3126064f7f45fe8be0e4f2f5317c0671e1cbb752
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-03-09  Jessie Berlin  <jberlin@apple.com>
2
3         Windows debug build fix.
4
5         * assembler/MacroAssembler.h:
6         (JSC::MacroAssembler::shouldBlind):
7         Fix unreachable code warnings (which we treat as errors).
8
9 2012-03-09  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
10
11         Reviewed by Zoltan Herczeg.
12
13         [Qt] Fix the SH4 build after r109834
14         https://bugs.webkit.org/show_bug.cgi?id=80492
15
16         * assembler/MacroAssemblerSH4.h:
17         (JSC::MacroAssemblerSH4::branchAdd32):
18         (JSC::MacroAssemblerSH4::branchSub32):
19
20 2012-03-09  Andy Wingo  <wingo@igalia.com>
21
22         Refactor code feature analysis in the parser
23         https://bugs.webkit.org/show_bug.cgi?id=79112
24
25         Reviewed by Geoffrey Garen.
26
27         This commit refactors the parser to more uniformly propagate flag
28         bits down and up the parse process, as the parser descends and
29         returns into nested blocks.  Some flags get passed town to
30         subscopes, some apply to specific scopes only, and some get
31         unioned up after parsing subscopes.
32
33         The goal is to eventually be very precise with scoping
34         information, once we have block scopes: one block scope might use
35         `eval', which would require the emission of a symbol table within
36         that block and containing blocks, whereas another block in the
37         same function might not, allowing us to not emit a symbol table.
38
39         * parser/Nodes.h:
40         (JSC::ScopeFlags): Rename from CodeFeatures.
41         (JSC::ScopeNode::addScopeFlags):
42         (JSC::ScopeNode::scopeFlags): New accessors for m_scopeFlags.
43         (JSC::ScopeNode::isStrictMode):
44         (JSC::ScopeNode::usesEval):
45         (JSC::ScopeNode::usesArguments):
46         (JSC::ScopeNode::setUsesArguments):
47         (JSC::ScopeNode::usesThis):
48         (JSC::ScopeNode::needsActivationForMoreThanVariables):
49         (JSC::ScopeNode::needsActivation): Refactor these accessors to
50         operate on the m_scopeFlags member.
51         (JSC::ScopeNode::source):
52         (JSC::ScopeNode::sourceURL):
53         (JSC::ScopeNode::sourceID): Shuffle these definitions around; no
54         semantic change.
55         (JSC::ScopeNode::ScopeNode)
56         (JSC::ProgramNode::ProgramNode)
57         (JSC::EvalNode::EvalNode)
58         (JSC::FunctionBodyNode::FunctionBodyNode): Have these constructors
59         take a ScopeFlags as an argument, instead of a bool inStrictContext.
60
61         * parser/Nodes.cpp:
62         (JSC::ScopeNode::ScopeNode):
63         (JSC::ProgramNode::ProgramNode):
64         (JSC::ProgramNode::create):
65         (JSC::EvalNode::EvalNode):
66         (JSC::EvalNode::create):
67         (JSC::FunctionBodyNode::FunctionBodyNode):
68         (JSC::FunctionBodyNode::create): Adapt constructors to change.
69
70         * parser/ASTBuilder.h:
71         (JSC::ASTBuilder::ASTBuilder):
72         (JSC::ASTBuilder::thisExpr):
73         (JSC::ASTBuilder::createResolve):
74         (JSC::ASTBuilder::createFunctionBody):
75         (JSC::ASTBuilder::createFuncDeclStatement):
76         (JSC::ASTBuilder::createTryStatement):
77         (JSC::ASTBuilder::createWithStatement):
78         (JSC::ASTBuilder::addVar):
79         (JSC::ASTBuilder::Scope::Scope):
80         (Scope):
81         (ASTBuilder):
82         (JSC::ASTBuilder::makeFunctionCallNode): Don't track scope
83         features here.  Instead rely on the base Parser mechanism to track
84         features.
85
86         * parser/NodeInfo.h (NodeInfo, NodeDeclarationInfo): "ScopeFlags".
87
88         * parser/Parser.h:
89         (JSC::Scope::Scope): Manage scope through flags, not
90         bit-booleans.  This lets us uniformly propagate them up and down.
91         (JSC::Scope::declareWrite):
92         (JSC::Scope::declareParameter):
93         (JSC::Scope::useVariable):
94         (JSC::Scope::collectFreeVariables):
95         (JSC::Scope::getCapturedVariables):
96         (JSC::Scope::saveFunctionInfo):
97         (JSC::Scope::restoreFunctionInfo):
98         (JSC::Parser::pushScope): Adapt to use scope flags and their
99         accessors instead of bit-booleans.
100         * parser/Parser.cpp:
101         (JSC::::Parser):
102         (JSC::::parseInner):
103         (JSC::::didFinishParsing):
104         (JSC::::parseSourceElements):
105         (JSC::::parseVarDeclarationList):
106         (JSC::::parseConstDeclarationList):
107         (JSC::::parseWithStatement):
108         (JSC::::parseTryStatement):
109         (JSC::::parseFunctionBody):
110         (JSC::::parseFunctionInfo):
111         (JSC::::parseFunctionDeclaration):
112         (JSC::::parsePrimaryExpression): Hoist some of the flag handling
113         out of the "context" (ASTBuilder or SyntaxChecker) and to here.
114         Does not seem to have a performance impact.
115
116         * parser/SourceProviderCacheItem.h (SourceProviderCacheItem):
117         Cache the scopeflags.
118         * parser/SyntaxChecker.h: Remove evalCount() decl.
119
120         * runtime/Executable.cpp:
121         (JSC::EvalExecutable::compileInternal):
122         (JSC::ProgramExecutable::compileInternal):
123         (JSC::FunctionExecutable::produceCodeBlockFor):
124         * runtime/Executable.h:
125         (JSC::ScriptExecutable::ScriptExecutable):
126         (JSC::ScriptExecutable::usesEval):
127         (JSC::ScriptExecutable::usesArguments):
128         (JSC::ScriptExecutable::needsActivation):
129         (JSC::ScriptExecutable::isStrictMode):
130         (JSC::ScriptExecutable::recordParse):
131         (ScriptExecutable): ScopeFlags, not features.
132
133 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
134
135         Build fix for MSVC after r110266
136
137         Unreviewed. A #ifdef for MSVC was left over in r110266.
138
139         * runtime/RegExpObject.h:
140         (RegExpObject):
141
142 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
143
144         Allocate the RegExpObject's data with the Cell
145         https://bugs.webkit.org/show_bug.cgi?id=80654
146
147         Reviewed by Gavin Barraclough.
148
149         This patch removes the creation of RegExpObject's data to avoid the overhead
150         create by the allocation and destruction.
151
152         We RegExp are created repeatedly, this provides some performance improvment.
153         The PeaceKeeper test stringDetectBrowser improves by 10%.
154
155         * runtime/RegExpObject.cpp:
156         (JSC::RegExpObject::RegExpObject):
157         (JSC::RegExpObject::visitChildren):
158         (JSC::RegExpObject::getOwnPropertyDescriptor):
159         (JSC::RegExpObject::defineOwnProperty):
160         (JSC::RegExpObject::match):
161         * runtime/RegExpObject.h:
162         (JSC::RegExpObject::setRegExp):
163         (JSC::RegExpObject::regExp):
164         (JSC::RegExpObject::setLastIndex):
165         (JSC::RegExpObject::getLastIndex):
166         (RegExpObject):
167
168 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
169
170         Separate WTF parts of JavaScriptCoreGenerated into WTFGenerated for Windows build
171         https://bugs.webkit.org/show_bug.cgi?id=80657
172         
173         Preparation for WTF separation from JavaScriptCore.
174         The "Generated" vcproj files on Windows are necessary so Visual Studio can calculate correct
175         dependencies for generated files.
176         
177         This also removes the PGO build targets from the WTF code, since we can't build instrumentation/optimization
178         versions of the WTF code independent of the JavaScriptCore code.
179
180         Reviewed by Jessie Berlin.
181
182         * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WTFGenerated, update dependent projects.
183         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed WTF specific parts.
184         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed WTF specific parts.
185         * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed WTF specific parts.
186         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed WTF specific parts.
187         * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Removed.
188         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Add WTFGenerated, update dependent projects.
189         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Remove PGO targets from WTF.
190         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make.
191         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj.
192         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops.
193         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops.
194         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops.
195         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops.
196         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops.
197         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops.
198         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops.
199         * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Removed.
200         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh.
201         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd.
202         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py.
203
204 2012-03-08  Benjamin Poulain  <benjamin@webkit.org>
205
206         Fix the build of WebKit with WTFURL following the removal of ForwardingHeaders/wtf
207         https://bugs.webkit.org/show_bug.cgi?id=80652
208
209         Reviewed by Eric Seidel.
210
211         Fix the header, URLSegments.h is not part of the API.
212
213         * wtf/url/api/ParsedURL.h:
214
215 2012-03-08  Ryosuke Niwa  <rniwa@webkit.org>
216
217         Mac build fix for micro data API.
218
219         * Configurations/FeatureDefines.xcconfig:
220
221 2012-03-08  Gavin Barraclough  <barraclough@apple.com>
222
223         String.prototype.match and replace do not clear global regexp lastIndex per ES5.1 15.5.4.10
224         https://bugs.webkit.org/show_bug.cgi?id=26890
225
226         Reviewed by Oliver Hunt.
227
228         Per 15.10.6.2 step 9.a.1 called via the action of the last iteration of 15.5.4.10 8.f.i.
229
230         * runtime/StringPrototype.cpp:
231         (JSC::replaceUsingRegExpSearch):
232         (JSC::stringProtoFuncMatch):
233             - added calls to setLastIndex.
234
235 2012-03-07  Jon Lee  <jonlee@apple.com>
236
237         Add support for ENABLE(LEGACY_NOTIFICATIONS)
238         https://bugs.webkit.org/show_bug.cgi?id=80497
239
240         Reviewed by Adam Barth.
241
242         Prep for b80472: Update API for Web Notifications
243         * Configurations/FeatureDefines.xcconfig:
244
245 2012-03-08  Matt Lilek  <mrl@apple.com>
246
247         Don't enable VIDEO_TRACK on all OS X platforms
248         https://bugs.webkit.org/show_bug.cgi?id=80635
249
250         Reviewed by Eric Carlson.
251
252         * Configurations/FeatureDefines.xcconfig:
253
254 2012-03-08  Oliver Hunt  <oliver@apple.com>
255
256         Build fix.  That day is not today.
257
258         * assembler/MacroAssembler.h:
259         (JSC::MacroAssembler::shouldBlind):
260         * assembler/MacroAssemblerX86Common.h:
261         (MacroAssemblerX86Common):
262         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
263
264 2012-03-08  Oliver Hunt  <oliver@apple.com>
265
266         Build fix. One of these days I'll manage to commit something that works everywhere.
267
268         * assembler/AbstractMacroAssembler.h:
269         (AbstractMacroAssembler):
270         * assembler/MacroAssemblerARMv7.h:
271         (MacroAssemblerARMv7):
272         * assembler/MacroAssemblerX86Common.h:
273         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
274         (MacroAssemblerX86Common):
275
276 2012-03-08  Chao-ying Fu  <fu@mips.com>
277
278         Update MIPS patchOffsetGetByIdSlowCaseCall
279         https://bugs.webkit.org/show_bug.cgi?id=80302
280
281         Reviewed by Oliver Hunt.
282
283         * jit/JIT.h:
284         (JIT):
285
286 2012-03-08  Oliver Hunt  <oliver@apple.com>
287
288         Missing some places where we should be blinding 64bit values (and blinding something we shouldn't)
289         https://bugs.webkit.org/show_bug.cgi?id=80633
290
291         Reviewed by Gavin Barraclough.
292
293         Add 64-bit trap for shouldBlindForSpecificArch, so that we always blind
294         if there isn't a machine specific implementation (otherwise the 64bit value
295         got truncated and 32bit checks were used -- leaving 32bits untested).
296         Also add a bit of logic to ensure that we don't try to blind a few common
297         constants that go through the ImmPtr paths -- encoded numeric JSValues and
298         unencoded doubles with common "safe" values.
299
300         * assembler/AbstractMacroAssembler.h:
301         (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
302         * assembler/MacroAssembler.h:
303         (JSC::MacroAssembler::shouldBlindDouble):
304         (MacroAssembler):
305         (JSC::MacroAssembler::shouldBlind):
306         * assembler/MacroAssemblerX86Common.h:
307         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
308
309 2012-03-08  Mark Rowe  <mrowe@apple.com>
310
311         <rdar://problem/11012572> Ensure that the staged frameworks path is in the search path for JavaScriptCore
312
313         Reviewed by Dan Bernstein.
314
315         * Configurations/Base.xcconfig:
316
317 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
318
319         Fix line endings for copy-files.cmd.
320         
321         If a cmd file doesn't have Windows line endings, it doesn't work properly.
322         In this case, the label :clean wasn't found, breaking the clean build.
323         
324         Reviewed by Jessie Berlin.
325
326         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
327
328 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
329
330         DFG CFA incorrectly handles ValueToInt32
331         https://bugs.webkit.org/show_bug.cgi?id=80568
332
333         Reviewed by Gavin Barraclough.
334         
335         Changed it match exactly the decision pattern used in
336         DFG::SpeculativeJIT::compileValueToInt32
337
338         * dfg/DFGAbstractState.cpp:
339         (JSC::DFG::AbstractState::execute):
340
341 2012-03-08  Viatcheslav Ostapenko  <ostapenko.viatcheslav@nokia.com>
342
343         [Qt] [WK2] Webkit fails to link when compiled with force_static_libs_as_shared
344         https://bugs.webkit.org/show_bug.cgi?id=80524
345
346         Reviewed by Simon Hausmann.
347
348         Move IdentifierTable methods defintion to WTFThreadData.cpp to fix linking 
349         of WTF library.
350
351         * runtime/Identifier.cpp:
352         * wtf/WTFThreadData.cpp:
353         (JSC):
354         (JSC::IdentifierTable::~IdentifierTable):
355         (JSC::IdentifierTable::add):
356
357 2012-03-08  Filip Pizlo  <fpizlo@apple.com>
358
359         DFG instruction count threshold should be lifted to 10000
360         https://bugs.webkit.org/show_bug.cgi?id=80579
361
362         Reviewed by Gavin Barraclough.
363
364         * runtime/Options.cpp:
365         (JSC::Options::initializeOptions):
366
367 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
368
369         Incorrect tracking of abstract values of variables forced double
370         https://bugs.webkit.org/show_bug.cgi?id=80566
371         <rdar://problem/11001442>
372
373         Reviewed by Gavin Barraclough.
374
375         * dfg/DFGAbstractState.cpp:
376         (JSC::DFG::AbstractState::mergeStateAtTail):
377
378 2012-03-07  Chao-yng Fu  <fu@mips.com>
379
380         [Qt] Fix the MIPS/SH4 build after r109834
381         https://bugs.webkit.org/show_bug.cgi?id=80492
382
383         Reviewed by Oliver Hunt.
384
385         Implement three-argument branch(Add,Sub)32.
386
387         * assembler/MacroAssemblerMIPS.h:
388         (JSC::MacroAssemblerMIPS::add32):
389         (MacroAssemblerMIPS):
390         (JSC::MacroAssemblerMIPS::sub32):
391         (JSC::MacroAssemblerMIPS::branchAdd32):
392         (JSC::MacroAssemblerMIPS::branchSub32):
393
394 2012-03-07  Sheriff Bot  <webkit.review.bot@gmail.com>
395
396         Unreviewed, rolling out r110127.
397         http://trac.webkit.org/changeset/110127
398         https://bugs.webkit.org/show_bug.cgi?id=80562
399
400         compile failed on AppleWin (Requested by ukai on #webkit).
401
402         * heap/Heap.cpp:
403         (JSC::Heap::collectAllGarbage):
404         * heap/Heap.h:
405         (JSC):
406         (Heap):
407         * runtime/Executable.cpp:
408         (JSC::FunctionExecutable::FunctionExecutable):
409         (JSC::FunctionExecutable::finalize):
410         * runtime/Executable.h:
411         (FunctionExecutable):
412         (JSC::FunctionExecutable::create):
413         * runtime/JSGlobalData.cpp:
414         (WTF):
415         (Recompiler):
416         (WTF::Recompiler::operator()):
417         (JSC::JSGlobalData::recompileAllJSFunctions):
418         (JSC):
419         * runtime/JSGlobalData.h:
420         (JSGlobalData):
421         * runtime/JSGlobalObject.cpp:
422         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
423
424 2012-03-07  Hojong Han  <hojong.han@samsung.com>
425
426         The end atom of the marked block considered to filter invalid cells
427         https://bugs.webkit.org/show_bug.cgi?id=79191
428
429         Reviewed by Geoffrey Garen.
430
431         Register file could have stale pointers beyond the end atom of marked block.
432         Those pointers can weasel out of filtering in-middle-of-cell pointer.
433
434         * heap/MarkedBlock.h:
435         (JSC::MarkedBlock::isLiveCell):
436
437 2012-03-07  Jessie Berlin  <jberlin@apple.com>
438
439         Clean Windows build fails after r110033
440         https://bugs.webkit.org/show_bug.cgi?id=80553
441
442         Rubber-stamped by Jon Honeycutt and Eric Seidel.
443
444         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
445         Place the implementation files next to their header files in the wtf/text subdirectory.
446         Use echo -F to tell xcopy that these are files (since there is apparently no flag).
447         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
448         Update the path to those implementation files.
449         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
450         Ditto.
451
452 2012-03-07  Yuqiang Xian  <yuqiang.xian@intel.com>
453
454         Eliminate redundant Phis in DFG
455         https://bugs.webkit.org/show_bug.cgi?id=80415
456
457         Reviewed by Filip Pizlo.
458
459         Although this may not have any advantage at current stage, this is towards
460         minimal SSA to make more high level optimizations (like bug 76770) easier.
461         We have the choices either to build minimal SSA from scratch or to
462         keep current simple Phi insertion mechanism and remove the redundancy
463         in another phase. Currently we choose the latter because the change
464         could be smaller.
465
466         * CMakeLists.txt:
467         * GNUmakefile.list.am:
468         * JavaScriptCore.xcodeproj/project.pbxproj:
469         * Target.pri:
470         * dfg/DFGDriver.cpp:
471         (JSC::DFG::compile):
472         * dfg/DFGGraph.cpp:
473         (JSC::DFG::Graph::dump):
474         * dfg/DFGRedundantPhiEliminationPhase.cpp: Added.
475         (DFG):
476         (RedundantPhiEliminationPhase):
477         (JSC::DFG::RedundantPhiEliminationPhase::RedundantPhiEliminationPhase):
478         (JSC::DFG::RedundantPhiEliminationPhase::run):
479         (JSC::DFG::RedundantPhiEliminationPhase::getRedundantReplacement):
480         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
481         (JSC::DFG::RedundantPhiEliminationPhase::fixupPhis):
482         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
483         (JSC::DFG::performRedundantPhiElimination):
484         * dfg/DFGRedundantPhiEliminationPhase.h: Added.
485         (DFG):
486
487 2012-03-07  Mark Hahnenberg  <mhahnenberg@apple.com>
488
489         Refactor recompileAllJSFunctions() to be less expensive
490         https://bugs.webkit.org/show_bug.cgi?id=80330
491
492         Reviewed by Geoffrey Garen.
493
494         This change is performance neutral on the JS benchmarks we track. It's mostly to improve page 
495         load performance, which currently does at least a couple full GCs per navigation.
496
497         * heap/Heap.cpp:
498         (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode 
499         because the function doesn't actually recompile anything (and never did); it simply throws code
500         away for it to be recompiled later if we determine we should do so.
501         (JSC):
502         (JSC::Heap::collectAllGarbage):
503         (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list.
504         (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list.
505         * heap/Heap.h:
506         (JSC):
507         (Heap):
508         * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can 
509         be used in DoublyLinkedLists.
510         (JSC::FunctionExecutable::FunctionExecutable):
511         (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list.
512         * runtime/Executable.h:
513         (FunctionExecutable):
514         (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list.
515         * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage 
516         the list of FunctionExecutables.
517         * runtime/JSGlobalData.h:
518         (JSGlobalData):
519         * runtime/JSGlobalObject.cpp:
520         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode.
521
522 2012-03-06  Oliver Hunt  <oliver@apple.com>
523
524         Further harden 64-bit JIT
525         https://bugs.webkit.org/show_bug.cgi?id=80457
526
527         Reviewed by Filip Pizlo.
528
529         This patch implements blinding for ImmPtr.  Rather than xor based blinding
530         we perform randomised pointer rotations in order to avoid the significant
531         cost in executable memory that would otherwise be necessary (and to avoid
532         the need for an additional scratch register in some cases).
533
534         As with the prior blinding patch there's a moderate amount of noise as we
535         correct the use of ImmPtr vs. TrustedImmPtr.
