329bae2bcbaba4b0d41f54b3a4d9f1b461260a6e
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-11-02  Sam Weinig  <sam@webkit.org>
2
3         Object.getOwnPropertyDescriptor() does not retrieve the getter/setter from a property on the window that has been overridden with a getter/setter
4         https://bugs.webkit.org/show_bug.cgi?id=71333
5
6         Reviewed by Gavin Barraclough.
7
8         Tested by fast/dom/getter-on-window-object2.html
9
10         * runtime/PropertyDescriptor.cpp:
11         (JSC::PropertyDescriptor::setDescriptor):
12         The attributes returned from Structure::get do not include Getter or Setter, so
13         instead check if the value is a GetterSetter like we do elsewhere. If it is, update
14         the descriptor's attributes accordingly.
15
16 2011-11-02  Yuqiang Xian  <yuqiang.xian@intel.com>
17
18         FunctionPtr should accept FASTCALL functions on X86
19         https://bugs.webkit.org/show_bug.cgi?id=71434
20
21         Reviewed by Filip Pizlo.
22
23         On X86 we sometimes use FASTCALL convention functions, for example the
24         cti functions, and we may need the pointers to such functions, e.g.,
25         in current DFG register file check and arity check, though long term
26         we may avoid such usage of cti calls in DFG.
27
28         * assembler/MacroAssemblerCodeRef.h:
29         (JSC::FunctionPtr::FunctionPtr):
30
31 2011-11-02  Filip Pizlo  <fpizlo@apple.com>
32
33         Inlined uses of the global object should use the right global object
34         https://bugs.webkit.org/show_bug.cgi?id=71427
35
36         Reviewed by Oliver Hunt.
37
38         * dfg/DFGJITCompiler.h:
39         (JSC::DFG::JITCompiler::globalObjectFor):
40         * dfg/DFGSpeculativeJIT64.cpp:
41         (JSC::DFG::SpeculativeJIT::compile):
42
43 2011-11-02  Yuqiang Xian  <yuqiang.xian@intel.com>
44
45         Remove some unnecessary loads/stores in DFG JIT 32_64
46         https://bugs.webkit.org/show_bug.cgi?id=71090
47
48         Reviewed by Filip Pizlo.
49
50         In fillSpeculateCell and OSR exit, some unnecessary loads/stores can
51         be eliminated.
52
53         * dfg/DFGJITCompiler32_64.cpp:
54         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
55         * dfg/DFGSpeculativeJIT32_64.cpp:
56         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
57
58 2011-11-02  Adam Klein  <adamk@chromium.org>
59
60         Replace usage of StringImpl with String where possible in CharacterData and Text
61         https://bugs.webkit.org/show_bug.cgi?id=71383
62
63         Reviewed by Darin Adler.
64
65         * wtf/text/WTFString.h:
66         (WTF::String::containsOnlyWhitespace): Added new method.
67
68 2011-11-02  Mark Hahnenberg  <mhahnenberg@apple.com>
69
70         De-virtualize JSObject::getOwnPropertyNames
71         https://bugs.webkit.org/show_bug.cgi?id=71307
72
73         Reviewed by Darin Adler.
74
75         Added getOwnPropertyNames to the MethodTable, changed all the virtual 
76         implementations of getOwnPropertyNames to static ones, and replaced 
77         all call sites with corresponding lookups in the MethodTable.
78
79         * API/JSCallbackObject.h:
80         * API/JSCallbackObjectFunctions.h:
81         (JSC::::getOwnPropertyNames):
82         * JavaScriptCore.exp:
83         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
84         * debugger/DebuggerActivation.cpp:
85         (JSC::DebuggerActivation::getOwnPropertyNames):
86         * debugger/DebuggerActivation.h:
87         * runtime/Arguments.cpp:
88         (JSC::Arguments::getOwnPropertyNames):
89         * runtime/Arguments.h:
90         * runtime/ClassInfo.h:
91         * runtime/JSActivation.cpp:
92         (JSC::JSActivation::getOwnPropertyNames):
93         * runtime/JSActivation.h:
94         * runtime/JSArray.cpp:
95         (JSC::JSArray::getOwnPropertyNames):
96         * runtime/JSArray.h:
97         * runtime/JSByteArray.cpp:
98         (JSC::JSByteArray::getOwnPropertyNames):
99         * runtime/JSByteArray.h:
100         * runtime/JSCell.cpp:
101         (JSC::JSCell::getOwnPropertyNames):
102         * runtime/JSCell.h:
103         * runtime/JSFunction.cpp:
104         (JSC::JSFunction::getOwnPropertyNames):
105         * runtime/JSFunction.h:
106         * runtime/JSNotAnObject.cpp:
107         (JSC::JSNotAnObject::getOwnPropertyNames):
108         * runtime/JSNotAnObject.h:
109         * runtime/JSONObject.cpp:
110         (JSC::Stringifier::Holder::appendNextProperty):
111         (JSC::Walker::walk):
112         * runtime/JSObject.cpp:
113         (JSC::JSObject::getPropertyNames):
114         (JSC::JSObject::getOwnPropertyNames):
115         * runtime/JSObject.h:
116         * runtime/JSVariableObject.cpp:
117         (JSC::JSVariableObject::~JSVariableObject):
118         (JSC::JSVariableObject::getOwnPropertyNames):
119         * runtime/JSVariableObject.h:
120         * runtime/ObjectConstructor.cpp:
121         (JSC::objectConstructorGetOwnPropertyNames):
122         (JSC::objectConstructorKeys):
123         (JSC::defineProperties):
124         * runtime/RegExpMatchesArray.h:
125         (JSC::RegExpMatchesArray::getOwnPropertyNames):
126         * runtime/StringObject.cpp:
127         (JSC::StringObject::getOwnPropertyNames):
128         * runtime/StringObject.h:
129         * runtime/Structure.h:
130
131 2011-11-02  Dean Jackson  <dino@apple.com>
132
133         Add ENABLE_CSS_SHADERS flag
134         https://bugs.webkit.org/show_bug.cgi?id=71394
135
136         Reviewed by Sam Weinig.
137
138         * Configurations/FeatureDefines.xcconfig:
139
140 2011-11-02  Alexey Shabalin  <a.shabalin@gmail.com>
141
142         TEXTREL in libjavascriptcoregtk-1.0.so.0.11.0 on x86 (or i586)
143         https://bugs.webkit.org/show_bug.cgi?id=70610
144
145         Reviewed by Martin Robinson.
146
147         Properly annotate ASM on BSD and Linux x86 systems.
148
149         * dfg/DFGOperations.cpp: Add annotation for X86.
150         * jit/JITStubs.cpp: Ditto.
151         * jit/ThunkGenerators.cpp: Ditto.
152
153 2011-11-02  Xianzhu Wang  <wangxianzhu@chromium.org>
154
155         Missing Force8BitConstructor in 8-bit version of StringImpl::reallocate()
156         https://bugs.webkit.org/show_bug.cgi?id=71347
157
158         Reviewed by Geoffrey Garen.
159
160         * wtf/text/StringImpl.cpp:
161         (WTF::StringImpl::reallocate):
162
163 2011-11-01  Darin Adler  <darin@apple.com>
164
165         Cut down on malloc/free a bit in the parser arena
166         https://bugs.webkit.org/show_bug.cgi?id=71343
167
168         Reviewed by Oliver Hunt.
169
170         * parser/ParserArena.cpp:
171         (JSC::ParserArena::deallocateObjects): Call the destructors of
172         the deletable objects before freeing the pools. Don't call
173         fastFree on the deletable objects any more.
174
175         * parser/ParserArena.h:
176         (JSC::ParserArena::allocateDeletable): Use allocateFreeable
177         instead of fastMalloc here.
178
179 2011-11-01  Sam Weinig  <sam@webkit.org>
180
181         Implement __lookupGetter__/__lookupSetter__ in terms of getPropertyDescriptor
182         https://bugs.webkit.org/show_bug.cgi?id=71336
183
184         Reviewed by Darin Adler.
185
186         * debugger/DebuggerActivation.cpp:
187         * debugger/DebuggerActivation.h:
188         Remove overrides of lookupGetter/lookupSetter, which are no longer needed
189         due to implementing getPropertyDescriptor.
190
191         * runtime/JSObject.cpp:
192         (JSC::JSObject::lookupGetter):
193         (JSC::JSObject::lookupSetter):
194         * runtime/JSObject.h:
195         De-virtualize lookupGetter/lookupSetter, and implement them in terms of
196         getPropertyDescriptor.
197
198 2011-11-01  Mark Hahnenberg  <mhahnenberg@apple.com>
199
200         De-virtualize JSObject::defineSetter
201         https://bugs.webkit.org/show_bug.cgi?id=71303
202
203         Reviewed by Darin Adler.
204
205         Added defineSetter to the MethodTable, changed all the virtual 
206         implementations of defineSetter to static ones, and replaced 
207         all call sites with corresponding lookups in the MethodTable.
208
209         * JavaScriptCore.exp:
210         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
211         * debugger/DebuggerActivation.cpp:
212         (JSC::DebuggerActivation::defineSetter):
213         * debugger/DebuggerActivation.h:
214         * interpreter/Interpreter.cpp:
215         (JSC::Interpreter::privateExecute):
216         * jit/JITStubs.cpp:
217         (JSC::DEFINE_STUB_FUNCTION):
218         * runtime/ClassInfo.h:
219         * runtime/JSCell.cpp:
220         (JSC::JSCell::defineSetter):
221         * runtime/JSCell.h:
222         * runtime/JSGlobalObject.cpp:
223         (JSC::JSGlobalObject::defineSetter):
224         * runtime/JSGlobalObject.h:
225         * runtime/JSObject.cpp:
226         (JSC::JSObject::defineSetter):
227         (JSC::putDescriptor):
228         * runtime/JSObject.h:
229         * runtime/ObjectPrototype.cpp:
230         (JSC::objectProtoFuncDefineSetter):
231
232 2011-11-01  Filip Pizlo  <fpizlo@apple.com>
233
234         DFG inlining breaks function.arguments
235         https://bugs.webkit.org/show_bug.cgi?id=71329
236
237         Reviewed by Oliver Hunt.
238         
239         The DFG was forgetting to store code origin mappings for inlined
240         call sites. Some of the fast-path optimizations for
241         CallFrame::trueCallerFrame() were wrong. An assertion in Arguments
242         was wrong.
243         
244         I also took the opportunity to decrease code duplication between
245         DFG64 and DFG32_64, because I didn't feel like writing the same
246         code twice.
247
248         * bytecode/CodeBlock.h:
249         (JSC::ExecState::isInlineCallFrame):
250         * dfg/DFGJITCompiler.cpp:
251         (JSC::DFG::JITCompiler::compileEntry):
252         (JSC::DFG::JITCompiler::compileBody):
253         (JSC::DFG::JITCompiler::link):
254         (JSC::DFG::JITCompiler::compile):
255         (JSC::DFG::JITCompiler::compileFunction):
256         * dfg/DFGJITCompiler32_64.cpp:
257         * dfg/DFGNode.h:
258         * interpreter/CallFrame.cpp:
259         (JSC::CallFrame::trueCallerFrame):
260         * interpreter/CallFrame.h:
261         * runtime/Arguments.h:
262         (JSC::Arguments::getArgumentsData):
263
264 2011-11-01  Xianzhu Wang  <wangxianzhu@chromium.org>
265
266         StringImpl::reallocate() should have a 8-bit version
267         https://bugs.webkit.org/show_bug.cgi?id=71210
268
269         Reviewed by Geoffrey Garen.
270
271         * wtf/text/StringImpl.cpp:
272         (WTF::StringImpl::reallocate):
273         * wtf/text/StringImpl.h:
274
275 2011-10-31  Filip Pizlo  <fpizlo@apple.com>
276
277         The GC should be parallel
278         https://bugs.webkit.org/show_bug.cgi?id=70995
279
280         Reviewed by Geoff Garen.
281         
282         Added parallel tracing to the GC. This works by having local mark
283         stacks per thread, and a global shared one. Threads sometimes
284         donate cells from the mark stack to the global one if the heuristics
285         tell them that it's affordable to do so. Threads that have depleted
286         their local mark stacks try to steal some from the shared one.
287
288         Marking is now done using an atomic weak relaxed CAS (compare-and-swap).
289         
290         This is a 23% speed-up on V8-splay when I use 4 marking threads,
291         leading to a 3.5% speed-up on V8.
292         
293         It also appears that this reduces GC pause times on real websites by
294         more than half.
295
296         * JavaScriptCore.exp:
297         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
298         * heap/Heap.cpp:
299         (JSC::Heap::Heap):
300         (JSC::Heap::~Heap):
301         (JSC::Heap::markRoots):
302         * heap/Heap.h:
303         * heap/MarkStack.cpp:
304         (JSC::MarkStackSegmentAllocator::MarkStackSegmentAllocator):
305         (JSC::MarkStackSegmentAllocator::~MarkStackSegmentAllocator):
306         (JSC::MarkStackSegmentAllocator::allocate):
307         (JSC::MarkStackSegmentAllocator::release):
308         (JSC::MarkStackSegmentAllocator::shrinkReserve):
309         (JSC::MarkStackArray::MarkStackArray):
310         (JSC::MarkStackArray::~MarkStackArray):
311         (JSC::MarkStackArray::expand):
312         (JSC::MarkStackArray::refill):
313         (JSC::MarkStackArray::donateSomeCellsTo):
314         (JSC::MarkStackArray::stealSomeCellsFrom):
315         (JSC::MarkStackThreadSharedData::markingThreadMain):
316         (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
317         (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
318         (JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData):
319         (JSC::MarkStackThreadSharedData::reset):
320         (JSC::MarkStack::reset):
321         (JSC::SlotVisitor::donateSlow):
322         (JSC::SlotVisitor::drain):
323         (JSC::SlotVisitor::drainFromShared):
324         (JSC::MarkStack::mergeOpaqueRoots):
325         (JSC::SlotVisitor::harvestWeakReferences):
326         * heap/MarkStack.h:
327         (JSC::MarkStackSegment::data):
328         (JSC::MarkStackSegment::capacityFromSize):
329         (JSC::MarkStackSegment::sizeFromCapacity):
330         (JSC::MarkStackArray::postIncTop):
331         (JSC::MarkStackArray::preDecTop):
332         (JSC::MarkStackArray::setTopForFullSegment):
333         (JSC::MarkStackArray::setTopForEmptySegment):
334         (JSC::MarkStackArray::top):
335         (JSC::MarkStackArray::validatePrevious):
336         (JSC::MarkStack::addWeakReferenceHarvester):
337         (JSC::MarkStack::mergeOpaqueRootsIfNecessary):
338         (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
339         (JSC::MarkStack::MarkStack):
340         (JSC::MarkStack::addOpaqueRoot):
341         (JSC::MarkStack::containsOpaqueRoot):
342         (JSC::MarkStack::opaqueRootCount):
343         (JSC::MarkStackArray::append):
344         (JSC::MarkStackArray::canRemoveLast):
345         (JSC::MarkStackArray::removeLast):
346         (JSC::MarkStackArray::isEmpty):
347         (JSC::MarkStackArray::canDonateSomeCells):
348         (JSC::MarkStackArray::size):
349         (JSC::ParallelModeEnabler::ParallelModeEnabler):
350         (JSC::ParallelModeEnabler::~ParallelModeEnabler):
351         * heap/MarkedBlock.h:
352         (JSC::MarkedBlock::testAndSetMarked):
353         * heap/SlotVisitor.h:
354         (JSC::SlotVisitor::donate):
355         (JSC::SlotVisitor::donateAndDrain):
356         (JSC::SlotVisitor::donateKnownParallel):
357         (JSC::SlotVisitor::SlotVisitor):
358         * heap/WeakReferenceHarvester.h:
359         * runtime/Heuristics.cpp:
360         (JSC::Heuristics::initializeHeuristics):
361         * runtime/Heuristics.h:
362         * wtf/Atomics.h:
363         (WTF::weakCompareAndSwap):
364         * wtf/Bitmap.h:
365         (WTF::::Bitmap):
366         (WTF::::get):
367         (WTF::::set):
368         (WTF::::testAndSet):
369         (WTF::::testAndClear):
370         (WTF::::concurrentTestAndSet):
371         (WTF::::concurrentTestAndClear):
372         (WTF::::clear):
373         (WTF::::clearAll):
374         (WTF::::nextPossiblyUnset):
375         (WTF::::findRunOfZeros):
376         (WTF::::count):
377         (WTF::::isEmpty):
378         (WTF::::isFull):
379         * wtf/MainThread.h:
380         (WTF::isMainThreadOrGCThread):
381         * wtf/Platform.h:
382         * wtf/ThreadSpecific.h:
383         (WTF::::isSet):
384         * wtf/mac/MainThreadMac.mm:
385         (WTF::initializeGCThreads):
386         (WTF::initializeMainThreadPlatform):
387         (WTF::initializeMainThreadToProcessMainThreadPlatform):
388         (WTF::registerGCThread):
389         (WTF::isMainThreadOrGCThread):
390
391 2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
392
393         De-virtualize JSObject::defaultValue
394         https://bugs.webkit.org/show_bug.cgi?id=71146
395
396         Reviewed by Sam Weinig.
397
398         Added defaultValue to the MethodTable.  Replaced all virtual versions of 
399         defaultValue with static versions.  Replaced all call sites with lookups in the 
400         MethodTable.
401
402         * JavaScriptCore.exp:
403         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
404         * runtime/ClassInfo.h:
405         * runtime/ExceptionHelpers.cpp:
406         (JSC::InterruptedExecutionError::defaultValue):
407         (JSC::TerminatedExecutionError::defaultValue):
408         * runtime/ExceptionHelpers.h:
409         * runtime/JSCell.cpp:
410         (JSC::JSCell::defaultValue):
411         * runtime/JSCell.h:
412         * runtime/JSNotAnObject.cpp:
413         (JSC::JSNotAnObject::defaultValue):
414         * runtime/JSNotAnObject.h:
415         * runtime/JSObject.cpp:
416         (JSC::JSObject::getPrimitiveNumber):
417         (JSC::JSObject::defaultValue):
418         * runtime/JSObject.h:
419         (JSC::JSObject::toPrimitive):
420
421 2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
422
423         Interpreter build fix
424
425         Unreviewed build fix
426
427         * interpreter/Interpreter.cpp:
428         (JSC::Interpreter::privateExecute):
429         * runtime/Executable.cpp:
430         (JSC::FunctionExecutable::compileForCallInternal):
431         (JSC::FunctionExecutable::compileForConstructInternal):
432
433 2011-10-31  Filip Pizlo  <fpizlo@apple.com>
434
435         DFG OSR exits should add to value profiles
436         https://bugs.webkit.org/show_bug.cgi?id=71202
437
438         Reviewed by Oliver Hunt.
439         
440         Value profiles now have an extra special slot not used by the old JIT's
441         profiling, which is reserved for OSR exits.
442         
443         The DFG's OSR exit code now knows which register, node index, and value
444         profiling site was responsible for the (possibly flawed) information that
445         led to the OSR failure. This is somewhat opportunistic and imperfect;
446         if there's a lot of control flow between the value profiling site and the
447         OSR failure point, then this mechanism simply gives up. It also gives up
448         if the OSR failure is caused by either known deficiencies in the DFG
449         (like that we always assume that the index in a strict charCodeAt access
450         is within bounds) or where the OSR failure would be catalogues and
451         profiled through other means (like slow case counters).
452         
453         This patch also adds the notion of a JSValueRegs, which is either a
454         single register in JSVALUE64 or a pair in JSVALUE32_64. We should
455         probably move the 32_64 DFG towards using this, since it often makes it
456         easier to share code between 64 and 32_64.
457         
458         Also fixed a number of pathologies that this uncovered. op_method_check 
459         didn't have a value profiling site on the slow path. GetById should not
460         always force OSR exit if it never executed in the old JIT; we may be
461         able to infer its type if it's a array or string length get. Finally,
462         these changes benefit from a slight tweak to optimization delay
463         heuristics (profile fullness is now 0.35 instead of 0.25).
464         
465         3.8% speed-up on Kraken, mostly due to ~35% on both stanford-crypto-aes
466         and imaging-darkroom.
467
468         * bytecode/ValueProfile.cpp:
469         (JSC::ValueProfile::computeStatistics):
470         (JSC::ValueProfile::computeUpdatedPrediction):
471         * bytecode/ValueProfile.h:
472         (JSC::ValueProfile::ValueProfile):
473         (JSC::ValueProfile::specFailBucket):
474         (JSC::ValueProfile::numberOfSamples):
475         (JSC::ValueProfile::isLive):
476         (JSC::ValueProfile::numberOfInt32s):
477         (JSC::ValueProfile::numberOfDoubles):
478         (JSC::ValueProfile::numberOfCells):
479         (JSC::ValueProfile::numberOfObjects):
480         (JSC::ValueProfile::numberOfFinalObjects):
481         (JSC::ValueProfile::numberOfStrings):
482         (JSC::ValueProfile::numberOfArrays):
483         (JSC::ValueProfile::numberOfBooleans):
484         (JSC::ValueProfile::dump):
485         * dfg/DFGAbstractState.cpp:
486         (JSC::DFG::AbstractState::execute):
487         * dfg/DFGByteCodeParser.cpp:
488         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
489         (JSC::DFG::ByteCodeParser::getPrediction):
490         (JSC::DFG::ByteCodeParser::parseBlock):
491         * dfg/DFGGPRInfo.h:
492         (JSC::DFG::JSValueRegs::JSValueRegs):
493         (JSC::DFG::JSValueRegs::operator!):
494         (JSC::DFG::JSValueRegs::gpr):
495         (JSC::DFG::JSValueSource::JSValueSource):
496         (JSC::DFG::JSValueSource::unboxedCell):
497         (JSC::DFG::JSValueSource::operator!):
498         (JSC::DFG::JSValueSource::isAddress):
499         (JSC::DFG::JSValueSource::offset):
500         (JSC::DFG::JSValueSource::base):
501         (JSC::DFG::JSValueSource::gpr):
502         (JSC::DFG::JSValueSource::asAddress):
503         (JSC::DFG::JSValueSource::notAddress):
504         (JSC::DFG::JSValueRegs::tagGPR):
505         (JSC::DFG::JSValueRegs::payloadGPR):
506         (JSC::DFG::JSValueSource::tagGPR):
507         (JSC::DFG::JSValueSource::payloadGPR):
508         (JSC::DFG::JSValueSource::hasKnownTag):
509         (JSC::DFG::JSValueSource::tag):
510         * dfg/DFGGenerationInfo.h:
511         (JSC::DFG::GenerationInfo::jsValueRegs):
512         * dfg/DFGGraph.h:
513         (JSC::DFG::Graph::valueProfileFor):
514         * dfg/DFGJITCodeGenerator.h:
515         (JSC::JSValueOperand::jsValueRegs):
516         * dfg/DFGJITCompiler.cpp:
517         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
518         * dfg/DFGJITCompiler.h:
519         (JSC::DFG::JITCompiler::valueProfileFor):
520         * dfg/DFGJITCompiler32_64.cpp:
521         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
522         * dfg/DFGPropagator.cpp:
523         (JSC::DFG::Propagator::propagateNodePredictions):
524         * dfg/DFGSpeculativeJIT.cpp:
525         (JSC::DFG::OSRExit::OSRExit):
526         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
527         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
528         (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
529         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
530         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
531         (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
532         * dfg/DFGSpeculativeJIT.h:
533         (JSC::DFG::SpeculativeJIT::speculationCheck):
534         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
535         * dfg/DFGSpeculativeJIT32_64.cpp:
536         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
537         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
538         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
539         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
540         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
541         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
542         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
543         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
544         (JSC::DFG::SpeculativeJIT::compile):
545         * dfg/DFGSpeculativeJIT64.cpp:
546         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
547         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
548         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
549         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
550         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
551         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
552         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
553         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
554         (JSC::DFG::SpeculativeJIT::emitBranch):
555         (JSC::DFG::SpeculativeJIT::compile):
556         * jit/JITPropertyAccess.cpp:
557         (JSC::JIT::emitSlow_op_method_check):
558         * jit/JITPropertyAccess32_64.cpp:
559         (JSC::JIT::emitSlow_op_method_check):
560         * runtime/Heuristics.cpp:
561         (JSC::Heuristics::initializeHeuristics):
562         * runtime/JSValue.h:
563
564 2011-10-31  Sam Weinig  <sam@webkit.org>
565
566         Remove need for virtual JSObject::unwrappedObject
567         https://bugs.webkit.org/show_bug.cgi?id=71034
568
569         Reviewed by Geoffrey Garen.
570
571         * JavaScriptCore.exp:
572         Update exports.
573
574         * CMakeLists.txt:
575         * GNUmakefile.list.am:
576         * JavaScriptCore.exp:
577         * JavaScriptCore.gypi:
578         * JavaScriptCore.pro:
579         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
580         * JavaScriptCore.xcodeproj/project.pbxproj:
581         Add JSGlobalThis.cpp.
582
583         * runtime/JSGlobalThis.cpp: Added.
