Removed some public data and casting from the Heap
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-07-31  Geoffrey Garen  <ggaren@apple.com>
2
3         Removed some public data and casting from the Heap
4         https://bugs.webkit.org/show_bug.cgi?id=92777
5
6         Reviewed by Oliver Hunt.
7
8         * heap/BlockAllocator.cpp:
9         (JSC::BlockAllocator::releaseFreeBlocks):
10         (JSC::BlockAllocator::blockFreeingThreadMain): Use the DeadBlock class
11         since HeapBlock is a template, and not a class, now. Call destroy()
12         instead of monkeying around with DeadBlock's internal data because
13         encapsulation is good.
14
15         * heap/BlockAllocator.h:
16         (DeadBlock): Added a class to represent a dead block, since HeapBlock is
17         a template now, and can't be instantiated directly.
18
19         (JSC::DeadBlock::DeadBlock):
20         (JSC::DeadBlock::create):
21         (BlockAllocator):
22         (JSC::BlockAllocator::allocate):
23         (JSC::BlockAllocator::deallocate): Use the DeadBlock class because
24         encapsulation is good.
25
26         * heap/CopiedBlock.h:
27         (CopiedBlock::destroy): No need for a destroy() function, since we
28         inherit one now.
29
30         (JSC::CopiedBlock::CopiedBlock):
31         (JSC::CopiedBlock::payloadEnd):
32         (JSC::CopiedBlock::capacity): Updated for some encapsulation inside
33         HeapBlock.
34
35         * heap/CopiedSpace.cpp:
36         (JSC::CopiedSpace::~CopiedSpace):
37         (JSC::CopiedSpace::doneCopying):
38         (JSC::CopiedSpace::size):
39         (JSC::CopiedSpace::capacity):
40         (JSC::isBlockListPagedOut): Removed a bunch of casting. This is no longer
41         necessary, now that our list and its nodes have the right type.
42
43         * heap/CopiedSpace.h: Use the right type in our data structures because
44         it improves clarity.
45
46         * heap/CopiedSpaceInlineMethods.h:
47         (JSC::CopiedSpace::startedCopying): Use swap to avoid duplicating it.
48
49         * heap/HeapBlock.h:
50         (HeapBlock): Made this a class template so we can return the right type
51         in linked list operations. Made our data private because encapsulation
52         is good.
53
54         (JSC::HeapBlock::destroy): Since we know our type, we can also eliminate
55         duplicate destroy() functions in our subclasses.
56
57         (JSC::HeapBlock::allocation): Added an accessor so we can hide our data.
58         By using const, this accessor prevents clients from accidentally deleting
59         our allocation.
60
61         * heap/MarkedAllocator.cpp:
62         (JSC::MarkedAllocator::isPagedOut):
63         (JSC::MarkedAllocator::tryAllocateHelper):
64         (JSC::MarkedAllocator::removeBlock): Removed a bunch of casting. This is
65         no longer necessary, now that our list and its nodes have the right type.
66
67         * heap/MarkedAllocator.h:
68         (MarkedAllocator):
69         (JSC::MarkedAllocator::reset):
70         (JSC::MarkedAllocator::forEachBlock): Use the right type, do less casting.
71
72         * heap/MarkedBlock.cpp: 
73         (JSC::MarkedBlock::destroy): Removed this function because our parent
74         class provides it for us now.
75
76         (JSC::MarkedBlock::MarkedBlock):
77         * heap/MarkedBlock.h:
78         (MarkedBlock):
79         (JSC::MarkedBlock::capacity): Updated for encapsulation.
80
81 2012-07-31  Filip Pizlo  <fpizlo@apple.com>
82
83         DFG OSR exit profiling has unusual oversights
84         https://bugs.webkit.org/show_bug.cgi?id=92728
85
86         Reviewed by Geoffrey Garen.
87
88         * dfg/DFGOSRExit.cpp:
89         (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
90         * dfg/DFGSpeculativeJIT.h:
91         (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
92         * dfg/DFGSpeculativeJIT32_64.cpp:
93         (JSC::DFG::SpeculativeJIT::compile):
94         * dfg/DFGSpeculativeJIT64.cpp:
95         (JSC::DFG::SpeculativeJIT::compile):
96
97 2012-07-31  Chao-ying Fu  <fu@mips.com>
98
99         Add MIPS add32 function
100         https://bugs.webkit.org/show_bug.cgi?id=91522
101
102         Reviewed by Oliver Hunt.
103
104         Add isCompactPtrAlignedAddressOffset.
105         Add a new version of add32 that accepts AbsoluteAddress as inputs.
106
107         * assembler/MacroAssemblerMIPS.h:
108         (JSC::MacroAssemblerMIPS::isCompactPtrAlignedAddressOffset): New.
109         (MacroAssemblerMIPS):
110         (JSC::MacroAssemblerMIPS::add32): Support AbsoluteAddress as inputs.
111
112 2012-07-30  Sheriff Bot  <webkit.review.bot@gmail.com>
113
114         Unreviewed, rolling out r124123.
115         http://trac.webkit.org/changeset/124123
116         https://bugs.webkit.org/show_bug.cgi?id=92700
117
118         ASSERT crashes terminate webkit Layout tests (Requested by
119         msaboff on #webkit).
120
121         * heap/Heap.cpp:
122         * heap/Heap.h:
123         (Heap):
124         * heap/IncrementalSweeper.cpp:
125         (JSC::IncrementalSweeper::doSweep):
126         (JSC::IncrementalSweeper::startSweeping):
127         (JSC::IncrementalSweeper::IncrementalSweeper):
128         (JSC):
129         * heap/IncrementalSweeper.h:
130         (IncrementalSweeper):
131         * heap/MarkedAllocator.cpp:
132         (JSC::MarkedAllocator::tryAllocateHelper):
133         (JSC::MarkedAllocator::addBlock):
134         * heap/MarkedAllocator.h:
135         (JSC::MarkedAllocator::zapFreeList):
136         * heap/MarkedBlock.cpp:
137         (JSC::MarkedBlock::sweepHelper):
138         * heap/MarkedSpace.cpp:
139         * heap/MarkedSpace.h:
140         (JSC::MarkedSpace::sweep):
141         (JSC):
142         * runtime/JSGlobalData.cpp:
143         (JSC::JSGlobalData::~JSGlobalData):
144
145 2012-07-30  Mark Hahnenberg  <mhahnenberg@apple.com>
146
147         Structures should be swept after all other objects
148         https://bugs.webkit.org/show_bug.cgi?id=92679
149
150         Reviewed by Filip Pizlo.
151
152         In order to get rid of ClassInfo from our objects, we need to be able to safely get the 
153         ClassInfo during the destruction of objects. We'd like to get the ClassInfo out of the 
154         Structure, but currently it is not safe to do so because the order of destruction of objects 
155         is not guaranteed to sweep objects before their corresponding Structure. We can fix this by 
156         sweeping Structures after everything else.
157
158         * heap/Heap.cpp:
159         (JSC::Heap::isSafeToSweepStructures): Add a function that checks if it is safe to sweep Structures.
160         If the Heap's IncrementalSweeper member is null, that means we're shutting down this VM and it is 
161         safe to sweep structures since we'll always do Structures last anyways due to the ordering of 
162         MarkedSpace::forEachBlock.
163         (JSC):
164         (JSC::Heap::didStartVMShutdown): Add this intermediate function to the Heap that ~JSGlobalData now
165         calls rather than calling the two HeapTimer objects individually. This allows the Heap to null out 
166         these pointers after it has invalidated them to prevent accidental use-after-free in the sweep() 
167         calls during lastChanceToFinalize().
168         * heap/Heap.h:
169         (Heap):
170         * heap/HeapTimer.h:
171         (HeapTimer):
172         * heap/IncrementalSweeper.cpp:
173         (JSC::IncrementalSweeper::structuresCanBeSwept): Determines if it is currently safe to sweep Structures.
174         This decision is based on whether we have gotten to the end of the vector of blocks that need sweeping
175         the first time.
176         (JSC):
177         (JSC::IncrementalSweeper::doSweep): We add a second pass over the vector to sweep Structures after we 
178         make our first pass. We now null out the slots as we sweep them so that we can quickly find the 
179         Structures during the second pass.
180         (JSC::IncrementalSweeper::startSweeping): Initialize our new Structure sweeping index.
181         (JSC::IncrementalSweeper::willFinishSweeping): Callback that is called by MarkedSpace::sweep to notify 
182         the IncrementalSweeper that we are going to sweep all of the remaining blocks in the Heap so it can 
183         assume that everything is taken care of in the correct order. Since MarkedSpace::forEachBlock 
184         iterates over the Structure blocks after all other blocks, the ordering property for sweeping Structures holds.
185         (JSC::IncrementalSweeper::IncrementalSweeper): Initialize Structure sweeping index.
186         * heap/IncrementalSweeper.h: Add declarations for new stuff.
187         (IncrementalSweeper):
188         * heap/MarkedAllocator.cpp:
189         (JSC::MarkedAllocator::tryAllocateHelper): We now check if the current block only contains structures and 
190         if so and it isn't safe to sweep Structures according to the Heap, we just return early instead of doing 
191         the normal lazy sweep. If this proves to be too much of a waste in the future we can add an extra clause that 
192         will sweep some number of other blocks in place of the current block to mitigate the cost of the floating 
193         Structure garbage.
194         (JSC::MarkedAllocator::addBlock):
195         * heap/MarkedAllocator.h:
196         (JSC::MarkedAllocator::zapFreeList): When we zap the free list in the MarkedAllocator, the current block is no 
197         longer valid to allocate from, so we set the current block to null.
198         * heap/MarkedBlock.cpp:
199         (JSC::MarkedBlock::sweepHelper): Added a couple assertions to make sure that we weren't trying to sweep Structures
200         at an unsafe time.
201         * heap/MarkedSpace.cpp:
202         (JSC::MarkedSpace::sweep): Notify the IncrementalSweeper that the MarkedSpace will finish all currently remaining sweeping.
203         (JSC): 
204         * heap/MarkedSpace.h:
205         (JSC):
206         * runtime/JSGlobalData.cpp:
207         (JSC::JSGlobalData::~JSGlobalData): Call the new Heap::didStartVMShutdown.
208
209 2012-07-29  Filip Pizlo  <fpizlo@apple.com>
210
211         PropertyNameArray::m_shouldCache is only assigned and never used
212         https://bugs.webkit.org/show_bug.cgi?id=92598
213
214         Reviewed by Dan Bernstein.
215
216         * runtime/PropertyNameArray.h:
217         (JSC::PropertyNameArray::PropertyNameArray):
218         (PropertyNameArray):
219
220 2012-07-29  Rik Cabanier  <cabanier@adobe.com>
221
222         Add ENABLE_CSS_COMPOSITING flag
223         https://bugs.webkit.org/show_bug.cgi?id=92553
224
225         Reviewed by Dirk Schulze.
226
227         Adds compiler flag CSS_COMPOSITING to build systems to enable CSS blending and compositing. See spec https://dvcs.w3.org/hg/FXTF/rawfile/tip/compositing/index.html
228
229         * Configurations/FeatureDefines.xcconfig:
230
231 2012-07-27  Mark Hahnenberg  <mhahnenberg@apple.com>
232
233         Split functionality of MarkedAllocator::m_currentBlock
234         https://bugs.webkit.org/show_bug.cgi?id=92550
235
236         Reviewed by Filip Pizlo.
237
238         MarkedAllocator::m_currentBlock serves two purposes right now; it indicates the block that is currently 
239         being used for allocation and the beginning of the list of blocks that need to be swept. We should split 
240         these two functionalities into two separate fields.
241
242         * heap/MarkedAllocator.cpp:
243         (JSC::MarkedAllocator::tryAllocateHelper): Use m_blocksToSweep instead of m_currentBlock as the 
244         initializer/reference of the loop. Only change m_currentBlock when we know what the result will be.
245         (JSC::MarkedAllocator::addBlock): When we add a new block we know that both m_blocksToSweep and 
246         m_currentBlock are null. In order to preserve the invariant that m_currentBlock <= m_blocksToSweep, 
247         we assign both of them to point to the new block.
248         (JSC::MarkedAllocator::removeBlock): We need a separate check to see if the block we're removing is 
249         m_blocksToSweep and if so, advance it to the next block in the list.
250         * heap/MarkedAllocator.h:
251         (MarkedAllocator): Initialize m_blocksToSweep.
252         (JSC::MarkedAllocator::MarkedAllocator):
253         (JSC::MarkedAllocator::reset): We set m_blocksToSweep to be the head of our list. This function is called
254         at the end of a collection, so all of the blocks in our allocator need to be swept. We need to sweep a 
255         block before we can start allocating, so m_currentBlock is set to null. We also set the freeList to 
256         the empty FreeList to emphasize the fact that we can't start allocating until we do some sweeping.
257
258 2012-07-27  Mark Hahnenberg  <mhahnenberg@apple.com>
259
260         Increase inline storage for JSFinalObjects by one
261         https://bugs.webkit.org/show_bug.cgi?id=92526
262
263         Reviewed by Geoffrey Garen.
264
265         Now that we've removed the inheritorID from objects, we can increase our inline storage for JSFinalObjects on 
266         64-bit platforms by 1.
267
268         * llint/LowLevelInterpreter.asm: Change the constant.
269         * runtime/PropertyOffset.h: Change the constant.
270         (JSC):
271
272 2012-07-27  Jer Noble  <jer.noble@apple.com>
273
274         Support a rational time class for use by media elements.
275         https://bugs.webkit.org/show_bug.cgi?id=88787
276
277         Re-export WTF::MediaTime from JavaScriptCore.
278
279         Reviewed by Eric Carlson.
280
281         * JavaScriptCore.order:
282         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
283
284 2012-07-26  Filip Pizlo  <fpizlo@apple.com>
285
286         JSObject::reallocateStorageIfNecessary is neither used nor defined
287         https://bugs.webkit.org/show_bug.cgi?id=92417
288
289         Reviewed by Mark Rowe.
290
291         * runtime/JSObject.h:
292         (JSObject):
293
294 2012-07-26  Mark Hahnenberg  <mhahnenberg@apple.com>
295
296         Allocate Structures in a separate part of the Heap
297         https://bugs.webkit.org/show_bug.cgi?id=92420
298
299         Reviewed by Filip Pizlo.
300
301         To fix our issue with destruction/finalization of Structures before their objects, we can move Structures to a separate 
302         part of the Heap that will be swept after all other objects. This first patch will just be separating Structures 
303         out into their own separate MarkedAllocator. Everything else will behave identically.
304
305         * heap/Heap.h: New function to allocate Structures in the Heap.
306         (Heap):
307         (JSC):
308         (JSC::Heap::allocateStructure):
309         * heap/MarkedAllocator.cpp: Pass whether or not we're allocated Structures to the MarkedBlock.
310         (JSC::MarkedAllocator::allocateBlock):
311         * heap/MarkedAllocator.h: Add tracking for whether or not we're allocating only Structures.
312         (JSC::MarkedAllocator::onlyContainsStructures):
313         (MarkedAllocator):
314         (JSC::MarkedAllocator::MarkedAllocator):
315         (JSC::MarkedAllocator::init):
316         * heap/MarkedBlock.cpp: Add tracking for whether or not we're allocating only Structures. We need this to be able to 
317         distinguish the various MarkedBlock types in MarkedSpace::allocatorFor(MarkedBlock*).
318         (JSC::MarkedBlock::create):
319         (JSC::MarkedBlock::MarkedBlock):
320         * heap/MarkedBlock.h:
321         (MarkedBlock):
322         (JSC::MarkedBlock::onlyContainsStructures):
323         (JSC):
324         * heap/MarkedSpace.cpp: Include the new Structure allocator in all the places that all the other allocators are used/modified.
325         (JSC::MarkedSpace::MarkedSpace):
326         (JSC::MarkedSpace::resetAllocators):
327         (JSC::MarkedSpace::canonicalizeCellLivenessData):
328         (JSC::MarkedSpace::isPagedOut):
329         * heap/MarkedSpace.h: Add new MarkedAllocator just for Structures.
330         (MarkedSpace):
331         (JSC::MarkedSpace::allocatorFor):
332         (JSC::MarkedSpace::allocateStructure):
333         (JSC):
334         (JSC::MarkedSpace::forEachBlock):
335         * runtime/Structure.h: Move all of the functions that call allocateCell<Structure> down below the explicit template specialization
336         for allocateCell<Structure>. The new inline specialization for allocateCell directly calls the allocateStructure() function in the
337         Heap.
338         (Structure):
339         (JSC::Structure):
340         (JSC):
341         (JSC::Structure::create):
342         (JSC::Structure::createStructure):
343
344 2012-07-26  Filip Pizlo  <fpizlo@apple.com>
345
346         JSArray has methods that are neither used nor defined
347         https://bugs.webkit.org/show_bug.cgi?id=92416
348
349         Reviewed by Simon Fraser.
350
351         * runtime/JSArray.h:
352         (JSArray):
353
354 2012-07-26  Zoltan Herczeg  <zherczeg@webkit.org>
355
356         [Qt][ARM]ARMAssembler needs buildfix afert r123417
357         https://bugs.webkit.org/show_bug.cgi?id=92086
358
359         Reviewed by Csaba Osztrogonác.
360
361         The ARM implementation of this should be optimized code path
362         is covered by a non-optimized code path. This patch fixes this,
363         and adds a new function which returns with the offset range.
364
365         * assembler/ARMAssembler.h:
366         (JSC::ARMAssembler::readPointer):
367         (ARMAssembler):
368         (JSC::ARMAssembler::repatchInt32):
369         (JSC::ARMAssembler::repatchCompact):
370         * assembler/MacroAssemblerARM.h:
371         (MacroAssemblerARM):
372         (JSC::MacroAssemblerARM::isCompactPtrAlignedAddressOffset):
373         (JSC::MacroAssemblerARM::load32WithCompactAddressOffsetPatch):
374
375 2012-07-25  Mark Hahnenberg  <mhahnenberg@apple.com>
376
377         Build fix for 32-bit after r123682
378
379         * runtime/JSObject.h: Need to pad out JSObjects on 32-bit so that they're the correct size since
380         we only removed one 4-byte word and we need to be 8-byte aligned.
381         (JSObject):
382
383 2012-07-25  Filip Pizlo  <fpizlo@apple.com>
384
385         JSC GC object copying APIs should allow for greater flexibility
386         https://bugs.webkit.org/show_bug.cgi?id=92316
387
388         Reviewed by Mark Hahnenberg.
389
390         It's now the case that visitChildren() methods can directly pin and allocate in new space during copying.
391         They can also do the copying and marking themselves. This new API is only used for JSObjects for now.
392
393         * JavaScriptCore.xcodeproj/project.pbxproj:
394         * heap/MarkStack.cpp:
395         (JSC::SlotVisitor::allocateNewSpaceSlow):
396         (JSC::SlotVisitor::allocateNewSpaceOrPin):
397         (JSC):
398         (JSC::SlotVisitor::copyAndAppend):
399         * heap/MarkStack.h:
400         (MarkStack):
401         (JSC::MarkStack::appendUnbarrieredValue):
402         (JSC):
403         * heap/SlotVisitor.h:
404         * heap/SlotVisitorInlineMethods.h: Added.
405         (JSC):
406         (JSC::SlotVisitor::checkIfShouldCopyAndPinOtherwise):
407         (JSC::SlotVisitor::allocateNewSpace):
408         * runtime/JSObject.cpp:
409         (JSC::JSObject::visitOutOfLineStorage):
410         (JSC):
411         (JSC::JSObject::visitChildren):
412         (JSC::JSFinalObject::visitChildren):
413         * runtime/JSObject.h:
414         (JSObject):
415
416 2012-07-25  Mark Hahnenberg  <mhahnenberg@apple.com>
417
418         Remove JSObject::m_inheritorID
419         https://bugs.webkit.org/show_bug.cgi?id=88378
420
421         Reviewed by Filip Pizlo.
422
423         This is rarely used, and not performance critical (the commonly accessed copy is cached on JSFunction),
424         and most objects don't need an inheritorID (this value is only used if the object is used as a prototype).
425         Instead use a private named value in the object's property storage.
426
427         * dfg/DFGSpeculativeJIT.h:
428         (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): No need m_inheritorID to initialize!
429         * jit/JITInlineMethods.h:
430         (JSC::JIT::emitAllocateBasicJSObject): No need m_inheritorID to initialize!
431         * llint/LowLevelInterpreter.asm: No need m_inheritorID to initialize!