536
537         * assembler/AbstractMacroAssembler.h:
538         (ImmPtr):
539         (JSC::AbstractMacroAssembler::ImmPtr::asTrustedImmPtr):
540         * assembler/MacroAssembler.h:
541         (MacroAssembler):
542         (JSC::MacroAssembler::storePtr):
543         (JSC::MacroAssembler::branchPtr):
544         (JSC::MacroAssembler::shouldBlind):
545         (JSC::MacroAssembler::RotatedImmPtr::RotatedImmPtr):
546         (RotatedImmPtr):
547         (JSC::MacroAssembler::rotationBlindConstant):
548         (JSC::MacroAssembler::loadRotationBlindedConstant):
549         (JSC::MacroAssembler::convertInt32ToDouble):
550         (JSC::MacroAssembler::move):
551         (JSC::MacroAssembler::poke):
552         * assembler/MacroAssemblerARMv7.h:
553         (JSC::MacroAssemblerARMv7::storeDouble):
554         (JSC::MacroAssemblerARMv7::branchAdd32):
555         * assembler/MacroAssemblerX86_64.h:
556         (MacroAssemblerX86_64):
557         (JSC::MacroAssemblerX86_64::rotateRightPtr):
558         (JSC::MacroAssemblerX86_64::xorPtr):
559         * assembler/X86Assembler.h:
560         (X86Assembler):
561         (JSC::X86Assembler::xorq_rm):
562         (JSC::X86Assembler::rorq_i8r):
563         * dfg/DFGCCallHelpers.h:
564         (CCallHelpers):
565         (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
566         * dfg/DFGOSRExitCompiler32_64.cpp:
567         (JSC::DFG::OSRExitCompiler::compileExit):
568         * dfg/DFGOSRExitCompiler64.cpp:
569         (JSC::DFG::OSRExitCompiler::compileExit):
570         * dfg/DFGSpeculativeJIT.cpp:
571         (JSC::DFG::SpeculativeJIT::createOSREntries):
572         * dfg/DFGSpeculativeJIT.h:
573         (JSC::DFG::SpeculativeJIT::silentFillGPR):
574         (JSC::DFG::SpeculativeJIT::callOperation):
575         (JSC::DFG::SpeculativeJIT::emitEdgeCode):
576         * dfg/DFGSpeculativeJIT32_64.cpp:
577         (JSC::DFG::SpeculativeJIT::compile):
578         * dfg/DFGSpeculativeJIT64.cpp:
579         (JSC::DFG::SpeculativeJIT::fillInteger):
580         (JSC::DFG::SpeculativeJIT::fillDouble):
581         (JSC::DFG::SpeculativeJIT::fillJSValue):
582         (JSC::DFG::SpeculativeJIT::emitCall):
583         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
584         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
585         (JSC::DFG::SpeculativeJIT::emitBranch):
586         * jit/JIT.cpp:
587         (JSC::JIT::emitOptimizationCheck):
588         * jit/JITArithmetic32_64.cpp:
589         (JSC::JIT::emitSlow_op_post_inc):
590         * jit/JITInlineMethods.h:
591         (JSC::JIT::emitValueProfilingSite):
592         (JSC::JIT::emitGetVirtualRegister):
593         * jit/JITOpcodes.cpp:
594         (JSC::JIT::emit_op_mov):
595         (JSC::JIT::emit_op_new_object):
596         (JSC::JIT::emit_op_strcat):
597         (JSC::JIT::emit_op_ensure_property_exists):
598         (JSC::JIT::emit_op_resolve_skip):
599         (JSC::JIT::emitSlow_op_resolve_global):
600         (JSC::JIT::emit_op_resolve_with_base):
601         (JSC::JIT::emit_op_resolve_with_this):
602         (JSC::JIT::emit_op_jmp_scopes):
603         (JSC::JIT::emit_op_switch_imm):
604         (JSC::JIT::emit_op_switch_char):
605         (JSC::JIT::emit_op_switch_string):
606         (JSC::JIT::emit_op_throw_reference_error):
607         (JSC::JIT::emit_op_debug):
608         (JSC::JIT::emitSlow_op_resolve_global_dynamic):
609         (JSC::JIT::emit_op_new_array):
610         (JSC::JIT::emitSlow_op_new_array):
611         (JSC::JIT::emit_op_new_array_buffer):
612         * jit/JITOpcodes32_64.cpp:
613         (JSC::JIT::emit_op_new_object):
614         (JSC::JIT::emit_op_strcat):
615         (JSC::JIT::emit_op_ensure_property_exists):
616         (JSC::JIT::emit_op_resolve_skip):
617         (JSC::JIT::emitSlow_op_resolve_global):
618         (JSC::JIT::emit_op_resolve_with_base):
619         (JSC::JIT::emit_op_resolve_with_this):
620         (JSC::JIT::emit_op_jmp_scopes):
621         (JSC::JIT::emit_op_switch_imm):
622         (JSC::JIT::emit_op_switch_char):
623         (JSC::JIT::emit_op_switch_string):
624         * jit/JITPropertyAccess32_64.cpp:
625         (JSC::JIT::emit_op_put_by_index):
626         * jit/JITStubCall.h:
627         (JITStubCall):
628         (JSC::JITStubCall::addArgument):
629
630 2012-03-07  Simon Hausmann  <simon.hausmann@nokia.com>
631
632         ARM build fix.
633
634         Reviewed by Zoltan Herczeg.
635
636         Implement three-argument branch(Add,Sub)32.
637
638         * assembler/MacroAssemblerARM.h:
639         (JSC::MacroAssemblerARM::add32):
640         (MacroAssemblerARM):
641         (JSC::MacroAssemblerARM::sub32):
642         (JSC::MacroAssemblerARM::branchAdd32):
643         (JSC::MacroAssemblerARM::branchSub32):
644
645 2012-03-07  Andy Wingo  <wingo@igalia.com>
646
647         Parser: Inline ScopeNodeData into ScopeNode
648         https://bugs.webkit.org/show_bug.cgi?id=79776
649
650         Reviewed by Geoffrey Garen.
651
652         It used to be that some ScopeNode members were kept in a separate
653         structure because sometimes they wouldn't be needed, and
654         allocating a ParserArena was expensive.  This patch makes
655         ParserArena lazily allocate its IdentifierArena, allowing the
656         members to be included directly, which is simpler and easier to
657         reason about.
658
659         * parser/ParserArena.cpp:
660         (JSC::ParserArena::ParserArena):
661         (JSC::ParserArena::reset):
662         (JSC::ParserArena::isEmpty):
663         * parser/ParserArena.h:
664         (JSC::ParserArena::identifierArena): Lazily allocate the
665         IdentifierArena.
666
667         * parser/Nodes.cpp:
668         (JSC::ScopeNode::ScopeNode):
669         (JSC::ScopeNode::singleStatement):
670         (JSC::ProgramNode::create):
671         (JSC::EvalNode::create):
672         (JSC::FunctionBodyNode::create):
673         * parser/Nodes.h:
674         (JSC::ScopeNode::destroyData):
675         (JSC::ScopeNode::needsActivationForMoreThanVariables):
676         (JSC::ScopeNode::needsActivation):
677         (JSC::ScopeNode::hasCapturedVariables):
678         (JSC::ScopeNode::capturedVariableCount):
679         (JSC::ScopeNode::captures):
680         (JSC::ScopeNode::varStack):
681         (JSC::ScopeNode::functionStack):
682         (JSC::ScopeNode::neededConstants):
683         (ScopeNode):
684         * bytecompiler/NodesCodegen.cpp:
685         (JSC::ScopeNode::emitStatementsBytecode): Inline ScopeNodeData
686         into ScopeNode.  Adapt accessors.
687
688 2012-03-06  Eric Seidel  <eric@webkit.org>
689
690         Make WTF public headers use fully-qualified include paths and remove ForwardingHeaders/wtf
691         https://bugs.webkit.org/show_bug.cgi?id=80363
692
693         Reviewed by Mark Rowe.
694
695         Historically WTF has been part of JavaScriptCore, and on Mac and Windows
696         its headers have appeared as part of the "private" headers exported by
697         JavaScriptCore.  All of the WTF headers there are "flattened" into a single
698         private headers directory, and WebCore, WebKit and WebKit2 have used "ForwardingHeaders"
699         to re-map fully-qualified <wtf/text/Foo.h> includes to simple <JavaScriptCore/Foo.h> includes.
700
701         However, very soon, we are moving the WTF source code out of JavaScriptCore into its
702         own directory and project.  As part of such, the WTF headers will no longer be part of
703         the JavaScriptCore private interfaces.
704         In preparation for that, this change makes both the Mac and Win builds export
705         WTF headers in a non-flattened manner.  On Mac, that means into usr/local/include/wtf
706         (and subdirectories), on Windows for now that means JavaScriptCore/wtf (and subdirectories).
707
708         There are 5 parts to this change.
709         1.  Updates the JavaScriptCore XCode and VCProj files to actually install these headers
710             (and header directories) into the appropriate places in the build directory.
711         2.  Updates JavaScriptCore.xcodeproj to look for these WTF headers in this install location
712             (WebCore, WebKit, etc. had already been taught to look in previous patches).
713         3.  Fixes all JavaScriptCore source files, and WTF headers to include WTF headers
714             using fully qualified paths.
715         4.  Stops the Mac and Win builds from installing these WTF headers in their old "flattened" location.
716         5.  Removes WebCore and WebKit ForwardingHeaders/wtf directories now that the flattened headers no longer exist.
717
718         Unfortunately we see no way to do this change in smaller parts, since all of these steps are interdependant.
719         It is possible there are internal Apple projects which depend on JavaScriptCore/Foo.h working for WTF
720         headers, those will have to be updated to use <wtf/Foo.h> after this change.
721         I've discussed this proposed change at length with Mark Rowe, and my understanding is they
722         are ready for (and interested in) this change happening.
723
724         * API/tests/JSNode.c:
725         * API/tests/JSNodeList.c:
726         * Configurations/Base.xcconfig:
727         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
728         * JavaScriptCore.xcodeproj/project.pbxproj:
729         * assembler/MacroAssemblerCodeRef.h:
730         * bytecompiler/BytecodeGenerator.h:
731         * dfg/DFGOperations.cpp:
732         * heap/GCAssertions.h:
733         * heap/HandleHeap.h:
734         * heap/HandleStack.h:
735         * heap/MarkedSpace.h:
736         * heap/PassWeak.h:
737         * heap/Strong.h:
738         * heap/Weak.h:
739         * jit/HostCallReturnValue.cpp:
740         * jit/JIT.cpp:
741         * jit/JITStubs.cpp:
742         * jit/ThunkGenerators.cpp:
743         * parser/Lexer.cpp:
744         * runtime/Completion.cpp:
745         * runtime/Executable.cpp:
746         * runtime/Identifier.h:
747         * runtime/InitializeThreading.cpp:
748         * runtime/JSDateMath.cpp:
749         * runtime/JSGlobalObjectFunctions.cpp:
750         * runtime/JSStringBuilder.h:
751         * runtime/JSVariableObject.h:
752         * runtime/NumberPrototype.cpp:
753         * runtime/WriteBarrier.h:
754         * tools/CodeProfile.cpp:
755         * tools/TieredMMapArray.h:
756         * wtf/AVLTree.h:
757         * wtf/Alignment.h:
758         * wtf/AlwaysInline.h:
759         * wtf/ArrayBufferView.h:
760         * wtf/Assertions.h:
761         * wtf/Atomics.h:
762         * wtf/Bitmap.h:
763         * wtf/BoundsCheckedPointer.h:
764         * wtf/CheckedArithmetic.h:
765         * wtf/Deque.h:
766         * wtf/ExportMacros.h:
767         * wtf/FastAllocBase.h:
768         * wtf/FastMalloc.h:
769         * wtf/Float32Array.h:
770         * wtf/Float64Array.h:
771         * wtf/Functional.h:
772         * wtf/HashCountedSet.h:
773         * wtf/HashFunctions.h:
774         * wtf/HashMap.h:
775         * wtf/HashSet.h:
776         * wtf/HashTable.h:
777         * wtf/HashTraits.h:
778         * wtf/Int16Array.h:
779         * wtf/Int32Array.h:
780         * wtf/Int8Array.h:
781         * wtf/IntegralTypedArrayBase.h:
782         * wtf/ListHashSet.h:
783         * wtf/MainThread.h:
784         * wtf/MetaAllocator.h:
785         * wtf/Noncopyable.h:
786         * wtf/OwnArrayPtr.h:
787         * wtf/OwnPtr.h:
788         * wtf/PackedIntVector.h:
789         * wtf/ParallelJobs.h:
790         * wtf/PassOwnArrayPtr.h:
791         * wtf/PassOwnPtr.h:
792         * wtf/PassRefPtr.h:
793         * wtf/PassTraits.h:
794         * wtf/Platform.h:
795         * wtf/PossiblyNull.h:
796         * wtf/RefCounted.h:
797         * wtf/RefCountedLeakCounter.h:
798         * wtf/RefPtr.h:
799         * wtf/RetainPtr.h:
800         * wtf/SimpleStats.h:
801         * wtf/Spectrum.h:
802         * wtf/StdLibExtras.h:
803         * wtf/TCPageMap.h:
804         * wtf/TemporaryChange.h:
805         * wtf/ThreadSafeRefCounted.h:
806         * wtf/Threading.h:
807         * wtf/ThreadingPrimitives.h:
808         * wtf/TypeTraits.h:
809         * wtf/TypedArrayBase.h:
810         * wtf/Uint16Array.h:
811         * wtf/Uint32Array.h:
812         * wtf/Uint8Array.h:
813         * wtf/Uint8ClampedArray.h:
814         * wtf/UnusedParam.h:
815         * wtf/Vector.h:
816         * wtf/VectorTraits.h:
817         * wtf/dtoa/double-conversion.h:
818         * wtf/dtoa/utils.h:
819         * wtf/gobject/GRefPtr.h:
820         * wtf/gobject/GlibUtilities.h:
821         * wtf/text/AtomicString.h:
822         * wtf/text/AtomicStringImpl.h:
823         * wtf/text/CString.h:
824         * wtf/text/StringConcatenate.h:
825         * wtf/text/StringHash.h:
826         * wtf/text/WTFString.h:
827         * wtf/unicode/CharacterNames.h:
828         * wtf/unicode/UTF8.h:
829         * wtf/unicode/glib/UnicodeGLib.h:
830         * wtf/unicode/qt4/UnicodeQt4.h:
831         * wtf/unicode/wince/UnicodeWinCE.h:
832         * wtf/url/api/ParsedURL.h:
833         * wtf/url/api/URLString.h:
834         * wtf/wince/FastMallocWinCE.h:
835         * yarr/YarrJIT.cpp:
836
837 2012-03-06  Gavin Barraclough  <barraclough@apple.com>
838
839         Array.prototype functions should throw if delete fails
840         https://bugs.webkit.org/show_bug.cgi?id=80467
841
842         Reviewed by Oliver Hunt.
843
844         All calls to [[Delete]] from Array.prototype are specified to pass 'true' as the value of Throw.
845         In the case of shift/unshift, these are also missing a throw from the 'put' in the implementations
846         in JSArray.cpp. There are effectively three copies of each of the generic shift/unshift routines,
847         one in splice, one in ArrayPrototype's shift/unshift methods, and one in JSArray's shift/unshift
848         routines, for handling arrays with holes. These three copies should be unified.
849
850         * runtime/ArrayPrototype.cpp:
851         (JSC::shift):
852         (JSC::unshift):
853             - Added - shared copies of the shift/unshift functionality.
854         (JSC::arrayProtoFuncPop):
855             - should throw if the delete fails.
856         (JSC::arrayProtoFuncReverse):
857             - should throw if the delete fails.
858         (JSC::arrayProtoFuncShift):
859         (JSC::arrayProtoFuncSplice):
860         (JSC::arrayProtoFuncUnShift):
861             - use shift/unshift.
862         * runtime/JSArray.cpp:
863         (JSC::JSArray::shiftCount):
864         (JSC::JSArray::unshiftCount):
865             - Don't try to handle arrays with holes; return a value indicating
866               the generic routine should be used instead.
867         * runtime/JSArray.h:
868             - declaration for shiftCount/unshiftCount changed.
869         * tests/mozilla/js1_6/Array/regress-304828.js:
870             - this was asserting incorrect behaviour.
871
872 2012-03-06  Raphael Kubo da Costa  <kubo@profusion.mobi>
873
874         [CMake] Make the removal of transitive library dependencies work with CMake < 2.8.7.
875         https://bugs.webkit.org/show_bug.cgi?id=80469
876
877         Reviewed by Antonio Gomes.
878
879         * CMakeLists.txt: Manually set the LINK_INTERFACE_LIBRARIES target
880         property on the library being created.
881
882 2012-03-06  Yuqiang Xian  <yuqiang.xian@intel.com>
883
884         DFG BasicBlock should group the Phi nodes together and separate them
885         from the other nodes
886         https://bugs.webkit.org/show_bug.cgi?id=80361
887
888         Reviewed by Filip Pizlo.
889
890         This would make it more efficient to remove the redundant Phi nodes or
891         insert new Phi nodes for SSA, besides providing a cleaner BasicBlock structure.
892         This is performance neutral on SunSpider, V8 and Kraken.
893
894         * dfg/DFGAbstractState.cpp:
895         (JSC::DFG::AbstractState::clobberStructures):
896         (JSC::DFG::AbstractState::dump):
897         * dfg/DFGBasicBlock.h:
898         (JSC::DFG::BasicBlock::BasicBlock):
899         (BasicBlock):
900         * dfg/DFGByteCodeParser.cpp:
901         (JSC::DFG::ByteCodeParser::addToGraph):
902         (JSC::DFG::ByteCodeParser::insertPhiNode):
903         * dfg/DFGCFAPhase.cpp:
904         (JSC::DFG::CFAPhase::performBlockCFA):
905         * dfg/DFGCSEPhase.cpp:
906         (JSC::DFG::CSEPhase::pureCSE):
907         (JSC::DFG::CSEPhase::impureCSE):
908         (JSC::DFG::CSEPhase::globalVarLoadElimination):
909         (JSC::DFG::CSEPhase::getByValLoadElimination):
910         (JSC::DFG::CSEPhase::checkFunctionElimination):
911         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
912         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
913         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
914         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
915         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
916         (JSC::DFG::CSEPhase::performBlockCSE):
917         * dfg/DFGGraph.cpp:
918         (JSC::DFG::Graph::dump):
919         * dfg/DFGSpeculativeJIT.cpp:
920         (JSC::DFG::SpeculativeJIT::compile):
921
922 2012-03-06  Mark Hahnenberg  <mhahnenberg@apple.com>
923
924         GCActivityCallback timer should vary with the length of the previous GC
925         https://bugs.webkit.org/show_bug.cgi?id=80344
926
927         Reviewed by Geoffrey Garen.
928
929         * heap/Heap.cpp: Gave Heap the ability to keep track of the length of its last 
930         GC length so that the GC Activity Callback can use it.
931         (JSC::Heap::Heap):
932         (JSC::Heap::collect):
933         * heap/Heap.h:
934         (JSC::Heap::lastGCLength):
935         (Heap):
936         * runtime/GCActivityCallbackCF.cpp:
937         (JSC):
938         (JSC::DefaultGCActivityCallback::operator()): Use the length of the Heap's last 
939         GC to determine the length of our timer trigger (currently set at 100x the duration 
940         of the last GC).
941
942 2012-03-06  Rob Buis  <rbuis@rim.com>
943
944         BlackBerry] Fix cast-align gcc warnings when compiling JSC
945         https://bugs.webkit.org/show_bug.cgi?id=80420
946
947         Reviewed by Gavin Barraclough.
948
949         Fix warnings given in Blackberry build.
950
951         * heap/CopiedBlock.h:
952         (JSC::CopiedBlock::CopiedBlock):
953         * wtf/RefCountedArray.h:
954         (WTF::RefCountedArray::Header::fromPayload):
955
956 2012-03-06  Gavin Barraclough  <barraclough@apple.com>
957
958         writable/configurable not respected for some properties of Function/String/Arguments
959         https://bugs.webkit.org/show_bug.cgi?id=80436
960
961         Reviewed by Oliver Hunt.
962
963         Special properties should behave like regular properties.
964
965         * runtime/Arguments.cpp:
966         (JSC::Arguments::defineOwnProperty):
967             - Mis-nested logic for making read-only properties non-live.
968         * runtime/JSFunction.cpp:
969         (JSC::JSFunction::put):
970             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
971         (JSC::JSFunction::deleteProperty):
972             - Attempting to delete prototype/caller should fail.
973         (JSC::JSFunction::defineOwnProperty):
974             - Ensure prototype is reified on attempt to reify it.
975             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
976         * runtime/JSFunction.h:
977             - added declaration for defineOwnProperty.
978         (JSFunction):
979         * runtime/StringObject.cpp:
980         (JSC::StringObject::put):
981             - length is non-writable, non-configurable - reject appropriately.
982
983 2012-03-06  Ulan Degenbaev  <ulan@chromium.org>
984
985         TypedArray subarray call for subarray does not clamp the end index parameter properly
986         https://bugs.webkit.org/show_bug.cgi?id=80285
987
988         Reviewed by Kenneth Russell.
989
990         * wtf/ArrayBufferView.h:
991         (WTF::ArrayBufferView::calculateOffsetAndLength):
992
993 2012-03-06  Sheriff Bot  <webkit.review.bot@gmail.com>
994
995         Unreviewed, rolling out r109837.
996         http://trac.webkit.org/changeset/109837
997         https://bugs.webkit.org/show_bug.cgi?id=80399
998
999         breaks Mac Productions builds, too late to try and fix it
1000         tonight (Requested by eseidel on #webkit).
1001
1002         * API/tests/JSNode.c:
1003         * API/tests/JSNodeList.c:
1004         * Configurations/Base.xcconfig:
1005         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
1006         * JavaScriptCore.xcodeproj/project.pbxproj:
1007         * assembler/MacroAssemblerCodeRef.h:
1008         * bytecompiler/BytecodeGenerator.h:
1009         * dfg/DFGOperations.cpp:
1010         * heap/GCAssertions.h:
1011         * heap/HandleHeap.h:
1012         * heap/HandleStack.h:
1013         * heap/MarkedSpace.h:
1014         * heap/PassWeak.h:
1015         * heap/Strong.h:
1016         * heap/Weak.h:
1017         * jit/HostCallReturnValue.cpp:
1018         * jit/JIT.cpp:
1019         * jit/JITStubs.cpp:
1020         * jit/ThunkGenerators.cpp:
1021         * parser/Lexer.cpp:
1022         * runtime/Completion.cpp:
1023         * runtime/Executable.cpp:
1024         * runtime/Identifier.h:
1025         * runtime/InitializeThreading.cpp:
1026         * runtime/JSDateMath.cpp:
1027         * runtime/JSGlobalObjectFunctions.cpp:
1028         * runtime/JSStringBuilder.h:
1029         * runtime/JSVariableObject.h:
1030         * runtime/NumberPrototype.cpp:
1031         * runtime/WriteBarrier.h:
1032         * tools/CodeProfile.cpp:
1033         * tools/TieredMMapArray.h:
1034         * yarr/YarrJIT.cpp:
1035
1036 2012-03-06  Zoltan Herczeg  <zherczeg@webkit.org>
1037
1038         [Qt][ARM] Speculative buildfix after r109834.
1039
1040         Reviewed by Csaba Osztrogonác.
1041
1042         * assembler/MacroAssemblerARM.h:
1043         (JSC::MacroAssemblerARM::and32):
1044         (MacroAssemblerARM):
1045
1046 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
1047
1048         Unreviewed windows build fix pt 2.
1049
1050         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1051
1052 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
1053
1054         Unreviewed windows build fix pt 1.
1055
1056         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1057
1058 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
1059
1060         putByIndex should throw in strict mode
1061         https://bugs.webkit.org/show_bug.cgi?id=80335
1062
1063         Reviewed by Filip Pizlo.
1064
1065         Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter.
1066
1067         This is a largely mechanical change, simply adding an extra parameter to a number
1068         of functions. Some call sites need perform additional exception checks, and
1069         operationPutByValBeyondArrayBounds needs to know whether it is strict or not.
1070
1071         This patch doesn't fix a missing throw from some cases of shift/unshift (this is
1072         an existing bug), I'll follow up with a third patch to handle that.
