Towards 8 Bit Strings: Templatize JSC::Parser class by Lexer type
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-11-08  Michael Saboff  <msaboff@apple.com>
2
3         Towards 8 Bit Strings: Templatize JSC::Parser class by Lexer type
4         https://bugs.webkit.org/show_bug.cgi?id=71761
5
6         Templatized Parser based on Lexer<T>. Moved two enums,
7         SourceElementsMode and FunctionRequirements out of Parser definition
8         to work around a clang compiler defect.
9
10         Cleaned up SourceCode data() to return StringImpl* and eliminated
11         the recently added stringData() virtual method.
12
13         To keep code in Parser.cpp and keep Parser.h small, the two flavors
14         of Parser are explicitly instantiated at the end of Parser.cpp.
15
16         Reviewed by Gavin Barraclough.
17
18         * interpreter/Interpreter.cpp:
19         (JSC::appendSourceToError):
20         * parser/Lexer.cpp:
21         (JSC::::setCode):
22         (JSC::::sourceCode):
23         * parser/Parser.cpp:
24         (JSC::::Parser):
25         (JSC::::~Parser):
26         (JSC::::parseInner):
27         (JSC::::didFinishParsing):
28         (JSC::::allowAutomaticSemicolon):
29         (JSC::::parseSourceElements):
30         (JSC::::parseVarDeclaration):
31         (JSC::::parseConstDeclaration):
32         (JSC::::parseDoWhileStatement):
33         (JSC::::parseWhileStatement):
34         (JSC::::parseVarDeclarationList):
35         (JSC::::parseConstDeclarationList):
36         (JSC::::parseForStatement):
37         (JSC::::parseBreakStatement):
38         (JSC::::parseContinueStatement):
39         (JSC::::parseReturnStatement):
40         (JSC::::parseThrowStatement):
41         (JSC::::parseWithStatement):
42         (JSC::::parseSwitchStatement):
43         (JSC::::parseSwitchClauses):
44         (JSC::::parseSwitchDefaultClause):
45         (JSC::::parseTryStatement):
46         (JSC::::parseDebuggerStatement):
47         (JSC::::parseBlockStatement):
48         (JSC::::parseStatement):
49         (JSC::::parseFormalParameters):
50         (JSC::::parseFunctionBody):
51         (JSC::::parseFunctionInfo):
52         (JSC::::parseFunctionDeclaration):
53         (JSC::::parseExpressionOrLabelStatement):
54         (JSC::::parseExpressionStatement):
55         (JSC::::parseIfStatement):
56         (JSC::::parseExpression):
57         (JSC::::parseAssignmentExpression):
58         (JSC::::parseConditionalExpression):
59         (JSC::::isBinaryOperator):
60         (JSC::::parseBinaryExpression):
61         (JSC::::parseProperty):
62         (JSC::::parseObjectLiteral):
63         (JSC::::parseStrictObjectLiteral):
64         (JSC::::parseArrayLiteral):
65         (JSC::::parsePrimaryExpression):
66         (JSC::::parseArguments):
67         (JSC::::parseMemberExpression):
68         (JSC::::parseUnaryExpression):
69         * parser/Parser.h:
70         (JSC::::parse):
71         (JSC::parse):
72         * parser/SourceCode.h:
73         (JSC::SourceCode::data):
74         (JSC::SourceCode::subExpression):
75         * parser/SourceProvider.h:
76         (JSC::UStringSourceProvider::data):
77
78 2011-11-08  Gavin Barraclough  <barraclough@apple.com>
79
80         Fix PropertyAccessRecords in DFG JIT to take account of branch compaction.
81         https://bugs.webkit.org/show_bug.cgi?id=71855
82
83         Reviewed by Filip Pizlo.
84
85         The DFG JIT presently calculates a set of offsets early, before branches have been compacted.
86         This won't work on ARMv7.
87
88         * assembler/AbstractMacroAssembler.h:
89         (JSC::AbstractMacroAssembler::differenceBetweenCodePtr):
90         * assembler/LinkBuffer.h:
91         (JSC::LinkBuffer::locationOf):
92         * dfg/DFGJITCodeGenerator32_64.cpp:
93         (JSC::DFG::JITCodeGenerator::cachedGetById):
94         (JSC::DFG::JITCodeGenerator::cachedPutById):
95         * dfg/DFGJITCodeGenerator64.cpp:
96         (JSC::DFG::JITCodeGenerator::cachedGetById):
97         (JSC::DFG::JITCodeGenerator::cachedPutById):
98         * dfg/DFGJITCompiler.cpp:
99         (JSC::DFG::JITCompiler::link):
100         * dfg/DFGJITCompiler.h:
101         (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
102         (JSC::DFG::JITCompiler::addPropertyAccess):
103
104 2011-11-08  Gavin Barraclough  <barraclough@apple.com>
105
106         DFG JIT calculation of OSR entry points is not THUMB2 safe
107         https://bugs.webkit.org/show_bug.cgi?id=71852
108
109         Reviewed by Oliver Hunt.
110
111         Executable addresses are tagged with a low bit set to distinguish
112         between THUMB2 and traditional ARM.
113
114         * dfg/DFGJITCompiler.cpp:
115         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
116         * dfg/DFGJITCompiler32_64.cpp:
117         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
118         * dfg/DFGOSREntry.cpp:
119         (JSC::DFG::prepareOSREntry):
120         * jit/JITCode.h:
121         (JSC::JITCode::executableAddressAtOffset):
122         (JSC::JITCode::start):
123         (JSC::JITCode::size):
124
125 2011-11-08  Michael Saboff  <msaboff@apple.com>
126
127         JSC::Parser::Parser leaks Lexer member
128         https://bugs.webkit.org/show_bug.cgi?id=71847
129
130         Changed m_lexer member of Parser to be OwnPtr to fix a memory leak.
131
132         Reviewed by Oliver Hunt.
133
134         * parser/Parser.cpp:
135         (JSC::Parser::Parser):
136         (JSC::Parser::parseFunctionBody):
137         * parser/Parser.h:
138
139 2011-11-08  Yuqiang Xian  <yuqiang.xian@intel.com>
140
141         Enable DFG JIT by default on X86 Linux and Mac platforms
142         https://bugs.webkit.org/show_bug.cgi?id=71686
143
144         Reviewed by Filip Pizlo.
145
146         We can get 9% on SunSpider, 89% on Kraken and 37% on V8, on Linux X86.
147
148         * wtf/Platform.h:
149
150 2011-11-08  Yuqiang Xian  <yuqiang.xian@intel.com>
151
152         DFG 32_64 - update make lists for efl, gtk, and Qt ports with DFG change r99519
153         https://bugs.webkit.org/show_bug.cgi?id=71768
154
155         Reviewed by Geoffrey Garen.
156
157         Also includes a fix to make the newly introduced AssemblyHelpers
158         friend of JSValue as we need the Tag definitions.
159
160         * CMakeListsEfl.txt:
161         * GNUmakefile.list.am:
162         * Target.pri:
163         * runtime/JSValue.h:
164
165 2011-11-07  Yuqiang Xian  <yuqiang.xian@intel.com>
166
167         Fix gcc 4.4 compilation warnings in DFG 32_64
168         https://bugs.webkit.org/show_bug.cgi?id=71762
169
170         Reviewed by Filip Pizlo.
171
172         * dfg/DFGJITCodeGenerator.h:
173         (JSC::DFG::JITCodeGenerator::registersMatched):
174
175 2011-11-07  Filip Pizlo  <fpizlo@apple.com>
176
177         DFG code base should allow for classes not related to DFG::JITCompiler
178         to use DFG idioms
179         https://bugs.webkit.org/show_bug.cgi?id=71746
180
181         Reviewed by Gavin Barraclough.
182
183         * JavaScriptCore.xcodeproj/project.pbxproj:
184         * dfg/DFGAssemblyHelpers.cpp: Added.
185         (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
186         (JSC::DFG::AssemblyHelpers::emitCount):
187         (JSC::DFG::AssemblyHelpers::setSamplingFlag):
188         (JSC::DFG::AssemblyHelpers::clearSamplingFlag):
189         (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
190         (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
191         (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
192         (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
193         (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
194         * dfg/DFGAssemblyHelpers.h: Added.
195         * dfg/DFGJITCompiler.cpp:
196         * dfg/DFGJITCompiler.h:
197         (JSC::DFG::JITCompiler::JITCompiler):
198         (JSC::DFG::JITCompiler::graph):
199         * dfg/DFGJITCompiler32_64.cpp:
200         * dfg/DFGOSRExit.h: Added.
201         (JSC::DFG::SpeculationRecovery::SpeculationRecovery):
202         (JSC::DFG::SpeculationRecovery::type):
203         (JSC::DFG::SpeculationRecovery::dest):
204         (JSC::DFG::SpeculationRecovery::src):
205         (JSC::DFG::OSRExit::numberOfRecoveries):
206         (JSC::DFG::OSRExit::valueRecovery):
207         (JSC::DFG::OSRExit::isArgument):
208         (JSC::DFG::OSRExit::isVariable):
209         (JSC::DFG::OSRExit::argumentForIndex):
210         (JSC::DFG::OSRExit::variableForIndex):
211         (JSC::DFG::OSRExit::operandForArgument):
212         (JSC::DFG::OSRExit::operandForIndex):
213         * dfg/DFGSpeculativeJIT.h:
214
215 2011-11-07  Filip Pizlo  <fpizlo@apple.com>
216
217         Switch back to 1+1 value profiling buckets, since it didn't help on arewefastyet,
218         but it appears to help on other benchmarks.
219
220         Rubber stamped by Oliver Hunt.
221
222         * bytecode/ValueProfile.h:
223
224 2011-11-07  Ariya Hidayat  <ariya@sencha.com>
225
226         "use strict" can not contain escape sequences or line continuation
227         https://bugs.webkit.org/show_bug.cgi?id=71532
228
229         Reviewed by Darin Adler.
230
231         Store the actual literal length (before the escapes and line
232         continuation are encoded) while parsing the directive and use it
233         for the directive comparison.
234
235         * parser/Parser.cpp:
236         (JSC::Parser::parseSourceElements):
237         (JSC::Parser::parseStatement):
238         * parser/Parser.h:
239
240 2011-11-06  Filip Pizlo  <fpizlo@apple.com>
241
242         DFG operationCreateThis slow path may get the wrong callee in case of inlining
243         https://bugs.webkit.org/show_bug.cgi?id=71647
244
245         Reviewed by Oliver Hunt.
246         
247         No new tests because I only saw this manifest itself when I had other bugs
248         leading to spurious slow path executions.
249
250         * dfg/DFGJITCodeGenerator.h:
251         (JSC::DFG::callOperation):
252         * dfg/DFGOperations.cpp:
253         * dfg/DFGOperations.h:
254         * dfg/DFGSpeculativeJIT32_64.cpp:
255         (JSC::DFG::SpeculativeJIT::compile):
256         * dfg/DFGSpeculativeJIT64.cpp:
257         (JSC::DFG::SpeculativeJIT::compile):
258
259 2011-11-07  Mark Hahnenberg  <mhahnenberg@apple.com>
260
261         De-virtualize JSObject::putWithAttributes
262         https://bugs.webkit.org/show_bug.cgi?id=71716
263
264         Reviewed by Darin Adler.
265
266         Added putWithAttributes to the MethodTable, changed all the virtual 
267         implementations of putWithAttributes to static ones, and replaced 
268         all call sites with corresponding lookups in the MethodTable.
269
270         * API/JSObjectRef.cpp:
271         (JSObjectSetProperty):
272         * JavaScriptCore.exp:
273         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
274         * debugger/DebuggerActivation.cpp:
275         (JSC::DebuggerActivation::putWithAttributes):
276         * debugger/DebuggerActivation.h:
277         * interpreter/Interpreter.cpp:
278         (JSC::Interpreter::execute):
279         * runtime/ClassInfo.h:
280         * runtime/JSActivation.cpp:
281         (JSC::JSActivation::putWithAttributes):
282         * runtime/JSActivation.h:
283         * runtime/JSCell.cpp:
284         (JSC::JSCell::putWithAttributes):
285         * runtime/JSCell.h:
286         * runtime/JSGlobalObject.cpp:
287         (JSC::JSGlobalObject::putWithAttributes):
288         * runtime/JSGlobalObject.h:
289         * runtime/JSObject.cpp:
290         (JSC::JSObject::putWithAttributes):
291         (JSC::putDescriptor):
292         * runtime/JSObject.h:
293         * runtime/JSStaticScopeObject.cpp:
294         (JSC::JSStaticScopeObject::putWithAttributes):
295         * runtime/JSStaticScopeObject.h:
296         * runtime/JSVariableObject.cpp:
297         (JSC::JSVariableObject::putWithAttributes):
298         * runtime/JSVariableObject.h:
299
300 2011-11-07  Dmitry Lomov  <dslomov@google.com>
301
302         Unreviewed. Release build fix.
303
304         * parser/Lexer.cpp:
305         (JSC::assertCharIsIn8BitRange):
306
307 2011-11-07  Filip Pizlo  <fpizlo@apple.com>
308
309         Switch the value profiler back to 8 buckets, because we suspect that while this
310         is more expensive it's also more stable.
311
312         Rubber stamped by Geoff Garen.
313
314         * bytecode/ValueProfile.h:
315
316 2011-11-07  Andrew Wason  <rectalogic@rectalogic.com>
317
318         Uninitialized Heap member var
319         https://bugs.webkit.org/show_bug.cgi?id=71722
320
321         Reviewed by Filip Pizlo.
322
323         * heap/Heap.cpp:
324         (JSC::Heap::Heap): Initialize m_blockFreeingThreadShouldQuit
325
326 2011-11-07  Yuqiang Xian  <yuqiang.xian@intel.com>
327
328         DFG 32_64 - registers cannot be reused arbitrarily if speculation failures are possible
329         https://bugs.webkit.org/show_bug.cgi?id=71684
330
331         Reviewed by Filip Pizlo.
332
333         Currently in DFG JIT, we try to reuse the physical register of an
334         operand for temporary usage if the current use of the operand is the
335         last use. But sometimes this can be wrong, for example if there are
336         possible speculation failures and we need to fallback to baseline JIT,
337         the value of the operand which is supposed to be hold in the physical
338         register can be modified by register reusing. The fixes the last
339         inspector failures in layout test on Mac 32-bit if switching on DFG.
340
341         * dfg/DFGSpeculativeJIT32_64.cpp:
342         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
343         (JSC::DFG::SpeculativeJIT::compile):
344
345 2011-11-07  Ryosuke Niwa  <rniwa@webkit.org>
346
347         REGRESSION(r99436): Broke Snow Leopard debug build
348         https://bugs.webkit.org/show_bug.cgi?id=71713
349
350         Reviewed by Darin Adler.
351
352         Put the assertion in a template and use template specialization
353         to avoid warning when instantiated with UChar or LChar.
354
355         In the long term, we should have traits for unsigned integral types
356         and use that to specialize template instead of specializing it for UChar and LChar.
357
358         * parser/Lexer.cpp:
359         (JSC::assertCharIsIn8BitRange):
360         (JSC::::append8):
361
362 2011-11-07  ChangSeok Oh  <shivamidow@gmail.com>
363
364         [EFL] Support requestAnimationFrame API
365         https://bugs.webkit.org/show_bug.cgi?id=67112
366
367         Reviewed by Andreas Kling.
368
369         Let EFL port use REQUEST_ANIMATION_FRAME_TIMER.
370
371         * wtf/Platform.h:
372
373 2011-11-07  Michael Saboff  <msaboff@apple.com>
374
375         Towards 8 Bit Strings: Templatize JSC::Lexer class by character type
376         https://bugs.webkit.org/show_bug.cgi?id=71331
377
378         Change the Lexer class to be a template class based on the character
379         type of the source.  In the process updated the parseIdentifier()
380         and parseString() methods to create 8 bit strings where possible.
381         Also added some helper methods for accumulating temporary string
382         data in the 8 and 16 bit vectors.
383
384         Changed the SourceProvider::data() virtual method to return a
385         StringImpl* instead of a UChar*.
386
387         Updated the KeywordLookup generator to create code to match keywords
388         for both 8 and 16 bit source strings.
389
390         Due to a compiler bug (<rdar://problem/10194295>) moved enum
391         definition outside of Lexer class declaration.  Remove second enum
392         no longer needed.
393
394         Reviewed by Darin Adler.
395
396         * KeywordLookupGenerator.py:
397         * interpreter/Interpreter.cpp:
398         (JSC::Interpreter::callEval):
399         * parser/Lexer.cpp:
400         (JSC::::Lexer):
401         (JSC::::~Lexer):
402         (JSC::::getInvalidCharMessage):
403         (JSC::::currentCharacter):
404         (JSC::::setCode):
405         (JSC::::internalShift):
406         (JSC::::shift):
407         (JSC::::peek):
408         (JSC::::getUnicodeCharacter):
409         (JSC::::shiftLineTerminator):
410         (JSC::::lastTokenWasRestrKeyword):
411         (JSC::::record8):
412         (JSC::::append8):
413         (JSC::::append16):
414         (JSC::::record16):
415         (JSC::::parseIdentifier):
416         (JSC::::parseIdentifierSlowCase):
417         (JSC::::parseString):
418         (JSC::::parseStringSlowCase):
419         (JSC::::parseHex):
420         (JSC::::parseOctal):
421         (JSC::::parseDecimal):
422         (JSC::::parseNumberAfterDecimalPoint):
423         (JSC::::parseNumberAfterExponentIndicator):
424         (JSC::::parseMultilineComment):
425         (JSC::::nextTokenIsColon):
426         (JSC::::lex):
427         (JSC::::scanRegExp):
428         (JSC::::skipRegExp):
429         (JSC::::clear):
430         (JSC::::sourceCode):
431         * parser/Lexer.h:
432         (JSC::Lexer::append16):
433         (JSC::Lexer::currentOffset):
434         (JSC::Lexer::setOffsetFromCharOffset):
435         (JSC::::isWhiteSpace):
436         (JSC::::isLineTerminator):
437         (JSC::::convertHex):
438         (JSC::::convertUnicode):
439         (JSC::::makeIdentifier):
440         (JSC::::setCodeStart):
441         (JSC::::makeIdentifierLCharFromUChar):
442         (JSC::::lexExpectIdentifier):
443         * parser/Parser.cpp:
444         (JSC::Parser::Parser):
445         (JSC::Parser::parseProperty):
446         (JSC::Parser::parseMemberExpression):
447         * parser/Parser.h:
448         (JSC::Parser::next):
449         (JSC::Parser::nextExpectIdentifier):
450         * parser/ParserArena.h:
451         (JSC::IdentifierArena::makeIdentifier):
452         (JSC::IdentifierArena::makeIdentifierLCharFromUChar):
453         * parser/SourceCode.h:
454         (JSC::SourceCode::subExpression):
455         * parser/SourceProvider.h:
456         (JSC::UStringSourceProvider::stringData):
457         * parser/SourceProviderCache.h:
458         * parser/SyntaxChecker.h:
459         * runtime/FunctionPrototype.cpp:
460         (JSC::insertSemicolonIfNeeded):
461         * runtime/Identifier.cpp:
462         (JSC::IdentifierTable::add):
463         (JSC::IdentifierLCharFromUCharTranslator::hash):
464         (JSC::IdentifierLCharFromUCharTranslator::equal):
465         (JSC::IdentifierLCharFromUCharTranslator::translate):
466         (JSC::Identifier::add8):
467         * runtime/Identifier.h:
468         (JSC::Identifier::Identifier):
469         (JSC::Identifier::createLCharFromUChar):
470         (JSC::Identifier::canUseSingleCharacterString):
471         (JSC::IdentifierCharBufferTranslator::hash):
472         (JSC::IdentifierCharBufferTranslator::equal):
473         (JSC::IdentifierCharBufferTranslator::translate):
474         (JSC::Identifier::add):
475         (JSC::Identifier::equal):
476         (JSC::IdentifierTable::add):
477         * runtime/JSGlobalObjectFunctions.cpp:
478         (JSC::decode):
479         (JSC::parseIntOverflow):
480         (JSC::globalFuncUnescape):
481         * runtime/JSGlobalObjectFunctions.h:
482         (JSC::parseIntOverflow):
483         * runtime/LiteralParser.cpp:
484         (JSC::LiteralParser::tryJSONPParse):
485         (JSC::LiteralParser::Lexer::lexString):
486         * wtf/text/StringImpl.h:
487
488 2011-11-07  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
489
490         [Qt] Put the jsc binary in 'bin' instead of leaving it deep in the build tree
491
492         Allows us to not package up the whole Source/JavaScriptCore directory for the
493         buildbots.
