Pass VM instead of JSGlobalObject to RegExp constructor.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-09-30  Andreas Kling  <akling@apple.com>
2
3         Pass VM instead of JSGlobalObject to RegExp constructor.
4         <https://webkit.org/b/122113>
5
6         Reviewed by Darin Adler.
7
8         RegExps don't need anything from the global object during their
9         construction and only use it to get to the VM. Reduce loads by
10         simply passing the VM around instead.
11
12         JSC release binary size -= 120 bytes(!)
13
14 2013-09-30  Patrick Gansterer  <paroga@webkit.org>
15
16         Fix compilation for COMPILER(MSVC) && !CPU(X86) after r156490.
17         https://bugs.webkit.org/show_bug.cgi?id=122102
18
19         Reviewed by Geoffrey Garen.
20
21         _AddressOfReturnAddress() is supported for all platforms of
22         ths Microsoft compiler, so we can use it for !CPU(X86) too.
23
24         * jit/JITOperationWrappers.h:
25
26 2013-09-30  Gabor Rapcsanyi  <rgabor@webkit.org>
27
28         Unreviewed. Build fix for DEBUG_VERBOSE mode after r156511.
29
30         * dfg/DFGSpeculativeJIT.cpp:
31         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
32
33 2013-09-30  Gabor Rapcsanyi  <rgabor@webkit.org>
34
35         Unreviewed. Speculative build fix on ARMv7 Thumb2 after r156490.
36
37         * dfg/DFGSpeculativeJIT.cpp:
38         (JSC::DFG::fmodAsDFGOperation):
39
40 2013-09-29  Nadav Rotem  <nrotem@apple.com>
41
42         FTL: refactor compileAdd and compileArithSub into one function.
43         https://bugs.webkit.org/show_bug.cgi?id=122081
44
45         Reviewed by Geoffrey Garen.
46
47         * ftl/FTLLowerDFGToLLVM.cpp:
48         (JSC::FTL::LowerDFGToLLVM::compileNode):
49         (JSC::FTL::LowerDFGToLLVM::compileAddSub):
50
51 2013-09-29  Andreas Kling  <akling@apple.com>
52
53         Pass VM instead of JSGlobalObject to function constructors.
54         <https://webkit.org/b/122082>
55
56         Reviewed by Darin Adler.
57
58         Functions don't need anything from the global object during their
59         construction and only use it to get to the VM. Reduce loads by
60         simply passing the VM around instead.
61
62         This patch is mostly mechanical, I just changed the signature of
63         InternalFunction and worked my way from there until it built.
64
65         JSC release binary size -= 4840 bytes.
66
67 2013-09-29  Andreas Kling  <akling@apple.com>
68
69         Pass VM instead of JSGlobalObject to ArrayPrototype constructor.
70         <https://webkit.org/b/122079>
71
72         Reviewed by Geoffrey Garen.
73
74         ArrayPrototype doesn't need the global object for anything during
75         construction, so reduce the amount of loads by just passing the VM.
76
77 2013-09-29  Andreas Kling  <akling@apple.com>
78
79         Pass VM instead of ExecState to simple builtin constructors.
80         <https://webkit.org/b/122077>
81
82         Reviewed by Sam Weinig.
83
84         None of the simple builtins need the ExecState for anything during
85         their construction, so reduce the amount of loads by just passing
86         the VM around instead.
87
88 2013-09-29  Nadav Rotem  <nrotem@apple.com>
89
90         Refactor code for finding x86 scratch register.
91         https://bugs.webkit.org/show_bug.cgi?id=122072
92
93         Reviewed by Geoffrey Garen.
94
95         * assembler/MacroAssemblerX86Common.h:
96         (JSC::MacroAssemblerX86Common::getUnusedRegister):
97         (JSC::MacroAssemblerX86Common::store8):
98         (JSC::MacroAssemblerX86Common::store16):
99
100 2013-09-28  Mark Rowe  <mrowe@apple.com>
101
102         Take Xcode's advice and enable some extra warnings.
103
104         Reviewed by Sam Weinig.
105
106         * Configurations/Base.xcconfig:
107         * JavaScriptCore.xcodeproj/project.pbxproj:
108
109 2013-09-28  Andreas Kling  <akling@apple.com>
110
111         Pass VM instead of ExecState to JSFunction constructors.
112         <https://webkit.org/b/122014>
113
114         Reviewed by Geoffrey Garen.
115
116         JSFunction doesn't need the ExecState for anything during its
117         construction, so reduce the amount of loads by just passing the
118         VM around instead.
119
120         Factored out putDirectNonIndexAccessor() from the existing
121         putDirectAccessor() to avoid snowballing the patch (and because
122         it's kinda neat to avoid the extra branch.)
123
124         JSC release binary size -= 9680 bytes.
125
126 2013-09-28  Mark Rowe  <mrowe@apple.com>
127
128         JavaScriptCore fails to build with newer versions of clang.
129
130         Reviewed by Sam Weinig.
131
132         * interpreter/Interpreter.cpp: Remove an unused function.
133         * parser/SourceProvider.cpp: Ditto.
134         * runtime/GCActivityCallback.cpp: #if a constant that's only used on non-CF platforms.
135         * runtime/JSCJSValue.cpp: Remove an unused constant.
136         * runtime/JSString.cpp: Ditto.
137
138 2013-09-27  Filip Pizlo  <fpizlo@apple.com>
139
140         Get rid of SetMyScope/SetCallee; use normal variables for the scope and callee of inlined call frames of closures
141         https://bugs.webkit.org/show_bug.cgi?id=122047
142
143         Reviewed by Oliver Hunt.
144         
145         Currently we have the DFG reserve space for inline call frames at exactly the same stack
146         offsets that you would have gotten if the baseline interpreter/JIT had made the calls.
147         We need to get rid of that. One of the weirder parts of this is that we have special DFG
148         operations for accessing these inlined call frame headers. It's really hard for any
149         analysis of DFG IR to see what the liveness of any of those frame header "variables" is;
150         the liveness behaves like flushed arguments (it's all live until end of the inlinee) but
151         we don't have anything like a Flush node for those special variables.
152         
153         This patch gets rid of the special operations for accessing inline call frame headers.
154         GetMyScope and GetCallee still remain, and are only for accessing the machine call
155         frame's scope/callee entries. The inline call frame's scope/callee now behave like
156         normal variables, and have Flush behavior just like inline arguments.
157
158         * dfg/DFGAbstractInterpreterInlines.h:
159         (JSC::DFG::::executeEffects):
160         * dfg/DFGByteCodeParser.cpp:
161         (JSC::DFG::ByteCodeParser::getDirect):
162         (JSC::DFG::ByteCodeParser::get):
163         (JSC::DFG::ByteCodeParser::setDirect):
164         (JSC::DFG::ByteCodeParser::set):
165         (JSC::DFG::ByteCodeParser::setLocal):
166         (JSC::DFG::ByteCodeParser::setArgument):
167         (JSC::DFG::ByteCodeParser::flush):
168         (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
169         (JSC::DFG::ByteCodeParser::handleInlining):
170         (JSC::DFG::ByteCodeParser::getScope):
171         * dfg/DFGCSEPhase.cpp:
172         (JSC::DFG::CSEPhase::getCalleeLoadElimination):
173         (JSC::DFG::CSEPhase::getMyScopeLoadElimination):
174         (JSC::DFG::CSEPhase::performNodeCSE):
175         * dfg/DFGClobberize.h:
176         (JSC::DFG::clobberize):
177         * dfg/DFGFixupPhase.cpp:
178         (JSC::DFG::FixupPhase::fixupNode):
179         * dfg/DFGNodeType.h:
180         * dfg/DFGPredictionPropagationPhase.cpp:
181         (JSC::DFG::PredictionPropagationPhase::propagate):
182         * dfg/DFGSafeToExecute.h:
183         (JSC::DFG::safeToExecute):
184         * dfg/DFGSpeculativeJIT32_64.cpp:
185         (JSC::DFG::SpeculativeJIT::compile):
186         * dfg/DFGSpeculativeJIT64.cpp:
187         (JSC::DFG::SpeculativeJIT::compile):
188
189 2013-09-27  Filip Pizlo  <fpizlo@apple.com>
190
191         Deoptimize 32-bit deoptimization
192         https://bugs.webkit.org/show_bug.cgi?id=122025
193
194         Reviewed by Oliver Hunt.
195         
196         Just simplifying a bunch of code. I don't want the old, super-complicated,
197         deoptimization code to get in the way of changes I'll be making to DFG stack layout.
198
199         * bytecode/ValueRecovery.h:
200         (JSC::ValueRecovery::inGPR):
201         (JSC::ValueRecovery::isInRegisters):
202         (JSC::ValueRecovery::gpr):
203         (JSC::ValueRecovery::dumpInContext):
204         * dfg/DFGOSRExitCompiler32_64.cpp:
205         (JSC::DFG::OSRExitCompiler::compileExit):
206         * dfg/DFGOSRExitCompiler64.cpp:
207         (JSC::DFG::OSRExitCompiler::compileExit):
208
209 2013-09-27  Alex Christensen  <alex.christensen@flexsim.com>
210
211         Fixed Win64 build after r156184.
212         https://bugs.webkit.org/show_bug.cgi?id=121994
213
214         Reviewed by Oliver Hunt.
215
216         * jit/CCallHelpers.h:
217         (JSC::CCallHelpers::setupTwoStubArgsGPR):
218         (JSC::CCallHelpers::setupTwoStubArgsFPR):
219         Renamed from setupTwoStubArgs.
220         Visual Studio x64 compiler fails to see that this is an overloaded template function.
221         (JSC::CCallHelpers::setupStubArguments):
222         (JSC::CCallHelpers::setupArguments):
223         (JSC::CCallHelpers::setupArgumentsWithExecState):
224         Use setupTwoStubArgsGPR or setupTwoStubArgsFPR instead of setupTwoStubArgs.
225
226 2013-09-27  Gabor Rapcsanyi  <rgabor@webkit.org>
227
228         LLInt alignment problem on ARM in debug mode
229         https://bugs.webkit.org/show_bug.cgi?id=122012
230
231         Reviewed by Michael Saboff.
232
233         Force GCC to put the LLInt code to .text section.
234
235         * llint/LowLevelInterpreter.cpp:
236
237 2013-09-06  Jer Noble  <jer.noble@apple.com>
238
239         [Mac] Implement the media controls in JavaScript.
240         https://bugs.webkit.org/show_bug.cgi?id=120895
241
242         Reviewed by Dean Jackson.
243
244         Define and turn on ENABLE_MEDIA_CONTROLS_SCRIPT.
245
246         * Configurations/FeatureDefines.xcconfig:
247
248 2013-09-27  Andreas Kling  <akling@apple.com>
249
250         Pass VM instead of ExecState to JSDateMath functions.
251         <https://webkit.org/b/121997>
252
253         Reviewed by Geoffrey Garen.
254
255         The JSC date math functions only need the VM, so pass that from
256         callers instead of the whole ExecState.
257
258 2013-09-26  Andreas Kling  <akling@apple.com>
259
260         GetterSetter construction should take a VM instead of ExecState.
261         <https://webkit.org/b/121993>
262
263         Reviewed by Sam Weinig.
264
265         Pass VM& instead of ExecState* to GetterSetter. Updated surrounding
266         code at touched sites to cache VM in a local for fewer loads.
267
268         JSC release binary size -= 4120 bytes.
269
270 2013-09-26  Oliver Hunt  <oliver@apple.com>
271
272         Make GCC happy
273
274         * parser/Parser.h:
275
276 2013-09-25  Oliver Hunt  <oliver@apple.com>
277
278         Implement prefixed-destructuring assignment
279         https://bugs.webkit.org/show_bug.cgi?id=121930
280
281         Reviewed by Mark Hahnenberg.
282
283         Relanding with fix after rollout
284
285 2013-09-26  Michael Saboff  <msaboff@apple.com>
286
287         VirtualRegister should be a class
288         https://bugs.webkit.org/show_bug.cgi?id=121732
289
290         Reviewed by Geoffrey Garen.
291
292         This is a refactoring change.  Changed VirtualRegister from an enum to a class.
293         Moved Operands::operandIsArgument(), operandToArgument(), argumentToOperand()
294         and the similar functions for locals to VirtualRegister class.
295
296         This is in preparation for changing the offset for the first local register from
297         0 to -1.  This is needed since most native calling conventions have the architected
298         frame pointer (e.g. %rbp for X86) point at the slot that stores the previous frame
299         pointer.  Local values start below that address.
300
301         * bytecode/CodeBlock.cpp:
302         * bytecode/CodeBlock.h:
303         * bytecode/Instruction.h:
304         * bytecode/LazyOperandValueProfile.h:
305         * bytecode/MethodOfGettingAValueProfile.cpp:
306         * bytecode/Operands.h:
307         * bytecode/UnlinkedCodeBlock.cpp:
308         * bytecode/UnlinkedCodeBlock.h:
309         * bytecode/ValueRecovery.h:
310         * bytecode/VirtualRegister.h:
311         * bytecompiler/BytecodeGenerator.cpp:
312         * bytecompiler/BytecodeGenerator.h:
313         * bytecompiler/RegisterID.h:
314         * debugger/DebuggerCallFrame.cpp:
315         * dfg/DFGAbstractHeap.h:
316         * dfg/DFGAbstractInterpreterInlines.h:
317         * dfg/DFGArgumentPosition.h:
318         * dfg/DFGArgumentsSimplificationPhase.cpp:
319         * dfg/DFGByteCodeParser.cpp:
320         * dfg/DFGCFGSimplificationPhase.cpp:
321         * dfg/DFGCPSRethreadingPhase.cpp:
322         * dfg/DFGCapabilities.cpp:
323         * dfg/DFGConstantFoldingPhase.cpp:
324         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
325         * dfg/DFGGraph.cpp:
326         * dfg/DFGGraph.h:
327         * dfg/DFGJITCode.cpp:
328         * dfg/DFGNode.h:
329         * dfg/DFGOSREntry.cpp:
330         * dfg/DFGOSREntrypointCreationPhase.cpp:
331         * dfg/DFGOSRExit.h:
332         * dfg/DFGOSRExitCompiler32_64.cpp:
333         * dfg/DFGOSRExitCompiler64.cpp:
334         * dfg/DFGRegisterBank.h:
335         * dfg/DFGScoreBoard.h:
336         * dfg/DFGSpeculativeJIT.cpp:
337         * dfg/DFGSpeculativeJIT.h:
338         * dfg/DFGSpeculativeJIT32_64.cpp:
339         * dfg/DFGSpeculativeJIT64.cpp:
340         * dfg/DFGValidate.cpp:
341         * dfg/DFGValueRecoveryOverride.h:
342         * dfg/DFGVariableAccessData.h:
343         * dfg/DFGVariableEvent.h:
344         * dfg/DFGVariableEventStream.cpp:
345         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
346         * ftl/FTLExitArgumentForOperand.h:
347         * ftl/FTLLink.cpp:
348         * ftl/FTLLowerDFGToLLVM.cpp:
349         * ftl/FTLOSREntry.cpp:
350         * ftl/FTLOSRExit.cpp:
351         * ftl/FTLOSRExit.h:
352         * ftl/FTLOSRExitCompiler.cpp:
353         * interpreter/CallFrame.h:
354         * interpreter/Interpreter.cpp:
355         * jit/AssemblyHelpers.h:
356         * jit/JIT.h:
357         * jit/JITCall.cpp:
358         * jit/JITCall32_64.cpp:
359         * jit/JITInlines.h:
360         * jit/JITOpcodes.cpp:
361         * jit/JITOpcodes32_64.cpp:
362         * jit/JITPropertyAccess32_64.cpp:
363         * jit/JITStubs.cpp:
364         * llint/LLIntSlowPaths.cpp:
365         * profiler/ProfilerBytecodeSequence.cpp:
366         * runtime/CommonSlowPaths.cpp:
367         * runtime/JSActivation.cpp:
368
369 2013-09-26  Anders Carlsson  <andersca@apple.com>
370
371         Work around another MSVC bug.
372
373         * runtime/PrototypeMap.cpp:
374         (JSC::PrototypeMap::emptyObjectStructureForPrototype):
375
376 2013-09-26  Anders Carlsson  <andersca@apple.com>
377
378         Attempt to fix the FTL build.
379
380         * ftl/FTLAbstractHeap.cpp:
381         (JSC::FTL::IndexedAbstractHeap::atSlow):
382
383 2013-09-26  Andreas Kling  <akling@apple.com>
384
385         Pass VM instead of ExecState to many finishCreation() functions.
386         <https://webkit.org/b/121975>
387
388         Reviewed by Sam Weinig.
389
390         Reduce unnecessary loads by passing the VM to object creation
391         functions that don't need the ExecState.
392
393         There are tons of opportunities in this area, I'm just scratching
394         the surface.
395
396 2013-09-26  Commit Queue  <commit-queue@webkit.org>
397
398         Unreviewed, rolling out r156464 and r156480.
399         http://trac.webkit.org/changeset/156464
400         http://trac.webkit.org/changeset/156480
401         https://bugs.webkit.org/show_bug.cgi?id=121981
402
403         Leaking too much and killi\1cng buildbot. (Requested by xenon on
404         #webkit).
405
406         * bytecode/UnlinkedCodeBlock.cpp:
407         (JSC::UnlinkedFunctionExecutable::paramString):
408         * bytecompiler/BytecodeGenerator.cpp:
409         (JSC::BytecodeGenerator::BytecodeGenerator):
410         * bytecompiler/BytecodeGenerator.h:
411         (JSC::BytecodeGenerator::emitExpressionInfo):
412         * bytecompiler/NodesCodegen.cpp:
413         (JSC::ForInNode::emitBytecode):
414         (JSC::FuncExprNode::emitBytecode):
415         * parser/ASTBuilder.h:
416         (JSC::ASTBuilder::createFormalParameterList):
417         (JSC::ASTBuilder::createForInLoop):
418         (JSC::ASTBuilder::addVar):
419         * parser/NodeConstructors.h:
420         (JSC::CommaNode::CommaNode):
421         (JSC::ParameterNode::ParameterNode):
422         (JSC::ForInNode::ForInNode):
423         * parser/Nodes.cpp:
424         (JSC::FunctionParameters::create):
425         (JSC::FunctionParameters::FunctionParameters):
426         (JSC::FunctionParameters::~FunctionParameters):
427         * parser/Nodes.h:
428         (JSC::CommaNode::append):
429         (JSC::ParameterNode::ident):
430         (JSC::FunctionParameters::at):
431         (JSC::FunctionParameters::identifiers):
432         * parser/Parser.cpp:
433         (JSC::::Parser):
434         (JSC::::parseVarDeclaration):
435         (JSC::::parseVarDeclarationList):
436         (JSC::::parseForStatement):
437         (JSC::::parseFormalParameters):
438         (JSC::::parseAssignmentExpression):
439         * parser/Parser.h:
440         (JSC::Scope::declareParameter):
441         * parser/SyntaxChecker.h:
442         (JSC::SyntaxChecker::createFormalParameterList):
443         (JSC::SyntaxChecker::createForInLoop):
444         (JSC::SyntaxChecker::operatorStackPop):
445         * runtime/JSONObject.cpp:
446         * runtime/JSONObject.h:
447
448 2013-09-26  Anders Carlsson  <andersca@apple.com>
449
450         Try to fix the Windows build.
451
452         * jit/JITThunks.cpp:
453         (JSC::JITThunks::hostFunctionStub):
454         * jit/JITThunks.h:
455
456 2013-09-26  Anders Carlsson  <andersca@apple.com>
457
458         Change a couple of HashMap value types from OwnPtr to std::unique_ptr
459         https://bugs.webkit.org/show_bug.cgi?id=121973
460
461         Reviewed by Andreas Kling.
462
463         * API/JSClassRef.cpp:
464         (OpaqueJSClassContextData::OpaqueJSClassContextData):
465         (OpaqueJSClass::contextData):
466         * API/JSClassRef.h:
467         * bytecode/SamplingTool.h:
468         * ftl/FTLAbstractHeap.h:
469         * parser/Parser.cpp:
470         (JSC::::parseFunctionInfo):
471         * parser/SourceProviderCache.cpp:
472         (JSC::SourceProviderCache::add):
473         * parser/SourceProviderCache.h:
474         * parser/SourceProviderCacheItem.h:
475         (JSC::SourceProviderCacheItem::create):
476         * profiler/ProfilerCompilation.cpp:
477         (JSC::Profiler::Compilation::executionCounterFor):
478         (JSC::Profiler::Compilation::toJS):
479         * profiler/ProfilerCompilation.h:
480         * runtime/JSGlobalObject.h:
481
482 2013-09-26  Mark Lam  <mark.lam@apple.com>
483
484         Move DFG inline caching logic into jit/.
485         https://bugs.webkit.org/show_bug.cgi?id=121749.
486
487         Reviewed by Geoffrey Garen.
488
489         Relanding http://trac.webkit.org/changeset/156235 after rebasing to latest
490         revision and fixing build breakages on Windows.
