1 2011-12-22 Filip Pizlo <fpizlo@apple.com>
3 DFG should not speculate array even when predictions say that the base is not an array
4 https://bugs.webkit.org/show_bug.cgi?id=75160
5 <rdar://problem/10622646>
6 <rdar://problem/10622649>
8 Reviewed by Oliver Hunt.
10 Added the ability to call slow path when the base is known to not be an array.
11 Also rationalized the logic for deciding when the index is not an int, and
12 cleaned up the logic for deciding when to speculate typed array.
14 Neutral for the most part, with odd speed-ups and slow-downs. The slow-downs can
15 likely be mitigated by having the notion of a polymorphic array access, where we
16 try, but don't speculate, to access the array one way before either trying some
17 other ways or calling slow path.
19 * bytecode/PredictedType.h:
20 (JSC::isActionableMutableArrayPrediction):
21 (JSC::isActionableArrayPrediction):
22 * dfg/DFGAbstractState.cpp:
23 (JSC::DFG::AbstractState::execute):
25 (JSC::DFG::Node::shouldSpeculateInt8Array):
26 (JSC::DFG::Node::shouldSpeculateInt16Array):
27 (JSC::DFG::Node::shouldSpeculateInt32Array):
28 (JSC::DFG::Node::shouldSpeculateUint8Array):
29 (JSC::DFG::Node::shouldSpeculateUint16Array):
30 (JSC::DFG::Node::shouldSpeculateUint32Array):
31 (JSC::DFG::Node::shouldSpeculateFloat32Array):
32 (JSC::DFG::Node::shouldSpeculateFloat64Array):
33 * dfg/DFGPropagator.cpp:
34 (JSC::DFG::Propagator::byValIsPure):
35 * dfg/DFGSpeculativeJIT.cpp:
36 (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
37 * dfg/DFGSpeculativeJIT32_64.cpp:
38 (JSC::DFG::SpeculativeJIT::compile):
39 * dfg/DFGSpeculativeJIT64.cpp:
40 (JSC::DFG::SpeculativeJIT::compile):
42 2011-12-22 Gavin Barraclough <barraclough@apple.com>
44 Unreviewed - fix stylebot issues from last patch.
46 * runtime/JSArray.cpp:
47 (JSC::JSArray::putSlowCase):
49 2011-12-22 Gavin Barraclough <barraclough@apple.com>
51 https://bugs.webkit.org/show_bug.cgi?id=75151
52 Add attributes field to JSArray's SparseMap
54 Reviewed by Sam Weinig.
56 This will be necessary to be able to support non- writable/configurable/enumerable
57 properties, and helpful for getters/setters.
59 Added a concept of being 'inSparseMode' - this indicates the array has a non-standard
61 * runtime/ArrayPrototype.cpp:
62 (JSC::arrayProtoFuncSort):
63 - JSArray::sort methods not allowed on arrays that are 'inSparseMode'.
64 (must fall back to generic sort alogrithm).
65 * runtime/JSArray.cpp:
66 (JSC::JSArray::finishCreation):
67 - moved reportedMapCapacity into the SparseArrayValueMap object.
68 (JSC::SparseArrayValueMap::find):
69 (JSC::SparseArrayValueMap::put):
70 (JSC::SparseArrayValueMap::visitChildren):
72 (JSC::JSArray::getOwnPropertySlotByIndex):
73 (JSC::JSArray::getOwnPropertyDescriptor):
74 (JSC::JSArray::putSlowCase):
75 (JSC::JSArray::deletePropertyByIndex):
76 (JSC::JSArray::getOwnPropertyNames):
77 (JSC::JSArray::setLength):
79 (JSC::JSArray::visitChildren):
80 - Updated for changes in SparseArrayValueMap.
81 (JSC::JSArray::sortNumeric):
83 (JSC::JSArray::compactForSorting):
84 - Disallow on 'SparseMode' arrays.
86 (JSC::SparseArrayEntry::SparseArrayEntry):
87 - An entry in the sparse array - value (WriteBarrier) + attributes.
88 (JSC::SparseArrayValueMap::SparseArrayValueMap):
89 (JSC::SparseArrayValueMap::sparseMode):
90 (JSC::SparseArrayValueMap::setSparseMode):
91 - Flags to track whether an Array is forced into SparseMode.
92 (JSC::SparseArrayValueMap::remove):
93 (JSC::SparseArrayValueMap::notFound):
94 (JSC::SparseArrayValueMap::isEmpty):
95 (JSC::SparseArrayValueMap::contains):
96 (JSC::SparseArrayValueMap::size):
97 (JSC::SparseArrayValueMap::begin):
98 (JSC::SparseArrayValueMap::end):
99 - accessors to the map
100 (JSC::SparseArrayValueMap::take):
101 - only for use on non-SpareMode arrays.
102 (JSC::JSArray::inSparseMode):
105 2011-12-22 Filip Pizlo <fpizlo@apple.com>
107 DFG CFA sometimes generates an incorrect proof that a node is known to be a typed array
108 https://bugs.webkit.org/show_bug.cgi?id=75150
109 <rdar://problem/10621900>
111 Reviewed by Gavin Barraclough.
113 * dfg/DFGAbstractState.cpp:
114 (JSC::DFG::AbstractState::execute):
116 2011-12-22 Filip Pizlo <fpizlo@apple.com>
118 DFG JIT does exactly the wrong thing when doing strict equality on two known cells
119 https://bugs.webkit.org/show_bug.cgi?id=75138
120 <rdar://problem/10621526>
122 Reviewed by Oliver Hunt.
124 * dfg/DFGSpeculativeJIT32_64.cpp:
125 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
126 * dfg/DFGSpeculativeJIT64.cpp:
127 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
129 2011-12-22 Balazs Kelemen <kbalazs@webkit.org>
131 Fix debug build with assertions disabled
132 https://bugs.webkit.org/show_bug.cgi?id=75075
134 Reviewed by Darin Adler.
136 Check whether assertions are disabled instead of NDEBUG
137 where appropriate to avoid "defined but not used" warnings.
140 (WTF::initializeDates):
142 2011-12-22 Mariusz Grzegorczyk <mariusz.g@samsung.com>
144 [EFL] Missing plugins support for efl port
145 https://bugs.webkit.org/show_bug.cgi?id=44505
147 Reviewed by Anders Carlsson.
149 Add define of ENABLE_PLUGIN_PACKAGE_SIMPLE_HASH for efl port.
153 2011-12-22 Wei Charles <charles.wei@torchmobile.com.cn>
155 Remove un-used data member of LiteralParser::Lex::m_string
156 https://bugs.webkit.org/show_bug.cgi?id=68216
158 Reviewed by George Staikos.
160 * runtime/LiteralParser.h:
162 2011-12-21 Dan Bernstein <mitz@apple.com>
164 OS X build fix after r103488.
166 * JavaScriptCore.exp:
168 2011-12-21 Konrad Piascik <kpiascik@rim.com>
170 Implement the JavaScriptCore bindings for eventListenerHandlerLocation
171 https://bugs.webkit.org/show_bug.cgi?id=74313
173 Reviewed by Eric Seidel.
175 Updated project files to get Windows and Mac builds working.
177 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
178 * JavaScriptCore.xcodeproj/project.pbxproj:
180 2011-12-21 Filip Pizlo <fpizlo@apple.com>
182 DFG ConvertThis optimizations do not honor the distinction between the global object and the global this object
183 https://bugs.webkit.org/show_bug.cgi?id=75058
184 <rdar://problem/10616612>
185 <rdar://problem/10617500>
187 Reviewed by Oliver Hunt.
189 Added a call to toThisObject() in the DFG when planting a direct reference to the global this object.
190 Instead of adding a separate toThisObject() method on JSCell which does not take ExecState*, I reascribed
191 a new contract: if you're calling toThisObject() on JSObject or one of its subtypes, then the ExecState*
194 * dfg/DFGAssemblyHelpers.h:
195 (JSC::DFG::AssemblyHelpers::globalThisObjectFor):
196 * dfg/DFGSpeculativeJIT32_64.cpp:
197 (JSC::DFG::SpeculativeJIT::compile):
198 * dfg/DFGSpeculativeJIT64.cpp:
199 (JSC::DFG::SpeculativeJIT::compile):
200 * runtime/JSObject.h:
202 2011-12-21 Pierre Rossi <pierre.rossi@gmail.com>
204 Implement montonicallyIncreasingClock() on Qt
205 https://bugs.webkit.org/show_bug.cgi?id=62159
207 Reviewed by Darin Adler.
209 * wtf/CurrentTime.cpp:
210 (WTF::monotonicallyIncreasingTime):
212 2011-12-20 Filip Pizlo <fpizlo@apple.com>
214 32_64 baseline JIT should attempt to convert division results to integers, and record when that fails
215 https://bugs.webkit.org/show_bug.cgi?id=74997
216 <rdar://problem/10612389>
218 Reviewed by Gavin Barraclough.
220 * jit/JITArithmetic32_64.cpp:
221 (JSC::JIT::emit_op_div):
223 2011-12-20 Filip Pizlo <fpizlo@apple.com>
225 JavaScriptCore should be consistent about how it reads and writes ArgumentCount
226 https://bugs.webkit.org/show_bug.cgi?id=74989
227 <rdar://problem/10612006>
229 Reviewed by Gavin Barraclough.
231 * dfg/DFGJITCompiler.cpp:
232 (JSC::DFG::JITCompiler::compileFunction):
234 (JSC::JIT::privateCompile):
235 * jit/JITCall32_64.cpp:
236 (JSC::JIT::compileLoadVarargs):
237 * jit/JITOpcodes32_64.cpp:
238 (JSC::JIT::emit_op_get_arguments_length):
239 (JSC::JIT::emit_op_get_argument_by_val):
240 * jit/SpecializedThunkJIT.h:
241 (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
243 2011-12-20 Filip Pizlo <fpizlo@apple.com>
245 Value Profiles for arguments should be more easily accessible to the interpreter
246 https://bugs.webkit.org/show_bug.cgi?id=74984
247 <rdar://problem/10611364>
249 Reviewed by Gavin Barraclough.
251 * bytecode/CodeBlock.cpp:
252 (JSC::CodeBlock::stronglyVisitStrongReferences):
253 (JSC::CodeBlock::shouldOptimizeNow):
254 (JSC::CodeBlock::dumpValueProfiles):
255 * bytecode/CodeBlock.h:
256 (JSC::CodeBlock::setArgumentValueProfileSize):
257 (JSC::CodeBlock::numberOfArgumentValueProfiles):
258 (JSC::CodeBlock::valueProfileForArgument):
259 (JSC::CodeBlock::addValueProfile):
260 (JSC::CodeBlock::valueProfile):
261 (JSC::CodeBlock::valueProfileForBytecodeOffset):
262 (JSC::CodeBlock::totalNumberOfValueProfiles):
263 (JSC::CodeBlock::getFromAllValueProfiles):
264 * bytecode/ValueProfile.h:
265 (JSC::ValueProfile::ValueProfile):
267 (JSC::JIT::privateCompile):
269 * jit/JITInlineMethods.h:
270 (JSC::JIT::emitValueProfilingSite):
272 2011-12-20 Gavin Barraclough <barraclough@apple.com>
274 JSC shell should accept utf8 input.
276 Reviewed by Filip Pizlo.
282 (functionCheckSyntax):
286 2011-12-20 Gavin Barraclough <barraclough@apple.com>
288 Rubber Stamped by Sam Weinig
290 * runtime/JSGlobalData.cpp:
291 - removed some dead code.
293 2011-12-19 Geoffrey Garen <ggaren@apple.com>
295 Tightened up Vector<T>::append
296 https://bugs.webkit.org/show_bug.cgi?id=74906
298 Reviewed by Sam Weinig.
300 Not a measurable speedup, but code inspection shows better code generated,
301 and I believe this is a step toward turning off -fomit-frame-pointer.
305 (WTF::::appendSlowCase): Split out the slow case into a separate function
306 to keep unnecessary instructions off the hot path. This means the hot
307 path can now be inlined more often.
309 Removed some old MSVC7 cruft. Hopefully, we don't need to hang on to a
310 compiler work-around from 2007.
312 2011-12-19 Yuqiang Xian <yuqiang.xian@intel.com>
314 Temporary GPR should not be lazily allocated in DFG JIT on X86
315 https://bugs.webkit.org/show_bug.cgi?id=74908
317 Reviewed by Filip Pizlo.
319 On X86, we used to allocate a temporary GPR lazily when it's really
320 used rather than defined. This may cause potential issues of
321 allocating registers inside control flow and result in problems in
322 subsequent code generation, for example the DFG JIT may think an
323 operand already being spilled (to satisfy the allocation request) and
324 generate code to read the data from memory, but the allocation and
325 spilling are in a branch which is not taken at runtime, so the
326 generated code is incorrect.
328 Although current DFG JIT code doesn't have this problematic pattern,
329 it's better to cut-off the root to avoid any potential issues in the
332 * dfg/DFGSpeculativeJIT.cpp:
333 (JSC::DFG::GPRTemporary::GPRTemporary):
334 * dfg/DFGSpeculativeJIT.h:
335 (JSC::DFG::GPRTemporary::gpr):
336 * dfg/DFGSpeculativeJIT32_64.cpp:
337 (JSC::DFG::SpeculativeJIT::compile):
339 2011-12-19 Yuqiang Xian <yuqiang.xian@intel.com>
341 Remove unused code for non-speculative Arith operations from DFG JIT
342 https://bugs.webkit.org/show_bug.cgi?id=74905
344 Reviewed by Filip Pizlo.
346 * dfg/DFGSpeculativeJIT.h:
347 * dfg/DFGSpeculativeJIT32_64.cpp:
348 * dfg/DFGSpeculativeJIT64.cpp:
350 2011-12-19 Gavin Barraclough <barraclough@apple.com>
352 https://bugs.webkit.org/show_bug.cgi?id=74903
353 Exceptions not thrown correctly from DFG JIT on 32bit
355 Reviewed by Oliver Hunt.
357 Arguments for lookupExceptionHandler are not setup correctly.
358 In the case of ARMv7 we rely on lr being preserved over a call,
359 this in invalid. On x86 we don't should be poking the arguments onto the stack!
361 * bytecode/CodeBlock.h:
362 (JSC::CodeBlock::bytecodeOffsetForCallAtIndex):
363 * dfg/DFGAssemblyHelpers.h:
364 (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
366 * dfg/DFGJITCompiler.cpp:
367 (JSC::DFG::JITCompiler::compileBody):
368 * dfg/DFGJITCompiler.h:
369 (JSC::DFG::JITCompiler::addExceptionCheck):
370 (JSC::DFG::JITCompiler::addFastExceptionCheck):
371 * dfg/DFGOperations.cpp:
372 * dfg/DFGOperations.h:
374 2011-12-19 Filip Pizlo <fpizlo@apple.com>
376 If we detect that we can use the JIT, don't use computed opcode lookups
377 https://bugs.webkit.org/show_bug.cgi?id=74899
378 <rdar://problem/10604551>
380 Reviewed by Gavin Barraclough.
382 * interpreter/Interpreter.cpp:
383 (JSC::Interpreter::Interpreter):
384 (JSC::Interpreter::initialize):
385 (JSC::Interpreter::privateExecute):
386 * interpreter/Interpreter.h:
387 (JSC::Interpreter::getOpcode):
388 (JSC::Interpreter::getOpcodeID):
389 * runtime/JSGlobalData.cpp:
390 (JSC::JSGlobalData::JSGlobalData):
392 2011-12-19 Geoffrey Garen <ggaren@apple.com>
394 Try to fix the Qt build.
398 * wtf/ThreadSpecific.h: #include!
400 2011-12-18 Filip Pizlo <fpizlo@apple.com>
402 It should be possible to change the value of an Options variable without recompiling the world
403 https://bugs.webkit.org/show_bug.cgi?id=74807
405 Reviewed by Gavin Barraclough.
407 * runtime/Options.cpp:
408 (JSC::Options::initializeOptions):
411 2011-12-19 Sheriff Bot <webkit.review.bot@gmail.com>
413 Unreviewed, rolling out r103250.
414 http://trac.webkit.org/changeset/103250
415 https://bugs.webkit.org/show_bug.cgi?id=74877
417 it still breaks codegen (Requested by olliej on #webkit).
419 * dfg/DFGAbstractState.cpp:
420 (JSC::DFG::AbstractState::execute):
421 * dfg/DFGByteCodeParser.cpp:
422 (JSC::DFG::ByteCodeParser::parseBlock):
424 * dfg/DFGPropagator.cpp:
425 (JSC::DFG::Propagator::propagateArithNodeFlags):
426 (JSC::DFG::Propagator::fixupNode):
427 (JSC::DFG::Propagator::byValIsPure):
428 (JSC::DFG::Propagator::clobbersWorld):
429 (JSC::DFG::Propagator::getByValLoadElimination):
430 (JSC::DFG::Propagator::checkStructureLoadElimination):
431 (JSC::DFG::Propagator::getByOffsetLoadElimination):
432 (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
433 (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
434 (JSC::DFG::Propagator::performNodeCSE):
435 * dfg/DFGSpeculativeJIT.cpp:
436 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
437 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
438 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
439 * dfg/DFGSpeculativeJIT.h:
440 * dfg/DFGSpeculativeJIT32_64.cpp:
441 (JSC::DFG::SpeculativeJIT::compile):
442 * dfg/DFGSpeculativeJIT64.cpp:
443 (JSC::DFG::SpeculativeJIT::compile):
445 2011-12-16 Oliver Hunt <oliver@apple.com>
447 Rolling r103120 back in with merge errors corrected.
449 PutByVal[Alias] unnecessarily reloads the storage buffer
450 https://bugs.webkit.org/show_bug.cgi?id=74747
452 Reviewed by Gavin Barraclough.
454 Make PutByVal use GetIndexedStorage to load the storage buffer.
455 This required switching PutByVal to a vararg node (which is
456 responsible for most of the noise in this patch). This fixes the
457 remaining portion of the kraken regression caused by the GetByVal
458 storage load elimination, and a 1-5% win on some of the sub tests of
459 the typed array benchmark at:
460 http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html
462 * dfg/DFGAbstractState.cpp:
463 (JSC::DFG::AbstractState::execute):
464 * dfg/DFGByteCodeParser.cpp:
465 (JSC::DFG::ByteCodeParser::parseBlock):
467 * dfg/DFGPropagator.cpp:
468 (JSC::DFG::Propagator::propagateArithNodeFlags):
469 (JSC::DFG::Propagator::fixupNode):
470 (JSC::DFG::Propagator::byValIndexIsPure):
471 (JSC::DFG::Propagator::clobbersWorld):
472 (JSC::DFG::Propagator::getByValLoadElimination):
473 (JSC::DFG::Propagator::checkStructureLoadElimination):
474 (JSC::DFG::Propagator::getByOffsetLoadElimination):
475 (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
476 (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
477 (JSC::DFG::Propagator::performNodeCSE):
478 * dfg/DFGSpeculativeJIT.cpp:
479 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
480 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
481 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
482 * dfg/DFGSpeculativeJIT.h:
483 * dfg/DFGSpeculativeJIT32_64.cpp:
484 (JSC::DFG::SpeculativeJIT::compile):
485 * dfg/DFGSpeculativeJIT64.cpp:
486 (JSC::DFG::SpeculativeJIT::compile):
488 2011-12-15 Geoffrey Garen <ggaren@apple.com>
490 Placement new does an unnecessary NULL check
491 https://bugs.webkit.org/show_bug.cgi?id=74676
493 Reviewed by Sam Weinig.
495 We can define our own version, which skips the NULL check.
497 Not a measurable speedup, but code inspection shows better code generated,
498 and I believe this is a step toward turning off -fomit-frame-pointer.
