setLinkage(result, LLVMExternalLinkage);
+    return result;
+}
+
+static inline LValue getParam(LValue function, unsigned index) { return LLVMGetParam(function, index); }
+
+enum BitExtension { ZeroExtend, SignExtend };
+static inline LValue constInt(LType type, unsigned long long value, BitExtension extension) { return LLVMConstInt(type, value, extension == SignExtend); }
+static inline LValue constIntToPtr(LValue value, LType type) { return LLVMConstIntToPtr(value, type); }
+static inline LValue constBitCast(LValue value, LType type) { return LLVMConstBitCast(value, type); }
+
+static inline LBasicBlock appendBasicBlock(LValue function, const char* name = "") { return LLVMAppendBasicBlock(function, name); }
+static inline LBasicBlock insertBasicBlock(LBasicBlock beforeBasicBlock, const char* name = "") { return LLVMInsertBasicBlock(beforeBasicBlock, name); }
+
+static inline LValue buildAlloca(LBuilder builder, LType type) { return LLVMBuildAlloca(builder, type, ""); }
+static inline LValue buildAdd(LBuilder builder, LValue left, LValue right) { return LLVMBuildAdd(builder, left, right, ""); }
+static inline LValue buildSub(LBuilder builder, LValue left, LValue right) { return LLVMBuildSub(builder, left, right, ""); }
+static inline LValue buildMul(LBuilder builder, LValue left, LValue right) { return LLVMBuildMul(builder, left, right, ""); }
+static inline LValue buildNeg(LBuilder builder, LValue value) { return LLVMBuildNeg(builder, value, ""); }
+static inline LValue buildAnd(LBuilder builder, LValue left, LValue right) { return LLVMBuildAnd(builder, left, right, ""); }
+static inline LValue buildOr(LBuilder builder, LValue left, LValue right) { return LLVMBuildOr(builder, left, right, ""); }
+static inline LValue buildXor(LBuilder builder, LValue left, LValue right) { return LLVMBuildXor(builder, left, right, ""); }
+static inline LValue buildShl(LBuilder builder, LValue left, LValue right) { return LLVMBuildShl(builder, left, right, ""); }
+static inline LValue buildAShr(LBuilder builder, LValue left, LValue right) { return LLVMBuildAShr(builder, left, right, ""); }
+static inline LValue buildLShr(LBuilder builder, LValue left, LValue right) { return LLVMBuildLShr(builder, left, right, ""); }
+static inline LValue buildLoad(LBuilder builder, LValue pointer) { return LLVMBuildLoad(builder, pointer, ""); }
+static inline LValue buildStore(LBuilder builder, LValue value, LValue pointer) { return LLVMBuildStore(builder, value, pointer); }
+static inline LValue buildZExt(LBuilder builder, LValue value, LType type) { return LLVMBuildZExt(builder, value, type, ""); }
+static inline LValue buildIntCast(LBuilder builder, LValue value, LType type) { return LLVMBuildIntCast(builder, value, type, ""); }
+static inline LValue buildIntToPtr(LBuilder builder, LValue value, LType type) { return LLVMBuildIntToPtr(builder, value, type, ""); }
+static inline LValue buildPtrToInt(LBuilder builder, LValue value, LType type) { return LLVMBuildPtrToInt(builder, value, type, ""); }
+static inline LValue buildICmp(LBuilder builder, LIntPredicate cond, LValue left, LValue right) { return LLVMBuildICmp(builder, cond, left, right, ""); }
+static inline LValue buildCall(LBuilder builder, LValue function, const LValue* args, unsigned numArgs)
+{
+    return LLVMBuildCall(builder, function, const_cast<LValue*>(args), numArgs, "");
