JSCell::fastGetOwnProperty() should get the Structure more efficiently.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-03-01  Andreas Kling  <akling@apple.com>
2
3         JSCell::fastGetOwnProperty() should get the Structure more efficiently.
4         <https://webkit.org/b/129560>
5
6         Now that structure() is nontrivial and we have a faster structure(VM&),
7         make use of that in fastGetOwnProperty() since we already have VM.
8
9         Reviewed by Sam Weinig.
10
11         * runtime/JSCellInlines.h:
12         (JSC::JSCell::fastGetOwnProperty):
13
14 2014-03-01  Andreas Kling  <akling@apple.com>
15
16         Avoid going through ExecState for VM when we already have it (in some places.)
17         <https://webkit.org/b/129554>
18
19         Tweak some places that jump through unnecessary hoops to get the VM.
20         There are many more like this.
21
22         Reviewed by Sam Weinig.
23
24         * runtime/JSObject.cpp:
25         (JSC::JSObject::putByIndexBeyondVectorLength):
26         (JSC::JSObject::putDirectIndexBeyondVectorLength):
27         * runtime/ObjectPrototype.cpp:
28         (JSC::objectProtoFuncToString):
29
30 2014-02-28  Filip Pizlo  <fpizlo@apple.com>
31
32         FTL should support PhantomArguments
33         https://bugs.webkit.org/show_bug.cgi?id=113986
34
35         Reviewed by Oliver Hunt.
36         
37         Adding PhantomArguments to the FTL mostly means wiring the recovery of the Arguments
38         object into the FTL's OSR exit compiler.
39         
40         This isn't a speed-up yet, since there is still more to be done to fully support
41         all of the arguments craziness that our varargs benchmarks do.
42
43         * dfg/DFGOSRExitCompiler32_64.cpp:
44         (JSC::DFG::OSRExitCompiler::compileExit): move the recovery code to DFGOSRExitCompilerCommon.cpp
45         * dfg/DFGOSRExitCompiler64.cpp:
46         (JSC::DFG::OSRExitCompiler::compileExit): move the recovery code to DFGOSRExitCompilerCommon.cpp
47         * dfg/DFGOSRExitCompilerCommon.cpp:
48         (JSC::DFG::ArgumentsRecoveryGenerator::ArgumentsRecoveryGenerator):
49         (JSC::DFG::ArgumentsRecoveryGenerator::~ArgumentsRecoveryGenerator):
50         (JSC::DFG::ArgumentsRecoveryGenerator::generateFor): this is the common place for the recovery code
51         * dfg/DFGOSRExitCompilerCommon.h:
52         * ftl/FTLCapabilities.cpp:
53         (JSC::FTL::canCompile):
54         * ftl/FTLExitValue.cpp:
55         (JSC::FTL::ExitValue::dumpInContext):
56         * ftl/FTLExitValue.h:
57         (JSC::FTL::ExitValue::argumentsObjectThatWasNotCreated):
58         (JSC::FTL::ExitValue::isArgumentsObjectThatWasNotCreated):
59         (JSC::FTL::ExitValue::valueFormat):
60         * ftl/FTLLowerDFGToLLVM.cpp:
61         (JSC::FTL::LowerDFGToLLVM::compileNode):
62         (JSC::FTL::LowerDFGToLLVM::compilePhantomArguments):
63         (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
64         (JSC::FTL::LowerDFGToLLVM::tryToSetConstantExitArgument):
65         * ftl/FTLOSRExitCompiler.cpp:
66         (JSC::FTL::compileStub): Call into the ArgumentsRecoveryGenerator
67         * tests/stress/slightly-more-difficult-to-fold-reflective-arguments-access.js: Added.
68         * tests/stress/trivially-foldable-reflective-arguments-access.js: Added.
69
70 2014-02-28  Filip Pizlo  <fpizlo@apple.com>
71
72         Unreviewed, uncomment some code. It wasn't meant to be commented in the first place.
73
74         * dfg/DFGCSEPhase.cpp:
75         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
76
77 2014-02-28  Andreas Kling  <akling@apple.com>
78
79         JSObject::findPropertyHashEntry() should take VM instead of ExecState.
80         <https://webkit.org/b/129529>
81
82         Callers already have VM in a local, and findPropertyHashEntry() only
83         uses the VM, no need to go all the way through ExecState.
84
85         Reviewed by Geoffrey Garen.
86
87         * runtime/JSObject.cpp:
88         (JSC::JSObject::put):
89         (JSC::JSObject::deleteProperty):
90         (JSC::JSObject::findPropertyHashEntry):
91         * runtime/JSObject.h:
92
93 2014-02-28  Joseph Pecoraro  <pecoraro@apple.com>
94
95         Deadlock remotely inspecting iOS Simulator
96         https://bugs.webkit.org/show_bug.cgi?id=129511
97
98         Reviewed by Timothy Hatcher.
99
100         Avoid synchronous setup. Do it asynchronously, and let
101         the RemoteInspector singleton know later if it failed.
102
103         * inspector/remote/RemoteInspector.h:
104         * inspector/remote/RemoteInspector.mm:
105         (Inspector::RemoteInspector::setupFailed):
106         * inspector/remote/RemoteInspectorDebuggableConnection.h:
107         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
108         (Inspector::RemoteInspectorDebuggableConnection::setup):
109
110 2014-02-28  Oliver Hunt  <oliver@apple.com>
111
112         REGRESSION(r164835): It broke 10 JSC stress test on 32 bit platforms
113         https://bugs.webkit.org/show_bug.cgi?id=129488
114
115         Reviewed by Mark Lam.
116
117         Whoops, modify the right register.
118
119         * jit/JITCall32_64.cpp:
120         (JSC::JIT::compileLoadVarargs):
121
122 2014-02-28  Filip Pizlo  <fpizlo@apple.com>
123
124         FTL should be able to call sin/cos directly on platforms where the intrinsic is busted
125         https://bugs.webkit.org/show_bug.cgi?id=129503
126
127         Reviewed by Mark Lam.
128
129         * ftl/FTLIntrinsicRepository.h:
130         * ftl/FTLOutput.h:
131         (JSC::FTL::Output::doubleSin):
132         (JSC::FTL::Output::doubleCos):
133         (JSC::FTL::Output::intrinsicOrOperation):
134
135 2014-02-28  Mark Hahnenberg  <mhahnenberg@apple.com>
136
137         Fix !ENABLE(GGC) builds
138
139         * heap/Heap.cpp:
140         (JSC::Heap::markRoots):
141         (JSC::Heap::gatherJSStackRoots): Also fix one of the names of the GC phases.
142
143 2014-02-27  Mark Hahnenberg  <mhahnenberg@apple.com>
144
145         Clean up Heap::collect and Heap::markRoots
146         https://bugs.webkit.org/show_bug.cgi?id=129464
147
148         Reviewed by Geoffrey Garen.
149
150         These functions have built up a lot of cruft recently. 
151         We should do a bit of cleanup to make them easier to grok.
152
153         * heap/Heap.cpp:
154         (JSC::Heap::finalizeUnconditionalFinalizers):
155         (JSC::Heap::gatherStackRoots):
156         (JSC::Heap::gatherJSStackRoots):
157         (JSC::Heap::gatherScratchBufferRoots):
158         (JSC::Heap::clearLivenessData):
159         (JSC::Heap::visitSmallStrings):
160         (JSC::Heap::visitConservativeRoots):
161         (JSC::Heap::visitCompilerWorklists):
162         (JSC::Heap::markProtectedObjects):
163         (JSC::Heap::markTempSortVectors):
164         (JSC::Heap::markArgumentBuffers):
165         (JSC::Heap::visitException):
166         (JSC::Heap::visitStrongHandles):
167         (JSC::Heap::visitHandleStack):
168         (JSC::Heap::traceCodeBlocksAndJITStubRoutines):
169         (JSC::Heap::converge):
170         (JSC::Heap::visitWeakHandles):
171         (JSC::Heap::clearRememberedSet):
172         (JSC::Heap::updateObjectCounts):
173         (JSC::Heap::resetVisitors):
174         (JSC::Heap::markRoots):
175         (JSC::Heap::copyBackingStores):
176         (JSC::Heap::deleteUnmarkedCompiledCode):
177         (JSC::Heap::collect):
178         (JSC::Heap::collectIfNecessaryOrDefer):
179         (JSC::Heap::suspendCompilerThreads):
180         (JSC::Heap::willStartCollection):
181         (JSC::Heap::deleteOldCode):
182         (JSC::Heap::flushOldStructureIDTables):
183         (JSC::Heap::flushWriteBarrierBuffer):
184         (JSC::Heap::stopAllocation):
185         (JSC::Heap::reapWeakHandles):
186         (JSC::Heap::sweepArrayBuffers):
187         (JSC::Heap::snapshotMarkedSpace):
188         (JSC::Heap::deleteSourceProviderCaches):
189         (JSC::Heap::notifyIncrementalSweeper):
190         (JSC::Heap::rememberCurrentlyExecutingCodeBlocks):
191         (JSC::Heap::resetAllocators):
192         (JSC::Heap::updateAllocationLimits):
193         (JSC::Heap::didFinishCollection):
194         (JSC::Heap::resumeCompilerThreads):
195         * heap/Heap.h:
196
197 2014-02-27  Ryosuke Niwa  <rniwa@webkit.org>
198
199         indexOf and lastIndexOf shouldn't resolve ropes when needle is longer than haystack
200         https://bugs.webkit.org/show_bug.cgi?id=129466
201
202         Reviewed by Michael Saboff.
203
204         Refactored the code to avoid calling JSString::value when needle is longer than haystack.
205
206         * runtime/StringPrototype.cpp:
207         (JSC::stringProtoFuncIndexOf):
208         (JSC::stringProtoFuncLastIndexOf):
209
210 2014-02-27  Timothy Hatcher  <timothy@apple.com>
211
212         Improve how ContentSearchUtilities::lineEndings works by supporting the three common line endings.
213
214         https://bugs.webkit.org/show_bug.cgi?id=129458
215
216         Reviewed by Joseph Pecoraro.
217
218         * inspector/ContentSearchUtilities.cpp:
219         (Inspector::ContentSearchUtilities::textPositionFromOffset): Remove assumption about line ending length.
220         (Inspector::ContentSearchUtilities::getRegularExpressionMatchesByLines): Remove assumption about
221         line ending type and don't try to strip the line ending. Use size_t
222         (Inspector::ContentSearchUtilities::lineEndings): Use findNextLineStart to find the lines.
223         This will include the line ending in the lines, but that is okay.
224         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch): Use size_t.
225         (Inspector::ContentSearchUtilities::searchInTextByLines): Modernize.
226
227 2014-02-27  Joseph Pecoraro  <pecoraro@apple.com>
228
229         [Mac] Warning: Multiple build commands for output file GCSegmentedArray and InspectorAgent
230         https://bugs.webkit.org/show_bug.cgi?id=129446
231
232         Reviewed by Timothy Hatcher.
233
234         Remove duplicate header entries in Copy Header build phase.
235
236         * JavaScriptCore.xcodeproj/project.pbxproj:
237
238 2014-02-27  Oliver Hunt  <oliver@apple.com>
239
240         Whoops, include all of last patch.
241
242         * jit/JITCall32_64.cpp:
243         (JSC::JIT::compileLoadVarargs):
244
245 2014-02-27  Oliver Hunt  <oliver@apple.com>
246
247         Slow cases for function.apply and function.call should not require vm re-entry
248         https://bugs.webkit.org/show_bug.cgi?id=129454
249
250         Reviewed by Geoffrey Garen.
251
252         Implement call and apply using builtins. Happily the use
253         of @call and @apply don't perform function equality checks
254         and just plant direct var_args calls. This did expose a few
255         codegen issues, but they're all covered by existing tests
256         once call and apply are implemented in JS.
257
258         * JavaScriptCore.xcodeproj/project.pbxproj:
259         * builtins/Function.prototype.js: Added.
260         (call):
261         (apply):
262         * bytecompiler/NodesCodegen.cpp:
263         (JSC::CallFunctionCallDotNode::emitBytecode):
264         (JSC::ApplyFunctionCallDotNode::emitBytecode):
265         * dfg/DFGCapabilities.cpp:
266         (JSC::DFG::capabilityLevel):
267         * interpreter/Interpreter.cpp:
268         (JSC::sizeFrameForVarargs):
269         (JSC::loadVarargs):
270         * interpreter/Interpreter.h:
271         * jit/JITCall.cpp:
272         (JSC::JIT::compileLoadVarargs):
273         * parser/ASTBuilder.h:
274         (JSC::ASTBuilder::makeFunctionCallNode):
275         * parser/Lexer.cpp:
276         (JSC::isSafeBuiltinIdentifier):
277         * runtime/CommonIdentifiers.h:
278         * runtime/FunctionPrototype.cpp:
279         (JSC::FunctionPrototype::addFunctionProperties):
280         * runtime/JSObject.cpp:
281         (JSC::JSObject::putDirectBuiltinFunction):
282         (JSC::JSObject::putDirectBuiltinFunctionWithoutTransition):
283         * runtime/JSObject.h:
284
285 2014-02-27  Joseph Pecoraro  <pecoraro@apple.com>
286
287         Web Inspector: Better name for RemoteInspectorDebuggableConnection dispatch queue
288         https://bugs.webkit.org/show_bug.cgi?id=129443
289
290         Reviewed by Timothy Hatcher.
291
292         This queue is specific to the JSContext debuggable connections,
293         there is no XPC involved. Give it a better name.