500 * API/JSCallbackConstructor.h:
501 (JSC::JSCallbackConstructor::create):
502 * API/JSCallbackFunction.h:
503 (JSC::JSCallbackFunction::create): Use the NotNull version of placement
504 new to skip the NULL check.
506 * API/JSCallbackObject.h: Removed a conflicting, unnecessaray placement new.
508 (JSC::JSCallbackObject::create):
509 * debugger/DebuggerActivation.h:
510 (JSC::DebuggerActivation::create):
511 * heap/HandleHeap.cpp:
512 (JSC::HandleHeap::grow):
514 (JSC::HandleHeap::allocate):
515 * heap/MarkedBlock.cpp:
516 (JSC::MarkedBlock::create):
517 (JSC::MarkedBlock::recycle):
519 (JSC::JITCode::clear):
521 (GlobalObject::create):
522 * profiler/CallIdentifier.h:
523 * runtime/Arguments.h:
524 (JSC::Arguments::create):
525 * runtime/ArrayConstructor.h:
526 (JSC::ArrayConstructor::create):
527 * runtime/ArrayPrototype.h:
528 (JSC::ArrayPrototype::create):
529 * runtime/BooleanConstructor.h:
530 (JSC::BooleanConstructor::create):
531 * runtime/BooleanObject.h:
532 (JSC::BooleanObject::create):
533 * runtime/BooleanPrototype.h:
534 (JSC::BooleanPrototype::create):
535 * runtime/DateConstructor.h:
536 (JSC::DateConstructor::create):
537 * runtime/DateInstance.h:
538 (JSC::DateInstance::create):
539 * runtime/DatePrototype.h:
540 (JSC::DatePrototype::create):
542 (JSC::StrictModeTypeErrorFunction::create):
543 * runtime/ErrorConstructor.h:
544 (JSC::ErrorConstructor::create):
545 * runtime/ErrorInstance.h:
546 (JSC::ErrorInstance::create):
547 * runtime/ErrorPrototype.h:
548 (JSC::ErrorPrototype::create):
549 * runtime/ExceptionHelpers.h:
550 (JSC::InterruptedExecutionError::create):
551 (JSC::TerminatedExecutionError::create):
552 * runtime/Executable.h:
553 (JSC::NativeExecutable::create):
554 (JSC::EvalExecutable::create):
555 (JSC::ProgramExecutable::create):
556 (JSC::FunctionExecutable::create):
557 * runtime/FunctionConstructor.h:
558 (JSC::FunctionConstructor::create):
559 * runtime/FunctionPrototype.h:
560 (JSC::FunctionPrototype::create):
561 * runtime/GetterSetter.h:
562 (JSC::GetterSetter::create):
563 * runtime/JSAPIValueWrapper.h:
564 (JSC::JSAPIValueWrapper::create):
565 * runtime/JSActivation.h:
566 (JSC::JSActivation::create):
568 (JSC::JSArray::create):
569 * runtime/JSBoundFunction.cpp:
570 (JSC::JSBoundFunction::create):
571 * runtime/JSByteArray.h:
572 (JSC::JSByteArray::create): Use the NotNull version of placement
573 new to skip the NULL check.
575 * runtime/JSCell.h: Removed a conflicting, unnecessaray placement new.
577 * runtime/JSFunction.cpp:
578 (JSC::JSFunction::create):
579 * runtime/JSFunction.h:
580 (JSC::JSFunction::create):
581 * runtime/JSGlobalObject.h:
582 (JSC::JSGlobalObject::create):
583 * runtime/JSGlobalThis.h:
584 (JSC::JSGlobalThis::create):
585 * runtime/JSNotAnObject.h:
586 (JSC::JSNotAnObject::create):
587 * runtime/JSONObject.h:
588 (JSC::JSONObject::create):
589 * runtime/JSObject.h:
590 (JSC::JSFinalObject::create):
591 * runtime/JSPropertyNameIterator.cpp:
592 (JSC::JSPropertyNameIterator::create):
593 * runtime/JSPropertyNameIterator.h:
594 (JSC::JSPropertyNameIterator::create):
595 * runtime/JSStaticScopeObject.h:
596 (JSC::JSStaticScopeObject::create):
597 * runtime/JSString.cpp:
598 (JSC::StringObject::create):
599 * runtime/JSString.h:
600 (JSC::RopeBuilder::createNull):
601 (JSC::RopeBuilder::create):
602 (JSC::RopeBuilder::createHasOtherOwner):
603 * runtime/MathObject.h:
604 (JSC::MathObject::create):
605 * runtime/NativeErrorConstructor.h:
606 (JSC::NativeErrorConstructor::create):
607 * runtime/NativeErrorPrototype.h:
608 (JSC::NativeErrorPrototype::create):
609 * runtime/NumberConstructor.h:
610 (JSC::NumberConstructor::create):
611 * runtime/NumberObject.h:
612 (JSC::NumberObject::create):
613 * runtime/NumberPrototype.h:
614 (JSC::NumberPrototype::create):
615 * runtime/ObjectConstructor.h:
616 (JSC::ObjectConstructor::create):
617 * runtime/ObjectPrototype.h:
618 (JSC::ObjectPrototype::create):
619 * runtime/RegExp.cpp:
620 (JSC::RegExp::createWithoutCaching):
621 * runtime/RegExpConstructor.h:
622 (JSC::RegExpConstructor::create):
623 * runtime/RegExpMatchesArray.h:
624 (JSC::RegExpMatchesArray::create):
625 * runtime/RegExpObject.h:
626 (JSC::RegExpObject::create):
627 * runtime/RegExpPrototype.h:
628 (JSC::RegExpPrototype::create):
629 * runtime/ScopeChain.h:
630 (JSC::ScopeChainNode::create):
631 * runtime/StrictEvalActivation.h:
632 (JSC::StrictEvalActivation::create):
633 * runtime/StringConstructor.h:
634 (JSC::StringConstructor::create):
635 * runtime/StringObject.h:
636 (JSC::StringObject::create):
637 * runtime/StringPrototype.h:
638 (JSC::StringPrototype::create):
639 * runtime/Structure.h:
640 (JSC::Structure::create):
641 (JSC::Structure::createStructure):
642 * runtime/StructureChain.h:
643 (JSC::StructureChain::create):
645 (GlobalObject::create):
647 (WTF::BitVector::OutOfLineBits::create): Use the NotNull version of placement
648 new to skip the NULL check.
650 * wtf/BumpPointerAllocator.h:
651 (WTF::BumpPointerPool::create): Standardized spacing to make grep easier.
654 (WTF::ByteArray::create):
657 (WTF::::prepend): Use NotNull, as above.
659 * wtf/FastAllocBase.h: Added a placement new, since this class would otherwise
660 hide the name of the global placement new.
662 (WTF::fastNew): Standardized spacing. Most of these functions don't need
663 NotNull, since they check for NULL, and the optimizer can see that.
667 (WTF::SimpleClassHashTraits::constructDeletedValue):
668 * wtf/MetaAllocator.cpp:
669 (WTF::MetaAllocator::allocFreeSpaceNode): NotNull, as above.
671 * wtf/StdLibExtras.h:
672 (throw): This is our NotNull placement new. Declaring that we throw is
673 the C++ way to say that operator new will not return NULL.
675 * wtf/ThreadSpecific.h:
680 (WTF::::uncheckedAppend):
682 * wtf/text/AtomicStringHash.h:
683 * wtf/text/StringImpl.cpp:
684 (WTF::StringImpl::createUninitialized):
685 (WTF::StringImpl::reallocate):
686 * wtf/text/StringImpl.h:
687 (WTF::StringImpl::tryCreateUninitialized):
688 * wtf/text/StringStatics.cpp:
689 (WTF::AtomicString::init): Use NotNull, as above.
691 * yarr/YarrInterpreter.cpp:
692 (JSC::Yarr::Interpreter::allocDisjunctionContext):
693 (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::ParenthesesDisjunctionContext):
694 (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext): Standardized
695 spacing for easy grep.
697 2011-12-19 Eric Carlson <eric.carlson@apple.com>
699 Enable <track> for Mac build
700 https://bugs.webkit.org/show_bug.cgi?id=74838
702 Reviewed by Darin Adler.
706 2011-12-18 Filip Pizlo <fpizlo@apple.com>
708 DFG is too sloppy with register allocation
709 https://bugs.webkit.org/show_bug.cgi?id=74835
711 Reviewed by Gavin Barraclough.
713 Added assertions that at the end of a successfully generated basic block,
714 all use counts should be zero. This revealed a number of bugs:
716 - Array length optimizations were turning a must-generate node into one
717 that is not must-generate, but failing to change the ref count
720 - Indexed property storage optimizations were failing to deref their
721 children, or to deref the indexed property storage node itself. Also,
722 they used the Phantom node as a replacement. But the Phantom node is
723 must-generate, which was causing bizarre issues. So this introduces a
724 Nop node, which should be used in cases where you want a node that is
725 skipped and has no children.
727 This does not have any significant performance effect, but it should
728 relieve some register pressure. The main thing this patch adds, though,
729 are the assertions, which should make it easier to do register allocation
730 related changes in the future.
732 * dfg/DFGAbstractState.cpp:
733 (JSC::DFG::AbstractState::execute):
734 * dfg/DFGGenerationInfo.h:
735 (JSC::DFG::GenerationInfo::initConstant):
736 (JSC::DFG::GenerationInfo::initInteger):
737 (JSC::DFG::GenerationInfo::initJSValue):
738 (JSC::DFG::GenerationInfo::initCell):
739 (JSC::DFG::GenerationInfo::initBoolean):
740 (JSC::DFG::GenerationInfo::initDouble):
741 (JSC::DFG::GenerationInfo::initStorage):
742 (JSC::DFG::GenerationInfo::use):
744 (JSC::DFG::Graph::clearAndDerefChild1):
745 (JSC::DFG::Graph::clearAndDerefChild2):
746 (JSC::DFG::Graph::clearAndDerefChild3):
748 (JSC::DFG::Node::deref):
749 * dfg/DFGPropagator.cpp:
750 (JSC::DFG::Propagator::propagateNodePredictions):
751 (JSC::DFG::Propagator::fixupNode):
752 * dfg/DFGSpeculativeJIT.cpp:
753 (JSC::DFG::SpeculativeJIT::compile):
754 * dfg/DFGSpeculativeJIT32_64.cpp:
755 (JSC::DFG::SpeculativeJIT::compile):
756 * dfg/DFGSpeculativeJIT64.cpp:
757 (JSC::DFG::SpeculativeJIT::compile):
759 2011-12-18 Benjamin Poulain <bpoulain@apple.com>
761 Remove the duplicated code from ASCIICType.h
762 https://bugs.webkit.org/show_bug.cgi?id=74771
764 Reviewed by Andreas Kling.
766 Use isASCIIDigit() and isASCIIAlpha() instead of copying the code.
770 (WTF::isASCIIAlphanumeric):
771 (WTF::isASCIIHexDigit):
773 2011-12-18 Anders Carlsson <andersca@apple.com>
775 Set the main frame view scroll position asynchronously
776 https://bugs.webkit.org/show_bug.cgi?id=74823
778 Reviewed by Sam Weinig.
780 * JavaScriptCore.exp:
782 2011-12-10 Andreas Kling <kling@webkit.org>
784 OpaqueJSClass: Remove RVCT2 workarounds.
785 <http://webkit.org/b/74250>
787 Reviewed by Benjamin Poulain.
789 We no longer need workarounds for the RVCT2 compiler since it was
790 only used for the Symbian port of WebKit which is now defunct.
792 * API/JSClassRef.cpp:
793 (OpaqueJSClass::OpaqueJSClass):
794 (OpaqueJSClassContextData::OpaqueJSClassContextData):
796 2011-12-16 Benjamin Poulain <bpoulain@apple.com>
798 Remove the duplicated code from ASCIICType.h
799 https://bugs.webkit.org/show_bug.cgi?id=74771
801 Reviewed by Andreas Kling.
803 The functions were sharing similar code and were defined for the various input types.
804 Use templates instead to avoid code duplication.
809 (WTF::isASCIIAlphanumeric):
811 (WTF::isASCIIHexDigit):
813 (WTF::isASCIIOctalDigit):
814 (WTF::isASCIIPrintable):
819 (WTF::toASCIIHexValue):
820 (WTF::lowerNibbleToASCIIHexDigit):
821 (WTF::upperNibbleToASCIIHexDigit):
823 2011-12-16 Filip Pizlo <fpizlo@apple.com>
825 DFG OSR exit may get confused about where in the scratch buffer it stored a value
826 https://bugs.webkit.org/show_bug.cgi?id=74695
828 Reviewed by Oliver Hunt.
830 The code that reads from the scratch buffer now explicitly knows which locations to
831 read from. No new tests, since this patch covers a case so uncommon that I don't know
832 how to make a test for it.
834 * dfg/DFGOSRExitCompiler.h:
835 (JSC::DFG::OSRExitCompiler::badIndex):
836 (JSC::DFG::OSRExitCompiler::initializePoisoned):
837 (JSC::DFG::OSRExitCompiler::poisonIndex):
838 * dfg/DFGOSRExitCompiler32_64.cpp:
839 (JSC::DFG::OSRExitCompiler::compileExit):
840 * dfg/DFGOSRExitCompiler64.cpp:
841 (JSC::DFG::OSRExitCompiler::compileExit):
843 2011-12-16 Oliver Hunt <oliver@apple.com>
845 PutByVal[Alias] unnecessarily reloads the storage buffer
846 https://bugs.webkit.org/show_bug.cgi?id=74747
848 Reviewed by Gavin Barraclough.
850 Make PutByVal use GetIndexedStorage to load the storage buffer.
851 This required switching PutByVal to a vararg node (which is
852 responsible for most of the noise in this patch). This fixes the
853 remaining portion of the kraken regression caused by the GetByVal
854 storage load elimination, and a 1-5% win on some of the sub tests of
855 the typed array benchmark at:
856 http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html
858 * dfg/DFGAbstractState.cpp:
859 (JSC::DFG::AbstractState::execute):
860 * dfg/DFGByteCodeParser.cpp:
861 (JSC::DFG::ByteCodeParser::parseBlock):
863 * dfg/DFGPropagator.cpp:
864 (JSC::DFG::Propagator::propagateArithNodeFlags):
865 (JSC::DFG::Propagator::fixupNode):
866 (JSC::DFG::Propagator::byValIndexIsPure):
867 (JSC::DFG::Propagator::clobbersWorld):
868 (JSC::DFG::Propagator::getByValLoadElimination):
869 (JSC::DFG::Propagator::checkStructureLoadElimination):
870 (JSC::DFG::Propagator::getByOffsetLoadElimination):
871 (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
872 (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
873 (JSC::DFG::Propagator::performNodeCSE):
874 * dfg/DFGSpeculativeJIT.cpp:
875 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
876 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
877 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
878 * dfg/DFGSpeculativeJIT.h:
879 * dfg/DFGSpeculativeJIT32_64.cpp:
880 (JSC::DFG::SpeculativeJIT::compile):
881 * dfg/DFGSpeculativeJIT64.cpp:
882 (JSC::DFG::SpeculativeJIT::compile):
884 2011-12-16 Daniel Bates <dbates@rim.com>
886 Include BlackBerryPlatformLog.h instead of BlackBerryPlatformMisc.h
888 Rubber-stamped by Antonio Gomes.
890 BlackBerry::Platform::logV() is declared in BlackBerryPlatformLog.h. That is, it isn't
891 declared in BlackBerryPlatformMisc.h. Hence, we should include BlackBerryPlatformLog.h
892 instead of BlackBerryPlatformMisc.h.
894 * wtf/Assertions.cpp:
896 2011-12-16 Mark Hahnenberg <mhahnenberg@apple.com>
898 De-virtualize destructors
899 https://bugs.webkit.org/show_bug.cgi?id=74331
901 Reviewed by Geoffrey Garen.
903 This is a megapatch which frees us from the chains of virtual destructors.
905 In order to remove the virtual destructors, which are the last of the virtual
906 functions, from the JSCell hierarchy, we need to add the ClassInfo pointer to
907 the cell rather than to the structure because in order to be able to lazily call
908 the static destroy() functions that will replace the virtual destructors, we
909 need to be able to access the ClassInfo without the danger of the object's
910 Structure being collected before the object itself.
912 After adding the ClassInfo to the cell, we can then begin to remove our use
913 of vptrs for optimizations within the JIT and the GC. When we have removed
914 all of the stored vptrs from JSGlobalData, we can then also remove all of
915 the related VPtrStealingHack code.
