NativeError.prototype objects have [[Class]] of "Object" but should be "Error"
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-07-15  Gavin Barraclough  <barraclough@apple.com>
2
3         NativeError.prototype objects have [[Class]] of "Object" but should be "Error"
4         https://bugs.webkit.org/show_bug.cgi?id=55346
5
6         Reviewed by Sam Weinig.
7
8         * runtime/ErrorPrototype.cpp:
9         (JSC::ErrorPrototype::ErrorPrototype):
10             - Switch to putDirect since we're not the only ones tranitioning this Structure now.
11         * runtime/NativeErrorPrototype.cpp:
12         (JSC::NativeErrorPrototype::NativeErrorPrototype):
13         * runtime/NativeErrorPrototype.h:
14             - Switch base class to ErrorPrototype.
15
16 2011-07-15  Gavin Barraclough  <barraclough@apple.com>
17
18         DFG JIT - Where arguments passed are integers, speculate this.
19         https://bugs.webkit.org/show_bug.cgi?id=64630
20
21         Reviewed by Sam Weinig.
22
23         Presently the DFG JIT is overly aggressively predicting double.
24         Use a bit of dynamic information, and curtail this a little.
25
26         * dfg/DFGGraph.cpp:
27         (JSC::DFG::Graph::predictArgumentTypes):
28             - Check for integer arguments.
29         * dfg/DFGGraph.h:
30             - Function declaration.
31         * runtime/Executable.cpp:
32         (JSC::tryDFGCompile):
33         (JSC::FunctionExecutable::compileForCallInternal):
34             - Add call to predictArgumentTypes.
35
36 2011-07-15  Filip Pizlo  <fpizlo@apple.com>
37
38         DFG JIT is inconsistent about fusing branches and speculating
39         integer comparisons for branches.
40         https://bugs.webkit.org/show_bug.cgi?id=64573
41
42         Reviewed by Gavin Barraclough.
43         
44         This patch moves some of NonSpeculativeJIT's functionality up into the
45         JITCodeGenerator superclass so that it can be used from both JITs.  Now,
46         in cases where the speculative JIT doesn't want to speculate but still
47         wants to emit good code, it can reliably emit the same code sequence as
48         the non-speculative JIT.  This patch also extends the non-speculative
49         JIT's compare optimizations to include compare/branch fusing, and
50         extends the speculative JIT's compare optimizations to cover StrictEqual.
51
52         * dfg/DFGJITCodeGenerator.cpp:
53         (JSC::DFG::JITCodeGenerator::isKnownInteger):
54         (JSC::DFG::JITCodeGenerator::isKnownNumeric):
55         (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
56         (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
57         * dfg/DFGJITCodeGenerator.h:
58         (JSC::DFG::JITCodeGenerator::detectPeepHoleBranch):
59         * dfg/DFGNonSpeculativeJIT.cpp:
60         (JSC::DFG::NonSpeculativeJIT::compile):
61         * dfg/DFGNonSpeculativeJIT.h:
62         * dfg/DFGOperations.cpp:
63         * dfg/DFGSpeculativeJIT.cpp:
64         (JSC::DFG::SpeculativeJIT::compare):
65         (JSC::DFG::SpeculativeJIT::compile):
66         * dfg/DFGSpeculativeJIT.h:
67         * wtf/Platform.h:
68
69 2011-07-14  Gavin Barraclough  <barraclough@apple.com>
70
71         https://bugs.webkit.org/show_bug.cgi?id=64250
72         Global strict mode function leaking global object as "this".
73
74         Reviewed by Oliver Hunt.
75
76         The root problem here is that we pass the wrong values into
77         calls, and then try to fix them up in the callee. Correct
78         behaviour per the spec is to pass in the value undefined,
79         as this unless either (1) the function call is based on an
80         explicit property access or (2) the base of the call comes
81         directly from a 'with'.
82
83         This change does away with the need for this conversion of
84         objects (non strict code should only box primitives), and
85         does away with all this conversion for strict functions.
86
87         This patch may have web compatibility ramifications, and may
88         require some advocacy.
89
90         * bytecode/CodeBlock.cpp:
91         (JSC::CodeBlock::dump):
92             - Removed op_convert_this_strict, added op_resolve_with_this.
93         * bytecode/Opcode.h:
94             - Removed op_convert_this_strict, added op_resolve_with_this.
95         * bytecompiler/BytecodeGenerator.cpp:
96         (JSC::BytecodeGenerator::BytecodeGenerator):
97         (JSC::BytecodeGenerator::emitResolveWithThis):
98             - Removed op_convert_this_strict, added op_resolve_with_this.
99         * bytecompiler/BytecodeGenerator.h:
100             - Removed op_convert_this_strict, added op_resolve_with_this.
101         * bytecompiler/NodesCodegen.cpp:
102         (JSC::EvalFunctionCallNode::emitBytecode):
103         (JSC::FunctionCallResolveNode::emitBytecode):
104             - Removed op_convert_this_strict, added op_resolve_with_this.
105         * dfg/DFGSpeculativeJIT.cpp:
106         (JSC::DFG::SpeculativeJIT::compile):
107             - Change NeedsThisConversion check to test for JSString's vptr
108               (objects no longer need conversion).
109         * interpreter/Interpreter.cpp:
110         (JSC::Interpreter::resolveThisAndProperty):
111             - Based on resolveBaseAndProperty, but produce correct this value.
112         (JSC::Interpreter::privateExecute):
113             - Removed op_convert_this_strict, added op_resolve_with_this.
114         * interpreter/Interpreter.h:
115         * jit/JIT.cpp:
116         (JSC::JIT::privateCompileMainPass):
117         (JSC::JIT::privateCompileSlowCases):
118             - Removed op_convert_this_strict, added op_resolve_with_this.
119         * jit/JIT.h:
120         * jit/JITOpcodes.cpp:
121         (JSC::JIT::emit_op_resolve_with_this):
122             - Removed op_convert_this_strict, added op_resolve_with_this.
123         (JSC::JIT::emit_op_convert_this):
124         (JSC::JIT::emitSlow_op_convert_this):
125             - Change NeedsThisConversion check to test for JSString's vptr
126               (objects no longer need conversion).
127         * jit/JITOpcodes32_64.cpp:
128         (JSC::JIT::emit_op_resolve_with_this):
129             - Removed op_convert_this_strict, added op_resolve_with_this.
130         (JSC::JIT::emit_op_convert_this):
131         (JSC::JIT::emitSlow_op_convert_this):
132             - Change NeedsThisConversion check to test for JSString's vptr
133               (objects no longer need conversion).
134         * jit/JITStubs.cpp:
135         (JSC::DEFINE_STUB_FUNCTION):
136             - Removed op_convert_this_strict, added op_resolve_with_this.
137         * jit/JITStubs.h:
138             - Removed op_convert_this_strict, added op_resolve_with_this.
139         * runtime/JSActivation.h:
140             - removed NeedsThisConversion flag, added IsEnvironmentRecord.
141         * runtime/JSStaticScopeObject.h:
142             - removed NeedsThisConversion flag, added IsEnvironmentRecord.
143         * runtime/JSString.h:
144         (JSC::RopeBuilder::createStructure):
145             - removed NeedsThisConversion.
146         * runtime/JSTypeInfo.h:
147         (JSC::TypeInfo::isEnvironmentRecord):
148         (JSC::TypeInfo::overridesHasInstance):
149             - removed NeedsThisConversion flag, added IsEnvironmentRecord.
150         * runtime/JSValue.h:
151             - removed NeedsThisConversion.
152         * runtime/JSVariableObject.h:
153             - Corrected StructureFlags inheritance.
154         * runtime/StrictEvalActivation.h:
155         (JSC::StrictEvalActivation::createStructure):
156             - Added IsEnvironmentRecord to StructureFlags, addded createStructure.
157         * runtime/Structure.h:
158             - removed NeedsThisConversion.
159         * tests/mozilla/ecma/String/15.5.4.6-2.js:
160         (getTestCases):
161             - Removed invalid test case.
162
163 2011-07-15  Sheriff Bot  <webkit.review.bot@gmail.com>
164
165         Unreviewed, rolling out r91082, r91087, and r91089.
166         http://trac.webkit.org/changeset/91082
167         http://trac.webkit.org/changeset/91087
168         http://trac.webkit.org/changeset/91089
169         https://bugs.webkit.org/show_bug.cgi?id=64616
170
171         gtk tests are failing a lot after this change. (Requested by
172         dave_levin on #webkit).
173
174         * wtf/ThreadIdentifierDataPthreads.cpp:
175         (WTF::ThreadIdentifierData::identifier):
176         (WTF::ThreadIdentifierData::initialize):
177         (WTF::ThreadIdentifierData::initializeKeyOnceHelper):
178         (WTF::ThreadIdentifierData::initializeKeyOnce):
179         * wtf/ThreadIdentifierDataPthreads.h:
180         * wtf/ThreadingPthreads.cpp:
181         (WTF::initializeThreading):
182
183 2011-07-15  David Levin  <levin@chromium.org>
184
185         Another attempted build fix.
186
187         * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
188         up the definition of PTHREAD_KEYS_MAX.
189
190 2011-07-15  David Levin  <levin@chromium.org>
191
192         Chromium build fix.
193
194         * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
195         up the definition of PTHREAD_KEYS_MAX.
196
197 2011-07-14  David Levin  <levin@chromium.org>
198
199         currentThread is too slow!