494
495         Reviewed-by Simon Hausmann.
496
497         * jsc.pro:
498
499 2011-11-06  Filip Pizlo  <fpizlo@apple.com>
500
501         REGRESSION(r99374): GTK+ build of the jsc binary doesn't like the call
502         to initializeMainThread, and crashes
503         https://bugs.webkit.org/show_bug.cgi?id=71643
504
505         Reviewed by Sam Weinig.
506
507         * jsc.cpp:
508         (main):
509
510 2011-11-06  Sam Weinig  <sam@webkit.org>
511
512         Add space missing from some class declarations
513         https://bugs.webkit.org/show_bug.cgi?id=71632
514
515         Reviewed by Anders Carlsson.
516
517         * assembler/AssemblerBufferWithConstantPool.h:
518         * bytecode/CodeBlock.h:
519         * dfg/DFGVariableAccessData.h:
520         * heap/VTableSpectrum.h:
521         * jit/ExecutableAllocator.cpp:
522         * jit/ExecutableAllocatorFixedVMPool.cpp:
523         * wtf/MetaAllocatorHandle.h:
524         * wtf/UnionFind.h:
525
526 2011-11-06  Sam Weinig  <sam@webkit.org>
527
528         Allow use of FINAL in JavaScriptCore
529         https://bugs.webkit.org/show_bug.cgi?id=71630
530
531         Reviewed by Anders Carlsson.
532
533         * Configurations/Base.xcconfig:
534         Don't warn about C++11 extensions used in C++98 mode.
535
536 2011-11-05  Filip Pizlo  <fpizlo@apple.com>
537
538         Value profiling should just use two buckets
539         https://bugs.webkit.org/show_bug.cgi?id=71619
540
541         Reviewed by Gavin Barraclough.
542         
543         Added one more configuration options (like Heuristics::minimumOptimizationDelay),
544         improved debugging in JIT optimization support, changed the number of buckets
545         in the value profile from 9 to 2, and wrote a more optimal value profiling path
546         in the old JIT to take advantage of this. It's still possible to play around with
547         larger numbers of buckets, and we should probably keep this for a little while
548         until we convince ourselves that using just two buckets is the right call.
549
550         * bytecode/CodeBlock.cpp:
551         (JSC::CodeBlock::shouldOptimizeNow):
552         * bytecode/ValueProfile.h:
553         * jit/JITInlineMethods.h:
554         (JSC::JIT::emitValueProfilingSite):
555         * jit/JITStubs.cpp:
556         (JSC::DEFINE_STUB_FUNCTION):
557         * runtime/Heuristics.cpp:
558         (JSC::Heuristics::initializeHeuristics):
559         * runtime/Heuristics.h:
560
561 2011-11-03  Filip Pizlo  <fpizlo@apple.com>
562
563         JSC should be able to sample itself in a more flexible way than just sampling flags
564         https://bugs.webkit.org/show_bug.cgi?id=71522
565
566         Reviewed by Gavin Barraclough.
567         
568         Added a construct that looks like SamplingRegion samplingRegion("name").
569
570         * JavaScriptCore.exp:
571         * JavaScriptCore.xcodeproj/project.pbxproj:
572         * bytecode/SamplingTool.cpp:
573         (JSC::SamplingRegion::Locker::Locker):
574         (JSC::SamplingRegion::Locker::~Locker):
575         (JSC::SamplingRegion::sample):
576         (JSC::SamplingRegion::dump):
577         (JSC::SamplingRegion::dumpInternal):
578         (JSC::SamplingThread::threadStartFunc):
579         * bytecode/SamplingTool.h:
580         (JSC::SamplingRegion::SamplingRegion):
581         (JSC::SamplingRegion::~SamplingRegion):
582         (JSC::SamplingRegion::exchangeCurrent):
583         * bytecompiler/BytecodeGenerator.cpp:
584         (JSC::BytecodeGenerator::generate):
585         * dfg/DFGDriver.cpp:
586         (JSC::DFG::compile):
587         * heap/Heap.cpp:
588         (JSC::Heap::markRoots):
589         (JSC::Heap::collect):
590         * heap/VTableSpectrum.cpp:
591         (JSC::VTableSpectrum::countVPtr):
592         (JSC::VTableSpectrum::dump):
593         * heap/VTableSpectrum.h:
594         * jsc.cpp:
595         (main):
596         (runWithScripts):
597         * parser/Parser.h:
598         (JSC::parse):
599         * runtime/Executable.cpp:
600         (JSC::EvalExecutable::compileInternal):
601         (JSC::ProgramExecutable::compileInternal):
602         (JSC::FunctionExecutable::compileForCallInternal):
603         (JSC::FunctionExecutable::compileForConstructInternal):
604         * wtf/Atomics.h:
605         (WTF::weakCompareAndSwap):
606         * wtf/Platform.h:
607         * wtf/Spectrum.h: Added.
608         (WTF::Spectrum::Spectrum):
609         (WTF::Spectrum::add):
610         (WTF::Spectrum::get):
611         (WTF::Spectrum::begin):
612         (WTF::Spectrum::end):
613         (WTF::Spectrum::KeyAndCount::KeyAndCount):
614         (WTF::Spectrum::KeyAndCount::operator<):
615         (WTF::Spectrum::buildList):
616         * wtf/wtf.pri:
617
618 2011-11-05  Sam Weinig  <sam@webkit.org>
619
620         Fix windows build.
621
622         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
623
624 2011-11-04  Sam Weinig  <sam@webkit.org>
625
626         Reduce the number of putWithAttributes
627         https://bugs.webkit.org/show_bug.cgi?id=71597
628
629         Reviewed by Adam Roben.
630
631         * JavaScriptCore.exp:
632         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
633         Remove exports of removed functions.
634
635         * runtime/JSActivation.cpp:
636         (JSC::JSActivation::putWithAttributes):
637         Calling the overload without the extra parameters does the same thing.
638
639         * runtime/JSObject.cpp:
640         (JSC::JSObject::putWithAttributes):
641         * runtime/JSObject.h:
642         Remove four unused JSObject::putWithAttributes overloads and make one of the remaining
643         two overloads not virtual, since no one overrides it.
644
645 2011-11-04  Pratik Solanki  <psolanki@apple.com>
646
647         sqrtDouble and andnotDouble should be declared noreturn
648         https://bugs.webkit.org/show_bug.cgi?id=71592
649
650         Reviewed by Sam Weinig.
651
652         * assembler/MacroAssemblerARMv7.h:
653
654 2011-11-04  Mark Hahnenberg  <mhahnenberg@apple.com>
655
656         De-virtualize JSObject::hasInstance
657         https://bugs.webkit.org/show_bug.cgi?id=71430
658
659         Reviewed by Darin Adler.
660
661         Added hasInstance to the MethodTable, changed all the virtual 
662         implementations of hasInstance to static ones, and replaced 
663         all call sites with corresponding lookups in the MethodTable.
664
665         * API/JSCallbackObject.h:
666         * API/JSCallbackObjectFunctions.h:
667         (JSC::::hasInstance):
668         * API/JSValueRef.cpp:
669         (JSValueIsInstanceOfConstructor):
670         * JavaScriptCore.exp:
671         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
672         * interpreter/Interpreter.cpp:
673         (JSC::Interpreter::privateExecute):
674         * jit/JITStubs.cpp:
675         (JSC::DEFINE_STUB_FUNCTION):
676         * runtime/ClassInfo.h:
677         * runtime/JSBoundFunction.cpp:
678         (JSC::JSBoundFunction::hasInstance):
679         * runtime/JSBoundFunction.h:
680         * runtime/JSCell.cpp:
681         (JSC::JSCell::hasInstance):
682         * runtime/JSCell.h:
683         * runtime/JSObject.cpp:
684         (JSC::JSObject::hasInstance):
685         * runtime/JSObject.h:
686
687 2011-11-04  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
688
689         [Qt] Refactor and clean up the qmake build system
690
691         The qmake build system has accumulated a bit of cruft and redundancy
692         over time. There's also a fairly tight coupling between how to build
693         the various targets, and _what_ to build, making it harder to add new
694         rules or sources. This patch aims to elevate these issues somewhat.
695
696         This is a short-list of the changes:
697
698           * The rules for how to build targets are now mostly contained as
699             prf-files in Tools/qmake/mkspecs/features. Using mkspecs also
700             allows us to do pre- and post-processing of each project file,
701             which helps to clean up the actual project files.
702
703           * Derived sources are no longer generated as a separate make-step
704             but is part of each target's project file as a subdir. Makefile
705             rules are used to ensure that we run make on the derived sources
706             before running qmake on the actual target makefile. This makes
707             it easier to keep a proper dependency between derived sources
708             and the target.
709
710           * We use GNU make and the compiler to generate dependencies on
711             UNIX-based systems running Qt 5. This allows us to lessen the
712             need to run qmake, which should reduce compile time.
713
714           * WebKit2 is now build by default if building with Qt 5. It can
715             be disabled by passing --no-webkit2 to build-webkit.
716
717         The result of these changes are hopefully a cleaner and easier
718         build system to modify, and faster build times due to no longer
719         running qmake on every single build. It's also a first step
720         towards possibly generating the list of sources using another
721         build system.
722
723         https://bugs.webkit.org/show_bug.cgi?id=71222
724
725         Reviewed by Simon Hausmann.
726
727         * DerivedSources.pri: Added.
728         * DerivedSources.pro: Removed.
729         * JavaScriptCore.pro:
730         * Target.pri: Copied from Source/JavaScriptCore/JavaScriptCore.pro.
731         * headers.pri: Removed.
732         * jsc.pro:
733         * wtf/wtf.pri:
734         * yarr/yarr.pri:
735
736 2011-11-04  Yuqiang Xian  <yuqiang.xian@intel.com>
737
738         More code clean-up in DFG 32_64
739         https://bugs.webkit.org/show_bug.cgi?id=71540
740
741         Remove unnecessary code duplications, and fix compilation warnings.
742
743         Reviewed by Gavin Barraclough.
744
745         * dfg/DFGJITCompiler.cpp:
746         (JSC::DFG::JITCompiler::emitCount):
747         (JSC::DFG::JITCompiler::setSamplingFlag):
748         (JSC::DFG::JITCompiler::clearSamplingFlag):
749         (JSC::DFG::JITCompiler::jitAssertIsCell):
750         * dfg/DFGJITCompiler32_64.cpp:
751         * dfg/DFGSpeculativeJIT32_64.cpp:
752         (JSC::DFG::SpeculativeJIT::compile):
753
754 2011-11-04  Csaba Osztrogonác  <ossy@webkit.org>
755
756         De-virtualize JSObject::hasInstance
757         https://bugs.webkit.org/show_bug.cgi?id=71430
758
759         Unreviewed rolling out r99238, because it made a test crash on all platform.
760
761         * API/JSCallbackObject.h:
762         * API/JSCallbackObjectFunctions.h:
763         (JSC::::hasInstance):
764         * API/JSValueRef.cpp:
765         (JSValueIsInstanceOfConstructor):
766         * JavaScriptCore.exp:
767         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
768         * interpreter/Interpreter.cpp:
769         (JSC::Interpreter::privateExecute):
770         * jit/JITStubs.cpp:
771         (JSC::DEFINE_STUB_FUNCTION):
772         * runtime/ClassInfo.h:
773         * runtime/JSBoundFunction.cpp:
774         (JSC::JSBoundFunction::hasInstance):
775         * runtime/JSBoundFunction.h:
776         * runtime/JSCell.cpp:
777         * runtime/JSCell.h:
778         * runtime/JSObject.cpp:
779         (JSC::JSObject::hasInstance):
780         * runtime/JSObject.h:
781
782 2011-11-03  Mark Hahnenberg  <mhahnenberg@apple.com>
783
784         De-virtualize JSObject::getPropertyNames
785         https://bugs.webkit.org/show_bug.cgi?id=71306
786
787         Reviewed by Darin Adler.
788
789         Added getPropertyNames to the MethodTable, changed all the virtual 
790         implementations of getPropertyNames to static ones, and replaced 
791         all call sites with corresponding lookups in the MethodTable.
792
793         * API/JSObjectRef.cpp:
794         (JSObjectCopyPropertyNames):
795         * JavaScriptCore.exp:
796         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
797         * debugger/DebuggerActivation.cpp:
798         (JSC::DebuggerActivation::getOwnPropertyNames):
799         * runtime/ClassInfo.h:
800         * runtime/JSCell.cpp:
801         (JSC::JSCell::getPropertyNames):
802         * runtime/JSCell.h:
803         * runtime/JSObject.cpp:
804         (JSC::JSObject::getPropertyNames):
805         (JSC::JSObject::getOwnPropertyNames):
806         * runtime/JSObject.h:
807         * runtime/JSPropertyNameIterator.cpp:
808         (JSC::JSPropertyNameIterator::create):
809         * runtime/ScopeChain.cpp:
810         (JSC::ScopeChainNode::print):
811         * runtime/Structure.cpp:
812         (JSC::Structure::getPropertyNamesFromStructure):
813         * runtime/Structure.h:
814
815 2011-11-03  Darin Adler  <darin@apple.com>
816
817         Change remaining callers of releaseRef to call leakRef
818         https://bugs.webkit.org/show_bug.cgi?id=71422
819
820         * wtf/text/AtomicString.cpp:
821         (WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef.
822
823 2011-11-02  Darin Adler  <darin@apple.com>
824
825         Change remaining callers of releaseRef to call leakRef
826         https://bugs.webkit.org/show_bug.cgi?id=71422
827
828         * wtf/text/AtomicString.cpp:
829         (WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef.
830
831 2011-11-03  Mark Hahnenberg  <mhahnenberg@apple.com>
832
833         De-virtualize JSObject::hasInstance
834         https://bugs.webkit.org/show_bug.cgi?id=71430
835
836         Reviewed by Darin Adler.
837
838         Added hasInstance to the MethodTable, changed all the virtual 
839         implementations of hasInstance to static ones, and replaced 
840         all call sites with corresponding lookups in the MethodTable.
841
842         * API/JSCallbackObject.h:
843         * API/JSCallbackObjectFunctions.h:
844         (JSC::::hasInstance):
845         * API/JSValueRef.cpp:
846         (JSValueIsInstanceOfConstructor):
847         * JavaScriptCore.exp:
848         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
849         * interpreter/Interpreter.cpp:
850         (JSC::Interpreter::privateExecute):
851         * jit/JITStubs.cpp:
852         (JSC::DEFINE_STUB_FUNCTION):
853         * runtime/ClassInfo.h:
854         * runtime/JSBoundFunction.cpp:
855         (JSC::JSBoundFunction::hasInstance):
856         * runtime/JSBoundFunction.h:
857         * runtime/JSCell.cpp:
858         (JSC::JSCell::hasInstance):
859         * runtime/JSCell.h:
860         * runtime/JSObject.cpp:
861         (JSC::JSObject::hasInstance):
862         * runtime/JSObject.h:
863
864 2011-11-03  Filip Pizlo  <fpizlo@apple.com>
865
866         JIT-specific code should be able to refer to register types even on JIT-disabled builds
867         https://bugs.webkit.org/show_bug.cgi?id=71498
868
869         Reviewed by Gavin Barraclough.
870
871         * assembler/MacroAssembler.h:
872         (MacroAssembler::MacroAssembler):
873
874 2011-11-03  Mark Hahnenberg  <mhahnenberg@apple.com>
875
876         De-virtualize JSObject::className
877         https://bugs.webkit.org/show_bug.cgi?id=71428
878
879         Reviewed by Sam Weinig.
880
881         Added className to the MethodTable, changed all the virtual 
882         implementations of className to static ones, and replaced 
883         all call sites with corresponding lookups in the MethodTable.
884
885         * API/JSCallbackObject.h:
886         * API/JSCallbackObjectFunctions.h:
887         (JSC::::className):
888         * JavaScriptCore.exp:
889         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
890         * debugger/DebuggerActivation.cpp:
891         (JSC::DebuggerActivation::className):
892         * debugger/DebuggerActivation.h:
893         * jsc.cpp:
894         (GlobalObject::createStructure):
895         * profiler/Profiler.cpp:
896         (JSC::Profiler::createCallIdentifier):
897         * runtime/ClassInfo.h:
898         * runtime/JSCell.cpp:
899         (JSC::JSCell::className):
900         * runtime/JSCell.h:
901         * runtime/JSObject.cpp:
902         (JSC::JSObject::className):
903         * runtime/JSObject.h:
904         * runtime/ObjectPrototype.cpp:
905         (JSC::objectProtoFuncToString):
906         * testRegExp.cpp:
907         (GlobalObject::createStructure):
908
909 2011-11-02  Jer Noble  <jer.noble@apple.com>
910
911         Add Clock class and platform-specific implementations.
912         https://bugs.webkit.org/show_bug.cgi?id=71341
913
914         Reviewed by Sam Weinig.
915
916         Add WTF_USE_COREAUDIO macro for use by PlatformClockCA.
917
918         * wtf/Platform.h:
919
920 2011-11-03  Pavel Feldman  <pfeldman@chromium.org>
921
922         Not reviewed: fixing win build. step2.
923
924         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
925
926 2011-11-03  Pavel Feldman  <pfeldman@chromium.org>
927
928         Not reviewed: fix windows build, step1
929
930         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
931
932 2011-11-03  Pavel Feldman  <pfeldman@google.com>
933
934         Web Inspector: preserve script location for inline handlers.
935         https://bugs.webkit.org/show_bug.cgi?id=71367
936
937         Makes SourceCode factories receive TextPosition instead of the line number;
938         Stores consistent position values in SourceCode and SourceProvider;
939
940         Reviewed by Yury Semikhatsky.
941
942         * API/JSBase.cpp:
943         (JSEvaluateScript):
944         (JSCheckScriptSyntax):
945         * API/JSObjectRef.cpp:
946         (JSObjectMakeFunction):
947         * parser/SourceCode.h:
948         (JSC::makeSource):
949         * parser/SourceProvider.h:
950         (JSC::SourceProvider::SourceProvider):
951         (JSC::SourceProvider::startPosition):
952         (JSC::UStringSourceProvider::create):
953         (JSC::UStringSourceProvider::UStringSourceProvider):
954         * runtime/FunctionConstructor.cpp:
955         (JSC::constructFunction):
956         (JSC::constructFunctionSkippingEvalEnabledCheck):
957         * runtime/FunctionConstructor.h:
958
959 2011-11-03  Kentaro Hara  <haraken@chromium.org>
960
961         Fixed wrong implementation of doubleValue % 2^{64}.
962         https://bugs.webkit.org/show_bug.cgi?id=67980
963
964         Reviewed by Hajime Morita.
965
966         fast/events/constructors/progress-event-constructor.html was failing
967         because of the wrong implementation of conversion from an ECMAScript value
968         to an IDL unsigned long long value (Spec: http://www.w3.org/TR/WebIDL/#es-unsigned-long-long).