1073
1074         * API/JSObjectRef.cpp:
1075         (JSObjectSetPropertyAtIndex):
1076         * JSCTypedArrayStubs.h:
1077         (JSC):
1078         * dfg/DFGOperations.cpp:
1079         (JSC::DFG::putByVal):
1080         * dfg/DFGOperations.h:
1081         * dfg/DFGSpeculativeJIT32_64.cpp:
1082         (JSC::DFG::SpeculativeJIT::compile):
1083         * dfg/DFGSpeculativeJIT64.cpp:
1084         (JSC::DFG::SpeculativeJIT::compile):
1085         * interpreter/Interpreter.cpp:
1086         (JSC::Interpreter::privateExecute):
1087         * jit/JITStubs.cpp:
1088         (JSC::DEFINE_STUB_FUNCTION):
1089         * jsc.cpp:
1090         (GlobalObject::finishCreation):
1091         * llint/LLIntSlowPaths.cpp:
1092         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1093         * runtime/Arguments.cpp:
1094         (JSC::Arguments::putByIndex):
1095         * runtime/Arguments.h:
1096         (Arguments):
1097         * runtime/ArrayPrototype.cpp:
1098         (JSC::arrayProtoFuncPush):
1099         (JSC::arrayProtoFuncReverse):
1100         (JSC::arrayProtoFuncShift):
1101         (JSC::arrayProtoFuncSort):
1102         (JSC::arrayProtoFuncSplice):
1103         (JSC::arrayProtoFuncUnShift):
1104         * runtime/ClassInfo.h:
1105         (MethodTable):
1106         * runtime/JSArray.cpp:
1107         (JSC::SparseArrayValueMap::put):
1108         (JSC::JSArray::put):
1109         (JSC::JSArray::putByIndex):
1110         (JSC::JSArray::putByIndexBeyondVectorLength):
1111         (JSC::JSArray::push):
1112         (JSC::JSArray::shiftCount):
1113         (JSC::JSArray::unshiftCount):
1114         * runtime/JSArray.h:
1115         (SparseArrayValueMap):
1116         (JSArray):
1117         * runtime/JSByteArray.cpp:
1118         (JSC::JSByteArray::putByIndex):
1119         * runtime/JSByteArray.h:
1120         (JSByteArray):
1121         * runtime/JSCell.cpp:
1122         (JSC::JSCell::putByIndex):
1123         * runtime/JSCell.h:
1124         (JSCell):
1125         * runtime/JSNotAnObject.cpp:
1126         (JSC::JSNotAnObject::putByIndex):
1127         * runtime/JSNotAnObject.h:
1128         (JSNotAnObject):
1129         * runtime/JSONObject.cpp:
1130         (JSC::Walker::walk):
1131         * runtime/JSObject.cpp:
1132         (JSC::JSObject::putByIndex):
1133         * runtime/JSObject.h:
1134         (JSC::JSValue::putByIndex):
1135         * runtime/RegExpConstructor.cpp:
1136         (JSC::RegExpMatchesArray::fillArrayInstance):
1137         * runtime/RegExpMatchesArray.h:
1138         (JSC::RegExpMatchesArray::putByIndex):
1139         * runtime/StringPrototype.cpp:
1140         (JSC::stringProtoFuncSplit):
1141
1142 2012-03-05  Yuqiang Xian  <yuqiang.xian@intel.com>
1143
1144         PredictNone is incorrectly treated as isDoublePrediction
1145         https://bugs.webkit.org/show_bug.cgi?id=80365
1146
1147         Reviewed by Filip Pizlo.
1148
1149         Also it is incorrectly treated as isFixedIndexedStorageObjectPrediction.
1150
1151         * bytecode/PredictedType.h:
1152         (JSC::isFixedIndexedStorageObjectPrediction):
1153         (JSC::isDoublePrediction):
1154
1155 2012-03-05  Filip Pizlo  <fpizlo@apple.com>
1156
1157         The LLInt should work even when the JIT is disabled
1158         https://bugs.webkit.org/show_bug.cgi?id=80340
1159         <rdar://problem/10922235>
1160
1161         Reviewed by Gavin Barraclough.
1162
1163         * assembler/MacroAssemblerCodeRef.h:
1164         (JSC::MacroAssemblerCodePtr::createLLIntCodePtr):
1165         (MacroAssemblerCodeRef):
1166         (JSC::MacroAssemblerCodeRef::createLLIntCodeRef):
1167         * interpreter/Interpreter.cpp:
1168         (JSC::Interpreter::initialize):
1169         (JSC::Interpreter::execute):
1170         (JSC::Interpreter::executeCall):
1171         (JSC::Interpreter::executeConstruct):
1172         * jit/JIT.h:
1173         (JSC::JIT::compileCTINativeCall):
1174         * jit/JITStubs.h:
1175         (JSC::JITThunks::ctiNativeCall):
1176         (JSC::JITThunks::ctiNativeConstruct):
1177         * llint/LLIntEntrypoints.cpp:
1178         (JSC::LLInt::getFunctionEntrypoint):
1179         (JSC::LLInt::getEvalEntrypoint):
1180         (JSC::LLInt::getProgramEntrypoint):
1181         * llint/LLIntSlowPaths.cpp:
1182         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1183         (LLInt):
1184         * llint/LLIntSlowPaths.h:
1185         (LLInt):
1186         * llint/LowLevelInterpreter.h:
1187         * llint/LowLevelInterpreter32_64.asm:
1188         * runtime/Executable.h:
1189         (NativeExecutable):
1190         (JSC::NativeExecutable::create):
1191         (JSC::NativeExecutable::finishCreation):
1192         * runtime/JSGlobalData.cpp:
1193         (JSC::JSGlobalData::JSGlobalData):
1194         * runtime/JSGlobalData.h:
1195         (JSGlobalData):
1196         * runtime/Options.cpp:
1197         (Options):
1198         (JSC::Options::parse):
1199         (JSC::Options::initializeOptions):
1200         * runtime/Options.h:
1201         (Options):
1202         * wtf/Platform.h:
1203
1204 2012-03-05  Yuqiang Xian  <yuqiang.xian@intel.com>
1205
1206         Checks for dead variables are not sufficient when fixing the expected
1207         values in DFG OSR entry
1208         https://bugs.webkit.org/show_bug.cgi?id=80371
1209
1210         Reviewed by Filip Pizlo.
1211
1212         A dead variable should be identified when there's no node referencing it.
1213         But we currently failed to catch the case where there are some nodes
1214         referencing a variable but those nodes are actually not referenced by
1215         others so will be ignored in code generation. In such case we should
1216         also consider that variable to be a dead variable in the block and fix
1217         the expected values.
1218         This is performance neutral on SunSpider, V8 and Kraken.
1219
1220         * dfg/DFGJITCompiler.h:
1221         (JSC::DFG::JITCompiler::noticeOSREntry):
1222
1223 2012-03-05  Oliver Hunt  <oliver@apple.com>
1224
1225         Fix Qt build.
1226
1227         * assembler/AbstractMacroAssembler.h:
1228         * assembler/MacroAssembler.h:
1229         (MacroAssembler):
1230         * dfg/DFGSpeculativeJIT.cpp:
1231         (JSC::DFG::SpeculativeJIT::compileArithSub):
1232         * jit/JITArithmetic32_64.cpp:
1233         (JSC::JIT::emitSub32Constant):
1234
1235 2012-03-05  Eric Seidel  <eric@webkit.org>
1236
1237         Update JavaScriptCore files to use fully-qualified WTF include paths
1238         https://bugs.webkit.org/show_bug.cgi?id=79960
1239
1240         Reviewed by Adam Barth.
1241
1242         This change does 5 small/related things:
1243          1. Updates JavaScriptCore.xcodeproj to install WTF headers into $BUILD/usr/local/include
1244             (WebCore, WebKit were already setup to look there, but JavaScriptCore.xcodeproj
1245             was not installing headers there.)
1246          2. Makes JavaScriptCore targets include $BUILD/usr/local/include in their
1247             header search path, as that's where the WTF headers will be installed.
1248          3. Similarly updates JavaScriptCore.vcproj/copy-files.cmd to copy WTF headers to PrivateHeaders/wtf/*
1249             in addition to the current behavior of flattening all headers to PrivateHeaders/*.h.
1250          4. Updates a bunch of JSC files to use #include <wtf/Foo.h> instead of #include "Foo.h"
1251             since soon the WTF headers will not be part of the JavaScriptCore Xcode project.
1252          5. Makes build-webkit build the WTF XCode project by default.
1253
1254         * API/tests/JSNode.c:
1255         * API/tests/JSNodeList.c:
1256         * Configurations/Base.xcconfig:
1257         * assembler/MacroAssemblerCodeRef.h:
1258         * bytecompiler/BytecodeGenerator.h:
1259         * dfg/DFGOperations.cpp:
1260         * heap/GCAssertions.h:
1261         * heap/HandleHeap.h:
1262         * heap/HandleStack.h:
1263         * heap/MarkedSpace.h:
1264         * heap/PassWeak.h:
1265         * heap/Strong.h:
1266         * heap/Weak.h:
1267         * jit/HostCallReturnValue.cpp:
1268         * jit/JIT.cpp:
1269         * jit/JITStubs.cpp:
1270         * jit/ThunkGenerators.cpp:
1271         * parser/Lexer.cpp:
1272         * runtime/Completion.cpp:
1273         * runtime/Executable.cpp:
1274         * runtime/Identifier.h:
1275         * runtime/InitializeThreading.cpp:
1276         * runtime/JSDateMath.cpp:
1277         * runtime/JSGlobalObjectFunctions.cpp:
1278         * runtime/JSStringBuilder.h:
1279         * runtime/JSVariableObject.h:
1280         * runtime/NumberPrototype.cpp:
1281         * runtime/WriteBarrier.h:
1282         * tools/CodeProfile.cpp:
1283         * tools/TieredMMapArray.h:
1284         * yarr/YarrJIT.cpp:
1285
1286 2012-03-05  Oliver Hunt  <oliver@apple.com>
1287
1288         Add basic support for constant blinding to the JIT
1289         https://bugs.webkit.org/show_bug.cgi?id=80354
1290
1291         Reviewed by Filip Pizlo.
1292
1293         This patch adds basic constant blinding support to the JIT, at the
1294         MacroAssembler level.  This means all JITs in JSC (Yarr, baseline, and DFG)
1295         get constant blinding.  Woo!
1296
1297         This patch only introduces blinding for Imm32, a later patch will do similar
1298         for ImmPtr.  In order to make misuse of Imm32 as a trusted type essentially
1299         impossible, we make TrustedImm32 a private parent of Imm32 and add an explicit
1300         accessor that's needed to access the actual value.  This also means you cannot
1301         accidentally pass an untrusted value to a function that does not perform
1302         blinding.
1303
1304         To make everything work sensibly, this patch also corrects some code that was using
1305         Imm32 when TrustedImm32 could be used, and refactors a few callers that use
1306         untrusted immediates, so that they call slightly different varaints of the functions
1307         that they used previously.  This is largely necessary to deal with x86-32 not having
1308         sufficient registers to handle the additional work required when we choose to blind
1309         a constant.
1310
1311         * assembler/AbstractMacroAssembler.h:
1312         (JSC::AbstractMacroAssembler::Imm32::asTrustedImm32):
1313         (Imm32):
1314         (JSC::AbstractMacroAssembler::beginUninterruptedSequence):
1315         (JSC::AbstractMacroAssembler::endUninterruptedSequence):
1316         (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
1317         (AbstractMacroAssembler):
1318         (JSC::AbstractMacroAssembler::inUninterruptedSequence):
1319         (JSC::AbstractMacroAssembler::random):
1320         (JSC::AbstractMacroAssembler::scratchRegisterForBlinding):
1321         (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
1322         * assembler/MacroAssembler.h:
1323         (JSC::MacroAssembler::addressForPoke):
1324         (MacroAssembler):
1325         (JSC::MacroAssembler::poke):
1326         (JSC::MacroAssembler::branchPtr):
1327         (JSC::MacroAssembler::branch32):
1328         (JSC::MacroAssembler::convertInt32ToDouble):
1329         (JSC::MacroAssembler::shouldBlind):
1330         (JSC::MacroAssembler::BlindedImm32::BlindedImm32):
1331         (BlindedImm32):
1332         (JSC::MacroAssembler::keyForConstant):
1333         (JSC::MacroAssembler::xorBlindConstant):
1334         (JSC::MacroAssembler::additionBlindedConstant):
1335         (JSC::MacroAssembler::andBlindedConstant):
1336         (JSC::MacroAssembler::orBlindedConstant):
1337         (JSC::MacroAssembler::loadXorBlindedConstant):
1338         (JSC::MacroAssembler::add32):
1339         (JSC::MacroAssembler::addPtr):
1340         (JSC::MacroAssembler::and32):
1341         (JSC::MacroAssembler::andPtr):
1342         (JSC::MacroAssembler::move):
1343         (JSC::MacroAssembler::or32):
1344         (JSC::MacroAssembler::store32):
1345         (JSC::MacroAssembler::sub32):
1346         (JSC::MacroAssembler::subPtr):
1347         (JSC::MacroAssembler::xor32):
1348         (JSC::MacroAssembler::branchAdd32):
1349         (JSC::MacroAssembler::branchMul32):
1350         (JSC::MacroAssembler::branchSub32):
1351         (JSC::MacroAssembler::trustedImm32ForShift):
1352         (JSC::MacroAssembler::lshift32):
1353         (JSC::MacroAssembler::rshift32):
1354         (JSC::MacroAssembler::urshift32):
1355         * assembler/MacroAssemblerARMv7.h:
1356         (MacroAssemblerARMv7):
1357         (JSC::MacroAssemblerARMv7::scratchRegisterForBlinding):
1358         (JSC::MacroAssemblerARMv7::shouldBlindForSpecificArch):
1359         * assembler/MacroAssemblerX86_64.h:
1360         (JSC::MacroAssemblerX86_64::branchSubPtr):
1361         (MacroAssemblerX86_64):
1362         (JSC::MacroAssemblerX86_64::scratchRegisterForBlinding):
1363         * dfg/DFGJITCompiler.cpp:
1364         (JSC::DFG::JITCompiler::linkOSRExits):
1365         (JSC::DFG::JITCompiler::compileBody):
1366         (JSC::DFG::JITCompiler::compileFunction):
1367         * dfg/DFGOSRExitCompiler32_64.cpp:
1368         (JSC::DFG::OSRExitCompiler::compileExit):
1369         * dfg/DFGOSRExitCompiler64.cpp:
1370         (JSC::DFG::OSRExitCompiler::compileExit):
1371         * dfg/DFGSpeculativeJIT.cpp:
1372         (JSC::DFG::SpeculativeJIT::compile):
1373         (JSC::DFG::SpeculativeJIT::compileArithSub):
1374         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
1375         * dfg/DFGSpeculativeJIT.h:
1376         (JSC::DFG::SpeculativeJIT::callOperation):
1377         * dfg/DFGSpeculativeJIT32_64.cpp:
1378         (JSC::DFG::SpeculativeJIT::emitCall):
1379         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
1380         (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
1381         (JSC::DFG::SpeculativeJIT::compile):
1382         * dfg/DFGSpeculativeJIT64.cpp:
1383         (JSC::DFG::SpeculativeJIT::emitCall):
1384         (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
1385         (JSC::DFG::SpeculativeJIT::compile):
1386         * jit/JIT.cpp:
1387         (JSC::JIT::privateCompileSlowCases):
1388         (JSC::JIT::privateCompile):
1389         * jit/JITArithmetic.cpp:
1390         (JSC::JIT::compileBinaryArithOp):
1391         (JSC::JIT::emit_op_add):
1392         (JSC::JIT::emit_op_mul):
1393         (JSC::JIT::emit_op_div):
1394         * jit/JITArithmetic32_64.cpp:
1395         (JSC::JIT::emitAdd32Constant):
1396         (JSC::JIT::emitSub32Constant):
1397         (JSC::JIT::emitBinaryDoubleOp):
1398         (JSC::JIT::emitSlow_op_mul):
1399         (JSC::JIT::emit_op_div):
1400         * jit/JITCall.cpp:
1401         (JSC::JIT::compileLoadVarargs):
1402         * jit/JITCall32_64.cpp:
1403         (JSC::JIT::compileLoadVarargs):
1404         * jit/JITInlineMethods.h:
1405         (JSC::JIT::updateTopCallFrame):
1406         (JSC::JIT::emitValueProfilingSite):
1407         * jit/JITOpcodes32_64.cpp:
1408         (JSC::JIT::emitSlow_op_jfalse):
1409         (JSC::JIT::emitSlow_op_jtrue):
1410         * jit/JITStubCall.h:
1411         (JITStubCall):
1412         (JSC::JITStubCall::addArgument):
1413         * yarr/YarrJIT.cpp:
1414         (JSC::Yarr::YarrGenerator::backtrack):
1415
1416 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
1417
1418         putByIndex should throw in strict mode
1419         https://bugs.webkit.org/show_bug.cgi?id=80335
1420
1421         Reviewed by Filip Pizlo.
1422
1423         We'll need to pass an additional parameter.
1424
1425         Part 1 - rename JSValue::put() for integer indices to JSValue::putByIndex()
1426         to match the method in the MethodTable, make this take a parameter indicating
1427         whether the put should throw. This fixes the cases where the base of the put
1428         is a primitive.
1429
1430         * dfg/DFGOperations.cpp:
1431         (DFG):
1432         (JSC::DFG::putByVal):
1433         (JSC::DFG::operationPutByValInternal):
1434         * interpreter/Interpreter.cpp:
1435         (JSC::Interpreter::execute):
1436         (JSC::Interpreter::privateExecute):
1437         * jit/JITStubs.cpp:
1438         (JSC::DEFINE_STUB_FUNCTION):
1439         * llint/LLIntSlowPaths.cpp:
1440         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1441         * runtime/JSObject.h:
1442         (JSC::JSValue::putByIndex):
1443         * runtime/JSValue.cpp:
1444         (JSC):
1445         * runtime/JSValue.h:
1446         (JSValue):
1447
1448 2012-03-05  Sam Weinig  <sam@webkit.org>
1449
1450         Add support for hosting layers in the window server in WebKit2
1451         <rdar://problem/10400246>
1452         https://bugs.webkit.org/show_bug.cgi?id=80310
1453
1454         Reviewed by Anders Carlsson.
1455
1456         * wtf/Platform.h:
1457         Add HAVE_LAYER_HOSTING_IN_WINDOW_SERVER.
1458
1459 2012-03-05  Filip Pizlo  <fpizlo@apple.com>
1460
1461         Unreviewed, attempted build fix for !ENABLE(JIT) after r109705.
1462
1463         * bytecode/ExecutionCounter.cpp:
1464         (JSC::ExecutionCounter::applyMemoryUsageHeuristics):
1465         * bytecode/ExecutionCounter.h:
1466
1467 2012-03-05  Patrick Gansterer  <paroga@webkit.org>
1468
1469         Unreviewed. Build fix for !ENABLE(JIT) after r109705.
1470
1471         * bytecode/ExecutionCounter.cpp:
1472         * bytecode/ExecutionCounter.h:
1473
1474 2012-03-05  Andy Wingo  <wingo@igalia.com>
1475
1476         Lexer: Specialize character predicates for LChar, UChar
1477         https://bugs.webkit.org/show_bug.cgi?id=79677
1478
1479         Reviewed by Oliver Hunt.
1480
1481         This patch specializes isIdentStart, isIdentPart, isWhiteSpace,
1482         and isLineTerminator to perform a more limited number of checks if
1483         the lexer is being instantiated to work on LChar sequences.  This
1484         is about a 1.5% win on the --parse-only suite, here.
1485
1486         * parser/Lexer.cpp:
1487         (JSC::isLatin1): New static helper, specialized for LChar and
1488         UChar.
1489         (JSC::typesOfLatin1Characters): Rename from
1490         typesOfASCIICharacters, and expand to the range of the LChar
1491         type.  All uses of isASCII are changed to use isLatin1.  Generated
1492         using libunistring.
1493         (JSC::isNonLatin1IdentStart):
1494         (JSC::isIdentStart):
1495         (JSC::isNonLatin1IdentPart):
1496         (JSC::isIdentPart):
1497         (JSC::Lexer::shiftLineTerminator):
1498         (JSC::Lexer::parseIdentifier):
1499         (JSC::Lexer::parseIdentifierSlowCase):
1500         (JSC::Lexer::parseStringSlowCase):
1501         (JSC::Lexer::parseMultilineComment):
1502         (JSC::Lexer::lex):
1503         (JSC::Lexer::scanRegExp):
1504         (JSC::Lexer::skipRegExp): Sprinkle static_cast<T>(_) around.
1505         * parser/Lexer.h:
1506         (JSC::Lexer::isWhiteSpace):
1507         (JSC::Lexer::isLineTerminator):
1508         * KeywordLookupGenerator.py:
1509         (Trie.printAsC): Declare specialized isIdentPart static functions.
1510
1511 2012-03-05  Carlos Garcia Campos  <cgarcia@igalia.com>
1512
1513         Unreviewed. Fix make distcheck.
1514
1515         * GNUmakefile.list.am: Add missing header file.
1516
1517 2012-03-05  Andy Wingo  <wingo@igalia.com>
1518
1519         WTF: Micro-optimize cleanup of empty vectors and hash tables
1520         https://bugs.webkit.org/show_bug.cgi?id=79903
1521
1522         Reviewed by Michael Saboff and Geoffrey Garen.
1523
1524         This patch speeds up cleanup of vectors and hash tables whose
1525         backing store was never allocated.  This is the case by default
1526         for most vectors / hash tables that never had any entries added.
1527
1528         The result for me is that calling checkSyntax 1000 times on
1529         concat-jquery-mootools-prototype.js goes from 6.234s to 6.068s, a
1530         2.4% speedup.
1531
1532         * wtf/HashTable.h:
1533         (WTF::HashTable::~HashTable):
1534         (WTF::::clear): Don't deallocate the storage or frob member
1535         variables if there is no backing storage.
1536         * wtf/Vector.h:
1537         (WTF::VectorBufferBase::deallocateBuffer): Likewise.
1538
1539 2012-03-04  Filip Pizlo  <fpizlo@apple.com>
1540
1541         JIT heuristics should be hyperbolic
1542         https://bugs.webkit.org/show_bug.cgi?id=80055
1543         <rdar://problem/10922260>
1544
1545         Reviewed by Oliver Hunt.
1546         
1547         Added tracking of the amount of executable memory typically used for a bytecode
1548         instruction. Modified the execution counter scheme to use this, and the amount
1549         of free memory, to determine how long to wait before invoking the JIT.