432         * runtime/JSGlobalData.h:
433         (JSGlobalData): Added private name 'm_inheritorIDKey'.
434         * runtime/JSGlobalThis.cpp:
435         (JSC::JSGlobalThis::setUnwrappedObject): resetInheritorID is now passed a JSGlobalData&.
436         * runtime/JSObject.cpp:
437         (JSC::JSObject::visitChildren): No m_inheritorID to be marked.
438         (JSC::JSFinalObject::visitChildren): No m_inheritorID to be marked.
439         (JSC::JSObject::createInheritorID): Store the newly created inheritorID in the property map. Make sure 
440         it's got the DontEnum attribute!!
441         * runtime/JSObject.h:
442         (JSObject):
443         (JSC::JSObject::resetInheritorID): Remove the inheritorID from property storage.
444         (JSC):
445         (JSC::JSObject::inheritorID): Read the inheritorID from property storage.
446
447 2012-07-25  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>
448
449         Create a specialized pair for use in HashMap iterators
450         https://bugs.webkit.org/show_bug.cgi?id=92137
451
452         Reviewed by Ryosuke Niwa.
453
454         Update a couple of sites that relied on the fact that "contents" of iterators were
455         std::pairs.
456
457         * profiler/Profile.cpp:
458         (JSC): This code kept a vector of the pairs that were the "contents" of the iterators. This
459         is changed to use a KeyValuePair. We make use HashCount's ValueType (which represents only
460         the key) to get the proper key parameter for KeyValuePair.
461         * tools/ProfileTreeNode.h:
462         (ProfileTreeNode): Use HashMap::ValueType to declare the type of the contents of the hash
463         instead of declaring it manually. This will make use of the new KeyValuePair.
464
465 2012-07-25  Patrick Gansterer  <paroga@webkit.org>
466
467         REGRESSION(r123505): Date.getYear() returns the same as Date.getFullYear()
468         https://bugs.webkit.org/show_bug.cgi?id=92218
469
470         Reviewed by Csaba Osztrogonác.
471
472         * runtime/DatePrototype.cpp:
473         (JSC::dateProtoFuncGetYear): Added the missing offset of 1900 to the return value.
474
475 2012-07-24  Filip Pizlo  <fpizlo@apple.com>
476
477         REGRESSION(r123417): It made tests assert/crash on 32 bit
478         https://bugs.webkit.org/show_bug.cgi?id=92088
479
480         Reviewed by Mark Hahnenberg.
481
482         The pointer arithmetic was wrong, because negative numbers are hard to think about.
483
484         * dfg/DFGRepatch.cpp:
485         (JSC::DFG::emitPutTransitionStub):
486         * dfg/DFGSpeculativeJIT.cpp:
487         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
488
489 2012-07-24  Patrick Gansterer  <paroga@webkit.org>
490
491         Store the full year in GregorianDateTime
492         https://bugs.webkit.org/show_bug.cgi?id=92067
493
494         Reviewed by Geoffrey Garen.
495
496         Use the full year instead of the offset from year 1900
497         for the year member variable of GregorianDateTime.
498
499         * runtime/DateConstructor.cpp:
500         (JSC::constructDate):
501         (JSC::dateUTC):
502         * runtime/DateConversion.cpp:
503         (JSC::formatDate):
504         (JSC::formatDateUTCVariant):
505         * runtime/DatePrototype.cpp:
506         (JSC::formatLocaleDate):
507         (JSC::fillStructuresUsingDateArgs):
508         (JSC::dateProtoFuncToISOString):
509         (JSC::dateProtoFuncGetFullYear):
510         (JSC::dateProtoFuncGetUTCFullYear):
511         (JSC::dateProtoFuncSetYear):
512         * runtime/JSDateMath.cpp:
513         (JSC::gregorianDateTimeToMS):
514         (JSC::msToGregorianDateTime):
515
516 2012-07-24  Patrick Gansterer  <paroga@webkit.org>
517
518         [WIN] Build fix after r123417.
519
520         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
521
522 2012-07-23  Patrick Gansterer  <paroga@webkit.org>
523
524         Move GregorianDateTime from JSC to WTF namespace
525         https://bugs.webkit.org/show_bug.cgi?id=91948
526
527         Reviewed by Geoffrey Garen.
528
529         Moving GregorianDateTime into the WTF namespace allows us to us to
530         use it in WebCore too. The new class has the same behaviour as the
531         old struct. Only the unused timeZone member has been removed.
532
533         * runtime/DateConstructor.cpp:
534         * runtime/DateConversion.cpp:
535         * runtime/DateConversion.h:
536         * runtime/DateInstance.h:
537         * runtime/DatePrototype.cpp:
538         * runtime/JSDateMath.cpp:
539         * runtime/JSDateMath.h:
540
541 2012-07-23  Filip Pizlo  <fpizlo@apple.com>
542
543         Property storage should grow in reverse address direction, to support butterflies
544         https://bugs.webkit.org/show_bug.cgi?id=91788
545
546         Reviewed by Geoffrey Garen.
547
548         Changes property storage to grow to the left, and changes the property storage pointer to point
549         one 8-byte word (i.e. JSValue) to the right of the first value in the storage.
550         
551         Also improved debug support somewhat, by adding a describe() function to the jsc command-line,
552         and a slow mode of object access in LLInt.
553
554         * assembler/ARMv7Assembler.h:
555         (JSC::ARMv7Assembler::repatchCompact):
556         * assembler/MacroAssemblerARMv7.h:
557         (MacroAssemblerARMv7):
558         (JSC::MacroAssemblerARMv7::isCompactPtrAlignedAddressOffset):
559         (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):
560         * assembler/MacroAssemblerX86Common.h:
561         (JSC::MacroAssemblerX86Common::isCompactPtrAlignedAddressOffset):
562         (JSC::MacroAssemblerX86Common::repatchCompact):
563         * assembler/X86Assembler.h:
564         (JSC::X86Assembler::repatchCompact):
565         * bytecode/CodeBlock.cpp:
566         (JSC::dumpStructure):
567         * bytecode/GetByIdStatus.h:
568         (JSC::GetByIdStatus::GetByIdStatus):
569         * dfg/DFGOperations.cpp:
570         * dfg/DFGOperations.h:
571         * dfg/DFGRepatch.cpp:
572         (JSC::DFG::tryCacheGetByID):
573         (JSC::DFG::emitPutTransitionStub):
574         * dfg/DFGSpeculativeJIT.cpp:
575         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
576         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
577         * dfg/DFGSpeculativeJIT.h:
578         (JSC::DFG::SpeculativeJIT::callOperation):
579         * dfg/DFGSpeculativeJIT32_64.cpp:
580         (JSC::DFG::SpeculativeJIT::compile):
581         * dfg/DFGSpeculativeJIT64.cpp:
582         (JSC::DFG::SpeculativeJIT::compile):
583         * heap/ConservativeRoots.cpp:
584         (JSC::ConservativeRoots::genericAddPointer):
585         * heap/CopiedSpace.h:
586         (CopiedSpace):
587         * heap/CopiedSpaceInlineMethods.h:
588         (JSC::CopiedSpace::pinIfNecessary):
589         (JSC):
590         * jit/JITPropertyAccess.cpp:
591         (JSC::JIT::compileGetDirectOffset):
592         * jit/JITPropertyAccess32_64.cpp:
593         (JSC::JIT::compileGetDirectOffset):
594         * jit/JITStubs.cpp:
595         (JSC::JITThunks::tryCacheGetByID):
596         * jsc.cpp:
597         (GlobalObject::finishCreation):
598         (functionDescribe):
599         * llint/LLIntCommon.h:
600         * llint/LLIntSlowPaths.cpp:
601         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
602         * llint/LowLevelInterpreter32_64.asm:
603         * llint/LowLevelInterpreter64.asm:
604         * runtime/JSObject.cpp:
605         (JSC::JSObject::visitChildren):
606         (JSC::JSFinalObject::visitChildren):
607         (JSC::JSObject::growOutOfLineStorage):
608         * runtime/JSObject.h:
609         (JSC::JSObject::getDirectLocation):
610         (JSC::JSObject::offsetForLocation):
611         * runtime/JSValue.h:
612         (JSValue):
613         * runtime/PropertyOffset.h:
614         (JSC::offsetInOutOfLineStorage):
615
616 2012-07-23  Filip Pizlo  <fpizlo@apple.com>
617
618         DFG is too aggressive in performing the specific value optimization on loads
619         https://bugs.webkit.org/show_bug.cgi?id=92034
620
621         Reviewed by Mark Hahnenberg.
622
623         This ensures that we don't do optimizations based on a structure having a specific
624         value, if there is no way to detect that the value is despecified. This is the
625         case for dictionaries, since despecifying a value in a dictionary does not lead to
626         a transition and so cannot be caught by either structure checks or structure
627         transition watchpoints.
628
629         * bytecode/GetByIdStatus.cpp:
630         (JSC::GetByIdStatus::computeFromLLInt):
631         (JSC::GetByIdStatus::computeForChain):
632         (JSC::GetByIdStatus::computeFor):
633         * bytecode/ResolveGlobalStatus.cpp:
634         (JSC::computeForStructure):
635
636 2012-07-23  Filip Pizlo  <fpizlo@apple.com>
637
638         REGRESSION(r123169): It made fast/js/dfg-inline-arguments-use-from-uninlined-code.html fail on 32 bit platforms
639         https://bugs.webkit.org/show_bug.cgi?id=92002
640
641         Reviewed by Mark Hahnenberg.
642         
643         In the process of changing the nature of local variable typing, I forgot to modify one of the places where
644         we glue the DFG's notion of variable prediction to the runtime's notion of variable tagging.
645
646         * dfg/DFGSpeculativeJIT.cpp:
647         (JSC::DFG::SpeculativeJIT::compile):
648
649 2012-07-23  Simon Fraser  <simon.fraser@apple.com>
650
651         Part 2 of: Implement sticky positioning
652         https://bugs.webkit.org/show_bug.cgi?id=90046
653
654         Reviewed by Ojan Vafai.
655
656         Turn on ENABLE_CSS_STICKY_POSITION.
657
658         * Configurations/FeatureDefines.xcconfig:
659
660 2012-07-23  Patrick Gansterer  <paroga@webkit.org>
661
662         Move JSC::parseDate() from DateConversion to JSDateMath
663         https://bugs.webkit.org/show_bug.cgi?id=91982
664
665         Reviewed by Geoffrey Garen.
666
667         Moveing this function into the other files removes the dependency
668         on JSC spcific classes in DateConversion.{cpp|h}.
669
670         * runtime/DateConversion.cpp:
671         * runtime/DateConversion.h:
672         (JSC):
673         * runtime/JSDateMath.cpp:
674         (JSC::parseDate):
675         (JSC):
676         * runtime/JSDateMath.h:
677         (JSC):
678
679 2012-07-23  Simon Fraser  <simon.fraser@apple.com>
680
681         Part 1 of: Implement sticky positioning
682         https://bugs.webkit.org/show_bug.cgi?id=90046
683
684         Reviewed by Ojan Vafai.
685
686         Add ENABLE_CSS_STICKY_POSITION, defaulting to off initially.
687         
688         Sort the ENABLE_CSS lines in the file. Make sure all the flags
689         are in FEATURE_DEFINES.
690
691         * Configurations/FeatureDefines.xcconfig:
692
693 2012-07-23  Yong Li  <yoli@rim.com>
694
695         [BlackBerry] Implement GCActivityCallback with platform timer
696         https://bugs.webkit.org/show_bug.cgi?id=90175
697
698         Reviewed by Rob Buis.
699
700         Use JSLock when performing GC to avoid assertions.
701
702         * runtime/GCActivityCallbackBlackBerry.cpp:
703         (JSC::DefaultGCActivityCallback::doWork):
704
705 2012-07-23  Kent Tamura  <tkent@chromium.org>
706
707         Rename ENABLE_METER_TAG and ENABLE_PROGRESS_TAG to ENABLE_METER_ELEMENT and ENABLE_PROGRESS_ELEMENT respectively
708         https://bugs.webkit.org/show_bug.cgi?id=91941
709
710         Reviewed by Kentaro Hara.
711
712         A flag name for an elmement should be ENABLE_*_ELEMENT.
713
714         * Configurations/FeatureDefines.xcconfig:
715
716 2012-07-22  Kent Tamura  <tkent@chromium.org>
717
718         Rename ENABLE_DETAILS to ENABLE_DETAILS_ELEMENT
719         https://bugs.webkit.org/show_bug.cgi?id=91928
720
721         Reviewed by Kentaro Hara.
722
723         A flag name for an elmement should be ENABLE_*_ELEMENT.
724
725         * Configurations/FeatureDefines.xcconfig:
726
727 2012-07-21  Patrick Gansterer  <paroga@webkit.org>
728
729         [WIN] Use GetDateFormat and GetTimeFormat instead of strftime
730         https://bugs.webkit.org/show_bug.cgi?id=83436
731
732         Reviewed by Brent Fulgham.
733
734         The MS CRT implementation of strftime calls the same two functions.
735         Using them directly avoids the overhead of parsing the format string and removes
736         the dependency on strftime() for WinCE where this function does not exist.
737
738         * runtime/DatePrototype.cpp:
739         (JSC::formatLocaleDate):
740
741 2012-07-20  Kent Tamura  <tkent@chromium.org>
742
743         Rename ENABLE_DATALIST to ENABLE_DATALIST_ELEMENT
744         https://bugs.webkit.org/show_bug.cgi?id=91846
745
746         Reviewed by Kentaro Hara.
747
748         A flag name for an elmement should be ENABLE_*_ELEMENT.
749
750         * Configurations/FeatureDefines.xcconfig:
751
752 2012-07-20  Han Shen  <shenhan@google.com>
753
754         [Chromium] Compilation fails under gcc 4.7
755         https://bugs.webkit.org/show_bug.cgi?id=90227
756
757         Reviewed by Tony Chang.
758
759         Disable warnings about c++0x compatibility in gcc newer than 4.6.
760
761         * JavaScriptCore.gyp/JavaScriptCore.gyp:
762
763 2012-07-18  Filip Pizlo  <fpizlo@apple.com>
764
765         DFG cell checks should be hoisted
766         https://bugs.webkit.org/show_bug.cgi?id=91717
767
768         Reviewed by Geoffrey Garen.
769
770         The DFG has always had the policy of hoisting array and integer checks to
771         the point of variable assignment. Eventually, we added doubles and booleans
772         to the mix. But cells should really be part of this as well, particularly
773         for 32-bit where accessing a known-type variable is dramatically cheaper
774         than accessing a variable whose types is only predicted but otherwise
775         unproven.
776         
777         This appears to be a definite speed-up for V8 on 32-bit, a possible speed-up
778         for Kraken, and a possible slow-down for V8 on 64-bit (around 0.2% if at
779         all). Any slow-downs can, and should, be addressed by making the hoisting
780         logic cognizant of variables that are never used in a manner that requires
781         type checks, and by sinking argument checks to the point(s) of first use.
782         
783         To make this work I had to change some OSR machinery, and special-case the
784         type predictions of the 'this' argument for constructors. OSR exit normally
785         assumes that arguments are boxed, which happens to be true because the
786         type prediction used for check hoisting is LUB'd with the type of the
787         argument that was passed in - so either the arguments are always stored to
788         with the full tag+payload, or if only the payload is stored then the tag
789         matches whatever the caller would have set. But not so with the 'this'
790         argument for constructors, which is not initialized by the caller. We
791         could make this more precise by having argument types for OSR be inferred
792         using similar machinery to other locals, but I figured that for this patch
793         I should use the surgical fix.
794
795         * assembler/MacroAssemblerX86_64.h:
796         (JSC::MacroAssemblerX86_64::branchTestPtr):
797         (MacroAssemblerX86_64):
798         * assembler/X86Assembler.h:
799         (JSC::X86Assembler::testq_rm):
800         (X86Assembler):
801         * dfg/DFGAbstractState.cpp:
802         (JSC::DFG::AbstractState::initialize):
803         (JSC::DFG::AbstractState::execute):
804         * dfg/DFGDriver.cpp:
805         (JSC::DFG::compile):
806         * dfg/DFGGraph.h:
807         (JSC::DFG::Graph::isCreatedThisArgument):
808         (Graph):
809         * dfg/DFGSpeculativeJIT.cpp:
810         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
811         * dfg/DFGSpeculativeJIT32_64.cpp:
812         (JSC::DFG::SpeculativeJIT::compile):
813         * dfg/DFGSpeculativeJIT64.cpp:
814         (JSC::DFG::SpeculativeJIT::compile):
815         * dfg/DFGValueSource.h:
816         (JSC::DFG::ValueSource::forSpeculation):
817
818 2012-07-19  Filip Pizlo  <fpizlo@apple.com>
819
820         Fast path of storage resize should be removed from property storage reallocation, since it is only useful for arrays
821         https://bugs.webkit.org/show_bug.cgi?id=91796
822
823         Reviewed by Geoffrey Garen.
824
825         * dfg/DFGRepatch.cpp:
826         (JSC::DFG::emitPutTransitionStub):
827         * dfg/DFGSpeculativeJIT.cpp:
828         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
829         * runtime/JSObject.cpp:
830         (JSC::JSObject::growOutOfLineStorage):
831
832 2012-07-19  Mark Lam  <mark.lam@apple.com>
833
834         Bug fixes and enhancements for OfflineASM annotation system.
835         https://bugs.webkit.org/show_bug.cgi?id=91690
836
837         Reviewed by Filip Pizlo.
838
839         * offlineasm/armv7.rb: added default handling of Instruction lower().
840         * offlineasm/asm.rb: added more support for annotations and more pretty printing.
841         * offlineasm/ast.rb: added more support for annotations.
842         * offlineasm/config.rb: added $preferredCommentStartColumn, simplified $enableInstrAnnotations.
843         * offlineasm/parser.rb: added more support for annotations.
844         * offlineasm/transform.rb: added more support for annotations.
845         * offlineasm/x86.rb: added default handling of Instruction lower().
846
847 2012-07-19  Patrick Gansterer  <paroga@webkit.org>
848
849         [WIN] Fix compilation of JSGlobalData.h with ENABLE(DFG_JIT)
850         https://bugs.webkit.org/show_bug.cgi?id=91243
851
852         Reviewed by Geoffrey Garen.
853
854         Disable MSVC warning 4200 "zero-sized array in struct/union" for JSC::ScratchBuffer.
855
856         * runtime/JSGlobalData.h:
857         (JSC):
858
859 2012-07-19  Mark Lam  <mark.lam@apple.com>
860
861         Fixed broken ENABLE_JIT=0 build.
862         https://bugs.webkit.org/show_bug.cgi?id=91725
863
864         Reviewed by Oliver Hunt.
865
866         * bytecode/Watchpoint.cpp:
867         * heap/JITStubRoutineSet.h:
868         (JSC):
869         (JITStubRoutineSet):
870         (JSC::JITStubRoutineSet::JITStubRoutineSet):
871         (JSC::JITStubRoutineSet::~JITStubRoutineSet):
872         (JSC::JITStubRoutineSet::add):
873         (JSC::JITStubRoutineSet::clearMarks):
874         (JSC::JITStubRoutineSet::mark):
875         (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
876         (JSC::JITStubRoutineSet::traceMarkedStubRoutines):
877
878 2012-07-19  Kristóf Kosztyó  <kkristof@inf.u-szeged.hu>
879
880         [Qt] Unreviewed buildfix after r123042.
881
882         * interpreter/Interpreter.cpp:
883         (JSC::Interpreter::dumpRegisters):
884
885 2012-07-18  Filip Pizlo  <fpizlo@apple.com>
886
887         DFG should emit inline code for property storage (re)allocation
888         https://bugs.webkit.org/show_bug.cgi?id=91597
889
890         Reviewed by Oliver Hunt.
891
892         This adds two new ops to the DFG IR: AllocatePropertyStorage and
893         ReallocatePropertyStorage. It enables these to interact properly with
894         CSE so that a GetPropertyStorage on something for which we have
895         obviously done a (Re)AllocatePropertyStorage will result in the
896         GetPropertyStorage being eliminated. Other than that, the code
897         emitted for these ops is identical to the code we were emitting in
898         the corresponding PutById stub.