969         In particular, the calculation of doubleValue % 2^{64} was wrong.
970         This patch implemented it correctly in doubleToInteger() in wtf/MathExtras.h.
971
972         * wtf/MathExtras.h:
973         (doubleToInteger): Implemented the spec correctly.
974
975 2011-11-03  Sheriff Bot  <webkit.review.bot@gmail.com>
976
977         Unreviewed, rolling out r99089.
978         http://trac.webkit.org/changeset/99089
979         https://bugs.webkit.org/show_bug.cgi?id=71448
980
981         @plt postfix for math functions cause crash on Linux 32 (the
982         symbol is defined but it points to NULL) (Requested by
983         zherczeg on #webkit).
984
985         * dfg/DFGOperations.cpp:
986         * jit/JITStubs.cpp:
987         * jit/ThunkGenerators.cpp:
988
989 2011-11-02  Filip Pizlo  <fpizlo@apple.com>
990
991         DFG inlining breaks function.arguments[something] if the argument being
992         retrieved was subjected to DFG's unboxing optimizations
993         https://bugs.webkit.org/show_bug.cgi?id=71436
994
995         Reviewed by Oliver Hunt.
996         
997         This makes inlined arguments retrieval use some of the same machinery as
998         OSR to determine where from, and how, to retrieve a value that the DFG
999         might have somehow squirreled away while the old JIT would put it in its
1000         obvious location, using an obvious format.
1001         
1002         To that end, previously DFG-internal notions such as DataFormat,
1003         VirtualRegister, and ValueRecovery are now in bytecode/ since they are
1004         stored as part of InlineCallFrames.
1005
1006         * bytecode/CodeOrigin.h:
1007         * dfg/DFGAbstractState.cpp:
1008         (JSC::DFG::AbstractState::execute):
1009         * dfg/DFGByteCodeParser.cpp:
1010         (JSC::DFG::ByteCodeParser::handleInlining):
1011         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1012         * dfg/DFGJITCompiler.cpp:
1013         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1014         * dfg/DFGJITCompiler32_64.cpp:
1015         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1016         * dfg/DFGNode.h:
1017         * dfg/DFGPropagator.cpp:
1018         (JSC::DFG::Propagator::propagateNodePredictions):
1019         * dfg/DFGSpeculativeJIT.cpp:
1020         (JSC::DFG::SpeculativeJIT::compile):
1021         * dfg/DFGSpeculativeJIT64.cpp:
1022         (JSC::DFG::SpeculativeJIT::compile):
1023         * interpreter/CallFrame.cpp:
1024         (JSC::CallFrame::trueCallerFrame):
1025         * interpreter/CallFrame.h:
1026         (JSC::ExecState::inlineCallFrame):
1027         * interpreter/Register.h:
1028         (JSC::Register::asInlineCallFrame):
1029         (JSC::Register::unboxedInt32):
1030         (JSC::Register::unboxedBoolean):
1031         (JSC::Register::unboxedCell):
1032         * runtime/Arguments.h:
1033         (JSC::Arguments::finishCreationAndCopyRegisters):
1034
1035 2011-11-02  Filip Pizlo  <fpizlo@apple.com>
1036
1037         ValueRecovery should be moved out of the DFG JIT
1038         https://bugs.webkit.org/show_bug.cgi?id=71439
1039
1040         Reviewed by Oliver Hunt.
1041
1042         * JavaScriptCore.xcodeproj/project.pbxproj:
1043         * bytecode/DataFormat.h: Added.
1044         (JSC::dataFormatToString):
1045         (JSC::needDataFormatConversion):
1046         (JSC::isJSFormat):
1047         (JSC::isJSInteger):
1048         (JSC::isJSDouble):
1049         (JSC::isJSCell):
1050         (JSC::isJSBoolean):
1051         * bytecode/ValueRecovery.h: Added.
1052         (JSC::ValueRecovery::ValueRecovery):
1053         (JSC::ValueRecovery::alreadyInRegisterFile):
1054         (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedInt32):
1055         (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedCell):
1056         (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
1057         (JSC::ValueRecovery::inGPR):
1058         (JSC::ValueRecovery::inPair):
1059         (JSC::ValueRecovery::inFPR):
1060         (JSC::ValueRecovery::displacedInRegisterFile):
1061         (JSC::ValueRecovery::constant):
1062         (JSC::ValueRecovery::technique):
1063         (JSC::ValueRecovery::isInRegisters):
1064         (JSC::ValueRecovery::gpr):
1065         (JSC::ValueRecovery::tagGPR):
1066         (JSC::ValueRecovery::payloadGPR):
1067         (JSC::ValueRecovery::fpr):
1068         (JSC::ValueRecovery::virtualRegister):
1069         (JSC::ValueRecovery::dump):
1070         * bytecode/VirtualRegister.h: Added.
1071         * dfg/DFGGenerationInfo.h:
1072         (JSC::DFG::GenerationInfo::isJSFormat):
1073         * dfg/DFGSpeculativeJIT.cpp:
1074         (JSC::DFG::ValueSource::dump):
1075         * dfg/DFGSpeculativeJIT.h:
1076         * dfg/DFGVariableAccessData.h:
1077
1078 2011-11-02  Sam Weinig  <sam@webkit.org>
1079
1080         Object.getOwnPropertyDescriptor() does not retrieve the getter/setter from a property on the window that has been overridden with a getter/setter
1081         https://bugs.webkit.org/show_bug.cgi?id=71333
1082
1083         Reviewed by Gavin Barraclough.
1084
1085         Tested by fast/dom/getter-on-window-object2.html
1086
1087         * runtime/PropertyDescriptor.cpp:
1088         (JSC::PropertyDescriptor::setDescriptor):
1089         The attributes returned from Structure::get do not include Getter or Setter, so
1090         instead check if the value is a GetterSetter like we do elsewhere. If it is, update
1091         the descriptor's attributes accordingly.
1092
1093 2011-11-02  Yuqiang Xian  <yuqiang.xian@intel.com>
1094
1095         FunctionPtr should accept FASTCALL functions on X86
1096         https://bugs.webkit.org/show_bug.cgi?id=71434
1097
1098         Reviewed by Filip Pizlo.
1099
1100         On X86 we sometimes use FASTCALL convention functions, for example the
1101         cti functions, and we may need the pointers to such functions, e.g.,
1102         in current DFG register file check and arity check, though long term
1103         we may avoid such usage of cti calls in DFG.
1104
1105         * assembler/MacroAssemblerCodeRef.h:
1106         (JSC::FunctionPtr::FunctionPtr):
1107
1108 2011-11-02  Filip Pizlo  <fpizlo@apple.com>
1109
1110         Inlined uses of the global object should use the right global object
1111         https://bugs.webkit.org/show_bug.cgi?id=71427
1112
1113         Reviewed by Oliver Hunt.
1114
1115         * dfg/DFGJITCompiler.h:
1116         (JSC::DFG::JITCompiler::globalObjectFor):
1117         * dfg/DFGSpeculativeJIT64.cpp:
1118         (JSC::DFG::SpeculativeJIT::compile):
1119
1120 2011-11-02  Yuqiang Xian  <yuqiang.xian@intel.com>
1121
1122         Remove some unnecessary loads/stores in DFG JIT 32_64
1123         https://bugs.webkit.org/show_bug.cgi?id=71090
1124
1125         Reviewed by Filip Pizlo.
1126
1127         In fillSpeculateCell and OSR exit, some unnecessary loads/stores can
1128         be eliminated.
1129
1130         * dfg/DFGJITCompiler32_64.cpp:
1131         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1132         * dfg/DFGSpeculativeJIT32_64.cpp:
1133         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1134
1135 2011-11-02  Adam Klein  <adamk@chromium.org>
1136
1137         Replace usage of StringImpl with String where possible in CharacterData and Text
1138         https://bugs.webkit.org/show_bug.cgi?id=71383
1139
1140         Reviewed by Darin Adler.
1141
1142         * wtf/text/WTFString.h:
1143         (WTF::String::containsOnlyWhitespace): Added new method.
1144
1145 2011-11-02  Mark Hahnenberg  <mhahnenberg@apple.com>
1146
1147         De-virtualize JSObject::getOwnPropertyNames
1148         https://bugs.webkit.org/show_bug.cgi?id=71307
1149
1150         Reviewed by Darin Adler.
1151
1152         Added getOwnPropertyNames to the MethodTable, changed all the virtual 
1153         implementations of getOwnPropertyNames to static ones, and replaced 
1154         all call sites with corresponding lookups in the MethodTable.
1155
1156         * API/JSCallbackObject.h:
1157         * API/JSCallbackObjectFunctions.h:
1158         (JSC::::getOwnPropertyNames):
1159         * JavaScriptCore.exp:
1160         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1161         * debugger/DebuggerActivation.cpp:
1162         (JSC::DebuggerActivation::getOwnPropertyNames):
1163         * debugger/DebuggerActivation.h:
1164         * runtime/Arguments.cpp:
1165         (JSC::Arguments::getOwnPropertyNames):
1166         * runtime/Arguments.h:
1167         * runtime/ClassInfo.h:
1168         * runtime/JSActivation.cpp:
1169         (JSC::JSActivation::getOwnPropertyNames):
1170         * runtime/JSActivation.h:
1171         * runtime/JSArray.cpp:
1172         (JSC::JSArray::getOwnPropertyNames):
1173         * runtime/JSArray.h:
1174         * runtime/JSByteArray.cpp:
1175         (JSC::JSByteArray::getOwnPropertyNames):
1176         * runtime/JSByteArray.h:
1177         * runtime/JSCell.cpp:
1178         (JSC::JSCell::getOwnPropertyNames):
1179         * runtime/JSCell.h:
1180         * runtime/JSFunction.cpp:
1181         (JSC::JSFunction::getOwnPropertyNames):
1182         * runtime/JSFunction.h:
1183         * runtime/JSNotAnObject.cpp:
1184         (JSC::JSNotAnObject::getOwnPropertyNames):
1185         * runtime/JSNotAnObject.h:
1186         * runtime/JSONObject.cpp:
1187         (JSC::Stringifier::Holder::appendNextProperty):
1188         (JSC::Walker::walk):
1189         * runtime/JSObject.cpp:
1190         (JSC::JSObject::getPropertyNames):
1191         (JSC::JSObject::getOwnPropertyNames):
1192         * runtime/JSObject.h:
1193         * runtime/JSVariableObject.cpp:
1194         (JSC::JSVariableObject::~JSVariableObject):
1195         (JSC::JSVariableObject::getOwnPropertyNames):
1196         * runtime/JSVariableObject.h:
1197         * runtime/ObjectConstructor.cpp:
1198         (JSC::objectConstructorGetOwnPropertyNames):
1199         (JSC::objectConstructorKeys):
1200         (JSC::defineProperties):
1201         * runtime/RegExpMatchesArray.h:
1202         (JSC::RegExpMatchesArray::getOwnPropertyNames):
1203         * runtime/StringObject.cpp:
1204         (JSC::StringObject::getOwnPropertyNames):
1205         * runtime/StringObject.h:
1206         * runtime/Structure.h:
1207
1208 2011-11-02  Dean Jackson  <dino@apple.com>
1209
1210         Add ENABLE_CSS_SHADERS flag
1211         https://bugs.webkit.org/show_bug.cgi?id=71394
1212
1213         Reviewed by Sam Weinig.
1214
1215         * Configurations/FeatureDefines.xcconfig:
1216
1217 2011-11-02  Alexey Shabalin  <a.shabalin@gmail.com>
1218
1219         TEXTREL in libjavascriptcoregtk-1.0.so.0.11.0 on x86 (or i586)
1220         https://bugs.webkit.org/show_bug.cgi?id=70610
1221
1222         Reviewed by Martin Robinson.
1223
1224         Properly annotate ASM on BSD and Linux x86 systems.
1225
1226         * dfg/DFGOperations.cpp: Add annotation for X86.
1227         * jit/JITStubs.cpp: Ditto.
1228         * jit/ThunkGenerators.cpp: Ditto.
1229
1230 2011-11-02  Xianzhu Wang  <wangxianzhu@chromium.org>
1231
1232         Missing Force8BitConstructor in 8-bit version of StringImpl::reallocate()
1233         https://bugs.webkit.org/show_bug.cgi?id=71347
1234
1235         Reviewed by Geoffrey Garen.
1236
1237         * wtf/text/StringImpl.cpp:
1238         (WTF::StringImpl::reallocate):
1239
1240 2011-11-01  Darin Adler  <darin@apple.com>
1241
1242         Cut down on malloc/free a bit in the parser arena
1243         https://bugs.webkit.org/show_bug.cgi?id=71343
1244
1245         Reviewed by Oliver Hunt.
1246
1247         * parser/ParserArena.cpp:
1248         (JSC::ParserArena::deallocateObjects): Call the destructors of
1249         the deletable objects before freeing the pools. Don't call
1250         fastFree on the deletable objects any more.
1251
1252         * parser/ParserArena.h:
1253         (JSC::ParserArena::allocateDeletable): Use allocateFreeable
1254         instead of fastMalloc here.
1255
1256 2011-11-01  Sam Weinig  <sam@webkit.org>
1257
1258         Implement __lookupGetter__/__lookupSetter__ in terms of getPropertyDescriptor
1259         https://bugs.webkit.org/show_bug.cgi?id=71336
1260
1261         Reviewed by Darin Adler.
1262
1263         * debugger/DebuggerActivation.cpp:
1264         * debugger/DebuggerActivation.h:
1265         Remove overrides of lookupGetter/lookupSetter, which are no longer needed
1266         due to implementing getPropertyDescriptor.
1267
1268         * runtime/JSObject.cpp:
1269         (JSC::JSObject::lookupGetter):
1270         (JSC::JSObject::lookupSetter):
1271         * runtime/JSObject.h:
1272         De-virtualize lookupGetter/lookupSetter, and implement them in terms of
1273         getPropertyDescriptor.
1274
1275 2011-11-01  Mark Hahnenberg  <mhahnenberg@apple.com>
1276
1277         De-virtualize JSObject::defineSetter
1278         https://bugs.webkit.org/show_bug.cgi?id=71303
1279
1280         Reviewed by Darin Adler.
1281
1282         Added defineSetter to the MethodTable, changed all the virtual 
1283         implementations of defineSetter to static ones, and replaced 
1284         all call sites with corresponding lookups in the MethodTable.
1285
1286         * JavaScriptCore.exp:
1287         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1288         * debugger/DebuggerActivation.cpp:
1289         (JSC::DebuggerActivation::defineSetter):
1290         * debugger/DebuggerActivation.h:
1291         * interpreter/Interpreter.cpp:
1292         (JSC::Interpreter::privateExecute):
1293         * jit/JITStubs.cpp:
1294         (JSC::DEFINE_STUB_FUNCTION):
1295         * runtime/ClassInfo.h:
1296         * runtime/JSCell.cpp:
1297         (JSC::JSCell::defineSetter):
1298         * runtime/JSCell.h:
1299         * runtime/JSGlobalObject.cpp:
1300         (JSC::JSGlobalObject::defineSetter):
1301         * runtime/JSGlobalObject.h:
1302         * runtime/JSObject.cpp:
1303         (JSC::JSObject::defineSetter):
1304         (JSC::putDescriptor):
1305         * runtime/JSObject.h:
1306         * runtime/ObjectPrototype.cpp:
1307         (JSC::objectProtoFuncDefineSetter):
1308
1309 2011-11-01  Filip Pizlo  <fpizlo@apple.com>
1310
1311         DFG inlining breaks function.arguments
1312         https://bugs.webkit.org/show_bug.cgi?id=71329
1313
1314         Reviewed by Oliver Hunt.
1315         
1316         The DFG was forgetting to store code origin mappings for inlined
1317         call sites. Some of the fast-path optimizations for
1318         CallFrame::trueCallerFrame() were wrong. An assertion in Arguments
1319         was wrong.
1320         
1321         I also took the opportunity to decrease code duplication between
1322         DFG64 and DFG32_64, because I didn't feel like writing the same
1323         code twice.
1324
1325         * bytecode/CodeBlock.h:
1326         (JSC::ExecState::isInlineCallFrame):
1327         * dfg/DFGJITCompiler.cpp:
1328         (JSC::DFG::JITCompiler::compileEntry):
1329         (JSC::DFG::JITCompiler::compileBody):
1330         (JSC::DFG::JITCompiler::link):
1331         (JSC::DFG::JITCompiler::compile):
1332         (JSC::DFG::JITCompiler::compileFunction):
1333         * dfg/DFGJITCompiler32_64.cpp:
1334         * dfg/DFGNode.h:
1335         * interpreter/CallFrame.cpp:
1336         (JSC::CallFrame::trueCallerFrame):
1337         * interpreter/CallFrame.h:
1338         * runtime/Arguments.h:
1339         (JSC::Arguments::getArgumentsData):
1340
1341 2011-11-01  Xianzhu Wang  <wangxianzhu@chromium.org>
1342
1343         StringImpl::reallocate() should have a 8-bit version
1344         https://bugs.webkit.org/show_bug.cgi?id=71210
1345
1346         Reviewed by Geoffrey Garen.
1347
1348         * wtf/text/StringImpl.cpp:
1349         (WTF::StringImpl::reallocate):
1350         * wtf/text/StringImpl.h:
1351
1352 2011-10-31  Filip Pizlo  <fpizlo@apple.com>
1353
1354         The GC should be parallel
1355         https://bugs.webkit.org/show_bug.cgi?id=70995
1356
1357         Reviewed by Geoff Garen.
1358         
1359         Added parallel tracing to the GC. This works by having local mark
1360         stacks per thread, and a global shared one. Threads sometimes
1361         donate cells from the mark stack to the global one if the heuristics
1362         tell them that it's affordable to do so. Threads that have depleted
1363         their local mark stacks try to steal some from the shared one.
1364
1365         Marking is now done using an atomic weak relaxed CAS (compare-and-swap).
1366         
1367         This is a 23% speed-up on V8-splay when I use 4 marking threads,
1368         leading to a 3.5% speed-up on V8.
1369         
1370         It also appears that this reduces GC pause times on real websites by
1371         more than half.