584         (JSC::JSGlobalThis::visitChildren):
585         (JSC::JSGlobalThis::unwrappedObject):
586         * runtime/JSGlobalThis.h:
587         (JSC::JSGlobalThis::createStructure):
588         Move underlying object from JSDOMWindowShell down to JSGlobalThis
589         and corresponding visitChildren method.
590
591         * runtime/JSObject.cpp:
592         (JSC::JSObject::unwrappedObject):
593         Change unwrappedObject from virtual, to just needing an if check.
594
595         * runtime/JSObject.h:
596         (JSC::JSObject::isGlobalThis):
597         * runtime/JSType.h:
598         Add isGlobalThis predicate and type.
599
600 2011-10-31  Xianzhu Wang  <wangxianzhu@chromium.org>
601
602         WTF::StringImpl::create(const char*, unsigned) calls itself
603         https://bugs.webkit.org/show_bug.cgi?id=71206
604
605         The original implementation just calls itself, causing infinite recursion.
606         Cast the first parameter to const LChar* to fix that.
607
608         Reviewed by Ryosuke Niwa.
609
610         * wtf/text/StringImpl.h:
611         (WTF::StringImpl::create):
612
613 2011-10-31  Andy Wingo  <wingo@igalia.com>
614
615         Fix DFG JIT compilation on Linux targets.
616         https://bugs.webkit.org/show_bug.cgi?id=70904
617
618         Reviewed by Darin Adler.
619
620         * jit/JITStubs.cpp (SYMBOL_STRING_RELOCATION): Simplify this
621         macro.
622
623         * dfg/DFGOperations.cpp (SYMBOL_STRING_RELOCATION): Copy the
624         simplified definition from jit/JITStubs.cpp.
625         (FUNCTION_WRAPPER_WITH_RETURN_ADDRESS, getHostCallReturnValue):
626         Use the macro to access trampoline targets through the PLT on PIC
627         systems, instead of introducing a text relocation.  Otherwise, the
628         library fails to link.
629
630 2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
631
632         De-virtualize JSObject::defineGetter
633         https://bugs.webkit.org/show_bug.cgi?id=71134
634
635         Reviewed by Darin Adler.
636
637         Added defineGetter to the MethodTable.  Replaced all virtual versions of defineGetter
638         with static versions.  Replaced all call sites with lookups in the MethodTable.
639
640         * JavaScriptCore.exp:
641         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
642         * debugger/DebuggerActivation.cpp:
643         (JSC::DebuggerActivation::defineGetter):
644         * debugger/DebuggerActivation.h:
645         * interpreter/Interpreter.cpp:
646         (JSC::Interpreter::privateExecute):
647         * jit/JITStubs.cpp:
648         (JSC::DEFINE_STUB_FUNCTION):
649         * runtime/ClassInfo.h:
650         * runtime/JSCell.cpp:
651         (JSC::JSCell::defineGetter):
652         * runtime/JSCell.h:
653         * runtime/JSGlobalObject.cpp:
654         (JSC::JSGlobalObject::defineGetter):
655         * runtime/JSGlobalObject.h:
656         * runtime/JSObject.cpp:
657         (JSC::JSObject::defineGetter):
658         (JSC::putDescriptor):
659         * runtime/JSObject.h:
660         * runtime/ObjectPrototype.cpp:
661         (JSC::objectProtoFuncDefineGetter):
662
663 2011-10-31  Michael Saboff  <msaboff@apple.com>
664
665         Towards 8-bit Strings: Move Lexer and Parser Objects out of JSGlobalData
666         https://bugs.webkit.org/show_bug.cgi?id=71138
667
668         Restructure and movement of Lexer and Parser code.
669         Moved Lexer and Parser objects out of JSGlobalData.
670         Added a new ParserTokens class and instance to JSGlobalData that
671         have JavaScript token related definitions.
672         Replaced JSGlobalData arguments to Node classes with lineNumber,
673         as that was the only use of the JSGlobalData.
674         Combined JSParser and Parser classes into one class,
675         eliminating JSParser.h and .cpp.
676         Various supporting #include changes.
677
678         These mostly mechanical changes are done in preparation to
679         making the Lexer and Parser template classes.
680
681         Reviewed by Darin Adler.
682
683         * CMakeLists.txt:
684         * GNUmakefile.list.am:
685         * JavaScriptCore.gypi:
686         * JavaScriptCore.pro:
687         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
688         * JavaScriptCore.xcodeproj/project.pbxproj:
689         * bytecompiler/NodesCodegen.cpp:
690         (JSC::ArrayNode::toArgumentList):
691         (JSC::ApplyFunctionCallDotNode::emitBytecode):
692         * parser/ASTBuilder.h:
693         (JSC::ASTBuilder::ASTBuilder):
694         (JSC::ASTBuilder::createSourceElements):
695         (JSC::ASTBuilder::createCommaExpr):
696         (JSC::ASTBuilder::createLogicalNot):
697         (JSC::ASTBuilder::createUnaryPlus):
698         (JSC::ASTBuilder::createVoid):
699         (JSC::ASTBuilder::thisExpr):
700         (JSC::ASTBuilder::createResolve):
701         (JSC::ASTBuilder::createObjectLiteral):
702         (JSC::ASTBuilder::createArray):
703         (JSC::ASTBuilder::createNumberExpr):
704         (JSC::ASTBuilder::createString):
705         (JSC::ASTBuilder::createBoolean):
706         (JSC::ASTBuilder::createNull):
707         (JSC::ASTBuilder::createBracketAccess):
708         (JSC::ASTBuilder::createDotAccess):
709         (JSC::ASTBuilder::createRegExp):
710         (JSC::ASTBuilder::createNewExpr):
711         (JSC::ASTBuilder::createConditionalExpr):
712         (JSC::ASTBuilder::createAssignResolve):
713         (JSC::ASTBuilder::createFunctionExpr):
714         (JSC::ASTBuilder::createFunctionBody):
715         (JSC::ASTBuilder::createGetterOrSetterProperty):
716         (JSC::ASTBuilder::createArguments):
717         (JSC::ASTBuilder::createArgumentsList):
718         (JSC::ASTBuilder::createPropertyList):
719         (JSC::ASTBuilder::createElementList):
720         (JSC::ASTBuilder::createFormalParameterList):
721         (JSC::ASTBuilder::createClause):
722         (JSC::ASTBuilder::createClauseList):
723         (JSC::ASTBuilder::createFuncDeclStatement):
724         (JSC::ASTBuilder::createBlockStatement):
725         (JSC::ASTBuilder::createExprStatement):
726         (JSC::ASTBuilder::createIfStatement):
727         (JSC::ASTBuilder::createForLoop):
728         (JSC::ASTBuilder::createForInLoop):
729         (JSC::ASTBuilder::createEmptyStatement):
730         (JSC::ASTBuilder::createVarStatement):
731         (JSC::ASTBuilder::createReturnStatement):
732         (JSC::ASTBuilder::createBreakStatement):
733         (JSC::ASTBuilder::createContinueStatement):
734         (JSC::ASTBuilder::createTryStatement):
735         (JSC::ASTBuilder::createSwitchStatement):
736         (JSC::ASTBuilder::createWhileStatement):
737         (JSC::ASTBuilder::createDoWhileStatement):
738         (JSC::ASTBuilder::createLabelStatement):
739         (JSC::ASTBuilder::createWithStatement):
740         (JSC::ASTBuilder::createThrowStatement):
741         (JSC::ASTBuilder::createDebugger):
742         (JSC::ASTBuilder::createConstStatement):
743         (JSC::ASTBuilder::appendConstDecl):
744         (JSC::ASTBuilder::combineCommaNodes):
745         (JSC::ASTBuilder::appendBinaryOperation):
746         (JSC::ASTBuilder::createAssignment):
747         (JSC::ASTBuilder::createNumber):
748         (JSC::ASTBuilder::makeTypeOfNode):
749         (JSC::ASTBuilder::makeDeleteNode):
750         (JSC::ASTBuilder::makeNegateNode):
751         (JSC::ASTBuilder::makeBitwiseNotNode):
752         (JSC::ASTBuilder::makeMultNode):
753         (JSC::ASTBuilder::makeDivNode):
754         (JSC::ASTBuilder::makeModNode):
755         (JSC::ASTBuilder::makeAddNode):
756         (JSC::ASTBuilder::makeSubNode):
757         (JSC::ASTBuilder::makeLeftShiftNode):
758         (JSC::ASTBuilder::makeRightShiftNode):
759         (JSC::ASTBuilder::makeURightShiftNode):
760         (JSC::ASTBuilder::makeBitOrNode):
761         (JSC::ASTBuilder::makeBitAndNode):
762         (JSC::ASTBuilder::makeBitXOrNode):
763         (JSC::ASTBuilder::makeFunctionCallNode):
764         (JSC::ASTBuilder::makeBinaryNode):
765         (JSC::ASTBuilder::makeAssignNode):
766         (JSC::ASTBuilder::makePrefixNode):
767         (JSC::ASTBuilder::makePostfixNode):
768         * parser/JSParser.cpp: Removed.
769         * parser/JSParser.h: Removed.
770         * parser/Lexer.cpp:
771         (JSC::Keywords::Keywords):
772         (JSC::Lexer::Lexer):
773         (JSC::Lexer::~Lexer):
774         (JSC::Lexer::setCode):
775         (JSC::Lexer::parseIdentifier):
776         * parser/Lexer.h:
777         (JSC::Keywords::isKeyword):
778         (JSC::Keywords::getKeyword):
779         (JSC::Keywords::~Keywords):
780         (JSC::Lexer::setIsReparsing):
781         (JSC::Lexer::isReparsing):
782         (JSC::Lexer::lineNumber):
783         (JSC::Lexer::setLastLineNumber):
784         (JSC::Lexer::lastLineNumber):
785         (JSC::Lexer::prevTerminator):
786         (JSC::Lexer::sawError):
787         (JSC::Lexer::getErrorMessage):
788         (JSC::Lexer::currentOffset):
789         (JSC::Lexer::setOffset):
790         (JSC::Lexer::setLineNumber):
791         (JSC::Lexer::sourceProvider):
792         (JSC::Lexer::isWhiteSpace):
793         (JSC::Lexer::isLineTerminator):
794         (JSC::Lexer::convertHex):
795         (JSC::Lexer::convertUnicode):
796         (JSC::Lexer::makeIdentifier):
797         (JSC::Lexer::lexExpectIdentifier):
798         * parser/NodeConstructors.h:
799         (JSC::ParserArenaFreeable::operator new):
800         (JSC::ParserArenaDeletable::operator new):
801         (JSC::ParserArenaRefCounted::ParserArenaRefCounted):
802         (JSC::Node::Node):
803         (JSC::ExpressionNode::ExpressionNode):
804         (JSC::StatementNode::StatementNode):
805         (JSC::NullNode::NullNode):
806         (JSC::BooleanNode::BooleanNode):
807         (JSC::NumberNode::NumberNode):
808         (JSC::StringNode::StringNode):
809         (JSC::RegExpNode::RegExpNode):
810         (JSC::ThisNode::ThisNode):
811         (JSC::ResolveNode::ResolveNode):
812         (JSC::ElementNode::ElementNode):
813         (JSC::ArrayNode::ArrayNode):
814         (JSC::PropertyNode::PropertyNode):
815         (JSC::PropertyListNode::PropertyListNode):
816         (JSC::ObjectLiteralNode::ObjectLiteralNode):
817         (JSC::BracketAccessorNode::BracketAccessorNode):
818         (JSC::DotAccessorNode::DotAccessorNode):
819         (JSC::ArgumentListNode::ArgumentListNode):
820         (JSC::ArgumentsNode::ArgumentsNode):
821         (JSC::NewExprNode::NewExprNode):
822         (JSC::EvalFunctionCallNode::EvalFunctionCallNode):
823         (JSC::FunctionCallValueNode::FunctionCallValueNode):
824         (JSC::FunctionCallResolveNode::FunctionCallResolveNode):
825         (JSC::FunctionCallBracketNode::FunctionCallBracketNode):
826         (JSC::FunctionCallDotNode::FunctionCallDotNode):
827         (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
828         (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
829         (JSC::PrePostResolveNode::PrePostResolveNode):
830         (JSC::PostfixResolveNode::PostfixResolveNode):
831         (JSC::PostfixBracketNode::PostfixBracketNode):
832         (JSC::PostfixDotNode::PostfixDotNode):
833         (JSC::PostfixErrorNode::PostfixErrorNode):
834         (JSC::DeleteResolveNode::DeleteResolveNode):
835         (JSC::DeleteBracketNode::DeleteBracketNode):
836         (JSC::DeleteDotNode::DeleteDotNode):
837         (JSC::DeleteValueNode::DeleteValueNode):
838         (JSC::VoidNode::VoidNode):
839         (JSC::TypeOfResolveNode::TypeOfResolveNode):
840         (JSC::TypeOfValueNode::TypeOfValueNode):
841         (JSC::PrefixResolveNode::PrefixResolveNode):
842         (JSC::PrefixBracketNode::PrefixBracketNode):
843         (JSC::PrefixDotNode::PrefixDotNode):
844         (JSC::PrefixErrorNode::PrefixErrorNode):
845         (JSC::UnaryOpNode::UnaryOpNode):
846         (JSC::UnaryPlusNode::UnaryPlusNode):
847         (JSC::NegateNode::NegateNode):
848         (JSC::BitwiseNotNode::BitwiseNotNode):
849         (JSC::LogicalNotNode::LogicalNotNode):
850         (JSC::BinaryOpNode::BinaryOpNode):
851         (JSC::MultNode::MultNode):
852         (JSC::DivNode::DivNode):
853         (JSC::ModNode::ModNode):
854         (JSC::AddNode::AddNode):
855         (JSC::SubNode::SubNode):
856         (JSC::LeftShiftNode::LeftShiftNode):
857         (JSC::RightShiftNode::RightShiftNode):
858         (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
859         (JSC::LessNode::LessNode):
860         (JSC::GreaterNode::GreaterNode):
861         (JSC::LessEqNode::LessEqNode):
862         (JSC::GreaterEqNode::GreaterEqNode):
863         (JSC::ThrowableBinaryOpNode::ThrowableBinaryOpNode):
864         (JSC::InstanceOfNode::InstanceOfNode):
865         (JSC::InNode::InNode):
866         (JSC::EqualNode::EqualNode):
867         (JSC::NotEqualNode::NotEqualNode):
868         (JSC::StrictEqualNode::StrictEqualNode):
869         (JSC::NotStrictEqualNode::NotStrictEqualNode):
870         (JSC::BitAndNode::BitAndNode):
871         (JSC::BitOrNode::BitOrNode):
872         (JSC::BitXOrNode::BitXOrNode):
873         (JSC::LogicalOpNode::LogicalOpNode):
874         (JSC::ConditionalNode::ConditionalNode):
875         (JSC::ReadModifyResolveNode::ReadModifyResolveNode):
876         (JSC::AssignResolveNode::AssignResolveNode):
877         (JSC::ReadModifyBracketNode::ReadModifyBracketNode):
878         (JSC::AssignBracketNode::AssignBracketNode):
879         (JSC::AssignDotNode::AssignDotNode):
880         (JSC::ReadModifyDotNode::ReadModifyDotNode):
881         (JSC::AssignErrorNode::AssignErrorNode):
882         (JSC::CommaNode::CommaNode):
883         (JSC::ConstStatementNode::ConstStatementNode):
884         (JSC::SourceElements::SourceElements):
885         (JSC::EmptyStatementNode::EmptyStatementNode):
886         (JSC::DebuggerStatementNode::DebuggerStatementNode):
887         (JSC::ExprStatementNode::ExprStatementNode):
888         (JSC::VarStatementNode::VarStatementNode):
889         (JSC::IfNode::IfNode):
890         (JSC::IfElseNode::IfElseNode):
891         (JSC::DoWhileNode::DoWhileNode):
892         (JSC::WhileNode::WhileNode):
893         (JSC::ForNode::ForNode):
894         (JSC::ContinueNode::ContinueNode):
895         (JSC::BreakNode::BreakNode):
896         (JSC::ReturnNode::ReturnNode):
897         (JSC::WithNode::WithNode):
898         (JSC::LabelNode::LabelNode):
899         (JSC::ThrowNode::ThrowNode):
900         (JSC::TryNode::TryNode):
901         (JSC::ParameterNode::ParameterNode):
902         (JSC::FuncExprNode::FuncExprNode):
903         (JSC::FuncDeclNode::FuncDeclNode):
904         (JSC::CaseClauseNode::CaseClauseNode):
905         (JSC::ClauseListNode::ClauseListNode):
906         (JSC::CaseBlockNode::CaseBlockNode):
907         (JSC::SwitchNode::SwitchNode):
908         (JSC::ConstDeclNode::ConstDeclNode):
909         (JSC::BlockNode::BlockNode):
910         (JSC::ForInNode::ForInNode):
911         * parser/NodeInfo.h:
912         * parser/Nodes.cpp:
913         (JSC::StatementNode::setLoc):
914         (JSC::ScopeNode::ScopeNode):
915         (JSC::ProgramNode::ProgramNode):
916         (JSC::ProgramNode::create):
917         (JSC::EvalNode::EvalNode):
918         (JSC::EvalNode::create):
919         (JSC::FunctionBodyNode::FunctionBodyNode):
920         (JSC::FunctionBodyNode::create):
921         * parser/Nodes.h:
922         (JSC::Node::lineNo):
923         * parser/Parser.cpp:
924         (JSC::Parser::Parser):
925         (JSC::Parser::~Parser):
926         (JSC::Parser::parseInner):
927         (JSC::Parser::allowAutomaticSemicolon):
928         (JSC::Parser::parseSourceElements):
929         (JSC::Parser::parseVarDeclaration):
930         (JSC::Parser::parseConstDeclaration):
931         (JSC::Parser::parseDoWhileStatement):
932         (JSC::Parser::parseWhileStatement):
933         (JSC::Parser::parseVarDeclarationList):
934         (JSC::Parser::parseConstDeclarationList):
935         (JSC::Parser::parseForStatement):
936         (JSC::Parser::parseBreakStatement):
937         (JSC::Parser::parseContinueStatement):
938         (JSC::Parser::parseReturnStatement):
939         (JSC::Parser::parseThrowStatement):
940         (JSC::Parser::parseWithStatement):
941         (JSC::Parser::parseSwitchStatement):
942         (JSC::Parser::parseSwitchClauses):
943         (JSC::Parser::parseSwitchDefaultClause):
944         (JSC::Parser::parseTryStatement):
945         (JSC::Parser::parseDebuggerStatement):
946         (JSC::Parser::parseBlockStatement):
947         (JSC::Parser::parseStatement):
948         (JSC::Parser::parseFormalParameters):
949         (JSC::Parser::parseFunctionBody):
950         (JSC::Parser::parseFunctionInfo):
951         (JSC::Parser::parseFunctionDeclaration):
952         (JSC::LabelInfo::LabelInfo):
953         (JSC::Parser::parseExpressionOrLabelStatement):
954         (JSC::Parser::parseExpressionStatement):
955         (JSC::Parser::parseIfStatement):
956         (JSC::Parser::parseExpression):
957         (JSC::Parser::parseAssignmentExpression):
958         (JSC::Parser::parseConditionalExpression):
959         (JSC::isUnaryOp):
960         (JSC::Parser::isBinaryOperator):
961         (JSC::Parser::parseBinaryExpression):
962         (JSC::Parser::parseProperty):
963         (JSC::Parser::parseObjectLiteral):
964         (JSC::Parser::parseStrictObjectLiteral):
965         (JSC::Parser::parseArrayLiteral):
966         (JSC::Parser::parsePrimaryExpression):
967         (JSC::Parser::parseArguments):
968         (JSC::Parser::parseMemberExpression):
969         (JSC::Parser::parseUnaryExpression):
970         * parser/Parser.h:
971         (JSC::isEvalNode):
972         (JSC::EvalNode):
973         (JSC::DepthManager::DepthManager):
974         (JSC::DepthManager::~DepthManager):
975         (JSC::ScopeLabelInfo::ScopeLabelInfo):
976         (JSC::Scope::Scope):
977         (JSC::Scope::startSwitch):
978         (JSC::Scope::endSwitch):
979         (JSC::Scope::startLoop):
980         (JSC::Scope::endLoop):
981         (JSC::Scope::inLoop):
982         (JSC::Scope::breakIsValid):
983         (JSC::Scope::continueIsValid):
984         (JSC::Scope::pushLabel):
985         (JSC::Scope::popLabel):
986         (JSC::Scope::getLabel):
987         (JSC::Scope::setIsFunction):
988         (JSC::Scope::isFunction):
989         (JSC::Scope::isFunctionBoundary):
990         (JSC::Scope::declareVariable):
991         (JSC::Scope::declareWrite):
992         (JSC::Scope::preventNewDecls):
993         (JSC::Scope::allowsNewDecls):
994         (JSC::Scope::declareParameter):
995         (JSC::Scope::useVariable):
996         (JSC::Scope::setNeedsFullActivation):
997         (JSC::Scope::collectFreeVariables):
998         (JSC::Scope::getUncapturedWrittenVariables):
999         (JSC::Scope::getCapturedVariables):
1000         (JSC::Scope::setStrictMode):
1001         (JSC::Scope::strictMode):
1002         (JSC::Scope::isValidStrictMode):
1003         (JSC::Scope::shadowsArguments):
1004         (JSC::Scope::copyCapturedVariablesToVector):
1005         (JSC::Scope::saveFunctionInfo):
1006         (JSC::Scope::restoreFunctionInfo):
1007         (JSC::ScopeRef::ScopeRef):
1008         (JSC::ScopeRef::operator->):
1009         (JSC::ScopeRef::index):
1010         (JSC::ScopeRef::hasContainingScope):
1011         (JSC::ScopeRef::containingScope):
1012         (JSC::Parser::AllowInOverride::AllowInOverride):
1013         (JSC::Parser::AllowInOverride::~AllowInOverride):
1014         (JSC::Parser::AutoPopScopeRef::AutoPopScopeRef):
1015         (JSC::Parser::AutoPopScopeRef::~AutoPopScopeRef):
1016         (JSC::Parser::AutoPopScopeRef::setPopped):
1017         (JSC::Parser::currentScope):
1018         (JSC::Parser::pushScope):
1019         (JSC::Parser::popScopeInternal):
1020         (JSC::Parser::popScope):
1021         (JSC::Parser::declareVariable):
1022         (JSC::Parser::declareWrite):
1023         (JSC::Parser::findCachedFunctionInfo):
1024         (JSC::Parser::isFunctionBodyNode):
1025         (JSC::Parser::next):
1026         (JSC::Parser::nextExpectIdentifier):
1027         (JSC::Parser::nextTokenIsColon):
1028         (JSC::Parser::consume):
1029         (JSC::Parser::getToken):
1030         (JSC::Parser::match):
1031         (JSC::Parser::tokenStart):
1032         (JSC::Parser::tokenLine):
1033         (JSC::Parser::tokenEnd):
1034         (JSC::Parser::getTokenName):
1035         (JSC::Parser::updateErrorMessageSpecialCase):
1036         (JSC::Parser::updateErrorMessage):
1037         (JSC::Parser::updateErrorWithNameAndMessage):
1038         (JSC::Parser::startLoop):
1039         (JSC::Parser::endLoop):
1040         (JSC::Parser::startSwitch):
1041         (JSC::Parser::endSwitch):
1042         (JSC::Parser::setStrictMode):
1043         (JSC::Parser::strictMode):
1044         (JSC::Parser::isValidStrictMode):
1045         (JSC::Parser::declareParameter):
1046         (JSC::Parser::breakIsValid):
1047         (JSC::Parser::continueIsValid):
1048         (JSC::Parser::pushLabel):
1049         (JSC::Parser::popLabel):
1050         (JSC::Parser::getLabel):
1051         (JSC::Parser::autoSemiColon):
1052         (JSC::Parser::canRecurse):
1053         (JSC::Parser::lastTokenEnd):
1054         (JSC::Parser::DepthManager::DepthManager):
1055         (JSC::Parser::DepthManager::~DepthManager):
1056         (JSC::Parser::parse):
1057         (JSC::parse):
1058         * parser/ParserTokens.h: Added.
