073d2f4ad6c0902baac38d9bd4431c08cc8437ff
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-05-19  Anders Carlsson  <andersca@apple.com>
2
3         Remove link prerendering code
4         https://bugs.webkit.org/show_bug.cgi?id=116415
5
6         Reviewed by Darin Adler.
7
8         This code was only used by Chromium and is dead now.
9
10         * Configurations/FeatureDefines.xcconfig:
11
12 2013-05-18  Patrick Gansterer  <paroga@webkit.org>
13
14         [CMake] Replace *_LIBRARY_NAME with *_OUTPUT_NAME
15         https://bugs.webkit.org/show_bug.cgi?id=114554
16
17         Reviewed by Gyuyoung Kim.
18
19         Using variables as target names is very uncommon in CMake.
20         The usual way to specify the name of the resulting binary
21         is to set the OUTPUT_NAME target property.
22
23         * CMakeLists.txt:
24         * shell/CMakeLists.txt:
25
26 2013-05-17  Patrick Gansterer  <paroga@webkit.org>
27
28         [CMake] Remove invalid include paths
29         https://bugs.webkit.org/show_bug.cgi?id=116213
30
31         Reviewed by Gyuyoung Kim.
32
33         Since "${JAVASCRIPTCORE_DIR}/wtf" does not exist, it is safe
34         to remove them from the list of include directories.
35
36         * PlatformEfl.cmake: Removed.
37         * PlatformGTK.cmake: Removed.
38
39 2013-05-16  Patrick Gansterer  <paroga@webkit.org>
40
41         Consolidate lists in JavaScriptCore CMake files
42         https://bugs.webkit.org/show_bug.cgi?id=115992
43
44         Reviewed by Gyuyoung Kim.
45
46         Move common files into the CMakeLists.txt to avoid duplicating the list of files.
47         Also rebase the recently added GTK files to match the other CMake ports, since
48         the submitted patch was based on an older version of the source tree.
49
50         * CMakeLists.txt:
51         * PlatformEfl.cmake:
52         * PlatformGTK.cmake:
53         * shell/CMakeLists.txt:
54         * shell/PlatformEfl.cmake:
55         * shell/PlatformGTK.cmake:
56
57 2013-05-16  Geoffrey Garen  <ggaren@apple.com>
58
59         JSValue shouldn't protect/unprotect its context
60         https://bugs.webkit.org/show_bug.cgi?id=116234
61
62         Reviewed by Mark Hahnenberg.
63
64         Our retain on _context is sufficient.
65
66         * API/JSValue.mm:
67         (-[JSValue initWithValue:inContext:]):
68         (-[JSValue dealloc]):
69
70 2013-05-15  Ryosuke Niwa  <rniwa@webkit.org>
71
72         Another Windows build fix attempt after r150160.
73
74         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
75         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
76
77 2013-05-15  Oliver Hunt  <oliver@apple.com>
78
79         RefCountedArray needs to use vector initialisers for its backing store
80         https://bugs.webkit.org/show_bug.cgi?id=116194
81
82         Reviewed by Gavin Barraclough.
83
84         Use an out of line function to clear the exception stack to avoid
85         needing to include otherwise unnecessary headers all over the place.
86
87         Everything else is just being updated to use that.
88
89         * bytecompiler/BytecodeGenerator.cpp:
90         * interpreter/CallFrame.h:
91         (JSC::ExecState::clearSupplementaryExceptionInfo):
92         * interpreter/Interpreter.cpp:
93         (JSC::Interpreter::addStackTraceIfNecessary):
94         (JSC::Interpreter::throwException):
95         * runtime/JSGlobalObject.cpp:
96         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
97         * runtime/VM.cpp:
98         (JSC):
99         (JSC::VM::clearExceptionStack):
100         * runtime/VM.h:
101         (VM):
102         (JSC::VM::exceptionStack):
103
104 2013-05-15  Commit Queue  <commit-queue@webkit.org>
105
106         Unreviewed, rolling out r150051.
107         http://trac.webkit.org/changeset/150051
108         https://bugs.webkit.org/show_bug.cgi?id=116186
109
110         Broke all JSC tests on Mac and the author is unresponsive
111         (Requested by rniwa on #webkit).
112
113         * JavaScriptCore.xcodeproj/project.pbxproj:
114
115 2013-05-15  Julien Brianceau  <jbrianceau@nds.com>
116
117         Remove savedTimeoutReg from JITStackFrame for sh4 base JIT.
118         https://bugs.webkit.org/show_bug.cgi?id=116143
119
120         Reviewed by Geoffrey Garen.
121
122         Since r148119, timeoutCheckRegister is removed from baseline JIT.
123         So we don't need to save r8 register in JITStackFrame anymore for sh4.
124
125         * jit/JITStubs.cpp:
126         * jit/JITStubs.h:
127         (JITStackFrame):
128
129 2013-05-15  Nico Weber  <thakis@chromium.org>
130
131         WebKit doesn't support MSVS2003 any more, remove preprocessor checks for older versions.
132         https://bugs.webkit.org/show_bug.cgi?id=116157
133
134         Reviewed by Anders Carlsson.
135
136         Also remove a gcc3.2 workaround.
137
138         Merges parts of these two commits by the talented Nico Weber:
139         https://chromium.googlesource.com/chromium/blink/+/3677e2f47348daeff405a40b6f90fbdf0654c2f5
140         https://chromium.googlesource.com/chromium/blink/+/0fcd96c448dc30be1416dcc15713c53710c1a312
141
142         * os-win32/inttypes.h:
143
144 2013-05-13  Alvaro Lopez Ortega  <alvaro@alobbs.com>
145
146         Nightly build's jsc doesn't work without DYLD_FRAMEWORK...
147         https://bugs.webkit.org/show_bug.cgi?id=79065
148
149         Reviewed by Darin Adler.
150
151         Fixes the build process so the depencencies of the jsc binary are
152         modified before its copied to its target directory. In this way
153         jsc should always use relative reference to the JavaScriptCore
154         libraries.
155
156         * JavaScriptCore.xcodeproj/project.pbxproj: Fixes the commands in
157         the "Copy Into Framework" target.
158
159 2013-05-13  Mark Hahnenberg  <mhahnenberg@apple.com>
160
161         Objective-C API: scanExternalObjectGraph should not create new JSVirtualMachine wrappers
162         https://bugs.webkit.org/show_bug.cgi?id=116074
163
164         If scanExternalObjectGraph creates a new JSVirtualMachine wrapper during collection, when the 
165         scanExternalObjectGraph call finishes and the autorelease pool is drained we will dealloc the 
166         JSVirtualMachine which will cause us to try to take the API lock for the corresponding VM. 
167         If this happens on a GC thread other than the "main" thread, we will deadlock. The solution 
168         is to just check the VM cache, and if there is no JSVirtualMachine wrapper, return early.
169
170         Reviewed by Darin Adler.
171
172         * API/JSVirtualMachine.mm:
173         (scanExternalObjectGraph):
174
175 2013-05-13  Benjamin Poulain  <benjamin@webkit.org>
176
177         Improve stringProtoFuncLastIndexOf for the prefix case
178         https://bugs.webkit.org/show_bug.cgi?id=115952
179
180         Reviewed by Geoffrey Garen.
181
182         * runtime/StringPrototype.cpp:
183         (JSC::stringProtoFuncLastIndexOf):
184         Use the optimized string search when possible.
185
186         On Joseph Pecoraro's tests, this gives a ~30% speed improvement.
187
188 2013-05-13  Zalan Bujtas  <zalan@apple.com>
189
190         WebProcess consuming very high CPU on linkedin.com
191         https://bugs.webkit.org/show_bug.cgi?id=115601
192
193         Reviewed by Andreas Kling.
194
195         Disable WEB_TIMING_MINIMAL.
196         Turn off window.performance and performance.now(). Some JS frameworks expect
197         additional Web Timing APIs, when performance.now() is available.
198
199         * Configurations/FeatureDefines.xcconfig:
200
201 2013-05-12  Anders Carlsson  <andersca@apple.com>
202
203         Stop including UnusedParam.h
204         https://bugs.webkit.org/show_bug.cgi?id=116003
205
206         Reviewed by Sam Weinig.
207
208         UnusedParam.h is empty now so there's no need to include it anymore.
209
210         * API/APICast.h:
211         * API/tests/JSNode.c:
212         * API/tests/JSNodeList.c:
213         * API/tests/minidom.c:
214         * API/tests/testapi.c:
215         * assembler/AbstractMacroAssembler.h:
216         * assembler/MacroAssemblerCodeRef.h:
217         * bytecode/CodeBlock.cpp:
218         * heap/HandleStack.h:
219         * interpreter/JSStackInlines.h:
220         * jit/CompactJITCodeMap.h:
221         * jit/ExecutableAllocator.h:
222         * parser/SourceProvider.h:
223         * runtime/DatePrototype.cpp:
224         * runtime/JSNotAnObject.cpp:
225         * runtime/JSSegmentedVariableObject.h:
226         * runtime/JSVariableObject.h:
227         * runtime/Options.cpp:
228         * runtime/PropertyOffset.h:
229
230 2013-05-11  Martin Robinson  <mrobinson@igalia.com>
231
232         [GTK] Add a basic cmake build for WTF and JavaScriptCore
233         https://bugs.webkit.org/show_bug.cgi?id=115967
234
235         Reviewed by Laszlo Gombos.
236
237         * PlatformGTK.cmake: Added.
238         * shell/PlatformGTK.cmake: Added.
239
240 2013-05-10  Laszlo Gombos  <l.gombos@samsung.com>
241
242         Remove USE(OS_RANDOMNESS)
243         https://bugs.webkit.org/show_bug.cgi?id=108095
244
245         Reviewed by Darin Adler.
246
247         Remove the USE(OS_RANDOMNESS) guard as it is turned on for all
248         ports.
249
250         * jit/JIT.cpp:
251         (JSC::JIT::JIT):
252
253 2013-05-10  Mark Hahnenberg  <mhahnenberg@apple.com>
254
255         Rename StructureCheckHoistingPhase to TypeCheckHoistingPhase
256         https://bugs.webkit.org/show_bug.cgi?id=115938
257
258         We're going to add some more types of check hoisting soon, so let's have the right name here.
259
260         Rubber stamped by Filip Pizlo.
261         
262         * CMakeLists.txt:
263         * GNUmakefile.list.am:
264         * JavaScriptCore.xcodeproj/project.pbxproj:
265         * Target.pri:
266         * dfg/DFGDriver.cpp:
267         (JSC::DFG::compile):
268         * dfg/DFGStructureCheckHoistingPhase.cpp: Removed.