1550         
1551         The result is that even if we bomb the VM with more code than can fit in our
1552         executable memory pool, we still keep running and almost never run out of
1553         executable memory - which ensures that if we have to JIT something critical, then
1554         we'll likely have enough memory to do so. This also does not regress performance
1555         on the three main benchmarks.
1556         
1557         * CMakeLists.txt:
1558         * GNUmakefile.list.am:
1559         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1560         * JavaScriptCore.xcodeproj/project.pbxproj:
1561         * Target.pri:
1562         * bytecode/CodeBlock.cpp:
1563         (JSC::CodeBlock::predictedMachineCodeSize):
1564         (JSC):
1565         (JSC::CodeBlock::usesOpcode):
1566         * bytecode/CodeBlock.h:
1567         (CodeBlock):
1568         (JSC::CodeBlock::checkIfJITThresholdReached):
1569         (JSC::CodeBlock::dontJITAnytimeSoon):
1570         (JSC::CodeBlock::jitAfterWarmUp):
1571         (JSC::CodeBlock::jitSoon):
1572         (JSC::CodeBlock::llintExecuteCounter):
1573         (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
1574         (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
1575         (JSC::CodeBlock::addressOfJITExecuteCounter):
1576         (JSC::CodeBlock::offsetOfJITExecuteCounter):
1577         (JSC::CodeBlock::offsetOfJITExecutionActiveThreshold):
1578         (JSC::CodeBlock::offsetOfJITExecutionTotalCount):
1579         (JSC::CodeBlock::jitExecuteCounter):
1580         (JSC::CodeBlock::checkIfOptimizationThresholdReached):
1581         (JSC::CodeBlock::optimizeNextInvocation):
1582         (JSC::CodeBlock::dontOptimizeAnytimeSoon):
1583         (JSC::CodeBlock::optimizeAfterWarmUp):
1584         (JSC::CodeBlock::optimizeAfterLongWarmUp):
1585         (JSC::CodeBlock::optimizeSoon):
1586         * bytecode/ExecutionCounter.cpp: Added.
1587         (JSC):
1588         (JSC::ExecutionCounter::ExecutionCounter):
1589         (JSC::ExecutionCounter::checkIfThresholdCrossedAndSet):
1590         (JSC::ExecutionCounter::setNewThreshold):
1591         (JSC::ExecutionCounter::deferIndefinitely):
1592         (JSC::ExecutionCounter::applyMemoryUsageHeuristics):
1593         (JSC::ExecutionCounter::applyMemoryUsageHeuristicsAndConvertToInt):
1594         (JSC::ExecutionCounter::hasCrossedThreshold):
1595         (JSC::ExecutionCounter::setThreshold):
1596         (JSC::ExecutionCounter::reset):
1597         * bytecode/ExecutionCounter.h: Added.
1598         (JSC):
1599         (ExecutionCounter):
1600         (JSC::ExecutionCounter::formattedTotalCount):
1601         * dfg/DFGOSRExitCompiler32_64.cpp:
1602         (JSC::DFG::OSRExitCompiler::compileExit):
1603         * dfg/DFGOSRExitCompiler64.cpp:
1604         (JSC::DFG::OSRExitCompiler::compileExit):
1605         * jit/ExecutableAllocator.cpp:
1606         (JSC::DemandExecutableAllocator::allocateNewSpace):
1607         (JSC::ExecutableAllocator::underMemoryPressure):
1608         (JSC):
1609         (JSC::ExecutableAllocator::memoryPressureMultiplier):
1610         * jit/ExecutableAllocator.h:
1611         * jit/ExecutableAllocatorFixedVMPool.cpp:
1612         (JSC::ExecutableAllocator::memoryPressureMultiplier):
1613         (JSC):
1614         * jit/JIT.cpp:
1615         (JSC::JIT::privateCompile):
1616         * jit/JITStubs.cpp:
1617         (JSC::DEFINE_STUB_FUNCTION):
1618         * llint/LLIntSlowPaths.cpp:
1619         (JSC::LLInt::jitCompileAndSetHeuristics):
1620         * llint/LowLevelInterpreter32_64.asm:
1621         * runtime/JSGlobalData.h:
1622         (JSGlobalData):
1623         * runtime/Options.cpp:
1624         (Options):
1625         (JSC::Options::initializeOptions):
1626         * runtime/Options.h:
1627         (Options):
1628         * wtf/SimpleStats.h: Added.
1629         (WTF):
1630         (SimpleStats):
1631         (WTF::SimpleStats::SimpleStats):
1632         (WTF::SimpleStats::add):
1633         (WTF::SimpleStats::operator!):
1634         (WTF::SimpleStats::count):
1635         (WTF::SimpleStats::sum):
1636         (WTF::SimpleStats::sumOfSquares):
1637         (WTF::SimpleStats::mean):
1638         (WTF::SimpleStats::variance):
1639         (WTF::SimpleStats::standardDeviation):
1640
1641 2012-03-04  Raphael Kubo da Costa  <kubo@profusion.mobi>
1642
1643         [CMake] Libraries are installed to /usr/lib and not /usr/lib64 on x86_64
1644         https://bugs.webkit.org/show_bug.cgi?id=71507
1645
1646         Reviewed by Antonio Gomes.
1647
1648         * CMakeLists.txt: Use ${LIB_INSTALL_DIR} instead of hardcoding "lib".
1649
1650 2012-03-04  David Kilzer  <ddkilzer@apple.com>
1651
1652         Fix build when the classic interpreter is enabled
1653
1654         Reviewed by Gavin Barraclough.
1655
1656         Fixes the following build error when running the "Generate
1657         Derived Sources" build phase script:
1658
1659             offlineasm: Parsing JavaScriptCore/llint/LowLevelInterpreter.asm and ../../JSCLLIntOffsetsExtractor and creating assembly file LLIntAssembly.h.
1660             ./JavaScriptCore/offlineasm/offsets.rb:145:in `offsetsAndConfigurationIndex': unhandled exception
1661                     from JavaScriptCore/offlineasm/asm.rb:131
1662             Command /bin/sh failed with exit code 1
1663
1664         Gavin's fix in r109674 avoided the #error statement in
1665         JITStubs.h when compiling LLIntOffsetsExtractor.cpp, but it
1666         caused the "Generate Derived Sources" build phase script to fail
1667         when JavaScriptCore/offlineasm/asm.rb was run.  The solution is
1668         to detect when the classic interpreter is being built and simply
1669         exit early from asm.rb in that case.
1670
1671         * llint/LLIntOffsetsExtractor.cpp:
1672         (JSC::LLIntOffsetsExtractor::dummy): Return NULL pointer if the
1673         JIT is disabled.  Note that offsets.rb doesn't care about the
1674         return value here, but instead it cares about finding the magic
1675         values in the binary.  The magic values are no longer present
1676         when the JIT is disabled.
1677         * offlineasm/asm.rb: Catch MissingMagicValuesException and exit
1678         early with a status message.
1679         * offlineasm/offsets.rb:
1680         (MissingMagicValuesException): Add new exception class.
1681         (offsetsAndConfigurationIndex): Throw
1682         MissingMagicValuesException when no magic values are found.
1683
1684 2012-03-04  Jurij Smakov  <jurij@wooyd.org>
1685
1686         SPARC also needs aligned accesses.
1687
1688         Rubber-stamped by Gustavo Noronha Silva.
1689
1690         * wtf/Platform.h:
1691
1692 2012-03-04  Gavin Barraclough  <barraclough@apple.com>
1693
1694         Unreviewed build fix.
1695
1696         * jit/JITStubs.h:
1697             - Move ENABLE(JIT) to head of file.
1698
1699 2012-03-03  Gavin Barraclough  <barraclough@apple.com>
1700
1701         Split JSArray's [[Put]] & [[DefineOwnProperty]] traps.
1702         https://bugs.webkit.org/show_bug.cgi?id=80217
1703
1704         Reviewed by Filip Pizlo.
1705
1706         putByIndex() provides similar behavior to put(), but for indexed property names.
1707         Many places in ArrayPrototype call putByIndex() where they really mean to call
1708         [[DefineOwnProperty]]. This is only okay due to a bug – putByIndex should be
1709         calling numeric accessors (& respecting numeric read only properties) on the
1710         prototype chain, but isn't. Add a new putDirectIndex (matching JSObject's
1711         putDirect* methods), to correctly provide a fast [[DefineOwnProperty]] interface.
1712
1713         * runtime/ArrayPrototype.cpp:
1714         (JSC::arrayProtoFuncConcat):
1715         (JSC::arrayProtoFuncSlice):
1716         (JSC::arrayProtoFuncFilter):
1717         (JSC::arrayProtoFuncMap):
1718         * runtime/JSArray.cpp:
1719         (JSC):
1720         (JSC::reject):
1721         (JSC::SparseArrayValueMap::putDirect):
1722         (JSC::JSArray::defineOwnNumericProperty):
1723         (JSC::JSArray::putByIndexBeyondVectorLength):
1724         (JSC::JSArray::putDirectIndexBeyondVectorLength):
1725         * runtime/JSArray.h:
1726         (SparseArrayValueMap):
1727         (JSArray):
1728         (JSC::JSArray::putDirectIndex):
1729
1730 2012-03-03  Benjamin Poulain  <benjamin@webkit.org>
1731
1732         Implement the basis of KURLWTFURL
1733         https://bugs.webkit.org/show_bug.cgi?id=79600
1734
1735         Reviewed by Adam Barth.
1736
1737         Add an API to know if a ParsedURL is valid.
1738
1739         * wtf/url/api/ParsedURL.cpp:
1740         (WTF::ParsedURL::ParsedURL):
1741         (WTF):
1742         (WTF::ParsedURL::isolatedCopy): This is needed by APIs moving URL objects between thread
1743         and by KURL's detach() on write.
1744         (WTF::ParsedURL::baseAsString):
1745         (WTF::ParsedURL::segment):
1746         Add a stronger constraint on accessors: the client of this API should never ask for the segments
1747         on an invalid URL.
1748         * wtf/url/api/ParsedURL.h:
1749         (WTF):
1750         (WTF::ParsedURL::ParsedURL):
1751         (ParsedURL):
1752         (WTF::ParsedURL::isValid):
1753
1754 2012-03-03  Hans Wennborg  <hans@chromium.org>
1755
1756         Implement Speech JavaScript API
1757         https://bugs.webkit.org/show_bug.cgi?id=80019
1758
1759         Reviewed by Adam Barth.
1760
1761         Add ENABLE_SCRIPTED_SPEECH.
1762
1763         * Configurations/FeatureDefines.xcconfig:
1764
1765 2012-03-02  Filip Pizlo  <fpizlo@apple.com>
1766
1767         When getting the line number of a call into a call frame with no code block, it's
1768         incorrect to rely on the returnPC
1769         https://bugs.webkit.org/show_bug.cgi?id=80195
1770
1771         Reviewed by Oliver Hunt.
1772
1773         * interpreter/Interpreter.cpp:
1774         (JSC::getCallerInfo):
1775         * jit/JITCall.cpp:
1776         (JSC::JIT::compileLoadVarargs):
1777
1778 2012-03-02  Han Hojong  <hojong.han@samsung.com>
1779
1780         Expected results updated for checking type conversion
1781         https://bugs.webkit.org/show_bug.cgi?id=80138
1782
1783         Reviewed by Gavin Barraclough.
1784
1785         * tests/mozilla/ecma/TypeConversion/9.3.1-3.js:
1786
1787 2012-03-02  Kenichi Ishibashi  <bashi@chromium.org>
1788
1789         Adding WebSocket per-frame DEFLATE extension
1790         https://bugs.webkit.org/show_bug.cgi?id=77522
1791
1792         Added USE(ZLIB) flag.
1793
1794         Reviewed by Kent Tamura.
1795
1796         * wtf/Platform.h:
1797
1798 2012-03-02  Filip Pizlo  <fpizlo@apple.com>
1799
1800         Unreviewed build fix for platforms that have DFG_JIT disabled but PARALLEL_GC enabled.
1801
1802         * bytecode/CodeBlock.cpp:
1803         (JSC::CodeBlock::visitAggregate):
1804
1805 2012-03-01  Filip Pizlo  <fpizlo@apple.com>
1806
1807         DFGCodeBlocks should not trace CodeBlocks that are also going to be traced by
1808         virtue of being in the transitive closure
1809         https://bugs.webkit.org/show_bug.cgi?id=80098
1810  
1811         Reviewed by Anders Carlsson.
1812         
1813         If DFGCodeBlocks traces a CodeBlock that might also be traced via its owner Executable,
1814         then you might have the visitAggregate() method called concurrently by multiple threads.
1815         This is benign on 64-bit -- visitAggregate() and everything it calls turns out to be
1816         racy and slightly imprecise but not unsound. But on 32-bit, visitAggregate() may crash
1817         due to word tearing in ValueProfile bucket updates inside of computeUpdatedPrediction().
1818         
1819         It would seem that the fix is just to have DFGCodeBlocks not trace CodeBlocks that are
1820         not jettisoned. But CodeBlocks may be jettisoned later during the GC, so it must trace
1821         any CodeBlock that it knows to be live by virtue of it being reachable from the stack.
1822         Hence the real fix is to make sure that concurrent calls into CodeBlock::visitAggregate()
1823         don't lead to two threads racing over each other as they clobber state. This patch
1824         achieves this with a simple CAS loop: whichever thread wins the CAS race (which is
1825         trivially linearizable) will get to trace the CodeBlock; all other threads give up and
1826         go home.
1827         
1828         Unfortunately there will be no new tests. It's possible to reproduce this maybe 1/10
1829         times by running V8-v6's raytrace repeatedly, using the V8 harness hacked to rerun it
1830         even when it's gotten sufficient counts. But that takes a while - sometimes up to a
1831         minute to get a crash. I have no other reliable repro case.
1832
1833         * bytecode/CodeBlock.cpp:
1834         (JSC::CodeBlock::visitAggregate):
1835         * bytecode/CodeBlock.h:
1836         (DFGData):
1837         * heap/DFGCodeBlocks.cpp:
1838         (JSC::DFGCodeBlocks::clearMarks):
1839
1840 2012-03-01  Filip Pizlo  <fpizlo@apple.com>
1841
1842         The JIT should not crash the entire process just because there is not enough executable
1843         memory, if the LLInt is enabled
1844         https://bugs.webkit.org/show_bug.cgi?id=79962
1845
1846         Reviewed by Csaba Osztrogonác.
1847         
1848         Fix for ARM, SH4.
1849
1850         * assembler/AssemblerBufferWithConstantPool.h:
1851         (JSC::AssemblerBufferWithConstantPool::executableCopy):
1852
1853 2012-03-01  Ryosuke Niwa  <rniwa@webkit.org>
1854
1855         Revert my change. Broke builds.
1856         Source/JavaScriptCore/wtf/Atomics.h:188: error: redefinition of 'bool WTF::weakCompareAndSwap(volatile uintptr_t*, uintptr_t, uintptr_t)'
1857         Source/JavaScriptCore/wtf/Atomics.h:122: error: 'bool WTF::weakCompareAndSwap(volatile unsigned int*, unsigned int, unsigned i
1858
1859         * wtf/Atomics.h:
1860         (WTF):
1861         (WTF::weakCompareAndSwap):
1862
1863 2012-03-01  Ryosuke Niwa  <rniwa@webkit.org>
1864
1865         Gcc build fix.
1866
1867         Rubber-stamped by Filip Pizlo.
1868
1869         * wtf/Atomics.h:
1870         (WTF):
1871         (WTF::weakCompareAndSwap):
1872
1873 2012-03-01  Gavin Barraclough  <barraclough@apple.com>
1874
1875         ES5.1-15.3.5.4. prohibits Function.caller from [[Get]]ting a strict caller
1876         https://bugs.webkit.org/show_bug.cgi?id=80011
1877
1878         Reviewed by Oliver Hunt.
1879
1880         Also, fix getting the caller from within a bound function, for within a getter,
1881         or setter (make our implementation match other browsers).
1882
1883         * interpreter/Interpreter.cpp:
1884         (JSC::getCallerInfo):
1885             - Allow this to get the caller of host functions.
1886         (JSC::Interpreter::retrieveCallerFromVMCode):
1887             - This should use getCallerInfo, and should skip over function bindings.
1888         * runtime/JSFunction.cpp:
1889         (JSC::JSFunction::callerGetter):
1890             - This should never return a strict-mode function.
1891
1892 2012-03-01  Yuqiang Xian  <yuqiang.xian@intel.com>
1893
1894         DFG local CSE for a node can be terminated earlier
1895         https://bugs.webkit.org/show_bug.cgi?id=80014
1896
1897         Reviewed by Filip Pizlo.
1898
1899         When one of the node's childredn is met in the process of back traversing
1900         the nodes, we don't need to traverse the remaining nodes.
1901         This is performance neutral on SunSpider, V8 and Kraken.
1902
1903         * dfg/DFGCSEPhase.cpp:
1904         (JSC::DFG::CSEPhase::pureCSE):
1905         (JSC::DFG::CSEPhase::impureCSE):
1906         (JSC::DFG::CSEPhase::getByValLoadElimination):
1907         (JSC::DFG::CSEPhase::checkFunctionElimination):
1908         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
1909         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
1910         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
1911         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
1912
1913 2012-02-29  Yuqiang Xian  <yuqiang.xian@intel.com>
1914
1915         DFG BasicBlocks should not require that their nodes have continuous indices in the graph
1916         https://bugs.webkit.org/show_bug.cgi?id=79899
1917
1918         Reviewed by Filip Pizlo.
1919
1920         This will make it more convenient to insert nodes into the DFG.
1921         With this capability we now place the Phi nodes in the corresponding
1922         blocks.
1923         Local CSE is modified to not to rely on the assumption of continuous
1924         node indices in a block.
1925         This is performance neutral on SunSpider, V8 and Kraken.
1926
1927         * dfg/DFGAbstractState.cpp:
1928         (JSC::DFG::AbstractState::AbstractState):
1929         (JSC::DFG::AbstractState::beginBasicBlock):
1930         (JSC::DFG::AbstractState::execute):
1931         (JSC::DFG::AbstractState::clobberStructures):
1932         (JSC::DFG::AbstractState::mergeToSuccessors):
1933         (JSC::DFG::AbstractState::dump):
1934         * dfg/DFGAbstractState.h:
1935         (JSC::DFG::AbstractState::forNode):
1936         (AbstractState):
1937         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
1938         (ArithNodeFlagsInferencePhase):
1939         * dfg/DFGBasicBlock.h:
1940         (JSC::DFG::BasicBlock::BasicBlock):
1941         (BasicBlock):
1942         * dfg/DFGByteCodeParser.cpp:
1943         (JSC::DFG::ByteCodeParser::addToGraph):
1944         (ByteCodeParser):
1945         (JSC::DFG::ByteCodeParser::insertPhiNode):
1946         (JSC::DFG::ByteCodeParser::handleInlining):
1947         (JSC::DFG::ByteCodeParser::parseBlock):
1948         (JSC::DFG::ByteCodeParser::processPhiStack):
1949         (JSC::DFG::ByteCodeParser::linkBlock):
1950         (JSC::DFG::ByteCodeParser::determineReachability):
1951         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1952         * dfg/DFGCFAPhase.cpp:
1953         (JSC::DFG::CFAPhase::performBlockCFA):
1954         (CFAPhase):
1955         * dfg/DFGCSEPhase.cpp:
1956         (JSC::DFG::CSEPhase::CSEPhase):
1957         (JSC::DFG::CSEPhase::endIndexForPureCSE):
1958         (JSC::DFG::CSEPhase::pureCSE):
1959         (JSC::DFG::CSEPhase::impureCSE):
1960         (JSC::DFG::CSEPhase::globalVarLoadElimination):
1961         (JSC::DFG::CSEPhase::getByValLoadElimination):
1962         (JSC::DFG::CSEPhase::checkFunctionElimination):
1963         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
1964         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
1965         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
1966         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
1967         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
1968         (JSC::DFG::CSEPhase::performNodeCSE):
1969         (JSC::DFG::CSEPhase::performBlockCSE):
1970         (CSEPhase):
1971         * dfg/DFGGraph.cpp:
1972         (JSC::DFG::Graph::dump):
1973         * dfg/DFGPhase.cpp:
1974         (JSC::DFG::Phase::beginPhase):
1975         * dfg/DFGSpeculativeJIT.cpp:
1976         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
1977         (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
1978         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
1979         (JSC::DFG::SpeculativeJIT::compile):
1980         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
1981         (JSC::DFG::SpeculativeJIT::compileStrictEq):
1982         * dfg/DFGSpeculativeJIT.h:
1983         (SpeculativeJIT):
1984         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
1985         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
1986         * dfg/DFGSpeculativeJIT32_64.cpp:
1987         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
1988         * dfg/DFGSpeculativeJIT64.cpp:
1989         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
1990         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1991         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1992
1993 2012-02-29  Filip Pizlo  <fpizlo@apple.com>
1994
1995         The JIT should not crash the entire process just because there is not
1996         enough executable memory, if the LLInt is enabled
1997         https://bugs.webkit.org/show_bug.cgi?id=79962
1998         <rdar://problem/10922215>
1999
2000         Unreviewed, adding forgotten file.
2001
2002         * jit/JITCompilationEffort.h: Added.
2003         (JSC):
2004
2005 2012-02-29  Filip Pizlo  <fpizlo@apple.com>
2006
2007         The JIT should not crash the entire process just because there is not
2008         enough executable memory, if the LLInt is enabled
2009         https://bugs.webkit.org/show_bug.cgi?id=79962
2010         <rdar://problem/10922215>
2011
2012         Reviewed by Gavin Barraclough.
2013         
2014         Added the notion of JITCompilationEffort. If we're JIT'ing as a result of
2015         a tier-up, then we set it to JITCompilationCanFail. Otherwise it's
2016         JITCompilationMustSucceed. This preserves the old behavior of LLInt is
2017         disabled or if we're compiling something that can't be interpreted (like
2018         an OSR exit stub).