294
295         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
296         (Inspector::RemoteInspectorDebuggableConnection::RemoteInspectorDebuggableConnection):
297
298 2014-02-27  David Kilzer  <ddkilzer@apple.com>
299
300         Remove jsc symlink if it already exists
301
302         This is a follow-up fix for:
303
304         Create symlink to /usr/local/bin/jsc during installation
305         <http://webkit.org/b/129399>
306         <rdar://problem/16168734>
307
308         * JavaScriptCore.xcodeproj/project.pbxproj:
309         (Create /usr/local/bin/jsc symlink): If a jsc symlink already
310         exists where we're about to create the symlink, remove the old
311         one first.
312
313 2014-02-27  Michael Saboff  <msaboff@apple.com>
314
315         Unreviewed build fix for Mac tools after r164814
316
317         * Configurations/ToolExecutable.xcconfig:
318         - Added JavaScriptCore.framework/PrivateHeaders to ToolExecutable include path.
319         * JavaScriptCore.xcodeproj/project.pbxproj:
320         - Changed productName to testRegExp for testRegExp target.
321
322 2014-02-27  Joseph Pecoraro  <pecoraro@apple.com>
323
324         Web Inspector: JSContext inspection should report exceptions in the console
325         https://bugs.webkit.org/show_bug.cgi?id=128776
326
327         Reviewed by Timothy Hatcher.
328
329         When JavaScript API functions have an exception, let the inspector
330         know so it can log the JavaScript and Native backtrace that caused
331         the exception.
332
333         Include some clean up of ConsoleMessage and ScriptCallStack construction.
334
335         * API/JSBase.cpp:
336         (JSEvaluateScript):
337         (JSCheckScriptSyntax):
338         * API/JSObjectRef.cpp:
339         (JSObjectMakeFunction):
340         (JSObjectMakeArray):
341         (JSObjectMakeDate):
342         (JSObjectMakeError):
343         (JSObjectMakeRegExp):
344         (JSObjectGetProperty):
345         (JSObjectSetProperty):
346         (JSObjectGetPropertyAtIndex):
347         (JSObjectSetPropertyAtIndex):
348         (JSObjectDeleteProperty):
349         (JSObjectCallAsFunction):
350         (JSObjectCallAsConstructor):
351         * API/JSValue.mm:
352         (reportExceptionToInspector):
353         (valueToArray):
354         (valueToDictionary):
355         * API/JSValueRef.cpp:
356         (JSValueIsEqual):
357         (JSValueIsInstanceOfConstructor):
358         (JSValueCreateJSONString):
359         (JSValueToNumber):
360         (JSValueToStringCopy):
361         (JSValueToObject):
362         When seeing an exception, let the inspector know there was an exception.
363
364         * inspector/JSGlobalObjectInspectorController.h:
365         * inspector/JSGlobalObjectInspectorController.cpp:
366         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
367         (Inspector::JSGlobalObjectInspectorController::appendAPIBacktrace):
368         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
369         Log API exceptions by also grabbing the native backtrace.
370
371         * inspector/ScriptCallStack.h:
372         * inspector/ScriptCallStack.cpp:
373         (Inspector::ScriptCallStack::firstNonNativeCallFrame):
374         (Inspector::ScriptCallStack::append):
375         Minor extensions to ScriptCallStack to make it easier to work with.
376
377         * inspector/ConsoleMessage.cpp:
378         (Inspector::ConsoleMessage::ConsoleMessage):
379         (Inspector::ConsoleMessage::autogenerateMetadata):
380         Provide better default information if the first call frame was native.
381
382         * inspector/ScriptCallStackFactory.cpp:
383         (Inspector::createScriptCallStack):
384         (Inspector::extractSourceInformationFromException):
385         (Inspector::createScriptCallStackFromException):
386         Perform the handling here of inserting a fake call frame for exceptions
387         if there was no call stack (e.g. a SyntaxError) or if the first call
388         frame had no information.
389
390         * inspector/ConsoleMessage.cpp:
391         (Inspector::ConsoleMessage::ConsoleMessage):
392         (Inspector::ConsoleMessage::autogenerateMetadata):
393         * inspector/ConsoleMessage.h:
394         * inspector/ScriptCallStackFactory.cpp:
395         (Inspector::createScriptCallStack):
396         (Inspector::createScriptCallStackForConsole):
397         * inspector/ScriptCallStackFactory.h:
398         * inspector/agents/InspectorConsoleAgent.cpp:
399         (Inspector::InspectorConsoleAgent::enable):
400         (Inspector::InspectorConsoleAgent::addMessageToConsole):
401         (Inspector::InspectorConsoleAgent::count):
402         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
403         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
404         ConsoleMessage cleanup.
405
406 2014-02-27  David Kilzer  <ddkilzer@apple.com>
407
408         Create symlink to /usr/local/bin/jsc during installation
409         <http://webkit.org/b/129399>
410         <rdar://problem/16168734>
411
412         Reviewed by Dan Bernstein.
413
414         * JavaScriptCore.xcodeproj/project.pbxproj:
415         - Add "Create /usr/local/bin/jsc symlink" build phase script to
416           create the symlink during installation.
417
418 2014-02-27  Tibor Meszaros  <tmeszaros.u-szeged@partner.samsung.com>
419
420         Math.{max, min}() must not return after first NaN value
421         https://bugs.webkit.org/show_bug.cgi?id=104147
422
423         Reviewed by Oliver Hunt.
424
425         According to the spec, ToNumber going to be called on each argument
426         even if a `NaN` value was already found
427
428         * runtime/MathObject.cpp:
429         (JSC::mathProtoFuncMax):
430         (JSC::mathProtoFuncMin):
431
432 2014-02-27  Gergo Balogh  <gbalogh.u-szeged@partner.samsung.com>
433
434         JSType upper limit (0xff) assertion can be removed.
435         https://bugs.webkit.org/show_bug.cgi?id=129424
436
437         Reviewed by Geoffrey Garen.
438
439         * runtime/JSTypeInfo.h:
440         (JSC::TypeInfo::TypeInfo):
441
442 2014-02-26  Michael Saboff  <msaboff@apple.com>
443
444         Auto generate bytecode information for bytecode parser and LLInt
445         https://bugs.webkit.org/show_bug.cgi?id=129181
446
447         Reviewed by Mark Lam.
448
449         Added new bytecode/BytecodeList.json that contains a list of bytecodes and related
450         helpers.  It also includes bytecode length and other information used to generate files.
451         Added a new generator, generate-bytecode-files that generates Bytecodes.h and InitBytecodes.asm
452         in DerivedSources/JavaScriptCore/.
453
454         Added the generation of these files to the "DerivedSource" build step.
455         Slighty changed the build order, since the Bytecodes.h file is needed by
456         JSCLLIntOffsetsExtractor.  Moved the offline assembly to a separate step since it needs
457         to be run after JSCLLIntOffsetsExtractor.
458
459         Made related changes to OPCODE macros and their use.
460
461         Added JavaScriptCore.framework/PrivateHeaders to header file search path for building
462         jsc to resolve Mac build issue.
463
464         * CMakeLists.txt:
465         * Configurations/JSC.xcconfig:
466         * DerivedSources.make:
467         * GNUmakefile.am:
468         * GNUmakefile.list.am:
469         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
470         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
471         * JavaScriptCore.vcxproj/copy-files.cmd:
472         * JavaScriptCore.xcodeproj/project.pbxproj:
473         * bytecode/Opcode.h:
474         (JSC::padOpcodeName):
475         * llint/LLIntCLoop.cpp:
476         (JSC::LLInt::CLoop::initialize):
477         * llint/LLIntCLoop.h:
478         * llint/LLIntData.cpp:
479         (JSC::LLInt::initialize):
480         * llint/LLIntOpcode.h:
481         * llint/LowLevelInterpreter.asm:
482
483 2014-02-27  Julien Brianceau   <jbriance@cisco.com>
484
485         Fix 32-bit V_JITOperation_EJ callOperation introduced in r162652.
486         https://bugs.webkit.org/show_bug.cgi?id=129420
487
488         Reviewed by Geoffrey Garen.
489
490         * dfg/DFGSpeculativeJIT.h:
491         (JSC::DFG::SpeculativeJIT::callOperation): Payload and tag are swapped.
492         Also, EABI_32BIT_DUMMY_ARG is missing for arm EABI and mips.
493
494 2014-02-27  Filip Pizlo  <fpizlo@apple.com>
495
496         Octane/closure thrashes between flattening dictionaries during global object initialization in a global eval
497         https://bugs.webkit.org/show_bug.cgi?id=129435
498
499         Reviewed by Oliver Hunt.
500         
501         This is a 5-10% speed-up on Octane/closure.
502
503         * interpreter/Interpreter.cpp:
504         (JSC::Interpreter::execute):
505         * jsc.cpp:
506         (GlobalObject::finishCreation):
507         (functionClearCodeCache):
508         * runtime/BatchedTransitionOptimizer.h:
509         (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
510         (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
511
512 2014-02-27  Alexey Proskuryakov  <ap@apple.com>
513
514         Added svn:ignore to two directories, so that .pyc files don't show up as unversioned.
515
516         * inspector/scripts: Added property svn:ignore.
517         * replay/scripts: Added property svn:ignore.
518
519 2014-02-27  Gabor Rapcsanyi  <rgabor@webkit.org>
520
521         r164764 broke the ARM build
522         https://bugs.webkit.org/show_bug.cgi?id=129415
523
524         Reviewed by Zoltan Herczeg.
525
526         * assembler/MacroAssemblerARM.h:
527         (JSC::MacroAssemblerARM::moveWithPatch): Change reinterpret_cast to static_cast.
528         (JSC::MacroAssemblerARM::canJumpReplacePatchableBranch32WithPatch): Add missing function.
529         (JSC::MacroAssemblerARM::startOfPatchableBranch32WithPatchOnAddress): Add missing function.
530         (JSC::MacroAssemblerARM::revertJumpReplacementToPatchableBranch32WithPatch): Add missing function.
531
532 2014-02-27  Mark Hahnenberg  <mhahnenberg@apple.com>
533
534         r164764 broke the ARM build
535         https://bugs.webkit.org/show_bug.cgi?id=129415
536
537         Reviewed by Geoffrey Garen.
538
539         * assembler/MacroAssemblerARM.h:
540         (JSC::MacroAssemblerARM::moveWithPatch):
541
542 2014-02-26  Mark Hahnenberg  <mhahnenberg@apple.com>
543
544         r164764 broke the ARM build
545         https://bugs.webkit.org/show_bug.cgi?id=129415
546
547         Reviewed by Geoffrey Garen.
548
549         * assembler/MacroAssemblerARM.h:
550         (JSC::MacroAssemblerARM::branch32WithPatch): Missing this function.
551
552 2014-02-26  Mark Hahnenberg  <mhahnenberg@apple.com>
553
554         EFL build fix
555
556         * dfg/DFGSpeculativeJIT32_64.cpp: Remove unused variables.
557         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
558         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
559
560 2014-02-25  Mark Hahnenberg  <mhahnenberg@apple.com>
561
562         Make JSCells have 32-bit Structure pointers
563         https://bugs.webkit.org/show_bug.cgi?id=123195
564
565         Reviewed by Filip Pizlo.
566
567         This patch changes JSCells such that they no longer have a full 64-bit Structure
568         pointer in their header. Instead they now have a 32-bit index into
569         a per-VM table of Structure pointers. 32-bit platforms still use normal Structure
570         pointers.
571
572         This change frees up an additional 32 bits of information in our object headers.
573         We then use this extra space to store the indexing type of the object, the JSType
574         of the object, some various type flags, and garbage collection data (e.g. mark bit).
575         Because this inline type information is now faster to read, it pays for the slowdown 
576         incurred by having to perform an extra indirection through the StructureIDTable.
577
578         This patch also threads a reference to the current VM through more of the C++ runtime
579         to offset the cost of having to look up the VM to get the actual Structure pointer.