899
900         * dfg/DFGAbstractState.cpp:
901         (JSC::DFG::AbstractState::execute):
902         * dfg/DFGByteCodeParser.cpp:
903         (JSC::DFG::ByteCodeParser::parseBlock):
904         * dfg/DFGCSEPhase.cpp:
905         (JSC::DFG::CSEPhase::putStructureStoreElimination):
906         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
907         * dfg/DFGNode.h:
908         (JSC::DFG::Node::hasStructureTransitionData):
909         * dfg/DFGNodeType.h:
910         (DFG):
911         * dfg/DFGOperations.cpp:
912         * dfg/DFGOperations.h:
913         * dfg/DFGPredictionPropagationPhase.cpp:
914         (JSC::DFG::PredictionPropagationPhase::propagate):
915         * dfg/DFGSpeculativeJIT.cpp:
916         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
917         (DFG):
918         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
919         * dfg/DFGSpeculativeJIT.h:
920         (JSC::DFG::SpeculativeJIT::callOperation):
921         (SpeculativeJIT):
922         * dfg/DFGSpeculativeJIT32_64.cpp:
923         (JSC::DFG::SpeculativeJIT::compile):
924         * dfg/DFGSpeculativeJIT64.cpp:
925         (JSC::DFG::SpeculativeJIT::compile):
926         * runtime/Structure.cpp:
927         (JSC::nextOutOfLineStorageCapacity):
928         * runtime/Structure.h:
929         (JSC):
930
931 2012-07-16  Oliver Hunt  <oliver@apple.com>
932
933         dumpCallFrame is broken in ToT
934         https://bugs.webkit.org/show_bug.cgi?id=91444
935
936         Reviewed by Gavin Barraclough.
937
938         Various changes have been made to the SF calling convention, but
939         dumpCallFrame has not been updated to reflect these changes.
940         That resulted in both bogus information, as well as numerous
941         assertions of sadness.
942
943         This patch makes dumpCallFrame actually work again and adds the
944         wonderful feature of telling you the name of the variable that a
945         register reflects, or what value it contains.
946
947         * bytecode/CodeBlock.cpp:
948         (JSC::CodeBlock::nameForRegister):
949             A really innefficient mechanism for finding the name of a local register.
950             This should only ever be used by debug code so this should be okay.
951         * bytecode/CodeBlock.h:
952         (CodeBlock):
953         * bytecompiler/BytecodeGenerator.cpp:
954         (JSC::BytecodeGenerator::generate):
955             Debug builds no longer throw away a functions symbol table, this allows
956             us to actually perform a register# to name mapping
957         * dfg/DFGJITCompiler.cpp:
958         (JSC::DFG::JITCompiler::link):
959             We weren't propogating the bytecode offset here leading to assertions
960             in debug builds when dumping bytecode of DFG compiled code.
961         * interpreter/Interpreter.cpp:
962         (JSC):
963         (JSC::Interpreter::dumpRegisters):
964              Rework to actually be correct.
965         (JSC::getCallerInfo):
966              Return the byteocde offset as well now, given we have to determine it
967              anyway.
968         (JSC::Interpreter::getStackTrace):
969         (JSC::Interpreter::retrieveCallerFromVMCode):
970         * interpreter/Interpreter.h:
971         (Interpreter):
972         * jsc.cpp:
973         (GlobalObject::finishCreation):
974         (functionDumpCallFrame):
975              Give debug builds of JSC a method for calling dumpCallFrame so we can
976              inspect a callframe without requiring us to break in a debugger.
977
978 2012-07-18  Filip Pizlo  <fpizlo@apple.com>
979
980         DFG 32-bit PutById transition stub storage reallocation case copies the first pointer of each JSValue instead of the whole JSValue
981         https://bugs.webkit.org/show_bug.cgi?id=91599
982
983         Reviewed by Geoffrey Garen.
984
985         * dfg/DFGRepatch.cpp:
986         (JSC::DFG::emitPutTransitionStub):
987
988 2012-07-17  Filip Pizlo  <fpizlo@apple.com>
989
990         DFG 32-bit PutById transition stub passes the payload/tag arguments to a DFG operation in the wrong order
991         https://bugs.webkit.org/show_bug.cgi?id=91576
992
993         Reviewed by Gavin Barraclough.
994
995         * dfg/DFGRepatch.cpp:
996         (JSC::DFG::emitPutTransitionStub):
997
998 2012-07-17  Filip Pizlo  <fpizlo@apple.com>
999
1000         [Qt] REGRESSION(r122768, r122771): They broke jquery/data.html and inspector/elements/edit-dom-actions.html
1001         https://bugs.webkit.org/show_bug.cgi?id=91476
1002
1003         Reviewed by Mark Hahnenberg.
1004
1005         The 32-bit repatching code was not correctly adapted to the new world where there may not always
1006         be an available scratch register. Fixed it by ensuring that the scratch register we select does
1007         not overlap with the value tag.
1008
1009         * dfg/DFGRepatch.cpp:
1010         (JSC::DFG::generateProtoChainAccessStub):
1011         (JSC::DFG::tryCacheGetByID):
1012         (JSC::DFG::tryBuildGetByIDList):
1013         (JSC::DFG::emitPutReplaceStub):
1014
1015 2012-07-17  Gabor Rapcsanyi  <rgabor@webkit.org>
1016
1017         Unreviewed buildfix from Zoltan Herczeg after 122768.
1018
1019         * dfg/DFGCCallHelpers.h:
1020         (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
1021         (CCallHelpers):
1022
1023 2012-07-17  David Barr  <davidbarr@chromium.org>
1024
1025         Introduce ENABLE_CSS_IMAGE_ORIENTATION compile flag
1026         https://bugs.webkit.org/show_bug.cgi?id=89055
1027
1028         Reviewed by Kent Tamura.
1029
1030         The css3-images module is at candidate recommendation.
1031         http://www.w3.org/TR/2012/CR-css3-images-20120417/#the-image-orientation
1032
1033         Add a configuration option for CSS image-orientation support, disabling it by default.
1034
1035         * Configurations/FeatureDefines.xcconfig:
1036
1037 2012-07-16  Filip Pizlo  <fpizlo@apple.com>
1038
1039         Unreviewed, roll out 122790 because it broke the Windows build. I'm not
1040         sure what to do with exported symbols that are predicated on NDEBUG.
1041
1042         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1043         * bytecode/CodeBlock.cpp:
1044         (JSC):
1045         * bytecode/CodeBlock.h:
1046         (CodeBlock):
1047         * bytecompiler/BytecodeGenerator.cpp:
1048         (JSC::BytecodeGenerator::generate):
1049         * dfg/DFGJITCompiler.cpp:
1050         (JSC::DFG::JITCompiler::link):
1051         * interpreter/Interpreter.cpp:
1052         (JSC):
1053         (JSC::Interpreter::dumpRegisters):
1054         (JSC::getCallerInfo):
1055         (JSC::Interpreter::getStackTrace):
1056         (JSC::Interpreter::retrieveCallerFromVMCode):
1057         * interpreter/Interpreter.h:
1058         (Interpreter):
1059         * jsc.cpp:
1060         (GlobalObject::finishCreation):
1061
1062 2012-07-16  Oliver Hunt  <oliver@apple.com>
1063
1064         dumpCallFrame is broken in ToT
1065         https://bugs.webkit.org/show_bug.cgi?id=91444
1066
1067         Reviewed by Gavin Barraclough.
1068
1069         Various changes have been made to the SF calling convention, but
1070         dumpCallFrame has not been updated to reflect these changes.
1071         That resulted in both bogus information, as well as numerous
1072         assertions of sadness.
1073
1074         This patch makes dumpCallFrame actually work again and adds the
1075         wonderful feature of telling you the name of the variable that a
1076         register reflects, or what value it contains.
1077
1078         * bytecode/CodeBlock.cpp:
1079         (JSC::CodeBlock::nameForRegister):
1080             A really innefficient mechanism for finding the name of a local register.
1081             This should only ever be used by debug code so this should be okay.
1082         * bytecode/CodeBlock.h:
1083         (CodeBlock):
1084         * bytecompiler/BytecodeGenerator.cpp:
1085         (JSC::BytecodeGenerator::generate):
1086             Debug builds no longer throw away a functions symbol table, this allows
1087             us to actually perform a register# to name mapping
1088         * dfg/DFGJITCompiler.cpp:
1089         (JSC::DFG::JITCompiler::link):
1090             We weren't propogating the bytecode offset here leading to assertions
1091             in debug builds when dumping bytecode of DFG compiled code.
1092         * interpreter/Interpreter.cpp:
1093         (JSC):
1094         (JSC::Interpreter::dumpRegisters):
1095              Rework to actually be correct.
1096         (JSC::getCallerInfo):
1097              Return the byteocde offset as well now, given we have to determine it
1098              anyway.
1099         (JSC::Interpreter::getStackTrace):
1100         (JSC::Interpreter::retrieveCallerFromVMCode):
1101         * interpreter/Interpreter.h:
1102         (Interpreter):
1103         * jsc.cpp:
1104         (GlobalObject::finishCreation):
1105         (functionDumpCallFrame):
1106              Give debug builds of JSC a method for calling dumpCallFrame so we can
1107              inspect a callframe without requiring us to break in a debugger.
1108
1109 2012-07-16  Filip Pizlo  <fpizlo@apple.com>
1110
1111         Unreviewed, adding forgotten files.
1112
1113         * dfg/DFGRegisterSet.h: Added.
1114         (DFG):
1115         (RegisterSet):
1116         (JSC::DFG::RegisterSet::RegisterSet):
1117         (JSC::DFG::RegisterSet::asPOD):
1118         (JSC::DFG::RegisterSet::copyInfo):
1119         (JSC::DFG::RegisterSet::set):
1120         (JSC::DFG::RegisterSet::setGPRByIndex):
1121         (JSC::DFG::RegisterSet::clear):
1122         (JSC::DFG::RegisterSet::get):
1123         (JSC::DFG::RegisterSet::getGPRByIndex):
1124         (JSC::DFG::RegisterSet::getFreeGPR):
1125         (JSC::DFG::RegisterSet::setFPRByIndex):
1126         (JSC::DFG::RegisterSet::getFPRByIndex):
1127         (JSC::DFG::RegisterSet::setByIndex):
1128         (JSC::DFG::RegisterSet::getByIndex):
1129         (JSC::DFG::RegisterSet::numberOfSetGPRs):
1130         (JSC::DFG::RegisterSet::numberOfSetFPRs):
1131         (JSC::DFG::RegisterSet::numberOfSetRegisters):
1132         (JSC::DFG::RegisterSet::setBit):
1133         (JSC::DFG::RegisterSet::clearBit):
1134         (JSC::DFG::RegisterSet::getBit):
1135         * dfg/DFGScratchRegisterAllocator.h: Added.
1136         (DFG):
1137         (ScratchRegisterAllocator):
1138         (JSC::DFG::ScratchRegisterAllocator::ScratchRegisterAllocator):
1139         (JSC::DFG::ScratchRegisterAllocator::lock):
1140         (JSC::DFG::ScratchRegisterAllocator::allocateScratch):
1141         (JSC::DFG::ScratchRegisterAllocator::allocateScratchGPR):
1142         (JSC::DFG::ScratchRegisterAllocator::allocateScratchFPR):
1143         (JSC::DFG::ScratchRegisterAllocator::didReuseRegisters):
1144         (JSC::DFG::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
1145         (JSC::DFG::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
1146         (JSC::DFG::ScratchRegisterAllocator::desiredScratchBufferSize):
1147         (JSC::DFG::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
1148         (JSC::DFG::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
1149
1150 2012-07-15  Filip Pizlo  <fpizlo@apple.com>
1151
1152         DFG PutById transition should handle storage allocation, and inline it
1153         https://bugs.webkit.org/show_bug.cgi?id=91337
1154
1155         Reviewed by Oliver Hunt.
1156
1157         This enables the patching of DFG PutById to handle the out-of-line storage
1158         allocation case. Furthermore, it inlines out-of-line storage allocation (and
1159         reallocation) into the generated stubs.  
1160         
1161         To do this, this patch adds the ability to store the relevant register
1162         allocation state (i.e. the set of in-use registers) in the structure stub
1163         info so that the stub generation code can more flexibly select scratch
1164         registers: sometimes it needs none, sometimes one - or sometimes up to
1165         three. Moreover, to make the stub generation register allocation simple and
1166         maintainable, this patch introduces a reusable scratch register allocator
1167         class. This register allocator understands that some registers are in use by
1168         the main path code and so must be spilled as necessary, other registers are
1169         locked for use in the stub itself and so cannot even be spilled, while still
1170         others may be allocated for scratch purposes. A scratch register that is
1171         used must be spilled. If a register is locked, it cannot be used as a
1172         scratch register. If a register is used, it can be used as a scratch
1173         register so long as it is spilled.
1174         
1175         This is a sub-1% speed-up on V8 and neutral elsewhere.
1176
1177         * GNUmakefile.list.am:
1178         * JavaScriptCore.xcodeproj/project.pbxproj:
1179         * assembler/MacroAssemblerCodeRef.h:
1180         (FunctionPtr):
1181         (JSC::FunctionPtr::FunctionPtr):
1182         * bytecode/StructureStubInfo.h:
1183         * dfg/DFGCCallHelpers.h:
1184         (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
1185         (CCallHelpers):
1186         * dfg/DFGGPRInfo.h:
1187         * dfg/DFGJITCompiler.cpp:
1188         (JSC::DFG::JITCompiler::link):
1189         * dfg/DFGJITCompiler.h:
1190         (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
1191         (PropertyAccessRecord):
1192         * dfg/DFGOperations.cpp:
1193         * dfg/DFGOperations.h:
1194         * dfg/DFGRegisterBank.h:
1195         (JSC::DFG::RegisterBank::isInUse):
1196         (RegisterBank):
1197         * dfg/DFGRegisterSet.h: Added.
1198         (DFG):
1199         (RegisterSet):
1200         (JSC::DFG::RegisterSet::RegisterSet):
1201         (JSC::DFG::RegisterSet::asPOD):
1202         (JSC::DFG::RegisterSet::copyInfo):
1203         (JSC::DFG::RegisterSet::set):
1204         (JSC::DFG::RegisterSet::setGPRByIndex):
1205         (JSC::DFG::RegisterSet::clear):
1206         (JSC::DFG::RegisterSet::get):
1207         (JSC::DFG::RegisterSet::getGPRByIndex):
1208         (JSC::DFG::RegisterSet::getFreeGPR):
1209         (JSC::DFG::RegisterSet::setFPRByIndex):
1210         (JSC::DFG::RegisterSet::getFPRByIndex):
1211         (JSC::DFG::RegisterSet::setByIndex):
1212         (JSC::DFG::RegisterSet::getByIndex):
1213         (JSC::DFG::RegisterSet::numberOfSetGPRs):
1214         (JSC::DFG::RegisterSet::numberOfSetFPRs):
1215         (JSC::DFG::RegisterSet::numberOfSetRegisters):
1216         (JSC::DFG::RegisterSet::setBit):
1217         (JSC::DFG::RegisterSet::clearBit):
1218         (JSC::DFG::RegisterSet::getBit):
1219         * dfg/DFGRepatch.cpp:
1220         (JSC::DFG::generateProtoChainAccessStub):
1221         (JSC::DFG::tryCacheGetByID):
1222         (JSC::DFG::tryBuildGetByIDList):
1223         (JSC::DFG::emitPutReplaceStub):
1224         (JSC::DFG::emitPutTransitionStub):
1225         (JSC::DFG::tryCachePutByID):
1226         (JSC::DFG::tryBuildPutByIdList):
1227         * dfg/DFGScratchRegisterAllocator.h: Added.
1228         (DFG):
1229         (ScratchRegisterAllocator):
1230         (JSC::DFG::ScratchRegisterAllocator::ScratchRegisterAllocator):
1231         (JSC::DFG::ScratchRegisterAllocator::lock):
1232         (JSC::DFG::ScratchRegisterAllocator::allocateScratch):
1233         (JSC::DFG::ScratchRegisterAllocator::allocateScratchGPR):
1234         (JSC::DFG::ScratchRegisterAllocator::allocateScratchFPR):
1235         (JSC::DFG::ScratchRegisterAllocator::didReuseRegisters):
1236         (JSC::DFG::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
1237         (JSC::DFG::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
1238         (JSC::DFG::ScratchRegisterAllocator::desiredScratchBufferSize):
1239         (JSC::DFG::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
1240         (JSC::DFG::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
1241         * dfg/DFGSpeculativeJIT.h:
1242         (SpeculativeJIT):
1243         (JSC::DFG::SpeculativeJIT::usedRegisters):
1244         * dfg/DFGSpeculativeJIT32_64.cpp:
1245         (JSC::DFG::SpeculativeJIT::cachedGetById):
1246         (JSC::DFG::SpeculativeJIT::cachedPutById):
1247         (JSC::DFG::SpeculativeJIT::compile):
1248         * dfg/DFGSpeculativeJIT64.cpp:
1249         (JSC::DFG::SpeculativeJIT::cachedGetById):
1250         (JSC::DFG::SpeculativeJIT::cachedPutById):
1251         (JSC::DFG::SpeculativeJIT::compile):
1252         * heap/CopiedAllocator.h:
1253         (CopiedAllocator):
1254         (JSC::CopiedAllocator::fastPathShouldSucceed):
1255         (JSC):
1256
1257 2012-07-16  Patrick Gansterer  <paroga@webkit.org>
1258
1259         Add dfg switch to create_jit_stubs script
1260         https://bugs.webkit.org/show_bug.cgi?id=91256
1261
1262         Reviewed by Geoffrey Garen.
1263
1264         * create_jit_stubs: Add a switch to enable or disable the generation of
1265                             stub functions in #if ENABLE(DFG_JIT) conditions.
1266
1267 2012-07-16  Gabor Rapcsanyi  <rgabor@webkit.org>
1268
1269         Unreviewed buildfix after r122729. Typo fix.
1270
1271         * assembler/MacroAssemblerARM.h:
1272         (JSC::MacroAssemblerARM::add32):
1273
1274 2012-07-16  Gabor Rapcsanyi  <rgabor@webkit.org>
1275
1276         Unreviewed buildfix from Zoltan Herczeg after r122677.
1277         Implement missing add32 function to MacroAssemblerARM.
1278
1279         * assembler/MacroAssemblerARM.h:
1280         (JSC::MacroAssemblerARM::add32):
1281         (MacroAssemblerARM):
1282
1283 2012-07-14  Filip Pizlo  <fpizlo@apple.com>
1284
1285         DFG PutByVal opcodes should accept more than 3 operands
1286         https://bugs.webkit.org/show_bug.cgi?id=91332
1287
1288         Reviewed by Oliver Hunt.
1289
1290         Turned PutByVal/PutByValAlias into var-arg nodes, so that we can give them
1291         4 or more operands in the future.
1292
1293         * dfg/DFGAbstractState.cpp:
1294         (JSC::DFG::AbstractState::execute):
1295         * dfg/DFGByteCodeParser.cpp:
1296         (JSC::DFG::ByteCodeParser::parseBlock):
1297         * dfg/DFGCSEPhase.cpp:
1298         (JSC::DFG::CSEPhase::getByValLoadElimination):
1299         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
1300         (JSC::DFG::CSEPhase::performNodeCSE):
1301         * dfg/DFGFixupPhase.cpp:
1302         (JSC::DFG::FixupPhase::fixupNode):
1303         (JSC::DFG::FixupPhase::fixDoubleEdge):
1304         * dfg/DFGGraph.h:
1305         (JSC::DFG::Graph::byValIsPure):
1306         (JSC::DFG::Graph::varArgNumChildren):
1307         (Graph):
1308         (JSC::DFG::Graph::numChildren):
1309         (JSC::DFG::Graph::varArgChild):
1310         (JSC::DFG::Graph::child):
1311         * dfg/DFGNodeType.h:
1312         (DFG):
1313         * dfg/DFGPredictionPropagationPhase.cpp:
1314         (JSC::DFG::PredictionPropagationPhase::propagate):
1315         * dfg/DFGSpeculativeJIT.cpp:
1316         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
1317         (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
1318         * dfg/DFGSpeculativeJIT32_64.cpp:
1319         (JSC::DFG::SpeculativeJIT::compile):
1320         * dfg/DFGSpeculativeJIT64.cpp:
1321         (JSC::DFG::SpeculativeJIT::compile):
1322
1323 2012-07-14  Filip Pizlo  <fpizlo@apple.com>
1324
1325         Rationalize and optimize storage allocation
1326         https://bugs.webkit.org/show_bug.cgi?id=91303
1327
1328         Reviewed by Oliver Hunt.
1329
1330         This implements a backwards bump allocator for copied space storage
1331         allocation, shown in pseudo-code below:
1332         
1333             pointer bump(size) {
1334                 pointer tmp = allocator->remaining;
1335                 tmp -= size;
1336                 if (tmp < 0)
1337                     fail;
1338                 allocator->remaining = tmp;
1339                 return allocator->payloadEnd - tmp - size;
1340             }
1341
1342         The advantage of this allocator is that it:
1343         
1344         - Only requires one comparison in the common case where size is known to
1345           not be huge, and this comparison can be done by checking the sign bit
1346           of the subtraction.
