29b284e44975029b299c4222744630a6ab8a55b1
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-07-15  David Levin  <levin@chromium.org>
2
3         Another attempted build fix.
4
5         * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
6         up the definition of PTHREAD_KEYS_MAX.
7
8 2011-07-15  David Levin  <levin@chromium.org>
9
10         Chromium build fix.
11
12         * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
13         up the definition of PTHREAD_KEYS_MAX.
14
15 2011-07-14  David Levin  <levin@chromium.org>
16
17         currentThread is too slow!
18         https://bugs.webkit.org/show_bug.cgi?id=64577
19
20         Reviewed by Darin Adler and Dmitry Titov.
21
22         The problem is that currentThread results in a pthread_once call which always takes a lock.
23         With this change, currentThread is 10% faster than isMainThread in release mode and only
24         5% slower than isMainThread in debug.
25
26         * wtf/ThreadIdentifierDataPthreads.cpp:
27         (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
28         which is no longer needed because this is called from initializeThreading().
29         (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
30         intialization of the pthread key should already be done.
31         (WTF::ThreadIdentifierData::initialize): Ditto.
32         * wtf/ThreadIdentifierDataPthreads.h:
33         * wtf/ThreadingPthreads.cpp:
34         (WTF::initializeThreading): Acquire the pthread key here.
35
36 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
37
38         DFG JIT does not optimize Branch as well as it could.
39         https://bugs.webkit.org/show_bug.cgi?id=64574
40
41         Reviewed by Gavin Barraclough.
42         
43         This creates a common code path for emitting unfused branches, which does
44         no speculation, and only performs a slow call if absolutely necessary.
45
46         * dfg/DFGJITCodeGenerator.cpp:
47         (JSC::DFG::JITCodeGenerator::emitBranch):
48         * dfg/DFGJITCodeGenerator.h:
49         * dfg/DFGNonSpeculativeJIT.cpp:
50         (JSC::DFG::NonSpeculativeJIT::compile):
51         * dfg/DFGSpeculativeJIT.cpp:
52         (JSC::DFG::SpeculativeJIT::compile):
53
54 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
55
56         GC allocation fast path has too many operations.
57         https://bugs.webkit.org/show_bug.cgi?id=64493
58
59         Reviewed by Darin Adler.
60         
61         Changed the timing of the lazy sweep so that it occurs when we land on
62         a previously-unsweeped block, rather than whenever we land on an unsweeped
63         cell.  After the per-block lazy sweep occurs, the block is turned into a
64         singly linked list of free cells.  The allocation fast path is now just a
65         load-branch-store to remove a cell from the head of the list.
66         
67         Additionally, this changes the way new blocks are allocated.  Previously,
68         they would be populated with dummy cells.  With this patch, they are
69         turned into a free list, which means that there will never be destructor
70         calls for allocations in fresh blocks.
71         
72         These changes result in a 1.9% speed-up on V8, and a 0.6% speed-up on
73         SunSpider.  There are no observed statistically significant slow-downs
74         on any individual benchmark.
75
76         * JavaScriptCore.exp:
77         * heap/Heap.cpp:
78         (JSC::Heap::allocateSlowCase):
79         (JSC::Heap::collect):
80         (JSC::Heap::canonicalizeBlocks):
81         (JSC::Heap::resetAllocator):
82         * heap/Heap.h:
83         (JSC::Heap::forEachProtectedCell):
84         (JSC::Heap::forEachCell):
85         (JSC::Heap::forEachBlock):
86         (JSC::Heap::allocate):
87         * heap/MarkedBlock.cpp:
88         (JSC::MarkedBlock::MarkedBlock):
89         (JSC::MarkedBlock::lazySweep):
90         (JSC::MarkedBlock::blessNewBlockForFastPath):
91         (JSC::MarkedBlock::blessNewBlockForSlowPath):
92         (JSC::MarkedBlock::canonicalizeBlock):
93         * heap/MarkedBlock.h:
94         * heap/NewSpace.cpp:
95         (JSC::NewSpace::addBlock):
96         (JSC::NewSpace::canonicalizeBlocks):
97         * heap/NewSpace.h:
98         (JSC::NewSpace::allocate):
99         (JSC::NewSpace::SizeClass::SizeClass):
100         (JSC::NewSpace::SizeClass::canonicalizeBlock):
101         * heap/OldSpace.cpp:
102         (JSC::OldSpace::addBlock):
103
104 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
105
106         DFG JIT crashes on host constructor calls in debug mode.
107         https://bugs.webkit.org/show_bug.cgi?id=64562
108         
109         Reviewed by Gavin Barraclough.
110         
111         Fixed the relevant ASSERT.
112
113         * dfg/DFGOperations.cpp:
114
115 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
116
117         DFG speculative JIT contains a FIXME for rewinding speculative code generation that
118         has already been fixed.
119         https://bugs.webkit.org/show_bug.cgi?id=64022
120
121         Reviewed by Gavin Barraclough.
122
123         * dfg/DFGSpeculativeJIT.h:
124         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
125
126 2011-07-14  Ryuan Choi  <ryuan.choi@samsung.com>
127
128         [EFL] Add OwnPtr specialization for Ecore_Pipe.
129         https://bugs.webkit.org/show_bug.cgi?id=64515
130
131         Add an overload for deleteOwnedPtr(Ecore_Pipe*) on EFL port.
132
133         Reviewed by Xan Lopez.
134
135         * wtf/OwnPtrCommon.h:
136         * wtf/efl/OwnPtrEfl.cpp:
137         (WTF::deleteOwnedPtr):
138
139 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
140
141         DFG JIT unnecessarily boxes and unboxes values during silent spilling.
142         https://bugs.webkit.org/show_bug.cgi?id=64068
143
144         Reviewed by Gavin Barraclough.
145         
146         Silent spilling and filling of registers is done during slow-path C
147         function calls.  The silent spill/fill logic does not affect register
148         allocation on paths that don't involve the C function call.
149         
150         This changes the silent spilling code to spill in unboxed form.  The
151         silent fill will refill in whatever form the register was spilled in.
152         For example, the silent spill code may choose not to spill the register
153         because it was already spilled previously, which would imply that it
154         was spilled in boxed form.  The filling code detects this and either
155         unboxes, or not, depending on what is appropriate.
156         
157         This change also results in a simplification of the silent spill/fill
158         API: silent spilling no longer needs to know about the set of registers
159         that cannot be trampled, since it never does boxing and hence does not
160         need a temporary register.
161
162         * dfg/DFGJITCodeGenerator.cpp:
163         (JSC::DFG::JITCodeGenerator::cachedGetById):
164         (JSC::DFG::JITCodeGenerator::cachedPutById):
165         * dfg/DFGJITCodeGenerator.h:
166         (JSC::DFG::JITCodeGenerator::silentSpillGPR):
167         (JSC::DFG::JITCodeGenerator::silentSpillFPR):
168         (JSC::DFG::JITCodeGenerator::silentFillFPR):
169         (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
170         * dfg/DFGNonSpeculativeJIT.cpp:
171         (JSC::DFG::NonSpeculativeJIT::valueToNumber):
172         (JSC::DFG::NonSpeculativeJIT::valueToInt32):
173         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
174         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
175         (JSC::DFG::NonSpeculativeJIT::compare):
176         (JSC::DFG::NonSpeculativeJIT::compile):
177         * dfg/DFGSpeculativeJIT.cpp:
178         (JSC::DFG::SpeculativeJIT::compile):
179
180 2011-07-13  Michael Saboff  <msaboff@apple.com>
181
182         https://bugs.webkit.org/show_bug.cgi?id=64202
183         Enh: Improve handling of RegExp in the form of /.*blah.*/
184
185         Reviewed by Gavin Barraclough.
186
187         Added code to both the Yarr interpreter and JIT to handle
188         these expressions a little differently.  First off, the terms
189         in between the leading and trailing .*'s cannot capture and
190         also this enhancement is limited to single alternative expressions.
191         If an expression is of the right form with the aforementioned
192         restrictions, we process the inner terms and then look for the
193         beginning of the string and end of the string.  There is handling 
194         for multiline expressions to allow the beginning and end to be 
195         right after and right before newlines.
196
197         This enhancement speeds up expressions of this type 12x on
198         a MacBookPro.
199
200         Cleaned up 'case' statement indentation.
201
202         A new set of tests was added as LayoutTests/fast/regex/dotstar.html
203
204         * yarr/YarrInterpreter.cpp:
205         (JSC::Yarr::Interpreter::InputStream::end):
206         (JSC::Yarr::Interpreter::matchDotStarEnclosure):
207         (JSC::Yarr::Interpreter::matchDisjunction):
208         (JSC::Yarr::ByteCompiler::assertionDotStarEnclosure):
209         (JSC::Yarr::ByteCompiler::emitDisjunction):
210         * yarr/YarrInterpreter.h:
211         (JSC::Yarr::ByteTerm::DotStarEnclosure):
212         * yarr/YarrJIT.cpp:
213         (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
214         (JSC::Yarr::YarrGenerator::backtrackDotStarEnclosure):
215         (JSC::Yarr::YarrGenerator::generateTerm):
216         (JSC::Yarr::YarrGenerator::backtrackTerm):
217         * yarr/YarrPattern.cpp:
218         (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
219         (JSC::Yarr::YarrPatternConstructor::containsCapturingTerms):
220         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
221         (JSC::Yarr::YarrPattern::compile):
222         * yarr/YarrPattern.h:
223         (JSC::Yarr::PatternTerm::PatternTerm):
224
225 2011-07-13  Xan Lopez  <xlopez@igalia.com>
226
227         [GTK] Fix distcheck
228
229         Reviewed by Martin Robinson.
230
231         * GNUmakefile.list.am: add missing files.
232
233 2011-07-13  Filip Pizlo  <fpizlo@apple.com>
234
235         DFG JIT does not implement prototype chain or list caching for get_by_id.
236         https://bugs.webkit.org/show_bug.cgi?id=64147
237
238         Reviewed by Gavin Barraclough.
239         
240         This implements unified support for prototype caching, prototype chain
241         caching, and polymorphic (i.e. list) prototype and prototype chain
242         caching.  This is done by creating common code for emitting prototype
243         or chain access stubs, and having it factored out into
244         generateProtoChainAccessStub().  This function is called by
245         tryCacheGetByID once the latter determines that some form of prototype
246         access caching is necessary (i.e. the slot being accessed is not on the
247         base value but on some other object).
248         
249         Direct prototype list, and prototype chain list, caching is implemented by
250         linking the slow path to operationGetByIdProtoBuildList(), which uses the
251         same helper function (generateProtoChainAccessStub()) as tryCacheGetByID.
252         
253         This change required ensuring that the value in the scratchGPR field in
254         StructureStubInfo is preserved even after the stub info is in the
255         chain, or proto_list, states.  Hence scratchGPR was moved out of the union
256         and into the top-level of StructureStubInfo.
257         
258         * bytecode/StructureStubInfo.h:
259         * dfg/DFGJITCompiler.cpp:
260         (JSC::DFG::JITCompiler::compileFunction):
261         * dfg/DFGOperations.cpp:
262         * dfg/DFGOperations.h:
263         * dfg/DFGRepatch.cpp:
264         (JSC::DFG::emitRestoreScratch):
265         (JSC::DFG::linkRestoreScratch):
266         (JSC::DFG::generateProtoChainAccessStub):
267         (JSC::DFG::tryCacheGetByID):
268         (JSC::DFG::tryBuildGetByIDProtoList):
269         (JSC::DFG::dfgBuildGetByIDProtoList):
270         (JSC::DFG::tryCachePutByID):
271         * dfg/DFGRepatch.h:
272
273 2011-07-12  Brent Fulgham  <bfulgham@webkit.org>
274
275         Standardize WinCairo conditionalized code under PLATFORM macro.
276         https://bugs.webkit.org/show_bug.cgi?id=64377
277
278         Reviewed by Maciej Stachowiak.
279
280         * wtf/Platform.h: Update to use PLATFORM(WIN_CAIRO) for tests.
281
282 2011-07-13  David Levin  <levin@chromium.org>
283
284         Possible race condition in ThreadIdentifierData::initializeKeyOnce and shouldCallRealDebugger.
285         https://bugs.webkit.org/show_bug.cgi?id=64465
286
287         Reviewed by Dmitry Titov.
288
289         There isn't a good way to test this as it is very highly unlikely to occur.
290
291         * wtf/ThreadIdentifierDataPthreads.cpp:
292         (WTF::ThreadIdentifierData::initializeKeyOnce): Since scoped static initialization
293         isn't thread-safe, change the initialization to be global.
294
295 2011-07-12  Gavin Barraclough  <barraclough@apple.com>
296
297         https://bugs.webkit.org/show_bug.cgi?id=64424
298         Our direct eval behaviour deviates slightly from the spec.
299
300         Reviewed by Oliver Hunt.
301
302         The ES5 spec defines a concept of 'Direct Call to Eval' (see section 15.1.2.1.1), where
303         behaviour will differ from that of an indirect call (e.g. " { eval: window.eval }.eval();"
304         or "var a = eval; a();" are indirect calls), particularly in non-strict scopes variables
305         may be introduced into the caller's environment.
306
307         ES5 direct calls are any call where the callee function is provided by a reference, a base
308         of that Reference is an EnvironmentRecord (this corresponds to all productions
309         "PrimaryExpression: Identifier", see 10.2.2.1 GetIdentifierReference), and where the name
310         of the reference is "eval". This means any expression of the form "eval(...)", and that
311         calls the standard built in eval method from on the Global Object, is considered to be
312         direct.
313
314         In JavaScriptCore we are currently overly restrictive. We also check that the
315         EnvironmentRecord that is the base of the reference is the Declaractive Environment Record
316         at the root of the scope chain, corresponding to the Global Object - an "eval(..)" statement
317         that hits a var eval in a nested scope is not considered to be direct. This behaviour does
318         not emanate from the spec, and is incorrect.
319
320         * interpreter/Interpreter.cpp:
321         (JSC::Interpreter::privateExecute):
322             - Fixed direct eval check in op_call_eval.
323         * jit/JITStubs.cpp:
324         (JSC::DEFINE_STUB_FUNCTION):
325             - Fixed direct eval check in op_call_eval.
326         * runtime/Executable.h:
327         (JSC::isHostFunction):
328             - Added check for host function with specific NativeFunction.
329
330 2011-07-13  Ademar de Souza Reis Jr.  <ademar.reis@openbossa.org>
331
332         Reviewed by Andreas Kling.
333
334         Broken build on QNX
335         https://bugs.webkit.org/show_bug.cgi?id=63717
336
337         QNX doesn't support pthread's SA_RESTART (required by
338         JSC_MULTIPLE_THREADS), JIT is broken at runtime and there a
339         few minor compilation errors here and there.
340
341         Original patch by Ritt Konstantin <ritt.ks@gmail.com>, also
342         tested by him on QNX v6.5 (x86)
343
344         * wtf/DateMath.cpp: fix usage of abs/labs
345         * wtf/Platform.h: Disable JIT and JSC_MULTIPLE_THREADS
346         * wtf/StackBounds.cpp: Add a couple of missing includes (and sort them)
347
348 2011-07-12  Anders Carlsson  <andersca@apple.com>
349
350         If a compiler has nullptr support, include <cstddef> to get the nullptr_t definition
351         https://bugs.webkit.org/show_bug.cgi?id=64429
352
353         Include the cstddef which has the nullptr_t typedef according to the C++0x standard.
354
355         * wtf/NullPtr.h:
356
357 2011-07-13  MORITA Hajime  <morrita@google.com>
358
359         Refactoring: Ignored ExceptionCode value should be less annoying.
360         https://bugs.webkit.org/show_bug.cgi?id=63688
361
362         Added ASSERT_AT macro.
363
364         Reviewed by Darin Adler.
365
366         * wtf/Assertions.h:
367
368 2011-07-12  Filip Pizlo  <fpizlo@apple.com>
369
370         DFG JIT does not implement op_construct.
371         https://bugs.webkit.org/show_bug.cgi?id=64066
372
373         Reviewed by Gavin Barraclough.
374         
375         This is a fixed implementation of op_construct.  Constructor calls are implemented
376         by reusing almost all of the code for Call, with care taken to make sure that
377         where the are differences (like selecting different code blocks), those differences
378         are respected.  The two fixes over the last patch are: (1) make sure the
379         CodeBlock::unlinkCalls respects differences between Call and Construct, and (2)
380         make sure that virtualFor() in DFGOperations respects the CodeSpecializationKind
381         (either CodeForCall or CodeForConstruct) when invoking the compiler.
382
383         * dfg/DFGAliasTracker.h:
384         (JSC::DFG::AliasTracker::recordConstruct):
385         * dfg/DFGByteCodeParser.cpp:
386         (JSC::DFG::ByteCodeParser::addCall):
387         (JSC::DFG::ByteCodeParser::parseBlock):
388         * dfg/DFGJITCodeGenerator.cpp:
389         (JSC::DFG::JITCodeGenerator::emitCall):
390         * dfg/DFGNode.h:
391         * dfg/DFGNonSpeculativeJIT.cpp:
392         (JSC::DFG::NonSpeculativeJIT::compile):
393         * dfg/DFGOperations.cpp:
394         * dfg/DFGOperations.h:
395         * dfg/DFGRepatch.cpp:
396         (JSC::DFG::dfgLinkFor):
397         * dfg/DFGRepatch.h:
398         * dfg/DFGSpeculativeJIT.cpp:
399         (JSC::DFG::SpeculativeJIT::compile):
400         * runtime/CodeBlock.cpp:
401         (JSC::CodeBlock::unlinkCalls):
402
403 2011-07-12  Oliver Hunt  <oliver@apple.com>
404
405         Overzealous type validation in method_check
406         https://bugs.webkit.org/show_bug.cgi?id=64415
407
408         Reviewed by Gavin Barraclough.
409
410         method_check is essentially just a value look up
411         optimisation, but it internally stores the value
412         as a JSFunction, even though it never relies on
413         this fact.  Under GC validation however we end up
414         trying to enforce that assumption.  The fix is
415         simply to store the value as a correct supertype.
416
417         * bytecode/CodeBlock.h:
418         * dfg/DFGRepatch.cpp:
419         (JSC::DFG::dfgRepatchGetMethodFast):
420         (JSC::DFG::tryCacheGetMethod):
421         * jit/JIT.h:
422         * jit/JITPropertyAccess.cpp:
423         (JSC::JIT::patchMethodCallProto):
424         * jit/JITStubs.cpp:
425         (JSC::DEFINE_STUB_FUNCTION):
426
427 2011-07-12  Filip Pizlo  <fpizlo@apple.com>
428
429         COLLECT_ON_EVERY_ALLOCATION no longer works.
430         https://bugs.webkit.org/show_bug.cgi?id=64388
431
432         Reviewed by Oliver Hunt.
433         
434         Added a flag to Heap that determines if it's safe to collect (which for now means that
435         JSGlobalObject has actually been initialized, but it should work for other things, too).
436         This allows JSGlobalObject to allocate even if the allocator wants to GC; instead of
437         GCing it just grows the heap, if necessary.
438         
439         Then changed Heap::allocate() to not recurse ad infinitum when
440         COLLECT_ON_EVERY_ALLOCATION is set.  This also makes the allocator generally more
441         resilient against bugs; this change allowed me to put in handy assertions, such as that
442         an allocation must succeed after either a collection or after a new block was added.
443
444         * heap/Heap.cpp:
445         (JSC::Heap::Heap):
446         (JSC::Heap::tryAllocate):
447         (JSC::Heap::allocate):
448         (JSC::Heap::collectAllGarbage):
449         (JSC::Heap::collect):
450         * heap/Heap.h:
451         (JSC::Heap::notifyIsSafeToCollect):
452         * runtime/JSGlobalData.cpp:
453         (JSC::JSGlobalData::JSGlobalData):
454
455 2011-07-12  Filip Pizlo  <fpizlo@apple.com>
456
457         DFG JIT put_by_id transition caching does not inform the GC about the structure and
458         prototype chain that it is referencing.
459         https://bugs.webkit.org/show_bug.cgi?id=64387
460
461         Reviewed by Gavin Barraclough.
462         
463         Fixed the relevant code in DFGRepatch to call StructureStubInfo::initPutByIdTransition().
464
465         * dfg/DFGRepatch.cpp:
466         (JSC::DFG::tryCachePutByID):
467
468 2011-07-12  Adam Roben  <aroben@apple.com>
469
470         Ensure no intermediate WTF::Strings are created when concatenating with string literals
471
472         Fixes <http://webkit.org/b/63330> Concatenating string literals and WTF::Strings using
473         operator+ is suboptimal
474
475         Reviewed by Darin Adler.
476
477         * wtf/text/StringConcatenate.h:
478         (WTF::StringTypeAdapter<String>::writeTo): Added a macro that can be used for testing how
479         many WTF::Strings get copied while evaluating an operator+ expression.
480
481         * wtf/text/StringOperators.h:
482         (WTF::operator+): Changed the overload that takes a StringAppend to take it on the left-hand
483         side, since operator+ is left-associative. Having the StringAppend on the right-hand side
484         was causing us to make intermediate WTF::Strings when evaluating expressions that contained
485         multiple calls to operator+. Added some more overloads for that take a left-hand side of
486         const char* to resolve overload ambiguity for certain expressions. Added overloads that take
487         a left-hand side of const UChar* (matching the const char* overloads) so that wide string
488         literals don't first have to be converted to a WTF::String in operator+ expressions.
489
490 2011-07-12  Adam Roben  <aroben@apple.com>
491
492         Unreviewed, rolling out r90811.
493         http://trac.webkit.org/changeset/90811
494         https://bugs.webkit.org/show_bug.cgi?id=61025
495
496         Several svg tests failing assertions beneath
497         SVGSMILElement::findInstanceTime
498
499         * wtf/StdLibExtras.h:
500         (WTF::binarySearch):
501
502 2011-07-12  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
503
504         Reviewed by Nikolas Zimmermann.
505
506         Speed up SVGSMILElement::findInstanceTime.
507         https://bugs.webkit.org/show_bug.cgi?id=61025
508
509         Add a new parameter to StdlibExtras.h::binarySerarch function
510         to also handle cases when the array does not contain the key value.