269         * dfg/DFGStructureCheckHoistingPhase.h: Removed.
270         * dfg/DFGTypeCheckHoistingPhase.cpp: Copied from Source/JavaScriptCore/dfg/DFGStructureCheckHoistingPhase.cpp.
271         (JSC::DFG::TypeCheckHoistingPhase::TypeCheckHoistingPhase):
272         (JSC::DFG::performTypeCheckHoisting):
273         * dfg/DFGTypeCheckHoistingPhase.h: Copied from Source/JavaScriptCore/dfg/DFGStructureCheckHoistingPhase.h.
274
275 2013-05-09  Christophe Dumez  <ch.dumez@sisa.samsung.com>
276
277         Unreviewed build fix after r149836.
278
279         It broke at least EFL and GTK builds. Move new static members initialization
280         outside the class. Those need to have a definition outside the class because
281         their address is used (e.g. CodeCacheMap::nonGlobalWorkingSetMaxEntries).
282
283         * runtime/CodeCache.cpp:
284         (JSC):
285         * runtime/CodeCache.h:
286         (CodeCacheMap):
287
288 2013-05-08  Oliver Hunt  <oliver@apple.com>
289
290         Code cache stores bogus var references for functions in eval code
291         https://bugs.webkit.org/show_bug.cgi?id=115747
292
293         Reviewed by Mark Hahnenberg.
294
295         Non-global eval now uses a per-CodeBlock cache, and only use it
296         when we're at the top of a function's scope.  This means that we
297         will no longer cache the parsing of a single string across
298         multiple functions, and we won't cache when we're nested inside
299         constructs like |with| and |catch| where previously we would, which
300         is good because caching in those cases is unsound.
301
302         * bytecode/EvalCodeCache.h:
303         (JSC):
304         (JSC::EvalCodeCache::getSlow):
305         (JSC::EvalCodeCache::get):
306         * bytecode/UnlinkedCodeBlock.h:
307         (JSC::UnlinkedCodeBlock::codeCacheForEval):
308         (UnlinkedCodeBlock):
309         (RareData):
310         * debugger/Debugger.cpp:
311         (JSC::evaluateInGlobalCallFrame):
312         * debugger/DebuggerCallFrame.cpp:
313         (JSC::DebuggerCallFrame::evaluate):
314         * interpreter/Interpreter.cpp:
315         (JSC::eval):
316         * runtime/CodeCache.cpp:
317         (JSC::CodeCache::CodeCache):
318         (JSC::CodeCache::generateBytecode):
319         (JSC):
320         (JSC::CodeCache::getCodeBlock):
321         * runtime/CodeCache.h:
322         (JSC::CodeCacheMap::CodeCacheMap):
323         (CodeCacheMap):
324         (JSC::CodeCacheMap::canPruneQuickly):
325         (JSC::CodeCacheMap::prune):
326         (JSC::CodeCache::create):
327         (CodeCache):
328         * runtime/Executable.cpp:
329         (JSC::EvalExecutable::EvalExecutable):
330         (JSC::EvalExecutable::compileInternal):
331         * runtime/Executable.h:
332         (JSC::EvalExecutable::create):
333         (EvalExecutable):
334         * runtime/JSGlobalObject.cpp:
335         (JSC::JSGlobalObject::createEvalCodeBlock):
336         * runtime/JSGlobalObject.h:
337         (JSGlobalObject):
338         * runtime/JSGlobalObjectFunctions.cpp:
339         (JSC::globalFuncEval):
340         * runtime/VM.cpp:
341         (JSC::VM::VM):
342         * runtime/VM.h:
343         (VM):
344
345 2013-05-08  Mark Hahnenberg  <mhahnenberg@apple.com>
346
347         DFGArrayMode::fromObserved is too liberal when it sees different Array and NonArray shapes
348         https://bugs.webkit.org/show_bug.cgi?id=115805
349
350         Reviewed by Geoffrey Garen.
351
352         It checks the observed ArrayModes to see if we have seen any ArrayWith* first. If so, it assumes it's 
353         an Array::Array, even if we've also observed any NonArrayWith* in the ArrayProfile. This leads to the 
354         code generated by jumpSlowForUnwantedArrayMode to check the indexing type against (shape | IsArray) 
355         instead of just shape, which can cause us to exit a lot in the case that we saw a NonArray.
356
357         To fix this we need to add a case that checks for both ArrayWith* and NonArrayWith* cases first, which 
358         should then use Array::PossiblyArray, then do the checks we were already doing.
359
360         * bytecode/ArrayProfile.h:
361         (JSC::hasSeenArray):
362         (JSC::hasSeenNonArray):
363         * dfg/DFGArrayMode.cpp:
364         (JSC::DFG::ArrayMode::fromObserved):
365
366 2013-05-09  Joe Mason  <jmason@blackberry.com>
367
368         [BlackBerry] Set up logging buffer on start of jsc executable
369         https://bugs.webkit.org/show_bug.cgi?id=114688
370
371         Reviewed by Rob Buis.
372
373         Internal PR: 322715
374         Internally Reviewed By: Jeff Rogers
375
376         * jsc.cpp:
377         (main): call BB::Platform::setupApplicationLogging
378
379 2013-05-08  Michael Saboff  <msaboff@apple.com>
380
381         JSC: There should be a disassembler for ARM Thumb 2
382         https://bugs.webkit.org/show_bug.cgi?id=115827
383
384         Reviewed by Filip Pizlo.
385
386         Added a new disassembler for ARMv7 Thumb2 instructions for use by the JSC debugging
387         and profiling code.  The opcode coverage is currently not complete.  It covers all
388         of the integer instructions JSC currently emits, but only a limited number of
389         floating point opcodes.  Currently that is just the 64 bit vmov and vmsr instructions.
390
391         The disassembler is structured as a base opcode class ARMv7DOpcode with sub-classes
392         for each instruction group.  There is a public format method that does the bulk of
393         the disassembly work.  There are two broad sub-classes, ARMv7D16BitOpcode and
394         ARMv7D32BitOpcode, for the 16 bit and 32 bit opcodes.  There are sub-classes under
395         those two classes for individual and related groups of opcodes.  Instructions are
396         "dispatched" to the right subclass via two arrays of linked lists in the inner classes
397         OpcodeGroup.  There is one such inner class for each ARMv7D16BitOpcode and ARMv7D32BitOpcode.
398         Each OpcodeGroup has a mask and a pattern that it applies to the instruction to determine
399         that it matches a particular group.  OpcodeGroup uses a static method to reinterpret_cast
400         the Opcode object to the right base class for the instruction group for formatting.
401         The cast eliminates the need of allocating an object for each decoded instruction.
402         Unknown instructions are formatted as ".word 1234" or ".long 12345678" depending whether
403         the instruction is 16 or 32 bit.
404
405         * JavaScriptCore.xcodeproj/project.pbxproj:
406         * disassembler/ARMv7: Added.
407         * disassembler/ARMv7/ARMv7DOpcode.cpp: Added.
408         (ARMv7Disassembler):
409         (OpcodeGroupInitializer):
410         (JSC::ARMv7Disassembler::ARMv7DOpcode::init):
411         (JSC::ARMv7Disassembler::ARMv7DOpcode::startITBlock):
412         (JSC::ARMv7Disassembler::ARMv7DOpcode::saveITConditionAt):
413         (JSC::ARMv7Disassembler::ARMv7DOpcode::fetchOpcode):
414         (JSC::ARMv7Disassembler::ARMv7DOpcode::disassemble):
415         (JSC::ARMv7Disassembler::ARMv7DOpcode::bufferPrintf):
416         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendInstructionName):
417         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendRegisterName):
418         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendRegisterList):
419         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendFPRegisterName):
420         (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::init):
421         (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::doDisassemble):
422         (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::defaultFormat):
423         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::format):
424         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::format):
425         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::format):
426         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::format):
427         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::format):
428         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::format):
429         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::format):
430         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchT2::format):
431         (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::format):
432         (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT1::format):
433         (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::format):
434         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::format):
435         (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::format):
436         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::format):
437         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::format):
438         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::format):
439         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::format):
440         (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::format):
441         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::format):
442         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscBreakpointT1::format):
443         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::format):
444         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::format):
445         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::format):
446         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::format):
447         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::format):
448         (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::format):
449         (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::format):
450         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::init):
451         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::doDisassemble):
452         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::defaultFormat):
453         (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::format):
454         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::format):
455         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::appendModifiedImmediate):
456         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::format):
457         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::appendImmShift):
458         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::format):
459         (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::format):
460         (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::appendFPRegister):
461         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegShift::format):
462         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::format):
463         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegParallel::format):
464         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegMisc::format):
465         (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::format):
466         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadRegister::format):
467         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::format):
468         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadUnsignedImmediate::format):
469         (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::format):
470         (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::format):
471         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::format):
472         (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate12::format):
473         (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::format):
474         (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleRegister::format):
475         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::format):
476         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::format):
477         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::format):
478         * disassembler/ARMv7/ARMv7DOpcode.h: Added.