1372
1373         * JavaScriptCore.exp:
1374         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1375         * heap/Heap.cpp:
1376         (JSC::Heap::Heap):
1377         (JSC::Heap::~Heap):
1378         (JSC::Heap::markRoots):
1379         * heap/Heap.h:
1380         * heap/MarkStack.cpp:
1381         (JSC::MarkStackSegmentAllocator::MarkStackSegmentAllocator):
1382         (JSC::MarkStackSegmentAllocator::~MarkStackSegmentAllocator):
1383         (JSC::MarkStackSegmentAllocator::allocate):
1384         (JSC::MarkStackSegmentAllocator::release):
1385         (JSC::MarkStackSegmentAllocator::shrinkReserve):
1386         (JSC::MarkStackArray::MarkStackArray):
1387         (JSC::MarkStackArray::~MarkStackArray):
1388         (JSC::MarkStackArray::expand):
1389         (JSC::MarkStackArray::refill):
1390         (JSC::MarkStackArray::donateSomeCellsTo):
1391         (JSC::MarkStackArray::stealSomeCellsFrom):
1392         (JSC::MarkStackThreadSharedData::markingThreadMain):
1393         (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
1394         (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
1395         (JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData):
1396         (JSC::MarkStackThreadSharedData::reset):
1397         (JSC::MarkStack::reset):
1398         (JSC::SlotVisitor::donateSlow):
1399         (JSC::SlotVisitor::drain):
1400         (JSC::SlotVisitor::drainFromShared):
1401         (JSC::MarkStack::mergeOpaqueRoots):
1402         (JSC::SlotVisitor::harvestWeakReferences):
1403         * heap/MarkStack.h:
1404         (JSC::MarkStackSegment::data):
1405         (JSC::MarkStackSegment::capacityFromSize):
1406         (JSC::MarkStackSegment::sizeFromCapacity):
1407         (JSC::MarkStackArray::postIncTop):
1408         (JSC::MarkStackArray::preDecTop):
1409         (JSC::MarkStackArray::setTopForFullSegment):
1410         (JSC::MarkStackArray::setTopForEmptySegment):
1411         (JSC::MarkStackArray::top):
1412         (JSC::MarkStackArray::validatePrevious):
1413         (JSC::MarkStack::addWeakReferenceHarvester):
1414         (JSC::MarkStack::mergeOpaqueRootsIfNecessary):
1415         (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
1416         (JSC::MarkStack::MarkStack):
1417         (JSC::MarkStack::addOpaqueRoot):
1418         (JSC::MarkStack::containsOpaqueRoot):
1419         (JSC::MarkStack::opaqueRootCount):
1420         (JSC::MarkStackArray::append):
1421         (JSC::MarkStackArray::canRemoveLast):
1422         (JSC::MarkStackArray::removeLast):
1423         (JSC::MarkStackArray::isEmpty):
1424         (JSC::MarkStackArray::canDonateSomeCells):
1425         (JSC::MarkStackArray::size):
1426         (JSC::ParallelModeEnabler::ParallelModeEnabler):
1427         (JSC::ParallelModeEnabler::~ParallelModeEnabler):
1428         * heap/MarkedBlock.h:
1429         (JSC::MarkedBlock::testAndSetMarked):
1430         * heap/SlotVisitor.h:
1431         (JSC::SlotVisitor::donate):
1432         (JSC::SlotVisitor::donateAndDrain):
1433         (JSC::SlotVisitor::donateKnownParallel):
1434         (JSC::SlotVisitor::SlotVisitor):
1435         * heap/WeakReferenceHarvester.h:
1436         * runtime/Heuristics.cpp:
1437         (JSC::Heuristics::initializeHeuristics):
1438         * runtime/Heuristics.h:
1439         * wtf/Atomics.h:
1440         (WTF::weakCompareAndSwap):
1441         * wtf/Bitmap.h:
1442         (WTF::::Bitmap):
1443         (WTF::::get):
1444         (WTF::::set):
1445         (WTF::::testAndSet):
1446         (WTF::::testAndClear):
1447         (WTF::::concurrentTestAndSet):
1448         (WTF::::concurrentTestAndClear):
1449         (WTF::::clear):
1450         (WTF::::clearAll):
1451         (WTF::::nextPossiblyUnset):
1452         (WTF::::findRunOfZeros):
1453         (WTF::::count):
1454         (WTF::::isEmpty):
1455         (WTF::::isFull):
1456         * wtf/MainThread.h:
1457         (WTF::isMainThreadOrGCThread):
1458         * wtf/Platform.h:
1459         * wtf/ThreadSpecific.h:
1460         (WTF::::isSet):
1461         * wtf/mac/MainThreadMac.mm:
1462         (WTF::initializeGCThreads):
1463         (WTF::initializeMainThreadPlatform):
1464         (WTF::initializeMainThreadToProcessMainThreadPlatform):
1465         (WTF::registerGCThread):
1466         (WTF::isMainThreadOrGCThread):
1467
1468 2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
1469
1470         De-virtualize JSObject::defaultValue
1471         https://bugs.webkit.org/show_bug.cgi?id=71146
1472
1473         Reviewed by Sam Weinig.
1474
1475         Added defaultValue to the MethodTable.  Replaced all virtual versions of 
1476         defaultValue with static versions.  Replaced all call sites with lookups in the 
1477         MethodTable.
1478
1479         * JavaScriptCore.exp:
1480         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1481         * runtime/ClassInfo.h:
1482         * runtime/ExceptionHelpers.cpp:
1483         (JSC::InterruptedExecutionError::defaultValue):
1484         (JSC::TerminatedExecutionError::defaultValue):
1485         * runtime/ExceptionHelpers.h:
1486         * runtime/JSCell.cpp:
1487         (JSC::JSCell::defaultValue):
1488         * runtime/JSCell.h:
1489         * runtime/JSNotAnObject.cpp:
1490         (JSC::JSNotAnObject::defaultValue):
1491         * runtime/JSNotAnObject.h:
1492         * runtime/JSObject.cpp:
1493         (JSC::JSObject::getPrimitiveNumber):
1494         (JSC::JSObject::defaultValue):
1495         * runtime/JSObject.h:
1496         (JSC::JSObject::toPrimitive):
1497
1498 2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
1499
1500         Interpreter build fix
1501
1502         Unreviewed build fix
1503
1504         * interpreter/Interpreter.cpp:
1505         (JSC::Interpreter::privateExecute):
1506         * runtime/Executable.cpp:
1507         (JSC::FunctionExecutable::compileForCallInternal):
1508         (JSC::FunctionExecutable::compileForConstructInternal):
1509
1510 2011-10-31  Filip Pizlo  <fpizlo@apple.com>
1511
1512         DFG OSR exits should add to value profiles
1513         https://bugs.webkit.org/show_bug.cgi?id=71202
1514
1515         Reviewed by Oliver Hunt.
1516         
1517         Value profiles now have an extra special slot not used by the old JIT's
1518         profiling, which is reserved for OSR exits.
1519         
1520         The DFG's OSR exit code now knows which register, node index, and value
1521         profiling site was responsible for the (possibly flawed) information that
1522         led to the OSR failure. This is somewhat opportunistic and imperfect;
1523         if there's a lot of control flow between the value profiling site and the
1524         OSR failure point, then this mechanism simply gives up. It also gives up
1525         if the OSR failure is caused by either known deficiencies in the DFG
1526         (like that we always assume that the index in a strict charCodeAt access
1527         is within bounds) or where the OSR failure would be catalogues and
1528         profiled through other means (like slow case counters).
1529         
1530         This patch also adds the notion of a JSValueRegs, which is either a
1531         single register in JSVALUE64 or a pair in JSVALUE32_64. We should
1532         probably move the 32_64 DFG towards using this, since it often makes it
1533         easier to share code between 64 and 32_64.
1534         
1535         Also fixed a number of pathologies that this uncovered. op_method_check 
1536         didn't have a value profiling site on the slow path. GetById should not
1537         always force OSR exit if it never executed in the old JIT; we may be
1538         able to infer its type if it's a array or string length get. Finally,
1539         these changes benefit from a slight tweak to optimization delay
1540         heuristics (profile fullness is now 0.35 instead of 0.25).
1541         
1542         3.8% speed-up on Kraken, mostly due to ~35% on both stanford-crypto-aes
1543         and imaging-darkroom.
1544
1545         * bytecode/ValueProfile.cpp:
1546         (JSC::ValueProfile::computeStatistics):
1547         (JSC::ValueProfile::computeUpdatedPrediction):
1548         * bytecode/ValueProfile.h:
1549         (JSC::ValueProfile::ValueProfile):
1550         (JSC::ValueProfile::specFailBucket):
1551         (JSC::ValueProfile::numberOfSamples):
1552         (JSC::ValueProfile::isLive):
1553         (JSC::ValueProfile::numberOfInt32s):
1554         (JSC::ValueProfile::numberOfDoubles):
1555         (JSC::ValueProfile::numberOfCells):
1556         (JSC::ValueProfile::numberOfObjects):
1557         (JSC::ValueProfile::numberOfFinalObjects):
1558         (JSC::ValueProfile::numberOfStrings):
1559         (JSC::ValueProfile::numberOfArrays):
1560         (JSC::ValueProfile::numberOfBooleans):
1561         (JSC::ValueProfile::dump):
1562         * dfg/DFGAbstractState.cpp:
1563         (JSC::DFG::AbstractState::execute):
1564         * dfg/DFGByteCodeParser.cpp:
1565         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
1566         (JSC::DFG::ByteCodeParser::getPrediction):
1567         (JSC::DFG::ByteCodeParser::parseBlock):
1568         * dfg/DFGGPRInfo.h:
1569         (JSC::DFG::JSValueRegs::JSValueRegs):
1570         (JSC::DFG::JSValueRegs::operator!):
1571         (JSC::DFG::JSValueRegs::gpr):
1572         (JSC::DFG::JSValueSource::JSValueSource):
1573         (JSC::DFG::JSValueSource::unboxedCell):
1574         (JSC::DFG::JSValueSource::operator!):
1575         (JSC::DFG::JSValueSource::isAddress):
1576         (JSC::DFG::JSValueSource::offset):
1577         (JSC::DFG::JSValueSource::base):
1578         (JSC::DFG::JSValueSource::gpr):
1579         (JSC::DFG::JSValueSource::asAddress):
1580         (JSC::DFG::JSValueSource::notAddress):
1581         (JSC::DFG::JSValueRegs::tagGPR):
1582         (JSC::DFG::JSValueRegs::payloadGPR):
1583         (JSC::DFG::JSValueSource::tagGPR):
1584         (JSC::DFG::JSValueSource::payloadGPR):
1585         (JSC::DFG::JSValueSource::hasKnownTag):
1586         (JSC::DFG::JSValueSource::tag):
1587         * dfg/DFGGenerationInfo.h:
1588         (JSC::DFG::GenerationInfo::jsValueRegs):
1589         * dfg/DFGGraph.h:
1590         (JSC::DFG::Graph::valueProfileFor):
1591         * dfg/DFGJITCodeGenerator.h:
1592         (JSC::JSValueOperand::jsValueRegs):
1593         * dfg/DFGJITCompiler.cpp:
1594         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1595         * dfg/DFGJITCompiler.h:
1596         (JSC::DFG::JITCompiler::valueProfileFor):
1597         * dfg/DFGJITCompiler32_64.cpp:
1598         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1599         * dfg/DFGPropagator.cpp:
1600         (JSC::DFG::Propagator::propagateNodePredictions):
1601         * dfg/DFGSpeculativeJIT.cpp:
1602         (JSC::DFG::OSRExit::OSRExit):
1603         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
1604         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
1605         (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
1606         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
1607         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
1608         (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
1609         * dfg/DFGSpeculativeJIT.h:
1610         (JSC::DFG::SpeculativeJIT::speculationCheck):
1611         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
1612         * dfg/DFGSpeculativeJIT32_64.cpp:
1613         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1614         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1615         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1616         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1617         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
1618         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1619         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1620         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1621         (JSC::DFG::SpeculativeJIT::compile):
1622         * dfg/DFGSpeculativeJIT64.cpp:
1623         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1624         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1625         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1626         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1627         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
1628         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1629         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1630         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1631         (JSC::DFG::SpeculativeJIT::emitBranch):
1632         (JSC::DFG::SpeculativeJIT::compile):
1633         * jit/JITPropertyAccess.cpp:
1634         (JSC::JIT::emitSlow_op_method_check):
1635         * jit/JITPropertyAccess32_64.cpp:
1636         (JSC::JIT::emitSlow_op_method_check):
1637         * runtime/Heuristics.cpp:
1638         (JSC::Heuristics::initializeHeuristics):
1639         * runtime/JSValue.h:
1640
1641 2011-10-31  Sam Weinig  <sam@webkit.org>
1642
1643         Remove need for virtual JSObject::unwrappedObject
1644         https://bugs.webkit.org/show_bug.cgi?id=71034
1645
1646         Reviewed by Geoffrey Garen.
1647
1648         * JavaScriptCore.exp:
1649         Update exports.
1650
1651         * CMakeLists.txt:
1652         * GNUmakefile.list.am:
1653         * JavaScriptCore.exp:
1654         * JavaScriptCore.gypi:
1655         * JavaScriptCore.pro:
1656         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1657         * JavaScriptCore.xcodeproj/project.pbxproj:
1658         Add JSGlobalThis.cpp.
1659
1660         * runtime/JSGlobalThis.cpp: Added.
1661         (JSC::JSGlobalThis::visitChildren):
1662         (JSC::JSGlobalThis::unwrappedObject):
1663         * runtime/JSGlobalThis.h:
1664         (JSC::JSGlobalThis::createStructure):
1665         Move underlying object from JSDOMWindowShell down to JSGlobalThis
1666         and corresponding visitChildren method.
1667
1668         * runtime/JSObject.cpp:
1669         (JSC::JSObject::unwrappedObject):
1670         Change unwrappedObject from virtual, to just needing an if check.
1671
1672         * runtime/JSObject.h:
1673         (JSC::JSObject::isGlobalThis):
1674         * runtime/JSType.h:
1675         Add isGlobalThis predicate and type.
1676
1677 2011-10-31  Xianzhu Wang  <wangxianzhu@chromium.org>
1678
1679         WTF::StringImpl::create(const char*, unsigned) calls itself
1680         https://bugs.webkit.org/show_bug.cgi?id=71206
1681
1682         The original implementation just calls itself, causing infinite recursion.
1683         Cast the first parameter to const LChar* to fix that.
1684
1685         Reviewed by Ryosuke Niwa.
1686
1687         * wtf/text/StringImpl.h:
1688         (WTF::StringImpl::create):
1689
1690 2011-10-31  Andy Wingo  <wingo@igalia.com>
1691
1692         Fix DFG JIT compilation on Linux targets.
1693         https://bugs.webkit.org/show_bug.cgi?id=70904
1694
1695         Reviewed by Darin Adler.
1696
1697         * jit/JITStubs.cpp (SYMBOL_STRING_RELOCATION): Simplify this
1698         macro.
1699
1700         * dfg/DFGOperations.cpp (SYMBOL_STRING_RELOCATION): Copy the
1701         simplified definition from jit/JITStubs.cpp.
1702         (FUNCTION_WRAPPER_WITH_RETURN_ADDRESS, getHostCallReturnValue):
1703         Use the macro to access trampoline targets through the PLT on PIC
1704         systems, instead of introducing a text relocation.  Otherwise, the
1705         library fails to link.
1706
1707 2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
1708
1709         De-virtualize JSObject::defineGetter
1710         https://bugs.webkit.org/show_bug.cgi?id=71134
1711
1712         Reviewed by Darin Adler.
1713
1714         Added defineGetter to the MethodTable.  Replaced all virtual versions of defineGetter
1715         with static versions.  Replaced all call sites with lookups in the MethodTable.
1716
1717         * JavaScriptCore.exp:
1718         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1719         * debugger/DebuggerActivation.cpp:
1720         (JSC::DebuggerActivation::defineGetter):
1721         * debugger/DebuggerActivation.h:
1722         * interpreter/Interpreter.cpp:
1723         (JSC::Interpreter::privateExecute):
1724         * jit/JITStubs.cpp:
1725         (JSC::DEFINE_STUB_FUNCTION):
1726         * runtime/ClassInfo.h:
1727         * runtime/JSCell.cpp:
1728         (JSC::JSCell::defineGetter):
1729         * runtime/JSCell.h:
1730         * runtime/JSGlobalObject.cpp:
1731         (JSC::JSGlobalObject::defineGetter):
1732         * runtime/JSGlobalObject.h:
1733         * runtime/JSObject.cpp:
1734         (JSC::JSObject::defineGetter):
1735         (JSC::putDescriptor):
1736         * runtime/JSObject.h:
1737         * runtime/ObjectPrototype.cpp:
1738         (JSC::objectProtoFuncDefineGetter):
1739
1740 2011-10-31  Michael Saboff  <msaboff@apple.com>
1741
1742         Towards 8-bit Strings: Move Lexer and Parser Objects out of JSGlobalData
1743         https://bugs.webkit.org/show_bug.cgi?id=71138
1744
1745         Restructure and movement of Lexer and Parser code.
1746         Moved Lexer and Parser objects out of JSGlobalData.
1747         Added a new ParserTokens class and instance to JSGlobalData that
1748         have JavaScript token related definitions.
1749         Replaced JSGlobalData arguments to Node classes with lineNumber,
1750         as that was the only use of the JSGlobalData.
1751         Combined JSParser and Parser classes into one class,
1752         eliminating JSParser.h and .cpp.
1753         Various supporting #include changes.
1754
1755         These mostly mechanical changes are done in preparation to
1756         making the Lexer and Parser template classes.
1757
1758         Reviewed by Darin Adler.
1759
1760         * CMakeLists.txt:
1761         * GNUmakefile.list.am:
1762         * JavaScriptCore.gypi:
1763         * JavaScriptCore.pro:
1764         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1765         * JavaScriptCore.xcodeproj/project.pbxproj:
1766         * bytecompiler/NodesCodegen.cpp:
1767         (JSC::ArrayNode::toArgumentList):
1768         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1769         * parser/ASTBuilder.h:
1770         (JSC::ASTBuilder::ASTBuilder):
1771         (JSC::ASTBuilder::createSourceElements):
1772         (JSC::ASTBuilder::createCommaExpr):
1773         (JSC::ASTBuilder::createLogicalNot):
1774         (JSC::ASTBuilder::createUnaryPlus):
1775         (JSC::ASTBuilder::createVoid):
1776         (JSC::ASTBuilder::thisExpr):
1777         (JSC::ASTBuilder::createResolve):
1778         (JSC::ASTBuilder::createObjectLiteral):
1779         (JSC::ASTBuilder::createArray):
1780         (JSC::ASTBuilder::createNumberExpr):
1781         (JSC::ASTBuilder::createString):
1782         (JSC::ASTBuilder::createBoolean):
1783         (JSC::ASTBuilder::createNull):
1784         (JSC::ASTBuilder::createBracketAccess):
1785         (JSC::ASTBuilder::createDotAccess):
1786         (JSC::ASTBuilder::createRegExp):
1787         (JSC::ASTBuilder::createNewExpr):
1788         (JSC::ASTBuilder::createConditionalExpr):
1789         (JSC::ASTBuilder::createAssignResolve):
1790         (JSC::ASTBuilder::createFunctionExpr):
1791         (JSC::ASTBuilder::createFunctionBody):
1792         (JSC::ASTBuilder::createGetterOrSetterProperty):
1793         (JSC::ASTBuilder::createArguments):
1794         (JSC::ASTBuilder::createArgumentsList):
1795         (JSC::ASTBuilder::createPropertyList):
1796         (JSC::ASTBuilder::createElementList):
1797         (JSC::ASTBuilder::createFormalParameterList):
1798         (JSC::ASTBuilder::createClause):
1799         (JSC::ASTBuilder::createClauseList):
1800         (JSC::ASTBuilder::createFuncDeclStatement):
1801         (JSC::ASTBuilder::createBlockStatement):
1802         (JSC::ASTBuilder::createExprStatement):
1803         (JSC::ASTBuilder::createIfStatement):
1804         (JSC::ASTBuilder::createForLoop):
1805         (JSC::ASTBuilder::createForInLoop):
1806         (JSC::ASTBuilder::createEmptyStatement):
1807         (JSC::ASTBuilder::createVarStatement):
1808         (JSC::ASTBuilder::createReturnStatement):
1809         (JSC::ASTBuilder::createBreakStatement):
1810         (JSC::ASTBuilder::createContinueStatement):
1811         (JSC::ASTBuilder::createTryStatement):
1812         (JSC::ASTBuilder::createSwitchStatement):
1813         (JSC::ASTBuilder::createWhileStatement):
1814         (JSC::ASTBuilder::createDoWhileStatement):
1815         (JSC::ASTBuilder::createLabelStatement):
1816         (JSC::ASTBuilder::createWithStatement):
1817         (JSC::ASTBuilder::createThrowStatement):
1818         (JSC::ASTBuilder::createDebugger):
1819         (JSC::ASTBuilder::createConstStatement):
1820         (JSC::ASTBuilder::appendConstDecl):
1821         (JSC::ASTBuilder::combineCommaNodes):
1822         (JSC::ASTBuilder::appendBinaryOperation):
1823         (JSC::ASTBuilder::createAssignment):
1824         (JSC::ASTBuilder::createNumber):
1825         (JSC::ASTBuilder::makeTypeOfNode):
1826         (JSC::ASTBuilder::makeDeleteNode):
1827         (JSC::ASTBuilder::makeNegateNode):
1828         (JSC::ASTBuilder::makeBitwiseNotNode):
1829         (JSC::ASTBuilder::makeMultNode):
1830         (JSC::ASTBuilder::makeDivNode):
1831         (JSC::ASTBuilder::makeModNode):
1832         (JSC::ASTBuilder::makeAddNode):
1833         (JSC::ASTBuilder::makeSubNode):
1834         (JSC::ASTBuilder::makeLeftShiftNode):
1835         (JSC::ASTBuilder::makeRightShiftNode):
1836         (JSC::ASTBuilder::makeURightShiftNode):
1837         (JSC::ASTBuilder::makeBitOrNode):
1838         (JSC::ASTBuilder::makeBitAndNode):
1839         (JSC::ASTBuilder::makeBitXOrNode):
1840         (JSC::ASTBuilder::makeFunctionCallNode):
1841         (JSC::ASTBuilder::makeBinaryNode):
1842         (JSC::ASTBuilder::makeAssignNode):
1843         (JSC::ASTBuilder::makePrefixNode):
1844         (JSC::ASTBuilder::makePostfixNode):
1845         * parser/JSParser.cpp: Removed.
