1 2013-08-19 Víctor Manuel Jáquez Leal <vjaquez@igalia.com>
3 <https://webkit.org/b/120008> [GTK][ARM] javascriptcore compilation is broken
5 Reviewed by Oliver Hunt.
7 Guard the compilation of these files only if DFG_JIT is enabled.
9 * dfg/DFGDesiredTransitions.cpp:
10 * dfg/DFGDesiredTransitions.h:
11 * dfg/DFGDesiredWeakReferences.cpp:
12 * dfg/DFGDesiredWeakReferences.h:
13 * dfg/DFGDesiredWriteBarriers.cpp:
14 * dfg/DFGDesiredWriteBarriers.h:
16 2013-08-17 Filip Pizlo <fpizlo@apple.com>
18 REGRESSION(r154218): DFG::FixupPhase no longer turns GetById's child1 into CellUse
19 https://bugs.webkit.org/show_bug.cgi?id=119961
21 Reviewed by Mark Hahnenberg.
23 * dfg/DFGFixupPhase.cpp:
24 (JSC::DFG::FixupPhase::fixupNode):
26 2013-08-18 Gavin Barraclough <barraclough@apple.com>
28 https://bugs.webkit.org/show_bug.cgi?id=119972
29 Add attributes field to PropertySlot
31 Reviewed by Geoff Garen.
33 For all JSC types, this makes getOwnPropertyDescriptor redundant.
34 There will be a bit more hacking required in WebCore to remove GOPD whilst maintaining current behaviour.
35 (Current behaviour is in many ways broken, particularly in that GOPD & GOPS are inconsistent, but we should fix incrementally).
37 No performance impact.
39 * runtime/PropertySlot.h:
40 (JSC::PropertySlot::setValue):
41 (JSC::PropertySlot::setCustom):
42 (JSC::PropertySlot::setCacheableCustom):
43 (JSC::PropertySlot::setCustomIndex):
44 (JSC::PropertySlot::setGetterSlot):
45 (JSC::PropertySlot::setCacheableGetterSlot):
46 - These mathods now all require 'attributes'.
48 (JSC::JSObject::getDirect):
49 (JSC::JSObject::getDirectOffset):
50 (JSC::JSObject::inlineGetOwnPropertySlot):
51 - Added variants of getDirect, getDirectOffset that return the attributes.
52 * API/JSCallbackObjectFunctions.h:
53 (JSC::::getOwnPropertySlot):
54 * runtime/Arguments.cpp:
55 (JSC::Arguments::getOwnPropertySlotByIndex):
56 (JSC::Arguments::getOwnPropertySlot):
57 * runtime/JSActivation.cpp:
58 (JSC::JSActivation::symbolTableGet):
59 (JSC::JSActivation::getOwnPropertySlot):
60 * runtime/JSArray.cpp:
61 (JSC::JSArray::getOwnPropertySlot):
62 * runtime/JSArrayBuffer.cpp:
63 (JSC::JSArrayBuffer::getOwnPropertySlot):
64 * runtime/JSArrayBufferView.cpp:
65 (JSC::JSArrayBufferView::getOwnPropertySlot):
66 * runtime/JSDataView.cpp:
67 (JSC::JSDataView::getOwnPropertySlot):
68 * runtime/JSFunction.cpp:
69 (JSC::JSFunction::getOwnPropertySlot):
70 * runtime/JSGenericTypedArrayViewInlines.h:
71 (JSC::::getOwnPropertySlot):
72 (JSC::::getOwnPropertySlotByIndex):
73 * runtime/JSObject.cpp:
74 (JSC::JSObject::getOwnPropertySlotByIndex):
75 (JSC::JSObject::fillGetterPropertySlot):
77 (JSC::JSString::getStringPropertySlot):
78 * runtime/JSSymbolTableObject.h:
79 (JSC::symbolTableGet):
81 (JSC::setUpStaticFunctionSlot):
83 (JSC::getStaticPropertySlot):
84 (JSC::getStaticPropertyDescriptor):
85 (JSC::getStaticValueSlot):
86 (JSC::getStaticValueDescriptor):
87 * runtime/RegExpObject.cpp:
88 (JSC::RegExpObject::getOwnPropertySlot):
89 * runtime/SparseArrayValueMap.cpp:
90 (JSC::SparseArrayEntry::get):
91 - Pass attributes to PropertySlot::set* methods.
93 2013-08-17 Mark Hahnenberg <mhahnenberg@apple.com>
95 <https://webkit.org/b/119919> Concurrent JIT crashes in various fast/js/dfg-* tests while the main thread is setting innerHTML
97 Reviewed by Filip Pizlo.
99 Added a new mode for DesiredWriteBarrier that allows it to track a position in a
100 Vector of WriteBarriers rather than the specific address. The fact that we were
101 arbitrarily storing into a Vector's backing store for constants at the end of
102 compilation after the Vector could have resized was causing crashes.
104 * bytecode/CodeBlock.h:
105 (JSC::CodeBlock::constants):
106 (JSC::CodeBlock::addConstantLazily):
107 * dfg/DFGByteCodeParser.cpp:
108 (JSC::DFG::ByteCodeParser::addConstant):
109 * dfg/DFGDesiredWriteBarriers.cpp:
110 (JSC::DFG::DesiredWriteBarrier::DesiredWriteBarrier):
111 (JSC::DFG::DesiredWriteBarrier::trigger):
112 (JSC::DFG::initializeLazyWriteBarrierForConstant):
113 * dfg/DFGDesiredWriteBarriers.h:
114 (JSC::DFG::DesiredWriteBarriers::add):
115 * dfg/DFGFixupPhase.cpp:
116 (JSC::DFG::FixupPhase::truncateConstantToInt32):
118 (JSC::DFG::Graph::constantRegisterForConstant):
120 2013-08-16 Filip Pizlo <fpizlo@apple.com>
122 DFG should optimize typedArray.byteLength
123 https://bugs.webkit.org/show_bug.cgi?id=119909
125 Reviewed by Oliver Hunt.
127 This adds typedArray.byteLength inlining to the DFG, and does so without changing
128 the IR: byteLength is turned into GetArrayLength followed by BitLShift. This is
129 legal since the byteLength of a typed array cannot exceed
130 numeric_limits<int32_t>::max().
132 * bytecode/SpeculatedType.cpp:
133 (JSC::typedArrayTypeFromSpeculation):
134 * bytecode/SpeculatedType.h:
135 * dfg/DFGArrayMode.cpp:
136 (JSC::DFG::toArrayType):
137 * dfg/DFGArrayMode.h:
138 * dfg/DFGFixupPhase.cpp:
139 (JSC::DFG::FixupPhase::fixupNode):
140 (JSC::DFG::FixupPhase::attemptToMakeGetArrayLength):
141 (JSC::DFG::FixupPhase::attemptToMakeGetByteLength):
142 (JSC::DFG::FixupPhase::convertToGetArrayLength):
143 (JSC::DFG::FixupPhase::prependGetArrayLength):
145 (JSC::DFG::Graph::constantRegisterForConstant):
146 (JSC::DFG::Graph::convertToConstant):
147 * runtime/TypedArrayType.h:
148 (JSC::logElementSize):
151 2013-08-16 Filip Pizlo <fpizlo@apple.com>
153 DFG optimizes out strict mode arguments tear off
154 https://bugs.webkit.org/show_bug.cgi?id=119504
156 Reviewed by Mark Hahnenberg and Oliver Hunt.
158 Don't do the optimization for strict mode.
160 * dfg/DFGArgumentsSimplificationPhase.cpp:
161 (JSC::DFG::ArgumentsSimplificationPhase::run):
162 (JSC::DFG::ArgumentsSimplificationPhase::pruneObviousArgumentCreations):
164 2013-08-16 Benjamin Poulain <benjamin@webkit.org>
166 [JSC] x86: improve code generation for xxxTest32
167 https://bugs.webkit.org/show_bug.cgi?id=119876
169 Reviewed by Geoffrey Garen.
171 Try to use testb whenever possible when testing for an immediate value.
173 When the input is an address and an offset, we can tweak the mask
174 and offset to be able to generate testb for any byte of the mask.
176 When the input is a register, we can use testb if we are only interested
177 in testing the low bits.
179 * assembler/MacroAssemblerX86Common.h:
180 (JSC::MacroAssemblerX86Common::branchTest32):
181 (JSC::MacroAssemblerX86Common::test32):
182 (JSC::MacroAssemblerX86Common::generateTest32):
184 2013-08-16 Mark Lam <mark.lam@apple.com>
186 <https://bugs.webkit.org/show_bug.cgi?id=119913> Baseline JIT gives erroneous
187 error message that an object is not a constructor though it expects a function
189 Reviewed by Michael Saboff.
192 (JSC::DEFINE_STUB_FUNCTION):
194 2013-08-16 Filip Pizlo <fpizlo@apple.com>
196 Object properties added using dot syntax (o.f = ...) from code that isn't in eval should be less likely to cause an object to become a dictionary
197 https://bugs.webkit.org/show_bug.cgi?id=119897
199 Reviewed by Oliver Hunt.
201 6-10x speed-up on microbenchmarks that create large static objects. 40-65% speed-up
202 on Octane/gbemu. 3% overall speed-up on Octane. No slow-downs anywhere; our ability
203 to turn objects into dictionaries when you're storing using bracket syntax or using
204 eval is still in place.
206 * bytecode/CodeBlock.h:
207 (JSC::CodeBlock::putByIdContext):
208 * dfg/DFGOperations.cpp:
210 (JSC::DEFINE_STUB_FUNCTION):
211 * llint/LLIntSlowPaths.cpp:
212 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
213 * runtime/JSObject.h:
214 (JSC::JSObject::putDirectInternal):
215 * runtime/PutPropertySlot.h:
216 (JSC::PutPropertySlot::PutPropertySlot):
217 (JSC::PutPropertySlot::context):
218 * runtime/Structure.cpp:
219 (JSC::Structure::addPropertyTransition):
220 * runtime/Structure.h:
222 2013-08-16 Balazs Kilvady <kilvadyb@homejinni.com>
224 <https://webkit.org/b/119742> REGRESSION(FTL): Fix register usage in mips implementation of ctiVMHandleException
226 Reviewed by Allan Sandfeld Jensen.
228 ctiVMHandleException must jump/return using register ra (r31).
230 * jit/JITStubsMIPS.h:
232 2013-08-16 Julien Brianceau <jbrianceau@nds.com>
234 <https://webkit.org/b/119879> Fix sh4 build after r154156.
236 Reviewed by Allan Sandfeld Jensen.
238 Fix typo in JITStubsSH4.h file.
242 2013-08-15 Mark Hahnenberg <mhahnenberg@apple.com>
244 <https://webkit.org/b/119833> Concurrent compilation thread should not trigger WriteBarriers
246 Reviewed by Oliver Hunt.
248 The concurrent compilation thread should interact minimally with the Heap, including not
249 triggering WriteBarriers. This is a prerequisite for generational GC.
251 * JavaScriptCore.xcodeproj/project.pbxproj:
252 * bytecode/CodeBlock.cpp:
253 (JSC::CodeBlock::addOrFindConstant):
254 (JSC::CodeBlock::findConstant):
255 * bytecode/CodeBlock.h:
256 (JSC::CodeBlock::addConstantLazily):
257 * dfg/DFGByteCodeParser.cpp:
258 (JSC::DFG::ByteCodeParser::getJSConstantForValue):
259 (JSC::DFG::ByteCodeParser::constantUndefined):
260 (JSC::DFG::ByteCodeParser::constantNull):
261 (JSC::DFG::ByteCodeParser::one):
262 (JSC::DFG::ByteCodeParser::constantNaN):
263 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
264 * dfg/DFGCommonData.cpp:
265 (JSC::DFG::CommonData::notifyCompilingStructureTransition):
266 * dfg/DFGCommonData.h:
267 * dfg/DFGDesiredTransitions.cpp: Added.
268 (JSC::DFG::DesiredTransition::DesiredTransition):
269 (JSC::DFG::DesiredTransition::reallyAdd):
270 (JSC::DFG::DesiredTransitions::DesiredTransitions):
271 (JSC::DFG::DesiredTransitions::~DesiredTransitions):
272 (JSC::DFG::DesiredTransitions::addLazily):
273 (JSC::DFG::DesiredTransitions::reallyAdd):
274 * dfg/DFGDesiredTransitions.h: Added.
275 * dfg/DFGDesiredWeakReferences.cpp: Added.
276 (JSC::DFG::DesiredWeakReferences::DesiredWeakReferences):
277 (JSC::DFG::DesiredWeakReferences::~DesiredWeakReferences):
278 (JSC::DFG::DesiredWeakReferences::addLazily):
279 (JSC::DFG::DesiredWeakReferences::reallyAdd):
280 * dfg/DFGDesiredWeakReferences.h: Added.
281 * dfg/DFGDesiredWriteBarriers.cpp: Added.
282 (JSC::DFG::DesiredWriteBarrier::DesiredWriteBarrier):
283 (JSC::DFG::DesiredWriteBarrier::trigger):
284 (JSC::DFG::DesiredWriteBarriers::DesiredWriteBarriers):
285 (JSC::DFG::DesiredWriteBarriers::~DesiredWriteBarriers):
286 (JSC::DFG::DesiredWriteBarriers::addImpl):
287 (JSC::DFG::DesiredWriteBarriers::trigger):
288 * dfg/DFGDesiredWriteBarriers.h: Added.
289 (JSC::DFG::DesiredWriteBarriers::add):
290 (JSC::DFG::initializeLazyWriteBarrier):
291 * dfg/DFGFixupPhase.cpp:
292 (JSC::DFG::FixupPhase::truncateConstantToInt32):
294 (JSC::DFG::Graph::convertToConstant):
295 * dfg/DFGJITCompiler.h:
296 (JSC::DFG::JITCompiler::addWeakReference):
298 (JSC::DFG::Plan::Plan):
299 (JSC::DFG::Plan::reallyAdd):
301 * dfg/DFGSpeculativeJIT32_64.cpp:
302 (JSC::DFG::SpeculativeJIT::compile):
303 * dfg/DFGSpeculativeJIT64.cpp:
304 (JSC::DFG::SpeculativeJIT::compile):
305 * runtime/WriteBarrier.h:
306 (JSC::WriteBarrierBase::set):
307 (JSC::WriteBarrier::WriteBarrier):
309 2013-08-15 Benjamin Poulain <benjamin@webkit.org>
311 Fix x86 32bits build after r154158
313 * assembler/X86Assembler.h: Add missing #ifdef for the x86_64 instructions.
315 2013-08-15 Ryosuke Niwa <rniwa@webkit.org>
317 Build fix attempt after r154156.
320 (JSC::cti_vm_handle_exception): encode!
322 2013-08-15 Benjamin Poulain <benjamin@webkit.org>
324 [JSC] x86: Use inc and dec when possible
325 https://bugs.webkit.org/show_bug.cgi?id=119831
327 Reviewed by Geoffrey Garen.
329 When incrementing or decrementing by an immediate of 1, use the insctructions
330 inc and dec instead of add and sub.
331 The instructions have good timing and their encoding is smaller.
333 * assembler/MacroAssemblerX86Common.h:
334 (JSC::MacroAssemblerX86_64::add32):
335 (JSC::MacroAssemblerX86_64::sub32):
336 * assembler/MacroAssemblerX86_64.h:
337 (JSC::MacroAssemblerX86_64::add64):
338 (JSC::MacroAssemblerX86_64::sub64):
339 * assembler/X86Assembler.h:
340 (JSC::X86Assembler::dec_r):
341 (JSC::X86Assembler::decq_r):
342 (JSC::X86Assembler::inc_r):
343 (JSC::X86Assembler::incq_r):
345 2013-08-15 Filip Pizlo <fpizlo@apple.com>
347 Sometimes, the DFG uses a GetById for typed array length accesses despite profiling data that indicates that it's a typed array length access
348 https://bugs.webkit.org/show_bug.cgi?id=119874
350 Reviewed by Oliver Hunt and Mark Hahnenberg.
352 It was a confusion between heuristics in DFG::ArrayMode that are assuming that
353 you'll use ForceExit if array profiles are empty, the JIT creating empty profiles
354 sometimes for typed array length accesses, and the FixupPhase assuming that a
355 ForceExit ArrayMode means that it should continue using a generic GetById.
357 This fixes the confusion.
359 * dfg/DFGFixupPhase.cpp:
360 (JSC::DFG::FixupPhase::fixupNode):
362 2013-08-15 Mark Lam <mark.lam@apple.com>
364 Fix crash when performing activation tearoff.
365 https://bugs.webkit.org/show_bug.cgi?id=119848
367 Reviewed by Oliver Hunt.
369 The activation tearoff crash was due to a bug in the baseline JIT.
370 If we have a scenario where the a baseline JIT frame calls a LLINT
371 frame, an exception may be thrown while in the LLINT.
373 Interpreter::throwException() which handles the exception will unwind
374 all frames until it finds a catcher or sees a host frame. When we
375 return from the LLINT to the baseline JIT code, the baseline JIT code
376 errorneously sets topCallFrame to the value in its call frame register,
377 and starts unwinding the stack frames that have already been unwound.
380 1. Rename ctiVMThrowTrampolineSlowpath to ctiVMHandleException.
381 This is a more accurate description of what this runtime function
382 is supposed to do i.e. it handles the exception which include doing
383 nothing (if there are no more frames to unwind).
384 2. Fix up topCallFrame values so that the HostCallFrameFlag is never
386 3. Reloading the call frame register from topCallFrame when we're
387 returning from a callee and detect exception handling in progress.
389 * interpreter/Interpreter.cpp:
390 (JSC::Interpreter::unwindCallFrame):
391 - Ensure that topCallFrame is not set with the HostCallFrameFlag.
392 (JSC::Interpreter::getStackTrace):
393 * interpreter/Interpreter.h:
394 (JSC::TopCallFrameSetter::TopCallFrameSetter):
395 (JSC::TopCallFrameSetter::~TopCallFrameSetter):
396 (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
397 - Ensure that topCallFrame is not set with the HostCallFrameFlag.
399 * jit/JITExceptions.cpp:
400 (JSC::uncaughtExceptionHandler):
401 - Convenience function to get the handler for uncaught exceptions.
402 * jit/JITExceptions.h:
404 (JSC::JIT::reloadCallFrameFromTopCallFrame):
405 * jit/JITOpcodes32_64.cpp:
406 (JSC::JIT::privateCompileCTINativeCall):
407 - Rename ctiVMThrowTrampolineSlowpath to ctiVMHandleException.
409 (JSC::throwExceptionFromOpCall):
410 - Ensure that topCallFrame is not set with the HostCallFrameFlag.
411 (JSC::cti_vm_handle_exception):
412 - Check for the case when there are no more frames to unwind.
415 * jit/JITStubsARMv7.h:
416 * jit/JITStubsMIPS.h:
419 * jit/JITStubsX86_64.h:
420 - Rename ctiVMThrowTrampolineSlowpath to ctiVMHandleException.
421 * jit/SlowPathCall.h:
422 (JSC::JITSlowPathCall::call):
423 - reload cfr from topcallFrame when handling an exception.
424 - Rename ctiVMThrowTrampolineSlowpath to ctiVMHandleException.