917 The replacement for virtual destructors will be to add a static destroy function
918 pointer to the MethodTable stored in ClassInfo. Any subclass of JSCell that has
919 a non-trivial destructor will require its own static destroy function to static
920 call its corresponding destructor, which will now be non-virtual. In future
921 patches we will slowly move away from destructors altogether as we make more and
922 more objects backed by GC memory rather than malloc-ed memory. The GC will now
923 call the static destroy method rather than the virtual destructor.
925 As we go through the hierarchy and add static destroy functions to classes,
926 we will also add a new assert, ASSERT_HAS_TRIVIAL_DESTRUCTOR, to those classes
927 to which it applies. The future goal is to eventually have every class have that assert.
929 * API/JSCallbackConstructor.cpp:
930 (JSC::JSCallbackConstructor::destroy): Add a destroy function to statically call
931 ~JSCallbackConstructor because it has some extra destruction logic.
932 * API/JSCallbackConstructor.h:
933 * API/JSCallbackFunction.cpp: Add trivial destructor assert for JSCallbackFunction.
934 * API/JSCallbackObject.cpp: Add a destroy function to statically call ~JSCallbackObject
935 because it has a member OwnPtr that needs destruction.
937 * API/JSCallbackObject.h:
938 * JavaScriptCore.exp: Add/remove necessary symbols for JSC.
939 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Same for Windows symbols.
940 * debugger/DebuggerActivation.cpp: DebuggerActivation, for some strange reason, didn't
941 have its own ClassInfo despite the fact that it overrides a number of MethodTable
942 methods. Added the ClassInfo, along with an assertion that its destructor is trivial.
943 * debugger/DebuggerActivation.h:
944 * dfg/DFGOperations.cpp: Remove global data first argument to isJSArray, isJSByteArray,
945 isJSString, as it is no longer necessary.
946 (JSC::DFG::putByVal):
947 * dfg/DFGRepatch.cpp: Ditto. Also remove uses of jsArrayVPtr in favor of using the
948 JSArray ClassInfo pointer.
949 (JSC::DFG::tryCacheGetByID):
950 * dfg/DFGSpeculativeJIT.cpp: Replace uses of the old vptrs with new ClassInfo
951 comparisons since we don't have vptrs anymore.
952 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
953 (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
954 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
955 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
956 (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength):
957 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
958 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
959 (JSC::DFG::SpeculativeJIT::compare):
960 (JSC::DFG::SpeculativeJIT::compileStrictEq):
961 (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
962 * dfg/DFGSpeculativeJIT.h: Ditto.
963 (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
964 * dfg/DFGSpeculativeJIT32_64.cpp: Ditto.
965 (JSC::DFG::SpeculativeJIT::compileObjectEquality):
966 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
967 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
968 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
969 (JSC::DFG::SpeculativeJIT::emitBranch):
970 (JSC::DFG::SpeculativeJIT::compile):
971 * dfg/DFGSpeculativeJIT64.cpp: Ditto.
972 (JSC::DFG::SpeculativeJIT::compileObjectEquality):
973 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
974 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
975 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
976 (JSC::DFG::SpeculativeJIT::emitBranch):
977 (JSC::DFG::SpeculativeJIT::compile):
978 * heap/Heap.cpp: Remove all uses of vptrs in GC optimizations and replace them with
979 ClassInfo comparisons.
981 * heap/MarkStack.cpp: Ditto.
982 (JSC::MarkStackThreadSharedData::markingThreadMain):
983 (JSC::visitChildren):
984 (JSC::SlotVisitor::drain):
985 * heap/MarkStack.h: Ditto.
986 (JSC::MarkStack::MarkStack):
987 * heap/MarkedBlock.cpp: Ditto.
988 (JSC::MarkedBlock::callDestructor):
989 (JSC::MarkedBlock::specializedSweep):
990 * heap/MarkedBlock.h: Ditto.
991 * heap/SlotVisitor.h: Ditto.
992 (JSC::SlotVisitor::SlotVisitor):
993 * heap/VTableSpectrum.cpp: Now that we don't have vptrs, we can't count them.
994 We'll have to rename this class and make it use ClassInfo ptrs in a future patch.
995 (JSC::VTableSpectrum::count):
996 * interpreter/Interpreter.cpp: Remove all global data arguments from isJSArray,
999 (JSC::Interpreter::tryCacheGetByID):
1000 (JSC::Interpreter::privateExecute):
1001 * jit/JIT.h: Remove vptr argument from emitAllocateBasicJSObject
1002 * jit/JITInlineMethods.h: Remove vptr planting, and add ClassInfo planting,
1003 remove all vtable related code.
1004 (JSC::JIT::emitLoadCharacterString):
1005 (JSC::JIT::emitAllocateBasicJSObject):
1006 (JSC::JIT::emitAllocateJSFinalObject):
1007 (JSC::JIT::emitAllocateJSFunction):
1008 * jit/JITOpcodes.cpp: Replace vptr related branch code with corresponding ClassInfo.
1009 (JSC::JIT::privateCompileCTIMachineTrampolines):
1010 (JSC::JIT::emit_op_to_primitive):
1011 (JSC::JIT::emit_op_convert_this):
1012 * jit/JITOpcodes32_64.cpp: Ditto.
1013 (JSC::JIT::privateCompileCTIMachineTrampolines):
1014 (JSC::JIT::emit_op_to_primitive):
1015 (JSC::JIT::emitSlow_op_eq):
1016 (JSC::JIT::emitSlow_op_neq):
1017 (JSC::JIT::compileOpStrictEq):
1018 (JSC::JIT::emit_op_convert_this):
1019 * jit/JITPropertyAccess.cpp: Ditto.
1020 (JSC::JIT::stringGetByValStubGenerator):
1021 (JSC::JIT::emit_op_get_by_val):
1022 (JSC::JIT::emitSlow_op_get_by_val):
1023 (JSC::JIT::emit_op_put_by_val):
1024 (JSC::JIT::privateCompilePutByIdTransition):
1025 (JSC::JIT::privateCompilePatchGetArrayLength):
1026 * jit/JITPropertyAccess32_64.cpp: Ditto.
1027 (JSC::JIT::stringGetByValStubGenerator):
1028 (JSC::JIT::emit_op_get_by_val):
1029 (JSC::JIT::emitSlow_op_get_by_val):
1030 (JSC::JIT::emit_op_put_by_val):
1031 (JSC::JIT::privateCompilePatchGetArrayLength):
1032 * jit/JITStubs.cpp: Remove global data argument from isJSString, etc.
1033 (JSC::JITThunks::tryCacheGetByID):
1034 (JSC::DEFINE_STUB_FUNCTION):
1035 * jit/SpecializedThunkJIT.h: Replace vptr related stuff with ClassInfo stuff.
1036 (JSC::SpecializedThunkJIT::loadJSStringArgument):
1037 * runtime/ArrayConstructor.cpp: Add trivial destructor assert.
1038 * runtime/ArrayPrototype.cpp: Remove global data argument from isJSArray.
1039 (JSC::arrayProtoFuncToString):
1040 (JSC::arrayProtoFuncJoin):
1041 (JSC::arrayProtoFuncPop):
1042 (JSC::arrayProtoFuncPush):
1043 (JSC::arrayProtoFuncShift):
1044 (JSC::arrayProtoFuncSplice):
1045 (JSC::arrayProtoFuncUnShift):
1046 (JSC::arrayProtoFuncFilter):
1047 (JSC::arrayProtoFuncMap):
1048 (JSC::arrayProtoFuncEvery):
1049 (JSC::arrayProtoFuncForEach):
1050 (JSC::arrayProtoFuncSome):
1051 (JSC::arrayProtoFuncReduce):
1052 (JSC::arrayProtoFuncReduceRight):
1053 * runtime/BooleanConstructor.cpp: Add trivial destructor assert.
1054 * runtime/BooleanObject.cpp: Ditto.
1055 * runtime/BooleanPrototype.cpp: Ditto.
1056 * runtime/ClassInfo.h: Add destroy function pointer to MethodTable.
1057 * runtime/DateConstructor.cpp: Add trivial destructor assert.
1058 * runtime/DateInstance.cpp: Add destroy function for DateInstance because it has a RefPtr
1059 that needs destruction.
1060 (JSC::DateInstance::destroy):
1061 * runtime/DateInstance.h:
1062 * runtime/Error.cpp: Ditto (because of UString member).
1063 (JSC::StrictModeTypeErrorFunction::destroy):
1065 * runtime/ErrorConstructor.cpp: Add trivial destructor assert.
1066 * runtime/ErrorInstance.cpp: Ditto.
1067 * runtime/ExceptionHelpers.cpp: Ditto.
1068 * runtime/Executable.cpp: Add destroy functions for ExecutableBase and subclasses.
1069 (JSC::ExecutableBase::destroy):
1070 (JSC::NativeExecutable::destroy):
1071 (JSC::ScriptExecutable::destroy):
1072 (JSC::EvalExecutable::destroy):
1073 (JSC::ProgramExecutable::destroy):
1074 (JSC::FunctionExecutable::destroy):
1075 * runtime/Executable.h:
1076 * runtime/FunctionConstructor.cpp: Add trivial destructor assert.
1077 * runtime/FunctionPrototype.cpp: Ditto. Also remove global data first arg from isJSArray.
1078 (JSC::functionProtoFuncApply):
1079 * runtime/GetterSetter.cpp: Ditto.
1080 * runtime/InitializeThreading.cpp: Remove call to JSGlobalData::storeVPtrs since it no
1082 (JSC::initializeThreadingOnce):
1083 * runtime/InternalFunction.cpp: Remove vtableAnchor function, add trivial destructor assert,
1084 remove first arg from isJSString.
1085 (JSC::InternalFunction::displayName):
1086 * runtime/InternalFunction.h: Remove VPtrStealingHack.
1087 * runtime/JSAPIValueWrapper.cpp: Add trivial destructor assert.
1088 * runtime/JSArray.cpp: Add static destroy to call ~JSArray. Replace vptr checks in
1089 destructor with ClassInfo checks.
1090 (JSC::JSArray::~JSArray):
1091 (JSC::JSArray::destroy):
1092 * runtime/JSArray.h: Remove VPtrStealingHack. Remove globalData argument from isJSArray
1093 and change them to check the ClassInfo rather than the vptrs.
1095 * runtime/JSBoundFunction.cpp: Add trival destructor assert. Remove first arg from isJSArray.
1096 (JSC::boundFunctionCall):
1097 (JSC::boundFunctionConstruct):
1098 * runtime/JSByteArray.cpp: Add static destroy function, replace vptr checks with ClassInfo checks.
1099 (JSC::JSByteArray::~JSByteArray):
1100 (JSC::JSByteArray::destroy):
1101 * runtime/JSByteArray.h: Remove VPtrStealingHack code.
1102 (JSC::isJSByteArray):
1103 * runtime/JSCell.cpp: Add trivial destructor assert. Add static destroy function.
1104 (JSC::JSCell::destroy):
1105 * runtime/JSCell.h: Remove VPtrStealingHack code. Add function for returning the offset
1106 of the ClassInfo pointer in the object for use by the JIT. Add the ClassInfo pointer to
1107 the JSCell itself, and grab it from the Structure. Remove the vptr and setVPtr functions,
1108 as they are no longer used. Add a validatedClassInfo function to JSCell for any clients
1109 that want to verify, while in Debug mode, that the ClassInfo contained in the cell is the
1110 same one as that contained in the Structure. This isn't used too often, because most of
1111 the places where we compare the ClassInfo to things can be called during destruction.
1112 Since the Structure is unreliable during the phase when destructors are being called,
1113 we can't call validatedClassInfo.
1114 (JSC::JSCell::classInfoOffset):
1115 (JSC::JSCell::structure):
1116 (JSC::JSCell::classInfo):
1117 * runtime/JSFunction.cpp: Remove VPtrStealingHack code. Add static destroy, remove vtableAnchor,
1118 remove first arg from call to isJSString.
1119 (JSC::JSFunction::destroy):
1120 (JSC::JSFunction::displayName):
1121 * runtime/JSFunction.h:
1122 * runtime/JSGlobalData.cpp: Remove all VPtr stealing code and storage, including storeVPtrs,
1123 as these vptrs are no longer needed in the codebase.
1124 * runtime/JSGlobalData.h:
1125 (JSC::TypedArrayDescriptor::TypedArrayDescriptor): Changed the TypedArrayDescriptor to use
1126 ClassInfo rather than the vptr.
1127 * runtime/JSGlobalObject.cpp: Add static destroy function.
1128 (JSC::JSGlobalObject::destroy):
1129 * runtime/JSGlobalObject.h:
1130 * runtime/JSGlobalThis.cpp: Add trivial destructor assert.
1131 * runtime/JSNotAnObject.cpp: Ditto.
1132 * runtime/JSONObject.cpp: Ditto. Remove first arg from isJSArray calls.
1133 (JSC::Stringifier::Holder::appendNextProperty):
1134 (JSC::Walker::walk):
1135 * runtime/JSObject.cpp:
1136 (JSC::JSFinalObject::destroy):
1137 (JSC::JSNonFinalObject::destroy):
1138 (JSC::JSObject::destroy):
1139 * runtime/JSObject.h: Add trivial destructor assert for JSObject, remove vtableAnchor
1140 from JSNonFinalObject and JSFinalObject, add static destroy for JSFinalObject and
1141 JSNonFinalObject, add isJSFinalObject utility function similar to isJSArray, remove all VPtrStealingHack code.
1142 (JSC::JSObject::finishCreation):
1143 (JSC::JSNonFinalObject::finishCreation):
1144 (JSC::JSFinalObject::finishCreation):
1145 (JSC::isJSFinalObject):
1146 * runtime/JSPropertyNameIterator.cpp: Add static destroy.
1147 (JSC::JSPropertyNameIterator::destroy):
1148 * runtime/JSPropertyNameIterator.h:
1149 * runtime/JSStaticScopeObject.cpp: Ditto.
1150 (JSC::JSStaticScopeObject::destroy):
1151 * runtime/JSStaticScopeObject.h: Ditto.
1152 * runtime/JSString.cpp:
1153 (JSC::JSString::destroy):
1154 * runtime/JSString.h: Ditto. Remove VPtrStealingHack code. Also remove fixupVPtr code,
1155 since we no longer need to fixup vptrs.
1156 (JSC::jsSingleCharacterString):
1157 (JSC::jsSingleCharacterSubstring):
1158 (JSC::jsNontrivialString):
1160 (JSC::jsSubstring8):
1162 (JSC::jsOwnedString):
1163 (JSC::jsStringBuilder):
1165 * runtime/JSVariableObject.cpp:
1166 (JSC::JSVariableObject::destroy):
1167 * runtime/JSVariableObject.h: Ditto.
1168 * runtime/JSWrapperObject.cpp:
1169 * runtime/JSWrapperObject.h: Add trivial destructor assert.
1170 * runtime/MathObject.cpp: Ditto.
1171 * runtime/NativeErrorConstructor.cpp: Ditto.
1172 * runtime/NumberConstructor.cpp: Ditto.
1173 * runtime/NumberObject.cpp: Ditto.
1174 * runtime/NumberPrototype.cpp: Ditto.
1175 * runtime/ObjectConstructor.cpp: Ditto.
1176 * runtime/ObjectPrototype.cpp: Ditto.
1177 * runtime/Operations.h: Remove calls to fixupVPtr, remove first arg to isJSString.
1181 * runtime/RegExp.cpp: Add static destroy.
1182 (JSC::RegExp::destroy):
1184 * runtime/RegExpConstructor.cpp: Add static destroy for RegExpConstructor and RegExpMatchesArray.
1185 (JSC::RegExpConstructor::destroy):
1186 (JSC::RegExpMatchesArray::destroy):
1187 * runtime/RegExpConstructor.h:
1188 * runtime/RegExpMatchesArray.h:
1189 * runtime/RegExpObject.cpp: Add static destroy.
1190 (JSC::RegExpObject::destroy):
1191 * runtime/RegExpObject.h:
1192 * runtime/ScopeChain.cpp: Add trivial destructor assert.
1193 * runtime/ScopeChain.h:
1194 * runtime/StrictEvalActivation.cpp: Ditto.
1195 * runtime/StringConstructor.cpp:
1196 * runtime/StringObject.cpp: Ditto. Remove vtableAnchor.
1197 * runtime/StringObject.h:
1198 * runtime/StringPrototype.cpp: Ditto.
1199 * runtime/Structure.cpp: Add static destroy.
1200 (JSC::Structure::destroy):
1201 * runtime/Structure.h: Move JSCell::finishCreation and JSCell constructor into Structure.h
1202 because they need to have the full Structure type to access the ClassInfo to store in the JSCell.
1203 (JSC::JSCell::setStructure):
1204 (JSC::JSCell::validatedClassInfo):
1205 (JSC::JSCell::JSCell):
1206 (JSC::JSCell::finishCreation):
1207 * runtime/StructureChain.cpp: Add static destroy.
1208 (JSC::StructureChain::destroy):
1209 * runtime/StructureChain.h:
1210 * wtf/Assertions.h: Add new assertion ASSERT_HAS_TRIVIAL_DESTRUCTOR, which uses clangs
1211 ability to tell us when a class has a trivial destructor. We will use this assert
1212 more in future patches as we move toward having all JSC objects backed by GC memory,
1213 which means moving away from using destructors/finalizers.
1215 2011-12-15 Martin Robinson <mrobinson@igalia.com>
1217 Fix 'make dist' in preparation for the GTK+ release.
1219 * GNUmakefile.list.am: Add missing header.