511         This is needed for an svg function.
512
513         * wtf/StdLibExtras.h:
514         (WTF::binarySearch):
515
516 2011-07-11  Filip Pizlo  <fpizlo@apple.com>
517
518         DFG speculative JIT does not guard itself against floating point speculation
519         failures on non-floating-point constants.
520         https://bugs.webkit.org/show_bug.cgi?id=64330
521
522         Reviewed by Gavin Barraclough.
523         
524         Made fillSpeculateDouble immediate invoke terminateSpeculativeExecution() as
525         soon as it notices that it's speculating on something that is a non-numeric
526         JSConstant.
527
528         * dfg/DFGSpeculativeJIT.cpp:
529         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
530
531 2011-07-11  Filip Pizlo  <fpizlo@apple.com>
532
533         DFG Speculative JIT does not always insert speculation checks when speculating
534         arrays.
535         https://bugs.webkit.org/show_bug.cgi?id=64254
536
537         Reviewed by Gavin Barraclough.
538         
539         Changed the SetLocal instruction to always validate that the value being stored
540         into the local variable is an array, if that variable was marked PredictArray.
541         This is necessary since uses of arrays assume that if a PredictArray value is
542         in a local variable then the speculation check validating that the value is an
543         array was already performed.
544
545         * dfg/DFGSpeculativeJIT.cpp:
546         (JSC::DFG::SpeculativeJIT::compile):
547
548 2011-07-11  Gabor Loki  <loki@webkit.org>
549
550         Fix the condition of the optimized code in doubleTransfer
551         https://bugs.webkit.org/show_bug.cgi?id=64261
552
553         Reviewed by Zoltan Herczeg.
554
555         The condition of the optimized code in doubleTransfer is wrong. The
556         data transfer should be executed with four bytes aligned address.
557         VFP cannot perform unaligned memory access.
558
559         Reported by Jacob Bramley.
560
561         * assembler/ARMAssembler.cpp:
562         (JSC::ARMAssembler::doubleTransfer):
563
564 2011-07-11  Gabor Loki  <loki@webkit.org>
565
566         Signed arithmetic bug in dataTransfer32.
567         https://bugs.webkit.org/show_bug.cgi?id=64257
568
569         Reviewed by Zoltan Herczeg.
570
571         An arithmetic bug is fixed. If the offset of dataTransfer is half of the
572         addressable memory space on a 32-bit machine (-2147483648 = 0x80000000)
573         a load instruction is emitted with a wrong zero offset.
574
575         Inspired by Jacob Bramley's patch from JaegerMonkey.
576
577         * assembler/ARMAssembler.cpp:
578         (JSC::ARMAssembler::dataTransfer32):
579
580 2011-07-09  Thouraya Andolsi  <thouraya.andolsi@st.com>
581
582         Fix unaligned userspace access for SH4 platforms. 
583         https://bugs.webkit.org/show_bug.cgi?id=62993
584
585         * wtf/Platform.h:
586
587 2011-07-09  Chao-ying Fu  <fu@mips.com>
588
589         Fix MIPS build due to readInt32 and readPointer
590         https://bugs.webkit.org/show_bug.cgi?id=63962
591
592         * assembler/MIPSAssembler.h:
593         (JSC::MIPSAssembler::readInt32):
594         (JSC::MIPSAssembler::readPointer):
595         * assembler/MacroAssemblerMIPS.h:
596         (JSC::MacroAssemblerMIPS::rshift32):
597
598 2011-07-08  Gavin Barraclough  <barraclough@apple.com>
599
600         https://bugs.webkit.org/show_bug.cgi?id=64181
601         REGRESSION (r90602): Gmail doesn't load
602
603         Rolling out r90601, r90602.
604
605         * dfg/DFGAliasTracker.h:
606         * dfg/DFGByteCodeParser.cpp:
607         (JSC::DFG::ByteCodeParser::addVarArgChild):
608         (JSC::DFG::ByteCodeParser::parseBlock):
609         * dfg/DFGJITCodeGenerator.cpp:
610         (JSC::DFG::JITCodeGenerator::emitCall):
611         * dfg/DFGNode.h:
612         * dfg/DFGNonSpeculativeJIT.cpp:
613         (JSC::DFG::NonSpeculativeJIT::compile):
614         * dfg/DFGOperations.cpp:
615         * dfg/DFGOperations.h:
616         * dfg/DFGRepatch.cpp:
617         (JSC::DFG::tryCacheGetByID):
618         (JSC::DFG::dfgLinkCall):
619         * dfg/DFGRepatch.h:
620         * dfg/DFGSpeculativeJIT.cpp:
621         (JSC::DFG::SpeculativeJIT::compile):
622         * runtime/JSObject.h:
623         (JSC::JSObject::isUsingInlineStorage):
624
625 2011-07-08  Kalev Lember  <kalev@smartlink.ee>
626
627         Reviewed by Adam Roben.
628
629         Add missing _WIN32_WINNT and WINVER definitions
630         https://bugs.webkit.org/show_bug.cgi?id=59702
631
632         Moved _WIN32_WINNT and WINVER definitions to config.h so that they are
633         available for all source files.
634
635         In particular, wtf/FastMalloc.cpp uses CreateTimerQueueTimer and
636         DeleteTimerQueueTimer which are both guarded by
637         #if (_WIN32_WINNT >= 0x0500)
638         in MinGW headers.
639
640         * config.h:
641         * wtf/Assertions.cpp:
642
643 2011-07-08  Chang Shu  <cshu@webkit.org>
644
645         Rename "makeSecure" to "fill" and remove the support for displaying last character
646         to avoid layering violatation.
647         https://bugs.webkit.org/show_bug.cgi?id=59114
648
649         Reviewed by Alexey Proskuryakov.
650
651         * JavaScriptCore.exp:
652         * JavaScriptCore.order:
653         * wtf/text/StringImpl.cpp:
654         (WTF::StringImpl::fill):
655         * wtf/text/StringImpl.h:
656         * wtf/text/WTFString.h:
657         (WTF::String::fill):
658
659 2011-07-08  Benjamin Poulain  <benjamin@webkit.org>
660
661         [WK2] Do not forward touch events to the web process when it does not need them
662         https://bugs.webkit.org/show_bug.cgi?id=64164
663
664         Reviewed by Kenneth Rohde Christiansen.
665
666         Add a convenience function to obtain a reference to the last element of a Deque.
667
668         * wtf/Deque.h:
669         (WTF::Deque::last):
670
671 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
672
673         DFG JIT does not implement op_construct.
674         https://bugs.webkit.org/show_bug.cgi?id=64066
675
676         Reviewed by Gavin Barraclough.
677
678         * dfg/DFGAliasTracker.h:
679         (JSC::DFG::AliasTracker::recordConstruct):
680         * dfg/DFGByteCodeParser.cpp:
681         (JSC::DFG::ByteCodeParser::addCall):
682         (JSC::DFG::ByteCodeParser::parseBlock):
683         * dfg/DFGJITCodeGenerator.cpp:
684         (JSC::DFG::JITCodeGenerator::emitCall):
685         * dfg/DFGNode.h:
686         * dfg/DFGNonSpeculativeJIT.cpp:
687         (JSC::DFG::NonSpeculativeJIT::compile):
688         * dfg/DFGOperations.cpp:
689         * dfg/DFGOperations.h:
690         * dfg/DFGRepatch.cpp:
691         (JSC::DFG::dfgLinkFor):
692         * dfg/DFGRepatch.h:
693         * dfg/DFGSpeculativeJIT.cpp:
694         (JSC::DFG::SpeculativeJIT::compile):
695
696 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
697
698         DFG JIT does not implement get_by_id prototype caching.
699         https://bugs.webkit.org/show_bug.cgi?id=64077
700
701         Reviewed by Gavin Barraclough.
702
703         * dfg/DFGRepatch.cpp:
704         (JSC::DFG::emitRestoreScratch):
705         (JSC::DFG::linkRestoreScratch):
706         (JSC::DFG::tryCacheGetByID):
707         * runtime/JSObject.h:
708         (JSC::JSObject::addressOfPropertyAtOffset):
709
710 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
711
712         DFG JIT method_check implementation does not link to optimized get_by_id
713         slow path.
714         https://bugs.webkit.org/show_bug.cgi?id=64073
715
716         Reviewed by Gavin Barraclough.
717
718         * dfg/DFGRepatch.cpp:
719         (JSC::DFG::dfgRepatchGetMethodFast):
720
721 2011-07-07  Oliver Hunt  <oliver@apple.com>
722
723         Encode jump and link sizes into the appropriate enums
724         https://bugs.webkit.org/show_bug.cgi?id=64123
725
726         Reviewed by Sam Weinig.
727
728         Finally kill off the out of line jump and link size arrays, 
729         so we can avoid icky loads and constant fold the linking arithmetic.
730
731         * assembler/ARMv7Assembler.cpp:
732         * assembler/ARMv7Assembler.h:
733         (JSC::ARMv7Assembler::jumpSizeDelta):
734         (JSC::ARMv7Assembler::computeJumpType):
735
736 2011-07-06  Juan C. Montemayor  <jmont@apple.com>
737
738         ASSERT_NOT_REACHED running test 262
739         https://bugs.webkit.org/show_bug.cgi?id=63951
740         
741         Added a case to the switch statement where the code was failing. Fixed
742         some logic as well that gave faulty error messages.
743
744         Reviewed by Gavin Barraclough.
745
746         * parser/JSParser.cpp:
747         (JSC::JSParser::getTokenName):
748         (JSC::JSParser::updateErrorMessageSpecialCase):
749         (JSC::JSParser::updateErrorMessage):
750
751 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
752
753         DFG JIT implementation of op_call results in regressions on sunspider
754         controlflow-recursive.
755         https://bugs.webkit.org/show_bug.cgi?id=64039
756
757         Reviewed by Gavin Barraclough.
758
759         * dfg/DFGByteCodeParser.cpp:
760         (JSC::DFG::ByteCodeParser::isSmallInt32Constant):
761         (JSC::DFG::ByteCodeParser::parseBlock):
762         * dfg/DFGSpeculativeJIT.h:
763         (JSC::DFG::SpeculativeJIT::isInteger):
764
765 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
766
767         DFG JIT does not support method_check
768         https://bugs.webkit.org/show_bug.cgi?id=63972
769
770         Reviewed by Gavin Barraclough.
771
772         * assembler/CodeLocation.h:
773         (JSC::CodeLocationPossiblyNearCall::CodeLocationPossiblyNearCall):
774         * bytecode/CodeBlock.cpp:
775         (JSC::CodeBlock::visitAggregate):
776         * bytecode/CodeBlock.h:
777         (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
778         (JSC::MethodCallLinkInfo::seenOnce):
779         (JSC::MethodCallLinkInfo::setSeen):
780         * dfg/DFGAliasTracker.h:
781         (JSC::DFG::AliasTracker::recordGetMethod):
782         * dfg/DFGByteCodeParser.cpp:
783         (JSC::DFG::ByteCodeParser::parseBlock):
784         * dfg/DFGJITCodeGenerator.cpp:
785         (JSC::DFG::JITCodeGenerator::cachedGetById):
786         (JSC::DFG::JITCodeGenerator::cachedGetMethod):
787         * dfg/DFGJITCodeGenerator.h:
788         * dfg/DFGJITCompiler.cpp:
789         (JSC::DFG::JITCompiler::compileFunction):
790         * dfg/DFGJITCompiler.h:
791         (JSC::DFG::JITCompiler::addMethodGet):
792         (JSC::DFG::JITCompiler::MethodGetRecord::MethodGetRecord):
793         * dfg/DFGNode.h:
794         (JSC::DFG::Node::hasIdentifier):
795         * dfg/DFGNonSpeculativeJIT.cpp:
796         (JSC::DFG::NonSpeculativeJIT::compile):
797         * dfg/DFGOperations.cpp:
798         * dfg/DFGOperations.h:
799         * dfg/DFGRepatch.cpp:
800         (JSC::DFG::dfgRepatchGetMethodFast):
801         (JSC::DFG::tryCacheGetMethod):
802         (JSC::DFG::dfgRepatchGetMethod):
803         * dfg/DFGRepatch.h:
804         * dfg/DFGSpeculativeJIT.cpp:
805         (JSC::DFG::SpeculativeJIT::compile):
806         * jit/JITWriteBarrier.h:
807         (JSC::JITWriteBarrier::set):
808
809 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
810
811         DFG JIT op_call implementation will flush registers even when those registers are dead
812         https://bugs.webkit.org/show_bug.cgi?id=64023
813
814         Reviewed by Gavin Barraclough.
815
816         * dfg/DFGJITCodeGenerator.cpp:
817         (JSC::DFG::JITCodeGenerator::emitCall):
818         * dfg/DFGJITCodeGenerator.h:
819         (JSC::DFG::JITCodeGenerator::integerResult):
820         (JSC::DFG::JITCodeGenerator::noResult):
821         (JSC::DFG::JITCodeGenerator::cellResult):
822         (JSC::DFG::JITCodeGenerator::jsValueResult):
823         (JSC::DFG::JITCodeGenerator::doubleResult):
824         * dfg/DFGNonSpeculativeJIT.cpp:
825         (JSC::DFG::NonSpeculativeJIT::compile):
826         * dfg/DFGSpeculativeJIT.cpp:
827         (JSC::DFG::SpeculativeJIT::compile):
828
829 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
830
831         DFG speculative JIT may crash when speculating int on a non-int JSConstant.
832         https://bugs.webkit.org/show_bug.cgi?id=64017
833
834         Reviewed by Gavin Barraclough.
835
836         * dfg/DFGSpeculativeJIT.cpp:
837         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
838         (JSC::DFG::SpeculativeJIT::compile):
839
840 2011-07-06  Dmitriy Vyukov  <dvyukov@google.com>
841
842         Reviewed by David Levin.
843
844         Allow substitution of dynamic annotations and prevent identical code folding by the linker.
845         https://bugs.webkit.org/show_bug.cgi?id=62443
846
847         * wtf/DynamicAnnotations.cpp:
848         (WTFAnnotateBenignRaceSized):
849         (WTFAnnotateHappensBefore):
850         (WTFAnnotateHappensAfter):
851
852 2011-07-06  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
853
854         Calls on 32 bit machines are failed after r90423
855         https://bugs.webkit.org/show_bug.cgi?id=63980
856
857         Reviewed by Gavin Barraclough.
858
859         Copy the necessary lines from JITCall.cpp.
860
861         * jit/JITCall32_64.cpp:
862         (JSC::JIT::compileOpCall):
863
864 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
865
866         DFG JIT virtual call implementation is inefficient.
867         https://bugs.webkit.org/show_bug.cgi?id=63974
868
869         Reviewed by Gavin Barraclough.
870
871         * dfg/DFGOperations.cpp:
872         * runtime/Executable.h:
873         (JSC::ExecutableBase::generatedJITCodeForCallWithArityCheck):
874         (JSC::ExecutableBase::generatedJITCodeForConstructWithArityCheck):
875         (JSC::ExecutableBase::generatedJITCodeWithArityCheckFor):
876         (JSC::ExecutableBase::hasJITCodeForCall):
877         (JSC::ExecutableBase::hasJITCodeForConstruct):
878         (JSC::ExecutableBase::hasJITCodeFor):
879         * runtime/JSFunction.h:
880         (JSC::JSFunction::scopeUnchecked):
881
882 2011-07-05  Oliver Hunt  <oliver@apple.com>
883
884         Force inlining of simple functions that show up as not being inlined
885         https://bugs.webkit.org/show_bug.cgi?id=63964
886
887         Reviewed by Gavin Barraclough.
888
889         Looking at profile data indicates the gcc is failing to inline a
890         number of trivial functions.  This patch hits the ones that show
891         up in profiles with the ALWAYS_INLINE hammer.
892
893         We also replace the memcpy() call in linking with a manual loop.
894         Apparently memcpy() is almost never faster than an inlined loop.
895
896         * assembler/ARMv7Assembler.h:
897         (JSC::ARMv7Assembler::add):
898         (JSC::ARMv7Assembler::add_S):
899         (JSC::ARMv7Assembler::ARM_and):
900         (JSC::ARMv7Assembler::asr):
901         (JSC::ARMv7Assembler::b):
902         (JSC::ARMv7Assembler::blx):
903         (JSC::ARMv7Assembler::bx):
904         (JSC::ARMv7Assembler::clz):
905         (JSC::ARMv7Assembler::cmn):
906         (JSC::ARMv7Assembler::cmp):
907         (JSC::ARMv7Assembler::eor):
908         (JSC::ARMv7Assembler::it):
909         (JSC::ARMv7Assembler::ldr):
910         (JSC::ARMv7Assembler::ldrCompact):
911         (JSC::ARMv7Assembler::ldrh):
912         (JSC::ARMv7Assembler::ldrb):
913         (JSC::ARMv7Assembler::lsl):
914         (JSC::ARMv7Assembler::lsr):
915         (JSC::ARMv7Assembler::movT3):
916         (JSC::ARMv7Assembler::mov):
917         (JSC::ARMv7Assembler::movt):
918         (JSC::ARMv7Assembler::mvn):
919         (JSC::ARMv7Assembler::neg):
920         (JSC::ARMv7Assembler::orr):
921         (JSC::ARMv7Assembler::orr_S):
922         (JSC::ARMv7Assembler::ror):
923         (JSC::ARMv7Assembler::smull):
924         (JSC::ARMv7Assembler::str):
925         (JSC::ARMv7Assembler::sub):
926         (JSC::ARMv7Assembler::sub_S):
927         (JSC::ARMv7Assembler::tst):
928         (JSC::ARMv7Assembler::linkRecordSourceComparator):
929         (JSC::ARMv7Assembler::link):
930         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Reg3Imm8):
931         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Imm5Reg3Reg3):
932         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp7Reg3Reg3Reg3):
933         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8Imm8):
934         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8RegReg143):
935         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp9Imm7):
936         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp10Reg3Reg3):
937         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4FourFours):
938         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16FourFours):
939         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16Op16):
940         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp5i6Imm4Reg4EncodedImm):
941         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4Reg4Imm12):
942         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp):
943         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp):
944         * assembler/LinkBuffer.h:
945         (JSC::LinkBuffer::linkCode):
946         * assembler/MacroAssemblerARMv7.h:
947         (JSC::MacroAssemblerARMv7::nearCall):
948         (JSC::MacroAssemblerARMv7::call):
949         (JSC::MacroAssemblerARMv7::ret):
950         (JSC::MacroAssemblerARMv7::moveWithPatch):
951         (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
952         (JSC::MacroAssemblerARMv7::storePtrWithPatch):
953         (JSC::MacroAssemblerARMv7::tailRecursiveCall):
954         (JSC::MacroAssemblerARMv7::makeTailRecursiveCall):
955         (JSC::MacroAssemblerARMv7::jump):
956         (JSC::MacroAssemblerARMv7::makeBranch):
957
958 2011-07-05  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
959
960         Make "Add optimised paths for a few maths functions" work on Qt
961         https://bugs.webkit.org/show_bug.cgi?id=63893
962
963         Reviewed by Oliver Hunt.
964
965         Move the generated code to the .text section instead of .data section.
966         Fix alignment for the 32 bit thunk code.
967
968         * jit/ThunkGenerators.cpp:
969
970 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
971
972         DFG JIT does not implement op_call.
973         https://bugs.webkit.org/show_bug.cgi?id=63858
974
975         Reviewed by Gavin Barraclough.
976
977         * bytecode/CodeBlock.cpp:
978         (JSC::CodeBlock::unlinkCalls):
979         * bytecode/CodeBlock.h:
980         (JSC::CodeBlock::setNumberOfCallLinkInfos):
981         (JSC::CodeBlock::numberOfCallLinkInfos):
982         * bytecompiler/BytecodeGenerator.cpp:
983         (JSC::BytecodeGenerator::emitCall):
984         (JSC::BytecodeGenerator::emitConstruct):
985         * dfg/DFGAliasTracker.h:
986         (JSC::DFG::AliasTracker::lookupGetByVal):
987         (JSC::DFG::AliasTracker::recordCall):
988         (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
989         * dfg/DFGByteCodeParser.cpp:
990         (JSC::DFG::ByteCodeParser::ByteCodeParser):
991         (JSC::DFG::ByteCodeParser::getLocal):
992         (JSC::DFG::ByteCodeParser::getArgument):
993         (JSC::DFG::ByteCodeParser::toInt32):
994         (JSC::DFG::ByteCodeParser::addToGraph):
995         (JSC::DFG::ByteCodeParser::addVarArgChild):
996         (JSC::DFG::ByteCodeParser::predictInt32):
997         (JSC::DFG::ByteCodeParser::parseBlock):
998         (JSC::DFG::ByteCodeParser::processPhiStack):
999         (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
1000         * dfg/DFGGraph.cpp:
1001         (JSC::DFG::Graph::opName):
1002         (JSC::DFG::Graph::dump):
1003         (JSC::DFG::Graph::refChildren):
1004         * dfg/DFGGraph.h:
1005         * dfg/DFGJITCodeGenerator.cpp:
1006         (JSC::DFG::JITCodeGenerator::useChildren):
1007         (JSC::DFG::JITCodeGenerator::emitCall):
1008         * dfg/DFGJITCodeGenerator.h:
1009         (JSC::DFG::JITCodeGenerator::addressOfCallData):
1010         * dfg/DFGJITCompiler.cpp:
1011         (JSC::DFG::JITCompiler::compileFunction):
1012         * dfg/DFGJITCompiler.h:
1013         (JSC::DFG::CallRecord::CallRecord):
1014         (JSC::DFG::JITCompiler::notifyCall):
1015         (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
1016         (JSC::DFG::JITCompiler::addJSCall):
1017         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
1018         (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
1019         * dfg/DFGNode.h:
1020         (JSC::DFG::Node::Node):
1021         (JSC::DFG::Node::child1):
1022         (JSC::DFG::Node::child2):
1023         (JSC::DFG::Node::child3):
1024         (JSC::DFG::Node::firstChild):
1025         (JSC::DFG::Node::numChildren):
1026         * dfg/DFGNonSpeculativeJIT.cpp:
1027         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1028         (JSC::DFG::NonSpeculativeJIT::compare):
1029         (JSC::DFG::NonSpeculativeJIT::compile):
1030         * dfg/DFGOperations.cpp:
1031         * dfg/DFGOperations.h:
1032         * dfg/DFGRepatch.cpp:
1033         (JSC::DFG::dfgLinkCall):
1034         * dfg/DFGRepatch.h:
1035         * dfg/DFGSpeculativeJIT.cpp:
1036         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
1037         (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
1038         (JSC::DFG::SpeculativeJIT::compile):
1039         * dfg/DFGSpeculativeJIT.h:
1040         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
1041         * interpreter/CallFrame.h:
1042         (JSC::ExecState::calleeAsValue):
1043         * jit/JIT.cpp:
1044         (JSC::JIT::JIT):
1045         (JSC::JIT::privateCompileMainPass):
1046         (JSC::JIT::privateCompileSlowCases):
1047         (JSC::JIT::privateCompile):
1048         (JSC::JIT::linkCall):
1049         (JSC::JIT::linkConstruct):
1050         * jit/JITCall.cpp:
1051         (JSC::JIT::compileOpCall):
1052         * jit/JITCode.h:
1053         (JSC::JITCode::JITCode):
1054         (JSC::JITCode::jitType):
1055         (JSC::JITCode::HostFunction):
1056         * runtime/JSFunction.h:
1057         * runtime/JSGlobalData.h:
1058
1059 2011-07-05  Oliver Hunt  <oliver@apple.com>
1060
1061         Initialize new MarkStack member
1062
1063         * heap/MarkStack.h:
1064         (JSC::MarkStack::MarkStack):
1065
1066 2011-07-05  Oliver Hunt  <oliver@apple.com>
1067
1068         Don't throw out compiled code repeatedly
1069         https://bugs.webkit.org/show_bug.cgi?id=63960
1070
1071         Reviewed by Gavin Barraclough.
1072
1073         Stop throwing away all compiled code every time
1074         we're told to do a full GC.  Instead unlink all
1075         callsites during such GC passes to maximise the
1076         number of collectable functions, but otherwise
1077         leave compiled functions alone.