2019
2020         * JavaScriptCore.xcodeproj/project.pbxproj:
2021         * assembler/ARMAssembler.cpp:
2022         (JSC::ARMAssembler::executableCopy):
2023         * assembler/ARMAssembler.h:
2024         (ARMAssembler):
2025         * assembler/AssemblerBuffer.h:
2026         (JSC::AssemblerBuffer::executableCopy):
2027         * assembler/LinkBuffer.h:
2028         (JSC::LinkBuffer::LinkBuffer):
2029         (JSC::LinkBuffer::~LinkBuffer):
2030         (LinkBuffer):
2031         (JSC::LinkBuffer::didFailToAllocate):
2032         (JSC::LinkBuffer::isValid):
2033         (JSC::LinkBuffer::linkCode):
2034         (JSC::LinkBuffer::performFinalization):
2035         * assembler/MIPSAssembler.h:
2036         (JSC::MIPSAssembler::executableCopy):
2037         * assembler/SH4Assembler.h:
2038         (JSC::SH4Assembler::executableCopy):
2039         * assembler/X86Assembler.h:
2040         (JSC::X86Assembler::executableCopy):
2041         (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
2042         * bytecode/CodeBlock.cpp:
2043         (JSC::ProgramCodeBlock::jitCompileImpl):
2044         (JSC::EvalCodeBlock::jitCompileImpl):
2045         (JSC::FunctionCodeBlock::jitCompileImpl):
2046         * bytecode/CodeBlock.h:
2047         (JSC::CodeBlock::jitCompile):
2048         (CodeBlock):
2049         (ProgramCodeBlock):
2050         (EvalCodeBlock):
2051         (FunctionCodeBlock):
2052         * dfg/DFGDriver.cpp:
2053         (JSC::DFG::compile):
2054         * dfg/DFGJITCompiler.cpp:
2055         (JSC::DFG::JITCompiler::compile):
2056         (JSC::DFG::JITCompiler::compileFunction):
2057         * dfg/DFGJITCompiler.h:
2058         (JITCompiler):
2059         * jit/ExecutableAllocator.cpp:
2060         (JSC::DemandExecutableAllocator::allocateNewSpace):
2061         (JSC::ExecutableAllocator::allocate):
2062         * jit/ExecutableAllocator.h:
2063         (ExecutableAllocator):
2064         * jit/ExecutableAllocatorFixedVMPool.cpp:
2065         (JSC::ExecutableAllocator::allocate):
2066         * jit/JIT.cpp:
2067         (JSC::JIT::privateCompile):
2068         * jit/JIT.h:
2069         (JSC::JIT::compile):
2070         (JIT):
2071         * jit/JITCompilationEffort.h: Added.
2072         (JSC):
2073         * jit/JITDriver.h:
2074         (JSC::jitCompileIfAppropriate):
2075         (JSC::jitCompileFunctionIfAppropriate):
2076         * llint/LLIntSlowPaths.cpp:
2077         (LLInt):
2078         (JSC::LLInt::jitCompileAndSetHeuristics):
2079         (JSC::LLInt::entryOSR):
2080         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2081         * runtime/Executable.cpp:
2082         (JSC::EvalExecutable::jitCompile):
2083         (JSC::ProgramExecutable::jitCompile):
2084         (JSC::FunctionExecutable::jitCompileForCall):
2085         (JSC::FunctionExecutable::jitCompileForConstruct):
2086         * runtime/Executable.h:
2087         (EvalExecutable):
2088         (ProgramExecutable):
2089         (FunctionExecutable):
2090         (JSC::FunctionExecutable::jitCompileFor):
2091         * runtime/ExecutionHarness.h:
2092         (JSC::prepareForExecution):
2093         (JSC::prepareFunctionForExecution):
2094
2095 2012-02-29  No'am Rosenthal  <noam.rosenthal@nokia.com>
2096
2097         [Qt][WK2] Get rid of the #ifdef mess in LayerTreeHost[Proxy]
2098         https://bugs.webkit.org/show_bug.cgi?id=79501
2099
2100         Enable WTF_USE_UI_SIDE_COMPOSITING for Qt.
2101
2102         Reviewed by Kenneth Rohde Christiansen.
2103
2104         * wtf/Platform.h:
2105
2106 2012-02-29  Gavin Barraclough  <barraclough@apple.com>
2107
2108         Rubber stamped by Oliver Hunt.
2109
2110         * tests/mozilla/ecma_2/RegExp/constructor-001.js:
2111         * tests/mozilla/ecma_2/RegExp/function-001.js:
2112         * tests/mozilla/ecma_2/RegExp/properties-001.js:
2113             - Check in new test cases results.
2114
2115 2012-02-29  Mark Rowe  <mrowe@apple.com>
2116
2117         Stop installing JSCLLIntOffsetsExtractor.
2118
2119         Replace the separate TestRegExp and TestAPI xcconfig files with a single ToolExecutable xcconfig file
2120         that derives the product name from the target name. We can then use that xcconfig file for JSCLLIntOffsetsExtractor.
2121         This has the results of setting SKIP_INSTALL = YES for JSCLLIntOffsetsExtractor.
2122
2123         While I was doing this fiddling I noticed that the JSCLLIntOffsetsExtractor target had a custom value
2124         for USER_HEADER_SEARCH_PATHS to allow it to find LLIntDesiredOffsets.h. A better way of doing that is
2125         to add LLIntDesiredOffsets.h to the Xcode project so that it'll be included in the header map. That
2126         allows us to remove the override of USER_HEADER_SEARCH_PATHS entirely. So I did that too!
2127
2128         Reviewed by Filip Pizlo.
2129
2130         * Configurations/TestRegExp.xcconfig: Removed.
2131         * Configurations/ToolExecutable.xcconfig: Renamed from Source/JavaScriptCore/Configurations/TestAPI.xcconfig.
2132         * JavaScriptCore.xcodeproj/project.pbxproj:
2133
2134 2012-02-28  Filip Pizlo  <fpizlo@apple.com>
2135
2136         RefCounted::deprecatedTurnOffVerifier() should not be deprecated
2137         https://bugs.webkit.org/show_bug.cgi?id=79864
2138
2139         Reviewed by Oliver Hunt.
2140         
2141         Removed the word "deprecated" from the name of this method, since this method
2142         should not be deprecated. It works just fine as it is, and there is simply no
2143         alternative to calling this method for many interesting JSC classes.
2144
2145         * parser/SourceProvider.h:
2146         (JSC::SourceProvider::SourceProvider):
2147         * runtime/SymbolTable.h:
2148         (JSC::SharedSymbolTable::SharedSymbolTable):
2149         * wtf/MetaAllocator.cpp:
2150         (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
2151         (WTF::MetaAllocator::allocate):
2152         * wtf/RefCounted.h:
2153         (RefCountedBase):
2154         (WTF::RefCountedBase::turnOffVerifier):
2155
2156 2012-02-29  Gavin Barraclough  <barraclough@apple.com>
2157
2158         'source' property of RegExp instance cannot be ""
2159         https://bugs.webkit.org/show_bug.cgi?id=79938
2160
2161         Reviewed by Oliver Hunt.
2162
2163         15.10.6.4 specifies that RegExp.prototype.toString must return '/' + source + '/',
2164         and also states that the result must be a valid RegularExpressionLiteral. '//' is
2165         not a valid RegularExpressionLiteral (since it is a single line comment), and hence
2166         source cannot ever validly be "". If the source is empty, return a different Pattern
2167         that would match the same thing.
2168
2169         * runtime/RegExpObject.cpp:
2170         (JSC::regExpObjectSource):
2171             - Do not return "" if the source is empty, this would lead to invalid behaviour in toString.
2172         * runtime/RegExpPrototype.cpp:
2173         (JSC::regExpProtoFuncToString):
2174             - No need to special case the empty string - this should be being done by 'source'.
2175
2176 2012-02-29  Gavin Barraclough  <barraclough@apple.com>
2177
2178         Writable attribute not set correctly when redefining an accessor to a data descriptor
2179         https://bugs.webkit.org/show_bug.cgi?id=79931
2180
2181         Reviewed by Oliver Hunt.
2182
2183         * runtime/JSObject.cpp:
2184         (JSC::JSObject::defineOwnProperty):
2185             - use attributesOverridingCurrent instead of attributesWithOverride.
2186         * runtime/PropertyDescriptor.cpp:
2187         * runtime/PropertyDescriptor.h:
2188             - remove attributesWithOverride - attributesOverridingCurrent does the same thing.
2189
2190 2012-02-29  Kevin Ollivier  <kevino@theolliviers.com>
2191
2192         Add JSCore symbol exports needed by wx port
2193         https://bugs.webkit.org/show_bug.cgi?id=77280
2194
2195         Reviewed by Hajime Morita.
2196
2197         * wtf/ArrayBufferView.h:
2198         * wtf/ExportMacros.h:
2199
2200 2012-02-28  Raphael Kubo da Costa  <kubo@profusion.mobi>
2201
2202         [CMake] Always build wtf as a static library.
2203         https://bugs.webkit.org/show_bug.cgi?id=79857
2204
2205         Reviewed by Eric Seidel.
2206
2207         To help the efforts in bug 75673 to move WTF out of
2208         JavaScriptCore, act more like the other ports and remove the
2209         possibility of building WTF as a shared library.
2210
2211         It does not make much sense to, for example, ship WTF as a
2212         separate .so with webkit-efl packages, and it should be small
2213         enough not to cause problems during linking.
2214
2215         * wtf/CMakeLists.txt:
2216
2217 2012-02-28  Dmitry Lomov  <dslomov@google.com>
2218
2219         [JSC] Implement ArrayBuffer transfer
2220         https://bugs.webkit.org/show_bug.cgi?id=73493.
2221         Implement ArrayBuffer transfer, per Khronos spec:  http://www.khronos.org/registry/typedarray/specs/latest/#9.
2222         This brings parity with V8 implementation of transferable typed arrays.
2223
2224         Reviewed by Oliver Hunt.
2225
2226         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Extra export.
2227         * wtf/ArrayBuffer.h:
2228         (ArrayBuffer): Added extra export.
2229
2230 2012-02-28  Kevin Ollivier  <kevino@theolliviers.com>
2231
2232         [wx] Unreviewed. Build fix after recent LLInt additions.
2233         
2234         * wscript:
2235
2236 2012-02-28  Mark Hahnenberg  <mhahnenberg@apple.com>
2237
2238         Refactor SpeculativeJIT::emitAllocateJSFinalObject
2239         https://bugs.webkit.org/show_bug.cgi?id=79801
2240
2241         Reviewed by Filip Pizlo.
2242
2243         * dfg/DFGSpeculativeJIT.h:
2244         (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): Split emitAllocateJSFinalObject out to form this
2245         function, which is more generic in that it can allocate a variety of classes.
2246         (SpeculativeJIT):
2247         (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Changed to use the new helper function.
2248
2249 2012-02-28  Gavin Barraclough  <barraclough@apple.com>
2250
2251         [[Get]]/[[Put]] for primitives should not wrap on strict accessor call
2252         https://bugs.webkit.org/show_bug.cgi?id=79588
2253
2254         Reviewed by Oliver Hunt.
2255
2256         In the case of [[Get]], this is a pretty trivial bug - just don't wrap
2257         primitives at the point you call a getter.
2258
2259         For setters, this is a little more involved, since we have already wrapped
2260         the value up in a synthesized object. Stop doing so. There is also a further
2261         subtely, that in strict mode all attempts to create a new data property on
2262         the object should throw.
2263
2264         * runtime/JSCell.cpp:
2265         (JSC::JSCell::put):
2266             - [[Put]] to a string primitive should use JSValue::putToPrimitive.
2267         * runtime/JSObject.cpp:
2268         (JSC::JSObject::put):
2269             - Remove static function called in one place.
2270         * runtime/JSObject.h:
2271         (JSC::JSValue::put):
2272             - [[Put]] to a non-cell JSValue should use JSValue::putToPrimitive.
2273         * runtime/JSValue.cpp:
2274         (JSC::JSValue::synthesizePrototype):
2275             - Add support for synthesizing the prototype of strings.
2276         (JSC::JSValue::putToPrimitive):
2277             - Added, implements [[Put]] for primitive bases, per 8.7.2.
2278         * runtime/JSValue.h:
2279         (JSValue):
2280             - Add declaration for JSValue::putToPrimitive.
2281         * runtime/PropertySlot.cpp:
2282         (JSC::PropertySlot::functionGetter):
2283             - Don't call ToObject on primitive this values.
2284
2285 2012-02-28  Mark Hahnenberg  <mhahnenberg@apple.com>
2286
2287         Re-enable parallel GC on Mac
2288         https://bugs.webkit.org/show_bug.cgi?id=79837
2289
2290         Rubber stamped by Filip Pizlo.
2291
2292         * runtime/Options.cpp:
2293         (JSC::Options::initializeOptions): We accidentally disabled parallel GC with this line,
2294         so we removed it and things should go back to normal.
2295
2296 2012-02-28  Filip Pizlo  <fpizlo@apple.com>
2297
2298         Some run-javascriptcore-tests broken for 32-bit debug
2299         https://bugs.webkit.org/show_bug.cgi?id=79844
2300
2301         Rubber stamped by Oliver Hunt.
2302         
2303         These assertions are just plain wrong for 32-bit. We could either have a massive
2304         assertion that depends on value representation, that has to be changed every
2305         time we change the JITs, resulting in a bug tail of debug-mode crashes, or we
2306         could get rid of the assertions. I pick the latter.
2307
2308         * dfg/DFGOperations.cpp:
2309         * jit/JITStubs.cpp:
2310         (JSC::DEFINE_STUB_FUNCTION):
2311
2312 2012-02-28  Mark Hahnenberg  <mhahnenberg@apple.com>
2313
2314         Get rid of padding cruft in CopiedBlock
2315         https://bugs.webkit.org/show_bug.cgi?id=79686
2316
2317         Reviewed by Filip Pizlo.
2318
2319         * heap/CopiedBlock.h:
2320         (CopiedBlock): Removed the extra padding that was used for alignment purposes until 
2321         the calculation of the payload offset into CopiedBlocks was redone recently.
2322
2323 2012-02-28  Anders Carlsson  <andersca@apple.com>
2324
2325         Fix build with newer versions of clang.
2326
2327         Clang now warns since we're not passing a CFString literal to CFStringCreateWithFormatAndArguments,
2328         but it's OK to ignore this warning since clang is also checking that the caller (vprintf_stderr_common)
2329         takes a string literal.
2330
2331         * wtf/Assertions.cpp:
2332
2333 2012-02-28  Mario Sanchez Prada  <msanchez@igalia.com>
2334
2335         [GTK] Add GMainLoop and GMainContext to be handled by GRefPtr
2336         https://bugs.webkit.org/show_bug.cgi?id=79496
2337
2338         Reviewed by Martin Robinson.
2339
2340         Handle GMainLoop and GMainContext in GRefPtr, by calling
2341         g_main_loop_(un)ref and g_main_context_(un)ref in the
2342         implementation of the refGPtr and derefGPtr template functions.
2343
2344         * wtf/gobject/GRefPtr.cpp:
2345         (WTF::refGPtr):
2346         (WTF):
2347         (WTF::derefGPtr):
2348         * wtf/gobject/GRefPtr.h:
2349         (WTF):
2350         * wtf/gobject/GTypedefs.h:
2351
2352 2012-02-28  Yong Li  <yoli@rim.com>
2353
2354         JSString::resolveRope() should report extra memory cost to the heap.
2355         https://bugs.webkit.org/show_bug.cgi?id=79555
2356
2357         Reviewed by Michael Saboff.
2358
2359         At the time a JSString is constructed with fibers, it doesn't report
2360         extra memory cost, which is reasonable because it hasn't allocate
2361         new memory. However when the rope is resolved, it should report meory
2362         cost for the new buffer.
2363
2364         * runtime/JSString.cpp:
2365         (JSC::JSString::resolveRope):
2366
2367 2012-02-27  Oliver Hunt  <oliver@apple.com>
2368
2369         sputnik/Unicode/Unicode_500/S7.2_A1.6_T1.html crashes in the interpreter
2370         https://bugs.webkit.org/show_bug.cgi?id=79728
2371
2372         Reviewed by Gavin Barraclough.
2373
2374         When initialising a chained get instruction we may end up in a state where
2375         the instruction stream says we have a scopechain, but it has not yet been set
2376         (eg. if allocating the StructureChain itself is what leads to the GC).  We could
2377         re-order the allocation, but it occurs in a couple of places, so it seems less
2378         fragile simply to null check the scopechain slot before we actually visit the slot.
2379
2380         * bytecode/CodeBlock.cpp:
2381         (JSC::CodeBlock::visitStructures):
2382
2383 2012-02-27  Filip Pizlo  <fpizlo@apple.com>
2384
2385         Old JIT's style of JSVALUE64 strict equality is subtly wrong
2386         https://bugs.webkit.org/show_bug.cgi?id=79700
2387
2388         Reviewed by Oliver Hunt.
2389
2390         * assembler/MacroAssemblerX86_64.h:
2391         (JSC::MacroAssemblerX86_64::comparePtr):
2392         (MacroAssemblerX86_64):
2393         * dfg/DFGOperations.cpp:
2394         * dfg/DFGSpeculativeJIT.cpp:
2395         (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
2396         * dfg/DFGSpeculativeJIT64.cpp:
2397         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
2398         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
2399         * jit/JITOpcodes.cpp:
2400         (JSC::JIT::compileOpStrictEq):
2401         (JSC::JIT::emitSlow_op_stricteq):
2402         (JSC::JIT::emitSlow_op_nstricteq):
2403         * jit/JITStubs.cpp:
2404         (JSC::DEFINE_STUB_FUNCTION):
2405
2406 2012-02-27  Gavin Barraclough  <barraclough@apple.com>
2407
2408         Implement support for op_negate and op_bitnot in the DFG JIT
2409         https://bugs.webkit.org/show_bug.cgi?id=79617
2410
2411         Reviewed by Filip Pizlo.
2412
2413         Add an ArithNegate op to the DFG JIT, to implement op_negate.
2414
2415         This patch also adds support for op_negate to the JSVALUE64 baseline JIT
2416         (JSVALUE32_64 already had this), so that we can profile the slowpath usage.
2417
2418         This is a 2.5%-3% Sunspider progression and a 1% win on Kraken.
2419
2420         * assembler/ARMv7Assembler.h:
2421         (JSC::ARMv7Assembler::sub_S):
2422             - Added sub_S from immediate.
2423         (ARMv7Assembler):
2424         (JSC::ARMv7Assembler::vneg):
2425             - Added double negate.
2426         * assembler/MacroAssemblerARMv7.h:
2427         (JSC::MacroAssemblerARMv7::negateDouble):
2428             - Added double negate.
2429         (MacroAssemblerARMv7):
2430         (JSC::MacroAssemblerARMv7::branchNeg32):
2431             - Added.
2432         * assembler/MacroAssemblerX86.h:
2433         (MacroAssemblerX86):
2434             - moved loadDouble, absDouble to common.
2435         * assembler/MacroAssemblerX86Common.h:
2436         (MacroAssemblerX86Common):
2437         (JSC::MacroAssemblerX86Common::absDouble):
2438             - implementation can be shared.
2439         (JSC::MacroAssemblerX86Common::negateDouble):
2440             - Added.
2441         (JSC::MacroAssemblerX86Common::loadDouble):
2442             - allow absDouble to have a common implementation.
2443         * assembler/MacroAssemblerX86_64.h:
2444         (MacroAssemblerX86_64):
2445             - moved loadDouble, absDouble to common.
2446         * dfg/DFGAbstractState.cpp:
2447         (JSC::DFG::AbstractState::execute):
2448             - support ArithNegate.
2449         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
2450         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
2451             - support ArithNegate.
2452         * dfg/DFGByteCodeParser.cpp:
2453         (JSC::DFG::ByteCodeParser::makeSafe):
2454             - support ArithNegate.
2455         (JSC::DFG::ByteCodeParser::parseBlock):
2456             - support op_negate.
2457         * dfg/DFGCSEPhase.cpp:
2458         (JSC::DFG::CSEPhase::performNodeCSE):
2459             - support ArithNegate.
2460         * dfg/DFGCapabilities.h:
2461         (JSC::DFG::canCompileOpcode):
2462             - support op_negate.
2463         * dfg/DFGGraph.h:
2464         (JSC::DFG::Graph::negateShouldSpeculateInteger):
2465             - support ArithNegate.
2466         * dfg/DFGNode.h:
2467         (JSC::DFG::Node::hasArithNodeFlags):
2468             - support ArithNegate.
2469         * dfg/DFGPredictionPropagationPhase.cpp:
2470         (JSC::DFG::PredictionPropagationPhase::propagate):
2471             - support ArithNegate.
2472         * dfg/DFGSpeculativeJIT.cpp:
2473         (JSC::DFG::SpeculativeJIT::compileArithNegate):
2474             - support ArithNegate.
2475         * dfg/DFGSpeculativeJIT.h:
2476         (SpeculativeJIT):
2477             - support ArithNegate.
2478         * dfg/DFGSpeculativeJIT32_64.cpp:
2479         (JSC::DFG::SpeculativeJIT::compile):
2480             - support ArithNegate.
2481         * dfg/DFGSpeculativeJIT64.cpp:
2482         (JSC::DFG::SpeculativeJIT::compile):
2483             - support ArithNegate.
2484         * jit/JIT.cpp:
2485         (JSC::JIT::privateCompileMainPass):
2486         (JSC::JIT::privateCompileSlowCases):
2487             - Add support for op_negate in JSVALUE64.
2488         * jit/JITArithmetic.cpp:
2489         (JSC::JIT::emit_op_negate):
2490         (JSC::JIT::emitSlow_op_negate):
2491             - Add support for op_negate in JSVALUE64.
2492
2493 2012-02-27  Mahesh Kulkarni  <mahesh.kulkarni@nokia.com>
2494
2495         Unreviewed. Build fix for linux-bot (qt) after r109021.
2496
2497         * runtime/Error.cpp:
2498
2499 2012-02-27  Oliver Hunt  <oliver@apple.com>
2500
2501         REGRESSION (r108112): AWS Management Console at amazon.com fails to initialize
2502         https://bugs.webkit.org/show_bug.cgi?id=79693
2503
2504         Reviewed by Filip Pizlo.
2505
2506         Alas we can't provide the stack trace as an array, as despite everyone wanting
2507         an array, everyone arbitrarily creates the array by calling split on the stack
2508         trace.  To create the array we would have provided them in the first place.
2509
2510         This changes the exception's stack property to a \n separated string.  To get the
2511         old array just do <exception>.stack.split("\n").
2512
2513         * runtime/Error.cpp:
2514         (JSC::addErrorInfo):
2515
2516 2012-02-27  Gavin Barraclough  <barraclough@apple.com>
2517
2518         RegExp lastIndex should behave as a regular property
2519         https://bugs.webkit.org/show_bug.cgi?id=79446
2520
2521         Reviewed by Sam Weinig.
2522
2523         lastIndex should be a regular data descriptor, with the attributes configurable:false,
2524         enumerable:false, writable:true. As such, it should be possible to reconfigure writable
2525         as false. If the lastIndex property is reconfigured to be read-only, we should respect
2526         this correctly.
2527
2528         * runtime/CommonIdentifiers.h:
2529             - Removed some unused identifiers, added lastIndex.
2530         * runtime/RegExpObject.cpp:
2531         (JSC::RegExpObject::getOwnPropertySlot):
2532             - lastIndex is no longer a static value, provided specific handling.