491
492         * CMakeLists.txt:
493         * GNUmakefile.list.am:
494         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
495         * JavaScriptCore.xcodeproj/project.pbxproj:
496         * Target.pri:
497         * bytecode/CallLinkInfo.cpp:
498         (JSC::CallLinkInfo::unlink):
499         * bytecode/CodeBlock.cpp:
500         (JSC::CodeBlock::resetStubInternal):
501         * bytecode/StructureStubInfo.h:
502         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
503         (JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
504         (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
505         * dfg/DFGJITCompiler.h:
506         * dfg/DFGOSRExitCompiler.h:
507         * dfg/DFGOperations.cpp:
508         (JSC::DFG::operationPutByValInternal):
509         * dfg/DFGOperations.h:
510         (JSC::DFG::operationNewTypedArrayWithSizeForType):
511         (JSC::DFG::operationNewTypedArrayWithOneArgumentForType):
512         * dfg/DFGRegisterSet.h: Removed.
513         * dfg/DFGRepatch.cpp: Removed.
514         * dfg/DFGRepatch.h: Removed.
515         * dfg/DFGScratchRegisterAllocator.h: Removed.
516         * dfg/DFGSpeculativeJIT.cpp:
517         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
518         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
519         (JSC::DFG::SpeculativeJIT::compare):
520         * dfg/DFGSpeculativeJIT.h:
521         (JSC::DFG::SpeculativeJIT::callOperation):
522         * dfg/DFGSpeculativeJIT32_64.cpp:
523         (JSC::DFG::SpeculativeJIT::cachedPutById):
524         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
525         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
526         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
527         (JSC::DFG::SpeculativeJIT::compile):
528         * dfg/DFGSpeculativeJIT64.cpp:
529         (JSC::DFG::SpeculativeJIT::cachedPutById):
530         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
531         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
532         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
533         (JSC::DFG::SpeculativeJIT::compile):
534         * dfg/DFGThunks.cpp:
535         * dfg/DFGThunks.h:
536         * ftl/FTLIntrinsicRepository.h:
537         * ftl/FTLLowerDFGToLLVM.cpp:
538         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
539         * ftl/FTLOSRExitCompiler.h:
540         * jit/AssemblyHelpers.h:
541         (JSC::AssemblyHelpers::writeBarrier):
542         * jit/JIT.cpp:
543         (JSC::JIT::linkFor):
544         (JSC::JIT::linkSlowCall):
545         * jit/JITCall.cpp:
546         (JSC::JIT::compileCallEvalSlowCase):
547         (JSC::JIT::compileOpCallSlowCase):
548         (JSC::JIT::privateCompileClosureCall):
549         * jit/JITCall32_64.cpp:
550         (JSC::JIT::compileCallEvalSlowCase):
551         (JSC::JIT::compileOpCallSlowCase):
552         (JSC::JIT::privateCompileClosureCall):
553         * jit/JITOperationWrappers.h: Copied from Source/JavaScriptCore/jit/JITOperationWrappers.h.
554         * jit/JITOperations.cpp: Copied from Source/JavaScriptCore/jit/JITOperations.cpp.
555         (JSC::getHostCallReturnValueWithExecState):
556         * jit/JITOperations.h: Copied from Source/JavaScriptCore/jit/JITOperations.h.
557         * jit/RegisterSet.h: Copied from Source/JavaScriptCore/jit/RegisterSet.h.
558         * jit/Repatch.cpp: Copied from Source/JavaScriptCore/jit/Repatch.cpp.
559         (JSC::tryBuildGetByIDList):
560         * jit/Repatch.h: Copied from Source/JavaScriptCore/jit/Repatch.h.
561         * jit/ScratchRegisterAllocator.h: Copied from Source/JavaScriptCore/jit/ScratchRegisterAllocator.h.
562         * jit/ThunkGenerators.cpp:
563         (JSC::oldStyleGenerateSlowCaseFor):
564         (JSC::oldStyleLinkForGenerator):
565         (JSC::oldStyleLinkCallGenerator):
566         (JSC::oldStyleLinkConstructGenerator):
567         (JSC::oldStyleLinkClosureCallGenerator):
568         (JSC::oldStyleVirtualForGenerator):
569         (JSC::oldStyleVirtualCallGenerator):
570         (JSC::oldStyleVirtualConstructGenerator):
571         (JSC::emitPointerValidation):
572         (JSC::throwExceptionFromCallSlowPathGenerator):
573         (JSC::slowPathFor):
574         (JSC::linkForThunkGenerator):
575         (JSC::linkCallThunkGenerator):
576         (JSC::linkConstructThunkGenerator):
577         (JSC::linkClosureCallThunkGenerator):
578         (JSC::virtualForThunkGenerator):
579         (JSC::virtualCallThunkGenerator):
580         (JSC::virtualConstructThunkGenerator):
581         * jit/ThunkGenerators.h:
582
583 2013-09-26  Anders Carlsson  <andersca@apple.com>
584
585         Remove PassWeak.h
586         https://bugs.webkit.org/show_bug.cgi?id=121971
587
588         Reviewed by Geoffrey Garen.
589
590         * GNUmakefile.list.am:
591         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
592         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
593         * JavaScriptCore.xcodeproj/project.pbxproj:
594         * heap/PassWeak.h: Removed.
595         * heap/WeakInlines.h:
596
597 2013-09-26  Anders Carlsson  <andersca@apple.com>
598
599         Stop using PassWeak
600         https://bugs.webkit.org/show_bug.cgi?id=121968
601
602         Reviewed by Sam Weinig.
603
604         * heap/Weak.h:
605         Remove all knowledge of PassWeak.
606
607         (JSC::Weak::Weak):
608         These constructors don't need to be explicit.
609
610         * heap/WeakInlines.h:
611         (JSC::weakAdd):
612         Change Value to be an rvalue reference and use std::forward.
613
614         * jit/JITThunks.cpp:
615         (JSC::JITThunks::hostFunctionStub):
616         Remove PassWeak.
617
618         * runtime/RegExpCache.cpp:
619         (JSC::RegExpCache::lookupOrCreate):
620         Use Weak instead of PassWeak.
621
622         * runtime/SimpleTypedArrayController.cpp:
623         Change add and set to take Weak by value and std::move into place.
624
625         * runtime/WeakGCMap.h:
626         (JSC::WeakGCMap::get):
627         (JSC::WeakGCMap::set):
628         (JSC::WeakGCMap::add):
629
630 2013-09-26  Commit Queue  <commit-queue@webkit.org>
631
632         Unreviewed, rolling out r156474.
633         http://trac.webkit.org/changeset/156474
634         https://bugs.webkit.org/show_bug.cgi?id=121966
635
636         Broke the builds. (Requested by xenon on #webkit).
637
638         * bytecode/CodeBlock.cpp:
639         (JSC::CodeBlock::registerName):
640         (JSC::CodeBlock::dumpBytecode):
641         (JSC::CodeBlock::CodeBlock):
642         (JSC::CodeBlock::createActivation):
643         (JSC::CodeBlock::nameForRegister):
644         * bytecode/CodeBlock.h:
645         (JSC::unmodifiedArgumentsRegister):
646         (JSC::CodeBlock::isKnownNotImmediate):
647         (JSC::CodeBlock::setThisRegister):
648         (JSC::CodeBlock::thisRegister):
649         (JSC::CodeBlock::setArgumentsRegister):
650         (JSC::CodeBlock::argumentsRegister):
651         (JSC::CodeBlock::uncheckedArgumentsRegister):
652         (JSC::CodeBlock::setActivationRegister):
653         (JSC::CodeBlock::activationRegister):
654         (JSC::CodeBlock::uncheckedActivationRegister):
655         (JSC::CodeBlock::usesArguments):
656         (JSC::CodeBlock::isCaptured):
657         * bytecode/Instruction.h:
658         * bytecode/LazyOperandValueProfile.h:
659         (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey):
660         (JSC::LazyOperandValueProfileKey::operator!):
661         (JSC::LazyOperandValueProfileKey::hash):
662         (JSC::LazyOperandValueProfileKey::operand):
663         (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue):
664         (JSC::LazyOperandValueProfile::LazyOperandValueProfile):
665         * bytecode/MethodOfGettingAValueProfile.cpp:
666         (JSC::MethodOfGettingAValueProfile::fromLazyOperand):
667         (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
668         * bytecode/Operands.h:
669         (JSC::localToOperand):
670         (JSC::operandIsLocal):
671         (JSC::operandToLocal):
672         (JSC::operandIsArgument):
673         (JSC::operandToArgument):
674         (JSC::argumentToOperand):
675         (JSC::Operands::operand):
676         (JSC::Operands::hasOperand):
677         (JSC::Operands::setOperand):
678         (JSC::Operands::operandForIndex):
679         (JSC::Operands::setOperandFirstTime):
680         * bytecode/UnlinkedCodeBlock.cpp:
681         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
682         * bytecode/UnlinkedCodeBlock.h:
683         (JSC::UnlinkedCodeBlock::setThisRegister):
684         (JSC::UnlinkedCodeBlock::setActivationRegister):
685         (JSC::UnlinkedCodeBlock::setArgumentsRegister):
686         (JSC::UnlinkedCodeBlock::usesArguments):
687         (JSC::UnlinkedCodeBlock::argumentsRegister):
688         (JSC::UnlinkedCodeBlock::usesGlobalObject):
689         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister):
690         (JSC::UnlinkedCodeBlock::globalObjectRegister):
691         (JSC::UnlinkedCodeBlock::thisRegister):
692         (JSC::UnlinkedCodeBlock::activationRegister):
693         * bytecode/ValueRecovery.h:
694         (JSC::ValueRecovery::displacedInJSStack):
695         (JSC::ValueRecovery::virtualRegister):
696         (JSC::ValueRecovery::dumpInContext):
697         * bytecode/VirtualRegister.h:
698         (WTF::printInternal):
699         * bytecompiler/BytecodeGenerator.cpp:
700         (JSC::BytecodeGenerator::generate):
701         (JSC::BytecodeGenerator::addVar):
702         (JSC::BytecodeGenerator::BytecodeGenerator):
703         (JSC::BytecodeGenerator::createLazyRegisterIfNecessary):
704         (JSC::BytecodeGenerator::newRegister):
705         (JSC::BytecodeGenerator::emitLoadGlobalObject):
706         (JSC::BytecodeGenerator::emitGetArgumentsLength):
707         (JSC::BytecodeGenerator::emitGetArgumentByVal):
708         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
709         (JSC::BytecodeGenerator::emitReturn):
710         * bytecompiler/BytecodeGenerator.h:
711         (JSC::BytecodeGenerator::registerFor):
712         * bytecompiler/RegisterID.h:
713         (JSC::RegisterID::RegisterID):
714         (JSC::RegisterID::setIndex):
715         (JSC::RegisterID::index):
716         * debugger/DebuggerCallFrame.cpp:
717         (JSC::DebuggerCallFrame::thisObject):
718         * dfg/DFGAbstractHeap.h:
719         (JSC::DFG::AbstractHeap::Payload::Payload):
720         * dfg/DFGAbstractInterpreterInlines.h:
721         (JSC::DFG::::executeEffects):
722         (JSC::DFG::::clobberCapturedVars):
723         * dfg/DFGArgumentPosition.h:
724         (JSC::DFG::ArgumentPosition::dump):
725         * dfg/DFGArgumentsSimplificationPhase.cpp:
726         (JSC::DFG::ArgumentsSimplificationPhase::run):
727         (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
728         (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
729         * dfg/DFGByteCodeParser.cpp:
730         (JSC::DFG::ByteCodeParser::newVariableAccessData):
731         (JSC::DFG::ByteCodeParser::getDirect):
732         (JSC::DFG::ByteCodeParser::get):
733         (JSC::DFG::ByteCodeParser::setDirect):
734         (JSC::DFG::ByteCodeParser::set):
735         (JSC::DFG::ByteCodeParser::getLocal):
736         (JSC::DFG::ByteCodeParser::setLocal):
737         (JSC::DFG::ByteCodeParser::getArgument):
738         (JSC::DFG::ByteCodeParser::setArgument):
739         (JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
740         (JSC::DFG::ByteCodeParser::findArgumentPosition):
741         (JSC::DFG::ByteCodeParser::flush):
742         (JSC::DFG::ByteCodeParser::flushDirect):
743         (JSC::DFG::ByteCodeParser::getToInt32):
744         (JSC::DFG::ByteCodeParser::getThis):
745         (JSC::DFG::ByteCodeParser::addCall):
746         (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
747         (JSC::DFG::ByteCodeParser::handleCall):
748         (JSC::DFG::ByteCodeParser::emitFunctionChecks):
749         (JSC::DFG::ByteCodeParser::emitArgumentPhantoms):
750         (JSC::DFG::ByteCodeParser::handleInlining):
751         (JSC::DFG::ByteCodeParser::handleMinMax):
752         (JSC::DFG::ByteCodeParser::handleIntrinsic):
753         (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
754         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
755         (JSC::DFG::ByteCodeParser::handleGetByOffset):
756         (JSC::DFG::ByteCodeParser::handleGetById):
757         (JSC::DFG::ByteCodeParser::parseBlock):
758         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
759         (JSC::DFG::ByteCodeParser::parse):
760         * dfg/DFGCFGSimplificationPhase.cpp:
761         * dfg/DFGCPSRethreadingPhase.cpp:
762         (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocal):
763         (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocal):
764         (JSC::DFG::CPSRethreadingPhase::canonicalizeSetArgument):
765         * dfg/DFGCapabilities.cpp:
766         (JSC::DFG::capabilityLevel):
767         * dfg/DFGConstantFoldingPhase.cpp:
768         (JSC::DFG::ConstantFoldingPhase::isCapturedAtOrAfter):
769         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
770         (JSC::DFG::FlushLivenessAnalysisPhase::setForNode):
771         * dfg/DFGGraph.cpp:
772         (JSC::DFG::Graph::dump):
773         * dfg/DFGGraph.h:
774         (JSC::DFG::Graph::argumentsRegisterFor):
775         (JSC::DFG::Graph::uncheckedArgumentsRegisterFor):
776         (JSC::DFG::Graph::uncheckedActivationRegisterFor):
777         (JSC::DFG::Graph::valueProfileFor):
778         * dfg/DFGJITCode.cpp:
779         (JSC::DFG::JITCode::reconstruct):
780         * dfg/DFGNode.h:
781         (JSC::DFG::Node::Node):
782         (JSC::DFG::Node::convertToGetLocalUnlinked):
783         (JSC::DFG::Node::hasVirtualRegister):
784         (JSC::DFG::Node::virtualRegister):
785         (JSC::DFG::Node::setVirtualRegister):
786         * dfg/DFGOSREntry.cpp:
787         (JSC::DFG::prepareOSREntry):
788         * dfg/DFGOSREntrypointCreationPhase.cpp:
789         (JSC::DFG::OSREntrypointCreationPhase::run):
790         * dfg/DFGOSRExit.h:
791         * dfg/DFGOSRExitCompiler32_64.cpp:
792         (JSC::DFG::OSRExitCompiler::compileExit):
793         * dfg/DFGOSRExitCompiler64.cpp:
794         (JSC::DFG::OSRExitCompiler::compileExit):
795         * dfg/DFGRegisterBank.h:
796         (JSC::DFG::RegisterBank::tryAllocate):
797         (JSC::DFG::RegisterBank::allocateSpecific):
798         (JSC::DFG::RegisterBank::retain):
799         (JSC::DFG::RegisterBank::isInUse):
800         (JSC::DFG::RegisterBank::dump):
801         (JSC::DFG::RegisterBank::releaseAtIndex):
802         (JSC::DFG::RegisterBank::allocateInternal):
803         (JSC::DFG::RegisterBank::MapEntry::MapEntry):
804         * dfg/DFGScoreBoard.h:
805         (JSC::DFG::ScoreBoard::allocate):
806         (JSC::DFG::ScoreBoard::use):
807         * dfg/DFGSpeculativeJIT.cpp:
808         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
809         (JSC::DFG::SpeculativeJIT::checkConsistency):
810         (JSC::DFG::SpeculativeJIT::compileMovHint):
811         (JSC::DFG::SpeculativeJIT::compileInlineStart):
812         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
813         * dfg/DFGSpeculativeJIT.h:
814         (JSC::DFG::SpeculativeJIT::allocate):
815         (JSC::DFG::SpeculativeJIT::fprAllocate):
816         (JSC::DFG::SpeculativeJIT::silentSpillAllRegistersImpl):
817         (JSC::DFG::SpeculativeJIT::flushRegisters):
818         (JSC::DFG::SpeculativeJIT::isFlushed):
819         (JSC::DFG::SpeculativeJIT::argumentSlot):
820         (JSC::DFG::SpeculativeJIT::argumentTagSlot):
821         (JSC::DFG::SpeculativeJIT::argumentPayloadSlot):
822         (JSC::DFG::SpeculativeJIT::valueSourceForOperand):
823         (JSC::DFG::SpeculativeJIT::setNodeForOperand):
824         (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand):
825         (JSC::DFG::SpeculativeJIT::recordSetLocal):
826         (JSC::DFG::SpeculativeJIT::generationInfoFromVirtualRegister):
827         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
828         * dfg/DFGSpeculativeJIT64.cpp:
829         (JSC::DFG::SpeculativeJIT::compile):
830         * dfg/DFGValidate.cpp:
831         (JSC::DFG::Validate::validate):
832         (JSC::DFG::Validate::validateCPS):
833         (JSC::DFG::Validate::checkOperand):
834         (JSC::DFG::Validate::reportValidationContext):
835         * dfg/DFGValueRecoveryOverride.h:
836         (JSC::DFG::ValueRecoveryOverride::ValueRecoveryOverride):
837         * dfg/DFGVariableAccessData.h:
838         (JSC::DFG::VariableAccessData::operand):
839         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
840         (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
841         (JSC::DFG::VariableAccessData::flushFormat):
842         * dfg/DFGVariableEvent.h:
843         (JSC::DFG::VariableEvent::spill):
844         (JSC::DFG::VariableEvent::setLocal):
845         * dfg/DFGVariableEventStream.cpp:
846         (JSC::DFG::VariableEventStream::reconstruct):
847         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
848         (JSC::DFG::VirtualRegisterAllocationPhase::run):
849         * ftl/FTLExitArgumentForOperand.h:
850         (JSC::FTL::ExitArgumentForOperand::ExitArgumentForOperand):
851         (JSC::FTL::ExitArgumentForOperand::operand):
852         * ftl/FTLLink.cpp:
853         (JSC::FTL::link):
854         * ftl/FTLLowerDFGToLLVM.cpp:
855         (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
856         (JSC::FTL::LowerDFGToLLVM::compileGetArgument):
857         (JSC::FTL::LowerDFGToLLVM::compileExtractOSREntryLocal):
858         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
859         (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
860         (JSC::FTL::LowerDFGToLLVM::observeMovHint):
861         (JSC::FTL::LowerDFGToLLVM::addressFor):
862         (JSC::FTL::LowerDFGToLLVM::payloadFor):
863         (JSC::FTL::LowerDFGToLLVM::tagFor):
864         * ftl/FTLOSREntry.cpp:
865         (JSC::FTL::prepareOSREntry):
866         * ftl/FTLOSRExit.cpp:
867         (JSC::FTL::OSRExit::convertToForward):
868         * ftl/FTLOSRExit.h:
869         * ftl/FTLOSRExitCompiler.cpp:
870         (JSC::FTL::compileStub):
871         * interpreter/CallFrame.h:
872         * interpreter/Interpreter.cpp:
873         (JSC::Interpreter::dumpRegisters):
874         (JSC::unwindCallFrame):
875         (JSC::Interpreter::unwind):
876         * jit/AssemblyHelpers.h:
877         (JSC::AssemblyHelpers::addressFor):
878         (JSC::AssemblyHelpers::tagFor):
879         (JSC::AssemblyHelpers::payloadFor):
880         (JSC::AssemblyHelpers::argumentsRegisterFor):
881         * jit/JIT.h:
882         * jit/JITCall.cpp:
883         (JSC::JIT::compileLoadVarargs):
884         * jit/JITInlines.h:
885         (JSC::JIT::emitGetVirtualRegister):
886         * jit/JITOpcodes.cpp:
887         (JSC::JIT::emit_op_tear_off_arguments):
888         (JSC::JIT::emit_op_get_pnames):
889         (JSC::JIT::emit_op_enter):
890         (JSC::JIT::emit_op_create_arguments):
891         (JSC::JIT::emitSlow_op_get_argument_by_val):
892         * jit/JITOpcodes32_64.cpp:
893         (JSC::JIT::emit_op_enter):
894         * jit/JITStubs.cpp:
895         (JSC::DEFINE_STUB_FUNCTION):
896         * llint/LLIntSlowPaths.cpp:
897         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
898         * profiler/ProfilerBytecodeSequence.cpp:
899         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
900         * runtime/CommonSlowPaths.cpp:
901         (JSC::SLOW_PATH_DECL):
902         * runtime/JSActivation.cpp:
903         (JSC::JSActivation::argumentsGetter):
904
905 2013-09-26  Oliver Hunt  <oliver@apple.com>
906
907         Attempt to fix MSVC build
908
909         * parser/Parser.cpp:
910         (JSC::::createBindingPattern):
911         (JSC::::parseDeconstructionPattern):
912         * parser/Parser.h:
913
914 2013-09-26  Julien Brianceau  <jbriance@cisco.com>
915
916         [sh4] JSValue* exception is unused since r70703 in JITStackFrame.
