Reviewed by Adele.

[WebKit-https.git] / JavaScriptCore / ChangeLog

2007-08-07  Darin Adler  <darin@apple.com>

        Reviewed by Adele.

        - fix <rdar://problem/5383104> REGRESSION: XHR.responseText is null instead of empty string
          in http/tests/xmlhttprequest/zero-length-response.html

        The new code to handle out of memory conditions was turning a "" into a null string.

        * kjs/ustring.h: Removed UCharReference, which has long been obsolete and unused.
        Removed copyForWriting, which was only used for the upper/lowercasing code and for
        UCharReference.
        * kjs/ustring.cpp:
        (KJS::allocChars): Removed special case that made this fail (return 0) when passed 0.
        Instead assert that we're not passed 0. Also added an overflow check for two reasons:
        1) for sizes that aren't checked this prevents us from allocating a buffer that's too
        small, and 2) for sizes where we overflowed in the expandedSize function and returned
        overflowIndicator, it guarantees we fail.
        (KJS::reallocChars): Ditto.
        (KJS::UString::expandedSize): Return a large number, overflowIndicator, rather than 0
        for cases where we overflow.
        (KJS::UString::spliceSubstringsWithSeparators): Added a special case for empty string so
        we don't call allocChars with a length of 0.
        (KJS::UString::operator=): Added special characters for both 0 and empty string so we
        match the behavior of the constructor. This avoids calling allocChars with a length of 0
        and making a null string rather than an empty string in that case, and also matches the
        pattern used in the rest of the functions.
        (KJS::UString::operator[]): Made the return value const so code that tries to use the
        operator to modify the string will fail.

        * kjs/string_object.cpp: (KJS::StringProtoFunc::callAsFunction): Rewrote uppercasing and
        lowercasing functions so they don't need copyForWriting any more -- it wasn't really doing
        any good for optimization purposes. Instead use a Vector and releaseBuffer.

        * wtf/unicode/icu/UnicodeIcu.h: Eliminate one of the versions of toLower/toUpper -- we now
        only need the version where both a source and destination buffer is passed in, not the one
        that works in place.
        * wtf/unicode/qt4/UnicodeQt4.h: Ditto.

2007-08-06  Sam Weinig  <sam@webkit.org>

        Reviewed by Oliver.

        Fix for http://bugs.webkit.org/show_bug.cgi?id=14891
        Decompilation of try block immediately following "else" fails

        Test: fast/js/toString-try-else.html

        * kjs/nodes2string.cpp:
        (TryNode::streamTo): Add newline before "try".

2007-08-07  Mark Rowe  <mrowe@apple.com>

        Reviewed by Maciej.

        <rdar://problem/5388774> REGRESSION: Hang occurs after clicking "Attach a file " link in a new .Mac message

        Attempting to acquire the JSLock inside CollectorHeap::forceLock can lead to a deadlock if the thread currently
        holding the lock is waiting on the thread that is forking.  It is not considered safe to use system frameworks
        after a fork without first execing[*] so it is not particularly important to ensure that the collector and
        fastMalloc allocators are unlocked in the child process.  If the child process wishes to use JavaScriptCore it
        should exec after forking like it would to use any other system framework.
        [*]: <http://lists.apple.com/archives/Cocoa-dev/2005/Jan/msg00676.html>

        * kjs/CollectorHeapIntrospector.cpp: Remove forceLock and forceUnlock implementations.
        * kjs/CollectorHeapIntrospector.h: Stub out forceLock and forceUnlock methods.
        * wtf/FastMalloc.cpp: Ditto.

2007-08-06  Darin Adler  <darin@apple.com>

        Rubber stamped by Geoff.

        * kjs/ustring.h: Added an assertion which would have helped us find the
        previous bug more easily.

2007-08-06  Darin Adler  <darin@apple.com>

        Reviewed by Anders.

        - fix <rdar://problem/5387589> 9A514: Quartz Composer crash on launch in KJS::jsString

        * API/JSBase.cpp:
        (JSEvaluateScript): Turn NULL for sourceURL into UString::null(), just as JSObjectMakeFunction already does.
        (JSCheckScriptSyntax): Ditto.

2007-08-06  Matt Lilek  <pewtermoose@gmail.com>

        Not reviewed, build fix.

        * kjs/string_object.cpp:
        (KJS::StringProtoFunc::callAsFunction):

2007-08-04  Darin Adler  <darin@apple.com>

        Reviewed by Maciej.

        - fix <rdar://problem/5371862> crash in Dashcode due to Quartz Composer JavaScript garbage collector reentrancy

        * API/JSBase.cpp: (JSGarbageCollect): Don't call collector() if isBusy() returns true.

        * kjs/collector.h: Added isBusy(), removed the unused return value from collect()
        * kjs/collector.cpp: Added an "operation in progress" flag to the allocator.
        (KJS::Collector::allocate): Call abort() if an operation is already in progress. Set the new flag instead
        of using the debug-only GCLock.
        (KJS::Collector::collect): Ditto.
        (KJS::Collector::isBusy): Added.

2007-08-04  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin and Adam.
        
        <rdar://problem/5368990> REGRESSION: newsgator.com sign-on 6x slower than Safari 3 beta due to GC changes (14808)

        * kjs/string_object.cpp:
        (KJS::replace): if the string didn't change (very common in some cases) reuse the original string value.
        (KJS::StringProtoFunc::callAsFunction): Pass in the StringImp* when replacing, not just the UString.
        * kjs/string_object.h:
        (KJS::StringInstance::internalValue): covariant override to return StringImp for convenience

2007-08-04  Mark Rowe  <mrowe@apple.com>

        Reviewed by Oliver Hunt.

        <rdar://problem/5385145> r24843 introduces a crash on calling fork() (14878)
        http://bugs.webkit.org/show_bug.cgi?id=14878

        Provide no-op functions for all members of the malloc_zone_t and malloc_introspection_t structures that we
        register to avoid crashes in system code that assumes they will be non-null.

        * kjs/CollectorHeapIntrospector.cpp:
        (KJS::CollectorHeapIntrospector::CollectorHeapIntrospector):
        (KJS::CollectorHeapIntrospector::forceLock): Grab the lock.
        (KJS::CollectorHeapIntrospector::forceUnlock): Release the lock.
        * kjs/CollectorHeapIntrospector.h:
        (KJS::CollectorHeapIntrospector::goodSize):
        (KJS::CollectorHeapIntrospector::check):
        (KJS::CollectorHeapIntrospector::print):
        (KJS::CollectorHeapIntrospector::log):
        (KJS::CollectorHeapIntrospector::statistics):
        (KJS::CollectorHeapIntrospector::size):
        (KJS::CollectorHeapIntrospector::zoneMalloc):
        (KJS::CollectorHeapIntrospector::zoneCalloc):
        (KJS::CollectorHeapIntrospector::zoneFree):
        * wtf/FastMalloc.cpp:
        (WTF::FastMallocZone::goodSize):
        (WTF::FastMallocZone::check):
        (WTF::FastMallocZone::print):
        (WTF::FastMallocZone::log):
        (WTF::FastMallocZone::forceLock): Grab the TCMalloc locks.
        (WTF::FastMallocZone::forceUnlock): Release the TCMalloc locks.
        (WTF::FastMallocZone::FastMallocZone):

2007-08-04  Mark Rowe  <mrowe@apple.com>

        Rubber-stamped by Anders.

        * pcre/pcre_compile.c: Remove non-ASCII character from a comment.

2007-08-02  Mark Rowe  <mrowe@apple.com>

        Reviewed by Geoff Garen.

        <rdar://problem/4212199> 'leaks' reports false leaks in WebKit (because the WTF allocator uses mmap?)

        Implement malloc zone introspection routines to allow leaks, heap, and friends to request information
        about specific memory regions that were allocated by FastMalloc or the JavaScriptCore collector.

        This requires tool-side support before the regions will be displayed.  The addition of that support is
        tracked by <rdar://problems/5353057&5353060>.

        * JavaScriptCore.exp: Export the two variables that are used by leaks to introspect the allocators.
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * kjs/AllInOneFile.cpp:
        * kjs/CollectorHeapIntrospector.cpp: Added.
        (KJS::):
        (KJS::CollectorHeapIntrospector::init): 
        (KJS::CollectorHeapIntrospector::CollectorHeapIntrospector): Create and register our zone with the system.
        (KJS::CollectorHeapIntrospector::enumerate): Iterate over the CollectorBlocks that are in use and report them to the caller as being used.
        * kjs/CollectorHeapIntrospector.h: Added.
        (KJS::CollectorHeapIntrospector::size): Return zero to indicate the specified pointer does not belong to this zone.
        * kjs/collector.cpp:
        (KJS::Collector::registerThread): Register the CollectorHeapIntrospector with the system when the first thread is registered with the collector.
        * wtf/FastMalloc.cpp:
        (WTF::TCMalloc_PageHeap::GetDescriptorEnsureSafe):
        (WTF::TCMalloc_ThreadCache_FreeList::enumerateFreeObjects): Enumerate the objects on the free list.
        (WTF::TCMalloc_ThreadCache::enumerateFreeObjects): Ditto.
        (WTF::TCMalloc_Central_FreeList::enumerateFreeObjects): Ditto.
        (WTF::TCMalloc_ThreadCache::InitModule): Register the FastMallocZone with the system when initializing TCMalloc.
        (WTF::FreeObjectFinder::FreeObjectFinder):
        (WTF::FreeObjectFinder::visit): Add an object to the free list.
        (WTF::FreeObjectFinder::isFreeObject):
        (WTF::FreeObjectFinder::freeObjectCount):
        (WTF::FreeObjectFinder::findFreeObjects): Find the free objects within a thread cache or free list.
        (WTF::PageMapFreeObjectFinder::PageMapFreeObjectFinder): Find the free objects within a TC_PageMap.
        (WTF::PageMapFreeObjectFinder::visit): Called once per allocated span.  Record whether the span or any subobjects are free.
        (WTF::PageMapMemoryUsageRecorder::PageMapMemoryUsageRecorder):
        (WTF::PageMapMemoryUsageRecorder::visit): Called once per allocated span.  Report the range of memory as being allocated, and the span or
        its subobjects as being used if they do not appear on the free list.
        (WTF::FastMallocZone::enumerate): Map the key remote TCMalloc data structures into our address space.  We then locate all free memory ranges
        before reporting the other ranges as being in use.
        (WTF::FastMallocZone::size): Determine whether the given pointer originates from within our allocation zone.  If so,
        we return its allocation size.
        (WTF::FastMallocZone::zoneMalloc):
        (WTF::FastMallocZone::zoneCalloc):
        (WTF::FastMallocZone::zoneFree):
        (WTF::FastMallocZone::zoneRealloc):
        (WTF::):
        (WTF::FastMallocZone::FastMallocZone): Create and register our zone with the system.
        (WTF::FastMallocZone::init):
        * wtf/MallocZoneSupport.h: Added.
        (WTF::RemoteMemoryReader::RemoteMemoryReader): A helper class to ease the process of mapping memory in a different process into
        our local address space
        (WTF::RemoteMemoryReader::operator()):
        * wtf/TCPageMap.h:
        (TCMalloc_PageMap2::visit): Walk over the heap and visit each allocated span.
        (TCMalloc_PageMap3::visit): Ditto.

2007-08-02  Mark Rowe  <mrowe@apple.com>

        Build fix.

        * kjs/ustring.cpp:
        (KJS::UString::expandedSize):  Use std::numeric_limits<size_t>::max() rather than the non-portable SIZE_T_MAX.

2007-08-02  Mark Rowe  <mrowe@apple.com>

        Reviewed by Maciej.

        <rdar://problem/5352887> "Out of memory" error during repeated JS string concatenation leaks hundreds of MBs of RAM

        A call to fastRealloc was failing which lead to UString::expandCapacity leaking the buffer it was trying to reallocate.
        It also resulted in the underlying UString::rep having both a null baseString and buf field, which meant that attempting
        to access the contents of the string after the failed memory reallocation would crash.

        A third issue is that expandedSize size was calculating the new length in a way that led to an integer overflow occurring.
        Attempting to allocate a string more than 190,000,000 characters long would fail a the integer overflow would lead to a
        memory allocation of around 3.6GB being attempted rather than the expected 390MB.  Sizes that would lead to an overflow
        are now  returned as zero and callers are updated to treat this as though the memory allocation has failed.

        * kjs/array_object.cpp:
        (ArrayProtoFunc::callAsFunction): Check whether the append failed and raise an "Out of memory" exception if it did.
        * kjs/ustring.cpp:
        (KJS::allocChars): Wrapper around fastMalloc that takes a length in characters.  It will return 0 when asked to allocate a zero-length buffer.
        (KJS::reallocChars): Wrapper around fastRealloc that takes a length in characters.  It will return 0 when asked to allocate a zero-length buffer.
        (KJS::UString::expandedSize): Split the size calculation in two and guard against overflow during each step.
        (KJS::UString::expandCapacity): Don't leak r->buf if reallocation fails.  Instead free the memory and use the null representation.
        (KJS::UString::expandPreCapacity): If fastMalloc fails then use the null representation rather than crashing in memcpy.
        (KJS::UString::UString): If calls to expandCapacity, expandPreCapacity or fastMalloc fail then use the null representation rather than crashing in memcpy.
        (KJS::UString::append): Ditto.
        (KJS::UString::operator=): Ditto.
        * kjs/ustring.h: Change return type of expandedSize from int to size_t.

2007-08-01  Darin Adler  <darin@apple.com>

        Reviewed by Kevin McCullough.

        - fix <rdar://problem/5375186> pointers to pieces of class definition passed to JSClassCreate should all be const

        * API/JSObjectRef.h: Added const.

        * API/JSClassRef.cpp:
        (OpaqueJSClass::OpaqueJSClass): Added const.
        (OpaqueJSClass::create): Added const.
        * API/JSObjectRef.cpp:
        (JSClassCreate): Added const.

2007-08-01  Steve Falkenburg  <sfalken@apple.com>

        Build mod: Fix sln to match configs in vcproj.
        
        Reviewed by Adam.

        * JavaScriptCore.vcproj/JavaScriptCore.make:
        * JavaScriptCore.vcproj/JavaScriptCore.sln:

2007-07-30  Simon Hausmann  <hausmann@kde.org>

        Done with and reviewed by Lars.

        Removed the __BUILDING_QT ifdef in JSStringRef.h and changed UChar for the Qt build to use wchar_t on Windows.

        * API/JSStringRef.h:
        * wtf/unicode/qt4/UnicodeQt4.h:

2007-07-27  Simon Hausmann  <hausmann@kde.org>

        Done with and reviewed by Lars and Zack.

        Always define JSChar to be unsigned short for the Qt builds, to ensure compatibility with UChar.

        * API/JSStringRef.h:

2007-07-27  Simon Hausmann  <hausmann@kde.org>

        Done with and reviewed by Lars and Zack.

        Fix compilation with Qt on Windows with MingW: Implemented currentThreadStackBase() for this platform.

        * kjs/collector.cpp:
        (KJS::currentThreadStackBase):

2007-07-27  Simon Hausmann  <hausmann@kde.org>

        Done with and reviewed by Lars and Zack.

        Fix compilation with Qt on Windows with MingW: The MingW headers do not provide a prototype for a reentrant version of localtime. But since we don't use multiple threads for the Qt build we can use the plain localtime() function.

        * kjs/DateMath.cpp:
        (KJS::getDSTOffsetSimple):

2007-07-27  Simon Hausmann  <hausmann@kde.org>

        Done with and reviewed by Lars and Zack.

        Use $(MOVE) instead of mv to eliminated the shell dependency and replaced the long shell line to call bison and modify the css grammar file with a few lines of portable perl code.

        * JavaScriptCore.pri:

2007-07-27  Simon Hausmann  <hausmann@kde.org>

        Done with and reviewed by Lars and Zack.

        Implemented currentTime() in the interpreter by using QDateTime, so that we don't need timeGetTime() on Windows and therefore also don't need to link against Winmm.dll.

        * kjs/interpreter.cpp:
        (KJS::getCurrentTime):
        * kjs/testkjs.cpp:
        (StopWatch::start):
        (StopWatch::stop):

2007-07-27  Simon Hausmann  <hausmann@kde.org>

        Done with and reviewed by Lars and Zack.

        Replace the use of snprintf with QByteArray to compile under msvc 2005 express.

        * bindings/qt/qt_instance.cpp:
        (KJS::Bindings::QtInstance::stringValue):

2007-07-27  Simon Hausmann  <hausmann@kde.org>

        Done with and reviewed by Lars and Zack.

        Don't use pthread.h unless thread support is enabled.