479         (ARMv7Disassembler):
480         (ARMv7DOpcode):
481         (JSC::ARMv7Disassembler::ARMv7DOpcode::ARMv7DOpcode):
482         (JSC::ARMv7Disassembler::ARMv7DOpcode::is32BitInstruction):
483         (JSC::ARMv7Disassembler::ARMv7DOpcode::isFPInstruction):
484         (JSC::ARMv7Disassembler::ARMv7DOpcode::conditionName):
485         (JSC::ARMv7Disassembler::ARMv7DOpcode::shiftName):
486         (JSC::ARMv7Disassembler::ARMv7DOpcode::inITBlock):
487         (JSC::ARMv7Disassembler::ARMv7DOpcode::startingITBlock):
488         (JSC::ARMv7Disassembler::ARMv7DOpcode::endITBlock):
489         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendInstructionNameNoITBlock):
490         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendSeparator):
491         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendCharacter):
492         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendString):
493         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendShiftType):
494         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendSignedImmediate):
495         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendUnsignedImmediate):
496         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendPCRelativeOffset):
497         (JSC::ARMv7Disassembler::ARMv7DOpcode::appendShiftAmount):
498         (ARMv7D16BitOpcode):
499         (OpcodeGroup):
500         (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::OpcodeGroup):
501         (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::setNext):
502         (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::next):
503         (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::matches):
504         (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::format):
505         (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::rm):
506         (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::rd):
507         (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::opcodeGroupNumber):
508         (ARMv7DOpcodeAddRegisterT2):
509         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::rdn):
510         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::rm):
511         (ARMv7DOpcodeAddSPPlusImmediate):
512         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::rd):
513         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::immediate8):
514         (ARMv7DOpcodeAddSubtract):
515         (ARMv7DOpcodeAddSubtractT1):
516         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::opName):
517         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::op):
518         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::rm):
519         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::rn):
520         (ARMv7DOpcodeAddSubtractImmediate3):
521         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::opName):
522         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::op):
523         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::immediate3):
524         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::rn):
525         (ARMv7DOpcodeAddSubtractImmediate8):
526         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::opName):
527         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::op):
528         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::rdn):
529         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::immediate8):
530         (ARMv7DOpcodeBranchConditionalT1):
531         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::condition):
532         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::offset):
533         (ARMv7DOpcodeBranchExchangeT1):
534         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::opName):
535         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::rm):
536         (ARMv7DOpcodeBranchT2):
537         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchT2::immediate11):
538         (ARMv7DOpcodeCompareImmediateT1):
539         (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::rn):
540         (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::immediate8):
541         (ARMv7DOpcodeCompareRegisterT1):
542         (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT1::rn):
543         (ARMv7DOpcodeCompareRegisterT2):
544         (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::rn):
545         (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::rm):
546         (ARMv7DOpcodeDataProcessingRegisterT1):
547         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::opName):
548         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::op):
549         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::rm):
550         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::rdn):
551         (ARMv7DOpcodeGeneratePCRelativeAddress):
552         (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::rd):
553         (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::immediate8):
554         (ARMv7DOpcodeLoadFromLiteralPool):
555         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::rt):
556         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::immediate8):
557         (ARMv7DOpcodeLoadStoreRegisterImmediate):
558         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::opName):
559         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::op):
560         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::immediate5):
561         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::rn):
562         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::rt):
563         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::scale):
564         (ARMv7DOpcodeLoadStoreRegisterImmediateWordAndByte):
565         (ARMv7DOpcodeLoadStoreRegisterImmediateHalfWord):
566         (ARMv7DOpcodeLoadStoreRegisterOffsetT1):
567         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::opName):
568         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::opB):
569         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rm):
570         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rn):
571         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rt):
572         (ARMv7DOpcodeLoadStoreRegisterSPRelative):
573         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::opName):
574         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::op):
575         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::rt):
576         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::immediate8):
577         (ARMv7DOpcodeLogicalImmediateT1):
578         (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::opName):
579         (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::op):
580         (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::immediate5):
581         (ARMv7DOpcodeMiscAddSubSP):
582         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::opName):
583         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::op):
584         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::immediate7):
585         (ARMv7DOpcodeMiscByteHalfwordOps):
586         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::opName):
587         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::op):
588         (ARMv7DOpcodeMiscBreakpointT1):
589         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscBreakpointT1::immediate8):
590         (ARMv7DOpcodeMiscCompareAndBranch):
591         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::opName):
592         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::op):
593         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::immediate6):
594         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::rn):
595         (ARMv7DOpcodeMiscHint16):
596         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::opName):
597         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::opA):
598         (ARMv7DOpcodeMiscIfThenT1):
599         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::firstCondition):
600         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::mask):
601         (ARMv7DOpcodeMiscPushPop):
602         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::opName):
603         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::op):
604         (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::registerMask):
605         (ARMv7DOpcodeMoveImmediateT1):
606         (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::rd):
607         (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::immediate8):
608         (ARMv7DOpcodeMoveRegisterT1):
609         (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::rd):
610         (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::rm):
611         (ARMv7D32BitOpcode):
612         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::OpcodeGroup):
613         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::setNext):
614         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::next):
615         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::matches):
616         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::format):
617         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rd):
618         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rm):
619         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rn):
620         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rt):
621         (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::opcodeGroupNumber):
622         (ARMv7DOpcodeBranchRelative):
623         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::sBit):
624         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::j1):
625         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::j2):
626         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::immediate11):
627         (ARMv7DOpcodeConditionalBranchT3):
628         (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::offset):
629         (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::condition):
630         (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::immediate6):
631         (ARMv7DOpcodeBranchOrBranchLink):
632         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::offset):
633         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::immediate10):
634         (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::isBL):
635         (ARMv7DOpcodeDataProcessingLogicalAndRithmetic):
636         (ARMv7DOpcodeDataProcessingModifiedImmediate):
637         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::opName):
638         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::op):
639         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::sBit):
640         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::immediate12):
641         (ARMv7DOpcodeDataProcessingShiftedReg):
642         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::opName):
643         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::sBit):
644         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::op):
645         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::immediate5):
646         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::type):
647         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::tbBit):
648         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::tBit):
649         (ARMv7DOpcodeDataProcessingReg):
650         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingReg::op1):
651         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingReg::op2):
652         (ARMv7DOpcodeDataProcessingRegShift):
653         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegShift::opName):
654         (ARMv7DOpcodeDataProcessingRegExtend):
655         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::opExtendName):
656         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::opExtendAndAddName):
657         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::rotate):
658         (ARMv7DOpcodeDataProcessingRegParallel):
659         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegParallel::opName):
660         (ARMv7DOpcodeDataProcessingRegMisc):
661         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegMisc::opName):
662         (ARMv7DOpcodeHint32):
663         (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::opName):
664         (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::isDebugHint):
665         (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::debugOption):
666         (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::op):
667         (ARMv7DOpcodeFPTransfer):
668         (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opH):
669         (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opL):
670         (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::rt):
671         (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opC):
672         (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opB):
673         (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::vd):
674         (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::vn):
675         (ARMv7DOpcodeDataLoad):
676         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataLoad::opName):
677         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataLoad::op):
678         (ARMv7DOpcodeLoadRegister):
679         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadRegister::immediate2):
680         (ARMv7DOpcodeLoadSignedImmediate):
681         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::pBit):
682         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::uBit):
683         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::wBit):
684         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::immediate8):
685         (ARMv7DOpcodeLoadUnsignedImmediate):
686         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadUnsignedImmediate::immediate12):
687         (ARMv7DOpcodeLongMultipleDivide):
688         (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::opName):
689         (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlalOpName):
690         (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlaldOpName):
691         (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlsldOpName):
692         (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::rdLo):
693         (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::rdHi):
694         (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::op1):
695         (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::op2):
696         (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::nBit):
697         (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::mBit):
698         (ARMv7DOpcodeDataPushPopSingle):
699         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::opName):
700         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::op):
701         (ARMv7DOpcodeDataStoreSingle):
702         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataStoreSingle::opName):
703         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataStoreSingle::op):
704         (ARMv7DOpcodeStoreSingleImmediate12):
705         (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate12::immediate12):
706         (ARMv7DOpcodeStoreSingleImmediate8):
707         (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::pBit):
708         (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::uBit):
709         (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::wBit):
710         (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::immediate8):
711         (ARMv7DOpcodeStoreSingleRegister):
712         (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleRegister::immediate2):
713         (ARMv7DOpcodeUnmodifiedImmediate):
714         (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::opName):
715         (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::op):
716         (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::shBit):
717         (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::bitNumOrSatImmediate):
718         (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate5):
719         (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate12):
720         (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate16):
721         (ARMv7DOpcodeVMOVDoublePrecision):
722         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::op):
723         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::rt2):
724         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::rt):
725         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::vm):
726         (ARMv7DOpcodeVMOVSinglePrecision):
727         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::op):
728         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::rt2):
729         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::rt):
730         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::vm):
731         (ARMv7DOpcodeVMSR):
732         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::opL):
733         (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::rt):
734         * disassembler/ARMv7Disassembler.cpp: Added.
735         (JSC::tryToDisassemble):
736
737 2013-05-07  Julien Brianceau  <jbrianceau@nds.com>
738
739         Take advantage of pre-decrement and post-increment opcodes for sh4 base JIT.
740         https://bugs.webkit.org/show_bug.cgi?id=115722
741
742         Reviewed by Oliver Hunt.
743
744         * assembler/MacroAssemblerSH4.h:
745         (JSC::MacroAssemblerSH4::load8PostInc):
746         (MacroAssemblerSH4):
747         (JSC::MacroAssemblerSH4::load16Unaligned):
748         (JSC::MacroAssemblerSH4::load16PostInc):
749         (JSC::MacroAssemblerSH4::storeDouble):
750         (JSC::MacroAssemblerSH4::load32WithUnalignedHalfWords):
751         * assembler/SH4Assembler.h:
752         (JSC::SH4Assembler::movwMemRegIn):
753         (SH4Assembler):
754         (JSC::SH4Assembler::movbMemRegIn):
755         (JSC::SH4Assembler::printInstr):
756
757 2013-05-07  Anders Carlsson  <andersca@apple.com>
758
759         Remove AlwaysInline.h from WTF
760         https://bugs.webkit.org/show_bug.cgi?id=115727
761
762         Reviewed by Brent Fulgham.
763
764         The macro that used to be in AlwaysInline.h is now in Compiler.h so there's no reason
765         to keep AlwaysInline.h around anymore.
766
767         * jit/JSInterfaceJIT.h:
768         * parser/Lexer.h:
769         * runtime/JSCJSValue.h:
770         * runtime/SymbolTable.h:
771
772 2013-05-07  Mikhail Pozdnyakov  <mikhail.pozdnyakov@intel.com>
773
774         HashTraits<RefPtr<P> >::PeekType should be raw pointer for better performance
775         https://bugs.webkit.org/show_bug.cgi?id=115646
776
777         Reviewed by Darin Adler.
778
779         * bytecompiler/StaticPropertyAnalyzer.h:
780         (JSC::StaticPropertyAnalyzer::putById):
781             Updated accordingly to new HashMap<.., RefPtr>::get() semantics.
782
783 2013-05-06  Julien Brianceau  <jbrianceau@nds.com>
784
785         Misc bugfix and cleaning in sh4 base JIT.
786         https://bugs.webkit.org/show_bug.cgi?id=115627
787
788         Reviewed by Oliver Hunt.
789
790         Get rid of loadX(RegisterID r0, RegisterID src, RegisterID dest) functions.
791         Remove misplaced extuw() implementation from MacroAssemblerSH4.
792         Add movbRegMemr0 and movwRegMemr0 functions in SH4Assembler.
793
794         * assembler/MacroAssemblerSH4.h:
795         (JSC::MacroAssemblerSH4::add32): Skip operation when first operand is a zero immediate.
796         (JSC::MacroAssemblerSH4::sub32): Skip operation when first operand is a zero immediate.
797         (JSC::MacroAssemblerSH4::load32): Fix wrong usage of r0 register.
798         (JSC::MacroAssemblerSH4::load8Signed): Handle "base == r0" case.
799         (MacroAssemblerSH4):
800         (JSC::MacroAssemblerSH4::load16): Handle "base == r0" case.