1221 2011-12-15 Sam Weinig <sam@webkit.org>
1223 <rdar://problem/10552550> JavaScriptCore uses obsolete 'cpy' mnemonic in ARM assembly
1225 Reviewed by Gavin Barraclough.
1227 Original patch by Jim Grosbach.
1230 (JSC::ctiTrampoline):
1231 (JSC::ctiVMThrowTrampoline):
1232 Replace uses of the 'cpy' mnemonic with 'mov'.
1234 2011-12-15 Filip Pizlo <fpizlo@apple.com>
1236 Value profiling should distinguished between NaN and non-NaN doubles
1237 https://bugs.webkit.org/show_bug.cgi?id=74682
1239 Reviewed by Gavin Barraclough.
1241 Added PredictDoubleReal and PredictDoubleNaN. PredictDouble is now the union
1244 * bytecode/PredictedType.cpp:
1245 (JSC::predictionToString):
1246 (JSC::predictionFromValue):
1247 * bytecode/PredictedType.h:
1248 (JSC::isDoubleRealPrediction):
1249 (JSC::isDoublePrediction):
1251 2011-12-15 Anders Carlsson <andersca@apple.com>
1253 Regression (r102866): Navigating away from or closing a page with a plugin crashes
1254 https://bugs.webkit.org/show_bug.cgi?id=74655
1255 <rdar://problem/10590024>
1257 Reviewed by Sam Weinig.
1259 Rewrite HasRefAndDeref to work if ref and deref are implemented in base classes,
1260 using a modified version of the technique described here:
1261 http://groups.google.com/group/comp.lang.c++.moderated/msg/e5fbc9305539f699
1265 2011-12-15 Andy Wingo <wingo@igalia.com>
1267 Warnings fixes in Interpreter.cpp and PrivateExecute.cpp
1268 https://bugs.webkit.org/show_bug.cgi?id=74624
1270 Reviewed by Darin Adler.
1272 * interpreter/Interpreter.cpp:
1273 (JSC::Interpreter::privateExecute): Fix variables unused in
1275 * wtf/ParallelJobsGeneric.cpp:
1276 (WTF::ParallelEnvironment::ParallelEnvironment): Fix
1277 signed/unsigned comparison warning, with a cast.
1279 2011-12-15 Andy Wingo <wingo@igalia.com>
1281 Use more macrology in JSC::Options
1282 https://bugs.webkit.org/show_bug.cgi?id=72938
1284 Reviewed by Filip Pizlo.
1286 * runtime/Options.cpp:
1287 (JSC::Options::initializeOptions):
1288 * runtime/Options.h: Use macros to ensure that all heuristics are
1289 declared and have initializers.
1291 2011-12-15 Anders Carlsson <andersca@apple.com>
1293 Add ScrollingCoordinator class and ENABLE_THREADED_SCROLLING define
1294 https://bugs.webkit.org/show_bug.cgi?id=74639
1296 Reviewed by Andreas Kling.
1298 Add ENABLE_THREADED_SCROLLING #define.
1302 2011-12-15 Anders Carlsson <andersca@apple.com>
1304 EventDispatcher should handle wheel events on the connection queue
1305 https://bugs.webkit.org/show_bug.cgi?id=74627
1307 Reviewed by Andreas Kling.
1309 Add a BoundFunctionImpl specialization that takes three parameters.
1316 2011-12-14 Anders Carlsson <andersca@apple.com>
1318 Add WTF::Function to wtf/Forward.h
1319 https://bugs.webkit.org/show_bug.cgi?id=74576
1321 Reviewed by Adam Roben.
1324 Work around a name conflict in the readline library.
1329 2011-12-15 Igor Oliveira <igor.oliveira@openbossa.org>
1331 [Qt] Support requestAnimationFrame API
1332 https://bugs.webkit.org/show_bug.cgi?id=74528
1334 Let Qt port use REQUEST_ANIMATION_FRAME_TIMER.
1336 Reviewed by Kenneth Rohde Christiansen.
1340 2011-12-15 Andy Wingo <wingo@igalia.com>
1342 Minor refactor to Parser::parseTryStatement
1343 https://bugs.webkit.org/show_bug.cgi?id=74507
1345 Reviewed by Geoffrey Garen.
1347 * parser/Parser.cpp (JSC::Parser::parseTryStatement): Use the
1348 Parser's declareVariable instead of going directly to the scope.
1349 This will facilitate future checks related to harmony block
1352 2011-12-15 Andy Wingo <wingo@igalia.com>
1354 Rename JSC::Heuristics to JSC::Options
1355 https://bugs.webkit.org/show_bug.cgi?id=72889
1357 Reviewed by Filip Pizlo.
1359 * runtime/Options.cpp: Renamed from Source/JavaScriptCore/runtime/Heuristics.cpp.
1360 * runtime/Options.h: Renamed from Source/JavaScriptCore/runtime/Heuristics.h.
1363 * GNUmakefile.list.am:
1364 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1365 * JavaScriptCore.xcodeproj/project.pbxproj:
1367 * bytecode/CodeBlock.cpp:
1368 (JSC::CodeBlock::shouldOptimizeNow):
1369 * bytecode/CodeBlock.h:
1370 (JSC::CodeBlock::likelyToTakeSlowCase):
1371 (JSC::CodeBlock::couldTakeSlowCase):
1372 (JSC::CodeBlock::likelyToTakeSpecialFastCase):
1373 (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
1374 (JSC::CodeBlock::likelyToTakeAnySlowCase):
1375 (JSC::CodeBlock::reoptimizationRetryCounter):
1376 (JSC::CodeBlock::countReoptimization):
1377 (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
1378 (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
1379 (JSC::CodeBlock::optimizeNextInvocation):
1380 (JSC::CodeBlock::dontOptimizeAnytimeSoon):
1381 (JSC::CodeBlock::optimizeSoon):
1382 (JSC::CodeBlock::largeFailCountThreshold):
1383 (JSC::CodeBlock::largeFailCountThresholdForLoop):
1384 (JSC::CodeBlock::shouldReoptimizeNow):
1385 (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
1386 * dfg/DFGByteCodeParser.cpp:
1387 (JSC::DFG::ByteCodeParser::handleInlining):
1388 * dfg/DFGCapabilities.h:
1389 (JSC::DFG::mightCompileEval):
1390 (JSC::DFG::mightCompileProgram):
1391 (JSC::DFG::mightCompileFunctionForCall):
1392 (JSC::DFG::mightCompileFunctionForConstruct):
1393 (JSC::DFG::mightInlineFunctionForCall):
1394 (JSC::DFG::mightInlineFunctionForConstruct):
1395 * dfg/DFGOSRExit.cpp:
1396 (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
1397 * dfg/DFGOSRExitCompiler32_64.cpp:
1398 (JSC::DFG::OSRExitCompiler::compileExit):
1399 * dfg/DFGOSRExitCompiler64.cpp:
1400 (JSC::DFG::OSRExitCompiler::compileExit):
1401 * dfg/DFGVariableAccessData.h:
1402 (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
1403 * heap/MarkStack.cpp:
1404 (JSC::MarkStackSegmentAllocator::allocate):
1405 (JSC::MarkStackSegmentAllocator::shrinkReserve):
1406 (JSC::MarkStackArray::MarkStackArray):
1407 (JSC::MarkStackArray::donateSomeCellsTo):
1408 (JSC::MarkStackArray::stealSomeCellsFrom):
1409 (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
1410 (JSC::SlotVisitor::donateSlow):
1411 (JSC::SlotVisitor::drain):
1412 (JSC::SlotVisitor::drainFromShared):
1414 (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
1415 (JSC::MarkStack::addOpaqueRoot):
1416 (JSC::MarkStackArray::canDonateSomeCells):
1417 * heap/SlotVisitor.h:
1418 (JSC::SlotVisitor::donate):
1420 (JSC::JIT::emitOptimizationCheck):
1421 * runtime/InitializeThreading.cpp:
1422 (JSC::initializeThreadingOnce): Adapt callers and build systems.
1425 (CommandLine::CommandLine):
1427 (CommandLine::CommandLine):
1428 Rename from Options, to avoid name conflict.
1430 2011-12-14 Sam Weinig <sam@webkit.org>
1432 Revert unintentional change to JavaScriptCore.def
1434 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1436 2011-12-14 Sam Weinig <weinig@apple.com>
1438 Remove whitespace from InheritedPropertySheets attributes in
1439 vsprops files to appease the Visual Studio project migrator.
1441 Reviewed by Adam Roben.
1443 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1444 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops:
1445 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops:
1446 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops:
1447 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops:
1448 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops:
1449 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops:
1450 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops:
1451 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops:
1452 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops:
1453 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops:
1454 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops:
1455 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops:
1456 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops:
1457 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
1458 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
1459 * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops:
1460 * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops:
1461 * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops:
1462 * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops:
1463 * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops:
1464 * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops:
1465 * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops:
1466 * JavaScriptCore.vcproj/jsc/jscDebug.vsprops:
1467 * JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops:
1468 * JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops:
1469 * JavaScriptCore.vcproj/jsc/jscProduction.vsprops:
1470 * JavaScriptCore.vcproj/jsc/jscRelease.vsprops:
1471 * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops:
1472 * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
1473 * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops:
1474 * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops:
1475 * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops:
1476 * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops:
1477 * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops:
1478 * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops:
1479 * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops:
1480 * JavaScriptCore.vcproj/testapi/testapiDebug.vsprops:
1481 * JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops:
1482 * JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops:
1483 * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops:
1484 * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops:
1485 * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops:
1487 2011-12-14 Anders Carlsson <andersca@apple.com>
1489 binding a member function should ref/deref the object pointer if needed
1490 https://bugs.webkit.org/show_bug.cgi?id=74552
1492 Reviewed by Sam Weinig.
1494 Add a HasRefAndDeref helper class template which checks if a given class type has ref and deref
1495 member functions which the right type. Use this to determine if we should ref/deref the first parameter.
1500 (WTF::RefAndDeref::ref):
1501 (WTF::RefAndDeref::deref):
1503 2011-12-14 Hajime Morrita <morrita@chromium.org>
1505 JS_INLINE and WTF_INLINE should be visible from WebCore
1506 https://bugs.webkit.org/show_bug.cgi?id=73191
1508 - Moved Export related macro definitions from config.h to ExportMacros.h and JSExportMacros.h.
1509 - Moved WTF_USE_JSC and WTF_USE_V8 from various config.h family to Platform.h.
1510 - Replaced JS_EXPORTDATA in wtf moudule with newly introduced WTF_EXPORTDATA.
1512 Reviewed by Kevin Ollivier.
1514 * JavaScriptCore.xcodeproj/project.pbxproj:
1516 * runtime/JSExportMacros.h: Added.
1517 * wtf/ExportMacros.h:
1519 * wtf/WTFThreadData.h:
1520 * wtf/text/AtomicString.h:
1521 * wtf/text/StringStatics.cpp:
1523 2011-12-14 Anders Carlsson <andersca@apple.com>
1525 Work around a bug in the MSVC2005 compiler
1526 https://bugs.webkit.org/show_bug.cgi?id=74550
1528 Reviewed by Sam Weinig.
1530 Add template parameters for the return types of the partial specializations of BoundFunctionImpl.
1535 2011-12-13 Jon Lee <jonlee@apple.com>
1537 Enable notifications on Mac.
1539 Reviewed by Sam Weinig.
1541 * Configurations/FeatureDefines.xcconfig:
1543 2011-12-14 David Kilzer <ddkilzer@apple.com>
1545 Remove definition of old ENABLE(YARR) macro
1546 <http://webkit.org/b/74532>
1548 Reviewed by Darin Adler.
1550 * wtf/Platform.h: Removed ENABLE_YARR macros.
1552 2011-12-14 Anders Carlsson <andersca@apple.com>
1554 bind should handle member functions
1555 https://bugs.webkit.org/show_bug.cgi?id=74529
1557 Reviewed by Sam Weinig.
1559 Add FunctionWrapper partial specializations for member function pointers.
1564 2011-12-14 Gavin Barraclough <barraclough@apple.com>
1566 DFG relies on returning a struct in registers
1567 https://bugs.webkit.org/show_bug.cgi?id=74527
1569 Reviewed by Geoff Garen.
1571 This will not work on all platforms. Returning a uint64_t will more reliably achieve
1572 what we want, on 32-bit platforms (on 64-bit, stick with the struct return).
1574 * dfg/DFGOperations.cpp:
1575 * dfg/DFGOperations.h:
1576 (JSC::DFG::DFGHandler::dfgHandlerEncoded):
1578 2011-12-14 Anders Carlsson <andersca@apple.com>
1580 Add unary and binary bind overloads
1581 https://bugs.webkit.org/show_bug.cgi?id=74524
1583 Reviewed by Sam Weinig.
1587 (WTF::FunctionWrapper::ResultType):
1590 2011-12-14 Anders Carlsson <andersca@apple.com>
1592 Add back the callOnMainThread overload that takes a WTF::Function
1593 https://bugs.webkit.org/show_bug.cgi?id=74512
1595 Reviewed by Darin Adler.
1597 Add back the overload; the changes to WebCore should hopefully keep Windows building.
1599 * wtf/MainThread.cpp:
1600 (WTF::callFunctionObject):
1601 (WTF::callOnMainThread):
1604 2011-12-13 Filip Pizlo <fpizlo@apple.com>
1606 DFG should infer when local variables are doubles
1607 https://bugs.webkit.org/show_bug.cgi?id=74480
1609 Reviewed by Oliver Hunt.
1611 Introduced the notion that a local variable (though not an argument, yet!) can
1612 be stored as a double, and will be guaranteed to always contain a double. This
1613 requires more magic in the OSR (conversion in both entry and exit). The inference
1614 is quite unorthodox: all uses of a variable vote on whether they think it should
1615 be a double or a JSValue, based on how they use it. If they use it in an integer
1616 or boxed value context, they vote JSValue. If they use it in a double context,
1617 they vote double. This voting is interleaved in the propagator's fixpoint, so
1618 that variables voted double then have a double prediction propagated from them.
1619 This interleaving is needed because a variable that actually always contains an
1620 integer that always gets used in arithmetic that involves doubles may end up
1621 being voted double, which then means that all uses of the variable will see a
1622 double rather than an integer.
1624 This is worth 18% to SunSpider/3d-cube, 7% to Kraken/audio-beat-detection, 7%
1625 to Kraken/audio-fft, 6% to Kraken/imaging-darkroom, 20% to
1626 Kraken/imaging-gaussian-blur, and just over 1% to Kraken/json-parse-financial.
1627 It results in a 1% speed-up on SunSpider and a 4% speed-up in Kraken. Similar
1628 results on JSVALUE32_64, though with a bigger win on Kraken (5%) and no overall
1631 * bytecode/ValueRecovery.h:
1632 (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedDouble):
1633 (JSC::ValueRecovery::dump):
1634 * dfg/DFGAbstractState.cpp:
1635 (JSC::DFG::AbstractState::execute):
1636 * dfg/DFGAssemblyHelpers.h:
1637 (JSC::DFG::AssemblyHelpers::boxDouble):
1639 (JSC::DFG::Graph::dump):
1640 * dfg/DFGJITCompiler.h:
1641 (JSC::DFG::JITCompiler::noticeOSREntry):
1642 * dfg/DFGOSREntry.cpp:
1643 (JSC::DFG::prepareOSREntry):
1644 * dfg/DFGOSREntry.h:
1645 * dfg/DFGOSRExitCompiler64.cpp:
1646 (JSC::DFG::OSRExitCompiler::compileExit):
1647 * dfg/DFGPropagator.cpp:
1648 (JSC::DFG::Propagator::vote):
1649 (JSC::DFG::Propagator::doRoundOfDoubleVoting):
1650 (JSC::DFG::Propagator::propagatePredictions):
1651 (JSC::DFG::Propagator::fixupNode):
1652 * dfg/DFGSpeculativeJIT.cpp:
1653 (JSC::DFG::ValueSource::dump):
1654 (JSC::DFG::SpeculativeJIT::compile):
1655 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
1656 * dfg/DFGSpeculativeJIT.h:
1657 * dfg/DFGSpeculativeJIT32_64.cpp:
1658 (JSC::DFG::SpeculativeJIT::compile):
1659 * dfg/DFGSpeculativeJIT64.cpp:
1660 (JSC::DFG::SpeculativeJIT::compile):
1661 * dfg/DFGVariableAccessData.h:
1662 (JSC::DFG::VariableAccessData::VariableAccessData):
1663 (JSC::DFG::VariableAccessData::clearVotes):
1664 (JSC::DFG::VariableAccessData::vote):
1665 (JSC::DFG::VariableAccessData::doubleVoteRatio):
1666 (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
1667 (JSC::DFG::VariableAccessData::shouldUseDoubleFormat):
1668 (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
1669 * runtime/Arguments.cpp:
1670 (JSC::Arguments::tearOff):
1671 * runtime/Heuristics.cpp:
1672 (JSC::Heuristics::initializeHeuristics):
1673 * runtime/Heuristics.h:
1675 2011-12-13 Anders Carlsson <andersca@apple.com>
1677 Try to fix the Windows build.
1679 Remove the callOnMainThread overload that takes a WTF::Function since it's not being used.
1681 * wtf/MainThread.cpp:
1684 2011-12-13 Anders Carlsson <andersca@apple.com>
1686 Add a very bare-bones implementation of bind and Function to WTF
1687 https://bugs.webkit.org/show_bug.cgi?id=74462
1689 Reviewed by Sam Weinig.
1691 In order to make it easier to package up function calls and send them across
1692 threads, add a (currently very simple) implementation of WTF::bind and WTF::Function to a new
1693 wtf/Functional.h header.
1695 Currently, all bind can do is bind a nullary function and return a Function object that can be called and copied,
1696 but I'll add more as the need arises.
1698 * GNUmakefile.list.am:
1699 * JavaScriptCore.gypi:
1700 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
1701 * JavaScriptCore.xcodeproj/project.pbxproj:
1702 * wtf/Functional.h: Added.
1704 (WTF::FunctionImplBase::~FunctionImplBase):
1705 (WTF::FunctionWrapper::ResultType):
1706 (WTF::FunctionBase::isNull):
1707 (WTF::FunctionBase::FunctionBase):
1708 (WTF::FunctionBase::impl):
1710 * wtf/MainThread.cpp:
1711 (WTF::callFunctionObject):
1712 (WTF::callOnMainThread):
1716 2011-12-13 Geoffrey Garen <ggaren@apple.com>
1718 <rdar://problem/10577239> GC Crash introduced in r102545
1720 Reviewed by Gavin Barraclough.
1722 MarkedArgumentBuffer was still marking items in forwards order, even though
1723 the argument order has been reversed.