580
581         * API/JSContext.mm:
582         (-[JSContext setException:]):
583         (-[JSContext wrapperForObjCObject:]):
584         (-[JSContext wrapperForJSObject:]):
585         * API/JSContextRef.cpp:
586         (JSContextGroupRelease):
587         (JSGlobalContextRelease):
588         * API/JSObjectRef.cpp:
589         (JSObjectIsFunction):
590         (JSObjectCopyPropertyNames):
591         * API/JSValue.mm:
592         (containerValueToObject):
593         * API/JSWrapperMap.mm:
594         (tryUnwrapObjcObject):
595         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
596         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
597         * JavaScriptCore.xcodeproj/project.pbxproj:
598         * assembler/AbstractMacroAssembler.h:
599         * assembler/MacroAssembler.h:
600         (JSC::MacroAssembler::patchableBranch32WithPatch):
601         (JSC::MacroAssembler::patchableBranch32):
602         * assembler/MacroAssemblerARM64.h:
603         (JSC::MacroAssemblerARM64::branchPtrWithPatch):
604         (JSC::MacroAssemblerARM64::patchableBranch32WithPatch):
605         (JSC::MacroAssemblerARM64::canJumpReplacePatchableBranch32WithPatch):
606         (JSC::MacroAssemblerARM64::startOfPatchableBranch32WithPatchOnAddress):
607         (JSC::MacroAssemblerARM64::revertJumpReplacementToPatchableBranch32WithPatch):
608         * assembler/MacroAssemblerARMv7.h:
609         (JSC::MacroAssemblerARMv7::store8):
610         (JSC::MacroAssemblerARMv7::branch32WithPatch):
611         (JSC::MacroAssemblerARMv7::patchableBranch32WithPatch):
612         (JSC::MacroAssemblerARMv7::canJumpReplacePatchableBranch32WithPatch):
613         (JSC::MacroAssemblerARMv7::startOfPatchableBranch32WithPatchOnAddress):
614         (JSC::MacroAssemblerARMv7::revertJumpReplacementToPatchableBranch32WithPatch):
615         * assembler/MacroAssemblerX86.h:
616         (JSC::MacroAssemblerX86::branch32WithPatch):
617         (JSC::MacroAssemblerX86::canJumpReplacePatchableBranch32WithPatch):
618         (JSC::MacroAssemblerX86::startOfPatchableBranch32WithPatchOnAddress):
619         (JSC::MacroAssemblerX86::revertJumpReplacementToPatchableBranch32WithPatch):
620         * assembler/MacroAssemblerX86_64.h:
621         (JSC::MacroAssemblerX86_64::store32):
622         (JSC::MacroAssemblerX86_64::moveWithPatch):
623         (JSC::MacroAssemblerX86_64::branch32WithPatch):
624         (JSC::MacroAssemblerX86_64::canJumpReplacePatchableBranch32WithPatch):
625         (JSC::MacroAssemblerX86_64::startOfBranch32WithPatchOnRegister):
626         (JSC::MacroAssemblerX86_64::startOfPatchableBranch32WithPatchOnAddress):
627         (JSC::MacroAssemblerX86_64::revertJumpReplacementToPatchableBranch32WithPatch):
628         * assembler/RepatchBuffer.h:
629         (JSC::RepatchBuffer::startOfPatchableBranch32WithPatchOnAddress):
630         (JSC::RepatchBuffer::revertJumpReplacementToPatchableBranch32WithPatch):
631         * assembler/X86Assembler.h:
632         (JSC::X86Assembler::revertJumpTo_movq_i64r):
633         (JSC::X86Assembler::revertJumpTo_movl_i32r):
634         * bytecode/ArrayProfile.cpp:
635         (JSC::ArrayProfile::computeUpdatedPrediction):
636         * bytecode/ArrayProfile.h:
637         (JSC::ArrayProfile::ArrayProfile):
638         (JSC::ArrayProfile::addressOfLastSeenStructureID):
639         (JSC::ArrayProfile::observeStructure):
640         * bytecode/CodeBlock.h:
641         (JSC::CodeBlock::heap):
642         * bytecode/UnlinkedCodeBlock.h:
643         * debugger/Debugger.h:
644         * dfg/DFGAbstractHeap.h:
645         * dfg/DFGArrayifySlowPathGenerator.h:
646         * dfg/DFGClobberize.h:
647         (JSC::DFG::clobberize):
648         * dfg/DFGJITCompiler.h:
649         (JSC::DFG::JITCompiler::branchWeakStructure):
650         (JSC::DFG::JITCompiler::branchStructurePtr):
651         * dfg/DFGOSRExitCompiler32_64.cpp:
652         (JSC::DFG::OSRExitCompiler::compileExit):
653         * dfg/DFGOSRExitCompiler64.cpp:
654         (JSC::DFG::OSRExitCompiler::compileExit):
655         * dfg/DFGOSRExitCompilerCommon.cpp:
656         (JSC::DFG::osrWriteBarrier):
657         (JSC::DFG::adjustAndJumpToTarget):
658         * dfg/DFGOperations.cpp:
659         (JSC::DFG::putByVal):
660         * dfg/DFGSpeculativeJIT.cpp:
661         (JSC::DFG::SpeculativeJIT::checkArray):
662         (JSC::DFG::SpeculativeJIT::arrayify):
663         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
664         (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
665         (JSC::DFG::SpeculativeJIT::compileInstanceOf):
666         (JSC::DFG::SpeculativeJIT::compileToStringOnCell):
667         (JSC::DFG::SpeculativeJIT::speculateObject):
668         (JSC::DFG::SpeculativeJIT::speculateFinalObject):
669         (JSC::DFG::SpeculativeJIT::speculateObjectOrOther):
670         (JSC::DFG::SpeculativeJIT::speculateString):
671         (JSC::DFG::SpeculativeJIT::speculateStringObject):
672         (JSC::DFG::SpeculativeJIT::speculateStringOrStringObject):
673         (JSC::DFG::SpeculativeJIT::emitSwitchChar):
674         (JSC::DFG::SpeculativeJIT::emitSwitchString):
675         (JSC::DFG::SpeculativeJIT::genericWriteBarrier):
676         (JSC::DFG::SpeculativeJIT::writeBarrier):
677         * dfg/DFGSpeculativeJIT.h:
678         (JSC::DFG::SpeculativeJIT::emitAllocateJSCell):
679         (JSC::DFG::SpeculativeJIT::speculateStringObjectForStructure):
680         * dfg/DFGSpeculativeJIT32_64.cpp:
681         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
682         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
683         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
684         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
685         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
686         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
687         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
688         (JSC::DFG::SpeculativeJIT::compile):
689         (JSC::DFG::SpeculativeJIT::writeBarrier):
690         * dfg/DFGSpeculativeJIT64.cpp:
691         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
692         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
693         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
694         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
695         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
696         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
697         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
698         (JSC::DFG::SpeculativeJIT::compile):
699         (JSC::DFG::SpeculativeJIT::writeBarrier):
700         * dfg/DFGWorklist.cpp:
701         * ftl/FTLAbstractHeapRepository.cpp:
702         (JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):
703         * ftl/FTLAbstractHeapRepository.h:
704         * ftl/FTLLowerDFGToLLVM.cpp:
705         (JSC::FTL::LowerDFGToLLVM::compileCheckStructure):
706         (JSC::FTL::LowerDFGToLLVM::compileArrayifyToStructure):
707         (JSC::FTL::LowerDFGToLLVM::compilePutStructure):
708         (JSC::FTL::LowerDFGToLLVM::compileToString):
709         (JSC::FTL::LowerDFGToLLVM::compileMultiGetByOffset):
710         (JSC::FTL::LowerDFGToLLVM::compileMultiPutByOffset):
711         (JSC::FTL::LowerDFGToLLVM::speculateTruthyObject):
712         (JSC::FTL::LowerDFGToLLVM::allocateCell):
713         (JSC::FTL::LowerDFGToLLVM::equalNullOrUndefined):
714         (JSC::FTL::LowerDFGToLLVM::isObject):
715         (JSC::FTL::LowerDFGToLLVM::isString):
716         (JSC::FTL::LowerDFGToLLVM::isArrayType):
717         (JSC::FTL::LowerDFGToLLVM::hasClassInfo):
718         (JSC::FTL::LowerDFGToLLVM::isType):
719         (JSC::FTL::LowerDFGToLLVM::speculateStringOrStringObject):
720         (JSC::FTL::LowerDFGToLLVM::speculateStringObjectForCell):
721         (JSC::FTL::LowerDFGToLLVM::speculateStringObjectForStructureID):
722         (JSC::FTL::LowerDFGToLLVM::speculateNonNullObject):
723         (JSC::FTL::LowerDFGToLLVM::loadMarkByte):
724         (JSC::FTL::LowerDFGToLLVM::loadStructure):
725         (JSC::FTL::LowerDFGToLLVM::weakStructure):
726         * ftl/FTLOSRExitCompiler.cpp:
727         (JSC::FTL::compileStub):
728         * ftl/FTLOutput.h:
729         (JSC::FTL::Output::store8):
730         * heap/GCAssertions.h:
731         * heap/Heap.cpp:
732         (JSC::Heap::getConservativeRegisterRoots):
733         (JSC::Heap::collect):
734         (JSC::Heap::writeBarrier):
735         * heap/Heap.h:
736         (JSC::Heap::structureIDTable):
737         * heap/MarkedSpace.h:
738         (JSC::MarkedSpace::forEachBlock):
739         * heap/SlotVisitorInlines.h:
740         (JSC::SlotVisitor::internalAppend):
741         * jit/AssemblyHelpers.h:
742         (JSC::AssemblyHelpers::branchIfCellNotObject):
743         (JSC::AssemblyHelpers::genericWriteBarrier):
744         (JSC::AssemblyHelpers::emitLoadStructure):
745         (JSC::AssemblyHelpers::emitStoreStructureWithTypeInfo):
746         * jit/JIT.h:
747         * jit/JITCall.cpp:
748         (JSC::JIT::compileOpCall):
749         (JSC::JIT::privateCompileClosureCall):
750         * jit/JITCall32_64.cpp:
751         (JSC::JIT::emit_op_ret_object_or_this):
752         (JSC::JIT::compileOpCall):
753         (JSC::JIT::privateCompileClosureCall):
754         * jit/JITInlineCacheGenerator.cpp:
755         (JSC::JITByIdGenerator::generateFastPathChecks):
756         * jit/JITInlineCacheGenerator.h:
757         * jit/JITInlines.h:
758         (JSC::JIT::emitLoadCharacterString):
759         (JSC::JIT::checkStructure):
760         (JSC::JIT::emitJumpIfCellNotObject):
761         (JSC::JIT::emitAllocateJSObject):
762         (JSC::JIT::emitArrayProfilingSiteWithCell):
763         (JSC::JIT::emitArrayProfilingSiteForBytecodeIndexWithCell):
764         (JSC::JIT::branchStructure):
765         (JSC::branchStructure):
766         * jit/JITOpcodes.cpp:
767         (JSC::JIT::emit_op_check_has_instance):
768         (JSC::JIT::emit_op_instanceof):
769         (JSC::JIT::emit_op_is_undefined):
770         (JSC::JIT::emit_op_is_string):
771         (JSC::JIT::emit_op_ret_object_or_this):
772         (JSC::JIT::emit_op_to_primitive):
773         (JSC::JIT::emit_op_jeq_null):
774         (JSC::JIT::emit_op_jneq_null):
775         (JSC::JIT::emit_op_get_pnames):
776         (JSC::JIT::emit_op_next_pname):
777         (JSC::JIT::emit_op_eq_null):
778         (JSC::JIT::emit_op_neq_null):
779         (JSC::JIT::emit_op_to_this):
780         (JSC::JIT::emitSlow_op_to_this):
781         * jit/JITOpcodes32_64.cpp:
782         (JSC::JIT::emit_op_check_has_instance):
783         (JSC::JIT::emit_op_instanceof):
784         (JSC::JIT::emit_op_is_undefined):
785         (JSC::JIT::emit_op_is_string):
786         (JSC::JIT::emit_op_to_primitive):
787         (JSC::JIT::emit_op_jeq_null):
788         (JSC::JIT::emit_op_jneq_null):
789         (JSC::JIT::emitSlow_op_eq):
790         (JSC::JIT::emitSlow_op_neq):
791         (JSC::JIT::compileOpStrictEq):
792         (JSC::JIT::emit_op_eq_null):
793         (JSC::JIT::emit_op_neq_null):
794         (JSC::JIT::emit_op_get_pnames):
795         (JSC::JIT::emit_op_next_pname):
796         (JSC::JIT::emit_op_to_this):
797         * jit/JITOperations.cpp:
798         * jit/JITPropertyAccess.cpp:
799         (JSC::JIT::stringGetByValStubGenerator):
800         (JSC::JIT::emit_op_get_by_val):
801         (JSC::JIT::emitSlow_op_get_by_val):
802         (JSC::JIT::emit_op_get_by_pname):
803         (JSC::JIT::emit_op_put_by_val):
804         (JSC::JIT::emit_op_get_by_id):
805         (JSC::JIT::emitLoadWithStructureCheck):
806         (JSC::JIT::emitSlow_op_get_from_scope):
807         (JSC::JIT::emitSlow_op_put_to_scope):
808         (JSC::JIT::checkMarkWord):
809         (JSC::JIT::emitWriteBarrier):
810         (JSC::JIT::addStructureTransitionCheck):
811         (JSC::JIT::emitIntTypedArrayGetByVal):
812         (JSC::JIT::emitFloatTypedArrayGetByVal):
813         (JSC::JIT::emitIntTypedArrayPutByVal):
814         (JSC::JIT::emitFloatTypedArrayPutByVal):
815         * jit/JITPropertyAccess32_64.cpp:
816         (JSC::JIT::stringGetByValStubGenerator):
817         (JSC::JIT::emit_op_get_by_val):
818         (JSC::JIT::emitSlow_op_get_by_val):
819         (JSC::JIT::emit_op_put_by_val):
820         (JSC::JIT::emit_op_get_by_id):
821         (JSC::JIT::emit_op_get_by_pname):
822         (JSC::JIT::emitLoadWithStructureCheck):
823         * jit/JSInterfaceJIT.h:
824         (JSC::JSInterfaceJIT::emitJumpIfNotType):
825         * jit/Repatch.cpp:
826         (JSC::repatchByIdSelfAccess):