801         (JSC::MacroAssemblerSH4::load16Unaligned): Use extuw() implementation from SH4Assembler.
802         (JSC::MacroAssemblerSH4::load16Signed): Cosmetic change.
803         (JSC::MacroAssemblerSH4::store8): Fix unhandled BaseIndex offset and handle (base == r0) case.
804         (JSC::MacroAssemblerSH4::store16): Fix unhandled BaseIndex offset and handle (base == r0) case.
805         (JSC::MacroAssemblerSH4::store32):
806         * assembler/SH4Assembler.h:
807         (JSC::SH4Assembler::movwRegMemr0):
808         (SH4Assembler):
809         (JSC::SH4Assembler::movbRegMemr0):
810         (JSC::SH4Assembler::placeConstantPoolBarrier): Cosmetic change.
811         (JSC::SH4Assembler::maxJumpReplacementSize):
812         (JSC::SH4Assembler::replaceWithJump): Correct branch range and save an opcode.
813         (JSC::SH4Assembler::printInstr):
814
815 2013-05-06  Anders Carlsson  <andersca@apple.com>
816
817         Stop using WTF::deleteAllValues in JavaScriptCore
818         https://bugs.webkit.org/show_bug.cgi?id=115670
819
820         Reviewed by Oliver Hunt.
821
822         Change the Vectors used to Vectors of OwnPtrs instead.
823
824         * heap/DFGCodeBlocks.cpp:
825         (JSC::DFGCodeBlocks::~DFGCodeBlocks):
826         (JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks):
827
828 2013-05-06  Andras Becsi  <andras.becsi@digia.com>
829
830         Build with GCC 4.8 fails because of -Wmaybe-uninitialized
831         https://bugs.webkit.org/show_bug.cgi?id=115648
832
833         Reviewed by Michael Saboff.
834
835         Initialize values in Options::setOption since from
836         there we end up calling OptionRange::init with
837         uninitialized members.
838
839         * runtime/Options.cpp:
840
841 2013-05-06  Gabor Rapcsanyi  <rgabor@webkit.org>
842
843         JSC ARM traditional failing on Octane NavierStokes test
844         https://bugs.webkit.org/show_bug.cgi?id=115626
845
846         Reviewed by Zoltan Herczeg.
847
848         Change the ARM traditional assembler to use double precision on value
849         conversions.
850
851         * assembler/ARMAssembler.h:
852
853 2013-05-03  Michael Saboff  <msaboff@apple.com>
854
855         There should be a runtime option to constrain what functions get DFG compiled
856         https://bugs.webkit.org/show_bug.cgi?id=115576
857
858         Reviewed by Mark Hahnenberg.
859
860         Added OptionRange to Options to allow checking that something is within an option
861         or not.  The new OptionClass supports range strings in the form of [!]<low>[:<high>].
862         If only one value is given, then it will be used for both low and high.  A leading
863         '!' inverts the check.  If no range is given, then checking for a value within a range
864         will always return true.  Added the option "bytecodeRangeToDFGCompile" that takes an
865         OptionRange string to select the bytecode range of code blocks to DFG compile.
866
867         * dfg/DFGDriver.cpp:
868         (JSC::DFG::compile): Added new check for bytecode count within bytecodeRangeToDFGCompile
869         range.
870         * runtime/Options.cpp:
871         (JSC::parse): Added overloaded parse() for OptionRange.
872         (JSC::OptionRange::init): Parse range string and then initialize the range.
873         (JSC::OptionRange::isInRange): Function used by consumer to check if a value is within
874         the specified range.
875         (JSC::Options::dumpOption): Added code to dump OptionRange options.
876         * runtime/Options.h:
877         (OptionRange): New class.
878         (JSC::OptionRange::operator= ): This is really used as a default ctor for use within
879         the Option static array initialization.
880         (JSC::OptionRange::rangeString): This is used for debug.  It assumes that the char*
881         passed into OptionRange::init is valid when this function is called.
882
883 2013-05-02  Oliver Hunt  <oliver@apple.com>
884
885         Fix potential bug in lookup logic
886         https://bugs.webkit.org/show_bug.cgi?id=115522
887
888         Reviewed by Mark Hahnenberg.
889
890         Though not a problem in practise, it is technically possible
891         to inject an un-proxied global object into the scope chain
892         via the C API.  This change makes sure that the scope walk
893         in BytecodeGenerator actually limits itself to scopes that
894         are statically bindable.
895
896         * bytecompiler/BytecodeGenerator.cpp:
897         (JSC::BytecodeGenerator::resolve):
898         * runtime/JSObject.h:
899         (JSObject):
900         (JSC):
901         (JSC::JSObject::isStaticScopeObject):
902
903 2013-05-01  Roger Fong  <roger_fong@apple.com>
904
905         Set Path in makefile for AppleWin.
906
907         * JavaScriptCore.vcxproj/JavaScriptCore.make:
908
909 2013-05-01  Benjamin Poulain  <benjamin@webkit.org>
910
911         Remove the remaining wscript
912         https://bugs.webkit.org/show_bug.cgi?id=115459
913
914         Reviewed by Andreas Kling.
915
916         * wscript: Removed.
917
918 2013-04-30  Mark Lam  <mark.lam@apple.com>
919
920         JSContextGroupSetExecutionTimeLimit() should not pass a callback to the
921         VM watchdog if its client did not pass one in.
922         https://bugs.webkit.org/show_bug.cgi?id=115461.
923
924         Reviewed by Geoffrey Garen.
925
926         * API/JSContextRef.cpp:
927         (internalScriptTimeoutCallback):
928         (JSContextGroupSetExecutionTimeLimit):
929         * API/tests/testapi.c:
930         (main):
931         - Added test case when the time limit callback is 0.
932         - Also updated a check to verify that a TerminatedExecutionException is
933           thrown when the time out is cancelled.
934         - Also fixed some cosmetic typos.
935
936 2013-04-30  Geoffrey Garen  <ggaren@apple.com>
937
938         Removed op_ensure_property_exists
939         https://bugs.webkit.org/show_bug.cgi?id=115460
940
941         Reviewed by Mark Hahnenberg.
942
943         It was unused, and whatever it was once used for was not optimized.
944
945         * JavaScriptCore.order:
946         * bytecode/CodeBlock.cpp:
947         (JSC::CodeBlock::dumpBytecode):
948         * bytecode/Opcode.h:
949         (JSC::padOpcodeName):
950         * jit/JIT.cpp:
951         (JSC::JIT::privateCompileMainPass):
952         * jit/JIT.h:
953         * jit/JITOpcodes.cpp:
954         * jit/JITOpcodes32_64.cpp:
955         * jit/JITStubs.cpp:
956         * jit/JITStubs.h:
957         * llint/LLIntSlowPaths.cpp:
958         * llint/LLIntSlowPaths.h:
959         * llint/LowLevelInterpreter.asm:
960
961 2013-04-30  Oliver Hunt  <oliver@apple.com>
962
963         JSC Stack walking logic craches in the face of inlined functions triggering VM re-entry
964         https://bugs.webkit.org/show_bug.cgi?id=115449
965
966         Reviewed by Geoffrey Garen.
967
968         Rename callframeishost to something that makes sense, and fix
969         getCallerInfo to correctly handle inline functions calling into
970         the VM.
971
972         * bytecode/CodeBlock.cpp:
973         (JSC::CodeBlock::codeOriginForReturn):
974           Make this more robust in the face of incorrect stack walking
975         * interpreter/CallFrame.cpp:
976         (JSC::CallFrame::trueCallerFrame):
977           Everyone has to perform a codeblock() check before calling this
978           so we might as well just do it here.
979         * interpreter/Interpreter.cpp:
980         (JSC::getCallerInfo):
981
982 2013-04-30  Julien Brianceau  <jbrianceau@nds.com>
983
984         Bug fixing in sh4 base JIT and LLINT.
985         https://bugs.webkit.org/show_bug.cgi?id=115420
986
987         Reviewed by Oliver Hunt.
988
989         * assembler/MacroAssemblerSH4.h:
990         (JSC::MacroAssemblerSH4::lshift32):
991         (JSC::MacroAssemblerSH4::rshift32):
992         (JSC::MacroAssemblerSH4::branchMul32):
993         (JSC::MacroAssemblerSH4::urshift32):
994         (JSC::MacroAssemblerSH4::replaceWithJump):
995         (JSC::MacroAssemblerSH4::maxJumpReplacementSize):
996         * assembler/SH4Assembler.h:
997         (JSC::SH4Assembler::shldRegReg):
998         (JSC::SH4Assembler::shadRegReg):
999         (JSC::SH4Assembler::shalImm8r):
1000         (SH4Assembler):
1001         (JSC::SH4Assembler::sharImm8r):
1002         (JSC::SH4Assembler::maxJumpReplacementSize):
1003         (JSC::SH4Assembler::replaceWithJump):
1004         * offlineasm/sh4.rb:
1005
1006 2013-04-30  Geoffrey Garen  <ggaren@apple.com>
1007
1008         Objective-C JavaScriptCore API should publicly support bridging to C
1009         https://bugs.webkit.org/show_bug.cgi?id=115447
1010
1011         Reviewed by Mark Hahnenberg.
1012
1013         For consistency, I renamed
1014
1015             +[JSValue valueWithValue:] => +[JSValue valueWithJSValueRef]
1016             +[JSContext contextWithGlobalContextRef] => +[JSContext contextWithJSGlobalContextRef]
1017             -[JSContext globalContext] => -[JSContext JSGlobalContextRef]
1018
1019         I searched svn to verify that these functions don't have clients yet,
1020         so we won't break anything.
1021
1022         I also exported as public API
1023
1024             +[JSValue valueWithJSValueRef:]
1025             +[JSContext contextWithJSGlobalContextRef:]
1026
1027         It's hard to integrate with the C API without these.
1028
1029 2013-04-30  Commit Queue  <rniwa@webkit.org>
1030
1031         Unreviewed, rolling out r149349 and r149354.
1032         http://trac.webkit.org/changeset/149349
1033         http://trac.webkit.org/changeset/149354
1034         https://bugs.webkit.org/show_bug.cgi?id=115444
1035
1036          The Thumb version of compileSoftModulo make invalid use of
1037         registers (Requested by benjaminp on #webkit).
1038
1039         * CMakeLists.txt:
1040         * GNUmakefile.list.am:
1041         * JavaScriptCore.xcodeproj/project.pbxproj:
1042         * assembler/ARMv7Assembler.h:
1043         (ARMv7Assembler):
1044         * assembler/AbstractMacroAssembler.h:
1045         (JSC::isARMv7s):
1046         (JSC):
1047         * assembler/MacroAssemblerARMv7.cpp: Removed.