1059         (JSC::JSTokenInfo::JSTokenInfo):
1060         * parser/SourceCode.h:
1061         (JSC::SourceCode::subExpression):
1062         * parser/SourceProviderCacheItem.h:
1063         * parser/SyntaxChecker.h:
1064         (JSC::SyntaxChecker::SyntaxChecker):
1065         (JSC::SyntaxChecker::makeFunctionCallNode):
1066         (JSC::SyntaxChecker::createCommaExpr):
1067         (JSC::SyntaxChecker::makeAssignNode):
1068         (JSC::SyntaxChecker::makePrefixNode):
1069         (JSC::SyntaxChecker::makePostfixNode):
1070         (JSC::SyntaxChecker::makeTypeOfNode):
1071         (JSC::SyntaxChecker::makeDeleteNode):
1072         (JSC::SyntaxChecker::makeNegateNode):
1073         (JSC::SyntaxChecker::makeBitwiseNotNode):
1074         (JSC::SyntaxChecker::createLogicalNot):
1075         (JSC::SyntaxChecker::createUnaryPlus):
1076         (JSC::SyntaxChecker::createVoid):
1077         (JSC::SyntaxChecker::thisExpr):
1078         (JSC::SyntaxChecker::createResolve):
1079         (JSC::SyntaxChecker::createObjectLiteral):
1080         (JSC::SyntaxChecker::createArray):
1081         (JSC::SyntaxChecker::createNumberExpr):
1082         (JSC::SyntaxChecker::createString):
1083         (JSC::SyntaxChecker::createBoolean):
1084         (JSC::SyntaxChecker::createNull):
1085         (JSC::SyntaxChecker::createBracketAccess):
1086         (JSC::SyntaxChecker::createDotAccess):
1087         (JSC::SyntaxChecker::createRegExp):
1088         (JSC::SyntaxChecker::createNewExpr):
1089         (JSC::SyntaxChecker::createConditionalExpr):
1090         (JSC::SyntaxChecker::createAssignResolve):
1091         (JSC::SyntaxChecker::createFunctionExpr):
1092         (JSC::SyntaxChecker::createFunctionBody):
1093         (JSC::SyntaxChecker::createArguments):
1094         (JSC::SyntaxChecker::createArgumentsList):
1095         (JSC::SyntaxChecker::createProperty):
1096         (JSC::SyntaxChecker::createPropertyList):
1097         (JSC::SyntaxChecker::createFuncDeclStatement):
1098         (JSC::SyntaxChecker::createBlockStatement):
1099         (JSC::SyntaxChecker::createExprStatement):
1100         (JSC::SyntaxChecker::createIfStatement):
1101         (JSC::SyntaxChecker::createForLoop):
1102         (JSC::SyntaxChecker::createForInLoop):
1103         (JSC::SyntaxChecker::createEmptyStatement):
1104         (JSC::SyntaxChecker::createVarStatement):
1105         (JSC::SyntaxChecker::createReturnStatement):
1106         (JSC::SyntaxChecker::createBreakStatement):
1107         (JSC::SyntaxChecker::createContinueStatement):
1108         (JSC::SyntaxChecker::createTryStatement):
1109         (JSC::SyntaxChecker::createSwitchStatement):
1110         (JSC::SyntaxChecker::createWhileStatement):
1111         (JSC::SyntaxChecker::createWithStatement):
1112         (JSC::SyntaxChecker::createDoWhileStatement):
1113         (JSC::SyntaxChecker::createLabelStatement):
1114         (JSC::SyntaxChecker::createThrowStatement):
1115         (JSC::SyntaxChecker::createDebugger):
1116         (JSC::SyntaxChecker::createConstStatement):
1117         (JSC::SyntaxChecker::appendConstDecl):
1118         (JSC::SyntaxChecker::createGetterOrSetterProperty):
1119         (JSC::SyntaxChecker::combineCommaNodes):
1120         (JSC::SyntaxChecker::operatorStackPop):
1121         * runtime/Executable.cpp:
1122         (JSC::EvalExecutable::compileInternal):
1123         (JSC::ProgramExecutable::checkSyntax):
1124         (JSC::ProgramExecutable::compileInternal):
1125         (JSC::FunctionExecutable::produceCodeBlockFor):
1126         (JSC::FunctionExecutable::fromGlobalCode):
1127         * runtime/JSGlobalData.cpp:
1128         (JSC::JSGlobalData::JSGlobalData):
1129         (JSC::JSGlobalData::~JSGlobalData):
1130         * runtime/JSGlobalData.h:
1131         * runtime/LiteralParser.cpp:
1132         (JSC::LiteralParser::tryJSONPParse):
1133
1134 2011-10-31  Filip Pizlo  <fpizlo@apple.com>
1135
1136         REGRESSION (r97118): Reproducible crash in JSCell::toPrimitive when adding
1137         https://bugs.webkit.org/show_bug.cgi?id=71227
1138
1139         Reviewed by Oliver Hunt.
1140         
1141         No new tests, since while I can see exactly where the DFG went wrong on the
1142         site in question from looking at the generated machine code, and while I can
1143         certainly believe that such a scenario would happen, I cannot visualize how
1144         to make it happen reproducibly. It requires an odd combination of double
1145         values getting spilled and then refilled, but then reboxed at just the right
1146         time so that the spilled value is an unboxed double while the in-register
1147         value is a boxed double.
1148
1149         * dfg/DFGJITCodeGenerator.h:
1150         (JSC::DFG::JITCodeGenerator::silentFillGPR):
1151
1152 2011-10-30  Filip Pizlo  <fpizlo@apple.com>
1153
1154         JSParser::parsePrimaryExpression should have an overflow check
1155         https://bugs.webkit.org/show_bug.cgi?id=71197
1156
1157         Reviewed by Geoff Garen.
1158
1159         * parser/JSParser.cpp:
1160         (JSC::JSParser::parsePrimaryExpression):
1161
1162 2011-10-30  Filip Pizlo  <fpizlo@apple.com>
1163
1164         DFG ValueAdd(string, int) should not fail speculation
1165         https://bugs.webkit.org/show_bug.cgi?id=71195
1166
1167         Reviewed by Geoff Garen.
1168         
1169         1% speed-up on V8.
1170
1171         * dfg/DFGNode.h:
1172         (JSC::DFG::Node::shouldNotSpeculateInteger):
1173         (JSC::DFG::Node::shouldSpeculateInteger):
1174
1175 2011-10-30  Filip Pizlo  <fpizlo@apple.com>
1176
1177         The DFG inliner should not flush the callee
1178         https://bugs.webkit.org/show_bug.cgi?id=71191
1179
1180         Reviewed by Oliver Hunt.
1181         
1182         0.6% speed-up on V8.
1183
1184         * bytecode/CodeBlock.cpp:
1185         (JSC::CodeBlock::visitAggregate):
1186         * bytecode/CodeOrigin.h:
1187         * dfg/DFGByteCodeParser.cpp:
1188         (JSC::DFG::ByteCodeParser::flush):
1189         (JSC::DFG::ByteCodeParser::handleInlining):
1190         (JSC::DFG::ByteCodeParser::parseBlock):
1191         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1192         (JSC::DFG::ByteCodeParser::parse):
1193         * dfg/DFGJITCompiler.cpp:
1194         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1195         * dfg/DFGJITCompiler32_64.cpp:
1196         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1197         * interpreter/CallFrame.cpp:
1198         (JSC::CallFrame::trueCallerFrameSlow):
1199
1200 2011-10-28  Mark Hahnenberg  <mhahnenberg@apple.com>
1201
1202         De-virtualize isGlobalObject, isVariableObject, isActivationObject, and isErrorInstance in JSObject
1203         https://bugs.webkit.org/show_bug.cgi?id=70968
1204
1205         Reviewed by Geoffrey Garen.
1206
1207         * API/JSCallbackObject.cpp: Added two specializations for createStructure that use different JSTypes in their
1208         TypeInfo.  Had to also create a specialization for JSNonFinalObject, even JSGlobalObject was the only that 
1209         needed it because Windows wouldn't build without it.
1210         (JSC::::createStructure):
1211         * API/JSCallbackObject.h:
1212         * JavaScriptCore.exp:
1213         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1214         * runtime/ErrorInstance.h: Removed virtual function and changed JSType provided to TypeInfo in createStructure. 
1215         (JSC::ErrorInstance::createStructure):
1216         * runtime/ErrorPrototype.h: Ditto
1217         (JSC::ErrorPrototype::createStructure):
1218         * runtime/JSActivation.h: Ditto
1219         (JSC::JSActivation::createStructure):
1220         * runtime/JSGlobalObject.h: Ditto
1221         (JSC::JSGlobalObject::createStructure):
1222         * runtime/JSObject.h: De-virtualized functions.  They now check the JSType of the object for the corresponding type.
1223         (JSC::JSObject::isGlobalObject):
1224         (JSC::JSObject::isVariableObject):
1225         (JSC::JSObject::isActivationObject):
1226         (JSC::JSObject::isErrorInstance):
1227         * runtime/JSType.h: Added new types for GlobalObject, VariableObject, ActivationObject, and ErrorInstance.
1228         * runtime/JSVariableObject.cpp: Removed virtual function.
1229         * runtime/JSVariableObject.h: Changed JSType provided to TypeInfo in createStructure.
1230         (JSC::JSVariableObject::createStructure):
1231
1232 2011-10-28  Pavel Feldman  <pfeldman@google.com>
1233
1234         Reset line numbers for scripts generated with document.write.
1235         https://bugs.webkit.org/show_bug.cgi?id=71099
1236
1237         Reviewed by Yury Semikhatsky.
1238
1239         * wtf/text/TextPosition.h:
1240         (WTF::OrdinalNumber::OrdinalNumber):
1241
1242 2011-10-27  Daniel Bates  <dbates@rim.com>
1243
1244         CMake: Add support to optionally install the built JavaScript shell
1245         https://bugs.webkit.org/show_bug.cgi?id=71062
1246
1247         Reviewed by Antonio Gomes.
1248
1249         Generate an installation rule for installing the JavaScript shell in
1250         /bin (with respect to the prefix path) when SHOULD_INSTALL_JS_SHELL
1251         is defined.
1252
1253         * shell/CMakeLists.txt:
1254
1255 2011-10-27  Kentaro Hara  <haraken@chromium.org>
1256
1257         Generate WebKitCSSMatrix constructor for JSC by [Constructor] IDL
1258         https://bugs.webkit.org/show_bug.cgi?id=70215
1259
1260         Reviewed by Adam Barth.
1261
1262         Added a method that judges if a given JSValue is empty.
1263
1264         Tests: transforms/svg-vs-css.xhtml
1265                transforms/cssmatrix-2d-interface.xhtml
1266                transforms/cssmatrix-3d-interface.xhtml
1267
1268         * runtime/JSValue.h:
1269         * runtime/JSValueInlineMethods.h:
1270         (JSC::JSValue::isEmpty):
1271
1272 2011-10-27  Michael Saboff  <msaboff@apple.com>
1273
1274         ENH: Add 8 bit string support to JSC JIT
1275         https://bugs.webkit.org/show_bug.cgi?id=71073
1276
1277         Changed the JIT String character access generation to create code
1278         to check the character size and load8() or load16() as approriate.
1279
1280         Reviewed by Gavin Barraclough.
1281
1282         * assembler/MacroAssemblerX86Common.h:
1283         (JSC::MacroAssemblerX86Common::load8):
1284         * assembler/X86Assembler.h:
1285         (JSC::X86Assembler::movzbl_mr):
1286         * dfg/DFGSpeculativeJIT.cpp:
1287         (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
1288         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
1289         * jit/JITInlineMethods.h:
1290         (JSC::JIT::emitLoadCharacterString):
1291         * jit/JITPropertyAccess.cpp:
1292         (JSC::JIT::stringGetByValStubGenerator):
1293         * jit/JITPropertyAccess32_64.cpp:
1294         (JSC::JIT::stringGetByValStubGenerator):
1295         * jit/JSInterfaceJIT.h:
1296         (JSC::ThunkHelpers::stringImplFlagsOffset):
1297         (JSC::ThunkHelpers::stringImpl8BitFlag):
1298         * jit/ThunkGenerators.cpp:
1299         (JSC::stringCharLoad):
1300
1301 2011-10-27  Filip Pizlo  <fpizlo@apple.com>
1302
1303         If the bytecode generator emits code after the return in the first basic block,
1304         DFG's inliner crashes
1305         https://bugs.webkit.org/show_bug.cgi?id=71071
1306
1307         Reviewed by Gavin Barraclough.
1308         
1309         Removed some cruft dealing with parsing failures due to unsupported functionality
1310         (that's never reached anymore due to it being caught in DFGCapabilities). This
1311         allowed me to repurpose the bool return from parseBlock() to mean: true if we
1312         should continue to parse, or false if we've already parsed all live code.
1313
1314         * dfg/DFGByteCodeParser.cpp:
1315         (JSC::DFG::ByteCodeParser::ByteCodeParser):
1316         (JSC::DFG::ByteCodeParser::parseBlock):
1317         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1318
1319 2011-10-27  Joseph Pecoraro  <pecoraro@apple.com>
1320
1321         Reviewed by David Kilzer.
1322
1323         Make FeatureDefines Identical Across OS X Projects
1324         https://bugs.webkit.org/show_bug.cgi?id=71051
1325
1326         * Configurations/FeatureDefines.xcconfig:
1327
1328 2011-10-27  Filip Pizlo  <fpizlo@apple.com>
1329
1330         Crash in JSC::Structure::materializePropertyMap when viewing Garden-O-Matic
1331         https://bugs.webkit.org/show_bug.cgi?id=71045
1332
1333         Reviewed by Geoff Garen.
1334         
1335         Make sure that if a structure is pinned, it also has a property map.
1336
1337         * runtime/Structure.cpp:
1338         (JSC::Structure::changePrototypeTransition):
1339         (JSC::Structure::despecifyFunctionTransition):
1340         (JSC::Structure::getterSetterTransition):
1341         (JSC::Structure::toDictionaryTransition):
1342         (JSC::Structure::preventExtensionsTransition):
1343         (JSC::Structure::addPropertyWithoutTransition):
1344         (JSC::Structure::removePropertyWithoutTransition):
1345         (JSC::Structure::pin):
1346         (JSC::Structure::copyPropertyTableForPinning):
1347         * runtime/Structure.h:
1348         (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
1349
1350 2011-10-27  Michael Saboff  <msaboff@apple.com>
1351
1352         32bit build failure after r98624
1353         https://bugs.webkit.org/show_bug.cgi?id=71064
1354
1355         Disambiguated operator overload with unsigned index (0u).
1356
1357         Reviewed by Sam Weinig.
1358
1359         * runtime/UString.h:
1360         (JSC::operator==):
1361
1362 2011-10-27  Gustavo Noronha Silva  <gns@gnome.org>
1363
1364         Fix building on GNU/kFreeBSD
1365         https://bugs.webkit.org/show_bug.cgi?id=71005
1366
1367         Reviewed by Darin Adler.
1368
1369         * config.h:
1370         * wtf/Platform.h:
1371
1372 2011-10-27  Michael Saboff  <msaboff@apple.com>
1373
1374         Investigate storing strings in 8-bit buffers when possible
1375         https://bugs.webkit.org/show_bug.cgi?id=66161
1376
1377         Investigate storing strings in 8-bit buffers when possible
1378         https://bugs.webkit.org/show_bug.cgi?id=66161
1379
1380         Added support for 8 bit string data in StringImpl.  Changed
1381         (UChar*) m_data to m_data16.  Added char* m_data8 as a union
1382         with m_data16.  Added UChar* m_copyData16 to the other union
1383         to store a 16 bit copy of an 8 bit string when needed.
1384         Added characters8() and characters16() accessor methods
1385         that assume the caller has checked the underlying string type
1386         via the new is8Bit() method. The characters() method will
1387         return a UChar* of the string, materializing a 16 bit copy if the
1388         string is an 8 bit string.  Added two flags, one for 8 bit buffer
1389         and a second for a 16 bit copy for an 8 bit string.
1390
1391         Fixed method name typo (StringHasher::defaultCoverter()).
1392
1393         Over time the goal is to eliminate calls to characters() and
1394         us the character8() and characters16() accessors.
1395
1396         This patch does not include changes that actually create 8 bit
1397         strings. This is the first of at least 8 patches.  Subsequent
1398         patches will be submitted for JIT changes, making the JSC lexer,
1399         parser and literal parser, JavaScript string changes and
1400         then changes in webcore to take advantage of the 8 bit strings.
1401
1402         This change is performance neutral for SunSpider and V8 when
1403         run from the command line with "jsc".
1404
1405         Reviewed by Geoffrey Garen.
1406
1407         * JavaScriptCore.exp:
1408         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def
1409         * interpreter/Interpreter.cpp:
1410         (JSC::Interpreter::callEval):
1411         * parser/SourceProvider.h:
1412         (JSC::UStringSourceProvider::data):
1413         (JSC::UStringSourceProvider::UStringSourceProvider):
1414         * runtime/Identifier.cpp:
1415         (JSC::IdentifierCStringTranslator::hash):
1416         (JSC::IdentifierCStringTranslator::equal):
1417         (JSC::IdentifierCStringTranslator::translate):
1418         (JSC::Identifier::add):
1419         (JSC::Identifier::toUInt32):
1420         * runtime/Identifier.h:
1421         (JSC::Identifier::equal):
1422         (JSC::operator==):
1423         (JSC::operator!=):
1424         * runtime/JSString.cpp:
1425         (JSC::JSString::resolveRope):
1426         (JSC::JSString::resolveRopeSlowCase):
1427         * runtime/RegExp.cpp:
1428         (JSC::RegExp::match):
1429         * runtime/StringPrototype.cpp:
1430         (JSC::jsSpliceSubstringsWithSeparators):
1431         * runtime/UString.cpp:
1432         (JSC::UString::UString):
1433         (JSC::equalSlowCase):
1434         (JSC::UString::utf8):
1435         * runtime/UString.h:
1436         (JSC::UString::characters):
1437         (JSC::UString::characters8):
1438         (JSC::UString::characters16):
1439         (JSC::UString::is8Bit):
1440         (JSC::UString::operator[]):
1441         (JSC::UString::find):
1442         (JSC::operator==):
1443         * wtf/StringHasher.h:
1444         (WTF::StringHasher::computeHash):
1445         (WTF::StringHasher::defaultConverter):
1446         * wtf/text/AtomicString.cpp:
1447         (WTF::CStringTranslator::hash):
1448         (WTF::CStringTranslator::equal):
1449         (WTF::CStringTranslator::translate):
1450         (WTF::AtomicString::add):
1451         * wtf/text/AtomicString.h:
1452         (WTF::AtomicString::AtomicString):
1453         (WTF::AtomicString::contains):
1454         (WTF::AtomicString::find):
1455         (WTF::AtomicString::add):
1456         (WTF::operator==):
1457         (WTF::operator!=):
1458         (WTF::equalIgnoringCase):
1459         * wtf/text/StringConcatenate.h:
1460         * wtf/text/StringHash.h:
1461         (WTF::StringHash::equal):
1462         (WTF::CaseFoldingHash::hash):
1463         * wtf/text/StringImpl.cpp:
1464         (WTF::StringImpl::~StringImpl):
1465         (WTF::StringImpl::createUninitialized):
1466         (WTF::StringImpl::create):
1467         (WTF::StringImpl::getData16SlowCase):
1468         (WTF::StringImpl::containsOnlyWhitespace):
1469         (WTF::StringImpl::substring):
1470         (WTF::StringImpl::characterStartingAt):
1471         (WTF::StringImpl::lower):
1472         (WTF::StringImpl::upper):
1473         (WTF::StringImpl::fill):
1474         (WTF::StringImpl::foldCase):
1475         (WTF::StringImpl::stripMatchedCharacters):
1476         (WTF::StringImpl::removeCharacters):
1477         (WTF::StringImpl::simplifyMatchedCharactersToSpace):
1478         (WTF::StringImpl::toIntStrict):
1479         (WTF::StringImpl::toUIntStrict):
1480         (WTF::StringImpl::toInt64Strict):
1481         (WTF::StringImpl::toUInt64Strict):
1482         (WTF::StringImpl::toIntPtrStrict):
1483         (WTF::StringImpl::toInt):
1484         (WTF::StringImpl::toUInt):
1485         (WTF::StringImpl::toInt64):
1486         (WTF::StringImpl::toUInt64):
1487         (WTF::StringImpl::toIntPtr):
1488         (WTF::StringImpl::toDouble):
1489         (WTF::StringImpl::toFloat):
1490         (WTF::equal):
1491         (WTF::equalIgnoringCase):
1492         (WTF::StringImpl::find):
1493         (WTF::StringImpl::findIgnoringCase):
1494         (WTF::StringImpl::reverseFind):
1495         (WTF::StringImpl::replace):
1496         (WTF::StringImpl::defaultWritingDirection):
1497         (WTF::StringImpl::adopt):
1498         (WTF::StringImpl::createWithTerminatingNullCharacter):
1499         * wtf/text/StringImpl.h:
1500         (WTF::StringImpl::StringImpl):
1501         (WTF::StringImpl::create):
1502         (WTF::StringImpl::create8):
1503         (WTF::StringImpl::tryCreateUninitialized):
1504         (WTF::StringImpl::flagsOffset):
1505         (WTF::StringImpl::flagIs8Bit):
1506         (WTF::StringImpl::dataOffset):
1507         (WTF::StringImpl::is8Bit):
1508         (WTF::StringImpl::characters8):
1509         (WTF::StringImpl::characters16):
1510         (WTF::StringImpl::characters):
1511         (WTF::StringImpl::has16BitShadow):
1512         (WTF::StringImpl::setHash):
1513         (WTF::StringImpl::hash):
1514         (WTF::StringImpl::copyChars):
1515         (WTF::StringImpl::operator[]):
1516         (WTF::StringImpl::find):
1517         (WTF::StringImpl::findIgnoringCase):
1518         (WTF::equal):
1519         (WTF::equalIgnoringCase):
1520         (WTF::StringImpl::isolatedCopy):
1521         * wtf/text/WTFString.cpp:
1522         (WTF::String::String):
1523         (WTF::String::append):
1524         (WTF::String::format):
1525         (WTF::String::fromUTF8):
1526         (WTF::String::fromUTF8WithLatin1Fallback):
1527         * wtf/text/WTFString.h:
1528         (WTF::String::find):
1529         (WTF::String::findIgnoringCase):
1530         (WTF::String::contains):
1531         (WTF::String::append):
1532         (WTF::String::fromUTF8):
1533         (WTF::String::fromUTF8WithLatin1Fallback):
1534         (WTF::operator==):
1535         (WTF::operator!=):
1536         (WTF::equalIgnoringCase):
1537         * wtf/unicode/Unicode.h:
1538         * yarr/YarrJIT.cpp:
1539         (JSC::Yarr::execute):
1540         * yarr/YarrJIT.h:
1541         (JSC::Yarr::YarrCodeBlock::execute):
1542         * yarr/YarrParser.h:
1543         (JSC::Yarr::Parser::Parser):
1544
1545 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
1546
1547         Fixing windows build
1548
1549         Unreviewed build fix
1550
1551         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1552
1553 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
1554
1555         Add ability to check for presence of static members at compile time
1556         https://bugs.webkit.org/show_bug.cgi?id=70986
1557
1558         Reviewed by Geoffrey Garen.
1559
1560         Added new CREATE_MEMBER_CHECKER macro to instantiate the template and the 
1561         HAS_MEMBER_NAMED macro to use that template to check if the specified class 
1562         does indeed have a method with that name.  This mechanism is not currently 
1563         used anywhere, but will be in the future when adding virtual methods from 
1564         JSObject to the MethodTable.
1565
1566         * runtime/ClassInfo.h:
1567
1568 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
1569
1570         De-virtualize JSCell::toThisObject
1571         https://bugs.webkit.org/show_bug.cgi?id=70958
1572
1573         Reviewed by Geoffrey Garen.
1574
1575         Converted all instances of toThisObject to static functions, 
1576         added toThisObject to the MethodTable, and replaced all call sites
1577         with a corresponding lookup in the MethodTable.