1078
1079         * API/JSBase.cpp:
1080         (JSGarbageCollect):
1081         * bytecode/CodeBlock.cpp:
1082         (JSC::CodeBlock::visitAggregate):
1083         * heap/Heap.cpp:
1084         (JSC::Heap::collectAllGarbage):
1085         * heap/MarkStack.h:
1086         (JSC::MarkStack::shouldUnlinkCalls):
1087         (JSC::MarkStack::setShouldUnlinkCalls):
1088         * runtime/JSGlobalData.cpp:
1089         (JSC::JSGlobalData::recompileAllJSFunctions):
1090         (JSC::JSGlobalData::releaseExecutableMemory):
1091         * runtime/RegExp.cpp:
1092         (JSC::RegExp::compile):
1093         (JSC::RegExp::invalidateCode):
1094         * runtime/RegExp.h:
1095
1096 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
1097
1098         JSC JIT has code duplication for the handling of call and construct
1099         https://bugs.webkit.org/show_bug.cgi?id=63957
1100
1101         Reviewed by Gavin Barraclough.
1102
1103         * jit/JIT.cpp:
1104         (JSC::JIT::linkFor):
1105         * jit/JIT.h:
1106         * jit/JITStubs.cpp:
1107         (JSC::jitCompileFor):
1108         (JSC::DEFINE_STUB_FUNCTION):
1109         (JSC::arityCheckFor):
1110         (JSC::lazyLinkFor):
1111         * runtime/Executable.h:
1112         (JSC::ExecutableBase::generatedJITCodeFor):
1113         (JSC::FunctionExecutable::compileFor):
1114         (JSC::FunctionExecutable::isGeneratedFor):
1115         (JSC::FunctionExecutable::generatedBytecodeFor):
1116         (JSC::FunctionExecutable::generatedJITCodeWithArityCheckFor):
1117
1118 2011-07-05  Gavin Barraclough  <barraclough@apple.com>
1119
1120         Build fix following last patch.
1121
1122         * runtime/JSFunction.cpp:
1123         (JSC::createPrototypeProperty):
1124
1125 2011-07-05  Gavin Barraclough  <barraclough@apple.com>
1126
1127         https://bugs.webkit.org/show_bug.cgi?id=63947
1128         ASSERT running Object.preventExtensions(Math.sin)
1129
1130         Reviewed by Oliver Hunt.
1131
1132         This is due to calling scope() on a hostFunction as a part of
1133         calling createPrototypeProperty to reify the prototype property.
1134         But host functions don't have a prototype property anyway!
1135
1136         Prevent callling createPrototypeProperty on a host function.
1137
1138         * runtime/JSFunction.cpp:
1139         (JSC::JSFunction::createPrototypeProperty):
1140         (JSC::JSFunction::preventExtensions):
1141
1142 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
1143
1144         https://bugs.webkit.org/show_bug.cgi?id=63880
1145         Evaluation order of conversions of operands to >, >= incorrect.
1146
1147         Reviewed by Sam Weinig.
1148
1149         Add 'leftFirst' parameter to jsLess, jsLessEq matching that described in the ES5
1150         spec. This allows these methods to be reused to perform >, >= relational compares
1151         with correct ordering of type conversions.
1152
1153         * dfg/DFGOperations.cpp:
1154         * interpreter/Interpreter.cpp:
1155         (JSC::Interpreter::privateExecute):
1156         * jit/JITStubs.cpp:
1157         (JSC::DEFINE_STUB_FUNCTION):
1158         * runtime/Operations.h:
1159         (JSC::jsLess):
1160         (JSC::jsLessEq):
1161
1162 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
1163
1164         Reviewed by Sam Weinig.
1165
1166         https://bugs.webkit.org/show_bug.cgi?id=16652
1167         Firefox and JavaScriptCore differ in Number.toString(integer)
1168
1169         Our arbitrary radix (2..36) toString conversion is inaccurate.
1170         This is partly because it uses doubles to perform math that requires
1171         higher accuracy, and partly becasue it does not attempt to correctly
1172         detect where to terminate, instead relying on a simple 'epsilon'.
1173
1174         * runtime/NumberPrototype.cpp:
1175         (JSC::decomposeDouble):
1176             - helper function to extract sign, exponent, mantissa from IEEE doubles.
1177         (JSC::Uint16WithFraction::Uint16WithFraction):
1178             - helper class, u16int with infinite precision fraction, used to convert
1179               the fractional part of the number to a string.
1180         (JSC::Uint16WithFraction::operator*=):
1181             - Multiply by a uint16.
1182         (JSC::Uint16WithFraction::operator<):
1183             - Compare two Uint16WithFractions.
1184         (JSC::Uint16WithFraction::floorAndSubtract):
1185             - Extract the integer portion of the number, and subtract it (clears the integer portion).
1186         (JSC::Uint16WithFraction::comparePoint5):
1187             - Compare to 0.5.
1188         (JSC::Uint16WithFraction::sumGreaterThanOne):
1189             - Passed a second Uint16WithFraction, returns true if the result of adding
1190               the two values would be greater than one.
1191         (JSC::Uint16WithFraction::isNormalized):
1192             - Used by ASSERTs to consistency check internal representation.
1193         (JSC::BigInteger::BigInteger):
1194             - helper class, unbounded integer value, used to convert the integer part
1195               of the number to a string.
1196         (JSC::BigInteger::divide):
1197             - Divide this value through by a uint32.
1198         (JSC::BigInteger::operator!):
1199             - test for zero.
1200         (JSC::toStringWithRadix):
1201             - Performs number to string conversion, with the given radix (2..36).
1202         (JSC::numberProtoFuncToString):
1203             - Changed to use toStringWithRadix.
1204
1205 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
1206
1207         https://bugs.webkit.org/show_bug.cgi?id=63881
1208         Need separate bytecodes for handling >, >= comparisons.
1209
1210         Reviewed by Oliver Hunt.
1211
1212         This clears the way to fix Bug#63880. We currently handle greater-than comparisons
1213         as being using the corresponding op_less, etc opcodes.  This is incorrect with
1214         respect to evaluation ordering of the implicit conversions performed on operands -
1215         we should be calling ToPrimitive on the LHS and RHS operands to the greater than,
1216         but instead convert RHS then LHS.
1217
1218         This patch adds opcodes for greater-than comparisons mirroring existing ones used
1219         for less-than.
1220
1221         * bytecode/CodeBlock.cpp:
1222         (JSC::CodeBlock::dump):
1223         * bytecode/Opcode.h:
1224         * bytecompiler/BytecodeGenerator.cpp:
1225         (JSC::BytecodeGenerator::emitJumpIfTrue):
1226         (JSC::BytecodeGenerator::emitJumpIfFalse):
1227         * bytecompiler/NodesCodegen.cpp:
1228         * dfg/DFGByteCodeParser.cpp:
1229         (JSC::DFG::ByteCodeParser::parseBlock):
1230         * dfg/DFGNode.h:
1231         * dfg/DFGNonSpeculativeJIT.cpp:
1232         (JSC::DFG::NonSpeculativeJIT::compare):
1233         (JSC::DFG::NonSpeculativeJIT::compile):
1234         * dfg/DFGNonSpeculativeJIT.h:
1235         * dfg/DFGOperations.cpp:
1236         * dfg/DFGOperations.h:
1237         * dfg/DFGSpeculativeJIT.cpp:
1238         (JSC::DFG::SpeculativeJIT::compare):
1239         (JSC::DFG::SpeculativeJIT::compile):
1240         * dfg/DFGSpeculativeJIT.h:
1241         * interpreter/Interpreter.cpp:
1242         (JSC::Interpreter::privateExecute):
1243         * jit/JIT.cpp:
1244         (JSC::JIT::privateCompileMainPass):
1245         (JSC::JIT::privateCompileSlowCases):
1246         * jit/JIT.h:
1247         (JSC::JIT::emit_op_loop_if_greater):
1248         (JSC::JIT::emitSlow_op_loop_if_greater):
1249         (JSC::JIT::emit_op_loop_if_greatereq):
1250         (JSC::JIT::emitSlow_op_loop_if_greatereq):
1251         * jit/JITArithmetic.cpp:
1252         (JSC::JIT::emit_op_jgreater):
1253         (JSC::JIT::emit_op_jgreatereq):
1254         (JSC::JIT::emit_op_jngreater):
1255         (JSC::JIT::emit_op_jngreatereq):
1256         (JSC::JIT::emitSlow_op_jgreater):
1257         (JSC::JIT::emitSlow_op_jgreatereq):
1258         (JSC::JIT::emitSlow_op_jngreater):
1259         (JSC::JIT::emitSlow_op_jngreatereq):
1260         (JSC::JIT::emit_compareAndJumpSlow):
1261         * jit/JITArithmetic32_64.cpp:
1262         (JSC::JIT::emitBinaryDoubleOp):
1263         * jit/JITStubs.cpp:
1264         (JSC::DEFINE_STUB_FUNCTION):
1265         * jit/JITStubs.h:
1266         * parser/NodeConstructors.h:
1267         (JSC::GreaterNode::GreaterNode):
1268         (JSC::GreaterEqNode::GreaterEqNode):
1269         * parser/Nodes.h:
1270
1271 2011-07-03  Gavin Barraclough  <barraclough@apple.com>
1272
1273         https://bugs.webkit.org/show_bug.cgi?id=63879
1274         Reduce code duplication for op_jless, op_jlesseq, op_jnless, op_jnlesseq.
1275
1276         Reviewed by Sam Weinig.
1277         
1278         There is a lot of copy & paste code here; we can reduce duplication by making
1279         a shared implementation.
1280
1281         * assembler/MacroAssembler.h:
1282         (JSC::MacroAssembler::branch32):
1283         (JSC::MacroAssembler::commute):
1284             - Make these function platform agnostic.
1285         * assembler/MacroAssemblerX86Common.h:
1286             - Moved branch32/commute up to MacroAssembler.
1287         * jit/JIT.h:
1288         (JSC::JIT::emit_op_loop_if_lesseq):
1289         (JSC::JIT::emitSlow_op_loop_if_lesseq):
1290             - Add an implementation matching that for op_loop_if_less, which just calls op_jless.
1291         * jit/JITArithmetic.cpp:
1292         (JSC::JIT::emit_op_jless):
1293         (JSC::JIT::emit_op_jlesseq):
1294         (JSC::JIT::emit_op_jnless):
1295         (JSC::JIT::emit_op_jnlesseq):
1296         (JSC::JIT::emitSlow_op_jless):
1297         (JSC::JIT::emitSlow_op_jlesseq):
1298         (JSC::JIT::emitSlow_op_jnless):
1299         (JSC::JIT::emitSlow_op_jnlesseq):
1300             - Common implmentations of these methods for JSVALUE64 & JSVALUE32_64.
1301         (JSC::JIT::emit_compareAndJump):
1302         (JSC::JIT::emit_compareAndJumpSlow):
1303             - Internal implmementation of jless etc for JSVALUE64.
1304         * jit/JITArithmetic32_64.cpp:
1305         (JSC::JIT::emit_compareAndJump):
1306         (JSC::JIT::emit_compareAndJumpSlow):
1307             - Internal implmementation of jless etc for JSVALUE32_64.
1308         * jit/JITOpcodes.cpp:
1309         * jit/JITOpcodes32_64.cpp:
1310         * jit/JITStubs.cpp:
1311         * jit/JITStubs.h:
1312             - Remove old implementation of emit_op_loop_if_lesseq.
1313
1314 2011-07-03  Sheriff Bot  <webkit.review.bot@gmail.com>
1315
1316         Unreviewed, rolling out r90347.
1317         http://trac.webkit.org/changeset/90347
1318         https://bugs.webkit.org/show_bug.cgi?id=63886
1319
1320         Build breaks on Leopard, Chromium-win, WinCairo, and WinCE.
1321         (Requested by tkent on #webkit).
1322
1323         * JavaScriptCore.xcodeproj/project.pbxproj:
1324         * runtime/BigInteger.h: Removed.
1325         * runtime/NumberPrototype.cpp:
1326         (JSC::numberProtoFuncToPrecision):
1327         (JSC::numberProtoFuncToString):
1328         * runtime/Uint16WithFraction.h: Removed.
1329         * wtf/MathExtras.h:
1330
1331 2011-06-30  Gavin Barraclough  <barraclough@apple.com>
1332
1333         Reviewed by Sam Weinig.
1334
1335         https://bugs.webkit.org/show_bug.cgi?id=16652
1336         Firefox and JavaScriptCore differ in Number.toString(integer)
1337
1338         Our arbitrary radix (2..36) toString conversion is inaccurate.
1339         This is partly because it uses doubles to perform math that requires
1340         higher accuracy, and partly becasue it does not attempt to correctly
1341         detect where to terminate, instead relying on a simple 'epsilon'.
1342
1343         * runtime/NumberPrototype.cpp:
1344         (JSC::decomposeDouble):
1345             - helper function to extract sign, exponent, mantissa from IEEE doubles.
1346         (JSC::Uint16WithFraction::Uint16WithFraction):
1347             - helper class, u16int with infinite precision fraction, used to convert
1348               the fractional part of the number to a string.
1349         (JSC::Uint16WithFraction::operator*=):
1350             - Multiply by a uint16.
1351         (JSC::Uint16WithFraction::operator<):
1352             - Compare two Uint16WithFractions.
1353         (JSC::Uint16WithFraction::floorAndSubtract):
1354             - Extract the integer portion of the number, and subtract it (clears the integer portion).
1355         (JSC::Uint16WithFraction::comparePoint5):
1356             - Compare to 0.5.
1357         (JSC::Uint16WithFraction::sumGreaterThanOne):
1358             - Passed a second Uint16WithFraction, returns true if the result of adding
1359               the two values would be greater than one.
1360         (JSC::Uint16WithFraction::isNormalized):
1361             - Used by ASSERTs to consistency check internal representation.
1362         (JSC::BigInteger::BigInteger):
1363             - helper class, unbounded integer value, used to convert the integer part
1364               of the number to a string.
1365         (JSC::BigInteger::divide):
1366             - Divide this value through by a uint32.
1367         (JSC::BigInteger::operator!):
1368             - test for zero.
1369         (JSC::toStringWithRadix):
1370             - Performs number to string conversion, with the given radix (2..36).
1371         (JSC::numberProtoFuncToString):
1372             - Changed to use toStringWithRadix.
1373
1374 2011-07-02  Gavin Barraclough  <barraclough@apple.com>
1375
1376         https://bugs.webkit.org/show_bug.cgi?id=63866
1377         DFG JIT - implement instanceof
1378
1379         Reviewed by Sam Weinig.
1380
1381         Add ops CheckHasInstance & InstanceOf to implement bytecodes
1382         op_check_has_instance & op_instanceof. This is an initial
1383         functional implementation, performance is a wash. We can
1384         follow up with changes to fuse the InstanceOf node with
1385         a subsequant branch, as we do with other comparisons.
1386
1387         * dfg/DFGByteCodeParser.cpp:
1388         (JSC::DFG::ByteCodeParser::parseBlock):
1389         * dfg/DFGJITCompiler.cpp:
1390         (JSC::DFG::JITCompiler::jitAssertIsCell):
1391         * dfg/DFGJITCompiler.h:
1392         (JSC::DFG::JITCompiler::jitAssertIsCell):
1393         * dfg/DFGNode.h:
1394         * dfg/DFGNonSpeculativeJIT.cpp:
1395         (JSC::DFG::NonSpeculativeJIT::compile):
1396         * dfg/DFGOperations.cpp:
1397         * dfg/DFGOperations.h:
1398         * dfg/DFGSpeculativeJIT.cpp:
1399         (JSC::DFG::SpeculativeJIT::compile):
1400
1401 2011-07-01  Oliver Hunt  <oliver@apple.com>
1402
1403         IE Web Workers demo crashes in JSC::SlotVisitor::visitChildren()
1404         https://bugs.webkit.org/show_bug.cgi?id=63732
1405
1406         Reviewed by Gavin Barraclough.
1407
1408         Initialise the memory at the head of the new storage so that
1409         GC is safe if triggered by reportExtraMemoryCost.
1410
1411         * runtime/JSArray.cpp:
1412         (JSC::JSArray::increaseVectorPrefixLength):
1413
1414 2011-07-01  Oliver Hunt  <oliver@apple.com>
1415
1416         GC sweep can occur before an object is completely initialised
1417         https://bugs.webkit.org/show_bug.cgi?id=63836
1418
1419         Reviewed by Gavin Barraclough.
1420
1421         In rare cases it's possible for a GC sweep to occur while a
1422         live, but not completely initialised object is on the stack.
1423         In such a case we may incorrectly choose to mark it, even
1424         though it has no children that need marking.
1425
1426         We resolve this by always zeroing out the structure of any
1427         value returned from JSCell::operator new(), and making the
1428         markstack tolerant of a null structure. 
1429
1430         * runtime/JSCell.h:
1431         (JSC::JSCell::JSCell::~JSCell):
1432         (JSC::JSCell::JSCell::operator new):
1433         * runtime/Structure.h:
1434         (JSC::MarkStack::internalAppend):
1435
1436 2011-07-01  Filip Pizlo  <fpizlo@apple.com>
1437
1438         Reviewed by Gavin Barraclough.
1439
1440         DFG non-speculative JIT always performs slow C calls for div and mod.
1441         https://bugs.webkit.org/show_bug.cgi?id=63684
1442
1443         * dfg/DFGNonSpeculativeJIT.cpp:
1444         (JSC::DFG::NonSpeculativeJIT::compile):
1445
1446 2011-07-01  Juan C. Montemayor  <jmont@apple.com>
1447
1448         Reviewed by Oliver Hunt.
1449
1450         Lexer error messages are currently appalling
1451         https://bugs.webkit.org/show_bug.cgi?id=63340
1452
1453         Added error messages for the Lexer. These messages will be displayed
1454         instead of the lexer error messages from the parser that are currently
1455         shown.
1456
1457         * parser/Lexer.cpp:
1458         (JSC::Lexer::getInvalidCharMessage):
1459         (JSC::Lexer::setCode):
1460         (JSC::Lexer::parseString):
1461         (JSC::Lexer::lex):
1462         (JSC::Lexer::clear):
1463         * parser/Lexer.h:
1464         (JSC::Lexer::getErrorMessage):
1465         (JSC::Lexer::setOffset):
1466         * parser/Parser.cpp:
1467         (JSC::Parser::parse):
1468
1469 2011-07-01  Jungshik Shin  <jshin@chromium.org>
1470
1471         Reviewed by Alexey Proskuryakov.
1472
1473         Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
1474         build files for ports not using ICU.
1475         Add icu/unicode/uscript.h for ports using ICU. It's taken from 
1476         ICU 3.6 (the version used on Mac OS 10.5)
1477
1478         http://bugs.webkit.org/show_bug.cgi?id=20797
1479
1480         * GNUmakefile.list.am:
1481         * JavaScriptCore.gypi:
1482         * icu/unicode/uscript.h: Added for UScriptCode enum.
1483         * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
1484         * wtf/unicode/icu/UnicodeIcu.h:
1485         * wtf/unicode/brew/UnicodeBrew.h:
1486         * wtf/unicode/glib/UnicodeGLib.h:
1487         * wtf/unicode/qt4/UnicodeQt4.h:
1488         * wtf/unicode/wince/UnicodeWinCE.h:
1489
1490 2011-07-01  Gavin Barraclough  <barraclough@apple.com>
1491
1492         Reviewed by Sam Weinig.
1493
1494         https://bugs.webkit.org/show_bug.cgi?id=63819
1495         Escaping of forwardslashes in strings incorrect if multiple exist.
1496
1497         The bug is in the parameters passed to a substring - should be
1498         start & length, but we're passing start & end indices!