1725 I fixed this bug, and replaced address calculation code with some helper
1726 functions -- mallocBase() and slotFor() -- so it stays fixed everywhere.
1728 * runtime/ArgList.cpp:
1729 (JSC::MarkedArgumentBuffer::markLists):
1730 (JSC::MarkedArgumentBuffer::slowAppend):
1731 * runtime/ArgList.h:
1732 (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
1733 (JSC::MarkedArgumentBuffer::at):
1734 (JSC::MarkedArgumentBuffer::append):
1735 (JSC::MarkedArgumentBuffer::last):
1736 (JSC::MarkedArgumentBuffer::slotFor):
1737 (JSC::MarkedArgumentBuffer::mallocBase):
1739 2011-12-13 Filip Pizlo <fpizlo@apple.com>
1741 DFG OSR exit for UInt32ToNumber should roll forward, not roll backward
1742 https://bugs.webkit.org/show_bug.cgi?id=74463
1744 Reviewed by Gavin Barraclough.
1746 Implements roll-forward OSR exit for UInt32ToNumber, which requires ValueRecoveries knowing
1747 how to execute the slow path of UInt32ToNumber.
1749 * bytecode/CodeBlock.h:
1750 (JSC::CodeBlock::lastOSRExit):
1751 * bytecode/CodeOrigin.h:
1752 (JSC::CodeOrigin::operator!=):
1753 * bytecode/ValueRecovery.h:
1754 (JSC::ValueRecovery::uint32InGPR):
1755 (JSC::ValueRecovery::gpr):
1756 (JSC::ValueRecovery::dump):
1757 * dfg/DFGAssemblyHelpers.cpp:
1758 * dfg/DFGAssemblyHelpers.h:
1760 (JSC::DFG::OSRExit::valueRecoveryForOperand):
1761 * dfg/DFGOSRExitCompiler32_64.cpp:
1762 (JSC::DFG::OSRExitCompiler::compileExit):
1763 * dfg/DFGOSRExitCompiler64.cpp:
1764 (JSC::DFG::OSRExitCompiler::compileExit):
1765 * dfg/DFGSpeculativeJIT.cpp:
1766 (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
1767 (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
1768 * dfg/DFGSpeculativeJIT.h:
1769 * dfg/DFGSpeculativeJIT32_64.cpp:
1770 (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
1771 (JSC::DFG::SpeculativeJIT::compile):
1772 * dfg/DFGSpeculativeJIT64.cpp:
1773 (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
1774 (JSC::DFG::SpeculativeJIT::compile):
1776 2011-12-13 Oliver Hunt <oliver@apple.com>
1778 Arguments object doesn't handle mutation of length property correctly
1779 https://bugs.webkit.org/show_bug.cgi?id=74454
1781 Reviewed by Gavin Barraclough.
1783 Correct handling of arguments objects with overridden length property
1785 * interpreter/Interpreter.cpp:
1787 * runtime/Arguments.cpp:
1788 (JSC::Arguments::copyToArguments):
1789 (JSC::Arguments::fillArgList):
1791 2011-12-13 Filip Pizlo <fpizlo@apple.com>
1793 DFG GetByVal CSE rule should match PutByValAlias
1794 https://bugs.webkit.org/show_bug.cgi?id=74390
1796 Reviewed by Geoff Garen.
1798 Tiny win on some benchmarks. Maybe a 0.2% win on SunSpider.
1800 * dfg/DFGPropagator.cpp:
1801 (JSC::DFG::Propagator::getByValLoadElimination):
1803 2011-12-13 Andy Wingo <wingo@igalia.com>
1805 Fix interpreter debug build.
1806 https://bugs.webkit.org/show_bug.cgi?id=74439
1808 Reviewed by Geoffrey Garen.
1810 * bytecode/ValueRecovery.h: Include stdio.h on debug builds.
1812 2011-12-13 Filip Pizlo <fpizlo@apple.com>
1814 DFG should know exactly why recompilation was triggered
1815 https://bugs.webkit.org/show_bug.cgi?id=74362
1817 Reviewed by Oliver Hunt.
1819 Each OSR exit is now individually counted, as well as counting the total number
1820 of OSR exits that occurred in a code block. If recompilation is triggered, we
1821 check to see if there are OSR exit sites that make up a sufficiently large
1822 portion of the total OSR exits that occurred. For any such OSR exit sites, we
1823 add a description of the site (bytecode index, kind) to a data structure in the
1824 corresponding baseline CodeBlock. Then, when we recompile the code, we immediately
1825 know which speculations would be unwise based on the fact that previous such
1826 speculations proved to be fruitless.
1828 This means 2% win on two of the SunSpider string tests, a 4% win on V8's deltablue,
1829 and 5% on Kraken's imaging-darkroom. It is only a minor win in the averages, less
1833 * GNUmakefile.list.am:
1834 * JavaScriptCore.xcodeproj/project.pbxproj:
1836 * bytecode/CodeBlock.cpp:
1837 (JSC::CodeBlock::tallyFrequentExitSites):
1838 * bytecode/CodeBlock.h:
1839 (JSC::CodeBlock::addFrequentExitSite):
1840 (JSC::CodeBlock::exitProfile):
1841 (JSC::CodeBlock::reoptimize):
1842 (JSC::CodeBlock::tallyFrequentExitSites):
1843 * bytecode/DFGExitProfile.cpp: Added.
1844 (JSC::DFG::ExitProfile::ExitProfile):
1845 (JSC::DFG::ExitProfile::~ExitProfile):
1846 (JSC::DFG::ExitProfile::add):
1847 (JSC::DFG::QueryableExitProfile::QueryableExitProfile):
1848 (JSC::DFG::QueryableExitProfile::~QueryableExitProfile):
1849 * bytecode/DFGExitProfile.h: Added.
1850 (JSC::DFG::exitKindToString):
1851 (JSC::DFG::exitKindIsCountable):
1852 (JSC::DFG::FrequentExitSite::FrequentExitSite):
1853 (JSC::DFG::FrequentExitSite::operator!):
1854 (JSC::DFG::FrequentExitSite::operator==):
1855 (JSC::DFG::FrequentExitSite::hash):
1856 (JSC::DFG::FrequentExitSite::bytecodeOffset):
1857 (JSC::DFG::FrequentExitSite::kind):
1858 (JSC::DFG::FrequentExitSite::isHashTableDeletedValue):
1859 (JSC::DFG::FrequentExitSiteHash::hash):
1860 (JSC::DFG::FrequentExitSiteHash::equal):
1861 (JSC::DFG::QueryableExitProfile::hasExitSite):
1862 * dfg/DFGAssemblyHelpers.h:
1863 (JSC::DFG::AssemblyHelpers::baselineCodeBlockForOriginAndBaselineCodeBlock):
1864 (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor):
1865 * dfg/DFGByteCodeParser.cpp:
1866 (JSC::DFG::ByteCodeParser::makeSafe):
1867 (JSC::DFG::ByteCodeParser::makeDivSafe):
1868 (JSC::DFG::ByteCodeParser::handleCall):
1869 (JSC::DFG::ByteCodeParser::handleIntrinsic):
1870 (JSC::DFG::ByteCodeParser::parseBlock):
1871 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1872 * dfg/DFGOSRExit.cpp:
1873 (JSC::DFG::OSRExit::OSRExit):
1874 (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
1876 (JSC::DFG::OSRExit::considerAddingAsFrequentExitSite):
1877 * dfg/DFGOSRExitCompiler.cpp:
1878 * dfg/DFGOSRExitCompiler32_64.cpp:
1879 (JSC::DFG::OSRExitCompiler::compileExit):
1880 * dfg/DFGOSRExitCompiler64.cpp:
1881 (JSC::DFG::OSRExitCompiler::compileExit):
1882 * dfg/DFGSpeculativeJIT.cpp:
1883 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
1884 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
1885 (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
1886 (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
1887 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
1888 (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
1889 (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength):
1890 (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
1891 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
1892 (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
1893 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
1894 (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
1895 (JSC::DFG::SpeculativeJIT::compileSoftModulo):
1896 (JSC::DFG::SpeculativeJIT::compileArithMul):
1897 (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
1898 * dfg/DFGSpeculativeJIT.h:
1899 (JSC::DFG::SpeculativeJIT::speculationCheck):
1900 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
1901 * dfg/DFGSpeculativeJIT32_64.cpp:
1902 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1903 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1904 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1905 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1906 (JSC::DFG::SpeculativeJIT::compileObjectEquality):
1907 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1908 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1909 (JSC::DFG::SpeculativeJIT::compile):
1910 * dfg/DFGSpeculativeJIT64.cpp:
1911 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1912 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1913 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1914 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1915 (JSC::DFG::SpeculativeJIT::compileObjectEquality):
1916 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1917 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1918 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1919 (JSC::DFG::SpeculativeJIT::emitBranch):
1920 (JSC::DFG::SpeculativeJIT::compile):
1921 * runtime/Heuristics.cpp:
1922 (JSC::Heuristics::initializeHeuristics):
1923 * runtime/Heuristics.h:
1925 2011-12-13 Michael Saboff <msaboff@apple.com>
1927 Cleanup of StringImpl::equal in r102631 post commit
1928 https://bugs.webkit.org/show_bug.cgi?id=74421
1930 Reviewed by Darin Adler.
1932 * wtf/text/AtomicString.h:
1933 (WTF::operator==): Removed cast no longer needed.
1934 * wtf/text/StringImpl.h:
1935 (WTF::equal): Changed template to several overloaded methods.
1937 2011-12-12 Michael Saboff <msaboff@apple.com>
1939 Eliminate Duplicate word at a time equal code in StringImpl.cpp and StringHash.h
1940 https://bugs.webkit.org/show_bug.cgi?id=73622
1942 Reviewed by Oliver Hunt.
1944 Moved equal(charType1 *, charType2, unsigned) template methods
1945 from static StringImpl.cpp to StringImpl.h and then replaced the
1946 processor specific character comparison code in StringHash::equal
1947 with calls to these methods.
1949 This change is worth 3% on SunSpider string-unpack-code as reported
1950 by the SunSpider command line harness. No other tests appear to
1951 have measurable performance changes.
1953 * wtf/text/AtomicString.h:
1955 * wtf/text/StringHash.h:
1956 (WTF::StringHash::equal):
1957 * wtf/text/StringImpl.cpp:
1958 * wtf/text/StringImpl.h:
1963 2011-12-12 Filip Pizlo <fpizlo@apple.com>
1965 ARMv7 version of DFG soft modulo does register allocation inside of control flow
1966 https://bugs.webkit.org/show_bug.cgi?id=74354
1968 Reviewed by Gavin Barraclough.
1970 * dfg/DFGSpeculativeJIT.cpp:
1971 (JSC::DFG::SpeculativeJIT::compileSoftModulo):
1973 2011-12-12 Andy Wingo <wingo@igalia.com>
1975 Simplify autotools configure.ac
1976 https://bugs.webkit.org/show_bug.cgi?id=74312
1978 Reviewed by Martin Robinson.
1980 * GNUmakefile.am: Add JSC_CPPFLAGS to javascriptcore_cppflags.
1982 2011-12-12 Filip Pizlo <fpizlo@apple.com>
1984 DFG GetByVal CSE incorrectly assumes that a non-matching PutByVal cannot clobber
1985 https://bugs.webkit.org/show_bug.cgi?id=74329
1987 Reviewed by Gavin Barraclough.
1989 * dfg/DFGPropagator.cpp:
1990 (JSC::DFG::Propagator::getByValLoadElimination):
1992 2011-12-09 Alexander Pavlov <apavlov@chromium.org>
1994 WebKit does not enumerate over CSS properties in HTMLElement.style
1995 https://bugs.webkit.org/show_bug.cgi?id=23946
1997 Reviewed by Darin Adler.
1999 Add a few exports to follow the JSCSSStyleDeclaration.cpp changes,
2000 introduce an std::sort() comparator function.
2002 * JavaScriptCore.exp:
2003 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2004 * wtf/text/WTFString.h:
2005 (WTF::codePointCompareLessThan): Used by std::sort() to sort properties.
2007 2011-12-12 Alexander Pavlov <apavlov@chromium.org>
2009 Unreviewed, build fix.
2011 Revert r102570 which broke SnowLeopard builders.
2013 * JavaScriptCore.exp:
2014 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2015 * wtf/text/WTFString.h:
2017 2011-12-09 Alexander Pavlov <apavlov@chromium.org>
2019 WebKit does not enumerate over CSS properties in HTMLElement.style
2020 https://bugs.webkit.org/show_bug.cgi?id=23946
2022 Reviewed by Darin Adler.
2024 Add a few exports to follow the JSCSSStyleDeclaration.cpp changes,
2025 introduce an std::sort() comparator function.
2027 * JavaScriptCore.exp:
2028 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2029 * wtf/text/WTFString.h:
2030 (WTF::codePointCompareLessThan): Used by std::sort() to sort properties.
2032 2011-12-12 Carlos Garcia Campos <cgarcia@igalia.com>
2034 Unreviewed. Fix make distcheck issues.
2036 * GNUmakefile.list.am:
2038 2011-12-11 Sam Weinig <sam@webkit.org>
2040 Fix another signed vs. unsigned warning
2042 * runtime/ArgList.h:
2043 (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
2045 2011-12-11 Sam Weinig <sam@webkit.org>
2047 Fix a signed vs. unsigned warning.
2049 * runtime/ArgList.cpp:
2050 (JSC::MarkedArgumentBuffer::slowAppend):
2051 Cast inlineCapacity to an int to appease the warning. This is known OK
2052 since inlineCapacity is defined to be 8.
2054 2011-12-11 Geoffrey Garen <ggaren@apple.com>
2056 Rolled out *another* debugging change I committed accidentally.
2060 * Configurations/Base.xcconfig:
2062 2011-12-11 Geoffrey Garen <ggaren@apple.com>
2064 Rolled out a debug counter I committed accidentally.
2069 (JSC::arityCheckFor):
2071 2011-12-10 Geoffrey Garen <ggaren@apple.com>
2073 v8 benchmark takes 12-13 million function call slow paths due to extra arguments
2074 https://bugs.webkit.org/show_bug.cgi?id=74244
2076 Reviewed by Filip Pizlo.
2078 .arguments function of order the Reversed
2080 10% speedup on v8-raytrace, 1.7% speedup on v8 overall, neutral on Kraken
2083 * bytecode/CodeBlock.h:
2084 (JSC::CodeBlock::valueProfileForArgument): Clarified that the interface
2085 to this function is an argument number.
2087 * bytecompiler/BytecodeGenerator.cpp:
2088 (JSC::BytecodeGenerator::BytecodeGenerator):
2089 (JSC::BytecodeGenerator::emitCall):
2090 (JSC::BytecodeGenerator::emitConstruct):
2091 (JSC::BytecodeGenerator::isArgumentNumber): Switched to using CallFrame
2092 helper functions for computing offsets for arguments, rather than doing
2095 Switched to iterating argument offsets backwards (--) instead of forwards (++).
2097 * bytecompiler/BytecodeGenerator.h:
2098 (JSC::CallArguments::thisRegister):
2099 (JSC::CallArguments::argumentRegister):
2100 (JSC::CallArguments::registerOffset): Updated for arguments being reversed.
2102 * bytecompiler/NodesCodegen.cpp: Allocate arguments in reverse order.
2104 * dfg/DFGByteCodeParser.cpp:
2105 (JSC::DFG::ByteCodeParser::getArgument):
2106 (JSC::DFG::ByteCodeParser::setArgument):
2107 (JSC::DFG::ByteCodeParser::flush):
2108 (JSC::DFG::ByteCodeParser::addCall):
2109 (JSC::DFG::ByteCodeParser::handleCall):
2110 (JSC::DFG::ByteCodeParser::handleInlining):
2111 (JSC::DFG::ByteCodeParser::handleMinMax):
2112 (JSC::DFG::ByteCodeParser::handleIntrinsic):
2113 (JSC::DFG::ByteCodeParser::parseBlock):
2114 (JSC::DFG::ByteCodeParser::processPhiStack): Use abstract argument indices
2115 that just-in-time convert to bytecode operands (i.e., indexes in the register
2116 file) through helper functions. This means only one piece of code needs
2117 to know how arguments are laid out in the register file.
2120 (JSC::DFG::Graph::dump): Ditto.
2123 (JSC::DFG::Graph::valueProfileFor): Ditto.
2125 * dfg/DFGJITCompiler.cpp:
2126 (JSC::DFG::JITCompiler::compileFunction): The whole point of this patch:
2127 Treat too many arguments as an arity match.
2130 (JSC::DFG::OSRExit::variableForIndex):
2131 (JSC::DFG::OSRExit::operandForIndex): Use helper functions, as above.
2133 * dfg/DFGOperands.h:
2134 (JSC::DFG::operandToArgument):
2135 (JSC::DFG::argumentToOperand): These are now the only two lines of code in
2136 the DFG compiler that know how arguments are laid out in memory.
2138 (JSC::DFG::Operands::operand):
2139 (JSC::DFG::Operands::setOperand): Use helper functions, as above.
2141 * dfg/DFGOperations.cpp: The whole point of this patch:
2142 Treat too many arguments as an arity match.
2144 * dfg/DFGSpeculativeJIT32_64.cpp:
2145 (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above.
2147 Also, don't tag the caller frame slot as a cell, because it's not a cell.
2149 * dfg/DFGSpeculativeJIT64.cpp:
2150 (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above.
2152 * dfg/DFGSpeculativeJIT.cpp:
2153 (JSC::DFG::SpeculativeJIT::compile): Use helper functions, as above.
2155 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): Use already-computed
2156 argument virtual register instead of recomputing by hand.