1347         
1348         - Can be implemented even when only one register is available. This
1349           register is reused for both temporary storage during allocation and
1350           for the result.
1351         
1352         - Preserves the behavior that memory in a block is filled in from lowest
1353           address to highest address, which allows for a cheap reallocation fast
1354           path.
1355         
1356         - Is resilient against the block used for allocation being the last one
1357           in virtual memory, thereby otherwise leading to the risk of overflow
1358           in the bump pointer, despite only doing one branch.
1359         
1360         In order to implement this allocator using the smallest possible chunk
1361         of code, I refactored the copied space code so that all of the allocation
1362         logic is in CopiedAllocator, and all of the state is in either
1363         CopiedBlock or CopiedAllocator. This should make changing the allocation
1364         fast path easier in the future.
1365         
1366         In order to do this, I needed to add some new assembler support,
1367         particularly for various forms of add(address, register) and negPtr().
1368         
1369         This is performance neutral. The purpose of this change is to facilitate
1370         further inlining of storage allocation without having to reserve
1371         additional registers or emit too much code.
1372
1373         * assembler/MacroAssembler.h:
1374         (JSC::MacroAssembler::addPtr):
1375         (MacroAssembler):
1376         (JSC::MacroAssembler::negPtr):
1377         * assembler/MacroAssemblerARMv7.h:
1378         (MacroAssemblerARMv7):
1379         (JSC::MacroAssemblerARMv7::add32):
1380         * assembler/MacroAssemblerX86.h:
1381         (JSC::MacroAssemblerX86::add32):
1382         (MacroAssemblerX86):
1383         * assembler/MacroAssemblerX86_64.h:
1384         (MacroAssemblerX86_64):
1385         (JSC::MacroAssemblerX86_64::addPtr):
1386         (JSC::MacroAssemblerX86_64::negPtr):
1387         * assembler/X86Assembler.h:
1388         (X86Assembler):
1389         (JSC::X86Assembler::addl_mr):
1390         (JSC::X86Assembler::addq_mr):
1391         (JSC::X86Assembler::negq_r):
1392         * heap/CopiedAllocator.h:
1393         (CopiedAllocator):
1394         (JSC::CopiedAllocator::isValid):
1395         (JSC::CopiedAllocator::CopiedAllocator):
1396         (JSC::CopiedAllocator::tryAllocate):
1397         (JSC):
1398         (JSC::CopiedAllocator::tryReallocate):
1399         (JSC::CopiedAllocator::forceAllocate):
1400         (JSC::CopiedAllocator::resetCurrentBlock):
1401         (JSC::CopiedAllocator::setCurrentBlock):
1402         (JSC::CopiedAllocator::currentCapacity):
1403         * heap/CopiedBlock.h:
1404         (CopiedBlock):
1405         (JSC::CopiedBlock::create):
1406         (JSC::CopiedBlock::zeroFillWilderness):
1407         (JSC::CopiedBlock::CopiedBlock):
1408         (JSC::CopiedBlock::payloadEnd):
1409         (JSC):
1410         (JSC::CopiedBlock::payloadCapacity):
1411         (JSC::CopiedBlock::data):
1412         (JSC::CopiedBlock::dataEnd):
1413         (JSC::CopiedBlock::dataSize):
1414         (JSC::CopiedBlock::wilderness):
1415         (JSC::CopiedBlock::wildernessEnd):
1416         (JSC::CopiedBlock::wildernessSize):
1417         (JSC::CopiedBlock::size):
1418         * heap/CopiedSpace.cpp:
1419         (JSC::CopiedSpace::tryAllocateSlowCase):
1420         (JSC::CopiedSpace::tryAllocateOversize):
1421         (JSC::CopiedSpace::tryReallocate):
1422         (JSC::CopiedSpace::doneFillingBlock):
1423         (JSC::CopiedSpace::doneCopying):
1424         * heap/CopiedSpace.h:
1425         (CopiedSpace):
1426         * heap/CopiedSpaceInlineMethods.h:
1427         (JSC::CopiedSpace::startedCopying):
1428         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
1429         (JSC::CopiedSpace::allocateBlock):
1430         (JSC::CopiedSpace::tryAllocate):
1431         (JSC):
1432         * heap/MarkStack.cpp:
1433         (JSC::SlotVisitor::startCopying):
1434         (JSC::SlotVisitor::allocateNewSpace):
1435         (JSC::SlotVisitor::doneCopying):
1436         * heap/SlotVisitor.h:
1437         (JSC::SlotVisitor::SlotVisitor):
1438         * jit/JIT.h:
1439         * jit/JITInlineMethods.h:
1440         (JSC::JIT::emitAllocateBasicStorage):
1441         (JSC::JIT::emitAllocateJSArray):
1442
1443 2012-07-13  Mark Lam  <mark.lam@apple.com>
1444
1445         OfflineASM Pretty printing and commenting enhancements.
1446         https://bugs.webkit.org/show_bug.cgi?id=91281
1447
1448         Reviewed by Filip Pizlo.
1449
1450         Added some minor pretty printing in the OfflineASM.
1451         Also added infrastruture for adding multiple types of comments and
1452         annotations with the ability to enable/disable them in the generated
1453         output as desired.
1454
1455         * GNUmakefile.list.am: add new file config.rb.
1456         * llint/LLIntOfflineAsmConfig.h:
1457           Added OFFLINE_ASM_BEGIN, OFFLINE_ASM_END, and OFFLINE_ASM_LOCAL_LABEL macros.
1458           This will allow us to redefine these for other backends later.
1459         * llint/LowLevelInterpreter32_64.asm:
1460           Add a small example of instruction annotations for now.
1461         * llint/LowLevelInterpreter64.asm:
1462           Add a small example of instruction annotations for now.
1463         * offlineasm/armv7.rb: Added handling of annotations.
1464         * offlineasm/asm.rb:
1465           Added machinery to dump the new comments and annotations.
1466           Also added some indentations to make the output a little prettier.
1467         * offlineasm/ast.rb: Added annotation field in class Instruction. 
1468         * offlineasm/backends.rb:
1469         * offlineasm/config.rb: Added.
1470           Currently only contains commenting options.  This file is meant to be
1471           a centralized place for build config values much like config.h for
1472           JavaScriptCore.
1473         * offlineasm/generate_offset_extractor.rb:
1474         * offlineasm/instructions.rb:
1475         * offlineasm/offsets.rb:
1476         * offlineasm/opt.rb:
1477         * offlineasm/parser.rb: Parse and record annotations.
1478         * offlineasm/registers.rb:
1479         * offlineasm/self_hash.rb:
1480         * offlineasm/settings.rb:
1481         * offlineasm/transform.rb:
1482         * offlineasm/x86.rb: Added handling of annotations.
1483
1484 2012-07-13  Filip Pizlo  <fpizlo@apple.com>
1485
1486         ASSERTION FAILED: use.useKind() != DoubleUse
1487         https://bugs.webkit.org/show_bug.cgi?id=91082
1488
1489         Reviewed by Geoffrey Garen.
1490
1491         The implementation of Branch() was unwisely relying on register allocation state
1492         to decide what speculations to perform. That's never correct.
1493
1494         * dfg/DFGSpeculativeJIT32_64.cpp:
1495         (JSC::DFG::SpeculativeJIT::compile):
1496         * dfg/DFGSpeculativeJIT64.cpp:
1497         (JSC::DFG::SpeculativeJIT::compile):
1498
1499 2012-07-13  Sheriff Bot  <webkit.review.bot@gmail.com>
1500
1501         Unreviewed, rolling out r122640.
1502         http://trac.webkit.org/changeset/122640
1503         https://bugs.webkit.org/show_bug.cgi?id=91298
1504
1505         LLInt apparently does not expect to mark these (Requested by
1506         olliej on #webkit).
1507
1508         * bytecode/CodeBlock.cpp:
1509         (JSC::CodeBlock::visitStructures):
1510         (JSC::CodeBlock::stronglyVisitStrongReferences):
1511
1512 2012-07-13  Oliver Hunt  <oliver@apple.com>
1513
1514         LLInt fails to mark structures stored in the bytecode
1515         https://bugs.webkit.org/show_bug.cgi?id=91296
1516
1517         Reviewed by Geoffrey Garen.
1518
1519         LLInt stores structures in the bytecode, so we need to visit the appropriate
1520         instructions as we would if we were running in the classic interpreter.
1521         This requires adding additional checks for the LLInt specific opcodes, and
1522         the lint specific variants of operand ordering. 
1523
1524         * bytecode/CodeBlock.cpp:
1525         (JSC::CodeBlock::visitStructures):
1526         (JSC::CodeBlock::stronglyVisitStrongReferences):
1527
1528 2012-07-13  Yong Li  <yoli@rim.com>
1529
1530         [BlackBerry] Implement GCActivityCallback with platform timer
1531         https://bugs.webkit.org/show_bug.cgi?id=90175
1532
1533         Reviewed by Rob Buis.
1534
1535         Implement GCActivityCallback and HeapTimer for BlackBerry port.
1536
1537         * heap/HeapTimer.cpp:
1538         (JSC):
1539         (JSC::HeapTimer::HeapTimer):
1540         (JSC::HeapTimer::~HeapTimer):
1541         (JSC::HeapTimer::timerDidFire):
1542         (JSC::HeapTimer::synchronize):
1543         (JSC::HeapTimer::invalidate):
1544         (JSC::HeapTimer::didStartVMShutdown):
1545         * heap/HeapTimer.h:
1546         (HeapTimer):
1547         * runtime/GCActivityCallbackBlackBerry.cpp:
1548         (JSC):
1549         (JSC::DefaultGCActivityCallback::doWork):
1550         (JSC::DefaultGCActivityCallback::didAllocate):
1551         (JSC::DefaultGCActivityCallback::willCollect):
1552         (JSC::DefaultGCActivityCallback::cancel):
1553
1554 2012-07-13  Patrick Gansterer  <paroga@webkit.org>
1555
1556         [WIN] Fix compilation of DFGRepatch.cpp
1557         https://bugs.webkit.org/show_bug.cgi?id=91241
1558
1559         Reviewed by Geoffrey Garen.
1560
1561         Use intptr_t instead of uintptr_t when calling CodeLocationCommon::dataLabelPtrAtOffset(int)
1562         to fix MSVC "unary minus operator applied to unsigned type, result still unsigned" warning.
1563
1564         * dfg/DFGRepatch.cpp:
1565         (JSC::DFG::dfgResetGetByID):
1566         (JSC::DFG::dfgResetPutByID):
1567
1568 2012-07-13  Patrick Gansterer  <paroga@webkit.org>
1569
1570         Fix ARM_TRADITIONAL JIT for COMPILER(MSVC) and COMPILER(RVCT) after r121885
1571         https://bugs.webkit.org/show_bug.cgi?id=91238
1572
1573         Reviewed by Zoltan Herczeg.
1574
1575         r121885 changed the assembler instruction only for COMPILER(GCC).
1576         Use the same instructions for the other compilers too.
1577
1578         * jit/JITStubs.cpp:
1579         (JSC::ctiTrampoline):
1580         (JSC::ctiTrampolineEnd):
1581         (JSC::ctiVMThrowTrampoline):
1582
1583 2012-07-12  Filip Pizlo  <fpizlo@apple.com>
1584
1585         DFG property access stubs should use structure transition watchpoints
1586         https://bugs.webkit.org/show_bug.cgi?id=91135
1587
1588         Reviewed by Geoffrey Garen.
1589
1590         This adds a Watchpoint subclass that will clear a structure stub (i.e.
1591         a property access stub) when fired. The DFG stub generation code now
1592         uses this optimization.
1593
1594         * CMakeLists.txt:
1595         * GNUmakefile.list.am:
1596         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1597         * JavaScriptCore.xcodeproj/project.pbxproj:
1598         * Target.pri:
1599         * bytecode/CodeBlock.cpp:
1600         (JSC):
1601         (JSC::CodeBlock::finalizeUnconditionally):
1602         (JSC::CodeBlock::resetStub):
1603         (JSC::CodeBlock::resetStubInternal):
1604         * bytecode/CodeBlock.h:
1605         (JSC):
1606         (CodeBlock):
1607         * bytecode/StructureStubClearingWatchpoint.cpp: Added.
1608         (JSC):
1609         (JSC::StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint):
1610         (JSC::StructureStubClearingWatchpoint::push):
1611         (JSC::StructureStubClearingWatchpoint::fireInternal):
1612         (JSC::WatchpointsOnStructureStubInfo::~WatchpointsOnStructureStubInfo):
1613         (JSC::WatchpointsOnStructureStubInfo::addWatchpoint):
1614         (JSC::WatchpointsOnStructureStubInfo::ensureReferenceAndAddWatchpoint):
1615         * bytecode/StructureStubClearingWatchpoint.h: Added.
1616         (JSC):
1617         (StructureStubClearingWatchpoint):
1618         (JSC::StructureStubClearingWatchpoint::StructureStubClearingWatchpoint):
1619         (WatchpointsOnStructureStubInfo):
1620         (JSC::WatchpointsOnStructureStubInfo::WatchpointsOnStructureStubInfo):
1621         (JSC::WatchpointsOnStructureStubInfo::codeBlock):
1622         (JSC::WatchpointsOnStructureStubInfo::stubInfo):
1623         * bytecode/StructureStubInfo.h:
1624         (JSC::StructureStubInfo::reset):
1625         (JSC::StructureStubInfo::addWatchpoint):
1626         (StructureStubInfo):
1627         * dfg/DFGRepatch.cpp:
1628         (JSC::DFG::addStructureTransitionCheck):
1629         (DFG):
1630         (JSC::DFG::generateProtoChainAccessStub):
1631         (JSC::DFG::emitPutTransitionStub):
1632         * jit/JumpReplacementWatchpoint.h:
1633
1634 2012-07-12  Filip Pizlo  <fpizlo@apple.com>
1635
1636         DFG CFA may get overzealous in loops that have code that must exit
1637         https://bugs.webkit.org/show_bug.cgi?id=91188
1638
1639         Reviewed by Gavin Barraclough.
1640
1641         Ensure that if the CFA assumes that an operation must exit, then it will always exit
1642         no matter what happens after. That's necessary to preserve soundness.
1643         
1644         Remove a broken fixup done by the DFG simplifier, where it was trying to say that the
1645         variable-at-head was the first access in the second block in the merge, if the first
1646         block did not read the variable. That's totally wrong, if the first block was in fact
1647         doing a phantom read. I removed that fixup and instead hardened the rest of the
1648         compiler.
1649
1650         * dfg/DFGAbstractState.cpp:
1651         (JSC::DFG::AbstractState::endBasicBlock):
1652         * dfg/DFGBasicBlock.h:
1653         (JSC::DFG::BasicBlock::BasicBlock):
1654         (BasicBlock):
1655         * dfg/DFGCFAPhase.cpp:
1656         (JSC::DFG::CFAPhase::performBlockCFA):
1657         * dfg/DFGCFGSimplificationPhase.cpp:
1658         (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
1659         * dfg/DFGConstantFoldingPhase.cpp:
1660         (JSC::DFG::ConstantFoldingPhase::ConstantFoldingPhase):
1661         (JSC::DFG::ConstantFoldingPhase::run):
1662         (ConstantFoldingPhase):
1663         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1664         (JSC::DFG::ConstantFoldingPhase::paintUnreachableCode):
1665         * dfg/DFGVariableEventStream.cpp:
1666         (JSC::DFG::VariableEventStream::reconstruct):
1667
1668 2012-07-12  Allan Sandfeld Jensen  <allan.jensen@nokia.com>
1669
1670         [Qt] Implement MemoryUsageSupport
1671         https://bugs.webkit.org/show_bug.cgi?id=91094
1672
1673         Reviewed by Adam Barth.
1674
1675         Compile in MemoryStatistics so we can make use of the interface.
1676
1677         * Target.pri:
1678
1679 2012-07-12  Csaba Osztrogonác  <ossy@webkit.org>
1680
1681         Remove dead code after r122392.
1682         https://bugs.webkit.org/show_bug.cgi?id=91049
1683
1684         Reviewed by Filip Pizlo.
1685
1686         * dfg/DFGSpeculativeJIT64.cpp:
1687         (JSC::DFG::SpeculativeJIT::emitCall):
1688
1689 2012-07-11  Adenilson Cavalcanti  <cavalcantii@gmail.com>
1690
1691         Build fix + remove dead code
1692         https://bugs.webkit.org/show_bug.cgi?id=91039
1693
1694         Reviewed by Filip Pizlo.
1695
1696         An unused variable was breaking compilation (thanks to warnings being treated as errors).
1697
1698         * dfg/DFGSpeculativeJIT32_64.cpp:
1699         (JSC::DFG::SpeculativeJIT::emitCall):
1700
1701 2012-07-11  Mark Rowe  <mrowe@apple.com>
1702
1703         <http://webkit.org/b/91024> Build against the latest SDK when targeting older OS X versions.
1704
1705         Reviewed by Dan Bernstein.
1706
1707         The deployment target is already set to the version that we're targeting, and it's that setting
1708         which determines which functionality from the SDK is available to us.
1709
1710         * Configurations/Base.xcconfig:
1711
1712 2012-07-11  Filip Pizlo  <fpizlo@apple.com>
1713
1714         DFG should have fast virtual calls
1715         https://bugs.webkit.org/show_bug.cgi?id=90924
1716
1717         Reviewed by Gavin Barraclough.
1718         
1719         Implements virtual call support in the style of the old JIT, with the
1720         caveat that we still use the same slow path for both InternalFunction
1721         calls and JSFunction calls. Also rationalized the way that our
1722         CodeOrigin indices tie into exception checks (previously it was a
1723         strange one-to-one mapping with fairly limited assertions; now it's a
1724         one-to-many mapping for CodeOrigins to exception checks, respectively).
1725         I also took the opportunity to clean up
1726         CallLinkInfo::callReturnLocation, which previously was either a Call or
1727         a NearCall. Now it's just a NearCall. As well, exceptions during slow
1728         path call resolution are now handled by returning an exception throwing
1729         thunk rather than returning null. And finally, I made a few things
1730         public that were previously private-with-lots-of-friends, because I
1731         truly despise the thought of listing each thunk generating function as
1732         a friend of JSValue and friends.