1048         * assembler/MacroAssemblerARMv7.h:
1049         (MacroAssemblerARMv7):
1050         * dfg/DFGFixupPhase.cpp:
1051         (JSC::DFG::FixupPhase::fixupNode):
1052         * dfg/DFGOperations.cpp:
1053         * dfg/DFGOperations.h:
1054         * dfg/DFGSpeculativeJIT.cpp:
1055         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
1056         (DFG):
1057         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARMv7s):
1058         * dfg/DFGSpeculativeJIT.h:
1059         (JSC::DFG::SpeculativeJIT::callOperation):
1060         (SpeculativeJIT):
1061         * dfg/DFGSpeculativeJIT32_64.cpp:
1062         (JSC::DFG::SpeculativeJIT::compile):
1063
1064 2013-04-30  Zalan Bujtas  <zalan@apple.com>
1065
1066         Animations fail to start on http://www.google.com/insidesearch/howsearchworks/thestory/
1067         https://bugs.webkit.org/show_bug.cgi?id=111244
1068
1069         Reviewed by David Kilzer.
1070         
1071         Enable performance.now() as a minimal subset of Web Timing API. 
1072         It returns DOMHighResTimeStamp, a monotonically increasing value representing the 
1073         number of milliseconds from the start of the navigation of the current document.
1074         JS libraries use this API to check against the requestAnimationFrame() timestamp.
1075
1076         * Configurations/FeatureDefines.xcconfig:
1077
1078 2013-04-30  Zoltan Arvai  <zarvai@inf.u-szeged.hu>
1079
1080         Unreviewed. Speculative build fix on Qt Arm and Mips after r149349.
1081
1082         * dfg/DFGSpeculativeJIT.cpp:
1083         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
1084
1085 2013-04-29  Cosmin Truta  <ctruta@blackberry.com>
1086
1087         [ARM] Expand the use of integer division
1088         https://bugs.webkit.org/show_bug.cgi?id=115138
1089
1090         Reviewed by Benjamin Poulain.
1091
1092         If availability of hardware integer division isn't known at compile
1093         time, check the CPU flags and decide at runtime whether to fall back
1094         to software. Currently, this OS-specific check is implemented on QNX.
1095
1096         Moreover, use operator % instead of fmod() in the calculation of the
1097         software modulo. Even when it's software-emulated, operator % is faster
1098         than fmod(): on ARM v7 QNX, without hardware division, we noticed
1099         >3% speedup on SunSpider.
1100
1101         * CMakeLists.txt:
1102         * GNUmakefile.list.am:
1103         * JavaScriptCore.xcodeproj/project.pbxproj:
1104         * assembler/ARMv7Assembler.h:
1105         (JSC::ARMv7Assembler::sdiv): Did not compile conditionally.
1106         (JSC::ARMv7Assembler::udiv): Ditto.
1107         * assembler/AbstractMacroAssembler.h:
1108         (JSC::isARMv7s): Removed.
1109         * assembler/MacroAssemblerARMv7.cpp: Added.
1110         (JSC::isIntegerDivSupported): Added.
1111         * assembler/MacroAssemblerARMv7.h:
1112         (JSC::MacroAssemblerARMv7::supportsIntegerDiv): Added.
1113         * dfg/DFGFixupPhase.cpp:
1114         (JSC::DFG::FixupPhase::fixupNode): Checked MacroAssembler::supportsIntegerDiv() in ArithDiv case.
1115         * dfg/DFGOperations.cpp:
1116         (JSC::DFG::operationModOnInts): Added.
1117         * dfg/DFGOperations.h:
1118         (JSC::DFG::Z_DFGOperation_ZZ): Added.
1119         * dfg/DFGSpeculativeJIT.cpp:
1120         (JSC::DFG::SpeculativeJIT::compileSoftModulo): Separated the X86-specific and ARM-specific codegen
1121         from the common implementation; used operationModOnInts on ARM.
1122         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARM): Renamed from compileIntegerArithDivForARMv7.
1123         (JSC::DFG::SpeculativeJIT::compileArithMod): Allowed run-time detection of integer div on ARM.
1124         * dfg/DFGSpeculativeJIT.h:
1125         (JSC::DFG::SpeculativeJIT::callOperation): Added overloads with Z_DFGOperation_ZZ arguments.
1126         * dfg/DFGSpeculativeJIT32_64.cpp:
1127         (JSC::DFG::SpeculativeJIT::compile): Used compileIntegerArithDivForARM.
1128
1129 2013-04-29  Benjamin Poulain  <benjamin@webkit.org>
1130
1131         Unify the data access of StringImpl members from JavaScriptCore
1132         https://bugs.webkit.org/show_bug.cgi?id=115320
1133
1134         Reviewed by Andreas Kling.
1135
1136         DFG accesses the member infos by directly calling the methods on StringImpl,
1137         while the baseline JIT was using helper methods on ThunkHelpers.
1138
1139         Cut the middle man, and use StringImpl directly everywhere.
1140
1141         * jit/JITInlines.h:
1142         (JSC::JIT::emitLoadCharacterString):
1143         * jit/JITPropertyAccess.cpp:
1144         (JSC::JIT::stringGetByValStubGenerator):
1145         * jit/JITPropertyAccess32_64.cpp:
1146         (JSC::JIT::stringGetByValStubGenerator):
1147         * jit/JSInterfaceJIT.h:
1148         * jit/ThunkGenerators.cpp:
1149         (JSC::stringCharLoad):
1150
1151 2013-04-29  Benjamin Poulain  <bpoulain@apple.com>
1152
1153         Use push and pop for iOS math function thunks
1154         https://bugs.webkit.org/show_bug.cgi?id=115215
1155
1156         Reviewed by Filip Pizlo.
1157
1158         The iOS ABI is a little different than regular ARM ABI regarding stack alignment.
1159         The requirement is 4 bytes:
1160         "The ARM environment uses a stack that—at the point of function calls—is 4-byte aligned,
1161          grows downward, and contains local variables and a function’s parameters."
1162
1163         Subsequently, we can just use push and pop to preserve the link register.
1164
1165         * jit/ThunkGenerators.cpp:
1166
1167 2013-04-29  Brent Fulgham  <bfulgham@webkit.org>
1168
1169         [Windows, WinCairo] Get rid of last few pthread include/link references.
1170         https://bugs.webkit.org/show_bug.cgi?id=115375
1171
1172         Reviewed by Tim Horton.
1173
1174         * JavaScriptCore.vcproj/jsc/jscPostBuild.cmd:
1175         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
1176         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props:
1177         * JavaScriptCore.vcxproj/jsc/jscCommon.props:
1178         * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props:
1179         * JavaScriptCore.vcxproj/testapi/testapiCommon.props:
1180
1181 2013-04-29  Roger Fong  <roger_fong@apple.com>
1182
1183         Unreviewed. AppleWin VS2010 build fix.
1184
1185         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
1186
1187 2013-04-26  Mark Hahnenberg  <mhahnenberg@apple.com>
1188
1189         ~BlockAllocator should ASSERT that it has no more Regions left
1190         https://bugs.webkit.org/show_bug.cgi?id=115287
1191
1192         Reviewed by Andreas Kling.
1193
1194         * heap/BlockAllocator.cpp:
1195         (JSC::BlockAllocator::~BlockAllocator):
1196         (JSC::BlockAllocator::allRegionSetsAreEmpty):
1197         * heap/BlockAllocator.h:
1198         (RegionSet):
1199         (JSC::BlockAllocator::RegionSet::isEmpty):
1200         (BlockAllocator):
1201
1202 2013-04-29  Mark Hahnenberg  <mhahnenberg@apple.com>
1203
1204         IndexingTypes should use hex
1205         https://bugs.webkit.org/show_bug.cgi?id=115286
1206
1207         Decimal is kind of confusing/hard to read because they're used as bit masks. Hex seems more appropriate.
1208
1209         Reviewed by Geoffrey Garen.
1210
1211         * runtime/IndexingType.h:
1212
1213 2013-04-29  Carlos Garcia Campos  <cgarcia@igalia.com>
1214
1215         Unreviewed. Fix make distcheck.
1216
1217         * GNUmakefile.list.am: Add missing headers files to compilation
1218         and offlineasm/sh4.rb script.
1219
1220 2013-04-28  Dean Jackson  <dino@apple.com>
1221
1222         [Mac] Disable canvas backing store scaling (HIGH_DPI_CANVAS)
1223         https://bugs.webkit.org/show_bug.cgi?id=115310
1224
1225         Reviewed by Simon Fraser.
1226
1227         Remove ENABLE_HIGH_DPI_CANVAS_macosx.
1228
1229         * Configurations/FeatureDefines.xcconfig:
1230
1231 2013-04-27  Darin Adler  <darin@apple.com>
1232
1233         Move from constructor and member function adoptCF/NS to free function adoptCF/NS.
1234         https://bugs.webkit.org/show_bug.cgi?id=115307
1235
1236         Reviewed by Geoffrey Garen.
1237
1238         * heap/HeapTimer.cpp:
1239         (JSC::HeapTimer::HeapTimer):
1240         * runtime/VM.cpp:
1241         (JSC::enableAssembler):
1242         Use adoptCF free function.
1243
1244 2013-04-27  Anders Carlsson  <andersca@apple.com>
1245
1246         Try to fix the Windows build.
1247
1248         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
1249
1250 2013-04-25  Geoffrey Garen  <ggaren@apple.com>
1251
1252         Cleaned up pre/post inc/dec in bytecode
1253         https://bugs.webkit.org/show_bug.cgi?id=115222
1254
1255         Reviewed by Filip Pizlo.
1256
1257         A few related changes here:
1258
1259         (*) Removed post_inc and post_dec. The two-result form was awkward to
1260         reason about. Being explicit about the intermediate mov and to_number
1261         reduces DFG overhead, removes some fragile ASSERTs from the DFG, and
1262         fixes a const bug. Plus, we get to blow away 262 lines of code.
1263
1264         (*) Renamed pre_inc and pre_dec to inc and dec, since there's only one
1265         version now.
1266
1267         (*) Renamed to_jsnumber to to_number, to match the ECMA name.
1268
1269         (*) Tightened up the codegen and runtime support for to_number.
1270
1271
1272         * JavaScriptCore.order: Order!
1273
1274         * bytecode/CodeBlock.cpp:
1275         (JSC::CodeBlock::dumpBytecode):
1276         * bytecode/Opcode.h:
1277         (JSC::padOpcodeName):
1278         * bytecompiler/BytecodeGenerator.cpp:
1279         (JSC::BytecodeGenerator::emitInc):
1280         (JSC::BytecodeGenerator::emitDec):
1281         * bytecompiler/BytecodeGenerator.h:
1282         (JSC::BytecodeGenerator::emitToNumber):
1283         (BytecodeGenerator): Removed post_inc and post_dec.