+}
+template<typename VectorType>
+inline LValue buildCall(LBuilder builder, LValue function, const VectorType& vector)
+{
+    return buildCall(builder, function, vector.begin(), vector.size());
+}
+static inline LValue buildCall(LBuilder builder, LValue function)
+{
+    return buildCall(builder, function, 0, 0);
+}
+static inline LValue buildCall(LBuilder builder, LValue function, LValue arg1)
+{
+    return buildCall(builder, function, &arg1, 1);
+}
+static inline LValue buildCall(LBuilder builder, LValue function, LValue arg1, LValue arg2)
+{
+    LValue args[] = { arg1, arg2 };
+    return buildCall(builder, function, args, 2);
+}
+enum TailCallMode { IsNotTailCall, IsTailCall };
+static inline void setTailCall(LValue call, TailCallMode mode) { LLVMSetTailCall(call, mode == IsTailCall); }
+static inline LValue buildExtractValue(LBuilder builder, LValue aggVal, unsigned index) { return LLVMBuildExtractValue(builder, aggVal, index, ""); }
+static inline LValue buildSelect(LBuilder builder, LValue condition, LValue taken, LValue notTaken) { return LLVMBuildSelect(builder, condition, taken, notTaken, ""); }
+static inline LValue buildBr(LBuilder builder, LBasicBlock destination) { return LLVMBuildBr(builder, destination); }
+static inline LValue buildCondBr(LBuilder builder, LValue condition, LBasicBlock taken, LBasicBlock notTaken) { return LLVMBuildCondBr(builder, condition, taken, notTaken); }
+static inline LValue buildRet(LBuilder builder, LValue value) { return LLVMBuildRet(builder, value); }
+static inline LValue buildUnreachable(LBuilder builder) { return LLVMBuildUnreachable(builder); }
+
+static inline void dumpModule(LModule module) { LLVMDumpModule(module); }
+static inline void verifyModule(LModule module)
+{
+    char* error = 0;
+    LLVMVerifyModule(module, LLVMAbortProcessAction, &error);
+    LLVMDisposeMessage(error);
+}
+
+} } // namespace JSC::FTL
+
+#endif // ENABLE(FTL_JIT)
+
+#endif // FTLAbbreviations_h
+
diff --git a/Source/JavaScriptCore/ftl/FTLAbstractHeap.cpp b/Source/JavaScriptCore/ftl/FTLAbstractHeap.cpp
new file mode 100644 (file)
index 0000000..fbe5e63
--- /dev/null
@@ -0,0 +1,198 @@
+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "FTLAbstractHeap.h"
+
+#if ENABLE(FTL_JIT)
+
+#include "FTLAbbreviations.h"
+#include "FTLAbstractHeapRepository.h"
+#include "FTLOutput.h"
+#include "FTLTypedPointer.h"
+#include "Operations.h"
+#include "Options.h"
+
+namespace JSC { namespace FTL {
+
+LValue AbstractHeap::tbaaMetadataSlow(const AbstractHeapRepository& repository) const
+{
+    m_tbaaMetadata = mdNode(mdString(m_heapName), m_parent->tbaaMetadata(repository));
+    return m_tbaaMetadata;
+}
+
+void AbstractHeap::decorateInstruction(LValue instruction, const AbstractHeapRepository& repository) const
+{
+    if (!Options::useFTLTBAA())
+        return;
+    setMetadata(instruction, repository.m_tbaaKind, tbaaMetadata(repository));
+}
+
+IndexedAbstractHeap::IndexedAbstractHeap(AbstractHeap* parent, const char* heapName, size_t elementSize)
+    : m_heapForAnyIndex(parent, heapName)
+    , m_heapNameLength(strlen(heapName))
+    , m_elementSize(elementSize)
+    , m_scaleTerm(0)
+    , m_canShift(false)
+{
+    // See if there is a common shift amount we could use instead of multiplying. Don't
+    // try too hard. This is just a speculative optimization to reduce load on LLVM.