1733         
1734         * bytecode/CallLinkInfo.cpp:
1735         (JSC::CallLinkInfo::unlink):
1736         * bytecode/CallLinkInfo.h:
1737         (CallLinkInfo):
1738         * bytecode/CodeOrigin.h:
1739         (JSC::CodeOrigin::CodeOrigin):
1740         (JSC::CodeOrigin::isSet):
1741         * dfg/DFGAssemblyHelpers.h:
1742         (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
1743         * dfg/DFGCCallHelpers.h:
1744         (JSC::DFG::CCallHelpers::CCallHelpers):
1745         * dfg/DFGGPRInfo.h:
1746         (GPRInfo):
1747         * dfg/DFGJITCompiler.cpp:
1748         (JSC::DFG::JITCompiler::link):
1749         (JSC::DFG::JITCompiler::compileFunction):
1750         * dfg/DFGJITCompiler.h:
1751         (JSC::DFG::CallBeginToken::CallBeginToken):
1752         (JSC::DFG::CallBeginToken::~CallBeginToken):
1753         (CallBeginToken):
1754         (JSC::DFG::CallBeginToken::set):
1755         (JSC::DFG::CallBeginToken::registerWithExceptionCheck):
1756         (JSC::DFG::CallBeginToken::codeOrigin):
1757         (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
1758         (CallExceptionRecord):
1759         (JSC::DFG::JITCompiler::currentCodeOriginIndex):
1760         (JITCompiler):
1761         (JSC::DFG::JITCompiler::beginCall):
1762         (JSC::DFG::JITCompiler::notifyCall):
1763         (JSC::DFG::JITCompiler::prepareForExceptionCheck):
1764         (JSC::DFG::JITCompiler::addExceptionCheck):
1765         (JSC::DFG::JITCompiler::addFastExceptionCheck):
1766         * dfg/DFGOperations.cpp:
1767         * dfg/DFGRepatch.cpp:
1768         (JSC::DFG::dfgLinkFor):
1769         * dfg/DFGSpeculativeJIT.h:
1770         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
1771         * dfg/DFGSpeculativeJIT32_64.cpp:
1772         (JSC::DFG::SpeculativeJIT::emitCall):
1773         * dfg/DFGSpeculativeJIT64.cpp:
1774         (JSC::DFG::SpeculativeJIT::emitCall):
1775         * dfg/DFGThunks.cpp:
1776         (JSC::DFG::emitPointerValidation):
1777         (DFG):
1778         (JSC::DFG::throwExceptionFromCallSlowPathGenerator):
1779         (JSC::DFG::slowPathFor):
1780         (JSC::DFG::linkForThunkGenerator):
1781         (JSC::DFG::linkCallThunkGenerator):
1782         (JSC::DFG::linkConstructThunkGenerator):
1783         (JSC::DFG::virtualForThunkGenerator):
1784         (JSC::DFG::virtualCallThunkGenerator):
1785         (JSC::DFG::virtualConstructThunkGenerator):
1786         * dfg/DFGThunks.h:
1787         (DFG):
1788         * jit/JIT.cpp:
1789         (JSC::JIT::privateCompile):
1790         (JSC::JIT::linkFor):
1791         * runtime/Executable.h:
1792         (ExecutableBase):
1793         (JSC::ExecutableBase::offsetOfJITCodeFor):
1794         (JSC::ExecutableBase::offsetOfNumParametersFor):
1795         * runtime/JSValue.h:
1796         (JSValue):
1797
1798 2012-07-11  Filip Pizlo  <fpizlo@apple.com>
1799
1800         Accidentally used the wrong license (3-clause instead of 2-clause) in some
1801         files I just committed.
1802
1803         Rubber stamped by Oliver Hunt.
1804
1805         * bytecode/Watchpoint.cpp:
1806         * bytecode/Watchpoint.h:
1807         * jit/JumpReplacementWatchpoint.cpp:
1808         * jit/JumpReplacementWatchpoint.h:
1809
1810 2012-07-11  Filip Pizlo  <fpizlo@apple.com>
1811
1812         Watchpoints and jump replacement should be decoupled
1813         https://bugs.webkit.org/show_bug.cgi?id=91016
1814
1815         Reviewed by Oliver Hunt.
1816
1817         * CMakeLists.txt:
1818         * GNUmakefile.list.am:
1819         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1820         * JavaScriptCore.xcodeproj/project.pbxproj:
1821         * Target.pri:
1822         * assembler/AbstractMacroAssembler.h:
1823         (JSC):
1824         (Label):
1825         * bytecode/CodeBlock.h:
1826         (JSC::CodeBlock::appendWatchpoint):
1827         (JSC::CodeBlock::watchpoint):
1828         (DFGData):
1829         * bytecode/Watchpoint.cpp:
1830         (JSC):
1831         * bytecode/Watchpoint.h:
1832         (JSC::Watchpoint::Watchpoint):
1833         (Watchpoint):
1834         (JSC::Watchpoint::fire):
1835         * dfg/DFGSpeculativeJIT.h:
1836         (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
1837         * jit/JumpReplacementWatchpoint.cpp: Added.
1838         (JSC):
1839         (JSC::JumpReplacementWatchpoint::correctLabels):
1840         (JSC::JumpReplacementWatchpoint::fireInternal):
1841         * jit/JumpReplacementWatchpoint.h: Added.
1842         (JSC):
1843         (JumpReplacementWatchpoint):
1844         (JSC::JumpReplacementWatchpoint::JumpReplacementWatchpoint):
1845         (JSC::JumpReplacementWatchpoint::setDestination):
1846
1847 2012-07-11  Kevin Ollivier  <kevino@theolliviers.com>
1848
1849         [wx] Unreviewed build fix. Don't try to build udis86_itab.c since it's included by 
1850         another file.
1851
1852         * wscript:
1853
1854 2012-07-11  Chao-ying Fu  <fu@mips.com>
1855
1856         Add MIPS convertibleLoadPtr and other functions
1857         https://bugs.webkit.org/show_bug.cgi?id=90714
1858
1859         Reviewed by Oliver Hunt.
1860
1861         * assembler/MIPSAssembler.h:
1862         (JSC::MIPSAssembler::labelIgnoringWatchpoints):
1863         (MIPSAssembler):
1864         (JSC::MIPSAssembler::replaceWithLoad):
1865         (JSC::MIPSAssembler::replaceWithAddressComputation):
1866         * assembler/MacroAssemblerMIPS.h:
1867         (JSC::MacroAssemblerMIPS::convertibleLoadPtr):
1868         (MacroAssemblerMIPS):
1869
1870 2012-07-11  Anders Carlsson  <andersca@apple.com>
1871
1872         Add -Wtautological-compare and -Wsign-compare warning flags
1873         https://bugs.webkit.org/show_bug.cgi?id=90994
1874
1875         Reviewed by Mark Rowe.
1876
1877         * Configurations/Base.xcconfig:
1878
1879 2012-07-11  Benjamin Poulain  <bpoulain@apple.com>
1880
1881         Simplify the copying of JSC ARMv7's LinkRecord
1882         https://bugs.webkit.org/show_bug.cgi?id=90930
1883
1884         Reviewed by Filip Pizlo.
1885
1886         The class LinkRecord is used by value everywhere in ARMv7Assembler. The compiler uses
1887         memmove() to move the objects.
1888
1889         The problem is memmove() is overkill for this object, moving the value can be done with
1890         3 load-store. This patch adds an operator= to the class doing more efficient copying.
1891         This reduces the link time by 19%.
1892
1893         * assembler/ARMv7Assembler.h:
1894         (JSC::ARMv7Assembler::LinkRecord::LinkRecord):
1895         (JSC::ARMv7Assembler::LinkRecord::operator=):
1896         (JSC::ARMv7Assembler::LinkRecord::from):
1897         (JSC::ARMv7Assembler::LinkRecord::setFrom):
1898         (JSC::ARMv7Assembler::LinkRecord::to):
1899         (JSC::ARMv7Assembler::LinkRecord::type):
1900         (JSC::ARMv7Assembler::LinkRecord::linkType):
1901         (JSC::ARMv7Assembler::LinkRecord::setLinkType):
1902         (JSC::ARMv7Assembler::LinkRecord::condition):
1903
1904 2012-07-11  Andy Wingo  <wingo@igalia.com>
1905
1906         jsc: Parse options before creating global data
1907         https://bugs.webkit.org/show_bug.cgi?id=90975
1908
1909         Reviewed by Filip Pizlo.
1910
1911         This patch moves the options parsing in "jsc" before the creation
1912         of the JSGlobalData, so that --useJIT=no has a chance to take
1913         effect.
1914
1915         * jsc.cpp:
1916         (CommandLine::parseArguments): Refactor to be a class, and take
1917         argc and argv as constructor arguments.
1918         (jscmain): Move arg parsing before JSGlobalData creation.
1919
1920 2012-07-10  Filip Pizlo  <fpizlo@apple.com>
1921
1922         REGRESSION(r122166): It made 170 tests crash on 32 bit platforms
1923         https://bugs.webkit.org/show_bug.cgi?id=90852
1924
1925         Reviewed by Zoltan Herczeg.
1926         
1927         If we can't use the range filter, we should still make sure that the
1928         address is remotely sane, otherwise the hashtables will assert.
1929
1930         * jit/JITStubRoutine.h:
1931         (JSC::JITStubRoutine::passesFilter):
1932
1933 2012-07-10  Filip Pizlo  <fpizlo@apple.com>
1934
1935         DFG recompilation heuristics should be based on count, not rate
1936         https://bugs.webkit.org/show_bug.cgi?id=90146
1937
1938         Reviewed by Oliver Hunt.
1939         
1940         Rolling r121511 back in after fixing the DFG's interpretation of op_div
1941         profiling, with Gavin's rubber stamp.
1942
1943         This removes a bunch of code that was previously trying to prevent spurious
1944         reoptimizations if a large enough majority of executions of a code block did
1945         not result in OSR exit. It turns out that this code was purely harmful. This
1946         patch removes all of that logic and replaces it with a dead-simple
1947         heuristic: if you exit more than N times (where N is an exponential function
1948         of the number of times the code block has already been recompiled) then we
1949         will recompile.
1950         
1951         This appears to be a broad ~1% win on many benchmarks large and small.
1952
1953         * bytecode/CodeBlock.cpp:
1954         (JSC::CodeBlock::CodeBlock):
1955         * bytecode/CodeBlock.h:
1956         (JSC::CodeBlock::couldTakeSpecialFastCase):
1957         (CodeBlock):
1958         (JSC::CodeBlock::osrExitCounter):
1959         (JSC::CodeBlock::countOSRExit):
1960         (JSC::CodeBlock::addressOfOSRExitCounter):
1961         (JSC::CodeBlock::offsetOfOSRExitCounter):
1962         (JSC::CodeBlock::adjustedExitCountThreshold):
1963         (JSC::CodeBlock::exitCountThresholdForReoptimization):
1964         (JSC::CodeBlock::exitCountThresholdForReoptimizationFromLoop):
1965         (JSC::CodeBlock::shouldReoptimizeNow):
1966         (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
1967         * bytecode/ExecutionCounter.cpp:
1968         (JSC::ExecutionCounter::setThreshold):
1969         * bytecode/ExecutionCounter.h:
1970         (ExecutionCounter):
1971         (JSC::ExecutionCounter::clippedThreshold):
1972         * dfg/DFGByteCodeParser.cpp:
1973         (JSC::DFG::ByteCodeParser::makeDivSafe):
1974         * dfg/DFGJITCompiler.cpp:
1975         (JSC::DFG::JITCompiler::compileBody):
1976         * dfg/DFGOSRExit.cpp:
1977         (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
1978         * dfg/DFGOSRExitCompiler.cpp:
1979         (JSC::DFG::OSRExitCompiler::handleExitCounts):
1980         * dfg/DFGOperations.cpp:
1981         * jit/JITStubs.cpp:
1982         (JSC::DEFINE_STUB_FUNCTION):
1983         * runtime/Options.h:
1984         (JSC):
1985
1986 2012-07-09  Matt Falkenhagen  <falken@chromium.org>
1987
1988         Add ENABLE_DIALOG_ELEMENT and skeleton files
1989         https://bugs.webkit.org/show_bug.cgi?id=90521
1990
1991         Reviewed by Kent Tamura.
1992
1993         * Configurations/FeatureDefines.xcconfig:
1994
1995 2012-07-09  Filip Pizlo  <fpizlo@apple.com>
1996
1997         Unreviewed, roll out http://trac.webkit.org/changeset/121511
1998         It made in-browser V8v7 10% slower.
1999
2000         * bytecode/CodeBlock.cpp:
2001         (JSC::CodeBlock::CodeBlock):
2002         * bytecode/CodeBlock.h:
2003         (CodeBlock):
2004         (JSC::CodeBlock::countSpeculationSuccess):
2005         (JSC::CodeBlock::countSpeculationFailure):
2006         (JSC::CodeBlock::speculativeSuccessCounter):
2007         (JSC::CodeBlock::speculativeFailCounter):
2008         (JSC::CodeBlock::forcedOSRExitCounter):
2009         (JSC::CodeBlock::addressOfSpeculativeSuccessCounter):
2010         (JSC::CodeBlock::addressOfSpeculativeFailCounter):
2011         (JSC::CodeBlock::addressOfForcedOSRExitCounter):
2012         (JSC::CodeBlock::offsetOfSpeculativeSuccessCounter):
2013         (JSC::CodeBlock::offsetOfSpeculativeFailCounter):
2014         (JSC::CodeBlock::offsetOfForcedOSRExitCounter):
2015         (JSC::CodeBlock::largeFailCountThreshold):
2016         (JSC::CodeBlock::largeFailCountThresholdForLoop):
2017         (JSC::CodeBlock::shouldReoptimizeNow):
2018         (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
2019         * bytecode/ExecutionCounter.cpp:
2020         (JSC::ExecutionCounter::setThreshold):
2021         * bytecode/ExecutionCounter.h:
2022         (ExecutionCounter):
2023         * dfg/DFGJITCompiler.cpp:
2024         (JSC::DFG::JITCompiler::compileBody):
2025         * dfg/DFGOSRExit.cpp:
2026         (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
2027         * dfg/DFGOSRExitCompiler.cpp:
2028         (JSC::DFG::OSRExitCompiler::handleExitCounts):
2029         * dfg/DFGOperations.cpp:
2030         * jit/JITStubs.cpp:
2031         (JSC::DEFINE_STUB_FUNCTION):
2032         * runtime/Options.h:
2033         (JSC):
2034
2035 2012-07-09  Filip Pizlo  <fpizlo@apple.com>
2036
2037         DFG may get stuck in an infinite fix point if it constant folds a mispredicted node
2038         https://bugs.webkit.org/show_bug.cgi?id=90829
2039         <rdar://problem/11823843>
2040
2041         Reviewed by Oliver Hunt.
2042         
2043         If a node is shown to have been mispredicted during CFA, then don't allow constant
2044         folding to make the graph even more degenerate. Instead, pull back on constant folding
2045         and allow the normal OSR machinery to fix our profiling so that a future recompilation
2046         doesn't see the same mistake.
2047
2048         * dfg/DFGAbstractState.cpp:
2049         (JSC::DFG::AbstractState::execute):
2050         * dfg/DFGAbstractState.h:
2051         (JSC::DFG::AbstractState::trySetConstant):
2052         (AbstractState):
2053         * dfg/DFGPhase.h:
2054         (JSC::DFG::Phase::name):
2055         (Phase):
2056         (JSC::DFG::runAndLog):
2057         (DFG):
2058         (JSC::DFG::runPhase):
2059
2060 2012-07-09  Filip Pizlo  <fpizlo@apple.com>
2061
2062         It should be possible to jettison JIT stub routines even if they are currently running
2063         https://bugs.webkit.org/show_bug.cgi?id=90731
2064
2065         Reviewed by Gavin Barraclough.
2066         
2067         This gives the GC awareness of all JIT-generated stubs for inline caches. That
2068         means that if you want to delete a JIT-generated stub, you don't have to worry
2069         about whether or not it is currently running: if there is a chance that it might
2070         be, the GC will kindly defer deletion until non-running-ness is proved.
2071
2072         * CMakeLists.txt:
2073         * GNUmakefile.list.am:
2074         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2075         * JavaScriptCore.xcodeproj/project.pbxproj:
2076         * Target.pri:
2077         * bytecode/Instruction.h:
2078         (JSC):
2079         (PolymorphicStubInfo):
2080         (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
2081         (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
2082         * bytecode/PolymorphicPutByIdList.cpp:
2083         (JSC::PutByIdAccess::fromStructureStubInfo):
2084         * bytecode/PolymorphicPutByIdList.h:
2085         (JSC::PutByIdAccess::transition):
2086         (JSC::PutByIdAccess::replace):
2087         (JSC::PutByIdAccess::stubRoutine):
2088         (PutByIdAccess):
2089         (JSC::PolymorphicPutByIdList::currentSlowPathTarget):
2090         * bytecode/StructureStubInfo.h:
2091         (JSC::StructureStubInfo::reset):
2092         * dfg/DFGRepatch.cpp:
2093         (JSC::DFG::generateProtoChainAccessStub):
2094         (JSC::DFG::tryCacheGetByID):
2095         (JSC::DFG::tryBuildGetByIDList):
2096         (JSC::DFG::tryBuildGetByIDProtoList):
2097         (JSC::DFG::emitPutReplaceStub):
2098         (JSC::DFG::emitPutTransitionStub):
2099         (JSC::DFG::tryCachePutByID):
2100         (JSC::DFG::tryBuildPutByIdList):
2101         * heap/ConservativeRoots.cpp:
2102         (JSC):
2103         (DummyMarkHook):
2104         (JSC::DummyMarkHook::mark):
2105         (JSC::ConservativeRoots::add):
2106         (CompositeMarkHook):
2107         (JSC::CompositeMarkHook::CompositeMarkHook):
2108         (JSC::CompositeMarkHook::mark):
2109         * heap/ConservativeRoots.h:
2110         (JSC):
2111         (ConservativeRoots):
2112         * heap/Heap.cpp:
2113         (JSC::Heap::markRoots):
2114         (JSC::Heap::deleteUnmarkedCompiledCode):
2115         * heap/Heap.h:
2116         (JSC):
2117         (Heap):
2118         * heap/JITStubRoutineSet.cpp: Added.
2119         (JSC):
2120         (JSC::JITStubRoutineSet::JITStubRoutineSet):
2121         (JSC::JITStubRoutineSet::~JITStubRoutineSet):
2122         (JSC::JITStubRoutineSet::add):
2123         (JSC::JITStubRoutineSet::clearMarks):
2124         (JSC::JITStubRoutineSet::markSlow):
2125         (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
2126         (JSC::JITStubRoutineSet::traceMarkedStubRoutines):
2127         * heap/JITStubRoutineSet.h: Added.
2128         (JSC):
2129         (JITStubRoutineSet):
2130         (JSC::JITStubRoutineSet::mark):
2131         * heap/MachineStackMarker.h:
2132         (JSC):
2133         * interpreter/RegisterFile.cpp:
2134         (JSC::RegisterFile::gatherConservativeRoots):
2135         * interpreter/RegisterFile.h:
2136         (JSC):
2137         * jit/ExecutableAllocator.cpp:
2138         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
2139         * jit/ExecutableAllocator.h:
2140         (JSC):
2141         * jit/ExecutableAllocatorFixedVMPool.cpp:
2142         (JSC):
2143         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
2144         * jit/GCAwareJITStubRoutine.cpp: Added.
2145         (JSC):
2146         (JSC::GCAwareJITStubRoutine::GCAwareJITStubRoutine):
2147         (JSC::GCAwareJITStubRoutine::~GCAwareJITStubRoutine):
2148         (JSC::GCAwareJITStubRoutine::observeZeroRefCount):
2149         (JSC::GCAwareJITStubRoutine::deleteFromGC):
2150         (JSC::GCAwareJITStubRoutine::markRequiredObjectsInternal):
2151         (JSC::MarkingGCAwareJITStubRoutineWithOneObject::MarkingGCAwareJITStubRoutineWithOneObject):
2152         (JSC::MarkingGCAwareJITStubRoutineWithOneObject::~MarkingGCAwareJITStubRoutineWithOneObject):
2153         (JSC::MarkingGCAwareJITStubRoutineWithOneObject::markRequiredObjectsInternal):
2154         (JSC::createJITStubRoutine):
2155         * jit/GCAwareJITStubRoutine.h: Added.
2156         (JSC):
2157         (GCAwareJITStubRoutine):
2158         (JSC::GCAwareJITStubRoutine::markRequiredObjects):
2159         (MarkingGCAwareJITStubRoutineWithOneObject):
2160         * jit/JITPropertyAccess.cpp:
2161         (JSC::JIT::privateCompilePutByIdTransition):
2162         (JSC::JIT::privateCompilePatchGetArrayLength):
2163         (JSC::JIT::privateCompileGetByIdProto):
2164         (JSC::JIT::privateCompileGetByIdSelfList):
2165         (JSC::JIT::privateCompileGetByIdProtoList):
2166         (JSC::JIT::privateCompileGetByIdChainList):
2167         (JSC::JIT::privateCompileGetByIdChain):
2168         * jit/JITPropertyAccess32_64.cpp:
2169         (JSC::JIT::privateCompilePutByIdTransition):
2170         (JSC::JIT::privateCompilePatchGetArrayLength):
2171         (JSC::JIT::privateCompileGetByIdProto):
2172         (JSC::JIT::privateCompileGetByIdSelfList):
2173         (JSC::JIT::privateCompileGetByIdProtoList):
2174         (JSC::JIT::privateCompileGetByIdChainList):
2175         (JSC::JIT::privateCompileGetByIdChain):
2176         * jit/JITStubRoutine.cpp: Added.
2177         (JSC):
2178         (JSC::JITStubRoutine::~JITStubRoutine):
2179         (JSC::JITStubRoutine::observeZeroRefCount):
2180         * jit/JITStubRoutine.h: Added.