425 * jit/ThunkGenerators.cpp:
426 (JSC::nativeForGenerator):
427 * llint/LowLevelInterpreter32_64.asm:
428 * llint/LowLevelInterpreter64.asm:
429 - reload cfr from topcallFrame when handling an exception.
432 - Ensure that topCallFrame is not set with the HostCallFrameFlag.
434 2013-08-15 Filip Pizlo <fpizlo@apple.com>
436 Remove some code duplication.
438 Rubber stamped by Mark Hahnenberg.
440 * runtime/JSDataViewPrototype.cpp:
444 2013-08-15 Julien Brianceau <jbrianceau@nds.com>
446 [DFG] isDouble() and isNumerical() should return true with KnownNumberUse UseKind.
447 https://bugs.webkit.org/show_bug.cgi?id=119794
449 Reviewed by Filip Pizlo.
451 This patch fixes ASSERTs failures in debug builds for sh4 and mips architecture.
454 (JSC::DFG::isNumerical):
455 (JSC::DFG::isDouble):
457 2013-08-15 Filip Pizlo <fpizlo@apple.com>
459 http://trac.webkit.org/changeset/154120 accidentally changed DFGCapabilities to read the resolve type from operand 4, not 3; it should be 3.
461 Rubber stamped by Oliver Hunt.
463 This was causing some test crashes for me.
465 * dfg/DFGCapabilities.cpp:
466 (JSC::DFG::capabilityLevel):
468 2013-08-15 Brent Fulgham <bfulgham@apple.com>
470 [Windows] Clear up improper export declaration.
472 * runtime/ArrayBufferView.h:
474 2013-08-15 Filip Pizlo <fpizlo@apple.com>
476 Unreviewed, remove some unnecessary periods from exceptions.
478 * runtime/JSDataViewPrototype.cpp:
482 2013-08-15 Filip Pizlo <fpizlo@apple.com>
484 Unreviewed, fix 32-bit build.
486 * dfg/DFGSpeculativeJIT32_64.cpp:
487 (JSC::DFG::SpeculativeJIT::compile):
489 2013-08-14 Filip Pizlo <fpizlo@apple.com>
491 Typed arrays should be rewritten
492 https://bugs.webkit.org/show_bug.cgi?id=119064
494 Reviewed by Oliver Hunt.
496 Typed arrays were previously deficient in several major ways:
498 - They were defined separately in WebCore and in the jsc shell. The two
499 implementations were different, and the jsc shell one was basically wrong.
500 The WebCore one was quite awful, also.
502 - Typed arrays were not visible to the JIT except through some weird hooks.
503 For example, the JIT could not ask "what is the Structure that this typed
504 array would have if I just allocated it from this global object". Also,
505 it was difficult to wire any of the typed array intrinsics, because most
506 of the functionality wasn't visible anywhere in JSC.
508 - Typed array allocation was brain-dead. Allocating a typed array involved
509 two JS objects, two GC weak handles, and three malloc allocations.
511 - Neutering. It involved keeping tabs on all native views but not the view
512 wrappers, even though the native views can autoneuter just by asking the
513 buffer if it was neutered anytime you touch them; while the JS view
514 wrappers are the ones that you really want to reach out to.
516 - Common case-ing. Most typed arrays have one buffer and one view, and
517 usually nobody touches the buffer. Yet we created all of that stuff
518 anyway, using data structures optimized for the case where you had a lot
521 - Semantic goofs. Typed arrays should, in the future, behave like ES
522 features rather than DOM features, for example when it comes to exceptions.
523 Firefox already does this and I agree with them.
525 This patch cleanses our codebase of these sins:
527 - Typed arrays are almost entirely defined in JSC. Only the lifecycle
528 management of native references to buffers is left to WebCore.
530 - Allocating a typed array requires either two GC allocations (a cell and a
531 copied storage vector) or one GC allocation, a malloc allocation, and a
532 weak handle (a cell and a malloc'd storage vector, plus a finalizer for the
533 latter). The latter is only used for oversize arrays. Remember that before
534 it was 7 allocations no matter what.
536 - Typed arrays require just 4 words of overhead: Structure*, Butterfly*,
537 mode/length, void* vector. Before it was a lot more than that - remember,
538 there were five additional objects that did absolutely nothing for anybody.
540 - Native views aren't tracked by the buffer, or by the wrappers. They are
541 transient. In the future we'll probably switch to not even having them be
544 - Native array buffers have an efficient way of tracking all of their JS view
545 wrappers, both for neutering, and for lifecycle management. The GC
546 special-cases native array buffers. This saves a bunch of grief; for example
547 it means that a JS view wrapper can refer to its buffer via the butterfly,
548 which would be dead by the time we went to finalize.
550 - Typed array semantics now match Firefox, which also happens to be where the
551 standards are going. The discussion on webkit-dev seemed to confirm that
552 Chrome is also heading in this direction. This includes making
553 Uint8ClampedArray not a subtype of Uint8Array, and getting rid of
554 ArrayBufferView as a JS-visible construct.
556 This is up to a 10x speed-up on programs that allocate a lot of typed arrays.
557 It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for
558 further typed array optimizations in the JSC JITs, including inlining typed
559 array allocation, inlining more of the accessors, reducing the cost of type
562 An additional property of this patch is that typed arrays are mostly
563 implemented using templates. This deduplicates a bunch of code, but does mean
564 that we need some hacks for exporting s_info's of template classes. See
565 JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly
566 low-impact compared to code duplication.
568 Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>.
571 * DerivedSources.make:
572 * GNUmakefile.list.am:
573 * JSCTypedArrayStubs.h: Removed.
574 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
575 * JavaScriptCore.xcodeproj/project.pbxproj:
577 * bytecode/ByValInfo.h:
578 (JSC::hasOptimizableIndexingForClassInfo):
579 (JSC::jitArrayModeForClassInfo):
580 (JSC::typedArrayTypeForJITArrayMode):
581 * bytecode/SpeculatedType.cpp:
582 (JSC::speculationFromClassInfo):
583 * dfg/DFGArrayMode.cpp:
584 (JSC::DFG::toTypedArrayType):
585 * dfg/DFGArrayMode.h:
586 (JSC::DFG::ArrayMode::typedArrayType):
587 * dfg/DFGSpeculativeJIT.cpp:
588 (JSC::DFG::SpeculativeJIT::checkArray):
589 (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
590 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
591 (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
592 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
593 (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
594 (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
595 * dfg/DFGSpeculativeJIT.h:
596 * dfg/DFGSpeculativeJIT32_64.cpp:
597 (JSC::DFG::SpeculativeJIT::compile):
598 * dfg/DFGSpeculativeJIT64.cpp:
599 (JSC::DFG::SpeculativeJIT::compile):
602 (JSC::DeferGCForAWhile::DeferGCForAWhile):
603 (JSC::DeferGCForAWhile::~DeferGCForAWhile):
604 * heap/GCIncomingRefCounted.h: Added.
605 (JSC::GCIncomingRefCounted::GCIncomingRefCounted):
606 (JSC::GCIncomingRefCounted::~GCIncomingRefCounted):
607 (JSC::GCIncomingRefCounted::numberOfIncomingReferences):
608 (JSC::GCIncomingRefCounted::incomingReferenceAt):
609 (JSC::GCIncomingRefCounted::singletonFlag):
610 (JSC::GCIncomingRefCounted::hasVectorOfCells):
611 (JSC::GCIncomingRefCounted::hasAnyIncoming):
612 (JSC::GCIncomingRefCounted::hasSingleton):
613 (JSC::GCIncomingRefCounted::singleton):
614 (JSC::GCIncomingRefCounted::vectorOfCells):
615 * heap/GCIncomingRefCountedInlines.h: Added.
616 (JSC::::addIncomingReference):
617 (JSC::::filterIncomingReferences):
618 * heap/GCIncomingRefCountedSet.h: Added.
619 (JSC::GCIncomingRefCountedSet::size):
620 * heap/GCIncomingRefCountedSetInlines.h: Added.
621 (JSC::::GCIncomingRefCountedSet):
622 (JSC::::~GCIncomingRefCountedSet):
623 (JSC::::addReference):
628 (JSC::Heap::addReference):
629 (JSC::Heap::extraSize):
631 (JSC::Heap::capacity):
632 (JSC::Heap::collect):
633 (JSC::Heap::decrementDeferralDepth):
634 (JSC::Heap::decrementDeferralDepthAndGCIfNeeded):
636 * interpreter/CallFrame.h:
637 (JSC::ExecState::dataViewTable):
639 * jit/JITPropertyAccess.cpp:
640 (JSC::JIT::privateCompileGetByVal):
641 (JSC::JIT::privateCompilePutByVal):
642 (JSC::JIT::emitIntTypedArrayGetByVal):
643 (JSC::JIT::emitFloatTypedArrayGetByVal):
644 (JSC::JIT::emitIntTypedArrayPutByVal):
645 (JSC::JIT::emitFloatTypedArrayPutByVal):
647 (GlobalObject::finishCreation):
648 * runtime/ArrayBuffer.cpp:
649 (JSC::ArrayBuffer::transfer):
650 * runtime/ArrayBuffer.h:
651 (JSC::ArrayBuffer::createAdopted):
652 (JSC::ArrayBuffer::ArrayBuffer):
653 (JSC::ArrayBuffer::gcSizeEstimateInBytes):
654 (JSC::ArrayBuffer::pin):
655 (JSC::ArrayBuffer::unpin):
656 (JSC::ArrayBufferContents::tryAllocate):
657 * runtime/ArrayBufferView.cpp:
658 (JSC::ArrayBufferView::ArrayBufferView):
659 (JSC::ArrayBufferView::~ArrayBufferView):
660 (JSC::ArrayBufferView::setNeuterable):
661 * runtime/ArrayBufferView.h:
662 (JSC::ArrayBufferView::isNeutered):
663 (JSC::ArrayBufferView::buffer):
664 (JSC::ArrayBufferView::baseAddress):
665 (JSC::ArrayBufferView::byteOffset):
666 (JSC::ArrayBufferView::verifySubRange):
667 (JSC::ArrayBufferView::clampOffsetAndNumElements):
668 (JSC::ArrayBufferView::calculateOffsetAndLength):
669 * runtime/ClassInfo.h:
670 * runtime/CommonIdentifiers.h:
671 * runtime/DataView.cpp: Added.
672 (JSC::DataView::DataView):
673 (JSC::DataView::create):
674 (JSC::DataView::wrap):
675 * runtime/DataView.h: Added.
676 (JSC::DataView::byteLength):
677 (JSC::DataView::getType):
678 (JSC::DataView::get):
679 (JSC::DataView::set):
680 * runtime/Float32Array.h:
681 * runtime/Float64Array.h:
682 * runtime/GenericTypedArrayView.h: Added.
683 (JSC::GenericTypedArrayView::data):
684 (JSC::GenericTypedArrayView::set):
685 (JSC::GenericTypedArrayView::setRange):
686 (JSC::GenericTypedArrayView::zeroRange):
687 (JSC::GenericTypedArrayView::zeroFill):
688 (JSC::GenericTypedArrayView::length):
689 (JSC::GenericTypedArrayView::byteLength):
690 (JSC::GenericTypedArrayView::item):
691 (JSC::GenericTypedArrayView::checkInboundData):
692 (JSC::GenericTypedArrayView::getType):
693 * runtime/GenericTypedArrayViewInlines.h: Added.
694 (JSC::::GenericTypedArrayView):
696 (JSC::::createUninitialized):
699 * runtime/IndexingHeader.h:
700 (JSC::IndexingHeader::arrayBuffer):
701 (JSC::IndexingHeader::setArrayBuffer):
702 * runtime/Int16Array.h:
703 * runtime/Int32Array.h:
704 * runtime/Int8Array.h:
705 * runtime/JSArrayBuffer.cpp: Added.
706 (JSC::JSArrayBuffer::JSArrayBuffer):
707 (JSC::JSArrayBuffer::finishCreation):
708 (JSC::JSArrayBuffer::create):
709 (JSC::JSArrayBuffer::createStructure):
710 (JSC::JSArrayBuffer::getOwnPropertySlot):
711 (JSC::JSArrayBuffer::getOwnPropertyDescriptor):
712 (JSC::JSArrayBuffer::put):
713 (JSC::JSArrayBuffer::defineOwnProperty):
714 (JSC::JSArrayBuffer::deleteProperty):
715 (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames):
716 * runtime/JSArrayBuffer.h: Added.
717 (JSC::JSArrayBuffer::impl):
718 (JSC::toArrayBuffer):
719 * runtime/JSArrayBufferConstructor.cpp: Added.
720 (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor):
721 (JSC::JSArrayBufferConstructor::finishCreation):
722 (JSC::JSArrayBufferConstructor::create):
723 (JSC::JSArrayBufferConstructor::createStructure):
724 (JSC::constructArrayBuffer):
725 (JSC::JSArrayBufferConstructor::getConstructData):
726 (JSC::JSArrayBufferConstructor::getCallData):
727 * runtime/JSArrayBufferConstructor.h: Added.
728 * runtime/JSArrayBufferPrototype.cpp: Added.
729 (JSC::arrayBufferProtoFuncSlice):
730 (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype):
731 (JSC::JSArrayBufferPrototype::finishCreation):
732 (JSC::JSArrayBufferPrototype::create):
733 (JSC::JSArrayBufferPrototype::createStructure):
734 * runtime/JSArrayBufferPrototype.h: Added.
735 * runtime/JSArrayBufferView.cpp: Added.
736 (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext):
737 (JSC::JSArrayBufferView::JSArrayBufferView):
738 (JSC::JSArrayBufferView::finishCreation):
739 (JSC::JSArrayBufferView::getOwnPropertySlot):
740 (JSC::JSArrayBufferView::getOwnPropertyDescriptor):
741 (JSC::JSArrayBufferView::put):
742 (JSC::JSArrayBufferView::defineOwnProperty):
743 (JSC::JSArrayBufferView::deleteProperty):
744 (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames):
745 (JSC::JSArrayBufferView::finalize):
746 * runtime/JSArrayBufferView.h: Added.
747 (JSC::JSArrayBufferView::sizeOf):
748 (JSC::JSArrayBufferView::ConstructionContext::operator!):
749 (JSC::JSArrayBufferView::ConstructionContext::structure):
750 (JSC::JSArrayBufferView::ConstructionContext::vector):
751 (JSC::JSArrayBufferView::ConstructionContext::length):
752 (JSC::JSArrayBufferView::ConstructionContext::mode):
753 (JSC::JSArrayBufferView::ConstructionContext::butterfly):
754 (JSC::JSArrayBufferView::mode):
755 (JSC::JSArrayBufferView::vector):
756 (JSC::JSArrayBufferView::length):
757 (JSC::JSArrayBufferView::offsetOfVector):
758 (JSC::JSArrayBufferView::offsetOfLength):
759 (JSC::JSArrayBufferView::offsetOfMode):
760 * runtime/JSArrayBufferViewInlines.h: Added.
761 (JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary):
762 (JSC::JSArrayBufferView::buffer):
763 (JSC::JSArrayBufferView::impl):
764 (JSC::JSArrayBufferView::neuter):
765 (JSC::JSArrayBufferView::byteOffset):
766 * runtime/JSCell.cpp:
767 (JSC::JSCell::slowDownAndWasteMemory):
768 (JSC::JSCell::getTypedArrayImpl):
770 * runtime/JSDataView.cpp: Added.
771 (JSC::JSDataView::JSDataView):
772 (JSC::JSDataView::create):
773 (JSC::JSDataView::createUninitialized):
774 (JSC::JSDataView::set):
775 (JSC::JSDataView::typedImpl):
776 (JSC::JSDataView::getOwnPropertySlot):
777 (JSC::JSDataView::getOwnPropertyDescriptor):
778 (JSC::JSDataView::slowDownAndWasteMemory):
779 (JSC::JSDataView::getTypedArrayImpl):
780 (JSC::JSDataView::createStructure):
781 * runtime/JSDataView.h: Added.
782 * runtime/JSDataViewPrototype.cpp: Added.
783 (JSC::JSDataViewPrototype::JSDataViewPrototype):
784 (JSC::JSDataViewPrototype::create):
785 (JSC::JSDataViewPrototype::createStructure):
786 (JSC::JSDataViewPrototype::getOwnPropertySlot):
787 (JSC::JSDataViewPrototype::getOwnPropertyDescriptor):
790 (JSC::dataViewProtoFuncGetInt8):
791 (JSC::dataViewProtoFuncGetInt16):
792 (JSC::dataViewProtoFuncGetInt32):
793 (JSC::dataViewProtoFuncGetUint8):
794 (JSC::dataViewProtoFuncGetUint16):
795 (JSC::dataViewProtoFuncGetUint32):
796 (JSC::dataViewProtoFuncGetFloat32):
797 (JSC::dataViewProtoFuncGetFloat64):
798 (JSC::dataViewProtoFuncSetInt8):
799 (JSC::dataViewProtoFuncSetInt16):
800 (JSC::dataViewProtoFuncSetInt32):
801 (JSC::dataViewProtoFuncSetUint8):
802 (JSC::dataViewProtoFuncSetUint16):
803 (JSC::dataViewProtoFuncSetUint32):
804 (JSC::dataViewProtoFuncSetFloat32):
805 (JSC::dataViewProtoFuncSetFloat64):
806 * runtime/JSDataViewPrototype.h: Added.
807 * runtime/JSFloat32Array.h: Added.
808 * runtime/JSFloat64Array.h: Added.
809 * runtime/JSGenericTypedArrayView.h: Added.
810 (JSC::JSGenericTypedArrayView::byteLength):
811 (JSC::JSGenericTypedArrayView::byteSize):
812 (JSC::JSGenericTypedArrayView::typedVector):
813 (JSC::JSGenericTypedArrayView::canGetIndexQuickly):
814 (JSC::JSGenericTypedArrayView::canSetIndexQuickly):
815 (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue):
816 (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble):
817 (JSC::JSGenericTypedArrayView::getIndexQuickly):
818 (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue):
819 (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble):
820 (JSC::JSGenericTypedArrayView::setIndexQuickly):
821 (JSC::JSGenericTypedArrayView::canAccessRangeQuickly):
822 (JSC::JSGenericTypedArrayView::typedImpl):
823 (JSC::JSGenericTypedArrayView::createStructure):
824 (JSC::JSGenericTypedArrayView::info):
825 (JSC::toNativeTypedView):
826 * runtime/JSGenericTypedArrayViewConstructor.h: Added.
827 * runtime/JSGenericTypedArrayViewConstructorInlines.h: Added.
828 (JSC::::JSGenericTypedArrayViewConstructor):
829 (JSC::::finishCreation):
831 (JSC::::createStructure):
832 (JSC::constructGenericTypedArrayView):
833 (JSC::::getConstructData):
834 (JSC::::getCallData):
835 * runtime/JSGenericTypedArrayViewInlines.h: Added.
836 (JSC::::JSGenericTypedArrayView):
838 (JSC::::createUninitialized):
839 (JSC::::validateRange):
840 (JSC::::setWithSpecificType):
842 (JSC::::getOwnPropertySlot):
843 (JSC::::getOwnPropertyDescriptor):
845 (JSC::::defineOwnProperty):
846 (JSC::::deleteProperty):
847 (JSC::::getOwnPropertySlotByIndex):
849 (JSC::::deletePropertyByIndex):
850 (JSC::::getOwnNonIndexPropertyNames):
851 (JSC::::getOwnPropertyNames):
852 (JSC::::visitChildren):
853 (JSC::::copyBackingStore):
854 (JSC::::slowDownAndWasteMemory):
855 (JSC::::getTypedArrayImpl):
856 * runtime/JSGenericTypedArrayViewPrototype.h: Added.