+    for (unsigned i = 0; i < 4; ++i) {
+        if ((1 << i) == m_elementSize) {
+            if (i)
+                m_scaleTerm = constInt(intPtrType(), i, ZeroExtend);
+            m_canShift = true;
+            break;
+        }
+    }
+    
+    if (!m_canShift)
+        m_scaleTerm = constInt(intPtrType(), m_elementSize, ZeroExtend);
+}
+
+IndexedAbstractHeap::~IndexedAbstractHeap()
+{
+}
+
+TypedPointer IndexedAbstractHeap::baseIndex(Output& out, LValue base, LValue index, JSValue indexAsConstant, ptrdiff_t offset)
+{
+    if (indexAsConstant.isInt32())
+        return out.address(base, at(indexAsConstant.asInt32()), offset);
+    
+    LValue result;
+    if (m_canShift) {
+        if (!m_scaleTerm)
+            result = out.add(base, index);
+        else
+            result = out.add(base, out.shl(index, m_scaleTerm));
+    } else
+        result = out.add(base, out.mul(index, m_scaleTerm));
+    
+    return TypedPointer(atAnyIndex(), out.addPtr(result, offset));
+}
+
+const AbstractField& IndexedAbstractHeap::atSlow(ptrdiff_t index)
+{
+    ASSERT(static_cast<size_t>(index) >= m_smallIndices.size());
+    
+    if (UNLIKELY(!m_largeIndices))
+        m_largeIndices = adoptPtr(new MapType());
+    
+    MapType::const_iterator iter = m_largeIndices->find(index);
+    if (iter != m_largeIndices->end())
+        return *iter->value;
+    
+    OwnPtr<AbstractField> field = adoptPtr(new AbstractField());
+    AbstractField* result = field.get();
+    initialize(*result, index);
+    m_largeIndices->add(index, field.release());
+    return *result;
+}
+
+void IndexedAbstractHeap::initialize(AbstractField& field, ptrdiff_t signedIndex)
+{
+    // Build up a name of the form:
+    //
+    //    heapName_hexIndex
+    //
+    // or:
+    //
+    //    heapName_neg_hexIndex
+    //
+    // For example if you access an indexed heap called FooBar at index 5, you'll
+    // get:
+    //
+    //    FooBar_5
+    //
+    // Or if you access an indexed heap called Blah at index -10, you'll get:
+    //
+    //    Blah_neg_A
+    //
+    // This is important because LLVM uses the string to distinguish the types.
+    
+    static const char* negSplit = "_neg_";
+    static const char* posSplit = "_";
+    
+    bool negative;
+    size_t index;
+    if (signedIndex < 0) {
+        negative = true;
+        index = -signedIndex;
+    } else {
+        negative = false;
+        index = signedIndex;
+    }
+    
+    for (unsigned power = 4; power <= sizeof(void*) * 8; power += 4) {
+        if (isGreaterThanNonZeroPowerOfTwo(index, power))
+            continue;
+        
+        unsigned numHexlets = power >> 2;
+        
+        size_t stringLength = m_heapNameLength + (negative ? strlen(negSplit) : strlen(posSplit)) + numHexlets;
+        char* characters;
+        m_largeIndexNames.append(CString::newUninitialized(stringLength, characters));
+        
+        memcpy(characters, m_heapForAnyIndex.heapName(), m_heapNameLength);
+        if (negative)
+            memcpy(characters + m_heapNameLength, negSplit, strlen(negSplit));
+        else
+            memcpy(characters + m_heapNameLength, posSplit, strlen(posSplit));
+        
+        size_t accumulator = index;