200         https://bugs.webkit.org/show_bug.cgi?id=64577
201
202         Reviewed by Darin Adler and Dmitry Titov.
203
204         The problem is that currentThread results in a pthread_once call which always takes a lock.
205         With this change, currentThread is 10% faster than isMainThread in release mode and only
206         5% slower than isMainThread in debug.
207
208         * wtf/ThreadIdentifierDataPthreads.cpp:
209         (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
210         which is no longer needed because this is called from initializeThreading().
211         (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
212         intialization of the pthread key should already be done.
213         (WTF::ThreadIdentifierData::initialize): Ditto.
214         * wtf/ThreadIdentifierDataPthreads.h:
215         * wtf/ThreadingPthreads.cpp:
216         (WTF::initializeThreading): Acquire the pthread key here.
217
218 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
219
220         DFG JIT does not optimize Branch as well as it could.
221         https://bugs.webkit.org/show_bug.cgi?id=64574
222
223         Reviewed by Gavin Barraclough.
224         
225         This creates a common code path for emitting unfused branches, which does
226         no speculation, and only performs a slow call if absolutely necessary.
227
228         * dfg/DFGJITCodeGenerator.cpp:
229         (JSC::DFG::JITCodeGenerator::emitBranch):
230         * dfg/DFGJITCodeGenerator.h:
231         * dfg/DFGNonSpeculativeJIT.cpp:
232         (JSC::DFG::NonSpeculativeJIT::compile):
233         * dfg/DFGSpeculativeJIT.cpp:
234         (JSC::DFG::SpeculativeJIT::compile):
235
236 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
237
238         GC allocation fast path has too many operations.
239         https://bugs.webkit.org/show_bug.cgi?id=64493
240
241         Reviewed by Darin Adler.
242         
243         Changed the timing of the lazy sweep so that it occurs when we land on
244         a previously-unsweeped block, rather than whenever we land on an unsweeped
245         cell.  After the per-block lazy sweep occurs, the block is turned into a
246         singly linked list of free cells.  The allocation fast path is now just a
247         load-branch-store to remove a cell from the head of the list.
248         
249         Additionally, this changes the way new blocks are allocated.  Previously,
250         they would be populated with dummy cells.  With this patch, they are
251         turned into a free list, which means that there will never be destructor
252         calls for allocations in fresh blocks.
253         
254         These changes result in a 1.9% speed-up on V8, and a 0.6% speed-up on
255         SunSpider.  There are no observed statistically significant slow-downs
256         on any individual benchmark.
257
258         * JavaScriptCore.exp:
259         * heap/Heap.cpp:
260         (JSC::Heap::allocateSlowCase):
261         (JSC::Heap::collect):
262         (JSC::Heap::canonicalizeBlocks):
263         (JSC::Heap::resetAllocator):
264         * heap/Heap.h:
265         (JSC::Heap::forEachProtectedCell):
266         (JSC::Heap::forEachCell):
267         (JSC::Heap::forEachBlock):
268         (JSC::Heap::allocate):
269         * heap/MarkedBlock.cpp:
270         (JSC::MarkedBlock::MarkedBlock):
271         (JSC::MarkedBlock::lazySweep):
272         (JSC::MarkedBlock::blessNewBlockForFastPath):
273         (JSC::MarkedBlock::blessNewBlockForSlowPath):
274         (JSC::MarkedBlock::canonicalizeBlock):
275         * heap/MarkedBlock.h:
276         * heap/NewSpace.cpp:
277         (JSC::NewSpace::addBlock):
278         (JSC::NewSpace::canonicalizeBlocks):
279         * heap/NewSpace.h:
280         (JSC::NewSpace::allocate):
281         (JSC::NewSpace::SizeClass::SizeClass):
282         (JSC::NewSpace::SizeClass::canonicalizeBlock):
283         * heap/OldSpace.cpp:
284         (JSC::OldSpace::addBlock):
285
286 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
287
288         DFG JIT crashes on host constructor calls in debug mode.
289         https://bugs.webkit.org/show_bug.cgi?id=64562
290         
291         Reviewed by Gavin Barraclough.
292         
293         Fixed the relevant ASSERT.
294
295         * dfg/DFGOperations.cpp:
296
297 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
298
299         DFG speculative JIT contains a FIXME for rewinding speculative code generation that
300         has already been fixed.
301         https://bugs.webkit.org/show_bug.cgi?id=64022
302
303         Reviewed by Gavin Barraclough.
304
305         * dfg/DFGSpeculativeJIT.h:
306         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
307
308 2011-07-14  Ryuan Choi  <ryuan.choi@samsung.com>
309
310         [EFL] Add OwnPtr specialization for Ecore_Pipe.
311         https://bugs.webkit.org/show_bug.cgi?id=64515
312
313         Add an overload for deleteOwnedPtr(Ecore_Pipe*) on EFL port.
314
315         Reviewed by Xan Lopez.
316
317         * wtf/OwnPtrCommon.h:
318         * wtf/efl/OwnPtrEfl.cpp:
319         (WTF::deleteOwnedPtr):
320
321 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
322
323         DFG JIT unnecessarily boxes and unboxes values during silent spilling.
324         https://bugs.webkit.org/show_bug.cgi?id=64068
325
326         Reviewed by Gavin Barraclough.
327         
328         Silent spilling and filling of registers is done during slow-path C
329         function calls.  The silent spill/fill logic does not affect register
330         allocation on paths that don't involve the C function call.
331         
332         This changes the silent spilling code to spill in unboxed form.  The
333         silent fill will refill in whatever form the register was spilled in.
334         For example, the silent spill code may choose not to spill the register
335         because it was already spilled previously, which would imply that it
336         was spilled in boxed form.  The filling code detects this and either
337         unboxes, or not, depending on what is appropriate.
338         
339         This change also results in a simplification of the silent spill/fill
340         API: silent spilling no longer needs to know about the set of registers
341         that cannot be trampled, since it never does boxing and hence does not
342         need a temporary register.
343
344         * dfg/DFGJITCodeGenerator.cpp:
345         (JSC::DFG::JITCodeGenerator::cachedGetById):
346         (JSC::DFG::JITCodeGenerator::cachedPutById):
347         * dfg/DFGJITCodeGenerator.h:
348         (JSC::DFG::JITCodeGenerator::silentSpillGPR):
349         (JSC::DFG::JITCodeGenerator::silentSpillFPR):
350         (JSC::DFG::JITCodeGenerator::silentFillFPR):
351         (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
352         * dfg/DFGNonSpeculativeJIT.cpp:
353         (JSC::DFG::NonSpeculativeJIT::valueToNumber):
354         (JSC::DFG::NonSpeculativeJIT::valueToInt32):
355         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
356         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
357         (JSC::DFG::NonSpeculativeJIT::compare):
358         (JSC::DFG::NonSpeculativeJIT::compile):
359         * dfg/DFGSpeculativeJIT.cpp:
360         (JSC::DFG::SpeculativeJIT::compile):
361
362 2011-07-13  Michael Saboff  <msaboff@apple.com>
363
364         https://bugs.webkit.org/show_bug.cgi?id=64202
365         Enh: Improve handling of RegExp in the form of /.*blah.*/
366
367         Reviewed by Gavin Barraclough.
368
369         Added code to both the Yarr interpreter and JIT to handle
370         these expressions a little differently.  First off, the terms
371         in between the leading and trailing .*'s cannot capture and
372         also this enhancement is limited to single alternative expressions.
373         If an expression is of the right form with the aforementioned
374         restrictions, we process the inner terms and then look for the
375         beginning of the string and end of the string.  There is handling 
376         for multiline expressions to allow the beginning and end to be 
377         right after and right before newlines.
378
379         This enhancement speeds up expressions of this type 12x on
380         a MacBookPro.
381
382         Cleaned up 'case' statement indentation.
383
384         A new set of tests was added as LayoutTests/fast/regex/dotstar.html
385
386         * yarr/YarrInterpreter.cpp:
387         (JSC::Yarr::Interpreter::InputStream::end):
388         (JSC::Yarr::Interpreter::matchDotStarEnclosure):
389         (JSC::Yarr::Interpreter::matchDisjunction):
390         (JSC::Yarr::ByteCompiler::assertionDotStarEnclosure):
391         (JSC::Yarr::ByteCompiler::emitDisjunction):
392         * yarr/YarrInterpreter.h:
393         (JSC::Yarr::ByteTerm::DotStarEnclosure):
394         * yarr/YarrJIT.cpp:
395         (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
396         (JSC::Yarr::YarrGenerator::backtrackDotStarEnclosure):
397         (JSC::Yarr::YarrGenerator::generateTerm):
398         (JSC::Yarr::YarrGenerator::backtrackTerm):
399         * yarr/YarrPattern.cpp:
400         (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
401         (JSC::Yarr::YarrPatternConstructor::containsCapturingTerms):
402         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
403         (JSC::Yarr::YarrPattern::compile):
404         * yarr/YarrPattern.h:
405         (JSC::Yarr::PatternTerm::PatternTerm):
406
407 2011-07-13  Xan Lopez  <xlopez@igalia.com>
408
409         [GTK] Fix distcheck
410
411         Reviewed by Martin Robinson.
412
413         * GNUmakefile.list.am: add missing files.
414
415 2011-07-13  Filip Pizlo  <fpizlo@apple.com>
416
417         DFG JIT does not implement prototype chain or list caching for get_by_id.
418         https://bugs.webkit.org/show_bug.cgi?id=64147
419
420         Reviewed by Gavin Barraclough.
421         
422         This implements unified support for prototype caching, prototype chain
423         caching, and polymorphic (i.e. list) prototype and prototype chain
424         caching.  This is done by creating common code for emitting prototype
425         or chain access stubs, and having it factored out into
426         generateProtoChainAccessStub().  This function is called by
427         tryCacheGetByID once the latter determines that some form of prototype
428         access caching is necessary (i.e. the slot being accessed is not on the
429         base value but on some other object).