        * kjs/collector.cpp:
        (KJS::Collector::registerAsMainThread):
        (KJS::onMainThread):

2007-07-27  Simon Hausmann  <hausmann@kde.org>

        Done with and reviewed by Lars and Zack.

        Removed TCSystemMalloc from the Qt build, it's not necessary it seems.

        * JavaScriptCore.pri:

2007-07-27  Simon Hausmann  <hausmann@kde.org>

        Done with and reviewed by Lars and Zack.

        Added os-win32 to the include search path for the Qt windows build in order to provide the fake stdint.h header file.

        * JavaScriptCore.pri:

2007-07-25  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Mark.

        - follow-up to previous change
        
        * kjs/ustring.cpp:
        (KJS::UString::operator=): Make sure to reset the length when
        replacing the buffer contents for a single-owned string.

2007-07-25  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin.
        
        - JavaScriptCore part of fix for <rdar://problem/5300291> Optimize GC to reclaim big, temporary objects (like XMLHttpRequest.responseXML) quickly
        
        Also, as a side effect of optimizations included in this patch:
        - 7% speedup on JavaScript iBench
        - 4% speedup on "Celtic Kane" JS benchmark
        
        The basic idea is explained in a big comment in collector.cpp. When unusually 
        large objecs are allocated, we push the next GC closer on the assumption that
        most objects are short-lived.
        
        I also did the following two optimizations in the course of tuning
        this not to be a performance regression:

        1) Change UString::Rep to hold a self-pointer as the baseString in
        the unshared case, instead of a null pointer; this removes a
        number of null checks in hot code because many places already
        wanted to use the rep itself or the baseString as appropriate.
        
        2) Avoid creating duplicate StringImpls when creating a
        StringInstance (the object wrapper for a JS string) or calling
        their methods. Since a temporary wrapper object is made every time
        a string method is called, this resulted in two useless extra
        StringImpls being allocated for no reason whenever a String method
        was invoked on a string value. Now we bypass those.
        
        * kjs/collector.cpp:
        (KJS::):
        (KJS::Collector::recordExtraCost): Basics of the extra cost mechanism.
        (KJS::Collector::allocate): ditto
        (KJS::Collector::collect): ditto
        * kjs/collector.h:
        (KJS::Collector::reportExtraMemoryCost): ditto
        * kjs/array_object.cpp:
        (ArrayInstance::ArrayInstance): record extra cost
        * kjs/internal.cpp:
        (KJS::StringImp::toObject): don't create a whole new StringImpl just
        to be the internal value of a StringInstance! StringImpls are immutable
        so there's no point tot his.
        * kjs/internal.h:
        (KJS::StringImp::StringImp): report extra cost
        * kjs/string_object.cpp:
        (KJS::StringInstance::StringInstance): new version that takes a StringImp
        (KJS::StringProtoFunc::callAsFunction): don't create a whole new StringImpl
        just to convert self to string! we already have one in the internal value
        * kjs/string_object.h: report extra cost        
        * kjs/ustring.cpp: All changes to handle baseString being self instead of null in the 
        unshared case.
        (KJS::):
        (KJS::UString::Rep::create):
        (KJS::UString::Rep::destroy):
        (KJS::UString::usedCapacity):
        (KJS::UString::usedPreCapacity):
        (KJS::UString::expandCapacity):
        (KJS::UString::expandPreCapacity):
        (KJS::UString::UString):
        (KJS::UString::append):
        (KJS::UString::operator=):
        (KJS::UString::copyForWriting):
        * kjs/ustring.h:
        (KJS::UString::Rep::baseIsSelf): new method, now that baseString is
        self instead of null in the unshared case we can't just null check.
        (KJS::UString::Rep::data): adjusted as mentioned above
        (KJS::UString::cost): new method to compute the cost for a UString, for
        use by StringImpl.

        * kjs/value.cpp:
        (KJS::jsString): style fixups.
        (KJS::jsOwnedString): new method, use this for strings allocated from UStrings
        held by the parse tree. Tracking their cost as part of string cost is pointless,
        because garbage collecting them will not actually free the relevant string buffer.
        * kjs/value.h: prototyped jsOwnedString.
        * kjs/nodes.cpp:
        (StringNode::evaluate): use jsOwnedString as appropriate
        (RegExpNode::evaluate): ditto
        (PropertyNameNode::evaluate): ditto
        (ForInNode::execute): ditto
        
        * JavaScriptCore.exp: Exported some new symbols.

2007-07-23  Anders Carlsson  <andersca@apple.com>

        Reviewed by Geoff.

        <rdar://problem/5121461> REGRESSION: Unable to load JigZone puzzle
        
        * bindings/jni/jni_jsobject.cpp:
        (JavaJSObject::createNative):
        
        Call RootObject::gcProtect on the global object, thereby putting it in the
        "protect count" set which is used for checking if a native handle is valid.
        
2007-07-23  Darin Adler  <darin@apple.com>

        * pcre/pcre_compile.c: Roll back a tiny accidental change in the unused !JAVASCRIPT
        side of an #ifdef. This has no effect when using PCRE in JAVASCRIPT mode as we do,
        but seems worth rolling back.

2007-07-23  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - fix remaining problems with Window shadowing

        * kjs/nodes.cpp:
        (VarDeclNode::evaluate): Tweak the special case a little.

2007-07-23  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - fix Window shadowing regressions caused by the previous commit.

        * kjs/nodes.cpp:
        (VarDeclNode::evaluate): Handle the case of global scope specially.

2007-07-22  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin.

        -fixed <rdar://problem/5353293> REGRESSION (r24287): 1% i-Bench JS slowdown from JavaScript compatibility fix (14719)
        http://bugs.webkit.org/show_bug.cgi?id=14719
        
        My fix for this actually resulted in JS iBench being 1% faster than before the regression
        and the Celtic Kane benchmark being 5% faster than before the regression.
        
        * kjs/nodes.cpp:
        (VarDeclNode::handleSlowCase): factored out the slow code path to be out of line.
        (VarDeclNode::evaluate): I did a couple of things:
        (1) Don't check if the variable is already declared by looking for the property in
        the variable object, that code path was dead code.
        (2) Special-case the common case where the top of the scope and the variable object
        are the same; in that case the variable must always be in the variable object.
        (3) Don't return a jsString() of the variable name, nothing uses the return value
        from this node types evaluate method.
        * kjs/nodes.h:

2007-07-22  Darin Adler  <darin@apple.com>

        Reviewed by Kevin Decker.

        - fix <rdar://problem/5126394> REGRESSION: Crash after clicking back button in test application (13250)
          http://bugs.webkit.org/show_bug.cgi?id=13250

        * bindings/objc/objc_utility.mm: (KJS::Bindings::convertObjcValueToValue):
        If the object returns 0 for _imp, convert that to "undefined", since callers
        can't cope with a JSValue of 0.

2007-07-19  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.
        
        Fixed http://bugs.webkit.org/show_bug.cgi?id=10880 | <rdar://problem/5335694>
        REGRESSION: JavaScript menu doesn't appear on pricepoint.com (14595)
        
        Though the ECMA spec says auto-semicolon insertion should not occur
        without a newline or '}', Firefox treats do-while specially, and the
        library used by pricepoint.com requires that special treatment.
        
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * kjs/grammar.y:

2007-07-19  Darin Adler  <darin@apple.com>

        Reviewed by Geoff.

        - fix <rdar://problem/5345440> PCRE computes wrong length for expressions with quantifiers
          on named recursion or subexpressions

        It's challenging to implement proper preflighting for compiling these advanced features.
        But we don't want them in the JavaScript engine anyway.

        Turned off the following features of PCRE (some of these are simply parsed and not implemented):

            \C \E \G \L \N \P \Q \U \X \Z
            \e \l \p \u \z
            [::] [..] [==]
            (?#) (?<=) (?<!) (?>)
            (?C) (?P) (?R)
            (?0) (and 1-9)
            (?imsxUX)

        Added the following:

            \u \v

        Because of \v, the js1_2/regexp/special_characters.js test now passes.

        To be conservative, I left some features that JavaScript doesn't want, such as
        \012 and \x{2013}, in place. We can revisit these later; they're not directly-enough
        related to avoiding the incorrect preflighting.

        I also didn't try to remove unused opcodes and remove code from the execution engine.
        That could save code size and speed things up a bit, but it would require more changes.

        * kjs/regexp.h:
        * kjs/regexp.cpp: (KJS::RegExp::RegExp): Remove the sanitizePattern workaround for
        lack of \u support, since the PCRE code now has \u support.

        * pcre/pcre-config.h: Set JAVASCRIPT to 1.
        * pcre/pcre_internal.h: Added ESC_v.

        * pcre/pcre_compile.c: Added a different escape table for when JAVASCRIPT is set that
        omits all the escapes we don't want interpreted and includes '\v'.
        (check_escape): Put !JAVASCRIPT around the code for '\l', '\L', '\N', '\u', and '\U',
        and added code to handle '\u2013' inside JAVASCRIPT.
        (compile_branch): Put !JAVASCRIPT if around all the code implementing the features we
        don't want.
        (pcre_compile2): Ditto.

        * tests/mozilla/expected.html: Updated since js1_2/regexp/special_characters.js now
        passes.

2007-07-18  Darin Adler  <darin@apple.com>

        Reviewed by Oliver Hunt.

        - fix <rdar://problem/5345432> PCRE computes length wrong for expressions such as "[**]"

        Test: fast/js/regexp-charclass-crash.html

        * pcre/pcre_compile.c: (pcre_compile2): Fix the preflight code that calls
        check_posix_syntax to match the actual regular expression compilation code;
        before it was missing the check of the first character.

2007-07-19  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Mark.

        Define __BUILDING_GDK when building for Gdk to fix building testkjs on OSX.

        * JavaScriptCore.pri:

2007-07-18  Simon Hausmann  <hausmann@kde.org>

        * Fix the Qt build, call dftables from the right directory.

        Reviewed by Adam Treat.

        * pcre/pcre.pri:

2007-07-18  Simon Hausmann  <hausmann@kde.org>

        Reviewed by Zack.

        Don't call gcc directly when building the dftables tool but use a separate .pro file for the Qt build.

        * pcre/dftables.pro: Added.
        * pcre/pcre.pri:

2007-07-17  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Darin, Maciej, and Adam.

        Fixes <http://bugs.webkit.org/show_bug.cgi?id=9697>,
              the failure of ecma/GlobalObject/15.1.2.2-2.js,
              the failure of ecma/LexicalConventions/7.7.3-1.js,
              and most of the failures of tests in ecma/TypeConversion/9.3.1-3.js.

        Bug 9697: parseInt results may be inaccurate for numbers greater than 2^53

        This patch also fixes similar issues in the lexer and UString::toDouble().

        * kjs/function.cpp:
        (KJS::parseIntOverflow):
        (KJS::parseInt):
        * kjs/function.h:
        * kjs/lexer.cpp:
        (KJS::Lexer::lex):
        * kjs/ustring.cpp:
        (KJS::UString::toDouble):
        * tests/mozilla/expected.html:

2007-07-16  Sam Weinig  <sam@webkit.org>

        Reviewed by Oliver.

        Turn off -Wshorten-64-to-32 warning for 64-bit builds.

        * Configurations/Base.xcconfig:

2007-07-14  Brady Eidson  <beidson@apple.com>

        Reviewed by Sam Weinig

        Initial check-in for <rdar://problem/3154486> - Supporting FTP directory listings in the browser

        * wtf/Platform.h: Add ENABLE_FTPDIR feature to handle building on platforms that don't have the
          proper network-layer support

2007-07-14  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Darin.

        Fixes http://bugs.webkit.org/show_bug.cgi?id=13517,
              http://bugs.webkit.org/show_bug.cgi?id=14237, and
              the failure of test js1_5/Scope/regress-185485.js

        Bug 13517: DOM Exception 8 in finance.aol.com sub-page
        Bug 14237: Javascript "var" statement interprets initialization in the topmost function scope

        * kjs/nodes.cpp:
        (VarDeclNode::evaluate):
        * tests/mozilla/expected.html:

2007-07-12  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Mitz.

        http://bugs.webkit.org/show_bug.cgi?id=14596
        Fix JSC compilation with KJS_VERBOSE.

        * kjs/function.cpp:
        (KJS::FunctionImp::passInParameters):

2007-07-11  George Staikos  <staikos@kde.org>

        Make it compile.

        * ForwardingHeaders: Added.
        * ForwardingHeaders/JavaScriptCore: Added.
        * ForwardingHeaders/JavaScriptCore/APICast.h: Added.
        * ForwardingHeaders/JavaScriptCore/JSBase.h: Added.
        * ForwardingHeaders/JavaScriptCore/JSContextRef.h: Added.
        * ForwardingHeaders/JavaScriptCore/JSLock.h: Added.
        * ForwardingHeaders/JavaScriptCore/JSObjectRef.h: Added.
        * ForwardingHeaders/JavaScriptCore/JSStringRef.h: Added.
        * ForwardingHeaders/JavaScriptCore/JSStringRefCF.h: Added.
        * ForwardingHeaders/JavaScriptCore/JSValueRef.h: Added.
        * ForwardingHeaders/JavaScriptCore/JavaScriptCore.h: Added.

2007-07-11  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Darin.

        As of http://bugs.webkit.org/show_bug.cgi?id=14527 move the
        WebCore/ForwardingHeader/JavaScriptCore to JavaScriptCore

        * ForwardingHeaders: Added.
        * ForwardingHeaders/JavaScriptCore: Copied from WebCore/ForwardingHeaders/JavaScriptCore.

2007-07-11  Nikolas Zimmermann  <zimmermann@kde.org>

        Reviewed by Mark.

        Forwardport the hash table fix from CodeGeneratorJS.pm to create_hash_table.
        Reran run-jsc-tests, couldn't find any regressions. Suggested by Darin.

        * kjs/create_hash_table:

2007-07-09  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - JavaScriptCore part of fix for: <rdar://problem/5295734> Repro crash closing tab/window @ maps.google.com in WTF::HashSet<KJS::RuntimeObjectImp*, WTF::PtrHash<KJS::RuntimeObjectImp*>, WTF::HashTraits<KJS::RuntimeObjectImp*> >::add + 11
        
        * JavaScriptCore.exp: Added needed export.

2007-07-06  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Antti.

        - <rdar://problem/5311093> JavaScriptCore fails to build with strict-aliasing warnings
        
        * Configurations/Base.xcconfig: Re-enable -Wstrict-aliasing
        * bindings/jni/jni_utility.cpp:
        (KJS::Bindings::getJNIEnv): Type-pun via a union instead of a pointer cast.
        * wtf/HashMap.h:
        (WTF::): Instead of doing type-punned assignments via pointer cast, do one of three things:
        (1) assign directly w/o cast if storage type matches real type; (2) assign using cast
        via union if type does not need reffing; (3) copy with memcpy and ref/deref manually if type
        needs reffing. This is ok peref-wise because memcpy of a constant length gets optomized.
        HashTraits are now expected to make ref()/deref() take the storage type, not the true type.
        * wtf/HashSet.h:
        (WTF::): Same basic idea.
        * wtf/HashTable.h:
        (WTF::): Added Assigner template for use by HashMap/HashSet. Change RefCounter to call ref()
        and deref() via storage type, avoiding the need to
        type-pun.
        (WTF::RefCounter::ref): ditto
        (WTF::RefCounter::deref): ditto
        * wtf/HashTraits.h:
        (WTF::): Change ref() and deref() for RefPtr HashTraits to take the storage type; cast
        via union to pointer type.
        * wtf/FastMalloc.cpp:
        (WTF::TCMalloc_PageHeap::init): Changed from constructor to init function so this can go in a union.
        (WTF::): redefine pageheap macro in terms of getPageHeap().
        (WTF::getPageHeap): new inline function, helper for pageheap macro. This hides the cast in a union.
        (WTF::TCMalloc_ThreadCache::InitModule): Call init() instead of using placement new to initialize page
        heap.
        * wtf/TCPageMap.h:
        (TCMalloc_PageMap1::init): Changed from constructor to init function.
        (TCMalloc_PageMap2::init): ditto
        (TCMalloc_PageMap3::init): ditto


2007-07-06  George Staikos  <staikos@kde.org>

        Reviewed by Maciej.

        Switch USE(ICONDATABASE) to ENABLE(ICONDATABASE)

        * wtf/Platform.h:

2007-07-03  Sam Weinig  <sam@webkit.org>

        Reviewed by Darin.

        Eleventh round of fixes for implicit 64-32 bit conversion errors.
        <rdar://problem/5292262>

        - Fixes a real bug where where we were setting long long and unsigned long long
          values to a long field.

        * bindings/objc/objc_utility.mm:
        (KJS::Bindings::convertValueToObjcValue):

2007-07-03  Sam Weinig  <sam@webkit.org>

        Reviewed by Brady Eidson.