+        for (unsigned i = 0; i < numHexlets; ++i) {
+            characters[stringLength - i - 1] = lowerNibbleToASCIIHexDigit(accumulator);
+            accumulator >>= 4;
+        }
+        
+        field.initialize(&m_heapForAnyIndex, characters, signedIndex * m_elementSize);
+        return;
+    }
+    
+    RELEASE_ASSERT_NOT_REACHED();
+}
+
+NumberedAbstractHeap::NumberedAbstractHeap(AbstractHeap* heap, const char* heapName)
+    : m_indexedHeap(heap, heapName, 1)
+{
+}
+
+NumberedAbstractHeap::~NumberedAbstractHeap()
+{
+}
+
+AbsoluteAbstractHeap::AbsoluteAbstractHeap(AbstractHeap* heap, const char* heapName)
+    : m_indexedHeap(heap, heapName, 1)
+{
+}
+
+AbsoluteAbstractHeap::~AbsoluteAbstractHeap()
+{
+}
+
+} } // namespace JSC::FTL
+
+#endif // ENABLE(FTL_JIT)
+
diff --git a/Source/JavaScriptCore/ftl/FTLAbstractHeap.h b/Source/JavaScriptCore/ftl/FTLAbstractHeap.h
new file mode 100644 (file)
index 0000000..a0dbdf5
--- /dev/null
@@ -0,0 +1,234 @@
+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef FTLAbstractHeap_h
+#define FTLAbstractHeap_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(FTL_JIT)
+
+#include "FTLAbbreviations.h"
+#include "JSCJSValue.h"
+#include <wtf/FastAllocBase.h>
+#include <wtf/FixedArray.h>
+#include <wtf/HashMap.h>
+#include <wtf/Noncopyable.h>
+#include <wtf/OwnPtr.h>
+#include <wtf/Vector.h>
+#include <wtf/text/CString.h>
+
+namespace JSC { namespace FTL {
+
+// The FTL JIT tries to aid LLVM's TBAA. The FTL's notion of how this
+// happens is the AbstractHeap. AbstractHeaps are a simple type system
+// with sub-typing.
+
+class AbstractHeapRepository;
+class Output;
+class TypedPointer;
+
+class AbstractHeap {
+    WTF_MAKE_NONCOPYABLE(AbstractHeap); WTF_MAKE_FAST_ALLOCATED;
+public:
+    AbstractHeap()
+        : m_parent(0)
+        , m_heapName(0)
+        , m_tbaaMetadata(0)
+    {
+    }
+    
+    AbstractHeap(AbstractHeap* parent, const char* heapName)
+        : m_parent(parent)
+        , m_heapName(heapName)
+        , m_tbaaMetadata(0)
+    {
+    }
+    
+    bool isInitialized() const { return !!m_heapName; }
+    
+    void initialize(AbstractHeap* parent, const char* heapName)
+    {
+        m_parent = parent;
+        m_heapName = heapName;
+    }
+
+    AbstractHeap* parent() const
+    {
+        ASSERT(isInitialized());
+        return m_parent;
+    }
+    
+    const char* heapName() const
+    {
+        ASSERT(isInitialized());
+        return m_heapName;
+    }
+    
+    LValue tbaaMetadata(const AbstractHeapRepository& repository) const
+    {
+        ASSERT(isInitialized());
+        if (LIKELY(!!m_tbaaMetadata))
+            return m_tbaaMetadata;
+        return tbaaMetadataSlow(repository);
+    }
+    
+    void decorateInstruction(LValue instruction, const AbstractHeapRepository&) const;
+
+private:
+    friend class AbstractHeapRepository;
+    
+    LValue tbaaMetadataSlow(const AbstractHeapRepository&) const;
+    
+    AbstractHeap* m_parent;
+    const char* m_heapName;
+    mutable LValue m_tbaaMetadata;
+};
+
+// Think of "AbstractField" as being an "AbstractHeapWithOffset". I would have named
+// it the latter except that I don't like typing that much.