2533         (JSC::RegExpObject::getOwnPropertyDescriptor):
2534             - lastIndex is no longer a static value, provided specific handling.
2535         (JSC::RegExpObject::deleteProperty):
2536             - lastIndex is no longer a static value, provided specific handling.
2537         (JSC::RegExpObject::getOwnPropertyNames):
2538             - lastIndex is no longer a static value, provided specific handling.
2539         (JSC::RegExpObject::getPropertyNames):
2540             - lastIndex is no longer a static value, provided specific handling.
2541         (JSC::reject):
2542             - helper function for defineOwnProperty.
2543         (JSC::RegExpObject::defineOwnProperty):
2544             - lastIndex is no longer a static value, provided specific handling.
2545         (JSC::RegExpObject::put):
2546             - lastIndex is no longer a static value, provided specific handling.
2547         (JSC::RegExpObject::match):
2548             - Pass setLastIndex an ExecState, so it can throw if read-only.
2549         * runtime/RegExpObject.h:
2550         (JSC::RegExpObject::setLastIndex):
2551             - Pass setLastIndex an ExecState, so it can throw if read-only.
2552         (RegExpObjectData):
2553             - Added lastIndexIsWritable.
2554         * runtime/RegExpPrototype.cpp:
2555         (JSC::regExpProtoFuncCompile):
2556             - Pass setLastIndex an ExecState, so it can throw if read-only.
2557
2558 2012-02-27  Gavin Barraclough  <barraclough@apple.com>
2559
2560         Implement support for op_negate and op_bitnot in the DFG JIT
2561         https://bugs.webkit.org/show_bug.cgi?id=79617
2562
2563         Reviewed by Sam Weinig.
2564
2565         Remove op_bitnop - this is redundant, ~x === x^-1.
2566         This is a fractional (<1%) progression.
2567
2568         Remove not32(X) from the MacroAssemblers - make this an optimization to add32(-1, X).
2569         Remove CanReuse from the result type - this was unused.
2570         Remove op_bitnot.
2571
2572         * assembler/MacroAssemblerARM.h:
2573         (MacroAssemblerARM):
2574         (JSC::MacroAssemblerARM::xor32):
2575         * assembler/MacroAssemblerARMv7.h:
2576         (MacroAssemblerARMv7):
2577         (JSC::MacroAssemblerARMv7::xor32):
2578         * assembler/MacroAssemblerMIPS.h:
2579         (MacroAssemblerMIPS):
2580         (JSC::MacroAssemblerMIPS::xor32):
2581         * assembler/MacroAssemblerSH4.h:
2582         (MacroAssemblerSH4):
2583         (JSC::MacroAssemblerSH4::xor32):
2584         * assembler/MacroAssemblerX86Common.h:
2585         (MacroAssemblerX86Common):
2586         (JSC::MacroAssemblerX86Common::xor32):
2587         * bytecode/CodeBlock.cpp:
2588         (JSC::CodeBlock::dump):
2589         * bytecode/Opcode.h:
2590         (JSC):
2591         (JSC::padOpcodeName):
2592         * bytecompiler/NodesCodegen.cpp:
2593         (JSC):
2594         (JSC::BitwiseNotNode::emitBytecode):
2595         * interpreter/Interpreter.cpp:
2596         (JSC::Interpreter::privateExecute):
2597         * jit/JIT.cpp:
2598         (JSC::JIT::privateCompileMainPass):
2599         (JSC::JIT::privateCompileSlowCases):
2600         * jit/JIT.h:
2601         (JIT):
2602         * jit/JITArithmetic32_64.cpp:
2603         (JSC):
2604         * jit/JITOpcodes.cpp:
2605         (JSC):
2606         * jit/JITStubs.cpp:
2607         (JSC):
2608         * jit/JITStubs.h:
2609         * llint/LLIntSlowPaths.cpp:
2610         (LLInt):
2611         * llint/LLIntSlowPaths.h:
2612         (LLInt):
2613         * llint/LowLevelInterpreter32_64.asm:
2614         * parser/NodeConstructors.h:
2615         (JSC::NegateNode::NegateNode):
2616         (JSC::BitwiseNotNode::BitwiseNotNode):
2617         (JSC::MultNode::MultNode):
2618         (JSC::DivNode::DivNode):
2619         (JSC::ModNode::ModNode):
2620         (JSC::SubNode::SubNode):
2621         (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
2622         * parser/Nodes.h:
2623         (BitwiseNotNode):
2624         (JSC::BitwiseNotNode::expr):
2625         (JSC):
2626         * parser/ResultType.h:
2627         (ResultType):
2628         (JSC::ResultType::numberTypeIsInt32):
2629         (JSC::ResultType::stringOrNumberType):
2630         (JSC::ResultType::forAdd):
2631         (JSC::ResultType::forBitOp):
2632
2633 2012-02-27  Michael Saboff  <msaboff@apple.com>
2634
2635         Error check regexp min quantifier
2636         https://bugs.webkit.org/show_bug.cgi?id=70648
2637
2638         Reviewed by Gavin Barraclough.
2639
2640         Added checking for min or only quantifier being UINT_MAX.
2641         When encountered this becomes a SyntaxError during parsing.
2642
2643         * yarr/YarrParser.h:
2644         (JSC::Yarr::Parser::parseQuantifier):
2645         (JSC::Yarr::Parser::parse):
2646         (Parser):
2647
2648 2012-02-27  Carlos Garcia Campos  <cgarcia@igalia.com>
2649
2650         Unreviewed. Fix make distcheck.
2651
2652         * GNUmakefile.list.am: Add missing files.
2653
2654 2012-02-26  Hajime Morrita  <morrita@chromium.org>
2655
2656         Move ChromeClient::showContextMenu() to ContextMenuClient
2657         https://bugs.webkit.org/show_bug.cgi?id=79427
2658
2659         Reviewed by Adam Barth.
2660
2661         Added ACCESSIBILITY_CONTEXT_MENUS.
2662
2663         * wtf/Platform.h:
2664
2665 2012-02-26  Filip Pizlo  <fpizlo@apple.com>
2666
2667         LayoutTests/fast/xpath/xpath-functional-test.html is crashing in the DFG
2668         https://bugs.webkit.org/show_bug.cgi?id=79616
2669
2670         Reviewed by Oliver Hunt.
2671         
2672         Guard against the fact that in JSVALUE64, JSValue().isCell() == true.
2673
2674         * dfg/DFGAbstractValue.h:
2675         (JSC::DFG::AbstractValue::validate):
2676
2677 2012-02-26  Filip Pizlo  <fpizlo@apple.com>
2678
2679         DFG should support activations and nested functions
2680         https://bugs.webkit.org/show_bug.cgi?id=79554
2681
2682         Reviewed by Sam Weinig.
2683         
2684         Fix 32-bit. The 32-bit function+activation code had some really weird
2685         register reuse bugs.
2686
2687         * dfg/DFGSpeculativeJIT32_64.cpp:
2688         (JSC::DFG::SpeculativeJIT::compile):
2689
2690 2012-02-26  Filip Pizlo  <fpizlo@apple.com>
2691
2692         Getting the instruction stream for a code block should not require two loads
2693         https://bugs.webkit.org/show_bug.cgi?id=79608
2694
2695         Reviewed by Sam Weinig.
2696         
2697         Introduced the RefCountedArray class, which contains a single inline pointer
2698         to a ref-counted non-resizeable vector backing store. This satisfies the
2699         requirements of CodeBlock, which desires the ability to share instruction
2700         streams with other CodeBlocks. It also reduces the number of loads required
2701         for getting the instruction stream by one.
2702         
2703         This patch also gets rid of the bytecode discarding logic, since we don't
2704         use it anymore and it's unlikely to ever work right with DFG or LLInt. And
2705         I didn't feel like porting dead code to use RefCountedArray.
2706
2707         * GNUmakefile.list.am:
2708         * JavaScriptCore.xcodeproj/project.pbxproj:
2709         * bytecode/CodeBlock.cpp:
2710         (JSC::instructionOffsetForNth):
2711         (JSC::CodeBlock::dump):
2712         (JSC::CodeBlock::CodeBlock):
2713         (JSC::CodeBlock::finalizeUnconditionally):
2714         (JSC::CodeBlock::handlerForBytecodeOffset):
2715         (JSC::CodeBlock::lineNumberForBytecodeOffset):
2716         (JSC::CodeBlock::expressionRangeForBytecodeOffset):
2717         (JSC::CodeBlock::shrinkToFit):
2718         * bytecode/CodeBlock.h:
2719         (CodeBlock):
2720         (JSC::CodeBlock::numberOfInstructions):
2721         (JSC::CodeBlock::instructions):
2722         (JSC::CodeBlock::instructionCount):
2723         (JSC::CodeBlock::valueProfileForBytecodeOffset):
2724         (JSC):
2725         * bytecompiler/BytecodeGenerator.cpp:
2726         (JSC::Label::setLocation):
2727         (JSC):
2728         (JSC::BytecodeGenerator::generate):
2729         (JSC::BytecodeGenerator::newLabel):
2730         * bytecompiler/BytecodeGenerator.h:
2731         (JSC):
2732         (BytecodeGenerator):
2733         (JSC::BytecodeGenerator::instructions):
2734         * bytecompiler/Label.h:
2735         (JSC::Label::Label):
2736         (Label):
2737         * dfg/DFGByteCodeCache.h:
2738         (JSC::DFG::ByteCodeCache::~ByteCodeCache):
2739         (JSC::DFG::ByteCodeCache::get):
2740         * jit/JITExceptions.cpp:
2741         (JSC::genericThrow):
2742         * llint/LowLevelInterpreter32_64.asm:
2743         * runtime/Executable.cpp:
2744         (JSC::EvalExecutable::compileInternal):
2745         (JSC::ProgramExecutable::compileInternal):
2746         (JSC::FunctionExecutable::codeBlockWithBytecodeFor):
2747         (JSC::FunctionExecutable::produceCodeBlockFor):
2748         * wtf/RefCountedArray.h: Added.
2749         (WTF):
2750         (RefCountedArray):
2751         (WTF::RefCountedArray::RefCountedArray):
2752         (WTF::RefCountedArray::operator=):
2753         (WTF::RefCountedArray::~RefCountedArray):
2754         (WTF::RefCountedArray::size):
2755         (WTF::RefCountedArray::data):
2756         (WTF::RefCountedArray::begin):
2757         (WTF::RefCountedArray::end):
2758         (WTF::RefCountedArray::at):
2759         (WTF::RefCountedArray::operator[]):
2760         (Header):
2761         (WTF::RefCountedArray::Header::size):
2762         (WTF::RefCountedArray::Header::payload):
2763         (WTF::RefCountedArray::Header::fromPayload):
2764         * wtf/Platform.h:
2765
2766 2012-02-26  Yusuke Suzuki  <utatane.tea@gmail.com>
2767
2768         StringLiteral and NumericLiteral are allowed as ObjectLiteral getter / setter name
2769         https://bugs.webkit.org/show_bug.cgi?id=79571
2770
2771         Reviewed by Gavin Barraclough.
2772
2773         * parser/ASTBuilder.h:
2774         (JSC::ASTBuilder::createGetterOrSetterProperty):
2775         * parser/Parser.cpp:
2776         (JSC::::parseProperty):
2777         * parser/SyntaxChecker.h:
2778         (JSC::SyntaxChecker::createGetterOrSetterProperty):
2779
2780 2012-02-26  Mark Hahnenberg  <mhahnenberg@apple.com>
2781
2782         Implement fast path for op_new_array in the baseline JIT
2783         https://bugs.webkit.org/show_bug.cgi?id=78612
2784
2785         Reviewed by Filip Pizlo.
2786
2787         heap/CopiedAllocator.h:
2788         (CopiedAllocator): Friended the JIT to allow access to m_currentOffset.
2789         * heap/CopiedSpace.h:
2790         (CopiedSpace): Friended the JIT to allow access to isOversize.
2791         (JSC::CopiedSpace::allocator):
2792         * heap/Heap.h:
2793         (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT
2794         can use it for simple allocation i.e. when we can just bump the offset without having to 
2795         do anything else.
2796         * jit/JIT.cpp:
2797         (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when
2798         we have to bail out because the fast allocation path fails for whatever reason.
2799         * jit/JIT.h:
2800         (JIT):
2801         * jit/JITInlineMethods.h:
2802         (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to 
2803         allocate generic backing stores. This function is used by emitAllocateJSArray.
2804         (JSC):
2805         (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to 
2806         more easily allocate JSArrays. This function is used by emit_op_new_array and I expect 
2807         it will also be used for emit_op_new_array_buffer.
2808         * jit/JITOpcodes.cpp:
2809         (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does 
2810         a stub call for oversize arrays.
2811         (JSC):
2812         (JSC::JIT::emitSlow_op_new_array): New slow path that just bails out to a stub call if we 
2813         fail in any way on the fast path.
2814         * runtime/JSArray.cpp:
2815         (JSC):
2816         * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to 
2817         initialize in the JIT.
2818         (ArrayStorage):
2819         (JSC::ArrayStorage::lengthOffset):
2820         (JSC::ArrayStorage::numValuesInVectorOffset):
2821         (JSC::ArrayStorage::allocBaseOffset):
2822         (JSC::ArrayStorage::vectorOffset):
2823         (JSArray):
2824         (JSC::JSArray::sparseValueMapOffset):
2825         (JSC::JSArray::subclassDataOffset):
2826         (JSC::JSArray::indexBiasOffset):
2827         (JSC):
2828         (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file
2829         to being a static function in the JSArray class. This move allows the JIT to call it to 
2830         see what size it should allocate.
2831
2832 2012-02-26  Patrick Gansterer  <paroga@webkit.org>
2833
2834         Unreviewed. Build fix for ENABLE(CLASSIC_INTERPRETER) after r108681.
2835
2836         * interpreter/Interpreter.cpp:
2837         (JSC::getLineNumberForCallFrame):
2838         (JSC::Interpreter::getStackTrace):
2839
2840 2012-02-26  Patrick Gansterer  <paroga@webkit.org>
2841
2842         Unreviewed. Build fix for !ENABLE(JIT) after r108681.
2843
2844         * interpreter/Interpreter.cpp:
2845         (JSC::getLineNumberForCallFrame):
2846
2847 2012-02-25  Filip Pizlo  <fpizlo@apple.com>
2848
2849         LLInt assembly file should be split into 32-bit and 64-bit parts
2850         https://bugs.webkit.org/show_bug.cgi?id=79584
2851
2852         Reviewed by Sam Weinig.
2853         
2854         Moved LowLevelInterpreter.asm to LowLevelInterpreter32_64.asm. Gave offlineasm
2855         the ability to include files, and correctly track dependencies: it restricts
2856         the include mechanism to using the same directory as the source file, and uses
2857         the SHA1 hash of all .asm files in that directory as an input hash.
2858
2859         * llint/LLIntOfflineAsmConfig.h:
2860         * llint/LowLevelInterpreter.asm:
2861         * llint/LowLevelInterpreter32_64.asm: Added.
2862             - This is just the entire contents of what was previously LowLevelInterpreter.asm
2863         * llint/LowLevelInterpreter64.asm: Added.
2864         * offlineasm/asm.rb:
2865         * offlineasm/ast.rb:
2866         * offlineasm/generate_offset_extractor.rb:
2867         * offlineasm/parser.rb:
2868         * offlineasm/self_hash.rb:
2869
2870 2012-02-25  Filip Pizlo  <fpizlo@apple.com>
2871
2872         Offlineasm should support X86_64
2873         https://bugs.webkit.org/show_bug.cgi?id=79581
2874
2875         Reviewed by Oliver Hunt.
2876
2877         * llint/LLIntOfflineAsmConfig.h:
2878         * offlineasm/backends.rb:
2879         * offlineasm/instructions.rb:
2880         * offlineasm/settings.rb:
2881         * offlineasm/x86.rb:
2882
2883 2012-02-25  Filip Pizlo  <fpizlo@apple.com>
2884
2885         DFG should support activations and nested functions
2886         https://bugs.webkit.org/show_bug.cgi?id=79554
2887
2888         Reviewed by Oliver Hunt.
2889         
2890         Wrote the simplest possible implementation of activations. Big speed-up on
2891         code that uses activations, no speed-up on major benchmarks (SunSpider, V8,
2892         Kraken) because they do not appear to have sufficient coverage over code
2893         that uses activations.
2894
2895         * bytecode/PredictedType.cpp:
2896         (JSC::predictionToString):
2897         (JSC::predictionFromValue):
2898         * bytecode/PredictedType.h:
2899         (JSC):
2900         (JSC::isEmptyPrediction):
2901         * dfg/DFGAbstractState.cpp:
2902         (JSC::DFG::AbstractState::execute):
2903         * dfg/DFGByteCodeParser.cpp:
2904         (JSC::DFG::ByteCodeParser::ByteCodeParser):
2905         (ByteCodeParser):
2906         (JSC::DFG::ByteCodeParser::parseBlock):
2907         (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
2908         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2909         (JSC::DFG::ByteCodeParser::parse):
2910         * dfg/DFGCapabilities.h:
2911         (JSC::DFG::canCompileOpcode):
2912         (JSC::DFG::canInlineOpcode):
2913         * dfg/DFGGraph.h:
2914         (JSC::DFG::Graph::needsActivation):
2915         * dfg/DFGNode.h:
2916         (DFG):
2917         (JSC::DFG::Node::storageAccessDataIndex):
2918         (Node):
2919         (JSC::DFG::Node::hasFunctionDeclIndex):
2920         (JSC::DFG::Node::functionDeclIndex):
2921         (JSC::DFG::Node::hasFunctionExprIndex):
2922         (JSC::DFG::Node::functionExprIndex):
2923         * dfg/DFGOperations.cpp:
2924         * dfg/DFGOperations.h:
2925         * dfg/DFGPredictionPropagationPhase.cpp:
2926         (JSC::DFG::PredictionPropagationPhase::propagate):
2927         * dfg/DFGSpeculativeJIT.cpp:
2928         (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
2929         (DFG):
2930         (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression):
2931         * dfg/DFGSpeculativeJIT.h:
2932         (JSC::DFG::SpeculativeJIT::callOperation):
2933         * dfg/DFGSpeculativeJIT32_64.cpp:
2934         (JSC::DFG::SpeculativeJIT::compile):
2935         * dfg/DFGSpeculativeJIT64.cpp:
2936         (JSC::DFG::SpeculativeJIT::compile):
2937
2938 2012-02-25  Benjamin Poulain  <benjamin@webkit.org>
2939
2940         Add an empty skeleton of KURL for WTFURL
2941         https://bugs.webkit.org/show_bug.cgi?id=78990
2942
2943         Reviewed by Adam Barth.
2944
2945         * JavaScriptCore.xcodeproj/project.pbxproj: Export the relevant classes from WTFURL
2946         so that can use them in WebCore.
2947
2948 2012-02-25  Filip Pizlo  <fpizlo@apple.com>
2949
2950         Unreviewed, fix build for DFG disabled and LLInt enabled.
2951
2952         * jit/JIT.cpp:
2953         (JSC::JIT::privateCompile):
2954         * llint/LLIntSlowPaths.cpp:
2955         (LLInt):
2956         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2957
2958 2012-02-25  Mark Hahnenberg  <mhahnenberg@apple.com>
2959
2960         Fix the CopiedBlock offset alignment in a cross platform fashion
2961         https://bugs.webkit.org/show_bug.cgi?id=79556
2962
2963         Reviewed by Filip Pizlo.
2964
2965         Replaced m_payload with a payload() method that calculates the offset
2966         of the payload with the proper alignment. This change allows us to 
2967         avoid alignment-related issues in a cross-platform manner.
2968
2969         * heap/CopiedAllocator.h:
2970         (JSC::CopiedAllocator::currentUtilization):
2971         * heap/CopiedBlock.h:
2972         (JSC::CopiedBlock::CopiedBlock):
2973         (JSC::CopiedBlock::payload):
2974         (CopiedBlock):
2975         * heap/CopiedSpace.cpp:
2976         (JSC::CopiedSpace::doneFillingBlock):
2977         * heap/CopiedSpaceInlineMethods.h:
2978         (JSC::CopiedSpace::borrowBlock):
2979         (JSC::CopiedSpace::allocateFromBlock):
2980
2981 2012-02-24  Michael Saboff  <msaboff@apple.com>
2982
2983         Unreviewed, Windows build fix.  Changed signature in export to match
2984         change made in r108858.
2985
2986         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2987
2988 2012-02-24  Filip Pizlo  <fpizlo@apple.com>
2989
2990         DFG support for op_new_regexp should be enabled
2991         https://bugs.webkit.org/show_bug.cgi?id=79538
2992
2993         Reviewed by Oliver Hunt.
2994         
2995         No performance change.
2996
2997         * dfg/DFGCapabilities.h:
2998         (JSC::DFG::canCompileOpcode):
2999         * dfg/DFGCommon.h:
3000
3001 2012-02-24  Michael Saboff  <msaboff@apple.com>
3002
3003         ASSERT(position < 0) in JSC::Yarr::Interpreter::InputStream::readChecked
3004         https://bugs.webkit.org/show_bug.cgi?id=73728
3005
3006         Reviewed by Gavin Barraclough.
3007
3008         Fixed the mixing of signed and unsigned character indeces in YARR
3009         interpreter.
3010
3011         * runtime/RegExp.cpp:
3012         (JSC::RegExp::match): Added code to check for match longer than 2^31 and
3013         return no match after resetting the offsets.
3014         * yarr/YarrInterpreter.cpp: Changed to use unsigned for all character index
3015         handling except when matching back references.