        Tenth round of fixes for implicit 64-32 bit conversion errors.
        <rdar://problem/5292262>

        - Add explicit casts.

        * kjs/dtoa.cpp:
        (Bigint::):

2007-07-02  Sam Weinig  <sam@webkit.org>

        Reviewed by Kevin McCullough.

        Fourth round of fixes for implicit 64-32 bit conversion errors.
        <rdar://problem/5292262>

        Add custom piDouble and piFloat constants to use instead of M_PI.

        * kjs/math_object.cpp:
        (MathObjectImp::getValueProperty):
        * wtf/MathExtras.h:
        (wtf_atan2):

2007-06-29  Sam Weinig  <sam@webkit.org>

        Reviewed by Darin.

        Second pass at fixing implicit 64-32 bit conversion errors.
        <rdar://problem/5292262>

        - Add a toFloat() method to JSValue for float conversion.

        * JavaScriptCore.exp:
        * kjs/value.cpp:
        (KJS::JSValue::toFloat):
        * kjs/value.h:

2007-06-27  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Darin.

        - <rdar://problem/5271937> REGRESSION: Apparent WebKit JavaScript memory smasher when submitting comment to iWeb site (crashes in kjs_pcre_compile2)
        - Correctly evaluate the return value of _pcre_ucp_findchar.

        * pcre/pcre_compile.c:
        (compile_branch):
        * pcre/pcre_exec.c:
        (match):

2007-06-27  Sam Weinig  <sam@webkit.org>

        Reviewed by Darin.

        First pass at fixing implicit 64-32 bit conversion errors.
        <rdar://problem/5292262>

        - Add 'f' suffix where necessary.

        * kjs/testkjs.cpp:
        (StopWatch::getElapsedMS):

2007-06-26  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        Fixed <rdar://problem/5296627> JSGarbageCollect headerdoc suggests that 
        using JavaScriptCore requires leaking memory

        * API/JSBase.h: Changed documentation to explain that you can pass NULL
        to JSGarbageCollect.

2007-06-26  Adam Treat  <adam@staikos.net>

        Reviewed by Adam Roben.

        Make the SQLite icon database optional.

        * wtf/Platform.h:

2007-06-15  George Staikos  <staikos@kde.org>

        More missing files for Qt.

        * JavaScriptCore.pri:
        * kjs/testkjs.pro:

2007-06-15  George Staikos  <staikos@kde.org>

        Another Qt build fix.

        * JavaScriptCore.pri:
        * kjs/testkjs.pro:

2007-06-15  George Staikos  <staikos@kde.org>

        Fixing Qt build.

        * JavaScriptCore.pri:

2007-06-20  Mark Rowe  <mrowe@apple.com>

        Reviewed by Mitz.

        Fix http://bugs.webkit.org/show_bug.cgi?id=14244
        Bug 14244: Data corruption when using a replace() callback function with data containing "$"

        * kjs/string_object.cpp:
        (KJS::replace):  When 'replacement' is a function, do not replace $n placeholders in its return value.
        This matches the behaviour described in ECMA 262 3rd Ed section 15.5.4.1, and as implemented in Firefox.

2007-06-14  Anders Carlsson  <andersca@apple.com>

        Fix Windows build.
        
        * bindings/runtime_object.cpp:
        (RuntimeObjectImp::canPut):

2007-06-14  Anders Carlsson  <andersca@apple.com>

        Reviewed by Darin.

        <rdar://problem/5103077> 
        Crash at _NPN_ReleaseObject when quitting page at http://eshop.macsales.com/shop/ModBook
        
        <rdar://problem/5183692>
        http://bugs.webkit.org/show_bug.cgi?id=13547
        REGRESSION: Crash in _NPN_ReleaseObject when closing Safari on nba.com (13547)
        
        <rdar://problem/5261499>
        CrashTracer: [USER] 75 crashes in Safari at com.apple.JavaScriptCore: KJS::Bindings::CInstance::~CInstance + 40
        
        Have the root object track all live instances of RuntimeObjectImp. When invalidating 
        the root object, also invalidate all live runtime objects by zeroing out their instance ivar.
        This prevents instances from outliving their plug-ins which lead to crashes.
        
        * bindings/c/c_utility.cpp:
        (KJS::Bindings::convertValueToNPVariant):
        * bindings/jni/jni_jsobject.cpp:
        (JavaJSObject::convertValueToJObject):
        * bindings/jni/jni_utility.cpp:
        (KJS::Bindings::convertValueToJValue):
        * bindings/objc/objc_runtime.mm:
        (ObjcFallbackObjectImp::callAsFunction):
        * bindings/runtime_array.cpp:
        (RuntimeArray::RuntimeArray):
        * bindings/runtime_array.h:
        (KJS::RuntimeArray::getConcreteArray):
        * bindings/runtime_method.cpp:
        (RuntimeMethod::callAsFunction):
        * bindings/runtime_method.h:
        * bindings/runtime_object.cpp:
        (RuntimeObjectImp::RuntimeObjectImp):
        (RuntimeObjectImp::~RuntimeObjectImp):
        (RuntimeObjectImp::invalidate):
        (RuntimeObjectImp::fallbackObjectGetter):
        (RuntimeObjectImp::fieldGetter):
        (RuntimeObjectImp::methodGetter):
        (RuntimeObjectImp::getOwnPropertySlot):
        (RuntimeObjectImp::put):
        (RuntimeObjectImp::canPut):
        (RuntimeObjectImp::defaultValue):
        (RuntimeObjectImp::implementsCall):
        (RuntimeObjectImp::callAsFunction):
        (RuntimeObjectImp::getPropertyNames):
        (RuntimeObjectImp::throwInvalidAccessError):
        * bindings/runtime_object.h:
        * bindings/runtime_root.cpp:
        (KJS::Bindings::RootObject::invalidate):
        (KJS::Bindings::RootObject::addRuntimeObject):
        (KJS::Bindings::RootObject::removeRuntimeObject):
        * bindings/runtime_root.h:

2007-06-14  Anders Carlsson  <andersca@apple.com>

        Reviewed by Mitz.

        <rdar://problem/5244948>
        Safari keeps on complaining about slow script playing NBC TV video (14133)

        http://bugs.webkit.org/show_bug.cgi?id=14133
        Runaway JavaScript timer fires when spinning around in Google Maps street view

        Make sure to start and stop the timeout checker around calls to JS.
        
        * bindings/NP_jsobject.cpp:
        (_NPN_InvokeDefault):
        (_NPN_Invoke):
        (_NPN_Evaluate):
        * bindings/jni/jni_jsobject.cpp:
        (JavaJSObject::call):
        (JavaJSObject::eval):

2007-06-13  Darin Adler  <darin@apple.com>

        Reviewed by Mark Rowe.

        - fix http://bugs.webkit.org/show_bug.cgi?id=14132
          array sort with > 10000 elements sets elements > 10000 undefined

        Test: fast/js/sort-large-array.html

        * kjs/array_instance.h: Replaced pushUndefinedObjectsToEnd with
        compactForSorting, and removed ExecState parameters.

        * kjs/array_object.cpp:
        (ArrayInstance::sort): Changed to call compactForSorting.
        (ArrayInstance::compactForSorting): Do the get and delete of the
        properties directly on the property map instead of using public
        calls from JSObject. The public calls would just read the undefined
        values from the compacted sort results array!

2007-06-13  George Staikos  <staikos@kde.org>

        Reviewed by Lars.

        Fix Mac OS X build after last checkin.

        * wtf/FastMalloc.h:

2007-06-14  Lars Knoll <lars@trolltech.com>

        Reviewed by Maciej.

        Disable FastMalloc for the Qt build and make sure we
        don't reimplement the global new/delete operators
        when using the system malloc.

        * wtf/FastMalloc.cpp:
        * wtf/FastMalloc.h:
        * wtf/Platform.h:

2007-06-13  Anders Carlsson  <andersca@apple.com>

        Reviewed by Geoff.

        Make sure that bindings instances get correct root objects.
        
        * JavaScriptCore.exp:
        * bindings/NP_jsobject.cpp:
        (listFromVariantArgs):
        (_NPN_InvokeDefault):
        (_NPN_Invoke):
        (_NPN_SetProperty):
        * bindings/c/c_instance.cpp:
        (KJS::Bindings::CInstance::invokeMethod):
        (KJS::Bindings::CInstance::invokeDefaultMethod):
        * bindings/c/c_runtime.cpp:
        (KJS::Bindings::CField::valueFromInstance):
        * bindings/c/c_utility.cpp:
        (KJS::Bindings::convertNPVariantToValue):
        * bindings/c/c_utility.h:
        * bindings/objc/objc_instance.mm:
        (ObjcInstance::invokeMethod):
        (ObjcInstance::invokeDefaultMethod):
        (ObjcInstance::getValueOfUndefinedField):
        * bindings/objc/objc_runtime.mm:
        (ObjcField::valueFromInstance):
        (ObjcArray::valueAt):
        * bindings/objc/objc_utility.h:
        * bindings/objc/objc_utility.mm:
        (KJS::Bindings::convertObjcValueToValue):
        * bindings/runtime.h:

2007-06-13  Simon Hausmann  <hausmann@kde.org>

        Reviewed by Lars.

        * kjs/testkjs.pro: WebKitQt is now called QtWebKit.

2007-06-12  Anders Carlsson  <andersca@apple.com>

        Another build fix.
        
        * bindings/qt/qt_instance.cpp:
        (KJS::Bindings::QtInstance::invokeMethod):

2007-06-12  Anders Carlsson  <andersca@apple.com>

        Reviewed by Geoff.

        Move the notion of field type to the JNI runtime since that's the only 
        one that was actually using it.
        
        * bindings/c/c_runtime.h:
        (KJS::Bindings::CField::CField):
        * bindings/jni/jni_runtime.h:
        * bindings/objc/objc_runtime.h:
        * bindings/objc/objc_runtime.mm:
        * bindings/qt/qt_runtime.h:
        * bindings/runtime.h:
        * bindings/runtime_method.cpp:

2007-06-12  Anders Carlsson  <andersca@apple.com>

        Build fix.
        
        * bindings/qt/qt_class.cpp:
        (KJS::Bindings::QtClass::methodsNamed):
        * bindings/qt/qt_instance.cpp:
        (KJS::Bindings::QtInstance::invokeMethod):

2007-06-12  Anders Carlsson  <andersca@apple.com>

        Reviewed by Oliver.
        
        Get rid of the MethodList class and use a good ol' Vector instead.

        * bindings/c/c_class.cpp:
        (KJS::Bindings::CClass::methodsNamed):
        * bindings/c/c_instance.cpp:
        (KJS::Bindings::CInstance::invokeMethod):
        * bindings/jni/jni_class.cpp:
        (JavaClass::JavaClass):
        (JavaClass::~JavaClass):
        * bindings/jni/jni_instance.cpp:
        (JavaInstance::invokeMethod):
        * bindings/objc/objc_class.mm:
        (KJS::Bindings::ObjcClass::methodsNamed):
        * bindings/objc/objc_instance.mm:
        (ObjcInstance::invokeMethod):
        * bindings/objc/objc_runtime.mm:
        (ObjcFallbackObjectImp::callAsFunction):
        * bindings/runtime.cpp:
        * bindings/runtime.h:
        * bindings/runtime_method.cpp:
        (RuntimeMethod::lengthGetter):
        (RuntimeMethod::callAsFunction):
        * bindings/runtime_object.cpp:
        (RuntimeObjectImp::getOwnPropertySlot):

2007-06-12  Anders Carlsson  <andersca@apple.com>

        Reviewed by Geoff.

        Make RuntimeMethod's method list a pointer so that the object size doesn't
        grow beyond 32 bytes when we later will replace MethodList with a Vector.
        
        * bindings/runtime_method.cpp:
        (RuntimeMethod::RuntimeMethod):
        (RuntimeMethod::lengthGetter):
        (RuntimeMethod::callAsFunction):
        * bindings/runtime_method.h:

2007-06-12  Anders Carlsson  <andersca@apple.com>

        Reviewed by Geoff.

        Get rid of the Parameter class.
        
        * bindings/jni/jni_instance.cpp:
        (JavaInstance::invokeMethod):
        * bindings/jni/jni_runtime.cpp:
        (JavaMethod::signature):
        * bindings/jni/jni_runtime.h:
        (KJS::Bindings::JavaParameter::JavaParameter):
        (KJS::Bindings::JavaParameter::~JavaParameter):
        (KJS::Bindings::JavaParameter::type):
        (KJS::Bindings::JavaMethod::parameterAt):
        (KJS::Bindings::JavaMethod::numParameters):
        * bindings/runtime.h:

2007-06-12  Anders Carlsson  <andersca@apple.com>

        Build fix.
        
        * bindings/qt/qt_class.h:

2007-06-12  Mark Rowe  <mrowe@apple.com>

        Build fix.

        * bindings/objc/objc_runtime.h:

2007-06-12  Anders Carlsson  <andersca@apple.com>

        Reviewed by Geoff.

        Get rid of Constructor and its only subclass JavaConstructor.
        
        * bindings/c/c_class.h:
        * bindings/jni/jni_class.cpp:
        (JavaClass::JavaClass):
        (JavaClass::~JavaClass):
        * bindings/jni/jni_class.h:
        * bindings/jni/jni_runtime.cpp:
        * bindings/jni/jni_runtime.h:
        * bindings/objc/objc_class.h:
        * bindings/runtime.h:

2007-06-12  Anders Carlsson  <andersca@apple.com>

        Reviewed by Geoff.

        Use RetainPtr throughout the bindings code.
        
        * bindings/objc/objc_class.h:
        * bindings/objc/objc_class.mm:
        (KJS::Bindings::ObjcClass::ObjcClass):
        (KJS::Bindings::ObjcClass::methodsNamed):
        (KJS::Bindings::ObjcClass::fieldNamed):
        * bindings/objc/objc_instance.h:
        (KJS::Bindings::ObjcInstance::getObject):
        * bindings/objc/objc_instance.mm:
        (ObjcInstance::ObjcInstance):
        (ObjcInstance::~ObjcInstance):
        (ObjcInstance::implementsCall):
        (ObjcInstance::invokeMethod):
        (ObjcInstance::invokeDefaultMethod):
        (ObjcInstance::defaultValue):
        * bindings/objc/objc_runtime.h:
        (KJS::Bindings::ObjcMethod::setJavaScriptName):
        (KJS::Bindings::ObjcMethod::javaScriptName):
        (KJS::Bindings::ObjcArray::getObjcArray):
        * bindings/objc/objc_runtime.mm:
        (ObjcField::name):
        (ObjcArray::ObjcArray):
        (ObjcArray::setValueAt):
        (ObjcArray::valueAt):
        (ObjcArray::getLength):
        * wtf/RetainPtr.h:

2007-06-12  Anders Carlsson  <andersca@apple.com>

        Reviewed by Maciej.

        Have JSCell inherit from Noncopyable.
        
        * bindings/objc/objc_runtime.h:
        * bindings/runtime_object.h:
        * kjs/value.h:

2007-06-12  Anders Carlsson  <andersca@apple.com>

        Reviewed by Darin and Maciej.

        More cleanup. Use our Noncopyable WTF class, add a root object member
        to the Array class.
        
        * bindings/c/c_class.h:
        * bindings/jni/jni_class.h:
        * bindings/jni/jni_instance.h:
        * bindings/jni/jni_runtime.cpp:
        (JavaArray::JavaArray):
        * bindings/jni/jni_runtime.h:
        * bindings/objc/objc_class.h:
        * bindings/objc/objc_runtime.h:
        * bindings/objc/objc_runtime.mm:
        (ObjcArray::ObjcArray):
        * bindings/objc/objc_utility.mm:
        (KJS::Bindings::convertObjcValueToValue):
        * bindings/runtime.cpp:
        (KJS::Bindings::Array::Array):
        (KJS::Bindings::Array::~Array):
        * bindings/runtime.h:
        * bindings/runtime_object.h:
        * bindings/runtime_root.h:

2007-06-08  Zack Rusin  <zrusin@trolltech.com>

        Fix the Qt build

        * bindings/qt/qt_instance.cpp:
        (KJS::Bindings::QtInstance::QtInstance):
        * bindings/qt/qt_instance.h:

2007-06-07  Anders Carlsson  <andersca@apple.com>

        Reviewed by Geoff.

        Get rid of Instance::setRootObject and pass the root object to the instance constructor instead.
        