1846         * parser/JSParser.h: Removed.
1847         * parser/Lexer.cpp:
1848         (JSC::Keywords::Keywords):
1849         (JSC::Lexer::Lexer):
1850         (JSC::Lexer::~Lexer):
1851         (JSC::Lexer::setCode):
1852         (JSC::Lexer::parseIdentifier):
1853         * parser/Lexer.h:
1854         (JSC::Keywords::isKeyword):
1855         (JSC::Keywords::getKeyword):
1856         (JSC::Keywords::~Keywords):
1857         (JSC::Lexer::setIsReparsing):
1858         (JSC::Lexer::isReparsing):
1859         (JSC::Lexer::lineNumber):
1860         (JSC::Lexer::setLastLineNumber):
1861         (JSC::Lexer::lastLineNumber):
1862         (JSC::Lexer::prevTerminator):
1863         (JSC::Lexer::sawError):
1864         (JSC::Lexer::getErrorMessage):
1865         (JSC::Lexer::currentOffset):
1866         (JSC::Lexer::setOffset):
1867         (JSC::Lexer::setLineNumber):
1868         (JSC::Lexer::sourceProvider):
1869         (JSC::Lexer::isWhiteSpace):
1870         (JSC::Lexer::isLineTerminator):
1871         (JSC::Lexer::convertHex):
1872         (JSC::Lexer::convertUnicode):
1873         (JSC::Lexer::makeIdentifier):
1874         (JSC::Lexer::lexExpectIdentifier):
1875         * parser/NodeConstructors.h:
1876         (JSC::ParserArenaFreeable::operator new):
1877         (JSC::ParserArenaDeletable::operator new):
1878         (JSC::ParserArenaRefCounted::ParserArenaRefCounted):
1879         (JSC::Node::Node):
1880         (JSC::ExpressionNode::ExpressionNode):
1881         (JSC::StatementNode::StatementNode):
1882         (JSC::NullNode::NullNode):
1883         (JSC::BooleanNode::BooleanNode):
1884         (JSC::NumberNode::NumberNode):
1885         (JSC::StringNode::StringNode):
1886         (JSC::RegExpNode::RegExpNode):
1887         (JSC::ThisNode::ThisNode):
1888         (JSC::ResolveNode::ResolveNode):
1889         (JSC::ElementNode::ElementNode):
1890         (JSC::ArrayNode::ArrayNode):
1891         (JSC::PropertyNode::PropertyNode):
1892         (JSC::PropertyListNode::PropertyListNode):
1893         (JSC::ObjectLiteralNode::ObjectLiteralNode):
1894         (JSC::BracketAccessorNode::BracketAccessorNode):
1895         (JSC::DotAccessorNode::DotAccessorNode):
1896         (JSC::ArgumentListNode::ArgumentListNode):
1897         (JSC::ArgumentsNode::ArgumentsNode):
1898         (JSC::NewExprNode::NewExprNode):
1899         (JSC::EvalFunctionCallNode::EvalFunctionCallNode):
1900         (JSC::FunctionCallValueNode::FunctionCallValueNode):
1901         (JSC::FunctionCallResolveNode::FunctionCallResolveNode):
1902         (JSC::FunctionCallBracketNode::FunctionCallBracketNode):
1903         (JSC::FunctionCallDotNode::FunctionCallDotNode):
1904         (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
1905         (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
1906         (JSC::PrePostResolveNode::PrePostResolveNode):
1907         (JSC::PostfixResolveNode::PostfixResolveNode):
1908         (JSC::PostfixBracketNode::PostfixBracketNode):
1909         (JSC::PostfixDotNode::PostfixDotNode):
1910         (JSC::PostfixErrorNode::PostfixErrorNode):
1911         (JSC::DeleteResolveNode::DeleteResolveNode):
1912         (JSC::DeleteBracketNode::DeleteBracketNode):
1913         (JSC::DeleteDotNode::DeleteDotNode):
1914         (JSC::DeleteValueNode::DeleteValueNode):
1915         (JSC::VoidNode::VoidNode):
1916         (JSC::TypeOfResolveNode::TypeOfResolveNode):
1917         (JSC::TypeOfValueNode::TypeOfValueNode):
1918         (JSC::PrefixResolveNode::PrefixResolveNode):
1919         (JSC::PrefixBracketNode::PrefixBracketNode):
1920         (JSC::PrefixDotNode::PrefixDotNode):
1921         (JSC::PrefixErrorNode::PrefixErrorNode):
1922         (JSC::UnaryOpNode::UnaryOpNode):
1923         (JSC::UnaryPlusNode::UnaryPlusNode):
1924         (JSC::NegateNode::NegateNode):
1925         (JSC::BitwiseNotNode::BitwiseNotNode):
1926         (JSC::LogicalNotNode::LogicalNotNode):
1927         (JSC::BinaryOpNode::BinaryOpNode):
1928         (JSC::MultNode::MultNode):
1929         (JSC::DivNode::DivNode):
1930         (JSC::ModNode::ModNode):
1931         (JSC::AddNode::AddNode):
1932         (JSC::SubNode::SubNode):
1933         (JSC::LeftShiftNode::LeftShiftNode):
1934         (JSC::RightShiftNode::RightShiftNode):
1935         (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
1936         (JSC::LessNode::LessNode):
1937         (JSC::GreaterNode::GreaterNode):
1938         (JSC::LessEqNode::LessEqNode):
1939         (JSC::GreaterEqNode::GreaterEqNode):
1940         (JSC::ThrowableBinaryOpNode::ThrowableBinaryOpNode):
1941         (JSC::InstanceOfNode::InstanceOfNode):
1942         (JSC::InNode::InNode):
1943         (JSC::EqualNode::EqualNode):
1944         (JSC::NotEqualNode::NotEqualNode):
1945         (JSC::StrictEqualNode::StrictEqualNode):
1946         (JSC::NotStrictEqualNode::NotStrictEqualNode):
1947         (JSC::BitAndNode::BitAndNode):
1948         (JSC::BitOrNode::BitOrNode):
1949         (JSC::BitXOrNode::BitXOrNode):
1950         (JSC::LogicalOpNode::LogicalOpNode):
1951         (JSC::ConditionalNode::ConditionalNode):
1952         (JSC::ReadModifyResolveNode::ReadModifyResolveNode):
1953         (JSC::AssignResolveNode::AssignResolveNode):
1954         (JSC::ReadModifyBracketNode::ReadModifyBracketNode):
1955         (JSC::AssignBracketNode::AssignBracketNode):
1956         (JSC::AssignDotNode::AssignDotNode):
1957         (JSC::ReadModifyDotNode::ReadModifyDotNode):
1958         (JSC::AssignErrorNode::AssignErrorNode):
1959         (JSC::CommaNode::CommaNode):
1960         (JSC::ConstStatementNode::ConstStatementNode):
1961         (JSC::SourceElements::SourceElements):
1962         (JSC::EmptyStatementNode::EmptyStatementNode):
1963         (JSC::DebuggerStatementNode::DebuggerStatementNode):
1964         (JSC::ExprStatementNode::ExprStatementNode):
1965         (JSC::VarStatementNode::VarStatementNode):
1966         (JSC::IfNode::IfNode):
1967         (JSC::IfElseNode::IfElseNode):
1968         (JSC::DoWhileNode::DoWhileNode):
1969         (JSC::WhileNode::WhileNode):
1970         (JSC::ForNode::ForNode):
1971         (JSC::ContinueNode::ContinueNode):
1972         (JSC::BreakNode::BreakNode):
1973         (JSC::ReturnNode::ReturnNode):
1974         (JSC::WithNode::WithNode):
1975         (JSC::LabelNode::LabelNode):
1976         (JSC::ThrowNode::ThrowNode):
1977         (JSC::TryNode::TryNode):
1978         (JSC::ParameterNode::ParameterNode):
1979         (JSC::FuncExprNode::FuncExprNode):
1980         (JSC::FuncDeclNode::FuncDeclNode):
1981         (JSC::CaseClauseNode::CaseClauseNode):
1982         (JSC::ClauseListNode::ClauseListNode):
1983         (JSC::CaseBlockNode::CaseBlockNode):
1984         (JSC::SwitchNode::SwitchNode):
1985         (JSC::ConstDeclNode::ConstDeclNode):
1986         (JSC::BlockNode::BlockNode):
1987         (JSC::ForInNode::ForInNode):
1988         * parser/NodeInfo.h:
1989         * parser/Nodes.cpp:
1990         (JSC::StatementNode::setLoc):
1991         (JSC::ScopeNode::ScopeNode):
1992         (JSC::ProgramNode::ProgramNode):
1993         (JSC::ProgramNode::create):
1994         (JSC::EvalNode::EvalNode):
1995         (JSC::EvalNode::create):
1996         (JSC::FunctionBodyNode::FunctionBodyNode):
1997         (JSC::FunctionBodyNode::create):
1998         * parser/Nodes.h:
1999         (JSC::Node::lineNo):
2000         * parser/Parser.cpp:
2001         (JSC::Parser::Parser):
2002         (JSC::Parser::~Parser):
2003         (JSC::Parser::parseInner):
2004         (JSC::Parser::allowAutomaticSemicolon):
2005         (JSC::Parser::parseSourceElements):
2006         (JSC::Parser::parseVarDeclaration):
2007         (JSC::Parser::parseConstDeclaration):
2008         (JSC::Parser::parseDoWhileStatement):
2009         (JSC::Parser::parseWhileStatement):
2010         (JSC::Parser::parseVarDeclarationList):
2011         (JSC::Parser::parseConstDeclarationList):
2012         (JSC::Parser::parseForStatement):
2013         (JSC::Parser::parseBreakStatement):
2014         (JSC::Parser::parseContinueStatement):
2015         (JSC::Parser::parseReturnStatement):
2016         (JSC::Parser::parseThrowStatement):
2017         (JSC::Parser::parseWithStatement):
2018         (JSC::Parser::parseSwitchStatement):
2019         (JSC::Parser::parseSwitchClauses):
2020         (JSC::Parser::parseSwitchDefaultClause):
2021         (JSC::Parser::parseTryStatement):
2022         (JSC::Parser::parseDebuggerStatement):
2023         (JSC::Parser::parseBlockStatement):
2024         (JSC::Parser::parseStatement):
2025         (JSC::Parser::parseFormalParameters):
2026         (JSC::Parser::parseFunctionBody):
2027         (JSC::Parser::parseFunctionInfo):
2028         (JSC::Parser::parseFunctionDeclaration):
2029         (JSC::LabelInfo::LabelInfo):
2030         (JSC::Parser::parseExpressionOrLabelStatement):
2031         (JSC::Parser::parseExpressionStatement):
2032         (JSC::Parser::parseIfStatement):
2033         (JSC::Parser::parseExpression):
2034         (JSC::Parser::parseAssignmentExpression):
2035         (JSC::Parser::parseConditionalExpression):
2036         (JSC::isUnaryOp):
2037         (JSC::Parser::isBinaryOperator):
2038         (JSC::Parser::parseBinaryExpression):
2039         (JSC::Parser::parseProperty):
2040         (JSC::Parser::parseObjectLiteral):
2041         (JSC::Parser::parseStrictObjectLiteral):
2042         (JSC::Parser::parseArrayLiteral):
2043         (JSC::Parser::parsePrimaryExpression):
2044         (JSC::Parser::parseArguments):
2045         (JSC::Parser::parseMemberExpression):
2046         (JSC::Parser::parseUnaryExpression):
2047         * parser/Parser.h:
2048         (JSC::isEvalNode):
2049         (JSC::EvalNode):
2050         (JSC::DepthManager::DepthManager):
2051         (JSC::DepthManager::~DepthManager):
2052         (JSC::ScopeLabelInfo::ScopeLabelInfo):
2053         (JSC::Scope::Scope):
2054         (JSC::Scope::startSwitch):
2055         (JSC::Scope::endSwitch):
2056         (JSC::Scope::startLoop):
2057         (JSC::Scope::endLoop):
2058         (JSC::Scope::inLoop):
2059         (JSC::Scope::breakIsValid):
2060         (JSC::Scope::continueIsValid):
2061         (JSC::Scope::pushLabel):
2062         (JSC::Scope::popLabel):
2063         (JSC::Scope::getLabel):
2064         (JSC::Scope::setIsFunction):
2065         (JSC::Scope::isFunction):
2066         (JSC::Scope::isFunctionBoundary):
2067         (JSC::Scope::declareVariable):
2068         (JSC::Scope::declareWrite):
2069         (JSC::Scope::preventNewDecls):
2070         (JSC::Scope::allowsNewDecls):
2071         (JSC::Scope::declareParameter):
2072         (JSC::Scope::useVariable):
2073         (JSC::Scope::setNeedsFullActivation):
2074         (JSC::Scope::collectFreeVariables):
2075         (JSC::Scope::getUncapturedWrittenVariables):
2076         (JSC::Scope::getCapturedVariables):
2077         (JSC::Scope::setStrictMode):
2078         (JSC::Scope::strictMode):
2079         (JSC::Scope::isValidStrictMode):
2080         (JSC::Scope::shadowsArguments):
2081         (JSC::Scope::copyCapturedVariablesToVector):
2082         (JSC::Scope::saveFunctionInfo):
2083         (JSC::Scope::restoreFunctionInfo):
2084         (JSC::ScopeRef::ScopeRef):
2085         (JSC::ScopeRef::operator->):
2086         (JSC::ScopeRef::index):
2087         (JSC::ScopeRef::hasContainingScope):
2088         (JSC::ScopeRef::containingScope):
2089         (JSC::Parser::AllowInOverride::AllowInOverride):
2090         (JSC::Parser::AllowInOverride::~AllowInOverride):
2091         (JSC::Parser::AutoPopScopeRef::AutoPopScopeRef):
2092         (JSC::Parser::AutoPopScopeRef::~AutoPopScopeRef):
2093         (JSC::Parser::AutoPopScopeRef::setPopped):
2094         (JSC::Parser::currentScope):
2095         (JSC::Parser::pushScope):
2096         (JSC::Parser::popScopeInternal):
2097         (JSC::Parser::popScope):
2098         (JSC::Parser::declareVariable):
2099         (JSC::Parser::declareWrite):
2100         (JSC::Parser::findCachedFunctionInfo):
2101         (JSC::Parser::isFunctionBodyNode):
2102         (JSC::Parser::next):
2103         (JSC::Parser::nextExpectIdentifier):
2104         (JSC::Parser::nextTokenIsColon):
2105         (JSC::Parser::consume):
2106         (JSC::Parser::getToken):
2107         (JSC::Parser::match):
2108         (JSC::Parser::tokenStart):
2109         (JSC::Parser::tokenLine):
2110         (JSC::Parser::tokenEnd):
2111         (JSC::Parser::getTokenName):
2112         (JSC::Parser::updateErrorMessageSpecialCase):
2113         (JSC::Parser::updateErrorMessage):
2114         (JSC::Parser::updateErrorWithNameAndMessage):
2115         (JSC::Parser::startLoop):
2116         (JSC::Parser::endLoop):
2117         (JSC::Parser::startSwitch):
2118         (JSC::Parser::endSwitch):
2119         (JSC::Parser::setStrictMode):
2120         (JSC::Parser::strictMode):
2121         (JSC::Parser::isValidStrictMode):
2122         (JSC::Parser::declareParameter):
2123         (JSC::Parser::breakIsValid):
2124         (JSC::Parser::continueIsValid):
2125         (JSC::Parser::pushLabel):
2126         (JSC::Parser::popLabel):
2127         (JSC::Parser::getLabel):
2128         (JSC::Parser::autoSemiColon):
2129         (JSC::Parser::canRecurse):
2130         (JSC::Parser::lastTokenEnd):
2131         (JSC::Parser::DepthManager::DepthManager):
2132         (JSC::Parser::DepthManager::~DepthManager):
2133         (JSC::Parser::parse):
2134         (JSC::parse):
2135         * parser/ParserTokens.h: Added.