+class AbstractField : public AbstractHeap {
+public:
+    AbstractField()
+    {
+    }
+    
+    AbstractField(AbstractHeap* parent, const char* heapName, ptrdiff_t offset)
+        : AbstractHeap(parent, heapName)
+        , m_offset(offset)
+    {
+    }
+    
+    void initialize(AbstractHeap* parent, const char* heapName, ptrdiff_t offset)
+    {
+        AbstractHeap::initialize(parent, heapName);
+        m_offset = offset;
+    }
+    
+    ptrdiff_t offset() const
+    {
+        ASSERT(isInitialized());
+        return m_offset;
+    }
+    
+private:
+    ptrdiff_t m_offset;
+};
+
+class IndexedAbstractHeap {
+public:
+    IndexedAbstractHeap(AbstractHeap* parent, const char* heapName, size_t elementSize);
+    ~IndexedAbstractHeap();
+    
+    const AbstractHeap& atAnyIndex() const { return m_heapForAnyIndex; }
+    
+    const AbstractField& at(ptrdiff_t index)
+    {
+        if (static_cast<size_t>(index) < m_smallIndices.size())
+            return returnInitialized(m_smallIndices[index], index);
+        return atSlow(index);
+    }
+    
+    const AbstractField& operator[](ptrdiff_t index) { return at(index); }
+    
+    TypedPointer baseIndex(Output& out, LValue base, LValue index, JSValue indexAsConstant = JSValue(), ptrdiff_t offset = 0);
+    
+private:
+    const AbstractField& returnInitialized(AbstractField& field, ptrdiff_t index)
+    {
+        if (UNLIKELY(!field.isInitialized()))
+            initialize(field, index);
+        return field;
+    }
+
+    const AbstractField& atSlow(ptrdiff_t index);
+    void initialize(AbstractField& field, ptrdiff_t index);
+
+    AbstractHeap m_heapForAnyIndex;
+    size_t m_heapNameLength;
+    size_t m_elementSize;
+    LValue m_scaleTerm;
+    bool m_canShift;
+    FixedArray<AbstractField, 16> m_smallIndices;
+    
+    struct WithoutZeroOrOneHashTraits : WTF::GenericHashTraits<ptrdiff_t> {
+        static void constructDeletedValue(ptrdiff_t& slot) { slot = 1; }
+        static bool isDeletedValue(ptrdiff_t value) { return value == 1; }
+    };
+    typedef HashMap<ptrdiff_t, OwnPtr<AbstractField>, WTF::IntHash<ptrdiff_t>, WithoutZeroOrOneHashTraits> MapType;
+    
+    OwnPtr<MapType> m_largeIndices;
+    Vector<CString, 16> m_largeIndexNames;
+};
+
+// A numbered abstract heap is like an indexed abstract heap, except that you
+// can't rely on there being a relationship between the number you use to
+// retrieve the sub-heap, and the offset that this heap has. (In particular,
+// the sub-heaps don't have indices.)
+
+class NumberedAbstractHeap {
+public:
+    NumberedAbstractHeap(AbstractHeap* parent, const char* heapName);
+    ~NumberedAbstractHeap();
+    
+    const AbstractHeap& atAnyNumber() const { return m_indexedHeap.atAnyIndex(); }
+    
+    const AbstractHeap& at(unsigned number) { return m_indexedHeap.at(number); }
+    const AbstractHeap& operator[](unsigned number) { return at(number); }
+
+private:
+    
+    // We use the fact that the indexed heap already has a superset of the
+    // functionality we need.
+    IndexedAbstractHeap m_indexedHeap;
+};
+
+class AbsoluteAbstractHeap {
+public:
+    AbsoluteAbstractHeap(AbstractHeap* parent, const char* heapName);
+    ~AbsoluteAbstractHeap();
+    
+    const AbstractHeap& atAnyAddress() const { return m_indexedHeap.atAnyIndex(); }
+    
+    const AbstractHeap& at(void* address)
+    {
+        return m_indexedHeap.at(bitwise_cast<ptrdiff_t>(address));
+    }
+    
+    const AbstractHeap& operator[](void* address) { return at(address); }
+
+private:
+    // The trick here is that the indexed heap is "indexed" by a pointer-width
+    // integer. Pointers are themselves pointer-width integers. So we can reuse
+    // all of the functionality.