        * bindings/c/c_instance.cpp:
        (KJS::Bindings::CInstance::CInstance):
        * bindings/c/c_instance.h:
        * bindings/jni/jni_instance.cpp:
        (JavaInstance::JavaInstance):
        * bindings/jni/jni_instance.h:
        * bindings/jni/jni_jsobject.cpp:
        (JavaJSObject::convertJObjectToValue):
        * bindings/objc/objc_instance.h:
        * bindings/objc/objc_instance.mm:
        (ObjcInstance::ObjcInstance):
        * bindings/runtime.cpp:
        (KJS::Bindings::Instance::Instance):
        (KJS::Bindings::Instance::createBindingForLanguageInstance):
        * bindings/runtime.h:

2007-06-07  Anders Carlsson  <andersca@apple.com>

        Reviewed by Adam.

        Don't use a JavaInstance to store the field when all we want to do is to keep the field
        from being garbage collected. Instead, use a JObjectWrapper.
        
        * bindings/jni/jni_instance.h:
        * bindings/jni/jni_runtime.cpp:
        (JavaField::JavaField):
        (JavaField::dispatchValueFromInstance):
        (JavaField::dispatchSetValueToInstance):
        * bindings/jni/jni_runtime.h:
        (KJS::Bindings::JavaField::JavaField):
        (KJS::Bindings::JavaField::operator=):

2007-05-30  Alp Toker  <alp.toker@collabora.co.uk>

        Reviewed by Brady.

        Enable logging in the Gdk port.
        http://bugs.webkit.org/show_bug.cgi?id=13936

        * wtf/Assertions.cpp:
        * wtf/Assertions.h: Add WTFLogVerbose which also logs
        the file, line number and function.

2007-05-30  Mark Rowe  <mrowe@apple.com>

        Mac build fix.  Update #include.

        * API/JSCallbackFunction.h:

2007-05-30  Luciano Montanaro  <mikelima@cirulla.net>

        Reviewed by Maciej.

        - cross-port Harri Porten's commits 636099 and 636108 from KJS: 
        "publish a class anyway public already" and "class is being used from
        outside for quite some time" in preparation for further syncronizations

        * kjs/context.h:
        * kjs/date_object.cpp:
        * kjs/date_object.h:
        * kjs/function.h:
        (KJS::):
        (KJS::InternalFunctionImp::classInfo):
        (KJS::InternalFunctionImp::functionName):
        * kjs/function_object.h:
        * kjs/internal.h:
        * kjs/lookup.h:
        (KJS::getStaticPropertySlot):
        (KJS::getStaticFunctionSlot):
        (KJS::getStaticValueSlot):
        * kjs/object_object.h:

2007-05-29  Sam Weinig  <sam@webkit.org>

        Reviewed by Adam Roben.

        Cleanup function and fix to match comparison API.

        * kjs/string_object.cpp:
        (KJS::substituteBackreferences):
        (KJS::localeCompare):

2007-05-28  Geoffrey Garen  <ggaren@apple.com>

        Slight clarification to an exception message.

        * API/JSCallbackObject.cpp:
        (KJS::JSCallbackObject::put):

2007-05-27  Holger Freyther  <zecke@selfish.org>

        Reviewed by Mark Rowe.

        * wtf/Platform.h: Move Gdk up to allow building WebKit/Gdk on Darwin

2007-05-27  Darin Adler  <darin@apple.com>

        - fix a couple ifdefs that said WIN instead of WIN_OS

        * kjs/collector.cpp:
        (KJS::allocateBlock): WIN -> WIN_OS
        (KJS::freeBlock): Ditto.

2007-05-26  Sam Weinig  <sam@webkit.org>

        Reviewed by Darin.

        Patch for http://bugs.webkit.org/show_bug.cgi?id=13854
        Port of commit 667785 from kjs

        - special case calling String.localeCompare() with no parameters to return 0.

        * kjs/string_object.cpp:
        (KJS::StringProtoFunc::callAsFunction):

2007-05-25  Kimmo Kinnunen  <kimmok@iki.fi>

        Reviewed by Darin.

        - Fix for http://bugs.webkit.org/show_bug.cgi?id=13456
        REGRESSION: setTimeout "arguments" object gets shadowed by a local variable

        - Add a explicit check for arguments. Previously check was done with getDirect,
        but since the arguments is created on-demand in ActivationImp, it doesn't
        show up in the test. 'arguments' should always be in the VarDeclNode's
        evaluation scope.

        * kjs/nodes.cpp:
        (VarDeclNode::evaluate): Additional check if the var decl identifier is 'arguments'

2007-05-25  George Staikos  <staikos@kde.org>

        Reviewed by Maciej.

        - Use COMPILER(GCC), not PLATFORM(GCC) - as Platform.h defines

        * wtf/FastMalloc.h:

2007-05-25  Kimmo Kinnunen  <kimmok@iki.fi>

        Reviewed by Darin.

        - http://bugs.webkit.org/show_bug.cgi?id=13623 (Decompilation of function
          doesn't compile with "++(x,y)")
        - Create the error node based on the actual node, not the node inside
          parenthesis
        - Fix applies to postfix, prefix and typeof operators
        - Produces run-time ReferenceError like other non-lvalue assignments etc.

        * kjs/grammar.y: Create {Prefix,Postfix}ErrorNode based on the actual node,
        not the based on the node returned by "nodeInsideAllParens()". Same for
        TypeOfValueNode.

2007-05-25  Simon Hausmann  <hausmann@kde.org>

        Reviewed by Zack.

        Fix crash in Qt JavaScript bindings when the arguments used on the Qt side are not
        registered with QMetaType.

        * bindings/qt/qt_instance.cpp:
        (KJS::Bindings::QtInstance::invokeMethod):
        * bindings/qt/qt_runtime.cpp:

2007-05-24  Luciano Montanaro  <mikelima@cirulla.net>

        Reviewed by Darin

        Patch for http://bugs.webkit.org/show_bug.cgi?id=13855
        Port patch 666176 to JavaScriptCore

        - Renamed JSValue::downcast() to JSValue::asCell() which makes the
        function meaning cleaner. It's modeled after Harri Porten change in 
        KDE trunk.

        * kjs/collector.cpp:
        (KJS::Collector::protect):
        (KJS::Collector::unprotect):
        (KJS::Collector::collectOnMainThreadOnly):
        * kjs/object.h:
        (KJS::JSValue::isObject):
        * kjs/string_object.cpp:
        (KJS::StringProtoFunc::callAsFunction):
        * kjs/value.h:
        (KJS::JSValue::asCell):
        (KJS::JSValue::isNumber):
        (KJS::JSValue::isString):
        (KJS::JSValue::isObject):
        (KJS::JSValue::getNumber):
        (KJS::JSValue::getString):
        (KJS::JSValue::getObject):
        (KJS::JSValue::getUInt32):
        (KJS::JSValue::mark):
        (KJS::JSValue::marked):
        (KJS::JSValue::type):
        (KJS::JSValue::toPrimitive):
        (KJS::JSValue::toBoolean):
        (KJS::JSValue::toNumber):
        (KJS::JSValue::toString):
        (KJS::JSValue::toObject):

2007-05-18  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Mark Rowe.

        * kjs/testkjs.pro: Make the Gdk port link to icu

2007-05-15  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Adele Peterson.
        
        It helps if you swap the right variable.

        * wtf/HashSet.h:
        (WTF::::operator):

2007-05-15  Lars Knoll <lars@trolltech.com>

        Reviewed by Zack

        Extend the QObject JavaScript bindings to work for slots with
        arguments.

        * bindings/qt/qt_instance.cpp:
        (KJS::Bindings::QtInstance::invokeMethod):

2007-05-14  Kimmo Kinnunen  <kimmok@iki.fi>

        Reviewed by Darin.

        - Fixes http://bugs.webkit.org/show_bug.cgi?id=13622 (Decompiler
          omits trailing comma in array literal)

         * kjs/nodes2string.cpp:
         (ArrayNode::streamTo): print extra ',' in case there was elision
         commas (check opt member var) and array elements present
         in the array expression

2007-05-14  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Added HashMap::swap and HashSet::swap. WebCore now uses HashSet::swap.
        I figured while I was in the neighborhood I might as well add HashMap::swap,
        too.

        * wtf/HashMap.h:
        (WTF::::operator):
        (WTF::::swap):
        * wtf/HashSet.h:
        (WTF::::operator):
        (WTF::::swap):

2007-05-11  Kimmo Kinnunen  <kimmok@iki.fi>

        Reviewed by Darin.

        - Fix for bug http://bugs.webkit.org/show_bug.cgi?id=13620
          Bogus decompilation of "for (var j = 1 in [])"
        - ForInNode toString()'ed to syntax error if there was var decl
          and initializer
        - ForNode toStringed()'ed lost 'var ' if it was present

        * kjs/nodes2string.cpp:
        (VarDeclListNode::streamTo): Print "var " here
        (VarStatementNode::streamTo): Don't print "var " here
        (ForNode::streamTo): Remove TODO comment, VarDeclListNode will
        stream the "var "
        (ForInNode::streamTo): ForIn initializer is printed by VarDeclNode

2007-05-11  Kimmo Kinnunen  <kimmok@iki.fi>

        Reviewed by Darin.

        - Fixes http://bugs.webkit.org/show_bug.cgi?id=10878
          (Incorrect decompilation for "4..x")
        - Group numbers in dotted expressions in toString() output, so we
          avoid the 4.x constructs  when the original input is 4..x.
          4..x means the same as 4. .x or (4).x or Number(4).x

        * kjs/nodes2string.cpp:
        (KJS::SourceStream::):
        Add boolean flag to indicate that if next item is a number, it should be grouped.
        Add new formatting enum which turns on the boolean flag.
        (KJS::SourceStream::SourceStream): Added. Initialize the flag.
        (SourceStream::operator<<): Added. New overloaded operator with double value as parameter.
        (NumberNode::streamTo): Use the double operator
        (ArrayNode::streamTo):
        (DotAccessorNode::streamTo):
        (FunctionCallDotNode::streamTo):
        (FunctionCallParenDotNode::streamTo):
        (PostfixDotNode::streamTo):
        (DeleteDotNode::streamTo):
        (PrefixDotNode::streamTo):
        (AssignDotNode::streamTo): Use the new formatting enum to turn on the grouping flag.

2007-05-10  Lars Knoll <lars@trolltech.com>

        Reviewed by Zack

        Fix our last three test failures in the JavaScript
        tests.

        * wtf/unicode/qt4/UnicodeQt4.h:
        (WTF::Unicode::toLower):
        (WTF::Unicode::toUpper):

2007-05-08  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.
        
        Fixed #includes of JSStringRefCF.h and use of CF datatypes. I think I 
        misunderstood this issue before.

        * API/JavaScriptCore.h: #include JSStringRefCF.h. Platforms that don't
        want this behavior can just #include individual headers, instead of the
        umbrella framework header. But we definitely want Mac OS X clients to
        get the #include of JSStringRefCF.h "for free."
        * API/minidom.c: Don't #include JSStringRefCF.h. (Don't need to #include
        JavaScriptCore.h, either.)
        * API/testapi.c: Don't #include JSStringRefCF.h. Do use CF datatypes
        regardless of whether __APPLE__ is defined. Platforms that don't support
        CF just shouldn't compile this file.
        (main):

2007-05-09  Eric Seidel  <eric@webkit.org>

        Reviewed by mjs.
        
        http://bugs.webkit.org/show_bug.cgi?id=6985
        Cyclic __proto__ values cause WebKit to hang

        * kjs/object.cpp:
        (KJS::JSObject::put): do a cycle check before setting __proto__

2007-05-08  Kimmo Kinnunen  <kimmok@iki.fi>

        Reviewed by darin.  Landed by eseidel.

        - http://bugs.webkit.org/show_bug.cgi?id=10880 (Do..while loop gains 
        a semicolon each time it is toStringed)
        Grammar in Ecma-66262, 12.6: "do Statement while ( Expression );"
        EmptyStatement was created after every do..while(expr) which
        had semicolon at the end.

        * kjs/grammar.y: Require semicolon at the end of do..while

2007-05-08  Geoffrey Garen  <ggaren@apple.com>

        Build fix -- this time for sure.
        
        APICast.h, being private, ends up in a different folder than JSValueRef.h,
        so we can't include one from the other using "". Instead, just forward
        declare the relevant data types.

        * API/APICast.h:

2007-05-08  Geoffrey Garen  <ggaren@apple.com>

        Build fix: export APICast.h for WebCore and WebKit.

        * JavaScriptCore.xcodeproj/project.pbxproj:

2007-05-04  Darin Adler  <darin@apple.com>

        Reviewed by Adele.

        - fix http://bugs.webkit.org/show_bug.cgi?id=12821
          <rdar://problem/5007921> Number.toExponential doesn't work for negative numbers

        * kjs/number_object.cpp: (NumberProtoFunc::callAsFunction):
        Added a call to fabs before calling log10.

2007-05-03  Holger Freyther <freyther@kde.org>

        Reviewed by Zack, landed by Simon.
        This is bugzilla bug 13499.

        * JavaScriptCore.pri: Place Qt into the qt-port scope
        * bindings/testbindings.pro: Place Qt into the qt-port scope
        * kjs/testkjs.pro: Place Qt into the qt-port scope
        * pcre/pcre.pri: Place Qt into the qt-port scope

2007-05-02  David Harrison  <harrison@apple.com>

        Reviewed by Antti.

        <rdar://problem/5174862> Crash resulting from DeprecatedString::insert()

        Added insertion support for more than one value.
        
        * wtf/Vector.h:
        (WTF::::insert):
        Added support for inserting multiple values.
        
        (WTF::::prepend):
        New. Insert at the start of vectors. Convenient for vectors used as strings.

2007-05-01  Jungshik Shin  <jungshik.shin@gmail.com>

        Reviewed by Alexey.

        - get rid of non-ASCII lteral characters : suppress compiler warnings
        http://bugs.webkit.org/show_bug.cgi?id=13551
         
        * kjs/testkjs.cpp:
        * pcre/pcre_compile.c:

2007-04-28  Jungshik Shin  <jungshik.shin@gmail.com>

        Reviewed by Sam Weinig.

        - Replace copyright sign in Latin-1 (0xA9) with '(C)'
        http://bugs.webkit.org/show_bug.cgi?id=13531

        * bindings/npruntime.h:
    
2007-04-28  Darin Adler  <darin@apple.com>

        Reviewed by Maciej.

        - fix <rdar://problem/5154144> Hamachi test fails: assertion failure in ListHashSet

        Test: fast/forms/add-remove-form-elements-stress-test.html

        * wtf/ListHashSet.h:
        (WTF::ListHashSetNodeAllocator::ListHashSetNodeAllocator): Initialize
        m_isDoneWithInitialFreeList to false.
        (WTF::ListHashSetNodeAllocator::allocate): Added assertions based on a debug-only
        m_isAllocated flag that make sure we don't allocate a block that's already allocated.
        These assertions helped pinpoint the bug. Set m_isDoneWithInitialFreeList when we
        allocate the last block of the initial free list. Once we're done with the initial
        free list, turn off the rule that says that the next node in the pool after the last
        node in the free list is also free. This rule works because any free nodes are added
        to the head of the free list, so a node that hasn't been allocated even once is always
        at the tail of the free list and all the nodes after it also haven't been allocated
        even once. But it doesn't work any longer once the entire pool has been used at least
        once, because there's nothing special about the last node on the free list any more.
        (WTF::ListHashSetNodeAllocator::deallocate): Set the node's m_isAllocated to false.
        (WTF::ListHashSetNodeAllocator::pastPool): Added. Used above.
        (WTF::ListHashSetNodeAllocator::inPool): Changed to use the pastPool function.
        (WTF::ListHashSetNode::ListHashSetNode): Initialize m_isAllocated to true.
        (WTF::ListHashSetNode::operator new): Removed variable name for unused size
        parameter.
        (WTF::ListHashSetNode::destroy): Changed to call the destructor rather than
        delete -- this gets rid of the need to define an operator delete.

2007-04-27  Christopher Brichford  <chrisb@adobe.com>

        Reviewed by Timothy Hatcher.

        Fix for: Bug 13211: Move JavaScriptCore mac project files for apollo port
        http://bugs.webkit.org/show_bug.cgi?id=13211

        * JavaScriptCore.apolloproj/mac/JavaScriptCore.Debug.xcconfig: Added.
        * JavaScriptCore.apolloproj/mac/JavaScriptCore.Release.xcconfig: Added.
        * JavaScriptCore.apolloproj/mac/JavaScriptCore.xcconfig: Added.
        * JavaScriptCore.apolloproj/mac/JavaScriptCore.xcodeproj/project.pbxproj: Added.
        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.Debug.xcconfig: Removed.
        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.Release.xcconfig: Removed.
        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcconfig: Removed.
        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj: Removed.

2007-04-27  Holger Freyther <freyther@kde.org>

        Reviewed by Maciej.

        Remove unmaintained CMake build system.