1284
1285         * bytecompiler/NodesCodegen.cpp:
1286         (JSC::emitPreIncOrDec): Updated for rename.
1287
1288         (JSC::emitPostIncOrDec): Issue an explicit mov and to_number when needed.
1289         These are rare, and they boil away in the DFG.
1290
1291         (JSC::PostfixNode::emitResolve):
1292         (JSC::PrefixNode::emitResolve): For const, use an explicit mov instead
1293         of any special forms. This fixes a bug where we would do string
1294         add/subtract instead of number.
1295
1296         * dfg/DFGByteCodeParser.cpp:
1297         (JSC::DFG::ByteCodeParser::parseBlock):
1298         * dfg/DFGCapabilities.h:
1299         (JSC::DFG::canCompileOpcode):
1300         * jit/JIT.cpp:
1301         (JSC::JIT::privateCompileMainPass):
1302         (JSC::JIT::privateCompileSlowCases):
1303         * jit/JIT.h:
1304         * jit/JITArithmetic.cpp:
1305         (JSC::JIT::emit_op_inc):
1306         (JSC::JIT::emitSlow_op_inc):
1307         (JSC::JIT::emit_op_dec):
1308         (JSC::JIT::emitSlow_op_dec):
1309         * jit/JITArithmetic32_64.cpp:
1310         (JSC::JIT::emit_op_inc):
1311         (JSC::JIT::emitSlow_op_inc):
1312         (JSC::JIT::emit_op_dec):
1313         (JSC::JIT::emitSlow_op_dec): Removed post_inc/dec, and updated for renames.
1314
1315         * jit/JITOpcodes.cpp:
1316         (JSC::JIT::emit_op_to_number):
1317         (JSC::JIT::emitSlow_op_to_number): Removed a test for number cells. There's
1318         no such thing!
1319
1320         * jit/JITOpcodes32_64.cpp:
1321         (JSC::JIT::emit_op_to_number): Use LowestTag to avoid making assumptions
1322         about the lowest valued tag.
1323
1324         (JSC::JIT::emitSlow_op_to_number): Updated for renames.
1325
1326         * jit/JITStubs.cpp:
1327         (JSC::DEFINE_STUB_FUNCTION):
1328         * jit/JITStubs.h:
1329         * llint/LLIntSlowPaths.cpp:
1330         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1331         * llint/LLIntSlowPaths.h:
1332         * llint/LowLevelInterpreter32_64.asm:
1333         * llint/LowLevelInterpreter64.asm:
1334         * parser/NodeConstructors.h:
1335         (JSC::UnaryPlusNode::UnaryPlusNode): Removed post_inc/dec, and updated for renames.
1336
1337         * runtime/Operations.cpp:
1338         (JSC::jsIsObjectType): Removed a test for number cells. There's
1339         no such thing!
1340
1341 2013-04-27  Julien Brianceau  <jbrianceau@nds.com>
1342
1343         REGRESSION(r149114): cache flush for SH4 arch may flush an extra page.
1344         https://bugs.webkit.org/show_bug.cgi?id=115305
1345
1346         Reviewed by Andreas Kling.
1347
1348         * assembler/SH4Assembler.h:
1349         (JSC::SH4Assembler::cacheFlush):
1350
1351 2013-04-26  Geoffrey Garen  <ggaren@apple.com>
1352
1353         Re-landing <http://trac.webkit.org/changeset/148999>
1354
1355             Filled out more cases of branch folding in bytecode when emitting
1356             expressions into a branching context
1357             https://bugs.webkit.org/show_bug.cgi?id=115057
1358
1359             Reviewed by Phil Pizlo.
1360
1361         We can't fold the number == 1 case to boolean because all non-zero numbers
1362         down-cast to true, but only 1 is == to true.
1363
1364 2013-04-26  Filip Pizlo  <fpizlo@apple.com>
1365
1366         Correct indentation of SymbolTable.h
1367         
1368         Rubber stamped by Mark Hahnenberg.
1369
1370         * runtime/SymbolTable.h:
1371
1372 2013-04-26  Roger Fong  <roger_fong@apple.com>
1373
1374         Make Apple Windows VS2010 build results into and get dependencies from __32 suffixed folders.
1375         Make the DebugSuffix configuration use _debug dependencies.
1376
1377         * JavaScriptCore.vcxproj/JavaScriptCore.make:
1378         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1379         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1380         * JavaScriptCore.vcxproj/JavaScriptCoreCF.props:
1381         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
1382         * JavaScriptCore.vcxproj/JavaScriptCoreDebug.props:
1383         * JavaScriptCore.vcxproj/JavaScriptCoreDebugCFLite.props:
1384         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj:
1385         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.filters:
1386         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorBuildCmd.cmd:
1387         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props:
1388         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorDebug.props:
1389         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd:
1390         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPreBuild.cmd:
1391         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorProduction.props:
1392         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorRelease.props:
1393         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.make:
1394         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
1395         * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedCommon.props:
1396         * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedDebug.props:
1397         * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedProduction.props:
1398         * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedRelease.props:
1399         * JavaScriptCore.vcxproj/JavaScriptCorePostBuild.cmd:
1400         * JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd:
1401         * JavaScriptCore.vcxproj/JavaScriptCoreProduction.props:
1402         * JavaScriptCore.vcxproj/JavaScriptCoreRelease.props:
1403         * JavaScriptCore.vcxproj/JavaScriptCoreReleaseCFLite.props:
1404         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.make:
1405         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
1406         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/build-LLIntAssembly.sh:
1407         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.make:
1408         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
1409         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh:
1410         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
1411         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props:
1412         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.props:
1413         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorProduction.props:
1414         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.props:
1415         * JavaScriptCore.vcxproj/build-generated-files.sh:
1416         * JavaScriptCore.vcxproj/copy-files.cmd:
1417         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
1418         * JavaScriptCore.vcxproj/jsc/jscCommon.props:
1419         * JavaScriptCore.vcxproj/jsc/jscDebug.props:
1420         * JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd:
1421         * JavaScriptCore.vcxproj/jsc/jscPreLink.cmd:
1422         * JavaScriptCore.vcxproj/jsc/jscProduction.props:
1423         * JavaScriptCore.vcxproj/jsc/jscRelease.props:
1424         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
1425         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters:
1426         * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props:
1427         * JavaScriptCore.vcxproj/testRegExp/testRegExpDebug.props:
1428         * JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd:
1429         * JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd:
1430         * JavaScriptCore.vcxproj/testRegExp/testRegExpProduction.props:
1431         * JavaScriptCore.vcxproj/testRegExp/testRegExpRelease.props:
1432         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
1433         * JavaScriptCore.vcxproj/testapi/testapiCommon.props:
1434         * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props:
1435         * JavaScriptCore.vcxproj/testapi/testapiDebug.props:
1436         * JavaScriptCore.vcxproj/testapi/testapiDebugCFLite.props:
1437         * JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd:
1438         * JavaScriptCore.vcxproj/testapi/testapiProduction.props:
1439         * JavaScriptCore.vcxproj/testapi/testapiRelease.props:
1440         * JavaScriptCore.vcxproj/testapi/testapiReleaseCFLite.props:
1441
1442 2013-04-26  Roger Fong  <roger_fong@apple.com>
1443
1444         Disable sub-pixel layout on mac.
1445         https://bugs.webkit.org/show_bug.cgi?id=114999.
1446
1447         Reviewed by Simon Fraser.
1448
1449         * Configurations/FeatureDefines.xcconfig:
1450
1451 2013-04-26  Oliver Hunt  <oliver@apple.com>
1452
1453         Make stack tracing more robust
1454         https://bugs.webkit.org/show_bug.cgi?id=115272
1455
1456         Reviewed by Geoffrey Garen.
1457
1458         CallFrame already handles stack walking confusion robustly,
1459         so we should make sure that the actual walk handles that as well.
1460
1461         * interpreter/Interpreter.cpp:
1462         (JSC::getCallerInfo):
1463
1464 2013-04-26  Mark Hahnenberg  <mhahnenberg@apple.com>
1465
1466         REGRESSION(r149165): It made many tests crash on 32 bit
1467         https://bugs.webkit.org/show_bug.cgi?id=115227
1468
1469         Reviewed by Csaba Osztrogonác.
1470
1471         m_reservation is uninitialized when ENABLE(SUPER_REGION) is false.
1472
1473         * heap/SuperRegion.cpp:
1474         (JSC::SuperRegion::~SuperRegion):
1475
1476 2013-04-26  Julien Brianceau  <jbrianceau@nds.com>
1477
1478         Fix SH4 build broken since r149159.
1479         https://bugs.webkit.org/show_bug.cgi?id=115229
1480
1481         Add BranchTruncateType enum in SH4 port and handle it in branchTruncateDoubleToInt32.
1482
1483         Reviewed by Allan Sandfeld Jensen.
1484
1485         * assembler/MacroAssemblerSH4.h:
1486         (JSC::MacroAssemblerSH4::branchTruncateDoubleToInt32):
1487
1488 2013-04-25  Mark Hahnenberg  <mhahnenberg@apple.com>
1489
1490         SuperRegion doesn't call deallocate() on its PageReservation
1491         https://bugs.webkit.org/show_bug.cgi?id=115208
1492
1493         Reviewed by Geoffrey Garen.
1494
1495         It should. This doesn't cause us to leak physical memory, but it does cause us to leak virtual 
1496         address space (and probably mach ports), which is also bad :-( FixedVMPoolExecutableAllocator 
1497         also has this bug, but it doesn't matter much because there's only one instance of that class 
1498         throughout the entire lifetime of the process, whereas each VM has its own SuperRegion. 
1499
1500         * heap/SuperRegion.cpp:
1501         (JSC::SuperRegion::~SuperRegion):
1502         * heap/SuperRegion.h:
1503         (SuperRegion):
1504         * jit/ExecutableAllocatorFixedVMPool.cpp:
1505         (FixedVMPoolExecutableAllocator):
1506         (JSC::FixedVMPoolExecutableAllocator::~FixedVMPoolExecutableAllocator):
1507
1508 2013-04-25  Filip Pizlo  <fpizlo@apple.com>
1509
1510         DFG doesn't support to_jsnumber
1511         https://bugs.webkit.org/show_bug.cgi?id=115129
1512
1513         Reviewed by Geoffrey Garen.
1514         
1515         Based on Oliver's patch. Implements to_jsnumber as Identity(Number:@thingy), and then does
1516         an optimization in Fixup to turn Identity(Number:) into Identity(Int32:) if the predictions
1517         tell us to. Identity is later turned into Phantom.