2181         (JSC):
2182         (JITStubRoutine):
2183         (JSC::JITStubRoutine::JITStubRoutine):
2184         (JSC::JITStubRoutine::createSelfManagedRoutine):
2185         (JSC::JITStubRoutine::code):
2186         (JSC::JITStubRoutine::asCodePtr):
2187         (JSC::JITStubRoutine::ref):
2188         (JSC::JITStubRoutine::deref):
2189         (JSC::JITStubRoutine::startAddress):
2190         (JSC::JITStubRoutine::endAddress):
2191         (JSC::JITStubRoutine::addressStep):
2192         (JSC::JITStubRoutine::canPerformRangeFilter):
2193         (JSC::JITStubRoutine::filteringStartAddress):
2194         (JSC::JITStubRoutine::filteringExtentSize):
2195         (JSC::JITStubRoutine::passesFilter):
2196         * jit/JITStubs.cpp:
2197         (JSC::DEFINE_STUB_FUNCTION):
2198         (JSC::getPolymorphicAccessStructureListSlot):
2199
2200 2012-07-09  Sheriff Bot  <webkit.review.bot@gmail.com>
2201
2202         Unreviewed, rolling out r122107.
2203         http://trac.webkit.org/changeset/122107
2204         https://bugs.webkit.org/show_bug.cgi?id=90794
2205
2206         Build failure on Mac debug bots (Requested by falken_ on
2207         #webkit).
2208
2209         * Configurations/FeatureDefines.xcconfig:
2210
2211 2012-07-09  Matt Falkenhagen  <falken@chromium.org>
2212
2213         Add ENABLE_DIALOG_ELEMENT and skeleton files
2214         https://bugs.webkit.org/show_bug.cgi?id=90521
2215
2216         Reviewed by Kent Tamura.
2217
2218         * Configurations/FeatureDefines.xcconfig:
2219
2220 2012-07-08  Ryosuke Niwa  <rniwa@webkit.org>
2221
2222         gcc build fix after r121925.
2223
2224         * runtime/JSObject.h:
2225         (JSC::JSFinalObject::finishCreation):
2226
2227 2012-07-08  Zoltan Herczeg  <zherczeg@webkit.org>
2228
2229         [Qt][ARM] Implementing missing macro assembler instructions after r121925
2230         https://bugs.webkit.org/show_bug.cgi?id=90657
2231
2232         Reviewed by Csaba Osztrogonác.
2233
2234         Implementing convertibleLoadPtr, replaceWithLoad and
2235         replaceWithAddressComputation.
2236
2237         * assembler/ARMAssembler.h:
2238         (JSC::ARMAssembler::replaceWithLoad):
2239         (ARMAssembler):
2240         (JSC::ARMAssembler::replaceWithAddressComputation):
2241         * assembler/MacroAssemblerARM.h:
2242         (JSC::MacroAssemblerARM::convertibleLoadPtr):
2243         (MacroAssemblerARM):
2244
2245 2012-07-06  Filip Pizlo  <fpizlo@apple.com>
2246
2247         WebKit Version 5.1.7 (6534.57.2, r121935): Double-click no longer works on OpenStreetMap
2248         https://bugs.webkit.org/show_bug.cgi?id=90703
2249
2250         Reviewed by Michael Saboff.
2251         
2252         It turns out that in my object model refactoring, I managed to fix get_by_pname in all
2253         execution engines except 64-bit baseline JIT.
2254
2255         * jit/JITPropertyAccess.cpp:
2256         (JSC::JIT::emit_op_get_by_pname):
2257
2258 2012-07-06  Pravin D  <pravind.2k4@gmail.com>
2259
2260         Build Error on Qt Linux build
2261         https://bugs.webkit.org/show_bug.cgi?id=90699
2262
2263         Reviewed by Laszlo Gombos.
2264
2265         * parser/Parser.cpp:
2266         (JSC::::parseForStatement):
2267         Removed unused boolean variable as this was causing build error on Qt Linux.
2268
2269 2012-07-06  Nuno Lopes  <nlopes@apple.com>
2270
2271         Fix build with recent clang.
2272         https://bugs.webkit.org/show_bug.cgi?id=90634
2273
2274         Reviewed by Oliver Hunt.
2275
2276         * jit/SpecializedThunkJIT.h:
2277         (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
2278         (SpecializedThunkJIT):
2279         * jit/ThunkGenerators.cpp:
2280         (JSC::charCodeAtThunkGenerator):
2281         (JSC::charAtThunkGenerator):
2282         (JSC::fromCharCodeThunkGenerator):
2283         (JSC::sqrtThunkGenerator):
2284         (JSC::floorThunkGenerator):
2285         (JSC::ceilThunkGenerator):
2286         (JSC::roundThunkGenerator):
2287         (JSC::expThunkGenerator):
2288         (JSC::logThunkGenerator):
2289         (JSC::absThunkGenerator):
2290         (JSC::powThunkGenerator):
2291         * parser/ASTBuilder.h:
2292         (JSC::ASTBuilder::createAssignResolve):
2293         (JSC::ASTBuilder::createForLoop):
2294         (JSC::ASTBuilder::createForInLoop):
2295         (JSC::ASTBuilder::makeAssignNode):
2296         (JSC::ASTBuilder::makePrefixNode):
2297         (JSC::ASTBuilder::makePostfixNode):
2298         * parser/NodeConstructors.h:
2299         (JSC::PostfixErrorNode::PostfixErrorNode):
2300         (JSC::PrefixErrorNode::PrefixErrorNode):
2301         (JSC::AssignResolveNode::AssignResolveNode):
2302         (JSC::AssignErrorNode::AssignErrorNode):
2303         (JSC::ForNode::ForNode):
2304         (JSC::ForInNode::ForInNode):
2305         * parser/Nodes.h:
2306         (FunctionCallResolveNode):
2307         (PostfixErrorNode):
2308         (PrefixErrorNode):
2309         (ReadModifyResolveNode):
2310         (AssignResolveNode):
2311         (AssignErrorNode):
2312         (ForNode):
2313         (ForInNode):
2314         * parser/Parser.cpp:
2315         (JSC::::parseVarDeclarationList):
2316         (JSC::::parseForStatement):
2317         * parser/SyntaxChecker.h:
2318         (JSC::SyntaxChecker::createAssignResolve):
2319         (JSC::SyntaxChecker::createForLoop):
2320
2321 2012-07-06  Zoltan Herczeg  <zherczeg@webkit.org>
2322
2323         [Qt][ARM] REGRESSION(r121885): It broke 30 jsc tests, 500+ layout tests
2324         https://bugs.webkit.org/show_bug.cgi?id=90656
2325
2326         Reviewed by Csaba Osztrogonác.
2327
2328         Typo fixes.
2329
2330         * assembler/MacroAssemblerARM.cpp:
2331         (JSC::MacroAssemblerARM::load32WithUnalignedHalfWords):
2332         Rename getOp2Byte() -> getOp2Half()
2333         * assembler/MacroAssemblerARMv7.h:
2334         (JSC::MacroAssemblerARMv7::convertibleLoadPtr):
2335         Add a necessary space.
2336         * jit/JITStubs.cpp:
2337         (JSC):
2338         Revert INLINE_ARM_FUNCTION macro.
2339
2340 2012-07-05  Filip Pizlo  <fpizlo@apple.com>
2341
2342         REGRESSION(r121925): It broke 5 sputnik tests on x86 platforms
2343         https://bugs.webkit.org/show_bug.cgi?id=90658
2344
2345         Reviewed by Zoltan Herczeg.
2346         
2347         Under the new object model, out-of-line property accesses such as those
2348         in ResolveGlobal must account for the fact that the offset to the Kth
2349         property is represented by K + inlineStorageCapacity. Hence, the property
2350         loads in ResolveGlobal must have an additional -inlineStorageCapacity *
2351         sizeof(JSValue) offset.
2352
2353         * dfg/DFGSpeculativeJIT32_64.cpp:
2354         (JSC::DFG::SpeculativeJIT::compile):
2355
2356 2012-07-05  Csaba Osztrogonác  <ossy@webkit.org>
2357
2358         [Qt] Unreviewed 64 bit buildfix after r121925.
2359
2360         * bytecode/PutByIdStatus.cpp:
2361         (JSC::PutByIdStatus::computeFromLLInt):
2362
2363 2012-07-05  Michael Saboff  <msaboff@apple.com>
2364
2365         JSString::tryHashConstLock() fails to get exclusive lock
2366         https://bugs.webkit.org/show_bug.cgi?id=90639
2367
2368         Reviewed by Oliver Hunt.
2369
2370         Added check that the string is already locked even before compare and swap.
2371
2372         * heap/MarkStack.cpp:
2373         (JSC::JSString::tryHashConstLock):
2374
2375 2012-07-04  Filip Pizlo  <fpizlo@apple.com>
2376
2377         Inline property storage should not be wasted when it is exhausted
2378         https://bugs.webkit.org/show_bug.cgi?id=90347
2379
2380         Reviewed by Gavin Barraclough.
2381         
2382         Previously, if we switched an object from using inline storage to out-of-line
2383         storage, we would abandon the inline storage. This would have two main implications:
2384         (i) all accesses to the object, even for properties that were previously in inline
2385         storage, must now take an extra indirection; and (ii) we waste a non-trivial amount
2386         of space since we must allocate additional out-of-line storage to hold properties
2387         that would have fit in the inline storage. There's also the copying cost when
2388         switching to out-of-line storage - we must copy all inline properties into ouf-of-line
2389         storage.
2390         
2391         This patch changes the way that object property storage works so that we can use both
2392         inline and out-of-line storage concurrently. This is accomplished by introducing a
2393         new notion of property offset. This PropertyOffset is a 32-bit signed integer and it
2394         behaves as follows:
2395         
2396         offset == -1: invalid offset, indicating a property that does not exist.
2397         
2398         0 <= offset <= inlineStorageCapacity: offset into inline storage.
2399         
2400         inlineStorageCapacity < offset: offset into out-of-line storage.
2401         
2402         Because non-final objects don't have inline storage, the only valid PropertyOffsets
2403         for those objects' properties are -1 or > inlineStorageCapacity.
2404         
2405         This now means that the decision to use inline or out-of-line storage for an access is
2406         made based on the offset, rather than the structure. It also means that any access
2407         where the offset is a variable must have an extra branch, unless the type of the
2408         object is also known (if it's known to be a non-final object then we can just assert
2409         that the offset is >= inlineStorageCapacity).
2410         
2411         This looks like a big Kraken speed-up and a slight V8 speed-up.
2412
2413         * GNUmakefile.list.am:
2414         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2415         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2416         * JavaScriptCore.xcodeproj/project.pbxproj:
2417         * assembler/ARMv7Assembler.h:
2418         (ARMv7Assembler):
2419         (JSC::ARMv7Assembler::ldrWide8BitImmediate):
2420         (JSC::ARMv7Assembler::replaceWithLoad):
2421         (JSC::ARMv7Assembler::replaceWithAddressComputation):
2422         * assembler/AbstractMacroAssembler.h:
2423         (AbstractMacroAssembler):
2424         (ConvertibleLoadLabel):
2425         (JSC::AbstractMacroAssembler::ConvertibleLoadLabel::ConvertibleLoadLabel):
2426         (JSC::AbstractMacroAssembler::ConvertibleLoadLabel::isSet):
2427         (JSC::AbstractMacroAssembler::labelIgnoringWatchpoints):
2428         (JSC::AbstractMacroAssembler::replaceWithLoad):
2429         (JSC::AbstractMacroAssembler::replaceWithAddressComputation):
2430         * assembler/CodeLocation.h:
2431         (JSC):
2432         (CodeLocationCommon):
2433         (CodeLocationConvertibleLoad):
2434         (JSC::CodeLocationConvertibleLoad::CodeLocationConvertibleLoad):
2435         (JSC::CodeLocationCommon::convertibleLoadAtOffset):
2436         * assembler/LinkBuffer.cpp:
2437         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
2438         * assembler/LinkBuffer.h:
2439         (LinkBuffer):
2440         (JSC::LinkBuffer::locationOf):
2441         * assembler/MacroAssemblerARMv7.h:
2442         (MacroAssemblerARMv7):
2443         (JSC::MacroAssemblerARMv7::convertibleLoadPtr):
2444         * assembler/MacroAssemblerX86.h:
2445         (JSC::MacroAssemblerX86::convertibleLoadPtr):
2446         (MacroAssemblerX86):
2447         * assembler/MacroAssemblerX86_64.h:
2448         (JSC::MacroAssemblerX86_64::convertibleLoadPtr):
2449         (MacroAssemblerX86_64):
2450         * assembler/RepatchBuffer.h:
2451         (RepatchBuffer):
2452         (JSC::RepatchBuffer::replaceWithLoad):
2453         (JSC::RepatchBuffer::replaceWithAddressComputation):
2454         (JSC::RepatchBuffer::setLoadInstructionIsActive):
2455         * assembler/X86Assembler.h:
2456         (JSC::X86Assembler::replaceWithLoad):
2457         (X86Assembler):
2458         (JSC::X86Assembler::replaceWithAddressComputation):
2459         * bytecode/CodeBlock.cpp:
2460         (JSC::CodeBlock::printGetByIdOp):
2461         (JSC::CodeBlock::dump):
2462         (JSC::CodeBlock::finalizeUnconditionally):
2463         * bytecode/GetByIdStatus.cpp:
2464         (JSC::GetByIdStatus::computeFromLLInt):
2465         (JSC::GetByIdStatus::computeForChain):
2466         (JSC::GetByIdStatus::computeFor):
2467         * bytecode/GetByIdStatus.h:
2468         (JSC::GetByIdStatus::GetByIdStatus):
2469         (JSC::GetByIdStatus::offset):
2470         (GetByIdStatus):
2471         * bytecode/Opcode.h:
2472         (JSC):
2473         (JSC::padOpcodeName):
2474         * bytecode/PutByIdStatus.cpp:
2475         (JSC::PutByIdStatus::computeFromLLInt):
2476         (JSC::PutByIdStatus::computeFor):
2477         * bytecode/PutByIdStatus.h:
2478         (JSC::PutByIdStatus::PutByIdStatus):
2479         (JSC::PutByIdStatus::offset):
2480         (PutByIdStatus):
2481         * bytecode/ResolveGlobalStatus.cpp:
2482         (JSC):
2483         (JSC::computeForStructure):
2484         * bytecode/ResolveGlobalStatus.h:
2485         (JSC::ResolveGlobalStatus::ResolveGlobalStatus):
2486         (JSC::ResolveGlobalStatus::offset):
2487         (ResolveGlobalStatus):
2488         * bytecode/StructureSet.h:
2489         (StructureSet):
2490         * bytecode/StructureStubInfo.h:
2491         * dfg/DFGByteCodeParser.cpp:
2492         (ByteCodeParser):
2493         (JSC::DFG::ByteCodeParser::handleGetByOffset):
2494         (JSC::DFG::ByteCodeParser::handleGetById):
2495         (JSC::DFG::ByteCodeParser::parseBlock):
2496         * dfg/DFGCapabilities.h:
2497         (JSC::DFG::canCompileOpcode):
2498         * dfg/DFGJITCompiler.cpp:
2499         (JSC::DFG::JITCompiler::link):
2500         * dfg/DFGJITCompiler.h:
2501         (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
2502         (PropertyAccessRecord):
2503         * dfg/DFGRepatch.cpp:
2504         (JSC::DFG::dfgRepatchByIdSelfAccess):
2505         (JSC::DFG::generateProtoChainAccessStub):
2506         (JSC::DFG::tryCacheGetByID):
2507         (JSC::DFG::tryBuildGetByIDList):
2508         (JSC::DFG::tryBuildGetByIDProtoList):
2509         (JSC::DFG::emitPutReplaceStub):
2510         (JSC::DFG::emitPutTransitionStub):
2511         (JSC::DFG::tryCachePutByID):
2512         (JSC::DFG::tryBuildPutByIdList):
2513         * dfg/DFGSpeculativeJIT.h:
2514         (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
2515         * dfg/DFGSpeculativeJIT32_64.cpp:
2516         (JSC::DFG::SpeculativeJIT::cachedGetById):
2517         (JSC::DFG::SpeculativeJIT::cachedPutById):
2518         (JSC::DFG::SpeculativeJIT::compile):
2519         * dfg/DFGSpeculativeJIT64.cpp:
2520         (JSC::DFG::SpeculativeJIT::cachedGetById):
2521         (JSC::DFG::SpeculativeJIT::cachedPutById):
2522         (JSC::DFG::SpeculativeJIT::compile):
2523         * heap/MarkStack.cpp:
2524         (JSC::visitChildren):
2525         * interpreter/Interpreter.cpp:
2526         (JSC::Interpreter::tryCacheGetByID):
2527         (JSC::Interpreter::privateExecute):
2528         * jit/JIT.cpp:
2529         (JSC::JIT::privateCompileMainPass):
2530         (JSC::JIT::privateCompileSlowCases):
2531         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2532         * jit/JIT.h:
2533         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
2534         (JSC::JIT::compileGetByIdProto):
2535         (JSC::JIT::compileGetByIdSelfList):
2536         (JSC::JIT::compileGetByIdProtoList):
2537         (JSC::JIT::compileGetByIdChainList):
2538         (JSC::JIT::compileGetByIdChain):
2539         (JSC::JIT::compilePutByIdTransition):
2540         (JIT):
2541         * jit/JITInlineMethods.h:
2542         (JSC::JIT::emitAllocateBasicJSObject):
2543         * jit/JITOpcodes.cpp:
2544         (JSC::JIT::emit_op_resolve_global):
2545         * jit/JITOpcodes32_64.cpp:
2546         (JSC::JIT::emit_op_resolve_global):
2547         * jit/JITPropertyAccess.cpp:
2548         (JSC::JIT::compileGetDirectOffset):
2549         (JSC::JIT::emit_op_method_check):
2550         (JSC::JIT::compileGetByIdHotPath):
2551         (JSC::JIT::emit_op_put_by_id):
2552         (JSC::JIT::compilePutDirectOffset):
2553         (JSC::JIT::privateCompilePutByIdTransition):
2554         (JSC::JIT::patchGetByIdSelf):
2555         (JSC::JIT::patchPutByIdReplace):
2556         (JSC::JIT::privateCompileGetByIdProto):
2557         (JSC::JIT::privateCompileGetByIdSelfList):
2558         (JSC::JIT::privateCompileGetByIdProtoList):
2559         (JSC::JIT::privateCompileGetByIdChainList):
2560         (JSC::JIT::privateCompileGetByIdChain):
2561         * jit/JITPropertyAccess32_64.cpp:
2562         (JSC::JIT::emit_op_method_check):
2563         (JSC::JIT::compileGetByIdHotPath):
2564         (JSC::JIT::emit_op_put_by_id):
2565         (JSC::JIT::compilePutDirectOffset):
2566         (JSC::JIT::compileGetDirectOffset):
2567         (JSC::JIT::privateCompilePutByIdTransition):
2568         (JSC::JIT::patchGetByIdSelf):
2569         (JSC::JIT::patchPutByIdReplace):
2570         (JSC::JIT::privateCompileGetByIdProto):
2571         (JSC::JIT::privateCompileGetByIdSelfList):
2572         (JSC::JIT::privateCompileGetByIdProtoList):
2573         (JSC::JIT::privateCompileGetByIdChainList):
2574         (JSC::JIT::privateCompileGetByIdChain):
2575         (JSC::JIT::emit_op_get_by_pname):
2576         * jit/JITStubs.cpp:
2577         (JSC::JITThunks::tryCacheGetByID):
2578         (JSC::DEFINE_STUB_FUNCTION):
2579         * llint/LLIntSlowPaths.cpp:
2580         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2581         * llint/LowLevelInterpreter.asm:
2582         * llint/LowLevelInterpreter32_64.asm:
2583         * llint/LowLevelInterpreter64.asm:
2584         * offlineasm/x86.rb:
2585         * runtime/JSGlobalObject.h:
2586         (JSGlobalObject):
2587         (JSC::JSGlobalObject::functionNameOffset):
2588         * runtime/JSObject.cpp:
2589         (JSC::JSObject::visitChildren):
2590         (JSC):
2591         (JSC::JSFinalObject::visitChildren):
2592         (JSC::JSObject::put):
2593         (JSC::JSObject::deleteProperty):
2594         (JSC::JSObject::getPropertySpecificValue):
2595         (JSC::JSObject::removeDirect):
2596         (JSC::JSObject::growOutOfLineStorage):
2597         (JSC::JSObject::getOwnPropertyDescriptor):
2598         * runtime/JSObject.h:
2599         (JSObject):
2600         (JSC::JSObject::getDirect):
2601         (JSC::JSObject::getDirectLocation):
2602         (JSC::JSObject::hasInlineStorage):
2603         (JSC::JSObject::inlineStorageUnsafe):
2604         (JSC::JSObject::inlineStorage):
2605         (JSC::JSObject::outOfLineStorage):
2606         (JSC::JSObject::locationForOffset):
2607         (JSC::JSObject::offsetForLocation):
2608         (JSC::JSObject::getDirectOffset):
2609         (JSC::JSObject::putDirectOffset):
2610         (JSC::JSObject::putUndefinedAtDirectOffset):
2611         (JSC::JSObject::addressOfOutOfLineStorage):
2612         (JSC::JSObject::finishCreation):
2613         (JSC::JSNonFinalObject::JSNonFinalObject):
2614         (JSC::JSNonFinalObject::finishCreation):
2615         (JSFinalObject):
2616         (JSC::JSFinalObject::finishCreation):
2617         (JSC::JSFinalObject::JSFinalObject):
2618         (JSC::JSObject::offsetOfOutOfLineStorage):
2619         (JSC::JSObject::setOutOfLineStorage):
2620         (JSC::JSObject::JSObject):
2621         (JSC):
2622         (JSC::JSCell::fastGetOwnProperty):
2623         (JSC::JSObject::putDirectInternal):
2624         (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
2625         (JSC::JSObject::putDirectWithoutTransition):
2626         (JSC::offsetRelativeToPatchedStorage):
2627         (JSC::indexRelativeToBase):
2628         (JSC::offsetRelativeToBase):
2629         * runtime/JSPropertyNameIterator.cpp:
2630         (JSC::JSPropertyNameIterator::create):
2631         * runtime/JSPropertyNameIterator.h:
2632         (JSPropertyNameIterator):
2633         (JSC::JSPropertyNameIterator::getOffset):
2634         (JSC::JSPropertyNameIterator::finishCreation):
2635         * runtime/JSValue.cpp:
2636         (JSC::JSValue::putToPrimitive):
2637         * runtime/Operations.h:
2638         (JSC::normalizePrototypeChain):
2639         * runtime/Options.cpp:
2640         (JSC):
2641         (JSC::Options::initialize):
2642         * runtime/PropertyMapHashTable.h:
2643         (PropertyMapEntry):
2644         (JSC::PropertyMapEntry::PropertyMapEntry):
2645         (PropertyTable):
2646         (JSC::PropertyTable::PropertyTable):
2647         (JSC::PropertyTable::getDeletedOffset):
2648         (JSC::PropertyTable::addDeletedOffset):
2649         (JSC::PropertyTable::nextOffset):
2650         (JSC):
2651         (JSC::PropertyTable::sizeInMemory):
2652         * runtime/PropertyOffset.h: Added.