3016         (JSC::Yarr::Interpreter::InputStream::readChecked):
3017         (JSC::Yarr::Interpreter::InputStream::checkInput):
3018         (JSC::Yarr::Interpreter::InputStream::uncheckInput):
3019         (JSC::Yarr::Interpreter::InputStream::atStart):
3020         (JSC::Yarr::Interpreter::InputStream::atEnd):
3021         (JSC::Yarr::Interpreter::InputStream::isAvailableInput):
3022         (JSC::Yarr::Interpreter::checkCharacter):
3023         (JSC::Yarr::Interpreter::checkCasedCharacter):
3024         (JSC::Yarr::Interpreter::checkCharacterClass):
3025         (JSC::Yarr::Interpreter::tryConsumeBackReference):
3026         (JSC::Yarr::Interpreter::matchAssertionBOL):
3027         (JSC::Yarr::Interpreter::matchAssertionWordBoundary):
3028         (JSC::Yarr::Interpreter::backtrackPatternCharacter):
3029         (JSC::Yarr::Interpreter::backtrackPatternCasedCharacter):
3030         (JSC::Yarr::Interpreter::matchCharacterClass):
3031         (JSC::Yarr::Interpreter::backtrackCharacterClass):
3032         (JSC::Yarr::Interpreter::matchParenthesesOnceBegin):
3033         (JSC::Yarr::Interpreter::matchDisjunction):
3034         (JSC::Yarr::Interpreter::interpret):
3035         (JSC::Yarr::ByteCompiler::assertionBOL):
3036         (JSC::Yarr::ByteCompiler::assertionEOL):
3037         (JSC::Yarr::ByteCompiler::assertionWordBoundary):
3038         (JSC::Yarr::ByteCompiler::atomPatternCharacter):
3039         (JSC::Yarr::ByteCompiler::atomCharacterClass):
3040         (JSC::Yarr::ByteCompiler::atomBackReference):
3041         (JSC::Yarr::ByteCompiler::atomParenthesesOnceBegin):
3042         (JSC::Yarr::ByteCompiler::atomParenthesesTerminalBegin):
3043         (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternBegin):
3044         (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
3045         (JSC::Yarr::ByteCompiler::emitDisjunction):
3046         * yarr/YarrInterpreter.h:
3047
3048 2012-02-24  Filip Pizlo  <fpizlo@apple.com>
3049
3050         Unreviewed, build fix for builds where the DFG is disabled but the LLInt is
3051         enabled.
3052
3053         * llint/LLIntOfflineAsmConfig.h:
3054         * llint/LowLevelInterpreter.asm:
3055
3056 2012-02-24  Filip Pizlo  <fpizlo@apple.com>
3057
3058         DFG should be able to handle variables getting captured
3059         https://bugs.webkit.org/show_bug.cgi?id=79469
3060
3061         Reviewed by Oliver Hunt.
3062         
3063         Made captured variables work by placing a Flush on the SetLocal and
3064         forcing the emission of the GetLocal even if copy propagation tells us
3065         who has the value.
3066         
3067         Changed the CFA and various prediction codes to understand that we can't
3068         really prove anything about captured variables. Well, we could in the
3069         future by just looking at what side effects are happening, but in this
3070         first cut we just assume that we can't reason about captured variables.
3071         
3072         Also added a mode where the DFG pretends that all variables and arguments
3073         got captured. Used this mode to harden the code.
3074         
3075         This is performance neutral. Capturing all variables is a slow down, but
3076         not too big of one. This seems to predict that when we add activation
3077         support, the amount of speed benefit we'll get from increased coverage
3078         will far outweigh the pessimism that we'll have to endure for captured
3079         variables.
3080
3081         * bytecode/CodeType.h:
3082         (JSC::codeTypeToString):
3083         * dfg/DFGAbstractState.cpp:
3084         (JSC::DFG::AbstractState::initialize):
3085         (JSC::DFG::AbstractState::endBasicBlock):
3086         (JSC::DFG::AbstractState::execute):
3087         (JSC::DFG::AbstractState::merge):
3088         * dfg/DFGAbstractState.h:
3089         (AbstractState):
3090         * dfg/DFGByteCodeParser.cpp:
3091         (JSC::DFG::ByteCodeParser::getLocal):
3092         (JSC::DFG::ByteCodeParser::setLocal):
3093         (JSC::DFG::ByteCodeParser::getArgument):
3094         (JSC::DFG::ByteCodeParser::setArgument):
3095         (JSC::DFG::ByteCodeParser::flushArgument):
3096         (JSC::DFG::ByteCodeParser::handleInlining):
3097         (JSC::DFG::ByteCodeParser::processPhiStack):
3098         (JSC::DFG::ByteCodeParser::parseCodeBlock):
3099         (JSC::DFG::ByteCodeParser::parse):
3100         * dfg/DFGCapabilities.h:
3101         (JSC::DFG::mightInlineFunctionForCall):
3102         (JSC::DFG::mightInlineFunctionForConstruct):
3103         * dfg/DFGCommon.h:
3104         * dfg/DFGGraph.h:
3105         (JSC::DFG::Graph::needsActivation):
3106         (Graph):
3107         (JSC::DFG::Graph::argumentIsCaptured):
3108         (JSC::DFG::Graph::localIsCaptured):
3109         (JSC::DFG::Graph::isCaptured):
3110         * dfg/DFGNode.h:
3111         (JSC::DFG::Node::shouldGenerate):
3112         * dfg/DFGPredictionPropagationPhase.cpp:
3113         (JSC::DFG::PredictionPropagationPhase::propagate):
3114         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
3115         * dfg/DFGSpeculativeJIT.cpp:
3116         (DFG):
3117         (JSC::DFG::ValueSource::dump):
3118         (JSC::DFG::SpeculativeJIT::compile):
3119         * dfg/DFGSpeculativeJIT.h:
3120         (ValueSource):
3121         * dfg/DFGSpeculativeJIT32_64.cpp:
3122         (JSC::DFG::SpeculativeJIT::compile):
3123         * dfg/DFGSpeculativeJIT64.cpp:
3124         (JSC::DFG::SpeculativeJIT::compile):
3125         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
3126         (JSC::DFG::VirtualRegisterAllocationPhase::run):
3127
3128 2012-02-24  Gavin Barraclough  <barraclough@apple.com>
3129
3130         Should not allow malformed \x escapes
3131         https://bugs.webkit.org/show_bug.cgi?id=79462
3132
3133         Reviewed by Oliver Hunt.
3134
3135         * parser/Lexer.cpp:
3136         (JSC::::parseString):
3137         (JSC::::parseStringSlowCase):
3138             - Prohibit malformed '\x' escapes
3139         * tests/mozilla/ecma/Array/15.4.5.1-1.js:
3140         * tests/mozilla/ecma/LexicalConventions/7.7.4.js:
3141         * tests/mozilla/ecma_2/RegExp/hex-001.js:
3142         * tests/mozilla/js1_2/regexp/hexadecimal.js:
3143             - Remove erroneous test cases (correct behaviour is tested by LayoutTests/sputnik).
3144
3145 2012-02-24  Daniel Bates  <dbates@webkit.org>
3146
3147         Fix change log entry for changeset r108819; add bug URL
3148         https://bugs.webkit.org/show_bug.cgi?id=79504
3149
3150         Changeset r108819 is associated with bug #79504.
3151
3152         * ChangeLog
3153
3154 2012-02-24  Daniel Bates  <dbates@webkit.org>
3155
3156         Substitute ENABLE(CLASSIC_INTERPRETER) for ENABLE(INTERPRETER) in Interpreter.cpp
3157         https://bugs.webkit.org/show_bug.cgi?id=79504
3158
3159         Reviewed by Oliver Hunt.
3160
3161         There are a few places in Interpreter.cpp that need to be updated to use
3162         ENABLE(CLASSIC_INTERPRETER) following the renaming of ENABLE_INTERPRETER to
3163         ENABLE_CLASSIC_INTERPRETER in changeset <http://trac.webkit.org/changeset/108020>
3164         (https://bugs.webkit.org/show_bug.cgi?id=78791).
3165
3166         * interpreter/Interpreter.cpp:
3167         (JSC::getLineNumberForCallFrame):
3168         (JSC::getCallerInfo):
3169         (JSC::getSourceURLFromCallFrame):
3170
3171 2012-02-24  Adam Roben  <aroben@apple.com>
3172
3173         Undo the BUILDING_WTF part of r108808
3174
3175         This broke the build, which is obviously worse than the linker warning it was trying to
3176         solve.
3177
3178         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
3179
3180 2012-02-24  Adam Roben  <aroben@apple.com>
3181
3182         Fix linker warnings on Windows
3183
3184         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed symbols that are already
3185         exported via JS_EXPORTDATA.
3186
3187         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Define BUILDING_WTF. We
3188         aren't actually building WTF, but we are statically linking it, so we need to define this
3189         symbol so that we export WTF's exports.
3190
3191 2012-02-24  Philippe Normand  <pnormand@igalia.com>
3192
3193         Fix GTK WebAudio build for WebKitGTK 1.7.90.
3194
3195         Patch by Priit Laes <plaes@plaes.org> on 2012-02-24
3196         Rubber-stamped by Philippe Normand.
3197
3198         * GNUmakefile.list.am: Add Complex.h to the list of files so it
3199         gets disted in the tarballs.
3200
3201 2012-02-24  Zoltan Herczeg  <zherczeg@webkit.org>
3202
3203         [Qt] Buildfix for "Zero out CopiedBlocks on initialization".
3204         https://bugs.webkit.org/show_bug.cgi?id=79199
3205
3206         Ruber stamped by Csaba Osztrogonác.
3207
3208         Temporary fix since the new member wastes a little space on
3209         64 bit systems. Although it is harmless, it is only needed
3210         for 32 bit systems.
3211
3212         * heap/CopiedBlock.h:
3213         (CopiedBlock):
3214
3215 2012-02-24  Han Hojong  <hojong.han@samsung.com>
3216
3217         Remove useless jump instructions for short circuit
3218         https://bugs.webkit.org/show_bug.cgi?id=75602
3219
3220         Reviewed by Michael Saboff.
3221
3222         Jump instruction is inserted to make short circuit, 
3223         however it does nothing but moving to the next instruction.
3224         Therefore useless jump instructions are removed, 
3225         and jump list is moved into the case not for a short circuit,
3226         so that only necessary instructions are added to JIT code
3227         unless it has a 16 bit pattern character and an 8 bit string.
3228
3229         * yarr/YarrJIT.cpp:
3230         (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
3231         (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
3232
3233 2012-02-24  Sheriff Bot  <webkit.review.bot@gmail.com>
3234
3235         Unreviewed, rolling out r108731.
3236         http://trac.webkit.org/changeset/108731
3237         https://bugs.webkit.org/show_bug.cgi?id=79464
3238
3239         Broke Chromium Win tests (Requested by bashi on #webkit).
3240
3241         * wtf/Platform.h:
3242
3243 2012-02-24  Andrew Lo  <anlo@rim.com>
3244
3245         [BlackBerry] Enable requestAnimationFrame
3246         https://bugs.webkit.org/show_bug.cgi?id=79408
3247
3248         Use timer implementation of requestAnimationFrame on BlackBerry.
3249
3250         Reviewed by Rob Buis.
3251
3252         * wtf/Platform.h:
3253
3254 2012-02-24  Mathias Bynens  <mathias@qiwi.be>
3255
3256         `\u200c` and `\u200d` should be allowed in IdentifierPart, as per ES5
3257         https://bugs.webkit.org/show_bug.cgi?id=78908
3258
3259         Add additional checks for zero-width non-joiner (0x200C) and
3260         zero-width joiner (0x200D) characters.
3261
3262         Reviewed by Michael Saboff.
3263
3264         * parser/Lexer.cpp:
3265         (JSC::isNonASCIIIdentPart)
3266         * runtime/LiteralParser.cpp:
3267         (JSC::::Lexer::lexIdentifier)
3268
3269 2012-02-23  Kenichi Ishibashi  <bashi@chromium.org>
3270
3271         Adding WebSocket per-frame DEFLATE extension
3272         https://bugs.webkit.org/show_bug.cgi?id=77522
3273
3274         Added USE(ZLIB) flag.
3275
3276         Reviewed by Kent Tamura.
3277
3278         * wtf/Platform.h:
3279
3280 2012-02-23  Mark Hahnenberg  <mhahnenberg@apple.com>
3281
3282         Zero out CopiedBlocks on initialization
3283         https://bugs.webkit.org/show_bug.cgi?id=79199
3284
3285         Reviewed by Filip Pizlo.
3286
3287         Made CopyBlocks zero their payloads during construction. This allows 
3288         JSArray to avoid having to manually clear its backing store upon allocation
3289         and also alleviates any future pain with regard to the garbage collector trying 
3290         to mark what it thinks are values in what is actually uninitialized memory.
3291
3292         * heap/CopiedBlock.h:
3293         (JSC::CopiedBlock::CopiedBlock):
3294         * runtime/JSArray.cpp:
3295         (JSC::JSArray::finishCreation):
3296         (JSC::JSArray::tryFinishCreationUninitialized):
3297         (JSC::JSArray::increaseVectorLength):
3298         (JSC::JSArray::unshiftCountSlowCase):
3299
3300 2012-02-23  Oliver Hunt  <oliver@apple.com>
3301
3302         Make Interpreter::getStackTrace be able to generate the line number for the top callframe if none is provided
3303         https://bugs.webkit.org/show_bug.cgi?id=79407
3304
3305         Reviewed by Gavin Barraclough.
3306
3307         Outside of exception handling, we don't know what our source line number is.  This
3308         change allows us to pass -1 is as the initial line number, and get the correct line
3309         number in the resultant stack trace.  We can't completely elide the initial line
3310         number (yet) due to some idiosyncrasies of the exception handling machinery.
3311
3312         * interpreter/Interpreter.cpp:
3313         (JSC::getLineNumberForCallFrame):
3314         (JSC):
3315         (JSC::Interpreter::getStackTrace):
3316
3317 2012-02-22  Filip Pizlo  <fpizlo@apple.com>
3318
3319         DFG OSR exit value profiling should have graceful handling of local variables and arguments
3320         https://bugs.webkit.org/show_bug.cgi?id=79310
3321
3322         Reviewed by Gavin Barraclough.
3323         
3324         Previously, if we OSR exited because a prediction in a local was wrong, we'd
3325         only realize what the true type of the local was if the regular value profiling
3326         kicked in and told us. Unless the local was block-locally copy propagated, in
3327         which case we'd know from an OSR exit profile.
3328         
3329         This patch adds OSR exit profiling to all locals and arguments. Now, if we OSR
3330         exit because of a mispredicted local or argument type, we'll know what the type of
3331         the local or argument should be immediately upon exiting.
3332         
3333         The way that local variable OSR exit profiling works is that we now have a lazily
3334         added set of OSR-exit-only value profiles for exit sites that are BadType and that
3335         cited a GetLocal as their value source. The value profiles are only added if the
3336         OSR exit is taken, and are keyed by CodeBlock, bytecode index of the GetLocal, and
3337         operand. The look-up is performed by querying the
3338         CompressedLazyOperandValueProfileHolder in the CodeBlock, using a key that contains
3339         the bytecode index and the operand. Because the value profiles are added at random
3340         times, they are not sorted; instead they are just stored in an arbitrarily-ordered
3341         SegmentedVector. Look-ups are made fast by "decompressing": the DFG::ByteCodeParser
3342         creates a LazyOperandValueProfileParser, which turns the
3343         CompressedLazyOperandValueProfileHolder's contents into a HashMap for the duration
3344         of DFG parsing.
3345         
3346         Previously, OSR exits had a pointer to the ValueProfile that had the specFailBucket
3347         into which values observed during OSR exit would be placed. Now it uses a lazy
3348         thunk for a ValueProfile. I call this the MethodOfGettingAValueProfile. It may
3349         either contain a ValueProfile inside it (which works for previous uses of OSR exit
3350         profiling) or it may just have knowledge of how to go about creating the
3351         LazyOperandValueProfile in the case that the OSR exit is actually taken. This
3352         ensures that we never have to create NumOperands*NumBytecodeIndices*NumCodeBlocks
3353         value profiling buckets unless we actually did OSR exit on every single operand,
3354         in every single instruction, in each code block (that's probably unlikely).
3355         
3356         This appears to be neutral on the major benchmarks, but is a double-digit speed-up
3357         on code deliberately written to have data flow that spans basic blocks and where
3358         the code exhibits post-optimization polymorphism in a local variable.
3359
3360         * CMakeLists.txt:
3361         * GNUmakefile.list.am:
3362         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3363         * JavaScriptCore.xcodeproj/project.pbxproj:
3364         * Target.pri:
3365         * bytecode/CodeBlock.cpp:
3366         (JSC::CodeBlock::stronglyVisitStrongReferences):
3367         * bytecode/CodeBlock.h:
3368         (CodeBlock):
3369         (JSC::CodeBlock::lazyOperandValueProfiles):
3370         * bytecode/LazyOperandValueProfile.cpp: Added.
3371         (JSC):
3372         (JSC::CompressedLazyOperandValueProfileHolder::CompressedLazyOperandValueProfileHolder):
3373         (JSC::CompressedLazyOperandValueProfileHolder::~CompressedLazyOperandValueProfileHolder):
3374         (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
3375         (JSC::CompressedLazyOperandValueProfileHolder::add):
3376         (JSC::LazyOperandValueProfileParser::LazyOperandValueProfileParser):
3377         (JSC::LazyOperandValueProfileParser::~LazyOperandValueProfileParser):
3378         (JSC::LazyOperandValueProfileParser::getIfPresent):
3379         (JSC::LazyOperandValueProfileParser::prediction):
3380         * bytecode/LazyOperandValueProfile.h: Added.
3381         (JSC):
3382         (LazyOperandValueProfileKey):
3383         (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey):
3384         (JSC::LazyOperandValueProfileKey::operator!):
3385         (JSC::LazyOperandValueProfileKey::operator==):
3386         (JSC::LazyOperandValueProfileKey::hash):
3387         (JSC::LazyOperandValueProfileKey::bytecodeOffset):
3388         (JSC::LazyOperandValueProfileKey::operand):
3389         (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue):
3390         (JSC::LazyOperandValueProfileKeyHash::hash):
3391         (JSC::LazyOperandValueProfileKeyHash::equal):
3392         (LazyOperandValueProfileKeyHash):
3393         (WTF):
3394         (JSC::LazyOperandValueProfile::LazyOperandValueProfile):
3395         (LazyOperandValueProfile):
3396         (JSC::LazyOperandValueProfile::key):
3397         (CompressedLazyOperandValueProfileHolder):
3398         (LazyOperandValueProfileParser):
3399         * bytecode/MethodOfGettingAValueProfile.cpp: Added.
3400         (JSC):
3401         (JSC::MethodOfGettingAValueProfile::fromLazyOperand):
3402         (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
3403         * bytecode/MethodOfGettingAValueProfile.h: Added.
3404         (JSC):
3405         (MethodOfGettingAValueProfile):
3406         (JSC::MethodOfGettingAValueProfile::MethodOfGettingAValueProfile):
3407         (JSC::MethodOfGettingAValueProfile::operator!):
3408         * bytecode/ValueProfile.cpp: Removed.
3409         * bytecode/ValueProfile.h:
3410         (JSC):
3411         (ValueProfileBase):
3412         (JSC::ValueProfileBase::ValueProfileBase):
3413         (JSC::ValueProfileBase::dump):
3414         (JSC::ValueProfileBase::computeUpdatedPrediction):
3415         (JSC::MinimalValueProfile::MinimalValueProfile):
3416         (ValueProfileWithLogNumberOfBuckets):
3417         (JSC::ValueProfileWithLogNumberOfBuckets::ValueProfileWithLogNumberOfBuckets):
3418         (JSC::ValueProfile::ValueProfile):
3419         (JSC::getValueProfileBytecodeOffset):
3420         (JSC::getRareCaseProfileBytecodeOffset):
3421         * dfg/DFGByteCodeParser.cpp:
3422         (ByteCodeParser):
3423         (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
3424         (JSC::DFG::ByteCodeParser::getLocal):
3425         (JSC::DFG::ByteCodeParser::getArgument):
3426         (InlineStackEntry):
3427         (JSC::DFG::ByteCodeParser::fixVariableAccessPredictions):
3428         (DFG):
3429         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
3430         (JSC::DFG::ByteCodeParser::parse):
3431         * dfg/DFGDriver.cpp:
3432         (JSC::DFG::compile):
3433         * dfg/DFGGraph.h:
3434         (JSC::DFG::Graph::valueProfileFor):
3435         (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
3436         (Graph):
3437         * dfg/DFGNode.h:
3438         (Node):
3439         * dfg/DFGOSRExit.cpp:
3440         (JSC::DFG::OSRExit::OSRExit):
3441         * dfg/DFGOSRExit.h:
3442         (OSRExit):
3443         * dfg/DFGOSRExitCompiler32_64.cpp:
3444         (JSC::DFG::OSRExitCompiler::compileExit):
3445         * dfg/DFGOSRExitCompiler64.cpp:
3446         (JSC::DFG::OSRExitCompiler::compileExit):
3447         * dfg/DFGPhase.cpp:
3448         (JSC::DFG::Phase::beginPhase):
3449         (JSC::DFG::Phase::endPhase):
3450         * dfg/DFGSpeculativeJIT.cpp:
3451         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
3452         * dfg/DFGSpeculativeJIT.h:
3453         (JSC::DFG::SpeculativeJIT::speculationCheck):
3454         * dfg/DFGVariableAccessData.h:
3455         (JSC::DFG::VariableAccessData::nonUnifiedPrediction):
3456         (VariableAccessData):
3457
3458 2012-02-23  Filip Pizlo  <fpizlo@apple.com>
3459
3460         Build fix.
3461
3462         * llint/LLIntOffsetsExtractor.cpp:
3463
3464 2012-02-23  Kevin Ollivier  <kevino@theolliviers.com>
3465
3466         [wx] Build fix, disable LLINT for now and fix ENABLE defines for it.
3467
3468         * llint/LLIntOffsetsExtractor.cpp:
3469         * wtf/Platform.h:
3470
3471 2012-02-23  Kevin Ollivier  <kevino@theolliviers.com>
3472
3473         [wx] Build fix for non-Mac wx builds.
3474
3475         * runtime/DatePrototype.cpp:
3476
3477 2012-02-22  Filip Pizlo  <fpizlo@apple.com>
3478
3479         DFG's logic for emitting a Flush is too convoluted and contains an inaccurate comment
3480         https://bugs.webkit.org/show_bug.cgi?id=79334
3481
3482         Reviewed by Oliver Hunt.
3483
3484         * dfg/DFGByteCodeParser.cpp:
3485         (JSC::DFG::ByteCodeParser::getLocal):
3486         (JSC::DFG::ByteCodeParser::getArgument):
3487         (JSC::DFG::ByteCodeParser::flush):
3488
3489 2012-02-23  Gavin Barraclough  <barraclough@apple.com>
3490
3491         Object.isSealed / Object.isFrozen don't work for native objects
3492         https://bugs.webkit.org/show_bug.cgi?id=79331
3493
3494         Reviewed by Sam Weinig.
3495
3496         Need to inspect all properties, including static ones.
3497         This exposes a couple of bugs in Array & Arguments:
3498             - getOwnPropertyDescriptor doesn't correctly report the writable attribute of array length.
3499             - Arguments object's defineOwnProperty does not handle callee/caller/length correctly.
3500
3501         * runtime/Arguments.cpp:
3502         (JSC::Arguments::defineOwnProperty):
3503             - Add handling for callee/caller/length.
3504         * runtime/JSArray.cpp:
3505         (JSC::JSArray::getOwnPropertyDescriptor):
3506             - report length's writability correctly.