430         
431         Direct prototype list, and prototype chain list, caching is implemented by
432         linking the slow path to operationGetByIdProtoBuildList(), which uses the
433         same helper function (generateProtoChainAccessStub()) as tryCacheGetByID.
434         
435         This change required ensuring that the value in the scratchGPR field in
436         StructureStubInfo is preserved even after the stub info is in the
437         chain, or proto_list, states.  Hence scratchGPR was moved out of the union
438         and into the top-level of StructureStubInfo.
439         
440         * bytecode/StructureStubInfo.h:
441         * dfg/DFGJITCompiler.cpp:
442         (JSC::DFG::JITCompiler::compileFunction):
443         * dfg/DFGOperations.cpp:
444         * dfg/DFGOperations.h:
445         * dfg/DFGRepatch.cpp:
446         (JSC::DFG::emitRestoreScratch):
447         (JSC::DFG::linkRestoreScratch):
448         (JSC::DFG::generateProtoChainAccessStub):
449         (JSC::DFG::tryCacheGetByID):
450         (JSC::DFG::tryBuildGetByIDProtoList):
451         (JSC::DFG::dfgBuildGetByIDProtoList):
452         (JSC::DFG::tryCachePutByID):
453         * dfg/DFGRepatch.h:
454
455 2011-07-12  Brent Fulgham  <bfulgham@webkit.org>
456
457         Standardize WinCairo conditionalized code under PLATFORM macro.
458         https://bugs.webkit.org/show_bug.cgi?id=64377
459
460         Reviewed by Maciej Stachowiak.
461
462         * wtf/Platform.h: Update to use PLATFORM(WIN_CAIRO) for tests.
463
464 2011-07-13  David Levin  <levin@chromium.org>
465
466         Possible race condition in ThreadIdentifierData::initializeKeyOnce and shouldCallRealDebugger.
467         https://bugs.webkit.org/show_bug.cgi?id=64465
468
469         Reviewed by Dmitry Titov.
470
471         There isn't a good way to test this as it is very highly unlikely to occur.
472
473         * wtf/ThreadIdentifierDataPthreads.cpp:
474         (WTF::ThreadIdentifierData::initializeKeyOnce): Since scoped static initialization
475         isn't thread-safe, change the initialization to be global.
476
477 2011-07-12  Gavin Barraclough  <barraclough@apple.com>
478
479         https://bugs.webkit.org/show_bug.cgi?id=64424
480         Our direct eval behaviour deviates slightly from the spec.
481
482         Reviewed by Oliver Hunt.
483
484         The ES5 spec defines a concept of 'Direct Call to Eval' (see section 15.1.2.1.1), where
485         behaviour will differ from that of an indirect call (e.g. " { eval: window.eval }.eval();"
486         or "var a = eval; a();" are indirect calls), particularly in non-strict scopes variables
487         may be introduced into the caller's environment.
488
489         ES5 direct calls are any call where the callee function is provided by a reference, a base
490         of that Reference is an EnvironmentRecord (this corresponds to all productions
491         "PrimaryExpression: Identifier", see 10.2.2.1 GetIdentifierReference), and where the name
492         of the reference is "eval". This means any expression of the form "eval(...)", and that
493         calls the standard built in eval method from on the Global Object, is considered to be
494         direct.
495
496         In JavaScriptCore we are currently overly restrictive. We also check that the
497         EnvironmentRecord that is the base of the reference is the Declaractive Environment Record
498         at the root of the scope chain, corresponding to the Global Object - an "eval(..)" statement
499         that hits a var eval in a nested scope is not considered to be direct. This behaviour does
500         not emanate from the spec, and is incorrect.
501
502         * interpreter/Interpreter.cpp:
503         (JSC::Interpreter::privateExecute):
504             - Fixed direct eval check in op_call_eval.
505         * jit/JITStubs.cpp:
506         (JSC::DEFINE_STUB_FUNCTION):
507             - Fixed direct eval check in op_call_eval.
508         * runtime/Executable.h:
509         (JSC::isHostFunction):
510             - Added check for host function with specific NativeFunction.
511
512 2011-07-13  Ademar de Souza Reis Jr.  <ademar.reis@openbossa.org>
513
514         Reviewed by Andreas Kling.
515
516         Broken build on QNX
517         https://bugs.webkit.org/show_bug.cgi?id=63717
518
519         QNX doesn't support pthread's SA_RESTART (required by
520         JSC_MULTIPLE_THREADS), JIT is broken at runtime and there a
521         few minor compilation errors here and there.
522
523         Original patch by Ritt Konstantin <ritt.ks@gmail.com>, also
524         tested by him on QNX v6.5 (x86)
525
526         * wtf/DateMath.cpp: fix usage of abs/labs
527         * wtf/Platform.h: Disable JIT and JSC_MULTIPLE_THREADS
528         * wtf/StackBounds.cpp: Add a couple of missing includes (and sort them)
529
530 2011-07-12  Anders Carlsson  <andersca@apple.com>
531
532         If a compiler has nullptr support, include <cstddef> to get the nullptr_t definition
533         https://bugs.webkit.org/show_bug.cgi?id=64429
534
535         Include the cstddef which has the nullptr_t typedef according to the C++0x standard.
536
537         * wtf/NullPtr.h:
538
539 2011-07-13  MORITA Hajime  <morrita@google.com>
540
541         Refactoring: Ignored ExceptionCode value should be less annoying.
542         https://bugs.webkit.org/show_bug.cgi?id=63688
543
544         Added ASSERT_AT macro.
545
546         Reviewed by Darin Adler.
547
548         * wtf/Assertions.h:
549
550 2011-07-12  Filip Pizlo  <fpizlo@apple.com>
551
552         DFG JIT does not implement op_construct.
553         https://bugs.webkit.org/show_bug.cgi?id=64066
554
555         Reviewed by Gavin Barraclough.
556         
557         This is a fixed implementation of op_construct.  Constructor calls are implemented
558         by reusing almost all of the code for Call, with care taken to make sure that
559         where the are differences (like selecting different code blocks), those differences
560         are respected.  The two fixes over the last patch are: (1) make sure the
561         CodeBlock::unlinkCalls respects differences between Call and Construct, and (2)
562         make sure that virtualFor() in DFGOperations respects the CodeSpecializationKind
563         (either CodeForCall or CodeForConstruct) when invoking the compiler.
564
565         * dfg/DFGAliasTracker.h:
566         (JSC::DFG::AliasTracker::recordConstruct):
567         * dfg/DFGByteCodeParser.cpp:
568         (JSC::DFG::ByteCodeParser::addCall):
569         (JSC::DFG::ByteCodeParser::parseBlock):
570         * dfg/DFGJITCodeGenerator.cpp:
571         (JSC::DFG::JITCodeGenerator::emitCall):
572         * dfg/DFGNode.h:
573         * dfg/DFGNonSpeculativeJIT.cpp:
574         (JSC::DFG::NonSpeculativeJIT::compile):
575         * dfg/DFGOperations.cpp:
576         * dfg/DFGOperations.h:
577         * dfg/DFGRepatch.cpp:
578         (JSC::DFG::dfgLinkFor):
579         * dfg/DFGRepatch.h:
580         * dfg/DFGSpeculativeJIT.cpp:
581         (JSC::DFG::SpeculativeJIT::compile):
582         * runtime/CodeBlock.cpp:
583         (JSC::CodeBlock::unlinkCalls):
584
585 2011-07-12  Oliver Hunt  <oliver@apple.com>
586
587         Overzealous type validation in method_check
588         https://bugs.webkit.org/show_bug.cgi?id=64415
589
590         Reviewed by Gavin Barraclough.
591
592         method_check is essentially just a value look up
593         optimisation, but it internally stores the value
594         as a JSFunction, even though it never relies on
595         this fact.  Under GC validation however we end up
596         trying to enforce that assumption.  The fix is
597         simply to store the value as a correct supertype.
598
599         * bytecode/CodeBlock.h:
600         * dfg/DFGRepatch.cpp:
601         (JSC::DFG::dfgRepatchGetMethodFast):
602         (JSC::DFG::tryCacheGetMethod):
603         * jit/JIT.h:
604         * jit/JITPropertyAccess.cpp:
605         (JSC::JIT::patchMethodCallProto):
606         * jit/JITStubs.cpp:
607         (JSC::DEFINE_STUB_FUNCTION):
608
609 2011-07-12  Filip Pizlo  <fpizlo@apple.com>
610
611         COLLECT_ON_EVERY_ALLOCATION no longer works.
612         https://bugs.webkit.org/show_bug.cgi?id=64388
613
614         Reviewed by Oliver Hunt.
615         
616         Added a flag to Heap that determines if it's safe to collect (which for now means that
617         JSGlobalObject has actually been initialized, but it should work for other things, too).
618         This allows JSGlobalObject to allocate even if the allocator wants to GC; instead of
619         GCing it just grows the heap, if necessary.
620         
621         Then changed Heap::allocate() to not recurse ad infinitum when
622         COLLECT_ON_EVERY_ALLOCATION is set.  This also makes the allocator generally more
623         resilient against bugs; this change allowed me to put in handy assertions, such as that
624         an allocation must succeed after either a collection or after a new block was added.