857 * runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added.
858 (JSC::genericTypedArrayViewProtoFuncSet):
859 (JSC::genericTypedArrayViewProtoFuncSubarray):
860 (JSC::::JSGenericTypedArrayViewPrototype):
861 (JSC::::finishCreation):
863 (JSC::::createStructure):
864 * runtime/JSGlobalObject.cpp:
865 (JSC::JSGlobalObject::reset):
866 (JSC::JSGlobalObject::visitChildren):
867 * runtime/JSGlobalObject.h:
868 (JSC::JSGlobalObject::arrayBufferPrototype):
869 (JSC::JSGlobalObject::arrayBufferStructure):
870 (JSC::JSGlobalObject::typedArrayStructure):
871 * runtime/JSInt16Array.h: Added.
872 * runtime/JSInt32Array.h: Added.
873 * runtime/JSInt8Array.h: Added.
874 * runtime/JSTypedArrayConstructors.cpp: Added.
875 * runtime/JSTypedArrayConstructors.h: Added.
876 * runtime/JSTypedArrayPrototypes.cpp: Added.
877 * runtime/JSTypedArrayPrototypes.h: Added.
878 * runtime/JSTypedArrays.cpp: Added.
879 * runtime/JSTypedArrays.h: Added.
880 * runtime/JSUint16Array.h: Added.
881 * runtime/JSUint32Array.h: Added.
882 * runtime/JSUint8Array.h: Added.
883 * runtime/JSUint8ClampedArray.h: Added.
884 * runtime/Operations.h:
886 * runtime/SimpleTypedArrayController.cpp: Added.
887 (JSC::SimpleTypedArrayController::SimpleTypedArrayController):
888 (JSC::SimpleTypedArrayController::~SimpleTypedArrayController):
889 (JSC::SimpleTypedArrayController::toJS):
890 * runtime/SimpleTypedArrayController.h: Added.
891 * runtime/Structure.h:
892 (JSC::Structure::couldHaveIndexingHeader):
893 * runtime/StructureInlines.h:
894 (JSC::Structure::hasIndexingHeader):
895 * runtime/TypedArrayAdaptors.h: Added.
896 (JSC::IntegralTypedArrayAdaptor::toNative):
897 (JSC::IntegralTypedArrayAdaptor::toJSValue):
898 (JSC::IntegralTypedArrayAdaptor::toDouble):
899 (JSC::FloatTypedArrayAdaptor::toNative):
900 (JSC::FloatTypedArrayAdaptor::toJSValue):
901 (JSC::FloatTypedArrayAdaptor::toDouble):
902 (JSC::Uint8ClampedAdaptor::toNative):
903 (JSC::Uint8ClampedAdaptor::toJSValue):
904 (JSC::Uint8ClampedAdaptor::toDouble):
905 (JSC::Uint8ClampedAdaptor::clamp):
906 * runtime/TypedArrayController.cpp: Added.
907 (JSC::TypedArrayController::TypedArrayController):
908 (JSC::TypedArrayController::~TypedArrayController):
909 * runtime/TypedArrayController.h: Added.
910 * runtime/TypedArrayDescriptor.h: Removed.
911 * runtime/TypedArrayInlines.h: Added.
912 * runtime/TypedArrayType.cpp: Added.
913 (JSC::classInfoForType):
914 (WTF::printInternal):
915 * runtime/TypedArrayType.h: Added.
923 * runtime/TypedArrays.h: Added.
924 * runtime/Uint16Array.h:
925 * runtime/Uint32Array.h:
926 * runtime/Uint8Array.h:
927 * runtime/Uint8ClampedArray.h:
933 2013-08-15 Oliver Hunt <oliver@apple.com>
935 <https://webkit.org/b/119830> Assigning to a readonly global results in DFG byte code parse failure
937 Reviewed by Filip Pizlo.
939 Make sure dfgCapabilities doesn't report a Dynamic put as
940 being compilable when we don't actually support it.
942 * bytecode/CodeBlock.cpp:
943 (JSC::CodeBlock::dumpBytecode):
944 * dfg/DFGCapabilities.cpp:
945 (JSC::DFG::capabilityLevel):
947 2013-08-15 Brent Fulgham <bfulgham@apple.com>
949 [Windows] Incorrect DLL Linkage for JSC ArrayBuffer and ArrayBufferView
950 https://bugs.webkit.org/show_bug.cgi?id=119847
952 Reviewed by Oliver Hunt.
954 * runtime/ArrayBuffer.h: Switch from WTF_EXPORT_PRIVATE to JS_EXPORT_PRIVATE
955 * runtime/ArrayBufferView.h: Ditto.
957 2013-08-15 Gavin Barraclough <barraclough@apple.com>
959 https://bugs.webkit.org/show_bug.cgi?id=119843
960 PropertySlot::setValue is ambiguous
962 Reviewed by Geoff Garen.
964 There are three different versions of PropertySlot::setValue, one for cacheable properties, and two that are used interchangeably and inconsistently.
965 The problematic variants are the ones that just take a value, and one that takes a value and also the object containing the property.
966 Unify on always providing the object, and remove the version that just takes a value.
967 This always works except for JSString, where we optimize out the object (logically we should be instantiating a temporary StringObject on every property access).
968 Provide a version of setValue that takes a JSString as the owner of the property.
969 We won't store this, but it makes it clear that this interface should only be used from JSString.
971 * API/JSCallbackObjectFunctions.h:
972 (JSC::::getOwnPropertySlot):
973 * JSCTypedArrayStubs.h:
974 * runtime/Arguments.cpp:
975 (JSC::Arguments::getOwnPropertySlotByIndex):
976 (JSC::Arguments::getOwnPropertySlot):
977 * runtime/JSActivation.cpp:
978 (JSC::JSActivation::symbolTableGet):
979 (JSC::JSActivation::getOwnPropertySlot):
980 * runtime/JSArray.cpp:
981 (JSC::JSArray::getOwnPropertySlot):
982 * runtime/JSObject.cpp:
983 (JSC::JSObject::getOwnPropertySlotByIndex):
984 * runtime/JSString.h:
985 (JSC::JSString::getStringPropertySlot):
986 * runtime/JSSymbolTableObject.h:
987 (JSC::symbolTableGet):
988 * runtime/SparseArrayValueMap.cpp:
989 (JSC::SparseArrayEntry::get):
990 - Pass object containing property to PropertySlot::setValue
991 * runtime/PropertySlot.h:
992 (JSC::PropertySlot::setValue):
993 - Logically, the base of a string property access is a temporary StringObject, but we optimize that away.
994 (JSC::PropertySlot::setUndefined):
995 - removed setValue(JSValue), added setValue(JSString*, JSValue)
997 2013-08-15 Oliver Hunt <oliver@apple.com>
999 Remove bogus assertion.
1003 * dfg/DFGAbstractInterpreterInlines.h:
1004 (JSC::DFG::::executeEffects):
1006 2013-08-15 Allan Sandfeld Jensen <allan.jensen@digia.com>
1008 REGRESSION(r148790) Made 7 tests fail on x86 32bit
1009 https://bugs.webkit.org/show_bug.cgi?id=114913
1011 Reviewed by Filip Pizlo.
1013 The X87 register was not freed before some calls. Instead
1014 of inserting resetX87Registers to the last call sites,
1015 the two X87 registers are now freed in every call.
1017 * llint/LowLevelInterpreter32_64.asm:
1018 * llint/LowLevelInterpreter64.asm:
1019 * offlineasm/instructions.rb:
1020 * offlineasm/x86.rb:
1022 2013-08-14 Michael Saboff <msaboff@apple.com>
1025 https://bugs.webkit.org/show_bug.cgi?id=119601
1027 Reviewed by Oliver Hunt.
1029 * jit/JITStubsMSVC64.asm: Added ctiVMThrowTrampolineSlowpath implementation.
1030 * jit/JSInterfaceJIT.h: Added thirdArgumentRegister.
1031 * jit/SlowPathCall.h:
1032 (JSC::JITSlowPathCall::call): Added correct calling convention for Win64.
1034 2013-08-14 Alex Christensen <achristensen@apple.com>
1036 Compile fix for Win64 with jit disabled.
1037 https://bugs.webkit.org/show_bug.cgi?id=119804
1039 Reviewed by Michael Saboff.
1041 * offlineasm/cloop.rb: Added std:: before isnan.
1043 2013-08-14 Julien Brianceau <jbrianceau@nds.com>
1045 DFG_JIT implementation for sh4 architecture.
1046 https://bugs.webkit.org/show_bug.cgi?id=119737
1048 Reviewed by Oliver Hunt.
1050 * assembler/MacroAssemblerSH4.h:
1051 (JSC::MacroAssemblerSH4::invert):
1052 (JSC::MacroAssemblerSH4::add32):
1053 (JSC::MacroAssemblerSH4::and32):
1054 (JSC::MacroAssemblerSH4::lshift32):
1055 (JSC::MacroAssemblerSH4::mul32):
1056 (JSC::MacroAssemblerSH4::or32):
1057 (JSC::MacroAssemblerSH4::rshift32):
1058 (JSC::MacroAssemblerSH4::sub32):
1059 (JSC::MacroAssemblerSH4::xor32):
1060 (JSC::MacroAssemblerSH4::store32):
1061 (JSC::MacroAssemblerSH4::swapDouble):
1062 (JSC::MacroAssemblerSH4::storeDouble):
1063 (JSC::MacroAssemblerSH4::subDouble):
1064 (JSC::MacroAssemblerSH4::mulDouble):
1065 (JSC::MacroAssemblerSH4::divDouble):
1066 (JSC::MacroAssemblerSH4::negateDouble):
1067 (JSC::MacroAssemblerSH4::zeroExtend32ToPtr):
1068 (JSC::MacroAssemblerSH4::branchTruncateDoubleToUint32):
1069 (JSC::MacroAssemblerSH4::truncateDoubleToUint32):
1070 (JSC::MacroAssemblerSH4::swap):
1071 (JSC::MacroAssemblerSH4::jump):
1072 (JSC::MacroAssemblerSH4::branchNeg32):
1073 (JSC::MacroAssemblerSH4::branchAdd32):
1074 (JSC::MacroAssemblerSH4::branchMul32):
1075 (JSC::MacroAssemblerSH4::urshift32):
1076 * assembler/SH4Assembler.h:
1077 (JSC::SH4Assembler::SH4Assembler):
1078 (JSC::SH4Assembler::labelForWatchpoint):
1079 (JSC::SH4Assembler::label):
1080 (JSC::SH4Assembler::debugOffset):
1081 * dfg/DFGAssemblyHelpers.h:
1082 (JSC::DFG::AssemblyHelpers::preserveReturnAddressAfterCall):
1083 (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
1084 (JSC::DFG::AssemblyHelpers::debugCall):
1085 * dfg/DFGCCallHelpers.h:
1086 (JSC::DFG::CCallHelpers::setupArguments):
1087 (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
1089 (JSC::DFG::FPRInfo::toRegister):
1090 (JSC::DFG::FPRInfo::toIndex):
1091 (JSC::DFG::FPRInfo::debugName):
1093 (JSC::DFG::GPRInfo::toRegister):
1094 (JSC::DFG::GPRInfo::toIndex):
1095 (JSC::DFG::GPRInfo::debugName):
1096 * dfg/DFGOperations.cpp:
1097 * dfg/DFGSpeculativeJIT.h:
1098 (JSC::DFG::SpeculativeJIT::callOperation):
1100 * jit/JITStubsSH4.h:
1102 2013-08-13 Filip Pizlo <fpizlo@apple.com>
1104 Unreviewed, fix build.
1109 * API/JSWrapperMap.mm:
1110 (tryUnwrapObjcObject):
1111 * API/ObjCCallbackFunction.mm:
1114 2013-08-13 Filip Pizlo <fpizlo@apple.com>
1116 Foo::s_info should be Foo::info(), so that you can change how the s_info is actually linked
1117 https://bugs.webkit.org/show_bug.cgi?id=119770
1119 Reviewed by Mark Hahnenberg.
1121 * API/JSCallbackConstructor.cpp:
1122 (JSC::JSCallbackConstructor::finishCreation):
1123 * API/JSCallbackConstructor.h:
1124 (JSC::JSCallbackConstructor::createStructure):
1125 * API/JSCallbackFunction.cpp:
1126 (JSC::JSCallbackFunction::finishCreation):
1127 * API/JSCallbackFunction.h:
1128 (JSC::JSCallbackFunction::createStructure):
1129 * API/JSCallbackObject.cpp:
1130 (JSC::::createStructure):
1131 * API/JSCallbackObject.h:
1132 (JSC::JSCallbackObject::visitChildren):
1133 * API/JSCallbackObjectFunctions.h:
1134 (JSC::::asCallbackObject):
1135 (JSC::::finishCreation):
1136 * API/JSObjectRef.cpp:
1137 (JSObjectGetPrivate):
1138 (JSObjectSetPrivate):
1139 (JSObjectGetPrivateProperty):
1140 (JSObjectSetPrivateProperty):
1141 (JSObjectDeletePrivateProperty):
1142 * API/JSValueRef.cpp:
1143 (JSValueIsObjectOfClass):
1144 * API/JSWeakObjectMapRefPrivate.cpp:
1145 * API/ObjCCallbackFunction.h:
1146 (JSC::ObjCCallbackFunction::createStructure):
1147 * JSCTypedArrayStubs.h:
1148 * bytecode/CallLinkStatus.cpp:
1149 (JSC::CallLinkStatus::CallLinkStatus):
1150 (JSC::CallLinkStatus::function):
1151 (JSC::CallLinkStatus::internalFunction):
1152 * bytecode/CodeBlock.h:
1153 (JSC::baselineCodeBlockForInlineCallFrame):
1154 * bytecode/SpeculatedType.cpp:
1155 (JSC::speculationFromClassInfo):
1156 * bytecode/UnlinkedCodeBlock.cpp:
1157 (JSC::UnlinkedFunctionExecutable::visitChildren):
1158 (JSC::UnlinkedCodeBlock::visitChildren):
1159 (JSC::UnlinkedProgramCodeBlock::visitChildren):
1160 * bytecode/UnlinkedCodeBlock.h:
1161 (JSC::UnlinkedFunctionExecutable::createStructure):
1162 (JSC::UnlinkedProgramCodeBlock::createStructure):
1163 (JSC::UnlinkedEvalCodeBlock::createStructure):
1164 (JSC::UnlinkedFunctionCodeBlock::createStructure):
1165 * debugger/Debugger.cpp:
1166 * debugger/DebuggerActivation.cpp:
1167 (JSC::DebuggerActivation::visitChildren):
1168 * debugger/DebuggerActivation.h:
1169 (JSC::DebuggerActivation::createStructure):
1170 * debugger/DebuggerCallFrame.cpp:
1171 (JSC::DebuggerCallFrame::functionName):
1172 * dfg/DFGAbstractInterpreterInlines.h:
1173 (JSC::DFG::::executeEffects):
1174 * dfg/DFGByteCodeParser.cpp:
1175 (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
1176 (JSC::DFG::ByteCodeParser::parseBlock):
1177 * dfg/DFGFixupPhase.cpp:
1178 (JSC::DFG::FixupPhase::isStringPrototypeMethodSane):
1179 (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
1181 (JSC::DFG::Graph::dump):
1183 (JSC::DFG::Graph::isInternalFunctionConstant):
1184 * dfg/DFGOperations.cpp:
1185 * dfg/DFGSpeculativeJIT.cpp:
1186 (JSC::DFG::SpeculativeJIT::checkArray):
1187 (JSC::DFG::SpeculativeJIT::compileNewStringObject):
1188 * dfg/DFGThunks.cpp:
1189 (JSC::DFG::virtualForThunkGenerator):
1190 * interpreter/Interpreter.cpp:
1193 (GlobalObject::createStructure):
1194 * profiler/LegacyProfiler.cpp:
1195 (JSC::LegacyProfiler::createCallIdentifier):
1196 * runtime/Arguments.cpp:
1197 (JSC::Arguments::visitChildren):
1198 * runtime/Arguments.h:
1199 (JSC::Arguments::createStructure):
1201 (JSC::Arguments::finishCreation):
1202 * runtime/ArrayConstructor.cpp:
1203 (JSC::arrayConstructorIsArray):
1204 * runtime/ArrayConstructor.h:
1205 (JSC::ArrayConstructor::createStructure):
1206 * runtime/ArrayPrototype.cpp:
1207 (JSC::ArrayPrototype::finishCreation):
1208 (JSC::arrayProtoFuncConcat):
1209 (JSC::attemptFastSort):
1210 * runtime/ArrayPrototype.h:
1211 (JSC::ArrayPrototype::createStructure):
1212 * runtime/BooleanConstructor.h:
1213 (JSC::BooleanConstructor::createStructure):
1214 * runtime/BooleanObject.cpp:
1215 (JSC::BooleanObject::finishCreation):
1216 * runtime/BooleanObject.h:
1217 (JSC::BooleanObject::createStructure):
1218 (JSC::asBooleanObject):
1219 * runtime/BooleanPrototype.cpp:
1220 (JSC::BooleanPrototype::finishCreation):
1221 (JSC::booleanProtoFuncToString):
1222 (JSC::booleanProtoFuncValueOf):
1223 * runtime/BooleanPrototype.h:
1224 (JSC::BooleanPrototype::createStructure):
1225 * runtime/DateConstructor.cpp:
1226 (JSC::constructDate):
1227 * runtime/DateConstructor.h:
1228 (JSC::DateConstructor::createStructure):
1229 * runtime/DateInstance.cpp:
1230 (JSC::DateInstance::finishCreation):
1231 * runtime/DateInstance.h:
1232 (JSC::DateInstance::createStructure):
1233 (JSC::asDateInstance):
1234 * runtime/DatePrototype.cpp:
1235 (JSC::formateDateInstance):
1236 (JSC::DatePrototype::finishCreation):
1237 (JSC::dateProtoFuncToISOString):
1238 (JSC::dateProtoFuncToLocaleString):
1239 (JSC::dateProtoFuncToLocaleDateString):
1240 (JSC::dateProtoFuncToLocaleTimeString):
1241 (JSC::dateProtoFuncGetTime):
1242 (JSC::dateProtoFuncGetFullYear):
1243 (JSC::dateProtoFuncGetUTCFullYear):
1244 (JSC::dateProtoFuncGetMonth):
1245 (JSC::dateProtoFuncGetUTCMonth):
1246 (JSC::dateProtoFuncGetDate):
1247 (JSC::dateProtoFuncGetUTCDate):
1248 (JSC::dateProtoFuncGetDay):
1249 (JSC::dateProtoFuncGetUTCDay):
1250 (JSC::dateProtoFuncGetHours):
1251 (JSC::dateProtoFuncGetUTCHours):
1252 (JSC::dateProtoFuncGetMinutes):
1253 (JSC::dateProtoFuncGetUTCMinutes):
1254 (JSC::dateProtoFuncGetSeconds):
1255 (JSC::dateProtoFuncGetUTCSeconds):
1256 (JSC::dateProtoFuncGetMilliSeconds):
1257 (JSC::dateProtoFuncGetUTCMilliseconds):
1258 (JSC::dateProtoFuncGetTimezoneOffset):
1259 (JSC::dateProtoFuncSetTime):
1260 (JSC::setNewValueFromTimeArgs):
1261 (JSC::setNewValueFromDateArgs):
1262 (JSC::dateProtoFuncSetYear):
1263 (JSC::dateProtoFuncGetYear):
1264 * runtime/DatePrototype.h:
1265 (JSC::DatePrototype::createStructure):