1499
1500         * runtime/RegExpObject.cpp:
1501         (JSC::regExpObjectSource):
1502
1503 2011-07-01  Adam Roben  <aroben@apple.com>
1504
1505         Roll out r90194
1506         http://trac.webkit.org/changeset/90194
1507         https://bugs.webkit.org/show_bug.cgi?id=63778
1508
1509         Fixes <http://webkit.org/b/63812> REGRESSION (r90194): Multiple tests intermittently failing
1510         assertions in WriteBarrierBase<JSC::Structure>::get
1511
1512         * runtime/JSCell.h:
1513         (JSC::JSCell::JSCell::~JSCell):
1514
1515 2011-06-30  Oliver Hunt  <oliver@apple.com>
1516
1517         Reviewed by Gavin Barraclough.
1518
1519         Add optimised paths for a few maths functions
1520         https://bugs.webkit.org/show_bug.cgi?id=63757
1521
1522         Relanding as a Mac only patch.
1523
1524         This adds specialised thunks for Math.abs, Math.round, Math.ceil,
1525         Math.floor, Math.log, and Math.exp as they are apparently more
1526         important in real web content than we thought, which is somewhat
1527         mind-boggling.  On average doubles the performance of the common
1528         cases (eg. actually passing numbers in).  They're not as efficient
1529         as they could be, but this way gives them the most portability.
1530
1531         * assembler/MacroAssemblerARM.h:
1532         (JSC::MacroAssemblerARM::supportsDoubleBitops):
1533         (JSC::MacroAssemblerARM::andnotDouble):
1534         * assembler/MacroAssemblerARMv7.h:
1535         (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
1536         (JSC::MacroAssemblerARMv7::andnotDouble):
1537         * assembler/MacroAssemblerMIPS.h:
1538         (JSC::MacroAssemblerMIPS::andnotDouble):
1539         (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
1540         * assembler/MacroAssemblerSH4.h:
1541         (JSC::MacroAssemblerSH4::supportsDoubleBitops):
1542         (JSC::MacroAssemblerSH4::andnotDouble):
1543         * assembler/MacroAssemblerX86.h:
1544         (JSC::MacroAssemblerX86::supportsDoubleBitops):
1545         * assembler/MacroAssemblerX86Common.h:
1546         (JSC::MacroAssemblerX86Common::andnotDouble):
1547         * assembler/MacroAssemblerX86_64.h:
1548         (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
1549         * assembler/X86Assembler.h:
1550         (JSC::X86Assembler::andnpd_rr):
1551         * create_hash_table:
1552         * jit/SpecializedThunkJIT.h:
1553         (JSC::SpecializedThunkJIT::finalize):
1554         (JSC::SpecializedThunkJIT::callDoubleToDouble):
1555         * jit/ThunkGenerators.cpp:
1556         (JSC::floorThunkGenerator):
1557         (JSC::ceilThunkGenerator):
1558         (JSC::roundThunkGenerator):
1559         (JSC::expThunkGenerator):
1560         (JSC::logThunkGenerator):
1561         (JSC::absThunkGenerator):
1562         * jit/ThunkGenerators.h:
1563
1564 2011-07-01  David Kilzer  <ddkilzer@apple.com>
1565
1566         <http://webkit.org/b/63814> Fix clang build error in JITOpcodes32_64.cpp
1567
1568         Fixes the following build error in clang:
1569
1570             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:9-741:35}: error: operator '?:' has lower precedence than '+'; '+' will be evaluated first [-Werror,-Wparentheses,3]
1571                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
1572                      ~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
1573             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36: note: place parentheses around the '+' expression to silence this warning [3]
1574                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
1575                                                 ^
1576                      (                         )
1577             fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:9-741:9}:"("
1578             fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:35-741:35}:")"
1579             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:28-741:94}: note: place parentheses around the '?:' expression to evaluate it first [3]
1580                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
1581                                         ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1582             1 error generated.
1583
1584         * jit/JITOpcodes32_64.cpp:
1585         (JSC::JIT::emit_op_resolve_global): Add parenthesis to make the
1586         tertiary expression evaluate first.
1587
1588 2011-07-01  Sheriff Bot  <webkit.review.bot@gmail.com>
1589
1590         Unreviewed, rolling out r90177 and r90179.
1591         http://trac.webkit.org/changeset/90177
1592         http://trac.webkit.org/changeset/90179
1593         https://bugs.webkit.org/show_bug.cgi?id=63790
1594
1595         It caused crashes on Qt in debug mode (Requested by Ossy on
1596         #webkit).
1597
1598         * assembler/MacroAssemblerARM.h:
1599         (JSC::MacroAssemblerARM::rshift32):
1600         (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
1601         (JSC::MacroAssemblerARM::sqrtDouble):
1602         * assembler/MacroAssemblerARMv7.h:
1603         (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
1604         (JSC::MacroAssemblerARMv7::sqrtDouble):
1605         * assembler/MacroAssemblerMIPS.h:
1606         (JSC::MacroAssemblerMIPS::sqrtDouble):
1607         (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
1608         * assembler/MacroAssemblerSH4.h:
1609         (JSC::MacroAssemblerSH4::sqrtDouble):
1610         * assembler/MacroAssemblerX86.h:
1611         * assembler/MacroAssemblerX86Common.h:
1612         * assembler/MacroAssemblerX86_64.h:
1613         * assembler/X86Assembler.h:
1614         * create_hash_table:
1615         * jit/JSInterfaceJIT.h:
1616         (JSC::JSInterfaceJIT::emitLoadDouble):
1617         * jit/SpecializedThunkJIT.h:
1618         (JSC::SpecializedThunkJIT::finalize):
1619         * jit/ThunkGenerators.cpp:
1620         * jit/ThunkGenerators.h:
1621
1622 2011-06-30  Oliver Hunt  <oliver@apple.com>
1623
1624         Reviewed by Beth Dakin.
1625
1626         Make GC validation clear cell structure on destruction
1627         https://bugs.webkit.org/show_bug.cgi?id=63778
1628
1629         * runtime/JSCell.h:
1630         (JSC::JSCell::JSCell::~JSCell):
1631
1632 2011-06-30  Geoffrey Garen  <ggaren@apple.com>
1633
1634         Reviewed by Gavin Barraclough.
1635
1636         Added write barrier that was missing from put_by_id_transition
1637         https://bugs.webkit.org/show_bug.cgi?id=63775
1638
1639         * dfg/DFGJITCodeGenerator.cpp:
1640         (JSC::DFG::JITCodeGenerator::writeBarrier): Made this static with a
1641         MacroAssembler& argument so our patching functions could use it.
1642
1643         (JSC::DFG::JITCodeGenerator::cachedPutById):
1644         * dfg/DFGJITCodeGenerator.h:
1645         * dfg/DFGNonSpeculativeJIT.cpp:
1646         (JSC::DFG::NonSpeculativeJIT::compile): Updated for signature change.
1647
1648         * dfg/DFGRepatch.cpp:
1649         (JSC::DFG::tryCachePutByID): Missing barrier!
1650
1651         * dfg/DFGSpeculativeJIT.cpp:
1652         (JSC::DFG::SpeculativeJIT::compile): Updated for signature change.
1653
1654         * jit/JITPropertyAccess.cpp:
1655         (JSC::JIT::privateCompilePutByIdTransition):
1656         * jit/JITPropertyAccess32_64.cpp:
1657         (JSC::JIT::privateCompilePutByIdTransition):
1658         * jit/JSInterfaceJIT.h: Same game here. Removed storePtrWithWriteBarrier
1659         because its meaning isn't clear -- maybe in the future we'll have a
1660         clear way to pass all stores through a common function that guarantees
1661         a write barrier, but that's not the case right now.
1662
1663 2011-06-30  Filip Pizlo  <fpizlo@apple.com>
1664
1665         Reviewed by Gavin Barraclough.
1666
1667         DFG non-speculative JIT does not reuse registers when compiling comparisons.
1668         https://bugs.webkit.org/show_bug.cgi?id=63565
1669
1670         * dfg/DFGNonSpeculativeJIT.cpp:
1671         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1672         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1673         (JSC::DFG::NonSpeculativeJIT::compare):
1674
1675 2011-06-30  Geoffrey Garen  <ggaren@apple.com>
1676
1677         Reviewed by Gavin Barraclough.
1678
1679         Added empty write barrier stubs in all the right places in the DFG JIT
1680         https://bugs.webkit.org/show_bug.cgi?id=63764
1681         
1682         SunSpider thinks this might be a 0.5% speedup. Meh.
1683
1684         * dfg/DFGJITCodeGenerator.cpp:
1685         (JSC::DFG::JITCodeGenerator::writeBarrier): Le stub.
1686
1687         (JSC::DFG::JITCodeGenerator::cachedPutById): Don't do anything special
1688         for the case where base == scratch, since we now require base and scratch
1689         to be not equal, for the sake of the write barrier.
1690
1691         * dfg/DFGJITCodeGenerator.h: Le stub.
1692
1693         * dfg/DFGNonSpeculativeJIT.cpp:
1694         (JSC::DFG::NonSpeculativeJIT::compile): Don't reuse the base register
1695         as the scratch register, since that's incompatible with the write barrier,
1696         which needs a distinct base and scratch.
1697         
1698         Do put the global object into a register before loading its var storage,
1699         since it needs to be in a register for the write barrier to operate on it.
1700
1701         * dfg/DFGSpeculativeJIT.cpp:
1702         (JSC::DFG::SpeculativeJIT::compile):
1703         * jit/JITPropertyAccess.cpp:
1704         (JSC::JIT::emitWriteBarrier): Second verse, same as the first.
1705
1706         * jit/JITPropertyAccess.cpp:
1707         (JSC::JIT::emit_op_get_scoped_var):
1708         (JSC::JIT::emit_op_put_scoped_var):
1709         (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
1710         places.
1711
1712         (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
1713         is a little more than meaningless.
1714
1715         * jit/JITPropertyAccess32_64.cpp:
1716         (JSC::JIT::emit_op_get_scoped_var):
1717         (JSC::JIT::emit_op_put_scoped_var):
1718         (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
1719         places.
1720
1721         (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
1722         is a little more than meaningless.
1723
1724         * runtime/JSVariableObject.h:
1725         (JSC::JSVariableObject::offsetOfRegisters): Now used by the JIT, since
1726         we put the global object in a register and only then load its var storage
1727         by offset.
1728
1729         (JSC::JIT::emitWriteBarrier):
1730
1731 2011-06-30  Oliver Hunt  <oliver@apple.com>
1732
1733         Fix ARMv6 build
1734
1735         * assembler/MacroAssemblerARM.h:
1736         (JSC::MacroAssemblerARM::rshift32):
1737
1738 2011-06-30  Oliver Hunt  <oliver@apple.com>
1739
1740         Reviewed by Gavin Barraclough.
1741
1742         Add optimised paths for a few maths functions
1743         https://bugs.webkit.org/show_bug.cgi?id=63757
1744
1745         This adds specialised thunks for Math.abs, Math.round, Math.ceil,
1746         Math.floor, Math.log, and Math.exp as they are apparently more
1747         important in real web content than we thought, which is somewhat
1748         mind-boggling.  On average doubles the performance of the common
1749         cases (eg. actually passing numbers in).  They're not as efficient
1750         as they could be, but this way gives them the most portability.
1751
1752         * assembler/MacroAssemblerARM.h:
1753         (JSC::MacroAssemblerARM::supportsDoubleBitops):
1754         (JSC::MacroAssemblerARM::andnotDouble):
1755         * assembler/MacroAssemblerARMv7.h:
1756         (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
1757         (JSC::MacroAssemblerARMv7::andnotDouble):
1758         * assembler/MacroAssemblerMIPS.h:
1759         (JSC::MacroAssemblerMIPS::andnotDouble):
1760         (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
1761         * assembler/MacroAssemblerSH4.h:
1762         (JSC::MacroAssemblerSH4::supportsDoubleBitops):
1763         (JSC::MacroAssemblerSH4::andnotDouble):
1764         * assembler/MacroAssemblerX86.h:
1765         (JSC::MacroAssemblerX86::supportsDoubleBitops):
1766         * assembler/MacroAssemblerX86Common.h:
1767         (JSC::MacroAssemblerX86Common::andnotDouble):
1768         * assembler/MacroAssemblerX86_64.h:
1769         (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
1770         * assembler/X86Assembler.h:
1771         (JSC::X86Assembler::andnpd_rr):
1772         * create_hash_table:
1773         * jit/SpecializedThunkJIT.h:
1774         (JSC::SpecializedThunkJIT::finalize):
1775         (JSC::SpecializedThunkJIT::callDoubleToDouble):
1776         * jit/ThunkGenerators.cpp:
1777         (JSC::floorThunkGenerator):
1778         (JSC::ceilThunkGenerator):
1779         (JSC::roundThunkGenerator):
1780         (JSC::expThunkGenerator):
1781         (JSC::logThunkGenerator):
1782         (JSC::absThunkGenerator):
1783         * jit/ThunkGenerators.h:
1784
1785 2011-06-30  Cary Clark  <caryclark@google.com>
1786
1787         Reviewed by James Robinson.
1788
1789         Use Skia if Skia on Mac Chrome is enabled
1790         https://bugs.webkit.org/show_bug.cgi?id=62999
1791
1792         * wtf/Platform.h:
1793         Add switch to use Skia if, externally,
1794         Skia has been enabled by a gyp define.
1795
1796 2011-06-30  Juan C. Montemayor  <jmont@apple.com>
1797
1798         Reviewed by Geoffrey Garen.
1799
1800         Web Inspector fails to display source for eval with syntax error
1801         https://bugs.webkit.org/show_bug.cgi?id=63583
1802
1803         Web Inspector now displays a link to an eval statement that contains
1804         a syntax error.
1805
1806         * parser/Parser.h:
1807         (JSC::isEvalNode):
1808         (JSC::EvalNode):
1809         (JSC::Parser::parse):
1810
1811 2011-06-30  Filip Pizlo  <fpizlo@apple.com>
1812
1813         Reviewed by Gavin Barraclough.
1814
1815         X86Assembler does not encode byte registers in 64-bit mode correctly.
1816         https://bugs.webkit.org/show_bug.cgi?id=63665
1817
1818         * assembler/X86Assembler.h:
1819         (JSC::X86Assembler::testb_rr):
1820         (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
1821
1822 2011-06-30  Sheriff Bot  <webkit.review.bot@gmail.com>
1823
1824         Unreviewed, rolling out r90102.
1825         http://trac.webkit.org/changeset/90102
1826         https://bugs.webkit.org/show_bug.cgi?id=63714
1827
1828         Lots of tests asserting beneath
1829         SVGSMILElement::findInstanceTime (Requested by aroben on
1830         #webkit).
1831
1832         * wtf/StdLibExtras.h:
1833         (WTF::binarySearch):
1834
1835 2011-06-30  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
1836
1837         Reviewed by Nikolas Zimmermann.
1838
1839         Speed up SVGSMILElement::findInstanceTime.
1840         https://bugs.webkit.org/show_bug.cgi?id=61025
1841
1842         Add a new parameter to StdlibExtras.h::binarySerarch function
1843         to also handle cases when the array does not contain the key value.
1844         This is needed for an svg function.
1845
1846         * wtf/StdLibExtras.h:
1847         (WTF::binarySearch):
1848
1849 2011-06-29  Gavin Barraclough  <barraclough@apple.com>
1850
1851         Reviewed by Geoff Garen.
1852
1853         https://bugs.webkit.org/show_bug.cgi?id=63669
1854         DFG JIT - fix spectral-norm regression
1855
1856         The problem is a mis-speculation leading to us falling off the speculative path.
1857         Make the speculation logic slightly smarter, don't predict int if one of the
1858         operands is already loaded as a double (we use this logic already for compares).
1859
1860         * dfg/DFGSpeculativeJIT.cpp:
1861         (JSC::DFG::SpeculativeJIT::compile):
1862         * dfg/DFGSpeculativeJIT.h:
1863         (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
1864
1865 2011-06-29  Filip Pizlo  <fpizlo@apple.com>
1866
1867         Reviewed by Gavin Barraclough.
1868
1869         DFG JIT does not do put_by_id transition caching.
1870         https://bugs.webkit.org/show_bug.cgi?id=63662
1871
1872         * dfg/DFGJITCodeGenerator.cpp:
1873         (JSC::DFG::JITCodeGenerator::cachedPutById):
1874         * dfg/DFGJITCompiler.h:
1875         (JSC::DFG::JITCompiler::addPropertyAccess):
1876         * dfg/DFGRepatch.cpp:
1877         (JSC::DFG::testPrototype):
1878         (JSC::DFG::tryCachePutByID):
1879
1880 2011-06-29  Geoffrey Garen  <ggaren@apple.com>
1881
1882         Reviewed by Oliver Hunt.
1883
1884         Added a dummy write barrier emitting function in all the right places in the old JIT
1885         https://bugs.webkit.org/show_bug.cgi?id=63667
1886         
1887         SunSpider reports no change.
1888
1889         * jit/JIT.h:
1890         * jit/JITPropertyAccess.cpp:
1891         (JSC::JIT::emit_op_put_by_id):
1892         (JSC::JIT::emit_op_put_scoped_var): Do it.
1893
1894         (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
1895         for the sake of the write barrier.
1896
1897         (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
1898
1899         * jit/JITPropertyAccess32_64.cpp:
1900         (JSC::JIT::emit_op_put_by_val):
1901         (JSC::JIT::emit_op_put_by_id):
1902         (JSC::JIT::emit_op_put_scoped_var): Do it.
1903
1904         (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
1905         for the sake of the write barrier.
1906
1907         (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
1908
1909 2011-06-29  Filip Pizlo  <fpizlo@apple.com>
1910
1911         Reviewed by Gavin Barraclough.
1912
1913         DFG JIT does not perform get_by_id self list caching.
1914         https://bugs.webkit.org/show_bug.cgi?id=63605
1915
1916         * bytecode/StructureStubInfo.h:
1917         * dfg/DFGJITCompiler.cpp:
1918         (JSC::DFG::JITCompiler::compileFunction):
1919         * dfg/DFGOperations.cpp:
1920         * dfg/DFGOperations.h:
1921         * dfg/DFGRepatch.cpp:
1922         (JSC::DFG::tryCacheGetByID):
1923         (JSC::DFG::tryBuildGetByIDList):
1924         (JSC::DFG::dfgBuildGetByIDList):
1925         * dfg/DFGRepatch.h:
1926
1927 2011-06-28  Filip Pizlo  <fpizlo@apple.com>
1928
1929         Reviewed by Gavin Barraclough.
1930
1931         DFG JIT lacks array.length caching.
1932         https://bugs.webkit.org/show_bug.cgi?id=63505
1933
1934         * bytecode/StructureStubInfo.h:
1935         * dfg/DFGJITCodeGenerator.cpp:
1936         (JSC::DFG::JITCodeGenerator::cachedGetById):
1937         (JSC::DFG::JITCodeGenerator::cachedPutById):
1938         * dfg/DFGJITCodeGenerator.h:
1939         (JSC::DFG::JITCodeGenerator::tryAllocate):
1940         (JSC::DFG::JITCodeGenerator::selectScratchGPR):
1941         (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
1942         * dfg/DFGJITCompiler.cpp:
1943         (JSC::DFG::JITCompiler::compileFunction):
1944         * dfg/DFGJITCompiler.h:
1945         (JSC::DFG::JITCompiler::addPropertyAccess):
1946         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
1947         * dfg/DFGRegisterBank.h:
1948         (JSC::DFG::RegisterBank::tryAllocate):
1949         * dfg/DFGRepatch.cpp:
1950         (JSC::DFG::tryCacheGetByID):
1951
1952 2011-06-28  Pierre Rossi  <pierre.rossi@gmail.com>
1953
1954         Reviewed by Eric Seidel.
1955
1956         Warnings in JSC's JIT on 32 bit
1957         https://bugs.webkit.org/show_bug.cgi?id=63259
1958
1959         Fairly straightforward, just use ASSERT_JIT_OFFSET_UNUSED when it applies.
1960
1961         * jit/JITPropertyAccess32_64.cpp:
1962         (JSC::JIT::emit_op_method_check):
1963         (JSC::JIT::compileGetByIdHotPath):
1964         (JSC::JIT::emit_op_put_by_id):
1965
1966 2011-06-28  Sheriff Bot  <webkit.review.bot@gmail.com>
1967
1968         Unreviewed, rolling out r89968.
1969         http://trac.webkit.org/changeset/89968
1970         https://bugs.webkit.org/show_bug.cgi?id=63581
1971
1972         Broke chromium windows compile (Requested by jamesr on
1973         #webkit).
1974
1975         * wtf/Platform.h:
1976
1977 2011-06-28  Oliver Hunt  <oliver@apple.com>
1978
1979         Reviewed by Gavin Barraclough.
1980
1981         Fix sampling build
1982         https://bugs.webkit.org/show_bug.cgi?id=63579
1983
1984         Gets opcode sampling building again, doesn't seem to work alas
1985
1986         * bytecode/SamplingTool.cpp:
1987         (JSC::SamplingTool::notifyOfScope):
1988         * bytecode/SamplingTool.h:
1989         (JSC::SamplingTool::SamplingTool):
1990         * interpreter/Interpreter.cpp:
1991         (JSC::Interpreter::enableSampler):
1992         * runtime/Executable.h:
1993         (JSC::ScriptExecutable::ScriptExecutable):
1994
1995 2011-06-28  Cary Clark  <caryclark@google.com>
1996
1997         Reviewed by James Robinson.
1998
1999         Use Skia if Skia on Mac Chrome is enabled
2000         https://bugs.webkit.org/show_bug.cgi?id=62999
2001
2002         * wtf/Platform.h:
2003         Add switch to use Skia if, externally,
2004         Skia has been enabled by a gyp define.
2005
2006 2011-06-28  Oliver Hunt  <oliver@apple.com>
2007
2008         Reviewed by Gavin Barraclough.
2009
2010         ASSERT when launching debug builds with interpreter and jit enabled
2011         https://bugs.webkit.org/show_bug.cgi?id=63566
2012
2013         Add appropriate guards to the various Executable's memory reporting
2014         logic.
2015
2016         * runtime/Executable.cpp:
2017         (JSC::EvalExecutable::compileInternal):
2018         (JSC::ProgramExecutable::compileInternal):
2019         (JSC::FunctionExecutable::compileForCallInternal):
2020         (JSC::FunctionExecutable::compileForConstructInternal):
2021
2022 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
2023
2024         Reviewed by Oliver Hunt.
2025
2026         https://bugs.webkit.org/show_bug.cgi?id=63563
2027         DFG JIT - add support for double arith to speculative path
2028
2029         Add integer support for div & mod, add double support for div, mod,
2030         add, sub & mul, dynamically selecting based on operand types.