625
626         * heap/Heap.cpp:
627         (JSC::Heap::Heap):
628         (JSC::Heap::tryAllocate):
629         (JSC::Heap::allocate):
630         (JSC::Heap::collectAllGarbage):
631         (JSC::Heap::collect):
632         * heap/Heap.h:
633         (JSC::Heap::notifyIsSafeToCollect):
634         * runtime/JSGlobalData.cpp:
635         (JSC::JSGlobalData::JSGlobalData):
636
637 2011-07-12  Filip Pizlo  <fpizlo@apple.com>
638
639         DFG JIT put_by_id transition caching does not inform the GC about the structure and
640         prototype chain that it is referencing.
641         https://bugs.webkit.org/show_bug.cgi?id=64387
642
643         Reviewed by Gavin Barraclough.
644         
645         Fixed the relevant code in DFGRepatch to call StructureStubInfo::initPutByIdTransition().
646
647         * dfg/DFGRepatch.cpp:
648         (JSC::DFG::tryCachePutByID):
649
650 2011-07-12  Adam Roben  <aroben@apple.com>
651
652         Ensure no intermediate WTF::Strings are created when concatenating with string literals
653
654         Fixes <http://webkit.org/b/63330> Concatenating string literals and WTF::Strings using
655         operator+ is suboptimal
656
657         Reviewed by Darin Adler.
658
659         * wtf/text/StringConcatenate.h:
660         (WTF::StringTypeAdapter<String>::writeTo): Added a macro that can be used for testing how
661         many WTF::Strings get copied while evaluating an operator+ expression.
662
663         * wtf/text/StringOperators.h:
664         (WTF::operator+): Changed the overload that takes a StringAppend to take it on the left-hand
665         side, since operator+ is left-associative. Having the StringAppend on the right-hand side
666         was causing us to make intermediate WTF::Strings when evaluating expressions that contained
667         multiple calls to operator+. Added some more overloads for that take a left-hand side of
668         const char* to resolve overload ambiguity for certain expressions. Added overloads that take
669         a left-hand side of const UChar* (matching the const char* overloads) so that wide string
670         literals don't first have to be converted to a WTF::String in operator+ expressions.
671
672 2011-07-12  Adam Roben  <aroben@apple.com>
673
674         Unreviewed, rolling out r90811.
675         http://trac.webkit.org/changeset/90811
676         https://bugs.webkit.org/show_bug.cgi?id=61025
677
678         Several svg tests failing assertions beneath
679         SVGSMILElement::findInstanceTime
680
681         * wtf/StdLibExtras.h:
682         (WTF::binarySearch):
683
684 2011-07-12  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
685
686         Reviewed by Nikolas Zimmermann.
687
688         Speed up SVGSMILElement::findInstanceTime.
689         https://bugs.webkit.org/show_bug.cgi?id=61025
690
691         Add a new parameter to StdlibExtras.h::binarySerarch function
692         to also handle cases when the array does not contain the key value.
693         This is needed for an svg function.
694
695         * wtf/StdLibExtras.h:
696         (WTF::binarySearch):
697
698 2011-07-11  Filip Pizlo  <fpizlo@apple.com>
699
700         DFG speculative JIT does not guard itself against floating point speculation
701         failures on non-floating-point constants.
702         https://bugs.webkit.org/show_bug.cgi?id=64330
703
704         Reviewed by Gavin Barraclough.
705         
706         Made fillSpeculateDouble immediate invoke terminateSpeculativeExecution() as
707         soon as it notices that it's speculating on something that is a non-numeric
708         JSConstant.
709
710         * dfg/DFGSpeculativeJIT.cpp:
711         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
712
713 2011-07-11  Filip Pizlo  <fpizlo@apple.com>
714
715         DFG Speculative JIT does not always insert speculation checks when speculating
716         arrays.
717         https://bugs.webkit.org/show_bug.cgi?id=64254
718
719         Reviewed by Gavin Barraclough.
720         
721         Changed the SetLocal instruction to always validate that the value being stored
722         into the local variable is an array, if that variable was marked PredictArray.
723         This is necessary since uses of arrays assume that if a PredictArray value is
724         in a local variable then the speculation check validating that the value is an
725         array was already performed.
726
727         * dfg/DFGSpeculativeJIT.cpp:
728         (JSC::DFG::SpeculativeJIT::compile):
729
730 2011-07-11  Gabor Loki  <loki@webkit.org>
731
732         Fix the condition of the optimized code in doubleTransfer
733         https://bugs.webkit.org/show_bug.cgi?id=64261
734
735         Reviewed by Zoltan Herczeg.
736
737         The condition of the optimized code in doubleTransfer is wrong. The
738         data transfer should be executed with four bytes aligned address.
739         VFP cannot perform unaligned memory access.
740
741         Reported by Jacob Bramley.
742
743         * assembler/ARMAssembler.cpp:
744         (JSC::ARMAssembler::doubleTransfer):
745
746 2011-07-11  Gabor Loki  <loki@webkit.org>
747
748         Signed arithmetic bug in dataTransfer32.
749         https://bugs.webkit.org/show_bug.cgi?id=64257
750
751         Reviewed by Zoltan Herczeg.
752
753         An arithmetic bug is fixed. If the offset of dataTransfer is half of the
754         addressable memory space on a 32-bit machine (-2147483648 = 0x80000000)
755         a load instruction is emitted with a wrong zero offset.
756
757         Inspired by Jacob Bramley's patch from JaegerMonkey.
758
759         * assembler/ARMAssembler.cpp:
760         (JSC::ARMAssembler::dataTransfer32):
761
762 2011-07-09  Thouraya Andolsi  <thouraya.andolsi@st.com>
763
764         Fix unaligned userspace access for SH4 platforms. 
765         https://bugs.webkit.org/show_bug.cgi?id=62993
766
767         * wtf/Platform.h:
768
769 2011-07-09  Chao-ying Fu  <fu@mips.com>
770
771         Fix MIPS build due to readInt32 and readPointer
772         https://bugs.webkit.org/show_bug.cgi?id=63962
773
774         * assembler/MIPSAssembler.h:
775         (JSC::MIPSAssembler::readInt32):
776         (JSC::MIPSAssembler::readPointer):
777         * assembler/MacroAssemblerMIPS.h:
778         (JSC::MacroAssemblerMIPS::rshift32):
779
780 2011-07-08  Gavin Barraclough  <barraclough@apple.com>
781
782         https://bugs.webkit.org/show_bug.cgi?id=64181
783         REGRESSION (r90602): Gmail doesn't load
784
785         Rolling out r90601, r90602.
786
787         * dfg/DFGAliasTracker.h:
788         * dfg/DFGByteCodeParser.cpp:
789         (JSC::DFG::ByteCodeParser::addVarArgChild):
790         (JSC::DFG::ByteCodeParser::parseBlock):
791         * dfg/DFGJITCodeGenerator.cpp:
792         (JSC::DFG::JITCodeGenerator::emitCall):
793         * dfg/DFGNode.h:
794         * dfg/DFGNonSpeculativeJIT.cpp:
795         (JSC::DFG::NonSpeculativeJIT::compile):
796         * dfg/DFGOperations.cpp:
797         * dfg/DFGOperations.h:
798         * dfg/DFGRepatch.cpp:
799         (JSC::DFG::tryCacheGetByID):
800         (JSC::DFG::dfgLinkCall):
801         * dfg/DFGRepatch.h:
802         * dfg/DFGSpeculativeJIT.cpp:
803         (JSC::DFG::SpeculativeJIT::compile):
804         * runtime/JSObject.h:
805         (JSC::JSObject::isUsingInlineStorage):
806
807 2011-07-08  Kalev Lember  <kalev@smartlink.ee>
808
809         Reviewed by Adam Roben.
810
811         Add missing _WIN32_WINNT and WINVER definitions
812         https://bugs.webkit.org/show_bug.cgi?id=59702
813
814         Moved _WIN32_WINNT and WINVER definitions to config.h so that they are
815         available for all source files.
816
817         In particular, wtf/FastMalloc.cpp uses CreateTimerQueueTimer and
818         DeleteTimerQueueTimer which are both guarded by
819         #if (_WIN32_WINNT >= 0x0500)
820         in MinGW headers.
821
822         * config.h:
823         * wtf/Assertions.cpp:
824
825 2011-07-08  Chang Shu  <cshu@webkit.org>
826
827         Rename "makeSecure" to "fill" and remove the support for displaying last character
828         to avoid layering violatation.