2136         (JSC::JSTokenInfo::JSTokenInfo):
2137         * parser/SourceCode.h:
2138         (JSC::SourceCode::subExpression):
2139         * parser/SourceProviderCacheItem.h:
2140         * parser/SyntaxChecker.h:
2141         (JSC::SyntaxChecker::SyntaxChecker):
2142         (JSC::SyntaxChecker::makeFunctionCallNode):
2143         (JSC::SyntaxChecker::createCommaExpr):
2144         (JSC::SyntaxChecker::makeAssignNode):
2145         (JSC::SyntaxChecker::makePrefixNode):
2146         (JSC::SyntaxChecker::makePostfixNode):
2147         (JSC::SyntaxChecker::makeTypeOfNode):
2148         (JSC::SyntaxChecker::makeDeleteNode):
2149         (JSC::SyntaxChecker::makeNegateNode):
2150         (JSC::SyntaxChecker::makeBitwiseNotNode):
2151         (JSC::SyntaxChecker::createLogicalNot):
2152         (JSC::SyntaxChecker::createUnaryPlus):
2153         (JSC::SyntaxChecker::createVoid):
2154         (JSC::SyntaxChecker::thisExpr):
2155         (JSC::SyntaxChecker::createResolve):
2156         (JSC::SyntaxChecker::createObjectLiteral):
2157         (JSC::SyntaxChecker::createArray):
2158         (JSC::SyntaxChecker::createNumberExpr):
2159         (JSC::SyntaxChecker::createString):
2160         (JSC::SyntaxChecker::createBoolean):
2161         (JSC::SyntaxChecker::createNull):
2162         (JSC::SyntaxChecker::createBracketAccess):
2163         (JSC::SyntaxChecker::createDotAccess):
2164         (JSC::SyntaxChecker::createRegExp):
2165         (JSC::SyntaxChecker::createNewExpr):
2166         (JSC::SyntaxChecker::createConditionalExpr):
2167         (JSC::SyntaxChecker::createAssignResolve):
2168         (JSC::SyntaxChecker::createFunctionExpr):
2169         (JSC::SyntaxChecker::createFunctionBody):
2170         (JSC::SyntaxChecker::createArguments):
2171         (JSC::SyntaxChecker::createArgumentsList):
2172         (JSC::SyntaxChecker::createProperty):
2173         (JSC::SyntaxChecker::createPropertyList):
2174         (JSC::SyntaxChecker::createFuncDeclStatement):
2175         (JSC::SyntaxChecker::createBlockStatement):
2176         (JSC::SyntaxChecker::createExprStatement):
2177         (JSC::SyntaxChecker::createIfStatement):
2178         (JSC::SyntaxChecker::createForLoop):
2179         (JSC::SyntaxChecker::createForInLoop):
2180         (JSC::SyntaxChecker::createEmptyStatement):
2181         (JSC::SyntaxChecker::createVarStatement):
2182         (JSC::SyntaxChecker::createReturnStatement):
2183         (JSC::SyntaxChecker::createBreakStatement):
2184         (JSC::SyntaxChecker::createContinueStatement):
2185         (JSC::SyntaxChecker::createTryStatement):
2186         (JSC::SyntaxChecker::createSwitchStatement):
2187         (JSC::SyntaxChecker::createWhileStatement):
2188         (JSC::SyntaxChecker::createWithStatement):
2189         (JSC::SyntaxChecker::createDoWhileStatement):
2190         (JSC::SyntaxChecker::createLabelStatement):
2191         (JSC::SyntaxChecker::createThrowStatement):
2192         (JSC::SyntaxChecker::createDebugger):
2193         (JSC::SyntaxChecker::createConstStatement):
2194         (JSC::SyntaxChecker::appendConstDecl):
2195         (JSC::SyntaxChecker::createGetterOrSetterProperty):
2196         (JSC::SyntaxChecker::combineCommaNodes):
2197         (JSC::SyntaxChecker::operatorStackPop):
2198         * runtime/Executable.cpp:
2199         (JSC::EvalExecutable::compileInternal):
2200         (JSC::ProgramExecutable::checkSyntax):
2201         (JSC::ProgramExecutable::compileInternal):
2202         (JSC::FunctionExecutable::produceCodeBlockFor):
2203         (JSC::FunctionExecutable::fromGlobalCode):
2204         * runtime/JSGlobalData.cpp:
2205         (JSC::JSGlobalData::JSGlobalData):
2206         (JSC::JSGlobalData::~JSGlobalData):
2207         * runtime/JSGlobalData.h:
2208         * runtime/LiteralParser.cpp:
2209         (JSC::LiteralParser::tryJSONPParse):
2210
2211 2011-10-31  Filip Pizlo  <fpizlo@apple.com>
2212
2213         REGRESSION (r97118): Reproducible crash in JSCell::toPrimitive when adding
2214         https://bugs.webkit.org/show_bug.cgi?id=71227
2215
2216         Reviewed by Oliver Hunt.
2217         
2218         No new tests, since while I can see exactly where the DFG went wrong on the
2219         site in question from looking at the generated machine code, and while I can
2220         certainly believe that such a scenario would happen, I cannot visualize how
2221         to make it happen reproducibly. It requires an odd combination of double
2222         values getting spilled and then refilled, but then reboxed at just the right
2223         time so that the spilled value is an unboxed double while the in-register
2224         value is a boxed double.
2225
2226         * dfg/DFGJITCodeGenerator.h:
2227         (JSC::DFG::JITCodeGenerator::silentFillGPR):
2228
2229 2011-10-30  Filip Pizlo  <fpizlo@apple.com>
2230
2231         JSParser::parsePrimaryExpression should have an overflow check
2232         https://bugs.webkit.org/show_bug.cgi?id=71197
2233
2234         Reviewed by Geoff Garen.
2235
2236         * parser/JSParser.cpp:
2237         (JSC::JSParser::parsePrimaryExpression):
2238
2239 2011-10-30  Filip Pizlo  <fpizlo@apple.com>
2240
2241         DFG ValueAdd(string, int) should not fail speculation
2242         https://bugs.webkit.org/show_bug.cgi?id=71195
2243
2244         Reviewed by Geoff Garen.
2245         
2246         1% speed-up on V8.
2247
2248         * dfg/DFGNode.h:
2249         (JSC::DFG::Node::shouldNotSpeculateInteger):
2250         (JSC::DFG::Node::shouldSpeculateInteger):
2251
2252 2011-10-30  Filip Pizlo  <fpizlo@apple.com>
2253
2254         The DFG inliner should not flush the callee
2255         https://bugs.webkit.org/show_bug.cgi?id=71191
2256
2257         Reviewed by Oliver Hunt.
2258         
2259         0.6% speed-up on V8.
2260
2261         * bytecode/CodeBlock.cpp:
2262         (JSC::CodeBlock::visitAggregate):
2263         * bytecode/CodeOrigin.h:
2264         * dfg/DFGByteCodeParser.cpp:
2265         (JSC::DFG::ByteCodeParser::flush):
2266         (JSC::DFG::ByteCodeParser::handleInlining):
2267         (JSC::DFG::ByteCodeParser::parseBlock):
2268         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2269         (JSC::DFG::ByteCodeParser::parse):
2270         * dfg/DFGJITCompiler.cpp:
2271         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
2272         * dfg/DFGJITCompiler32_64.cpp:
2273         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
2274         * interpreter/CallFrame.cpp:
2275         (JSC::CallFrame::trueCallerFrameSlow):
2276
2277 2011-10-28  Mark Hahnenberg  <mhahnenberg@apple.com>
2278
2279         De-virtualize isGlobalObject, isVariableObject, isActivationObject, and isErrorInstance in JSObject
2280         https://bugs.webkit.org/show_bug.cgi?id=70968
2281
2282         Reviewed by Geoffrey Garen.
2283
2284         * API/JSCallbackObject.cpp: Added two specializations for createStructure that use different JSTypes in their
2285         TypeInfo.  Had to also create a specialization for JSNonFinalObject, even JSGlobalObject was the only that 
2286         needed it because Windows wouldn't build without it.
2287         (JSC::::createStructure):
2288         * API/JSCallbackObject.h:
2289         * JavaScriptCore.exp:
2290         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2291         * runtime/ErrorInstance.h: Removed virtual function and changed JSType provided to TypeInfo in createStructure. 
2292         (JSC::ErrorInstance::createStructure):
2293         * runtime/ErrorPrototype.h: Ditto
2294         (JSC::ErrorPrototype::createStructure):
2295         * runtime/JSActivation.h: Ditto
2296         (JSC::JSActivation::createStructure):
2297         * runtime/JSGlobalObject.h: Ditto
2298         (JSC::JSGlobalObject::createStructure):
2299         * runtime/JSObject.h: De-virtualized functions.  They now check the JSType of the object for the corresponding type.
2300         (JSC::JSObject::isGlobalObject):
2301         (JSC::JSObject::isVariableObject):
2302         (JSC::JSObject::isActivationObject):
2303         (JSC::JSObject::isErrorInstance):
2304         * runtime/JSType.h: Added new types for GlobalObject, VariableObject, ActivationObject, and ErrorInstance.
2305         * runtime/JSVariableObject.cpp: Removed virtual function.
2306         * runtime/JSVariableObject.h: Changed JSType provided to TypeInfo in createStructure.
2307         (JSC::JSVariableObject::createStructure):
2308
2309 2011-10-28  Pavel Feldman  <pfeldman@google.com>
2310
2311         Reset line numbers for scripts generated with document.write.
2312         https://bugs.webkit.org/show_bug.cgi?id=71099
2313
2314         Reviewed by Yury Semikhatsky.
2315
2316         * wtf/text/TextPosition.h:
2317         (WTF::OrdinalNumber::OrdinalNumber):
2318
2319 2011-10-27  Daniel Bates  <dbates@rim.com>
2320
2321         CMake: Add support to optionally install the built JavaScript shell
2322         https://bugs.webkit.org/show_bug.cgi?id=71062
2323
2324         Reviewed by Antonio Gomes.
2325
2326         Generate an installation rule for installing the JavaScript shell in
2327         /bin (with respect to the prefix path) when SHOULD_INSTALL_JS_SHELL
2328         is defined.
2329
2330         * shell/CMakeLists.txt:
2331
2332 2011-10-27  Kentaro Hara  <haraken@chromium.org>
2333
2334         Generate WebKitCSSMatrix constructor for JSC by [Constructor] IDL
2335         https://bugs.webkit.org/show_bug.cgi?id=70215
2336
2337         Reviewed by Adam Barth.
2338
2339         Added a method that judges if a given JSValue is empty.
2340
2341         Tests: transforms/svg-vs-css.xhtml
2342                transforms/cssmatrix-2d-interface.xhtml
2343                transforms/cssmatrix-3d-interface.xhtml
2344
2345         * runtime/JSValue.h:
2346         * runtime/JSValueInlineMethods.h:
2347         (JSC::JSValue::isEmpty):
2348
2349 2011-10-27  Michael Saboff  <msaboff@apple.com>
2350
2351         ENH: Add 8 bit string support to JSC JIT
2352         https://bugs.webkit.org/show_bug.cgi?id=71073
2353
2354         Changed the JIT String character access generation to create code
2355         to check the character size and load8() or load16() as approriate.
2356
2357         Reviewed by Gavin Barraclough.
2358
2359         * assembler/MacroAssemblerX86Common.h:
2360         (JSC::MacroAssemblerX86Common::load8):
2361         * assembler/X86Assembler.h:
2362         (JSC::X86Assembler::movzbl_mr):
2363         * dfg/DFGSpeculativeJIT.cpp:
2364         (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
2365         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
2366         * jit/JITInlineMethods.h:
2367         (JSC::JIT::emitLoadCharacterString):
2368         * jit/JITPropertyAccess.cpp:
2369         (JSC::JIT::stringGetByValStubGenerator):
2370         * jit/JITPropertyAccess32_64.cpp:
2371         (JSC::JIT::stringGetByValStubGenerator):
2372         * jit/JSInterfaceJIT.h:
2373         (JSC::ThunkHelpers::stringImplFlagsOffset):
2374         (JSC::ThunkHelpers::stringImpl8BitFlag):
2375         * jit/ThunkGenerators.cpp:
2376         (JSC::stringCharLoad):
2377
2378 2011-10-27  Filip Pizlo  <fpizlo@apple.com>
2379
2380         If the bytecode generator emits code after the return in the first basic block,
2381         DFG's inliner crashes
2382         https://bugs.webkit.org/show_bug.cgi?id=71071
2383
2384         Reviewed by Gavin Barraclough.
2385         
2386         Removed some cruft dealing with parsing failures due to unsupported functionality
2387         (that's never reached anymore due to it being caught in DFGCapabilities). This
2388         allowed me to repurpose the bool return from parseBlock() to mean: true if we
2389         should continue to parse, or false if we've already parsed all live code.
2390
2391         * dfg/DFGByteCodeParser.cpp:
2392         (JSC::DFG::ByteCodeParser::ByteCodeParser):
2393         (JSC::DFG::ByteCodeParser::parseBlock):
2394         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2395
2396 2011-10-27  Joseph Pecoraro  <pecoraro@apple.com>
2397
2398         Reviewed by David Kilzer.
2399
2400         Make FeatureDefines Identical Across OS X Projects
2401         https://bugs.webkit.org/show_bug.cgi?id=71051
2402
2403         * Configurations/FeatureDefines.xcconfig:
2404
2405 2011-10-27  Filip Pizlo  <fpizlo@apple.com>
2406
2407         Crash in JSC::Structure::materializePropertyMap when viewing Garden-O-Matic
2408         https://bugs.webkit.org/show_bug.cgi?id=71045
2409
2410         Reviewed by Geoff Garen.
2411         
2412         Make sure that if a structure is pinned, it also has a property map.
2413
2414         * runtime/Structure.cpp:
2415         (JSC::Structure::changePrototypeTransition):
2416         (JSC::Structure::despecifyFunctionTransition):
2417         (JSC::Structure::getterSetterTransition):
2418         (JSC::Structure::toDictionaryTransition):
2419         (JSC::Structure::preventExtensionsTransition):
2420         (JSC::Structure::addPropertyWithoutTransition):
2421         (JSC::Structure::removePropertyWithoutTransition):
2422         (JSC::Structure::pin):
2423         (JSC::Structure::copyPropertyTableForPinning):
2424         * runtime/Structure.h:
2425         (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
2426
2427 2011-10-27  Michael Saboff  <msaboff@apple.com>
2428
2429         32bit build failure after r98624
2430         https://bugs.webkit.org/show_bug.cgi?id=71064
2431
2432         Disambiguated operator overload with unsigned index (0u).
2433
2434         Reviewed by Sam Weinig.
2435
2436         * runtime/UString.h:
2437         (JSC::operator==):
2438
2439 2011-10-27  Gustavo Noronha Silva  <gns@gnome.org>
2440
2441         Fix building on GNU/kFreeBSD
2442         https://bugs.webkit.org/show_bug.cgi?id=71005
2443
2444         Reviewed by Darin Adler.
2445
2446         * config.h:
2447         * wtf/Platform.h:
2448
2449 2011-10-27  Michael Saboff  <msaboff@apple.com>
2450
2451         Investigate storing strings in 8-bit buffers when possible
2452         https://bugs.webkit.org/show_bug.cgi?id=66161
2453
2454         Investigate storing strings in 8-bit buffers when possible
2455         https://bugs.webkit.org/show_bug.cgi?id=66161
2456
2457         Added support for 8 bit string data in StringImpl.  Changed
2458         (UChar*) m_data to m_data16.  Added char* m_data8 as a union
2459         with m_data16.  Added UChar* m_copyData16 to the other union
2460         to store a 16 bit copy of an 8 bit string when needed.
2461         Added characters8() and characters16() accessor methods
2462         that assume the caller has checked the underlying string type
2463         via the new is8Bit() method. The characters() method will
2464         return a UChar* of the string, materializing a 16 bit copy if the
2465         string is an 8 bit string.  Added two flags, one for 8 bit buffer
2466         and a second for a 16 bit copy for an 8 bit string.
2467
2468         Fixed method name typo (StringHasher::defaultCoverter()).
2469
2470         Over time the goal is to eliminate calls to characters() and
2471         us the character8() and characters16() accessors.
2472
2473         This patch does not include changes that actually create 8 bit
2474         strings. This is the first of at least 8 patches.  Subsequent
2475         patches will be submitted for JIT changes, making the JSC lexer,
2476         parser and literal parser, JavaScript string changes and
2477         then changes in webcore to take advantage of the 8 bit strings.
2478
2479         This change is performance neutral for SunSpider and V8 when
2480         run from the command line with "jsc".
2481
2482         Reviewed by Geoffrey Garen.
2483
2484         * JavaScriptCore.exp:
2485         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def
2486         * interpreter/Interpreter.cpp:
2487         (JSC::Interpreter::callEval):
2488         * parser/SourceProvider.h:
2489         (JSC::UStringSourceProvider::data):
2490         (JSC::UStringSourceProvider::UStringSourceProvider):
2491         * runtime/Identifier.cpp:
2492         (JSC::IdentifierCStringTranslator::hash):
2493         (JSC::IdentifierCStringTranslator::equal):
2494         (JSC::IdentifierCStringTranslator::translate):
2495         (JSC::Identifier::add):
2496         (JSC::Identifier::toUInt32):
2497         * runtime/Identifier.h:
2498         (JSC::Identifier::equal):
2499         (JSC::operator==):
2500         (JSC::operator!=):
2501         * runtime/JSString.cpp:
2502         (JSC::JSString::resolveRope):
2503         (JSC::JSString::resolveRopeSlowCase):
2504         * runtime/RegExp.cpp:
2505         (JSC::RegExp::match):
2506         * runtime/StringPrototype.cpp:
2507         (JSC::jsSpliceSubstringsWithSeparators):
2508         * runtime/UString.cpp:
2509         (JSC::UString::UString):
2510         (JSC::equalSlowCase):
2511         (JSC::UString::utf8):
2512         * runtime/UString.h:
2513         (JSC::UString::characters):
2514         (JSC::UString::characters8):
2515         (JSC::UString::characters16):
2516         (JSC::UString::is8Bit):
2517         (JSC::UString::operator[]):
2518         (JSC::UString::find):
2519         (JSC::operator==):
2520         * wtf/StringHasher.h:
2521         (WTF::StringHasher::computeHash):
2522         (WTF::StringHasher::defaultConverter):
2523         * wtf/text/AtomicString.cpp:
2524         (WTF::CStringTranslator::hash):
2525         (WTF::CStringTranslator::equal):
2526         (WTF::CStringTranslator::translate):
2527         (WTF::AtomicString::add):
2528         * wtf/text/AtomicString.h:
2529         (WTF::AtomicString::AtomicString):
2530         (WTF::AtomicString::contains):
2531         (WTF::AtomicString::find):
2532         (WTF::AtomicString::add):
2533         (WTF::operator==):
2534         (WTF::operator!=):
2535         (WTF::equalIgnoringCase):
2536         * wtf/text/StringConcatenate.h:
2537         * wtf/text/StringHash.h:
2538         (WTF::StringHash::equal):
2539         (WTF::CaseFoldingHash::hash):
2540         * wtf/text/StringImpl.cpp:
2541         (WTF::StringImpl::~StringImpl):
2542         (WTF::StringImpl::createUninitialized):
2543         (WTF::StringImpl::create):
2544         (WTF::StringImpl::getData16SlowCase):
2545         (WTF::StringImpl::containsOnlyWhitespace):
2546         (WTF::StringImpl::substring):
2547         (WTF::StringImpl::characterStartingAt):
2548         (WTF::StringImpl::lower):
2549         (WTF::StringImpl::upper):
2550         (WTF::StringImpl::fill):
2551         (WTF::StringImpl::foldCase):
2552         (WTF::StringImpl::stripMatchedCharacters):
2553         (WTF::StringImpl::removeCharacters):
2554         (WTF::StringImpl::simplifyMatchedCharactersToSpace):
2555         (WTF::StringImpl::toIntStrict):
2556         (WTF::StringImpl::toUIntStrict):
2557         (WTF::StringImpl::toInt64Strict):
2558         (WTF::StringImpl::toUInt64Strict):
2559         (WTF::StringImpl::toIntPtrStrict):
2560         (WTF::StringImpl::toInt):
2561         (WTF::StringImpl::toUInt):
2562         (WTF::StringImpl::toInt64):
2563         (WTF::StringImpl::toUInt64):
2564         (WTF::StringImpl::toIntPtr):
2565         (WTF::StringImpl::toDouble):
2566         (WTF::StringImpl::toFloat):
2567         (WTF::equal):
2568         (WTF::equalIgnoringCase):
2569         (WTF::StringImpl::find):
2570         (WTF::StringImpl::findIgnoringCase):
2571         (WTF::StringImpl::reverseFind):
2572         (WTF::StringImpl::replace):
2573         (WTF::StringImpl::defaultWritingDirection):
2574         (WTF::StringImpl::adopt):
2575         (WTF::StringImpl::createWithTerminatingNullCharacter):
2576         * wtf/text/StringImpl.h:
2577         (WTF::StringImpl::StringImpl):
2578         (WTF::StringImpl::create):
2579         (WTF::StringImpl::create8):
2580         (WTF::StringImpl::tryCreateUninitialized):
2581         (WTF::StringImpl::flagsOffset):
2582         (WTF::StringImpl::flagIs8Bit):
2583         (WTF::StringImpl::dataOffset):
2584         (WTF::StringImpl::is8Bit):
2585         (WTF::StringImpl::characters8):
2586         (WTF::StringImpl::characters16):
2587         (WTF::StringImpl::characters):
2588         (WTF::StringImpl::has16BitShadow):
2589         (WTF::StringImpl::setHash):
2590         (WTF::StringImpl::hash):
2591         (WTF::StringImpl::copyChars):
2592         (WTF::StringImpl::operator[]):
2593         (WTF::StringImpl::find):
2594         (WTF::StringImpl::findIgnoringCase):
2595         (WTF::equal):
2596         (WTF::equalIgnoringCase):
2597         (WTF::StringImpl::isolatedCopy):
2598         * wtf/text/WTFString.cpp:
2599         (WTF::String::String):
2600         (WTF::String::append):
2601         (WTF::String::format):
2602         (WTF::String::fromUTF8):
2603         (WTF::String::fromUTF8WithLatin1Fallback):
2604         * wtf/text/WTFString.h:
2605         (WTF::String::find):
2606         (WTF::String::findIgnoringCase):
2607         (WTF::String::contains):
2608         (WTF::String::append):
2609         (WTF::String::fromUTF8):
2610         (WTF::String::fromUTF8WithLatin1Fallback):
2611         (WTF::operator==):
2612         (WTF::operator!=):
2613         (WTF::equalIgnoringCase):
2614         * wtf/unicode/Unicode.h:
2615         * yarr/YarrJIT.cpp:
2616         (JSC::Yarr::execute):
2617         * yarr/YarrJIT.h:
2618         (JSC::Yarr::YarrCodeBlock::execute):
2619         * yarr/YarrParser.h:
2620         (JSC::Yarr::Parser::Parser):