2653         (JSC):
2654         (JSC::checkOffset):
2655         (JSC::validateOffset):
2656         (JSC::isValidOffset):
2657         (JSC::isInlineOffset):
2658         (JSC::isOutOfLineOffset):
2659         (JSC::offsetInInlineStorage):
2660         (JSC::offsetInOutOfLineStorage):
2661         (JSC::offsetInRespectiveStorage):
2662         (JSC::numberOfOutOfLineSlotsForLastOffset):
2663         (JSC::numberOfSlotsForLastOffset):
2664         (JSC::nextPropertyOffsetFor):
2665         (JSC::firstPropertyOffsetFor):
2666         * runtime/PropertySlot.h:
2667         (JSC::PropertySlot::cachedOffset):
2668         (JSC::PropertySlot::setValue):
2669         (JSC::PropertySlot::setCacheableGetterSlot):
2670         (JSC::PropertySlot::clearOffset):
2671         * runtime/PutPropertySlot.h:
2672         (JSC::PutPropertySlot::setExistingProperty):
2673         (JSC::PutPropertySlot::setNewProperty):
2674         (JSC::PutPropertySlot::cachedOffset):
2675         (PutPropertySlot):
2676         * runtime/Structure.cpp:
2677         (JSC::Structure::Structure):
2678         (JSC::Structure::materializePropertyMap):
2679         (JSC::nextOutOfLineStorageCapacity):
2680         (JSC::Structure::growOutOfLineCapacity):
2681         (JSC::Structure::suggestedNewOutOfLineStorageCapacity):
2682         (JSC::Structure::addPropertyTransitionToExistingStructure):
2683         (JSC::Structure::addPropertyTransition):
2684         (JSC::Structure::removePropertyTransition):
2685         (JSC::Structure::flattenDictionaryStructure):
2686         (JSC::Structure::addPropertyWithoutTransition):
2687         (JSC::Structure::removePropertyWithoutTransition):
2688         (JSC::Structure::copyPropertyTableForPinning):
2689         (JSC::Structure::get):
2690         (JSC::Structure::putSpecificValue):
2691         (JSC::Structure::remove):
2692         * runtime/Structure.h:
2693         (Structure):
2694         (JSC::Structure::putWillGrowOutOfLineStorage):
2695         (JSC::Structure::previousID):
2696         (JSC::Structure::outOfLineCapacity):
2697         (JSC::Structure::outOfLineSizeForKnownFinalObject):
2698         (JSC::Structure::outOfLineSizeForKnownNonFinalObject):
2699         (JSC::Structure::outOfLineSize):
2700         (JSC::Structure::hasInlineStorage):
2701         (JSC::Structure::inlineCapacity):
2702         (JSC::Structure::inlineSizeForKnownFinalObject):
2703         (JSC::Structure::inlineSize):
2704         (JSC::Structure::totalStorageSize):
2705         (JSC::Structure::totalStorageCapacity):
2706         (JSC::Structure::firstValidOffset):
2707         (JSC::Structure::lastValidOffset):
2708         (JSC::Structure::isValidOffset):
2709         (JSC::Structure::isEmpty):
2710         (JSC::Structure::transitionCount):
2711         (JSC::Structure::get):
2712
2713 2012-07-05  Oliver Hunt  <oliver@apple.com>
2714
2715         JSObjectCallAsFunction should thisConvert the provided thisObject
2716         https://bugs.webkit.org/show_bug.cgi?id=90628
2717
2718         Reviewed by Gavin Barraclough.
2719
2720         Perform this conversion on the provided this object.
2721
2722         * API/JSObjectRef.cpp:
2723         (JSObjectCallAsFunction):
2724
2725 2012-07-05  Zoltan Herczeg  <zherczeg@webkit.org>
2726
2727         [Qt] Unreviewed buildfix after r121886. Typo fix.
2728
2729         * assembler/MacroAssemblerARM.cpp:
2730         (JSC::MacroAssemblerARM::load32WithUnalignedHalfWords):
2731
2732 2012-07-05  Zoltan Herczeg  <zherczeg@webkit.org>
2733
2734         Port DFG JIT to traditional ARM
2735         https://bugs.webkit.org/show_bug.cgi?id=90198
2736
2737         Reviewed by Filip Pizlo.
2738
2739         This patch contains the macro assembler part of the
2740         DFG JIT support on ARM systems with fixed 32 bit instruction
2741         width. A large amount of old code was refactored, and the ARMv4
2742         or lower support is removed from the macro assembler.
2743
2744         Sunspider is improved by 8%, and V8 is 92%.
2745
2746         * assembler/ARMAssembler.cpp:
2747         (JSC::ARMAssembler::dataTransfer32):
2748         (JSC::ARMAssembler::baseIndexTransfer32):
2749         (JSC):
2750         (JSC::ARMAssembler::dataTransfer16):
2751         (JSC::ARMAssembler::baseIndexTransfer16):
2752         (JSC::ARMAssembler::dataTransferFloat):
2753         (JSC::ARMAssembler::baseIndexTransferFloat):
2754         (JSC::ARMAssembler::executableCopy):
2755         * assembler/ARMAssembler.h:
2756         (JSC::ARMAssembler::ARMAssembler):
2757         (JSC::ARMAssembler::emitInst):
2758         (JSC::ARMAssembler::vmov_f64_r):
2759         (ARMAssembler):
2760         (JSC::ARMAssembler::vabs_f64_r):
2761         (JSC::ARMAssembler::vneg_f64_r):
2762         (JSC::ARMAssembler::ldr_imm):
2763         (JSC::ARMAssembler::ldr_un_imm):
2764         (JSC::ARMAssembler::dtr_u):
2765         (JSC::ARMAssembler::dtr_ur):
2766         (JSC::ARMAssembler::dtr_d):
2767         (JSC::ARMAssembler::dtr_dr):
2768         (JSC::ARMAssembler::dtrh_u):
2769         (JSC::ARMAssembler::dtrh_ur):
2770         (JSC::ARMAssembler::dtrh_d):
2771         (JSC::ARMAssembler::dtrh_dr):
2772         (JSC::ARMAssembler::fdtr_u):
2773         (JSC::ARMAssembler::fdtr_d):
2774         (JSC::ARMAssembler::push_r):
2775         (JSC::ARMAssembler::pop_r):
2776         (JSC::ARMAssembler::poke_r):
2777         (JSC::ARMAssembler::peek_r):
2778         (JSC::ARMAssembler::vmov_vfp64_r):
2779         (JSC::ARMAssembler::vmov_arm64_r):
2780         (JSC::ARMAssembler::vmov_vfp32_r):
2781         (JSC::ARMAssembler::vmov_arm32_r):
2782         (JSC::ARMAssembler::vcvt_u32_f64_r):
2783         (JSC::ARMAssembler::vcvt_f64_f32_r):
2784         (JSC::ARMAssembler::vcvt_f32_f64_r):
2785         (JSC::ARMAssembler::clz_r):
2786         (JSC::ARMAssembler::bkpt):
2787         (JSC::ARMAssembler::bx):
2788         (JSC::ARMAssembler::blx):
2789         (JSC::ARMAssembler::labelIgnoringWatchpoints):
2790         (JSC::ARMAssembler::labelForWatchpoint):
2791         (JSC::ARMAssembler::label):
2792         (JSC::ARMAssembler::getLdrImmAddress):
2793         (JSC::ARMAssembler::replaceWithJump):
2794         (JSC::ARMAssembler::maxJumpReplacementSize):
2795         (JSC::ARMAssembler::getOp2Byte):
2796         (JSC::ARMAssembler::getOp2Half):
2797         (JSC::ARMAssembler::RM):
2798         (JSC::ARMAssembler::RS):
2799         (JSC::ARMAssembler::RD):
2800         (JSC::ARMAssembler::RN):
2801         * assembler/AssemblerBufferWithConstantPool.h:
2802         (JSC::AssemblerBufferWithConstantPool::ensureSpaceForAnyInstruction):
2803         * assembler/MacroAssemblerARM.cpp:
2804         (JSC::MacroAssemblerARM::load32WithUnalignedHalfWords):
2805         * assembler/MacroAssemblerARM.h:
2806         (JSC::MacroAssemblerARM::add32):
2807         (MacroAssemblerARM):
2808         (JSC::MacroAssemblerARM::and32):
2809         (JSC::MacroAssemblerARM::lshift32):
2810         (JSC::MacroAssemblerARM::mul32):
2811         (JSC::MacroAssemblerARM::neg32):
2812         (JSC::MacroAssemblerARM::rshift32):
2813         (JSC::MacroAssemblerARM::urshift32):
2814         (JSC::MacroAssemblerARM::xor32):
2815         (JSC::MacroAssemblerARM::load8):
2816         (JSC::MacroAssemblerARM::load8Signed):
2817         (JSC::MacroAssemblerARM::load16):
2818         (JSC::MacroAssemblerARM::load16Signed):
2819         (JSC::MacroAssemblerARM::load32):
2820         (JSC::MacroAssemblerARM::load32WithAddressOffsetPatch):
2821         (JSC::MacroAssemblerARM::store32WithAddressOffsetPatch):
2822         (JSC::MacroAssemblerARM::store8):
2823         (JSC::MacroAssemblerARM::store16):
2824         (JSC::MacroAssemblerARM::store32):
2825         (JSC::MacroAssemblerARM::move):
2826         (JSC::MacroAssemblerARM::jump):
2827         (JSC::MacroAssemblerARM::branchAdd32):
2828         (JSC::MacroAssemblerARM::mull32):
2829         (JSC::MacroAssemblerARM::branchMul32):
2830         (JSC::MacroAssemblerARM::nearCall):
2831         (JSC::MacroAssemblerARM::compare32):
2832         (JSC::MacroAssemblerARM::test32):
2833         (JSC::MacroAssemblerARM::sub32):
2834         (JSC::MacroAssemblerARM::call):
2835         (JSC::MacroAssemblerARM::loadFloat):
2836         (JSC::MacroAssemblerARM::loadDouble):
2837         (JSC::MacroAssemblerARM::storeFloat):
2838         (JSC::MacroAssemblerARM::storeDouble):
2839         (JSC::MacroAssemblerARM::moveDouble):
2840         (JSC::MacroAssemblerARM::addDouble):
2841         (JSC::MacroAssemblerARM::divDouble):
2842         (JSC::MacroAssemblerARM::subDouble):
2843         (JSC::MacroAssemblerARM::mulDouble):
2844         (JSC::MacroAssemblerARM::absDouble):
2845         (JSC::MacroAssemblerARM::negateDouble):
2846         (JSC::MacroAssemblerARM::convertInt32ToDouble):
2847         (JSC::MacroAssemblerARM::convertFloatToDouble):
2848         (JSC::MacroAssemblerARM::convertDoubleToFloat):
2849         (JSC::MacroAssemblerARM::branchTruncateDoubleToInt32):
2850         (JSC::MacroAssemblerARM::branchTruncateDoubleToUint32):
2851         (JSC::MacroAssemblerARM::truncateDoubleToInt32):
2852         (JSC::MacroAssemblerARM::truncateDoubleToUint32):
2853         (JSC::MacroAssemblerARM::branchConvertDoubleToInt32):
2854         (JSC::MacroAssemblerARM::branchDoubleNonZero):
2855         (JSC::MacroAssemblerARM::branchDoubleZeroOrNaN):
2856         (JSC::MacroAssemblerARM::invert):
2857         (JSC::MacroAssemblerARM::replaceWithJump):
2858         (JSC::MacroAssemblerARM::maxJumpReplacementSize):
2859         (JSC::MacroAssemblerARM::call32):
2860         * assembler/SH4Assembler.h:
2861         (JSC::SH4Assembler::label):
2862         * dfg/DFGAssemblyHelpers.h:
2863         (JSC::DFG::AssemblyHelpers::debugCall):
2864         (JSC::DFG::AssemblyHelpers::boxDouble):
2865         (JSC::DFG::AssemblyHelpers::unboxDouble):
2866         * dfg/DFGCCallHelpers.h:
2867         (CCallHelpers):
2868         (JSC::DFG::CCallHelpers::setupArguments):
2869         * dfg/DFGFPRInfo.h:
2870         (DFG):
2871         * dfg/DFGGPRInfo.h:
2872         (DFG):
2873         (GPRInfo):
2874         * dfg/DFGOperations.cpp:
2875         (JSC):
2876         * dfg/DFGSpeculativeJIT.h:
2877         (SpeculativeJIT):
2878         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
2879         (JSC::DFG::SpeculativeJIT::appendCallSetResult):
2880         * jit/JITStubs.cpp:
2881         (JSC):
2882         * jit/JITStubs.h:
2883         (JITStackFrame):
2884         * jit/JSInterfaceJIT.h:
2885         (JSInterfaceJIT):
2886
2887 2012-07-04  Anthony Scian  <ascian@rim.com>
2888
2889         Web Inspector [JSC]: Implement ScriptCallStack::stackTrace
2890         https://bugs.webkit.org/show_bug.cgi?id=40118
2891
2892         Reviewed by Yong Li.
2893
2894         Added member functions to expose function name, urlString, and line #.
2895         Refactored toString to make use of these member functions to reduce
2896         duplicated code for future maintenance.
2897
2898         Manually tested refactoring of toString by tracing thrown exceptions.
2899
2900         * interpreter/Interpreter.h:
2901         (JSC::StackFrame::toString):
2902         (JSC::StackFrame::friendlySourceURL):
2903         (JSC::StackFrame::friendlyFunctionName):
2904         (JSC::StackFrame::friendlyLineNumber):
2905
2906 2012-07-04  Andy Wingo  <wingo@igalia.com>
2907
2908         [GTK] Enable parallel GC
2909         https://bugs.webkit.org/show_bug.cgi?id=90568
2910
2911         Reviewed by Martin Robinson.
2912
2913         * runtime/Options.cpp: Include <algorithm.h> for std::min.
2914
2915 2012-07-04  John Mellor  <johnme@chromium.org>
2916
2917         Text Autosizing: Add compile flag and runtime setting
2918         https://bugs.webkit.org/show_bug.cgi?id=87394
2919
2920         This patch renames Font Boosting to Text Autosizing.
2921
2922         Reviewed by Adam Barth.
2923
2924         * Configurations/FeatureDefines.xcconfig:
2925
2926 2012-07-03  Michael Saboff  <msaboff@apple.com>
2927
2928         Enh: Hash Const JSString in Backing Stores to Save Memory
2929         https://bugs.webkit.org/show_bug.cgi?id=86024
2930
2931         Reviewed by Oliver Hunt.
2932
2933         During garbage collection, each marking thread keeps a HashMap of
2934         strings.  While visiting via MarkStack::copyAndAppend(), we check to
2935         see if the string we are visiting is already in the HashMap.  If not
2936         we add it. If so, we change the reference to the current string we're
2937         visiting to the prior string.
2938
2939         To reduce the performance impact of this change, two throttles have
2940         ben added.  1) We only try hash consting if a significant number of new 
2941         strings have been created since the last hash const.  Currently this is
2942         set at 100 strings.  2) If a string is unique at the end of a marking
2943         it will not be checked during further GC phases. In some cases this
2944         won't catch all duplicates, but we are trying to catch the growth of
2945         duplicate strings.
2946
2947         * heap/Heap.cpp:
2948         (JSC::Heap::markRoots):
2949         * heap/MarkStack.cpp:
2950         (JSC::MarkStackThreadSharedData::resetChildren):
2951         (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
2952         (JSC::MarkStackThreadSharedData::reset):
2953         (JSC::MarkStack::setup): Check to see if enough strings have been created
2954         to hash const.
2955         (JSC::MarkStack::reset): Added call to clear m_uniqueStrings.
2956         (JSC::JSString::tryHashConstLock): New method to lock JSString for
2957         hash consting.
2958         (JSC::JSString::releaseHashConstLock): New unlock method.
2959         (JSC::JSString::shouldTryHashConst): Set of checks to see if we should
2960         try to hash const the string.
2961         (JSC::MarkStack::internalAppend): New method that performs the hash consting.
2962         (JSC::SlotVisitor::copyAndAppend): Changed to call the new hash
2963         consting internalAppend().
2964         * heap/MarkStack.h:
2965         (MarkStackThreadSharedData):
2966         (MarkStack):
2967         * runtime/JSGlobalData.cpp:
2968         (JSC::JSGlobalData::JSGlobalData):
2969         * runtime/JSGlobalData.h:
2970         (JSGlobalData):
2971         (JSC::JSGlobalData::haveEnoughNewStringsToHashConst):
2972         (JSC::JSGlobalData::resetNewStringsSinceLastHashConst):
2973         * runtime/JSString.h:
2974         (JSString): Changed from using bool flags to using an unsigned
2975         m_flags field.  This works better with the weakCompareAndSwap in
2976         JSString::tryHashConstLock(). Changed the 8bitness setting and
2977         checking to use new accessors.
2978         (JSC::JSString::JSString):
2979         (JSC::JSString::finishCreation):
2980         (JSC::JSString::is8Bit): Updated for new m_flags.
2981         (JSC::JSString::setIs8Bit): New setter.
2982         New hash const flags accessors:
2983         (JSC::JSString::isHashConstSingleton):
2984         (JSC::JSString::clearHashConstSingleton):
2985         (JSC::JSString::setHashConstSingleton):
2986         (JSC::JSRopeString::finishCreation):
2987         (JSC::JSRopeString::append):
2988
2989 2012-07-03  Tony Chang  <tony@chromium.org>
2990
2991         [chromium] Unreviewed, update .gitignore to handle VS2010 files.