1518         
1519         Also fixed BackPropMask, which appeared to have NodeDoesNotExit included in it. That's
1520         wrong; NodeDoesNotExit is not a backward propagation property.
1521         
1522         Also fixed Identity to be marked as CanExit (i.e. not NodeDoesNotExit).
1523         
1524         This more than doubles the FPS on ammo.
1525
1526         * dfg/DFGByteCodeParser.cpp:
1527         (JSC::DFG::ByteCodeParser::parseBlock):
1528         * dfg/DFGCapabilities.h:
1529         (JSC::DFG::canCompileOpcode):
1530         * dfg/DFGFixupPhase.cpp:
1531         (JSC::DFG::FixupPhase::fixupNode):
1532         (FixupPhase):
1533         (JSC::DFG::FixupPhase::observeUseKindOnNode):
1534         (JSC::DFG::FixupPhase::observeUseKindOnEdge):
1535         * dfg/DFGNodeFlags.h:
1536         (DFG):
1537         * dfg/DFGNodeType.h:
1538         (DFG):
1539         * dfg/DFGPredictionPropagationPhase.cpp:
1540         (JSC::DFG::PredictionPropagationPhase::propagate):
1541
1542 2013-04-24  Oliver Hunt  <oliver@apple.com>
1543
1544         Add support for Math.imul
1545         https://bugs.webkit.org/show_bug.cgi?id=115143
1546
1547         Reviewed by Filip Pizlo.
1548
1549         Add support for Math.imul, a thunk generator for Math.imul,
1550         and an intrinsic.
1551
1552         Fairly self explanatory set of changes, DFG intrinsics simply
1553         leverages the existing ValueToInt32 nodes.
1554
1555         * create_hash_table:
1556         * dfg/DFGAbstractState.cpp:
1557         (JSC::DFG::AbstractState::executeEffects):
1558         * dfg/DFGBackwardsPropagationPhase.cpp:
1559         (JSC::DFG::BackwardsPropagationPhase::propagate):
1560         * dfg/DFGByteCodeParser.cpp:
1561         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1562         * dfg/DFGCSEPhase.cpp:
1563         (JSC::DFG::CSEPhase::performNodeCSE):
1564         * dfg/DFGFixupPhase.cpp:
1565         (JSC::DFG::FixupPhase::fixupNode):
1566         * dfg/DFGNodeType.h:
1567         (DFG):
1568         * dfg/DFGPredictionPropagationPhase.cpp:
1569         (JSC::DFG::PredictionPropagationPhase::propagate):
1570         * dfg/DFGSpeculativeJIT.cpp:
1571         (JSC::DFG::SpeculativeJIT::compileArithIMul):
1572         * dfg/DFGSpeculativeJIT.h:
1573         (SpeculativeJIT):
1574         * dfg/DFGSpeculativeJIT32_64.cpp:
1575         (JSC::DFG::SpeculativeJIT::compile):
1576         * dfg/DFGSpeculativeJIT64.cpp:
1577         (JSC::DFG::SpeculativeJIT::compile):
1578         * jit/ThunkGenerators.cpp:
1579         (JSC::imulThunkGenerator):
1580         (JSC):
1581         * jit/ThunkGenerators.h:
1582         (JSC):
1583         * runtime/Intrinsic.h:
1584         * runtime/MathObject.cpp:
1585         (JSC):
1586         (JSC::mathProtoFuncIMul):
1587         * runtime/VM.cpp:
1588         (JSC::thunkGeneratorForIntrinsic):
1589
1590 2013-04-25  Filip Pizlo  <fpizlo@apple.com>
1591
1592         Unreviewed, roll out http://trac.webkit.org/changeset/148999
1593         It broke http://kripken.github.io/ammo.js/examples/new/ammo.html
1594
1595         * JavaScriptCore.order:
1596         * bytecompiler/BytecodeGenerator.cpp:
1597         (JSC::BytecodeGenerator::emitNewArray):
1598         (JSC::BytecodeGenerator::emitThrowReferenceError):
1599         (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
1600         * bytecompiler/BytecodeGenerator.h:
1601         (JSC::BytecodeGenerator::shouldEmitProfileHooks):
1602         (BytecodeGenerator):
1603         * bytecompiler/NodesCodegen.cpp:
1604         (JSC):
1605         (JSC::NullNode::emitBytecode):
1606         (JSC::BooleanNode::emitBytecode):
1607         (JSC::NumberNode::emitBytecode):
1608         (JSC::StringNode::emitBytecode):
1609         (JSC::IfNode::emitBytecode):
1610         (JSC::IfElseNode::emitBytecode):
1611         * parser/ASTBuilder.h:
1612         (JSC::ASTBuilder::createIfStatement):
1613         (ASTBuilder):
1614         * parser/NodeConstructors.h:
1615         (JSC):
1616         (JSC::NullNode::NullNode):
1617         (JSC::BooleanNode::BooleanNode):
1618         (JSC::NumberNode::NumberNode):
1619         (JSC::StringNode::StringNode):
1620         (JSC::IfNode::IfNode):
1621         (JSC::IfElseNode::IfElseNode):
1622         * parser/Nodes.h:
1623         (JSC::ExpressionNode::isPure):
1624         (JSC::ExpressionNode::isSubtract):
1625         (StatementNode):
1626         (NullNode):
1627         (JSC::NullNode::isNull):
1628         (BooleanNode):
1629         (JSC::BooleanNode::isPure):
1630         (NumberNode):
1631         (JSC::NumberNode::value):
1632         (JSC::NumberNode::isPure):
1633         (StringNode):
1634         (JSC::StringNode::isPure):
1635         (JSC::StringNode::isString):
1636         (BinaryOpNode):
1637         (IfNode):
1638         (JSC):
1639         (IfElseNode):
1640         (ContinueNode):
1641         (BreakNode):
1642         * parser/Parser.cpp:
1643         (JSC::::parseIfStatement):
1644         * parser/ResultType.h:
1645         (ResultType):
1646         * runtime/JSCJSValueInlines.h:
1647         (JSC::JSValue::pureToBoolean):
1648         * runtime/JSCell.h:
1649         (JSCell):
1650         * runtime/JSCellInlines.h:
1651         (JSC):
1652
1653 2013-04-25  Filip Pizlo  <fpizlo@apple.com>
1654
1655         PreciseJumpTargets should treat loop_hint as a jump target
1656         https://bugs.webkit.org/show_bug.cgi?id=115209
1657
1658         Reviewed by Mark Hahnenberg.
1659         
1660         I didn't add a test but I turned this into a release assertion. Running Octane is enough
1661         to trigger it.
1662
1663         * bytecode/PreciseJumpTargets.cpp:
1664         (JSC::computePreciseJumpTargets):
1665         * dfg/DFGByteCodeParser.cpp:
1666         (JSC::DFG::ByteCodeParser::parseBlock):
1667
1668 2013-04-25  Roman Zhuykov  <zhroma@ispras.ru>
1669
1670         Fix problems with processing negative zero on DFG.
1671         https://bugs.webkit.org/show_bug.cgi?id=113862
1672
1673         Reviewed by Filip Pizlo.
1674
1675         Fix NodeNeedsNegZero flag propagation in BackwardPropagationPhase.
1676         Function arithNodeFlags should not mask NodeNeedsNegZero flag for ArithNegate and DoubleAsInt32
1677         nodes and this flag should be always used to decide where we need to generate nezative-zero checks.
1678         Remove unnecessary negative-zero checks from integer ArithDiv on ARM.
1679         Also remove such checks from integer ArithMod on ARM and X86, and make them always to
1680         check not only "modulo_result == 0" but also "dividend < 0".
1681         Generate faster code for case when ArithMod operation divisor is constant power of 2 on ARMv7
1682         in the same way as on ARMv7s, and add negative-zero checks into this code when needed.
1683         Change speculationCheck ExitKind from Overflow to NegativeZero where applicable.
1684  
1685         This shows 30% speedup of math-spectral-norm, and 5% speedup
1686         on SunSpider overall on ARMv7 Linux.
1687
1688         * assembler/MacroAssemblerARM.h:
1689         (JSC::MacroAssemblerARM::branchConvertDoubleToInt32):
1690         * assembler/MacroAssemblerARMv7.h:
1691         (JSC::MacroAssemblerARMv7::branchConvertDoubleToInt32):
1692         * assembler/MacroAssemblerMIPS.h:
1693         (JSC::MacroAssemblerMIPS::branchConvertDoubleToInt32):
1694         * assembler/MacroAssemblerSH4.h:
1695         (JSC::MacroAssemblerSH4::branchConvertDoubleToInt32):
1696         * assembler/MacroAssemblerX86Common.h:
1697         (JSC::MacroAssemblerX86Common::branchConvertDoubleToInt32):
1698         * dfg/DFGBackwardsPropagationPhase.cpp:
1699         (JSC::DFG::BackwardsPropagationPhase::isNotNegZero):
1700         (JSC::DFG::BackwardsPropagationPhase::isNotPosZero):
1701         (JSC::DFG::BackwardsPropagationPhase::propagate):
1702         * dfg/DFGNode.h:
1703         (JSC::DFG::Node::arithNodeFlags):
1704         * dfg/DFGSpeculativeJIT.cpp:
1705         (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
1706         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
1707         (JSC::DFG::SpeculativeJIT::compileArithNegate):
1708
1709 2013-04-25  Oliver Hunt  <oliver@apple.com>
1710
1711         Stack guards are too conservative
1712         https://bugs.webkit.org/show_bug.cgi?id=115147
1713
1714         Reviewed by Mark Hahnenberg.
1715
1716         Increase stack guard to closer to old size.
1717
1718         * interpreter/Interpreter.cpp:
1719         (JSC::Interpreter::StackPolicy::StackPolicy):
1720
1721 2013-04-25  Oliver Hunt  <oliver@apple.com>
1722
1723         Stack guards are too conservative
1724         https://bugs.webkit.org/show_bug.cgi?id=115147
1725
1726         Reviewed by Geoffrey Garen.
1727
1728         Reduce the limits and simplify the decision making.
1729
1730         * interpreter/Interpreter.cpp:
1731         (JSC::Interpreter::StackPolicy::StackPolicy):
1732
1733 2013-04-25  Nick Diego Yamane  <nick.yamane@openbossa.org>
1734
1735         JSC: Fix interpreter misbehavior in builds with JIT disabled
1736         https://bugs.webkit.org/show_bug.cgi?id=115190
1737
1738         Reviewed by Oliver Hunt.
1739
1740         Commit http://trac.webkit.org/changeset/147858 modified
1741         some details on how JS stack traces are built. The method
1742         "getLineNumberForCallFrame", renamed in that changeset to
1743         "getBytecodeOffsetForCallFrame" is always returning `0' when
1744         JIT is disabled
1745
1746         How to reproduce:
1747          - Build webkit with JIT disabled
1748          - Open MiniBrowser, for example, with http://google.com
1749          - In a debug build, WebProcess will hit the following ASSERT:
1750            Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp:279 ASSERT(low);
1751
1752         * interpreter/Interpreter.cpp:
1753         (JSC::getBytecodeOffsetForCallFrame):
1754
1755 2013-04-25  Oliver Hunt  <oliver@apple.com>
1756
1757         Make checkSyntax take a VM instead of an ExecState
1758
1759         RS=Tim
1760
1761         * jsc.cpp:
1762         (runInteractive):
1763         * runtime/Completion.cpp:
1764         (JSC::checkSyntax):
1765         * runtime/Completion.h:
1766         (JSC):
1767
1768 2013-04-25  Michael Saboff  <msaboff@apple.com>
1769
1770         32 Bit: Crash due to RegExpTest nodes not setting result type to Boolean
1771         https://bugs.webkit.org/show_bug.cgi?id=115188
1772
1773         Reviewed by Geoffrey Garen.
1774
1775         Changed the RegExpTest node to set the AbstractValue to boolean, since that
1776         what it is.