827         (JSC::addStructureTransitionCheck):
828         (JSC::replaceWithJump):
829         (JSC::generateProtoChainAccessStub):
830         (JSC::tryCacheGetByID):
831         (JSC::tryBuildGetByIDList):
832         (JSC::writeBarrier):
833         (JSC::emitPutReplaceStub):
834         (JSC::emitPutTransitionStub):
835         (JSC::tryBuildPutByIdList):
836         (JSC::tryRepatchIn):
837         (JSC::linkClosureCall):
838         (JSC::resetGetByID):
839         (JSC::resetPutByID):
840         * jit/SpecializedThunkJIT.h:
841         (JSC::SpecializedThunkJIT::loadJSStringArgument):
842         (JSC::SpecializedThunkJIT::loadArgumentWithSpecificClass):
843         * jit/ThunkGenerators.cpp:
844         (JSC::virtualForThunkGenerator):
845         (JSC::arrayIteratorNextThunkGenerator):
846         * jit/UnusedPointer.h:
847         * llint/LowLevelInterpreter.asm:
848         * llint/LowLevelInterpreter32_64.asm:
849         * llint/LowLevelInterpreter64.asm:
850         * runtime/Arguments.cpp:
851         (JSC::Arguments::createStrictModeCallerIfNecessary):
852         (JSC::Arguments::createStrictModeCalleeIfNecessary):
853         * runtime/Arguments.h:
854         (JSC::Arguments::createStructure):
855         * runtime/ArrayPrototype.cpp:
856         (JSC::shift):
857         (JSC::unshift):
858         (JSC::arrayProtoFuncToString):
859         (JSC::arrayProtoFuncPop):
860         (JSC::arrayProtoFuncReverse):
861         (JSC::performSlowSort):
862         (JSC::arrayProtoFuncSort):
863         (JSC::arrayProtoFuncSplice):
864         (JSC::arrayProtoFuncUnShift):
865         * runtime/CommonSlowPaths.cpp:
866         (JSC::SLOW_PATH_DECL):
867         * runtime/Executable.h:
868         (JSC::ExecutableBase::isFunctionExecutable):
869         (JSC::ExecutableBase::clearCodeVirtual):
870         (JSC::ScriptExecutable::unlinkCalls):
871         * runtime/GetterSetter.cpp:
872         (JSC::callGetter):
873         (JSC::callSetter):
874         * runtime/InitializeThreading.cpp:
875         * runtime/JSArray.cpp:
876         (JSC::JSArray::unshiftCountSlowCase):
877         (JSC::JSArray::setLength):
878         (JSC::JSArray::pop):
879         (JSC::JSArray::push):
880         (JSC::JSArray::shiftCountWithArrayStorage):
881         (JSC::JSArray::shiftCountWithAnyIndexingType):
882         (JSC::JSArray::unshiftCountWithArrayStorage):
883         (JSC::JSArray::unshiftCountWithAnyIndexingType):
884         (JSC::JSArray::sortNumericVector):
885         (JSC::JSArray::sortNumeric):
886         (JSC::JSArray::sortCompactedVector):
887         (JSC::JSArray::sort):
888         (JSC::JSArray::sortVector):
889         (JSC::JSArray::fillArgList):
890         (JSC::JSArray::copyToArguments):
891         (JSC::JSArray::compactForSorting):
892         * runtime/JSCJSValueInlines.h:
893         (JSC::JSValue::toThis):
894         (JSC::JSValue::put):
895         (JSC::JSValue::putByIndex):
896         (JSC::JSValue::equalSlowCaseInline):
897         * runtime/JSCell.cpp:
898         (JSC::JSCell::put):
899         (JSC::JSCell::putByIndex):
900         (JSC::JSCell::deleteProperty):
901         (JSC::JSCell::deletePropertyByIndex):
902         * runtime/JSCell.h:
903         (JSC::JSCell::clearStructure):
904         (JSC::JSCell::mark):
905         (JSC::JSCell::isMarked):
906         (JSC::JSCell::structureIDOffset):
907         (JSC::JSCell::typeInfoFlagsOffset):
908         (JSC::JSCell::typeInfoTypeOffset):
909         (JSC::JSCell::indexingTypeOffset):
910         (JSC::JSCell::gcDataOffset):
911         * runtime/JSCellInlines.h:
912         (JSC::JSCell::JSCell):
913         (JSC::JSCell::finishCreation):
914         (JSC::JSCell::type):
915         (JSC::JSCell::indexingType):
916         (JSC::JSCell::structure):
917         (JSC::JSCell::visitChildren):
918         (JSC::JSCell::isObject):
919         (JSC::JSCell::isString):
920         (JSC::JSCell::isGetterSetter):
921         (JSC::JSCell::isProxy):
922         (JSC::JSCell::isAPIValueWrapper):
923         (JSC::JSCell::setStructure):
924         (JSC::JSCell::methodTable):
925         (JSC::Heap::writeBarrier):
926         * runtime/JSDataView.cpp:
927         (JSC::JSDataView::createStructure):
928         * runtime/JSDestructibleObject.h:
929         (JSC::JSCell::classInfo):
930         * runtime/JSFunction.cpp:
931         (JSC::JSFunction::getOwnNonIndexPropertyNames):
932         (JSC::JSFunction::put):
933         (JSC::JSFunction::defineOwnProperty):
934         * runtime/JSGenericTypedArrayView.h:
935         (JSC::JSGenericTypedArrayView::createStructure):
936         * runtime/JSObject.cpp:
937         (JSC::getCallableObjectSlow):
938         (JSC::JSObject::copyButterfly):
939         (JSC::JSObject::visitButterfly):
940         (JSC::JSFinalObject::visitChildren):
941         (JSC::JSObject::getOwnPropertySlotByIndex):
942         (JSC::JSObject::put):
943         (JSC::JSObject::putByIndex):
944         (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
945         (JSC::JSObject::enterDictionaryIndexingMode):
946         (JSC::JSObject::notifyPresenceOfIndexedAccessors):
947         (JSC::JSObject::createInitialIndexedStorage):
948         (JSC::JSObject::createInitialUndecided):
949         (JSC::JSObject::createInitialInt32):
950         (JSC::JSObject::createInitialDouble):
951         (JSC::JSObject::createInitialContiguous):
952         (JSC::JSObject::createArrayStorage):
953         (JSC::JSObject::convertUndecidedToInt32):
954         (JSC::JSObject::convertUndecidedToDouble):
955         (JSC::JSObject::convertUndecidedToContiguous):
956         (JSC::JSObject::constructConvertedArrayStorageWithoutCopyingElements):
957         (JSC::JSObject::convertUndecidedToArrayStorage):
958         (JSC::JSObject::convertInt32ToDouble):
959         (JSC::JSObject::convertInt32ToContiguous):
960         (JSC::JSObject::convertInt32ToArrayStorage):
961         (JSC::JSObject::genericConvertDoubleToContiguous):
962         (JSC::JSObject::convertDoubleToArrayStorage):
963         (JSC::JSObject::convertContiguousToArrayStorage):
964         (JSC::JSObject::ensureInt32Slow):
965         (JSC::JSObject::ensureDoubleSlow):
966         (JSC::JSObject::ensureContiguousSlow):
967         (JSC::JSObject::ensureArrayStorageSlow):
968         (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
969         (JSC::JSObject::switchToSlowPutArrayStorage):
970         (JSC::JSObject::setPrototype):
971         (JSC::JSObject::setPrototypeWithCycleCheck):
972         (JSC::JSObject::putDirectNonIndexAccessor):
973         (JSC::JSObject::deleteProperty):
974         (JSC::JSObject::hasOwnProperty):
975         (JSC::JSObject::deletePropertyByIndex):
976         (JSC::JSObject::getPrimitiveNumber):
977         (JSC::JSObject::hasInstance):
978         (JSC::JSObject::getPropertySpecificValue):
979         (JSC::JSObject::getPropertyNames):
980         (JSC::JSObject::getOwnPropertyNames):
981         (JSC::JSObject::getOwnNonIndexPropertyNames):
982         (JSC::JSObject::seal):
983         (JSC::JSObject::freeze):
984         (JSC::JSObject::preventExtensions):
985         (JSC::JSObject::reifyStaticFunctionsForDelete):
986         (JSC::JSObject::removeDirect):
987         (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
988         (JSC::JSObject::putByIndexBeyondVectorLength):
989         (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
990         (JSC::JSObject::putDirectIndexBeyondVectorLength):
991         (JSC::JSObject::getNewVectorLength):
992         (JSC::JSObject::countElements):
993         (JSC::JSObject::increaseVectorLength):
994         (JSC::JSObject::ensureLengthSlow):
995         (JSC::JSObject::growOutOfLineStorage):
996         (JSC::JSObject::getOwnPropertyDescriptor):
997         (JSC::putDescriptor):
998         (JSC::JSObject::defineOwnNonIndexProperty):
999         * runtime/JSObject.h:
1000         (JSC::getJSFunction):
1001         (JSC::JSObject::getArrayLength):
1002         (JSC::JSObject::getVectorLength):
1003         (JSC::JSObject::putByIndexInline):
1004         (JSC::JSObject::canGetIndexQuickly):
1005         (JSC::JSObject::getIndexQuickly):
1006         (JSC::JSObject::tryGetIndexQuickly):
1007         (JSC::JSObject::getDirectIndex):
1008         (JSC::JSObject::canSetIndexQuickly):
1009         (JSC::JSObject::canSetIndexQuicklyForPutDirect):
1010         (JSC::JSObject::setIndexQuickly):
1011         (JSC::JSObject::initializeIndex):
1012         (JSC::JSObject::hasSparseMap):
1013         (JSC::JSObject::inSparseIndexingMode):
1014         (JSC::JSObject::getDirect):
1015         (JSC::JSObject::getDirectOffset):
1016         (JSC::JSObject::isSealed):
1017         (JSC::JSObject::isFrozen):
1018         (JSC::JSObject::flattenDictionaryObject):
1019         (JSC::JSObject::ensureInt32):
1020         (JSC::JSObject::ensureDouble):
1021         (JSC::JSObject::ensureContiguous):
1022         (JSC::JSObject::rageEnsureContiguous):
1023         (JSC::JSObject::ensureArrayStorage):
1024         (JSC::JSObject::arrayStorage):
1025         (JSC::JSObject::arrayStorageOrNull):
1026         (JSC::JSObject::ensureLength):
1027         (JSC::JSObject::currentIndexingData):
1028         (JSC::JSObject::getHolyIndexQuickly):
1029         (JSC::JSObject::currentRelevantLength):
1030         (JSC::JSObject::isGlobalObject):
1031         (JSC::JSObject::isVariableObject):
1032         (JSC::JSObject::isStaticScopeObject):
1033         (JSC::JSObject::isNameScopeObject):
1034         (JSC::JSObject::isActivationObject):
1035         (JSC::JSObject::isErrorInstance):
1036         (JSC::JSObject::inlineGetOwnPropertySlot):
1037         (JSC::JSObject::fastGetOwnPropertySlot):
1038         (JSC::JSObject::getPropertySlot):
1039         (JSC::JSObject::putDirectInternal):
1040         (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
1041         * runtime/JSPropertyNameIterator.h:
1042         (JSC::JSPropertyNameIterator::createStructure):
1043         * runtime/JSProxy.cpp:
1044         (JSC::JSProxy::getOwnPropertySlot):
1045         (JSC::JSProxy::getOwnPropertySlotByIndex):
1046         (JSC::JSProxy::put):
1047         (JSC::JSProxy::putByIndex):
1048         (JSC::JSProxy::defineOwnProperty):
1049         (JSC::JSProxy::deleteProperty):
1050         (JSC::JSProxy::deletePropertyByIndex):
1051         (JSC::JSProxy::getPropertyNames):
1052         (JSC::JSProxy::getOwnPropertyNames):
1053         * runtime/JSScope.cpp:
1054         (JSC::JSScope::objectAtScope):
1055         * runtime/JSString.h:
1056         (JSC::JSString::createStructure):
1057         (JSC::isJSString):
1058         * runtime/JSType.h:
1059         * runtime/JSTypeInfo.h:
1060         (JSC::TypeInfo::TypeInfo):
1061         (JSC::TypeInfo::isObject):
1062         (JSC::TypeInfo::structureIsImmortal):
1063         (JSC::TypeInfo::zeroedGCDataOffset):
1064         (JSC::TypeInfo::inlineTypeFlags):
1065         * runtime/MapData.h:
1066         * runtime/ObjectConstructor.cpp:
1067         (JSC::objectConstructorGetOwnPropertyNames):
1068         (JSC::objectConstructorKeys):
1069         (JSC::objectConstructorDefineProperty):
1070         (JSC::defineProperties):
1071         (JSC::objectConstructorSeal):
1072         (JSC::objectConstructorFreeze):
1073         (JSC::objectConstructorIsSealed):
1074         (JSC::objectConstructorIsFrozen):
1075         * runtime/ObjectPrototype.cpp:
1076         (JSC::objectProtoFuncDefineGetter):
1077         (JSC::objectProtoFuncDefineSetter):
1078         (JSC::objectProtoFuncToString):
1079         * runtime/Operations.cpp:
1080         (JSC::jsTypeStringForValue):
1081         (JSC::jsIsObjectType):
1082         * runtime/Operations.h:
1083         (JSC::normalizePrototypeChainForChainAccess):
1084         (JSC::normalizePrototypeChain):
1085         * runtime/PropertyMapHashTable.h:
1086         (JSC::PropertyTable::createStructure):
1087         * runtime/RegExp.h:
1088         (JSC::RegExp::createStructure):
1089         * runtime/SparseArrayValueMap.h:
1090         * runtime/Structure.cpp:
1091         (JSC::Structure::Structure):
1092         (JSC::Structure::~Structure):
1093         (JSC::Structure::prototypeChainMayInterceptStoreTo):
1094         * runtime/Structure.h:
1095         (JSC::Structure::id):
1096         (JSC::Structure::idBlob):
1097         (JSC::Structure::objectInitializationFields):
1098         (JSC::Structure::structureIDOffset):
1099         * runtime/StructureChain.h:
1100         (JSC::StructureChain::createStructure):
1101         * runtime/StructureIDTable.cpp: Added.