2031
2032         * dfg/DFGJITCodeGenerator.cpp:
2033         (JSC::DFG::FPRTemporary::FPRTemporary):
2034         * dfg/DFGJITCodeGenerator.h:
2035         * dfg/DFGJITCompiler.h:
2036         (JSC::DFG::JITCompiler::assembler):
2037         * dfg/DFGSpeculativeJIT.cpp:
2038         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2039         (JSC::DFG::SpeculativeJIT::compile):
2040         * dfg/DFGSpeculativeJIT.h:
2041         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
2042         (JSC::DFG::SpeculateDoubleOperand::~SpeculateDoubleOperand):
2043         (JSC::DFG::SpeculateDoubleOperand::index):
2044         (JSC::DFG::SpeculateDoubleOperand::fpr):
2045
2046 2011-06-28  Oliver Hunt  <oliver@apple.com>
2047
2048         Fix interpreter build.
2049
2050         * interpreter/Interpreter.cpp:
2051         (JSC::Interpreter::privateExecute):
2052
2053 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
2054
2055         Reviewed by Oliver Hunt.
2056
2057         https://bugs.webkit.org/show_bug.cgi?id=63561
2058         DFG JIT - don't always assume integer in relational compare
2059
2060         If neither operand is known integer, or either is in double representation,
2061         then at least use a function call (don't bail off the speculative path).
2062
2063         * dfg/DFGSpeculativeJIT.cpp:
2064         (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
2065         (JSC::DFG::SpeculativeJIT::compile):
2066         * dfg/DFGSpeculativeJIT.h:
2067         (JSC::DFG::SpeculativeJIT::isDataFormatDouble):
2068         (JSC::DFG::SpeculativeJIT::compareIsInteger):
2069
2070 2011-06-28  Oliver Hunt  <oliver@apple.com>
2071
2072         Reviewed by Gavin Barraclough.
2073
2074         Make constant array optimisation less strict about what constitutes a constant
2075         https://bugs.webkit.org/show_bug.cgi?id=63554
2076
2077         Now allow string constants in array literals to actually be considered constant,
2078         and so avoid codegen in array literals with strings in them.
2079
2080         * bytecode/CodeBlock.h:
2081         (JSC::CodeBlock::addConstantBuffer):
2082         (JSC::CodeBlock::constantBuffer):
2083         * bytecompiler/BytecodeGenerator.cpp:
2084         (JSC::BytecodeGenerator::addConstantBuffer):
2085         (JSC::BytecodeGenerator::addStringConstant):
2086         (JSC::BytecodeGenerator::emitNewArray):
2087         * bytecompiler/BytecodeGenerator.h:
2088         * interpreter/Interpreter.cpp:
2089         (JSC::Interpreter::privateExecute):
2090         * jit/JITStubs.cpp:
2091         (JSC::DEFINE_STUB_FUNCTION):
2092
2093 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
2094
2095         Reviewed by Oliver Hunt.
2096
2097         https://bugs.webkit.org/show_bug.cgi?id=63560
2098         DFG_JIT allow allocation of specific machine registers
2099
2100         This allow us to allocate the registers necessary to perform x86
2101         idiv instructions for div/mod, and may be useful for shifts, too.
2102
2103         * dfg/DFGJITCodeGenerator.cpp:
2104         (JSC::DFG::GPRTemporary::GPRTemporary):
2105         * dfg/DFGJITCodeGenerator.h:
2106         (JSC::DFG::JITCodeGenerator::allocate):
2107         (JSC::DFG::GPRResult::GPRResult):
2108         * dfg/DFGRegisterBank.h:
2109         (JSC::DFG::RegisterBank::allocateSpecific):
2110         * dfg/DFGSpeculativeJIT.h:
2111         (JSC::DFG::SpeculativeJIT::isInteger):
2112
2113 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
2114
2115         Reviewed by Oliver Hunt.
2116
2117         https://bugs.webkit.org/show_bug.cgi?id=55040
2118         RegExp constructor returns the argument regexp instead of a new object
2119
2120         Per 15.10.3.1, our current behaviour is correct if called as a function,
2121         but incorrect when called as a constructor.
2122
2123         * runtime/RegExpConstructor.cpp:
2124         (JSC::constructRegExp):
2125         (JSC::constructWithRegExpConstructor):
2126         * runtime/RegExpConstructor.h:
2127
2128 2011-06-28  Luke Macpherson   <macpherson@chromium.org>
2129
2130         Reviewed by Darin Adler.
2131
2132         Clean up integer clamping functions in MathExtras.h and support arbitrary numeric types and limits.
2133         https://bugs.webkit.org/show_bug.cgi?id=63469
2134
2135         * wtf/MathExtras.h:
2136         (defaultMinimumForClamp):
2137         Version of std::numeric_limits::min() that returns the largest negative value for floating point types.
2138         (defaultMaximumForClamp):
2139         Symmetric alias for std::numeric_limits::max()
2140         (clampTo):
2141         New templated clamping function that supports arbitrary output types.
2142         (clampToInteger):
2143         Use new clampTo template.
2144         (clampToFloat):
2145         Use new clampTo template.
2146         (clampToPositiveInteger):
2147         Use new clampTo template.
2148
2149 2011-06-28  Adam Roben  <aroben@apple.com>
2150
2151         Windows Debug build fix after r89885
2152
2153         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported
2154         JSGlobalData::releaseExecutableMemory for jsc.exe's benefit.
2155
2156 2011-06-28  Shinya Kawanaka  <shinyak@google.com>
2157
2158         Reviewed by Kent Tamura.
2159
2160         Add const to show() method in WTFString and AtomicString.
2161         https://bugs.webkit.org/show_bug.cgi?id=63515
2162
2163         The lack of const in show() method is painful when
2164         doing something like printf-debug.
2165
2166         * wtf/text/AtomicString.cpp:
2167         (WTF::AtomicString::show):
2168         * wtf/text/AtomicString.h:
2169         * wtf/text/WTFString.cpp:
2170         (String::show):
2171         * wtf/text/WTFString.h:
2172
2173 2011-06-27  Ryosuke Niwa  <rniwa@webkit.org>
2174
2175         Build fix attempt after r89885.
2176
2177         * JavaScriptCore.exp:
2178         * jsc.cpp:
2179
2180 2011-06-27  Oliver Hunt  <oliver@apple.com>
2181
2182         Reviewed by Geoffrey Garen.
2183
2184         Support throwing away non-running code even while other code is running
2185         https://bugs.webkit.org/show_bug.cgi?id=63485
2186
2187         Add a function to CodeBlock to support unlinking direct linked callsites,
2188         and then with that in place add logic to discard code from any function
2189         that is not currently on the stack.
2190
2191         The unlinking completely reverts any optimized call sites, such that they
2192         may be relinked again in future.
2193
2194         * JavaScriptCore.exp:
2195         * bytecode/CodeBlock.cpp:
2196         (JSC::CodeBlock::unlinkCalls):
2197         (JSC::CodeBlock::clearEvalCache):
2198         * bytecode/CodeBlock.h:
2199         (JSC::CallLinkInfo::CallLinkInfo):
2200         (JSC::CallLinkInfo::unlink):
2201         * bytecode/EvalCodeCache.h:
2202         (JSC::EvalCodeCache::clear):
2203         * heap/Heap.cpp:
2204         (JSC::Heap::getConservativeRegisterRoots):
2205         * heap/Heap.h:
2206         * jit/JIT.cpp:
2207         (JSC::JIT::privateCompile):
2208         * jit/JIT.h:
2209         * jit/JITCall.cpp:
2210         (JSC::JIT::compileOpCall):
2211         * jit/JITWriteBarrier.h:
2212         (JSC::JITWriteBarrierBase::clear):
2213         * jsc.cpp:
2214         (GlobalObject::GlobalObject):
2215         (functionReleaseExecutableMemory):
2216         * runtime/Executable.cpp:
2217         (JSC::EvalExecutable::unlinkCalls):
2218         (JSC::ProgramExecutable::unlinkCalls):
2219         (JSC::FunctionExecutable::discardCode):
2220         (JSC::FunctionExecutable::unlinkCalls):
2221         * runtime/Executable.h:
2222         * runtime/JSGlobalData.cpp:
2223         (JSC::SafeRecompiler::returnValue):
2224         (JSC::SafeRecompiler::operator()):
2225         (JSC::JSGlobalData::releaseExecutableMemory):
2226
2227 2011-06-27  Gavin Barraclough  <barraclough@apple.com>
2228
2229         Reviewed by Darin Adler & Oliver Hunt.
2230
2231         https://bugs.webkit.org/show_bug.cgi?id=50554
2232         RegExp.prototype.toString does not escape slashes
2233
2234         The problem here is that we don't escape forwards slashes when converting
2235         a RegExp to a string. This means that RegExp("/").toString() is "///",
2236         which is not a valid RegExp literal. Also, we return an invalid literal
2237         for RegExp.prototype.toString() ("//", which is an empty single-line comment).
2238
2239         From ES5:
2240         "NOTE: The returned String has the form of a RegularExpressionLiteral that
2241         evaluates to another RegExp object with the same behaviour as this object."
2242
2243         * runtime/RegExpObject.cpp:
2244         (JSC::regExpObjectSource):
2245             - Escape forward slashes when getting the source of a RegExp.
2246         * runtime/RegExpPrototype.cpp:
2247         (JSC::regExpProtoFuncToString):
2248             - Remove unnecessary and erroneous hack to return "//" as the string
2249             representation of RegExp.prototype. This is not a valid RegExp literal
2250             (it is an empty single-line comment).
2251
2252 2011-06-27  Gavin Barraclough  <barraclough@apple.com>
2253
2254         Reviewed by Oliver Hunt.
2255
2256         https://bugs.webkit.org/show_bug.cgi?id=63497
2257         Add DEBUG_WITH_BREAKPOINT support to the DFG JIT.
2258
2259         * dfg/DFGByteCodeParser.cpp:
2260         (JSC::DFG::ByteCodeParser::parseBlock):
2261         * dfg/DFGNode.h:
2262         * dfg/DFGNonSpeculativeJIT.cpp:
2263         (JSC::DFG::NonSpeculativeJIT::compile):
2264         * dfg/DFGSpeculativeJIT.cpp:
2265         (JSC::DFG::SpeculativeJIT::compile):
2266
2267 2011-06-27  Juan C. Montemayor  <jmont@apple.com>
2268
2269         Reviewed by Mark Rowe.
2270
2271         Indirectly including TextPosition.h and XPathGrammar.h causes compile errors
2272         https://bugs.webkit.org/show_bug.cgi?id=63392
2273         
2274         When both TextPosition.h and XPathGrammar.h are included a compile-error
2275         is caused, since XPathGrammar.h defines a macro called NUMBER and 
2276         TextPosition has a typedef named NUMBER.
2277
2278         * wtf/text/TextPosition.h:
2279         (WTF::TextPosition::TextPosition):
2280         (WTF::TextPosition::minimumPosition):
2281         (WTF::TextPosition::belowRangePosition):
2282
2283 2011-06-27  Filip Pizlo  <fpizlo@apple.com>
2284
2285         Reviewed by Gavin Barraclough.
2286
2287         DFG JIT does not perform put_by_id caching.
2288         https://bugs.webkit.org/show_bug.cgi?id=63409
2289
2290         * bytecode/StructureStubInfo.h:
2291         * dfg/DFGJITCodeGenerator.cpp:
2292         (JSC::DFG::JITCodeGenerator::cachedPutById):
2293         * dfg/DFGJITCodeGenerator.h:
2294         * dfg/DFGJITCompiler.cpp:
2295         (JSC::DFG::JITCompiler::compileFunction):
2296         * dfg/DFGJITCompiler.h:
2297         (JSC::DFG::JITCompiler::addPropertyAccess):
2298         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
2299         * dfg/DFGNonSpeculativeJIT.cpp:
2300         (JSC::DFG::NonSpeculativeJIT::compile):
2301         * dfg/DFGOperations.cpp:
2302         * dfg/DFGOperations.h:
2303         * dfg/DFGRepatch.cpp:
2304         (JSC::DFG::dfgRepatchByIdSelfAccess):
2305         (JSC::DFG::tryCacheGetByID):
2306         (JSC::DFG::appropriatePutByIdFunction):
2307         (JSC::DFG::tryCachePutByID):
2308         (JSC::DFG::dfgRepatchPutByID):
2309         * dfg/DFGRepatch.h:
2310         * dfg/DFGSpeculativeJIT.cpp:
2311         (JSC::DFG::SpeculativeJIT::compile):
2312
2313 2011-06-27  Gustavo Noronha Silva  <gns@gnome.org>
2314
2315         Unreviewed build fix. One more filed missing during distcheck, for
2316         the MIPS build.
2317
2318         * GNUmakefile.list.am:
2319
2320 2011-06-26  Filip Pizlo  <fpizlo@apple.com>
2321
2322         Reviewed by Gavin Barraclough.
2323
2324         DFG non-speculative JIT has potentially harmful speculations with respect to arithmetic operations.
2325         https://bugs.webkit.org/show_bug.cgi?id=63347
2326
2327         * dfg/DFGNonSpeculativeJIT.cpp:
2328             - Changed arithmetic operations to speculate in favor of integers.
2329         (JSC::DFG::NonSpeculativeJIT::valueToNumber):
2330         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
2331         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
2332         (JSC::DFG::NonSpeculativeJIT::compile):
2333         * dfg/DFGNonSpeculativeJIT.h:
2334         * dfg/DFGOperations.cpp:
2335             - Added slow-path routines for arithmetic that perform no speculation; the
2336               non-speculative JIT will generate calls to these in cases where its
2337               speculation fails.
2338         * dfg/DFGOperations.h:
2339
2340 2011-06-24  Nikolas Zimmermann  <nzimmermann@rim.com>
2341
2342         Reviewed by Rob Buis.
2343
2344         Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
2345         https://bugs.webkit.org/show_bug.cgi?id=59085
2346
2347         * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
2348
2349 2011-06-24  Michael Saboff  <msaboff@apple.com>
2350
2351         Reviewed by Gavin Barraclough.
2352
2353         Arm Assembler, Immediate stack offset values truncated to 8 bits for add & sub
2354         https://bugs.webkit.org/show_bug.cgi?id=63345
2355
2356         The methods ARMThumbImmediate::getUInt9 and ARMThumbImmediate::getUInt10
2357         return 9 and 10 bit quantities, therefore changed their return type from
2358         uint8_t to uint16_t.  Also casted the places where they are used as they
2359         are currently shifted and used as 7 or 8 bit values.
2360
2361         These methods are currently used for literals for stack offsets, 
2362         including creating and destroying stack frames.  The prior truncation of
2363         the upper bits caused stack frames to be too small, thus allowing a
2364         JIT'ed function to access and overwrite stack space outside of the
2365         incorrectly sized stack frame.
2366
2367         * assembler/ARMv7Assembler.h:
2368         (JSC::ARMThumbImmediate::getUInt9):
2369         (JSC::ARMThumbImmediate::getUInt10):
2370         (JSC::ARMv7Assembler::add):
2371         (JSC::ARMv7Assembler::ldr):
2372         (JSC::ARMv7Assembler::str):
2373         (JSC::ARMv7Assembler::sub):
2374         (JSC::ARMv7Assembler::sub_S):
2375
2376 2011-06-24  Michael Saboff  <msaboff@apple.com>
2377
2378         Reviewed by Geoffrey Garen.
2379
2380         releaseFastMallocFreeMemory doesn't adjust free counts for scavenger
2381         https://bugs.webkit.org/show_bug.cgi?id=63015
2382
2383         Added code to adjust class TCMalloc_PageHeap variables free_committed_pages_ and
2384         min_free_committed_pages_since_last_scavenge_ in ReleaseFreeList().  These 
2385         adjustments are a bug.  These need to reflect the pages that are released
2386         in ReleaseFreeLsit so that scavenge doesn't try to free that many pages as well.
2387         Made ReleaseFreeList a member of TCMalloc_PageHeap in the process.  Updated
2388         Check() and helper method CheckList() to check the number of actual free pages
2389         with free_committed_pages_.
2390
2391         The symptom of the problem of the existing code is that the scavenger may
2392         run unneccesarily without any real work to do, i.e. pages on the free lists.
2393         The scanvenger would also end up freeing too many pages, that is going below 
2394         the current 528 target free pages.
2395
2396         Note that the style of the changes was kept consistent with the
2397         existing style.
2398
2399         * wtf/FastMalloc.cpp:
2400         (WTF::TCMalloc_PageHeap::Check):
2401         (WTF::TCMalloc_PageHeap::CheckList):
2402         (WTF::TCMalloc_PageHeap::ReleaseFreeList):
2403
2404 2011-06-24  Abhishek Arya  <inferno@chromium.org>
2405
2406         Reviewed by Darin Adler.
2407
2408         Match other clampTo* functions in style with clampToInteger(float)
2409         function.
2410         https://bugs.webkit.org/show_bug.cgi?id=53449
2411
2412         * wtf/MathExtras.h:
2413         (clampToInteger):
2414         (clampToFloat):
2415         (clampToPositiveInteger):
2416
2417 2011-06-24  Sheriff Bot  <webkit.review.bot@gmail.com>
2418
2419         Unreviewed, rolling out r89594.
2420         http://trac.webkit.org/changeset/89594
2421         https://bugs.webkit.org/show_bug.cgi?id=63316
2422
2423         It broke 5 tests on the Qt bot (Requested by Ossy_DC on
2424         #webkit).
2425
2426         * GNUmakefile.list.am:
2427         * JavaScriptCore.gypi:
2428         * icu/unicode/uscript.h: Removed.
2429         * wtf/unicode/ScriptCodesFromICU.h: Removed.
2430         * wtf/unicode/brew/UnicodeBrew.h:
2431         * wtf/unicode/glib/UnicodeGLib.h:
2432         * wtf/unicode/icu/UnicodeIcu.h:
2433         * wtf/unicode/qt4/UnicodeQt4.h:
2434         * wtf/unicode/wince/UnicodeWinCE.h:
2435
2436 2011-06-23  Filip Pizlo  <fpizlo@apple.com>
2437
2438         Reviewed by Gavin Barraclough.
2439
2440         DFG non-speculative JIT should have obvious optimizations for GetById and GetByVal
2441         https://bugs.webkit.org/show_bug.cgi?id=63173
2442
2443         * dfg/DFGJITCodeGenerator.cpp:
2444         (JSC::DFG::JITCodeGenerator::cachedGetById):
2445         * dfg/DFGJITCodeGenerator.h:
2446         * dfg/DFGNonSpeculativeJIT.cpp:
2447         (JSC::DFG::NonSpeculativeJIT::compile):
2448         * dfg/DFGSpeculativeJIT.cpp:
2449         (JSC::DFG::SpeculativeJIT::compile):
2450
2451 2011-06-23  Oliver Hunt  <oliver@apple.com>
2452
2453         Fix Qt again.
2454
2455         * assembler/ARMAssembler.h:
2456         (JSC::ARMAssembler::readPointer):
2457
2458 2011-06-23  Oliver Hunt  <oliver@apple.com>
2459
2460         Fix Qt Build
2461
2462         * assembler/ARMAssembler.h:
2463         (JSC::ARMAssembler::readPointer):
2464
2465 2011-06-23  Stephanie Lewis  <slewis@apple.com>
2466
2467         Reviewed by Darin Adler.
2468
2469         https://bugs.webkit.org/show_bug.cgi?id=63298
2470         Replace Malloc with FastMalloc to match the rest of wtf.
2471
2472         * wtf/BlockStack.h:
2473         (WTF::::~BlockStack):
2474         (WTF::::grow):
2475         (WTF::::shrink):
2476
2477 2011-06-23  Oliver Hunt  <oliver@apple.com>
2478
2479         Reviewed by Gavin Barraclough.
2480
2481         Add the ability to dynamically modify linked call sites
2482         https://bugs.webkit.org/show_bug.cgi?id=63291
2483
2484         Add JITWriteBarrier as a writebarrier class that allows
2485         reading and writing directly into the code stream.
2486
2487         This required adding logic to all the assemblers to allow
2488         us to read values back out of the instruction stream.
2489
2490         * JavaScriptCore.xcodeproj/project.pbxproj:
2491         * assembler/ARMAssembler.h:
2492         (JSC::ARMAssembler::readPointer):
2493         * assembler/ARMv7Assembler.h:
2494         (JSC::ARMv7Assembler::readPointer):
2495         (JSC::ARMv7Assembler::readInt32):
2496         (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmFirst):
2497         (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmSecond):
2498         * assembler/AbstractMacroAssembler.h:
2499         (JSC::AbstractMacroAssembler::readPointer):
2500         * assembler/MIPSAssembler.h:
2501         (JSC::MIPSAssembler::readInt32):
2502         (JSC::MIPSAssembler::readPointer):
2503         * assembler/MacroAssemblerCodeRef.h:
2504         (JSC::MacroAssemblerCodePtr::operator!):
2505         * assembler/SH4Assembler.h:
2506         (JSC::SH4Assembler::readPCrelativeAddress):
2507         (JSC::SH4Assembler::readPointer):
2508         (JSC::SH4Assembler::readInt32):
2509         * assembler/X86Assembler.h:
2510         (JSC::X86Assembler::readPointer):
2511         * bytecode/CodeBlock.cpp:
2512         (JSC::CodeBlock::visitAggregate):
2513         * bytecode/CodeBlock.h:
2514         (JSC::MethodCallLinkInfo::seenOnce):
2515         (JSC::MethodCallLinkInfo::setSeen):
2516         * heap/MarkStack.h:
2517         * jit/JIT.cpp:
2518         (JSC::JIT::privateCompile):
2519         (JSC::JIT::linkCall):
2520         (JSC::JIT::linkConstruct):
2521         * jit/JITPropertyAccess.cpp:
2522         (JSC::JIT::patchMethodCallProto):
2523         * jit/JITPropertyAccess32_64.cpp:
2524         * jit/JITWriteBarrier.h: Added.