917         https://bugs.webkit.org/show_bug.cgi?id=121962
918
919         This is a cosmetic change, but it could avoid people reading sh4 part to
920         waste time to understand why there is a JSValue* here.
921
922         Reviewed by Darin Adler.
923
924         * jit/JITStubs.h:
925
926 2013-09-26  Anders Carlsson  <andersca@apple.com>
927
928         WeakGCMap should not inherit from HashMap
929         https://bugs.webkit.org/show_bug.cgi?id=121964
930
931         Reviewed by Geoffrey Garen.
932
933         Add the HashMap as a member variable instead and implement the missing member functions.
934
935         * runtime/WeakGCMap.h:
936
937 2013-09-25  Michael Saboff  <msaboff@apple.com>
938
939         VirtualRegister should be a class
940         https://bugs.webkit.org/show_bug.cgi?id=121732
941
942         Reviewed by Geoffrey Garen.
943
944         This is a refactoring change.  Changed VirtualRegister from an enum to a class.
945         Moved Operands::operandIsArgument(), operandToArgument(), argumentToOperand()
946         and the similar functions for locals to VirtualRegister class.
947
948         This is in preparation for changing the offset for the first local register from
949         0 to -1.  This is needed since most native calling conventions have the architected
950         frame pointer (e.g. %rbp for X86) point at the slot that stores the previous frame
951         pointer.  Local values start below that address.
952
953         * bytecode/CodeBlock.cpp:
954         * bytecode/CodeBlock.h:
955         * bytecode/Instruction.h:
956         * bytecode/LazyOperandValueProfile.h:
957         * bytecode/MethodOfGettingAValueProfile.cpp:
958         * bytecode/Operands.h:
959         * bytecode/UnlinkedCodeBlock.cpp:
960         * bytecode/UnlinkedCodeBlock.h:
961         * bytecode/ValueRecovery.h:
962         * bytecode/VirtualRegister.h:
963         * bytecompiler/BytecodeGenerator.cpp:
964         * bytecompiler/BytecodeGenerator.h:
965         * bytecompiler/RegisterID.h:
966         * debugger/DebuggerCallFrame.cpp:
967         * dfg/DFGAbstractHeap.h:
968         * dfg/DFGAbstractInterpreterInlines.h:
969         * dfg/DFGArgumentPosition.h:
970         * dfg/DFGArgumentsSimplificationPhase.cpp:
971         * dfg/DFGByteCodeParser.cpp:
972         * dfg/DFGCFGSimplificationPhase.cpp:
973         * dfg/DFGCPSRethreadingPhase.cpp:
974         * dfg/DFGCapabilities.cpp:
975         * dfg/DFGConstantFoldingPhase.cpp:
976         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
977         * dfg/DFGGraph.cpp:
978         * dfg/DFGGraph.h:
979         * dfg/DFGJITCode.cpp:
980         * dfg/DFGNode.h:
981         * dfg/DFGOSREntry.cpp:
982         * dfg/DFGOSREntrypointCreationPhase.cpp:
983         * dfg/DFGOSRExit.h:
984         * dfg/DFGOSRExitCompiler32_64.cpp:
985         * dfg/DFGOSRExitCompiler64.cpp:
986         * dfg/DFGRegisterBank.h:
987         * dfg/DFGScoreBoard.h:
988         * dfg/DFGSpeculativeJIT.cpp:
989         * dfg/DFGSpeculativeJIT.h:
990         * dfg/DFGSpeculativeJIT64.cpp:
991         * dfg/DFGValidate.cpp:
992         * dfg/DFGValueRecoveryOverride.h:
993         * dfg/DFGVariableAccessData.h:
994         * dfg/DFGVariableEvent.h:
995         * dfg/DFGVariableEventStream.cpp:
996         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
997         * ftl/FTLExitArgumentForOperand.h:
998         * ftl/FTLLink.cpp:
999         * ftl/FTLLowerDFGToLLVM.cpp:
1000         * ftl/FTLOSREntry.cpp:
1001         * ftl/FTLOSRExit.cpp:
1002         * ftl/FTLOSRExit.h:
1003         * ftl/FTLOSRExitCompiler.cpp:
1004         * interpreter/CallFrame.h:
1005         * interpreter/Interpreter.cpp:
1006         * jit/AssemblyHelpers.h:
1007         * jit/JIT.h:
1008         * jit/JITCall.cpp:
1009         * jit/JITInlines.h:
1010         * jit/JITOpcodes.cpp:
1011         * jit/JITOpcodes32_64.cpp:
1012         * jit/JITStubs.cpp:
1013         * llint/LLIntSlowPaths.cpp:
1014         * profiler/ProfilerBytecodeSequence.cpp:
1015         * runtime/CommonSlowPaths.cpp:
1016         * runtime/JSActivation.cpp:
1017
1018 2013-09-26  Anders Carlsson  <andersca@apple.com>
1019
1020         Weak should have a move constructor and move assignment operator
1021         https://bugs.webkit.org/show_bug.cgi?id=121963
1022
1023         Reviewed by Oliver Hunt.
1024
1025         This is the first step towards getting rid of PassWeak.
1026
1027         * API/JSClassRef.cpp:
1028         (OpaqueJSClass::prototype):
1029         * heap/Weak.h:
1030         * heap/WeakInlines.h:
1031         (JSC::::Weak):
1032         (JSC::::leakImpl):
1033         * runtime/SimpleTypedArrayController.cpp:
1034         (JSC::SimpleTypedArrayController::toJS):
1035
1036 2013-09-26  Mark Hahnenberg  <mhahnenberg@apple.com>
1037
1038         op_to_this shouldn't use value profiling
1039         https://bugs.webkit.org/show_bug.cgi?id=121920
1040
1041         Reviewed by Geoffrey Garen.
1042
1043         Currently it's the only opcode that uses m_singletonValue, which is unnecessary. Our current plan is 
1044         to remove m_singletonValue so that GenGC can have a simpler story for handling CodeBlocks/FunctionExecutables 
1045         during nursery collections.
1046
1047         This patch adds an inline cache for the Structure of to_this so it no longer depends on the ValueProfile's
1048         m_singletonValue. Since nobody uses m_singletonValue now, this patch also removes m_singletonValue from
1049         ValueProfile.
1050
1051         * bytecode/CodeBlock.cpp:
1052         (JSC::CodeBlock::CodeBlock):
1053         (JSC::CodeBlock::finalizeUnconditionally):
1054         (JSC::CodeBlock::stronglyVisitStrongReferences):
1055         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
1056         (JSC::CodeBlock::updateAllValueProfilePredictions):
1057         (JSC::CodeBlock::updateAllPredictions):
1058         (JSC::CodeBlock::shouldOptimizeNow):
1059         * bytecode/CodeBlock.h:
1060         (JSC::CodeBlock::updateAllValueProfilePredictions):
1061         (JSC::CodeBlock::updateAllPredictions):
1062         * bytecode/LazyOperandValueProfile.cpp:
1063         (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
1064         * bytecode/LazyOperandValueProfile.h:
1065         * bytecode/ValueProfile.h:
1066         (JSC::ValueProfileBase::ValueProfileBase):
1067         (JSC::ValueProfileBase::briefDescription):
1068         (JSC::ValueProfileBase::dump):
1069         (JSC::ValueProfileBase::computeUpdatedPrediction):
1070         * bytecompiler/BytecodeGenerator.cpp:
1071         (JSC::BytecodeGenerator::BytecodeGenerator):
1072         * dfg/DFGByteCodeParser.cpp:
1073         (JSC::DFG::ByteCodeParser::parseBlock):
1074         * jit/JITOpcodes.cpp:
1075         (JSC::JIT::emit_op_to_this):
1076         (JSC::JIT::emitSlow_op_to_this):
1077         * jit/JITOpcodes32_64.cpp:
1078         (JSC::JIT::emit_op_to_this):
1079         (JSC::JIT::emitSlow_op_to_this):
1080         * llint/LowLevelInterpreter32_64.asm:
1081         * llint/LowLevelInterpreter64.asm:
1082         * runtime/CommonSlowPaths.cpp:
1083         (JSC::SLOW_PATH_DECL):
1084
1085 2013-09-25  Oliver Hunt  <oliver@apple.com>
1086
1087         Implement prefixed-destructuring assignment
1088         https://bugs.webkit.org/show_bug.cgi?id=121930
1089
1090         Reviewed by Mark Hahnenberg.
1091
1092         This is mostly simple - the semantics of deconstruction are already
1093         present in the language, so most of the complexity (if you call it
1094         that) is addition of new AST nodes, and parsing the syntax.
1095
1096         In order to get correct semantics for the parameter lists, FunctionParameters
1097         now needs to store refcounted references to the parameter patterns.
1098         There's also a little work to ensure that variable creation and assignment
1099         occurs in the correct order while the BytecodeGenerator is being constructed. 
1100
1101         * bytecode/UnlinkedCodeBlock.cpp:
1102         (JSC::UnlinkedFunctionExecutable::paramString):
1103         * bytecompiler/BytecodeGenerator.cpp:
1104         (JSC::BytecodeGenerator::BytecodeGenerator):
1105         * bytecompiler/BytecodeGenerator.h:
1106         (JSC::BytecodeGenerator::emitExpressionInfo):
1107         * bytecompiler/NodesCodegen.cpp:
1108         (JSC::ForInNode::emitBytecode):
1109         (JSC::DeconstructingAssignmentNode::emitBytecode):
1110         (JSC::DeconstructionPatternNode::~DeconstructionPatternNode):
1111         (JSC::ArrayPatternNode::emitBytecode):
1112         (JSC::ArrayPatternNode::emitDirectBinding):
1113         (JSC::ArrayPatternNode::toString):
1114         (JSC::ArrayPatternNode::collectBoundIdentifiers):
1115         (JSC::ObjectPatternNode::toString):
1116         (JSC::ObjectPatternNode::emitBytecode):
1117         (JSC::ObjectPatternNode::collectBoundIdentifiers):
1118         (JSC::BindingNode::emitBytecode):
1119         (JSC::BindingNode::toString):
1120         (JSC::BindingNode::collectBoundIdentifiers):
1121         * parser/ASTBuilder.h:
1122         (JSC::ASTBuilder::createFormalParameterList):
1123         (JSC::ASTBuilder::createForInLoop):
1124         (JSC::ASTBuilder::addVar):
1125         (JSC::ASTBuilder::createDeconstructingAssignment):
1126         (JSC::ASTBuilder::createArrayPattern):
1127         (JSC::ASTBuilder::appendArrayPatternSkipEntry):
1128         (JSC::ASTBuilder::appendArrayPatternEntry):
1129         (JSC::ASTBuilder::createObjectPattern):
1130         (JSC::ASTBuilder::appendObjectPatternEntry):
1131         (JSC::ASTBuilder::createBindingLocation):
1132         * parser/NodeConstructors.h:
1133         (JSC::CommaNode::CommaNode):
1134         (JSC::ParameterNode::ParameterNode):
1135         (JSC::ForInNode::ForInNode):
1136         (JSC::DeconstructionPatternNode::DeconstructionPatternNode):
1137         (JSC::ArrayPatternNode::ArrayPatternNode):
1138         (JSC::ArrayPatternNode::create):
1139         (JSC::ObjectPatternNode::ObjectPatternNode):
1140         (JSC::ObjectPatternNode::create):
1141         (JSC::BindingNode::create):
1142         (JSC::BindingNode::BindingNode):
1143         (JSC::DeconstructingAssignmentNode::DeconstructingAssignmentNode):
1144         * parser/Nodes.cpp:
1145         (JSC::FunctionParameters::create):
1146         (JSC::FunctionParameters::FunctionParameters):
1147         (JSC::FunctionParameters::~FunctionParameters):
1148         * parser/Nodes.h:
1149         (JSC::ExpressionNode::isDeconstructionNode):
1150         (JSC::ArrayNode::elements):
1151         (JSC::CommaNode::append):
1152         (JSC::ParameterNode::pattern):
1153         (JSC::FunctionParameters::at):
1154         (JSC::FunctionParameters::patterns):
1155         (JSC::DeconstructionPatternNode::isBindingNode):
1156         (JSC::DeconstructionPatternNode::emitDirectBinding):
1157         (JSC::ArrayPatternNode::appendIndex):
1158         (JSC::ObjectPatternNode::appendEntry):
1159         (JSC::ObjectPatternNode::Entry::Entry):
1160         (JSC::BindingNode::boundProperty):
1161         (JSC::BindingNode::isBindingNode):
1162         (JSC::DeconstructingAssignmentNode::bindings):
1163         (JSC::DeconstructingAssignmentNode::isLocation):
1164         (JSC::DeconstructingAssignmentNode::isDeconstructionNode):
1165         * parser/Parser.cpp:
1166         (JSC::::Parser):
1167         (JSC::::parseVarDeclaration):
1168         (JSC::::parseVarDeclarationList):
1169         (JSC::::createBindingPattern):
1170         (JSC::::parseDeconstructionPattern):
1171         (JSC::::parseForStatement):
1172         (JSC::::parseFormalParameters):
1173         (JSC::::parseAssignmentExpression):
1174         * parser/Parser.h:
1175         (JSC::Scope::declareBoundParameter):
1176         (JSC::Parser::declareBoundParameter):
1177         * parser/SyntaxChecker.h:
1178         (JSC::SyntaxChecker::createFormalParameterList):
1179         (JSC::SyntaxChecker::addVar):
1180         (JSC::SyntaxChecker::operatorStackPop):
1181         * runtime/JSONObject.cpp:
1182         (JSC::escapeStringToBuilder):
1183         * runtime/JSONObject.h:
1184
1185 2013-09-25  Brady Eidson  <beidson@apple.com>
1186
1187         Enable the IndexedDB build on Mac, but leave the feature non-functional
1188         https://bugs.webkit.org/show_bug.cgi?id=121918
1189
1190         Reviewed by Alexey Proskuryakov.
1191
1192         * Configurations/FeatureDefines.xcconfig:
1193
1194 2013-09-25  Commit Queue  <commit-queue@webkit.org>
1195
1196         Unreviewed, rolling out r156432.
1197         http://trac.webkit.org/changeset/156432
1198         https://bugs.webkit.org/show_bug.cgi?id=121932
1199
1200         some integer conversion things that need brady to fix
1201         (Requested by thorton on #webkit).
1202
1203         * Configurations/FeatureDefines.xcconfig:
1204
1205 2013-09-25  Anders Carlsson  <andersca@apple.com>
1206
1207         Move KeyValuePairTraits inside HashMap
1208         https://bugs.webkit.org/show_bug.cgi?id=121931
1209
1210         Reviewed by Sam Weinig.
1211
1212         * tools/ProfileTreeNode.h:
1213
1214 2013-09-25  Brady Eidson  <beidson@apple.com>
1215
1216         Enable the IndexedDB build on Mac, but leave the feature non-functional
1217         https://bugs.webkit.org/show_bug.cgi?id=121918
1218
1219         Reviewed by Alexey Proskuryakov.
1220
1221         * Configurations/FeatureDefines.xcconfig:
1222
1223 2013-09-25  Brady Eidson  <beidson@apple.com>
1224
1225         FeatureDefine.xcconfig cleanup (They should all be identical).
1226         https://bugs.webkit.org/show_bug.cgi?id=121921
1227
1228         Reviewed by Mark Rowe.
1229
1230         * Configurations/FeatureDefines.xcconfig:
1231
1232 2013-09-25  Patrick Gansterer  <paroga@webkit.org>
1233
1234         Build fix for WinCE after r155098.
1235
1236         Windows CE does not support getenv().
1237
1238         * jsc.cpp:
1239         (main):
1240
1241 2013-09-24  Mark Hahnenberg  <mhahnenberg@apple.com>
1242
1243         op_get_callee shouldn't use value profiling
1244         https://bugs.webkit.org/show_bug.cgi?id=121821
1245
1246         Reviewed by Filip Pizlo.
1247
1248         Currently it's one of the two opcodes that uses m_singletonValue, which is unnecessary. 
1249         Our current plan is to remove m_singletonValue so that GenGC can have a simpler story 
1250         for handling CodeBlocks/FunctionExecutables during nursery collections.
1251
1252         Instead of using a ValueProfile op_get_callee now has a simple inline cache of the most 
1253         recent JSFunction that we saw.
1254
1255         * bytecode/CodeBlock.cpp:
1256         (JSC::CodeBlock::CodeBlock):
1257         (JSC::CodeBlock::finalizeUnconditionally):
1258         * bytecompiler/BytecodeGenerator.cpp:
1259         (JSC::BytecodeGenerator::emitCreateThis):
1260         * dfg/DFGByteCodeParser.cpp:
1261         (JSC::DFG::ByteCodeParser::parseBlock):
1262         * jit/JIT.cpp:
1263         (JSC::JIT::privateCompileSlowCases):
1264         * jit/JIT.h:
1265         * jit/JITOpcodes.cpp:
1266         (JSC::JIT::emit_op_get_callee):
1267         (JSC::JIT::emitSlow_op_get_callee):
1268         * jit/JITOpcodes32_64.cpp:
1269         (JSC::JIT::emit_op_get_callee):
1270         (JSC::JIT::emitSlow_op_get_callee):
1271         * llint/LowLevelInterpreter32_64.asm:
1272         * llint/LowLevelInterpreter64.asm:
1273         * runtime/CommonSlowPaths.cpp:
1274         (JSC::SLOW_PATH_DECL):
1275         * runtime/CommonSlowPaths.h:
1276
1277 2013-09-24  Mark Lam  <mark.lam@apple.com>
1278
1279         Change JSC debug hooks to pass a CallFrame* instead of a DebuggerCallFrame.
1280         https://bugs.webkit.org/show_bug.cgi?id=121867.
1281
1282         Reviewed by Geoffrey Garen.
1283
1284         1. Removed the need for passing the line and column info to the debug hook
1285            callbacks. We now get the line and column info from the CallFrame.
1286
1287         2. Simplify BytecodeGenerator::emitDebugHook() to only take 1 line number
1288            argument. The caller can determine whether to pass in the first or last
1289            line number of the block of source code as appropriate.
1290            Note: we still need to pass in the line and column info to emitDebugHook()
1291            because it uses this info to emit expression info which is later used by
1292            the StackVisitor to determine the line and column info for its "pc".
1293
1294         3. Pass the exceptionValue explicitly to the exception() debug hook
1295            callback. It should not be embedded in the CallFrame / DebuggerCallFrame.
1296
1297         4. Change the op_debug opcode size to 2 (from 5) since we've removing 3 arg
1298            values. Update the LLINT and JIT code to handle this.
1299
1300         * bytecode/CodeBlock.cpp:
1301         (JSC::CodeBlock::dumpBytecode):
1302         (JSC::CodeBlock::CodeBlock):
1303         * bytecode/Opcode.h:
1304         (JSC::padOpcodeName):
1305         * bytecompiler/BytecodeGenerator.cpp:
1306         (JSC::BytecodeGenerator::emitDebugHook):
1307         * bytecompiler/BytecodeGenerator.h:
1308         * bytecompiler/NodesCodegen.cpp:
1309         (JSC::ConstStatementNode::emitBytecode):
1310         (JSC::EmptyStatementNode::emitBytecode):
1311         (JSC::DebuggerStatementNode::emitBytecode):
1312         (JSC::ExprStatementNode::emitBytecode):
1313         (JSC::VarStatementNode::emitBytecode):
1314         (JSC::IfElseNode::emitBytecode):
1315         (JSC::DoWhileNode::emitBytecode):
1316         (JSC::WhileNode::emitBytecode):
1317         (JSC::ForNode::emitBytecode):
1318         (JSC::ForInNode::emitBytecode):
1319         (JSC::ContinueNode::emitBytecode):
1320         (JSC::BreakNode::emitBytecode):
1321         (JSC::ReturnNode::emitBytecode):
1322         (JSC::WithNode::emitBytecode):
1323         (JSC::SwitchNode::emitBytecode):
1324         (JSC::LabelNode::emitBytecode):
1325         (JSC::ThrowNode::emitBytecode):
1326         (JSC::TryNode::emitBytecode):
1327         (JSC::ProgramNode::emitBytecode):
1328         (JSC::EvalNode::emitBytecode):
1329         (JSC::FunctionBodyNode::emitBytecode):
1330         * debugger/Debugger.h:
1331         * debugger/DebuggerCallFrame.cpp:
1332         (JSC::LineAndColumnFunctor::operator()):
1333         (JSC::LineAndColumnFunctor::line):
1334         (JSC::LineAndColumnFunctor::column):
1335         (JSC::DebuggerCallFrame::DebuggerCallFrame):
1336         (JSC::DebuggerCallFrame::clear):
1337         * debugger/DebuggerCallFrame.h:
1338         (JSC::DebuggerCallFrame::line):
1339         (JSC::DebuggerCallFrame::column):
1340         * interpreter/Interpreter.cpp:
1341         (JSC::unwindCallFrame):
1342         (JSC::UnwindFunctor::UnwindFunctor):
1343         (JSC::UnwindFunctor::operator()):
1344         (JSC::Interpreter::unwind):
1345         (JSC::Interpreter::debug):
1346         * interpreter/Interpreter.h:
1347         * jit/JITOpcodes.cpp:
1348         (JSC::JIT::emit_op_debug):
1349         * jit/JITOpcodes32_64.cpp:
1350         (JSC::JIT::emit_op_debug):
1351         * jit/JITStubs.cpp:
1352         (JSC::DEFINE_STUB_FUNCTION):
1353         * llint/LLIntSlowPaths.cpp:
1354         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1355         * llint/LowLevelInterpreter.asm:
1356
1357 2013-09-24  Filip Pizlo  <fpizlo@apple.com>
1358
1359         Crashing under JSC::DFG::SpeculativeJIT::spill visiting citicards.com
1360         https://bugs.webkit.org/show_bug.cgi?id=121844
1361
1362         Reviewed by Mark Hahnenberg.
1363         
1364         Fix some int52 bugs that caused this.
1365
1366         * bytecode/ValueRecovery.h:
1367         (JSC::ValueRecovery::dumpInContext): There's no such thing as int53.