1102         (JSC::StructureIDTable::StructureIDTable):
1103         (JSC::StructureIDTable::~StructureIDTable):
1104         (JSC::StructureIDTable::resize):
1105         (JSC::StructureIDTable::flushOldTables):
1106         (JSC::StructureIDTable::allocateID):
1107         (JSC::StructureIDTable::deallocateID):
1108         * runtime/StructureIDTable.h: Added.
1109         (JSC::StructureIDTable::base):
1110         (JSC::StructureIDTable::get):
1111         * runtime/SymbolTable.h:
1112         * runtime/TypedArrayType.cpp:
1113         (JSC::typeForTypedArrayType):
1114         * runtime/TypedArrayType.h:
1115         * runtime/WeakMapData.h:
1116
1117 2014-02-26  Mark Hahnenberg  <mhahnenberg@apple.com>
1118
1119         Unconditional logging in compileFTLOSRExit
1120         https://bugs.webkit.org/show_bug.cgi?id=129407
1121
1122         Reviewed by Michael Saboff.
1123
1124         This was causing tests to fail with the FTL enabled.
1125
1126         * ftl/FTLOSRExitCompiler.cpp:
1127         (JSC::FTL::compileFTLOSRExit):
1128
1129 2014-02-26  Oliver Hunt  <oliver@apple.com>
1130
1131         Remove unused access types
1132         https://bugs.webkit.org/show_bug.cgi?id=129385
1133
1134         Reviewed by Filip Pizlo.
1135
1136         Remove unused cruft.
1137
1138         * bytecode/CodeBlock.cpp:
1139         (JSC::CodeBlock::printGetByIdCacheStatus):
1140         * bytecode/StructureStubInfo.cpp:
1141         (JSC::StructureStubInfo::deref):
1142         * bytecode/StructureStubInfo.h:
1143         (JSC::isGetByIdAccess):
1144         (JSC::isPutByIdAccess):
1145
1146 2014-02-26  Oliver Hunt  <oliver@apple.com>
1147
1148         Function.prototype.apply has a bad time with the spread operator
1149         https://bugs.webkit.org/show_bug.cgi?id=129381
1150
1151         Reviewed by Mark Hahnenberg.
1152
1153         Make sure our apply logic handle the spread operator correctly.
1154         To do this we simply emit the enumeration logic that we'd normally
1155         use for other enumerations, but only store the first two results
1156         to registers.  Then perform a varargs call.
1157
1158         * bytecompiler/NodesCodegen.cpp:
1159         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1160
1161 2014-02-26  Mark Lam  <mark.lam@apple.com>
1162
1163         Compilation policy management belongs in operationOptimize(), not the DFG Driver.
1164         <https://webkit.org/b/129355>
1165
1166         Reviewed by Filip Pizlo.
1167
1168         By compilation policy, I mean the rules for determining whether to
1169         compile, when to compile, when to attempt compilation again, etc.  The
1170         few of these policy decisions that were previously being made in the
1171         DFG driver are now moved to operationOptimize() where we keep the rest
1172         of the policy logic.  Decisions that are based on the capabilities
1173         supported by the DFG are moved to DFG capabiliityLevel().
1174
1175         I've run the following benchmarks:
1176         1. the collection of jsc benchmarks on the jsc executable vs. its
1177            baseline.
1178         2. Octane 2.0 in browser without the WebInspector.
1179         3. Octane 2.0 in browser with the WebInspector open and a breakpoint
1180            set somewhere where it won't break.
1181
1182         In all of these, the results came out to be a wash as expected.
1183
1184         * dfg/DFGCapabilities.cpp:
1185         (JSC::DFG::isSupported):
1186         (JSC::DFG::mightCompileEval):
1187         (JSC::DFG::mightCompileProgram):
1188         (JSC::DFG::mightCompileFunctionForCall):
1189         (JSC::DFG::mightCompileFunctionForConstruct):
1190         (JSC::DFG::mightInlineFunctionForCall):
1191         (JSC::DFG::mightInlineFunctionForClosureCall):
1192         (JSC::DFG::mightInlineFunctionForConstruct):
1193         * dfg/DFGCapabilities.h:
1194         * dfg/DFGDriver.cpp:
1195         (JSC::DFG::compileImpl):
1196         * jit/JITOperations.cpp:
1197
1198 2014-02-26  Mark Lam  <mark.lam@apple.com>
1199
1200         ASSERTION FAILED: m_heap->vm()->currentThreadIsHoldingAPILock() in inspector-protocol/*.
1201         <https://webkit.org/b/129364>
1202
1203         Reviewed by Alexey Proskuryakov.
1204
1205         InjectedScriptModule::ensureInjected() needs an APIEntryShim.
1206
1207         * inspector/InjectedScriptModule.cpp:
1208         (Inspector::InjectedScriptModule::ensureInjected):
1209         - Added the needed but missing APIEntryShim. 
1210
1211 2014-02-25  Mark Lam  <mark.lam@apple.com>
1212
1213         Web Inspector: CRASH when evaluating in console of JSContext RWI with disabled breakpoints.
1214         <https://webkit.org/b/128766>
1215
1216         Reviewed by Geoffrey Garen.
1217
1218         Make the JSLock::grabAllLocks() work the same way as for the C loop LLINT.
1219         The reasoning is that we don't know of any clients that need unordered
1220         re-entry into the VM from different threads. So, we're enforcing ordered
1221         re-entry i.e. we must re-grab locks in the reverse order of dropping locks.
1222
1223         The crash in this bug happened because we were allowing unordered re-entry,
1224         and the following type of scenario occurred:
1225
1226         1. Thread T1 locks the VM, and enters the VM to execute some JS code.
1227         2. On entry, T1 detects that VM::m_entryScope is null i.e. this is the
1228            first time it entered the VM.
1229            T1 sets VM::m_entryScope to T1's entryScope.
1230         3. T1 drops all locks.
1231
1232         4. Thread T2 locks the VM, and enters the VM to execute some JS code.
1233            On entry, T2 sees that VM::m_entryScope is NOT null, and therefore
1234            does not set the entryScope.
1235         5. T2 drops all locks.
1236
1237         6. T1 re-grabs locks.
1238         7. T1 returns all the way out of JS code. On exit from the outer most
1239            JS function, T1 clears VM::m_entryScope (because T1 was the one who
1240            set it).
1241         8. T1 unlocks the VM.
1242
1243         9. T2 re-grabs locks.
1244         10. T2 proceeds to execute some code and expects VM::m_entryScope to be
1245             NOT null, but it turns out to be null. Assertion failures and
1246             crashes ensue.
1247
1248         With ordered re-entry, at step 6, T1 will loop and yield until T2 exits
1249         the VM. Hence, the issue will no longer manifest.
1250
1251         * runtime/JSLock.cpp:
1252         (JSC::JSLock::dropAllLocks):
1253         (JSC::JSLock::grabAllLocks):
1254         * runtime/JSLock.h:
1255         (JSC::JSLock::DropAllLocks::dropDepth):
1256
1257 2014-02-25  Mark Lam  <mark.lam@apple.com>
1258
1259         Need to initialize VM stack data even when the VM is on an exclusive thread.
1260         <https://webkit.org/b/129265>
1261
1262         Not reviewed.
1263
1264         Relanding r164627 now that <https://webkit.org/b/129341> is fixed.
1265
1266         * API/APIShims.h:
1267         (JSC::APIEntryShim::APIEntryShim):
1268         (JSC::APICallbackShim::shouldDropAllLocks):
1269         * heap/MachineStackMarker.cpp:
1270         (JSC::MachineThreads::addCurrentThread):
1271         * runtime/JSLock.cpp:
1272         (JSC::JSLockHolder::JSLockHolder):
1273         (JSC::JSLockHolder::init):
1274         (JSC::JSLockHolder::~JSLockHolder):
1275         (JSC::JSLock::JSLock):
1276         (JSC::JSLock::setExclusiveThread):
1277         (JSC::JSLock::lock):
1278         (JSC::JSLock::unlock):
1279         (JSC::JSLock::currentThreadIsHoldingLock):
1280         (JSC::JSLock::dropAllLocks):
1281         (JSC::JSLock::grabAllLocks):
1282         * runtime/JSLock.h:
1283         (JSC::JSLock::hasExclusiveThread):
1284         (JSC::JSLock::exclusiveThread):
1285         * runtime/VM.cpp:
1286         (JSC::VM::VM):
1287         * runtime/VM.h:
1288         (JSC::VM::hasExclusiveThread):
1289         (JSC::VM::exclusiveThread):
1290         (JSC::VM::setExclusiveThread):
1291         (JSC::VM::currentThreadIsHoldingAPILock):
1292
1293 2014-02-25  Filip Pizlo  <fpizlo@apple.com>
1294
1295         Inline caching in the FTL on ARM64 should "work"
1296         https://bugs.webkit.org/show_bug.cgi?id=129334
1297
1298         Reviewed by Mark Hahnenberg.
1299         
1300         Gets us to the point where simple tests that use inline caching are passing.
1301
1302         * assembler/LinkBuffer.cpp:
1303         (JSC::LinkBuffer::copyCompactAndLinkCode):
1304         (JSC::LinkBuffer::shrink):
1305         * ftl/FTLInlineCacheSize.cpp:
1306         (JSC::FTL::sizeOfGetById):
1307         (JSC::FTL::sizeOfPutById):
1308         (JSC::FTL::sizeOfCall):
1309         * ftl/FTLOSRExitCompiler.cpp:
1310         (JSC::FTL::compileFTLOSRExit):
1311         * ftl/FTLThunks.cpp:
1312         (JSC::FTL::osrExitGenerationThunkGenerator):
1313         * jit/GPRInfo.h:
1314         * offlineasm/arm64.rb:
1315
1316 2014-02-25  Commit Queue  <commit-queue@webkit.org>
1317
1318         Unreviewed, rolling out r164627.
1319         http://trac.webkit.org/changeset/164627
1320         https://bugs.webkit.org/show_bug.cgi?id=129325
1321
1322         Broke SubtleCrypto tests (Requested by ap on #webkit).
1323
1324         * API/APIShims.h:
1325         (JSC::APIEntryShim::APIEntryShim):
1326         (JSC::APICallbackShim::shouldDropAllLocks):
1327         * heap/MachineStackMarker.cpp:
1328         (JSC::MachineThreads::addCurrentThread):
1329         * runtime/JSLock.cpp:
1330         (JSC::JSLockHolder::JSLockHolder):
1331         (JSC::JSLockHolder::init):
1332         (JSC::JSLockHolder::~JSLockHolder):
1333         (JSC::JSLock::JSLock):
1334         (JSC::JSLock::lock):
1335         (JSC::JSLock::unlock):
1336         (JSC::JSLock::currentThreadIsHoldingLock):
1337         (JSC::JSLock::dropAllLocks):
1338         (JSC::JSLock::grabAllLocks):
1339         * runtime/JSLock.h:
1340         * runtime/VM.cpp:
1341         (JSC::VM::VM):
1342         * runtime/VM.h:
1343         (JSC::VM::currentThreadIsHoldingAPILock):
1344
1345 2014-02-25  Filip Pizlo  <fpizlo@apple.com>
1346
1347         ARM64 rshift64 should be an arithmetic shift
1348         https://bugs.webkit.org/show_bug.cgi?id=129323
1349
1350         Reviewed by Mark Hahnenberg.
1351
1352         * assembler/MacroAssemblerARM64.h:
1353         (JSC::MacroAssemblerARM64::rshift64):
1354
1355 2014-02-25  Sergio Villar Senin  <svillar@igalia.com>
1356
1357         [CSS Grid Layout] Add ENABLE flag
1358         https://bugs.webkit.org/show_bug.cgi?id=129153
1359
1360         Reviewed by Simon Fraser.
1361
1362         * Configurations/FeatureDefines.xcconfig: added ENABLE_CSS_GRID_LAYOUT feature flag.
1363
1364 2014-02-25  Michael Saboff  <msaboff@apple.com>
1365
1366         JIT Engines use the wrong stack limit for stack checks
1367         https://bugs.webkit.org/show_bug.cgi?id=129314
1368
1369         Reviewed by Filip Pizlo.
1370
1371         Change the Baseline and DFG code to use VM::m_stackLimit for stack limit checks.
1372
1373         * dfg/DFGJITCompiler.cpp:
1374         (JSC::DFG::JITCompiler::compileFunction):
1375         * jit/JIT.cpp:
1376         (JSC::JIT::privateCompile):
1377         * jit/JITCall.cpp:
1378         (JSC::JIT::compileLoadVarargs):
1379         * jit/JITCall32_64.cpp:
1380         (JSC::JIT::compileLoadVarargs):
1381         * runtime/VM.h:
1382         (JSC::VM::addressOfStackLimit):
1383
1384 2014-02-25  Filip Pizlo  <fpizlo@apple.com>
1385
1386         Unreviewed, roll out http://trac.webkit.org/changeset/164493.
1387         
1388         It causes crashes, apparently because it's removing too many barriers. I will investigate
1389         later.