2525         (JSC::JITWriteBarrierBase::operator UnspecifiedBoolType*):
2526         (JSC::JITWriteBarrierBase::operator!):
2527         (JSC::JITWriteBarrierBase::setFlagOnBarrier):
2528         (JSC::JITWriteBarrierBase::isFlagged):
2529         (JSC::JITWriteBarrierBase::setLocation):
2530         (JSC::JITWriteBarrierBase::location):
2531         (JSC::JITWriteBarrierBase::JITWriteBarrierBase):
2532         (JSC::JITWriteBarrierBase::set):
2533         (JSC::JITWriteBarrierBase::get):
2534         (JSC::JITWriteBarrier::JITWriteBarrier):
2535         (JSC::JITWriteBarrier::set):
2536         (JSC::JITWriteBarrier::get):
2537         (JSC::MarkStack::append):
2538
2539 2011-06-23  Gavin Barraclough  <barraclough@apple.com>
2540
2541         Reviewed by Oliver Hunt.
2542
2543         https://bugs.webkit.org/show_bug.cgi?id=61585
2544         Crash running regexp /(?:(?=g))|(?:m).{2147483648,}/
2545
2546         This is due to use of int instead of unsigned, bad math around
2547         the 2^31 boundary.
2548
2549         * yarr/YarrInterpreter.cpp:
2550         (JSC::Yarr::ByteCompiler::emitDisjunction):
2551             - Change some uses of int to unsigned, refactor compare logic to
2552               restrict to the range 0..2^32-1 (rather than -2^32-1..2^32-1).
2553         * yarr/YarrJIT.cpp:
2554         (JSC::Yarr::YarrGenerator::generate):
2555         (JSC::Yarr::YarrGenerator::backtrack):
2556             - Ditto.
2557
2558 2011-06-22  Gavin Barraclough  <barraclough@apple.com>
2559
2560         Reviewed by Sam Weinig.
2561
2562         https://bugs.webkit.org/show_bug.cgi?id=63218
2563         DFG JIT - remove machine type guarantees from graph
2564
2565         The DFG JIT currently makes assumptions about the types of machine registers
2566         that certain nodes will be loaded into. This will be broken as we generate
2567         nodes to produce both integer and double code paths. Remove int<->double
2568         conversions nodes. This design decision also gave rise to multiple types of
2569         constant nodes, requiring separate handling for each type. Merge these back
2570         into JSConstant.
2571
2572         * dfg/DFGAliasTracker.h:
2573         (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
2574         * dfg/DFGByteCodeParser.cpp:
2575         (JSC::DFG::ByteCodeParser::getToInt32):
2576         (JSC::DFG::ByteCodeParser::getToNumber):
2577         (JSC::DFG::ByteCodeParser::toInt32):
2578         (JSC::DFG::ByteCodeParser::toNumber):
2579         (JSC::DFG::ByteCodeParser::isInt32Constant):
2580         (JSC::DFG::ByteCodeParser::isDoubleConstant):
2581         (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
2582         (JSC::DFG::ByteCodeParser::valueOfDoubleConstant):
2583         (JSC::DFG::ByteCodeParser::one):
2584         (JSC::DFG::ByteCodeParser::predictInt32):
2585         * dfg/DFGGraph.cpp:
2586         (JSC::DFG::Graph::dump):
2587         * dfg/DFGJITCodeGenerator.h:
2588         (JSC::DFG::JITCodeGenerator::silentFillGPR):
2589         (JSC::DFG::JITCodeGenerator::silentFillFPR):
2590         (JSC::DFG::JITCodeGenerator::isJSConstant):
2591         (JSC::DFG::JITCodeGenerator::isDoubleConstant):
2592         (JSC::DFG::JITCodeGenerator::valueOfJSConstantAsImmPtr):
2593         * dfg/DFGJITCompiler.cpp:
2594         (JSC::DFG::JITCompiler::fillNumericToDouble):
2595         (JSC::DFG::JITCompiler::fillInt32ToInteger):
2596         * dfg/DFGJITCompiler.h:
2597         (JSC::DFG::JITCompiler::isJSConstant):
2598         (JSC::DFG::JITCompiler::isInt32Constant):
2599         (JSC::DFG::JITCompiler::isDoubleConstant):
2600         (JSC::DFG::JITCompiler::valueOfJSConstant):
2601         (JSC::DFG::JITCompiler::valueOfInt32Constant):
2602         (JSC::DFG::JITCompiler::valueOfDoubleConstant):
2603         * dfg/DFGNode.h:
2604         (JSC::DFG::Node::Node):
2605         (JSC::DFG::Node::isConstant):
2606         (JSC::DFG::Node::notTakenBytecodeOffset):
2607         * dfg/DFGNonSpeculativeJIT.cpp:
2608         (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
2609         (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
2610         (JSC::DFG::NonSpeculativeJIT::compile):
2611         * dfg/DFGSpeculativeJIT.cpp:
2612         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
2613         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2614         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
2615         (JSC::DFG::SpeculativeJIT::compile):
2616
2617 2011-06-23  Jungshik Shin  <jshin@chromium.org>
2618
2619         Reviewed by Alexey Proskuryakov.
2620
2621         Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
2622         build files for ports not using ICU.
2623         Add icu/unicode/uscript.h for ports using ICU. It's taken from 
2624         ICU 3.6 (the version used on Mac OS 10.5)
2625
2626         http://bugs.webkit.org/show_bug.cgi?id=20797
2627
2628         * GNUmakefile.list.am:
2629         * JavaScriptCore.gypi:
2630         * icu/unicode/uscript.h: Added for UScriptCode enum.
2631         * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
2632         * wtf/unicode/icu/UnicodeIcu.h:
2633         * wtf/unicode/brew/UnicodeBrew.h:
2634         * wtf/unicode/glib/UnicodeGLib.h:
2635         * wtf/unicode/qt4/UnicodeQt4.h:
2636         * wtf/unicode/wince/UnicodeWinCE.h:
2637
2638 2011-06-23  Ryuan Choi  <ryuan.choi@samsung.com>
2639
2640         Reviewed by Andreas Kling.
2641
2642         [EFL][WK2] Add PLATFORM(EFL) to use UNIX_DOMAIN_SOCKETS.
2643         https://bugs.webkit.org/show_bug.cgi?id=63228
2644
2645         * wtf/Platform.h: Add PLATFORM(EFL) guard.
2646
2647 2011-06-23  Sheriff Bot  <webkit.review.bot@gmail.com>
2648
2649         Unreviewed, rolling out r89547.
2650         http://trac.webkit.org/changeset/89547
2651         https://bugs.webkit.org/show_bug.cgi?id=63252
2652
2653         "Chrmium crash on start" (Requested by yurys on #webkit).
2654
2655         * wtf/DynamicAnnotations.cpp:
2656         (WTFAnnotateBenignRaceSized):
2657         (WTFAnnotateHappensBefore):
2658         (WTFAnnotateHappensAfter):
2659         * wtf/DynamicAnnotations.h:
2660
2661 2011-06-23  Timur Iskhodzhanov  <timurrrr@google.com>
2662
2663         Reviewed by David Levin.
2664
2665         Make dynamic annotations weak symbols and prevent identical code folding by the linker
2666         https://bugs.webkit.org/show_bug.cgi?id=62443
2667
2668         * wtf/DynamicAnnotations.cpp:
2669         (WTFAnnotateBenignRaceSized):
2670         (WTFAnnotateHappensBefore):
2671         (WTFAnnotateHappensAfter):
2672         * wtf/DynamicAnnotations.h:
2673
2674 2011-06-22  Yael Aharon  <yael.aharon@nokia.com>
2675
2676         Reviewed by Andreas Kling.
2677
2678         [Qt] Add a build flag for building with libxml2 and libxslt.
2679         https://bugs.webkit.org/show_bug.cgi?id=63113
2680
2681         * wtf/Platform.h:
2682
2683 2011-06-22  Sheriff Bot  <webkit.review.bot@gmail.com>
2684
2685         Unreviewed, rolling out r89489.
2686         http://trac.webkit.org/changeset/89489
2687         https://bugs.webkit.org/show_bug.cgi?id=63203
2688
2689         Broke chromium mac build on build.webkit.org (Requested by
2690         abarth on #webkit).
2691
2692         * wtf/Platform.h:
2693
2694 2011-06-22  Cary Clark  <caryclark@google.com>
2695
2696         Reviewed by Darin Fisher.
2697
2698         Use Skia if Skia on Mac Chrome is enabled
2699         https://bugs.webkit.org/show_bug.cgi?id=62999
2700
2701         * wtf/Platform.h:
2702         Add switch to use Skia if, externally,
2703         Skia has been enabled by a gyp define.
2704
2705 2011-06-22  Geoffrey Garen  <ggaren@apple.com>
2706
2707         Reviewed by Oliver Hunt.
2708
2709         * interpreter/RegisterFile.h: Removed unnecessary #include <stdio.h>.
2710
2711 2011-06-22  Geoffrey Garen  <ggaren@apple.com>
2712
2713         Reviewed by Oliver Hunt.
2714
2715         Removed the conceit that global variables are local variables when running global code
2716         https://bugs.webkit.org/show_bug.cgi?id=63106
2717         
2718         This is required for write barrier correctness.
2719         
2720         SunSpider reports about a 0.5% regression, mostly from bitops-bitwise-and.js.
2721         I was able to reduce the regression with a tiny peephole optimization in
2722         the bytecompiler, but not eliminate it. I'm committing this assuming
2723         that turning on generational GC will win back at least 0.5%.
2724
2725         (FWIW, the DFG JIT can easily eliminate any regression by sharing loads of
2726         the global object's var storage. I considered doing the same kind of
2727         optimization in the existing JIT, but it seemed like moving in the wrong
2728         direction.)
2729
2730         * bytecompiler/BytecodeGenerator.cpp:
2731         (JSC::BytecodeGenerator::addGlobalVar):
2732         (JSC::BytecodeGenerator::BytecodeGenerator): Don't give global variables
2733         negative indices, since they're no longer negatively offset from the
2734         current stack frame.
2735         
2736         Do give global variables monotonically increasing positive indices, since
2737         that's much easier to work with.
2738         
2739         Don't limit the number of optimizable global variables, since it's no
2740         longer limited by the register file, since they're no longer stored in
2741         the register file.
2742
2743         (JSC::BytecodeGenerator::registerFor): Global code never has any local
2744         registers because a var in global code is actually a property of the
2745         global object.
2746
2747         (JSC::BytecodeGenerator::constRegisterFor): Ditto.
2748
2749         (JSC::BytecodeGenerator::emitResolve): Did a tiny bit of constant
2750         propagation and dead code elimination to speed up our compiles and
2751         reduce WTFs / minute.
2752
2753         * bytecompiler/BytecodeGenerator.h:
2754         (JSC::BytecodeGenerator::registerFor): Removed special handling of globals.
2755
2756         (JSC::BytecodeGenerator::shouldOptimizeLocals): Don't optimize locals in
2757         global code, since there are none.
2758
2759         (JSC::BytecodeGenerator::canOptimizeNonLocals): Do optimize non-locals
2760         in global code (i.e., global vars), since there are some.
2761
2762         * interpreter/Interpreter.cpp:
2763         (JSC::Interpreter::callEval):
2764         (JSC::Interpreter::Interpreter):
2765         (JSC::Interpreter::dumpRegisters):
2766         (JSC::Interpreter::execute):
2767         * interpreter/Interpreter.h: Updated for deleted / renamed code.
2768
2769         * interpreter/RegisterFile.cpp:
2770         (JSC::RegisterFile::gatherConservativeRoots):
2771         (JSC::RegisterFile::releaseExcessCapacity): Updated for deleted / renamed
2772         data members.
2773
2774         * interpreter/RegisterFile.h:
2775         (JSC::RegisterFile::begin):
2776         (JSC::RegisterFile::size):
2777         (JSC::RegisterFile::RegisterFile):
2778         (JSC::RegisterFile::shrink): Removed all code and comments dealing with
2779         global variables stored in the register file.
2780
2781         (JSC::RegisterFile::grow): Updated for same.
2782         
2783         Also, a slight correctness fix: Test the VM commit end, and not just the
2784         in-use end, when checking for stack overflow. In theory, it's invalid to
2785         commit past the end of your allocation, even if you never touch that
2786         memory. This makes the usable size of the stack slightly smaller. No test
2787         because we don't know of any case in practice where this crashes.
2788
2789         * runtime/JSGlobalData.cpp:
2790         (JSC::JSGlobalData::JSGlobalData): Updated for changes above.
2791
2792         * runtime/JSGlobalObject.cpp:
2793         (JSC::JSGlobalObject::resizeRegisters):
2794         (JSC::JSGlobalObject::addStaticGlobals):
2795         * runtime/JSGlobalObject.h: Simplified globals to have monotonically 
2796         increasing indexes, always located in our external storage.
2797
2798 2011-06-21  MORITA Hajime  <morrita@google.com>
2799
2800         Unreviewed, rolling out r89401 and r89403.
2801         http://trac.webkit.org/changeset/89401
2802         http://trac.webkit.org/changeset/89403
2803         https://bugs.webkit.org/show_bug.cgi?id=62970
2804
2805         Breaks mac build and mistakenly enables the spellcheck API
2806
2807         * Configurations/FeatureDefines.xcconfig:
2808         * JavaScriptCore.xcodeproj/project.pbxproj:
2809
2810 2011-06-21  Kent Tamura  <tkent@chromium.org>
2811
2812         [Mac] Sort Xcode project files.
2813
2814         * JavaScriptCore.xcodeproj/project.pbxproj:
2815
2816 2011-06-20  MORITA Hajime  <morrita@google.com>
2817
2818         Reviewed by Kent Tamura.
2819
2820         Spellcheck API should be build-able.
2821         https://bugs.webkit.org/show_bug.cgi?id=62970
2822
2823         No new tests, changing only build related files
2824         
2825         * Configurations/FeatureDefines.xcconfig:
2826
2827 2011-06-21  Geoffrey Garen  <ggaren@apple.com>
2828
2829         Reviewed by Oliver Hunt.
2830
2831         Moved 'const' off the global-variable-as-local-variable crack pipe
2832         https://bugs.webkit.org/show_bug.cgi?id=63105
2833         
2834         This is necessary for moving the rest of the code off of same.
2835         
2836         Many problems remain in our handling of const. I have fixed none of them.
2837
2838         * bytecompiler/BytecodeGenerator.h:
2839         (JSC::BytecodeGenerator::scopeChain): New accessor, needed to enable
2840         const to directly implement its unique scoping rules.
2841
2842         * bytecompiler/NodesCodegen.cpp:
2843         (JSC::PrefixResolveNode::emitBytecode): Do specify that our resolve is
2844         for writing, so we don't overwrite const variables.
2845
2846         (JSC::ConstDeclNode::emitCodeSingle): Don't assume that all declared const
2847         variables are available as local variables, since this won't be the case
2848         once global variables are not available as local variables. Instead, use
2849         put_scoped_var in the case where there is no local variable. Like a local
2850         variable, put_scoped_var succeeds even though const properties are
2851         read-only, since put_scoped_var skips read-only checks. (Yay?)
2852
2853 2011-06-21  Oliver Hunt  <oliver@apple.com>
2854
2855         Reviewed by Alexey Proskuryakov.
2856
2857         REGRESSION(r89257): It broke 2 jscore tests (Requested by Ossy_away on #webkit).
2858         https://bugs.webkit.org/show_bug.cgi?id=63052
2859
2860         Release mode only failure, the stack overflow guards were getting there error
2861         handling inlined, so that they were essentially causing their own demise.
2862
2863         * parser/JSParser.cpp:
2864         (JSC::JSParser::updateErrorMessage):
2865         (JSC::JSParser::updateErrorWithNameAndMessage):
2866
2867 2011-06-20  Kenneth Russell  <kbr@google.com>
2868
2869         Unreviewed.
2870
2871         Rolled out r89233 and r89235 because of crashes in http/tests/misc/acid3.html on Snow Leopard and other platforms
2872         https://bugs.webkit.org/show_bug.cgi?id=63022
2873
2874         * wtf/Platform.h:
2875
2876 2011-06-18  Anders Carlsson  <andersca@apple.com>
2877
2878         Reviewed by Darin Adler.
2879
2880         Disallow assigning into PassOwnArrayPtr, PassOwnPtr and PassRefPtr
2881         https://bugs.webkit.org/show_bug.cgi?id=62940
2882
2883         Remove clear() and all assignment operators except one which now has a COMPILE_ASSERT.
2884
2885         * wtf/PassOwnArrayPtr.h:
2886         (WTF::PassOwnArrayPtr::operator=):
2887         * wtf/PassOwnPtr.h:
2888         (WTF::PassOwnPtr::operator=):
2889         * wtf/PassRefPtr.h:
2890         (WTF::PassRefPtr::operator=):
2891         (WTF::NonNullPassRefPtr::operator=):
2892
2893 2011-06-20  Oliver Hunt  <oliver@apple.com>
2894
2895         Reviewed by Darin Adler.
2896
2897         REGRESSION (r79060): Searching for a flight at united.com fails
2898         https://bugs.webkit.org/show_bug.cgi?id=63003
2899
2900         This original change also broke Twitter, and we attempted to refine the fix to 
2901         address that problem (http://trac.webkit.org/changeset/80542), but since it still breaks United,
2902         we need to revert the change until we understand the problem better.
2903
2904         * wtf/DateMath.cpp:
2905         (WTF::parseDateFromNullTerminatedCharacters):
2906
2907 2011-06-20  Juan C. Montemayor  <jmont@apple.com>
2908
2909         Reviewed by Oliver Hunt.
2910
2911         No context for javascript parse errors.
2912         https://bugs.webkit.org/show_bug.cgi?id=62613
2913         
2914         Parse errors now show more details like:
2915         "Unexpected token: ]"
2916         or
2917         "Expected token: while"
2918         
2919         For reserved names, numbers, indentifiers, strings, lexer errors, 
2920         and EOFs, the following error messages are printed:
2921         
2922         "Use of reserved word: super"
2923         "Unexpected number: 42"
2924         "Unexpected identifier: "
2925         "Unexpected string: "foobar""
2926         "Invalid token character sequence: \u4023"
2927         "Unexpected EOF"
2928
2929         * parser/JSParser.cpp:
2930         (JSC::JSParser::consume):
2931         (JSC::JSParser::getToken):
2932         (JSC::JSParser::getTokenName):
2933         (JSC::JSParser::updateErrorMessageSpecialCase):
2934         (JSC::JSParser::updateErrorMessage):
2935         (JSC::JSParser::updateErrorWithNameAndMessage):
2936         (JSC::jsParse):
2937         (JSC::JSParser::JSParser):
2938         (JSC::JSParser::parseProgram):
2939         (JSC::JSParser::parseVarDeclarationList):
2940         (JSC::JSParser::parseForStatement):
2941         (JSC::JSParser::parseBreakStatement):
2942         (JSC::JSParser::parseContinueStatement):
2943         (JSC::JSParser::parseWithStatement):
2944         (JSC::JSParser::parseTryStatement):
2945         (JSC::JSParser::parseStatement):
2946         (JSC::JSParser::parseFormalParameters):
2947         (JSC::JSParser::parseFunctionInfo):
2948         (JSC::JSParser::parseAssignmentExpression):
2949         (JSC::JSParser::parsePrimaryExpression):
2950         (JSC::JSParser::parseMemberExpression):
2951         (JSC::JSParser::parseUnaryExpression):
2952         * parser/JSParser.h:
2953         * parser/Lexer.cpp:
2954         (JSC::Lexer::lex):
2955         * parser/Parser.cpp:
2956         (JSC::Parser::parse):
2957
2958 2011-06-20  Nikolas Zimmermann  <nzimmermann@rim.com>
2959
2960         Reviewed by Rob Buis.
2961
2962         Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
2963         https://bugs.webkit.org/show_bug.cgi?id=59085
2964
2965         * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
2966
2967 2011-06-19  Oliver Hunt  <oliver@apple.com>
2968
2969         Reviewed by Sam Weinig.
2970
2971         Correct logic for putting errors on the correct line when handling JSONP
2972         https://bugs.webkit.org/show_bug.cgi?id=62962
2973
2974         Minor fix for the minor fix.  *sigh*
2975
2976         * interpreter/Interpreter.cpp:
2977         (JSC::Interpreter::execute):
2978
2979 2011-06-19  Oliver Hunt  <oliver@apple.com>
2980
2981         Minor fix to correct layout test results.
2982
2983         * interpreter/Interpreter.cpp:
2984         (JSC::Interpreter::execute):
2985
2986 2011-06-17  Oliver Hunt  <oliver@apple.com>
2987
2988         Reviewed by Gavin Barraclough.
2989
2990         JSONP is unnecessarily slow
2991         https://bugs.webkit.org/show_bug.cgi?id=62920
2992
2993         JSONP has unfortunately become a fairly common idiom online, yet
2994         it triggers very poor performance in JSC as we end up doing codegen
2995         for a large number of property accesses that will
2996            * only be run once, so the vast amount of logic we dump to handle
2997              caching of accesses is unnecessary.
2998            * We are doing codegen that is directly proportional to just
2999              creating the object in the first place.
3000
3001         This patch extends the use of the literal parser to JSONP-like structures
3002         in global code, handling a number of different forms I have seen online.
3003         In an extreme case this improves performance of JSONP by more than 2x
3004         due to removal of code generation and execution time, and a few optimisations
3005         that I made to the parser itself.
3006
3007         * API/JSValueRef.cpp:
3008         (JSValueMakeFromJSONString):
3009         * interpreter/Interpreter.cpp:
3010         (JSC::Interpreter::callEval):
3011         (JSC::Interpreter::execute):
3012         * parser/Lexer.cpp:
3013         (JSC::Lexer::isKeyword):
3014         * parser/Lexer.h:
3015         * runtime/JSGlobalObjectFunctions.cpp:
3016         (JSC::globalFuncEval):
3017         * runtime/JSONObject.cpp:
3018         (JSC::JSONProtoFuncParse):
3019         * runtime/LiteralParser.cpp:
3020         (JSC::LiteralParser::tryJSONPParse):
3021         (JSC::LiteralParser::makeIdentifier):
3022         (JSC::LiteralParser::Lexer::lex):
3023         (JSC::LiteralParser::Lexer::next):
3024         (JSC::isSafeStringCharacter):
3025         (JSC::LiteralParser::Lexer::lexString):
3026         (JSC::LiteralParser::Lexer::lexNumber):
3027         (JSC::LiteralParser::parse):
3028         * runtime/LiteralParser.h:
3029         (JSC::LiteralParser::LiteralParser):
3030         (JSC::LiteralParser::tryLiteralParse):
3031         (JSC::LiteralParser::Lexer::Lexer):
3032
3033 2011-06-18  Sheriff Bot  <webkit.review.bot@gmail.com>
3034
3035         Unreviewed, rolling out r89184.
3036         http://trac.webkit.org/changeset/89184
3037         https://bugs.webkit.org/show_bug.cgi?id=62927
3038
3039         It broke 22 tests on all bot (Requested by Ossy_weekend on
3040         #webkit).