829         https://bugs.webkit.org/show_bug.cgi?id=59114
830
831         Reviewed by Alexey Proskuryakov.
832
833         * JavaScriptCore.exp:
834         * JavaScriptCore.order:
835         * wtf/text/StringImpl.cpp:
836         (WTF::StringImpl::fill):
837         * wtf/text/StringImpl.h:
838         * wtf/text/WTFString.h:
839         (WTF::String::fill):
840
841 2011-07-08  Benjamin Poulain  <benjamin@webkit.org>
842
843         [WK2] Do not forward touch events to the web process when it does not need them
844         https://bugs.webkit.org/show_bug.cgi?id=64164
845
846         Reviewed by Kenneth Rohde Christiansen.
847
848         Add a convenience function to obtain a reference to the last element of a Deque.
849
850         * wtf/Deque.h:
851         (WTF::Deque::last):
852
853 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
854
855         DFG JIT does not implement op_construct.
856         https://bugs.webkit.org/show_bug.cgi?id=64066
857
858         Reviewed by Gavin Barraclough.
859
860         * dfg/DFGAliasTracker.h:
861         (JSC::DFG::AliasTracker::recordConstruct):
862         * dfg/DFGByteCodeParser.cpp:
863         (JSC::DFG::ByteCodeParser::addCall):
864         (JSC::DFG::ByteCodeParser::parseBlock):
865         * dfg/DFGJITCodeGenerator.cpp:
866         (JSC::DFG::JITCodeGenerator::emitCall):
867         * dfg/DFGNode.h:
868         * dfg/DFGNonSpeculativeJIT.cpp:
869         (JSC::DFG::NonSpeculativeJIT::compile):
870         * dfg/DFGOperations.cpp:
871         * dfg/DFGOperations.h:
872         * dfg/DFGRepatch.cpp:
873         (JSC::DFG::dfgLinkFor):
874         * dfg/DFGRepatch.h:
875         * dfg/DFGSpeculativeJIT.cpp:
876         (JSC::DFG::SpeculativeJIT::compile):
877
878 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
879
880         DFG JIT does not implement get_by_id prototype caching.
881         https://bugs.webkit.org/show_bug.cgi?id=64077
882
883         Reviewed by Gavin Barraclough.
884
885         * dfg/DFGRepatch.cpp:
886         (JSC::DFG::emitRestoreScratch):
887         (JSC::DFG::linkRestoreScratch):
888         (JSC::DFG::tryCacheGetByID):
889         * runtime/JSObject.h:
890         (JSC::JSObject::addressOfPropertyAtOffset):
891
892 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
893
894         DFG JIT method_check implementation does not link to optimized get_by_id
895         slow path.
896         https://bugs.webkit.org/show_bug.cgi?id=64073
897
898         Reviewed by Gavin Barraclough.
899
900         * dfg/DFGRepatch.cpp:
901         (JSC::DFG::dfgRepatchGetMethodFast):
902
903 2011-07-07  Oliver Hunt  <oliver@apple.com>
904
905         Encode jump and link sizes into the appropriate enums
906         https://bugs.webkit.org/show_bug.cgi?id=64123
907
908         Reviewed by Sam Weinig.
909
910         Finally kill off the out of line jump and link size arrays, 
911         so we can avoid icky loads and constant fold the linking arithmetic.
912
913         * assembler/ARMv7Assembler.cpp:
914         * assembler/ARMv7Assembler.h:
915         (JSC::ARMv7Assembler::jumpSizeDelta):
916         (JSC::ARMv7Assembler::computeJumpType):
917
918 2011-07-06  Juan C. Montemayor  <jmont@apple.com>
919
920         ASSERT_NOT_REACHED running test 262
921         https://bugs.webkit.org/show_bug.cgi?id=63951
922         
923         Added a case to the switch statement where the code was failing. Fixed
924         some logic as well that gave faulty error messages.
925
926         Reviewed by Gavin Barraclough.
927
928         * parser/JSParser.cpp:
929         (JSC::JSParser::getTokenName):
930         (JSC::JSParser::updateErrorMessageSpecialCase):
931         (JSC::JSParser::updateErrorMessage):
932
933 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
934
935         DFG JIT implementation of op_call results in regressions on sunspider
936         controlflow-recursive.
937         https://bugs.webkit.org/show_bug.cgi?id=64039
938
939         Reviewed by Gavin Barraclough.
940
941         * dfg/DFGByteCodeParser.cpp:
942         (JSC::DFG::ByteCodeParser::isSmallInt32Constant):
943         (JSC::DFG::ByteCodeParser::parseBlock):
944         * dfg/DFGSpeculativeJIT.h:
945         (JSC::DFG::SpeculativeJIT::isInteger):
946
947 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
948
949         DFG JIT does not support method_check
950         https://bugs.webkit.org/show_bug.cgi?id=63972
951
952         Reviewed by Gavin Barraclough.
953
954         * assembler/CodeLocation.h:
955         (JSC::CodeLocationPossiblyNearCall::CodeLocationPossiblyNearCall):
956         * bytecode/CodeBlock.cpp:
957         (JSC::CodeBlock::visitAggregate):
958         * bytecode/CodeBlock.h:
959         (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
960         (JSC::MethodCallLinkInfo::seenOnce):
961         (JSC::MethodCallLinkInfo::setSeen):
962         * dfg/DFGAliasTracker.h:
963         (JSC::DFG::AliasTracker::recordGetMethod):
964         * dfg/DFGByteCodeParser.cpp:
965         (JSC::DFG::ByteCodeParser::parseBlock):
966         * dfg/DFGJITCodeGenerator.cpp:
967         (JSC::DFG::JITCodeGenerator::cachedGetById):
968         (JSC::DFG::JITCodeGenerator::cachedGetMethod):
969         * dfg/DFGJITCodeGenerator.h:
970         * dfg/DFGJITCompiler.cpp:
971         (JSC::DFG::JITCompiler::compileFunction):
972         * dfg/DFGJITCompiler.h:
973         (JSC::DFG::JITCompiler::addMethodGet):
974         (JSC::DFG::JITCompiler::MethodGetRecord::MethodGetRecord):
975         * dfg/DFGNode.h:
976         (JSC::DFG::Node::hasIdentifier):
977         * dfg/DFGNonSpeculativeJIT.cpp:
978         (JSC::DFG::NonSpeculativeJIT::compile):
979         * dfg/DFGOperations.cpp:
980         * dfg/DFGOperations.h:
981         * dfg/DFGRepatch.cpp:
982         (JSC::DFG::dfgRepatchGetMethodFast):
983         (JSC::DFG::tryCacheGetMethod):
984         (JSC::DFG::dfgRepatchGetMethod):
985         * dfg/DFGRepatch.h:
986         * dfg/DFGSpeculativeJIT.cpp:
987         (JSC::DFG::SpeculativeJIT::compile):
988         * jit/JITWriteBarrier.h:
989         (JSC::JITWriteBarrier::set):
990
991 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
992
993         DFG JIT op_call implementation will flush registers even when those registers are dead
994         https://bugs.webkit.org/show_bug.cgi?id=64023
995
996         Reviewed by Gavin Barraclough.
997
998         * dfg/DFGJITCodeGenerator.cpp:
999         (JSC::DFG::JITCodeGenerator::emitCall):
1000         * dfg/DFGJITCodeGenerator.h:
1001         (JSC::DFG::JITCodeGenerator::integerResult):
1002         (JSC::DFG::JITCodeGenerator::noResult):
1003         (JSC::DFG::JITCodeGenerator::cellResult):
1004         (JSC::DFG::JITCodeGenerator::jsValueResult):
1005         (JSC::DFG::JITCodeGenerator::doubleResult):
1006         * dfg/DFGNonSpeculativeJIT.cpp:
1007         (JSC::DFG::NonSpeculativeJIT::compile):
1008         * dfg/DFGSpeculativeJIT.cpp:
1009         (JSC::DFG::SpeculativeJIT::compile):
1010
1011 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
1012
1013         DFG speculative JIT may crash when speculating int on a non-int JSConstant.
1014         https://bugs.webkit.org/show_bug.cgi?id=64017
1015
1016         Reviewed by Gavin Barraclough.
1017
1018         * dfg/DFGSpeculativeJIT.cpp:
1019         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1020         (JSC::DFG::SpeculativeJIT::compile):
1021
1022 2011-07-06  Dmitriy Vyukov  <dvyukov@google.com>
1023
1024         Reviewed by David Levin.
1025
1026         Allow substitution of dynamic annotations and prevent identical code folding by the linker.
1027         https://bugs.webkit.org/show_bug.cgi?id=62443
1028
1029         * wtf/DynamicAnnotations.cpp:
1030         (WTFAnnotateBenignRaceSized):
1031         (WTFAnnotateHappensBefore):
1032         (WTFAnnotateHappensAfter):
1033
1034 2011-07-06  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
1035
1036         Calls on 32 bit machines are failed after r90423
1037         https://bugs.webkit.org/show_bug.cgi?id=63980
1038
1039         Reviewed by Gavin Barraclough.
1040
1041         Copy the necessary lines from JITCall.cpp.
1042
1043         * jit/JITCall32_64.cpp:
1044         (JSC::JIT::compileOpCall):
1045
1046 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
1047
1048         DFG JIT virtual call implementation is inefficient.
1049         https://bugs.webkit.org/show_bug.cgi?id=63974
1050
1051         Reviewed by Gavin Barraclough.
1052
1053         * dfg/DFGOperations.cpp:
1054         * runtime/Executable.h:
1055         (JSC::ExecutableBase::generatedJITCodeForCallWithArityCheck):
1056         (JSC::ExecutableBase::generatedJITCodeForConstructWithArityCheck):
1057         (JSC::ExecutableBase::generatedJITCodeWithArityCheckFor):
1058         (JSC::ExecutableBase::hasJITCodeForCall):
1059         (JSC::ExecutableBase::hasJITCodeForConstruct):
1060         (JSC::ExecutableBase::hasJITCodeFor):
1061         * runtime/JSFunction.h:
1062         (JSC::JSFunction::scopeUnchecked):
1063
1064 2011-07-05  Oliver Hunt  <oliver@apple.com>
1065
1066         Force inlining of simple functions that show up as not being inlined
1067         https://bugs.webkit.org/show_bug.cgi?id=63964
1068
1069         Reviewed by Gavin Barraclough.
1070
1071         Looking at profile data indicates the gcc is failing to inline a
1072         number of trivial functions.  This patch hits the ones that show
1073         up in profiles with the ALWAYS_INLINE hammer.