1390
1391         * bytecode/SpeculatedType.cpp:
1392         (JSC::speculationToAbbreviatedString):
1393         * bytecode/SpeculatedType.h:
1394         * dfg/DFGFixupPhase.cpp:
1395         (JSC::DFG::FixupPhase::fixupNode):
1396         (JSC::DFG::FixupPhase::insertStoreBarrier):
1397         * dfg/DFGNode.h:
1398         * ftl/FTLCapabilities.cpp:
1399         (JSC::FTL::canCompile):
1400         * ftl/FTLLowerDFGToLLVM.cpp:
1401         (JSC::FTL::LowerDFGToLLVM::compareEqObjectOrOtherToObject):
1402         (JSC::FTL::LowerDFGToLLVM::equalNullOrUndefined):
1403         (JSC::FTL::LowerDFGToLLVM::isNotNully):
1404         (JSC::FTL::LowerDFGToLLVM::isNully):
1405         (JSC::FTL::LowerDFGToLLVM::speculate):
1406         (JSC::FTL::LowerDFGToLLVM::speculateObjectOrOther):
1407         (JSC::FTL::LowerDFGToLLVM::speculateNotCell):
1408
1409 2014-02-24  Oliver Hunt  <oliver@apple.com>
1410
1411         Fix build.
1412
1413         * jit/CCallHelpers.h:
1414         (JSC::CCallHelpers::setupArgumentsWithExecState):
1415
1416 2014-02-24  Oliver Hunt  <oliver@apple.com>
1417
1418         Spread operator has a bad time when applied to call function
1419         https://bugs.webkit.org/show_bug.cgi?id=128853
1420
1421         Reviewed by Geoffrey Garen.
1422
1423         Follow on from the previous patch the added an extra slot to
1424         op_call_varargs (and _call, _call_eval, _construct).  We now
1425         use the slot as an offset to in effect act as a 'slice' on
1426         the spread subject.  This allows us to automatically retain
1427         all our existing argument and array optimisatons.  Most of
1428         this patch is simply threading the offset around.
1429
1430         * bytecode/CodeBlock.cpp:
1431         (JSC::CodeBlock::dumpBytecode):
1432         * bytecompiler/BytecodeGenerator.cpp:
1433         (JSC::BytecodeGenerator::emitCall):
1434         (JSC::BytecodeGenerator::emitCallVarargs):
1435         * bytecompiler/BytecodeGenerator.h:
1436         * bytecompiler/NodesCodegen.cpp:
1437         (JSC::getArgumentByVal):
1438         (JSC::CallFunctionCallDotNode::emitBytecode):
1439         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1440         * interpreter/Interpreter.cpp:
1441         (JSC::sizeFrameForVarargs):
1442         (JSC::loadVarargs):
1443         * interpreter/Interpreter.h:
1444         * jit/CCallHelpers.h:
1445         (JSC::CCallHelpers::setupArgumentsWithExecState):
1446         * jit/JIT.h:
1447         * jit/JITCall.cpp:
1448         (JSC::JIT::compileLoadVarargs):
1449         * jit/JITInlines.h:
1450         (JSC::JIT::callOperation):
1451         * jit/JITOperations.cpp:
1452         * jit/JITOperations.h:
1453         * llint/LLIntSlowPaths.cpp:
1454         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1455         * runtime/Arguments.cpp:
1456         (JSC::Arguments::copyToArguments):
1457         * runtime/Arguments.h:
1458         * runtime/JSArray.cpp:
1459         (JSC::JSArray::copyToArguments):
1460         * runtime/JSArray.h:
1461
1462 2014-02-24  Mark Lam  <mark.lam@apple.com>
1463
1464         Need to initialize VM stack data even when the VM is on an exclusive thread.
1465         <https://webkit.org/b/129265>
1466
1467         Reviewed by Geoffrey Garen.
1468
1469         We check VM::exclusiveThread as an optimization to forego the need to do
1470         JSLock locking. However, we recently started piggy backing on JSLock's
1471         lock() and unlock() to initialize VM stack data (stackPointerAtVMEntry
1472         and lastStackTop) to appropriate values for the current thread. This is
1473         needed because we may be acquiring the lock to enter the VM on a different
1474         thread.
1475
1476         As a result, we ended up not initializing the VM stack data when
1477         VM::exclusiveThread causes us to bypass the locking activity. Even though
1478         the VM::exclusiveThread will not have to deal with the VM being entered
1479         on a different thread, it still needs to initialize the VM stack data.
1480         The VM relies on that data being initialized properly once it has been
1481         entered.
1482
1483         With this fix, we push the check for exclusiveThread down into the JSLock,
1484         and handle the bypassing of unneeded locking activity there while still
1485         executing the necessary the VM stack data initialization.
1486
1487         * API/APIShims.h:
1488         (JSC::APIEntryShim::APIEntryShim):
1489         (JSC::APICallbackShim::shouldDropAllLocks):
1490         * heap/MachineStackMarker.cpp:
1491         (JSC::MachineThreads::addCurrentThread):
1492         * runtime/JSLock.cpp:
1493         (JSC::JSLockHolder::JSLockHolder):
1494         (JSC::JSLockHolder::init):
1495         (JSC::JSLockHolder::~JSLockHolder):
1496         (JSC::JSLock::JSLock):
1497         (JSC::JSLock::setExclusiveThread):
1498         (JSC::JSLock::lock):
1499         (JSLock::unlock):
1500         (JSLock::currentThreadIsHoldingLock):
1501         (JSLock::dropAllLocks):
1502         (JSLock::grabAllLocks):
1503         * runtime/JSLock.h:
1504         (JSC::JSLock::exclusiveThread):
1505         * runtime/VM.cpp:
1506         (JSC::VM::VM):
1507         * runtime/VM.h:
1508         (JSC::VM::exclusiveThread):
1509         (JSC::VM::setExclusiveThread):
1510         (JSC::VM::currentThreadIsHoldingAPILock):
1511
1512 2014-02-24  Filip Pizlo  <fpizlo@apple.com>
1513
1514         FTL should do polymorphic PutById inlining
1515         https://bugs.webkit.org/show_bug.cgi?id=129210
1516
1517         Reviewed by Mark Hahnenberg and Oliver Hunt.
1518         
1519         This makes PutByIdStatus inform us about polymorphic cases by returning an array of
1520         PutByIdVariants. The DFG now has a node called MultiPutByOffset that indicates a
1521         selection of multiple inlined PutByIdVariants.
1522         
1523         MultiPutByOffset is almost identical to MultiGetByOffset, which we added in
1524         http://trac.webkit.org/changeset/164207.
1525         
1526         This also does some FTL refactoring to make MultiPutByOffset share code with some nodes
1527         that generate similar code.
1528         
1529         1% speed-up on V8v7 due to splay improving by 6.8%. Splay does the thing where it
1530         sometimes swaps field insertion order, creating fake polymorphism.
1531
1532         * CMakeLists.txt:
1533         * GNUmakefile.list.am:
1534         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1535         * JavaScriptCore.xcodeproj/project.pbxproj:
1536         * bytecode/PutByIdStatus.cpp:
1537         (JSC::PutByIdStatus::computeFromLLInt):
1538         (JSC::PutByIdStatus::computeFor):
1539         (JSC::PutByIdStatus::computeForStubInfo):
1540         (JSC::PutByIdStatus::dump):
1541         * bytecode/PutByIdStatus.h:
1542         (JSC::PutByIdStatus::PutByIdStatus):
1543         (JSC::PutByIdStatus::isSimple):
1544         (JSC::PutByIdStatus::numVariants):
1545         (JSC::PutByIdStatus::variants):
1546         (JSC::PutByIdStatus::at):
1547         (JSC::PutByIdStatus::operator[]):
1548         * bytecode/PutByIdVariant.cpp: Added.
1549         (JSC::PutByIdVariant::dump):
1550         (JSC::PutByIdVariant::dumpInContext):
1551         * bytecode/PutByIdVariant.h: Added.
1552         (JSC::PutByIdVariant::PutByIdVariant):
1553         (JSC::PutByIdVariant::replace):
1554         (JSC::PutByIdVariant::transition):
1555         (JSC::PutByIdVariant::kind):
1556         (JSC::PutByIdVariant::isSet):
1557         (JSC::PutByIdVariant::operator!):
1558         (JSC::PutByIdVariant::structure):
1559         (JSC::PutByIdVariant::oldStructure):
1560         (JSC::PutByIdVariant::newStructure):
1561         (JSC::PutByIdVariant::structureChain):
1562         (JSC::PutByIdVariant::offset):
1563         * dfg/DFGAbstractInterpreterInlines.h:
1564         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1565         * dfg/DFGByteCodeParser.cpp:
1566         (JSC::DFG::ByteCodeParser::emitPrototypeChecks):
1567         (JSC::DFG::ByteCodeParser::handleGetById):
1568         (JSC::DFG::ByteCodeParser::emitPutById):
1569         (JSC::DFG::ByteCodeParser::handlePutById):
1570         (JSC::DFG::ByteCodeParser::parseBlock):
1571         * dfg/DFGCSEPhase.cpp:
1572         (JSC::DFG::CSEPhase::checkStructureElimination):
1573         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
1574         (JSC::DFG::CSEPhase::putStructureStoreElimination):
1575         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
1576         (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
1577         * dfg/DFGClobberize.h:
1578         (JSC::DFG::clobberize):
1579         * dfg/DFGConstantFoldingPhase.cpp:
1580         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1581         (JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
1582         * dfg/DFGFixupPhase.cpp:
1583         (JSC::DFG::FixupPhase::fixupNode):
1584         * dfg/DFGGraph.cpp:
1585         (JSC::DFG::Graph::dump):
1586         * dfg/DFGGraph.h:
1587         * dfg/DFGNode.cpp:
1588         (JSC::DFG::MultiPutByOffsetData::writesStructures):
1589         (JSC::DFG::MultiPutByOffsetData::reallocatesStorage):
1590         * dfg/DFGNode.h:
1591         (JSC::DFG::Node::convertToPutByOffset):
1592         (JSC::DFG::Node::hasMultiPutByOffsetData):
1593         (JSC::DFG::Node::multiPutByOffsetData):
1594         * dfg/DFGNodeType.h:
1595         * dfg/DFGPredictionPropagationPhase.cpp:
1596         (JSC::DFG::PredictionPropagationPhase::propagate):
1597         * dfg/DFGSafeToExecute.h:
1598         (JSC::DFG::safeToExecute):
1599         * dfg/DFGSpeculativeJIT32_64.cpp:
1600         (JSC::DFG::SpeculativeJIT::compile):
1601         * dfg/DFGSpeculativeJIT64.cpp:
1602         (JSC::DFG::SpeculativeJIT::compile):
1603         * dfg/DFGTypeCheckHoistingPhase.cpp:
1604         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
1605         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
1606         * ftl/FTLCapabilities.cpp:
1607         (JSC::FTL::canCompile):
1608         * ftl/FTLLowerDFGToLLVM.cpp:
1609         (JSC::FTL::LowerDFGToLLVM::compileNode):
1610         (JSC::FTL::LowerDFGToLLVM::compilePutStructure):
1611         (JSC::FTL::LowerDFGToLLVM::compileAllocatePropertyStorage):
1612         (JSC::FTL::LowerDFGToLLVM::compileReallocatePropertyStorage):
1613         (JSC::FTL::LowerDFGToLLVM::compileGetByOffset):
1614         (JSC::FTL::LowerDFGToLLVM::compileMultiGetByOffset):
1615         (JSC::FTL::LowerDFGToLLVM::compilePutByOffset):
1616         (JSC::FTL::LowerDFGToLLVM::compileMultiPutByOffset):
1617         (JSC::FTL::LowerDFGToLLVM::loadProperty):
1618         (JSC::FTL::LowerDFGToLLVM::storeProperty):
1619         (JSC::FTL::LowerDFGToLLVM::addressOfProperty):
1620         (JSC::FTL::LowerDFGToLLVM::storageForTransition):
1621         (JSC::FTL::LowerDFGToLLVM::allocatePropertyStorage):
1622         (JSC::FTL::LowerDFGToLLVM::reallocatePropertyStorage):
1623         (JSC::FTL::LowerDFGToLLVM::emitStoreBarrier):
1624         * tests/stress/fold-multi-put-by-offset-to-put-by-offset.js: Added.
1625         * tests/stress/multi-put-by-offset-reallocation-butterfly-cse.js: Added.
1626         * tests/stress/multi-put-by-offset-reallocation-cases.js: Added.
1627
1628 2014-02-24  peavo@outlook.com  <peavo@outlook.com>
1629
1630         JSC regressions after r164494
1631         https://bugs.webkit.org/show_bug.cgi?id=129272
1632
1633         Reviewed by Mark Lam.
1634
1635         * offlineasm/x86.rb: Only avoid reverse opcode (fdivr) for Windows.
1636
1637 2014-02-24  Tamas Gergely  <tgergely.u-szeged@partner.samsung.com>
1638
1639         Code cleanup: remove leftover ENABLE(WORKERS) macros and support.
1640         https://bugs.webkit.org/show_bug.cgi?id=129255
1641
1642         Reviewed by Csaba Osztrogon√°c.
1643
1644         ENABLE_WORKERS macro was removed in r159679.
1645         Support is now also removed from xcconfig files.
1646
1647         * Configurations/FeatureDefines.xcconfig:
1648
1649 2014-02-24  David Kilzer  <ddkilzer@apple.com>
1650
1651         Remove redundant setting in FeatureDefines.xcconfig
1652
1653         * Configurations/FeatureDefines.xcconfig:
1654
1655 2014-02-23  Sam Weinig  <sam@webkit.org>
1656
1657         Update FeatureDefines.xcconfig
1658
1659         Rubber-stamped by Anders Carlsson.
1660
1661         * Configurations/FeatureDefines.xcconfig:
1662
1663 2014-02-23  Dean Jackson  <dino@apple.com>
1664
1665         Sort the project file with sort-Xcode-project-file.
1666
1667         Rubber-stamped by Sam Weinig.
1668
1669         * JavaScriptCore.xcodeproj/project.pbxproj:
1670
1671 2014-02-23  Sam Weinig  <sam@webkit.org>
1672
1673         Move telephone number detection behind its own ENABLE macro
1674         https://bugs.webkit.org/show_bug.cgi?id=129236
1675
1676         Reviewed by Dean Jackson.
1677
1678         * Configurations/FeatureDefines.xcconfig:
1679         Add ENABLE_TELEPHONE_NUMBER_DETECTION.
1680
1681 2014-02-22  Filip Pizlo  <fpizlo@apple.com>
1682
1683         Refine DFG+FTL inlining and compilation limits
1684         https://bugs.webkit.org/show_bug.cgi?id=129212
1685
1686         Reviewed by Mark Hahnenberg.
1687         
1688         Allow larger functions to be DFG-compiled. Institute a limit on FTL compilation,
1689         and set that limit quite high. Institute a limit on inlining-into. The idea here is
1690         that large functions tend to be autogenerated, and code generators like emscripten
1691         appear to leave few inlining opportunities anyway. Also, we don't want the code
1692         size explosion that we would risk if we allowed compilation of a large function and
1693         then inlined a ton of stuff into it.