2992
2993         * JavaScriptCore.gyp/.gitignore:
2994
2995 2012-07-03  Mark Lam  <mark.lam@apple.com>
2996
2997         Add ability to symbolically set and dump JSC VM options.
2998         See comments in runtime/Options.h for details on how the options work.
2999         https://bugs.webkit.org/show_bug.cgi?id=90420
3000
3001         Reviewed by Filip Pizlo.
3002
3003         * assembler/LinkBuffer.cpp:
3004         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
3005         * assembler/LinkBuffer.h:
3006         (JSC):
3007         * bytecode/CodeBlock.cpp:
3008         (JSC::CodeBlock::shouldOptimizeNow):
3009         * bytecode/CodeBlock.h:
3010         (JSC::CodeBlock::likelyToTakeSlowCase):
3011         (JSC::CodeBlock::couldTakeSlowCase):
3012         (JSC::CodeBlock::likelyToTakeSpecialFastCase):
3013         (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
3014         (JSC::CodeBlock::likelyToTakeAnySlowCase):
3015         (JSC::CodeBlock::jitAfterWarmUp):
3016         (JSC::CodeBlock::jitSoon):
3017         (JSC::CodeBlock::reoptimizationRetryCounter):
3018         (JSC::CodeBlock::countReoptimization):
3019         (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
3020         (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
3021         (JSC::CodeBlock::optimizeSoon):
3022         (JSC::CodeBlock::exitCountThresholdForReoptimization):
3023         (JSC::CodeBlock::exitCountThresholdForReoptimizationFromLoop):
3024         * bytecode/ExecutionCounter.h:
3025         (JSC::ExecutionCounter::clippedThreshold):
3026         * dfg/DFGByteCodeParser.cpp:
3027         (JSC::DFG::ByteCodeParser::handleInlining):
3028         * dfg/DFGCapabilities.h:
3029         (JSC::DFG::mightCompileEval):
3030         (JSC::DFG::mightCompileProgram):
3031         (JSC::DFG::mightCompileFunctionForCall):
3032         (JSC::DFG::mightCompileFunctionForConstruct):
3033         (JSC::DFG::mightInlineFunctionForCall):
3034         (JSC::DFG::mightInlineFunctionForConstruct):
3035         * dfg/DFGCommon.h:
3036         (JSC::DFG::shouldShowDisassembly):
3037         * dfg/DFGDriver.cpp:
3038         (JSC::DFG::compile):
3039         * dfg/DFGOSRExit.cpp:
3040         (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
3041         * dfg/DFGVariableAccessData.h:
3042         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
3043         * heap/MarkStack.cpp:
3044         (JSC::MarkStackSegmentAllocator::allocate):
3045         (JSC::MarkStackSegmentAllocator::shrinkReserve):
3046         (JSC::MarkStackArray::MarkStackArray):
3047         (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
3048         (JSC::SlotVisitor::donateKnownParallel):
3049         (JSC::SlotVisitor::drain):
3050         (JSC::SlotVisitor::drainFromShared):
3051         * heap/MarkStack.h:
3052         (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
3053         (JSC::MarkStack::addOpaqueRoot):
3054         * heap/SlotVisitor.h:
3055         (JSC::SlotVisitor::donate):
3056         * jit/JIT.cpp:
3057         (JSC::JIT::emitOptimizationCheck):
3058         * jsc.cpp:
3059         (printUsageStatement):
3060         (parseArguments):
3061         * runtime/InitializeThreading.cpp:
3062         (JSC::initializeThreadingOnce):
3063         * runtime/JSGlobalData.cpp:
3064         (JSC::enableAssembler):
3065         * runtime/JSGlobalObject.cpp:
3066         (JSC::JSGlobalObject::JSGlobalObject):
3067         * runtime/Options.cpp:
3068         (JSC):
3069         (JSC::overrideOptionWithHeuristic):
3070         (JSC::Options::initialize):
3071         (JSC::Options::setOption):
3072         (JSC::Options::dumpAllOptions):
3073         (JSC::Options::dumpOption):
3074         * runtime/Options.h:
3075         (JSC):
3076         (Options):
3077         (EntryInfo):
3078
3079 2012-07-03  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>  Joel Dillon <joel.dillon@codethink.co.uk>
3080
3081         [Qt][Win] Fix broken QtWebKit5.lib linking
3082         https://bugs.webkit.org/show_bug.cgi?id=88321
3083
3084         Reviewed by Kenneth Rohde Christiansen.
3085
3086         The goal is to have different ports build systems define STATICALLY_LINKED_WITH_WTF
3087         when building JavaScriptCore, if both are packaged in the same DLL, instead
3088         of relying on the code to handle this.
3089         The effects of BUILDING_* and STATICALLY_LINKED_WITH_* are currently the same
3090         except for a check in Source/JavaScriptCore/config.h.
3091
3092         Keeping the old way for the WX port as requested by the port's contributors.
3093         For non-Windows ports there is no difference between IMPORT and EXPORT, no
3094         change is needed.
3095
3096         * API/JSBase.h:
3097           JS symbols shouldn't be included by WTF objects anymore. Remove the export when BUILDING_WTF.
3098         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
3099           Make sure that JavaScriptCore uses import symbols of WTF for the Win port.
3100         * runtime/JSExportMacros.h:
3101
3102 2012-07-02  Filip Pizlo  <fpizlo@apple.com>
3103
3104         DFG OSR exit value recoveries should be computed lazily
3105         https://bugs.webkit.org/show_bug.cgi?id=82155
3106
3107         Reviewed by Gavin Barraclough.
3108         
3109         This change aims to reduce one aspect of DFG compile times: the fact
3110         that we currently compute the value recoveries for each local and
3111         argument on every speculation check. We compile many speculation checks,
3112         so this can add up quick. The strategy that this change takes is to
3113         have the DFG save just enough information about how the compiler is
3114         choosing to represent state, that the DFG::OSRExitCompiler can reify
3115         the value recoveries lazily.
3116         
3117         This appears to be an 0.3% SunSpider speed-up and is neutral elsewhere.
3118         
3119         I also took the opportunity to fix the sampling regions profiler (it
3120         was missing an export macro) and to put in more sampling regions in
3121         the DFG (which are disabled so long as ENABLE(SAMPLING_REGIONS) is
3122         false).
3123         
3124         * CMakeLists.txt:
3125         * GNUmakefile.list.am:
3126         * JavaScriptCore.xcodeproj/project.pbxproj:
3127         * Target.pri:
3128         * bytecode/CodeBlock.cpp:
3129         (JSC):
3130         (JSC::CodeBlock::shrinkDFGDataToFit):
3131         * bytecode/CodeBlock.h:
3132         (CodeBlock):
3133         (JSC::CodeBlock::minifiedDFG):
3134         (JSC::CodeBlock::variableEventStream):
3135         (DFGData):
3136         * bytecode/Operands.h:
3137         (JSC::Operands::hasOperand):
3138         (Operands):
3139         (JSC::Operands::size):
3140         (JSC::Operands::at):
3141         (JSC::Operands::operator[]):
3142         (JSC::Operands::isArgument):
3143         (JSC::Operands::isVariable):
3144         (JSC::Operands::argumentForIndex):
3145         (JSC::Operands::variableForIndex):
3146         (JSC::Operands::operandForIndex):
3147         (JSC):
3148         (JSC::dumpOperands):
3149         * bytecode/SamplingTool.h:
3150         (SamplingRegion):
3151         * dfg/DFGByteCodeParser.cpp:
3152         (JSC::DFG::parse):
3153         * dfg/DFGCFAPhase.cpp:
3154         (JSC::DFG::performCFA):
3155         * dfg/DFGCSEPhase.cpp:
3156         (JSC::DFG::performCSE):
3157         * dfg/DFGFixupPhase.cpp:
3158         (JSC::DFG::performFixup):
3159         * dfg/DFGGenerationInfo.h:
3160         (JSC::DFG::GenerationInfo::GenerationInfo):
3161         (JSC::DFG::GenerationInfo::initConstant):
3162         (JSC::DFG::GenerationInfo::initInteger):
3163         (JSC::DFG::GenerationInfo::initJSValue):
3164         (JSC::DFG::GenerationInfo::initCell):
3165         (JSC::DFG::GenerationInfo::initBoolean):
3166         (JSC::DFG::GenerationInfo::initDouble):
3167         (JSC::DFG::GenerationInfo::initStorage):
3168         (GenerationInfo):
3169         (JSC::DFG::GenerationInfo::noticeOSRBirth):
3170         (JSC::DFG::GenerationInfo::use):
3171         (JSC::DFG::GenerationInfo::spill):
3172         (JSC::DFG::GenerationInfo::setSpilled):
3173         (JSC::DFG::GenerationInfo::fillJSValue):
3174         (JSC::DFG::GenerationInfo::fillCell):
3175         (JSC::DFG::GenerationInfo::fillInteger):
3176         (JSC::DFG::GenerationInfo::fillBoolean):
3177         (JSC::DFG::GenerationInfo::fillDouble):
3178         (JSC::DFG::GenerationInfo::fillStorage):
3179         (JSC::DFG::GenerationInfo::appendFill):
3180         (JSC::DFG::GenerationInfo::appendSpill):
3181         * dfg/DFGJITCompiler.cpp:
3182         (JSC::DFG::JITCompiler::link):
3183         (JSC::DFG::JITCompiler::compile):
3184         (JSC::DFG::JITCompiler::compileFunction):
3185         * dfg/DFGMinifiedGraph.h: Added.
3186         (DFG):
3187         (MinifiedGraph):
3188         (JSC::DFG::MinifiedGraph::MinifiedGraph):
3189         (JSC::DFG::MinifiedGraph::at):
3190         (JSC::DFG::MinifiedGraph::append):
3191         (JSC::DFG::MinifiedGraph::prepareAndShrink):
3192         (JSC::DFG::MinifiedGraph::setOriginalGraphSize):
3193         (JSC::DFG::MinifiedGraph::originalGraphSize):
3194         * dfg/DFGMinifiedNode.cpp: Added.
3195         (DFG):
3196         (JSC::DFG::MinifiedNode::fromNode):
3197         * dfg/DFGMinifiedNode.h: Added.
3198         (DFG):
3199         (JSC::DFG::belongsInMinifiedGraph):
3200         (MinifiedNode):
3201         (JSC::DFG::MinifiedNode::MinifiedNode):
3202         (JSC::DFG::MinifiedNode::index):
3203         (JSC::DFG::MinifiedNode::op):
3204         (JSC::DFG::MinifiedNode::hasChild1):
3205         (JSC::DFG::MinifiedNode::child1):
3206         (JSC::DFG::MinifiedNode::hasConstant):
3207         (JSC::DFG::MinifiedNode::hasConstantNumber):
3208         (JSC::DFG::MinifiedNode::constantNumber):
3209         (JSC::DFG::MinifiedNode::hasWeakConstant):
3210         (JSC::DFG::MinifiedNode::weakConstant):
3211         (JSC::DFG::MinifiedNode::getIndex):
3212         (JSC::DFG::MinifiedNode::compareByNodeIndex):
3213         (JSC::DFG::MinifiedNode::hasChild):
3214         * dfg/DFGNode.h:
3215         (Node):
3216         * dfg/DFGOSRExit.cpp:
3217         (JSC::DFG::OSRExit::OSRExit):
3218         * dfg/DFGOSRExit.h:
3219         (OSRExit):
3220         * dfg/DFGOSRExitCompiler.cpp:
3221         * dfg/DFGOSRExitCompiler.h:
3222         (OSRExitCompiler):
3223         * dfg/DFGOSRExitCompiler32_64.cpp:
3224         (JSC::DFG::OSRExitCompiler::compileExit):
3225         * dfg/DFGOSRExitCompiler64.cpp:
3226         (JSC::DFG::OSRExitCompiler::compileExit):
3227         * dfg/DFGPredictionPropagationPhase.cpp:
3228         (JSC::DFG::performPredictionPropagation):
3229         * dfg/DFGRedundantPhiEliminationPhase.cpp:
3230         (JSC::DFG::performRedundantPhiElimination):
3231         * dfg/DFGSpeculativeJIT.cpp:
3232         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
3233         (DFG):
3234         (JSC::DFG::SpeculativeJIT::fillStorage):
3235         (JSC::DFG::SpeculativeJIT::noticeOSRBirth):
3236         (JSC::DFG::SpeculativeJIT::compileMovHint):
3237         (JSC::DFG::SpeculativeJIT::compile):
3238         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
3239         * dfg/DFGSpeculativeJIT.h:
3240         (DFG):
3241         (JSC::DFG::SpeculativeJIT::use):
3242         (SpeculativeJIT):
3243         (JSC::DFG::SpeculativeJIT::spill):
3244         (JSC::DFG::SpeculativeJIT::speculationCheck):
3245         (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
3246         (JSC::DFG::SpeculativeJIT::recordSetLocal):
3247         * dfg/DFGSpeculativeJIT32_64.cpp:
3248         (JSC::DFG::SpeculativeJIT::fillInteger):
3249         (JSC::DFG::SpeculativeJIT::fillDouble):
3250         (JSC::DFG::SpeculativeJIT::fillJSValue):
3251         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
3252         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3253         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
3254         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
3255         (JSC::DFG::SpeculativeJIT::compile):
3256         * dfg/DFGSpeculativeJIT64.cpp:
3257         (JSC::DFG::SpeculativeJIT::fillInteger):
3258         (JSC::DFG::SpeculativeJIT::fillDouble):
3259         (JSC::DFG::SpeculativeJIT::fillJSValue):
3260         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
3261         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3262         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
3263         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
3264         (JSC::DFG::SpeculativeJIT::compile):
3265         * dfg/DFGValueRecoveryOverride.h: Added.
3266         (DFG):
3267         (ValueRecoveryOverride):
3268         (JSC::DFG::ValueRecoveryOverride::ValueRecoveryOverride):
3269         * dfg/DFGValueSource.cpp: Added.
3270         (DFG):
3271         (JSC::DFG::ValueSource::dump):
3272         * dfg/DFGValueSource.h: Added.
3273         (DFG):
3274         (JSC::DFG::dataFormatToValueSourceKind):
3275         (JSC::DFG::valueSourceKindToDataFormat):
3276         (JSC::DFG::isInRegisterFile):
3277         (ValueSource):
3278         (JSC::DFG::ValueSource::ValueSource):
3279         (JSC::DFG::ValueSource::forPrediction):
3280         (JSC::DFG::ValueSource::forDataFormat):
3281         (JSC::DFG::ValueSource::isSet):
3282         (JSC::DFG::ValueSource::kind):
3283         (JSC::DFG::ValueSource::isInRegisterFile):
3284         (JSC::DFG::ValueSource::dataFormat):
3285         (JSC::DFG::ValueSource::valueRecovery):
3286         (JSC::DFG::ValueSource::nodeIndex):
3287         (JSC::DFG::ValueSource::nodeIndexFromKind):
3288         (JSC::DFG::ValueSource::kindFromNodeIndex):
3289         * dfg/DFGVariableEvent.cpp: Added.
3290         (DFG):
3291         (JSC::DFG::VariableEvent::dump):
3292         (JSC::DFG::VariableEvent::dumpFillInfo):
3293         (JSC::DFG::VariableEvent::dumpSpillInfo):
3294         * dfg/DFGVariableEvent.h: Added.
3295         (DFG):
3296         (VariableEvent):
3297         (JSC::DFG::VariableEvent::VariableEvent):
3298         (JSC::DFG::VariableEvent::reset):
3299         (JSC::DFG::VariableEvent::fillGPR):
3300         (JSC::DFG::VariableEvent::fillPair):
3301         (JSC::DFG::VariableEvent::fillFPR):
3302         (JSC::DFG::VariableEvent::spill):
3303         (JSC::DFG::VariableEvent::death):
3304         (JSC::DFG::VariableEvent::setLocal):
3305         (JSC::DFG::VariableEvent::movHint):
3306         (JSC::DFG::VariableEvent::kind):
3307         (JSC::DFG::VariableEvent::nodeIndex):
3308         (JSC::DFG::VariableEvent::dataFormat):
3309         (JSC::DFG::VariableEvent::gpr):
3310         (JSC::DFG::VariableEvent::tagGPR):
3311         (JSC::DFG::VariableEvent::payloadGPR):
3312         (JSC::DFG::VariableEvent::fpr):
3313         (JSC::DFG::VariableEvent::virtualRegister):
3314         (JSC::DFG::VariableEvent::operand):
3315         (JSC::DFG::VariableEvent::variableRepresentation):
3316         * dfg/DFGVariableEventStream.cpp: Added.
3317         (DFG):
3318         (JSC::DFG::VariableEventStream::logEvent):
3319         (MinifiedGenerationInfo):
3320         (JSC::DFG::MinifiedGenerationInfo::MinifiedGenerationInfo):
3321         (JSC::DFG::MinifiedGenerationInfo::update):
3322         (JSC::DFG::VariableEventStream::reconstruct):
3323         * dfg/DFGVariableEventStream.h: Added.
3324         (DFG):
3325         (VariableEventStream):
3326         (JSC::DFG::VariableEventStream::appendAndLog):
3327         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
3328         (JSC::DFG::performVirtualRegisterAllocation):
3329
3330 2012-07-02  Filip Pizlo  <fpizlo@apple.com>
3331
3332         DFG::ArgumentsSimplificationPhase should assert that the PhantomArguments nodes it creates are not shouldGenerate()
3333         https://bugs.webkit.org/show_bug.cgi?id=90407
3334
3335         Reviewed by Mark Hahnenberg.
3336
3337         * dfg/DFGArgumentsSimplificationPhase.cpp:
3338         (JSC::DFG::ArgumentsSimplificationPhase::run):
3339
3340 2012-07-02  Gavin Barraclough  <barraclough@apple.com>
3341
3342         Array.prototype.pop should throw if property is not configurable
3343         https://bugs.webkit.org/show_bug.cgi?id=75788
3344
3345         Rubber Stamped by Oliver Hunt.
3346
3347         No real bug here any more, but the error we throw sometimes has a misleading message.
3348  
3349         * runtime/JSArray.cpp:
3350         (JSC::JSArray::pop):
3351
3352 2012-06-29  Filip Pizlo  <fpizlo@apple.com>
3353
3354         JSObject wastes too much memory on unused property slots
3355         https://bugs.webkit.org/show_bug.cgi?id=90255
3356
3357         Reviewed by Mark Hahnenberg.
3358         
3359         Rolling back in after applying a simple fix: it appears that
3360         JSObject::setStructureAndReallocateStorageIfNecessary() was allocating more
3361         property storage than necessary. Fixing this appears to resolve the crash.
3362         
3363         This does a few things:
3364         
3365         - JSNonFinalObject no longer has inline property storage.
3366         
3367         - Initial out-of-line property storage size is 4 slots for JSNonFinalObject,
3368           or 2x the inline storage for JSFinalObject.
3369         
3370         - Property storage is only reallocated if it needs to be. Previously, we
3371           would reallocate the property storage on any transition where the original
3372           structure said shouldGrowProperyStorage(), but this led to spurious
3373           reallocations when doing transitionless property adds and there are
3374           deleted property slots available. That in turn led to crashes, because we
3375           would switch to out-of-line storage even if the capacity matched the
3376           criteria for inline storage.
3377         
3378         - Inline JSFunction allocation is killed off because we don't have a good
3379           way of inlining property storage allocation. This didn't hurt performance.
3380           Killing off code is better than fixing it if that code wasn't doing any
3381           good.
3382         
3383         This looks like a 1% progression on V8.
3384
3385         * interpreter/Interpreter.cpp:
3386         (JSC::Interpreter::privateExecute):
3387         * jit/JIT.cpp:
3388         (JSC::JIT::privateCompileSlowCases):
3389         * jit/JIT.h:
3390         * jit/JITInlineMethods.h:
3391         (JSC::JIT::emitAllocateBasicJSObject):
3392         (JSC):
3393         * jit/JITOpcodes.cpp:
3394         (JSC::JIT::emit_op_new_func):
3395         (JSC):
3396         (JSC::JIT::emit_op_new_func_exp):
3397         * runtime/JSFunction.cpp:
3398         (JSC::JSFunction::finishCreation):
3399         * runtime/JSObject.h:
3400         (JSC::JSObject::isUsingInlineStorage):
3401         (JSObject):
3402         (JSC::JSObject::finishCreation):
3403         (JSC):
3404         (JSC::JSNonFinalObject::hasInlineStorage):
3405         (JSNonFinalObject):
3406         (JSC::JSNonFinalObject::JSNonFinalObject):
3407         (JSC::JSNonFinalObject::finishCreation):