1074
1075         We also replace the memcpy() call in linking with a manual loop.
1076         Apparently memcpy() is almost never faster than an inlined loop.
1077
1078         * assembler/ARMv7Assembler.h:
1079         (JSC::ARMv7Assembler::add):
1080         (JSC::ARMv7Assembler::add_S):
1081         (JSC::ARMv7Assembler::ARM_and):
1082         (JSC::ARMv7Assembler::asr):
1083         (JSC::ARMv7Assembler::b):
1084         (JSC::ARMv7Assembler::blx):
1085         (JSC::ARMv7Assembler::bx):
1086         (JSC::ARMv7Assembler::clz):
1087         (JSC::ARMv7Assembler::cmn):
1088         (JSC::ARMv7Assembler::cmp):
1089         (JSC::ARMv7Assembler::eor):
1090         (JSC::ARMv7Assembler::it):
1091         (JSC::ARMv7Assembler::ldr):
1092         (JSC::ARMv7Assembler::ldrCompact):
1093         (JSC::ARMv7Assembler::ldrh):
1094         (JSC::ARMv7Assembler::ldrb):
1095         (JSC::ARMv7Assembler::lsl):
1096         (JSC::ARMv7Assembler::lsr):
1097         (JSC::ARMv7Assembler::movT3):
1098         (JSC::ARMv7Assembler::mov):
1099         (JSC::ARMv7Assembler::movt):
1100         (JSC::ARMv7Assembler::mvn):
1101         (JSC::ARMv7Assembler::neg):
1102         (JSC::ARMv7Assembler::orr):
1103         (JSC::ARMv7Assembler::orr_S):
1104         (JSC::ARMv7Assembler::ror):
1105         (JSC::ARMv7Assembler::smull):
1106         (JSC::ARMv7Assembler::str):
1107         (JSC::ARMv7Assembler::sub):
1108         (JSC::ARMv7Assembler::sub_S):
1109         (JSC::ARMv7Assembler::tst):
1110         (JSC::ARMv7Assembler::linkRecordSourceComparator):
1111         (JSC::ARMv7Assembler::link):
1112         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Reg3Imm8):
1113         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Imm5Reg3Reg3):
1114         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp7Reg3Reg3Reg3):
1115         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8Imm8):
1116         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8RegReg143):
1117         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp9Imm7):
1118         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp10Reg3Reg3):
1119         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4FourFours):
1120         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16FourFours):
1121         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16Op16):
1122         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp5i6Imm4Reg4EncodedImm):
1123         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4Reg4Imm12):
1124         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp):
1125         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp):
1126         * assembler/LinkBuffer.h:
1127         (JSC::LinkBuffer::linkCode):
1128         * assembler/MacroAssemblerARMv7.h:
1129         (JSC::MacroAssemblerARMv7::nearCall):
1130         (JSC::MacroAssemblerARMv7::call):
1131         (JSC::MacroAssemblerARMv7::ret):
1132         (JSC::MacroAssemblerARMv7::moveWithPatch):
1133         (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
1134         (JSC::MacroAssemblerARMv7::storePtrWithPatch):
1135         (JSC::MacroAssemblerARMv7::tailRecursiveCall):
1136         (JSC::MacroAssemblerARMv7::makeTailRecursiveCall):
1137         (JSC::MacroAssemblerARMv7::jump):
1138         (JSC::MacroAssemblerARMv7::makeBranch):
1139
1140 2011-07-05  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
1141
1142         Make "Add optimised paths for a few maths functions" work on Qt
1143         https://bugs.webkit.org/show_bug.cgi?id=63893
1144
1145         Reviewed by Oliver Hunt.
1146
1147         Move the generated code to the .text section instead of .data section.
1148         Fix alignment for the 32 bit thunk code.
1149
1150         * jit/ThunkGenerators.cpp:
1151
1152 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
1153
1154         DFG JIT does not implement op_call.
1155         https://bugs.webkit.org/show_bug.cgi?id=63858
1156
1157         Reviewed by Gavin Barraclough.
1158
1159         * bytecode/CodeBlock.cpp:
1160         (JSC::CodeBlock::unlinkCalls):
1161         * bytecode/CodeBlock.h:
1162         (JSC::CodeBlock::setNumberOfCallLinkInfos):
1163         (JSC::CodeBlock::numberOfCallLinkInfos):
1164         * bytecompiler/BytecodeGenerator.cpp:
1165         (JSC::BytecodeGenerator::emitCall):
1166         (JSC::BytecodeGenerator::emitConstruct):
1167         * dfg/DFGAliasTracker.h:
1168         (JSC::DFG::AliasTracker::lookupGetByVal):
1169         (JSC::DFG::AliasTracker::recordCall):
1170         (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
1171         * dfg/DFGByteCodeParser.cpp:
1172         (JSC::DFG::ByteCodeParser::ByteCodeParser):
1173         (JSC::DFG::ByteCodeParser::getLocal):
1174         (JSC::DFG::ByteCodeParser::getArgument):
1175         (JSC::DFG::ByteCodeParser::toInt32):
1176         (JSC::DFG::ByteCodeParser::addToGraph):
1177         (JSC::DFG::ByteCodeParser::addVarArgChild):
1178         (JSC::DFG::ByteCodeParser::predictInt32):
1179         (JSC::DFG::ByteCodeParser::parseBlock):
1180         (JSC::DFG::ByteCodeParser::processPhiStack):
1181         (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
1182         * dfg/DFGGraph.cpp:
1183         (JSC::DFG::Graph::opName):
1184         (JSC::DFG::Graph::dump):
1185         (JSC::DFG::Graph::refChildren):
1186         * dfg/DFGGraph.h:
1187         * dfg/DFGJITCodeGenerator.cpp:
1188         (JSC::DFG::JITCodeGenerator::useChildren):
1189         (JSC::DFG::JITCodeGenerator::emitCall):
1190         * dfg/DFGJITCodeGenerator.h:
1191         (JSC::DFG::JITCodeGenerator::addressOfCallData):
1192         * dfg/DFGJITCompiler.cpp:
1193         (JSC::DFG::JITCompiler::compileFunction):
1194         * dfg/DFGJITCompiler.h:
1195         (JSC::DFG::CallRecord::CallRecord):
1196         (JSC::DFG::JITCompiler::notifyCall):
1197         (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
1198         (JSC::DFG::JITCompiler::addJSCall):
1199         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
1200         (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
1201         * dfg/DFGNode.h:
1202         (JSC::DFG::Node::Node):
1203         (JSC::DFG::Node::child1):
1204         (JSC::DFG::Node::child2):
1205         (JSC::DFG::Node::child3):
1206         (JSC::DFG::Node::firstChild):
1207         (JSC::DFG::Node::numChildren):
1208         * dfg/DFGNonSpeculativeJIT.cpp:
1209         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1210         (JSC::DFG::NonSpeculativeJIT::compare):
1211         (JSC::DFG::NonSpeculativeJIT::compile):
1212         * dfg/DFGOperations.cpp:
1213         * dfg/DFGOperations.h:
1214         * dfg/DFGRepatch.cpp:
1215         (JSC::DFG::dfgLinkCall):
1216         * dfg/DFGRepatch.h:
1217         * dfg/DFGSpeculativeJIT.cpp:
1218         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
1219         (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
1220         (JSC::DFG::SpeculativeJIT::compile):
1221         * dfg/DFGSpeculativeJIT.h:
1222         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
1223         * interpreter/CallFrame.h:
1224         (JSC::ExecState::calleeAsValue):
1225         * jit/JIT.cpp:
1226         (JSC::JIT::JIT):
1227         (JSC::JIT::privateCompileMainPass):
1228         (JSC::JIT::privateCompileSlowCases):
1229         (JSC::JIT::privateCompile):
1230         (JSC::JIT::linkCall):
1231         (JSC::JIT::linkConstruct):
1232         * jit/JITCall.cpp:
1233         (JSC::JIT::compileOpCall):
1234         * jit/JITCode.h:
1235         (JSC::JITCode::JITCode):
1236         (JSC::JITCode::jitType):
1237         (JSC::JITCode::HostFunction):
1238         * runtime/JSFunction.h:
1239         * runtime/JSGlobalData.h:
1240
1241 2011-07-05  Oliver Hunt  <oliver@apple.com>
1242
1243         Initialize new MarkStack member
1244
1245         * heap/MarkStack.h:
1246         (JSC::MarkStack::MarkStack):
1247
1248 2011-07-05  Oliver Hunt  <oliver@apple.com>
1249
1250         Don't throw out compiled code repeatedly
1251         https://bugs.webkit.org/show_bug.cgi?id=63960
1252
1253         Reviewed by Gavin Barraclough.
1254
1255         Stop throwing away all compiled code every time
1256         we're told to do a full GC.  Instead unlink all
1257         callsites during such GC passes to maximise the
1258         number of collectable functions, but otherwise
1259         leave compiled functions alone.