1694         
1695         This is a 0.5% speed-up on Octane v2 and almost eliminates the typescript
1696         regression. This is a 9% speed-up on AsmBench.
1697
1698         * bytecode/CodeBlock.cpp:
1699         (JSC::CodeBlock::noticeIncomingCall):
1700         * dfg/DFGByteCodeParser.cpp:
1701         (JSC::DFG::ByteCodeParser::handleInlining):
1702         * dfg/DFGCapabilities.h:
1703         (JSC::DFG::isSmallEnoughToInlineCodeInto):
1704         * ftl/FTLCapabilities.cpp:
1705         (JSC::FTL::canCompile):
1706         * ftl/FTLState.h:
1707         (JSC::FTL::shouldShowDisassembly):
1708         * runtime/Options.h:
1709
1710 2014-02-22  Dan Bernstein  <mitz@apple.com>
1711
1712         REGRESSION (r164507): Crash beneath JSGlobalObjectInspectorController::reportAPIException at facebook.com, twitter.com, youtube.com
1713         https://bugs.webkit.org/show_bug.cgi?id=129227
1714
1715         Reviewed by Eric Carlson.
1716
1717         Reverted r164507.
1718
1719         * API/JSBase.cpp:
1720         (JSEvaluateScript):
1721         (JSCheckScriptSyntax):
1722         * API/JSObjectRef.cpp:
1723         (JSObjectMakeFunction):
1724         (JSObjectMakeArray):
1725         (JSObjectMakeDate):
1726         (JSObjectMakeError):
1727         (JSObjectMakeRegExp):
1728         (JSObjectGetProperty):
1729         (JSObjectSetProperty):
1730         (JSObjectGetPropertyAtIndex):
1731         (JSObjectSetPropertyAtIndex):
1732         (JSObjectDeleteProperty):
1733         (JSObjectCallAsFunction):
1734         (JSObjectCallAsConstructor):
1735         * API/JSValue.mm:
1736         (valueToArray):
1737         (valueToDictionary):
1738         * API/JSValueRef.cpp:
1739         (JSValueIsEqual):
1740         (JSValueIsInstanceOfConstructor):
1741         (JSValueCreateJSONString):
1742         (JSValueToNumber):
1743         (JSValueToStringCopy):
1744         (JSValueToObject):
1745         * inspector/ConsoleMessage.cpp:
1746         (Inspector::ConsoleMessage::ConsoleMessage):
1747         (Inspector::ConsoleMessage::autogenerateMetadata):
1748         * inspector/ConsoleMessage.h:
1749         * inspector/JSGlobalObjectInspectorController.cpp:
1750         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
1751         * inspector/JSGlobalObjectInspectorController.h:
1752         * inspector/ScriptCallStack.cpp:
1753         * inspector/ScriptCallStack.h:
1754         * inspector/ScriptCallStackFactory.cpp:
1755         (Inspector::createScriptCallStack):
1756         (Inspector::createScriptCallStackForConsole):
1757         (Inspector::createScriptCallStackFromException):
1758         * inspector/ScriptCallStackFactory.h:
1759         * inspector/agents/InspectorConsoleAgent.cpp:
1760         (Inspector::InspectorConsoleAgent::enable):
1761         (Inspector::InspectorConsoleAgent::addMessageToConsole):
1762         (Inspector::InspectorConsoleAgent::count):
1763         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
1764         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
1765
1766 2014-02-22  Joseph Pecoraro  <pecoraro@apple.com>
1767
1768         Remove some unreachable code (-Wunreachable-code)
1769         https://bugs.webkit.org/show_bug.cgi?id=129220
1770
1771         Reviewed by Eric Carlson.
1772
1773         * API/tests/testapi.c:
1774         (EvilExceptionObject_convertToType):
1775         * disassembler/udis86/udis86_decode.c:
1776         (decode_operand):
1777
1778 2014-02-22  Filip Pizlo  <fpizlo@apple.com>
1779
1780         Unreviewed, ARMv7 build fix.
1781
1782         * assembler/ARMv7Assembler.h:
1783
1784 2014-02-21  Filip Pizlo  <fpizlo@apple.com>
1785
1786         It should be possible for a LinkBuffer to outlive the MacroAssembler and still be useful
1787         https://bugs.webkit.org/show_bug.cgi?id=124733
1788
1789         Reviewed by Oliver Hunt.
1790         
1791         This also takes the opportunity to de-duplicate some branch compaction code.
1792
1793         * assembler/ARM64Assembler.h:
1794         * assembler/ARMv7Assembler.h:
1795         (JSC::ARMv7Assembler::buffer):
1796         * assembler/AssemblerBuffer.h:
1797         (JSC::AssemblerData::AssemblerData):
1798         (JSC::AssemblerBuffer::AssemblerBuffer):
1799         (JSC::AssemblerBuffer::storage):
1800         (JSC::AssemblerBuffer::grow):
1801         * assembler/LinkBuffer.h:
1802         (JSC::LinkBuffer::LinkBuffer):
1803         (JSC::LinkBuffer::executableOffsetFor):
1804         (JSC::LinkBuffer::applyOffset):
1805         * assembler/MacroAssemblerARM64.h:
1806         (JSC::MacroAssemblerARM64::link):
1807         * assembler/MacroAssemblerARMv7.h:
1808
1809 2014-02-21  Brent Fulgham  <bfulgham@apple.com>
1810
1811         Extend media support for WebVTT sources
1812         https://bugs.webkit.org/show_bug.cgi?id=129156
1813
1814         Reviewed by Eric Carlson.
1815
1816         * Configurations/FeatureDefines.xcconfig: Add new feature define for AVF_CAPTIONS
1817
1818 2014-02-21  Joseph Pecoraro  <pecoraro@apple.com>
1819
1820         Web Inspector: JSContext inspection should report exceptions in the console
1821         https://bugs.webkit.org/show_bug.cgi?id=128776
1822
1823         Reviewed by Timothy Hatcher.
1824
1825         When JavaScript API functions have an exception, let the inspector
1826         know so it can log the JavaScript and Native backtrace that caused
1827         the exception.
1828
1829         Include some clean up of ConsoleMessage and ScriptCallStack construction.
1830
1831         * API/JSBase.cpp:
1832         (JSEvaluateScript):
1833         (JSCheckScriptSyntax):
1834         * API/JSObjectRef.cpp:
1835         (JSObjectMakeFunction):
1836         (JSObjectMakeArray):
1837         (JSObjectMakeDate):
1838         (JSObjectMakeError):
1839         (JSObjectMakeRegExp):
1840         (JSObjectGetProperty):
1841         (JSObjectSetProperty):
1842         (JSObjectGetPropertyAtIndex):
1843         (JSObjectSetPropertyAtIndex):
1844         (JSObjectDeleteProperty):
1845         (JSObjectCallAsFunction):
1846         (JSObjectCallAsConstructor):
1847         * API/JSValue.mm:
1848         (reportExceptionToInspector):
1849         (valueToArray):
1850         (valueToDictionary):
1851         * API/JSValueRef.cpp:
1852         (JSValueIsEqual):
1853         (JSValueIsInstanceOfConstructor):
1854         (JSValueCreateJSONString):
1855         (JSValueToNumber):
1856         (JSValueToStringCopy):
1857         (JSValueToObject):
1858         When seeing an exception, let the inspector know there was an exception.
1859
1860         * inspector/JSGlobalObjectInspectorController.h:
1861         * inspector/JSGlobalObjectInspectorController.cpp:
1862         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
1863         (Inspector::JSGlobalObjectInspectorController::appendAPIBacktrace):
1864         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
1865         Log API exceptions by also grabbing the native backtrace.
1866
1867         * inspector/ScriptCallStack.h:
1868         * inspector/ScriptCallStack.cpp:
1869         (Inspector::ScriptCallStack::firstNonNativeCallFrame):
1870         (Inspector::ScriptCallStack::append):
1871         Minor extensions to ScriptCallStack to make it easier to work with.
1872
1873         * inspector/ConsoleMessage.cpp:
1874         (Inspector::ConsoleMessage::ConsoleMessage):
1875         (Inspector::ConsoleMessage::autogenerateMetadata):
1876         Provide better default information if the first call frame was native.
1877
1878         * inspector/ScriptCallStackFactory.cpp:
1879         (Inspector::createScriptCallStack):
1880         (Inspector::extractSourceInformationFromException):
1881         (Inspector::createScriptCallStackFromException):
1882         Perform the handling here of inserting a fake call frame for exceptions
1883         if there was no call stack (e.g. a SyntaxError) or if the first call
1884         frame had no information.
1885
1886         * inspector/ConsoleMessage.cpp:
1887         (Inspector::ConsoleMessage::ConsoleMessage):
1888         (Inspector::ConsoleMessage::autogenerateMetadata):
1889         * inspector/ConsoleMessage.h:
1890         * inspector/ScriptCallStackFactory.cpp:
1891         (Inspector::createScriptCallStack):
1892         (Inspector::createScriptCallStackForConsole):
1893         * inspector/ScriptCallStackFactory.h:
1894         * inspector/agents/InspectorConsoleAgent.cpp:
1895         (Inspector::InspectorConsoleAgent::enable):
1896         (Inspector::InspectorConsoleAgent::addMessageToConsole):
1897         (Inspector::InspectorConsoleAgent::count):
1898         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
1899         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
1900         ConsoleMessage cleanup.
1901
1902 2014-02-21  Oliver Hunt  <oliver@apple.com>
1903
1904         Add extra space to op_call and related opcodes
1905         https://bugs.webkit.org/show_bug.cgi?id=129170
1906
1907         Reviewed by Mark Lam.
1908
1909         No change in behaviour, just some refactoring to add an extra
1910         slot to the op_call instructions, and refactoring to make similar
1911         changes easier in future.
1912
1913         * bytecode/CodeBlock.cpp:
1914         (JSC::CodeBlock::printCallOp):
1915         * bytecode/Opcode.h:
1916         (JSC::padOpcodeName):
1917         * bytecompiler/BytecodeGenerator.cpp:
1918         (JSC::BytecodeGenerator::emitCall):
1919         (JSC::BytecodeGenerator::emitCallVarargs):
1920         (JSC::BytecodeGenerator::emitConstruct):
1921         * dfg/DFGByteCodeParser.cpp:
1922         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1923         * jit/JITCall.cpp:
1924         (JSC::JIT::compileOpCall):
1925         * jit/JITCall32_64.cpp:
1926         (JSC::JIT::compileOpCall):
1927         * llint/LowLevelInterpreter.asm:
1928         * llint/LowLevelInterpreter32_64.asm:
1929         * llint/LowLevelInterpreter64.asm:
1930
1931 2014-02-21  Mark Lam  <mark.lam@apple.com>
1932
1933         gatherFromOtherThread() needs to align the sp before gathering roots.
1934         <https://webkit.org/b/129169>
1935
1936         Reviewed by Geoffrey Garen.
1937
1938         The GC scans the stacks of other threads using MachineThreads::gatherFromOtherThread().
1939         gatherFromOtherThread() defines the range of the other thread's stack as
1940         being bounded by the other thread's stack pointer and stack base. While
1941         the stack base will always be aligned to sizeof(void*), the stack pointer
1942         may not be. This is because the other thread may have just pushed a 32-bit
1943         value on its stack before we suspended it for scanning.
1944
1945         The fix is to round the stack pointer up to the next aligned address of
1946         sizeof(void*) and start scanning from there. On 64-bit systems, we will
1947         effectively ignore the 32-bit word at the bottom of the stack (top of the
1948         stack for stacks growing up) because it cannot be a 64-bit pointer anyway.
1949         64-bit pointers should always be stored on 64-bit aligned boundaries (our
1950         conservative scan algorithm already depends on this assumption).
1951
1952         On 32-bit systems, the rounding is effectively a no-op.
1953
1954         * heap/ConservativeRoots.cpp:
1955         (JSC::ConservativeRoots::genericAddSpan):
1956         - Hardened somne assertions so that we can catch misalignment issues on
1957           release builds as well.
1958         * heap/MachineStackMarker.cpp:
1959         (JSC::MachineThreads::gatherFromOtherThread):
1960
1961 2014-02-21  Matthew Mirman  <mmirman@apple.com>
1962
1963         Added a GetMyArgumentsLengthSafe and added a speculation check.
1964         https://bugs.webkit.org/show_bug.cgi?id=129051
1965
1966         Reviewed by Filip Pizlo.
1967
1968         * ftl/FTLLowerDFGToLLVM.cpp:
1969         (JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentsLength):
1970
1971 2014-02-21  peavo@outlook.com  <peavo@outlook.com>
1972
1973         [Win][LLINT] Many JSC stress test failures.