2621
2622 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
2623
2624         Fixing windows build
2625
2626         Unreviewed build fix
2627
2628         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2629
2630 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
2631
2632         Add ability to check for presence of static members at compile time
2633         https://bugs.webkit.org/show_bug.cgi?id=70986
2634
2635         Reviewed by Geoffrey Garen.
2636
2637         Added new CREATE_MEMBER_CHECKER macro to instantiate the template and the 
2638         HAS_MEMBER_NAMED macro to use that template to check if the specified class 
2639         does indeed have a method with that name.  This mechanism is not currently 
2640         used anywhere, but will be in the future when adding virtual methods from 
2641         JSObject to the MethodTable.
2642
2643         * runtime/ClassInfo.h:
2644
2645 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
2646
2647         De-virtualize JSCell::toThisObject
2648         https://bugs.webkit.org/show_bug.cgi?id=70958
2649
2650         Reviewed by Geoffrey Garen.
2651
2652         Converted all instances of toThisObject to static functions, 
2653         added toThisObject to the MethodTable, and replaced all call sites
2654         with a corresponding lookup in the MethodTable.
2655
2656         * API/JSContextRef.cpp:
2657         * JavaScriptCore.exp:
2658         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2659         * runtime/ClassInfo.h:
2660         * runtime/JSActivation.cpp:
2661         (JSC::JSActivation::toThisObject):
2662         * runtime/JSActivation.h:
2663         * runtime/JSCell.cpp:
2664         (JSC::JSCell::toThisObject):
2665         * runtime/JSCell.h:
2666         * runtime/JSObject.cpp:
2667         (JSC::JSObject::put):
2668         (JSC::JSObject::toThisObject):
2669         * runtime/JSObject.h:
2670         (JSC::JSValue::toThisObject):
2671         * runtime/JSStaticScopeObject.cpp:
2672         (JSC::JSStaticScopeObject::toThisObject):
2673         * runtime/JSStaticScopeObject.h:
2674         * runtime/JSString.cpp:
2675         (JSC::JSString::toThisObject):
2676         * runtime/JSString.h:
2677         * runtime/StrictEvalActivation.cpp:
2678         (JSC::StrictEvalActivation::toThisObject):
2679         * runtime/StrictEvalActivation.h:
2680
2681 2011-10-27  Yuqiang Xian  <yuqiang.xian@intel.com>
2682
2683         Fix a small bug in callOperation after r98431
2684         https://bugs.webkit.org/show_bug.cgi?id=70984
2685
2686         Reviewed by Geoffrey Garen.
2687
2688         TrustedImmPtr is not expecting "int" type parameters.
2689
2690         * dfg/DFGJITCodeGenerator.h:
2691         (JSC::DFG::callOperation):
2692
2693 2011-10-26  Oliver Hunt  <oliver@apple.com>
2694
2695         Restore structure-clearing behaviour of allocateCell<>
2696         https://bugs.webkit.org/show_bug.cgi?id=70976
2697
2698         Reviewed by Geoffrey Garen.
2699
2700         This restores the logic that allows the markstack to filter
2701         live objects that have not yet been initialised.
2702
2703         * runtime/JSCell.h:
2704         (JSC::JSCell::clearStructure):
2705            Validation-safe method to clear a cell's structure.
2706         (JSC::allocateCell):
2707            Call the above method.
2708         * runtime/Structure.h:
2709         (JSC::MarkStack::internalAppend):
2710            Don't visit cells that haven't been initialised.
2711
2712 2011-10-26  Filip Pizlo  <fpizlo@apple.com>
2713
2714         REGRESSION (r97030): Cannot log in to progressive.com
2715         https://bugs.webkit.org/show_bug.cgi?id=70094
2716
2717         Reviewed by Oliver Hunt.
2718
2719         * dfg/DFGByteCodeParser.cpp:
2720         (JSC::DFG::ByteCodeParser::handleCall):
2721
2722 2011-10-26  Mark Hahnenberg  <mhahnenberg@apple.com>
2723
2724         Remove getOwnPropertySlotVirtual
2725         https://bugs.webkit.org/show_bug.cgi?id=70741
2726
2727         Reviewed by Geoffrey Garen.
2728
2729         Removed all declarations and definitions of getOwnPropertySlotVirtual.
2730         Also replaced all call sites to getOwnPropertyVirtualVirtual with a 
2731         corresponding lookup in the MethodTable.
2732
2733         * API/JSCallbackObject.h:
2734         * API/JSCallbackObjectFunctions.h:
2735         (JSC::::getOwnPropertyDescriptor):
2736         * JavaScriptCore.exp:
2737         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2738         * debugger/DebuggerActivation.cpp:
2739         (JSC::DebuggerActivation::getOwnPropertySlot):
2740         * debugger/DebuggerActivation.h:
2741         * runtime/Arguments.cpp:
2742         * runtime/Arguments.h:
2743         * runtime/ArrayConstructor.cpp:
2744         * runtime/ArrayConstructor.h:
2745         * runtime/ArrayPrototype.cpp:
2746         * runtime/ArrayPrototype.h:
2747         * runtime/BooleanPrototype.cpp:
2748         * runtime/BooleanPrototype.h:
2749         * runtime/DateConstructor.cpp:
2750         * runtime/DateConstructor.h:
2751         * runtime/DatePrototype.cpp:
2752         * runtime/DatePrototype.h:
2753         (JSC::DatePrototype::create):
2754         * runtime/ErrorPrototype.cpp:
2755         * runtime/ErrorPrototype.h:
2756         * runtime/JSActivation.cpp:
2757         * runtime/JSActivation.h:
2758         * runtime/JSArray.cpp:
2759         (JSC::JSArray::getOwnPropertySlotByIndex):
2760         * runtime/JSArray.h:
2761         * runtime/JSByteArray.cpp:
2762         * runtime/JSByteArray.h:
2763         * runtime/JSCell.cpp:
2764         * runtime/JSCell.h:
2765         * runtime/JSFunction.cpp:
2766         (JSC::JSFunction::getOwnPropertyDescriptor):
2767         (JSC::JSFunction::getOwnPropertyNames):
2768         (JSC::JSFunction::put):
2769         * runtime/JSFunction.h:
2770         * runtime/JSGlobalObject.cpp:
2771         * runtime/JSGlobalObject.h:
2772         * runtime/JSNotAnObject.cpp:
2773         * runtime/JSNotAnObject.h:
2774         * runtime/JSONObject.cpp:
2775         (JSC::Stringifier::Holder::appendNextProperty):
2776         (JSC::Walker::walk):
2777         * runtime/JSONObject.h:
2778         * runtime/JSObject.cpp:
2779         (JSC::JSObject::getOwnPropertySlotByIndex):
2780         (JSC::JSObject::hasOwnProperty):
2781         * runtime/JSObject.h:
2782         (JSC::JSCell::fastGetOwnPropertySlot):
2783         (JSC::JSObject::getPropertySlot):
2784         (JSC::JSValue::get):
2785         * runtime/JSStaticScopeObject.cpp:
2786         * runtime/JSStaticScopeObject.h:
2787         * runtime/JSString.cpp:
2788         (JSC::JSString::getOwnPropertySlot):
2789         * runtime/JSString.h:
2790         * runtime/MathObject.cpp:
2791         * runtime/MathObject.h:
2792         (JSC::MathObject::create):
2793         * runtime/NumberConstructor.cpp:
2794         * runtime/NumberConstructor.h:
2795         * runtime/NumberPrototype.cpp:
2796         * runtime/NumberPrototype.h:
2797         * runtime/ObjectConstructor.cpp:
2798         * runtime/ObjectConstructor.h:
2799         * runtime/ObjectPrototype.cpp:
2800         * runtime/ObjectPrototype.h:
2801         * runtime/RegExpConstructor.cpp:
2802         * runtime/RegExpConstructor.h:
2803         * runtime/RegExpMatchesArray.h:
2804         (JSC::RegExpMatchesArray::createStructure):
2805         * runtime/RegExpObject.cpp:
2806         * runtime/RegExpObject.h:
2807         * runtime/RegExpPrototype.cpp:
2808         * runtime/RegExpPrototype.h:
2809         * runtime/StringConstructor.cpp:
2810         * runtime/StringConstructor.h:
2811         * runtime/StringObject.cpp:
2812         * runtime/StringObject.h:
2813         * runtime/StringPrototype.cpp:
2814         * runtime/StringPrototype.h:
2815
2816 2011-10-26  Alejandro G. Castro  <alex@igalia.com>
2817
2818         [GTK] [WK2] Add WebKit2 distcheck support
2819         https://bugs.webkit.org/show_bug.cgi?id=70933
2820
2821         Reviewed by Martin Robinson.
2822
2823         * GNUmakefile.list.am: Add MemoryStatistics.h to the sources list.
2824
2825 2011-10-26  Michael Saboff  <msaboff@apple.com>
2826
2827         Increase StringImpl Flag Bits for 8 bit Strings
2828         https://bugs.webkit.org/show_bug.cgi?id=70937
2829
2830         Increased the number of bits used for flags in StringImpl
2831         from 6 to 8 bits. This frees up 2 flag bits that will be
2832         used for 8-bit string support. Updated hash methods accordingly.
2833         Changed hash value masking from the low bits to the high
2834         bits.
2835
2836         Reviewed by Darin Adler.
2837
2838         * create_hash_table:
2839         * wtf/StringHasher.h:
2840         (WTF::StringHasher::hash):
2841         * wtf/text/StringImpl.h:
2842
2843 2011-10-26  Dan Bernstein  <mitz@apple.com>
2844
2845         Build fix.
2846
2847         Reverted r98488, which caused the scripts’ status messages to be included in the generated
2848         files.
2849
2850         * create_hash_table:
2851         * create_jit_stubs:
2852
2853 2011-10-26  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
2854
2855         Don't print regular output to STDERR when generating hashtables and JIT stubs
2856
2857         Reviewed by Simon Hausmann.
2858
2859         * create_hash_table:
2860         * create_jit_stubs:
2861
2862 2011-10-25  Gavin Barraclough  <barraclough@apple.com>
2863
2864         Split DFGJITCodeGenerator::callOperation methods
2865         https://bugs.webkit.org/show_bug.cgi?id=70870
2866
2867         Reviewed by Filip Pizlo.
2868
2869         The DFGJITCodeGenerator currently contains two sets of callOperation methods.
2870         One set works with the JSVALUE64 value representation and passes arguments in
2871         registers (suitable for use on x86-64), and one set works with the JSVALUE32_64
2872         value representation and passes arguments in memory  (suitable for use on x86).
2873         By refactoring out the representation and calling convention specific aspects
2874         of the code we can also configure the DFG JIT to operator on platforms that use
2875         the JSVALUE32_64 value representation but pass arguments in registers.
2876
2877         On platforms supported by the JIT, the payload precedes the tag of a value in
2878         argument/result ordering, as such, in order to make the setupResults method
2879         generally applicable to return the results of a function that are returned in
2880         two registers, the ordering of arguments to this function has been reversed -
2881         as is the ordering of augments passed to setupArguments methods, with respect
2882         to the ordering with which they are passed in to callOperation.
2883         This inconsistency will be resolved in a later change when we combine the pairs
2884         of arguments passed into callOperation, such that the function signatures can
2885         be made consistent across the two value representations (the callOperation
2886         methods will be passed a reference to a struct representing the JSValue
2887         temporary, this will consist of two gprs on 32_64 and one on 64).
2888
2889         * dfg/DFGJITCodeGenerator.h:
2890         (JSC::DFG::resetCallArguments):
2891         (JSC::DFG::addCallArgument):
2892             - moved, removed tag,payload version of this method.
2893         (JSC::DFG::setupArguments):
2894         (JSC::DFG::setupArgumentsExecState):
2895         (JSC::DFG::setupArgumentsWithExecState):
2896             - Calling convention specific portion of callOperation refactored out into these methods.
2897         (JSC::DFG::callOperation):
2898             - updated these methods to use setupArguments* methods.
2899         (JSC::DFG::setupResults):
2900             - setupResults is now passed payload,tag.
2901         (JSC::DFG::appendCallWithExceptionCheckSetResult):
2902             - Added fpr versions of this function.
2903         (JSC::DFG::appendCallSetResult):
2904             - Added versions of this function without exception check.
2905         * dfg/DFGJITCodeGenerator32_64.cpp:
2906         (JSC::DFG::JITCodeGenerator::emitCall):
2907             - setupResults is now passed payload,tag.
2908
2909 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
2910
2911         Remove deletePropertyVirtual
2912         https://bugs.webkit.org/show_bug.cgi?id=70738
2913
2914         Reviewed by Geoffrey Garen.
2915
2916         Removed all declarations and definitions of deletePropertyVirtual.
2917         Also replaced all call sites to deletePropertyVirtual with a 
2918         corresponding lookup in the MethodTable.
2919
2920         * API/JSCallbackObject.h:
2921         * API/JSCallbackObjectFunctions.h:
2922         (JSC::::deletePropertyByIndex):
2923         * API/JSObjectRef.cpp:
2924         (JSObjectDeleteProperty):
2925         * JavaScriptCore.exp:
2926         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2927         * debugger/DebuggerActivation.cpp:
2928         (JSC::DebuggerActivation::deleteProperty):
2929         * debugger/DebuggerActivation.h:
2930         * interpreter/Interpreter.cpp:
2931         (JSC::Interpreter::privateExecute):
2932         * jit/JITStubs.cpp:
2933         (JSC::DEFINE_STUB_FUNCTION):
2934         * runtime/Arguments.cpp:
2935         * runtime/Arguments.h:
2936         * runtime/ArrayPrototype.cpp:
2937         (JSC::arrayProtoFuncPop):
2938         (JSC::arrayProtoFuncReverse):
2939         (JSC::arrayProtoFuncShift):
2940         (JSC::arrayProtoFuncSplice):
2941         (JSC::arrayProtoFuncUnShift):
2942         * runtime/JSActivation.cpp:
2943         * runtime/JSActivation.h:
2944         * runtime/JSArray.cpp:
2945         (JSC::JSArray::deleteProperty):
2946         (JSC::JSArray::deletePropertyByIndex):
2947         * runtime/JSArray.h:
2948         * runtime/JSCell.cpp:
2949         (JSC::JSCell::deleteProperty):
2950         (JSC::JSCell::deletePropertyByIndex):
2951         * runtime/JSCell.h:
2952         * runtime/JSFunction.cpp:
2953         * runtime/JSFunction.h:
2954         * runtime/JSNotAnObject.cpp:
2955         * runtime/JSNotAnObject.h:
2956         * runtime/JSONObject.cpp:
2957         (JSC::Walker::walk):
2958         * runtime/JSObject.cpp:
2959         (JSC::JSObject::deletePropertyByIndex):
2960         (JSC::JSObject::defineOwnProperty):
2961         * runtime/JSObject.h:
2962         * runtime/JSVariableObject.cpp:
2963         * runtime/JSVariableObject.h:
2964         * runtime/RegExpMatchesArray.h:
2965         * runtime/StrictEvalActivation.cpp:
2966         * runtime/StrictEvalActivation.h:
2967         * runtime/StringObject.cpp:
2968         * runtime/StringObject.h:
2969
2970 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
2971
2972         Remove putVirtual
2973         https://bugs.webkit.org/show_bug.cgi?id=70740
2974
2975         Reviewed by Geoffrey Garen.
2976
2977         Removed all declarations and definitions of putVirtual.
2978         Also replaced all call sites to putVirtual with a 
2979         corresponding lookup in the MethodTable.