2158 * dfg/DFGSpeculativeJIT.h:
2159 (JSC::DFG::SpeculativeJIT::callFrameSlot):
2160 (JSC::DFG::SpeculativeJIT::argumentSlot):
2161 (JSC::DFG::SpeculativeJIT::callFrameTagSlot):
2162 (JSC::DFG::SpeculativeJIT::callFramePayloadSlot):
2163 (JSC::DFG::SpeculativeJIT::argumentTagSlot):
2164 (JSC::DFG::SpeculativeJIT::argumentPayloadSlot): Added a few helper
2165 functions for dealing with callee arguments specifically. These still
2166 build on top of our other helper functions, and have no direct knowledge
2167 of how arguments are laid out in the register file.
2169 (JSC::DFG::SpeculativeJIT::resetCallArguments):
2170 (JSC::DFG::SpeculativeJIT::addCallArgument): Renamed argumentIndex to
2171 argumentOffset to match CallFrame naming.
2173 (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand): Use helper
2174 functions, as above.
2176 * interpreter/CallFrame.h:
2177 (JSC::ExecState::argumentOffset):
2178 (JSC::ExecState::argumentOffsetIncludingThis):
2179 (JSC::ExecState::argument):
2180 (JSC::ExecState::setArgument):
2181 (JSC::ExecState::thisArgumentOffset):
2182 (JSC::ExecState::thisValue):
2183 (JSC::ExecState::setThisValue):
2184 (JSC::ExecState::offsetFor):
2185 (JSC::ExecState::hostThisRegister):
2186 (JSC::ExecState::hostThisValue): Added a bunch of helper functions for
2187 computing where an argument is in the register file. Anything in the
2188 runtime that needs to access arguments should use these helpers.
2190 * interpreter/CallFrameClosure.h:
2191 (JSC::CallFrameClosure::setThis):
2192 (JSC::CallFrameClosure::setArgument):
2193 (JSC::CallFrameClosure::resetCallFrame): This stuff is a lot simpler, now
2194 that too many arguments counts as an arity match and doesn't require
2195 preserving two copies of our arguments.
2197 * interpreter/Interpreter.cpp:
2198 (JSC::Interpreter::slideRegisterWindowForCall): Only need to do something
2199 special if the caller provided too few arguments.
2201 Key simplification: We never need to maintain two copies of our arguments
2205 (JSC::loadVarargs): Use helper functions.
2207 (JSC::Interpreter::unwindCallFrame): Updated for new interface.
2209 (JSC::Interpreter::execute):
2210 (JSC::Interpreter::executeCall):
2211 (JSC::Interpreter::executeConstruct):
2212 (JSC::Interpreter::prepareForRepeatCall): Seriously, though: use helper
2215 (JSC::Interpreter::privateExecute): No need to check for stack overflow
2216 when calling host functions because they have zero callee registers.
2218 (JSC::Interpreter::retrieveArguments): Explicitly tear off the arguments
2219 object, since there's no special constructor for this anymore.
2221 * interpreter/Interpreter.h: Reduced the C++ re-entry depth because some
2222 workers tests were hitting stack overflow in some of my testing. We should
2223 make this test more exact in future.
2225 * interpreter/RegisterFile.h: Death to all runtime knowledge of argument
2226 location that does not belong to the CallFrame class!
2229 (JSC::JIT::privateCompile): I am a broken record and I use helper functions.
2231 Also, the whole point of this patch: Treat too many arguments as an arity match.
2233 * jit/JITCall32_64.cpp:
2234 (JSC::JIT::compileLoadVarargs):
2236 (JSC::JIT::compileLoadVarargs): Updated the argument copying math to use
2237 helper functions, for backwards-correctness. Removed the condition
2238 pertaining to declared argument count because, now that arguments are
2239 always in just one place, this optimization is valid for all functions.
2240 Standardized the if predicate for each line of the optimization. This might
2241 fix a bug, but I couldn't get the bug to crash in practice.
2243 * jit/JITOpcodes32_64.cpp:
2244 (JSC::JIT::emit_op_create_arguments):
2245 (JSC::JIT::emit_op_get_argument_by_val):
2246 (JSC::JIT::emitSlow_op_get_argument_by_val):
2247 * jit/JITOpcodes.cpp:
2248 (JSC::JIT::emit_op_create_arguments):
2249 (JSC::JIT::emit_op_get_argument_by_val):
2250 (JSC::JIT::emitSlow_op_get_argument_by_val): Removed cti_op_create_arguments_no_params
2251 optimization because it's no longer an optimization, now that arguments
2252 are always contiguous in a known location.
2254 Updated argument access opcode math for backwards-correctness.
2257 (JSC::arityCheckFor): Updated just like slideRegisterWindowForCall. This
2258 function is slightly different because it copies the call frame in
2259 addition to the arguments. (In the Interpreter, the call frame is not
2260 set up by this point.)
2262 (JSC::lazyLinkFor): The whole point of this patch: Treat too many
2263 arguments as an arity match.
2265 (JSC::DEFINE_STUB_FUNCTION): Updated for new iterface to tearOff().
2268 * jit/SpecializedThunkJIT.h:
2269 (JSC::SpecializedThunkJIT::loadDoubleArgument):
2270 (JSC::SpecializedThunkJIT::loadCellArgument):
2271 (JSC::SpecializedThunkJIT::loadInt32Argument): Use helper functions! They
2272 build strong bones and teeth!
2274 * runtime/ArgList.cpp:
2275 (JSC::ArgList::getSlice):
2276 (JSC::MarkedArgumentBuffer::slowAppend):
2277 * runtime/ArgList.h:
2278 (JSC::MarkedArgumentBuffer::MarkedArgumentBuffer):
2279 (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
2280 (JSC::MarkedArgumentBuffer::at):
2281 (JSC::MarkedArgumentBuffer::clear):
2282 (JSC::MarkedArgumentBuffer::append):
2283 (JSC::MarkedArgumentBuffer::removeLast):
2284 (JSC::MarkedArgumentBuffer::last):
2285 (JSC::ArgList::ArgList):
2286 (JSC::ArgList::at): Updated for backwards-correctness. WTF::Vector doesn't
2287 play nice with backwards-ness, so I changed to using manual allocation.
2289 Fixed a FIXME about not all values being marked in the case of out-of-line
2290 arguments. I had to rewrite the loop anyway, and I didn't feel like
2291 maintaining fidelity to its old bugs.
2293 * runtime/Arguments.cpp:
2294 (JSC::Arguments::visitChildren):
2295 (JSC::Arguments::copyToArguments):
2296 (JSC::Arguments::fillArgList):
2297 (JSC::Arguments::getOwnPropertySlotByIndex):
2298 (JSC::Arguments::getOwnPropertySlot):
2299 (JSC::Arguments::getOwnPropertyDescriptor):
2300 (JSC::Arguments::putByIndex):
2301 (JSC::Arguments::put):
2302 (JSC::Arguments::tearOff):
2303 * runtime/Arguments.h:
2304 (JSC::Arguments::create):
2305 (JSC::Arguments::Arguments):
2306 (JSC::Arguments::argument):
2307 (JSC::Arguments::finishCreation): Secondary benefit of this patch: deleted
2308 lots of tricky code designed to maintain two different copies of function
2309 arguments. Now that arguments are always contiguous in one place in memory,
2310 this complexity can go away.
2312 Reduced down to one create function for the Arguments class, from three.
2314 Moved tearOff() into an out-of-line function because it's huge.
2316 Moved logic about whether to tear off eagerly into the Arguments class,
2317 so we didn't have to duplicate it elsewhere.
2319 * runtime/JSActivation.cpp:
2320 (JSC::JSActivation::JSActivation):
2321 (JSC::JSActivation::visitChildren): Renamed m_numParametersMinusThis to
2322 m_numCapturedArgs because if the value really were m_numParametersMinusThis
2323 we would be marking too much. (We shouldn't mark 'this' because it can't
2324 be captured.) Also, use helper functions.
2326 * runtime/JSActivation.h:
2327 (JSC::JSActivation::tearOff): Use helper functions.
2329 * runtime/JSArray.cpp:
2330 (JSC::JSArray::copyToArguments):
2331 * runtime/JSArray.h: Use helper functions, as above.
2333 2011-12-10 Mark Hahnenberg <mhahnenberg@apple.com>
2335 JSC testapi is crashing on Windows
2336 https://bugs.webkit.org/show_bug.cgi?id=74233
2338 Reviewed by Sam Weinig.
2340 Same error we've encountered before where we are calling the wrong version of
2341 visitChildren and objects that are still reachable aren't getting marked.
2342 This problem will go away soon with the removal of vptrs for these sorts of
2343 optimizations in favor of using the ClassInfo, but for now we can simply give
2344 JSFinalObject a bogus virtual method that Visual Studio can't optimize away to
2345 ensure that JSFinalObject will always have a unique vptr. We don't have to worry
2346 about JSString or JSArray right now, which are the other two special cases for
2347 visitChildren, since they already have their own virtual functions.
2349 * JavaScriptCore.exp:
2350 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2351 * runtime/JSObject.cpp:
2352 (JSC::JSFinalObject::vtableAnchor):
2353 * runtime/JSObject.h:
2355 2011-12-10 Alexis Menard <alexis.menard@openbossa.org>
2357 Unused variable in YarrJIT.cpp.
2358 https://bugs.webkit.org/show_bug.cgi?id=74237
2360 Reviewed by Andreas Kling.
2362 Variable is set but not used so we can remove it.
2365 (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
2367 2011-12-09 Filip Pizlo <fpizlo@apple.com>
2369 DFG ArithMul power-of-two case does not check for overflow
2370 https://bugs.webkit.org/show_bug.cgi?id=74230
2372 Reviewed by Gavin Barraclough.
2374 Disabled power-of-2 peephole optimization for multiplication, because it was wrong,
2375 and any attempt to fix it would likely introduce code bloat and register pressure.
2377 * dfg/DFGSpeculativeJIT.cpp:
2378 (JSC::DFG::SpeculativeJIT::compileArithMul):
2380 2011-12-09 David Levin <levin@chromium.org>
2382 REGRESSION(r101863-r102042): Assertion hit: m_verifier.isSafeToUse() in RefCountedBase::ref in FunctionCodeBlock
2383 https://bugs.webkit.org/show_bug.cgi?id=73886
2385 Reviewed by Darin Adler.
2387 * runtime/SymbolTable.h:
2388 (JSC::SharedSymbolTable::SharedSymbolTable): Added deprecatedTurnOffVerifier for
2389 another JavaScriptObject, since JavaScriptCore objects allow use on multiple threads.
2390 Bug 58091 is about changing these deprecated calls to something else but that something
2391 else will still need to be in all of these places.
2393 2011-12-09 Konrad Piascik <kpiascik@rim.com>
2395 Remove unnecessary file DissasemblerARM.cpp from build system
2396 https://bugs.webkit.org/show_bug.cgi?id=74184
2398 Reviewed by Daniel Bates.
2400 * PlatformBlackBerry.cmake:
2402 2011-12-09 Filip Pizlo <fpizlo@apple.com>
2404 DFG's interpretation of rare case profiles should be frequency-based not count-based
2405 https://bugs.webkit.org/show_bug.cgi?id=74170
2407 Reviewed by Geoff Garen.
2409 DFG optimizes for rare cases only when the rare case counter is above some threshold
2410 and it also constitutes a large enough fraction of total function executions. Also
2411 added some minor debug logic.
2413 * bytecode/CodeBlock.cpp:
2414 (JSC::CodeBlock::CodeBlock):
2415 * bytecode/CodeBlock.h:
2416 (JSC::CodeBlock::likelyToTakeSlowCase):
2417 (JSC::CodeBlock::couldTakeSlowCase):
2418 (JSC::CodeBlock::likelyToTakeSpecialFastCase):
2419 (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
2420 (JSC::CodeBlock::likelyToTakeAnySlowCase):
2421 (JSC::CodeBlock::executionEntryCount):
2422 * dfg/DFGByteCodeParser.cpp:
2423 (JSC::DFG::ByteCodeParser::makeSafe):
2424 (JSC::DFG::ByteCodeParser::makeDivSafe):
2425 (JSC::DFG::ByteCodeParser::handleCall):
2426 (JSC::DFG::ByteCodeParser::parseBlock):
2427 * dfg/DFGDriver.cpp:
2428 (JSC::DFG::compile):
2430 (JSC::JIT::privateCompile):
2431 * runtime/Heuristics.cpp:
2432 (JSC::Heuristics::initializeHeuristics):
2433 * runtime/Heuristics.h:
2435 2011-12-09 Oliver Hunt <oliver@apple.com>
2437 PutByValAlias unnecessarily clobbers GetIndexedPropertyStorage
2438 https://bugs.webkit.org/show_bug.cgi?id=74223
2440 Reviewed by Geoffrey Garen.
2442 Don't clobber GetIndexedPropertyStorage when we see PutByValAlias
2444 * dfg/DFGPropagator.cpp:
2445 (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
2447 2011-12-09 David Levin <levin@chromium.org>
2449 Hash* iterators should allow comparison between const and const versions.
2450 https://bugs.webkit.org/show_bug.cgi?id=73370
2452 Reviewed by Darin Adler.
2454 * wtf/HashTable.h: Add the operators needed to do this.
2455 (WTF::HashTableConstIterator::operator==):
2456 (WTF::HashTableConstIterator::operator!=):
2457 (WTF::HashTableIterator::operator==):
2458 (WTF::HashTableIterator::operator!=):
2462 2011-12-09 Michael Saboff <msaboff@apple.com>
2464 YARR: Multi-character read optimization for 8bit strings
2465 https://bugs.webkit.org/show_bug.cgi?id=74191
2467 Reviewed by Oliver Hunt.
2469 Changed generatePatternCharacterOnce to generate
2470 code for 1 to 4 characters in the 8 bit case.
2471 This is worth 29% improvement on SunSpider regexp-dna test.
2472 It provides no benefit to v8-regexp.
2475 (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
2476 (JSC::Yarr::YarrGenerator::generate): Spelling fix in comment.
2478 2011-12-09 David Levin <levin@chromium.org>
2480 Regression(r53595): Sync xhr requests in workers aren't terminated on worker close.
2481 https://bugs.webkit.org/show_bug.cgi?id=71695
2483 Reviewed by Zoltan Herczeg.
2485 * wtf/MessageQueue.h:
2486 (WTF::MessageQueue::tryGetMessageIgnoringKilled): Added a way to get messages
2487 even after the queue has been killed. This is useful when one wants to
2488 kill a queue but then go through it to run clean up tasks from it.
2490 2011-12-09 Adrienne Walker <enne@google.com>
2492 Fix HashMap<..., OwnPtr<...> >::add compilation errors
2493 https://bugs.webkit.org/show_bug.cgi?id=74159
2495 Reviewed by Darin Adler.
2497 Add a constructor to OwnPtr that takes the empty value (nullptr_t)
2498 from HashTraits so that this function can compile.
2501 (WTF::OwnPtr::OwnPtr):
2503 2011-12-09 Oliver Hunt <oliver@apple.com>
2505 Avoid reloading storage pointer for indexed properties unnecessarily
2506 https://bugs.webkit.org/show_bug.cgi?id=74136
2508 Reviewed by Filip Pizlo.
2510 Add a node to represent loading property storage for indexed properties.
2511 This allows us to reduce code generated for sequential access of arrays,
2512 strings, etc. This results in up to 5% improvement in code that is
2513 very heavy on indexed reads, such as matrix operations in typed arrays
2514 and 20% faster on microbenchmarks.
2516 Currently this is only supported by GetByVal and other similar indexed reads.
2518 * bytecode/PredictedType.h:
2519 (JSC::isFixedIndexedStorageObjectPrediction):
2520 * dfg/DFGAbstractState.cpp:
2521 (JSC::DFG::AbstractState::execute):
2522 * dfg/DFGByteCodeParser.cpp:
2523 (JSC::DFG::ByteCodeParser::handleIntrinsic):
2524 (JSC::DFG::ByteCodeParser::parseBlock):
2526 * dfg/DFGPropagator.cpp:
2527 (JSC::DFG::Propagator::propagateNodePredictions):
2528 (JSC::DFG::Propagator::fixupNode):
2529 (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
2530 (JSC::DFG::Propagator::performNodeCSE):
2531 * dfg/DFGSpeculativeJIT.cpp:
2532 (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
2533 (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
2534 (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
2535 (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
2536 (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
2537 (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
2538 * dfg/DFGSpeculativeJIT.h:
2539 * dfg/DFGSpeculativeJIT32_64.cpp:
2540 (JSC::DFG::SpeculativeJIT::compile):
2541 * dfg/DFGSpeculativeJIT64.cpp:
2542 (JSC::DFG::SpeculativeJIT::compile):
2544 2011-12-08 Fady Samuel <fsamuel@chromium.org>
2546 [Chromium] Enable viewport metatag
2547 https://bugs.webkit.org/show_bug.cgi?id=73495
2549 Reviewed by Darin Fisher.
2551 * wtf/Platform.h: Added ENABLE(VIEWPORT) tag.
2553 2011-12-08 Adam Klein <adamk@chromium.org>
2555 Use HashMap<Node*, OwnPtr<...>> in ChildListMutationScope
2556 https://bugs.webkit.org/show_bug.cgi?id=73964
2558 Reviewed by Darin Adler.
2560 * wtf/HashTraits.h: Add passOut(std::nullptr_t) to allow callers to use HashMap::take on a HashMap of OwnPtrs.