1974         https://bugs.webkit.org/show_bug.cgi?id=129155
1975
1976         Reviewed by Michael Saboff.
1977
1978         Intel syntax has reversed operand order compared to AT&T syntax, so we need to swap the operand order, in this case on floating point operations.
1979         Also avoid using the reverse opcode (e.g. fdivr), as this puts the result at the wrong position in the floating point stack.
1980         E.g. "divd ft0, ft1" would translate to fdivr st, st(1) (Intel syntax) on Windows, but this puts the result in st, when it should be in st(1).
1981
1982         * offlineasm/x86.rb: Swap operand order on Windows.
1983
1984 2014-02-21  Filip Pizlo  <fpizlo@apple.com>
1985
1986         DFG write barriers should do more speculations
1987         https://bugs.webkit.org/show_bug.cgi?id=129160
1988
1989         Reviewed by Mark Hahnenberg.
1990         
1991         Replace ConditionalStoreBarrier with the cheapest speculation that you could do
1992         instead.
1993         
1994         Miniscule speed-up on some things. It's a decent difference in code size, though.
1995
1996         * bytecode/SpeculatedType.cpp:
1997         (JSC::speculationToAbbreviatedString):
1998         * bytecode/SpeculatedType.h:
1999         (JSC::isNotCellSpeculation):
2000         * dfg/DFGFixupPhase.cpp:
2001         (JSC::DFG::FixupPhase::fixupNode):
2002         (JSC::DFG::FixupPhase::insertStoreBarrier):
2003         (JSC::DFG::FixupPhase::insertPhantomCheck):
2004         * dfg/DFGNode.h:
2005         (JSC::DFG::Node::shouldSpeculateOther):
2006         (JSC::DFG::Node::shouldSpeculateNotCell):
2007         * ftl/FTLCapabilities.cpp:
2008         (JSC::FTL::canCompile):
2009         * ftl/FTLLowerDFGToLLVM.cpp:
2010         (JSC::FTL::LowerDFGToLLVM::compareEqObjectOrOtherToObject):
2011         (JSC::FTL::LowerDFGToLLVM::equalNullOrUndefined):
2012         (JSC::FTL::LowerDFGToLLVM::isNotOther):
2013         (JSC::FTL::LowerDFGToLLVM::isOther):
2014         (JSC::FTL::LowerDFGToLLVM::speculate):
2015         (JSC::FTL::LowerDFGToLLVM::speculateObjectOrOther):
2016         (JSC::FTL::LowerDFGToLLVM::speculateOther):
2017         (JSC::FTL::LowerDFGToLLVM::speculateNotCell):
2018
2019 2014-02-21  Joseph Pecoraro  <pecoraro@apple.com>
2020
2021         Revert r164486, causing a number of test failures.
2022
2023         Unreviewed rollout.
2024
2025 2014-02-21  Filip Pizlo  <fpizlo@apple.com>
2026
2027         Revive SABI (aka shouldAlwaysBeInlined)
2028         https://bugs.webkit.org/show_bug.cgi?id=129159
2029
2030         Reviewed by Mark Hahnenberg.
2031         
2032         This is a small Octane speed-up.
2033
2034         * jit/Repatch.cpp:
2035         (JSC::linkFor): This code was assuming that if it's invoked then the caller is a DFG code block. That's wrong, since it's now used by all of the JITs.
2036
2037 2014-02-21  Joseph Pecoraro  <pecoraro@apple.com>
2038
2039         Web Inspector: JSContext inspection should report exceptions in the console
2040         https://bugs.webkit.org/show_bug.cgi?id=128776
2041
2042         Reviewed by Timothy Hatcher.
2043
2044         When JavaScript API functions have an exception, let the inspector
2045         know so it can log the JavaScript and Native backtrace that caused
2046         the exception.
2047
2048         Include some clean up of ConsoleMessage and ScriptCallStack construction.
2049
2050         * API/JSBase.cpp:
2051         (JSEvaluateScript):
2052         (JSCheckScriptSyntax):
2053         * API/JSObjectRef.cpp:
2054         (JSObjectMakeFunction):
2055         (JSObjectMakeArray):
2056         (JSObjectMakeDate):
2057         (JSObjectMakeError):
2058         (JSObjectMakeRegExp):
2059         (JSObjectGetProperty):
2060         (JSObjectSetProperty):
2061         (JSObjectGetPropertyAtIndex):
2062         (JSObjectSetPropertyAtIndex):
2063         (JSObjectDeleteProperty):
2064         (JSObjectCallAsFunction):
2065         (JSObjectCallAsConstructor):
2066         * API/JSValue.mm:
2067         (reportExceptionToInspector):
2068         (valueToArray):
2069         (valueToDictionary):
2070         * API/JSValueRef.cpp:
2071         (JSValueIsEqual):
2072         (JSValueIsInstanceOfConstructor):
2073         (JSValueCreateJSONString):
2074         (JSValueToNumber):
2075         (JSValueToStringCopy):
2076         (JSValueToObject):
2077         When seeing an exception, let the inspector know there was an exception.
2078
2079         * inspector/JSGlobalObjectInspectorController.h:
2080         * inspector/JSGlobalObjectInspectorController.cpp:
2081         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
2082         (Inspector::JSGlobalObjectInspectorController::appendAPIBacktrace):
2083         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
2084         Log API exceptions by also grabbing the native backtrace.
2085
2086         * inspector/ScriptCallStack.h:
2087         * inspector/ScriptCallStack.cpp:
2088         (Inspector::ScriptCallStack::firstNonNativeCallFrame):
2089         (Inspector::ScriptCallStack::append):
2090         Minor extensions to ScriptCallStack to make it easier to work with.
2091
2092         * inspector/ConsoleMessage.cpp:
2093         (Inspector::ConsoleMessage::ConsoleMessage):
2094         (Inspector::ConsoleMessage::autogenerateMetadata):
2095         Provide better default information if the first call frame was native.
2096
2097         * inspector/ScriptCallStackFactory.cpp:
2098         (Inspector::createScriptCallStack):
2099         (Inspector::extractSourceInformationFromException):
2100         (Inspector::createScriptCallStackFromException):
2101         Perform the handling here of inserting a fake call frame for exceptions
2102         if there was no call stack (e.g. a SyntaxError) or if the first call
2103         frame had no information.
2104
2105         * inspector/ConsoleMessage.cpp:
2106         (Inspector::ConsoleMessage::ConsoleMessage):
2107         (Inspector::ConsoleMessage::autogenerateMetadata):
2108         * inspector/ConsoleMessage.h:
2109         * inspector/ScriptCallStackFactory.cpp:
2110         (Inspector::createScriptCallStack):
2111         (Inspector::createScriptCallStackForConsole):
2112         * inspector/ScriptCallStackFactory.h:
2113         * inspector/agents/InspectorConsoleAgent.cpp:
2114         (Inspector::InspectorConsoleAgent::enable):
2115         (Inspector::InspectorConsoleAgent::addMessageToConsole):
2116         (Inspector::InspectorConsoleAgent::count):
2117         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
2118         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
2119         ConsoleMessage cleanup.
2120
2121 2014-02-20  Anders Carlsson  <andersca@apple.com>
2122
2123         Modernize JSGlobalLock and JSLockHolder
2124         https://bugs.webkit.org/show_bug.cgi?id=129105
2125
2126         Reviewed by Michael Saboff.
2127
2128         Use std::mutex and std::thread::id where possible.
2129
2130         * runtime/JSLock.cpp:
2131         (JSC::GlobalJSLock::GlobalJSLock):
2132         (JSC::GlobalJSLock::~GlobalJSLock):
2133         (JSC::GlobalJSLock::initialize):
2134         (JSC::JSLock::JSLock):
2135         (JSC::JSLock::lock):
2136         (JSC::JSLock::unlock):
2137         (JSC::JSLock::currentThreadIsHoldingLock):
2138         * runtime/JSLock.h:
2139
2140 2014-02-20  Mark Lam  <mark.lam@apple.com>
2141
2142         virtualForWithFunction() should not throw an exception with a partially initialized frame.
2143         <https://webkit.org/b/129134>
2144
2145         Reviewed by Michael Saboff.
2146
2147         Currently, when JITOperations.cpp's virtualForWithFunction() fails to
2148         prepare the callee function for execution, it proceeds to throw the
2149         exception using the callee frame which is only partially initialized
2150         thus far. Instead, it should be throwing the exception using the caller
2151         frame because:
2152         1. the error happened "in" the caller while preparing the callee for
2153            execution i.e. the caller frame is the top fully initialized frame
2154            on the stack.
2155         2. the callee frame is not fully initialized yet, and the unwind
2156            mechanism cannot depend on the data in it.
2157
2158         * jit/JITOperations.cpp:
2159
2160 2014-02-20  Mark Lam  <mark.lam@apple.com>
2161
2162         DefaultGCActivityCallback::doWork() should reschedule if GC is deferred.
2163         <https://webkit.org/b/129131>
2164
2165         Reviewed by Mark Hahnenberg.
2166
2167         Currently, DefaultGCActivityCallback::doWork() does not check if the GC
2168         needs to be deferred before commencing. As a result, the GC may crash
2169         and/or corrupt data because the VM is not in the consistent state needed
2170         for the GC to run. With this fix, doWork() now checks if the GC is
2171         supposed to be deferred and re-schedules if needed. It only commences
2172         with GC'ing when it's safe to do so.
2173
2174         * runtime/GCActivityCallback.cpp:
2175         (JSC::DefaultGCActivityCallback::doWork):
2176
2177 2014-02-20  Geoffrey Garen  <ggaren@apple.com>
2178
2179         Math.imul gives wrong results
2180         https://bugs.webkit.org/show_bug.cgi?id=126345
2181
2182         Reviewed by Mark Hahnenberg.
2183
2184         Don't truncate non-int doubles to 0 -- that's just not how ToInt32 works.
2185         Instead, take a slow path that will do the right thing.
2186
2187         * jit/ThunkGenerators.cpp:
2188         (JSC::imulThunkGenerator):
2189
2190 2014-02-20  Filip Pizlo  <fpizlo@apple.com>
2191
2192         DFG should do its own static estimates of execution frequency before it starts creating OSR entrypoints
2193         https://bugs.webkit.org/show_bug.cgi?id=129129
2194
2195         Reviewed by Geoffrey Garen.
2196         
2197         We estimate execution counts based on loop depth, and then use those to estimate branch
2198         weights. These weights then get carried all the way down to LLVM prof branch_weights
2199         meta-data.
2200         
2201         This is better than letting LLVM do its own static estimates, since by the time we
2202         generate LLVM IR, we may have messed up the CFG due to OSR entrypoint creation. Of
2203         course, it would be even better if we just slurped in some kind of execution counts
2204         from profiling, but we don't do that, yet.
2205
2206         * CMakeLists.txt:
2207         * GNUmakefile.list.am:
2208         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2209         * JavaScriptCore.xcodeproj/project.pbxproj:
2210         * dfg/DFGBasicBlock.cpp:
2211         (JSC::DFG::BasicBlock::BasicBlock):
2212         * dfg/DFGBasicBlock.h:
2213         * dfg/DFGBlockInsertionSet.cpp:
2214         (JSC::DFG::BlockInsertionSet::insert):
2215         (JSC::DFG::BlockInsertionSet::insertBefore):
2216         * dfg/DFGBlockInsertionSet.h:
2217         * dfg/DFGByteCodeParser.cpp:
2218         (JSC::DFG::ByteCodeParser::handleInlining):
2219         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2220         * dfg/DFGCriticalEdgeBreakingPhase.cpp:
2221         (JSC::DFG::CriticalEdgeBreakingPhase::breakCriticalEdge):
2222         * dfg/DFGLoopPreHeaderCreationPhase.cpp:
2223         (JSC::DFG::createPreHeader):
2224         * dfg/DFGNaturalLoops.h:
2225         (JSC::DFG::NaturalLoops::loopDepth):
2226         * dfg/DFGOSREntrypointCreationPhase.cpp:
2227         (JSC::DFG::OSREntrypointCreationPhase::run):
2228         * dfg/DFGPlan.cpp:
2229         (JSC::DFG::Plan::compileInThreadImpl):
2230         * dfg/DFGStaticExecutionCountEstimationPhase.cpp: Added.
2231         (JSC::DFG::StaticExecutionCountEstimationPhase::StaticExecutionCountEstimationPhase):
2232         (JSC::DFG::StaticExecutionCountEstimationPhase::run):
2233         (JSC::DFG::StaticExecutionCountEstimationPhase::applyCounts):
2234         (JSC::DFG::performStaticExecutionCountEstimation):
2235         * dfg/DFGStaticExecutionCountEstimationPhase.h: Added.
2236
2237 2014-02-20  Filip Pizlo  <fpizlo@apple.com>
2238
2239         FTL may not see a compact_unwind section if there weren't any stackmaps
2240         https://bugs.webkit.org/show_bug.cgi?id=129125
2241
2242         Reviewed by Geoffrey Garen.
2243         
2244         It's OK to not have an unwind section, so long as the function also doesn't have any
2245         OSR exits.
2246
2247         * ftl/FTLCompile.cpp:
2248         (JSC::FTL::fixFunctionBasedOnStackMaps):
2249         (JSC::FTL::compile):
2250         * ftl/FTLUnwindInfo.cpp:
2251         (JSC::FTL::UnwindInfo::parse):
2252         * ftl/FTLUnwindInfo.h:
2253
2254 == Rolled over to ChangeLog-2014-02-20 ==