+    IndexedAbstractHeap m_indexedHeap;
+};
+
+} } // namespace JSC::FTL
+
+#endif // ENABLE(FTL_JIT)
+
+#endif // FTLAbstractHeap_h
+
diff --git a/Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.cpp b/Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.cpp
new file mode 100644 (file)
index 0000000..d66534a
--- /dev/null
@@ -0,0 +1,70 @@
+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "FTLAbstractHeapRepository.h"
+
+#if ENABLE(FTL_JIT)
+
+#include "Operations.h"
+
+namespace JSC { namespace FTL {
+
+AbstractHeapRepository::AbstractHeapRepository()
+    : root(0, "jscRoot")
+
+#define ABSTRACT_HEAP_INITIALIZATION(name) , name(&root, #name)
+    FOR_EACH_ABSTRACT_HEAP(ABSTRACT_HEAP_INITIALIZATION)
+#undef ABSTRACT_HEAP_INITIALIZATION
+
+#define ABSTRACT_FIELD_INITIALIZATION(name, offset) , name(&root, #name, offset)
+    FOR_EACH_ABSTRACT_FIELD(ABSTRACT_FIELD_INITIALIZATION)
+#undef ABSTRACT_FIELD_INITIALIZATION
+    
+#define INDEXED_ABSTRACT_HEAP_INITIALIZATION(name, size) , name(&root, #name, size)
+    FOR_EACH_INDEXED_ABSTRACT_HEAP(INDEXED_ABSTRACT_HEAP_INITIALIZATION)
+#undef INDEXED_ABSTRACT_HEAP_INITIALIZATION
+    
+#define NUMBERED_ABSTRACT_HEAP_INITIALIZATION(name) , name(&root, #name)
+    FOR_EACH_NUMBERED_ABSTRACT_HEAP(NUMBERED_ABSTRACT_HEAP_INITIALIZATION)
+#undef NUMBERED_ABSTRACT_HEAP_INITIALIZATION
+
+    , absolute(&root, "absolute")
+    , m_tbaaKind(mdKindID("tbaa"))
+{
+    root.m_tbaaMetadata = mdNode(mdString(root.m_heapName));
+    
+    RELEASE_ASSERT(m_tbaaKind);
+    RELEASE_ASSERT(root.m_tbaaMetadata);
+}
+
+AbstractHeapRepository::~AbstractHeapRepository()
+{
+}
+
+} } // namespace JSC::FTL
+
+#endif // ENABLE(FTL_JIT)
+
diff --git a/Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h b/Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h
new file mode 100644 (file)
index 0000000..7120067
--- /dev/null
@@ -0,0 +1,96 @@
+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef FTLAbstractHeapRepository_h
+#define FTLAbstractHeapRepository_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(FTL_JIT)
+
+#include "FTLAbstractHeap.h"
+
+namespace JSC { namespace FTL {
+
+#define FOR_EACH_ABSTRACT_HEAP(macro) \
+    macro(typedArrayProperties) \
+    macro(length)
+
+#define FOR_EACH_ABSTRACT_FIELD(macro) \
+    macro(JSCell_structure, JSCell::structureOffset()) \
+    macro(JSObject_butterfly, JSObject::butterflyOffset()) \
+    macro(Butterfly_publicLength, Butterfly::offsetOfPublicLength())
+
+#define FOR_EACH_INDEXED_ABSTRACT_HEAP(macro) \
+    macro(variables, sizeof(Register)) \
+    macro(indexedInt32Properties, sizeof(EncodedJSValue)) \
+    macro(indexedDoubleProperties, sizeof(double)) \
+    macro(indexedContiguousProperties, sizeof(EncodedJSValue)) \
+    macro(indexedArrayStorageProperties, sizeof(EncodedJSValue))
+    
+#define FOR_EACH_NUMBERED_ABSTRACT_HEAP(macro) \
+    macro(properties)
+    
+// This class is meant to be cacheable between compilations, but it doesn't have to be.
+// Doing so saves on creation of nodes. But clearing it will save memory.