1368         * dfg/DFGSpeculativeJIT.h:
1369         (JSC::DFG::SpeculativeJIT::spill): Actually spill int52's, instead of hitting an assert and crashing.
1370         * dfg/DFGSpeculativeJIT64.cpp:
1371         (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal): Use the right format (from before when we clobber it).
1372
1373 2013-09-24  Mark Rowe  <mrowe@apple.com>
1374
1375         <rdar://problem/14971518> WebKit should build against the Xcode default toolchain when targeting OS X 10.8
1376
1377         Reviewed by Dan Bernstein.
1378
1379         * Configurations/Base.xcconfig:
1380
1381 2013-09-23  Patrick Gansterer  <paroga@webkit.org>
1382
1383         use NOMINMAX instead of #define min min
1384         https://bugs.webkit.org/show_bug.cgi?id=73563
1385
1386         Reviewed by Brent Fulgham.
1387
1388         Use NOMINMAX instead of #define min/max as a cleaner
1389         way of ensuring that Windows system header files don't
1390         define min/max as macro in the first place.
1391
1392         * config.h:
1393
1394 2013-09-23  Filip Pizlo  <fpizlo@apple.com>
1395
1396         Never use ReturnPC for exception handling and quit using exception check indices as a lame replica of the CodeOrigin index
1397         https://bugs.webkit.org/show_bug.cgi?id=121734
1398
1399         Reviewed by Mark Hahnenberg.
1400         
1401         Exception handling can deduce where the exception was thrown from by looking at the
1402         code origin that was stored into the call frame header. There is no need to pass any
1403         additional meta-data into the exception throwing logic. But the DFG was still doing it
1404         anyway.
1405         
1406         This removes all of the logic to pass extra meta-data into lookupExceptionHandler()
1407         and friends. It simplifies a lot of code.
1408
1409         * CMakeLists.txt:
1410         * GNUmakefile.list.am:
1411         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1412         * JavaScriptCore.xcodeproj/project.pbxproj:
1413         * Target.pri:
1414         * bytecode/CodeBlock.cpp:
1415         (JSC::CodeBlock::shrinkToFit):
1416         * bytecode/CodeBlock.h:
1417         (JSC::CodeBlock::codeOrigins):
1418         (JSC::CodeBlock::hasCodeOrigins):
1419         (JSC::CodeBlock::canGetCodeOrigin):
1420         (JSC::CodeBlock::codeOrigin):
1421         * bytecode/CodeOrigin.h:
1422         (JSC::InlineCallFrame::InlineCallFrame):
1423         * bytecode/InlineCallFrameSet.cpp: Added.
1424         (JSC::InlineCallFrameSet::InlineCallFrameSet):
1425         (JSC::InlineCallFrameSet::~InlineCallFrameSet):
1426         (JSC::InlineCallFrameSet::add):
1427         (JSC::InlineCallFrameSet::shrinkToFit):
1428         * bytecode/InlineCallFrameSet.h: Added.
1429         (JSC::InlineCallFrameSet::isEmpty):
1430         (JSC::InlineCallFrameSet::size):
1431         (JSC::InlineCallFrameSet::at):
1432         * dfg/DFGArgumentsSimplificationPhase.cpp:
1433         (JSC::DFG::ArgumentsSimplificationPhase::run):
1434         * dfg/DFGByteCodeParser.cpp:
1435         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1436         * dfg/DFGCommonData.cpp:
1437         (JSC::DFG::CommonData::addCodeOrigin):
1438         (JSC::DFG::CommonData::shrinkToFit):
1439         * dfg/DFGCommonData.h:
1440         * dfg/DFGDesiredWriteBarriers.cpp:
1441         (JSC::DFG::DesiredWriteBarrier::DesiredWriteBarrier):
1442         (JSC::DFG::DesiredWriteBarrier::trigger):
1443         * dfg/DFGDesiredWriteBarriers.h:
1444         (JSC::DFG::DesiredWriteBarriers::add):
1445         (JSC::DFG::initializeLazyWriteBarrierForInlineCallFrameExecutable):
1446         (JSC::DFG::initializeLazyWriteBarrierForInlineCallFrameCallee):
1447         * dfg/DFGGraph.cpp:
1448         (JSC::DFG::Graph::Graph):
1449         * dfg/DFGGraph.h:
1450         * dfg/DFGJITCompiler.cpp:
1451         (JSC::DFG::JITCompiler::JITCompiler):
1452         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1453         (JSC::DFG::JITCompiler::link):
1454         (JSC::DFG::JITCompiler::compileFunction):
1455         * dfg/DFGJITCompiler.h:
1456         (JSC::DFG::JITCompiler::emitStoreCodeOrigin):
1457         (JSC::DFG::JITCompiler::exceptionCheck):
1458         (JSC::DFG::JITCompiler::fastExceptionCheck):
1459         * dfg/DFGOperations.cpp:
1460         * dfg/DFGOperations.h:
1461         * dfg/DFGRepatch.cpp:
1462         (JSC::DFG::tryBuildGetByIDList):
1463         * dfg/DFGSpeculativeJIT.h:
1464         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
1465         (JSC::DFG::SpeculativeJIT::appendCallSetResult):
1466         (JSC::DFG::SpeculativeJIT::appendCall):
1467         * dfg/DFGSpeculativeJIT32_64.cpp:
1468         (JSC::DFG::SpeculativeJIT::emitCall):
1469         * dfg/DFGSpeculativeJIT64.cpp:
1470         (JSC::DFG::SpeculativeJIT::emitCall):
1471         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1472         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1473         * ftl/FTLLowerDFGToLLVM.cpp:
1474         (JSC::FTL::LowerDFGToLLVM::callPreflight):
1475         * jit/AssemblyHelpers.h:
1476         (JSC::AssemblyHelpers::emitExceptionCheck):
1477
1478 2013-09-23  Oliver Hunt  <oliver@apple.com>
1479
1480         CodeLoad performance regression
1481
1482         Reviewed by Filip Pizlo.
1483
1484         Temporarily remove the ExpressionInfo compression until we can
1485         work out how to make it not clobber performance.
1486
1487         * bytecode/UnlinkedCodeBlock.cpp:
1488         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset):
1489         (JSC::UnlinkedCodeBlock::addExpressionInfo):
1490         * bytecode/UnlinkedCodeBlock.h:
1491
1492 2013-09-23  Patrick Gansterer  <paroga@webkit.org>
1493
1494         Cleanup CMake files in JavaScriptCore
1495         https://bugs.webkit.org/show_bug.cgi?id=121762
1496
1497         Reviewed by Gyuyoung Kim.
1498
1499         Sort files and unify style.
1500
1501         * CMakeLists.txt:
1502         * shell/CMakeLists.txt:
1503         * shell/PlatformBlackBerry.cmake:
1504         * shell/PlatformEfl.cmake:
1505
1506 2013-09-22  Filip Pizlo  <fpizlo@apple.com>
1507
1508         Get rid of CodeBlock::RareData::callReturnIndexVector and most of the evil that it introduced
1509         https://bugs.webkit.org/show_bug.cgi?id=121766
1510
1511         Reviewed by Andreas Kling.
1512
1513         * bytecode/CodeBlock.cpp:
1514         (JSC::CodeBlock::shrinkToFit):
1515         * bytecode/CodeBlock.h:
1516         * dfg/DFGJITCompiler.cpp:
1517         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1518         (JSC::DFG::JITCompiler::link):
1519         * jit/JIT.cpp:
1520         (JSC::JIT::privateCompile):
1521
1522 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
1523
1524         Interpreter::unwind() has no need for the bytecodeOffset
1525         https://bugs.webkit.org/show_bug.cgi?id=121755
1526
1527         Reviewed by Oliver Hunt.
1528         
1529         It was only using the bytecodeOffset for some debugger stuff, but the debugger could
1530         just get the bytecodeOffset the same way the rest of the machinery does: by using the
1531         CallFrame's location.
1532         
1533         It turns out that a lot of really ugly code was in place just to supply this
1534         bytecodeOffset. This patch kills most of that code, and allows us to kill even more
1535         code in a future patch - though most likely that killage will involve further
1536         refactorings as well, see https://bugs.webkit.org/show_bug.cgi?id=121734.
1537
1538         * dfg/DFGOperations.cpp:
1539         * interpreter/CallFrame.cpp:
1540         (JSC::CallFrame::bytecodeOffset):
1541         (JSC::CallFrame::codeOrigin):
1542         * interpreter/CallFrame.h:
1543         * interpreter/Interpreter.cpp:
1544         (JSC::Interpreter::unwind):
1545         * interpreter/Interpreter.h:
1546         * jit/JITExceptions.cpp:
1547         (JSC::genericUnwind):
1548         * jit/JITExceptions.h:
1549         * jit/JITStubs.cpp:
1550         (JSC::DEFINE_STUB_FUNCTION):
1551         (JSC::cti_vm_handle_exception):
1552         * llint/LLIntExceptions.cpp:
1553         (JSC::LLInt::doThrow):
1554         (JSC::LLInt::returnToThrow):
1555         (JSC::LLInt::callToThrow):
1556         * llint/LLIntExceptions.h:
1557         * llint/LLIntSlowPaths.cpp:
1558         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1559         * runtime/CommonSlowPaths.cpp:
1560         (JSC::SLOW_PATH_DECL):
1561         * runtime/CommonSlowPathsExceptions.cpp:
1562         (JSC::CommonSlowPaths::interpreterThrowInCaller):
1563         * runtime/CommonSlowPathsExceptions.h:
1564
1565 2013-09-21  Darin Adler  <darin@apple.com>
1566
1567         Add ExecState::uncheckedArgument and use where possible to shrink a bit
1568         https://bugs.webkit.org/show_bug.cgi?id=121750
1569
1570         Reviewed by Andreas Kling.
1571
1572         * interpreter/CallFrame.h:
1573         (JSC::ExecState::uncheckedArgument): Added. Like argument, but with an
1574         assertion rather than a runtime check.
1575
1576         * API/APICallbackFunction.h:
1577         (JSC::APICallbackFunction::call): Use uncheckedArgument because we are
1578         already in a loop over arguments, so don't need a range check.
1579         * API/JSCallbackConstructor.cpp:
1580         (JSC::constructJSCallback): Ditto.
1581         * API/JSCallbackObjectFunctions.h:
1582         (JSC::JSCallbackObject::construct): Ditto.
1583         (JSC::JSCallbackObject::call): Ditto.
1584         * jsc.cpp:
1585         (functionPrint): Ditto.
1586         (functionRun): Ditto.
1587         (functionSetSamplingFlags): Ditto.
1588         (functionClearSamplingFlags): Ditto.
1589         * runtime/ArrayPrototype.cpp:
1590         (JSC::arrayProtoFuncConcat): Ditto.
1591         (JSC::arrayProtoFuncPush): Use uncheckedArgument because there is already
1592         code that explicitly checks argumentCount.
1593         (JSC::arrayProtoFuncSplice): Ditto.
1594         (JSC::arrayProtoFuncUnShift): Ditto.
1595         (JSC::arrayProtoFuncReduce): Ditto.
1596         (JSC::arrayProtoFuncReduceRight): Ditto.
1597         (JSC::arrayProtoFuncLastIndexOf): Ditto.
1598         * runtime/DatePrototype.cpp:
1599         (JSC::fillStructuresUsingTimeArgs): Ditto.
1600         (JSC::fillStructuresUsingDateArgs): Ditto.
1601         * runtime/JSArrayBufferConstructor.cpp:
1602         (JSC::constructArrayBuffer): Ditto.
1603         * runtime/JSArrayBufferPrototype.cpp:
1604         (JSC::arrayBufferProtoFuncSlice): Ditto.
1605         * runtime/JSBoundFunction.cpp:
1606         (JSC::boundFunctionCall): Ditto.
1607         (JSC::boundFunctionConstruct): Ditto.
1608         * runtime/JSDataViewPrototype.cpp:
1609         (JSC::getData): Ditto.
1610         (JSC::setData): Ditto.
1611         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
1612         (JSC::constructGenericTypedArrayView): Ditto.
1613         * runtime/JSGenericTypedArrayViewPrototypeInlines.h:
1614         (JSC::genericTypedArrayViewProtoFuncSet): Ditto.
1615         (JSC::genericTypedArrayViewProtoFuncSubarray): Ditto.
1616         * runtime/JSONObject.cpp:
1617         (JSC::JSONProtoFuncParse): Ditto.
1618         (JSC::JSONProtoFuncStringify): Ditto.
1619         * runtime/JSPromiseConstructor.cpp:
1620         (JSC::constructPromise): Ditto.
1621         (JSC::JSPromiseConstructorFuncFulfill): Ditto.
1622         (JSC::JSPromiseConstructorFuncResolve): Ditto.
1623         (JSC::JSPromiseConstructorFuncReject): Ditto.
1624         * runtime/MathObject.cpp:
1625         (JSC::mathProtoFuncMax): Ditto.
1626         (JSC::mathProtoFuncMin): Ditto.
1627
1628         * runtime/NameConstructor.cpp:
1629         (JSC::constructPrivateName): Removed unneeded check of argumentCout
1630         that simply repeats what argument already does.
1631         * runtime/NativeErrorConstructor.cpp:
1632         (JSC::Interpreter::constructWithNativeErrorConstructor): Ditto.
1633         (JSC::Interpreter::callNativeErrorConstructor): Ditto.
1634
1635         * runtime/NumberConstructor.cpp:
1636         (JSC::constructWithNumberConstructor): Use uncheckedArgument since
1637         there is already code that explicitly checks argument count.
1638         (JSC::callNumberConstructor): Ditto.
1639
1640         * runtime/ObjectConstructor.cpp:
1641         (JSC::objectConstructorCreate): Small refactoring to not call argument(0)
1642         three times.
1643
1644         * runtime/SetConstructor.cpp:
1645         (JSC::constructSet): Use uncheckedArgument since we are already in a loop
1646         over arguments.
1647
1648         * runtime/StringConstructor.cpp:
1649         (JSC::stringFromCharCodeSlowCase): In a loop.
1650         (JSC::stringFromCharCode): Already checked count.
1651         (JSC::constructWithStringConstructor): Ditto.
1652         (JSC::callStringConstructor): Ditto.
1653         * runtime/StringPrototype.cpp:
1654         (JSC::stringProtoFuncConcat): Already checked count.
1655         * runtime/TestRunnerUtils.cpp:
1656         (JSC::numberOfDFGCompiles): Ditto.
1657         (JSC::setNeverInline): Ditto.
1658
1659 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
1660
1661         Remove the notion that a CallFrame can have a pointer to an InlineCallFrame, since that doesn't happen anymore
1662         https://bugs.webkit.org/show_bug.cgi?id=121753
1663
1664         Reviewed by Darin Adler.
1665
1666         * interpreter/CallFrame.cpp:
1667         (JSC::CallFrame::bytecodeOffsetFromCodeOriginIndex):
1668         * interpreter/CallFrame.h:
1669         * interpreter/Register.h:
1670
1671 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
1672
1673         Unreviewed, fix the revert.
1674
1675         * dfg/DFGRepatch.cpp:
1676
1677 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
1678
1679         Unreviewed, revert http://trac.webkit.org/changeset/156235. It won't work on Windows.
1680
1681         * CMakeLists.txt:
1682         * GNUmakefile.list.am:
1683         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1684         * JavaScriptCore.xcodeproj/project.pbxproj:
1685         * Target.pri:
1686         * bytecode/CallLinkInfo.cpp:
1687         (JSC::CallLinkInfo::unlink):
1688         * bytecode/CodeBlock.cpp:
1689         (JSC::CodeBlock::resetStubInternal):
1690         * bytecode/StructureStubInfo.h:
1691         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
1692         (JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
1693         (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
1694         * dfg/DFGJITCompiler.h:
1695         * dfg/DFGOSRExitCompiler.h:
1696         * dfg/DFGOperations.cpp:
1697         (JSC::DFG::operationPutByValInternal):
1698         * dfg/DFGOperations.h:
1699         (JSC::DFG::operationNewTypedArrayWithSizeForType):
1700         (JSC::DFG::operationNewTypedArrayWithOneArgumentForType):
1701         * dfg/DFGRegisterSet.h: Added.
1702         (JSC::DFG::RegisterSet::RegisterSet):
1703         (JSC::DFG::RegisterSet::asPOD):
1704         (JSC::DFG::RegisterSet::copyInfo):
1705         (JSC::DFG::RegisterSet::set):
1706         (JSC::DFG::RegisterSet::setGPRByIndex):
1707         (JSC::DFG::RegisterSet::clear):
1708         (JSC::DFG::RegisterSet::get):
1709         (JSC::DFG::RegisterSet::getGPRByIndex):
1710         (JSC::DFG::RegisterSet::getFreeGPR):
1711         (JSC::DFG::RegisterSet::setFPRByIndex):
1712         (JSC::DFG::RegisterSet::getFPRByIndex):
1713         (JSC::DFG::RegisterSet::setByIndex):
1714         (JSC::DFG::RegisterSet::getByIndex):
1715         (JSC::DFG::RegisterSet::numberOfSetGPRs):
1716         (JSC::DFG::RegisterSet::numberOfSetFPRs):
1717         (JSC::DFG::RegisterSet::numberOfSetRegisters):
1718         (JSC::DFG::RegisterSet::setBit):
1719         (JSC::DFG::RegisterSet::clearBit):
1720         (JSC::DFG::RegisterSet::getBit):
1721         * dfg/DFGRepatch.cpp: Added.
1722         (JSC::DFG::repatchCall):
1723         (JSC::DFG::repatchByIdSelfAccess):
1724         (JSC::DFG::addStructureTransitionCheck):
1725         (JSC::DFG::replaceWithJump):
1726         (JSC::DFG::emitRestoreScratch):
1727         (JSC::DFG::linkRestoreScratch):
1728         (JSC::DFG::generateProtoChainAccessStub):
1729         (JSC::DFG::tryCacheGetByID):
1730         (JSC::DFG::repatchGetByID):
1731         (JSC::DFG::getPolymorphicStructureList):
1732         (JSC::DFG::patchJumpToGetByIdStub):
1733         (JSC::DFG::tryBuildGetByIDList):
1734         (JSC::DFG::buildGetByIDList):
1735         (JSC::DFG::appropriateGenericPutByIdFunction):
1736         (JSC::DFG::appropriateListBuildingPutByIdFunction):
1737         (JSC::DFG::emitPutReplaceStub):
1738         (JSC::DFG::emitPutTransitionStub):
1739         (JSC::DFG::tryCachePutByID):
1740         (JSC::DFG::repatchPutByID):
1741         (JSC::DFG::tryBuildPutByIdList):
1742         (JSC::DFG::buildPutByIdList):
1743         (JSC::DFG::tryRepatchIn):
1744         (JSC::DFG::repatchIn):
1745         (JSC::DFG::linkSlowFor):
1746         (JSC::DFG::linkFor):
1747         (JSC::DFG::linkClosureCall):
1748         (JSC::DFG::resetGetByID):
1749         (JSC::DFG::resetPutByID):
1750         (JSC::DFG::resetIn):
1751         * dfg/DFGRepatch.h: Added.
1752         (JSC::DFG::resetGetByID):
1753         (JSC::DFG::resetPutByID):
1754         (JSC::DFG::resetIn):
1755         * dfg/DFGScratchRegisterAllocator.h: Added.