1578
1579         * API/JSContextRef.cpp:
1580         * JavaScriptCore.exp:
1581         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1582         * runtime/ClassInfo.h:
1583         * runtime/JSActivation.cpp:
1584         (JSC::JSActivation::toThisObject):
1585         * runtime/JSActivation.h:
1586         * runtime/JSCell.cpp:
1587         (JSC::JSCell::toThisObject):
1588         * runtime/JSCell.h:
1589         * runtime/JSObject.cpp:
1590         (JSC::JSObject::put):
1591         (JSC::JSObject::toThisObject):
1592         * runtime/JSObject.h:
1593         (JSC::JSValue::toThisObject):
1594         * runtime/JSStaticScopeObject.cpp:
1595         (JSC::JSStaticScopeObject::toThisObject):
1596         * runtime/JSStaticScopeObject.h:
1597         * runtime/JSString.cpp:
1598         (JSC::JSString::toThisObject):
1599         * runtime/JSString.h:
1600         * runtime/StrictEvalActivation.cpp:
1601         (JSC::StrictEvalActivation::toThisObject):
1602         * runtime/StrictEvalActivation.h:
1603
1604 2011-10-27  Yuqiang Xian  <yuqiang.xian@intel.com>
1605
1606         Fix a small bug in callOperation after r98431
1607         https://bugs.webkit.org/show_bug.cgi?id=70984
1608
1609         Reviewed by Geoffrey Garen.
1610
1611         TrustedImmPtr is not expecting "int" type parameters.
1612
1613         * dfg/DFGJITCodeGenerator.h:
1614         (JSC::DFG::callOperation):
1615
1616 2011-10-26  Oliver Hunt  <oliver@apple.com>
1617
1618         Restore structure-clearing behaviour of allocateCell<>
1619         https://bugs.webkit.org/show_bug.cgi?id=70976
1620
1621         Reviewed by Geoffrey Garen.
1622
1623         This restores the logic that allows the markstack to filter
1624         live objects that have not yet been initialised.
1625
1626         * runtime/JSCell.h:
1627         (JSC::JSCell::clearStructure):
1628            Validation-safe method to clear a cell's structure.
1629         (JSC::allocateCell):
1630            Call the above method.
1631         * runtime/Structure.h:
1632         (JSC::MarkStack::internalAppend):
1633            Don't visit cells that haven't been initialised.
1634
1635 2011-10-26  Filip Pizlo  <fpizlo@apple.com>
1636
1637         REGRESSION (r97030): Cannot log in to progressive.com
1638         https://bugs.webkit.org/show_bug.cgi?id=70094
1639
1640         Reviewed by Oliver Hunt.
1641
1642         * dfg/DFGByteCodeParser.cpp:
1643         (JSC::DFG::ByteCodeParser::handleCall):
1644
1645 2011-10-26  Mark Hahnenberg  <mhahnenberg@apple.com>
1646
1647         Remove getOwnPropertySlotVirtual
1648         https://bugs.webkit.org/show_bug.cgi?id=70741
1649
1650         Reviewed by Geoffrey Garen.
1651
1652         Removed all declarations and definitions of getOwnPropertySlotVirtual.
1653         Also replaced all call sites to getOwnPropertyVirtualVirtual with a 
1654         corresponding lookup in the MethodTable.
1655
1656         * API/JSCallbackObject.h:
1657         * API/JSCallbackObjectFunctions.h:
1658         (JSC::::getOwnPropertyDescriptor):
1659         * JavaScriptCore.exp:
1660         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1661         * debugger/DebuggerActivation.cpp:
1662         (JSC::DebuggerActivation::getOwnPropertySlot):
1663         * debugger/DebuggerActivation.h:
1664         * runtime/Arguments.cpp:
1665         * runtime/Arguments.h:
1666         * runtime/ArrayConstructor.cpp:
1667         * runtime/ArrayConstructor.h:
1668         * runtime/ArrayPrototype.cpp:
1669         * runtime/ArrayPrototype.h:
1670         * runtime/BooleanPrototype.cpp:
1671         * runtime/BooleanPrototype.h:
1672         * runtime/DateConstructor.cpp:
1673         * runtime/DateConstructor.h:
1674         * runtime/DatePrototype.cpp:
1675         * runtime/DatePrototype.h:
1676         (JSC::DatePrototype::create):
1677         * runtime/ErrorPrototype.cpp:
1678         * runtime/ErrorPrototype.h:
1679         * runtime/JSActivation.cpp:
1680         * runtime/JSActivation.h:
1681         * runtime/JSArray.cpp:
1682         (JSC::JSArray::getOwnPropertySlotByIndex):
1683         * runtime/JSArray.h:
1684         * runtime/JSByteArray.cpp:
1685         * runtime/JSByteArray.h:
1686         * runtime/JSCell.cpp:
1687         * runtime/JSCell.h:
1688         * runtime/JSFunction.cpp:
1689         (JSC::JSFunction::getOwnPropertyDescriptor):
1690         (JSC::JSFunction::getOwnPropertyNames):
1691         (JSC::JSFunction::put):
1692         * runtime/JSFunction.h:
1693         * runtime/JSGlobalObject.cpp:
1694         * runtime/JSGlobalObject.h:
1695         * runtime/JSNotAnObject.cpp:
1696         * runtime/JSNotAnObject.h:
1697         * runtime/JSONObject.cpp:
1698         (JSC::Stringifier::Holder::appendNextProperty):
1699         (JSC::Walker::walk):
1700         * runtime/JSONObject.h:
1701         * runtime/JSObject.cpp:
1702         (JSC::JSObject::getOwnPropertySlotByIndex):
1703         (JSC::JSObject::hasOwnProperty):
1704         * runtime/JSObject.h:
1705         (JSC::JSCell::fastGetOwnPropertySlot):
1706         (JSC::JSObject::getPropertySlot):
1707         (JSC::JSValue::get):
1708         * runtime/JSStaticScopeObject.cpp:
1709         * runtime/JSStaticScopeObject.h:
1710         * runtime/JSString.cpp:
1711         (JSC::JSString::getOwnPropertySlot):
1712         * runtime/JSString.h:
1713         * runtime/MathObject.cpp:
1714         * runtime/MathObject.h:
1715         (JSC::MathObject::create):
1716         * runtime/NumberConstructor.cpp:
1717         * runtime/NumberConstructor.h:
1718         * runtime/NumberPrototype.cpp:
1719         * runtime/NumberPrototype.h:
1720         * runtime/ObjectConstructor.cpp:
1721         * runtime/ObjectConstructor.h:
1722         * runtime/ObjectPrototype.cpp:
1723         * runtime/ObjectPrototype.h:
1724         * runtime/RegExpConstructor.cpp:
1725         * runtime/RegExpConstructor.h:
1726         * runtime/RegExpMatchesArray.h:
1727         (JSC::RegExpMatchesArray::createStructure):
1728         * runtime/RegExpObject.cpp:
1729         * runtime/RegExpObject.h:
1730         * runtime/RegExpPrototype.cpp:
1731         * runtime/RegExpPrototype.h:
1732         * runtime/StringConstructor.cpp:
1733         * runtime/StringConstructor.h:
1734         * runtime/StringObject.cpp:
1735         * runtime/StringObject.h:
1736         * runtime/StringPrototype.cpp:
1737         * runtime/StringPrototype.h:
1738
1739 2011-10-26  Alejandro G. Castro  <alex@igalia.com>
1740
1741         [GTK] [WK2] Add WebKit2 distcheck support
1742         https://bugs.webkit.org/show_bug.cgi?id=70933
1743
1744         Reviewed by Martin Robinson.
1745
1746         * GNUmakefile.list.am: Add MemoryStatistics.h to the sources list.
1747
1748 2011-10-26  Michael Saboff  <msaboff@apple.com>
1749
1750         Increase StringImpl Flag Bits for 8 bit Strings
1751         https://bugs.webkit.org/show_bug.cgi?id=70937
1752
1753         Increased the number of bits used for flags in StringImpl
1754         from 6 to 8 bits. This frees up 2 flag bits that will be
1755         used for 8-bit string support. Updated hash methods accordingly.
1756         Changed hash value masking from the low bits to the high
1757         bits.
1758
1759         Reviewed by Darin Adler.
1760
1761         * create_hash_table:
1762         * wtf/StringHasher.h:
1763         (WTF::StringHasher::hash):
1764         * wtf/text/StringImpl.h:
1765
1766 2011-10-26  Dan Bernstein  <mitz@apple.com>
1767
1768         Build fix.
1769
1770         Reverted r98488, which caused the scripts’ status messages to be included in the generated
1771         files.
1772
1773         * create_hash_table:
1774         * create_jit_stubs:
1775
1776 2011-10-26  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
1777
1778         Don't print regular output to STDERR when generating hashtables and JIT stubs
1779
1780         Reviewed by Simon Hausmann.
1781
1782         * create_hash_table:
1783         * create_jit_stubs:
1784
1785 2011-10-25  Gavin Barraclough  <barraclough@apple.com>
1786
1787         Split DFGJITCodeGenerator::callOperation methods
1788         https://bugs.webkit.org/show_bug.cgi?id=70870
1789
1790         Reviewed by Filip Pizlo.
1791
1792         The DFGJITCodeGenerator currently contains two sets of callOperation methods.
1793         One set works with the JSVALUE64 value representation and passes arguments in
1794         registers (suitable for use on x86-64), and one set works with the JSVALUE32_64
1795         value representation and passes arguments in memory  (suitable for use on x86).
1796         By refactoring out the representation and calling convention specific aspects
1797         of the code we can also configure the DFG JIT to operator on platforms that use
1798         the JSVALUE32_64 value representation but pass arguments in registers.
1799
1800         On platforms supported by the JIT, the payload precedes the tag of a value in
1801         argument/result ordering, as such, in order to make the setupResults method
1802         generally applicable to return the results of a function that are returned in
1803         two registers, the ordering of arguments to this function has been reversed -
1804         as is the ordering of augments passed to setupArguments methods, with respect
1805         to the ordering with which they are passed in to callOperation.
1806         This inconsistency will be resolved in a later change when we combine the pairs
1807         of arguments passed into callOperation, such that the function signatures can
1808         be made consistent across the two value representations (the callOperation
1809         methods will be passed a reference to a struct representing the JSValue
1810         temporary, this will consist of two gprs on 32_64 and one on 64).
1811
1812         * dfg/DFGJITCodeGenerator.h:
1813         (JSC::DFG::resetCallArguments):
1814         (JSC::DFG::addCallArgument):
1815             - moved, removed tag,payload version of this method.
1816         (JSC::DFG::setupArguments):
1817         (JSC::DFG::setupArgumentsExecState):
1818         (JSC::DFG::setupArgumentsWithExecState):
1819             - Calling convention specific portion of callOperation refactored out into these methods.
1820         (JSC::DFG::callOperation):
1821             - updated these methods to use setupArguments* methods.
1822         (JSC::DFG::setupResults):
1823             - setupResults is now passed payload,tag.
1824         (JSC::DFG::appendCallWithExceptionCheckSetResult):
1825             - Added fpr versions of this function.
1826         (JSC::DFG::appendCallSetResult):
1827             - Added versions of this function without exception check.
1828         * dfg/DFGJITCodeGenerator32_64.cpp:
1829         (JSC::DFG::JITCodeGenerator::emitCall):
1830             - setupResults is now passed payload,tag.
1831
1832 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
1833
1834         Remove deletePropertyVirtual
1835         https://bugs.webkit.org/show_bug.cgi?id=70738
1836
1837         Reviewed by Geoffrey Garen.
1838
1839         Removed all declarations and definitions of deletePropertyVirtual.
1840         Also replaced all call sites to deletePropertyVirtual with a 
1841         corresponding lookup in the MethodTable.
1842
1843         * API/JSCallbackObject.h:
1844         * API/JSCallbackObjectFunctions.h:
1845         (JSC::::deletePropertyByIndex):
1846         * API/JSObjectRef.cpp:
1847         (JSObjectDeleteProperty):
1848         * JavaScriptCore.exp:
1849         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1850         * debugger/DebuggerActivation.cpp:
1851         (JSC::DebuggerActivation::deleteProperty):
1852         * debugger/DebuggerActivation.h:
1853         * interpreter/Interpreter.cpp:
1854         (JSC::Interpreter::privateExecute):
1855         * jit/JITStubs.cpp:
1856         (JSC::DEFINE_STUB_FUNCTION):
1857         * runtime/Arguments.cpp:
1858         * runtime/Arguments.h:
1859         * runtime/ArrayPrototype.cpp:
1860         (JSC::arrayProtoFuncPop):
1861         (JSC::arrayProtoFuncReverse):
1862         (JSC::arrayProtoFuncShift):
1863         (JSC::arrayProtoFuncSplice):
1864         (JSC::arrayProtoFuncUnShift):
1865         * runtime/JSActivation.cpp:
1866         * runtime/JSActivation.h:
1867         * runtime/JSArray.cpp:
1868         (JSC::JSArray::deleteProperty):
1869         (JSC::JSArray::deletePropertyByIndex):
1870         * runtime/JSArray.h:
1871         * runtime/JSCell.cpp:
1872         (JSC::JSCell::deleteProperty):
1873         (JSC::JSCell::deletePropertyByIndex):
1874         * runtime/JSCell.h:
1875         * runtime/JSFunction.cpp:
1876         * runtime/JSFunction.h:
1877         * runtime/JSNotAnObject.cpp:
1878         * runtime/JSNotAnObject.h:
1879         * runtime/JSONObject.cpp:
1880         (JSC::Walker::walk):
1881         * runtime/JSObject.cpp:
1882         (JSC::JSObject::deletePropertyByIndex):
1883         (JSC::JSObject::defineOwnProperty):
1884         * runtime/JSObject.h:
1885         * runtime/JSVariableObject.cpp:
1886         * runtime/JSVariableObject.h:
1887         * runtime/RegExpMatchesArray.h:
1888         * runtime/StrictEvalActivation.cpp:
1889         * runtime/StrictEvalActivation.h:
1890         * runtime/StringObject.cpp:
1891         * runtime/StringObject.h:
1892
1893 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
1894
1895         Remove putVirtual
1896         https://bugs.webkit.org/show_bug.cgi?id=70740
1897
1898         Reviewed by Geoffrey Garen.
1899
1900         Removed all declarations and definitions of putVirtual.
1901         Also replaced all call sites to putVirtual with a 
1902         corresponding lookup in the MethodTable.
1903
1904         * API/JSCallbackObject.h:
1905         * API/JSCallbackObjectFunctions.h:
1906         * API/JSObjectRef.cpp:
1907         (JSObjectSetProperty):
1908         (JSObjectSetPropertyAtIndex):
1909         * JavaScriptCore.exp:
1910         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1911         * debugger/DebuggerActivation.cpp:
1912         (JSC::DebuggerActivation::put):
1913         * debugger/DebuggerActivation.h:
1914         * dfg/DFGOperations.cpp:
1915         * interpreter/Interpreter.cpp:
1916         (JSC::Interpreter::execute):
1917         (JSC::Interpreter::privateExecute):
1918         * jsc.cpp:
1919         (GlobalObject::finishCreation):
1920         * runtime/Arguments.cpp:
1921         * runtime/Arguments.h:
1922         * runtime/ArrayPrototype.cpp:
1923         (JSC::putProperty):
1924         (JSC::arrayProtoFuncConcat):
1925         (JSC::arrayProtoFuncPush):
1926         (JSC::arrayProtoFuncReverse):
1927         (JSC::arrayProtoFuncShift):
1928         (JSC::arrayProtoFuncSlice):
1929         (JSC::arrayProtoFuncSort):
1930         (JSC::arrayProtoFuncSplice):
1931         (JSC::arrayProtoFuncUnShift):
1932         (JSC::arrayProtoFuncFilter):
1933         (JSC::arrayProtoFuncMap):
1934         * runtime/JSActivation.cpp:
1935         * runtime/JSActivation.h:
1936         * runtime/JSArray.cpp:
1937         (JSC::JSArray::putSlowCase):
1938         (JSC::JSArray::push):
1939         (JSC::JSArray::shiftCount):
1940         (JSC::JSArray::unshiftCount):
1941         * runtime/JSArray.h:
1942         * runtime/JSByteArray.cpp:
1943         * runtime/JSByteArray.h:
1944         * runtime/JSCell.cpp:
1945         (JSC::JSCell::put):
1946         (JSC::JSCell::putByIndex):
1947         * runtime/JSCell.h:
1948         * runtime/JSFunction.cpp:
1949         * runtime/JSFunction.h:
1950         * runtime/JSGlobalObject.cpp:
1951         * runtime/JSGlobalObject.h:
1952         * runtime/JSNotAnObject.cpp:
1953         * runtime/JSNotAnObject.h:
1954         * runtime/JSONObject.cpp:
1955         (JSC::Walker::walk):
1956         * runtime/JSObject.cpp:
1957         (JSC::JSObject::putByIndex):
1958         (JSC::JSObject::defineOwnProperty):
1959         * runtime/JSObject.h:
1960         (JSC::JSValue::put):
1961         * runtime/JSStaticScopeObject.cpp:
1962         * runtime/JSStaticScopeObject.h:
1963         * runtime/ObjectPrototype.cpp:
1964         * runtime/ObjectPrototype.h:
1965         * runtime/RegExpConstructor.cpp:
1966         * runtime/RegExpConstructor.h:
1967         * runtime/RegExpMatchesArray.h:
1968         * runtime/RegExpObject.cpp:
1969         * runtime/RegExpObject.h:
1970         * runtime/StringObject.cpp:
1971         * runtime/StringObject.h:
1972         * runtime/StringPrototype.cpp:
1973         (JSC::stringProtoFuncSplit):
1974
1975 2011-10-25  Gavin Barraclough  <barraclough@apple.com>
1976
1977         Separate out function linking & exception check data structures.
1978         https://bugs.webkit.org/show_bug.cgi?id=70858
1979
1980         Reviewed by Oliver Hunt.
1981
1982         This will make it easier to refactor the callOperation methods to spilt the value
1983         representation specific handling from the cpu/calling-convention implementation.
1984
1985         * dfg/DFGJITCodeGenerator.h:
1986         (JSC::DFG::appendCallWithExceptionCheck):
1987         * dfg/DFGJITCodeGenerator32_64.cpp:
1988         (JSC::DFG::JITCodeGenerator::emitCall):
1989         * dfg/DFGJITCodeGenerator64.cpp:
1990         (JSC::DFG::JITCodeGenerator::emitCall):
1991         * dfg/DFGJITCompiler.cpp:
1992         (JSC::DFG::JITCompiler::compileBody):
1993         (JSC::DFG::JITCompiler::link):
1994         * dfg/DFGJITCompiler.h:
1995         (JSC::DFG::CallLinkRecord::CallLinkRecord):
1996         (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
1997         (JSC::DFG::JITCompiler::JITCompiler):
1998         (JSC::DFG::JITCompiler::notifyCall):
1999         (JSC::DFG::JITCompiler::appendCall):
2000         (JSC::DFG::JITCompiler::addExceptionCheck):
2001         (JSC::DFG::JITCompiler::addFastExceptionCheck):
2002         * dfg/DFGJITCompiler32_64.cpp:
2003         (JSC::DFG::JITCompiler::compileBody):
2004         (JSC::DFG::JITCompiler::link):
2005
2006 2011-10-25  Filip Pizlo  <fpizlo@apple.com>
2007
2008         Tiered compilation may introduce dangling pointers in constant buffers
2009         https://bugs.webkit.org/show_bug.cgi?id=70854
2010
2011         Reviewed by Oliver Hunt.
2012         
2013         Tiered compilation now copies constant buffers, which fixes the regression in
2014         https://bugs.webkit.org/show_bug.cgi?id=70246. No new tests because this
2015         regression relies on a subtle interleaving of optimized compilation and garbage
2016         collection, and cannot be reproduced in a simple test.
2017         
2018         This also adds some new debug support, which was used to fix this bug and is
2019         likely to be useful in the future.