        * CMakeLists.txt: Removed.
        * pcre/CMakeLists.txt: Removed.

2007-04-27  Mark Rowe  <mrowe@apple.com>

        Reviewed by Oliver.

        * JavaScriptCore.xcodeproj/project.pbxproj: Improve dependencies in Xcode project
        by marking dftables as a dependency of Generate Derived Sources rather than of
        JavaScriptCore itself.

2007-04-26  Geoffrey Garen  <ggaren@apple.com>

        Build fix -- added #includes that we used to get implicitly through
        JSStringRef.h.

        * API/JSNode.c:
        * API/JSNodeList.c:
        * API/minidom.c:
        * API/testapi.c:

2007-04-26  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak, Adam Roben.
        
        Fixed 
        <rdar://problem/4885130> Remove #include of JSStringRefCF.h from JSStringRef.h
        <rdar://problem/4885123> JavaScriptCore is not cross-platform -- JSStringRef.h references CF datatypes

        * API/JSStringRef.h: Removed #include -- no clients need it anymore.

2007-04-25  David Kilzer  <ddkilzer@apple.com>

        Reviewed by Maciej.

        Add assertions for debug builds.

        * kjs/JSLock.cpp:
        (KJS::JSLock::lock): Assert the return value of pthread_mutex_lock() in debug builds.
        (KJS::JSLock::unlock): Assert the return value of pthread_mutex_unlock() in debug builds.

2007-04-25  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Anders.
        
        - fix build problems

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Disable warning that
        gives often downright incorrect results based on guessing what will happen in 64-bit.

2007-04-25  Darin Adler  <darin@apple.com>

        Reviewed by Geoff.

        - tweak the allocator for a small speedup -- Shark showed this was a win, but I can't
          measure an improvement right now, but it's also clear these changes do no harm

        * wtf/FastMalloc.cpp:
        (WTF::LgFloor): Use ALWAYS_INLINE here; in testing I did a while back this was necessary
        to get this single-instruction function to be inlined.
        (WTF::SizeClass): Use ALWAYS_INLINE here too for the same reason. Also change the special
        case for a size of 0 to work without a branch for a bit of extra speed.
        (WTF::ByteSizeForClass): Use ALWAYS_INLINE here too for the same reason.

2007-04-24  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - use custom calling convention for everything in nodes.cpp on intel gcc for 1.5% speed boost

        Nearly all functions in nodes.cpp were marked up to use the
        regparm(3) calling convention under GCC for x86, since this is
        faster and they are all guaranteed to be called only internally to
        kjs.
        
        The only exception is destructors, since delete doesn't know how to use a custom calling convention.
        
        * kjs/nodes.cpp:
        (dotExprDoesNotAllowCallsString):
        * kjs/nodes.h:
        (KJS::Node::):
        (KJS::StatementNode::):
        (KJS::NullNode::):
        (KJS::BooleanNode::):
        (KJS::NumberNode::):
        (KJS::StringNode::):
        (KJS::RegExpNode::):
        (KJS::ThisNode::):
        (KJS::ResolveNode::):
        (KJS::GroupNode::):
        (KJS::ElementNode::):
        (KJS::ArrayNode::):
        (KJS::PropertyNameNode::):
        (KJS::PropertyNode::):
        (KJS::PropertyListNode::):
        (KJS::ObjectLiteralNode::):
        (KJS::BracketAccessorNode::):
        (KJS::DotAccessorNode::):
        (KJS::ArgumentListNode::):
        (KJS::ArgumentsNode::):
        (KJS::NewExprNode::):
        (KJS::FunctionCallValueNode::):
        (KJS::FunctionCallResolveNode::):
        (KJS::FunctionCallBracketNode::):
        (KJS::FunctionCallParenBracketNode::):
        (KJS::FunctionCallDotNode::):
        (KJS::FunctionCallParenDotNode::):
        (KJS::PostfixResolveNode::):
        (KJS::PostfixBracketNode::):
        (KJS::PostfixDotNode::):
        (KJS::PostfixErrorNode::):
        (KJS::DeleteResolveNode::):
        (KJS::DeleteBracketNode::):
        (KJS::DeleteDotNode::):
        (KJS::DeleteValueNode::):
        (KJS::VoidNode::):
        (KJS::TypeOfResolveNode::):
        (KJS::TypeOfValueNode::):
        (KJS::PrefixResolveNode::):
        (KJS::PrefixBracketNode::):
        (KJS::PrefixDotNode::):
        (KJS::PrefixErrorNode::):
        (KJS::UnaryPlusNode::):
        (KJS::NegateNode::):
        (KJS::BitwiseNotNode::):
        (KJS::LogicalNotNode::):
        (KJS::MultNode::):
        (KJS::AddNode::):
        (KJS::ShiftNode::):
        (KJS::RelationalNode::):
        (KJS::EqualNode::):
        (KJS::BitOperNode::):
        (KJS::BinaryLogicalNode::):
        (KJS::ConditionalNode::):
        (KJS::AssignResolveNode::):
        (KJS::AssignBracketNode::):
        (KJS::AssignDotNode::):
        (KJS::AssignErrorNode::):
        (KJS::CommaNode::):
        (KJS::AssignExprNode::):
        (KJS::VarDeclListNode::):
        (KJS::VarStatementNode::):
        (KJS::EmptyStatementNode::):
        (KJS::ExprStatementNode::):
        (KJS::IfNode::):
        (KJS::DoWhileNode::):
        (KJS::WhileNode::):
        (KJS::ForNode::):
        (KJS::ContinueNode::):
        (KJS::BreakNode::):
        (KJS::ReturnNode::):
        (KJS::WithNode::):
        (KJS::LabelNode::):
        (KJS::ThrowNode::):
        (KJS::TryNode::):
        (KJS::ParameterNode::):
        (KJS::Parameter::):
        (KJS::FunctionBodyNode::):
        (KJS::FuncExprNode::):
        (KJS::FuncDeclNode::):
        (KJS::SourceElementsNode::):
        (KJS::CaseClauseNode::):
        (KJS::ClauseListNode::):
        (KJS::SwitchNode::):

2007-04-24  Oliver Hunt  <oliver@apple.com>

        GTK Build fix, ::findEntry->KJS::findEntry

        * kjs/lookup.cpp:
        (KJS::Lookup::findEntry):
        (KJS::Lookup::find):

2007-04-23  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Geoff.
        
        - compile most of JavaScriptCore as one file for 4% JS iBench speed improvement 

        * JavaScriptCore.xcodeproj/project.pbxproj: Add AllInOneFile.cpp, and remove files it includes
        from the build.
        * kjs/AllInOneFile.cpp: Added.
        * kjs/dtoa.cpp: Renamed CONST to CONST_ to avoid conflict.
        (Bigint::):
        (Bigint::nrv_alloc):
        * kjs/lookup.cpp: Use "namspace KJS { ... }" instead of "using namespace KJS;" 

2007-04-23  Maciej Stachowiak  <mjs@apple.com>

        Build fix, not reviewed.

        * kjs/collector.h: Fix struct/class mismatch.

2007-04-23  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin.

        - raise ALLOCATIONS_PER_COLLECTION to 4000, for 3.7% iBench speed improvement
         
        Now that the cell size is smaller and the block size is bigger, we can fit 4000 objects in
        the two spare cells the collector is willing to keep around, so collect a bit less often.
        
        * kjs/collector.cpp:

2007-04-23  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin and Geoff.
        
        - move mark and collectOnMainThreadOnly bits into separate bitmaps
        
        This saves 4 bytes per cell, allowing shrink of cell size to 32,
        which leads to a .8% speed improvement on iBench.
        
        This is only feasible because of all the previous changes on the branch.

        * kjs/collector.cpp:
        (KJS::allocateBlock): Adjust for some renames of constants. 
        (KJS::Collector::markStackObjectsConservatively): Now that cells are 32 bytes (64 
        bytes on 64-bit) the cell alignment check can be made much more strict, and also
        obsoletes the need for a % sizeof(CollectorCell) check. Also, we can mask off the low
        bits of the pointer to have a potential block pointer to look for.
        (KJS::Collector::collectOnMainThreadOnly): Use bitmap.
        (KJS::Collector::markMainThreadOnlyObjects): Use bitmap.
        (KJS::Collector::collect): When sweeping, use bitmaps directly to find mark bits.
        * kjs/collector.h:
        (KJS::): Move needed constants and type declarations here.
        (KJS::CollectorBitmap::get): Bit twiddling to get a bitmap value.
        (KJS::CollectorBitmap::set): Bit twiddling to set a bitmap bit to true.
        (KJS::CollectorBitmap::clear): Bit twiddling to set a bitmap bit to false.
        (KJS::CollectorBitmap::clearAll): Clear whole bitmap at one go.
        (KJS::Collector::cellBlock): New operation, compute the block pointer for
        a cell by masking off low bits.
        (KJS::Collector::cellOffset): New operation, compute the cell offset for a
        cell by masking off high bits and dividing (actually a shift).
        (KJS::Collector::isCellMarked): Check mark bit in bitmap
        (KJS::Collector::markCell): Set mark bit in bitmap.
        * kjs/value.h:
        (KJS::JSCell::JSCell): No more bits.
        (KJS::JSCell::marked): Let collector handle it.
        (KJS::JSCell::mark): Let collector handle it.

2007-04-23  Anders Carlsson  <andersca@apple.com>

        Build fix.
        
        * kjs/regexp_object.h:
        RegExpObjectImpPrivate is a struct, not a class.
        
2007-04-23  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin.
        
        - shrink FunctionImp / DeclaredFunctionImp by 4 bytes, by moving parameter list to function body
        
        I reconciled this with a similar change in KDE kjs by Maks Orlovich <maksim@kde.org>.

        * kjs/function.cpp:
        (KJS::FunctionImp::callAsFunction):
        (KJS::FunctionImp::passInParameters):
        (KJS::FunctionImp::lengthGetter):
        (KJS::FunctionImp::getParameterName):
        * kjs/function.h:
        * kjs/function_object.cpp:
        (FunctionProtoFunc::callAsFunction):
        (FunctionObjectImp::construct):
        * kjs/nodes.cpp:
        (FunctionBodyNode::addParam):
        (FunctionBodyNode::paramString):
        (FuncDeclNode::addParams):
        (FuncDeclNode::processFuncDecl):
        (FuncExprNode::addParams):
        (FuncExprNode::evaluate):
        * kjs/nodes.h:
        (KJS::Parameter::Parameter):
        (KJS::FunctionBodyNode::numParams):
        (KJS::FunctionBodyNode::paramName):
        (KJS::FunctionBodyNode::parameters):
        (KJS::FuncExprNode::FuncExprNode):
        (KJS::FuncDeclNode::FuncDeclNode):
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Disable 64-bit warnings because
        they handle size_t badly.

2007-04-23  Maciej Stachowiak  <mjs@apple.com>
 
        Reviewed by Darin.

        - shrink RegexpObjectImp by 4 bytes
        
        Somewhat inexplicably, this seems to be a .33% speedup on JS iBench.
        
        * kjs/regexp_object.cpp:
        (KJS::RegExpObjectImpPrivate::RegExpObjectImpPrivate):
        (RegExpObjectImp::RegExpObjectImp):
        (RegExpObjectImp::performMatch):
        (RegExpObjectImp::arrayOfMatches):
        (RegExpObjectImp::getBackref):
        (RegExpObjectImp::getLastMatch):
        (RegExpObjectImp::getLastParen):
        (RegExpObjectImp::getLeftContext):
        (RegExpObjectImp::getRightContext):
        (RegExpObjectImp::getValueProperty):
        (RegExpObjectImp::putValueProperty):
        * kjs/regexp_object.h:

2007-04-23  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - change to 1-bit bitfields instead of 8-bit, this turns out to lead to a .51% speedup on JS iBench
        
        The 1-bit bitfields are actually faster than just plain bools, at least on Intel (go figure).

        * kjs/property_map.h:

2007-04-23  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin.
       
        - shrink ArrayInstance objects by 4 bytes
        http://bugs.webkit.org/show_bug.cgi?id=13386
        
        I did this by storing the capacity before the beginning of the storage array. It turns out
        it is rarely needed and is by definition 0 when the storage array is null.
 
        * kjs/array_instance.h:
        (KJS::ArrayInstance::capacity): Get it from the secret stash
        * kjs/array_object.cpp:
        (allocateStorage): New function to encapsulate allocating the storage with extra space ahead
        for the capacity.
        (reallocateStorage): ditto for realloc
        (ArrayInstance::ArrayInstance):
        (ArrayInstance::~ArrayInstance):
        (ArrayInstance::resizeStorage):

2007-04-23  Darin Adler  <darin@apple.com>

        Reviewed by Maciej.

        - fix <rdar://problem/4840688> REGRESSION (r10588, r10621): JavaScript won't parse
          modifications of non-references (breaks 300themovie.warnerbros.com, fedex.com)

        Despite the ECMAScript specification's claim that you can treat these as syntax
        errors, doing so creates some website incompatibilities. So this patch turns them back
        into evaluation errors instead.

        Test: fast/js/modify-non-references.html

        * kjs/grammar.y: Change makeAssignNode, makePrefixNode, and makePostfixNode so that they
        never fail to parse. Update rules that use them. Fix a little bit of indenting. Use
        new PostfixErrorNode, PrefixErrorNode, and AssignErrorNode classes.

        * kjs/nodes.h: Added an overload of throwError that takes a char* argument.
        Replaced setExceptionDetailsIfNeeded and debugExceptionIfNeeded with handleException,
        which does both. Added PostfixErrorNode, PrefixErrorNode, and AssignErrorNode classes.

        * kjs/nodes.cpp: Changed exception macros to use handleException; simpler and smaller
        code size than the two functions that we used before.
        (Node::throwError): Added the overload mentioned above.
        (Node::handleException): Added. Contains the code from both setExceptionDetailsIfNeeded
        and debugExceptionIfNeeded.
        (PostfixErrorNode::evaluate): Added. Throws an exception.
        (PrefixErrorNode::evaluate): Ditto.
        (AssignErrorNode::evaluate): Ditto.
        (ThrowNode::execute): Call handleException instead of debugExceptionIfNeeded; this
        effectively adds a call to setExceptionDetailsIfNeeded, which may help with getting
        the correct file and line number for these exceptions.

        * kjs/nodes2string.cpp:
        (PostfixErrorNode::streamTo): Added.
        (PrefixErrorNode::streamTo): Added.
        (AssignErrorNode::streamTo): Added.

2007-04-23  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin.
        
        - fix test failures / crashes on PPC

        * kjs/property_map.h: Make the bool fields explicitly 8-bit bitfields, since bool is a full
        word there otherwise :-(

2007-04-23  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin.
        
        - fix more test case failures

        * bindings/runtime_array.cpp:
        (RuntimeArray::RuntimeArray): inherit from JSObject instead of ArrayInstance; it turns
        out that this class only needs the prototype and classInfo from ArrayInstance, not the
        actual class itself, and it was too big otherwise.
        (RuntimeArray::getOwnPropertySlot):
        * bindings/runtime_array.h:

2007-04-23  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin.
        
        - fix some test failures

        * bindings/runtime_method.cpp:
        (RuntimeMethod::RuntimeMethod): inherit from InternalFunctionImp instead of FunctionImpl,
        otherwise this is too big
        (RuntimeMethod::getOwnPropertySlot):
        * bindings/runtime_method.h:

2007-04-22  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin.
        
        - discard the arguments List for an ActivationImp when the corresponding Context is destroyed (1.7% speedup)
        http://bugs.webkit.org/show_bug.cgi?id=13385

        Based an idea by Christopher E. Hyde <C.Hyde@parableuk.force9.co.uk>. His patch to do 
        this also had many other List changes and I found this much simpler subset of the changes
        was actually a hair faster.
        
        This optimization is valid because the arguments list is only kept around to
        lazily make the arguments object. If it's not made by the time the function
        exits, it never will be, since any function that captures the continuation will
        have its own local arguments variable in scope.
        
        Besides the 1.7% speed improvement, it shrinks List by 4 bytes
        (which in turn shrinks ActivationImp by 4 bytes).
        
        * kjs/Context.cpp:
        (KJS::Context::~Context): Clear the activation's arguments list.
        * kjs/function.cpp:
        (KJS::ActivationImp::ActivationImp): Adjusted for list changes.
        (KJS::ActivationImp::mark): No need to mark, lists are always protected (this doesn't
        cause a ref-cycle for reasons stated above).
        (KJS::ActivationImp::createArgumentsObject): Clear arguments list.
        * kjs/function.h:
        * kjs/list.cpp:
        (KJS::List::List): No more needsMarking boolean
        (KJS::List::operator=): ditto
        * kjs/list.h:
        (KJS::List::List): ditto
        (KJS::List::reset): ditto
        (KJS::List::deref): ditto

2007-04-22  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin.
        