1267 (JSC::StrictModeTypeErrorFunction::createStructure):
1268 * runtime/ErrorConstructor.h:
1269 (JSC::ErrorConstructor::createStructure):
1270 * runtime/ErrorInstance.cpp:
1271 (JSC::ErrorInstance::finishCreation):
1272 * runtime/ErrorInstance.h:
1273 (JSC::ErrorInstance::createStructure):
1274 * runtime/ErrorPrototype.cpp:
1275 (JSC::ErrorPrototype::finishCreation):
1276 * runtime/ErrorPrototype.h:
1277 (JSC::ErrorPrototype::createStructure):
1278 * runtime/ExceptionHelpers.cpp:
1279 (JSC::isTerminatedExecutionException):
1280 * runtime/ExceptionHelpers.h:
1281 (JSC::TerminatedExecutionError::createStructure):
1282 * runtime/Executable.cpp:
1283 (JSC::EvalExecutable::visitChildren):
1284 (JSC::ProgramExecutable::visitChildren):
1285 (JSC::FunctionExecutable::visitChildren):
1286 (JSC::ExecutableBase::hashFor):
1287 * runtime/Executable.h:
1288 (JSC::ExecutableBase::createStructure):
1289 (JSC::NativeExecutable::createStructure):
1290 (JSC::EvalExecutable::createStructure):
1291 (JSC::ProgramExecutable::createStructure):
1292 (JSC::FunctionExecutable::compileFor):
1293 (JSC::FunctionExecutable::compileOptimizedFor):
1294 (JSC::FunctionExecutable::createStructure):
1295 * runtime/FunctionConstructor.h:
1296 (JSC::FunctionConstructor::createStructure):
1297 * runtime/FunctionPrototype.cpp:
1298 (JSC::functionProtoFuncToString):
1299 (JSC::functionProtoFuncApply):
1300 (JSC::functionProtoFuncBind):
1301 * runtime/FunctionPrototype.h:
1302 (JSC::FunctionPrototype::createStructure):
1303 * runtime/GetterSetter.cpp:
1304 (JSC::GetterSetter::visitChildren):
1305 * runtime/GetterSetter.h:
1306 (JSC::GetterSetter::createStructure):
1307 * runtime/InternalFunction.cpp:
1308 (JSC::InternalFunction::finishCreation):
1309 * runtime/InternalFunction.h:
1310 (JSC::InternalFunction::createStructure):
1311 (JSC::asInternalFunction):
1312 * runtime/JSAPIValueWrapper.h:
1313 (JSC::JSAPIValueWrapper::createStructure):
1314 * runtime/JSActivation.cpp:
1315 (JSC::JSActivation::visitChildren):
1316 (JSC::JSActivation::argumentsGetter):
1317 * runtime/JSActivation.h:
1318 (JSC::JSActivation::createStructure):
1319 (JSC::asActivation):
1320 * runtime/JSArray.h:
1321 (JSC::JSArray::createStructure):
1324 * runtime/JSBoundFunction.cpp:
1325 (JSC::JSBoundFunction::finishCreation):
1326 (JSC::JSBoundFunction::visitChildren):
1327 * runtime/JSBoundFunction.h:
1328 (JSC::JSBoundFunction::createStructure):
1329 * runtime/JSCJSValue.cpp:
1330 (JSC::JSValue::dumpInContext):
1331 * runtime/JSCJSValueInlines.h:
1332 (JSC::JSValue::isFunction):
1335 (JSC::jsDynamicCast):
1336 * runtime/JSCellInlines.h:
1337 (JSC::allocateCell):
1338 * runtime/JSFunction.cpp:
1339 (JSC::JSFunction::finishCreation):
1340 (JSC::JSFunction::visitChildren):
1341 (JSC::skipOverBoundFunctions):
1342 (JSC::JSFunction::callerGetter):
1343 * runtime/JSFunction.h:
1344 (JSC::JSFunction::createStructure):
1345 * runtime/JSGlobalObject.cpp:
1346 (JSC::JSGlobalObject::visitChildren):
1347 (JSC::slowValidateCell):
1348 * runtime/JSGlobalObject.h:
1349 (JSC::JSGlobalObject::createStructure):
1350 * runtime/JSNameScope.cpp:
1351 (JSC::JSNameScope::visitChildren):
1352 * runtime/JSNameScope.h:
1353 (JSC::JSNameScope::createStructure):
1354 * runtime/JSNotAnObject.h:
1355 (JSC::JSNotAnObject::createStructure):
1356 * runtime/JSONObject.cpp:
1357 (JSC::JSONObject::finishCreation):
1358 (JSC::unwrapBoxedPrimitive):
1359 (JSC::Stringifier::Stringifier):
1360 (JSC::Stringifier::appendStringifiedValue):
1361 (JSC::Stringifier::Holder::Holder):
1362 (JSC::Walker::walk):
1363 (JSC::JSONProtoFuncStringify):
1364 * runtime/JSONObject.h:
1365 (JSC::JSONObject::createStructure):
1366 * runtime/JSObject.cpp:
1367 (JSC::getCallableObjectSlow):
1368 (JSC::JSObject::visitChildren):
1369 (JSC::JSObject::copyBackingStore):
1370 (JSC::JSFinalObject::visitChildren):
1371 (JSC::JSObject::ensureInt32Slow):
1372 (JSC::JSObject::ensureDoubleSlow):
1373 (JSC::JSObject::ensureContiguousSlow):
1374 (JSC::JSObject::ensureArrayStorageSlow):
1375 * runtime/JSObject.h:
1376 (JSC::JSObject::finishCreation):
1377 (JSC::JSObject::createStructure):
1378 (JSC::JSNonFinalObject::createStructure):
1379 (JSC::JSFinalObject::createStructure):
1380 (JSC::isJSFinalObject):
1381 * runtime/JSPropertyNameIterator.cpp:
1382 (JSC::JSPropertyNameIterator::visitChildren):
1383 * runtime/JSPropertyNameIterator.h:
1384 (JSC::JSPropertyNameIterator::createStructure):
1385 * runtime/JSProxy.cpp:
1386 (JSC::JSProxy::visitChildren):
1387 * runtime/JSProxy.h:
1388 (JSC::JSProxy::createStructure):
1389 * runtime/JSScope.cpp:
1390 (JSC::JSScope::visitChildren):
1391 * runtime/JSSegmentedVariableObject.cpp:
1392 (JSC::JSSegmentedVariableObject::visitChildren):
1393 * runtime/JSString.h:
1394 (JSC::JSString::createStructure):
1396 * runtime/JSSymbolTableObject.cpp:
1397 (JSC::JSSymbolTableObject::visitChildren):
1398 * runtime/JSVariableObject.h:
1399 * runtime/JSWithScope.cpp:
1400 (JSC::JSWithScope::visitChildren):
1401 * runtime/JSWithScope.h:
1402 (JSC::JSWithScope::createStructure):
1403 * runtime/JSWrapperObject.cpp:
1404 (JSC::JSWrapperObject::visitChildren):
1405 * runtime/JSWrapperObject.h:
1406 (JSC::JSWrapperObject::createStructure):
1407 * runtime/MathObject.cpp:
1408 (JSC::MathObject::finishCreation):
1409 * runtime/MathObject.h:
1410 (JSC::MathObject::createStructure):
1411 * runtime/NameConstructor.h:
1412 (JSC::NameConstructor::createStructure):
1413 * runtime/NameInstance.h:
1414 (JSC::NameInstance::createStructure):
1415 (JSC::NameInstance::finishCreation):
1416 * runtime/NamePrototype.cpp:
1417 (JSC::NamePrototype::finishCreation):
1418 (JSC::privateNameProtoFuncToString):
1419 * runtime/NamePrototype.h:
1420 (JSC::NamePrototype::createStructure):
1421 * runtime/NativeErrorConstructor.cpp:
1422 (JSC::NativeErrorConstructor::visitChildren):
1423 * runtime/NativeErrorConstructor.h:
1424 (JSC::NativeErrorConstructor::createStructure):
1425 (JSC::NativeErrorConstructor::finishCreation):
1426 * runtime/NumberConstructor.cpp:
1427 (JSC::NumberConstructor::finishCreation):
1428 * runtime/NumberConstructor.h:
1429 (JSC::NumberConstructor::createStructure):
1430 * runtime/NumberObject.cpp:
1431 (JSC::NumberObject::finishCreation):
1432 * runtime/NumberObject.h:
1433 (JSC::NumberObject::createStructure):
1434 * runtime/NumberPrototype.cpp:
1435 (JSC::NumberPrototype::finishCreation):
1436 * runtime/NumberPrototype.h:
1437 (JSC::NumberPrototype::createStructure):
1438 * runtime/ObjectConstructor.h:
1439 (JSC::ObjectConstructor::createStructure):
1440 * runtime/ObjectPrototype.cpp:
1441 (JSC::ObjectPrototype::finishCreation):
1442 * runtime/ObjectPrototype.h:
1443 (JSC::ObjectPrototype::createStructure):
1444 * runtime/PropertyMapHashTable.h:
1445 (JSC::PropertyTable::createStructure):
1446 * runtime/PropertyTable.cpp:
1447 (JSC::PropertyTable::visitChildren):
1449 (JSC::RegExp::createStructure):
1450 * runtime/RegExpConstructor.cpp:
1451 (JSC::RegExpConstructor::finishCreation):
1452 (JSC::RegExpConstructor::visitChildren):
1453 (JSC::constructRegExp):
1454 * runtime/RegExpConstructor.h:
1455 (JSC::RegExpConstructor::createStructure):
1456 (JSC::asRegExpConstructor):
1457 * runtime/RegExpMatchesArray.cpp:
1458 (JSC::RegExpMatchesArray::visitChildren):
1459 * runtime/RegExpMatchesArray.h:
1460 (JSC::RegExpMatchesArray::createStructure):
1461 * runtime/RegExpObject.cpp:
1462 (JSC::RegExpObject::finishCreation):
1463 (JSC::RegExpObject::visitChildren):
1464 * runtime/RegExpObject.h:
1465 (JSC::RegExpObject::createStructure):
1466 (JSC::asRegExpObject):
1467 * runtime/RegExpPrototype.cpp:
1468 (JSC::regExpProtoFuncTest):
1469 (JSC::regExpProtoFuncExec):
1470 (JSC::regExpProtoFuncCompile):
1471 (JSC::regExpProtoFuncToString):
1472 * runtime/RegExpPrototype.h:
1473 (JSC::RegExpPrototype::createStructure):
1474 * runtime/SparseArrayValueMap.cpp:
1475 (JSC::SparseArrayValueMap::createStructure):
1476 * runtime/SparseArrayValueMap.h:
1477 * runtime/StrictEvalActivation.h:
1478 (JSC::StrictEvalActivation::createStructure):
1479 * runtime/StringConstructor.h:
1480 (JSC::StringConstructor::createStructure):
1481 * runtime/StringObject.cpp:
1482 (JSC::StringObject::finishCreation):
1483 * runtime/StringObject.h:
1484 (JSC::StringObject::createStructure):
1485 (JSC::asStringObject):
1486 * runtime/StringPrototype.cpp:
1487 (JSC::StringPrototype::finishCreation):
1488 (JSC::stringProtoFuncReplace):
1489 (JSC::stringProtoFuncToString):
1490 (JSC::stringProtoFuncMatch):
1491 (JSC::stringProtoFuncSearch):
1492 (JSC::stringProtoFuncSplit):
1493 * runtime/StringPrototype.h:
1494 (JSC::StringPrototype::createStructure):
1495 * runtime/Structure.cpp:
1496 (JSC::Structure::Structure):
1497 (JSC::Structure::materializePropertyMap):
1498 (JSC::Structure::get):
1499 (JSC::Structure::visitChildren):
1500 * runtime/Structure.h:
1501 (JSC::Structure::typeInfo):
1502 (JSC::Structure::previousID):
1503 (JSC::Structure::outOfLineSize):
1504 (JSC::Structure::totalStorageCapacity):
1505 (JSC::Structure::materializePropertyMapIfNecessary):
1506 (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
1507 * runtime/StructureChain.cpp:
1508 (JSC::StructureChain::visitChildren):
1509 * runtime/StructureChain.h:
1510 (JSC::StructureChain::createStructure):
1511 * runtime/StructureInlines.h:
1512 (JSC::Structure::get):
1513 * runtime/StructureRareData.cpp:
1514 (JSC::StructureRareData::createStructure):
1515 (JSC::StructureRareData::visitChildren):
1516 * runtime/StructureRareData.h:
1517 * runtime/SymbolTable.h:
1518 (JSC::SharedSymbolTable::createStructure):
1521 (JSC::StackPreservingRecompiler::operator()):
1522 (JSC::VM::releaseExecutableMemory):
1523 * runtime/WriteBarrier.h:
1524 (JSC::validateCell):
1526 (GlobalObject::createStructure):
1528 2013-08-13 Arunprasad Rajkumar <arurajku@cisco.com>
1530 [WTF] [JSC] Replace currentTime() with monotonicallyIncreasingTime() in all possible places
1531 https://bugs.webkit.org/show_bug.cgi?id=119762
1533 Reviewed by Geoffrey Garen.
1537 (JSC::Heap::markRoots):
1538 (JSC::Heap::collect):
1546 2013-08-13 Julien Brianceau <jbrianceau@nds.com>
1548 [sh4] Prepare LLINT for DFG_JIT implementation.
1549 https://bugs.webkit.org/show_bug.cgi?id=119755
1551 Reviewed by Oliver Hunt.
1553 * LLIntOffsetsExtractor.pro: Add sh4.rb dependency.
1554 * offlineasm/sh4.rb:
1555 - Handle storeb opcode.
1556 - Make relative jumps when possible using braf opcode.
1557 - Update bmulio implementation to be consistent with baseline JIT.
1558 - Remove useless code from leap opcode.
1559 - Fix incorrect comment.
1561 2013-08-13 Julien Brianceau <jbrianceau@nds.com>
1563 [sh4] Prepare baseline JIT for DFG_JIT implementation.
1564 https://bugs.webkit.org/show_bug.cgi?id=119758
1566 Reviewed by Oliver Hunt.
1568 * assembler/MacroAssemblerSH4.h:
1569 - Introduce a loadEffectiveAddress function to avoid code duplication.
1570 - Add ASSERTs and clean code.
1571 * assembler/SH4Assembler.h:
1572 - Prepare DFG_JIT implementation.
1575 - Add SH4 specific call for assertions.
1578 * jit/JITStubsSH4.h:
1579 - Use constants to be more flexible with sh4 JIT stack frame.
1580 * jit/JSInterfaceJIT.h:
1583 2013-08-13 Oliver Hunt <oliver@apple.com>
1585 Harden executeConstruct against incorrect return types from host functions
1586 https://bugs.webkit.org/show_bug.cgi?id=119757
1588 Reviewed by Mark Hahnenberg.
1590 Add logic to guard against bogus return types. There doesn't seem to be any
1591 class in webkit that does this wrong, but the typed array stubs in debug JSC
1592 do exhibit this bad behaviour.
1594 * interpreter/Interpreter.cpp:
1595 (JSC::Interpreter::executeConstruct):
1597 2013-08-13 Allan Sandfeld Jensen <allan.jensen@digia.com>
1599 [Qt] Fix C++11 build with gcc 4.4 and 4.5
1600 https://bugs.webkit.org/show_bug.cgi?id=119736
1602 Reviewed by Anders Carlsson.
1604 Don't force C++11 mode off anymore.
1608 2013-08-12 Oliver Hunt <oliver@apple.com>
1610 Remove CodeBlock's notion of adding identifiers entirely
1611 https://bugs.webkit.org/show_bug.cgi?id=119708
1613 Reviewed by Geoffrey Garen.
1615 Remove addAdditionalIdentifier entirely, including the bogus assertion.
1616 Move the addition of identifiers to DFGPlan::reallyAdd
1618 * bytecode/CodeBlock.h:
1619 * dfg/DFGDesiredIdentifiers.cpp:
1620 (JSC::DFG::DesiredIdentifiers::reallyAdd):
1621 * dfg/DFGDesiredIdentifiers.h:
1623 (JSC::DFG::Plan::reallyAdd):
1624 (JSC::DFG::Plan::finalize):
1627 2013-08-12 Oliver Hunt <oliver@apple.com>
1633 2013-08-12 Oliver Hunt <oliver@apple.com>
1635 Move additionalIdentifiers into DFGCommonData as only the optimising JITs use them
1636 https://bugs.webkit.org/show_bug.cgi?id=119705
1638 Reviewed by Geoffrey Garen.
1640 Relatively trivial refactoring
1642 * bytecode/CodeBlock.h:
1643 (JSC::CodeBlock::numberOfAdditionalIdentifiers):
1644 (JSC::CodeBlock::addAdditionalIdentifier):
1645 (JSC::CodeBlock::identifier):
1646 (JSC::CodeBlock::numberOfIdentifiers):
1647 * dfg/DFGCommonData.h:
1649 2013-08-12 Oliver Hunt <oliver@apple.com>
1651 Stop making unnecessary copy of CodeBlock Identifier Vector
1652 https://bugs.webkit.org/show_bug.cgi?id=119702
1654 Reviewed by Michael Saboff.
1656 Make CodeBlock simply use a separate Vector for additional Identifiers
1657 and use the UnlinkedCodeBlock for the initial set of identifiers.
1659 * bytecode/CodeBlock.cpp:
1660 (JSC::CodeBlock::printGetByIdOp):
1661 (JSC::dumpStructure):
1663 (JSC::CodeBlock::printGetByIdCacheStatus):
1664 (JSC::CodeBlock::printPutByIdOp):
1665 (JSC::CodeBlock::dumpBytecode):
1666 (JSC::CodeBlock::CodeBlock):
1667 (JSC::CodeBlock::shrinkToFit):
1668 * bytecode/CodeBlock.h:
1669 (JSC::CodeBlock::numberOfIdentifiers):
1670 (JSC::CodeBlock::numberOfAdditionalIdentifiers):
1671 (JSC::CodeBlock::addAdditionalIdentifier):
1672 (JSC::CodeBlock::identifier):
1673 * dfg/DFGDesiredIdentifiers.cpp:
1674 (JSC::DFG::DesiredIdentifiers::reallyAdd):
1676 * jit/JITOpcodes.cpp:
1677 (JSC::JIT::emitSlow_op_get_arguments_length):
1678 * jit/JITPropertyAccess.cpp:
1679 (JSC::JIT::emit_op_get_by_id):
1680 (JSC::JIT::compileGetByIdHotPath):
1681 (JSC::JIT::emitSlow_op_get_by_id):
1682 (JSC::JIT::compileGetByIdSlowCase):
1683 (JSC::JIT::emitSlow_op_put_by_id):
1684 * jit/JITPropertyAccess32_64.cpp:
1685 (JSC::JIT::emit_op_get_by_id):
1686 (JSC::JIT::compileGetByIdHotPath):
1687 (JSC::JIT::compileGetByIdSlowCase):
1689 (JSC::DEFINE_STUB_FUNCTION):
1690 * llint/LLIntSlowPaths.cpp:
1691 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1693 2013-08-08 Mark Lam <mark.lam@apple.com>
1695 Restoring use of StackIterator instead of Interpreter::getStacktrace().
1696 https://bugs.webkit.org/show_bug.cgi?id=119575.