2020
2021         * bytecode/CodeBlock.cpp:
2022         (JSC::CodeBlock::copyDataFrom):
2023         (JSC::CodeBlock::usesOpcode):
2024         * bytecode/CodeBlock.h:
2025         * dfg/DFGGraph.cpp:
2026         (JSC::DFG::Graph::dump):
2027
2028 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
2029
2030         Fixing Windows build after r98367
2031
2032         Unreviewed build fix
2033
2034         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2035
2036 2011-10-25  Yuqiang Xian  <yuqiang.xian@intel.com>
2037
2038         Add missing DFG file entries to the make lists for GTK and Qt ports
2039         https://bugs.webkit.org/show_bug.cgi?id=70806
2040
2041         Reviewed by Darin Adler.
2042
2043         * GNUmakefile.list.am:
2044         * JavaScriptCore.pro:
2045
2046 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
2047
2048         Add getOwnPropertySlot to MethodTable
2049         https://bugs.webkit.org/show_bug.cgi?id=69807
2050
2051         Reviewed by Oliver Hunt.
2052
2053         * JavaScriptCore.exp:
2054         * runtime/ClassInfo.h: Added both versions of getOwnPropertySlot to the MethodTable.
2055         * runtime/JSCell.h: Changed getOwnPropertySlot to be protected so other classes can 
2056         reference it in their MethodTables.
2057
2058 2011-10-25  Oliver Hunt  <oliver@apple.com>
2059
2060         Need to support marking of multiple nested codeblocks when compiling
2061         https://bugs.webkit.org/show_bug.cgi?id=70832
2062
2063         Reviewed by Gavin Barraclough.
2064
2065         When inlining a function we end up with multiple codeblocks being
2066         compiled at the same time, so we need to support a list of live
2067         codeblocks.
2068
2069         * heap/Heap.cpp:
2070         (JSC::Heap::markRoots):
2071         * runtime/JSGlobalData.cpp:
2072         (JSC::JSGlobalData::JSGlobalData):
2073         * runtime/JSGlobalData.h:
2074         (JSC::JSGlobalData::startedCompiling):
2075         (JSC::JSGlobalData::finishedCompiling):
2076
2077 2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
2078
2079         DFG JIT 32_64 - fillInteger should accept DataFormatJSInteger
2080         https://bugs.webkit.org/show_bug.cgi?id=70798
2081
2082         Reviewed by Filip Pizlo.
2083
2084         When filling an integer for a known integer node (not speculated), it
2085         should accept DataFormatJSInteger as well.
2086
2087         * dfg/DFGJITCodeGenerator32_64.cpp:
2088         (JSC::DFG::JITCodeGenerator::fillInteger):
2089
2090 2011-10-24  Geoffrey Garen  <ggaren@apple.com>
2091
2092         Build fix: removed some cases of threadsafeCopy() that I missed in
2093         my previous patch.
2094
2095         * JavaScriptCore.order:
2096
2097 2011-10-24  Geoffrey Garen  <ggaren@apple.com>
2098
2099         Removed SharedUChar and tightened language around its previous uses
2100         https://bugs.webkit.org/show_bug.cgi?id=70698
2101
2102         Reviewed by David Levin.
2103
2104         - Removed SharedUChar because most of its functionality has moved into
2105         other abstraction layers, and we want remaining clients to choose their
2106         abstractions explicitly instead of relying on StringImpl to provide this
2107         behavior implicitly, since we think they can sometimes make more efficient
2108         choices.
2109
2110         - Renamed "threadSafeCopy" and "crossThreadCopy" to "isolatedCopy" because
2111         the former names could give the impression that the resulting object was
2112         thread-safe, but actually it's just an isolated copy, which is not
2113         thread-safe by itself, but can be used to implement a thread-safe
2114         algorithm through isolation.
2115
2116         * wtf/CrossThreadRefCounted.h: Removed.
2117
2118         * JavaScriptCore.exp: Export!
2119
2120         * wtf/text/StringImpl.cpp:
2121         (WTF::StringImpl::~StringImpl): Removed the stuff mentioned above.
2122
2123         * wtf/text/StringImpl.h:
2124         (WTF::StringImpl::length): Ditto.
2125
2126         (WTF::StringImpl::isolatedCopy): Inlined this, since it's now trivial.
2127
2128         * wtf/text/WTFString.cpp:
2129         (WTF::String::isolatedCopy):
2130         * wtf/text/WTFString.h: Updated for StringImpl changes.
2131
2132         * API/OpaqueJSString.h:
2133         * GNUmakefile.list.am:
2134         * JavaScriptCore.exp:
2135         * JavaScriptCore.gypi:
2136         * JavaScriptCore.order:
2137         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
2138         * JavaScriptCore.xcodeproj/project.pbxproj:
2139         * wtf/CMakeLists.txt:
2140         * wtf/OwnFastMallocPtr.h:
2141         * wtf/RefCounted.h:
2142         * wtf/SizeLimits.cpp:
2143         * wtf/ThreadSafeRefCounted.h:
2144         * wtf/wtf.pri:
2145         * yarr/YarrPattern.h: Updated these files to accomodate removal of
2146         CrossThreadRefCounted.h.
2147
2148 2011-10-24  Oliver Hunt  <oliver@apple.com>
2149
2150         Crash in void JSC::validateCell<JSC::RegExp*>(JSC::RegExp*)
2151         https://bugs.webkit.org/show_bug.cgi?id=70689
2152
2153         Reviewed by Filip Pizlo.
2154
2155         While performing codegen we need to make the GlobalData explicitly
2156         aware of the codeblock being compiled, as compilation may trigger GC
2157         and CodeBlock holds GC values, but has not yet been assigned to its
2158         owner executable.
2159
2160         * bytecompiler/BytecodeGenerator.cpp:
2161         (JSC::BytecodeGenerator::BytecodeGenerator):
2162         (JSC::BytecodeGenerator::~BytecodeGenerator):
2163         * bytecompiler/BytecodeGenerator.h:
2164         * heap/AllocationSpace.cpp:
2165         (JSC::AllocationSpace::allocateSlowCase):
2166         * heap/Heap.cpp:
2167         (JSC::Heap::markRoots):
2168         * runtime/JSGlobalData.cpp:
2169         (JSC::JSGlobalData::JSGlobalData):
2170         * runtime/JSGlobalData.h:
2171         (JSC::JSGlobalData::startedCompiling):
2172         (JSC::JSGlobalData::finishedCompiling):
2173
2174 2011-10-24  Filip Pizlo  <fpizlo@apple.com>
2175
2176         Object-or-other branch speculation may corrupt the state for OSR if the child of the
2177         branch is an integer
2178         https://bugs.webkit.org/show_bug.cgi?id=70777
2179
2180         Reviewed by Oliver Hunt.
2181
2182         * dfg/DFGSpeculativeJIT64.cpp:
2183         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
2184
2185 2011-10-24  Filip Pizlo  <fpizlo@apple.com>
2186
2187         op_new_array_buffer is not inlined correctly
2188         https://bugs.webkit.org/show_bug.cgi?id=70770
2189
2190         Reviewed by Oliver Hunt.
2191         
2192         Disabled inlining of op_new_array_buffer, for now.
2193
2194         * dfg/DFGCapabilities.h:
2195         (JSC::DFG::canInlineOpcode):
2196
2197 2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
2198
2199         Add boolean speculations to DFG JIT 32_64
2200         https://bugs.webkit.org/show_bug.cgi?id=70706
2201
2202         Reviewed by Filip Pizlo.
2203
2204         Different from the boolean speculations in DFG 64, the boolean
2205         speculations in DFG 32_64 will use a 32bit GPR to hold the primitive
2206         boolean instead of a JSBoolean. This choice is not only for
2207         performance, but also to save a register as we're short of registers on
2208         X86.
2209         To accomplish this we make use of DataFormatBoolean, allow a value to
2210         be represented as a primitive boolean and converted from/to a
2211         JSBoolean.
2212         This patch also fixes SpillOrder in 32_64, which should be different
2213         from 64, and fixes needDataFormatConversion logic in 32_64.
2214
2215         * assembler/MacroAssemblerX86Common.h:
2216         (JSC::MacroAssemblerX86Common::branchTest32):
2217             We don't expect byte test actually as it doesn't work for registers
2218             esp..edi on X86.
2219         * dfg/DFGGenerationInfo.h:
2220         (JSC::DFG::needDataFormatConversion):
2221         (JSC::DFG::GenerationInfo::initBoolean):
2222         (JSC::DFG::GenerationInfo::gpr):
2223         (JSC::DFG::GenerationInfo::fillInteger):
2224         (JSC::DFG::GenerationInfo::fillBoolean):
2225         * dfg/DFGJITCodeGenerator.cpp:
2226         (JSC::DFG::JITCodeGenerator::checkConsistency):
2227         * dfg/DFGJITCodeGenerator.h:
2228         (JSC::DFG::JITCodeGenerator::use):
2229         (JSC::DFG::JITCodeGenerator::silentSpillGPR):
2230         (JSC::DFG::JITCodeGenerator::silentFillGPR):
2231         (JSC::DFG::JITCodeGenerator::spill):
2232         (JSC::DFG::cellResult):
2233         (JSC::DFG::booleanResult):
2234         * dfg/DFGJITCodeGenerator32_64.cpp:
2235         (JSC::DFG::JITCodeGenerator::fillJSValue):
2236         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
2237         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
2238         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
2239         * dfg/DFGJITCompiler32_64.cpp:
2240         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
2241         * dfg/DFGSpeculativeJIT.cpp:
2242         (JSC::DFG::ValueSource::dump):
2243         (JSC::DFG::ValueRecovery::dump):
2244         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2245         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
2246         * dfg/DFGSpeculativeJIT.h:
2247         (JSC::DFG::ValueSource::forPrediction):
2248         (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
2249         (JSC::DFG::ValueRecovery::inGPR):
2250         (JSC::DFG::ValueRecovery::gpr):
2251         * dfg/DFGSpeculativeJIT32_64.cpp:
2252         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
2253         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2254         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
2255         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
2256         (JSC::DFG::SpeculativeJIT::compare):
2257         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
2258         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
2259         (JSC::DFG::SpeculativeJIT::emitBranch):
2260         (JSC::DFG::SpeculativeJIT::compile):
2261
2262 2011-10-24  Mark Hahnenberg  <mhahnenberg@apple.com>
2263
2264         Fixing Windows build
2265
2266         Unreviewed build fix
2267
2268         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2269
2270 2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
2271
2272         BitVector isInline check could fail
2273         https://bugs.webkit.org/show_bug.cgi?id=70691
2274
2275         Reviewed by Geoffrey Garen.
2276
2277         Current BitVector uses the highest bit of m_bitsOrPointer to indicate
2278         whether it's an inlined bit set or a pointer to an outOfLine bit set.
2279         This check may fail in case the pointer also has the highest bit set,
2280         which is surely possible on IA32 (Linux).
2281         In this case the check failure can result in unexpected behaviors,
2282         for example if the BitVector is incorrectly determined as having an
2283         inlined bit set, then setting a bit exceeding maxInlineBits will wrongly
2284         modify the memory adjacent to the BitVector object.
2285         This fix is to use the lowest bit of m_bitsOrPointer to indicate inline
2286         or outofline, based on the assumption that the pointer to OutOfLineBits
2287         should be 4 or 8 byte aligned.
2288         We could mark the lowest bit (bit 0) with 1 for inlined bit set,
2289         and bits 1~bitsInPointer are used for bit set/test.
2290         In this case we need do one bit more shift for bit set/test.
2291
2292         * wtf/BitVector.cpp:
2293         (WTF::BitVector::resizeOutOfLine):
2294         * wtf/BitVector.h:
2295         (WTF::BitVector::quickGet):
2296         (WTF::BitVector::quickSet):
2297         (WTF::BitVector::quickClear):
2298         (WTF::BitVector::makeInlineBits):
2299         (WTF::BitVector::isInline):
2300
2301 2011-10-24  Mark Hahnenberg  <mhahnenberg@apple.com>
2302
2303         Rename static getOwnPropertySlot to getOwnPropertySlotByIndex
2304         https://bugs.webkit.org/show_bug.cgi?id=70271
2305
2306         Reviewed by Darin Adler.
2307
2308         Renaming versions of getOwnPropertySlot that use an unsigned as the property
2309         name to "getOwnPropertySlotByIndex" in preparation for adding them to the 
2310         MethodTable, which requires unique names for each method.
2311
2312         * JavaScriptCore.exp:
2313         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2314         * runtime/Arguments.cpp:
2315         (JSC::Arguments::getOwnPropertySlotVirtual):
2316         (JSC::Arguments::getOwnPropertySlotByIndex):
2317         * runtime/Arguments.h:
2318         * runtime/JSArray.cpp:
2319         (JSC::JSArray::getOwnPropertySlotVirtual):
2320         (JSC::JSArray::getOwnPropertySlotByIndex):
2321         (JSC::JSArray::getOwnPropertySlot):
2322         * runtime/JSArray.h:
2323         * runtime/JSByteArray.cpp:
2324         (JSC::JSByteArray::getOwnPropertySlotVirtual):
2325         (JSC::JSByteArray::getOwnPropertySlotByIndex):
2326         * runtime/JSByteArray.h:
2327         * runtime/JSCell.cpp:
2328         (JSC::JSCell::getOwnPropertySlotVirtual):
2329         (JSC::JSCell::getOwnPropertySlotByIndex):
2330         * runtime/JSCell.h:
2331         * runtime/JSNotAnObject.cpp:
2332         (JSC::JSNotAnObject::getOwnPropertySlotVirtual):
2333         (JSC::JSNotAnObject::getOwnPropertySlotByIndex):
2334         * runtime/JSNotAnObject.h:
2335         * runtime/JSObject.cpp:
2336         (JSC::JSObject::getOwnPropertySlotVirtual):
2337         (JSC::JSObject::getOwnPropertySlotByIndex):
2338         * runtime/JSObject.h:
2339         * runtime/JSString.cpp:
2340         (JSC::JSString::getOwnPropertySlotVirtual):
2341         (JSC::JSString::getOwnPropertySlotByIndex):
2342         * runtime/JSString.h:
2343         * runtime/ObjectPrototype.cpp:
2344         (JSC::ObjectPrototype::getOwnPropertySlotVirtual):
2345         (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
2346         * runtime/ObjectPrototype.h:
2347         * runtime/RegExpMatchesArray.h:
2348         (JSC::RegExpMatchesArray::getOwnPropertySlotVirtual):
2349         (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
2350         * runtime/StringObject.cpp:
2351         (JSC::StringObject::getOwnPropertySlotVirtual):
2352         (JSC::StringObject::getOwnPropertySlotByIndex):
2353         * runtime/StringObject.h:
2354
2355 2011-10-24  Patrick Gansterer  <paroga@webkit.org>
2356
2357         Interpreter build fix after r98179.
2358
2359         * bytecode/CodeBlock.h:
2360         Moved CodeBlock::baselineVersion() into ENABLE(JIT) block,
2361         since it is only used there.
2362
2363 2011-10-23  Geoffrey Garen  <ggaren@apple.com>
2364
2365         Fixed a typo Darin spotted.
2366
2367         * wtf/StringHasher.h:
2368         (WTF::StringHasher::hash): Expelliarmus!
2369
2370 2011-10-23  Geoffrey Garen  <ggaren@apple.com>
2371
2372         Removed StringImpl::createStrippingNullCharacters
2373         https://bugs.webkit.org/show_bug.cgi?id=70700
2374
2375         Reviewed by David Levin.
2376         
2377         It was unused.
2378
2379         * JavaScriptCore.exp:
2380         * wtf/text/StringImpl.cpp:
2381         * wtf/text/StringImpl.h:
2382
2383 2011-10-22  Filip Pizlo  <fpizlo@apple.com>
2384
2385         DFG should inline constructors
2386         https://bugs.webkit.org/show_bug.cgi?id=70675
2387
2388         Reviewed by Oliver Hunt.
2389         
2390         Adds support for inlining constructors. Also fixes two pathologies
2391         uncovered along the way: CheckMethod claimed that it never returned a
2392         result (causing CheckMethod -> SetLocal -> GetLocal sequences to
2393         result in the GetLocal doing OSR exit), and get_by_id parsing never
2394         checked if it was hot in slow path. Also fiddled with inlining
2395         heuristics; it appears that for now, the more inlining, the happier
2396         V8 is. Finally, a bug was uncovered where a silent spill of a boxed
2397         integer that had previously been spilled unboxed causes the silent
2398         fill to forget to unbox.
2399         
2400         This appears to be a 4% speed-up on V8 in their harness, or a 1%
2401         speed-up in my harness. The difference is due to warm-up: in my
2402         harness we see significant amounts of time spent in compilation, but
2403         in V8's harness compilation gets amortizes. Profiling indicates that
2404         we have the potential for a 5% win from basic optimizations like
2405         generating OSR exits lazily and holding onto bytecode longer.
2406
2407         * dfg/DFGAbstractState.cpp:
2408         (JSC::DFG::AbstractState::execute):
2409         * dfg/DFGByteCodeParser.cpp:
2410         (JSC::DFG::ByteCodeParser::handleCall):
2411         (JSC::DFG::ByteCodeParser::handleInlining):
2412         (JSC::DFG::ByteCodeParser::handleMinMax):
2413         (JSC::DFG::ByteCodeParser::parseBlock):
2414         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2415         (JSC::DFG::ByteCodeParser::parse):
2416         * dfg/DFGCapabilities.h:
2417         (JSC::DFG::mightInlineFunctionForConstruct):
2418         (JSC::DFG::canInlineOpcode):
2419         (JSC::DFG::mightInlineFunctionFor):
2420         (JSC::DFG::canInlineFunctionFor):
2421         * dfg/DFGJITCodeGenerator.h:
2422         (JSC::DFG::JITCodeGenerator::silentFillGPR):
2423         * runtime/Executable.h:
2424         (JSC::isCall):
2425         (JSC::ExecutableBase::intrinsicFor):
2426         * runtime/Heuristics.cpp:
2427         (JSC::Heuristics::initializeHeuristics):
2428         * runtime/Heuristics.h:
2429
2430 2011-10-23  Noel Gordon  <noel.gordon@gmail.com>
2431
2432         [chromium] Remove RopeImpl.{h,cpp} from the gyp projects
2433         https://bugs.webkit.org/show_bug.cgi?id=70703
2434
2435         Reviewed by Kent Tamura.
2436
2437         runtime/RopeImpl.{h,cpp} were removed in r97872, remove references
2438         to these files from the gyp project files.
2439
2440         * JavaScriptCore.gypi:
2441
2442 2011-10-23  Mark Hahnenberg  <mhahnenberg@apple.com>
2443
2444         Add deleteProperty to the MethodTable
2445         https://bugs.webkit.org/show_bug.cgi?id=70162
2446
2447         Reviewed by Sam Weinig.
2448
2449         * JavaScriptCore.exp:
2450         * runtime/ClassInfo.h: Added both versions of deleteProperty to the MethodTable.
2451         * runtime/JSFunction.h: Changed JSFunction::deleteProperty to 
2452         be protected rather than private for subclasses who don't provide their own
2453         implementation.
2454
2455 2011-10-23  Mark Hahnenberg  <mhahnenberg@apple.com>
2456
2457         Remove getConstructDataVirtual
2458         https://bugs.webkit.org/show_bug.cgi?id=70638
2459
2460         Reviewed by Darin Adler.
2461
2462         Removed all declarations and definitions of getConstructDataVirtual.
2463         Also replaced all call sites to getConstructDataVirtual with a 
2464         corresponding lookup in the MethodTable.
2465
2466         * API/JSCallbackConstructor.cpp:
2467         * API/JSCallbackConstructor.h:
2468         * API/JSCallbackObject.h:
2469         * API/JSCallbackObjectFunctions.h:
2470         * API/JSObjectRef.cpp:
2471         (JSObjectIsConstructor):
2472         (JSObjectCallAsConstructor):
2473         * JavaScriptCore.exp:
2474         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2475         * dfg/DFGOperations.cpp:
2476         * interpreter/Interpreter.cpp:
2477         (JSC::Interpreter::privateExecute):
2478         * jit/JITStubs.cpp:
2479         (JSC::DEFINE_STUB_FUNCTION):
2480         * runtime/ArrayConstructor.cpp:
2481         * runtime/ArrayConstructor.h:
2482         * runtime/BooleanConstructor.cpp:
2483         * runtime/BooleanConstructor.h:
2484         * runtime/DateConstructor.cpp:
2485         * runtime/DateConstructor.h:
2486         * runtime/Error.h:
2487         (JSC::StrictModeTypeErrorFunction::getConstructData):
2488         * runtime/ErrorConstructor.cpp:
2489         * runtime/ErrorConstructor.h:
2490         * runtime/FunctionConstructor.cpp:
2491         * runtime/FunctionConstructor.h:
2492         * runtime/JSCell.cpp:
2493         * runtime/JSCell.h:
2494         * runtime/JSFunction.cpp:
2495         * runtime/JSFunction.h:
2496         * runtime/JSObject.h:
2497         (JSC::getConstructData):
2498         * runtime/NativeErrorConstructor.cpp:
2499         * runtime/NativeErrorConstructor.h:
2500         * runtime/NumberConstructor.cpp:
2501         * runtime/NumberConstructor.h:
2502         * runtime/ObjectConstructor.cpp:
2503         * runtime/ObjectConstructor.h:
2504         * runtime/RegExpConstructor.cpp:
2505         * runtime/RegExpConstructor.h:
2506         * runtime/StringConstructor.cpp:
2507         * runtime/StringConstructor.h:
2508
2509 2011-10-23  Geoffrey Garen  <ggaren@apple.com>
2510
2511         Try to fix the SL build.
2512
2513         * dfg/DFGByteCodeParser.cpp:
2514         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Cast
2515         away int vs unisgned warning.
2516
2517 2011-10-21  Geoffrey Garen  <ggaren@apple.com>
2518
2519         Separated string lifetime bits from character buffer state bits
2520         https://bugs.webkit.org/show_bug.cgi?id=70673
2521
2522         Reviewed by Anders Carlsson.
2523         
2524         Moved the static/immortal bit into the bottom bit of the refcount, and
2525         moved all other bits into the high bits of the hash code.
2526         
2527         This is the first step toward a new Characters/PassString class, and it
2528         makes ref/deref slightly more efficient.
2529
2530         * create_hash_table:
2531         * wtf/StringHasher.h:
2532         (WTF::StringHasher::hash): Tweaked the string hashing function to leave
2533         the top bits clear, so they can be used as flags.
2534         
2535         Fixed some small differences between the PERL copy of this function and
2536         the C++ copy of this function, which could have in theory caused subtle
2537         crashes.
2538
2539         * wtf/text/StringImpl.cpp:
2540         (WTF::StringImpl::sharedBuffer):
2541         (WTF::StringImpl::createWithTerminatingNullCharacter):
2542         * wtf/text/StringImpl.h:
2543         (WTF::StringImpl::StringImpl):
2544         (WTF::StringImpl::cost): Renamed s_refCountFlagShouldReportedCost to
2545         s_didReportExtraCost, since the original name was both self-contradictory
2546         and used as a double-negative.