1777
1778         * dfg/DFGAbstractState.cpp:
1779         (JSC::DFG::AbstractState::executeEffects):
1780
1781 2013-04-25  Julien Brianceau  <jbrianceau@nds.com>
1782
1783         REGRESSION(r137994): Random crashes occur with SH4 JSC.
1784         https://bugs.webkit.org/show_bug.cgi?id=115167.
1785
1786         Reviewed by Oliver Hunt.
1787
1788         Since r137994, uncommited pages could be inside the area of memory in
1789         parameter of the cacheFlush function. That's why we have to flush each
1790         page separately to avoid a fail of the whole flush, if an uncommited page
1791         is in the area.
1792
1793         This patch is very similar to changeset 145194 made for ARMv7 architecture,
1794         see https://bugs.webkit.org/show_bug.cgi?id=111441 for further information.
1795
1796         * assembler/SH4Assembler.h:
1797         (JSC::SH4Assembler::cacheFlush):
1798
1799 2013-04-24  Mark Lam  <mark.lam@apple.com>
1800
1801         Add watchdog timer polling for the DFG.
1802         https://bugs.webkit.org/show_bug.cgi?id=115134.
1803
1804         Reviewed by Geoffrey Garen.
1805
1806         The strategy is to add a speculation check to the DFG generated code to
1807         test if the watchdog timer has fired or not. If the watchdog timer has
1808         fired, the generated code will do an OSR exit to the baseline JIT, and
1809         let it handle servicing the watchdog timer.
1810
1811         If the watchdog is not enabled, this speculation check will not be
1812         emitted.
1813
1814         * API/tests/testapi.c:
1815         (currentCPUTime_callAsFunction):
1816         (extendTerminateCallback):
1817         (main):
1818         - removed try/catch statements so that we can test the watchdog on the DFG.
1819         - added JS bindings to a native currentCPUTime() function so that the timeout
1820           tests can be more accurate.
1821         - also shortened the time values so that the tests can complete sooner.
1822
1823         * bytecode/ExitKind.h:
1824         * dfg/DFGAbstractState.cpp:
1825         (JSC::DFG::AbstractState::executeEffects):
1826         * dfg/DFGByteCodeParser.cpp:
1827         (JSC::DFG::ByteCodeParser::parseBlock):
1828         * dfg/DFGFixupPhase.cpp:
1829         (JSC::DFG::FixupPhase::fixupNode):
1830         * dfg/DFGNodeType.h:
1831         * dfg/DFGPredictionPropagationPhase.cpp:
1832         (JSC::DFG::PredictionPropagationPhase::propagate):
1833         * dfg/DFGSpeculativeJIT32_64.cpp:
1834         (JSC::DFG::SpeculativeJIT::compile):
1835         * dfg/DFGSpeculativeJIT64.cpp:
1836         (JSC::DFG::SpeculativeJIT::compile):
1837         * runtime/Watchdog.cpp:
1838         (JSC::Watchdog::setTimeLimit):
1839
1840 2013-04-24  Filip Pizlo  <fpizlo@apple.com>
1841
1842         Special thunks for math functions should work on ARMv7
1843         https://bugs.webkit.org/show_bug.cgi?id=115144
1844
1845         Reviewed by Gavin Barraclough and Oliver Hunt.
1846         
1847         The only hard bit here was ensuring that we implemented the very special
1848         "cheap C call" convention on ARMv7.
1849
1850         * assembler/AbstractMacroAssembler.h:
1851         (JSC::isARMv7s):
1852         (JSC):
1853         (JSC::isX86):
1854         * dfg/DFGCommon.h:
1855         * jit/SpecializedThunkJIT.h:
1856         (SpecializedThunkJIT):
1857         (JSC::SpecializedThunkJIT::callDoubleToDoublePreservingReturn):
1858         * jit/ThunkGenerators.cpp:
1859         (JSC::floorThunkGenerator):
1860         (JSC::ceilThunkGenerator):
1861         (JSC::roundThunkGenerator):
1862         (JSC::expThunkGenerator):
1863         (JSC::logThunkGenerator):
1864
1865 2013-04-24  Julien Brianceau  <jbrianceau@nds.com>
1866
1867         Misc bugfix and cleaning in sh4 base JIT.
1868         https://bugs.webkit.org/show_bug.cgi?id=115022.
1869
1870         Reviewed by Oliver Hunt.
1871
1872         Remove unused add32() and sub32() with scratchreg parameter to avoid
1873         confusion as this function prototype means another behaviour.
1874         Remove unused "void push(Address)" function which seems quite buggy.
1875
1876         * assembler/MacroAssemblerSH4.h:
1877         (JSC::MacroAssemblerSH4::and32): Cosmetic change.
1878         (JSC::MacroAssemblerSH4::lshift32): Cosmetic change.
1879         (JSC::MacroAssemblerSH4::or32): Cosmetic change.
1880         (JSC::MacroAssemblerSH4::xor32): Cosmetic change.
1881         (MacroAssemblerSH4):
1882         (JSC::MacroAssemblerSH4::load32): Cosmetic change.
1883         (JSC::MacroAssemblerSH4::load8Signed): Fix invalid offset upper limit
1884         when using r0 register and cosmetic changes.
1885         (JSC::MacroAssemblerSH4::load8): Reuse load8Signed to avoid duplication.
1886         (JSC::MacroAssemblerSH4::load16): Fix invalid offset upper limit when
1887         using r0 register, fix missing offset shift and cosmetic changes.
1888         (JSC::MacroAssemblerSH4::store32): Cosmetic change.
1889         (JSC::MacroAssemblerSH4::branchAdd32): Store result value before branch.
1890
1891 2013-04-24  Patrick Gansterer  <paroga@webkit.org>
1892
1893         [WIN] Remove pthread from Visual Studio files in JavaScriptCore
1894         https://bugs.webkit.org/show_bug.cgi?id=114864
1895
1896         Reviewed by Brent Fulgham.
1897
1898         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
1899         * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.vsprops:
1900         * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
1901         * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops:
1902         * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops:
1903         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
1904         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props:
1905         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props:
1906         * JavaScriptCore.vcxproj/jsc/jscCommon.props:
1907         * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props:
1908         * JavaScriptCore.vcxproj/testapi/testapiCommon.props:
1909         * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props:
1910
1911 2013-04-24  Filip Pizlo  <fpizlo@apple.com>
1912
1913         DFG should keep the operand to create_this alive if it's emitting code for create_this
1914         https://bugs.webkit.org/show_bug.cgi?id=115133
1915
1916         Reviewed by Mark Hahnenberg.
1917         
1918         The DFG must model bytecode liveness, or else OSR exit is going to have a really bad time.
1919
1920         * dfg/DFGByteCodeParser.cpp:
1921         (JSC::DFG::ByteCodeParser::parseBlock):
1922
1923 2013-04-24  Roger Fong  <roger_fong@apple.com>
1924
1925         Have VS2010 WebKit solution look in WebKit_Libraries/lib32 for dependencies.
1926
1927         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd:
1928         * JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd:
1929         * JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd:
1930         * JavaScriptCore.vcxproj/jsc/jscPreLink.cmd:
1931         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters:
1932         * JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd:
1933         * JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd:
1934         * JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd:
1935
1936 2013-04-24  Geoffrey Garen  <ggaren@apple.com>
1937
1938         32-bit build fix.
1939
1940         Unreviewed.
1941
1942         * dfg/DFGSpeculativeJIT.cpp:
1943         (JSC::DFG::SpeculativeJIT::compilePeepHoleBooleanBranch): Explicitly
1944         truncate to 32-bit to avoid compiler warnings. It's safe to truncate
1945         because the payload of a boolean is the low bits on both 64-bit and 32-bit.
1946
1947 2013-04-23  Geoffrey Garen  <ggaren@apple.com>
1948
1949         Filled out more cases of branch folding in the DFG
1950         https://bugs.webkit.org/show_bug.cgi?id=115088
1951
1952         Reviewed by Oliver Hunt.
1953
1954         No change on the benchmarks we track, but a 3X speedup on a
1955         microbenchmark that uses these techniques.
1956
1957         * dfg/DFGByteCodeParser.cpp:
1958         (JSC::DFG::ByteCodeParser::parseBlock): (!/=)= and (!/=)== can constant
1959         fold all types, not just numbers, because true constants have no
1960         side effects when type-converted at runtime.
1961
1962         * dfg/DFGFixupPhase.cpp:
1963         (JSC::DFG::FixupPhase::fixupNode):
1964         * dfg/DFGNode.h:
1965         (JSC::DFG::Node::shouldSpeculateBoolean): Added support for fixing up
1966         boolean uses, like we do for other types like number.
1967
1968         * dfg/DFGSpeculativeJIT.cpp:
1969         (JSC::DFG::SpeculativeJIT::compilePeepHoleBooleanBranch):
1970         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
1971         (JSC::DFG::SpeculativeJIT::compare):
1972         (JSC::DFG::SpeculativeJIT::compileStrictEq):
1973         (JSC::DFG::SpeculativeJIT::compileBooleanCompare): Peephole fuse
1974         boolean compare and/or compare-branch, now that we have the types for
1975         them.
1976
1977         * dfg/DFGSpeculativeJIT.h: Updated declarations.
1978
1979 == Rolled over to ChangeLog-2013-04-24 ==