3041
3042         * API/JSValueRef.cpp:
3043         (JSValueMakeFromJSONString):
3044         * interpreter/Interpreter.cpp:
3045         (JSC::Interpreter::callEval):
3046         (JSC::Interpreter::execute):
3047         * parser/Lexer.cpp:
3048         * parser/Lexer.h:
3049         * runtime/JSGlobalObjectFunctions.cpp:
3050         (JSC::globalFuncEval):
3051         * runtime/JSONObject.cpp:
3052         (JSC::JSONProtoFuncParse):
3053         * runtime/LiteralParser.cpp:
3054         (JSC::LiteralParser::Lexer::lex):
3055         (JSC::isSafeStringCharacter):
3056         (JSC::LiteralParser::Lexer::lexString):
3057         (JSC::LiteralParser::Lexer::lexNumber):
3058         (JSC::LiteralParser::parse):
3059         * runtime/LiteralParser.h:
3060         (JSC::LiteralParser::LiteralParser):
3061         (JSC::LiteralParser::tryLiteralParse):
3062         (JSC::LiteralParser::Lexer::Lexer):
3063         (JSC::LiteralParser::Lexer::next):
3064
3065 2011-06-17  Oliver Hunt  <oliver@apple.com>
3066
3067         Reviewed by Gavin Barraclough.
3068
3069         JSONP is unnecessarily slow
3070         https://bugs.webkit.org/show_bug.cgi?id=62920
3071
3072         JSONP has unfortunately become a fairly common idiom online, yet
3073         it triggers very poor performance in JSC as we end up doing codegen
3074         for a large number of property accesses that will
3075            * only be run once, so the vast amount of logic we dump to handle
3076              caching of accesses is unnecessary.
3077            * We are doing codegen that is directly proportional to just
3078              creating the object in the first place.
3079
3080         This patch extends the use of the literal parser to JSONP-like structures
3081         in global code, handling a number of different forms I have seen online.
3082         In an extreme case this improves performance of JSONP by more than 2x
3083         due to removal of code generation and execution time, and a few optimisations
3084         that I made to the parser itself.
3085
3086         * API/JSValueRef.cpp:
3087         (JSValueMakeFromJSONString):
3088         * interpreter/Interpreter.cpp:
3089         (JSC::Interpreter::callEval):
3090         (JSC::Interpreter::execute):
3091         * parser/Lexer.cpp:
3092         (JSC::Lexer::isKeyword):
3093         * parser/Lexer.h:
3094         * runtime/JSGlobalObjectFunctions.cpp:
3095         (JSC::globalFuncEval):
3096         * runtime/JSONObject.cpp:
3097         (JSC::JSONProtoFuncParse):
3098         * runtime/LiteralParser.cpp:
3099         (JSC::LiteralParser::tryJSONPParse):
3100         (JSC::LiteralParser::makeIdentifier):
3101         (JSC::LiteralParser::Lexer::lex):
3102         (JSC::LiteralParser::Lexer::next):
3103         (JSC::isSafeStringCharacter):
3104         (JSC::LiteralParser::Lexer::lexString):
3105         (JSC::LiteralParser::Lexer::lexNumber):
3106         (JSC::LiteralParser::parse):
3107         * runtime/LiteralParser.h:
3108         (JSC::LiteralParser::LiteralParser):
3109         (JSC::LiteralParser::tryLiteralParse):
3110         (JSC::LiteralParser::Lexer::Lexer):
3111
3112 2011-06-17  Geoffrey Garen  <ggaren@apple.com>
3113
3114         Reviewed by Oliver Hunt.
3115
3116         Moved some property access JIT code into property access JIT files
3117         https://bugs.webkit.org/show_bug.cgi?id=62906
3118
3119         * jit/JITOpcodes.cpp:
3120         * jit/JITOpcodes32_64.cpp:
3121         * jit/JITPropertyAccess.cpp:
3122         (JSC::JIT::emitSlow_op_put_by_val):
3123         (JSC::JIT::emit_op_get_scoped_var):
3124         (JSC::JIT::emit_op_put_scoped_var):
3125         (JSC::JIT::emit_op_get_global_var):
3126         (JSC::JIT::emit_op_put_global_var):
3127         * jit/JITPropertyAccess32_64.cpp:
3128         (JSC::JIT::emit_op_get_scoped_var):
3129         (JSC::JIT::emit_op_put_scoped_var):
3130         (JSC::JIT::emit_op_get_global_var):
3131         (JSC::JIT::emit_op_put_global_var):
3132
3133 2011-06-17  Anders Carlsson  <andersca@apple.com>
3134
3135         Build fix.
3136
3137         * JavaScriptCore.xcodeproj/project.pbxproj:
3138
3139 2011-06-17  Geoffrey Garen  <ggaren@apple.com>
3140
3141         Try to fix the Leopard build?
3142
3143         * JavaScriptCore.xcodeproj/project.pbxproj:
3144
3145 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
3146
3147         Reviewed by Oliver Hunt.
3148
3149         Added some write barrier action, compiled out by default
3150         https://bugs.webkit.org/show_bug.cgi?id=62844
3151
3152         * JavaScriptCore.exp: Build!
3153
3154         * JavaScriptCore.xcodeproj/project.pbxproj: Fixed an incremental build
3155         issue with Heap.cpp.
3156
3157         * heap/Heap.cpp:
3158         (JSC::Heap::writeBarrierSlowCase):
3159         * heap/Heap.h:
3160         (JSC::Heap::writeBarrier):
3161         * heap/MarkedBlock.h:
3162         (JSC::MarkedBlock::isAtomAligned):
3163         (JSC::MarkedBlock::blockFor):
3164         (JSC::MarkedBlock::atomNumber):
3165         (JSC::MarkedBlock::ownerSetNumber):
3166         (JSC::MarkedBlock::addOldSpaceOwner):
3167         (JSC::MarkedBlock::OwnerSet::OwnerSet):
3168         (JSC::MarkedBlock::OwnerSet::add):
3169         (JSC::MarkedBlock::OwnerSet::clear):
3170         (JSC::MarkedBlock::OwnerSet::size):
3171         (JSC::MarkedBlock::OwnerSet::didOverflow):
3172         (JSC::MarkedBlock::OwnerSet::owners): Added a basic write barrier that
3173         tracks owners for regions within blocks. Currently unused.
3174
3175 2011-06-17  Raphael Kubo da Costa  <kubo@profusion.mobi>
3176
3177         Reviewed by Eric Seidel.
3178
3179         [EFL] Add some OwnPtr specializations for EFL types.
3180         For now there are specializations for Ecore_Evas and Evas_Object.
3181         https://bugs.webkit.org/show_bug.cgi?id=62877
3182
3183         * wtf/CMakeListsEfl.txt:
3184         * wtf/OwnPtrCommon.h:
3185         * wtf/efl/OwnPtrEfl.cpp: Added.
3186         (WTF::deleteOwnedPtr):
3187
3188 2011-06-17  Joone Hur  <joone.hur@collabora.co.uk>
3189
3190         Reviewed by Martin Robinson.
3191
3192         [GTK] Replace GdkRectangle by cairo_rectangle_int_t
3193         https://bugs.webkit.org/show_bug.cgi?id=60687
3194
3195         Replace GdkRectangle by cairo_rectangle_int_t.
3196
3197         * wtf/gobject/GTypedefs.h: Replace GdkRectangle by cairo_rectangle_int_t.
3198
3199 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
3200
3201         Reviewed by Oliver Hunt.
3202
3203         https://bugs.webkit.org/show_bug.cgi?id=53014
3204         ES5 strict mode keyword restrictions aren't implemented
3205
3206         The following are future restricted words is strict mode code:
3207             implements, interface, let, package, private, protected, public, static, yield
3208
3209         * parser/JSParser.h:
3210             - Add RESERVED_IF_STRICT token.
3211         * parser/Keywords.table:
3212             - Add new future restricted words.
3213         * parser/Lexer.cpp:
3214         (JSC::Lexer::parseIdentifier):
3215             - Check for RESERVED_IF_STRICT; in nonstrict code this is converted to IDENT.
3216         (JSC::Lexer::lex):
3217             - Pass strictMode flag to parseIdentifier.
3218         * parser/Lexer.h:
3219             - parseIdentifier needs a strictMode flag.
3220         * runtime/CommonIdentifiers.h:
3221             - Add identifiers for new reserved words.
3222
3223 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
3224
3225         Reviewed by Oliver Hunt.
3226
3227         https://bugs.webkit.org/show_bug.cgi?id=23611
3228         Multiline Javascript comments cause incorrect parsing of following script.
3229
3230         From the spec:
3231         "A MultiLineComment [is] simply discarded if it contains no line terminator,
3232         but if a MultiLineComment contains one or more line terminators, then it is
3233         replaced with a single line terminator, which becomes part of the stream of
3234         inputs for the syntactic grammar." 
3235
3236         This may result in behavioural changes, due to automatic semicolon insertion.
3237
3238         * parser/Lexer.cpp:
3239         (JSC::Lexer::parseMultilineComment):
3240             - Set m_terminator is we see a line terminator in a multiline comment.
3241
3242 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
3243
3244         Reviewed by Sam Weinig.
3245
3246         https://bugs.webkit.org/show_bug.cgi?id=62824
3247         DFG JIT - add support for branch-fusion of compareEq, JSValue comparisons in SpeculativeJIT
3248
3249         CompareEq of non-integer values is the most common cause of speculation failure.
3250
3251         * dfg/DFGSpeculativeJIT.cpp:
3252         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
3253             - Support Equals.
3254         (JSC::DFG::SpeculativeJIT::compilePeepHoleEq):
3255             - new! - peephole optimized Eq of JSValues.
3256         (JSC::DFG::SpeculativeJIT::compile):
3257             - Add peephole optimization for CompareEq.
3258         * dfg/DFGSpeculativeJIT.h:
3259         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
3260             - Add support for dead nodes between compare & branch.
3261         (JSC::DFG::SpeculativeJIT::isInteger):
3262             - Added to determine which form of peephole to do in CompareEq.
3263
3264 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
3265
3266         Try to fix the Windows build.
3267
3268         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export another
3269         symbol.
3270
3271         * bytecode/EvalCodeCache.h:
3272         * heap/HandleHeap.h:
3273         * heap/HeapRootVisitor.h:
3274         * heap/NewSpace.h:
3275         * runtime/ArgList.h:
3276         * runtime/ScopeChain.h:
3277         * runtime/SmallStrings.h:
3278         * runtime/Structure.h: Stop forward-declaring things that don't really
3279         exist anymore.
3280
3281 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
3282
3283         Try to fix the Mac build: Removed and re-added SlotVisitor.h to the Xcode
3284         project while crossing my fingers and facing west.
3285
3286         * JavaScriptCore.xcodeproj/project.pbxproj:
3287
3288 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
3289
3290         Build fix: Removed an incorrect symbol on Windows.
3291
3292         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3293
3294 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
3295
3296         Build fix: Removed an accidental commit from the future.
3297
3298         * CMakeLists.txt:
3299
3300 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
3301
3302         Reviewed by Oliver Hunt.
3303
3304         Introduced SlotVisitor into the project
3305         https://bugs.webkit.org/show_bug.cgi?id=62820
3306         
3307         This resolves a class vs typedef forward declaration issue, and gives all
3308         exported symbols the correct names.
3309
3310         * CMakeLists.txt:
3311         * GNUmakefile.list.am:
3312         * JavaScriptCore.exp:
3313         * JavaScriptCore.gypi:
3314         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3315         * JavaScriptCore.xcodeproj/project.pbxproj: Build!
3316
3317         * bytecode/EvalCodeCache.h:
3318         * heap/HandleHeap.h:
3319         * heap/Heap.cpp:
3320         (JSC::Heap::Heap):
3321         (JSC::Heap::markRoots):
3322         * heap/Heap.h:
3323         * heap/HeapRootVisitor.h: Replaced MarkStack with SlotVisitor. Now no
3324         clients operate on a MarkStack.
3325
3326         * heap/MarkStack.cpp:
3327         (JSC::SlotVisitor::visitChildren):
3328         (JSC::SlotVisitor::drain):
3329         * heap/SlotVisitor.h: Added.
3330         (JSC::SlotVisitor::SlotVisitor): Used 'protected' and a little cheesy
3331         inheritance to give SlotVisitor all the attributes of MarkStack without
3332         making this change giant. Over time, we will move more behavior into
3333         SlotVisitor and its subclasses.
3334
3335         * heap/MarkStack.h:
3336         * heap/NewSpace.h: Replaced MarkStack with SlotVisitor. Now no
3337         clients operate on a MarkStack.
3338
3339         * runtime/ArgList.h:
3340         * runtime/JSCell.h:
3341         * runtime/JSObject.h:
3342         * runtime/ScopeChain.h:
3343         * runtime/SmallStrings.h:
3344         * runtime/Structure.h: Replaced MarkStack with SlotVisitor. Now no
3345         clients operate on a MarkStack.
3346
3347 2011-06-15  Oliver Hunt  <oliver@apple.com>
3348
3349         Reviewed by Geoffrey Garen.
3350
3351         Reduce memory usage of resolve_global
3352         https://bugs.webkit.org/show_bug.cgi?id=62765
3353
3354         If we have a large number of resolve_globals in a single
3355         block start planting plain resolve instructions instead 
3356         whenever we aren't in a loop.  This allows us to reduce
3357         the code size for extremely large functions without
3358         losing the performance benefits of op_resolve_global.
3359
3360         * bytecode/CodeBlock.h:
3361         (JSC::CodeBlock::globalResolveInfoCount):
3362         * bytecompiler/BytecodeGenerator.cpp:
3363         (JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
3364         (JSC::BytecodeGenerator::emitResolve):
3365         (JSC::BytecodeGenerator::emitResolveWithBase):
3366         * bytecompiler/BytecodeGenerator.h:
3367
3368 2011-06-16  Qi Zhang  <qi.2.zhang@nokia.com>
3369
3370         Reviewed by Laszlo Gombos.
3371
3372         [Qt] Fix building with CONFIG(use_system_icu)
3373         https://bugs.webkit.org/show_bug.cgi?id=62744
3374
3375         Do not define WTF_USE_QT4_UNICODE if WTF_USE_ICU_UNICODE is set.
3376
3377         * wtf/Platform.h:
3378
3379 2011-06-15  Darin Adler  <darin@apple.com>
3380
3381         Reviewed by Adam Barth.
3382
3383         Remove obsolete LOOSE_OWN_PTR code
3384         https://bugs.webkit.org/show_bug.cgi?id=59909
3385
3386         The internal Apple dependency on this is gone now.
3387
3388         * wtf/OwnArrayPtr.h: Removed constructor that takes a raw pointer,
3389         set function that takes a raw pointer.
3390
3391         * wtf/OwnPtr.h: Removed constructor that takes a raw pointer,
3392         set functino that takes a raw pointer.
3393
3394         * wtf/PassOwnArrayPtr.h: Made constructor that takes a nullptr
3395         and assignment operator that takes a nullptr unconditional.
3396         Made constructor that takes a raw pointer private and explicit,
3397         and removed assignment operator that takes a raw pointer.
3398
3399         * wtf/PassOwnPtr.h: Made assignment operator that takes a nullptr
3400         unconditional. Made constructor that takes a raw pointer private
3401         and explicit, and removed assignment operator that takes a raw pointer.
3402
3403 2011-06-15  Sam Weinig  <sam@webkit.org>
3404
3405         Reviewed by Geoffrey Garen and Gavin Barraclough.
3406
3407         Make access-nseive ~9x faster on the non-speculative path by
3408         adding special casing for doubles that can lossless-ly be converted
3409         to a uint32_t in getByVal and putByVal. This avoids calls to stringification
3410         and the hash lookup.  Long term, we should try and get property of a getByVal
3411         and putByVal to be an integer immediate even in the non-speculative path.
3412
3413         * dfg/DFGOperations.cpp:
3414         (JSC::DFG::putByVal):
3415         (JSC::DFG::operationPutByValInternal):
3416
3417 2011-06-15  Oliver Hunt  <oliver@apple.com>
3418
3419         Reviewed by Darin Adler.
3420
3421         REGRESSION (r88719): 5by5.tv schedule is not visible
3422         https://bugs.webkit.org/show_bug.cgi?id=62720
3423
3424         Problem here is that the lexer wasn't considering '$' to be
3425         a valid character in an identifier.
3426
3427         * parser/Lexer.h:
3428         (JSC::Lexer::lexExpectIdentifier):
3429
3430 2011-06-15  Oliver Hunt  <oliver@apple.com>
3431
3432         Reviewed by Sam Weinig.
3433
3434         Reduce the size of global_resolve
3435         https://bugs.webkit.org/show_bug.cgi?id=62738
3436
3437         Reduce the code size of global_resolve in the JIT by replacing
3438         multiple pointer loads with a single pointer move + two offset
3439         loads.
3440
3441         * jit/JITOpcodes.cpp:
3442         (JSC::JIT::emit_op_resolve_global):
3443         * jit/JITOpcodes32_64.cpp:
3444         (JSC::JIT::emit_op_resolve_global):
3445
3446 2011-06-14  Geoffrey Garen  <ggaren@apple.com>
3447
3448         Reviewed by Dan Bernstein.
3449
3450         Fixed an inavlid ASSERT I found while investigating
3451         <rdar://problem/9580254> Crash in JSC::HandleHeap::finalizeWeakHandles + 92
3452         https://bugs.webkit.org/show_bug.cgi?id=62699        
3453
3454         No test since we don't know of a way to get WebCore to deallocate the
3455         next-to-finalize handle, which is also the last handle in the list,
3456         while finalizing the second-to-last handle in the list.
3457
3458         * heap/HandleHeap.h:
3459         (JSC::HandleHeap::deallocate): Don't ASSERT that m_nextToFinalize has a
3460         non-0 next() after updating it, since it is valid to update m_nextToFinalize
3461         to point to the tail sentinel.
3462         
3463         Do ASSERT that m_nextToFinalize has a non-0 next() before updating it,
3464         since it is not valid to update m_nextToFinalize to point past the tail
3465         sentinel.
3466         
3467         Also, use m_nextToFinalize consistently for clarity.
3468
3469 2011-06-14  Gavin Barraclough  <barraclough@apple.com>
3470
3471         Reviewed by Sam Weinig.
3472
3473         https://bugs.webkit.org/show_bug.cgi?id=43841
3474         SegmentedVector::operator== typo
3475
3476         * wtf/SegmentedVector.h:
3477         (WTF::SegmentedVectorIterator::operator==):
3478         (WTF::SegmentedVectorIterator::operator!=):
3479
3480 2011-06-14  Oliver Hunt  <oliver@apple.com>
3481
3482         Reviewed by Gavin Barraclough.
3483
3484         Constant array literals result in unnecessarily large amounts of code
3485         https://bugs.webkit.org/show_bug.cgi?id=62658
3486
3487         Add a new version of op_new_array that simply copies values from a buffer
3488         we hang off of the CodeBlock, rather than generating code to place each
3489         entry into the registerfile, and then copying it from the registerfile into
3490         the array.  This is a slight improvement on some sunspider tests, but no
3491         measurable overall change.  That's okay though as our goal was to reduce
3492         code size without hurting performance.
3493
3494         * bytecode/CodeBlock.cpp:
3495         (JSC::CodeBlock::dump):
3496         * bytecode/CodeBlock.h:
3497         (JSC::CodeBlock::addImmediateBuffer):
3498         (JSC::CodeBlock::immediateBuffer):
3499         * bytecode/Opcode.h:
3500         * bytecompiler/BytecodeGenerator.cpp:
3501         (JSC::BytecodeGenerator::addImmediateBuffer):
3502         (JSC::BytecodeGenerator::emitNewArray):
3503         * bytecompiler/BytecodeGenerator.h:
3504         * bytecompiler/NodesCodegen.cpp:
3505         (JSC::ArrayNode::emitBytecode):
3506         * interpreter/Interpreter.cpp:
3507         (JSC::Interpreter::privateExecute):
3508         * jit/JIT.cpp:
3509         (JSC::JIT::privateCompileMainPass):
3510         * jit/JIT.h:
3511         * jit/JITOpcodes.cpp:
3512         (JSC::JIT::emit_op_new_array):
3513         (JSC::JIT::emit_op_new_array_buffer):
3514         * jit/JITOpcodes32_64.cpp:
3515         * jit/JITStubs.cpp:
3516         (JSC::DEFINE_STUB_FUNCTION):
3517         * jit/JITStubs.h:
3518
3519 2011-06-14  Sheriff Bot  <webkit.review.bot@gmail.com>
3520
3521         Unreviewed, rolling out r88841.
3522         http://trac.webkit.org/changeset/88841
3523         https://bugs.webkit.org/show_bug.cgi?id=62672
3524
3525         Caused many tests to crash (Requested by rniwa on #webkit).
3526
3527         * bytecode/CodeBlock.cpp:
3528         (JSC::CodeBlock::dump):
3529         * bytecode/CodeBlock.h:
3530         * bytecode/Opcode.h:
3531         * bytecompiler/BytecodeGenerator.cpp:
3532         (JSC::BytecodeGenerator::emitNewArray):
3533         * bytecompiler/BytecodeGenerator.h:
3534         * bytecompiler/NodesCodegen.cpp:
3535         (JSC::ArrayNode::emitBytecode):
3536         * interpreter/Interpreter.cpp:
3537         (JSC::Interpreter::privateExecute):
3538         * jit/JIT.cpp:
3539         (JSC::JIT::privateCompileMainPass):
3540         * jit/JIT.h:
3541         * jit/JITOpcodes.cpp:
3542         (JSC::JIT::emit_op_new_array):
3543         * jit/JITOpcodes32_64.cpp:
3544         (JSC::JIT::emit_op_new_array):
3545         * jit/JITStubs.cpp:
3546         * jit/JITStubs.h:
3547
3548 2011-06-14  Oliver Hunt  <oliver@apple.com>
3549
3550         Reviewed by Gavin Barraclough.
3551
3552         Constant array literals result in unnecessarily large amounts of code
3553         https://bugs.webkit.org/show_bug.cgi?id=62658
3554
3555         Add a new version of op_new_array that simply copies values from a buffer
3556         we hang off of the CodeBlock, rather than generating code to place each
3557         entry into the registerfile, and then copying it from the registerfile into
3558         the array.  This is a slight improvement on some sunspider tests, but no
3559         measurable overall change.  That's okay though as our goal was to reduce
3560         code size without hurting performance.