1698 Reviewed by Oliver Hunt.
1700 * interpreter/Interpreter.h:
1701 - Made getStackTrace() private.
1702 * interpreter/StackIterator.cpp:
1703 (JSC::StackIterator::StackIterator):
1704 (JSC::StackIterator::numberOfFrames):
1705 - Computes the number of frames by iterating through the whole stack
1706 from the starting frame. The iterator will save its current frame
1707 position before counting the frames, and then restoring it after
1709 (JSC::StackIterator::gotoFrameAtIndex):
1710 (JSC::StackIterator::gotoNextFrame):
1711 (JSC::StackIterator::resetIterator):
1712 - Points the iterator to the starting frame.
1713 * interpreter/StackIteratorPrivate.h:
1715 2013-08-08 Mark Lam <mark.lam@apple.com>
1717 Moved ErrorConstructor and NativeErrorConstructor helper functions into
1718 the Interpreter class.
1719 https://bugs.webkit.org/show_bug.cgi?id=119576.
1721 Reviewed by Oliver Hunt.
1723 This change is needed to prepare for making Interpreter::getStackTrace()
1724 private. It does not change the behavior of the code, only the lexical
1727 * interpreter/Interpreter.h:
1728 - Added helper functions for ErrorConstructor and NativeErrorConstructor.
1729 * runtime/ErrorConstructor.cpp:
1730 (JSC::Interpreter::constructWithErrorConstructor):
1731 (JSC::ErrorConstructor::getConstructData):
1732 (JSC::Interpreter::callErrorConstructor):
1733 (JSC::ErrorConstructor::getCallData):
1734 - Don't want ErrorConstructor to call Interpreter::getStackTrace()
1735 directly. So, we moved the helper functions into the Interpreter
1737 * runtime/NativeErrorConstructor.cpp:
1738 (JSC::Interpreter::constructWithNativeErrorConstructor):
1739 (JSC::NativeErrorConstructor::getConstructData):
1740 (JSC::Interpreter::callNativeErrorConstructor):
1741 (JSC::NativeErrorConstructor::getCallData):
1742 - Don't want NativeErrorConstructor to call Interpreter::getStackTrace()
1743 directly. So, we moved the helper functions into the Interpreter
1746 2013-08-07 Mark Hahnenberg <mhahnenberg@apple.com>
1748 32-bit code gen for TypeOf doesn't properly update the AbstractInterpreter state
1749 https://bugs.webkit.org/show_bug.cgi?id=119555
1751 Reviewed by Geoffrey Garen.
1753 It uses a speculationCheck where it should be using a DFG_TYPE_CHECK like the 64-bit backend does.
1754 This was causing crashes on maps.google.com in 32-bit debug builds.
1756 * dfg/DFGSpeculativeJIT32_64.cpp:
1757 (JSC::DFG::SpeculativeJIT::compile):
1759 2013-08-06 Michael Saboff <msaboff@apple.com>
1761 REGRESSION(FTL merge): Assertion fail on 32 bit with enabled DFG JIT
1762 https://bugs.webkit.org/show_bug.cgi?id=119405
1764 Reviewed by Geoffrey Garen.
1766 * dfg/DFGSpeculativeJIT.cpp:
1767 (JSC::DFG::SpeculativeJIT::compileGetByValOnString): For X86 32 bit, construct an indexed address
1768 ourselves to save a register and then load from it.
1770 2013-08-06 Filip Pizlo <fpizlo@apple.com>
1772 DFG FixupPhase should insert Int32ToDouble nodes for number uses in NewArray, and SpeculativeJIT 64-bit should not try to coerce integer constants to double constants
1773 https://bugs.webkit.org/show_bug.cgi?id=119528
1775 Reviewed by Geoffrey Garen.
1777 Either of the two fixes would solve the crash I saw. Basically, for best performance, we want the DFG register allocator to track double uses and non-double
1778 uses of a node separately, and we accomplish this by inserting Int32ToDouble nodes in the FixupPhase. But even if FixupPhase fails to do this, we still want
1779 the DFG register allocator to do the right thing: if it encounters a double use of an integer, it should perform a conversion and preserve the original
1780 format of the value (namely, that it was an integer). For constants, the best format to preserve is None, so that future integer uses rematerialize the int
1781 from scratch. This only affects the 64-bit backend; the 32-bit backend was already doing the right thing.
1783 This also fixes some more debug dumping code, and adds some stronger assertions for integer arrays.
1785 * bytecode/CodeBlock.cpp:
1786 (JSC::CodeBlock::finalizeUnconditionally):
1787 * dfg/DFGDriver.cpp:
1788 (JSC::DFG::compile):
1789 * dfg/DFGFixupPhase.cpp:
1790 (JSC::DFG::FixupPhase::fixupNode):
1792 (JSC::DFG::Graph::dump):
1793 * dfg/DFGSpeculativeJIT64.cpp:
1794 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1795 * runtime/JSObject.h:
1796 (JSC::JSObject::getIndexQuickly):
1797 (JSC::JSObject::tryGetIndexQuickly):
1799 2013-08-08 Stephanie Lewis <slewis@apple.com>
1801 <rdar://problem/14680524> REGRESSION(153806): Crash @ yahoo.com when WebKit is built with a .order file
1805 Ensure llint symbols are in source order.
1807 * JavaScriptCore.order:
1809 2013-08-06 Mark Lam <mark.lam@apple.com>
1811 Assertion failure in emitExpressionInfo when reloading with Web Inspector open.
1812 https://bugs.webkit.org/show_bug.cgi?id=119532.
1814 Reviewed by Oliver Hunt.
1816 * parser/Parser.cpp:
1818 - Just need to initialize the Parser's JSTokenLocation's initial line and
1819 startOffset as well during Parser construction.
1821 2013-08-06 Stephanie Lewis <slewis@apple.com>
1823 Update Order Files for Safari
1824 <rdar://problem/14517392>
1828 * JavaScriptCore.order:
1830 2013-08-04 Sam Weinig <sam@webkit.org>
1832 Remove support for HTML5 MicroData
1833 https://bugs.webkit.org/show_bug.cgi?id=119480
1835 Reviewed by Anders Carlsson.
1837 * Configurations/FeatureDefines.xcconfig:
1839 2013-08-05 Oliver Hunt <oliver@apple.com>
1841 Delay Arguments creation in strict mode
1842 https://bugs.webkit.org/show_bug.cgi?id=119505
1844 Reviewed by Geoffrey Garen.
1846 Make use of the write tracking performed by the parser to
1847 allow us to know if we're modifying the parameters to a function.
1848 Then use that information to make strict mode function opt out
1849 of eager arguments creation.
1851 * bytecompiler/BytecodeGenerator.cpp:
1852 (JSC::BytecodeGenerator::BytecodeGenerator):
1853 (JSC::BytecodeGenerator::createArgumentsIfNecessary):
1854 (JSC::BytecodeGenerator::emitReturn):
1855 * bytecompiler/BytecodeGenerator.h:
1856 (JSC::BytecodeGenerator::shouldTearOffArgumentsEagerly):
1858 (JSC::ScopeNode::modifiesParameter):
1859 * parser/Parser.cpp:
1860 (JSC::::parseInner):
1862 (JSC::Scope::declareParameter):
1863 (JSC::Scope::getCapturedVariables):
1864 (JSC::Parser::declareWrite):
1865 * parser/ParserModes.h:
1867 2013-08-06 Patrick Gansterer <paroga@webkit.org>
1869 Remove useless code from COMPILER(RVCT) JITStubs
1870 https://bugs.webkit.org/show_bug.cgi?id=119521
1872 Reviewed by Geoffrey Garen.
1874 * jit/JITStubsARMv7.h:
1875 (JSC::ctiVMThrowTrampoline): "ldr r6, [sp, #PRESERVED_R6_OFFSET]" was called twice.
1876 (JSC::ctiOpThrowNotCaught): Ditto.
1878 2013-07-23 David Farler <dfarler@apple.com>
1880 Provide optional OTHER_CFLAGS, OTHER_CPPFLAGS, OTHER_LDFLAGS additions for building with ASAN
1881 https://bugs.webkit.org/show_bug.cgi?id=117762
1883 Reviewed by Mark Rowe.
1885 * Configurations/DebugRelease.xcconfig:
1886 Add ASAN_OTHER_CFLAGS, CPLUSPLUSFLAGS, LDFLAGS.
1887 * Configurations/JavaScriptCore.xcconfig:
1888 Add ASAN_OTHER_LDFLAGS.
1889 * Configurations/ToolExecutable.xcconfig:
1890 Don't use ASAN for build tools.
1892 2013-08-06 Patrick Gansterer <paroga@webkit.org>
1894 Build fix for ARM MSVC after r153222 and r153648.
1896 * jit/JITStubsARM.h: Added ctiVMThrowTrampolineSlowpath.
1898 2013-08-06 Patrick Gansterer <paroga@webkit.org>
1900 Build fix for ARM MSVC after r150109.
1902 Read the stub template from a header files instead of the JITStubs.cpp.
1905 * DerivedSources.pri:
1908 2013-08-05 Oliver Hunt <oliver@apple.com>
1910 Move TypedArray implementation into JSC
1911 https://bugs.webkit.org/show_bug.cgi?id=119489
1913 Reviewed by Filip Pizlo.
1915 Move TypedArray implementation into JSC in advance of re-implementation
1917 * GNUmakefile.list.am:
1918 * JSCTypedArrayStubs.h:
1919 * JavaScriptCore.xcodeproj/project.pbxproj:
1920 * runtime/ArrayBuffer.cpp: Renamed from Source/WTF/wtf/ArrayBuffer.cpp.
1921 (JSC::ArrayBuffer::transfer):
1922 (JSC::ArrayBuffer::addView):
1923 (JSC::ArrayBuffer::removeView):
1924 * runtime/ArrayBuffer.h: Renamed from Source/WTF/wtf/ArrayBuffer.h.
1925 (JSC::ArrayBufferContents::ArrayBufferContents):
1926 (JSC::ArrayBufferContents::data):
1927 (JSC::ArrayBufferContents::sizeInBytes):
1928 (JSC::ArrayBufferContents::transfer):
1929 (JSC::ArrayBufferContents::copyTo):
1930 (JSC::ArrayBuffer::isNeutered):
1931 (JSC::ArrayBuffer::~ArrayBuffer):
1932 (JSC::ArrayBuffer::clampValue):
1933 (JSC::ArrayBuffer::create):
1934 (JSC::ArrayBuffer::createUninitialized):
1935 (JSC::ArrayBuffer::ArrayBuffer):
1936 (JSC::ArrayBuffer::data):
1937 (JSC::ArrayBuffer::byteLength):
1938 (JSC::ArrayBuffer::slice):
1939 (JSC::ArrayBuffer::sliceImpl):
1940 (JSC::ArrayBuffer::clampIndex):
1941 (JSC::ArrayBufferContents::tryAllocate):
1942 (JSC::ArrayBufferContents::~ArrayBufferContents):
1943 * runtime/ArrayBufferView.cpp: Renamed from Source/WTF/wtf/ArrayBufferView.cpp.
1944 (JSC::ArrayBufferView::ArrayBufferView):
1945 (JSC::ArrayBufferView::~ArrayBufferView):
1946 (JSC::ArrayBufferView::neuter):
1947 * runtime/ArrayBufferView.h: Renamed from Source/WTF/wtf/ArrayBufferView.h.
1948 (JSC::ArrayBufferView::buffer):
1949 (JSC::ArrayBufferView::baseAddress):
1950 (JSC::ArrayBufferView::byteOffset):
1951 (JSC::ArrayBufferView::setNeuterable):
1952 (JSC::ArrayBufferView::isNeuterable):
1953 (JSC::ArrayBufferView::verifySubRange):
1954 (JSC::ArrayBufferView::clampOffsetAndNumElements):
1955 (JSC::ArrayBufferView::setImpl):
1956 (JSC::ArrayBufferView::setRangeImpl):
1957 (JSC::ArrayBufferView::zeroRangeImpl):
1958 (JSC::ArrayBufferView::calculateOffsetAndLength):
1959 * runtime/Float32Array.h: Renamed from Source/WTF/wtf/Float32Array.h.
1960 (JSC::Float32Array::set):
1961 (JSC::Float32Array::getType):
1962 (JSC::Float32Array::create):
1963 (JSC::Float32Array::createUninitialized):
1964 (JSC::Float32Array::Float32Array):
1965 (JSC::Float32Array::subarray):
1966 * runtime/Float64Array.h: Renamed from Source/WTF/wtf/Float64Array.h.
1967 (JSC::Float64Array::set):
1968 (JSC::Float64Array::getType):
1969 (JSC::Float64Array::create):
1970 (JSC::Float64Array::createUninitialized):
1971 (JSC::Float64Array::Float64Array):
1972 (JSC::Float64Array::subarray):
1973 * runtime/Int16Array.h: Renamed from Source/WTF/wtf/Int16Array.h.
1974 (JSC::Int16Array::getType):
1975 (JSC::Int16Array::create):
1976 (JSC::Int16Array::createUninitialized):
1977 (JSC::Int16Array::Int16Array):
1978 (JSC::Int16Array::subarray):
1979 * runtime/Int32Array.h: Renamed from Source/WTF/wtf/Int32Array.h.
1980 (JSC::Int32Array::getType):
1981 (JSC::Int32Array::create):
1982 (JSC::Int32Array::createUninitialized):
1983 (JSC::Int32Array::Int32Array):
1984 (JSC::Int32Array::subarray):
1985 * runtime/Int8Array.h: Renamed from Source/WTF/wtf/Int8Array.h.
1986 (JSC::Int8Array::getType):
1987 (JSC::Int8Array::create):
1988 (JSC::Int8Array::createUninitialized):
1989 (JSC::Int8Array::Int8Array):
1990 (JSC::Int8Array::subarray):
1991 * runtime/IntegralTypedArrayBase.h: Renamed from Source/WTF/wtf/IntegralTypedArrayBase.h.
1992 (JSC::IntegralTypedArrayBase::set):
1993 (JSC::IntegralTypedArrayBase::IntegralTypedArrayBase):
1994 * runtime/TypedArrayBase.h: Renamed from Source/WTF/wtf/TypedArrayBase.h.
1995 (JSC::TypedArrayBase::data):
1996 (JSC::TypedArrayBase::set):
1997 (JSC::TypedArrayBase::setRange):
1998 (JSC::TypedArrayBase::zeroRange):
1999 (JSC::TypedArrayBase::length):
2000 (JSC::TypedArrayBase::byteLength):
2001 (JSC::TypedArrayBase::item):
2002 (JSC::TypedArrayBase::checkInboundData):
2003 (JSC::TypedArrayBase::TypedArrayBase):
2004 (JSC::TypedArrayBase::create):
2005 (JSC::TypedArrayBase::createUninitialized):
2006 (JSC::TypedArrayBase::subarrayImpl):
2007 (JSC::TypedArrayBase::neuter):
2008 * runtime/Uint16Array.h: Renamed from Source/WTF/wtf/Uint16Array.h.
2009 (JSC::Uint16Array::getType):
2010 (JSC::Uint16Array::create):
2011 (JSC::Uint16Array::createUninitialized):
2012 (JSC::Uint16Array::Uint16Array):
2013 (JSC::Uint16Array::subarray):
2014 * runtime/Uint32Array.h: Renamed from Source/WTF/wtf/Uint32Array.h.
2015 (JSC::Uint32Array::getType):
2016 (JSC::Uint32Array::create):
2017 (JSC::Uint32Array::createUninitialized):
2018 (JSC::Uint32Array::Uint32Array):
2019 (JSC::Uint32Array::subarray):
2020 * runtime/Uint8Array.h: Renamed from Source/WTF/wtf/Uint8Array.h.
2021 (JSC::Uint8Array::getType):
2022 (JSC::Uint8Array::create):
2023 (JSC::Uint8Array::createUninitialized):
2024 (JSC::Uint8Array::Uint8Array):
2025 (JSC::Uint8Array::subarray):
2026 * runtime/Uint8ClampedArray.h: Renamed from Source/WTF/wtf/Uint8ClampedArray.h.
2027 (JSC::Uint8ClampedArray::getType):
2028 (JSC::Uint8ClampedArray::create):
2029 (JSC::Uint8ClampedArray::createUninitialized):
2030 (JSC::Uint8ClampedArray::zeroFill):
2031 (JSC::Uint8ClampedArray::set):
2032 (JSC::Uint8ClampedArray::Uint8ClampedArray):
2033 (JSC::Uint8ClampedArray::subarray):
2036 2013-08-03 Filip Pizlo <fpizlo@apple.com>
2038 Copied space should be able to handle more than one copied backing store per JSCell
2039 https://bugs.webkit.org/show_bug.cgi?id=119471
2041 Reviewed by Mark Hahnenberg.
2043 This allows a cell to call copyLater() multiple times for multiple different
2044 backing stores, and then have copyBackingStore() called exactly once for each
2045 of those. A token tells it which backing store to copy. All backing stores
2046 must be named using the CopyToken, an enumeration which currently cannot
2047 exceed eight entries.
2049 When copyBackingStore() is called, it's up to the callee to (a) use the token
2050 to decide what to copy and (b) call its base class's copyBackingStore() in
2051 case the base class had something that needed copying. The only exception is
2052 that JSCell never asks anything to be copied, and so if your base is JSCell
2053 then you don't have to do anything.
2055 * GNUmakefile.list.am:
2056 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2057 * JavaScriptCore.xcodeproj/project.pbxproj:
2058 * heap/CopiedBlock.h:
2059 * heap/CopiedBlockInlines.h:
2060 (JSC::CopiedBlock::reportLiveBytes):
2061 * heap/CopyToken.h: Added.
2062 * heap/CopyVisitor.cpp:
2063 (JSC::CopyVisitor::copyFromShared):
2064 * heap/CopyVisitor.h:
2065 * heap/CopyVisitorInlines.h:
2066 (JSC::CopyVisitor::visitItem):
2067 * heap/CopyWorkList.h:
2068 (JSC::CopyWorklistItem::CopyWorklistItem):
2069 (JSC::CopyWorklistItem::cell):
2070 (JSC::CopyWorklistItem::token):
2071 (JSC::CopyWorkListSegment::get):
2072 (JSC::CopyWorkListSegment::append):
2073 (JSC::CopyWorkListSegment::data):
2074 (JSC::CopyWorkListIterator::get):
2075 (JSC::CopyWorkListIterator::operator*):
2076 (JSC::CopyWorkListIterator::operator->):
2077 (JSC::CopyWorkList::append):
2078 * heap/SlotVisitor.h:
2079 * heap/SlotVisitorInlines.h:
2080 (JSC::SlotVisitor::copyLater):
2081 * runtime/ClassInfo.h:
2082 * runtime/JSCell.cpp:
2083 (JSC::JSCell::copyBackingStore):
2085 * runtime/JSObject.cpp:
2086 (JSC::JSObject::visitButterfly):
2087 (JSC::JSObject::copyBackingStore):
2088 * runtime/JSObject.h:
2090 2013-08-05 Zan Dobersek <zdobersek@igalia.com>
2092 [Automake] Define ENABLE_JIT through the Autoconf header
2093 https://bugs.webkit.org/show_bug.cgi?id=119445
2095 Reviewed by Martin Robinson.
2097 * GNUmakefile.am: Remove JSC_CPPFLAGS from the cpp flags for the JSC library.