2547
2548         (WTF::StringImpl::isIdentifier):
2549         (WTF::StringImpl::setIsIdentifier):
2550         (WTF::StringImpl::hasTerminatingNullCharacter):
2551         (WTF::StringImpl::isAtomic):
2552         (WTF::StringImpl::setIsAtomic):
2553         (WTF::StringImpl::setHash):
2554         (WTF::StringImpl::rawHash):
2555         (WTF::StringImpl::hasHash):
2556         (WTF::StringImpl::existingHash):
2557         (WTF::StringImpl::hash):
2558         (WTF::StringImpl::hasOneRef):
2559         (WTF::StringImpl::ref):
2560         (WTF::StringImpl::deref):
2561         (WTF::StringImpl::bufferOwnership):
2562         (WTF::StringImpl::isStatic): Moved the static/immortal bit into the bottom
2563         bit of the refcount. Now, all lifetime information lives in the refcount
2564         field. Moved the other bits into the hash code field.
2565
2566 2011-10-21  Filip Pizlo  <fpizlo@apple.com>
2567
2568         DFG inlining sometimes fails to reset constant references
2569         https://bugs.webkit.org/show_bug.cgi?id=70668
2570
2571         Reviewed by Anders Carlsson.
2572         
2573         Reset constant references when we need to (new block created) and not
2574         when we don't (change of inlining depth).
2575
2576         * dfg/DFGByteCodeParser.cpp:
2577         (JSC::DFG::ByteCodeParser::handleInlining):
2578         (JSC::DFG::ByteCodeParser::prepareToParseBlock):
2579         (JSC::DFG::ByteCodeParser::parseBlock):
2580         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2581
2582 2011-10-21  Filip Pizlo  <fpizlo@apple.com>
2583
2584         DFG should have inlining
2585         https://bugs.webkit.org/show_bug.cgi?id=69996
2586
2587         Reviewed by Oliver Hunt.
2588         
2589         Implements inlining that's hooked into the bytecode parser. Only
2590         works for calls, for now, though nothing fundamentally prevents us
2591         from inlining constructor calls. 2% overall speed-up on all
2592         benchmarks. 7% speed-up on V8 (around 34% and 27% on deltablue and
2593         richards respectively), neutral on Kraken and SunSpider. 
2594         
2595         * bytecode/CodeBlock.cpp:
2596         (JSC::CodeBlock::visitAggregate):
2597         * bytecode/CodeBlock.h:
2598         (JSC::CodeBlock::baselineVersion):
2599         (JSC::CodeBlock::setInstructionCount):
2600         (JSC::CodeBlock::likelyToTakeSlowCase):
2601         (JSC::CodeBlock::couldTakeSlowCase):
2602         (JSC::CodeBlock::likelyToTakeSpecialFastCase):
2603         (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
2604         (JSC::CodeBlock::likelyToTakeAnySlowCase):
2605         * bytecode/CodeOrigin.h:
2606         (JSC::CodeOrigin::inlineDepthForCallFrame):
2607         (JSC::CodeOrigin::inlineDepth):
2608         (JSC::CodeOrigin::operator==):
2609         (JSC::CodeOrigin::inlineStack):
2610         * bytecompiler/BytecodeGenerator.cpp:
2611         (JSC::BytecodeGenerator::generate):
2612         * dfg/DFGAbstractState.cpp:
2613         (JSC::DFG::AbstractState::beginBasicBlock):
2614         (JSC::DFG::AbstractState::execute):
2615         (JSC::DFG::AbstractState::mergeStateAtTail):
2616         * dfg/DFGBasicBlock.h:
2617         (JSC::DFG::BasicBlock::BasicBlock):
2618         (JSC::DFG::BasicBlock::ensureLocals):
2619         (JSC::DFG::UnlinkedBlock::UnlinkedBlock):
2620         * dfg/DFGByteCodeParser.cpp:
2621         (JSC::DFG::ByteCodeParser::ByteCodeParser):
2622         (JSC::DFG::ByteCodeParser::getDirect):
2623         (JSC::DFG::ByteCodeParser::get):
2624         (JSC::DFG::ByteCodeParser::setDirect):
2625         (JSC::DFG::ByteCodeParser::set):
2626         (JSC::DFG::ByteCodeParser::getLocal):
2627         (JSC::DFG::ByteCodeParser::getArgument):
2628         (JSC::DFG::ByteCodeParser::flush):
2629         (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry):
2630         (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
2631         (JSC::DFG::ByteCodeParser::handleInlining):
2632         (JSC::DFG::ByteCodeParser::parseBlock):
2633         (JSC::DFG::ByteCodeParser::processPhiStack):
2634         (JSC::DFG::ByteCodeParser::linkBlock):
2635         (JSC::DFG::ByteCodeParser::linkBlocks):
2636         (JSC::DFG::ByteCodeParser::handleSuccessor):
2637         (JSC::DFG::ByteCodeParser::determineReachability):
2638         (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
2639         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2640         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2641         (JSC::DFG::ByteCodeParser::parse):
2642         * dfg/DFGCapabilities.cpp:
2643         (JSC::DFG::canHandleOpcodes):
2644         (JSC::DFG::canCompileOpcodes):
2645         (JSC::DFG::canInlineOpcodes):
2646         * dfg/DFGCapabilities.h:
2647         (JSC::DFG::mightCompileEval):
2648         (JSC::DFG::mightCompileProgram):
2649         (JSC::DFG::mightCompileFunctionForCall):
2650         (JSC::DFG::mightCompileFunctionForConstruct):
2651         (JSC::DFG::mightInlineFunctionForCall):
2652         (JSC::DFG::mightInlineFunctionForConstruct):
2653         (JSC::DFG::canInlineOpcode):
2654         (JSC::DFG::canInlineOpcodes):
2655         (JSC::DFG::canInlineFunctionForCall):
2656         (JSC::DFG::canInlineFunctionForConstruct):
2657         * dfg/DFGGraph.cpp:
2658         (JSC::DFG::printWhiteSpace):
2659         (JSC::DFG::Graph::dumpCodeOrigin):
2660         (JSC::DFG::Graph::dump):
2661         * dfg/DFGGraph.h:
2662         (JSC::DFG::GetBytecodeBeginForBlock::operator()):
2663         (JSC::DFG::Graph::blockIndexForBytecodeOffset):
2664         * dfg/DFGJITCompiler.cpp:
2665         (JSC::DFG::JITCompiler::decodedCodeMapFor):
2666         (JSC::DFG::JITCompiler::linkOSRExits):
2667         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
2668         * dfg/DFGJITCompiler.h:
2669         (JSC::DFG::JITCompiler::debugCall):
2670         (JSC::DFG::JITCompiler::baselineCodeBlockFor):
2671         * dfg/DFGJITCompiler32_64.cpp:
2672         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
2673         * dfg/DFGNode.h:
2674         (JSC::DFG::Node::hasVariableAccessData):
2675         (JSC::DFG::Node::shouldGenerate):
2676         * dfg/DFGOperands.h:
2677         (JSC::DFG::Operands::ensureLocals):
2678         (JSC::DFG::Operands::setLocal):
2679         (JSC::DFG::Operands::getLocal):
2680         * dfg/DFGPropagator.cpp:
2681         (JSC::DFG::Propagator::propagateNodePredictions):
2682         * dfg/DFGSpeculativeJIT.cpp:
2683         (JSC::DFG::OSRExit::OSRExit):
2684         (JSC::DFG::SpeculativeJIT::compile):
2685         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2686         * dfg/DFGSpeculativeJIT.h:
2687         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
2688         * dfg/DFGSpeculativeJIT32_64.cpp:
2689         (JSC::DFG::SpeculativeJIT::compile):
2690         * dfg/DFGSpeculativeJIT64.cpp:
2691         (JSC::DFG::SpeculativeJIT::compile):
2692         * interpreter/CallFrame.cpp:
2693         (JSC::CallFrame::trueCallerFrameSlow):
2694         * jit/JITCall.cpp:
2695         (JSC::JIT::compileOpCallSlowCase):
2696         * jit/JITStubs.cpp:
2697         (JSC::DEFINE_STUB_FUNCTION):
2698         * runtime/Executable.cpp:
2699         (JSC::FunctionExecutable::baselineCodeBlockFor):
2700         (JSC::FunctionExecutable::produceCodeBlockFor):
2701         (JSC::FunctionExecutable::compileForCallInternal):
2702         (JSC::FunctionExecutable::compileForConstructInternal):
2703         * runtime/Executable.h:
2704         (JSC::FunctionExecutable::profiledCodeBlockFor):
2705         (JSC::FunctionExecutable::parameterCount):
2706         * runtime/Heuristics.cpp:
2707         (JSC::Heuristics::initializeHeuristics):
2708         * runtime/Heuristics.h:
2709         * runtime/JSFunction.h:
2710
2711 2011-10-21  Mark Hahnenberg  <mhahnenberg@apple.com>
2712
2713         Add put to the MethodTable
2714         https://bugs.webkit.org/show_bug.cgi?id=70439
2715
2716         Reviewed by Oliver Hunt.
2717
2718         * JavaScriptCore.exp:
2719         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2720         * runtime/ClassInfo.h: Added put and putByIndex to the MethodTable.
2721         * runtime/JSFunction.h: Changed access modifier for put to protected since some
2722         subclasses of JSFunction need to reference it in their MethodTables.
2723
2724 2011-10-21  Mark Hahnenberg  <mhahnenberg@apple.com>
2725
2726         Add finalizer to JSObject
2727         https://bugs.webkit.org/show_bug.cgi?id=70336
2728
2729         Reviewed by Darin Adler.
2730
2731         * heap/MarkedBlock.cpp:
2732         (JSC::MarkedBlock::callDestructor): Skip the call to the destructor 
2733         if we're a JSFinalObject, since the finalizer takes care of things.
2734         * runtime/JSCell.h:
2735         (JSC::JSCell::~JSCell): Remove the GC validation due to a conflict with 
2736         future changes and the fact that we no longer always call the destructor, making 
2737         the information provided less useful.
2738         * runtime/JSObject.cpp:
2739         (JSC::JSObject::finalize): Add finalizer for JSObject.
2740         (JSC::JSObject::allocatePropertyStorage): The first time we need to allocate out-of-line
2741         property storage, we add a finalizer to ourself.
2742         * runtime/JSObject.h:
2743
2744 2011-10-21  Simon Hausmann  <simon.hausmann@nokia.com>
2745
2746         Remove QtScript source code from WebKit.
2747         https://bugs.webkit.org/show_bug.cgi?id=64088
2748
2749         Reviewed by Tor Arne Vestbø.
2750
2751         Removed dead code that isn't developed anymore.
2752
2753         * JavaScriptCore.gypi:
2754         * JavaScriptCore.pri:
2755         * qt/api/QtScript.pro: Removed.
2756         * qt/api/qscriptconverter_p.h: Removed.
2757         * qt/api/qscriptengine.cpp: Removed.
2758         * qt/api/qscriptengine.h: Removed.
2759         * qt/api/qscriptengine_p.cpp: Removed.
2760         * qt/api/qscriptengine_p.h: Removed.
2761         * qt/api/qscriptfunction.cpp: Removed.
2762         * qt/api/qscriptfunction_p.h: Removed.
2763         * qt/api/qscriptoriginalglobalobject_p.h: Removed.
2764         * qt/api/qscriptprogram.cpp: Removed.
2765         * qt/api/qscriptprogram.h: Removed.
2766         * qt/api/qscriptprogram_p.h: Removed.
2767         * qt/api/qscriptstring.cpp: Removed.
2768         * qt/api/qscriptstring.h: Removed.
2769         * qt/api/qscriptstring_p.h: Removed.
2770         * qt/api/qscriptsyntaxcheckresult.cpp: Removed.
2771         * qt/api/qscriptsyntaxcheckresult.h: Removed.
2772         * qt/api/qscriptsyntaxcheckresult_p.h: Removed.
2773         * qt/api/qscriptvalue.cpp: Removed.
2774         * qt/api/qscriptvalue.h: Removed.
2775         * qt/api/qscriptvalue_p.h: Removed.
2776         * qt/api/qscriptvalueiterator.cpp: Removed.
2777         * qt/api/qscriptvalueiterator.h: Removed.
2778         * qt/api/qscriptvalueiterator_p.h: Removed.
2779         * qt/api/qtscriptglobal.h: Removed.
2780         * qt/benchmarks/benchmarks.pri: Removed.
2781         * qt/benchmarks/benchmarks.pro: Removed.
2782         * qt/benchmarks/qscriptengine/qscriptengine.pro: Removed.
2783         * qt/benchmarks/qscriptengine/tst_qscriptengine.cpp: Removed.
2784         * qt/benchmarks/qscriptvalue/qscriptvalue.pro: Removed.
2785         * qt/benchmarks/qscriptvalue/tst_qscriptvalue.cpp: Removed.
2786         * qt/tests/qscriptengine/qscriptengine.pro: Removed.
2787         * qt/tests/qscriptengine/tst_qscriptengine.cpp: Removed.
2788         * qt/tests/qscriptstring/qscriptstring.pro: Removed.
2789         * qt/tests/qscriptstring/tst_qscriptstring.cpp: Removed.
2790         * qt/tests/qscriptvalue/qscriptvalue.pro: Removed.
2791         * qt/tests/qscriptvalue/tst_qscriptvalue.cpp: Removed.
2792         * qt/tests/qscriptvalue/tst_qscriptvalue.h: Removed.
2793         * qt/tests/qscriptvalue/tst_qscriptvalue_generated_comparison.cpp: Removed.
2794         * qt/tests/qscriptvalue/tst_qscriptvalue_generated_init.cpp: Removed.
2795         * qt/tests/qscriptvalue/tst_qscriptvalue_generated_istype.cpp: Removed.
2796         * qt/tests/qscriptvalue/tst_qscriptvalue_generated_totype.cpp: Removed.
2797         * qt/tests/qscriptvalueiterator/qscriptvalueiterator.pro: Removed.
2798         * qt/tests/qscriptvalueiterator/tst_qscriptvalueiterator.cpp: Removed.
2799         * qt/tests/tests.pri: Removed.
2800         * qt/tests/tests.pro: Removed.
2801
2802 2011-10-21  Zheng Liu  <zheng.z.liu@intel.com>
2803
2804         bytecompiler sometimes generates incorrect bytecode for put_by_id
2805         https://bugs.webkit.org/show_bug.cgi?id=70403
2806
2807         Reviewed by Filip Pizlo.
2808
2809         * bytecompiler/NodesCodegen.cpp:
2810         (JSC::AssignDotNode::emitBytecode):
2811         (JSC::AssignBracketNode::emitBytecode):
2812
2813 2011-10-20  Filip Pizlo  <fpizlo@apple.com>
2814
2815         DFG should not try to predict argument types by looking at the values of
2816         argument registers at the time of compilation
2817         https://bugs.webkit.org/show_bug.cgi?id=70578
2818
2819         Reviewed by Oliver Hunt.
2820
2821         * bytecode/CodeBlock.cpp:
2822         * dfg/DFGDriver.cpp:
2823         (JSC::DFG::compile):
2824         (JSC::DFG::tryCompile):
2825         (JSC::DFG::tryCompileFunction):
2826         * dfg/DFGDriver.h:
2827         (JSC::DFG::tryCompileFunction):
2828         * dfg/DFGGraph.cpp:
2829         (JSC::DFG::Graph::predictArgumentTypes):
2830         * dfg/DFGGraph.h:
2831         * runtime/Executable.cpp:
2832         (JSC::FunctionExecutable::compileOptimizedForCall):
2833         (JSC::FunctionExecutable::compileOptimizedForConstruct):
2834         (JSC::FunctionExecutable::compileForCallInternal):
2835         (JSC::FunctionExecutable::compileForConstructInternal):
2836         * runtime/Executable.h:
2837         (JSC::FunctionExecutable::compileForCall):
2838         (JSC::FunctionExecutable::compileForConstruct):
2839         (JSC::FunctionExecutable::compileFor):
2840         (JSC::FunctionExecutable::compileOptimizedFor):
2841
2842 2011-10-20  Filip Pizlo  <fpizlo@apple.com>
2843
2844         DFG call optimization handling will fail if the call had been unlinked due
2845         to the callee being optimized
2846         https://bugs.webkit.org/show_bug.cgi?id=70468
2847
2848         Reviewed by Geoff Garen.
2849         
2850         If a call had ever been linked, we remember this fact as well as the function
2851         to which it was linked even if unlinkIncomingCalls() or unlinkCalls() are
2852         called.
2853
2854         * bytecode/CodeBlock.cpp:
2855         (JSC::CodeBlock::visitAggregate):
2856         * bytecode/CodeBlock.h:
2857         * dfg/DFGByteCodeParser.cpp:
2858         (JSC::DFG::ByteCodeParser::parseBlock):
2859         * dfg/DFGRepatch.cpp:
2860         (JSC::DFG::dfgLinkFor):
2861         * jit/JIT.cpp:
2862         (JSC::JIT::linkFor):
2863
2864 2011-10-20  Yuqiang Xian  <yuqiang.xian@intel.com>
2865
2866         DFG JIT 32_64 - Fix ByteArray speculation
2867         https://bugs.webkit.org/show_bug.cgi?id=70571
2868
2869         Reviewed by Filip Pizlo.
2870
2871         * dfg/DFGSpeculativeJIT.h:
2872         (JSC::DFG::ValueSource::forPrediction):
2873         * dfg/DFGSpeculativeJIT32_64.cpp:
2874         (JSC::DFG::SpeculativeJIT::compile):
2875
2876 2011-10-20  Vincent Scheib  <scheib@chromium.org>
2877
2878         MouseLock compile and run time flags.
2879         https://bugs.webkit.org/show_bug.cgi?id=70530
2880
2881         Reviewed by Darin Fisher.
2882
2883         * wtf/Platform.h:
2884
2885 2011-10-20  Mark Hahnenberg  <mhahnenberg@apple.com>
2886
2887         Rename static deleteProperty to deletePropertyByIndex
2888         https://bugs.webkit.org/show_bug.cgi?id=70257
2889
2890         Reviewed by Geoffrey Garen.
2891
2892         Renaming versions of deleteProperty that use an unsigned as the property
2893         name to "deletePropertyByIndex" in preparation for adding them to the 
2894         MethodTable, which requires unique names for each method.
2895
2896         * API/JSCallbackObject.h:
2897         * API/JSCallbackObjectFunctions.h:
2898         (JSC::::deletePropertyVirtual):
2899         (JSC::::deletePropertyByIndex):
2900         * runtime/Arguments.cpp:
2901         (JSC::Arguments::deletePropertyVirtual):
2902         (JSC::Arguments::deletePropertyByIndex):
2903         * runtime/Arguments.h:
2904         * runtime/JSArray.cpp:
2905         (JSC::JSArray::deletePropertyVirtual):
2906         (JSC::JSArray::deletePropertyByIndex):
2907         * runtime/JSArray.h:
2908         * runtime/JSCell.cpp:
2909         (JSC::JSCell::deletePropertyVirtual):
2910         (JSC::JSCell::deletePropertyByIndex):
2911         * runtime/JSCell.h:
2912         * runtime/JSNotAnObject.cpp:
2913         (JSC::JSNotAnObject::deletePropertyVirtual):
2914         (JSC::JSNotAnObject::deletePropertyByIndex):
2915         * runtime/JSNotAnObject.h:
2916         * runtime/JSObject.cpp:
2917         (JSC::JSObject::deletePropertyVirtual):
2918         (JSC::JSObject::deletePropertyByIndex):
2919         * runtime/JSObject.h:
2920         * runtime/RegExpMatchesArray.h:
2921         (JSC::RegExpMatchesArray::deletePropertyVirtual):
2922         (JSC::RegExpMatchesArray::deletePropertyByIndex):
2923
2924 2011-10-20  Filip Pizlo  <fpizlo@apple.com>
2925
2926         https://bugs.webkit.org/show_bug.cgi?id=70482
2927         DFG-related stubs in the old JIT should not be built if the DFG is disabled
2928
2929         Reviewed by Zoltan Herczeg.
2930         
2931         Aiming for a slight code size/build time reduction if the DFG is not in
2932         play. This should also make further DFG development slightly easier since
2933         the bodies of these JIT stubs can now safely refer to things that are only
2934         declared when the DFG is enabled.
2935
2936         * jit/JITStubs.cpp:
2937         * jit/JITStubs.h:
2938
2939 2011-10-19  Filip Pizlo  <fpizlo@apple.com>
2940
2941         DFG ConvertThis emits slow code when the source node is known to be,
2942         but not predicted to be, a final object
2943         https://bugs.webkit.org/show_bug.cgi?id=70466
2944
2945         Reviewed by Oliver Hunt.
2946         
2947         Added a new case in ConvertThis compilation.
2948
2949         * dfg/DFGSpeculativeJIT32_64.cpp:
2950         (JSC::DFG::SpeculativeJIT::compile):
2951         * dfg/DFGSpeculativeJIT64.cpp:
2952         (JSC::DFG::SpeculativeJIT::compile):
2953
2954 2011-10-19  Filip Pizlo  <fpizlo@apple.com>
2955
2956         Optimization triggers in the old JIT may sometimes fire repeatedly even
2957         though there is no optimization to be done
2958         https://bugs.webkit.org/show_bug.cgi?id=70467
2959
2960         Reviewed by Oliver Hunt.
2961         
2962         If optimize_from_ret does nothing, it delays the next optimization trigger.
2963         This is performance-neutral.
2964
2965         * jit/JITStubs.cpp:
2966         (JSC::DEFINE_STUB_FUNCTION):
2967         * runtime/Heuristics.cpp:
2968         (JSC::Heuristics::initializeHeuristics):
2969
2970 2011-10-19  Yuqiang Xian  <yuqiang.xian@intel.com>
2971
2972         DFG JIT 32_64 - remove unnecessary double unboxings in fillDouble/fillSpeculateDouble
2973         https://bugs.webkit.org/show_bug.cgi?id=70460
2974
2975         Reviewed by Filip Pizlo.
2976
2977         As pointed out by Gavin in bug #70418, when a value is already in memory
2978         we can avoid loading it to two GPRs at first and then unboxing them to a FPR.
2979         This gives 9% improvement on Kraken if without the change in bug #70418,
2980         and 1% if based on the code with bug #70418 change.
2981         Performance is neutral in V8 and SunSpider.
2982
2983         * dfg/DFGJITCodeGenerator32_64.cpp:
2984         (JSC::DFG::JITCodeGenerator::fillDouble):
2985         * dfg/DFGSpeculativeJIT32_64.cpp:
2986         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2987
2988 2011-10-19  Gavin Barraclough  <barraclough@apple.com>
2989
2990         Poisoning of strict caller,arguments inappropriately poisoning "in"
2991         https://bugs.webkit.org/show_bug.cgi?id=63398
2992
2993         Reviewed by Oliver Hunt.
2994
2995         This fixes the problem by correctly implementing the spec -
2996         the error should actually be being thrown from a standard JS getter/setter.
2997         This implements spec correct behaviour for strict mode JS functions & bound
2998         functions, I'll follow up with a patch to do the same for arguments.
2999
3000         * runtime/JSBoundFunction.cpp:
3001         (JSC::JSBoundFunction::finishCreation):
3002             - Add the poisoned caller/arguments properties.
3003         * runtime/JSBoundFunction.h:
3004         * runtime/JSFunction.cpp:
3005         (JSC::JSFunction::finishCreation):
3006         (JSC::JSFunction::getOwnPropertySlot):
3007         (JSC::JSFunction::getOwnPropertyDescriptor):
3008         (JSC::JSFunction::put):
3009             - If the caller/arguments are accessed on a strict mode function, lazily add the ThrowTypeError getter.