1756         (JSC::DFG::ScratchRegisterAllocator::ScratchRegisterAllocator):
1757         (JSC::DFG::ScratchRegisterAllocator::lock):
1758         (JSC::DFG::ScratchRegisterAllocator::allocateScratch):
1759         (JSC::DFG::ScratchRegisterAllocator::allocateScratchGPR):
1760         (JSC::DFG::ScratchRegisterAllocator::allocateScratchFPR):
1761         (JSC::DFG::ScratchRegisterAllocator::didReuseRegisters):
1762         (JSC::DFG::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
1763         (JSC::DFG::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
1764         (JSC::DFG::ScratchRegisterAllocator::desiredScratchBufferSize):
1765         (JSC::DFG::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
1766         (JSC::DFG::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
1767         * dfg/DFGSpeculativeJIT.cpp:
1768         (JSC::DFG::SpeculativeJIT::writeBarrier):
1769         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
1770         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
1771         (JSC::DFG::SpeculativeJIT::compare):
1772         * dfg/DFGSpeculativeJIT.h:
1773         (JSC::DFG::SpeculativeJIT::callOperation):
1774         * dfg/DFGSpeculativeJIT32_64.cpp:
1775         (JSC::DFG::SpeculativeJIT::cachedPutById):
1776         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
1777         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
1778         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
1779         (JSC::DFG::SpeculativeJIT::compile):
1780         * dfg/DFGSpeculativeJIT64.cpp:
1781         (JSC::DFG::SpeculativeJIT::cachedPutById):
1782         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
1783         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
1784         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
1785         (JSC::DFG::SpeculativeJIT::compile):
1786         * dfg/DFGThunks.cpp:
1787         (JSC::DFG::emitPointerValidation):
1788         (JSC::DFG::throwExceptionFromCallSlowPathGenerator):
1789         (JSC::DFG::slowPathFor):
1790         (JSC::DFG::linkForThunkGenerator):
1791         (JSC::DFG::linkCallThunkGenerator):
1792         (JSC::DFG::linkConstructThunkGenerator):
1793         (JSC::DFG::linkClosureCallThunkGenerator):
1794         (JSC::DFG::virtualForThunkGenerator):
1795         (JSC::DFG::virtualCallThunkGenerator):
1796         (JSC::DFG::virtualConstructThunkGenerator):
1797         * dfg/DFGThunks.h:
1798         * ftl/FTLIntrinsicRepository.h:
1799         * ftl/FTLLowerDFGToLLVM.cpp:
1800         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
1801         * ftl/FTLOSRExitCompiler.h:
1802         * jit/AssemblyHelpers.h:
1803         * jit/JIT.cpp:
1804         (JSC::JIT::linkFor):
1805         (JSC::JIT::linkSlowCall):
1806         * jit/JITCall.cpp:
1807         (JSC::JIT::compileCallEvalSlowCase):
1808         (JSC::JIT::compileOpCallSlowCase):
1809         (JSC::JIT::privateCompileClosureCall):
1810         * jit/JITCall32_64.cpp:
1811         (JSC::JIT::compileCallEvalSlowCase):
1812         (JSC::JIT::compileOpCallSlowCase):
1813         (JSC::JIT::privateCompileClosureCall):
1814         * jit/JITOperationWrappers.h: Removed.
1815         * jit/JITOperations.cpp: Removed.
1816         * jit/JITOperations.h: Removed.
1817         * jit/RegisterSet.h: Removed.
1818         * jit/Repatch.cpp: Removed.
1819         * jit/Repatch.h: Removed.
1820         * jit/ScratchRegisterAllocator.h: Removed.
1821         * jit/ThunkGenerators.cpp:
1822         (JSC::generateSlowCaseFor):
1823         (JSC::linkForGenerator):
1824         (JSC::linkCallGenerator):
1825         (JSC::linkConstructGenerator):
1826         (JSC::linkClosureCallGenerator):
1827         (JSC::virtualForGenerator):
1828         (JSC::virtualCallGenerator):
1829         (JSC::virtualConstructGenerator):
1830         * jit/ThunkGenerators.h:
1831
1832 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
1833
1834         Move DFG inline caching logic into jit/
1835         https://bugs.webkit.org/show_bug.cgi?id=121749
1836
1837         Rubber stamped by Sam Weinig.
1838         
1839         We want to get rid of the baseline JIT's inline caching machinery and have it use the
1840         DFG's instead. But before we do that we need to move the DFG's inline caching machine
1841         out from behind its ENABLE(DFG_JIT) guards and make it available to the whole system.
1842         This patch does that:
1843         
1844         - dfg/DFGRepatch becomes jit/Repatch.
1845         
1846         - The thunks used by the DFG IC go into jit/ThunkGenerators, instead of dfg/DFGThunks.
1847         
1848         - The operations used by the DFG IC go into jit/JITOperations, instead of
1849           dfg/DFGOperations.
1850         
1851         - The old JIT's thunk generators for calls are renamed to reduce confusion. Previously
1852           it was easy to know which generators belong to which JIT because the old JIT used
1853           JSC::virtualCallBlah and the DFG used JSC::DFG::virtualCallBlah, but that's not the
1854           case anymore. Note that the old JIT's thunk generators will die in a future patch.
1855         
1856         No functional changes beyond those moves.
1857
1858         * CMakeLists.txt:
1859         * GNUmakefile.list.am:
1860         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1861         * JavaScriptCore.xcodeproj/project.pbxproj:
1862         * Target.pri:
1863         * bytecode/CallLinkInfo.cpp:
1864         (JSC::CallLinkInfo::unlink):
1865         * bytecode/CodeBlock.cpp:
1866         (JSC::CodeBlock::resetStubInternal):
1867         * bytecode/StructureStubInfo.h:
1868         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
1869         (JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
1870         (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
1871         * dfg/DFGJITCompiler.h:
1872         * dfg/DFGOSRExitCompiler.h:
1873         * dfg/DFGOperations.cpp:
1874         (JSC::DFG::operationPutByValInternal):
1875         * dfg/DFGOperations.h:
1876         (JSC::DFG::operationNewTypedArrayWithSizeForType):
1877         (JSC::DFG::operationNewTypedArrayWithOneArgumentForType):
1878         * dfg/DFGRegisterSet.h: Removed.
1879         * dfg/DFGRepatch.cpp: Removed.
1880         * dfg/DFGRepatch.h: Removed.
1881         * dfg/DFGScratchRegisterAllocator.h: Removed.
1882         * dfg/DFGSpeculativeJIT.cpp:
1883         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
1884         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
1885         (JSC::DFG::SpeculativeJIT::compare):
1886         * dfg/DFGSpeculativeJIT.h:
1887         (JSC::DFG::SpeculativeJIT::callOperation):
1888         * dfg/DFGSpeculativeJIT32_64.cpp:
1889         (JSC::DFG::SpeculativeJIT::cachedPutById):
1890         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
1891         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
1892         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
1893         (JSC::DFG::SpeculativeJIT::compile):
1894         * dfg/DFGSpeculativeJIT64.cpp:
1895         (JSC::DFG::SpeculativeJIT::cachedPutById):
1896         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
1897         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
1898         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
1899         (JSC::DFG::SpeculativeJIT::compile):
1900         * dfg/DFGThunks.cpp:
1901         * dfg/DFGThunks.h:
1902         * ftl/FTLIntrinsicRepository.h:
1903         * ftl/FTLLowerDFGToLLVM.cpp:
1904         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
1905         * jit/AssemblyHelpers.h:
1906         (JSC::AssemblyHelpers::writeBarrier):
1907         * jit/JIT.cpp:
1908         (JSC::JIT::linkFor):
1909         (JSC::JIT::linkSlowCall):
1910         * jit/JITCall.cpp:
1911         (JSC::JIT::compileCallEval):
1912         (JSC::JIT::compileCallEvalSlowCase):
1913         (JSC::JIT::compileOpCallSlowCase):
1914         (JSC::JIT::privateCompileClosureCall):
1915         * jit/JITCall32_64.cpp:
1916         (JSC::JIT::compileCallEvalSlowCase):
1917         (JSC::JIT::compileOpCallSlowCase):
1918         (JSC::JIT::privateCompileClosureCall):
1919         * jit/JITOperationWrappers.h: Added.
1920         * jit/JITOperations.cpp: Added.
1921         * jit/JITOperations.h: Added.
1922         * jit/RegisterSet.h: Added.
1923         (JSC::RegisterSet::RegisterSet):
1924         (JSC::RegisterSet::asPOD):
1925         (JSC::RegisterSet::copyInfo):
1926         (JSC::RegisterSet::set):
1927         (JSC::RegisterSet::setGPRByIndex):
1928         (JSC::RegisterSet::clear):
1929         (JSC::RegisterSet::get):
1930         (JSC::RegisterSet::getGPRByIndex):
1931         (JSC::RegisterSet::getFreeGPR):
1932         (JSC::RegisterSet::setFPRByIndex):
1933         (JSC::RegisterSet::getFPRByIndex):
1934         (JSC::RegisterSet::setByIndex):
1935         (JSC::RegisterSet::getByIndex):
1936         (JSC::RegisterSet::numberOfSetGPRs):
1937         (JSC::RegisterSet::numberOfSetFPRs):
1938         (JSC::RegisterSet::numberOfSetRegisters):
1939         (JSC::RegisterSet::setBit):
1940         (JSC::RegisterSet::clearBit):
1941         (JSC::RegisterSet::getBit):
1942         * jit/Repatch.cpp: Added.
1943         (JSC::repatchCall):
1944         (JSC::repatchByIdSelfAccess):
1945         (JSC::addStructureTransitionCheck):
1946         (JSC::replaceWithJump):
1947         (JSC::emitRestoreScratch):
1948         (JSC::linkRestoreScratch):
1949         (JSC::generateProtoChainAccessStub):
1950         (JSC::tryCacheGetByID):
1951         (JSC::repatchGetByID):
1952         (JSC::getPolymorphicStructureList):
1953         (JSC::patchJumpToGetByIdStub):
1954         (JSC::tryBuildGetByIDList):
1955         (JSC::buildGetByIDList):
1956         (JSC::appropriateGenericPutByIdFunction):
1957         (JSC::appropriateListBuildingPutByIdFunction):
1958         (JSC::emitPutReplaceStub):
1959         (JSC::emitPutTransitionStub):
1960         (JSC::tryCachePutByID):
1961         (JSC::repatchPutByID):
1962         (JSC::tryBuildPutByIdList):
1963         (JSC::buildPutByIdList):
1964         (JSC::tryRepatchIn):
1965         (JSC::repatchIn):
1966         (JSC::linkSlowFor):
1967         (JSC::linkFor):
1968         (JSC::linkClosureCall):
1969         (JSC::resetGetByID):
1970         (JSC::resetPutByID):
1971         (JSC::resetIn):
1972         * jit/Repatch.h: Added.
1973         (JSC::resetGetByID):
1974         (JSC::resetPutByID):
1975         (JSC::resetIn):
1976         * jit/ScratchRegisterAllocator.h: Added.
1977         (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
1978         (JSC::ScratchRegisterAllocator::lock):
1979         (JSC::ScratchRegisterAllocator::allocateScratch):
1980         (JSC::ScratchRegisterAllocator::allocateScratchGPR):
1981         (JSC::ScratchRegisterAllocator::allocateScratchFPR):
1982         (JSC::ScratchRegisterAllocator::didReuseRegisters):
1983         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
1984         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
1985         (JSC::ScratchRegisterAllocator::desiredScratchBufferSize):
1986         (JSC::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
1987         (JSC::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
1988         * jit/ThunkGenerators.cpp:
1989         (JSC::oldStyleGenerateSlowCaseFor):
1990         (JSC::oldStyleLinkForGenerator):
1991         (JSC::oldStyleLinkCallGenerator):
1992         (JSC::oldStyleLinkConstructGenerator):
1993         (JSC::oldStyleLinkClosureCallGenerator):
1994         (JSC::oldStyleVirtualForGenerator):
1995         (JSC::oldStyleVirtualCallGenerator):
1996         (JSC::oldStyleVirtualConstructGenerator):
1997         (JSC::emitPointerValidation):
1998         (JSC::throwExceptionFromCallSlowPathGenerator):
1999         (JSC::slowPathFor):
2000         (JSC::linkForThunkGenerator):
2001         (JSC::linkCallThunkGenerator):
2002         (JSC::linkConstructThunkGenerator):
2003         (JSC::linkClosureCallThunkGenerator):
2004         (JSC::virtualForThunkGenerator):
2005         (JSC::virtualCallThunkGenerator):
2006         (JSC::virtualConstructThunkGenerator):
2007         * jit/ThunkGenerators.h:
2008
2009 2013-09-21  Anders Carlsson  <andersca@apple.com>
2010
2011         Fix the non-DFG build.
2012
2013         * interpreter/Interpreter.cpp:
2014         (JSC::unwindCallFrame):
2015         * interpreter/StackVisitor.cpp:
2016         (JSC::StackVisitor::Frame::r):
2017
2018 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
2019
2020         Get rid of IsInlinedCodeTag and its associated methods since it's unused
2021         https://bugs.webkit.org/show_bug.cgi?id=121737
2022
2023         Reviewed by Sam Weinig.
2024         
2025         This was meant to be easy, but I kept wondering if it was safe to remove the
2026         inline call frame check in Arguments::tearOff(). The check was clearly dead
2027         since the bit wasn't being set anywhere.
2028         
2029         It turns out that the unwindCallFrame() function was relying on tearOff()
2030         doing the right thing for inlined code, but it wasn't even passing it an
2031         inline call frame. I fixed this by having unwindCallFrame() inlining check,
2032         while also making sure that the code uses the right operand index for the
2033         arguments register.
2034
2035         * interpreter/CallFrame.h:
2036         * interpreter/CallFrameInlines.h:
2037         * interpreter/Interpreter.cpp:
2038         (JSC::unwindCallFrame):
2039         * interpreter/StackVisitor.cpp:
2040         (JSC::StackVisitor::Frame::r):
2041         * interpreter/StackVisitor.h:
2042         * runtime/Arguments.cpp:
2043         (JSC::Arguments::tearOff):
2044
2045 2013-09-20  Mark Hahnenberg  <mhahnenberg@apple.com>
2046
2047         (un)shiftCountWithAnyIndexingType will start over in the middle of copying if it sees a hole
2048         https://bugs.webkit.org/show_bug.cgi?id=121717
2049
2050         Reviewed by Oliver Hunt.
2051
2052         This bug caused the array to become corrupted. We now check for holes before we start moving things, 
2053         and start moving things only once we've determined that there are none.
2054
2055         * runtime/JSArray.cpp:
2056         (JSC::JSArray::shiftCountWithAnyIndexingType):
2057         (JSC::JSArray::unshiftCountWithAnyIndexingType):
2058
2059 2013-09-20  Filip Pizlo  <fpizlo@apple.com>
2060
2061         REGRESSION(r156047): WebCore hangs inside JSC::toInt32(double)
2062         https://bugs.webkit.org/show_bug.cgi?id=121648
2063
2064         Reviewed by Mark Hahnenberg.
2065         
2066         The Int52<->StrictInt52 conversion did the opposite fill() than what it was
2067         supposed to. For example when converting a Int52 to a StrictInt52 it would fill
2068         as Int52, and vice-versa.
2069
2070         * dfg/DFGSpeculativeJIT64.cpp:
2071         (JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
2072
2073 2013-09-20  Oliver Hunt  <oliver@apple.com>
2074
2075         REGRESSION(r153215): New iCloud site crashes
2076         https://bugs.webkit.org/show_bug.cgi?id=121710
2077
2078         Reviewed by Filip Pizlo.
2079
2080         Don't claim to be able to rely on the arguments structure, use the Arguments
2081         speculation type
2082
2083         * dfg/DFGAbstractInterpreterInlines.h:
2084         (JSC::DFG::::executeEffects):
2085
2086 2013-09-20  Mark Hahnenberg  <mhahnenberg@apple.com>
2087
2088         Clobberize phase forgets to indicate that it writes GCState for several node types
2089         https://bugs.webkit.org/show_bug.cgi?id=121702
2090
2091         Reviewed by Oliver Hunt.
2092
2093         Added read and write for GCState to the nodes that could end up allocating (and thereby
2094         cause a garbage collection).
2095
2096         * dfg/DFGClobberize.h:
2097         (JSC::DFG::clobberize):
2098
2099 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2100
2101         Move CCallHelpers and AssemblyHelpers into jit/ and have JSInterfaceJIT use them
2102         https://bugs.webkit.org/show_bug.cgi?id=121637
2103
2104         Rubber stamped by Michael Saboff.
2105         
2106         Also moved GPRInfo/FPRInfo into jit/. Rolling back in after fixing JIT-only build
2107         and tests.
2108
2109         * CMakeLists.txt:
2110         * GNUmakefile.list.am:
2111         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2112         * JavaScriptCore.xcodeproj/project.pbxproj:
2113         * Target.pri:
2114         * bytecode/ValueRecovery.h:
2115         (JSC::ValueRecovery::dumpInContext):
2116         * dfg/DFGAssemblyHelpers.cpp: Removed.
2117         * dfg/DFGAssemblyHelpers.h: Removed.
2118         * dfg/DFGBinarySwitch.h:
2119         * dfg/DFGByteCodeParser.cpp:
2120         * dfg/DFGCCallHelpers.h: Removed.
2121         * dfg/DFGDisassembler.cpp:
2122         * dfg/DFGFPRInfo.h: Removed.
2123         * dfg/DFGGPRInfo.h: Removed.
2124         * dfg/DFGGraph.cpp:
2125         * dfg/DFGGraph.h:
2126         * dfg/DFGJITCompiler.h:
2127         * dfg/DFGOSRExit.cpp:
2128         * dfg/DFGOSRExit.h:
2129         * dfg/DFGOSRExitCompiler.h:
2130         * dfg/DFGOSRExitCompilerCommon.h:
2131         * dfg/DFGRegisterBank.h:
2132         * dfg/DFGRegisterSet.h:
2133         * dfg/DFGRepatch.cpp:
2134         * dfg/DFGSilentRegisterSavePlan.h:
2135         * dfg/DFGThunks.cpp:
2136         * dfg/DFGVariableEvent.cpp:
2137         * ftl/FTLCArgumentGetter.h:
2138         (JSC::FTL::CArgumentGetter::CArgumentGetter):
2139         (JSC::FTL::CArgumentGetter::loadNext8):
2140         (JSC::FTL::CArgumentGetter::loadNext32):
2141         (JSC::FTL::CArgumentGetter::loadNext64):
2142         (JSC::FTL::CArgumentGetter::loadNextPtr):
2143         (JSC::FTL::CArgumentGetter::loadNextDouble):
2144         * ftl/FTLCompile.cpp:
2145         * ftl/FTLExitThunkGenerator.h:
2146         * ftl/FTLLink.cpp:
2147         * ftl/FTLThunks.cpp:
2148         * jit/AssemblyHelpers.cpp: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.cpp.
2149         * jit/AssemblyHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.h.
2150         (JSC::AssemblyHelpers::AssemblyHelpers):
2151         (JSC::AssemblyHelpers::debugCall):
2152         * jit/CCallHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGCCallHelpers.h.
2153         * jit/FPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGFPRInfo.h.
2154         (WTF::printInternal):
2155         * jit/GPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGGPRInfo.h.
2156         (WTF::printInternal):
2157         * jit/JIT.cpp:
2158         (JSC::JIT::JIT):
2159         * jit/JIT.h:
2160         * jit/JITPropertyAccess.cpp:
2161         (JSC::JIT::stringGetByValStubGenerator):
2162         * jit/JITPropertyAccess32_64.cpp:
2163         (JSC::JIT::stringGetByValStubGenerator):
2164         * jit/JSInterfaceJIT.h:
2165         (JSC::JSInterfaceJIT::JSInterfaceJIT):
2166         * jit/SpecializedThunkJIT.h:
2167         (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
2168         (JSC::SpecializedThunkJIT::finalize):
2169         * jit/ThunkGenerators.cpp:
2170         (JSC::linkForGenerator):
2171         (JSC::virtualForGenerator):
2172         (JSC::stringLengthTrampolineGenerator):
2173         (JSC::nativeForGenerator):
2174         (JSC::arityFixup):
2175         (JSC::charCodeAtThunkGenerator):
2176         (JSC::charAtThunkGenerator):
2177         (JSC::fromCharCodeThunkGenerator):
2178         (JSC::sqrtThunkGenerator):
2179         (JSC::floorThunkGenerator):
2180         (JSC::ceilThunkGenerator):
2181         (JSC::roundThunkGenerator):
2182         (JSC::expThunkGenerator):
2183         (JSC::logThunkGenerator):
2184         (JSC::absThunkGenerator):
2185         (JSC::powThunkGenerator):
2186         (JSC::imulThunkGenerator):
2187         * llint/LLIntThunks.cpp:
2188         (JSC::LLInt::generateThunkWithJumpTo):
2189         * runtime/JSCJSValue.h:
2190
2191 2013-09-20  Allan Sandfeld Jensen  <allan.jensen@digia.com>
2192
2193         Inline method exported
2194         https://bugs.webkit.org/show_bug.cgi?id=121664
2195
2196         Reviewed by Darin Adler.
2197
2198         WatchDog::didFire() is marked as an exported symbol eventhough it is
2199         defined inline. This breaks the build on MinGW since it results in dllimport
2200         being declared on a definition.
2201
2202         * runtime/Watchdog.h:
2203         (JSC::Watchdog::didFire):
2204
2205 2013-09-20  Patrick Gansterer  <paroga@webkit.org>
2206
2207         [CMake] Use COMPILE_DEFINITIONS target property for setting BUILDING_* defines
2208         https://bugs.webkit.org/show_bug.cgi?id=121672
2209
2210         Reviewed by Gyuyoung Kim.
2211
2212         Since the scope of add_definitions() is always a whole file, we need to use
2213         target properties instead to set definitions only for specific targets.
2214
2215         * CMakeLists.txt:
2216
2217 2013-09-19  Commit Queue  <commit-queue@webkit.org>
2218
2219         Unreviewed, rolling out r156120.
2220         http://trac.webkit.org/changeset/156120
2221         https://bugs.webkit.org/show_bug.cgi?id=121651
2222
2223         Broke windows runtime and all tests (Requested by bfulgham on
2224         #webkit).