        - shrink PropertyMap by 8 bytes and therefore shrink CELL_SIZE to 40 (for 32-bit; 
        similar shrinkage for 64-bit)
        http://bugs.webkit.org/show_bug.cgi?id=13384

        Inspired by similar changes by Christopher E. Hyde <C.Hyde@parableuk.force9.co.uk>
        done in the kjs-tweaks branch of KDE's kjs. However, this version is somewhat 
        cleaner style-wise and avoids some of the negative speed impact (at least on gcc/x86) 
        of his version.
        
        This is nearly a wash performance-wise, maybe a slight slowdown, but worth doing
        to eventually reach cell size 32.
        
        * kjs/collector.cpp:
        (KJS::):
        * kjs/property_map.cpp:
        (KJS::PropertyMap::~PropertyMap):
        (KJS::PropertyMap::clear):
        (KJS::PropertyMap::get):
        (KJS::PropertyMap::getLocation):
        (KJS::PropertyMap::put):
        (KJS::PropertyMap::insert):
        (KJS::PropertyMap::expand):
        (KJS::PropertyMap::rehash):
        (KJS::PropertyMap::remove):
        (KJS::PropertyMap::mark):
        (KJS::PropertyMap::containsGettersOrSetters):
        (KJS::PropertyMap::getEnumerablePropertyNames):
        (KJS::PropertyMap::getSparseArrayPropertyNames):
        (KJS::PropertyMap::save):
        (KJS::PropertyMap::checkConsistency):
        * kjs/property_map.h:
        (KJS::PropertyMap::hasGetterSetterProperties):
        (KJS::PropertyMap::setHasGetterSetterProperties):
        (KJS::PropertyMap::):
        (KJS::PropertyMap::PropertyMap):

2007-04-22  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin.
        
        - change blocks to 64k in size, and use various platform-specific calls to allocate at 64k-aligned addresses
        http://bugs.webkit.org/show_bug.cgi?id=13383
        
        * kjs/collector.cpp:
        (KJS::allocateBlock): New function to allocate 64k of 64k-aligned memory
        (KJS::freeBlock): Corresponding free
        (KJS::Collector::allocate):
        (KJS::Collector::collect):

2007-04-22  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin and Geoff.
        
        - remove the concept of oversize objects, now that there aren't any (for now
        only enforced with an assert).
        http://bugs.webkit.org/show_bug.cgi?id=13382

        This change is a .66% speedup on JS iBench for 32-bit platforms, probably much more
        for 64-bit since it finally gives a reasonable cell size, but I did not test that.
        
        * kjs/collector.cpp:
        (KJS::): Use different cell size for 32-bit and 64-bit, now that there is no
        oversize allocation.
        (KJS::Collector::allocate): Remove oversize allocator.
        (KJS::Collector::markStackObjectsConservatively): Don't check oversize objects.
        (KJS::Collector::markMainThreadOnlyObjects): Ditto.
        (KJS::Collector::collect): Ditto.

2007-04-21  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Adam.

        - fix http://bugs.webkit.org/show_bug.cgi?id=13428
          REGRESSION (r20973-r20976): Failing ecma/Array/15.4.4.5-3.js

        - fix http://bugs.webkit.org/show_bug.cgi?id=13429
          REGRESSION (r20973-r20976): Crashing in fast/dom/plugin-attributes-enumeration.html

        * kjs/array_object.cpp:
        (ArrayInstance::sort): Free the old storage, not the new one.

2007-04-20  Maciej Stachowiak  <mjs@apple.com>

        Not reviewed, build fix.

        - fix build problem with last change - -O3 complains more about uninitialized variables
        
        * pcre/pcre_compile.c:
        (compile_branch):
        (pcre_compile2):

2007-04-20  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin.
        
        - <rdar://problem/5149915> use mergesort when possible, since it leads to fewer compares (2% JS iBench speedup)

        * kjs/array_object.cpp:
        (ArrayInstance::sort): Use mergesort(3) on platforms that have it, since it tends
        to do fewer compares than qsort; but avoid it very on large arrays since it uses extra
        memory. Also added comments identifying possibly even better sorting algorithms
        for sort by string value and sort by compare function.
        * kjs/config.h:

2007-04-20  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin.
        
        - bump optimization flags up to -O3 for 1% JS iBench speed improvement 

        * Configurations/Base.xcconfig:

2007-04-20  Mark Rowe  <mrowe@apple.com>

        Reviewed by Maciej.

        Fix bogus optimisation in the generic pthread code path.

        * kjs/collector.cpp:
        (KJS::currentThreadStackBase):

2007-04-20  Mark Rowe  <mrowe@apple.com>

        Reviewed by Anders.

        Improve FreeBSD compatibility, as suggested by Alexander Botero-Lowry.

        * kjs/collector.cpp:
        (KJS::currentThreadStackBase): FreeBSD requires that pthread_attr_t's are
        initialized via pthread_attr_init before being used in any context.

2007-04-19  Mark Rowe  <mrowe@apple.com>

        Reviewed by Darin.

        Fix http://bugs.webkit.org/show_bug.cgi?id=13401
        Bug 13401: Reproducible crash calling myArray.sort(compareFn) from within
        a sort comparison function

        * kjs/array_object.cpp:
        (ArrayInstance::sort): Save/restore the static variables around calls to qsort
        to ensure nested calls to ArrayInstance::sort behave correctly.

2007-04-12  Deneb Meketa  <dmeketa@adobe.com>

        Reviewed by Darin Adler.

        http://bugs.webkit.org/show_bug.cgi?id=13029
        rdar://problem/4994849
        Bug 13029: Permit NPAPI plug-ins to see HTTP response headers.
        This doesn't actually change JavaScriptCore, but that's where npapi.h is.

        * bindings/npapi.h:
        Add headers member to NPStream struct.  Also increase NP_VERSION_MINOR to 18.
        Increasing to >= 17 allows plug-ins to safely detect whether to look for
        NPStream::headers.  Increasing from 17 to 18 reflects presence of NPObject
        enumeration, which was added in a prior patch, and which has been agreed to
        constitute version 18 by the plugin-futures list.  Also add other missing
        bits of npapi.h to catch up from 14 to 18.  This includes features that are
        not implemented in WebKit, but those are safely stubbed.

2007-04-10  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Mark Rowe.
        
        Fixed last check-in to print in release builds, too.

        * kjs/collector.cpp:
        (KJS::getPlatformThreadRegisters):

2007-04-10  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by John Sullivan, Darin Adler.
        
        Fixed <rdar://problem/5121899> JavaScript garbage collection leads to 
        later crash under Rosetta (should abort or leak instead?)
        
        Log an error message and crash if the kernel reports failure during GC.
        We decided to do this instead of just leaking because we don't want people
        to get the mistaken impression that running in Rosetta is a supported
        configurtion.
        
        The CRASH macro will also hook into CrashReporter, which will tell us if 
        many (any?) users run into this issue.

        * kjs/collector.cpp:
        (KJS::getPlatformThreadRegisters):

2007-04-06  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>

        Reviewed by darin.

        Coverity fix. Coverity says:
        "Event var_deref_model: Variable "sourceRanges" tracked as NULL was passed to a
        function that dereferences it"

        * kjs/string_object.cpp:
        (KJS::replace):

2007-04-06  Geoffrey Garen  <ggaren@apple.com>

        Rubber stamped by Adele Peterson.

        * kjs/ExecState.h: Removed obsolete forward/friend declaration of 
        RuntimeMethodImp.

2007-04-05  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>

        Reviewed by darin.

        Coverity fix. Coverity says:
        "Event check_after_deref: Pointer "dateString" dereferenced before NULL check"

        * kjs/date_object.cpp:
        (KJS::parseDate):

2007-04-05  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>

        Reviewed by darin.

        Coverity fix. Coverity says:
        "Event check_after_deref: Pointer "re" dereferenced before NULL check"

        * pcre/pcre_study.c:
        (pcre_study):

2007-04-05  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>

        Reviewed by darin.

        Coverity fixes. Coverity says:
        "Event leaked_storage: Returned without freeing storage "buffer""
        and:
        "Event leaked_storage: Returned without freeing storage "script""

        * kjs/testkjs.cpp:
        (doIt):
        (createStringWithContentsOfFile):

2007-04-05  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>

        Reviewed by darin.

        Coverity fix: in single-threaded case currentThreadIsMainThread is always true
        so the code in if (!currentThreadIsMainThread) cannot possibly be reached
        and Coverity complains about dead code.

        * kjs/collector.cpp:
        (KJS::Collector::collect):

=== Safari-5522.6 ===

2007-04-03  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Adam.

        - Testing a post-commit hook.

        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:

2007-04-03  Anders Carlsson  <andersca@apple.com>

        Reviewed by Adam.

        <rdar://problem/5107534>
        http://bugs.webkit.org/show_bug.cgi?id=13265
        REGRESSION: Crash in KJS::Bindings::convertValueToNPVariant
        
        * bindings/NP_jsobject.cpp:
        (_NPN_InvokeDefault):
        Return false if the object isn't a function. Set the return value to undefined by default
        (to match Firefox).
        
2007-03-30  Anders Carlsson <andersca@apple.com>

        Build fix.
        
        * bindings/NP_jsobject.cpp:
        (_NPN_Enumerate):

2007-03-30  Anders Carlsson  <andersca@apple.com>

        Reviewed by Geoff.

        Implement _NPN_Enumerate support.
        
        * JavaScriptCore.exp:
        * bindings/NP_jsobject.cpp:
        (_NPN_Enumerate):
        * bindings/c/c_instance.cpp:
        (KJS::Bindings::CInstance::getPropertyNames):
        * bindings/c/c_instance.h:
        * bindings/npapi.h:
        * bindings/npruntime.h:
        * bindings/npruntime_impl.h:
        * bindings/runtime.h:
        (KJS::Bindings::Instance::getPropertyNames):
        * bindings/runtime_object.cpp:
        (RuntimeObjectImp::getPropertyNames):
        * bindings/runtime_object.h:
        (KJS::RuntimeObjectImp::getInternalInstance):

2007-03-28  Jeff Walden  <jwalden+code@mit.edu>

        Reviewed by Darin.

        http://bugs.webkit.org/show_bug.cgi?id=12963
        Fix some inconsistencies in the Mozilla JS Array extras implementations
        with respect to the Mozilla implementation:

          - holes in arrays should be skipped, not treated as undefined,
            by all such methods
          - an element with value undefined is not a hole
          - Array.prototype.forEach should return undefined

        * kjs/array_object.cpp:
        (ArrayInstance::getOwnPropertySlot):
        (ArrayProtoFunc::callAsFunction):

2007-03-27  Anders Carlsson  <acarlsson@apple.com>

        Reviewed by Geoff.

        * bindings/NP_jsobject.cpp:
        (_NPN_InvokeDefault):
        Call JSObject:call for native JavaScript objects.

2007-03-26  David Carson  <dacarson@gmail.com>

        Reviewed by Darin, landed by Anders.

        Fix for: REGRESSION (r19559): Java applet crash
        http://bugs.webkit.org/show_bug.cgi?id=13142
        <rdar://problem/5080340>

        The previous fix http://bugs.webkit.org/show_bug.cgi?id=12636 
        introduced new JNIType to enum in jni_utility.h This is a 
        problem on the Mac as it seems that the JNIType enum is also
        used in the JVM, it is used to specify the return type in
        jni_objc.mm
        Corrected the fix by moving type to the end, and changing
        jni_objc.mm to convert the new type to an old compatible
        type.

        * bindings/jni/jni_objc.mm:
        (KJS::Bindings::dispatchJNICall):
        * bindings/jni/jni_utility.h:

2007-03-26  Christopher Brichford  <chrisb@adobe.com>

        Reviewed/landed by Adam.

        Bug 13198: Move build settings from project file to xcconfig file for apollo
        port JSCore
        http://bugs.webkit.org/show_bug.cgi?id=13198

        - Moving build settings from xcode project file to xcconfig files.

        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.Debug.xcconfig:
        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.Release.xcconfig:
        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcconfig:
        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:

2007-03-26  Brady Eidson  <beidson@apple.com>

        Rubberstamped by Anders and Maciej aand Geoff (oh my!)
        
        Since CFTypeRef is really void*, a RetainPtr couldn't be used. 
        RefType was "void", which doesn't actually exist as a type.
        Since RefType only existed for operator*(), and since that operator
        doesn't make any sense for RetainPtr, I removed them!

        * kjs/nodes.cpp: Touch this to force a rebuild and (hopefully) help the
          compiler with dependencies
        * wtf/RetainPtr.h: Nuke RefType and operator*()

2007-03-26  Geoffrey Garen  <ggaren@apple.com>

        Touched a file to (hopefully) help the compiler with RetainPtr dependencies.

        * kjs/nodes.cpp:
        (Node::deref):

2007-03-24  Brady Eidson  <beidson@apple.com>

        Reviewed by Adam

        Whoops, RetainPtr should be in the WTF namespace

        * wtf/RetainPtr.h:

2007-03-24  Brady Eidson  <beidson@apple.com>

        Reviewed by Adam
        
        <rdar://problem/5086210> - Move RetainPtr to WTF

        * wtf/RetainPtr.h: Added
        * JavaScriptCore.xcodeproj/project.pbxproj: Add it to the project file
        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto


2007-03-23  Christopher Brichford  <chrisb@adobe.com>

        Reviewed/landed by Adam.

        Bug 13175: Make apollo mac project files for JavaScriptCore actually
        build something
        http://bugs.webkit.org/show_bug.cgi?id=13175

        - Changing apollo mac project files for JavaScriptCore such that they actually build
        JavaScriptCore source code.

        * JavaScriptCore.apolloproj/ForwardingSources/grammar.cpp: Added.
        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcconfig:
        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:

2007-03-24  Mark Rowe  <mrowe@apple.com>

        Rubber-stamped by Darin.

        * Configurations/JavaScriptCore.xcconfig: Remove unnecessary INFOPLIST_PREPROCESS.

2007-03-22  Christopher Brichford  <chrisb@adobe.com>

        Reviewed/landed by Adam.

        Bug 13164: Initial version of mac JavaScriptCore project files for
        apollo port 
        http://bugs.webkit.org/show_bug.cgi?id=13164

        - Adding mac project files for apollo port of JavaScriptCore. Currently project
        just builds dftables.

        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.Debug.xcconfig: Added.
        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.Release.xcconfig: Added.
        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcconfig: Added.
        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj: Added.

2007-03-21  Timothy Hatcher  <timothy@apple.com>

        Reviewed by Darin.

        <rdar://problem/5076599> JavaScriptCore has a weak export (vtable for KJS::JSCell)

        * JavaScriptCore.exp: Remove __ZTVN3KJS6JSCellE.

2007-03-21  Adele Peterson  <adele@apple.com>

        Reviewed by Geoff.

        * API/JSStringRef.cpp: (JSStringIsEqual): Added JSLock.

2007-03-21  Zack Rusin  <zrusin@trolltech.com>

        Fix the compile when USE(MULTIPLE_THREADS) isn't
        defined

        * kjs/JSLock.cpp:
        (KJS::JSLock::currentThreadIsHoldingLock):

2007-03-20  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Geoff and Adam.
        
        - make USE(MULTIPLE_THREADS) support more portable
        http://bugs.webkit.org/show_bug.cgi?id=13069
        
        - fixed a threadsafety bug discovered by testing this
        
        - enhanced threadsafety assertions in collector

        * API/JSCallbackObject.cpp:
        (KJS::JSCallbackObject::~JSCallbackObject): This destructor can't
        DropAllLocks around the finalize callback, because it gets called
        from garbage collection and we can't let other threads collect!

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * kjs/JSLock.cpp:
        (KJS::JSLock::currentThreadIsHoldingLock): Added new function
        to allow stronger assertions than just that the lock is held
        by some thread (you can now assert that the current thread is
        holding it, given the new JSLock design).
        * kjs/JSLock.h:
        * kjs/collector.cpp: Refactored for portability plus added some
        stronger assertions.
        (KJS::Collector::allocate):
        (KJS::currentThreadStackBase):
        (KJS::Collector::registerAsMainThread):
        (KJS::onMainThread):
        (KJS::PlatformThread::PlatformThread):
        (KJS::getCurrentPlatformThread):
        (KJS::Collector::Thread::Thread):
        (KJS::destroyRegisteredThread):
        (KJS::Collector::registerThread):
        (KJS::Collector::markCurrentThreadConservatively):
        (KJS::suspendThread):
        (KJS::resumeThread):
        (KJS::getPlatformThreadRegisters):
        (KJS::otherThreadStackPointer):
        (KJS::otherThreadStackBase):
        (KJS::Collector::markOtherThreadConservatively):
        (KJS::Collector::markStackObjectsConservatively):
        (KJS::Collector::protect):
        (KJS::Collector::unprotect):
        (KJS::Collector::collectOnMainThreadOnly):
        (KJS::Collector::markMainThreadOnlyObjects):
        (KJS::Collector::collect):
        * kjs/collector.h:
        * wtf/FastMalloc.cpp:
        (WTF::fastMallocSetIsMultiThreaded):
        * wtf/FastMallocInternal.h:
        * wtf/Platform.h:

2007-03-19  Darin Adler  <darin@apple.com>

        * kjs/value.h: Roll ~JSValue change out. It was causing problems. I'll do it right later.