2562 2011-12-08 Thouraya ANDOLSI <thouraya.andolsi@st.com>
2564 https://bugs.webkit.org/show_bug.cgi?id=74005
2565 fix unaligned access memory in generatePatternCharacterOnce function
2568 Reviewed by Gavin Barraclough.
2570 * assembler/MacroAssemblerARM.h:
2571 (JSC::MacroAssemblerARM::load16Unaligned):
2572 * assembler/MacroAssemblerARMv7.h:
2573 (JSC::MacroAssemblerARMv7::load16Unaligned):
2574 * assembler/MacroAssemblerMIPS.h:
2575 (JSC::MacroAssemblerMIPS::load16Unaligned):
2576 * assembler/MacroAssemblerSH4.h:
2577 (JSC::MacroAssemblerSH4::lshift32):
2578 (JSC::MacroAssemblerSH4::load8):
2579 (JSC::MacroAssemblerSH4::load16):
2580 (JSC::MacroAssemblerSH4::load16Unaligned):
2581 (JSC::MacroAssemblerSH4::branch8):
2582 * assembler/MacroAssemblerX86Common.h:
2583 (JSC::MacroAssemblerX86Common::load16Unaligned):
2586 (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
2588 2011-12-08 Michael Saboff <msaboff@apple.com>
2590 Add 8 bit paths for StringTypeAdapter classes
2591 https://bugs.webkit.org/show_bug.cgi?id=73882
2593 Reviewed by Darin Adler.
2595 Added is8Bit() method and writeTo(LChar*) methods
2596 to StringTypeAdapter<> classes. The writeTo(LChar*)
2597 method can be used if is8Bit() returns true. The
2598 non-native 8 bit classes contain ASSERT(is8Bit())
2599 in their writeTo(LChar*).
2601 Updated all of the various versions of tryMakeString() to
2602 use 8 bit processing in the updated StringTypeAdapter<>
2605 This has slight if any performance improvement on kraken.
2607 * runtime/UStringConcatenate.h:
2608 * wtf/text/StringConcatenate.h:
2609 (WTF::tryMakeString):
2610 * wtf/text/StringOperators.h:
2611 (WTF::StringAppend::is8Bit):
2612 (WTF::StringAppend::writeTo):
2614 2011-12-07 Filip Pizlo <fpizlo@apple.com>
2616 DFG CSE should know that CheckFunction is pure
2617 https://bugs.webkit.org/show_bug.cgi?id=74044
2619 Reviewed by Oliver Hunt.
2621 Possible slight win on V8, no regressions.
2623 * dfg/DFGPropagator.cpp:
2624 (JSC::DFG::Propagator::checkFunctionElimination):
2626 2011-12-07 Michael Saboff <msaboff@apple.com>
2628 StringBuilderTest.Append and StringBuilderTest.ToStringPreserveCapacity are failing.
2629 https://bugs.webkit.org/show_bug.cgi?id=73995
2631 Reviewed by Geoffrey Garen.
2633 Problem was that a call to characters on an StringImpl associated
2634 with a StringBuilder that is being appended to gets stale.
2635 Added a new m_valid16BitShadowlen that keeps the length of
2636 the 16 bit shadow that has been upconverted or will be up converted
2637 with the first getCharacters(). When StringBuilder::characters or
2638 ::reifyString is called, further characters are upconverted if
2639 we have a shadow16bit copy and the m_valid16BitShadowlen is updated.
2641 * JavaScriptCore.exp:
2642 * wtf/text/StringBuilder.cpp:
2643 (WTF::StringBuilder::reifyString):
2644 * wtf/text/StringBuilder.h:
2645 (WTF::StringBuilder::StringBuilder):
2646 (WTF::StringBuilder::characters):
2647 (WTF::StringBuilder::clear): Cleaned up as part of the change.
2648 * wtf/text/StringImpl.cpp:
2649 (WTF::StringImpl::getData16SlowCase):
2650 (WTF::StringImpl::upconvertCharacters):
2651 * wtf/text/StringImpl.h:
2653 2011-12-07 Filip Pizlo <fpizlo@apple.com>
2655 Compare and Swap should be enabled on ARMv7
2656 https://bugs.webkit.org/show_bug.cgi?id=74023
2658 Reviewed by Geoff Garen.
2660 Implemented weakCompareAndSwap in terms of LDREX/STREX and enabled PARALLEL_GC.
2661 It gives the expected speed-up on multi-core ARMv7 devices.
2664 (WTF::weakCompareAndSwap):
2667 2011-12-07 Filip Pizlo <fpizlo@apple.com>
2669 DFG CSE is overzealous with GetByVal
2670 https://bugs.webkit.org/show_bug.cgi?id=74042
2672 Reviewed by Oliver Hunt.
2674 Made sure that the purity of GetByVal and the limited-clobber-itude of PutByVal
2675 is tested in all places that matter.
2677 * dfg/DFGPropagator.cpp:
2678 (JSC::DFG::Propagator::byValIsPure):
2679 (JSC::DFG::Propagator::clobbersWorld):
2680 (JSC::DFG::Propagator::getByValLoadElimination):
2681 (JSC::DFG::Propagator::checkStructureLoadElimination):
2682 (JSC::DFG::Propagator::getByOffsetLoadElimination):
2683 (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
2684 (JSC::DFG::Propagator::performNodeCSE):
2686 2011-12-07 Sheriff Bot <webkit.review.bot@gmail.com>
2688 Unreviewed, rolling out r102267.
2689 http://trac.webkit.org/changeset/102267
2690 https://bugs.webkit.org/show_bug.cgi?id=74032
2692 Breaks build on Chromium Mac Debug (Requested by aklein on
2697 2011-12-07 Adam Klein <adamk@chromium.org>
2699 Use HashMap<Node*, OwnPtr<...>> in ChildListMutationScope
2700 https://bugs.webkit.org/show_bug.cgi?id=73964
2702 Reviewed by Ryosuke Niwa.
2704 * wtf/HashTraits.h: Add passOut(std::nullptr_t) to allow callers to use HashMap::take on an entry whose value is null.
2706 2011-12-07 Filip Pizlo <fpizlo@apple.com>
2708 Non-Mac devices should benefit from a larger heap
2709 https://bugs.webkit.org/show_bug.cgi?id=74015
2711 Reviewed by Geoff Garen.
2713 Removed the ENABLE(LARGE_HEAP) option from Platform.h, since it was only used in
2714 Heap.cpp, and got in the way of having more granular, per-platform control over
2715 what the heap size should be. Bumped the heap size to 8MB on iOS (was 512KB).
2718 (JSC::GCTimer::heapSizeForHint):
2721 2011-11-30 Simon Hausmann <simon.hausmann@nokia.com>
2723 [Qt] V8 build fixes.
2725 Reviewed by Tor Arne Vestbø.
2727 * yarr/yarr.pri: Don't rely on Source/JavaScriptCore being in
2728 VPATH. Prefix SOURCES correctly and make sure that runtime/ is
2729 in the include search path when building with v8.
2731 2011-12-06 Filip Pizlo <fpizlo@apple.com>
2733 Zapping a block that is Marked leads to dead objects being mistaken for live ones
2734 https://bugs.webkit.org/show_bug.cgi?id=73982
2736 Reviewed by Geoff Garen.
2738 Changed the zapping code to ignore blocks that are Marked or Zapped. Additionally,
2739 the code asserts that:
2741 - If we zap a Marked or Zapped block then the free list is empty, because this
2742 can only happen if the block was never free-listed.
2744 - Zapping can only happen for Marked, Zapped, or FreeListed blocks, since Allocated
2745 blocks are those that cannot be referred to by SizeClass::currentBlock (since
2746 SizeClass::currentBlock only refers to blocks that are candidates for allocation,
2747 and Allocated blocks are those who have been exhausted by allocation and will not
2748 be allocated from again), and New blocks cannot be referred to by anything except
2749 during a brief window inside the allocation slow-path.
2751 * heap/MarkedBlock.cpp:
2752 (JSC::MarkedBlock::zapFreeList):
2754 2011-12-06 Filip Pizlo <fpizlo@apple.com>
2756 DFG 32_64 call linking does not handle non-cell callees correctly
2757 https://bugs.webkit.org/show_bug.cgi?id=73965
2759 Reviewed by Sam Weinig.
2761 * dfg/DFGSpeculativeJIT32_64.cpp:
2762 (JSC::DFG::SpeculativeJIT::emitCall):
2764 2011-12-06 Sam Weinig <sam@webkit.org>
2766 Remove unintentional type name shadowing in the Interpreter
2767 https://bugs.webkit.org/show_bug.cgi?id=73963
2769 Reviewed by Oliver Hunt.
2771 * interpreter/Interpreter.cpp:
2772 (JSC::Interpreter::prepareForRepeatCall): Replace the parameter name FunctionExecutable,
2773 which shadows the FunctionExecutable type name, with functionExecutable.
2775 2011-12-06 Michael Saboff <msaboff@apple.com>
2777 r102146 from 73875 broke fast/js/encode-URI-test.html
2778 https://bugs.webkit.org/show_bug.cgi?id=73950
2780 Reviewed by Gavin Barraclough.
2782 * runtime/JSGlobalObjectFunctions.cpp:
2783 (JSC::globalFuncUnescape): Restructured to handle
2784 the %uHHHH case to output the resulting character
2785 and continue so that a failure in finding 4 hex
2786 digits will fall through and output the '%'.
2787 Due to style check, changed the temporary
2788 character variable to a more descriptive name.
2790 2011-12-06 Filip Pizlo <fpizlo@apple.com>
2792 GC zapping logic could benefit from some more assertions
2793 https://bugs.webkit.org/show_bug.cgi?id=73947
2795 Reviewed by Gavin Barraclough.
2797 - If you're in a zapped block and you're zapped, then your mark bit should
2800 - If you're being marked, then you should never be zapped.
2802 * heap/MarkedBlock.h:
2803 (JSC::MarkedBlock::isLive):
2804 * runtime/Structure.h:
2805 (JSC::MarkStack::internalAppend):
2807 2011-12-06 Oliver Hunt <oliver@apple.com>
2809 Don't allocate register in typedarray control flow
2810 https://bugs.webkit.org/show_bug.cgi?id=73944
2812 Reviewed by Gavin Barraclough.
2814 Move a temporary allocation outside of control flow.
2816 * dfg/DFGSpeculativeJIT.cpp:
2817 (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
2819 2011-12-06 Gavin Barraclough <barraclough@apple.com>
2821 https://bugs.webkit.org/show_bug.cgi?id=68328
2822 The generator and intrinsic fields in HashTableValue/HashEntry and associated structures and methods are redundant
2824 Reviewed by Geoff Garen.
2826 Move the instrinsic enum out of the DFG, into runtime. Add entires for all host functions
2827 that have an intrinsic in the form of a generated thunk. Remove the thunk pointer from the
2828 hashtable, and make Intrinsic field no longer ifdef on JIT/DFG. In getHostFunction select
2829 a thunk genertaor to use based on the Intrinsic.
2831 * JavaScriptCore.xcodeproj/project.pbxproj:
2832 * create_hash_table:
2833 * dfg/DFGByteCodeParser.cpp:
2834 (JSC::DFG::ByteCodeParser::handleCall):
2835 (JSC::DFG::ByteCodeParser::handleIntrinsic):
2836 * dfg/DFGCapabilities.h:
2837 * dfg/DFGIntrinsic.h: Removed.
2839 (JSC::JITThunks::hostFunctionStub):
2841 * runtime/Executable.cpp:
2842 (JSC::ExecutableBase::intrinsic):
2843 (JSC::NativeExecutable::intrinsic):
2844 * runtime/Executable.h:
2845 (JSC::ExecutableBase::intrinsicFor):
2846 (JSC::NativeExecutable::create):
2847 (JSC::NativeExecutable::finishCreation):
2848 * runtime/Intrinsic.h: Copied from Source/JavaScriptCore/dfg/DFGIntrinsic.h.
2849 * runtime/JSGlobalData.cpp:
2850 (JSC::thunkGeneratorForIntrinsic):
2851 (JSC::JSGlobalData::getHostFunction):
2852 * runtime/JSGlobalData.h:
2853 * runtime/Lookup.cpp:
2854 (JSC::HashTable::createTable):
2855 (JSC::setUpStaticFunctionSlot):
2857 (JSC::HashEntry::initialize):
2858 (JSC::HashEntry::intrinsic):
2860 2011-12-06 Michael Saboff <msaboff@apple.com>
2862 Add 8 bit paths to global object functions
2863 https://bugs.webkit.org/show_bug.cgi?id=73875
2865 Added 8 bit paths for converions methods.
2867 This is worth 1.5% on kraken audio-oscillator,
2868 1.6% on stanford-crypto-ccm and 2.5% on
2869 stanford-crypto-sha256-iterative. See bug for
2872 Reviewed by Oliver Hunt.
2874 * runtime/JSGlobalObjectFunctions.cpp:
2875 (JSC::decode): Split into a templated helper.
2876 (JSC::parseInt): Split into a templated helper.
2877 (JSC::parseFloat): Added an 8 bit path
2878 (JSC::globalFuncEscape): Added 8 bit path
2879 (JSC::globalFuncUnescape): Added 8 bit path
2880 * runtime/JSStringBuilder.h:
2881 (JSC::JSStringBuilder::append): New append for LChar
2882 * wtf/text/StringBuilder.h:
2883 (WTF::StringBuilder::append): New append for LChar
2885 2011-11-21 Balazs Kelemen <kbalazs@webkit.org>
2887 Enable ParallelJobs by default
2888 https://bugs.webkit.org/show_bug.cgi?id=70032
2890 Reviewed by Zoltan Herczeg.
2892 According to measurements on Mac and Linux it is a
2893 considerable speedup for SVG on multicore.
2895 Remove the ENABLE(PARALLEL_JOBS) guard.
2896 Fix build on Windows and Chromium.
2898 * JavaScriptCore.gypi: Add the files to the build. It was
2899 missing for the gyp build system.
2900 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2902 * wtf/ParallelJobs.h:
2903 * wtf/ParallelJobsGeneric.cpp:
2904 (WTF::ParallelEnvironment::ParallelEnvironment):
2905 (WTF::ParallelEnvironment::execute):
2906 Deinline these to avoid exporting a lot of symbols.
2907 These are non-trivial and called only once on a given object
2908 so it doesn't seems to be worthwile to inline them.
2909 Additionally fix a signed-unsigned comparison in the constructor.
2910 * wtf/ParallelJobsGeneric.h:
2913 2011-12-06 Simon Hausmann <simon.hausmann@nokia.com>
2915 [Qt] build-jsc script doesn't work
2916 https://bugs.webkit.org/show_bug.cgi?id=73910
2918 Reviewed by Tor Arne Vestbø.
2920 * JavaScriptCore.pro: Build WTF before JavaScriptCore and JSC
2921 (moved from top-level WebKit.pro). Also add v8 scopes to only build
2922 WTF during v8 builds.
2924 2011-12-05 Anders Carlsson <andersca@apple.com>
2926 Add HashMap::keys() and HashMap::values() for easy iteration of hash map keys and values in C++11.
2928 Reviewed by Darin Adler.
2932 2011-12-05 Michael Saboff <msaboff@apple.com>
2934 Create StringImpl::empty() as an 8 bit string
2935 https://bugs.webkit.org/show_bug.cgi?id=73871
2937 Reviewed by Oliver Hunt.
2939 * wtf/text/StringStatics.cpp:
2940 (WTF::StringImpl::empty): Changed to be an 8 bit string.
2942 2011-12-05 Darin Adler <darin@apple.com>
2944 Convert JSClassRef to use HashMap<OwnPtr>
2945 https://bugs.webkit.org/show_bug.cgi?id=73780
2947 Reviewed by Andreas Kling.
2949 * API/JSCallbackObjectFunctions.h:
2950 (JSC::JSCallbackObject::getOwnPropertyNames): Use get() on the hash map
2951 entries because the hash map now has an OwnPtr instead of a raw pointer.
2953 * API/JSClassRef.cpp:
2954 (OpaqueJSClass::OpaqueJSClass): No need to initialize m_staticValues and
2955 m_staticFunctions since they are now OwnPtr. Use adoptPtr when allocating.
2956 Removed the code that gets and deletes existing entries, and just use set,
2957 which now handles deletion automatically due to it being OwnPtr.
2958 (OpaqueJSClass::~OpaqueJSClass): Replaced code to do all the deletion
2959 with assertion-only NDEBUG-only code.
2960 (OpaqueJSClassContextData::OpaqueJSClassContextData): Use adoptPtr when
2961 allocating. Use OwnPtr when adding. Removed unneeded code to set
2962 staticValues and staticFunctions to 0. Removed unneeded destructor.
2963 (OpaqueJSClass::staticValues): Added get call. Also removed unneeded local.
2964 (OpaqueJSClass::staticFunctions): Ditto.
2965 (OpaqueJSClass::prototype): Added use of adoptPtr.
2967 * API/JSClassRef.h: Made the static values and static functions tables
2968 use OwnPtr for the entries. Also used OwnPtr for the pointers to the
2969 tables themselves. Also removed ~OpaqueJSClassContextData(), letting
2970 the compiler generate it.
2972 2011-12-05 Oliver Hunt <oliver@apple.com>
2974 Land uncommitted bit of float array support
2975 https://bugs.webkit.org/show_bug.cgi?id=73873
2977 Reviewed by Filip Pizlo.
2979 * dfg/DFGSpeculativeJIT.cpp:
2980 (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
2982 2011-12-05 Benjamin Poulain <benjamin@webkit.org>
2984 Update String::containsOnlyASCII() to handle 8 bits strings
2985 https://bugs.webkit.org/show_bug.cgi?id=73799
2987 Reviewed by Darin Adler.
2989 Implement String::containsOnlyASCII() so that it does not
2990 call String::characters().