2099 2013-08-03 Filip Pizlo <fpizlo@apple.com>
2101 hasIndexingHeader() ought really to be a property of an object and its structure, not just its structure
2102 https://bugs.webkit.org/show_bug.cgi?id=119470
2104 Reviewed by Oliver Hunt.
2106 Structure can still tell you if the object "could" (in the conservative sense)
2107 have an indexing header; that's used by the compiler.
2109 Most of the time if you want to know if there's an indexing header, you ask the
2112 In some cases, the JSObject wants to know if it would have an indexing header if
2113 it had a different structure; then it uses Structure::hasIndexingHeader(JSCell*).
2115 * dfg/DFGRepatch.cpp:
2116 (JSC::DFG::tryCachePutByID):
2117 (JSC::DFG::tryBuildPutByIdList):
2118 * dfg/DFGSpeculativeJIT.cpp:
2119 (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
2120 (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
2121 * runtime/ButterflyInlines.h:
2122 (JSC::Butterfly::create):
2123 (JSC::Butterfly::growPropertyStorage):
2124 (JSC::Butterfly::growArrayRight):
2125 (JSC::Butterfly::resizeArray):
2126 * runtime/JSObject.cpp:
2127 (JSC::JSObject::copyButterfly):
2128 (JSC::JSObject::visitButterfly):
2129 * runtime/JSObject.h:
2130 (JSC::JSObject::hasIndexingHeader):
2131 (JSC::JSObject::setButterfly):
2132 * runtime/Structure.h:
2133 (JSC::Structure::couldHaveIndexingHeader):
2134 (JSC::Structure::hasIndexingHeader):
2136 2013-08-02 Chris Curtis <chris_curtis@apple.com>
2138 Give the error object's stack property accessor attributes.
2139 https://bugs.webkit.org/show_bug.cgi?id=119404
2141 Reviewed by Geoffrey Garen.
2143 Changed the attributes of error object's stack property to allow developers to write
2144 and delete the stack property. This will match the functionality of Chrome. Firefox
2145 allows developers to write the error's stack, but not delete it.
2147 * interpreter/Interpreter.cpp:
2148 (JSC::Interpreter::addStackTraceIfNecessary):
2149 * runtime/ErrorInstance.cpp:
2150 (JSC::ErrorInstance::finishCreation):
2152 2013-08-02 Oliver Hunt <oliver@apple.com>
2154 Incorrect type speculation reported by ToPrimitive
2155 https://bugs.webkit.org/show_bug.cgi?id=119458
2157 Reviewed by Mark Hahnenberg.
2159 Make sure that we report the correct type possibilities for the output
2162 * dfg/DFGAbstractInterpreterInlines.h:
2163 (JSC::DFG::::executeEffects):
2165 2013-08-02 Gavin Barraclough <barraclough@apple.com>
2167 Remove no-arguments constructor to PropertySlot
2168 https://bugs.webkit.org/show_bug.cgi?id=119460
2170 Reviewed by Geoff Garen.
2172 This constructor was unsafe if getValue is subsequently called,
2173 and the property is a getter. Simplest to just remove it.
2175 * runtime/Arguments.cpp:
2176 (JSC::Arguments::defineOwnProperty):
2177 * runtime/JSActivation.cpp:
2178 (JSC::JSActivation::getOwnPropertyDescriptor):
2179 * runtime/JSFunction.cpp:
2180 (JSC::JSFunction::getOwnPropertyDescriptor):
2181 (JSC::JSFunction::getOwnNonIndexPropertyNames):
2182 (JSC::JSFunction::put):
2183 (JSC::JSFunction::defineOwnProperty):
2184 * runtime/JSGlobalObject.cpp:
2185 (JSC::JSGlobalObject::defineOwnProperty):
2186 * runtime/JSGlobalObject.h:
2187 (JSC::JSGlobalObject::hasOwnPropertyForWrite):
2188 * runtime/JSNameScope.cpp:
2189 (JSC::JSNameScope::put):
2190 * runtime/JSONObject.cpp:
2191 (JSC::Stringifier::Holder::appendNextProperty):
2192 (JSC::Walker::walk):
2193 * runtime/JSObject.cpp:
2194 (JSC::JSObject::hasProperty):
2195 (JSC::JSObject::hasOwnProperty):
2196 (JSC::JSObject::reifyStaticFunctionsForDelete):
2198 (JSC::getStaticPropertyDescriptor):
2199 (JSC::getStaticFunctionDescriptor):
2200 (JSC::getStaticValueDescriptor):
2201 * runtime/ObjectConstructor.cpp:
2202 (JSC::defineProperties):
2203 * runtime/PropertySlot.h:
2205 2013-08-02 Mark Hahnenberg <mhahnenberg@apple.com>
2207 DFG validation can cause assertion failures due to dumping
2208 https://bugs.webkit.org/show_bug.cgi?id=119456
2210 Reviewed by Geoffrey Garen.
2212 * bytecode/CodeBlock.cpp:
2213 (JSC::CodeBlock::hasHash):
2214 (JSC::CodeBlock::isSafeToComputeHash):
2215 (JSC::CodeBlock::hash):
2216 (JSC::CodeBlock::dumpAssumingJITType):
2217 * bytecode/CodeBlock.h:
2219 2013-08-02 Chris Curtis <chris_curtis@apple.com>
2221 Have vm's exceptionStack match java's vm's exceptionStack.
2222 https://bugs.webkit.org/show_bug.cgi?id=119362
2224 Reviewed by Geoffrey Garen.
2226 The error object's stack is only updated if it does not exist yet. This matches
2227 the functionality of other browsers, and Java VMs.
2229 * interpreter/Interpreter.cpp:
2230 (JSC::Interpreter::addStackTraceIfNecessary):
2231 (JSC::Interpreter::throwException):
2233 (JSC::VM::clearExceptionStack):
2235 (JSC::VM::lastExceptionStack):
2237 2013-08-02 Julien Brianceau <jbrianceau@nds.com>
2239 REGRESSION(FTL): Fix mips implementation of ctiVMThrowTrampolineSlowpath.
2240 https://bugs.webkit.org/show_bug.cgi?id=119447
2242 Reviewed by Geoffrey Garen.
2244 Fix .cpload, update call frame and do not restore registers from JIT stack frame in
2245 mips implementation of ctiVMThrowTrampolineSlowpath. This change is similar to
2246 r153583 (sh4) and r153648 (ARM).
2248 * jit/JITStubsMIPS.h:
2250 2013-08-01 Filip Pizlo <fpizlo@apple.com>
2252 hasIndexingHeader should be a property of the Structure, not just the IndexingType
2253 https://bugs.webkit.org/show_bug.cgi?id=119422
2255 Reviewed by Oliver Hunt.
2257 This simplifies some code and also allows Structure to claim that an object
2258 has an indexing header even if it doesn't have indexed properties.
2260 I also changed some calls to use hasIndexedProperties() since in some cases,
2261 that's what we actually meant. Currently the two are synonyms.
2263 * dfg/DFGRepatch.cpp:
2264 (JSC::DFG::tryCachePutByID):
2265 (JSC::DFG::tryBuildPutByIdList):
2266 * dfg/DFGSpeculativeJIT.cpp:
2267 (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
2268 (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
2269 * runtime/ButterflyInlines.h:
2270 (JSC::Butterfly::create):
2271 (JSC::Butterfly::growPropertyStorage):
2272 (JSC::Butterfly::growArrayRight):
2273 (JSC::Butterfly::resizeArray):
2274 * runtime/IndexingType.h:
2275 * runtime/JSObject.cpp:
2276 (JSC::JSObject::copyButterfly):
2277 (JSC::JSObject::visitButterfly):
2278 (JSC::JSObject::setPrototype):
2279 * runtime/JSObject.h:
2280 (JSC::JSObject::setButterfly):
2281 * runtime/JSPropertyNameIterator.cpp:
2282 (JSC::JSPropertyNameIterator::create):
2283 * runtime/Structure.h:
2284 (JSC::Structure::hasIndexingHeader):
2286 2013-08-02 Julien Brianceau <jbrianceau@nds.com>
2288 REGRESSION: ARM still crashes after change set r153612.
2289 https://bugs.webkit.org/show_bug.cgi?id=119433
2291 Reviewed by Michael Saboff.
2293 Update call frame and do not restore registers from JIT stack frame in ARM and ARMv7
2294 implementations of ctiVMThrowTrampolineSlowpath. This change is similar to r153583
2295 for sh4 architecture.
2297 * jit/JITStubsARM.h:
2298 * jit/JITStubsARMv7.h:
2300 2013-08-02 Michael Saboff <msaboff@apple.com>
2302 REGRESSION(r153612): It made jsc and layout tests crash
2303 https://bugs.webkit.org/show_bug.cgi?id=119440
2305 Reviewed by Csaba Osztrogonác.
2307 Made the changes if changeset r153612 only apply to 32 bit builds.
2309 * jit/JITExceptions.cpp:
2310 * jit/JITExceptions.h:
2312 (JSC::cti_vm_throw_slowpath):
2315 2013-08-02 Patrick Gansterer <paroga@webkit.org>
2317 Add JSCTestRunnerUtils to the list of forwarding headers to fix build.
2321 2013-08-01 Ruth Fong <ruth_fong@apple.com>
2323 [Forms: color] <input type='color'> popover color well implementation
2324 <rdar://problem/14411008> and https://bugs.webkit.org/show_bug.cgi?id=119356
2326 Reviewed by Benjamin Poulain.
2328 * Configurations/FeatureDefines.xcconfig: Added and enabled INPUT_TYPE_COLOR_POPOVER.
2330 2013-08-01 Oliver Hunt <oliver@apple.com>
2332 DFG is not enforcing correct ordering of ToString conversion in MakeRope
2333 https://bugs.webkit.org/show_bug.cgi?id=119408
2335 Reviewed by Filip Pizlo.
2337 Construct ToString and Phantom nodes in advance of MakeRope
2338 nodes to ensure that ordering is ensured, and correct values
2339 will be reified on OSR exit.
2341 * dfg/DFGByteCodeParser.cpp:
2342 (JSC::DFG::ByteCodeParser::parseBlock):
2344 2013-08-01 Michael Saboff <msaboff@apple.com>
2346 REGRESSION: Crash beneath cti_vm_throw_slowpath due to invalid CallFrame pointer
2347 https://bugs.webkit.org/show_bug.cgi?id=119140
2349 Reviewed by Filip Pizlo.
2351 Ensure that ExceptionHandler is returned by functions in two registers by encoding the value as a 64 bit int.
2353 * jit/JITExceptions.cpp:
2355 * jit/JITExceptions.h:
2357 (JSC::cti_vm_throw_slowpath):
2360 2013-08-01 Julien Brianceau <jbrianceau@nds.com>
2362 REGRESSION(FTL): Fix sh4 implementation of ctiVMThrowTrampolineSlowpath.
2363 https://bugs.webkit.org/show_bug.cgi?id=119391
2365 Reviewed by Csaba Osztrogonác.
2367 * jit/JITStubsSH4.h: Fix ctiVMThrowTrampolineSlowpath implementation:
2368 - Call frame is in r14 register.
2369 - Do not restore registers from JIT stack frame here.
2371 2013-07-31 Gavin Barraclough <barraclough@apple.com>
2373 More cleanup in PropertySlot
2374 https://bugs.webkit.org/show_bug.cgi?id=119359
2376 Reviewed by Geoff Garen.
2378 m_slotBase is overloaded to store the (receiver) thisValue and the object that contains the property,
2379 This is confusing, and means that slotBase cannot be typed correctly (can only be a JSObject).
2381 * dfg/DFGRepatch.cpp:
2382 (JSC::DFG::tryCacheGetByID):
2383 (JSC::DFG::tryBuildGetByIDList):
2384 - No need to ASSERT slotBase is an object.
2386 (JSC::tryCacheGetByID):
2387 (JSC::DEFINE_STUB_FUNCTION):
2388 - No need to ASSERT slotBase is an object.
2389 * runtime/JSObject.cpp:
2390 (JSC::JSObject::getOwnPropertySlotByIndex):
2391 (JSC::JSObject::fillGetterPropertySlot):
2392 - Pass an object through to setGetterSlot.
2393 * runtime/JSObject.h:
2394 (JSC::PropertySlot::getValue):
2395 - Moved from PropertySlot (need to know anout JSObject).
2396 * runtime/PropertySlot.cpp:
2397 (JSC::PropertySlot::functionGetter):
2398 - update per member name changes
2399 * runtime/PropertySlot.h:
2400 (JSC::PropertySlot::PropertySlot):
2401 - Argument to constructor set to 'thisValue'.
2402 (JSC::PropertySlot::slotBase):
2403 - This returns a JSObject*.
2404 (JSC::PropertySlot::setValue):
2405 (JSC::PropertySlot::setCustom):
2406 (JSC::PropertySlot::setCacheableCustom):
2407 (JSC::PropertySlot::setCustomIndex):
2408 (JSC::PropertySlot::setGetterSlot):
2409 (JSC::PropertySlot::setCacheableGetterSlot):
2410 - slotBase is a JSObject*, make setGetterSlot set slotBase for consistency.
2411 * runtime/SparseArrayValueMap.cpp:
2412 (JSC::SparseArrayEntry::get):
2413 - Pass an object through to setGetterSlot.
2414 * runtime/SparseArrayValueMap.h:
2415 - Pass an object through to setGetterSlot.
2417 2013-07-31 Yi Shen <max.hong.shen@gmail.com>
2419 Reduce JSC API static value setter/getter overhead.
2420 https://bugs.webkit.org/show_bug.cgi?id=119277
2422 Reviewed by Geoffrey Garen.
2424 Add property name to the static value entry, so that OpaqueJSString::create() doesn't
2425 need to get called every time when set or get the static value.
2427 * API/JSCallbackObjectFunctions.h:
2429 (JSC::::putByIndex):
2430 (JSC::::getStaticValue):
2431 * API/JSClassRef.cpp:
2432 (OpaqueJSClassContextData::OpaqueJSClassContextData):
2434 (StaticValueEntry::StaticValueEntry):
2436 2013-07-31 Kwang Yul Seo <skyul@company100.net>
2438 Use emptyString instead of String("")
2439 https://bugs.webkit.org/show_bug.cgi?id=119335
2441 Reviewed by Darin Adler.
2443 Use emptyString() instead of String("") because it is better style and
2444 faster. This is a followup to r116908, removing all occurrences of
2445 String("") from WebKit.
2447 * runtime/RegExpConstructor.cpp:
2448 (JSC::constructRegExp):
2449 * runtime/RegExpPrototype.cpp:
2450 (JSC::regExpProtoFuncCompile):
2451 * runtime/StringPrototype.cpp:
2452 (JSC::stringProtoFuncMatch):
2453 (JSC::stringProtoFuncSearch):
2455 2013-07-31 Ruth Fong <ruth_fong@apple.com>
2457 <input type=color> Mac UI behaviour
2458 <rdar://problem/10269922> and https://bugs.webkit.org/show_bug.cgi?id=61276
2460 Reviewed by Brady Eidson.
2462 * Configurations/FeatureDefines.xcconfig: Enabled INPUT_TYPE_COLOR.
2464 2013-07-31 Mark Hahnenberg <mhahnenberg@apple.com>
2466 DFG doesn't account for inlining of functions with switch statements that haven't been executed by the baseline JIT
2467 https://bugs.webkit.org/show_bug.cgi?id=119349
2469 Reviewed by Geoffrey Garen.
2471 Prior to this patch, the baseline JIT was responsible for resizing the ctiOffsets Vector for
2472 SimpleJumpTables to be equal to the size of the branchOffsets Vector. The DFG implicitly relied
2473 on code it compiled with any switch statements to have been run in the baseline JIT first.
2474 However, if the DFG chooses to inline a function that has never been compiled by the baseline
2475 JIT then this resizing never happens and we crash at link time in the DFG.
2477 We can fix this by also doing the resize in the DFG to catch this case.
2479 * dfg/DFGJITCompiler.cpp:
2480 (JSC::DFG::JITCompiler::link):
2482 2013-07-31 Gavin Barraclough <barraclough@apple.com>
2484 Speculative Windows build fix.
2488 * runtime/JSString.cpp:
2489 (JSC::JSRopeString::getIndexSlowCase):
2490 * runtime/JSString.h:
2492 2013-07-30 Gavin Barraclough <barraclough@apple.com>
2494 Some cleanup in JSValue::get
2495 https://bugs.webkit.org/show_bug.cgi?id=119343
2497 Reviewed by Geoff Garen.
2499 JSValue::get is implemented to:
2500 1) Check if the value is a cell – if not, synthesize a prototype to search,
2501 2) call getOwnPropertySlot on the cell,
2502 3) if this returns false, cast to JSObject to get the prototype, and walk the prototype chain.
2503 By all rights this should crash when passed a string and accessing a property that does not exist, because
2504 the string is a cell, getOwnPropertySlot should return false, and the cast to JSObject should be unsafe.
2505 To work around this, JSString::getOwnPropertySlot actually implements 'get' functionality - searching the
2506 prototype chain, and faking out a return value of undefined if no property is found.
2508 This is a huge hazard, since fixing JSString::getOwnPropertySlot or calling getOwnPropertySlot on cells
2509 from elsewhere would introduce bugs. Fortunately it is only ever called in this one place.
2511 The fix here is to move getOwnPropertySlot onto JSObjecte and end this madness - cells don't have property
2514 Interesting changes are in JSCJSValueInlines.h, JSString.cpp - the rest is pretty much all JSCell -> JSObject.
2516 2013-07-31 Michael Saboff <msaboff@apple.com>
2518 [Win] JavaScript crash.
2519 https://bugs.webkit.org/show_bug.cgi?id=119339
2521 Reviewed by Mark Hahnenberg.
2523 * jit/JITStubsX86.h: Implement ctiVMThrowTrampoline and
2524 ctiVMThrowTrampolineSlowpath the same way as the gcc x86 version does.