3010         * runtime/JSFunction.h:
3011         * runtime/JSGlobalObject.cpp:
3012         (JSC::JSGlobalObject::createThrowTypeError):
3013         (JSC::JSGlobalObject::visitChildren):
3014         * runtime/JSGlobalObject.h:
3015         (JSC::JSGlobalObject::throwTypeErrorGetterSetter):
3016             - Add a ThrowTypeError type, per ES5 13.2.3.
3017         * runtime/JSGlobalObjectFunctions.cpp:
3018         (JSC::globalFuncThrowTypeError):
3019         * runtime/JSGlobalObjectFunctions.h:
3020             - Implementation of ThrowTypeError.
3021         * runtime/JSObject.cpp:
3022         (JSC::JSObject::initializeGetterSetterProperty):
3023         * runtime/JSObject.h:
3024             - This function adds a new property (must not exist already) that is an initialized getter/setter.
3025
3026 2011-10-19  Yuqiang Xian  <yuqiang.xian@intel.com>
3027
3028         DFG JIT 32_64 - improve double boxing/unboxing
3029         https://bugs.webkit.org/show_bug.cgi?id=70418
3030
3031         Reviewed by Gavin Barraclough.
3032
3033         Double boxing/unboxing in DFG JIT 32_64 is currently implemented inefficiently,
3034         which tries to exchange data through memory.
3035         On X86 some SSE instructions can help us on such operations with better performance.
3036         This improves 32-bit DFG performance by 29% on Kraken, 7% on SunSpider,
3037         and 2% on V8, tested on Linux X86 (Core i7 Nehalem).
3038
3039         * assembler/MacroAssemblerX86Common.h:
3040         (JSC::MacroAssemblerX86Common::lshiftPacked):
3041         (JSC::MacroAssemblerX86Common::rshiftPacked):
3042         (JSC::MacroAssemblerX86Common::orPacked):
3043         (JSC::MacroAssemblerX86Common::moveInt32ToPacked):
3044         (JSC::MacroAssemblerX86Common::movePackedToInt32):
3045         * assembler/X86Assembler.h:
3046         (JSC::X86Assembler::movd_rr):
3047         (JSC::X86Assembler::psllq_i8r):
3048         (JSC::X86Assembler::psrlq_i8r):
3049         (JSC::X86Assembler::por_rr):
3050         * dfg/DFGJITCodeGenerator.h:
3051         (JSC::DFG::JITCodeGenerator::boxDouble):
3052         (JSC::DFG::JITCodeGenerator::unboxDouble):
3053         * dfg/DFGJITCodeGenerator32_64.cpp:
3054         (JSC::DFG::JITCodeGenerator::fillDouble):
3055         (JSC::DFG::JITCodeGenerator::fillJSValue):
3056         (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
3057         (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
3058         (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
3059         (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
3060         * dfg/DFGJITCompiler.h:
3061         (JSC::DFG::JITCompiler::boxDouble):
3062         (JSC::DFG::JITCompiler::unboxDouble):
3063         * dfg/DFGSpeculativeJIT32_64.cpp:
3064         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3065         (JSC::DFG::SpeculativeJIT::convertToDouble):
3066         (JSC::DFG::SpeculativeJIT::compile):
3067
3068 2011-10-19  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3069
3070         [EFL] Fix DSO linkage of wtf_efl.
3071
3072         Unreviewed build fix.
3073
3074         Need to add -ldl to jsc_efl (requested by dladdr).
3075
3076         * wtf/CMakeListsEfl.txt:
3077
3078 2011-10-19  Geoffrey Garen  <ggaren@apple.com>
3079
3080         Removed StringImplBase, fusing it into StringImpl
3081         https://bugs.webkit.org/show_bug.cgi?id=70443
3082
3083         Reviewed by Gavin Barraclough.
3084
3085         * GNUmakefile.list.am:
3086         * JavaScriptCore.gypi:
3087         * JavaScriptCore.order:
3088         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
3089         * JavaScriptCore.xcodeproj/project.pbxproj:
3090         * wtf/CMakeLists.txt:
3091         * wtf/text/StringImpl.h:
3092         (WTF::StringImpl::StringImpl):
3093         (WTF::StringImpl::ref):
3094         (WTF::StringImpl::length):
3095         * wtf/text/StringImplBase.h: Removed.
3096         * wtf/wtf.pri: Removed!
3097
3098 2011-10-19  Mark Hahnenberg  <mhahnenberg@apple.com>
3099
3100         Add getConstructData to the MethodTable
3101         https://bugs.webkit.org/show_bug.cgi?id=70163
3102
3103         Reviewed by Geoffrey Garen.
3104
3105         Adding getConstructData to the MethodTable in order to be able to 
3106         remove all calls to getConstructDataVirtual soon.  Part of the process 
3107         of de-virtualizing JSCell.
3108
3109         * JavaScriptCore.exp:
3110         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3111         * runtime/ClassInfo.h:
3112
3113 2011-10-18  Oliver Hunt  <oliver@apple.com>
3114
3115         Support CanvasPixelArray in the DFG
3116         https://bugs.webkit.org/show_bug.cgi?id=70384
3117
3118         Reviewed by Filip Pizlo.
3119
3120         Add support for the old CanvasPixelArray optimisations to the
3121         DFG.  This removes the regression seen in the DFG when using
3122         a CPA.
3123
3124         * assembler/MacroAssemblerX86Common.h:
3125         (JSC::MacroAssemblerX86Common::store8):
3126         (JSC::MacroAssemblerX86Common::truncateDoubleToInt32):
3127         * assembler/X86Assembler.h:
3128         (JSC::X86Assembler::movb_rm):
3129         (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
3130         * bytecode/PredictedType.cpp:
3131         (JSC::predictionToString):
3132         (JSC::predictionFromClassInfo):
3133         * bytecode/PredictedType.h:
3134         (JSC::isByteArrayPrediction):
3135         * dfg/DFGAbstractState.cpp:
3136         (JSC::DFG::AbstractState::initialize):
3137         (JSC::DFG::AbstractState::execute):
3138         * dfg/DFGNode.h:
3139         (JSC::DFG::Node::shouldSpeculateByteArray):
3140         * dfg/DFGPropagator.cpp:
3141         (JSC::DFG::Propagator::propagateNodePredictions):
3142         (JSC::DFG::Propagator::fixupNode):
3143         (JSC::DFG::Propagator::performNodeCSE):
3144         * dfg/DFGSpeculativeJIT.cpp:
3145         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
3146         (JSC::DFG::compileClampDoubleToByte):
3147         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
3148         (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
3149         * dfg/DFGSpeculativeJIT.h:
3150         * dfg/DFGSpeculativeJIT32_64.cpp:
3151         (JSC::DFG::SpeculativeJIT::compile):
3152         * dfg/DFGSpeculativeJIT64.cpp:
3153         (JSC::DFG::SpeculativeJIT::compile):
3154         * runtime/JSByteArray.h:
3155         (JSC::JSByteArray::offsetOfStorage):
3156         * wtf/ByteArray.cpp:
3157         * wtf/ByteArray.h:
3158         (WTF::ByteArray::offsetOfSize):
3159         (WTF::ByteArray::offsetOfData):
3160
3161 2011-10-18  Geoffrey Garen  <ggaren@apple.com>
3162
3163         Some rope cleanup following r97827
3164         https://bugs.webkit.org/show_bug.cgi?id=70398
3165
3166         Reviewed by Oliver Hunt.
3167
3168         9% speedup on date-format-xparb, neutral overall.
3169         
3170         - Removed RopeImpl*.
3171         - Removed JSString::m_fiberCount, since this can be deduced from other data.
3172         - Renamed a jsString() variant to jsStringFromArguments for clarity.
3173
3174         * CMakeLists.txt:
3175         * GNUmakefile.list.am:
3176         * JavaScriptCore.order:
3177         * JavaScriptCore.pro:
3178         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3179         * JavaScriptCore.xcodeproj/project.pbxproj: Removed RopeImpl*.
3180
3181         * dfg/DFGSpeculativeJIT.cpp:
3182         (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
3183         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
3184         * jit/JITInlineMethods.h:
3185         (JSC::JIT::emitLoadCharacterString):
3186         * jit/JITPropertyAccess.cpp:
3187         (JSC::JIT::stringGetByValStubGenerator):
3188         * jit/JITPropertyAccess32_64.cpp:
3189         (JSC::JIT::stringGetByValStubGenerator):
3190         * jit/SpecializedThunkJIT.h:
3191         (JSC::SpecializedThunkJIT::loadJSStringArgument):
3192         * jit/ThunkGenerators.cpp:
3193         (JSC::stringCharLoad): Use a NULL m_value to signal rope-iness, instead
3194         of testing m_fiberCount, since m_fiberCount is gone now.
3195
3196         * runtime/JSString.cpp:
3197         (JSC::JSString::RopeBuilder::expand):
3198         (JSC::JSString::visitChildren):
3199         (JSC::JSString::resolveRope):
3200         (JSC::JSString::resolveRopeSlowCase):
3201         (JSC::JSString::outOfMemory): Use a NULL fiber to indicate "last fiber
3202         in the vector" instead of testing m_fiberCount, since m_fiberCount is gone now.
3203
3204         * runtime/JSString.h:
3205         (JSC::RopeBuilder::JSString):
3206         (JSC::RopeBuilder::finishCreation):
3207         (JSC::RopeBuilder::offsetOfLength):
3208         (JSC::RopeBuilder::isRope):
3209         (JSC::RopeBuilder::string): Removed m_fiberCount. Renamed
3210         jsString => jsStringFromArguments for clarity.
3211
3212         * runtime/Operations.h:
3213         (JSC::jsStringFromArguments): Renamed.
3214
3215         * runtime/RopeImpl.cpp: Removed.
3216         * runtime/RopeImpl.h: Removed.
3217
3218         * runtime/SmallStrings.cpp:
3219         (JSC::SmallStrings::createEmptyString): Switched to StringImpl::empty,
3220         which is slightly faster.
3221
3222         * runtime/StringPrototype.cpp:
3223         (JSC::stringProtoFuncConcat): Updated for rename.
3224
3225         * wtf/text/StringImplBase.h:
3226         (WTF::StringImplBase::StringImplBase): Removed the concept of an invalid
3227         StringImpl, since this was only used by RopeImpl, which is now gone.
3228
3229 2011-10-19  Rafael Antognolli  <antognolli@profusion.mobi>
3230
3231         [EFL] Fix DSO linkage of jsc_efl.
3232         https://bugs.webkit.org/show_bug.cgi?id=70412
3233
3234         Unreviewed build fix.
3235
3236         Need to add -ldl to jsc_efl (requested by dladdr).
3237
3238         * shell/CMakeListsEfl.txt:
3239
3240 2011-10-18  Geoffrey Garen  <ggaren@apple.com>
3241
3242         Rolled out last Windows build fix because it was wrong.
3243
3244 2011-10-18  Geoffrey Garen  <ggaren@apple.com>
3245
3246         Rolled out last Windows build fix because it was wrong.
3247
3248 2011-10-18  Geoffrey Garen  <ggaren@apple.com>
3249
3250         Try to fix part of the Windows build.
3251         
3252         Export!
3253
3254 2011-10-18  Geoffrey Garen  <ggaren@apple.com>
3255
3256         Switched ropes from malloc memory to GC memory
3257         https://bugs.webkit.org/show_bug.cgi?id=70364
3258
3259         Reviewed by Gavin Barraclough.
3260
3261         ~1% SunSpider speedup. Neutral elsewhere. Removes one cause for strings
3262         having C++ destructors.
3263
3264         * heap/MarkStack.cpp:
3265         (JSC::visitChildren): Call the JSString visitChildren function now,
3266         since it's no longer a no-op.
3267
3268         * runtime/JSString.cpp:
3269         (JSC::JSString::~JSString): Moved this destructor out of line because
3270         it's called virtually, so there's no value to inlining.
3271
3272         (JSC::JSString::RopeBuilder::expand): Switched RopeBuilder to be a thin
3273         initializing wrapper around JSString. JSString now represents ropes
3274         directly, rather than relying on an underlying malloc object.
3275
3276         (JSC::JSString::visitChildren): Visit our rope fibers, since they're GC
3277         objects now.
3278
3279         (JSC::JSString::resolveRope):
3280         (JSC::JSString::resolveRopeSlowCase):
3281         (JSC::JSString::outOfMemory): Updated for operating on JSStrings instead
3282         of malloc objects.
3283
3284         (JSC::JSString::replaceCharacter): Removed optimizations for substringing
3285         ropes and replacing subsections of ropes. We want to reimplement versions
3286         of these optimizations in the future, but this patch already has good
3287         performance without them.
3288
3289         * runtime/JSString.h:
3290         (JSC::RopeBuilder::JSString):
3291         (JSC::RopeBuilder::finishCreation):
3292         (JSC::RopeBuilder::createNull):
3293         (JSC::RopeBuilder::create):
3294         (JSC::RopeBuilder::createHasOtherOwner):
3295         (JSC::jsSingleCharacterString):
3296         (JSC::jsSingleCharacterSubstring):
3297         (JSC::jsNontrivialString):
3298         (JSC::jsString):
3299         (JSC::jsSubstring):
3300         (JSC::jsOwnedString): Lots of mechanical changes here. The two important
3301         things are: (1) The fibers in JSString::m_fibers are JSStrings now, not
3302         malloc objects; (2) I simplified the JSString constructor interface to
3303         only accept PassRefPtr<StringImpl>, instead of variations on that like
3304         UString, reducing refcount churn.
3305
3306         * runtime/JSValue.h:
3307         * runtime/JSValue.cpp:
3308         (JSC::JSValue::toPrimitiveString): Updated this function to return a
3309         JSString instead of a UString, since that's what clients want now.
3310
3311         * runtime/Operations.cpp:
3312         (JSC::jsAddSlowCase):
3313         * runtime/Operations.h:
3314         (JSC::jsString):
3315         * runtime/SmallStrings.cpp:
3316         (JSC::SmallStrings::createEmptyString): Updated for interface changes above.
3317
3318         * runtime/StringConstructor.cpp:
3319         (JSC::constructWithStringConstructor):
3320         * runtime/StringObject.h:
3321         (JSC::StringObject::create): Don't create a new JSString if we already
3322         have a JSString.
3323
3324         * runtime/StringPrototype.cpp:
3325         (JSC::stringProtoFuncConcat): Updated for interface changes above.
3326
3327 2011-10-18  Gavin Barraclough  <barraclough@apple.com>
3328
3329         Errrk, fix partial commit of r97825!
3330
3331         * runtime/DatePrototype.cpp:
3332         (JSC::dateProtoFuncToISOString):
3333
3334 2011-10-18  Gavin Barraclough  <barraclough@apple.com>
3335
3336         Date.prototype.toISOString fails to throw exception
3337         https://bugs.webkit.org/show_bug.cgi?id=70394
3338
3339         Reviewed by Sam Weinig.
3340
3341         * runtime/DatePrototype.cpp:
3342         (JSC::dateProtoFuncToISOString):
3343             - Should throw a range error if the internal value is not finite.
3344
3345 2011-10-18  Mark Hahnenberg  <mhahnenberg@apple.com>
3346
3347         Rename static put to putByIndex
3348         https://bugs.webkit.org/show_bug.cgi?id=70281
3349
3350         Reviewed by Geoffrey Garen.
3351
3352         Renaming versions of deleteProperty that use an unsigned as the property
3353         name to "deletePropertyByIndex" in preparation for adding them to the 
3354         MethodTable, which requires unique names for each method.
3355
3356         * dfg/DFGOperations.cpp:
3357         (JSC::DFG::putByVal):
3358         * jit/JITStubs.cpp:
3359         (JSC::DEFINE_STUB_FUNCTION):
3360         * runtime/Arguments.cpp:
3361         (JSC::Arguments::putVirtual):
3362         (JSC::Arguments::putByIndex):
3363         * runtime/Arguments.h:
3364         * runtime/ArrayPrototype.cpp:
3365         (JSC::arrayProtoFuncMap):
3366         * runtime/JSArray.cpp:
3367         (JSC::JSArray::put):
3368         (JSC::JSArray::putVirtual):
3369         (JSC::JSArray::putByIndex):
3370         * runtime/JSArray.h:
3371         * runtime/JSByteArray.cpp:
3372         (JSC::JSByteArray::putVirtual):
3373         (JSC::JSByteArray::putByIndex):
3374         * runtime/JSByteArray.h:
3375         * runtime/JSCell.cpp:
3376         (JSC::JSCell::putVirtual):
3377         (JSC::JSCell::putByIndex):
3378         * runtime/JSCell.h:
3379         * runtime/JSNotAnObject.cpp:
3380         (JSC::JSNotAnObject::putVirtual):
3381         (JSC::JSNotAnObject::putByIndex):
3382         * runtime/JSNotAnObject.h:
3383         * runtime/JSObject.cpp:
3384         (JSC::JSObject::putVirtual):
3385         (JSC::JSObject::putByIndex):
3386         * runtime/JSObject.h:
3387         * runtime/RegExpConstructor.cpp:
3388         (JSC::RegExpMatchesArray::fillArrayInstance):
3389         * runtime/RegExpMatchesArray.h:
3390         (JSC::RegExpMatchesArray::putVirtual):
3391         (JSC::RegExpMatchesArray::putByIndex):
3392
3393 2011-10-18  Gavin Barraclough  <barraclough@apple.com>
3394
3395         Array.prototype methods missing exception checks
3396         https://bugs.webkit.org/show_bug.cgi?id=70360
3397
3398         Reviewed by Geoff Garen.
3399
3400         Missing exception checks after calls to the static getProperty helper,
3401         these may result in the wrong exception being thrown (or an ASSERT being hit,
3402         as is currently the case running test-262).
3403
3404         No performance impact.
3405
3406         * runtime/ArrayPrototype.cpp:
3407         (JSC::arrayProtoFuncConcat):
3408         (JSC::arrayProtoFuncReverse):
3409         (JSC::arrayProtoFuncShift):
3410         (JSC::arrayProtoFuncSlice):
3411         (JSC::arrayProtoFuncSplice):
3412         (JSC::arrayProtoFuncUnShift):
3413         (JSC::arrayProtoFuncReduce):
3414         (JSC::arrayProtoFuncReduceRight):
3415         (JSC::arrayProtoFuncIndexOf):
3416         (JSC::arrayProtoFuncLastIndexOf):
3417
3418 2011-10-18  Adam Barth  <abarth@webkit.org>
3419
3420         Always enable ENABLE(XPATH)
3421         https://bugs.webkit.org/show_bug.cgi?id=70217
3422
3423         Reviewed by Eric Seidel.
3424
3425         * Configurations/FeatureDefines.xcconfig:
3426
3427 2011-10-18  Gavin Barraclough  <barraclough@apple.com>
3428
3429         Indexed arguments on the Arguments object should be enumerable.
3430         https://bugs.webkit.org/show_bug.cgi?id=70302
3431
3432         Reviewed by Sam Weinig.
3433
3434         See ECMA-262 5.1 chapter 10.6 step 11b.
3435         This is visible through a number of means, including Object.keys, Object.getOwnPropertyDescriptor, and operator in.
3436
3437         * runtime/Arguments.cpp:
3438         (JSC::Arguments::getOwnPropertyDescriptor):
3439             - The 'enumerable' property should be true for indexed arguments.
3440         (JSC::Arguments::getOwnPropertyNames):
3441             - Don't guard the adding of indexed properties with 'IncludeDontEnumProperties'.
3442
3443 2011-10-18  Gustavo Noronha Silva  <gns@gnome.org>
3444
3445         Fix distcheck.
3446
3447         * GNUmakefile.list.am: fix a typo and add a missing header to the
3448         list.
3449
3450 2011-10-18  Balazs Kelemen  <kbalazs@webkit.org>
3451
3452         ParallelJobs: maximum number of threads should be determined dynamically
3453         https://bugs.webkit.org/show_bug.cgi?id=68540
3454
3455         Reviewed by Zoltan Herczeg.
3456
3457         Add logic to determine the number of cores and use this as
3458         the maximum number of threads. The implementation currently
3459         covers Linux, Darwin, Windows, AIX, Solaris, OpenBSD and NetBSD.
3460         The patch was tested on Linux, Mac and Windows which was enough to
3461         cover all code path. It should work on the rest accoring to the
3462         documentation of those OS's. The hard coded constant is still used
3463         on uncovered OS's which should be fixed in the future.
3464
3465         * wtf/ParallelJobs.h: Removed the default value of the requestedJobNumber
3466         argument because clients should always fill it and the 0 default value
3467         was incorrect anyway.
3468         (WTF::ParallelJobs::ParallelJobs):
3469         * wtf/ParallelJobsGeneric.cpp:
3470         (WTF::ParallelEnvironment::determineMaxNumberOfParallelThreads):
3471         * wtf/ParallelJobsGeneric.h:
3472         (WTF::ParallelEnvironment::ParallelEnvironment):
3473
3474 2011-10-17  Gavin Barraclough  <barraclough@apple.com>
3475
3476         Reverted r997709, this caused test failures.
3477
3478         * jit/JITStubs.cpp:
3479         (JSC::DEFINE_STUB_FUNCTION):
3480         * runtime/JSObject.cpp:
3481         (JSC::JSObject::hasProperty):
3482         (JSC::JSObject::hasOwnProperty):
3483
3484 2011-10-17  Ryosuke Niwa  <rniwa@webkit.org>
3485
3486         Rename deregister* to unregister*
3487         https://bugs.webkit.org/show_bug.cgi?id=70272
3488
3489         Reviewed by Darin Adler.
3490
3491         Renamed deregisterWeakMap to unregisterWeakMap.
3492
3493         * runtime/JSGlobalObject.h:
3494         (JSC::JSGlobalObject::unregisterWeakMap):
3495
3496 2011-10-17  Gavin Barraclough  <barraclough@apple.com>
3497
3498         Poisoning of strict caller/arguments inappropriately poisoning "in"
3499         https://bugs.webkit.org/show_bug.cgi?id=63398
3500
3501         Reviewed by Sam Weinig.
3502
3503         The problem here is that the has[Own]Property methods get the slot rather than
3504         the descriptor, and getting the slot may cause the property to be eagerly accessed.
3505
3506         * jit/JITStubs.cpp:
3507         (JSC::DEFINE_STUB_FUNCTION):
3508             - We don't expect hasProperty to ever throw. If it does, it won't get caught
3509               (since it is after the exception check), so ASSERT to guard against this.
3510         * runtime/JSObject.cpp:
3511         (JSC::JSObject::hasProperty):
3512         (JSC::JSObject::hasOwnProperty):
3513             - These methods should not check for the presence of the descriptor; never get the value.
3514
3515 2011-10-17  Gavin Barraclough  <barraclough@apple.com>
3516
3517         Exception ordering in String.prototype.replace
3518         https://bugs.webkit.org/show_bug.cgi?id=70290
3519
3520         If pattern is not a regexp, it should be converted toString before the replacement value has it's toString conversion called.
3521
3522         Reviewed by Oliver Hunt.
3523
3524         * runtime/StringPrototype.cpp:
3525         (JSC::stringProtoFuncReplace):
3526
3527 2011-10-17  Filip Pizlo  <fpizlo@apple.com>
3528
3529         DFG bytecode parser should understand inline stacks
3530         https://bugs.webkit.org/show_bug.cgi?id=70278
3531
3532         Reviewed by Oliver Hunt.
3533         
3534         The DFG bytecode parser is now capable of parsing multiple code blocks at
3535         once. This remains turned off since not all inlining functionality is
3536         implemented.       