2225
2226         * CMakeLists.txt:
2227         * GNUmakefile.list.am:
2228         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2229         * JavaScriptCore.xcodeproj/project.pbxproj:
2230         * Target.pri:
2231         * bytecode/ValueRecovery.h:
2232         (JSC::ValueRecovery::dumpInContext):
2233         * dfg/DFGAssemblyHelpers.cpp: Renamed from Source/JavaScriptCore/jit/AssemblyHelpers.cpp.
2234         (JSC::DFG::AssemblyHelpers::executableFor):
2235         (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
2236         (JSC::DFG::AssemblyHelpers::setSamplingFlag):
2237         (JSC::DFG::AssemblyHelpers::clearSamplingFlag):
2238         (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
2239         (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
2240         (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
2241         (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
2242         (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
2243         (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame):
2244         * dfg/DFGAssemblyHelpers.h: Renamed from Source/JavaScriptCore/jit/AssemblyHelpers.h.
2245         (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
2246         (JSC::DFG::AssemblyHelpers::codeBlock):
2247         (JSC::DFG::AssemblyHelpers::vm):
2248         (JSC::DFG::AssemblyHelpers::assembler):
2249         (JSC::DFG::AssemblyHelpers::preserveReturnAddressAfterCall):
2250         (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
2251         (JSC::DFG::AssemblyHelpers::emitGetFromCallFrameHeaderPtr):
2252         (JSC::DFG::AssemblyHelpers::emitPutToCallFrameHeader):
2253         (JSC::DFG::AssemblyHelpers::emitPutImmediateToCallFrameHeader):
2254         (JSC::DFG::AssemblyHelpers::branchIfNotCell):
2255         (JSC::DFG::AssemblyHelpers::addressFor):
2256         (JSC::DFG::AssemblyHelpers::tagFor):
2257         (JSC::DFG::AssemblyHelpers::payloadFor):
2258         (JSC::DFG::AssemblyHelpers::branchIfNotObject):
2259         (JSC::DFG::AssemblyHelpers::selectScratchGPR):
2260         (JSC::DFG::AssemblyHelpers::debugCall):
2261         (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
2262         (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
2263         (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
2264         (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
2265         (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
2266         (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame):
2267         (JSC::DFG::AssemblyHelpers::boxDouble):
2268         (JSC::DFG::AssemblyHelpers::unboxDouble):
2269         (JSC::DFG::AssemblyHelpers::boxInt52):
2270         (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
2271         (JSC::DFG::AssemblyHelpers::emitCount):
2272         (JSC::DFG::AssemblyHelpers::globalObjectFor):
2273         (JSC::DFG::AssemblyHelpers::strictModeFor):
2274         (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor):
2275         (JSC::DFG::AssemblyHelpers::baselineCodeBlock):
2276         (JSC::DFG::AssemblyHelpers::argumentsRegisterFor):
2277         (JSC::DFG::AssemblyHelpers::symbolTableFor):
2278         (JSC::DFG::AssemblyHelpers::offsetOfLocals):
2279         (JSC::DFG::AssemblyHelpers::offsetOfArgumentsIncludingThis):
2280         * dfg/DFGBinarySwitch.h:
2281         * dfg/DFGByteCodeParser.cpp:
2282         * dfg/DFGCCallHelpers.h: Renamed from Source/JavaScriptCore/jit/CCallHelpers.h.
2283         (JSC::DFG::CCallHelpers::CCallHelpers):
2284         (JSC::DFG::CCallHelpers::resetCallArguments):
2285         (JSC::DFG::CCallHelpers::addCallArgument):
2286         (JSC::DFG::CCallHelpers::setupArguments):
2287         (JSC::DFG::CCallHelpers::setupArgumentsExecState):
2288         (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
2289         (JSC::DFG::CCallHelpers::setupTwoStubArgs):
2290         (JSC::DFG::CCallHelpers::setupStubArguments):
2291         (JSC::DFG::CCallHelpers::setupResults):
2292         * dfg/DFGDisassembler.cpp:
2293         * dfg/DFGFPRInfo.h: Renamed from Source/JavaScriptCore/jit/FPRInfo.h.
2294         (JSC::DFG::FPRInfo::toRegister):
2295         (JSC::DFG::FPRInfo::toIndex):
2296         (JSC::DFG::FPRInfo::toArgumentRegister):
2297         (JSC::DFG::FPRInfo::debugName):
2298         * dfg/DFGGPRInfo.h: Renamed from Source/JavaScriptCore/jit/GPRInfo.h.
2299         (JSC::DFG::JSValueRegs::JSValueRegs):
2300         (JSC::DFG::JSValueRegs::payloadOnly):
2301         (JSC::DFG::JSValueRegs::operator!):
2302         (JSC::DFG::JSValueRegs::gpr):
2303         (JSC::DFG::JSValueRegs::payloadGPR):
2304         (JSC::DFG::JSValueSource::JSValueSource):
2305         (JSC::DFG::JSValueSource::unboxedCell):
2306         (JSC::DFG::JSValueSource::operator!):
2307         (JSC::DFG::JSValueSource::isAddress):
2308         (JSC::DFG::JSValueSource::offset):
2309         (JSC::DFG::JSValueSource::base):
2310         (JSC::DFG::JSValueSource::gpr):
2311         (JSC::DFG::JSValueSource::asAddress):
2312         (JSC::DFG::JSValueSource::notAddress):
2313         (JSC::DFG::JSValueRegs::tagGPR):
2314         (JSC::DFG::JSValueSource::tagGPR):
2315         (JSC::DFG::JSValueSource::payloadGPR):
2316         (JSC::DFG::JSValueSource::hasKnownTag):
2317         (JSC::DFG::JSValueSource::tag):
2318         (JSC::DFG::GPRInfo::toRegister):
2319         (JSC::DFG::GPRInfo::toIndex):
2320         (JSC::DFG::GPRInfo::debugName):
2321         (JSC::DFG::GPRInfo::toArgumentRegister):
2322         * dfg/DFGGraph.cpp:
2323         * dfg/DFGGraph.h:
2324         * dfg/DFGJITCompiler.h:
2325         * dfg/DFGOSRExit.cpp:
2326         * dfg/DFGOSRExit.h:
2327         * dfg/DFGOSRExitCompiler.h:
2328         * dfg/DFGOSRExitCompilerCommon.h:
2329         * dfg/DFGRegisterBank.h:
2330         * dfg/DFGRegisterSet.h:
2331         * dfg/DFGRepatch.cpp:
2332         * dfg/DFGSilentRegisterSavePlan.h:
2333         * dfg/DFGThunks.cpp:
2334         * dfg/DFGVariableEvent.cpp:
2335         * ftl/FTLCArgumentGetter.h:
2336         (JSC::FTL::CArgumentGetter::CArgumentGetter):
2337         (JSC::FTL::CArgumentGetter::loadNext8):
2338         (JSC::FTL::CArgumentGetter::loadNext32):
2339         (JSC::FTL::CArgumentGetter::loadNext64):
2340         (JSC::FTL::CArgumentGetter::loadNextPtr):
2341         (JSC::FTL::CArgumentGetter::loadNextDouble):
2342         * ftl/FTLCompile.cpp:
2343         * ftl/FTLExitThunkGenerator.h:
2344         * ftl/FTLLink.cpp:
2345         * ftl/FTLThunks.cpp:
2346         * jit/JIT.cpp:
2347         (JSC::JIT::JIT):
2348         * jit/JIT.h:
2349         * jit/JITPropertyAccess.cpp:
2350         (JSC::JIT::stringGetByValStubGenerator):
2351         * jit/JITPropertyAccess32_64.cpp:
2352         (JSC::JIT::stringGetByValStubGenerator):
2353         * jit/JSInterfaceJIT.h:
2354         (JSC::JSInterfaceJIT::preserveReturnAddressAfterCall):
2355         (JSC::JSInterfaceJIT::restoreReturnAddressBeforeReturn):
2356         * jit/SpecializedThunkJIT.h:
2357         (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
2358         (JSC::SpecializedThunkJIT::finalize):
2359         * jit/ThunkGenerators.cpp:
2360         (JSC::linkForGenerator):
2361         (JSC::virtualForGenerator):
2362         (JSC::stringLengthTrampolineGenerator):
2363         (JSC::nativeForGenerator):
2364         (JSC::arityFixup):
2365         (JSC::charCodeAtThunkGenerator):
2366         (JSC::charAtThunkGenerator):
2367         (JSC::fromCharCodeThunkGenerator):
2368         (JSC::sqrtThunkGenerator):
2369         (JSC::floorThunkGenerator):
2370         (JSC::ceilThunkGenerator):
2371         (JSC::roundThunkGenerator):
2372         (JSC::expThunkGenerator):
2373         (JSC::logThunkGenerator):
2374         (JSC::absThunkGenerator):
2375         (JSC::powThunkGenerator):
2376         (JSC::imulThunkGenerator):
2377         * llint/LLIntThunks.cpp:
2378         (JSC::LLInt::generateThunkWithJumpTo):
2379         * runtime/JSCJSValue.h:
2380
2381 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2382
2383         Unreviewed, fix Windows build part 2. m_jitCodeMap should always be there.
2384
2385         * bytecode/CodeBlock.h:
2386         (JSC::CodeBlock::jitCodeMap):
2387
2388 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2389
2390         Remove some of the tautologies in DFGRepatch function naming.
2391
2392         Rubber stamped by Mark Hahnenberg.
2393         
2394         For example change DFG::dfgLinkFor() to be DFG::linkFor().
2395
2396         * bytecode/CodeBlock.cpp:
2397         (JSC::CodeBlock::resetStubInternal):
2398         * dfg/DFGOperations.cpp:
2399         * dfg/DFGRepatch.cpp:
2400         (JSC::DFG::repatchCall):
2401         (JSC::DFG::repatchByIdSelfAccess):
2402         (JSC::DFG::tryCacheGetByID):
2403         (JSC::DFG::repatchGetByID):
2404         (JSC::DFG::buildGetByIDList):
2405         (JSC::DFG::tryCachePutByID):
2406         (JSC::DFG::repatchPutByID):
2407         (JSC::DFG::buildPutByIdList):
2408         (JSC::DFG::repatchIn):
2409         (JSC::DFG::linkFor):
2410         (JSC::DFG::linkSlowFor):
2411         (JSC::DFG::linkClosureCall):
2412         (JSC::DFG::resetGetByID):
2413         (JSC::DFG::resetPutByID):
2414         (JSC::DFG::resetIn):
2415         * dfg/DFGRepatch.h:
2416         (JSC::DFG::resetGetByID):
2417         (JSC::DFG::resetPutByID):
2418         (JSC::DFG::resetIn):
2419
2420 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2421
2422         Unreviewed, fix Windows build. ScratchBuffer should always be available regardless of
2423         ENABLE_DFG_JIT.
2424
2425         * runtime/VM.h:
2426
2427 2013-09-19  Daniel Bates  <dabates@apple.com>
2428
2429         [iOS] Add more iOS logic to the JavaScriptCore build configuration files
2430         https://bugs.webkit.org/show_bug.cgi?id=121635
2431
2432         Reviewed by Geoffrey Garen.
2433
2434         Towards building JavaScriptCore for both OS X and iOS using the same
2435         set of configuration files, add more iOS logic.
2436
2437         * Configurations/Base.xcconfig:
2438         * Configurations/JSC.xcconfig:
2439         * Configurations/JavaScriptCore.xcconfig:
2440         * Configurations/ToolExecutable.xcconfig:
2441
2442 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2443
2444         Move CCallHelpers and AssemblyHelpers into jit/ and have JSInterfaceJIT use them
2445         https://bugs.webkit.org/show_bug.cgi?id=121637
2446
2447         Rubber stamped by Michael Saboff.
2448         
2449         Also moved GPRInfo/FPRInfo into jit/.
2450
2451         * CMakeLists.txt:
2452         * GNUmakefile.list.am:
2453         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2454         * JavaScriptCore.xcodeproj/project.pbxproj:
2455         * Target.pri:
2456         * bytecode/ValueRecovery.h:
2457         (JSC::ValueRecovery::dumpInContext):
2458         * dfg/DFGAssemblyHelpers.cpp: Removed.
2459         * dfg/DFGAssemblyHelpers.h: Removed.
2460         * dfg/DFGBinarySwitch.h:
2461         * dfg/DFGByteCodeParser.cpp:
2462         * dfg/DFGCCallHelpers.h: Removed.
2463         * dfg/DFGDisassembler.cpp:
2464         * dfg/DFGFPRInfo.h: Removed.
2465         * dfg/DFGGPRInfo.h: Removed.
2466         * dfg/DFGGraph.cpp:
2467         * dfg/DFGGraph.h:
2468         * dfg/DFGJITCompiler.h:
2469         * dfg/DFGOSRExit.cpp:
2470         * dfg/DFGOSRExit.h:
2471         * dfg/DFGOSRExitCompiler.h:
2472         * dfg/DFGOSRExitCompilerCommon.h:
2473         * dfg/DFGRegisterBank.h:
2474         * dfg/DFGRegisterSet.h:
2475         * dfg/DFGRepatch.cpp:
2476         * dfg/DFGSilentRegisterSavePlan.h:
2477         * dfg/DFGThunks.cpp:
2478         * dfg/DFGVariableEvent.cpp:
2479         * ftl/FTLCArgumentGetter.h:
2480         (JSC::FTL::CArgumentGetter::CArgumentGetter):
2481         (JSC::FTL::CArgumentGetter::loadNext8):
2482         (JSC::FTL::CArgumentGetter::loadNext32):
2483         (JSC::FTL::CArgumentGetter::loadNext64):
2484         (JSC::FTL::CArgumentGetter::loadNextPtr):
2485         (JSC::FTL::CArgumentGetter::loadNextDouble):
2486         * ftl/FTLCompile.cpp:
2487         * ftl/FTLExitThunkGenerator.h:
2488         * ftl/FTLLink.cpp:
2489         * ftl/FTLThunks.cpp:
2490         * jit/AssemblyHelpers.cpp: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.cpp.
2491         * jit/AssemblyHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.h.
2492         (JSC::AssemblyHelpers::AssemblyHelpers):
2493         (JSC::AssemblyHelpers::debugCall):
2494         * jit/CCallHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGCCallHelpers.h.
2495         * jit/FPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGFPRInfo.h.
2496         (WTF::printInternal):
2497         * jit/GPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGGPRInfo.h.
2498         (WTF::printInternal):
2499         * jit/JIT.cpp:
2500         (JSC::JIT::JIT):
2501         * jit/JIT.h:
2502         * jit/JITPropertyAccess.cpp:
2503         (JSC::JIT::stringGetByValStubGenerator):
2504         * jit/JITPropertyAccess32_64.cpp:
2505         (JSC::JIT::stringGetByValStubGenerator):
2506         * jit/JSInterfaceJIT.h:
2507         (JSC::JSInterfaceJIT::JSInterfaceJIT):
2508         * jit/SpecializedThunkJIT.h:
2509         (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
2510         (JSC::SpecializedThunkJIT::finalize):
2511         * jit/ThunkGenerators.cpp:
2512         (JSC::linkForGenerator):
2513         (JSC::virtualForGenerator):
2514         (JSC::stringLengthTrampolineGenerator):
2515         (JSC::nativeForGenerator):
2516         (JSC::arityFixup):
2517         (JSC::charCodeAtThunkGenerator):
2518         (JSC::charAtThunkGenerator):
2519         (JSC::fromCharCodeThunkGenerator):
2520         (JSC::sqrtThunkGenerator):
2521         (JSC::floorThunkGenerator):
2522         (JSC::ceilThunkGenerator):
2523         (JSC::roundThunkGenerator):
2524         (JSC::expThunkGenerator):
2525         (JSC::logThunkGenerator):
2526         (JSC::absThunkGenerator):
2527         (JSC::powThunkGenerator):
2528         (JSC::imulThunkGenerator):
2529         * llint/LLIntThunks.cpp:
2530         (JSC::LLInt::generateThunkWithJumpTo):
2531         * runtime/JSCJSValue.h:
2532
2533 2013-09-19  Daniel Bates  <dabates@apple.com>
2534
2535         [iOS] Substitute UNREACHABLE_FOR_PLATFORM() for RELEASE_ASSERT_NOT_REACHED()
2536
2537         Rubber-stamped by Joseph Pecoraro.
2538
2539         Use UNREACHABLE_FOR_PLATFORM() instead of RELEASE_ASSERT_NOT_REACHED() in
2540         the non-x86/x86-64 variant of JIT::emitSlow_op_mod() so as to avoid a missing
2541         noreturn warning in Clang while simultaneously asserting unreachable code.
2542
2543         * jit/JITArithmetic.cpp:
2544         (JSC::JIT::emitSlow_op_mod):
2545
2546 2013-09-19  Michael Saboff  <msaboff@apple.com>
2547
2548         JSC: X86 disassembler shows 16, 32 and 64 bit displacements as unsigned
2549         https://bugs.webkit.org/show_bug.cgi?id=121625
2550
2551         Rubber-stamped by Filip Pizlo.
2552
2553         Chenged 16, 32 and 64 bit offsets to be signed.  Kept the original tab indented
2554         spacing to match the rest of the file.
2555
2556         * disassembler/udis86/udis86_syn-att.c:
2557         (gen_operand):
2558
2559 2013-09-19  Daniel Bates  <dabates@apple.com>
2560
2561         Remove names of unused arguments from the non-x86/x86-64 function prototype
2562         for JIT::emitSlow_op_mod()
2563
2564         Rubber-stamped by Ryosuke Niwa.
2565
2566         * jit/JITArithmetic.cpp:
2567         (JSC::JIT::emitSlow_op_mod):
2568
2569 2013-09-18  Sam Weinig  <sam@webkit.org>
2570
2571         Replace use of OwnArrayPtr<Foo> with std::unique_ptr<Foo[]> in JavaScriptCore
2572         https://bugs.webkit.org/show_bug.cgi?id=121583
2573
2574         Reviewed by Anders Carlsson.
2575
2576         * API/JSStringRefCF.cpp:
2577         (JSStringCreateWithCFString):
2578         * API/JSStringRefQt.cpp:
2579         * bytecompiler/BytecodeGenerator.cpp:
2580         (JSC::BytecodeGenerator::BytecodeGenerator):
2581         * dfg/DFGByteCodeParser.cpp:
2582         (JSC::DFG::ByteCodeParser::parseBlock):
2583         * dfg/DFGDisassembler.cpp:
2584         (JSC::DFG::Disassembler::dumpDisassembly):
2585         * runtime/Arguments.cpp:
2586         (JSC::Arguments::tearOff):
2587         * runtime/Arguments.h:
2588         (JSC::Arguments::isTornOff):
2589         (JSC::Arguments::allocateSlowArguments):
2590         * runtime/JSPropertyNameIterator.cpp:
2591         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
2592         * runtime/JSPropertyNameIterator.h:
2593         * runtime/JSSegmentedVariableObject.h:
2594         * runtime/JSVariableObject.h:
2595         * runtime/PropertyNameArray.h:
2596         * runtime/RegExp.cpp:
2597         * runtime/StructureChain.h:
2598         (JSC::StructureChain::finishCreation):
2599         * runtime/SymbolTable.h:
2600         (JSC::SharedSymbolTable::setSlowArguments):
2601
2602 2013-09-18  Brent Fulgham  <bfulgham@apple.com>
2603
2604         [Windows] Unreviewed build fix after r156064.
2605
2606         * jsc.cpp:
2607         (jscmain): Need a temporary to perform '&' in VS2010.
2608
2609 2013-09-18  Filip Pizlo  <fpizlo@apple.com>
2610
2611         Give 'jsc' commandline an option to disable deleting the VM.
2612
2613         Reviewed by Mark Hahnenberg.
2614
2615         * jsc.cpp:
2616         (jscmain):
2617         * runtime/Options.h:
2618
2619 2013-09-18  Anders Carlsson  <andersca@apple.com>
2620
2621         RefPtrHashMap should work with move only types
2622         https://bugs.webkit.org/show_bug.cgi?id=121564
2623
2624         Reviewed by Andreas Kling.
2625
2626         * runtime/VM.cpp:
2627         (JSC::VM::addSourceProviderCache):
2628
2629 2013-09-17  Mark Hahnenberg  <mhahnenberg@apple.com>
2630
2631         Rename OperationInProgress to HeapOperation and move it out of Heap.h into its own header
2632         https://bugs.webkit.org/show_bug.cgi?id=121534
2633
2634         Reviewed by Geoffrey Garen.
2635
2636         OperationInProgress is a silly name. 
2637
2638         Many parts of the Heap would like to know what HeapOperation is currently underway, but 
2639         since they are included in Heap.h they can't directly reference HeapOperation if it also 
2640         lives in Heap.h. The simplest thing to do is to give HeapOperation its own header. While 
2641         a bit overkill, it simplifies including it wherever its needed.
2642
2643         * JavaScriptCore.xcodeproj/project.pbxproj:
2644         * bytecode/CodeBlock.cpp:
2645         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
2646         (JSC::CodeBlock::updateAllValueProfilePredictions):
2647         (JSC::CodeBlock::updateAllPredictions):
2648         * bytecode/CodeBlock.h:
2649         (JSC::CodeBlock::updateAllValueProfilePredictions):
2650         (JSC::CodeBlock::updateAllPredictions):
2651         * bytecode/LazyOperandValueProfile.cpp:
2652         (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
2653         * bytecode/LazyOperandValueProfile.h:
2654         * bytecode/ValueProfile.h:
2655         (JSC::ValueProfileBase::computeUpdatedPrediction):
2656         * heap/Heap.h:
2657         * heap/HeapOperation.h: Added.