2992 * wtf/text/WTFString.h:
2993 (WTF::String::containsOnlyASCII):
2995 2011-12-05 Filip Pizlo <fpizlo@apple.com>
2997 Unreviewed build fix for non-DFG platforms.
3001 2011-12-05 Filip Pizlo <fpizlo@apple.com>
3003 Old JIT emits 32-bit offsets for put_by_id but sometimes patches them as if they
3004 were compact offsets
3005 https://bugs.webkit.org/show_bug.cgi?id=73861
3007 Reviewed by Gavin Barraclough.
3009 * jit/JITPropertyAccess32_64.cpp:
3010 (JSC::JIT::resetPatchPutById):
3012 2011-12-05 Filip Pizlo <fpizlo@apple.com>
3014 Unreviewed, build fixes for ARM.
3016 * assembler/AbstractMacroAssembler.h:
3017 (JSC::AbstractMacroAssembler::unreachableForPlatform):
3018 * assembler/MacroAssemblerARMv7.h:
3019 (JSC::MacroAssemblerARMv7::loadDouble):
3020 (JSC::MacroAssemblerARMv7::loadFloat):
3021 (JSC::MacroAssemblerARMv7::storeFloat):
3022 (JSC::MacroAssemblerARMv7::convertFloatToDouble):
3023 (JSC::MacroAssemblerARMv7::convertDoubleToFloat):
3025 2011-12-05 Benjamin Poulain <benjamin@webkit.org>
3027 Update String::containsOnlyLatin1() to avoid converting to 16 bits
3028 https://bugs.webkit.org/show_bug.cgi?id=73797
3030 Reviewed by Andreas Kling.
3032 When the String use 8bits StringImpl, there is no need to iterate
3035 The function charactersAreAllLatin1() is removed because it is not
3038 * wtf/text/WTFString.h:
3039 (WTF::String::containsOnlyLatin1):
3041 2011-12-05 Michael Saboff <msaboff@apple.com>
3043 8 bit string work slows down Kraken json-stringify-tinderbox
3044 https://bugs.webkit.org/show_bug.cgi?id=73457
3046 Added 8 bit path to StringBuilder. StringBuilder starts
3047 assuming 8 bit contents and gets converted to 16 bit upon
3048 seeing the first 16 bit character or string. Split
3049 appendUninitialiezed into an inlined fast and function call
3052 Factored out the processing of the UString argument from
3053 Stringifier::appendQuotedString() to a static templated function
3054 based on character size.
3056 This change eliminates 5% of the 7% slowdown to json-stringify-tinderbox.
3057 This change introduces a 4.8% slowdown to json-parse-financial.
3058 This slowdown will be addressed in a subsequent patch to StringImpl::equal.
3060 Reviewed by Oliver Hunt.
3062 * runtime/JSONObject.cpp:
3063 (JSC::appendStringToUStringBuilder):
3064 (JSC::Stringifier::appendQuotedString):
3065 * wtf/text/StringBuilder.cpp:
3066 (WTF::StringBuilder::resize):
3067 (WTF::StringBuilder::allocateBuffer):
3068 (WTF::StringBuilder::allocateBufferUpConvert):
3071 (WTF::StringBuilder::reserveCapacity):
3072 (WTF::StringBuilder::appendUninitialized):
3073 (WTF::StringBuilder::appendUninitializedSlow):
3074 (WTF::StringBuilder::append):
3075 (WTF::StringBuilder::shrinkToFit):
3076 * wtf/text/StringBuilder.h:
3077 (WTF::StringBuilder::StringBuilder):
3078 (WTF::StringBuilder::append):
3079 (WTF::StringBuilder::operator[]):
3080 (WTF::StringBuilder::characters8):
3081 (WTF::StringBuilder::characters16):
3082 (WTF::StringBuilder::charactersBlah):
3086 2011-12-01 Gavin Barraclough <barraclough@apple.com>
3088 https://bugs.webkit.org/show_bug.cgi?id=73624
3089 JIT + INTERPRETER builds are broken
3091 Reviewed by Geoff Garen, Sam Weinig.
3093 These don't fallback to the interpreter correctly.
3094 Thunk creation assumes that is the JIT is compiled in, then it is enabled.
3097 (JSC::JITThunks::JITThunks):
3098 * runtime/Executable.h:
3099 (JSC::NativeExecutable::create):
3100 (JSC::NativeExecutable::finishCreation):
3101 * runtime/JSGlobalData.cpp:
3102 (JSC::JSGlobalData::getHostFunction):
3104 2011-12-05 Zoltan Herczeg <zherczeg@webkit.org>
3106 MacroAssemblerSH4 does not implement readCallTarget
3107 https://bugs.webkit.org/show_bug.cgi?id=73434
3109 Reviewed by Csaba Osztrogonác.
3111 * assembler/MacroAssemblerSH4.h: Support for SH4.
3112 (JSC::MacroAssemblerSH4::readCallTarget):
3113 * assembler/SH4Assembler.h:
3114 (JSC::SH4Assembler::readCallTarget):
3116 2011-12-04 Filip Pizlo <fpizlo@apple.com>
3118 DFG should optimize strict equality
3119 https://bugs.webkit.org/show_bug.cgi?id=73764
3121 Reviewed by Oliver Hunt.
3125 * dfg/DFGSpeculativeJIT.cpp:
3126 (JSC::DFG::SpeculativeJIT::compare):
3127 (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
3128 (JSC::DFG::SpeculativeJIT::compileStrictEq):
3129 * dfg/DFGSpeculativeJIT.h:
3130 * dfg/DFGSpeculativeJIT32_64.cpp:
3131 (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
3132 (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
3133 (JSC::DFG::SpeculativeJIT::compile):
3134 * dfg/DFGSpeculativeJIT64.cpp:
3135 (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
3136 (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
3137 (JSC::DFG::SpeculativeJIT::compile):
3139 2011-12-03 Darin Adler <darin@apple.com>
3141 Use HashMap<OwnPtr> for ScriptSampleRecordMap
3142 https://bugs.webkit.org/show_bug.cgi?id=73758
3144 Reviewed by Andreas Kling.
3146 * bytecode/SamplingTool.cpp:
3147 (JSC::SamplingTool::notifyOfScope): Added adoptPtr.
3148 (JSC::SamplingTool::dump): Added get.
3149 * bytecode/SamplingTool.h: Changed the value type of ScriptSampleRecordMap to be OwnPtr.
3151 2011-12-03 Darin Adler <darin@apple.com>
3153 Use HashMap<OwnPtr> for the opaqueJSClassData map
3154 https://bugs.webkit.org/show_bug.cgi?id=73759
3156 Reviewed by Andreas Kling.
3158 * API/JSClassRef.cpp:
3159 (OpaqueJSClass::contextData): Update types.
3160 * runtime/JSGlobalData.cpp:
3161 (JSC::JSGlobalData::~JSGlobalData): Add an explicit clear of opaqueJSClassData to keep the
3162 timing the same. If we didn't care about the order of operations, we could remove this, too.
3163 * runtime/JSGlobalData.h: Use OwnPtr instead of raw pointer for the mapped type in the
3164 opaqueJSClassData map.
3166 2011-12-03 Darin Adler <darin@apple.com>
3168 Change HashMap implementation to use the pass type and peek type from traits for the mapped value
3169 https://bugs.webkit.org/show_bug.cgi?id=72474
3171 Reviewed by Anders Carlsson.
3173 * wtf/HashMap.h: Added ReferenceTypeMaker struct template. Get PassInType, PassOutType,
3174 and PeekType from the traits of the mapped value instead of hard-coding them here.
3175 Changed inlineAdd to take a reference to the PassInType instead of the PassInType itself,
3176 to accomodate a PassInType that can't be copied. Use the store, peek, and passOut
3177 functions from the traits as well.
3179 * wtf/HashTraits.h: Updated GenericHashTraits and HashTraits for OwnPtr to include
3180 PassInType, PassOutType, PeekType, store, passOut, and peek. Before this, the file had
3181 an earlier version that was just PassType, PeekType, pass, and peek. Also commented
3182 the HashTraits for RefPtr to foreshadow some work we can do there.
3184 * wtf/RefPtrHashMap.h: Same changes as HashMap.h.
3186 2011-12-02 David Levin <levin@chromium.org>
3188 Rename WTF class from TemporarilyChange to TemporaryChange.
3189 https://bugs.webkit.org/show_bug.cgi?id=73479
3191 Reviewed by Eric Seidel.
3193 * JavaScriptCore.gypi:
3194 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
3195 * JavaScriptCore.xcodeproj/project.pbxproj:
3196 * wtf/TemporaryChange.h: Renamed from Source/JavaScriptCore/wtf/TemporarilyChange.h.
3197 (WTF::TemporaryChange::TemporaryChange):
3198 (WTF::TemporaryChange::~TemporaryChange):
3200 2011-12-02 Mark Hahnenberg <mhahnenberg@apple.com>
3202 REGRESSION (r99754): All layout tests crash on Windows
3203 https://bugs.webkit.org/show_bug.cgi?id=72305
3205 Reviewed by Geoffrey Garen.
3207 Fixes a crash in release builds on Windows. Windows was optimizing the out-of-line virtual destructor in
3208 JSFunction away, which left it with no virtual functions. Its vtable ptr was then identical to that of
3209 a different class, therefore the optimization in the visitChildren helper function in MarkedStack.cpp was calling an
3210 incorrect version of visitChildren on the object, which left its children unmarked, causing them to be
3211 collected when they were still reachable.
3213 * runtime/JSFunction.cpp:
3214 (JSC::JSFunction::vtableAnchor): Add a virtual function to JSFunction that Visual Studio can't optimize away.
3215 * runtime/JSFunction.h:
3216 * runtime/JSGlobalData.cpp:
3217 (JSC::JSGlobalData::storeVPtrs): Add checks to make sure that all virtual pointers that we rely on for optimization
3218 purposes are distinct from one another.
3220 2011-12-02 Oliver Hunt <oliver@apple.com>
3222 Improve float array support in the DFG JIT
3223 https://bugs.webkit.org/show_bug.cgi?id=73722
3225 Reviewed by Gavin Barraclough.
3227 Add basic support for float typed arrays in JSC. This is currently
3228 less optimal than it could be in the following ways:
3229 * float32Array1[0] = float32Array2[0] (eg. an element by element copy)
3230 promotes float to double and then back to float.
3231 * float64Array[0] will always perform NaN tests in order to prevent
3232 signalling NaNs from entering the engine.
3234 We also don't support Float32Array on ARMv7
3236 * assembler/MacroAssemblerARMv7.h:
3237 (JSC::MacroAssemblerARMv7::loadDouble):
3238 (JSC::MacroAssemblerARMv7::loadFloat):
3239 (JSC::MacroAssemblerARMv7::storeDouble):
3240 (JSC::MacroAssemblerARMv7::storeFloat):
3241 (JSC::MacroAssemblerARMv7::convertFloatToDouble):
3242 (JSC::MacroAssemblerARMv7::convertDoubleToFloat):
3243 * assembler/MacroAssemblerX86Common.h:
3244 (JSC::MacroAssemblerX86Common::loadDouble):
3245 (JSC::MacroAssemblerX86Common::loadFloat):
3246 (JSC::MacroAssemblerX86Common::storeDouble):
3247 (JSC::MacroAssemblerX86Common::storeFloat):
3248 (JSC::MacroAssemblerX86Common::convertDoubleToFloat):
3249 (JSC::MacroAssemblerX86Common::convertFloatToDouble):
3250 * assembler/X86Assembler.h:
3251 (JSC::X86Assembler::cvtsd2ss_rr):
3252 (JSC::X86Assembler::cvtss2sd_rr):
3253 (JSC::X86Assembler::movsd_rm):
3254 (JSC::X86Assembler::movss_rm):
3255 (JSC::X86Assembler::movsd_mr):
3256 (JSC::X86Assembler::movss_mr):
3257 * dfg/DFGAbstractState.cpp:
3258 (JSC::DFG::AbstractState::execute):
3260 (JSC::DFG::Node::shouldSpeculateFloat32Array):
3261 * dfg/DFGPropagator.cpp:
3262 (JSC::DFG::Propagator::propagateNodePredictions):
3263 * dfg/DFGSpeculativeJIT.cpp:
3264 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
3265 (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
3266 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
3267 * dfg/DFGSpeculativeJIT.h:
3268 * dfg/DFGSpeculativeJIT32_64.cpp:
3269 (JSC::DFG::SpeculativeJIT::compile):
3270 * dfg/DFGSpeculativeJIT64.cpp:
3271 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
3272 (JSC::DFG::SpeculativeJIT::compile):
3274 2011-12-02 Sheriff Bot <webkit.review.bot@gmail.com>
3276 Unreviewed, rolling out r101801.
3277 http://trac.webkit.org/changeset/101801
3278 https://bugs.webkit.org/show_bug.cgi?id=73667
3280 Build is still broken (Requested by Ossy on #webkit).
3282 * assembler/SH4Assembler.h:
3284 2011-12-01 Darin Adler <darin@apple.com>
3286 Prepare to deploy pass and peek types in the HashMap class
3287 https://bugs.webkit.org/show_bug.cgi?id=73477
3289 Reviewed by Adam Roben.
3291 This patch adds private typedefs inside the HashMap class,
3292 and uses them as appropriate. A future patch will actually
3293 tie those typedefs to hash traits, which will allow us to
3294 make HashMap work with OwnPtr mapped values and to optimize
3295 how HashMap works with RefPtr mapped values.
3297 Also changed the hash translator and adapter struct templates
3298 to use template functions to simplify them and make them more
3301 Also removed some unused template arguments.
3303 This goes out of its way to not change behavior. Future patches
3304 will change the peek type to be a reference type, which will
3305 reduce reference count churn a bit for hash tables with RefPtr
3306 mapped values, and then do further optimizations for RefPtr
3307 and OwnPtr by getting types from the hash traits.
3309 * wtf/HashMap.h: Added MappedPassInType, MappedPassOutType,
3310 and MappedPeekType typedefs, and used them for the arguments
3311 and return types of the get, set, add, take, and inlineAdd
3313 (WTF::HashMapTranslator): Changed this struct template to take
3314 fewer arguments, and changed its member functions to be
3315 function templates instead. This allows the compiler to
3316 determine types more flexibly and also simplifies use of it.
3317 (WTF::HashMapTranslatorAdapter): Ditto.
3318 (WTF::HashMap::find): Updated to use new HashMapTranslatorAdapter.
3319 Also reduced the arguments passed to the HashTable function template.
3320 (WTF::HashMap::contains): Ditto.
3321 (WTF::HashMap::inlineAdd): Ditto. Also take MappedPassInType.
3322 (WTF::HashMap::set): Ditto.
3323 (WTF::HashMap::add): Ditto.
3324 (WTF::HashMap::inlineGet): Ditto, but return MappedPeekType.
3325 (WTF::HashMap::get): Ditto.
3326 (WTF::HashMap::take): Ditto, but return MappedPassOutType and use
3327 that type in the implementation.
3328 (WTF::deleteAllValues): Removed unneeded template arguments from
3329 call to deleteAllPairSeconds.
3330 (WTF::deleteAllKeys): Removed unneeded template arguments from
3331 call to deleteAllPairFirsts.
3334 (WTF::IdentityExtractor): Changed this to be a struct rather than
3335 a struct template, and replaced the extract function with a function
3336 template. This allows the compiler to deduce the type.
3337 (WTF::HashSetTranslatorAdapter): Changed this struct template to take
3338 fewer arguments, and changed its member functions to be
3339 function templates instead. This allows the compiler to
3340 determine types more flexibly and also simplifies use of it.
3341 (WTF::HashSet::find): Updated to use new HashSetTranslatorAdapter.
3342 Also reduced the arguments passed to the HashTable function template.
3343 (WTF::HashSet::contains): Ditto.
3344 (WTF::HashSet::add): Ditto.
3347 (WTF::IdentityHashTranslator): Changed this struct template to take
3348 fewer arguments, and changed its member functions to be
3349 function templates instead. This allows the compiler to
3350 determine types more flexibly and also simplifies use of it.
3351 (WTF::HashTable::add): Reduced arguments passed to the function template.
3352 (WTF::HashTable::find): Ditto, also reversed the template arguments so the
3353 translator comes first so the compiler can deduce the other type.
3354 (WTF::HashTable::contains): Ditto.
3355 (WTF::HashTable::lookup): Ditto.
3356 (WTF::HashTable::lookupForWriting): Ditto.
3357 (WTF::HashTable::checkKey): Ditto.
3358 (WTF::HashTable::fullLookupForWriting): Ditto.
3359 (WTF::HashTable::add): Ditto.
3360 (WTF::HashTable::addPassingHashCode): Ditto.
3361 (WTF::HashTable::find): Ditto.
3362 (WTF::HashTable::contains): Ditto.
3364 * wtf/ListHashSet.h:
3365 (WTF::ListHashSetNodeHashFunctions): Changed this struct template to take
3366 fewer arguments, and changed its member functions to be function templates
3367 instead. This allows the compiler to determine types more flexibly and
3368 also simplifies use of it.
3369 (WTF::ListHashSet::find): Reduced the arguments passed to the HashTable
3371 (WTF::ListHashSetTranslatorAdapter): Changed this struct template in the
3372 same way we changed ListHashSetNodeHashFunctions above.
3373 (WTF::ListHashSetTranslatorAdapter::equal):
3376 (WTF::::insertBefore):
3378 * wtf/RefPtrHashMap.h: Updated comments. Removed the
3379 RefPtrHashMapRawKeyTranslator struct template; we can use the
3380 HashMapTranslator struct template from HashMap.h instead now that
3381 it is more flexible. Added MappedPassInType, MappedPassOutType,
3382 and MappedPeekType typedefs, and used them for the arguments
3383 and return types of the get, inlineGet, set, add, take, and inlineAdd
3384 functions. Changed the name of the RawKeyTranslator type to
3385 Translator since it's now a class that can handle both raw keys
3386 and conventional keys.
3387 (WTF::HashMap::find): Changed to use Translator instead of RawKeyTranslator.
3388 Reduced the arguments passed to the HashTable function template.
3389 (WTF::HashMap::contains): Ditto.
3390 (WTF::HashMap::inlineAdd): Ditto. Also take MappedPassInType.
3391 (WTF::HashMap::set): Ditto.
3392 (WTF::HashMap::add): Ditto.
3393 (WTF::HashMap::inlineGet): Ditto, but return MappedPeekType.
3394 (WTF::HashMap::get): Ditto.
3395 (WTF::HashMap::take): Ditto, but return MappedPassOutType and use
3396 that type in the implementation.
3397 (WTF::deleteAllValues): Removed unneeded template arguments from
3398 call to deleteAllPairSeconds.
3399 (WTF::deleteAllKeys): Removed unneeded template arguments from
3400 call to deleteAllPairFirsts.
3402 2011-12-02 Zoltan Herczeg <zherczeg@webkit.org>
3404 MacroAssemblerSH4 does not implement readCallTarget
3405 https://bugs.webkit.org/show_bug.cgi?id=73434
3407 Reviewed by Csaba Osztrogonác.