1260
1261         * API/JSBase.cpp:
1262         (JSGarbageCollect):
1263         * bytecode/CodeBlock.cpp:
1264         (JSC::CodeBlock::visitAggregate):
1265         * heap/Heap.cpp:
1266         (JSC::Heap::collectAllGarbage):
1267         * heap/MarkStack.h:
1268         (JSC::MarkStack::shouldUnlinkCalls):
1269         (JSC::MarkStack::setShouldUnlinkCalls):
1270         * runtime/JSGlobalData.cpp:
1271         (JSC::JSGlobalData::recompileAllJSFunctions):
1272         (JSC::JSGlobalData::releaseExecutableMemory):
1273         * runtime/RegExp.cpp:
1274         (JSC::RegExp::compile):
1275         (JSC::RegExp::invalidateCode):
1276         * runtime/RegExp.h:
1277
1278 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
1279
1280         JSC JIT has code duplication for the handling of call and construct
1281         https://bugs.webkit.org/show_bug.cgi?id=63957
1282
1283         Reviewed by Gavin Barraclough.
1284
1285         * jit/JIT.cpp:
1286         (JSC::JIT::linkFor):
1287         * jit/JIT.h:
1288         * jit/JITStubs.cpp:
1289         (JSC::jitCompileFor):
1290         (JSC::DEFINE_STUB_FUNCTION):
1291         (JSC::arityCheckFor):
1292         (JSC::lazyLinkFor):
1293         * runtime/Executable.h:
1294         (JSC::ExecutableBase::generatedJITCodeFor):
1295         (JSC::FunctionExecutable::compileFor):
1296         (JSC::FunctionExecutable::isGeneratedFor):
1297         (JSC::FunctionExecutable::generatedBytecodeFor):
1298         (JSC::FunctionExecutable::generatedJITCodeWithArityCheckFor):
1299
1300 2011-07-05  Gavin Barraclough  <barraclough@apple.com>
1301
1302         Build fix following last patch.
1303
1304         * runtime/JSFunction.cpp:
1305         (JSC::createPrototypeProperty):
1306
1307 2011-07-05  Gavin Barraclough  <barraclough@apple.com>
1308
1309         https://bugs.webkit.org/show_bug.cgi?id=63947
1310         ASSERT running Object.preventExtensions(Math.sin)
1311
1312         Reviewed by Oliver Hunt.
1313
1314         This is due to calling scope() on a hostFunction as a part of
1315         calling createPrototypeProperty to reify the prototype property.
1316         But host functions don't have a prototype property anyway!
1317
1318         Prevent callling createPrototypeProperty on a host function.
1319
1320         * runtime/JSFunction.cpp:
1321         (JSC::JSFunction::createPrototypeProperty):
1322         (JSC::JSFunction::preventExtensions):
1323
1324 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
1325
1326         https://bugs.webkit.org/show_bug.cgi?id=63880
1327         Evaluation order of conversions of operands to >, >= incorrect.
1328
1329         Reviewed by Sam Weinig.
1330
1331         Add 'leftFirst' parameter to jsLess, jsLessEq matching that described in the ES5
1332         spec. This allows these methods to be reused to perform >, >= relational compares
1333         with correct ordering of type conversions.
1334
1335         * dfg/DFGOperations.cpp:
1336         * interpreter/Interpreter.cpp:
1337         (JSC::Interpreter::privateExecute):
1338         * jit/JITStubs.cpp:
1339         (JSC::DEFINE_STUB_FUNCTION):
1340         * runtime/Operations.h:
1341         (JSC::jsLess):
1342         (JSC::jsLessEq):
1343
1344 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
1345
1346         Reviewed by Sam Weinig.
1347
1348         https://bugs.webkit.org/show_bug.cgi?id=16652
1349         Firefox and JavaScriptCore differ in Number.toString(integer)
1350
1351         Our arbitrary radix (2..36) toString conversion is inaccurate.
1352         This is partly because it uses doubles to perform math that requires
1353         higher accuracy, and partly becasue it does not attempt to correctly
1354         detect where to terminate, instead relying on a simple 'epsilon'.
1355
1356         * runtime/NumberPrototype.cpp:
1357         (JSC::decomposeDouble):
1358             - helper function to extract sign, exponent, mantissa from IEEE doubles.
1359         (JSC::Uint16WithFraction::Uint16WithFraction):
1360             - helper class, u16int with infinite precision fraction, used to convert
1361               the fractional part of the number to a string.
1362         (JSC::Uint16WithFraction::operator*=):
1363             - Multiply by a uint16.
1364         (JSC::Uint16WithFraction::operator<):
1365             - Compare two Uint16WithFractions.
1366         (JSC::Uint16WithFraction::floorAndSubtract):
1367             - Extract the integer portion of the number, and subtract it (clears the integer portion).
1368         (JSC::Uint16WithFraction::comparePoint5):
1369             - Compare to 0.5.
1370         (JSC::Uint16WithFraction::sumGreaterThanOne):
1371             - Passed a second Uint16WithFraction, returns true if the result of adding
1372               the two values would be greater than one.
1373         (JSC::Uint16WithFraction::isNormalized):
1374             - Used by ASSERTs to consistency check internal representation.
1375         (JSC::BigInteger::BigInteger):
1376             - helper class, unbounded integer value, used to convert the integer part
1377               of the number to a string.
1378         (JSC::BigInteger::divide):
1379             - Divide this value through by a uint32.
1380         (JSC::BigInteger::operator!):
1381             - test for zero.
1382         (JSC::toStringWithRadix):
1383             - Performs number to string conversion, with the given radix (2..36).
1384         (JSC::numberProtoFuncToString):
1385             - Changed to use toStringWithRadix.
1386
1387 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
1388
1389         https://bugs.webkit.org/show_bug.cgi?id=63881
1390         Need separate bytecodes for handling >, >= comparisons.
1391
1392         Reviewed by Oliver Hunt.
1393
1394         This clears the way to fix Bug#63880. We currently handle greater-than comparisons
1395         as being using the corresponding op_less, etc opcodes.  This is incorrect with
1396         respect to evaluation ordering of the implicit conversions performed on operands -
1397         we should be calling ToPrimitive on the LHS and RHS operands to the greater than,
1398         but instead convert RHS then LHS.
1399
1400         This patch adds opcodes for greater-than comparisons mirroring existing ones used
1401         for less-than.
1402
1403         * bytecode/CodeBlock.cpp:
1404         (JSC::CodeBlock::dump):
1405         * bytecode/Opcode.h:
1406         * bytecompiler/BytecodeGenerator.cpp:
1407         (JSC::BytecodeGenerator::emitJumpIfTrue):
1408         (JSC::BytecodeGenerator::emitJumpIfFalse):
1409         * bytecompiler/NodesCodegen.cpp:
1410         * dfg/DFGByteCodeParser.cpp:
1411         (JSC::DFG::ByteCodeParser::parseBlock):
1412         * dfg/DFGNode.h:
1413         * dfg/DFGNonSpeculativeJIT.cpp:
1414         (JSC::DFG::NonSpeculativeJIT::compare):
1415         (JSC::DFG::NonSpeculativeJIT::compile):
1416         * dfg/DFGNonSpeculativeJIT.h:
1417         * dfg/DFGOperations.cpp:
1418         * dfg/DFGOperations.h:
1419         * dfg/DFGSpeculativeJIT.cpp:
1420         (JSC::DFG::SpeculativeJIT::compare):
1421         (JSC::DFG::SpeculativeJIT::compile):
1422         * dfg/DFGSpeculativeJIT.h:
1423         * interpreter/Interpreter.cpp:
1424         (JSC::Interpreter::privateExecute):
1425         * jit/JIT.cpp:
1426         (JSC::JIT::privateCompileMainPass):
1427         (JSC::JIT::privateCompileSlowCases):
1428         * jit/JIT.h:
1429         (JSC::JIT::emit_op_loop_if_greater):
1430         (JSC::JIT::emitSlow_op_loop_if_greater):
1431         (JSC::JIT::emit_op_loop_if_greatereq):
1432         (JSC::JIT::emitSlow_op_loop_if_greatereq):
1433         * jit/JITArithmetic.cpp:
1434         (JSC::JIT::emit_op_jgreater):
1435         (JSC::JIT::emit_op_jgreatereq):
1436         (JSC::JIT::emit_op_jngreater):
1437         (JSC::JIT::emit_op_jngreatereq):
1438         (JSC::JIT::emitSlow_op_jgreater):
1439         (JSC::JIT::emitSlow_op_jgreatereq):
1440         (JSC::JIT::emitSlow_op_jngreater):
1441         (JSC::JIT::emitSlow_op_jngreatereq):
1442         (JSC::JIT::emit_compareAndJumpSlow):
1443         * jit/JITArithmetic32_64.cpp:
1444         (JSC::JIT::emitBinaryDoubleOp):
1445         * jit/JITStubs.cpp:
1446         (JSC::DEFINE_STUB_FUNCTION):
1447         * jit/JITStubs.h:
1448         * parser/NodeConstructors.h:
1449         (JSC::GreaterNode::GreaterNode):
1450         (JSC::GreaterEqNode::GreaterEqNode):
1451         * parser/Nodes.h:
1452
1453 2011-07-03  Gavin Barraclough  <barraclough@apple.com>
1454
1455         https://bugs.webkit.org/show_bug.cgi?id=63879
1456         Reduce code duplication for op_jless, op_jlesseq, op_jnless, op_jnlesseq.
1457
1458         Reviewed by Sam Weinig.
1459         
1460         There is a lot of copy & paste code here; we can reduce duplication by making
1461         a shared implementation.
1462
1463         * assembler/MacroAssembler.h:
1464         (JSC::MacroAssembler::branch32):
1465         (JSC::MacroAssembler::commute):
1466             - Make these function platform agnostic.
1467         * assembler/MacroAssemblerX86Common.h:
1468             - Moved branch32/commute up to MacroAssembler.
1469         * jit/JIT.h:
1470         (JSC::JIT::emit_op_loop_if_lesseq):
1471         (JSC::JIT::emitSlow_op_loop_if_lesseq):
1472             - Add an implementation matching that for op_loop_if_less, which just calls op_jless.