2658
2659 2013-09-18  Filip Pizlo  <fpizlo@apple.com>
2660
2661         DFG should support Int52 for local variables
2662         https://bugs.webkit.org/show_bug.cgi?id=121064
2663
2664         Reviewed by Oliver Hunt.
2665         
2666         This adds Int52 support for local variables to the DFG and FTL. It's a speed-up on
2667         programs that have local int32 overflows but where a larger int representation can
2668         prevent us from having to convert all the way up to double.
2669         
2670         It's a small speed-up for now. But we're just supporting Int52 for a handful of
2671         operations (add, sub, mul, neg, compare, bitops, typed array access) and this lays
2672         the groundwork for adding Int52 to JSValue, which will probably be a bigger
2673         speed-up.
2674         
2675         The basic approach is:
2676         
2677         - We have a notion of Int52 in our typesystem. Int52 doesn't belong to BytecodeTop
2678           or HeapTop - i.e. it doesn't arise from JSValues.
2679         
2680         - DFG treats Int52 as being part of its FullTop and will treat it as being a
2681           subtype of double unless instructed otherwise.
2682         
2683         - Prediction propagator creates Int52s whenever we have a node going doubly but due
2684           to large values rather than fractional values, and that node is known to be able
2685           to produce Int52 natively in the DFG backend.
2686         
2687         - Fixup phase converts edges to MachineIntUses in nodes that are known to be able
2688           to deal with Int52, and where we have a subtype of Int32|Int52 as the predicted
2689           input.
2690         
2691         - The DFG backend and FTL LLVM IR lowering have two notions of Int52s - ones that
2692           are left-shifted by 16 (great for overflow checks) and ones that are
2693           sign-extended. Both backends know how to convert between Int52s and the other
2694           representations.
2695
2696         * assembler/MacroAssemblerX86_64.h:
2697         (JSC::MacroAssemblerX86_64::rshift64):
2698         (JSC::MacroAssemblerX86_64::mul64):
2699         (JSC::MacroAssemblerX86_64::branchMul64):
2700         (JSC::MacroAssemblerX86_64::branchNeg64):
2701         (JSC::MacroAssemblerX86_64::convertInt64ToDouble):
2702         * assembler/X86Assembler.h:
2703         (JSC::X86Assembler::imulq_rr):
2704         (JSC::X86Assembler::cvtsi2sdq_rr):
2705         * bytecode/DataFormat.h:
2706         (JSC::dataFormatToString):
2707         * bytecode/ExitKind.cpp:
2708         (JSC::exitKindToString):
2709         * bytecode/ExitKind.h:
2710         * bytecode/OperandsInlines.h:
2711         (JSC::::dumpInContext):
2712         * bytecode/SpeculatedType.cpp:
2713         (JSC::dumpSpeculation):
2714         (JSC::speculationToAbbreviatedString):
2715         (JSC::speculationFromValue):
2716         * bytecode/SpeculatedType.h:
2717         (JSC::isInt32SpeculationForArithmetic):
2718         (JSC::isInt52Speculation):
2719         (JSC::isMachineIntSpeculationForArithmetic):
2720         (JSC::isInt52AsDoubleSpeculation):
2721         (JSC::isBytecodeRealNumberSpeculation):
2722         (JSC::isFullRealNumberSpeculation):
2723         (JSC::isBytecodeNumberSpeculation):
2724         (JSC::isFullNumberSpeculation):
2725         (JSC::isBytecodeNumberSpeculationExpectingDefined):
2726         (JSC::isFullNumberSpeculationExpectingDefined):
2727         * bytecode/ValueRecovery.h:
2728         (JSC::ValueRecovery::alreadyInJSStackAsUnboxedInt52):
2729         (JSC::ValueRecovery::inGPR):
2730         (JSC::ValueRecovery::displacedInJSStack):
2731         (JSC::ValueRecovery::isAlreadyInJSStack):
2732         (JSC::ValueRecovery::gpr):
2733         (JSC::ValueRecovery::virtualRegister):
2734         (JSC::ValueRecovery::dumpInContext):
2735         * dfg/DFGAbstractInterpreter.h:
2736         (JSC::DFG::AbstractInterpreter::needsTypeCheck):
2737         (JSC::DFG::AbstractInterpreter::filterByType):
2738         * dfg/DFGAbstractInterpreterInlines.h:
2739         (JSC::DFG::::executeEffects):
2740         * dfg/DFGAbstractValue.cpp:
2741         (JSC::DFG::AbstractValue::set):
2742         (JSC::DFG::AbstractValue::checkConsistency):
2743         * dfg/DFGAbstractValue.h:
2744         (JSC::DFG::AbstractValue::couldBeType):
2745         (JSC::DFG::AbstractValue::isType):
2746         (JSC::DFG::AbstractValue::checkConsistency):
2747         (JSC::DFG::AbstractValue::validateType):
2748         * dfg/DFGArrayMode.cpp:
2749         (JSC::DFG::ArrayMode::refine):
2750         * dfg/DFGAssemblyHelpers.h:
2751         (JSC::DFG::AssemblyHelpers::boxInt52):
2752         * dfg/DFGByteCodeParser.cpp:
2753         (JSC::DFG::ByteCodeParser::makeSafe):
2754         * dfg/DFGCSEPhase.cpp:
2755         (JSC::DFG::CSEPhase::pureCSE):
2756         (JSC::DFG::CSEPhase::getByValLoadElimination):
2757         (JSC::DFG::CSEPhase::performNodeCSE):
2758         * dfg/DFGClobberize.h:
2759         (JSC::DFG::clobberize):
2760         * dfg/DFGCommon.h:
2761         (JSC::DFG::enableInt52):
2762         * dfg/DFGDCEPhase.cpp:
2763         (JSC::DFG::DCEPhase::fixupBlock):
2764         * dfg/DFGFixupPhase.cpp:
2765         (JSC::DFG::FixupPhase::run):
2766         (JSC::DFG::FixupPhase::fixupNode):
2767         (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
2768         (JSC::DFG::FixupPhase::fixupUntypedSetLocalsInBlock):
2769         (JSC::DFG::FixupPhase::observeUseKindOnNode):
2770         (JSC::DFG::FixupPhase::fixEdge):
2771         (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
2772         (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
2773         * dfg/DFGFlushFormat.cpp:
2774         (WTF::printInternal):
2775         * dfg/DFGFlushFormat.h:
2776         (JSC::DFG::resultFor):
2777         (JSC::DFG::useKindFor):
2778         * dfg/DFGGenerationInfo.h:
2779         (JSC::DFG::GenerationInfo::initInt52):
2780         (JSC::DFG::GenerationInfo::initStrictInt52):
2781         (JSC::DFG::GenerationInfo::isFormat):
2782         (JSC::DFG::GenerationInfo::isInt52):
2783         (JSC::DFG::GenerationInfo::isStrictInt52):
2784         (JSC::DFG::GenerationInfo::fillInt52):
2785         (JSC::DFG::GenerationInfo::fillStrictInt52):
2786         * dfg/DFGGraph.cpp:
2787         (JSC::DFG::Graph::dump):
2788         * dfg/DFGGraph.h:
2789         (JSC::DFG::Graph::addShouldSpeculateMachineInt):
2790         (JSC::DFG::Graph::mulShouldSpeculateMachineInt):
2791         (JSC::DFG::Graph::negateShouldSpeculateMachineInt):
2792         * dfg/DFGInPlaceAbstractState.cpp:
2793         (JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
2794         * dfg/DFGJITCode.cpp:
2795         (JSC::DFG::JITCode::reconstruct):
2796         * dfg/DFGJITCompiler.h:
2797         (JSC::DFG::JITCompiler::noticeOSREntry):
2798         * dfg/DFGMinifiedNode.h:
2799         (JSC::DFG::belongsInMinifiedGraph):
2800         (JSC::DFG::MinifiedNode::hasChild):
2801         * dfg/DFGNode.h:
2802         (JSC::DFG::Node::shouldSpeculateNumber):
2803         (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
2804         (JSC::DFG::Node::canSpeculateInt52):
2805         * dfg/DFGNodeFlags.h:
2806         (JSC::DFG::nodeCanSpeculateInt52):
2807         * dfg/DFGNodeType.h:
2808         (JSC::DFG::permitsOSRBackwardRewiring):
2809         (JSC::DFG::forwardRewiringSelectionScore):
2810         * dfg/DFGOSREntry.cpp:
2811         (JSC::DFG::prepareOSREntry):
2812         * dfg/DFGOSREntry.h:
2813         * dfg/DFGOSRExitCompiler.cpp:
2814         * dfg/DFGOSRExitCompiler64.cpp:
2815         (JSC::DFG::OSRExitCompiler::compileExit):
2816         * dfg/DFGPredictionPropagationPhase.cpp:
2817         (JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPrediction):
2818         (JSC::DFG::PredictionPropagationPhase::propagate):
2819         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
2820         * dfg/DFGSafeToExecute.h:
2821         (JSC::DFG::SafeToExecuteEdge::operator()):
2822         (JSC::DFG::safeToExecute):
2823         * dfg/DFGSilentRegisterSavePlan.h:
2824         * dfg/DFGSpeculativeJIT.cpp:
2825         (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
2826         (JSC::DFG::SpeculativeJIT::silentFill):
2827         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
2828         (JSC::DFG::SpeculativeJIT::compileInlineStart):
2829         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
2830         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
2831         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
2832         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
2833         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
2834         (JSC::DFG::SpeculativeJIT::compileAdd):
2835         (JSC::DFG::SpeculativeJIT::compileArithSub):
2836         (JSC::DFG::SpeculativeJIT::compileArithNegate):
2837         (JSC::DFG::SpeculativeJIT::compileArithMul):
2838         (JSC::DFG::SpeculativeJIT::compare):
2839         (JSC::DFG::SpeculativeJIT::compileStrictEq):
2840         (JSC::DFG::SpeculativeJIT::speculateMachineInt):
2841         (JSC::DFG::SpeculativeJIT::speculateNumber):
2842         (JSC::DFG::SpeculativeJIT::speculateRealNumber):
2843         (JSC::DFG::SpeculativeJIT::speculate):
2844         * dfg/DFGSpeculativeJIT.h:
2845         (JSC::DFG::SpeculativeJIT::canReuse):
2846         (JSC::DFG::SpeculativeJIT::isFilled):
2847         (JSC::DFG::SpeculativeJIT::isFilledDouble):
2848         (JSC::DFG::SpeculativeJIT::use):
2849         (JSC::DFG::SpeculativeJIT::isKnownInteger):
2850         (JSC::DFG::SpeculativeJIT::isKnownCell):
2851         (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
2852         (JSC::DFG::SpeculativeJIT::int52Result):
2853         (JSC::DFG::SpeculativeJIT::strictInt52Result):
2854         (JSC::DFG::SpeculativeJIT::initConstantInfo):
2855         (JSC::DFG::SpeculativeJIT::isInteger):
2856         (JSC::DFG::SpeculativeJIT::betterUseStrictInt52):
2857         (JSC::DFG::SpeculativeJIT::generationInfo):
2858         (JSC::DFG::SpeculateInt52Operand::SpeculateInt52Operand):
2859         (JSC::DFG::SpeculateInt52Operand::~SpeculateInt52Operand):
2860         (JSC::DFG::SpeculateInt52Operand::edge):
2861         (JSC::DFG::SpeculateInt52Operand::node):
2862         (JSC::DFG::SpeculateInt52Operand::gpr):
2863         (JSC::DFG::SpeculateInt52Operand::use):
2864         (JSC::DFG::SpeculateStrictInt52Operand::SpeculateStrictInt52Operand):
2865         (JSC::DFG::SpeculateStrictInt52Operand::~SpeculateStrictInt52Operand):
2866         (JSC::DFG::SpeculateStrictInt52Operand::edge):
2867         (JSC::DFG::SpeculateStrictInt52Operand::node):
2868         (JSC::DFG::SpeculateStrictInt52Operand::gpr):
2869         (JSC::DFG::SpeculateStrictInt52Operand::use):
2870         (JSC::DFG::SpeculateWhicheverInt52Operand::SpeculateWhicheverInt52Operand):
2871         (JSC::DFG::SpeculateWhicheverInt52Operand::~SpeculateWhicheverInt52Operand):
2872         (JSC::DFG::SpeculateWhicheverInt52Operand::edge):
2873         (JSC::DFG::SpeculateWhicheverInt52Operand::node):
2874         (JSC::DFG::SpeculateWhicheverInt52Operand::gpr):
2875         (JSC::DFG::SpeculateWhicheverInt52Operand::use):
2876         (JSC::DFG::SpeculateWhicheverInt52Operand::format):
2877         * dfg/DFGSpeculativeJIT32_64.cpp:
2878         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2879         (JSC::DFG::SpeculativeJIT::compile):
2880         * dfg/DFGSpeculativeJIT64.cpp:
2881         (JSC::DFG::SpeculativeJIT::boxInt52):
2882         (JSC::DFG::SpeculativeJIT::fillJSValue):
2883         (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
2884         (JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
2885         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2886         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2887         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
2888         (JSC::DFG::SpeculativeJIT::compileInt52Compare):
2889         (JSC::DFG::SpeculativeJIT::compilePeepHoleInt52Branch):
2890         (JSC::DFG::SpeculativeJIT::compile):
2891         * dfg/DFGUseKind.cpp:
2892         (WTF::printInternal):
2893         * dfg/DFGUseKind.h:
2894         (JSC::DFG::typeFilterFor):
2895         (JSC::DFG::isNumerical):
2896         * dfg/DFGValueSource.cpp:
2897         (JSC::DFG::ValueSource::dump):
2898         * dfg/DFGValueSource.h:
2899         (JSC::DFG::dataFormatToValueSourceKind):
2900         (JSC::DFG::valueSourceKindToDataFormat):
2901         (JSC::DFG::ValueSource::forFlushFormat):
2902         (JSC::DFG::ValueSource::valueRecovery):
2903         * dfg/DFGVariableAccessData.h:
2904         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
2905         (JSC::DFG::VariableAccessData::flushFormat):
2906         * ftl/FTLCArgumentGetter.cpp:
2907         (JSC::FTL::CArgumentGetter::loadNextAndBox):
2908         * ftl/FTLCArgumentGetter.h:
2909         * ftl/FTLCapabilities.cpp:
2910         (JSC::FTL::canCompile):
2911         * ftl/FTLExitValue.cpp:
2912         (JSC::FTL::ExitValue::dumpInContext):
2913         * ftl/FTLExitValue.h:
2914         (JSC::FTL::ExitValue::inJSStackAsInt52):
2915         * ftl/FTLIntrinsicRepository.h:
2916         * ftl/FTLLowerDFGToLLVM.cpp:
2917         (JSC::FTL::LowerDFGToLLVM::createPhiVariables):
2918         (JSC::FTL::LowerDFGToLLVM::compileNode):
2919         (JSC::FTL::LowerDFGToLLVM::compileUpsilon):
2920         (JSC::FTL::LowerDFGToLLVM::compilePhi):
2921         (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
2922         (JSC::FTL::LowerDFGToLLVM::compileAdd):
2923         (JSC::FTL::LowerDFGToLLVM::compileArithSub):
2924         (JSC::FTL::LowerDFGToLLVM::compileArithMul):
2925         (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
2926         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
2927         (JSC::FTL::LowerDFGToLLVM::compileCompareEq):
2928         (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
2929         (JSC::FTL::LowerDFGToLLVM::compileCompareLess):
2930         (JSC::FTL::LowerDFGToLLVM::compileCompareLessEq):
2931         (JSC::FTL::LowerDFGToLLVM::compileCompareGreater):
2932         (JSC::FTL::LowerDFGToLLVM::compileCompareGreaterEq):
2933         (JSC::FTL::LowerDFGToLLVM::lowInt32):
2934         (JSC::FTL::LowerDFGToLLVM::lowInt52):
2935         (JSC::FTL::LowerDFGToLLVM::lowStrictInt52):
2936         (JSC::FTL::LowerDFGToLLVM::betterUseStrictInt52):
2937         (JSC::FTL::LowerDFGToLLVM::bestInt52Kind):
2938         (JSC::FTL::LowerDFGToLLVM::opposite):
2939         (JSC::FTL::LowerDFGToLLVM::lowWhicheverInt52):
2940         (JSC::FTL::LowerDFGToLLVM::lowCell):
2941         (JSC::FTL::LowerDFGToLLVM::lowBoolean):
2942         (JSC::FTL::LowerDFGToLLVM::lowDouble):
2943         (JSC::FTL::LowerDFGToLLVM::lowJSValue):
2944         (JSC::FTL::LowerDFGToLLVM::strictInt52ToInt32):
2945         (JSC::FTL::LowerDFGToLLVM::strictInt52ToDouble):
2946         (JSC::FTL::LowerDFGToLLVM::strictInt52ToJSValue):
2947         (JSC::FTL::LowerDFGToLLVM::setInt52WithStrictValue):
2948         (JSC::FTL::LowerDFGToLLVM::strictInt52ToInt52):
2949         (JSC::FTL::LowerDFGToLLVM::int52ToStrictInt52):
2950         (JSC::FTL::LowerDFGToLLVM::speculateRealNumber):
2951         (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
2952         (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
2953         (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
2954         (JSC::FTL::LowerDFGToLLVM::setInt52):
2955         (JSC::FTL::LowerDFGToLLVM::setStrictInt52):
2956         * ftl/FTLOSRExitCompiler.cpp:
2957         (JSC::FTL::compileStub):
2958         * ftl/FTLOutput.h:
2959         (JSC::FTL::Output::addWithOverflow64):
2960         (JSC::FTL::Output::subWithOverflow64):
2961         (JSC::FTL::Output::mulWithOverflow64):
2962         * ftl/FTLValueFormat.cpp:
2963         (WTF::printInternal):
2964         * ftl/FTLValueFormat.h:
2965         * ftl/FTLValueSource.cpp:
2966         (JSC::FTL::ValueSource::dump):
2967         * ftl/FTLValueSource.h:
2968         * interpreter/Register.h:
2969         (JSC::Register::unboxedInt52):
2970         * runtime/Arguments.cpp:
2971         (JSC::Arguments::tearOffForInlineCallFrame):
2972         * runtime/IndexingType.cpp:
2973         (JSC::leastUpperBoundOfIndexingTypeAndType):
2974         * runtime/JSCJSValue.h:
2975         * runtime/JSCJSValueInlines.h:
2976         (JSC::JSValue::isMachineInt):
2977         (JSC::JSValue::asMachineInt):
2978
2979 2013-09-17  Michael Saboff  <msaboff@apple.com>
2980
2981         REGRESSION(r155771): js/stack-overflow-arrity-catch.html is crashing on non-Mac platforms
2982         https://bugs.webkit.org/show_bug.cgi?id=121376
2983
2984         Reviewed by Oliver Hunt.
2985
2986         Fix stack grow() call for stack growing down.  This should catch running out of stack space before
2987         we try to move the frame down due to arity mismatch.