2526 2013-07-30 Mark Hahnenberg <mhahnenberg@apple.com>
2528 GetByVal on Arguments does the wrong size load when checking the Arguments object length
2529 https://bugs.webkit.org/show_bug.cgi?id=119281
2531 Reviewed by Geoffrey Garen.
2533 This leads to out of bounds accesses and subsequent crashes.
2535 * dfg/DFGSpeculativeJIT.cpp:
2536 (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
2537 * dfg/DFGSpeculativeJIT64.cpp:
2538 (JSC::DFG::SpeculativeJIT::compile):
2540 2013-07-30 Oliver Hunt <oliver@apple.com>
2542 Add an assertion to SpeculateCellOperand
2543 https://bugs.webkit.org/show_bug.cgi?id=119276
2545 Reviewed by Michael Saboff.
2547 More assertions are better
2549 * dfg/DFGSpeculativeJIT64.cpp:
2550 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2551 (JSC::DFG::SpeculativeJIT::compile):
2553 2013-07-30 Mark Lam <mark.lam@apple.com>
2555 Fix problems with divot and lineStart mismatches.
2556 https://bugs.webkit.org/show_bug.cgi?id=118662.
2558 Reviewed by Oliver Hunt.
2560 r152494 added the recording of lineStart values for divot positions.
2561 This is needed for the computation of column numbers. Similarly, it also
2562 added the recording of line numbers for the divot positions. One problem
2563 with the approach taken was that the line and lineStart values were
2564 recorded independently, and hence were not always guaranteed to be
2565 sampled at the same place that the divot position is recorded. This
2566 resulted in potential mismatches that cause some assertions to fail.
2568 The solution is to introduce a JSTextPosition abstraction that records
2569 the divot position, line, and lineStart as a single quantity. Wherever
2570 we record the divot position as an unsigned int previously, we now record
2571 its JSTextPosition which captures all 3 values in one go. This ensures
2572 that the captured line and lineStart will always match the captured divot
2575 * bytecompiler/BytecodeGenerator.cpp:
2576 (JSC::BytecodeGenerator::emitCall):
2577 (JSC::BytecodeGenerator::emitCallEval):
2578 (JSC::BytecodeGenerator::emitCallVarargs):
2579 (JSC::BytecodeGenerator::emitConstruct):
2580 (JSC::BytecodeGenerator::emitDebugHook):
2581 - Use JSTextPosition instead of passing line and lineStart explicitly.
2582 * bytecompiler/BytecodeGenerator.h:
2583 (JSC::BytecodeGenerator::emitExpressionInfo):
2584 - Use JSTextPosition instead of passing line and lineStart explicitly.
2585 * bytecompiler/NodesCodegen.cpp:
2586 (JSC::ThrowableExpressionData::emitThrowReferenceError):
2587 (JSC::ResolveNode::emitBytecode):
2588 (JSC::BracketAccessorNode::emitBytecode):
2589 (JSC::DotAccessorNode::emitBytecode):
2590 (JSC::NewExprNode::emitBytecode):
2591 (JSC::EvalFunctionCallNode::emitBytecode):
2592 (JSC::FunctionCallValueNode::emitBytecode):
2593 (JSC::FunctionCallResolveNode::emitBytecode):
2594 (JSC::FunctionCallBracketNode::emitBytecode):
2595 (JSC::FunctionCallDotNode::emitBytecode):
2596 (JSC::CallFunctionCallDotNode::emitBytecode):
2597 (JSC::ApplyFunctionCallDotNode::emitBytecode):
2598 (JSC::PostfixNode::emitResolve):
2599 (JSC::PostfixNode::emitBracket):
2600 (JSC::PostfixNode::emitDot):
2601 (JSC::DeleteResolveNode::emitBytecode):
2602 (JSC::DeleteBracketNode::emitBytecode):
2603 (JSC::DeleteDotNode::emitBytecode):
2604 (JSC::PrefixNode::emitResolve):
2605 (JSC::PrefixNode::emitBracket):
2606 (JSC::PrefixNode::emitDot):
2607 (JSC::UnaryOpNode::emitBytecode):
2608 (JSC::BinaryOpNode::emitStrcat):
2609 (JSC::BinaryOpNode::emitBytecode):
2610 (JSC::ThrowableBinaryOpNode::emitBytecode):
2611 (JSC::InstanceOfNode::emitBytecode):
2612 (JSC::emitReadModifyAssignment):
2613 (JSC::ReadModifyResolveNode::emitBytecode):
2614 (JSC::AssignResolveNode::emitBytecode):
2615 (JSC::AssignDotNode::emitBytecode):
2616 (JSC::ReadModifyDotNode::emitBytecode):
2617 (JSC::AssignBracketNode::emitBytecode):
2618 (JSC::ReadModifyBracketNode::emitBytecode):
2619 (JSC::ForInNode::emitBytecode):
2620 (JSC::WithNode::emitBytecode):
2621 (JSC::ThrowNode::emitBytecode):
2622 - Use JSTextPosition instead of passing line and lineStart explicitly.
2623 * parser/ASTBuilder.h:
2624 - Replaced ASTBuilder::PositionInfo with JSTextPosition.
2625 (JSC::ASTBuilder::BinaryOpInfo::BinaryOpInfo):
2626 (JSC::ASTBuilder::AssignmentInfo::AssignmentInfo):
2627 (JSC::ASTBuilder::createResolve):
2628 (JSC::ASTBuilder::createBracketAccess):
2629 (JSC::ASTBuilder::createDotAccess):
2630 (JSC::ASTBuilder::createRegExp):
2631 (JSC::ASTBuilder::createNewExpr):
2632 (JSC::ASTBuilder::createAssignResolve):
2633 (JSC::ASTBuilder::createExprStatement):
2634 (JSC::ASTBuilder::createForInLoop):
2635 (JSC::ASTBuilder::createReturnStatement):
2636 (JSC::ASTBuilder::createBreakStatement):
2637 (JSC::ASTBuilder::createContinueStatement):
2638 (JSC::ASTBuilder::createLabelStatement):
2639 (JSC::ASTBuilder::createWithStatement):
2640 (JSC::ASTBuilder::createThrowStatement):
2641 (JSC::ASTBuilder::appendBinaryExpressionInfo):
2642 (JSC::ASTBuilder::appendUnaryToken):
2643 (JSC::ASTBuilder::unaryTokenStackLastStart):
2644 (JSC::ASTBuilder::assignmentStackAppend):
2645 (JSC::ASTBuilder::createAssignment):
2646 (JSC::ASTBuilder::setExceptionLocation):
2647 (JSC::ASTBuilder::makeDeleteNode):
2648 (JSC::ASTBuilder::makeFunctionCallNode):
2649 (JSC::ASTBuilder::makeBinaryNode):
2650 (JSC::ASTBuilder::makeAssignNode):
2651 (JSC::ASTBuilder::makePrefixNode):
2652 (JSC::ASTBuilder::makePostfixNode):
2653 - Use JSTextPosition instead of passing line and lineStart explicitly.
2656 - Added support for capturing the appropriate JSTextPositions instead
2657 of just the character offset.
2659 (JSC::Lexer::currentPosition):
2660 (JSC::::lexExpectIdentifier):
2661 - Added support for capturing the appropriate JSTextPositions instead
2662 of just the character offset.
2663 * parser/NodeConstructors.h:
2665 (JSC::ResolveNode::ResolveNode):
2666 (JSC::EvalFunctionCallNode::EvalFunctionCallNode):
2667 (JSC::FunctionCallValueNode::FunctionCallValueNode):
2668 (JSC::FunctionCallResolveNode::FunctionCallResolveNode):
2669 (JSC::FunctionCallBracketNode::FunctionCallBracketNode):
2670 (JSC::FunctionCallDotNode::FunctionCallDotNode):
2671 (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
2672 (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
2673 (JSC::PostfixNode::PostfixNode):
2674 (JSC::DeleteResolveNode::DeleteResolveNode):
2675 (JSC::DeleteBracketNode::DeleteBracketNode):
2676 (JSC::DeleteDotNode::DeleteDotNode):
2677 (JSC::PrefixNode::PrefixNode):
2678 (JSC::ReadModifyResolveNode::ReadModifyResolveNode):
2679 (JSC::ReadModifyBracketNode::ReadModifyBracketNode):
2680 (JSC::AssignBracketNode::AssignBracketNode):
2681 (JSC::AssignDotNode::AssignDotNode):
2682 (JSC::ReadModifyDotNode::ReadModifyDotNode):
2683 (JSC::AssignErrorNode::AssignErrorNode):
2684 (JSC::WithNode::WithNode):
2685 (JSC::ForInNode::ForInNode):
2686 - Use JSTextPosition instead of passing line and lineStart explicitly.
2688 (JSC::StatementNode::setLoc):
2689 - Use JSTextPosition instead of passing line and lineStart explicitly.
2691 (JSC::Node::lineNo):
2692 (JSC::Node::startOffset):
2693 (JSC::Node::lineStartOffset):
2694 (JSC::Node::position):
2695 (JSC::ThrowableExpressionData::ThrowableExpressionData):
2696 (JSC::ThrowableExpressionData::setExceptionSourceCode):
2697 (JSC::ThrowableExpressionData::divot):
2698 (JSC::ThrowableExpressionData::divotStart):
2699 (JSC::ThrowableExpressionData::divotEnd):
2700 (JSC::ThrowableSubExpressionData::ThrowableSubExpressionData):
2701 (JSC::ThrowableSubExpressionData::setSubexpressionInfo):
2702 (JSC::ThrowableSubExpressionData::subexpressionDivot):
2703 (JSC::ThrowableSubExpressionData::subexpressionStart):
2704 (JSC::ThrowableSubExpressionData::subexpressionEnd):
2705 (JSC::ThrowablePrefixedSubExpressionData::ThrowablePrefixedSubExpressionData):
2706 (JSC::ThrowablePrefixedSubExpressionData::setSubexpressionInfo):
2707 (JSC::ThrowablePrefixedSubExpressionData::subexpressionDivot):
2708 (JSC::ThrowablePrefixedSubExpressionData::subexpressionStart):
2709 (JSC::ThrowablePrefixedSubExpressionData::subexpressionEnd):
2710 - Use JSTextPosition instead of passing line and lineStart explicitly.
2711 * parser/Parser.cpp:
2713 (JSC::::parseInner):
2714 - Use JSTextPosition instead of passing line and lineStart explicitly.
2715 (JSC::::didFinishParsing):
2716 - Remove setting of m_lastLine value. We always pass in the value from
2717 m_lastLine anyway. So, this assignment is effectively a nop.
2718 (JSC::::parseVarDeclaration):
2719 (JSC::::parseVarDeclarationList):
2720 (JSC::::parseForStatement):
2721 (JSC::::parseBreakStatement):
2722 (JSC::::parseContinueStatement):
2723 (JSC::::parseReturnStatement):
2724 (JSC::::parseThrowStatement):
2725 (JSC::::parseWithStatement):
2726 (JSC::::parseTryStatement):
2727 (JSC::::parseBlockStatement):
2728 (JSC::::parseFunctionDeclaration):
2729 (JSC::LabelInfo::LabelInfo):
2730 (JSC::::parseExpressionOrLabelStatement):
2731 (JSC::::parseExpressionStatement):
2732 (JSC::::parseAssignmentExpression):
2733 (JSC::::parseBinaryExpression):
2734 (JSC::::parseProperty):
2735 (JSC::::parsePrimaryExpression):
2736 (JSC::::parseMemberExpression):
2737 (JSC::::parseUnaryExpression):
2738 - Use JSTextPosition instead of passing line and lineStart explicitly.
2740 (JSC::Parser::next):
2741 (JSC::Parser::nextExpectIdentifier):
2742 (JSC::Parser::getToken):
2743 (JSC::Parser::tokenStartPosition):
2744 (JSC::Parser::tokenEndPosition):
2745 (JSC::Parser::lastTokenEndPosition):
2747 - Use JSTextPosition instead of passing line and lineStart explicitly.
2748 * parser/ParserTokens.h:
2749 (JSC::JSTextPosition::JSTextPosition):
2750 (JSC::JSTextPosition::operator+):
2751 (JSC::JSTextPosition::operator-):
2752 (JSC::JSTextPosition::operator int):
2753 - Added JSTextPosition.
2754 * parser/SyntaxChecker.h:
2755 (JSC::SyntaxChecker::makeFunctionCallNode):
2756 (JSC::SyntaxChecker::makeAssignNode):
2757 (JSC::SyntaxChecker::makePrefixNode):
2758 (JSC::SyntaxChecker::makePostfixNode):
2759 (JSC::SyntaxChecker::makeDeleteNode):
2760 (JSC::SyntaxChecker::createResolve):
2761 (JSC::SyntaxChecker::createBracketAccess):
2762 (JSC::SyntaxChecker::createDotAccess):
2763 (JSC::SyntaxChecker::createRegExp):
2764 (JSC::SyntaxChecker::createNewExpr):
2765 (JSC::SyntaxChecker::createAssignResolve):
2766 (JSC::SyntaxChecker::createForInLoop):
2767 (JSC::SyntaxChecker::createReturnStatement):
2768 (JSC::SyntaxChecker::createBreakStatement):
2769 (JSC::SyntaxChecker::createContinueStatement):
2770 (JSC::SyntaxChecker::createWithStatement):
2771 (JSC::SyntaxChecker::createLabelStatement):
2772 (JSC::SyntaxChecker::createThrowStatement):
2773 (JSC::SyntaxChecker::appendBinaryExpressionInfo):
2774 (JSC::SyntaxChecker::operatorStackPop):
2775 - Use JSTextPosition instead of passing line and lineStart explicitly.
2777 2013-07-29 Carlos Garcia Campos <cgarcia@igalia.com>
2779 Unreviewed. Fix make distcheck.
2781 * GNUmakefile.list.am: Add missing files to compilation.
2782 * bytecode/CodeBlock.cpp: Add a ENABLE(FTL_JIT) #if block to
2783 include FTL header files not included in the compilation.
2784 * dfg/DFGDriver.cpp: Ditto.
2785 * dfg/DFGPlan.cpp: Ditto.
2787 2013-07-29 Chris Curtis <chris_curtis@apple.com>
2789 Eager stack trace for error objects.
2790 https://bugs.webkit.org/show_bug.cgi?id=118918
2792 Reviewed by Geoffrey Garen.
2794 Chrome and Firefox give error objects the stack property and we wanted to match
2795 that functionality. This allows developers to see the stack without throwing an object.
2797 * runtime/ErrorInstance.cpp:
2798 (JSC::ErrorInstance::finishCreation):
2799 For error objects that are not thrown as an exception, we pass the stackTrace in
2800 as a parameter. This allows the error object to have the stack property.
2802 * interpreter/Interpreter.cpp:
2803 (JSC::stackTraceAsString):
2804 Helper function used to eliminate duplicate code.
2806 (JSC::Interpreter::addStackTraceIfNecessary):
2807 When an error object is created by the user the vm->exceptionStack is not set.
2808 If the user throws this error object later the stack that is in the error object
2809 may not be the correct stack for the throw, so when we set the vm->exception stack,
2810 the stack property on the error object is set as well.
2812 * runtime/ErrorConstructor.cpp:
2813 (JSC::constructWithErrorConstructor):
2814 (JSC::callErrorConstructor):
2815 * runtime/NativeErrorConstructor.cpp:
2816 (JSC::constructWithNativeErrorConstructor):
2817 (JSC::callNativeErrorConstructor):
2818 These functions indicate that the user created an error object. For all error objects
2819 that the user explicitly creates, the topCallFrame is at a new frame created to
2820 handle the user's call. In this case though, the error object needs the caller's
2821 frame to create the stack trace correctly.
2823 * interpreter/Interpreter.h:
2824 * runtime/ErrorInstance.h:
2825 (JSC::ErrorInstance::create):
2827 2013-07-29 Gavin Barraclough <barraclough@apple.com>
2829 Some cleanup in PropertySlot
2830 https://bugs.webkit.org/show_bug.cgi?id=119189
2832 Reviewed by Geoff Garen.
2834 PropertySlot represents a property in one of four states - value, getter, custom, or custom-index.
2835 The state is currently tracked redundantly by two mechanisms - the custom getter function (m_getValue)
2836 is set to a special value to indicate the type (other than custom), and the type is also tracked by
2837 an enum - but only if cacheable. Cacheability can typically be determined by the value of m_offset
2838 (this is invalidOffset if not cacheable).
2840 * Internally, always track the type of the property using an enum value, PropertyType.
2841 * Use m_offset to indicate cacheable.
2842 * Keep the external interface (CachedPropertyType) unchanged.
2843 * Better pack data into the m_data union.
2845 Performance neutral.
2847 * dfg/DFGRepatch.cpp:
2848 (JSC::DFG::tryCacheGetByID):
2849 (JSC::DFG::tryBuildGetByIDList):
2850 - cachedPropertyType() -> isCacheable*()
2851 * jit/JITPropertyAccess.cpp:
2852 (JSC::JIT::privateCompileGetByIdProto):
2853 (JSC::JIT::privateCompileGetByIdSelfList):
2854 (JSC::JIT::privateCompileGetByIdProtoList):
2855 (JSC::JIT::privateCompileGetByIdChainList):
2856 (JSC::JIT::privateCompileGetByIdChain):
2857 - cachedPropertyType() -> isCacheable*()
2858 * jit/JITPropertyAccess32_64.cpp:
2859 (JSC::JIT::privateCompileGetByIdProto):
2860 (JSC::JIT::privateCompileGetByIdSelfList):
2861 (JSC::JIT::privateCompileGetByIdProtoList):
2862 (JSC::JIT::privateCompileGetByIdChainList):
2863 (JSC::JIT::privateCompileGetByIdChain):
2864 - cachedPropertyType() -> isCacheable*()
2866 (JSC::tryCacheGetByID):
2867 - cachedPropertyType() -> isCacheable*()
2868 * llint/LLIntSlowPaths.cpp:
2869 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2870 - cachedPropertyType() -> isCacheable*()
2871 * runtime/PropertySlot.cpp:
2872 (JSC::PropertySlot::functionGetter):
2873 - refactoring described above.
2874 * runtime/PropertySlot.h:
2875 (JSC::PropertySlot::PropertySlot):
2876 (JSC::PropertySlot::getValue):
2877 (JSC::PropertySlot::isCacheable):
2878 (JSC::PropertySlot::isCacheableValue):
2879 (JSC::PropertySlot::isCacheableGetter):
2880 (JSC::PropertySlot::isCacheableCustom):
2881 (JSC::PropertySlot::cachedOffset):
2882 (JSC::PropertySlot::customGetter):
2883 (JSC::PropertySlot::setValue):
2884 (JSC::PropertySlot::setCustom):
2885 (JSC::PropertySlot::setCacheableCustom):
2886 (JSC::PropertySlot::setCustomIndex):
2887 (JSC::PropertySlot::setGetterSlot):
2888 (JSC::PropertySlot::setCacheableGetterSlot):
2889 (JSC::PropertySlot::setUndefined):
2890 (JSC::PropertySlot::slotBase):
2891 (JSC::PropertySlot::setBase):
2892 - refactoring described above.
2894 2013-07-28 Oliver Hunt <oliver@apple.com>
2896 REGRESSION: Crash when opening Facebook.com
2897 https://bugs.webkit.org/show_bug.cgi?id=119155
2899 Reviewed by Andreas Kling.
2901 Scope nodes are always objects, so we should be using SpecObjectOther
2902 rather than SpecCellOther. Marking Scopes as CellOther leads to a
2903 contradiction in the CFA, resulting in bogus codegen.