2007-03-19  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by John Sullivan.

        Fixed <rdar://problem/5073380> REGRESSION: Crash occurs at WTF::fastFree() 
        when reloading liveconnect page (applet)
        
        Best to use free when you use malloc, especially when malloc and delete
        use completely different libraries.

        * bindings/jni/jni_runtime.cpp:
        (JavaMethod::~JavaMethod):

2007-03-19  Andrew Wellington  <proton@wiretapped.net>

        Reviewed by Maciej.

        Really set Xcode editor to use 4 space indentation (http://webkit.org/coding/coding-style.html)

        * JavaScriptCore.xcodeproj/project.pbxproj:

2007-03-19  Darin Adler  <darin@apple.com>

        Reviewed by Geoff.

        - Changed list size threshold to 5 based on testing.

        I was testing the i-Bench JavaScript with the list statistics
        dumping on, and discovered that there were many 5-element lists.
        The fast case for lists was for 4 elements and fewer. By changing
        the threshold to 5 elements we get a measurable speedup. I believe
        this will help real web pages too, not just the benchmark.

        * kjs/list.cpp: Change constant from 4 to 5.

2007-03-19  Darin Adler  <darin@apple.com>

        * kjs/value.h: Oops, fix build.

2007-03-19  Darin Adler  <darin@apple.com>

        Reviewed by Geoff.

        - remove ~JSValue; tiny low-risk performance boost

        * kjs/value.h: Remove unneeded empty virtual destructor from JSValue.
        The only class derived from JSValue is JSCell and it already has a
        virtual destructor. Declaring an empty constructor in JSValue had one
        good effect: it marked the destructor private, making it a compile
        time error to try to destroy a JSValue; but that's not a likely
        mistake for someone to make. It had two bad effects: (1) it caused gcc,
        at least, to generate code to fix up the virtual table pointer to
        point to the JSValue version of the virtual table inside the destructor
        of all classes derived from JSValue directly or indirectly; (2) it
        caused JSValue to be a polymorphic class so required a virtual table for
        it. It's cleaner to not have either of those.

2007-03-18  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Mark.
        
        - avoid static construction (and global variable access) in a smarter, more portable way,
        to later enable MUTLI_THREAD mode to work on other platforms and compilers.
        
        * kjs/CommonIdentifiers.cpp: Added. New class to hold all the shared identifiers.
        (KJS::CommonIdentifiers::CommonIdentifiers):
        (KJS::CommonIdentifiers::shared):
        * kjs/CommonIdentifiers.h: Added.

        * kjs/ExecState.h:
        (KJS::ExecState::propertyNames): Hand the CommonIdentifiers instance here for easy access.
        (KJS::ExecState::ExecState):

        * API/JSObjectRef.cpp:
        (JSObjectMakeConstructor):
        * CMakeLists.txt:
        * JavaScriptCore.exp:
        * JavaScriptCore.pri:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * JavaScriptCoreSources.bkl:
        * bindings/runtime_array.cpp:
        (RuntimeArray::getOwnPropertySlot):
        (RuntimeArray::put):
        * bindings/runtime_method.cpp:
        (RuntimeMethod::getOwnPropertySlot):
        * kjs/array_object.cpp:
        (ArrayInstance::getOwnPropertySlot):
        (ArrayInstance::put):
        (ArrayInstance::deleteProperty):
        (ArrayProtoFunc::ArrayProtoFunc):
        (ArrayProtoFunc::callAsFunction):
        (ArrayObjectImp::ArrayObjectImp):
        * kjs/bool_object.cpp:
        (BooleanPrototype::BooleanPrototype):
        (BooleanProtoFunc::BooleanProtoFunc):
        (BooleanProtoFunc::callAsFunction):
        (BooleanObjectImp::BooleanObjectImp):
        * kjs/completion.h:
        (KJS::Completion::Completion):
        * kjs/date_object.cpp:
        (KJS::DateProtoFunc::DateProtoFunc):
        (KJS::DateObjectImp::DateObjectImp):
        (KJS::DateObjectFuncImp::DateObjectFuncImp):
        * kjs/error_object.cpp:
        (ErrorPrototype::ErrorPrototype):
        (ErrorProtoFunc::ErrorProtoFunc):
        (ErrorProtoFunc::callAsFunction):
        (ErrorObjectImp::ErrorObjectImp):
        (ErrorObjectImp::construct):
        (NativeErrorPrototype::NativeErrorPrototype):
        (NativeErrorImp::NativeErrorImp):
        (NativeErrorImp::construct):
        (NativeErrorImp::callAsFunction):
        * kjs/function.cpp:
        (KJS::FunctionImp::getOwnPropertySlot):
        (KJS::FunctionImp::put):
        (KJS::FunctionImp::deleteProperty):
        (KJS::FunctionImp::getParameterName):
        (KJS::DeclaredFunctionImp::construct):
        (KJS::IndexToNameMap::unMap):
        (KJS::Arguments::Arguments):
        (KJS::ActivationImp::getOwnPropertySlot):
        (KJS::ActivationImp::deleteProperty):
        (KJS::GlobalFuncImp::GlobalFuncImp):
        * kjs/function_object.cpp:
        (FunctionPrototype::FunctionPrototype):
        (FunctionProtoFunc::FunctionProtoFunc):
        (FunctionProtoFunc::callAsFunction):
        (FunctionObjectImp::FunctionObjectImp):
        (FunctionObjectImp::construct):
        * kjs/grammar.y:
        * kjs/identifier.cpp:
        * kjs/identifier.h:
        * kjs/interpreter.cpp:
        (KJS::Interpreter::init):
        (KJS::Interpreter::initGlobalObject):
        * kjs/interpreter.h:
        * kjs/lookup.h:
        * kjs/math_object.cpp:
        (MathFuncImp::MathFuncImp):
        * kjs/nodes.cpp:
        (ArrayNode::evaluate):
        (FuncDeclNode::processFuncDecl):
        (FuncExprNode::evaluate):
        * kjs/number_object.cpp:
        (NumberPrototype::NumberPrototype):
        (NumberProtoFunc::NumberProtoFunc):
        (NumberObjectImp::NumberObjectImp):
        * kjs/object.cpp:
        (KJS::JSObject::put):
        (KJS::JSObject::defaultValue):
        (KJS::JSObject::hasInstance):
        * kjs/object.h:
        (KJS::JSObject::getOwnPropertySlot):
        * kjs/object_object.cpp:
        (ObjectPrototype::ObjectPrototype):
        (ObjectProtoFunc::ObjectProtoFunc):
        (ObjectObjectImp::ObjectObjectImp):
        * kjs/regexp_object.cpp:
        (RegExpPrototype::RegExpPrototype):
        (RegExpProtoFunc::RegExpProtoFunc):
        (RegExpObjectImp::RegExpObjectImp):
        * kjs/string_object.cpp:
        (KJS::StringInstance::getOwnPropertySlot):
        (KJS::StringInstance::put):
        (KJS::StringInstance::deleteProperty):
        (KJS::StringPrototype::StringPrototype):
        (KJS::StringProtoFunc::StringProtoFunc):
        (KJS::StringProtoFunc::callAsFunction):
        (KJS::StringObjectImp::StringObjectImp):
        (KJS::StringObjectFuncImp::StringObjectFuncImp):
        * kjs/testkjs.cpp:
        (TestFunctionImp::TestFunctionImp):

2007-03-18  Andrew Wellington  <proton@wiretapped.net>

        Reviewed by Mark Rowe
        
        Set Xcode editor to use 4 space indentation (http://webkit.org/coding/coding-style.html) 

        * JavaScriptCore.xcodeproj/project.pbxproj:

2007-03-19  Mark Rowe  <mrowe@apple.com>

        Rubber-stamped by Brady.

        Update references to bugzilla.opendarwin.org with bugs.webkit.org.

        * bindings/c/c_utility.cpp:
        (KJS::Bindings::convertUTF8ToUTF16):
        * kjs/function.cpp:
        (KJS::FunctionImp::callAsFunction):
        * kjs/grammar.y:
        * kjs/keywords.table:
        * kjs/lexer.cpp:
        (KJS::Lexer::shift):

2007-03-18  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Exposed some extra toUInt32 functionality, as part of the fix for
        REGRESSION: Incomplete document.all implementation breaks abtelectronics.com 
        (Style Change Through JavaScript Blanks Content)

        * JavaScriptCore.exp:
        * kjs/identifier.h:
        (KJS::Identifier::toUInt32):

2007-03-18  Geoffrey Garen  <ggaren@apple.com>

        Removed duplicate export name.
        
        * JavaScriptCore.exp:

2007-03-15  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        Fixed <rdar://problem/5064964> Repro ASSERT failure in JS Bindings when 
        closing window @ lowtrades.bptrade.com
        
        Unfortunately, the bindings depend on UString and Identifier as string 
        representations. So, they need to acquire the JSLock when doing something
        that will ref/deref their strings.

        Layout tests, the original site, and Java, Flash, and Quicktime on the 
        web work. No leaks reported. No automated test for this because testing 
        the Java bindings, like math, is hard.
        
        * bindings/runtime.h: Made Noncopyable, just to be sure.
        
        * bindings/c/c_class.cpp: 
        (KJS::Bindings::CClass::~CClass): Acquire the JSLock and explicitly clear the keys
        in our hashtable, since they're UString::Reps, and ref/deref aren't thread-safe.
        (KJS::Bindings::CClass::methodsNamed): Also acquire the JSLock when adding
        keys to the table, since the table ref's them.
        (KJS::Bindings::CClass::fieldNamed): ditto.

        * bindings/c/c_utility.cpp: Removed dead function.
        (KJS::Bindings::convertValueToNPVariant): Acquire the JSLock because doing
        it recursively is pretty cheap, and it's just too confusing to tell whether
        all our callers do it for us.
        (KJS::Bindings::convertNPVariantToValue): ditto
        * bindings/c/c_utility.h:

        * bindings/jni/jni_class.cpp: Same deal as c_class.cpp.
        (JavaClass::JavaClass):
        (JavaClass::~JavaClass):

        * bindings/jni/jni_instance.cpp: Same deal as c_utility.cpp.
        (JavaInstance::stringValue):
        * bindings/jni/jni_jsobject.cpp:
        (JavaJSObject::convertValueToJObject):

        * bindings/jni/jni_runtime.cpp:
        (JavaMethod::~JavaMethod): Moved from header, for clarity.
        (appendClassName): Made this static, so the set of callers is known, and
        we can assert that we hold the JSLock. Also changed it to take a UString
        reference, which makes the calling code simpler.
        (JavaMethod::signature): Store the ASCII value we care about instead of
        a UString, since UString is so much more hassle. Hold the JSLock while
        building up the temporary UString.

        * bindings/jni/jni_runtime.h: Nixed dead code in JavaMethod.
        (KJS::Bindings::JavaString::JavaString): Hold a UString::Rep instead of
        a UString, so we can acquire the JSLock and explicitly release it.
        (KJS::Bindings::JavaString::_commonInit):
        (KJS::Bindings::JavaString::~JavaString):
        (KJS::Bindings::JavaString::UTF8String):
        (KJS::Bindings::JavaString::uchars):
        (KJS::Bindings::JavaString::length):
        (KJS::Bindings::JavaString::ustring):

        * bindings/jni/jni_utility.cpp:
        (KJS::Bindings::convertArrayInstanceToJavaArray): Made this static, so 
        the set of callers is known, and we can assert that we hold the JSLock. 
        (KJS::Bindings::convertValueToJValue): Acquire the JSLock because doing
        it recursively is pretty cheap, and it's just too confusing to tell whether
        all our callers do it for us.

        * bindings/objc/objc_runtime.h: Nixed some dead code.
        * bindings/objc/objc_utility.mm:
        (KJS::Bindings::convertNSStringToString): Same drill as above.

2007-03-18  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Geoff.

        http://bugs.webkit.org/show_bug.cgi?id=13105
        REGRESSION: an exception raised when calculating base value of a dot expression is not returned

        Test: fast/js/dot-node-base-exception.html

        * kjs/nodes.cpp:
        (FunctionCallDotNode::evaluate): Added the necessary KJS_CHECKEXCEPTIONVALUE.

2007-03-18  Steve Falkenburg  <sfalken@apple.com>

        Build fix.

        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:

2007-03-17  Timothy Hatcher  <timothy@apple.com>

        Reviewed by Mark Rowe.

        Made Version.xcconfig smarter when building for different configurations.
        Now uses the 522+ OpenSource version for Debug and Release, while using the
        full 522.4 version for Production builds. The system prefix is also computed
        based on the current system, so 4522.4 on Tiger and 5522.4 on Leopard.

        * Configurations/JavaScriptCore.xcconfig:
        * Configurations/Version.xcconfig:

2007-03-15  Maciej Stachowiak  <mjs@apple.com>

        Not reviewed.
        
        - build fix

        * wtf/TCSystemAlloc.cpp:

2007-03-15  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Geoff and Steve.
        
        - fix some portability issues with TCMalloc.

        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
        * kjs/config.h:
        * wtf/FastMalloc.cpp:
        (WTF::SizeClass):
        (WTF::InitSizeClasses):
        (WTF::TCMalloc_PageHeap::Split):
        (WTF::TCMalloc_PageHeap::RegisterSizeClass):
        (WTF::TCMalloc_Central_FreeList::length):
        (WTF::TCMalloc_ThreadCache::InitTSD):
        (WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):
        * wtf/TCSpinLock.h:
        * wtf/TCSystemAlloc.cpp:
        (TryVirtualAlloc):
        (TCMalloc_SystemAlloc):

2007-03-15  Timothy Hatcher  <timothy@apple.com>

        Reviewed by John.

        * Factored out most of our common build settings into .xcconfig files. Anything that was common in
          each build configuration was factored out into the shared .xcconfig file.
        * Adds a Version.xcconfig file to define the current framework version, to be used in other places.
        * Use the new $(BUNDLE_VERSION) (defined in Version.xcconfig) in the preprocessed Info.plist.
        * Use the versions defined in Version.xcconfig to set $(DYLIB_CURRENT_VERSION).

        * Configurations/Base.xcconfig: Added.
        * Configurations/DebugRelease.xcconfig: Added.
        * Configurations/JavaScriptCore.xcconfig: Added.
        * Configurations/Version.xcconfig: Added.
        * Info.plist:
        * JavaScriptCore.xcodeproj/project.pbxproj:

2007-03-16  Shrikant Gangoda  <shrikant.gangoda@celunite.com>

        Gdk build fix.

        * kjs/DateMath.cpp:  gettimeofday comes from <sys/time.h> on Linux.

2007-03-14  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by .

        - Fixed one more build breakage

        * kjs/date_object.cpp:
        (KJS::formatLocaleDate):

2007-03-14  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by .

        - Fixed a build breakage.

        * kjs/DateMath.cpp:
        * kjs/date_object.cpp:
        (KJS::formatLocaleDate):
        (KJS::DateObjectImp::construct):

2007-03-14  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Geoff.

        - rdar://problem/5045720
        - DST changes in US affect JavaScript date calculations (12975)
        This fix was to ensure we properly test for the new changes to DST in the US.
        Also this fixes when we apply DST, now we correctly map most past years to current
        DST rules.  We still have a small issue with years before 1900 or after 2100.
        rdar://problem/5055038

        * kjs/DateMath.cpp: Fix DST to match spec better.
        (KJS::getCurrentUTCTime):
        (KJS::mimimumYearForDST):
        (KJS::maximumYearForDST):
        (KJS::equivalentYearForDST):
        (KJS::getDSTOffset):
        * kjs/DateMath.h: Consolodated common funtionality.
        * kjs/date_object.cpp: Consolodated common functionality.
        (KJS::formatLocaleDate):
        (KJS::DateObjectImp::construct):
        * tests/mozilla/ecma/jsref.js: Added functions for finding the correct days when DST starts and ends.
        * tests/mozilla/ecma/shell.js: Added back in the old DST functions for ease of merging with mozilla if needed.
        * tests/mozilla/ecma_2/jsref.js: Added functions for finding the correct days when DST starts and ends.
        * tests/mozilla/ecma_3/Date/shell.js: Added functions for finding the correct days when DST starts and ends.
        * tests/mozilla/expected.html: Updated to show all date tests passing.