3561
3562         * bytecode/CodeBlock.cpp:
3563         (JSC::CodeBlock::dump):
3564         * bytecode/CodeBlock.h:
3565         (JSC::CodeBlock::addImmediateBuffer):
3566         (JSC::CodeBlock::immediateBuffer):
3567         * bytecode/Opcode.h:
3568         * bytecompiler/BytecodeGenerator.cpp:
3569         (JSC::BytecodeGenerator::addImmediateBuffer):
3570         (JSC::BytecodeGenerator::emitNewArray):
3571         * bytecompiler/BytecodeGenerator.h:
3572         * bytecompiler/NodesCodegen.cpp:
3573         (JSC::ArrayNode::emitBytecode):
3574         * interpreter/Interpreter.cpp:
3575         (JSC::Interpreter::privateExecute):
3576         * jit/JIT.cpp:
3577         (JSC::JIT::privateCompileMainPass):
3578         * jit/JIT.h:
3579         * jit/JITOpcodes.cpp:
3580         (JSC::JIT::emit_op_new_array):
3581         (JSC::JIT::emit_op_new_array_buffer):
3582         * jit/JITOpcodes32_64.cpp:
3583         * jit/JITStubs.cpp:
3584         (JSC::DEFINE_STUB_FUNCTION):
3585         * jit/JITStubs.h:
3586
3587 2011-06-14  Stephanie Lewis  <slewis@apple.com>
3588
3589         Rubber stamped by Oliver Hunt.
3590
3591         <rdar://problem/9511169>
3592         Update order files.
3593
3594         * JavaScriptCore.order:
3595
3596 2011-06-14  Sam Weinig  <sam@webkit.org>
3597
3598         Reviewed by Geoffrey Garen.
3599
3600         Fix dumping of constants to have the correct constant number.
3601
3602         * bytecode/CodeBlock.cpp:
3603         (JSC::CodeBlock::dump):
3604
3605 2011-06-14  Benjamin Poulain  <benjamin@webkit.org>
3606
3607         Reviewed by Eric Seidel.
3608
3609         KeywordLookupGenerator's Trie does not work with Python 3
3610         https://bugs.webkit.org/show_bug.cgi?id=62635
3611
3612         With Python 3, dict.items() return an iterator. Since the iterator
3613         protocol changed between Python 2 and 3, the easiest way to get the
3614         values is to have something that use the iterator implicitely, like a
3615         for() loop.
3616
3617         * KeywordLookupGenerator.py:
3618
3619 2011-06-13  Oliver Hunt  <oliver@apple.com>
3620
3621         Reviewed by Gavin Barraclough.
3622
3623         Fix llocp and lvalp names in the lexer to something more meaningful
3624         https://bugs.webkit.org/show_bug.cgi?id=62605
3625
3626         A simple rename
3627
3628         * parser/Lexer.cpp:
3629         (JSC::Lexer::parseIdentifier):
3630         (JSC::Lexer::parseString):
3631         (JSC::Lexer::lex):
3632         * parser/Lexer.h:
3633         (JSC::Lexer::lexExpectIdentifier):
3634
3635 2011-06-13  Oliver Hunt  <oliver@apple.com>
3636
3637         Reviewed by Gavin Barraclough.
3638
3639         Make it possible to inline the common case of identifier lexing
3640         https://bugs.webkit.org/show_bug.cgi?id=62600
3641
3642         Add a lexing function that expects to lex an "normal" alpha numeric
3643         identifier (that ignores keywords) so it's possible to inline the
3644         common parsing cases.  This comes out as a reasonable parsing speed
3645         boost.
3646
3647         * parser/JSParser.cpp:
3648         (JSC::JSParser::nextExpectIdentifier):
3649         (JSC::JSParser::parseProperty):
3650         (JSC::JSParser::parseMemberExpression):
3651         * parser/Lexer.cpp:
3652         * parser/Lexer.h:
3653         (JSC::Lexer::makeIdentifier):
3654         (JSC::Lexer::lexExpectIdentifier):
3655
3656 2011-06-13  Xan Lopez  <xlopez@igalia.com>
3657
3658         Reviewed by Martin Robinson.
3659
3660         Distcheck fixes.
3661
3662         * GNUmakefile.am:
3663         * GNUmakefile.list.am:
3664
3665 2011-06-13  Oliver Hunt  <oliver@apple.com>
3666
3667         Reviewed by Simon Fraser.
3668
3669         Make it possible to inline Identifier::equal
3670         https://bugs.webkit.org/show_bug.cgi?id=62584
3671
3672         Move Identifier::equal to the Identifier header file.
3673
3674         * runtime/Identifier.cpp:
3675         * runtime/Identifier.h:
3676         (JSC::Identifier::equal):
3677
3678 2011-06-13  Tony Chang  <tony@chromium.org>
3679
3680         Reviewed by Dimitri Glazkov.
3681
3682         rename ENABLE_NEW_FLEXBOX to ENABLE_CSS3_FLEXBOX
3683         https://bugs.webkit.org/show_bug.cgi?id=62578
3684
3685         * Configurations/FeatureDefines.xcconfig:
3686
3687 2011-06-13  Tony Chang  <tony@chromium.org>
3688
3689         Reviewed by Adam Barth.
3690
3691         rename ENABLE_FLEXBOX to ENABLE_NEW_FLEXBOX
3692         https://bugs.webkit.org/show_bug.cgi?id=62545
3693
3694         * Configurations/FeatureDefines.xcconfig:
3695
3696 2011-06-12  Patrick Gansterer  <paroga@webkit.org>
3697
3698         Unreviewed. Build fix for !ENABLE(JIT) after r88604.
3699
3700         * bytecode/CodeBlock.cpp:
3701         (JSC::CodeBlock::visitAggregate):
3702
3703 2011-06-11  Gavin Barraclough  <barraclough@apple.com>
3704
3705         Reviewed by Darin Adler.
3706
3707         https://bugs.webkit.org/show_bug.cgi?id=16777
3708
3709         Remove #define NaN per Darin's comments.
3710
3711         * runtime/JSGlobalObjectFunctions.cpp:
3712         (JSC::parseIntOverflow):
3713         (JSC::parseInt):
3714         (JSC::jsStrDecimalLiteral):
3715         (JSC::jsToNumber):
3716         (JSC::parseFloat):
3717         * wtf/DateMath.cpp:
3718         (WTF::equivalentYearForDST):
3719         (WTF::parseES5DateFromNullTerminatedCharacters):
3720         (WTF::parseDateFromNullTerminatedCharacters):
3721         (WTF::timeClip):
3722         (JSC::parseDateFromNullTerminatedCharacters):
3723
3724 2011-06-11  Gavin Barraclough  <barraclough@apple.com>
3725
3726         Rubber stamped by Geoff Garen.
3727
3728         https://bugs.webkit.org/show_bug.cgi?id=62503
3729         Remove JIT_OPTIMIZE_* switches
3730
3731         The alternative code paths are untested, and not well maintained.
3732         These were useful when there was more churn in the JIT, but now
3733         are a maintenance overhead. Time to move on, removing.
3734
3735         * bytecode/CodeBlock.cpp:
3736         (JSC::CodeBlock::visitAggregate):
3737         * jit/JIT.cpp:
3738         (JSC::JIT::privateCompileSlowCases):
3739         (JSC::JIT::privateCompile):
3740         (JSC::JIT::linkConstruct):
3741         * jit/JIT.h:
3742         * jit/JITCall.cpp:
3743         * jit/JITCall32_64.cpp:
3744         * jit/JITOpcodes.cpp:
3745         (JSC::JIT::privateCompileCTIMachineTrampolines):
3746         (JSC::JIT::privateCompileCTINativeCall):
3747         * jit/JITOpcodes32_64.cpp:
3748         (JSC::JIT::privateCompileCTIMachineTrampolines):
3749         (JSC::JIT::privateCompileCTINativeCall):
3750         (JSC::JIT::softModulo):
3751         * jit/JITPropertyAccess.cpp:
3752         * jit/JITPropertyAccess32_64.cpp:
3753         * jit/JITStubs.cpp:
3754         (JSC::DEFINE_STUB_FUNCTION):
3755         * runtime/Lookup.cpp:
3756         (JSC::setUpStaticFunctionSlot):
3757         * runtime/Lookup.h:
3758         * wtf/Platform.h:
3759
3760 2011-06-10  Gavin Barraclough  <barraclough@apple.com>
3761
3762         Reviewed by Sam Weinig.
3763
3764         https://bugs.webkit.org/show_bug.cgi?id=16777
3765         Eliminate JSC::NaN and JSC::Inf
3766
3767         There's no good reason for -K-J-S- JSC to have its own NAN and infinity constants.
3768         The ones in std::numeric_limits are perfectly good.
3769         Remove JSC::Inf, JSC::NaN, switch some cases of (isnan || isinf) to !isfinite.
3770
3771         * API/JSCallbackObjectFunctions.h:
3772         (JSC::::toNumber):
3773         * API/JSValueRef.cpp:
3774         (JSValueMakeNumber):
3775         (JSValueToNumber):
3776         * JavaScriptCore.exp:
3777         * runtime/CachedTranscendentalFunction.h:
3778         (JSC::CachedTranscendentalFunction::initialize):
3779         * runtime/DateConstructor.cpp:
3780         (JSC::constructDate):
3781         * runtime/DateInstanceCache.h:
3782         (JSC::DateInstanceData::DateInstanceData):
3783         (JSC::DateInstanceCache::reset):
3784         * runtime/JSCell.cpp:
3785         * runtime/JSCell.h:
3786         (JSC::JSCell::JSValue::getPrimitiveNumber):
3787         (JSC::JSCell::JSValue::toNumber):
3788         * runtime/JSGlobalData.cpp:
3789         (JSC::JSGlobalData::JSGlobalData):
3790         (JSC::JSGlobalData::resetDateCache):
3791         * runtime/JSGlobalObject.cpp:
3792         (JSC::JSGlobalObject::reset):
3793         * runtime/JSGlobalObjectFunctions.cpp:
3794         (JSC::globalFuncParseInt):
3795         (JSC::globalFuncIsFinite):
3796         * runtime/JSNotAnObject.cpp:
3797         (JSC::JSNotAnObject::toNumber):
3798         * runtime/JSValue.cpp:
3799         * runtime/JSValue.h:
3800         * runtime/JSValueInlineMethods.h:
3801         (JSC::jsNaN):
3802         * runtime/MathObject.cpp:
3803         (JSC::mathProtoFuncMax):
3804         (JSC::mathProtoFuncMin):
3805         * runtime/NumberConstructor.cpp:
3806         (JSC::numberConstructorNegInfinity):
3807         (JSC::numberConstructorPosInfinity):
3808         * runtime/NumberPrototype.cpp:
3809         (JSC::numberProtoFuncToExponential):
3810         (JSC::numberProtoFuncToFixed):
3811         (JSC::numberProtoFuncToPrecision):
3812         (JSC::numberProtoFuncToString):
3813         * runtime/UString.cpp:
3814         * wtf/DecimalNumber.h:
3815         (WTF::DecimalNumber::DecimalNumber):
3816         * wtf/dtoa.cpp:
3817         (WTF::dtoa):
3818
3819 2011-06-10  Tony Chang  <tony@chromium.org>
3820
3821         Reviewed by Ojan Vafai.
3822
3823         add a compile guard ENABLE(FLEXBOX)
3824         https://bugs.webkit.org/show_bug.cgi?id=62049
3825
3826         * Configurations/FeatureDefines.xcconfig:
3827
3828 2011-06-10  Gavin Barraclough  <barraclough@apple.com>
3829
3830         Reviewed by Sam Weinig.
3831
3832         https://bugs.webkit.org/show_bug.cgi?id=55347
3833         "name" and "message" enumerable on *Error.prototype
3834
3835         This arises from chapter 15 of the spec:
3836             "Every other property described in this clause has the attributes
3837             { [[Writable]]: true, [[Enumerable]]: false, [[Configurable]]: true }
3838             unless otherwise specified."
3839         Standardized properties are not enumerable.
3840
3841         * runtime/ErrorInstance.cpp:
3842         (JSC::ErrorInstance::ErrorInstance):
3843         * runtime/NativeErrorPrototype.cpp:
3844         (JSC::NativeErrorPrototype::NativeErrorPrototype):
3845
3846 2011-06-09  Geoffrey Garen  <ggaren@apple.com>
3847
3848         Build fix: Corrected header spelling.
3849
3850         * heap/OldSpace.h:
3851
3852 2011-06-09  Geoffrey Garen  <ggaren@apple.com>
3853
3854         Reviewed by Oliver Hunt.
3855
3856         Added OldSpace to the project
3857         https://bugs.webkit.org/show_bug.cgi?id=62417
3858         
3859         Currently unused.
3860         
3861         Added OldSpace, the ability to iterate NewSpace vs OldSpace, and a
3862         per-block flag for testing whether you're in NewSpace vs OldSpace.
3863
3864         * CMakeLists.txt:
3865         * GNUmakefile.list.am:
3866         * JavaScriptCore.gypi:
3867         * JavaScriptCore.pro:
3868         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3869         * JavaScriptCore.xcodeproj/project.pbxproj: Build!
3870
3871         * heap/MarkedBlock.cpp:
3872         (JSC::MarkedBlock::MarkedBlock):
3873         * heap/MarkedBlock.h:
3874         (JSC::MarkedBlock::inNewSpace):
3875         (JSC::MarkedBlock::setInNewSpace): Added inNewSpace flag, for use in
3876         write barrier.
3877
3878         * heap/NewSpace.cpp:
3879         (JSC::NewSpace::addBlock):
3880         (JSC::NewSpace::removeBlock):
3881         * heap/NewSpace.h:
3882         (JSC::NewSpace::forEachBlock): Added forEachBlock, to use for
3883         NewSpace-specific operations.
3884
3885         * heap/OldSpace.cpp: Added.
3886         (JSC::OldSpace::OldSpace):
3887         (JSC::OldSpace::addBlock):
3888         (JSC::OldSpace::removeBlock):
3889         * heap/OldSpace.h: Added.
3890         (JSC::OldSpace::forEachBlock): New class for holding promoted blocks.
3891         Not in use yet.
3892
3893 2011-06-09  Hyowon Kim  <hw1008.kim@samsung.com>
3894
3895         Reviewed by Antonio Gomes.
3896
3897         [EFL] Make accelerated compositing build in Webkit-EFL
3898         https://bugs.webkit.org/show_bug.cgi?id=62361
3899
3900         Add PLATFORM(EFL) to enable ACCELERATED_COMPOSITING on EFL port.
3901
3902         * wtf/Platform.h:
3903
3904 2011-06-09  Gavin Barraclough  <barraclough@apple.com>
3905
3906         Reviewed by Geoff Garen.
3907
3908         Bug 62405 - Fix integer overflow in Array.prototype.push
3909
3910         Fix geoff's review comments re static_cast.
3911
3912         * runtime/ArrayPrototype.cpp:
3913         (JSC::arrayProtoFuncPush):
3914
3915 2011-06-09  Geoffrey Garen  <ggaren@apple.com>
3916
3917         Reviewed by Oliver Hunt.
3918
3919         Factored MarkedBlock set management into a helper class with a fast case Bloom filter
3920         https://bugs.webkit.org/show_bug.cgi?id=62413
3921         
3922         SunSpider reports a small speedup.
3923         
3924         This is in preparation for having ConservativeSet operate on arbitrary
3925         sets of MarkedBlocks, and in preparation for conservative scanning
3926         becoming proportionally more important than other GC activities.
3927
3928         * GNUmakefile.list.am:
3929         * JavaScriptCore.gypi:
3930         * JavaScriptCore.xcodeproj/project.pbxproj: Build-o.
3931
3932         * heap/ConservativeRoots.cpp:
3933         (JSC::ConservativeRoots::add):
3934         * heap/ConservativeRoots.h:
3935         (JSC::ConservativeRoots::ConservativeRoots): Operate on a MarkedBlockSet
3936         directly, instead of a Heap, so we can operate on subsets of the Heap
3937         instead.
3938         
3939         Use a TinyBloomFilter for single-cycle exclusion of most pointers. This
3940         is particularly important since we expect not to find our subject pointer
3941         in the MarkedBlock hash, and hash misses are more expensive than typical
3942         hash lookups because they have high collision rates.
3943         
3944         No need for single-pointer add() to be public anymore, since nobody uses it.
3945
3946         * heap/Heap.cpp:
3947         (JSC::Heap::markRoots):
3948         * heap/Heap.h:
3949         (JSC::Heap::forEachCell):
3950         (JSC::Heap::forEachBlock): Use MarkedBlockSet since that's what
3951         ConservativeRoots relies on.
3952         
3953         Nixed contains(), since nobody uses it anymore.
3954
3955         * heap/MarkedBlock.h:
3956         (WTF::MarkedBlockHash::hash): Added a faster hash taking advantage of
3957         the VM layout properties of MarkedBlocks.
3958
3959         * heap/MarkedBlockSet.h: Added.
3960         (JSC::MarkedBlockSet::add):
3961         (JSC::MarkedBlockSet::remove):
3962         (JSC::MarkedBlockSet::recomputeFilter):
3963         (JSC::MarkedBlockSet::filter):
3964         (JSC::MarkedBlockSet::set):
3965         * heap/TinyBloomFilter.h: Added.
3966         (JSC::TinyBloomFilter::TinyBloomFilter):
3967         (JSC::TinyBloomFilter::add):
3968         (JSC::TinyBloomFilter::ruleOut): New helper class, used above.
3969
3970         * interpreter/RegisterFile.cpp:
3971         (JSC::RegisterFile::gatherConservativeRoots): No need to specifically
3972         exclude values by tag -- the tiny bloom filter is already a register-register
3973         compare, so adding another "rule out" factor just slows things down.
3974
3975 2011-06-09  Gavin Barraclough  <barraclough@apple.com>
3976
3977         Reviewed by Oliver Hunt.
3978
3979         Bug 62405 - Fix integer overflow in Array.prototype.push
3980
3981         There are three integer overflows here, leading to safe (not a security risk)
3982         but incorrect (non-spec-compliant) behaviour.
3983
3984         Two overflows occur when calculating the new length after pushing (one in the
3985         fast version of push in JSArray, one in the generic version in ArrayPrototype).
3986         The other occurs calculating indices to write to when multiple items are pushed.
3987
3988         These errors result in three test-262 failures.
3989
3990         * runtime/ArrayPrototype.cpp:
3991         (JSC::arrayProtoFuncPush):
3992         * runtime/JSArray.cpp:
3993         (JSC::JSArray::put):
3994         (JSC::JSArray::push):
3995
3996 2011-06-09  Dan Bernstein  <mitz@apple.com>
3997
3998         Reviewed by Anders Carlsson.
3999
4000         Add Vector::reverse()
4001         https://bugs.webkit.org/show_bug.cgi?id=62393
4002
4003         * wtf/Vector.h:
4004         (WTF::Vector::reverse): Added
4005
4006 2011-06-08  Geoffrey Garen  <ggaren@apple.com>
4007
4008         Reviewed by Oliver Hunt.
4009
4010         Factored a bunch of Heap functionality into stand-alone functors
4011         https://bugs.webkit.org/show_bug.cgi?id=62337
4012         
4013         This is in preparation for making these functors operate on arbitrary
4014         sets of MarkedBlocks.
4015
4016         * JavaScriptCore.exp: This file is a small tragedy.
4017
4018         * debugger/Debugger.cpp:
4019         (JSC::Debugger::recompileAllJSFunctions): Updated for type change and rename.
4020
4021         * heap/HandleHeap.h:
4022         (JSC::HandleHeap::forEachStrongHandle): New function for iterating all
4023         strong handles, so we can play along in the functor game.
4024
4025         * heap/Heap.cpp:
4026         (JSC::CountFunctor::CountFunctor::CountFunctor):
4027         (JSC::CountFunctor::CountFunctor::count):
4028         (JSC::CountFunctor::CountFunctor::returnValue):
4029         (JSC::CountFunctor::ClearMarks::operator()):
4030         (JSC::CountFunctor::ResetAllocator::operator()):
4031         (JSC::CountFunctor::Sweep::operator()):
4032         (JSC::CountFunctor::MarkCount::operator()):
4033         (JSC::CountFunctor::Size::operator()):
4034         (JSC::CountFunctor::Capacity::operator()):
4035         (JSC::CountFunctor::Count::operator()):
4036         (JSC::CountFunctor::CountIfGlobalObject::operator()):
4037         (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
4038         (JSC::CountFunctor::TakeIfEmpty::operator()):
4039         (JSC::CountFunctor::TakeIfEmpty::returnValue):
4040         (JSC::CountFunctor::RecordType::RecordType):
4041         (JSC::CountFunctor::RecordType::typeName):
4042         (JSC::CountFunctor::RecordType::operator()):
4043         (JSC::CountFunctor::RecordType::returnValue): These functors factor out
4044         behavior that used to be in the functions below.
4045
4046         (JSC::Heap::clearMarks):
4047         (JSC::Heap::sweep):
4048         (JSC::Heap::objectCount):
4049         (JSC::Heap::size):
4050         (JSC::Heap::capacity):
4051         (JSC::Heap::protectedGlobalObjectCount):
4052         (JSC::Heap::protectedObjectCount):
4053         (JSC::Heap::protectedObjectTypeCounts):
4054         (JSC::Heap::objectTypeCounts):
4055         (JSC::Heap::resetAllocator):
4056         (JSC::He