+
+class AbstractHeapRepository {
+    WTF_MAKE_NONCOPYABLE(AbstractHeapRepository);
+public:
+    AbstractHeapRepository();
+    ~AbstractHeapRepository();
+    
+    AbstractHeap root;
+    
+#define ABSTRACT_HEAP_DECLARATION(name) AbstractHeap name;
+    FOR_EACH_ABSTRACT_HEAP(ABSTRACT_HEAP_DECLARATION)
+#undef ABSTRACT_HEAP_DECLARATION
+
+#define ABSTRACT_FIELD_DECLARATION(name, offset) AbstractField name;
+    FOR_EACH_ABSTRACT_FIELD(ABSTRACT_FIELD_DECLARATION)
+#undef ABSTRACT_FIELD_DECLARATION
+    
+#define INDEXED_ABSTRACT_HEAP_DECLARATION(name, size) IndexedAbstractHeap name;
+    FOR_EACH_INDEXED_ABSTRACT_HEAP(INDEXED_ABSTRACT_HEAP_DECLARATION)
+#undef INDEXED_ABSTRACT_HEAP_DECLARATION
+    
+#define NUMBERED_ABSTRACT_HEAP_DECLARATION(name) NumberedAbstractHeap name;
+    FOR_EACH_NUMBERED_ABSTRACT_HEAP(NUMBERED_ABSTRACT_HEAP_DECLARATION)
+#undef NUMBERED_ABSTRACT_HEAP_DECLARATION
+
+    AbsoluteAbstractHeap absolute;
+
+private:
+    friend class AbstractHeap;
+    
+    unsigned m_tbaaKind;
+};
+
+} } // namespace JSC::FTL
+
+#endif // ENABLE(FTL_JIT)
+
+#endif // FTLAbstractHeapRepository_h
+
diff --git a/Source/JavaScriptCore/ftl/FTLCArgumentGetter.cpp b/Source/JavaScriptCore/ftl/FTLCArgumentGetter.cpp
new file mode 100644 (file)
index 0000000..5403eb3
--- /dev/null
@@ -0,0 +1,99 @@
+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "FTLCArgumentGetter.h"
+
+#if ENABLE(FTL_JIT)
+
+namespace JSC { namespace FTL {
+
+using namespace DFG;
+
+void CArgumentGetter::loadNextAndBox(ValueFormat format, GPRReg destination, GPRReg scratch)
+{
+    if (scratch == InvalidGPRReg) {
+        if (destination == GPRInfo::nonArgGPR0)
+            scratch = GPRInfo::nonArgGPR1;
+        else
+            scratch = GPRInfo::nonArgGPR0;
+    }
+    
+    switch (format) {
+    case ValueFormatInt32: {
+        loadNext32(destination);
+        m_jit.or64(GPRInfo::tagTypeNumberRegister, destination);
+        break;
+    }
+            
+    case ValueFormatUInt32: {
+        loadNext32(destination);
+        MacroAssembler::Jump isInt = m_jit.branch32(
+            MacroAssembler::GreaterThanOrEqual,
+            destination, MacroAssembler::TrustedImm32(0));
+            
+        m_jit.moveDoubleTo64(FPRInfo::fpRegT0, scratch);
+        m_jit.convertInt32ToDouble(destination, FPRInfo::fpRegT0);
+        m_jit.boxDouble(FPRInfo::fpRegT0, destination);
+        m_jit.move64ToDouble(scratch, FPRInfo::fpRegT0);
+            
+        MacroAssembler::Jump done = m_jit.jump();
+            
+        isInt.link(&m_jit);
+        m_jit.or64(GPRInfo::tagTypeNumberRegister, destination);
+            
+        done.link(&m_jit);
+        break;
+    }
+            
+    case ValueFormatBoolean: {
+        loadNext8(destination);
+        m_jit.or32(MacroAssembler::TrustedImm32(ValueFalse), destination);
+