2980
2981         * API/JSCallbackObject.h:
2982         * API/JSCallbackObjectFunctions.h:
2983         * API/JSObjectRef.cpp:
2984         (JSObjectSetProperty):
2985         (JSObjectSetPropertyAtIndex):
2986         * JavaScriptCore.exp:
2987         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2988         * debugger/DebuggerActivation.cpp:
2989         (JSC::DebuggerActivation::put):
2990         * debugger/DebuggerActivation.h:
2991         * dfg/DFGOperations.cpp:
2992         * interpreter/Interpreter.cpp:
2993         (JSC::Interpreter::execute):
2994         (JSC::Interpreter::privateExecute):
2995         * jsc.cpp:
2996         (GlobalObject::finishCreation):
2997         * runtime/Arguments.cpp:
2998         * runtime/Arguments.h:
2999         * runtime/ArrayPrototype.cpp:
3000         (JSC::putProperty):
3001         (JSC::arrayProtoFuncConcat):
3002         (JSC::arrayProtoFuncPush):
3003         (JSC::arrayProtoFuncReverse):
3004         (JSC::arrayProtoFuncShift):
3005         (JSC::arrayProtoFuncSlice):
3006         (JSC::arrayProtoFuncSort):
3007         (JSC::arrayProtoFuncSplice):
3008         (JSC::arrayProtoFuncUnShift):
3009         (JSC::arrayProtoFuncFilter):
3010         (JSC::arrayProtoFuncMap):
3011         * runtime/JSActivation.cpp:
3012         * runtime/JSActivation.h:
3013         * runtime/JSArray.cpp:
3014         (JSC::JSArray::putSlowCase):
3015         (JSC::JSArray::push):
3016         (JSC::JSArray::shiftCount):
3017         (JSC::JSArray::unshiftCount):
3018         * runtime/JSArray.h:
3019         * runtime/JSByteArray.cpp:
3020         * runtime/JSByteArray.h:
3021         * runtime/JSCell.cpp:
3022         (JSC::JSCell::put):
3023         (JSC::JSCell::putByIndex):
3024         * runtime/JSCell.h:
3025         * runtime/JSFunction.cpp:
3026         * runtime/JSFunction.h:
3027         * runtime/JSGlobalObject.cpp:
3028         * runtime/JSGlobalObject.h:
3029         * runtime/JSNotAnObject.cpp:
3030         * runtime/JSNotAnObject.h:
3031         * runtime/JSONObject.cpp:
3032         (JSC::Walker::walk):
3033         * runtime/JSObject.cpp:
3034         (JSC::JSObject::putByIndex):
3035         (JSC::JSObject::defineOwnProperty):
3036         * runtime/JSObject.h:
3037         (JSC::JSValue::put):
3038         * runtime/JSStaticScopeObject.cpp:
3039         * runtime/JSStaticScopeObject.h:
3040         * runtime/ObjectPrototype.cpp:
3041         * runtime/ObjectPrototype.h:
3042         * runtime/RegExpConstructor.cpp:
3043         * runtime/RegExpConstructor.h:
3044         * runtime/RegExpMatchesArray.h:
3045         * runtime/RegExpObject.cpp:
3046         * runtime/RegExpObject.h:
3047         * runtime/StringObject.cpp:
3048         * runtime/StringObject.h:
3049         * runtime/StringPrototype.cpp:
3050         (JSC::stringProtoFuncSplit):
3051
3052 2011-10-25  Gavin Barraclough  <barraclough@apple.com>
3053
3054         Separate out function linking & exception check data structures.
3055         https://bugs.webkit.org/show_bug.cgi?id=70858
3056
3057         Reviewed by Oliver Hunt.
3058
3059         This will make it easier to refactor the callOperation methods to spilt the value
3060         representation specific handling from the cpu/calling-convention implementation.
3061
3062         * dfg/DFGJITCodeGenerator.h:
3063         (JSC::DFG::appendCallWithExceptionCheck):
3064         * dfg/DFGJITCodeGenerator32_64.cpp:
3065         (JSC::DFG::JITCodeGenerator::emitCall):
3066         * dfg/DFGJITCodeGenerator64.cpp:
3067         (JSC::DFG::JITCodeGenerator::emitCall):
3068         * dfg/DFGJITCompiler.cpp:
3069         (JSC::DFG::JITCompiler::compileBody):
3070         (JSC::DFG::JITCompiler::link):
3071         * dfg/DFGJITCompiler.h:
3072         (JSC::DFG::CallLinkRecord::CallLinkRecord):
3073         (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
3074         (JSC::DFG::JITCompiler::JITCompiler):
3075         (JSC::DFG::JITCompiler::notifyCall):
3076         (JSC::DFG::JITCompiler::appendCall):
3077         (JSC::DFG::JITCompiler::addExceptionCheck):
3078         (JSC::DFG::JITCompiler::addFastExceptionCheck):
3079         * dfg/DFGJITCompiler32_64.cpp:
3080         (JSC::DFG::JITCompiler::compileBody):
3081         (JSC::DFG::JITCompiler::link):
3082
3083 2011-10-25  Filip Pizlo  <fpizlo@apple.com>
3084
3085         Tiered compilation may introduce dangling pointers in constant buffers
3086         https://bugs.webkit.org/show_bug.cgi?id=70854
3087
3088         Reviewed by Oliver Hunt.
3089         
3090         Tiered compilation now copies constant buffers, which fixes the regression in
3091         https://bugs.webkit.org/show_bug.cgi?id=70246. No new tests because this
3092         regression relies on a subtle interleaving of optimized compilation and garbage
3093         collection, and cannot be reproduced in a simple test.
3094         
3095         This also adds some new debug support, which was used to fix this bug and is
3096         likely to be useful in the future.
3097
3098         * bytecode/CodeBlock.cpp:
3099         (JSC::CodeBlock::copyDataFrom):
3100         (JSC::CodeBlock::usesOpcode):
3101         * bytecode/CodeBlock.h:
3102         * dfg/DFGGraph.cpp:
3103         (JSC::DFG::Graph::dump):
3104
3105 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
3106
3107         Fixing Windows build after r98367
3108
3109         Unreviewed build fix
3110
3111         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3112
3113 2011-10-25  Yuqiang Xian  <yuqiang.xian@intel.com>
3114
3115         Add missing DFG file entries to the make lists for GTK and Qt ports
3116         https://bugs.webkit.org/show_bug.cgi?id=70806
3117
3118         Reviewed by Darin Adler.
3119
3120         * GNUmakefile.list.am:
3121         * JavaScriptCore.pro:
3122
3123 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
3124
3125         Add getOwnPropertySlot to MethodTable
3126         https://bugs.webkit.org/show_bug.cgi?id=69807
3127
3128         Reviewed by Oliver Hunt.
3129
3130         * JavaScriptCore.exp:
3131         * runtime/ClassInfo.h: Added both versions of getOwnPropertySlot to the MethodTable.
3132         * runtime/JSCell.h: Changed getOwnPropertySlot to be protected so other classes can 
3133         reference it in their MethodTables.
3134
3135 2011-10-25  Oliver Hunt  <oliver@apple.com>
3136
3137         Need to support marking of multiple nested codeblocks when compiling
3138         https://bugs.webkit.org/show_bug.cgi?id=70832
3139
3140         Reviewed by Gavin Barraclough.
3141
3142         When inlining a function we end up with multiple codeblocks being
3143         compiled at the same time, so we need to support a list of live
3144         codeblocks.
3145
3146         * heap/Heap.cpp:
3147         (JSC::Heap::markRoots):
3148         * runtime/JSGlobalData.cpp:
3149         (JSC::JSGlobalData::JSGlobalData):
3150         * runtime/JSGlobalData.h:
3151         (JSC::JSGlobalData::startedCompiling):
3152         (JSC::JSGlobalData::finishedCompiling):
3153
3154 2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
3155
3156         DFG JIT 32_64 - fillInteger should accept DataFormatJSInteger
3157         https://bugs.webkit.org/show_bug.cgi?id=70798
3158
3159         Reviewed by Filip Pizlo.
3160
3161         When filling an integer for a known integer node (not speculated), it
3162         should accept DataFormatJSInteger as well.
3163
3164         * dfg/DFGJITCodeGenerator32_64.cpp:
3165         (JSC::DFG::JITCodeGenerator::fillInteger):
3166
3167 2011-10-24  Geoffrey Garen  <ggaren@apple.com>
3168
3169         Build fix: removed some cases of threadsafeCopy() that I missed in
3170         my previous patch.
3171
3172         * JavaScriptCore.order:
3173
3174 2011-10-24  Geoffrey Garen  <ggaren@apple.com>
3175
3176         Removed SharedUChar and tightened language around its previous uses
3177         https://bugs.webkit.org/show_bug.cgi?id=70698
3178
3179         Reviewed by David Levin.
3180
3181         - Removed SharedUChar because most of its functionality has moved into
3182         other abstraction layers, and we want remaining clients to choose their
3183         abstractions explicitly instead of relying on StringImpl to provide this
3184         behavior implicitly, since we think they can sometimes make more efficient
3185         choices.
3186
3187         - Renamed "threadSafeCopy" and "crossThreadCopy" to "isolatedCopy" because
3188         the former names could give the impression that the resulting object was
3189         thread-safe, but actually it's just an isolated copy, which is not
3190         thread-safe by itself, but can be used to implement a thread-safe
3191         algorithm through isolation.
3192
3193         * wtf/CrossThreadRefCounted.h: Removed.
3194
3195         * JavaScriptCore.exp: Export!
3196
3197         * wtf/text/StringImpl.cpp:
3198         (WTF::StringImpl::~StringImpl): Removed the stuff mentioned above.
3199
3200         * wtf/text/StringImpl.h:
3201         (WTF::StringImpl::length): Ditto.
3202
3203         (WTF::StringImpl::isolatedCopy): Inlined this, since it's now trivial.
3204
3205         * wtf/text/WTFString.cpp:
3206         (WTF::String::isolatedCopy):
3207         * wtf/text/WTFString.h: Updated for StringImpl changes.
3208
3209         * API/OpaqueJSString.h:
3210         * GNUmakefile.list.am:
3211         * JavaScriptCore.exp:
3212         * JavaScriptCore.gypi:
3213         * JavaScriptCore.order:
3214         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
3215         * JavaScriptCore.xcodeproj/project.pbxproj:
3216         * wtf/CMakeLists.txt:
3217         * wtf/OwnFastMallocPtr.h:
3218         * wtf/RefCounted.h:
3219         * wtf/SizeLimits.cpp:
3220         * wtf/ThreadSafeRefCounted.h:
3221         * wtf/wtf.pri:
3222         * yarr/YarrPattern.h: Updated these files to accomodate removal of
3223         CrossThreadRefCounted.h.
3224
3225 2011-10-24  Oliver Hunt  <oliver@apple.com>
3226
3227         Crash in void JSC::validateCell<JSC::RegExp*>(JSC::RegExp*)
3228         https://bugs.webkit.org/show_bug.cgi?id=70689
3229
3230         Reviewed by Filip Pizlo.
3231
3232         While performing codegen we need to make the GlobalData explicitly
3233         aware of the codeblock being compiled, as compilation may trigger GC
3234         and CodeBlock holds GC values, but has not yet been assigned to its
3235         owner executable.
3236
3237         * bytecompiler/BytecodeGenerator.cpp:
3238         (JSC::BytecodeGenerator::BytecodeGenerator):
3239         (JSC::BytecodeGenerator::~BytecodeGenerator):
3240         * bytecompiler/BytecodeGenerator.h:
3241         * heap/AllocationSpace.cpp:
3242         (JSC::AllocationSpace::allocateSlowCase):
3243         * heap/Heap.cpp:
3244         (JSC::Heap::markRoots):
3245         * runtime/JSGlobalData.cpp:
3246         (JSC::JSGlobalData::JSGlobalData):
3247         * runtime/JSGlobalData.h:
3248         (JSC::JSGlobalData::startedCompiling):
3249         (JSC::JSGlobalData::finishedCompiling):
3250
3251 2011-10-24  Filip Pizlo  <fpizlo@apple.com>
3252
3253         Object-or-other branch speculation may corrupt the state for OSR if the child of the
3254         branch is an integer
3255         https://bugs.webkit.org/show_bug.cgi?id=70777
3256
3257         Reviewed by Oliver Hunt.
3258
3259         * dfg/DFGSpeculativeJIT64.cpp:
3260         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
3261
3262 2011-10-24  Filip Pizlo  <fpizlo@apple.com>
3263
3264         op_new_array_buffer is not inlined correctly
3265         https://bugs.webkit.org/show_bug.cgi?id=70770
3266
3267         Reviewed by Oliver Hunt.
3268         
3269         Disabled inlining of op_new_array_buffer, for now.
3270
3271         * dfg/DFGCapabilities.h:
3272         (JSC::DFG::canInlineOpcode):
3273
3274 2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
3275
3276         Add boolean speculations to DFG JIT 32_64
3277         https://bugs.webkit.org/show_bug.cgi?id=70706
3278
3279         Reviewed by Filip Pizlo.
3280
3281         Different from the boolean speculations in DFG 64, the boolean
3282         speculations in DFG 32_64 will use a 32bit GPR to hold the primitive
3283         boolean instead of a JSBoolean. This choice is not only for
3284         performance, but also to save a register as we're short of registers on
3285         X86.
3286         To accomplish this we make use of DataFormatBoolean, allow a value to
3287         be represented as a primitive boolean and converted from/to a
3288         JSBoolean.
3289         This patch also fixes SpillOrder in 32_64, which should be different
3290         from 64, and fixes needDataFormatConversion logic in 32_64.
3291
3292         * assembler/MacroAssemblerX86Common.h:
3293         (JSC::MacroAssemblerX86Common::branchTest32):
3294             We don't expect byte test actually as it doesn't work for registers
3295             esp..edi on X86.
3296         * dfg/DFGGenerationInfo.h:
3297         (JSC::DFG::needDataFormatConversion):
3298         (JSC::DFG::GenerationInfo::initBoolean):
3299         (JSC::DFG::GenerationInfo::gpr):
3300         (JSC::DFG::GenerationInfo::fillInteger):
3301         (JSC::DFG::GenerationInfo::fillBoolean):
3302         * dfg/DFGJITCodeGenerator.cpp:
3303         (JSC::DFG::JITCodeGenerator::checkConsistency):
3304         * dfg/DFGJITCodeGenerator.h:
3305         (JSC::DFG::JITCodeGenerator::use):
3306         (JSC::DFG::JITCodeGenerator::silentSpillGPR):
3307         (JSC::DFG::JITCodeGenerator::silentFillGPR):
3308         (JSC::DFG::JITCodeGenerator::spill):
3309         (JSC::DFG::cellResult):
3310         (JSC::DFG::booleanResult):
3311         * dfg/DFGJITCodeGenerator32_64.cpp:
3312         (JSC::DFG::JITCodeGenerator::fillJSValue):
3313         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
3314         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
3315         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
3316         * dfg/DFGJITCompiler32_64.cpp:
3317         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
3318         * dfg/DFGSpeculativeJIT.cpp:
3319         (JSC::DFG::ValueSource::dump):
3320         (JSC::DFG::ValueRecovery::dump):
3321         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
3322         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
3323         * dfg/DFGSpeculativeJIT.h:
3324         (JSC::DFG::ValueSource::forPrediction):
3325         (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
3326         (JSC::DFG::ValueRecovery::inGPR):
3327         (JSC::DFG::ValueRecovery::gpr):
3328         * dfg/DFGSpeculativeJIT32_64.cpp:
3329         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
3330         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3331         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
3332         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
3333         (JSC::DFG::SpeculativeJIT::compare):
3334         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
3335         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
3336         (JSC::DFG::SpeculativeJIT::emitBranch):
3337         (JSC::DFG::SpeculativeJIT::compile):
3338
3339 2011-10-24  Mark Hahnenberg  <mhahnenberg@apple.com>
3340
3341         Fixing Windows build
3342
3343         Unreviewed build fix
3344
3345         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3346
3347 2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
3348
3349         BitVector isInline check could fail
3350         https://bugs.webkit.org/show_bug.cgi?id=70691
3351
3352         Reviewed by Geoffrey Garen.
3353
3354         Current BitVector uses the highest bit of m_bitsOrPointer to indicate
3355         whether it's an inlined bit set or a pointer to an outOfLine bit set.
3356         This check may fail in case the pointer also has the highest bit set,
3357         which is surely possible on IA32 (Linux).
3358         In this case the check failure can result in unexpected behaviors,
3359         for example if the BitVector is incorrectly determined as having an
3360         inlined bit set, then setting a bit exceeding maxInlineBits will wrongly
3361         modify the memory adjacent to the BitVector object.
3362         This fix is to use the lowest bit of m_bitsOrPointer to indicate inline
3363         or outofline, based on the assumption that the pointer to OutOfLineBits
3364         should be 4 or 8 byte aligned.
3365         We could mark the lowest bit (bit 0) with 1 for inlined bit set,
3366         and bits 1~bitsInPointer are used for bit set/test.
3367         In this case we need do one bit more shift for bit set/test.
3368
3369         * wtf/BitVector.cpp:
3370         (WTF::BitVector::resizeOutOfLine):
3371         * wtf/BitVector.h:
3372         (WTF::BitVector::quickGet):
3373         (WTF::BitVector::quickSet):
3374         (WTF::BitVector::quickClear):
3375         (WTF::BitVector::makeInlineBits):
3376         (WTF::BitVector::isInline):
3377
3378 2011-10-24  Mark Hahnenberg  <mhahnenberg@apple.com>
3379
3380         Rename static getOwnPropertySlot to getOwnPropertySlotByIndex
3381         https://bugs.webkit.org/show_bug.cgi?id=70271
3382
3383         Reviewed by Darin Adler.
3384
3385         Renaming versions of getOwnPropertySlot that use an unsigned as the property
3386         name to "getOwnPropertySlotByIndex" in preparation for adding them to the 
3387         MethodTable, which requires unique names for each method.
3388
3389         * JavaScriptCore.exp:
3390         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3391         * runtime/Arguments.cpp:
3392         (JSC::Arguments::getOwnPropertySlotVirtual):
3393         (JSC::Arguments::getOwnPropertySlotByIndex):
3394         * runtime/Arguments.h:
3395         * runtime/JSArray.cpp:
3396         (JSC::JSArray::getOwnPropertySlotVirtual):
3397         (JSC::JSArray::getOwnPropertySlotByIndex):
3398         (JSC::JSArray::getOwnPropertySlot):
3399         * runtime/JSArray.h:
3400         * runtime/JSByteArray.cpp:
3401         (JSC::JSByteArray::getOwnPropertySlotVirtual):
3402         (JSC::JSByteArray::getOwnPropertySlotByIndex):
3403         * runtime/JSByteArray.h:
3404         * runtime/JSCell.cpp:
3405         (JSC::JSCell::getOwnPropertySlotVirtual):
3406         (JSC::JSCell::getOwnPropertySlotByIndex):
3407         * runtime/JSCell.h:
3408         * runtime/JSNotAnObject.cpp:
3409         (JSC::JSNotAnObject::getOwnPropertySlotVirtual):
3410         (JSC::JSNotAnObject::getOwnPropertySlotByIndex):
3411         * runtime/JSNotAnObject.h:
3412         * runtime/JSObject.cpp:
3413         (JSC::JSObject::getOwnPropertySlotVirtual):
3414         (JSC::JSObject::getOwnPropertySlotByIndex):
3415         * runtime/JSObject.h:
3416         * runtime/JSString.cpp:
3417         (JSC::JSString::getOwnPropertySlotVirtual):
3418         (JSC::JSString::getOwnPropertySlotByIndex):
3419         * runtime/JSString.h:
3420         * runtime/ObjectPrototype.cpp:
3421         (JSC::ObjectPrototype::getOwnPropertySlotVirtual):
3422         (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
3423         * runtime/ObjectPrototype.h:
3424         * runtime/RegExpMatchesArray.h:
3425         (JSC::RegExpMatchesArray::getOwnPropertySlotVirtual):
3426         (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
3427         * runtime/StringObject.cpp:
3428         (JSC::StringObject::getOwnPropertySlotVirtual):
3429         (JSC::StringObject::getOwnPropertySlotByIndex):
3430         * runtime/StringObject.h:
3431
3432 2011-10-24  Patrick Gansterer  <paroga@webkit.org>
3433
3434         Interpreter build fix after r98179.
3435
3436         * bytecode/CodeBlock.h:
3437         Moved CodeBlock::baselineVersion() into ENABLE(JIT) block,
3438         since it is only used there.
3439
3440 2011-10-23  Geoffrey Garen  <ggaren@apple.com>
3441
3442         Fixed a typo Darin spotted.
3443
3444         * wtf/StringHasher.h:
3445         (WTF::StringHasher::hash): Expelliarmus!
3446
3447 2011-10-23  Geoffrey Garen  <ggaren@apple.com>
3448
3449         Removed StringImpl::createStrippingNullCharacters
3450         https://bugs.webkit.org/show_bug.cgi?id=70700
3451
3452         Reviewed by David Levin.
3453         
3454         It was unused.
3455
3456         * JavaScriptCore.exp:
3457         * wtf/text/StringImpl.cpp:
3458         * wtf/text/StringImpl.h:
3459
3460 2011-10-22  Filip Pizlo  <fpizlo@apple.com>