3507         * runtime/ObjectConstructor.cpp:
3508         (JSC::objectConstructorSeal):
3509         (JSC::objectConstructorFreeze):
3510         (JSC::objectConstructorIsSealed):
3511         (JSC::objectConstructorIsFrozen):
3512             - Add spec-based implementation for non-final objects.
3513
3514 2012-02-23  Gavin Barraclough  <barraclough@apple.com>
3515
3516         pop of array hole should get from the prototype chain
3517         https://bugs.webkit.org/show_bug.cgi?id=79338
3518
3519         Reviewed by Sam Weinig.
3520
3521         * runtime/JSArray.cpp:
3522         (JSC::JSArray::pop):
3523             - If the fast fast vector case fails, more closely follow the spec.
3524
3525 2012-02-23  Yong Li  <yoli@rim.com>
3526
3527         JSString::outOfMemory() should ASSERT(isRope()) rather than !isRope()
3528         https://bugs.webkit.org/show_bug.cgi?id=79268
3529
3530         Reviewed by Michael Saboff.
3531
3532         resolveRope() is the only caller of outOfMemory(), and it calls outOfMemory()
3533         after it fails to allocate a buffer for m_value. So outOfMemory() should assert
3534         isRope() rather than !isRope().
3535
3536         * runtime/JSString.cpp:
3537         (JSC::JSString::outOfMemory):
3538
3539 2012-02-23  Patrick Gansterer  <paroga@webkit.org>
3540
3541         [CMake] Add WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS macro
3542         https://bugs.webkit.org/show_bug.cgi?id=79371
3543
3544         Reviewed by Daniel Bates.
3545
3546         * CMakeLists.txt:
3547         * shell/CMakeLists.txt:
3548         * wtf/CMakeLists.txt:
3549
3550 2012-02-23  Aron Rosenberg  <arosenberg@logitech.com>
3551
3552         Fix the PRI macros used in WTF::String formatters to be compatible with Qt and Visual Studio 2005 and newer.
3553         https://bugs.webkit.org/show_bug.cgi?id=76210
3554
3555         Add compile time check for Visual Studio 2005 or newer.
3556
3557         Reviewed by Simon Hausmann.
3558
3559         * os-win32/inttypes.h:
3560
3561 2012-02-22  Gavin Barraclough  <barraclough@apple.com>
3562
3563         Implement [[DefineOwnProperty]] for the arguments object
3564         https://bugs.webkit.org/show_bug.cgi?id=79309
3565
3566         Reviewed by Sam Weinig.
3567
3568         * runtime/Arguments.cpp:
3569         (JSC::Arguments::deletePropertyByIndex):
3570         (JSC::Arguments::deleteProperty):
3571             - Deleting an argument should also delete the copy on the object, if any.
3572         (JSC::Arguments::defineOwnProperty):
3573             - Defining a property may override the live mapping.
3574         * runtime/Arguments.h:
3575         (Arguments):
3576
3577 2012-02-22  Gavin Barraclough  <barraclough@apple.com>
3578
3579         Fix Object.freeze for non-final objects.
3580         https://bugs.webkit.org/show_bug.cgi?id=79286
3581
3582         Reviewed by Oliver Hunt.
3583
3584         For vanilla objects we implement this with a single transition, for objects
3585         with special properties we should just follow the spec defined algorithm.
3586
3587         * runtime/JSArray.cpp:
3588         (JSC::SparseArrayValueMap::put):
3589             - this does need to handle inextensible objects.
3590         * runtime/ObjectConstructor.cpp:
3591         (JSC::objectConstructorSeal):
3592         (JSC::objectConstructorFreeze):
3593             - Implement spec defined algorithm for non-final objects.
3594         * runtime/Structure.cpp:
3595         (JSC::Structure::Structure):
3596         (JSC::Structure::freezeTransition):
3597             - freeze should set m_hasReadOnlyOrGetterSetterPropertiesExcludingProto.
3598         * runtime/Structure.h:
3599         (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto):
3600         (JSC::Structure::setHasGetterSetterProperties):
3601         (JSC::Structure::setContainsReadOnlyProperties):
3602         (Structure):
3603             - renamed m_hasReadOnlyOrGetterSetterPropertiesExcludingProto.
3604
3605 2012-02-22  Mark Hahnenberg  <mhahnenberg@apple.com>
3606
3607         Allocations from CopiedBlocks should always be 8-byte aligned
3608         https://bugs.webkit.org/show_bug.cgi?id=79271
3609
3610         Reviewed by Geoffrey Garen.
3611
3612         * heap/CopiedAllocator.h:
3613         (JSC::CopiedAllocator::allocate):
3614         * heap/CopiedBlock.h: Changed to add padding so that the start of the payload is always 
3615         guaranteed to be 8 byte aligned on both 64- and 32-bit platforms.
3616         (CopiedBlock):
3617         * heap/CopiedSpace.cpp: Changed all assertions of isPointerAligned to is8ByteAligned.
3618         (JSC::CopiedSpace::tryAllocateOversize):
3619         (JSC::CopiedSpace::getFreshBlock):
3620         * heap/CopiedSpaceInlineMethods.h:
3621         (JSC::CopiedSpace::allocateFromBlock):
3622         * runtime/JSArray.h:
3623         (ArrayStorage): Added padding for ArrayStorage to make sure that it is always 8 byte 
3624         aligned on both 64- and 32-bit platforms.
3625         * wtf/StdLibExtras.h:
3626         (WTF::is8ByteAligned): Added new utility function that functions similarly to the 
3627         way isPointerAligned does, but it just always checks for 8 byte alignment.
3628         (WTF):
3629
3630 2012-02-22  Sheriff Bot  <webkit.review.bot@gmail.com>
3631
3632         Unreviewed, rolling out r108456.
3633         http://trac.webkit.org/changeset/108456
3634         https://bugs.webkit.org/show_bug.cgi?id=79223
3635
3636         Broke fast/regex/pcre-test-4.html and cannot find anyone on
3637         IRC (Requested by zherczeg on #webkit).
3638
3639         * yarr/YarrJIT.cpp:
3640         (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):
3641
3642 2012-02-22  Sheriff Bot  <webkit.review.bot@gmail.com>
3643
3644         Unreviewed, rolling out r108468.
3645         http://trac.webkit.org/changeset/108468
3646         https://bugs.webkit.org/show_bug.cgi?id=79219
3647
3648         Broke Chromium Win release build (Requested by bashi on
3649         #webkit).
3650
3651         * wtf/Platform.h:
3652
3653 2012-02-22  Kenichi Ishibashi  <bashi@chromium.org>
3654
3655         Adding WebSocket per-frame DEFLATE extension
3656         https://bugs.webkit.org/show_bug.cgi?id=77522
3657
3658         Added USE(ZLIB) flag.
3659
3660         Reviewed by Kent Tamura.
3661
3662         * wtf/Platform.h:
3663
3664 2012-02-22  Hojong Han  <hojong.han@samsung.com>
3665
3666         Short circuit fixed for a 16 bt pattern character and an 8 bit string.
3667         https://bugs.webkit.org/show_bug.cgi?id=75602
3668
3669         Reviewed by Gavin Barraclough.
3670
3671         * yarr/YarrJIT.cpp:
3672         (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):
3673
3674 2012-02-21  Filip Pizlo  <fpizlo@apple.com>
3675
3676         Build fix for systems with case sensitive disks.
3677
3678         * llint/LLIntOfflineAsmConfig.h:
3679
3680 2012-02-21  Filip Pizlo  <fpizlo@apple.com>
3681
3682         JSC should be a triple-tier VM
3683         https://bugs.webkit.org/show_bug.cgi?id=75812
3684         <rdar://problem/10079694>
3685
3686         Reviewed by Gavin Barraclough.
3687         
3688         Implemented an interpreter that uses the JIT's calling convention. This
3689         interpreter is called LLInt, or the Low Level Interpreter. JSC will now
3690         will start by executing code in LLInt and will only tier up to the old
3691         JIT after the code is proven hot.
3692         
3693         LLInt is written in a modified form of our macro assembly. This new macro
3694         assembly is compiled by an offline assembler (see offlineasm), which
3695         implements many modern conveniences such as a Turing-complete CPS-based
3696         macro language and direct access to relevant C++ type information
3697         (basically offsets of fields and sizes of structs/classes).
3698         
3699         Code executing in LLInt appears to the rest of the JSC world "as if" it
3700         were executing in the old JIT. Hence, things like exception handling and
3701         cross-execution-engine calls just work and require pretty much no
3702         additional overhead.
3703         
3704         This interpreter is 2-2.5x faster than our old interpreter on SunSpider,
3705         V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider,
3706         V8, and Kraken, but appear to get a double-digit improvement on real-world
3707         websites due to a huge reduction in the amount of JIT'ing.
3708         
3709         * CMakeLists.txt:
3710         * GNUmakefile.am:
3711         * GNUmakefile.list.am:
3712         * JavaScriptCore.pri:
3713         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3714         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
3715         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
3716         * JavaScriptCore.xcodeproj/project.pbxproj:
3717         * Target.pri:
3718         * assembler/LinkBuffer.h:
3719         * assembler/MacroAssemblerCodeRef.h:
3720         (MacroAssemblerCodePtr):
3721         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
3722         * bytecode/BytecodeConventions.h: Added.
3723         * bytecode/CallLinkStatus.cpp:
3724         (JSC::CallLinkStatus::computeFromLLInt):
3725         (JSC):
3726         (JSC::CallLinkStatus::computeFor):
3727         * bytecode/CallLinkStatus.h:
3728         (JSC::CallLinkStatus::isSet):
3729         (JSC::CallLinkStatus::operator!):
3730         (CallLinkStatus):
3731         * bytecode/CodeBlock.cpp:
3732         (JSC::CodeBlock::dump):
3733         (JSC::CodeBlock::CodeBlock):
3734         (JSC::CodeBlock::~CodeBlock):
3735         (JSC::CodeBlock::finalizeUnconditionally):
3736         (JSC::CodeBlock::stronglyVisitStrongReferences):
3737         (JSC):
3738         (JSC::CodeBlock::unlinkCalls):
3739         (JSC::CodeBlock::unlinkIncomingCalls):
3740         (JSC::CodeBlock::bytecodeOffset):
3741         (JSC::ProgramCodeBlock::jettison):
3742         (JSC::EvalCodeBlock::jettison):
3743         (JSC::FunctionCodeBlock::jettison):
3744         (JSC::ProgramCodeBlock::jitCompileImpl):
3745         (JSC::EvalCodeBlock::jitCompileImpl):
3746         (JSC::FunctionCodeBlock::jitCompileImpl):
3747         * bytecode/CodeBlock.h:
3748         (JSC):
3749         (CodeBlock):
3750         (JSC::CodeBlock::baselineVersion):
3751         (JSC::CodeBlock::linkIncomingCall):
3752         (JSC::CodeBlock::bytecodeOffset):
3753         (JSC::CodeBlock::jitCompile):
3754         (JSC::CodeBlock::hasOptimizedReplacement):
3755         (JSC::CodeBlock::addPropertyAccessInstruction):
3756         (JSC::CodeBlock::addGlobalResolveInstruction):
3757         (JSC::CodeBlock::addLLIntCallLinkInfo):
3758         (JSC::CodeBlock::addGlobalResolveInfo):
3759         (JSC::CodeBlock::numberOfMethodCallLinkInfos):
3760         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
3761         (JSC::CodeBlock::likelyToTakeSlowCase):
3762         (JSC::CodeBlock::couldTakeSlowCase):
3763         (JSC::CodeBlock::likelyToTakeSpecialFastCase):
3764         (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
3765         (JSC::CodeBlock::likelyToTakeAnySlowCase):
3766         (JSC::CodeBlock::addFrequentExitSite):
3767         (JSC::CodeBlock::dontJITAnytimeSoon):
3768         (JSC::CodeBlock::jitAfterWarmUp):
3769         (JSC::CodeBlock::jitSoon):
3770         (JSC::CodeBlock::llintExecuteCounter):
3771         (ProgramCodeBlock):
3772         (EvalCodeBlock):
3773         (FunctionCodeBlock):
3774         * bytecode/GetByIdStatus.cpp:
3775         (JSC::GetByIdStatus::computeFromLLInt):
3776         (JSC):
3777         (JSC::GetByIdStatus::computeFor):
3778         * bytecode/GetByIdStatus.h:
3779         (JSC::GetByIdStatus::GetByIdStatus):
3780         (JSC::GetByIdStatus::wasSeenInJIT):
3781         (GetByIdStatus):
3782         * bytecode/Instruction.h:
3783         (JSC):
3784         (JSC::Instruction::Instruction):
3785         (Instruction):
3786         * bytecode/LLIntCallLinkInfo.h: Added.
3787         (JSC):
3788         (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo):
3789         (LLIntCallLinkInfo):
3790         (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo):
3791         (JSC::LLIntCallLinkInfo::isLinked):
3792         (JSC::LLIntCallLinkInfo::unlink):
3793         * bytecode/MethodCallLinkStatus.cpp:
3794         (JSC::MethodCallLinkStatus::computeFor):
3795         * bytecode/Opcode.cpp:
3796         (JSC):
3797         * bytecode/Opcode.h:
3798         (JSC):
3799         (JSC::padOpcodeName):
3800         * bytecode/PutByIdStatus.cpp:
3801         (JSC::PutByIdStatus::computeFromLLInt):
3802         (JSC):
3803         (JSC::PutByIdStatus::computeFor):
3804         * bytecode/PutByIdStatus.h:
3805         (PutByIdStatus):
3806         * bytecompiler/BytecodeGenerator.cpp:
3807         (JSC::BytecodeGenerator::emitResolve):
3808         (JSC::BytecodeGenerator::emitResolveWithBase):
3809         (JSC::BytecodeGenerator::emitGetById):
3810         (JSC::BytecodeGenerator::emitPutById):
3811         (JSC::BytecodeGenerator::emitDirectPutById):
3812         (JSC::BytecodeGenerator::emitCall):
3813         (JSC::BytecodeGenerator::emitConstruct):
3814         (JSC::BytecodeGenerator::emitCatch):
3815         * dfg/DFGByteCodeParser.cpp:
3816         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
3817         (JSC::DFG::ByteCodeParser::handleInlining):
3818         (JSC::DFG::ByteCodeParser::parseBlock):
3819         * dfg/DFGCapabilities.h:
3820         (JSC::DFG::canCompileOpcode):
3821         * dfg/DFGOSRExitCompiler.cpp:
3822         * dfg/DFGOperations.cpp:
3823         * heap/Heap.h:
3824         (JSC):
3825         (JSC::Heap::firstAllocatorWithoutDestructors):
3826         (Heap):
3827         * heap/MarkStack.cpp:
3828         (JSC::visitChildren):
3829         * heap/MarkedAllocator.h:
3830         (JSC):
3831         (MarkedAllocator):
3832         * heap/MarkedSpace.h:
3833         (JSC):
3834         (MarkedSpace):
3835         (JSC::MarkedSpace::firstAllocator):
3836         * interpreter/CallFrame.cpp:
3837         (JSC):
3838         (JSC::CallFrame::bytecodeOffsetForNonDFGCode):
3839         (JSC::CallFrame::setBytecodeOffsetForNonDFGCode):
3840         (JSC::CallFrame::currentVPC):
3841         (JSC::CallFrame::setCurrentVPC):
3842         (JSC::CallFrame::trueCallerFrame):
3843         * interpreter/CallFrame.h:
3844         (JSC::ExecState::hasReturnPC):
3845         (JSC::ExecState::clearReturnPC):
3846         (ExecState):
3847         (JSC::ExecState::bytecodeOffsetForNonDFGCode):
3848         (JSC::ExecState::currentVPC):
3849         (JSC::ExecState::setCurrentVPC):
3850         * interpreter/Interpreter.cpp:
3851         (JSC::Interpreter::Interpreter):
3852         (JSC::Interpreter::~Interpreter):
3853         (JSC):
3854         (JSC::Interpreter::initialize):
3855         (JSC::Interpreter::isOpcode):
3856         (JSC::Interpreter::unwindCallFrame):
3857         (JSC::getCallerInfo):
3858         (JSC::Interpreter::privateExecute):
3859         (JSC::Interpreter::retrieveLastCaller):
3860         * interpreter/Interpreter.h:
3861         (JSC):
3862         (Interpreter):
3863         (JSC::Interpreter::getOpcode):
3864         (JSC::Interpreter::getOpcodeID):
3865         (JSC::Interpreter::classicEnabled):
3866         * interpreter/RegisterFile.h:
3867         (JSC):
3868         (RegisterFile):
3869         * jit/ExecutableAllocator.h:
3870         (JSC):
3871         * jit/HostCallReturnValue.cpp: Added.
3872         (JSC):
3873         (JSC::getHostCallReturnValueWithExecState):
3874         * jit/HostCallReturnValue.h: Added.
3875         (JSC):
3876         (JSC::initializeHostCallReturnValue):
3877         * jit/JIT.cpp:
3878         (JSC::JIT::privateCompileMainPass):
3879         (JSC::JIT::privateCompileSlowCases):
3880         (JSC::JIT::privateCompile):
3881         * jit/JITCode.h:
3882         (JSC::JITCode::isOptimizingJIT):
3883         (JITCode):
3884         (JSC::JITCode::isBaselineCode):
3885         (JSC::JITCode::JITCode):
3886         * jit/JITDriver.h:
3887         (JSC::jitCompileIfAppropriate):
3888         (JSC::jitCompileFunctionIfAppropriate):
3889         * jit/JITExceptions.cpp:
3890         (JSC::jitThrow):
3891         * jit/JITInlineMethods.h:
3892         (JSC::JIT::updateTopCallFrame):
3893         * jit/JITStubs.cpp:
3894         (JSC::DEFINE_STUB_FUNCTION):
3895         (JSC):
3896         * jit/JITStubs.h:
3897         (JSC):
3898         * jit/JSInterfaceJIT.h:
3899         * llint: Added.
3900         * llint/LLIntCommon.h: Added.
3901         * llint/LLIntData.cpp: Added.
3902         (LLInt):
3903         (JSC::LLInt::Data::Data):
3904         (JSC::LLInt::Data::performAssertions):
3905         (JSC::LLInt::Data::~Data):
3906         * llint/LLIntData.h: Added.
3907         (JSC):
3908         (LLInt):
3909         (Data):
3910         (JSC::LLInt::Data::exceptionInstructions):
3911         (JSC::LLInt::Data::opcodeMap):
3912         (JSC::LLInt::Data::performAssertions):
3913         * llint/LLIntEntrypoints.cpp: Added.
3914         (LLInt):
3915         (JSC::LLInt::getFunctionEntrypoint):
3916         (JSC::LLInt::getEvalEntrypoint):
3917         (JSC::LLInt::getProgramEntrypoint):
3918         * llint/LLIntEntrypoints.h: Added.
3919         (JSC):
3920         (LLInt):
3921         (JSC::LLInt::getEntrypoint):
3922         * llint/LLIntExceptions.cpp: Added.
3923         (LLInt):
3924         (JSC::LLInt::interpreterThrowInCaller):
3925         (JSC::LLInt::returnToThrowForThrownException):
3926         (JSC::LLInt::returnToThrow):
3927         (JSC::LLInt::callToThrow):
3928         * llint/LLIntExceptions.h: Added.
3929         (JSC):
3930         (LLInt):
3931         * llint/LLIntOfflineAsmConfig.h: Added.
3932         * llint/LLIntOffsetsExtractor.cpp: Added.
3933         (JSC):
3934         (LLIntOffsetsExtractor):
3935         (JSC::LLIntOffsetsExtractor::dummy):
3936         (main):
3937         * llint/LLIntSlowPaths.cpp: Added.
3938         (LLInt):
3939         (JSC::LLInt::llint_trace_operand):
3940         (JSC::LLInt::llint_trace_value):
3941         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3942         (JSC::LLInt::traceFunctionPrologue):
3943         (JSC::LLInt::shouldJIT):
3944         (JSC::LLInt::entryOSR):
3945         (JSC::LLInt::resolveGlobal):
3946         (JSC::LLInt::getByVal):
3947         (JSC::LLInt::handleHostCall):
3948         (JSC::LLInt::setUpCall):
3949         (JSC::LLInt::genericCall):
3950         * llint/LLIntSlowPaths.h: Added.
3951         (JSC):
3952         (LLInt):
3953         * llint/LLIntThunks.cpp: Added.
3954         (LLInt):
3955         (JSC::LLInt::generateThunkWithJumpTo):
3956         (JSC::LLInt::functionForCallEntryThunkGenerator):
3957         (JSC::LLInt::functionForConstructEntryThunkGenerator):
3958         (JSC::LLInt::functionForCallArityCheckThunkGenerator):
3959         (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
3960         (JSC::LLInt::evalEntryThunkGenerator):
3961         (JSC::LLInt::programEntryThunkGenerator):
3962         * llint/LLIntThunks.h: Added.
3963         (JSC):
3964         (LLInt):
3965         * llint/LowLevelInterpreter.asm: Added.
3966         * llint/LowLevelInterpreter.cpp: Added.
3967         * llint/LowLevelInterpreter.h: Added.
3968         * offlineasm: Added.
3969         * offlineasm/armv7.rb: Added.
3970         * offlineasm/asm.rb: Added.
3971         * offlineasm/ast.rb: Added.
3972         * offlineasm/backends.rb: Added.
3973         * offlineasm/generate_offset_extractor.rb: Added.
3974         * offlineasm/instructions.rb: Added.
3975         * offlineasm/offset_extractor_constants.rb: Added.
3976         * offlineasm/offsets.rb: Added.
3977         * offlineasm/opt.rb: Added.
3978         * offlineasm/parser.rb: Added.
3979         * offlineasm/registers.rb: Added.
3980         * offlineasm/self_hash.rb: Added.
3981         * offlineasm/settings.rb: Added.
3982         * offlineasm/transform.rb: Added.
3983         * offlineasm/x86.rb: Added.
3984         * runtime/CodeSpecializationKind.h: Added.
3985         (JSC):
3986         * runtime/CommonSlowPaths.h:
3987         (JSC::CommonSlowPaths::arityCheckFor):
3988         (CommonSlowPaths):
3989         * runtime/Executable.cpp:
3990         (JSC::jettisonCodeBlock):
3991         (JSC):
3992         (JSC::EvalExecutable::jitCompile):
3993         (JSC::samplingDescription):
3994         (JSC::EvalExecutable::compileInternal):
3995         (JSC::ProgramExecutable::jitCompile):
3996         (JSC::ProgramExecutable::compileInternal):
3997         (JSC::FunctionExecutable::baselineCodeBlockFor):
3998         (JSC::FunctionExecutable::jitCompileForCall):
3999         (JSC::FunctionExecutable::jitCompileForConstruct):