2905 * dfg/DFGAbstractInterpreterInlines.h:
2906 (JSC::DFG::::executeEffects):
2907 * dfg/DFGPredictionPropagationPhase.cpp:
2908 (JSC::DFG::PredictionPropagationPhase::propagate):
2910 2013-07-26 Oliver Hunt <oliver@apple.com>
2912 REGRESSION(FTL?): Crashes in plugin tests
2913 https://bugs.webkit.org/show_bug.cgi?id=119141
2915 Reviewed by Michael Saboff.
2917 Re-export getStackTrace
2919 * interpreter/Interpreter.h:
2921 2013-07-26 Filip Pizlo <fpizlo@apple.com>
2923 REGRESSION: Crash when opening a message on Gmail
2924 https://bugs.webkit.org/show_bug.cgi?id=119105
2926 Reviewed by Oliver Hunt and Mark Hahnenberg.
2928 - GetById patching in the DFG needs to be more disciplined about how it derives the
2931 - Fix some dumping code thread safety issues.
2933 * bytecode/CallLinkStatus.cpp:
2934 (JSC::CallLinkStatus::dump):
2935 * bytecode/CodeBlock.cpp:
2936 (JSC::CodeBlock::dumpBytecode):
2937 * dfg/DFGRepatch.cpp:
2938 (JSC::DFG::getPolymorphicStructureList):
2939 (JSC::DFG::tryBuildGetByIDList):
2941 2013-07-26 Balazs Kilvady <kilvadyb@homejinni.com>
2943 [mips] Fix LLINT build for mips backend
2944 https://bugs.webkit.org/show_bug.cgi?id=119152
2946 Reviewed by Oliver Hunt.
2948 * offlineasm/mips.rb:
2950 2013-07-19 Mark Hahnenberg <mhahnenberg@apple.com>
2952 Setting a large numeric property on an object causes it to allocate a huge backing store
2953 https://bugs.webkit.org/show_bug.cgi?id=118914
2955 Reviewed by Geoffrey Garen.
2957 There are two distinct actions that we're trying to optimize for:
2966 In the first case, the programmer has indicated that they expect this Array to be very big,
2967 so they should get a contiguous array up until some threshold, above which we perform density
2968 calculations to see if it is indeed dense enough to warrant being contiguous.
2970 In the second case, the programmer hasn't indicated anything about the size of the Array, so
2971 we should be more conservative and assume it should be sparse until we've proven otherwise.
2973 Currently both of those cases are handled by MIN_SPARSE_ARRAY_INDEX. We should distinguish
2974 between them for the purposes of not over-allocating large backing stores like we see on
2975 http://www.peekanalytics.com/burgerjoints/
2977 The way that we'll do this is to keep the MIN_SPARSE_ARRAY_INDEX for the first case, and
2978 introduce a new heuristic for the second case. If we are putting to an index above a certain
2979 threshold (say, 1000) and it is beyond the length of the array, then we will use a sparse
2980 map instead. So for example, in the second case above the empty array has a blank indexing
2981 type and a length of 0. We put-by-val to an index > 1000 and > a.length, so we'll use a sparse map.
2983 This fix is ~800x speedup on the accompanying regression test :-o
2985 * runtime/ArrayConventions.h:
2986 (JSC::indexIsSufficientlyBeyondLengthForSparseMap):
2987 * runtime/JSObject.cpp:
2988 (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
2989 (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
2990 (JSC::JSObject::putByIndexBeyondVectorLength):
2991 (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
2993 2013-07-26 Julien Brianceau <jbrianceau@nds.com>
2995 REGRESSION(FTL): Fix lots of crashes in sh4 baseline JIT.
2996 https://bugs.webkit.org/show_bug.cgi?id=119148
2998 Reviewed by Csaba Osztrogonác.
3000 * jit/JSInterfaceJIT.h: "secondArgumentRegister" is wrong for sh4.
3001 * llint/LowLevelInterpreter32_64.asm: "move t0, a0" is missing
3002 in nativeCallTrampoline for sh4. Reuse MIPS implementation to avoid
3005 2013-07-26 Julien Brianceau <jbrianceau@nds.com>
3007 REGRESSION(FTL): Crash in sh4 baseline JIT.
3008 https://bugs.webkit.org/show_bug.cgi?id=119138
3010 Reviewed by Csaba Osztrogonác.
3012 This crash is due to incomplete report of r150146 and r148474.
3014 * jit/JITStubsSH4.h:
3016 2013-07-26 Zan Dobersek <zdobersek@igalia.com>
3020 * Target.pri: Adding missing DFG files to the Qt build.
3022 2013-07-25 Csaba Osztrogonác <ossy@webkit.org>
3024 GTK and Qt buildfix after the intrusive win buildfix r153360.
3026 * GNUmakefile.list.am:
3029 2013-07-25 Gyuyoung Kim <gyuyoung.kim@samsung.com>
3031 Unreviewed, fix build break after r153360.
3033 * CMakeLists.txt: Add CommonSlowPathsExceptions.cpp.
3035 2013-07-25 Roger Fong <roger_fong@apple.com>
3037 Unreviewed build fix, AppleWin port.
3039 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3040 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3041 * JavaScriptCore.vcxproj/copy-files.cmd:
3043 2013-07-25 Roger Fong <roger_fong@apple.com>
3045 Unreviewed. Followup to r153360.
3047 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3048 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3050 2013-07-25 Michael Saboff <msaboff@apple.com>
3052 [Windows] Speculative build fix.
3054 Moved interpreterThrowInCaller() out of LLintExceptions.cpp into new CommonSlowPathsExceptions.cpp
3055 that is always compiled. Made LLInt::returnToThrow() conditional on LLINT being enabled.
3057 * JavaScriptCore.xcodeproj/project.pbxproj:
3058 * llint/LLIntExceptions.cpp:
3059 * llint/LLIntExceptions.h:
3060 * llint/LLIntSlowPaths.cpp:
3061 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3062 * runtime/CommonSlowPaths.cpp:
3063 (JSC::SLOW_PATH_DECL):
3064 * runtime/CommonSlowPathsExceptions.cpp: Added.
3065 (JSC::CommonSlowPaths::interpreterThrowInCaller):
3066 * runtime/CommonSlowPathsExceptions.h: Added.
3068 2013-07-25 Brent Fulgham <bfulgham@apple.com>
3070 [Windows] Unreviewed build fix.
3072 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Add missing IntendedStructureChange.h,.cpp and
3073 parser/SourceCode.h,.cpp.
3074 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
3076 2013-07-25 Anders Carlsson <andersca@apple.com>
3078 ASSERT(m_vm->apiLock().currentThreadIsHoldingLock()); fails for Safari on current ToT
3079 https://bugs.webkit.org/show_bug.cgi?id=119108
3081 Reviewed by Mark Hahnenberg.
3083 Add a currentThreadIsHoldingAPILock() function to VM that checks if the current thread is the exclusive API thread.
3085 * heap/CopiedSpace.cpp:
3086 (JSC::CopiedSpace::tryAllocateSlowCase):
3088 (JSC::Heap::protect):
3089 (JSC::Heap::unprotect):
3090 (JSC::Heap::collect):
3091 * heap/MarkedAllocator.cpp:
3092 (JSC::MarkedAllocator::allocateSlowCase):
3093 * runtime/JSGlobalObject.cpp:
3094 (JSC::JSGlobalObject::init):
3096 (JSC::VM::currentThreadIsHoldingAPILock):
3098 2013-07-25 Zan Dobersek <zdobersek@igalia.com>
3100 REGRESSION(FTL): Most layout tests crashes
3101 https://bugs.webkit.org/show_bug.cgi?id=119089
3103 Reviewed by Oliver Hunt.
3105 * runtime/ExecutionHarness.h:
3106 (JSC::prepareForExecution): Move prepareForExecutionImpl call into its own statement. This prevents the GCC-compiled
3107 code to create the PassOwnPtr<JSC::JITCode> (intended as a parameter to the installOptimizedCode call) from the jitCode
3108 RefPtr<JSC::JITCode> parameter before the latter was actually given a proper value through the prepareForExecutionImpl call.
3109 Currently it's created beforehand and therefor holds a null pointer before it's anchored as the JIT code in
3110 JSC::CodeBlock::setJITCode, which later indirectly causes assertions in JSC::CodeBlock::jitCompile.
3111 (JSC::prepareFunctionForExecution): Ditto for prepareFunctionForExecutionImpl.
3113 2013-07-25 Brent Fulgham <bfulgham@apple.com>
3115 [Windows] Unreviewed build fix.
3117 * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props: Add missing 'ftl'
3120 2013-07-25 Brent Fulgham <bfulgham@apple.com>
3122 [Windows] Unreviewed build fix.
3124 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Add some missing files:
3125 runtime/VM.h,.cpp; Remove deleted JSGlobalData.h,.cpp.
3126 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
3128 2013-07-25 Oliver Hunt <oliver@apple.com>
3130 Make all jit & non-jit combos build cleanly
3131 https://bugs.webkit.org/show_bug.cgi?id=119102
3133 Reviewed by Anders Carlsson.
3135 * bytecode/CodeBlock.cpp:
3136 (JSC::CodeBlock::counterValueForOptimizeSoon):
3137 * bytecode/CodeBlock.h:
3138 (JSC::CodeBlock::optimizeAfterWarmUp):
3139 (JSC::CodeBlock::numberOfDFGCompiles):
3141 2013-07-25 Oliver Hunt <oliver@apple.com>
3143 32 bit portion of load validation logic
3144 https://bugs.webkit.org/show_bug.cgi?id=118878
3146 Reviewed by NOBODY (Build fix).
3148 * dfg/DFGSpeculativeJIT32_64.cpp:
3149 (JSC::DFG::SpeculativeJIT::compile):
3151 2013-07-25 Oliver Hunt <oliver@apple.com>
3153 More 32bit build fixes
3155 - Apparnetly some compilers don't track the fastcall directive everywhere we expect
3157 * API/APICallbackFunction.h:
3158 (JSC::APICallbackFunction::call):
3159 * bytecode/CodeBlock.cpp:
3160 * runtime/Structure.cpp:
3162 2013-07-25 Yi Shen <max.hong.shen@gmail.com>
3164 Optimize the thread locks for API Shims
3165 https://bugs.webkit.org/show_bug.cgi?id=118573
3167 Reviewed by Geoffrey Garen.
3169 Remove the thread lock from API Shims if the VM has an exclusive thread (e.g. the VM
3170 only used by WebCore's main thread).
3173 (JSC::APIEntryShim::APIEntryShim):
3174 (JSC::APICallbackShim::APICallbackShim):
3175 * runtime/JSLock.cpp:
3176 (JSC::JSLockHolder::JSLockHolder):
3177 (JSC::JSLockHolder::init):
3178 (JSC::JSLockHolder::~JSLockHolder):
3179 (JSC::JSLock::DropAllLocks::DropAllLocks):
3180 (JSC::JSLock::DropAllLocks::~DropAllLocks):
3185 2013-07-25 Christophe Dumez <ch.dumez@sisa.samsung.com>
3187 Unreviewed build fix after r153218.
3189 Broke the EFL port build with gcc 4.7.
3191 * interpreter/StackIterator.cpp:
3194 2013-07-25 Julien Brianceau <jbrianceau@nds.com>
3196 Build fix: add missing #include.
3197 https://bugs.webkit.org/show_bug.cgi?id=119087
3199 Reviewed by Allan Sandfeld Jensen.
3201 * bytecode/ArrayProfile.cpp:
3203 2013-07-25 Ryuan Choi <ryuan.choi@samsung.com>
3205 Unreviewed, build fix on the EFL port.
3207 * CMakeLists.txt: Added JSCTestRunnerUtils.cpp.
3209 2013-07-25 Julien Brianceau <jbrianceau@nds.com>
3211 [sh4] Add missing store8(TrustedImm32, void*) implementation in baseline JIT.
3212 https://bugs.webkit.org/show_bug.cgi?id=119083
3214 Reviewed by Allan Sandfeld Jensen.
3216 * assembler/MacroAssemblerSH4.h:
3217 (JSC::MacroAssemblerSH4::store8):
3219 2013-07-25 Allan Sandfeld Jensen <allan.jensen@digia.com>
3221 [Qt] Fix test build after FTL upstream
3223 Unreviewed build fix.
3227 2013-07-25 Allan Sandfeld Jensen <allan.jensen@digia.com>
3229 [Qt] Build fix after FTL.
3231 Un Reviewed build fix.
3234 * interpreter/StackIterator.cpp:
3235 (JSC::StackIterator::Frame::print):
3237 2013-07-25 Gabor Rapcsanyi <rgabor@webkit.org>
3239 Unreviewed build fix after FTL upstream.
3241 * dfg/DFGWorklist.cpp:
3242 (JSC::DFG::Worklist::~Worklist):
3244 2013-07-25 Ryuan Choi <ryuan.choi@samsung.com>
3246 Unreviewed, build fix on the EFL port.
3249 Added SourceCode.cpp and removed BlackBerry file.
3251 (JSC::JITCode::nextTierJIT):
3252 Fixed to build break because of -Werror=return-type
3253 * parser/Lexer.cpp: Includes JSFunctionInlines.h
3254 * runtime/JSScope.h:
3256 Fixed to build break because of -Werror=return-type
3258 2013-07-25 Ádám Kallai <kadam@inf.u-szeged.hu>
3260 Unreviewed build fixing after FTL upstream.
3262 * runtime/Executable.cpp:
3263 (JSC::FunctionExecutable::produceCodeBlockFor):
3265 2013-07-25 Julien Brianceau <jbrianceau@nds.com>
3267 Add missing implementation of bxxxnz in sh4 LLINT.
3268 https://bugs.webkit.org/show_bug.cgi?id=119079
3270 Reviewed by Allan Sandfeld Jensen.
3272 * offlineasm/sh4.rb:
3274 2013-07-25 Gabor Rapcsanyi <rgabor@webkit.org>
3276 Unreviewed, build fix on the Qt port.
3278 * Target.pri: Add additional build files for the FTL.
3280 2013-07-25 Ádám Kallai <kadam@inf.u-szeged.hu>
3282 Unreviewed buildfix after FTL upstream..
3284 * interpreter/StackIterator.cpp:
3285 (JSC::StackIterator::Frame::codeType):
3286 (JSC::StackIterator::Frame::functionName):
3287 (JSC::StackIterator::Frame::sourceURL):
3288 (JSC::StackIterator::Frame::logicalFrame):
3290 2013-07-25 Zan Dobersek <zdobersek@igalia.com>
3294 * heap/CopyVisitor.cpp: Include CopiedSpaceInlines header so the CopiedSpace::recycleEvacuatedBlock
3295 method is not left undefined, causing build failures on (at least) the GTK port.
3297 2013-07-25 Zan Dobersek <zdobersek@igalia.com>
3299 Unreviewed, further build fixing on the GTK port.
3301 * GNUmakefile.list.am: Add CompilationResult source files to the build.
3303 2013-07-25 Zan Dobersek <zdobersek@igalia.com>
3305 Unreviewed GTK build fixing.
3307 * GNUmakefile.am: Make the shared libjsc library depend on any changes to the build target list.
3308 * GNUmakefile.list.am: Add additional build targets for files that were introduced by the FTL branch merge.
3310 2013-07-25 Csaba Osztrogonác <ossy@webkit.org>
3312 Buildfix after this error:
3313 error: 'pathName' may be used uninitialized in this function [-Werror=uninitialized]
3316 (JSC::DFG::Plan::compileInThread):
3318 2013-07-25 Csaba Osztrogonác <ossy@webkit.org>
3320 One more buildfix after FTL upstream.
3322 Return a dummy value after RELEASE_ASSERT_NOT_REACHED() to make GCC happy.
3324 * dfg/DFGLazyJSValue.cpp:
3325 (JSC::DFG::LazyJSValue::getValue):
3326 (JSC::DFG::LazyJSValue::strictEqual):
3328 2013-07-25 Julien Brianceau <jbrianceau@nds.com>
3330 Fix "Unhandled opcode localAnnotation" build error in sh4 and mips LLINT.
3331 https://bugs.webkit.org/show_bug.cgi?id=119076
3333 Reviewed by Allan Sandfeld Jensen.
3335 * offlineasm/mips.rb:
3336 * offlineasm/sh4.rb:
3338 2013-07-25 Zan Dobersek <zdobersek@igalia.com>
3340 Unreviewed GTK build fix.
3342 * GNUmakefile.list.am: Adding JSCTestRunnerUtils files to the build.
3344 2013-07-25 Zan Dobersek <zdobersek@igalia.com>
3346 Unreviewed. Further build fixing for the GTK port. Adding the forwarding header
3347 for JSCTestRunnerUtils.h as required by the DumpRenderTree compilation.
3349 * ForwardingHeaders/JavaScriptCore/JSCTestRunnerUtils.h: Added.
3351 2013-07-25 Zan Dobersek <zdobersek@igalia.com>
3353 Unreviewed. Fixing the GTK build after the FTL merging by updating the build targets list.
3356 * GNUmakefile.list.am:
3358 2013-07-25 Ádám Kallai <kadam@inf.u-szeged.hu>
3360 Unreviewed buildfix after FTL upstream.
3362 * runtime/JSScope.h:
3363 (JSC::needsVarInjectionChecks):
3365 2013-07-25 Csaba Osztrogonác <ossy@webkit.org>
3367 One more fix after FTL upstream.
3370 * bytecode/CodeBlock.h:
3371 * bytecode/GetByIdStatus.h:
3372 (JSC::GetByIdStatus::GetByIdStatus):
3374 2013-07-24 Csaba Osztrogonác <ossy@webkit.org>
3376 Unreviewed buildfix after FTL upstream.
3378 Add ftl directory as include path.
3381 * JavaScriptCore.pri:
3383 2013-07-24 Csaba Osztrogonác <ossy@webkit.org>
3385 Unreviewed buildfix after FTL upstream for non C++11 builds.
3387 * interpreter/CallFrame.h:
3388 * interpreter/StackIteratorPrivate.h:
3389 (JSC::StackIterator::end):
3391 2013-07-24 Oliver Hunt <oliver@apple.com>
3393 Endeavour to fix CMakelist builds
3397 2013-07-24 Filip Pizlo <fpizlo@apple.com>
3399 fourthTier: DFG IR dumps should be easier to read
3400 https://bugs.webkit.org/show_bug.cgi?id=119050
3402 Reviewed by Mark Hahnenberg.
3404 Added a DumpContext that includes support for printing an endnote
3405 that describes all structures in full, while the main flow of the
3406 dump just uses made-up names for the structures. This is helpful
3407 since Structure::dump() may print a lot. The stuff it prints is
3408 useful, but if it's all inline with the surrounding thing you're
3409 dumping (often, a node in the DFG), then you get a ridiculously
3410 long print-out. All classes that dump structures (including
3411 Structure itself) now have dumpInContext() methods that use
3412 inContext() for dumping anything that might transitively print a
3413 structure. If Structure::dumpInContext() is called with a NULL
3414 context, it just uses dump() like before. Hence you don't have to
3415 know anything about DumpContext unless you want to.
3417 inContext(*structure, context) dumps something like %B4:Array,
3418 and the endnote will have something like:
3420 %B4:Array = 0x10e91a180:[Array, {Edge:100, Normal:101, Line:102, NumPx:103, LastPx:104}, ArrayWithContiguous, Proto:0x10e99ffe0]
3422 where B4 is the inferred name that StringHashDumpContext came up
git://git.webkit.org / WebKit-https.git / blob