3537         
3538         This required making a few changes elsewhere in the system. The bytecode
3539         parser now may do some of the same things that the bytecode generator does,
3540         like allocating constants and identifiers. Basic block linking relies on
3541         bytecode indices, which are only meaningful within the context of one basic
3542         block. This is fine, so long as linking is done eagerly whenever switching
3543         from one code block to another.
3544
3545         * bytecode/CodeOrigin.h:
3546         (JSC::CodeOrigin::CodeOrigin):
3547         * bytecompiler/BytecodeGenerator.h:
3548         * dfg/DFGBasicBlock.h:
3549         * dfg/DFGByteCodeParser.cpp:
3550         (JSC::DFG::ByteCodeParser::ByteCodeParser):
3551         (JSC::DFG::ByteCodeParser::get):
3552         (JSC::DFG::ByteCodeParser::set):
3553         (JSC::DFG::ByteCodeParser::getThis):
3554         (JSC::DFG::ByteCodeParser::setThis):
3555         (JSC::DFG::ByteCodeParser::currentCodeOrigin):
3556         (JSC::DFG::ByteCodeParser::getPrediction):
3557         (JSC::DFG::ByteCodeParser::makeSafe):
3558         (JSC::DFG::ByteCodeParser::makeDivSafe):
3559         (JSC::DFG::ByteCodeParser::InlineStackEntry::executable):
3560         (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry):
3561         (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
3562         (JSC::DFG::ByteCodeParser::parseBlock):
3563         (JSC::DFG::ByteCodeParser::linkBlock):
3564         (JSC::DFG::ByteCodeParser::linkBlocks):
3565         (JSC::DFG::ByteCodeParser::setupPredecessors):
3566         (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
3567         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
3568         (JSC::DFG::ByteCodeParser::parseCodeBlock):
3569         (JSC::DFG::ByteCodeParser::parse):
3570         * dfg/DFGGraph.h:
3571         (JSC::DFG::GetBytecodeBeginForBlock::GetBytecodeBeginForBlock):
3572         (JSC::DFG::GetBytecodeBeginForBlock::operator()):
3573         (JSC::DFG::Graph::blockIndexForBytecodeOffset):
3574         * dfg/DFGNode.h:
3575         * runtime/Identifier.h:
3576         (JSC::IdentifierMapIndexHashTraits::emptyValue):
3577         * runtime/JSValue.h:
3578         * wtf/StdLibExtras.h:
3579         (WTF::binarySearchWithFunctor):
3580
3581 2011-10-17  Gavin Barraclough  <barraclough@apple.com>
3582
3583         Incorrect behavior from String match/search & undefined pattern
3584         https://bugs.webkit.org/show_bug.cgi?id=70286
3585
3586         Reviewed by Sam weinig.
3587
3588         * runtime/StringPrototype.cpp:
3589         (JSC::stringProtoFuncMatch):
3590             - In case of undefined, pattern is "".
3591         (JSC::stringProtoFuncSearch):
3592             - In case of undefined, pattern is "".
3593
3594 2011-10-17  Gavin Barraclough  <barraclough@apple.com>
3595
3596         https://bugs.webkit.org/show_bug.cgi?id=70207
3597         After deleting __defineSetter__, it is absent but appears in name list
3598
3599         Reviewed by Darin Adler.
3600
3601         * runtime/JSObject.cpp:
3602         (JSC::JSObject::getOwnPropertyNames):
3603             - This should check whether static functions have been reified.
3604
3605 2011-10-17  Geoffrey Garen  <ggaren@apple.com>
3606
3607         Mac build fix.
3608
3609         * JavaScriptCore.exp: Export!
3610
3611 2011-10-17  Geoffrey Garen  <ggaren@apple.com>
3612
3613         Windows build fix.
3614
3615         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export!
3616
3617 2011-10-17  Geoffrey Garen  <ggaren@apple.com>
3618
3619         Windows build fix.
3620
3621         * heap/HandleStack.cpp: Added a missing #include.
3622
3623 2011-10-17  Geoffrey Garen  <ggaren@apple.com>
3624
3625         Windows build fix.
3626
3627         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed no
3628         longer existant symbol.
3629
3630         * heap/MarkStack.cpp:
3631         (JSC::MarkStackArray::shrinkAllocation): Cast to the right type.
3632
3633 2011-10-17  Geoffrey Garen  <ggaren@apple.com>
3634
3635         Simplified GC marking logic
3636         https://bugs.webkit.org/show_bug.cgi?id=70258
3637
3638         Reviewed by Filip Pizlo.
3639         
3640         No perf. change.
3641         
3642         This is a first step toward GC allocating string backing stores, starting
3643         with ropes. It also enables future simplifications and optimizations.
3644         
3645         - Replaced some complex mark stack logic with a simple linear stack of
3646         JSCell pointers.
3647         
3648         - Replaced logic for short-circuiting marking based on JSType and/or
3649         Structure flags with special cases for object, array, and string.
3650         
3651         - Fiddled with inlining for better codegen.
3652
3653         * JavaScriptCore.exp:
3654         * heap/HandleStack.cpp: Build!
3655
3656         * heap/Heap.cpp:
3657         (JSC::Heap::Heap): Provide more vptrs to SlotVisitor, for use in marking.
3658
3659         * heap/HeapRootVisitor.h: Removed unused functions that no longer build.
3660
3661         * heap/MarkStack.cpp:
3662         (JSC::MarkStackArray::MarkStackArray):
3663         (JSC::MarkStackArray::~MarkStackArray):
3664         (JSC::MarkStackArray::expand):
3665         (JSC::MarkStackArray::shrinkAllocation):
3666         (JSC::MarkStack::reset):
3667         (JSC::visitChildren):
3668         (JSC::SlotVisitor::drain):
3669         * heap/MarkStack.h:
3670         (JSC::MarkStack::MarkStack):
3671         (JSC::MarkStack::~MarkStack):
3672         (JSC::MarkStackArray::append):
3673         (JSC::MarkStackArray::removeLast):
3674         (JSC::MarkStackArray::isEmpty):
3675         (JSC::MarkStack::append):
3676         (JSC::MarkStack::appendUnbarrieredPointer):
3677         (JSC::MarkStack::internalAppend): Replaced complex mark set logic with
3678         simple linear stack.
3679
3680         * heap/SlotVisitor.h:
3681         (JSC::SlotVisitor::SlotVisitor): Updated for above changes.
3682
3683         * runtime/JSArray.cpp:
3684         (JSC::JSArray::visitChildren):
3685         * runtime/JSArray.h:
3686         * runtime/JSObject.cpp:
3687         (JSC::JSObject::visitChildren):
3688         * runtime/JSObject.h: Don't inline visitChildren; it's too big.
3689
3690         * runtime/Structure.h:
3691         (JSC::MarkStack::internalAppend): Nixed the short-circuit for CompoundType
3692         because it prevented strings from owning GC pointers.
3693
3694         * runtime/WriteBarrier.h:
3695         (JSC::MarkStack::appendValues): No need to validate; internalAppend will
3696         do that for us.
3697
3698 2011-10-17  Adam Roben  <aroben@apple.com>
3699
3700         Windows build fix after r97536, part 3
3701
3702         * runtime/JSAPIValueWrapper.h:
3703         * runtime/JSObject.h:
3704         Use JS_EXPORTDATA to export the s_info members.
3705
3706 2011-10-17  Adam Roben  <aroben@apple.com>
3707
3708         Interpreter build fix after r97564
3709
3710         * runtime/Executable.cpp:
3711         (JSC::FunctionExecutable::compileForCallInternal):
3712         (JSC::FunctionExecutable::compileForConstructInternal):
3713         Moved declaration of globalData variable into ENABLE(JIT) blocks, since it is only used
3714         there.
3715
3716 2011-10-17  Adam Roben  <aroben@apple.com>
3717
3718         Windows build fix after r97536, part 2
3719
3720         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Added back
3721         JSC::setUpStaticFunctionSlot with its new mangled name. SOrted the rest of the file while I
3722         was at it.
3723
3724 2011-10-17  Adam Roben  <aroben@apple.com>
3725
3726         Windows build fix after r97536
3727
3728         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed export of
3729         JSC::setUpStaticFunctionSlot, which no longer exists. Also removed incorrect exports of
3730         s_info members, which need to be exported via JS_EXPORTDATA instead.
3731
3732 2011-10-17  Patrick Gansterer  <paroga@webkit.org>
3733
3734         Interpreter build fix after r97436, r97506, r97532 and r97537.
3735
3736         * interpreter/Interpreter.cpp:
3737         (JSC::Interpreter::privateExecute):
3738
3739 2011-10-16  Adam Barth  <abarth@webkit.org>
3740
3741         Always disable ENABLE(ON_FIRST_TEXTAREA_FOCUS_SELECT_ALL) and delete associated code
3742         https://bugs.webkit.org/show_bug.cgi?id=70216
3743
3744         Reviewed by Eric Seidel.
3745
3746         * wtf/Platform.h:
3747
3748 2011-10-16  Noel Gordon  <noel.gordon@gmail.com>
3749
3750         [chromium] Remove PageAllocatorSymbian.h, OSAllocatorSymbian.cpp, gtk/ThreadingGtk.cpp from gyp project files
3751         https://bugs.webkit.org/show_bug.cgi?id=70205
3752
3753         Reviewed by James Robinson.
3754
3755         wtf/PageAllocatorSymbian.h and wtf/OSAllocatorSymbian.cpp were removed in r97557.
3756         wtf/gtk/ThreadingGtk.cpp was removed in r97269.
3757
3758         * JavaScriptCore.gypi:
3759
3760 2011-10-16  Adam Barth  <abarth@webkit.org>
3761
3762         Always enable ENABLE(DOM_STORAGE)
3763         https://bugs.webkit.org/show_bug.cgi?id=70189
3764
3765         Reviewed by Eric Seidel.
3766
3767         * Configurations/FeatureDefines.xcconfig:
3768
3769 2011-10-15  Dan Horák <dan@danny.cz>
3770
3771         The s390 and s390x architectures both use 64-bit double type
3772         that conforms to the IEEE-754 standard.
3773
3774         https://bugs.webkit.org/show_bug.cgi?id=69940
3775
3776         Reviewed by Gavin Barraclough.
3777
3778         * wtf/dtoa/utils.h:
3779
3780 2011-10-14  Filip Pizlo  <fpizlo@apple.com>
3781
3782         FunctionExecutable should expose the ability to create unattached FunctionCodeBlocks
3783         https://bugs.webkit.org/show_bug.cgi?id=70157
3784
3785         Reviewed by Geoff Garen.
3786         
3787         Added FunctionExecutable::produceCodeBlockFor() and rewired compileForCallInternal()
3788         and compileForConstructInternal() to use this method. This required more cleanly
3789         exposing some of CodeBlock's tiering functionality and moving the CompilationKind
3790         enum to Executable.h, as this was the easiest way to make it available to the
3791         declarations/definitions of CodeBlock, FunctionExecutable, and BytecodeGenerator.
3792
3793         * bytecode/CodeBlock.cpp:
3794         (JSC::CodeBlock::copyDataFrom):
3795         (JSC::CodeBlock::copyDataFromAlternative):
3796         * bytecode/CodeBlock.h:
3797         (JSC::CodeBlock::setAlternative):
3798         * bytecompiler/BytecodeGenerator.h:
3799         * runtime/Executable.cpp:
3800         (JSC::EvalExecutable::compileInternal):
3801         (JSC::ProgramExecutable::compileInternal):
3802         (JSC::FunctionExecutable::produceCodeBlockFor):
3803         (JSC::FunctionExecutable::compileForCallInternal):
3804         (JSC::FunctionExecutable::compileForConstructInternal):
3805         * runtime/Executable.h:
3806         (JSC::FunctionExecutable::codeBlockFor):
3807
3808 2011-10-15  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
3809
3810         [Qt] [Symbian] Remove support for the Symbian platform for the QtWebKit port
3811         https://bugs.webkit.org/show_bug.cgi?id=69920
3812
3813         Reviewed by Kenneth Rohde Christiansen.
3814
3815         * JavaScriptCore.pri:
3816         * JavaScriptCore.pro:
3817         * heap/MarkStack.h:
3818         (JSC::::shrinkAllocation):
3819         * jit/ExecutableAllocator.cpp:
3820         * jit/ExecutableAllocator.h:
3821         (JSC::ExecutableAllocator::cacheFlush):
3822         * jit/JITStubs.cpp:
3823         * jsc.pro:
3824         * runtime/ArrayPrototype.cpp:
3825         (JSC::arrayProtoFuncToString):
3826         * runtime/DatePrototype.cpp:
3827         (JSC::formatLocaleDate):
3828         * runtime/StringPrototype.cpp:
3829         (JSC::stringProtoFuncLastIndexOf):
3830         * runtime/TimeoutChecker.cpp:
3831         (JSC::getCPUTime):
3832         * wtf/Assertions.cpp:
3833         * wtf/Assertions.h:
3834         * wtf/Atomics.h:
3835         * wtf/MathExtras.h:
3836         * wtf/OSAllocator.h:
3837         (WTF::OSAllocator::decommitAndRelease):
3838         * wtf/OSAllocatorSymbian.cpp: Removed.
3839         * wtf/OSRandomSource.cpp:
3840         (WTF::cryptographicallyRandomValuesFromOS):
3841         * wtf/PageAllocation.h:
3842         * wtf/PageAllocatorSymbian.h: Removed.
3843         * wtf/PageBlock.cpp:
3844         * wtf/Platform.h:
3845         * wtf/StackBounds.cpp:
3846         * wtf/wtf.pri:
3847
3848 2011-10-15  Yuqiang Xian  <yuqiang.xian@intel.com>
3849
3850         Trivial fix for a missing change in r97512
3851         https://bugs.webkit.org/show_bug.cgi?id=70166
3852
3853         Reviewed by Gavin Barraclough.
3854
3855         * dfg/DFGJITCompiler32_64.cpp:
3856         (JSC::DFG::JITCompiler::link):
3857
3858 2011-10-14  Mark Hahnenberg  <mhahnenberg@apple.com>
3859
3860         Rename getOwnPropertySlot to getOwnPropertySlotVirtual
3861         https://bugs.webkit.org/show_bug.cgi?id=69810
3862
3863         Reviewed by Geoffrey Garen.
3864
3865         Renamed the virtual version of getOwnPropertySlot to getOwnPropertySlotVirtual
3866         in preparation for when we add the static getOwnPropertySlot to the MethodTable 
3867         in ClassInfo.
3868
3869         Also added a few static getOwnPropertySlot functions where they had been overlooked 
3870         before (especially in CodeGeneratorJS.pm).
3871
3872         * API/JSCallbackObject.h:
3873         * API/JSCallbackObjectFunctions.h:
3874         (JSC::::getOwnPropertySlotVirtual):
3875         (JSC::::getOwnPropertySlot):
3876         (JSC::::getOwnPropertyDescriptor):
3877         (JSC::::staticFunctionGetter):
3878         * JavaScriptCore.exp:
3879         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3880         * debugger/DebuggerActivation.cpp:
3881         (JSC::DebuggerActivation::getOwnPropertySlotVirtual):
3882         (JSC::DebuggerActivation::getOwnPropertySlot):
3883         * debugger/DebuggerActivation.h:
3884         * runtime/Arguments.cpp:
3885         (JSC::Arguments::getOwnPropertySlotVirtual):
3886         (JSC::Arguments::getOwnPropertySlot):
3887         * runtime/Arguments.h:
3888         * runtime/ArrayConstructor.cpp:
3889         (JSC::ArrayConstructor::getOwnPropertySlotVirtual):
3890         (JSC::ArrayConstructor::getOwnPropertySlot):
3891         * runtime/ArrayConstructor.h:
3892         * runtime/ArrayPrototype.cpp:
3893         (JSC::ArrayPrototype::getOwnPropertySlotVirtual):
3894         * runtime/ArrayPrototype.h:
3895         * runtime/BooleanPrototype.cpp:
3896         (JSC::BooleanPrototype::getOwnPropertySlotVirtual):
3897         * runtime/BooleanPrototype.h:
3898         * runtime/DateConstructor.cpp:
3899         (JSC::DateConstructor::getOwnPropertySlotVirtual):
3900         * runtime/DateConstructor.h:
3901         * runtime/DatePrototype.cpp:
3902         (JSC::DatePrototype::getOwnPropertySlotVirtual):
3903         * runtime/DatePrototype.h:
3904         * runtime/ErrorPrototype.cpp:
3905         (JSC::ErrorPrototype::getOwnPropertySlotVirtual):
3906         * runtime/ErrorPrototype.h:
3907         * runtime/JSActivation.cpp:
3908         (JSC::JSActivation::getOwnPropertySlotVirtual):
3909         * runtime/JSActivation.h:
3910         * runtime/JSArray.cpp:
3911         (JSC::JSArray::getOwnPropertySlotVirtual):
3912         (JSC::JSArray::getOwnPropertySlot):
3913         * runtime/JSArray.h:
3914         * runtime/JSBoundFunction.cpp:
3915         (JSC::JSBoundFunction::getOwnPropertySlotVirtual):
3916         * runtime/JSBoundFunction.h:
3917         * runtime/JSByteArray.cpp:
3918         (JSC::JSByteArray::getOwnPropertySlotVirtual):
3919         * runtime/JSByteArray.h:
3920         * runtime/JSCell.cpp:
3921         (JSC::JSCell::getOwnPropertySlotVirtual):
3922         * runtime/JSCell.h:
3923         * runtime/JSFunction.cpp:
3924         (JSC::JSFunction::getOwnPropertySlotVirtual):
3925         (JSC::JSFunction::getOwnPropertyDescriptor):
3926         (JSC::JSFunction::getOwnPropertyNames):
3927         (JSC::JSFunction::put):
3928         * runtime/JSFunction.h:
3929         * runtime/JSGlobalObject.cpp:
3930         (JSC::JSGlobalObject::getOwnPropertySlotVirtual):
3931         * runtime/JSGlobalObject.h:
3932         (JSC::JSGlobalObject::hasOwnPropertyForWrite):
3933         * runtime/JSNotAnObject.cpp:
3934         (JSC::JSNotAnObject::getOwnPropertySlotVirtual):
3935         * runtime/JSNotAnObject.h:
3936         * runtime/JSONObject.cpp:
3937         (JSC::Stringifier::Holder::appendNextProperty):
3938         (JSC::JSONObject::getOwnPropertySlotVirtual):
3939         (JSC::Walker::walk):
3940         * runtime/JSONObject.h:
3941         * runtime/JSObject.cpp:
3942         (JSC::JSObject::getOwnPropertySlotVirtual):
3943         (JSC::JSObject::getOwnPropertySlot):
3944         (JSC::JSObject::hasOwnProperty):
3945         * runtime/JSObject.h:
3946         (JSC::JSObject::getOwnPropertySlotVirtual):
3947         (JSC::JSCell::fastGetOwnPropertySlot):
3948         (JSC::JSObject::getPropertySlot):
3949         (JSC::JSValue::get):
3950         * runtime/JSStaticScopeObject.cpp:
3951         (JSC::JSStaticScopeObject::getOwnPropertySlotVirtual):
3952         * runtime/JSStaticScopeObject.h:
3953         * runtime/JSString.cpp:
3954         (JSC::JSString::getOwnPropertySlotVirtual):
3955         (JSC::JSString::getOwnPropertySlot):
3956         * runtime/JSString.h:
3957         * runtime/Lookup.h:
3958         (JSC::getStaticPropertySlot):
3959         (JSC::getStaticFunctionSlot):
3960         (JSC::getStaticValueSlot):
3961         * runtime/MathObject.cpp:
3962         (JSC::MathObject::getOwnPropertySlotVirtual):
3963         * runtime/MathObject.h:
3964         * runtime/NumberConstructor.cpp:
3965         (JSC::NumberConstructor::getOwnPropertySlotVirtual):
3966         * runtime/NumberConstructor.h:
3967         * runtime/NumberPrototype.cpp:
3968         (JSC::NumberPrototype::getOwnPropertySlotVirtual):
3969         * runtime/NumberPrototype.h:
3970         * runtime/ObjectConstructor.cpp:
3971         (JSC::ObjectConstructor::getOwnPropertySlotVirtual):
3972         * runtime/ObjectConstructor.h:
3973         * runtime/ObjectPrototype.cpp:
3974         (JSC::ObjectPrototype::getOwnPropertySlotVirtual):
3975         * runtime/ObjectPrototype.h:
3976         * runtime/RegExpConstructor.cpp:
3977         (JSC::RegExpConstructor::getOwnPropertySlotVirtual):
3978         * runtime/RegExpConstructor.h:
3979         * runtime/RegExpMatchesArray.h:
3980         (JSC::RegExpMatchesArray::getOwnPropertySlotVirtual):
3981         * runtime/RegExpObject.cpp:
3982         (JSC::RegExpObject::getOwnPropertySlotVirtual):
3983         * runtime/RegExpObject.h:
3984         * runtime/RegExpPrototype.cpp:
3985         (JSC::RegExpPrototype::getOwnPropertySlotVirtual):
3986         * runtime/RegExpPrototype.h:
3987         * runtime/StringConstructor.cpp:
3988         (JSC::StringConstructor::getOwnPropertySlotVirtual):
3989         * runtime/StringConstructor.h:
3990         * runtime/StringObject.cpp:
3991         (JSC::StringObject::getOwnPropertySlotVirtual):
3992         * runtime/StringObject.h:
3993         * runtime/StringPrototype.cpp:
3994         (JSC::StringPrototype::getOwnPropertySlotVirtual):
3995         * runtime/StringPrototype.h:
3996
3997 2011-10-14  Gavin Barraclough  <baraclough@apple.com>
3998
3999         Most built-in properties are not deletable
4000         https://bugs.webkit.org/show_bug.cgi?id=61014
4001
4002         Reviewed by Filip Pizlo.
4003
4004         Our static hash tables don't allow for deleting properties.
4005         This is the cause of a bunch of expected failures in LayoutTests/sputnik.
4006
4007         This fixes the problem by reifying all static functions immediately prior
4008         to the first deletion.  Reification is tracked by a flag on the structure,
4009         so properties will no longer 'bounce-back' on later access.
4010
4011         Theoretically there could probably also be an issue with custom accessor
4012         properties, but we probably do not really require any of these to be
4013         Configurable anyway. I'll follow up with a separate patch to address this.
4014
4015         * runtime/ClassInfo.h:
4016         (JSC::ClassInfo::hasStaticProperties):
4017             - detects static property tables.
4018         * runtime/JSObject.cpp:
4019         (JSC::JSObject::deleteProperty):
4020             - call reifyStaticFunctions before deletion.
4021         (JSC::JSObject::reifyStaticFunctions):
4022             - If the class has static functions, set them up now.
4023         * runtime/JSObject.h:
4024         (JSC::JSObject::staticFunctionsReified):
4025             - returns true if static functions have been reified,
4026               and as such should no longer be added.
4027         * runtime/Lookup.cpp:
4028         (JSC::setUpStaticFunctionSlot):
4029             - If static functions have been reified do not add.
4030         * runtime/Lookup.h:
4031         (JSC::HashTable::ConstIterator::ConstIterator):
4032         (JSC::HashTable::ConstIterator::operator->):
4033