2988
2989         * runtime/CommonSlowPaths.h:
2990         (JSC::CommonSlowPaths::arityCheckFor):
2991
2992 2013-09-18  Andreas Kling  <akling@apple.com>
2993
2994         YARR: Put UCS2 canonicalization tables in read-only memory.
2995         <https://webkit.org/b/121547>
2996
2997         Reviewed by Sam Weinig.
2998
2999         These tables never mutate so mark them const.
3000
3001 2013-09-18  Commit Queue  <commit-queue@webkit.org>
3002
3003         Unreviewed, rolling out r156019 and r156020.
3004         http://trac.webkit.org/changeset/156019
3005         http://trac.webkit.org/changeset/156020
3006         https://bugs.webkit.org/show_bug.cgi?id=121540
3007
3008         Broke tests (Requested by ap on #webkit).
3009
3010         * assembler/MacroAssemblerX86_64.h:
3011         * assembler/X86Assembler.h:
3012         * bytecode/DataFormat.h:
3013         (JSC::dataFormatToString):
3014         * bytecode/ExitKind.cpp:
3015         (JSC::exitKindToString):
3016         * bytecode/ExitKind.h:
3017         * bytecode/OperandsInlines.h:
3018         (JSC::::dumpInContext):
3019         * bytecode/SpeculatedType.cpp:
3020         (JSC::dumpSpeculation):
3021         (JSC::speculationToAbbreviatedString):
3022         (JSC::speculationFromValue):
3023         * bytecode/SpeculatedType.h:
3024         (JSC::isInt32SpeculationForArithmetic):
3025         (JSC::isInt48Speculation):
3026         (JSC::isMachineIntSpeculationForArithmetic):
3027         (JSC::isInt48AsDoubleSpeculation):
3028         (JSC::isRealNumberSpeculation):
3029         (JSC::isNumberSpeculation):
3030         (JSC::isNumberSpeculationExpectingDefined):
3031         * bytecode/ValueRecovery.h:
3032         (JSC::ValueRecovery::inGPR):
3033         (JSC::ValueRecovery::displacedInJSStack):
3034         (JSC::ValueRecovery::isAlreadyInJSStack):
3035         (JSC::ValueRecovery::gpr):
3036         (JSC::ValueRecovery::virtualRegister):
3037         (JSC::ValueRecovery::dumpInContext):
3038         * dfg/DFGAbstractInterpreter.h:
3039         (JSC::DFG::AbstractInterpreter::needsTypeCheck):
3040         (JSC::DFG::AbstractInterpreter::filterByType):
3041         * dfg/DFGAbstractInterpreterInlines.h:
3042         (JSC::DFG::::executeEffects):
3043         * dfg/DFGAbstractValue.cpp:
3044         (JSC::DFG::AbstractValue::set):
3045         (JSC::DFG::AbstractValue::checkConsistency):
3046         * dfg/DFGAbstractValue.h:
3047         (JSC::DFG::AbstractValue::validateType):
3048         * dfg/DFGArrayMode.cpp:
3049         (JSC::DFG::ArrayMode::refine):
3050         * dfg/DFGAssemblyHelpers.h:
3051         (JSC::DFG::AssemblyHelpers::unboxDouble):
3052         * dfg/DFGByteCodeParser.cpp:
3053         (JSC::DFG::ByteCodeParser::makeSafe):
3054         * dfg/DFGCSEPhase.cpp:
3055         (JSC::DFG::CSEPhase::canonicalize):
3056         (JSC::DFG::CSEPhase::pureCSE):
3057         (JSC::DFG::CSEPhase::getByValLoadElimination):
3058         (JSC::DFG::CSEPhase::performNodeCSE):
3059         * dfg/DFGClobberize.h:
3060         (JSC::DFG::clobberize):
3061         * dfg/DFGCommon.h:
3062         * dfg/DFGFixupPhase.cpp:
3063         (JSC::DFG::FixupPhase::run):
3064         (JSC::DFG::FixupPhase::fixupNode):
3065         (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
3066         (JSC::DFG::FixupPhase::observeUseKindOnNode):
3067         (JSC::DFG::FixupPhase::fixEdge):
3068         (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
3069         (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
3070         * dfg/DFGFlushFormat.cpp:
3071         (WTF::printInternal):
3072         * dfg/DFGFlushFormat.h:
3073         (JSC::DFG::resultFor):
3074         (JSC::DFG::useKindFor):
3075         * dfg/DFGGenerationInfo.h:
3076         (JSC::DFG::GenerationInfo::initInt32):
3077         (JSC::DFG::GenerationInfo::fillInt32):
3078         * dfg/DFGGraph.cpp:
3079         (JSC::DFG::Graph::dump):
3080         * dfg/DFGGraph.h:
3081         (JSC::DFG::Graph::addShouldSpeculateMachineInt):
3082         (JSC::DFG::Graph::mulShouldSpeculateMachineInt):
3083         (JSC::DFG::Graph::negateShouldSpeculateMachineInt):
3084         * dfg/DFGInPlaceAbstractState.cpp:
3085         (JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
3086         * dfg/DFGJITCode.cpp:
3087         (JSC::DFG::JITCode::reconstruct):
3088         * dfg/DFGMinifiedNode.h:
3089         (JSC::DFG::belongsInMinifiedGraph):
3090         (JSC::DFG::MinifiedNode::hasChild):
3091         * dfg/DFGNode.h:
3092         (JSC::DFG::Node::shouldSpeculateNumber):
3093         (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
3094         (JSC::DFG::Node::canSpeculateInt48):
3095         * dfg/DFGNodeFlags.h:
3096         (JSC::DFG::nodeCanSpeculateInt48):
3097         * dfg/DFGNodeType.h:
3098         (JSC::DFG::forwardRewiringSelectionScore):
3099         * dfg/DFGOSRExitCompiler.cpp:
3100         (JSC::DFG::shortOperandsDump):
3101         * dfg/DFGOSRExitCompiler64.cpp:
3102         (JSC::DFG::OSRExitCompiler::compileExit):
3103         * dfg/DFGPredictionPropagationPhase.cpp:
3104         (JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPrediction):
3105         (JSC::DFG::PredictionPropagationPhase::propagate):
3106         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
3107         * dfg/DFGSafeToExecute.h:
3108         (JSC::DFG::SafeToExecuteEdge::operator()):
3109         (JSC::DFG::safeToExecute):
3110         * dfg/DFGSilentRegisterSavePlan.h:
3111         * dfg/DFGSpeculativeJIT.cpp:
3112         (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
3113         (JSC::DFG::SpeculativeJIT::silentFill):
3114         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
3115         (JSC::DFG::SpeculativeJIT::compileInlineStart):
3116         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
3117         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
3118         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
3119         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
3120         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
3121         (JSC::DFG::SpeculativeJIT::compileAdd):
3122         (JSC::DFG::SpeculativeJIT::compileArithSub):
3123         (JSC::DFG::SpeculativeJIT::compileArithNegate):
3124         (JSC::DFG::SpeculativeJIT::compileArithMul):
3125         (JSC::DFG::SpeculativeJIT::compare):
3126         (JSC::DFG::SpeculativeJIT::compileStrictEq):
3127         (JSC::DFG::SpeculativeJIT::speculateNumber):
3128         (JSC::DFG::SpeculativeJIT::speculateRealNumber):
3129         (JSC::DFG::SpeculativeJIT::speculate):
3130         * dfg/DFGSpeculativeJIT.h:
3131         (JSC::DFG::SpeculativeJIT::canReuse):
3132         (JSC::DFG::SpeculativeJIT::isFilled):
3133         (JSC::DFG::SpeculativeJIT::isFilledDouble):
3134         (JSC::DFG::SpeculativeJIT::use):
3135         (JSC::DFG::SpeculativeJIT::boxDouble):
3136         (JSC::DFG::SpeculativeJIT::isKnownInteger):
3137         (JSC::DFG::SpeculativeJIT::isKnownCell):
3138         (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
3139         (JSC::DFG::SpeculativeJIT::int32Result):
3140         (JSC::DFG::SpeculativeJIT::initConstantInfo):
3141         (JSC::DFG::SpeculativeJIT::isInteger):
3142         (JSC::DFG::SpeculativeJIT::generationInfoFromVirtualRegister):
3143         * dfg/DFGSpeculativeJIT32_64.cpp:
3144         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3145         (JSC::DFG::SpeculativeJIT::compile):
3146         * dfg/DFGSpeculativeJIT64.cpp:
3147         (JSC::DFG::SpeculativeJIT::fillJSValue):
3148         (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
3149         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3150         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
3151         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
3152         (JSC::DFG::SpeculativeJIT::compile):
3153         * dfg/DFGUseKind.cpp:
3154         (WTF::printInternal):
3155         * dfg/DFGUseKind.h:
3156         (JSC::DFG::typeFilterFor):
3157         (JSC::DFG::isNumerical):
3158         * dfg/DFGValueSource.cpp:
3159         (JSC::DFG::ValueSource::dump):
3160         * dfg/DFGValueSource.h:
3161         (JSC::DFG::dataFormatToValueSourceKind):
3162         (JSC::DFG::valueSourceKindToDataFormat):
3163         (JSC::DFG::ValueSource::forFlushFormat):
3164         (JSC::DFG::ValueSource::valueRecovery):
3165         * dfg/DFGVariableAccessData.h:
3166         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
3167         (JSC::DFG::VariableAccessData::flushFormat):
3168         * ftl/FTLCArgumentGetter.cpp:
3169         (JSC::FTL::CArgumentGetter::loadNextAndBox):
3170         * ftl/FTLCArgumentGetter.h:
3171         * ftl/FTLCapabilities.cpp:
3172         (JSC::FTL::canCompile):
3173         * ftl/FTLExitValue.cpp:
3174         (JSC::FTL::ExitValue::dumpInContext):
3175         * ftl/FTLExitValue.h:
3176         * ftl/FTLIntrinsicRepository.h:
3177         * ftl/FTLLowerDFGToLLVM.cpp:
3178         (JSC::FTL::LowerDFGToLLVM::createPhiVariables):
3179         (JSC::FTL::LowerDFGToLLVM::compileNode):
3180         (JSC::FTL::LowerDFGToLLVM::compileUpsilon):
3181         (JSC::FTL::LowerDFGToLLVM::compilePhi):
3182         (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
3183         (JSC::FTL::LowerDFGToLLVM::compileAdd):
3184         (JSC::FTL::LowerDFGToLLVM::compileArithSub):
3185         (JSC::FTL::LowerDFGToLLVM::compileArithMul):
3186         (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
3187         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
3188         (JSC::FTL::LowerDFGToLLVM::compileCompareEq):
3189         (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
3190         (JSC::FTL::LowerDFGToLLVM::compileCompareLess):
3191         (JSC::FTL::LowerDFGToLLVM::compileCompareLessEq):
3192         (JSC::FTL::LowerDFGToLLVM::compileCompareGreater):
3193         (JSC::FTL::LowerDFGToLLVM::compileCompareGreaterEq):
3194         (JSC::FTL::LowerDFGToLLVM::lowInt32):
3195         (JSC::FTL::LowerDFGToLLVM::lowCell):
3196         (JSC::FTL::LowerDFGToLLVM::lowBoolean):
3197         (JSC::FTL::LowerDFGToLLVM::lowDouble):
3198         (JSC::FTL::LowerDFGToLLVM::lowJSValue):
3199         (JSC::FTL::LowerDFGToLLVM::speculateRealNumber):
3200         (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
3201         (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
3202         (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
3203         (JSC::FTL::LowerDFGToLLVM::setInt32):
3204         * ftl/FTLOSRExitCompiler.cpp:
3205         (JSC::FTL::compileStub):
3206         * ftl/FTLOutput.h:
3207         (JSC::FTL::Output::mulWithOverflow32):
3208         * ftl/FTLValueFormat.cpp:
3209         (WTF::printInternal):
3210         * ftl/FTLValueFormat.h:
3211         * ftl/FTLValueSource.cpp:
3212         (JSC::FTL::ValueSource::dump):
3213         * ftl/FTLValueSource.h:
3214         * interpreter/Register.h:
3215         * runtime/Arguments.cpp:
3216         (JSC::Arguments::tearOffForInlineCallFrame):
3217         * runtime/IndexingType.cpp:
3218         (JSC::leastUpperBoundOfIndexingTypeAndType):
3219         * runtime/JSCJSValue.h:
3220         * runtime/JSCJSValueInlines.h:
3221
3222 2013-09-17  Filip Pizlo  <fpizlo@apple.com>
3223
3224         Unreviewed, fix 32-bit build.
3225
3226         * runtime/JSCJSValue.h:
3227
3228 2013-09-16  Filip Pizlo  <fpizlo@apple.com>
3229
3230         DFG should support Int52 for local variables
3231         https://bugs.webkit.org/show_bug.cgi?id=121064
3232
3233         Reviewed by Oliver Hunt.
3234         
3235         This adds Int52 support for local variables to the DFG and FTL. It's a speed-up on
3236         programs that have local int32 overflows but where a larger int representation can
3237         prevent us from having to convert all the way up to double.
3238         
3239         It's a small speed-up for now. But we're just supporting Int52 for a handful of
3240         operations (add, sub, mul, neg, compare, bitops, typed array access) and this lays
3241         the groundwork for adding Int52 to JSValue, which will probably be a bigger
3242         speed-up.
3243         
3244         The basic approach is:
3245         
3246         - We have a notion of Int52 in our typesystem. Int52 doesn't belong to BytecodeTop
3247           or HeapTop - i.e. it doesn't arise from JSValues.
3248         
3249         - DFG treats Int52 as being part of its FullTop and will treat it as being a
3250           subtype of double unless instructed otherwise.
3251         
3252         - Prediction propagator creates Int52s whenever we have a node going doubly but due
3253           to large values rather than fractional values, and that node is known to be able
3254           to produce Int52 natively in the DFG backend.
3255         
3256         - Fixup phase converts edges to MachineIntUses in nodes that are known to be able
3257           to deal with Int52, and where we have a subtype of Int32|Int52 as the predicted
3258           input.
3259         
3260         - The DFG backend and FTL LLVM IR lowering have two notions of Int52s - ones that
3261           are left-shifted by 16 (great for overflow checks) and ones that are
3262           sign-extended. Both backends know how to convert between Int52s and the other
3263           representations.
3264
3265         * assembler/MacroAssemblerX86_64.h:
3266         (JSC::MacroAssemblerX86_64::rshift64):
3267         (JSC::MacroAssemblerX86_64::mul64):
3268         (JSC::MacroAssemblerX86_64::branchMul64):
3269         (JSC::MacroAssemblerX86_64::branchNeg64):
3270         (JSC::MacroAssemblerX86_64::convertInt64ToDouble):
3271         * assembler/X86Assembler.h:
3272         (JSC::X86Assembler::imulq_rr):
3273         (JSC::X86Assembler::cvtsi2sdq_rr):
3274         * bytecode/DataFormat.h:
3275         (JSC::dataFormatToString):
3276         * bytecode/OperandsInlines.h:
3277         (JSC::::dumpInContext):
3278         * bytecode/SpeculatedType.cpp:
3279         (JSC::dumpSpeculation):
3280         (JSC::speculationToAbbreviatedString):
3281         (JSC::speculationFromValue):
3282         * bytecode/SpeculatedType.h:
3283         (JSC::isInt32SpeculationForArithmetic):
3284         (JSC::isMachineIntSpeculationForArithmetic):
3285         (JSC::isBytecodeRealNumberSpeculation):
3286         (JSC::isFullRealNumberSpeculation):
3287         (JSC::isBytecodeNumberSpeculation):
3288         (JSC::isFullNumberSpeculation):
3289         (JSC::isBytecodeNumberSpeculationExpectingDefined):
3290         (JSC::isFullNumberSpeculationExpectingDefined):
3291         * bytecode/ValueRecovery.h:
3292         (JSC::ValueRecovery::alreadyInJSStackAsUnboxedInt52):
3293         (JSC::ValueRecovery::inGPR):
3294         (JSC::ValueRecovery::displacedInJSStack):
3295         (JSC::ValueRecovery::isAlreadyInJSStack):
3296         (JSC::ValueRecovery::gpr):
3297         (JSC::ValueRecovery::virtualRegister):
3298         (JSC::ValueRecovery::dumpInContext):
3299         * dfg/DFGAbstractInterpreter.h:
3300         (JSC::DFG::AbstractInterpreter::needsTypeCheck):
3301         (JSC::DFG::AbstractInterpreter::filterByType):
3302         * dfg/DFGAbstractInterpreterInlines.h:
3303         (JSC::DFG::::executeEffects):
3304         * dfg/DFGAbstractValue.cpp:
3305         (JSC::DFG::AbstractValue::set):
3306         (JSC::DFG::AbstractValue::checkConsistency):
3307         * dfg/DFGAbstractValue.h:
3308         (JSC::DFG::AbstractValue::couldBeType):
3309         (JSC::DFG::AbstractValue::isType):
3310         (JSC::DFG::AbstractValue::checkConsistency):
3311         (JSC::DFG::AbstractValue::validateType):
3312         * dfg/DFGArrayMode.cpp:
3313         (JSC::DFG::ArrayMode::refine):
3314         * dfg/DFGAssemblyHelpers.h:
3315         (JSC::DFG::AssemblyHelpers::boxInt52):
3316         * dfg/DFGCSEPhase.cpp:
3317         (JSC::DFG::CSEPhase::pureCSE):
3318         (JSC::DFG::CSEPhase::getByValLoadElimination):
3319         (JSC::DFG::CSEPhase::performNodeCSE):
3320         * dfg/DFGClobberize.h:
3321         (JSC::DFG::clobberize):
3322         * dfg/DFGCommon.h:
3323         (JSC::DFG::enableInt52):
3324         * dfg/DFGFixupPhase.cpp:
3325         (JSC::DFG::FixupPhase::run):
3326         (JSC::DFG::FixupPhase::fixupNode):
3327         (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
3328         (JSC::DFG::FixupPhase::fixupUntypedSetLocalsInBlock):
3329         (JSC::DFG::FixupPhase::observeUseKindOnNode):
3330         (JSC::DFG::FixupPhase::fixEdge):
3331         (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
3332         (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
3333         * dfg/DFGFlushFormat.cpp:
3334         (WTF::printInternal):
3335         * dfg/DFGFlushFormat.h:
3336         (JSC::DFG::resultFor):
3337         (JSC::DFG::useKindFor):
3338         * dfg/DFGGenerationInfo.h:
3339         (JSC::DFG::GenerationInfo::initInt52):
3340         (JSC::DFG::GenerationInfo::initStrictInt52):
3341         (JSC::DFG::GenerationInfo::isFormat):
3342         (JSC::DFG::GenerationInfo::isInt52):
3343         (JSC::DFG::GenerationInfo::isStrictInt52):
3344         (JSC::DFG::GenerationInfo::fillInt52):
3345         (JSC::DFG::GenerationInfo::fillStrictInt52):
3346         * dfg/DFGGraph.cpp:
3347         (JSC::DFG::Graph::dump):
3348         * dfg/DFGGraph.h:
3349         (JSC::DFG::Graph::addShouldSpeculateMachineInt):
3350         (JSC::DFG::Graph::mulShouldSpeculateMachineInt):
3351         (JSC::DFG::Graph::negateShouldSpeculateMachineInt):
3352         * dfg/DFGInPlaceAbstractState.cpp:
3353         (JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
3354         * dfg/DFGJITCode.cpp:
3355         (JSC::DFG::JITCode::reconstruct):
3356         * dfg/DFGMinifiedNode.h:
3357         (JSC::DFG::belongsInMinifiedGraph):
3358         (JSC::DFG::MinifiedNode::hasChild):
3359         * dfg/DFGNode.h:
3360         (JSC::DFG::Node::shouldSpeculateNumber):
3361         (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
3362         * dfg/DFGNodeFlags.h:
3363         * dfg/DFGNodeType.h:
3364         (JSC::DFG::forwardRewiringSelectionScore):
3365         * dfg/DFGOSRExitCompiler.cpp:
3366         * dfg/DFGOSRExitCompiler64.cpp:
3367         (JSC::DFG::OSRExitCompiler::compileExit):
3368         * dfg/DFGPredictionPropagationPhase.cpp:
3369         (JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPrediction):
3370         (JSC::DFG::PredictionPropagationPhase::propagate):
3371         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
3372         * dfg/DFGSafeToExecute.h:
3373         (JSC::DFG::SafeToExecuteEdge::operator()):
3374         (JSC::DFG::safeToExecute):
3375         * dfg/DFGSilentRegisterSavePlan.h:
3376         * dfg/DFGSpeculativeJIT.cpp:
3377         (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
3378         (JSC::DFG::SpeculativeJIT::silentFill):
3379         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
3380         (JSC::DFG::SpeculativeJIT::compileInlineStart):
3381         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
3382         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
3383         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
3384         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
3385         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
3386         (JSC::DFG::SpeculativeJIT::compileAdd):
3387         (JSC::DFG::SpeculativeJIT::compileArithSub):
3388         (JSC::DFG::SpeculativeJIT::compileArithNegate):
3389         (JSC::DFG::SpeculativeJIT::compileArithMul):
3390         (JSC::DFG::SpeculativeJIT::compare):
3391         (JSC::DFG::SpeculativeJIT::compileStrictEq):
3392         (JSC::DFG::SpeculativeJIT::speculateMachineInt):
3393         (JSC::DFG::SpeculativeJIT::speculateNumber):
3394         (JSC::DFG::SpeculativeJIT::speculateRealNumber):
3395         (JSC::DFG::SpeculativeJIT::speculate):
3396         * dfg/DFGSpeculativeJIT.h:
3397         (JSC::DFG::SpeculativeJIT::canReuse):
3398         (JSC::DFG::SpeculativeJIT::isFilled):
3399         (JSC::DFG::SpeculativeJIT::isFilledDouble):
3400         (JSC::DFG::SpeculativeJIT::use):
3401         (JSC::DFG::SpeculativeJIT::isKnownInteger):
3402         (JSC::DFG::SpeculativeJIT::isKnownCell):
3403         (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
3404         (JSC::DFG::SpeculativeJIT::int52Result):
3405         (JSC::DFG::SpeculativeJIT::strictInt52Result):
3406         (JSC::DFG::SpeculativeJIT::initConstantInfo):
3407         (JSC::DFG::SpeculativeJIT::isInteger):
3408         (JSC::DFG::SpeculativeJIT::betterUseStrictInt52):
3409         (JSC::DFG::SpeculativeJIT::generationInfo):
3410         (JSC::DFG::SpeculateInt52Operand::SpeculateInt52Operand):
3411         (JSC::DFG::SpeculateInt52Operand::~SpeculateInt52Operand):
3412         (JSC::DFG::SpeculateInt52Operand::edge):
3413         (JSC::DFG::SpeculateInt52Operand::node):
3414         (JSC::DFG::SpeculateInt52Operand::gpr):
3415         (JSC::DFG::SpeculateInt52Operand::use):
3416         (JSC::DFG::SpeculateStrictInt52Operand::SpeculateStrictInt52Operand):
3417         (JSC::DFG::SpeculateStrictInt52Operand::~SpeculateStrictInt52Operand):
3418         (JSC::DFG::SpeculateStrictInt52Operand::edge):
3419         (JSC::DFG::SpeculateStrictInt52Operand::node):
3420         (JSC::DFG::SpeculateStrictInt52Operand::gpr):
3421         (JSC::DFG::SpeculateStrictInt52Operand::use):