=== Safari-5522.4 ===

2007-03-13  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by .

        - Adding expected failures until the are truly fixed. 
        - rdar://problem/5060302

        * tests/mozilla/expected.html:

2007-03-12  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by .

        - Actually update tests for new DST rules.

        * tests/mozilla/ecma/Date/15.9.3.1-1.js:
        * tests/mozilla/ecma/Date/15.9.3.1-2.js:
        * tests/mozilla/ecma/Date/15.9.3.1-3.js:
        * tests/mozilla/ecma/Date/15.9.3.1-4.js:
        * tests/mozilla/ecma/Date/15.9.3.1-5.js:
        * tests/mozilla/ecma/Date/15.9.3.2-1.js:
        * tests/mozilla/ecma/Date/15.9.3.2-2.js:
        * tests/mozilla/ecma/Date/15.9.3.2-3.js:
        * tests/mozilla/ecma/Date/15.9.3.2-4.js:
        * tests/mozilla/ecma/Date/15.9.3.2-5.js:
        * tests/mozilla/ecma/Date/15.9.3.8-1.js:
        * tests/mozilla/ecma/Date/15.9.3.8-2.js:
        * tests/mozilla/ecma/Date/15.9.3.8-3.js:
        * tests/mozilla/ecma/Date/15.9.3.8-4.js:
        * tests/mozilla/ecma/Date/15.9.3.8-5.js:
        * tests/mozilla/ecma/Date/15.9.5.10-1.js:
        * tests/mozilla/ecma/Date/15.9.5.10-10.js:
        * tests/mozilla/ecma/Date/15.9.5.10-11.js:
        * tests/mozilla/ecma/Date/15.9.5.10-12.js:
        * tests/mozilla/ecma/Date/15.9.5.10-13.js:
        * tests/mozilla/ecma/Date/15.9.5.10-2.js:
        * tests/mozilla/ecma/Date/15.9.5.10-3.js:
        * tests/mozilla/ecma/Date/15.9.5.10-4.js:
        * tests/mozilla/ecma/Date/15.9.5.10-5.js:
        * tests/mozilla/ecma/Date/15.9.5.10-6.js:
        * tests/mozilla/ecma/Date/15.9.5.10-7.js:
        * tests/mozilla/ecma/Date/15.9.5.10-8.js:
        * tests/mozilla/ecma/Date/15.9.5.10-9.js:
        * tests/mozilla/ecma/jsref.js:
        * tests/mozilla/ecma_2/jsref.js:
        * tests/mozilla/ecma_3/Date/shell.js:

2007-03-12  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by .

        - Update tests for new DST rules.

        * tests/mozilla/ecma/shell.js:

2007-03-11  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Fixed <rdar://problem/4681051> Installer crashes in KJS::Collector::
        markOtherThreadConservatively(KJS::Collector::Thread*) trying to install 
        iLife 06 using Rosetta on an Intel Machine
        
        The problem was that our thread-specific data destructor would modify the
        list of active JavaScript threads without holding the JSLock, corrupting
        the list. Corruption was especially likely if one JavaScript thread exited 
        while another was starting up.

        * JavaScriptCore.exp:
        * kjs/JSLock.cpp: Don't conflate locking the JSLock with registering a
        thread, since the thread-specific data destructor needs to lock
        without registering a thread. Instead, treat thread registration as a
        part of the convenience of the JSLock object, and whittle down JSLock::lock()
        to just the bits that actually do the locking.
        (KJS::JSLock::lock):
        (KJS::JSLock::registerThread):
        * kjs/JSLock.h: Updated comments to mention the new behavior above, and
        other recent changes.
        (KJS::JSLock::JSLock):
        * kjs/collector.cpp:
        (KJS::destroyRegisteredThread): Lock here.
        (KJS::Collector::registerThread): To match, assert that we're locked here.

2007-03-10  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.

        Fixed <rdar://problem/4587763> PAC file: lock inversion between QT and 
        JSCore causes a hang @ www.panoramas.dk
        
        With a PAC file, run-webkit-tests --threaded passes, the reported site
        works, and all the Quicktime/JavaScript and Flash/JavaScript examples
        I found through Google work, too.
        
        Any time JavaScript causes arbitrary non-JavaScript code to execute, it 
        risks deadlock, because that code may block, trying to acquire a lock 
        owned by a thread that is waiting to execute JavaScript. In this case,
        the thread was a networking thread that was waiting to interpret a PAC file.
        
        Because non-JavaScript code may execute in response to, well, anything,
        a perfect solution to this problem is impossible. I've implemented an
        optimistic solution, instead: JavaScript will drop its lock whenever it
        makes a direct call to non-JavaScript code through a bridging/plug-in API,
        but will blissfully ignore the indirect ways it may cause non-JavaScript 
        code to run (resizing a window, for example). 
        
        Unfortunately, this solution introduces significant locking overhead in 
        the bridging APIs. I don't see a way around that.

        This patch includes some distinct bug fixes I saw along the way:
        
        * bindings/objc/objc_instance.mm: Fixed a bug where a nested begin() call
        would leak its autorelease pool, because it would NULL out _pool without
        draining it.

        * bindings/runtime_object.cpp:
        (RuntimeObjectImp::methodGetter): Don't copy an Identifier to ASCII only
        to turn around and make an Identifier from the ASCII. In an earlier 
        version of this patch, the copy caused an assertion failure. Now it's 
        just unnecessary work.
        (RuntimeObjectImp::getOwnPropertySlot): ditto

        * bindings/objc/objc_instance.h: Removed overrides of setVAlueOfField and
        getValueOfField, because they did exactly what the base class versions did.
        Removed overrides of Noncopyable declarations for the same reason.

        * bindings/runtime.h: Inherit from Noncopyable instead of rolling our own.
        * bindings/c/c_instance.h: ditto

        And the actual patch:
        
        * API/JSCallbackConstructor.cpp: Drop all locks when calling out to C.
        (KJS::JSCallbackConstructor::construct):
        * API/JSCallbackFunction.cpp: ditto
        (KJS::JSCallbackFunction::callAsFunction):
        * API/JSCallbackObject.cpp: ditto
        (KJS::JSCallbackObject::init):
        (KJS::JSCallbackObject::~JSCallbackObject):
        (KJS::JSCallbackObject::getOwnPropertySlot):
        (KJS::JSCallbackObject::put):
        (KJS::JSCallbackObject::deleteProperty):
        (KJS::JSCallbackObject::construct):
        (KJS::JSCallbackObject::hasInstance):
        (KJS::JSCallbackObject::callAsFunction):
        (KJS::JSCallbackObject::getPropertyNames):
        (KJS::JSCallbackObject::toNumber):
        (KJS::JSCallbackObject::toString):
        (KJS::JSCallbackObject::staticValueGetter):
        (KJS::JSCallbackObject::callbackGetter):
        
        * bindings/c/c_instance.cpp: Drop all locks when calling out to C.
        (KJS::Bindings::CInstance::invokeMethod):
        (KJS::Bindings::CInstance::invokeDefaultMethod):
        * bindings/c/c_runtime.cpp: Drop all locks when calling out to C.
        (KJS::Bindings::CField::valueFromInstance):
        (KJS::Bindings::CField::setValueToInstance):
        * bindings/jni/jni_objc.mm:
        (KJS::Bindings::dispatchJNICall): Drop all locks when calling out to Java.

        * bindings/objc/objc_instance.mm: The changes here are to accomodate the
        fact that C++ unwinding of DropAllLocks goes crazy when you put it inside
        a @try block. I moved all JavaScript stuff outside of the @try blocks, and 
        then prefixed the whole blocks with DropAllLocks objects. This required some
        supporting changes in other functions, which now acquire the JSLock for
        themselves, intead of relying on their callers to do so.
        (ObjcInstance::end):
        (ObjcInstance::invokeMethod):
        (ObjcInstance::invokeDefaultMethod):
        (ObjcInstance::setValueOfUndefinedField):
        (ObjcInstance::getValueOfUndefinedField):
        * bindings/objc/objc_runtime.mm: Same as above, except I didn't want to
        change throwError to acquire the JSLock for itself.
        (ObjcField::valueFromInstance):
        (ObjcField::setValueToInstance):
        * bindings/objc/objc_utility.mm: Supporting changes mentioned above.
        (KJS::Bindings::convertValueToObjcValue):
        (KJS::Bindings::convertObjcValueToValue):

        * kjs/JSLock.cpp: 
        (1) Fixed DropAllLocks to behave as advertised, and drop the JSLock only 
        if the current thread actually acquired it in the first place. This is 
        important because WebKit needs to ensure that the JSLock has been 
        dropped before it makes a plug-in call, even though it doesn't know if 
        the current thread actually acquired the JSLock. (We don't want WebKit
        to accidentally drop a lock belonging to *another thread*.)
        (2) Used the new per-thread code written for (1) to make recursive calls
        to JSLock very cheap. JSLock now knows to call pthread_mutext_lock/ 
        pthread_mutext_unlock only at nesting level 0.
        (KJS::createDidLockJSMutex):
        (KJS::JSLock::lock):
        (KJS::JSLock::unlock):
        (KJS::DropAllLocks::DropAllLocks):
        (KJS::DropAllLocks::~DropAllLocks):
        (KJS::JSLock::lockCount):
        * kjs/JSLock.h: Don't duplicate Noncopyable.
        (KJS::JSLock::~JSLock):

        * wtf/Assertions.h: Blind attempt at helping the Windows build.

2007-03-08  MorganL  <morganl.webkit@yahoo.com>

        Reviewed by Darin.

        http://bugs.webkit.org/show_bug.cgi?id=13018
        Bug 13018: allow embedders to override the definition of CRASH.

        * wtf/Assertions.h: make it possible to override CRASH.

2007-03-07  Anrong Hu  <huanr@yahoo.com>

        Reviewed by Maciej.

        Fix http://bugs.webkit.org/show_bug.cgi?id=12535
        Bug 12535: Stack-optimizing compilers can trick GC into freeing in-use objects

        * kjs/internal.cpp:
        (KJS::StringImp::toObject): Copy val onto the stack so it is not subject to garbage collection.

2007-03-07  Geoffrey Garen  <ggaren@apple.com>

        Build fix for non-multiple-thread folks.
        
        Use a shared global in the non-multiple-thread case.

        * wtf/FastMalloc.cpp:
        (WTF::isForbidden):
        (WTF::fastMallocForbid):
        (WTF::fastMallocAllow):

2007-03-07  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.
        
        Fixed ASSERT failure I just introduced.
        
        Made the fastMalloc isForbidden flag per thread. (Oops!) We expect that
        other threads will malloc while we're marking -- we just want to prevent
        our own marking from malloc'ing.

        * wtf/FastMalloc.cpp:
        (WTF::initializeIsForbiddenKey):
        (WTF::isForbidden):
        (WTF::fastMallocForbid):
        (WTF::fastMallocAllow):
        (WTF::fastMalloc):
        (WTF::fastCalloc):
        (WTF::fastFree):
        (WTF::fastRealloc):
        (WTF::do_malloc):

2007-03-07  Shrikant Gangoda  <shrikant.gangoda@celunite.com>

        Reviewed by Maciej.

        http://bugs.webkit.org/show_bug.cgi?id=12997

        Wrap pthread-specific assertion in #if USE(MULTIPLE_THREADS).

        * kjs/collector.cpp:
        (KJS::Collector::markMainThreadOnlyObjects):

2007-03-06  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        Fixed <rdar://problem/4576242> | http://bugs.webkit.org/show_bug.cgi?id=12586
        PAC file: malloc deadlock sometimes causes a hang @ www.apple.com/pro/profiles/ (12586)
        
        This is a modified version of r14752 on the branch.
        
        These changes just add debugging functionality. They ASSERT that we don't 
        malloc during the mark phase of a garbage collection, which can cause a
        deadlock.

        * kjs/collector.cpp:
        (KJS::Collector::collect):
        * wtf/FastMalloc.cpp:
        (WTF::fastMallocForbid):
        (WTF::fastMallocAllow):
        (WTF::fastMalloc):
        (WTF::fastCalloc):
        (WTF::fastFree):
        (WTF::fastRealloc):
        (WTF::do_malloc):
        * wtf/FastMalloc.h:

2007-03-06  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        Fixed all known crashers exposed by run-webkit-tests --threaded. This covers:

        <rdar://problem/4565394> | http://bugs.webkit.org/show_bug.cgi?id=12585 
            PAC file: after closing a window that contains macworld.com, new window 
            crashes (KJS::PropertyMap::mark()) (12585)
        <rdar://problem/4571215> | http://bugs.webkit.org/show_bug.cgi?id=9211
            PAC file: Crash occurs when clicking on the navigation tabs at http://www.businessweek.com/ (9211)
        <rdar://problem/4557926> 
            PAC file: Crash occurs when attempting to view image in slideshow mode 
            at http://d.smugmug.com/gallery/581716 ( KJS::IfNode::execute (KJS::
            ExecState*) + 312) if you use a PAC file

        (1) Added some missing JSLocks, along with related ASSERTs.
        
        (2) Fully implemented support for objects that can only be garbage collected
        on the main thread. So far, only WebCore uses this. We can add it to API
        later if we learn that it's needed. 
        
        The implementation uses a "main thread only" flag inside each object. When 
        collecting on a secondary thread, the Collector does an extra pass through 
        the heap to mark all flagged objects before sweeping. This solution makes
        the common case -- flag lots of objects, but never collect on a secondary 
        thread -- very fast, even though the uncommon case of garbage collecting
        on a secondary thread isn't as fast as it could be. I left some notes 
        about how to speed it up, if we ever care.
        
        For posterity, here are some things I learned about GC while investigating:
        
        * Each collect must either mark or delete every heap object. "Zombie" 
        objects, which are neither marked nor deleted, raise these issues:

            * On the next pass, the conservative marking algorithm might mark a 
            zombie, causing it to mark freed objects.

            * The client might try to use a zombie, which would seem live because 
            its finalizer had not yet run.

        * A collect on the main thread is free to delete any object. Presumably, 
        objects allocated on secondary threads have thread-safe finalizers.

        * A collect on a secondary thread must not delete thread-unsafe objects.

        * The mark function must be thread-safe.
        
        Line by line comments:

        * API/JSObjectRef.h: Added comment specifying that the finalize callback 
        may run on any thread.

        * JavaScriptCore.exp: Nothing to see here.

        * bindings/npruntime.cpp:
        (_NPN_GetStringIdentifier): Added JSLock.

        * bindings/objc/objc_instance.h:
        * bindings/objc/objc_instance.mm:
        (ObjcInstance::~ObjcInstance): Use an autorelease pool. The other callers 
        to CFRelease needed one, too, but they were dead code, so I removed them 
        instead. (This fixes a leak seen while running run-webkit-tests --threaded,
        although I don't think it's specifically a threading issue.) 
        
        * kjs/collector.cpp:
        (KJS::Collector::collectOnMainThreadOnly): New function. Tells the collector
        to collect a value only if it's collecting on the main thread.
        (KJS::Collector::markMainThreadOnlyObjects): New function. Scans the heap
        for "main thread only" objects and marks them.

        * kjs/date_object.cpp: 
        (KJS::DateObjectImp::DateObjectImp): To make the new ASSERTs happy, allocate 
        our globals on the heap, avoiding a seemingly unsafe destructor call at 
        program exit time.
        * kjs/function_object.cpp:
        (FunctionPrototype::FunctionPrototype): ditto

        * kjs/interpreter.cpp:
        (KJS::Interpreter::mark): Removed boolean parameter, which was an incomplete
        and arguably hackish way to implement markMainThreadOnlyObjects() inside WebCore.
        * kjs/interpreter.h:

        * kjs/identifier.cpp:
        (KJS::identifierTable): Added some ASSERTs to check for thread safety 
        problems.

        * kjs/list.cpp: Added some ASSERTs to check for thread safety problems.
        (KJS::allocateListImp):
        (KJS::List::release):
        (KJS::List::append):
        (KJS::List::empty): Make the new ASSERTs happy.

        * kjs/object.h:
        (KJS::JSObject::JSObject): "m_destructorIsThreadSafe" => "m_collectOnMainThreadOnly".
        I removed the constructor parameter because m_collectOnMainThreadOnly,
        like m_marked, is a Collector bit, so only the Collector should set or get it.

        * kjs/object_object.cpp:
        (ObjectPrototype::ObjectPrototype): Make the ASSERTs happy.
        * kjs/regexp_object.cpp:
 &nb