1473         * jit/JITArithmetic.cpp:
1474         (JSC::JIT::emit_op_jless):
1475         (JSC::JIT::emit_op_jlesseq):
1476         (JSC::JIT::emit_op_jnless):
1477         (JSC::JIT::emit_op_jnlesseq):
1478         (JSC::JIT::emitSlow_op_jless):
1479         (JSC::JIT::emitSlow_op_jlesseq):
1480         (JSC::JIT::emitSlow_op_jnless):
1481         (JSC::JIT::emitSlow_op_jnlesseq):
1482             - Common implmentations of these methods for JSVALUE64 & JSVALUE32_64.
1483         (JSC::JIT::emit_compareAndJump):
1484         (JSC::JIT::emit_compareAndJumpSlow):
1485             - Internal implmementation of jless etc for JSVALUE64.
1486         * jit/JITArithmetic32_64.cpp:
1487         (JSC::JIT::emit_compareAndJump):
1488         (JSC::JIT::emit_compareAndJumpSlow):
1489             - Internal implmementation of jless etc for JSVALUE32_64.
1490         * jit/JITOpcodes.cpp:
1491         * jit/JITOpcodes32_64.cpp:
1492         * jit/JITStubs.cpp:
1493         * jit/JITStubs.h:
1494             - Remove old implementation of emit_op_loop_if_lesseq.
1495
1496 2011-07-03  Sheriff Bot  <webkit.review.bot@gmail.com>
1497
1498         Unreviewed, rolling out r90347.
1499         http://trac.webkit.org/changeset/90347
1500         https://bugs.webkit.org/show_bug.cgi?id=63886
1501
1502         Build breaks on Leopard, Chromium-win, WinCairo, and WinCE.
1503         (Requested by tkent on #webkit).
1504
1505         * JavaScriptCore.xcodeproj/project.pbxproj:
1506         * runtime/BigInteger.h: Removed.
1507         * runtime/NumberPrototype.cpp:
1508         (JSC::numberProtoFuncToPrecision):
1509         (JSC::numberProtoFuncToString):
1510         * runtime/Uint16WithFraction.h: Removed.
1511         * wtf/MathExtras.h:
1512
1513 2011-06-30  Gavin Barraclough  <barraclough@apple.com>
1514
1515         Reviewed by Sam Weinig.
1516
1517         https://bugs.webkit.org/show_bug.cgi?id=16652
1518         Firefox and JavaScriptCore differ in Number.toString(integer)
1519
1520         Our arbitrary radix (2..36) toString conversion is inaccurate.
1521         This is partly because it uses doubles to perform math that requires
1522         higher accuracy, and partly becasue it does not attempt to correctly
1523         detect where to terminate, instead relying on a simple 'epsilon'.
1524
1525         * runtime/NumberPrototype.cpp:
1526         (JSC::decomposeDouble):
1527             - helper function to extract sign, exponent, mantissa from IEEE doubles.
1528         (JSC::Uint16WithFraction::Uint16WithFraction):
1529             - helper class, u16int with infinite precision fraction, used to convert
1530               the fractional part of the number to a string.
1531         (JSC::Uint16WithFraction::operator*=):
1532             - Multiply by a uint16.
1533         (JSC::Uint16WithFraction::operator<):
1534             - Compare two Uint16WithFractions.
1535         (JSC::Uint16WithFraction::floorAndSubtract):
1536             - Extract the integer portion of the number, and subtract it (clears the integer portion).
1537         (JSC::Uint16WithFraction::comparePoint5):
1538             - Compare to 0.5.
1539         (JSC::Uint16WithFraction::sumGreaterThanOne):
1540             - Passed a second Uint16WithFraction, returns true if the result of adding
1541               the two values would be greater than one.
1542         (JSC::Uint16WithFraction::isNormalized):
1543             - Used by ASSERTs to consistency check internal representation.
1544         (JSC::BigInteger::BigInteger):
1545             - helper class, unbounded integer value, used to convert the integer part
1546               of the number to a string.
1547         (JSC::BigInteger::divide):
1548             - Divide this value through by a uint32.
1549         (JSC::BigInteger::operator!):
1550             - test for zero.
1551         (JSC::toStringWithRadix):
1552             - Performs number to string conversion, with the given radix (2..36).
1553         (JSC::numberProtoFuncToString):
1554             - Changed to use toStringWithRadix.
1555
1556 2011-07-02  Gavin Barraclough  <barraclough@apple.com>
1557
1558         https://bugs.webkit.org/show_bug.cgi?id=63866
1559         DFG JIT - implement instanceof
1560
1561         Reviewed by Sam Weinig.
1562
1563         Add ops CheckHasInstance & InstanceOf to implement bytecodes
1564         op_check_has_instance & op_instanceof. This is an initial
1565         functional implementation, performance is a wash. We can
1566         follow up with changes to fuse the InstanceOf node with
1567         a subsequant branch, as we do with other comparisons.
1568
1569         * dfg/DFGByteCodeParser.cpp:
1570         (JSC::DFG::ByteCodeParser::parseBlock):
1571         * dfg/DFGJITCompiler.cpp:
1572         (JSC::DFG::JITCompiler::jitAssertIsCell):
1573         * dfg/DFGJITCompiler.h:
1574         (JSC::DFG::JITCompiler::jitAssertIsCell):
1575         * dfg/DFGNode.h:
1576         * dfg/DFGNonSpeculativeJIT.cpp:
1577         (JSC::DFG::NonSpeculativeJIT::compile):
1578         * dfg/DFGOperations.cpp:
1579         * dfg/DFGOperations.h:
1580         * dfg/DFGSpeculativeJIT.cpp:
1581         (JSC::DFG::SpeculativeJIT::compile):
1582
1583 2011-07-01  Oliver Hunt  <oliver@apple.com>
1584
1585         IE Web Workers demo crashes in JSC::SlotVisitor::visitChildren()
1586         https://bugs.webkit.org/show_bug.cgi?id=63732
1587
1588         Reviewed by Gavin Barraclough.
1589
1590         Initialise the memory at the head of the new storage so that
1591         GC is safe if triggered by reportExtraMemoryCost.
1592
1593         * runtime/JSArray.cpp:
1594         (JSC::JSArray::increaseVectorPrefixLength):
1595
1596 2011-07-01  Oliver Hunt  <oliver@apple.com>
1597
1598         GC sweep can occur before an object is completely initialised
1599         https://bugs.webkit.org/show_bug.cgi?id=63836
1600
1601         Reviewed by Gavin Barraclough.
1602
1603         In rare cases it's possible for a GC sweep to occur while a
1604         live, but not completely initialised object is on the stack.
1605         In such a case we may incorrectly choose to mark it, even
1606         though it has no children that need marking.
1607
1608         We resolve this by always zeroing out the structure of any
1609         value returned from JSCell::operator new(), and making the
1610         markstack tolerant of a null structure. 
1611
1612         * runtime/JSCell.h:
1613         (JSC::JSCell::JSCell::~JSCell):
1614         (JSC::JSCell::JSCell::operator new):
1615         * runtime/Structure.h:
1616         (JSC::MarkStack::internalAppend):
1617
1618 2011-07-01  Filip Pizlo  <fpizlo@apple.com>
1619
1620         Reviewed by Gavin Barraclough.
1621
1622         DFG non-speculative JIT always performs slow C calls for div and mod.
1623         https://bugs.webkit.org/show_bug.cgi?id=63684
1624
1625         * dfg/DFGNonSpeculativeJIT.cpp:
1626         (JSC::DFG::NonSpeculativeJIT::compile):
1627
1628 2011-07-01  Juan C. Montemayor  <jmont@apple.com>
1629
1630         Reviewed by Oliver Hunt.
1631
1632         Lexer error messages are currently appalling
1633         https://bugs.webkit.org/show_bug.cgi?id=63340
1634
1635         Added error messages for the Lexer. These messages will be displayed
1636         instead of the lexer error messages from the parser that are currently
1637         shown.
1638
1639         * parser/Lexer.cpp:
1640         (JSC::Lexer::getInvalidCharMessage):
1641         (JSC::Lexer::setCode):
1642         (JSC::Lexer::parseString):
1643         (JSC::Lexer::lex):
1644         (JSC::Lexer::clear):
1645         * parser/Lexer.h:
1646         (JSC::Lexer::getErrorMessage):
1647         (JSC::Lexer::setOffset):
1648         * parser/Parser.cpp:
1649         (JSC::Parser::parse):
1650
1651 2011-07-01  Jungshik Shin  <jshin@chromium.org>
1652
1653         Reviewed by Alexey Proskuryakov.
1654
1655         Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
1656         build files for ports not using ICU.
1657         Add icu/unicode/uscript.h for ports using ICU. It's taken from 
1658         ICU 3.6 (the version used on Mac OS 10.5)
1659
1660         http://bugs.webkit.org/show_bug.cgi?id=20797
1661
1662         * GNUmakefile.list.am:
1663         * JavaScriptCore.gypi:
1664         * icu/unicode/uscript.h: Added for UScriptCode enum.
1665         * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
1666         * wtf/unicode/icu/UnicodeIcu.h:
1667         * wtf/unicode/brew/UnicodeBrew.h:
1668         * wtf/unicode/glib/UnicodeGLib.h:
1669         * wtf/unicode/qt4/UnicodeQt4.h:
1670         * wtf/unicode/wince/UnicodeWinCE.h:
1671
1672 2011-07-01  Gavin Barraclough  <barraclough@apple.com>
1673
1674         Reviewed by Sam Weinig.
1675
1676         https://bugs.webkit.org/show_bug.cgi?id=63819
1677         Escaping of forwardslashes in strings incorrect if multiple exist.
1678
1679         The bug is in the parameters passed to a substring - should be
1680         start & length, but we're passing start & end indices!
1681
1682         * runtime/RegExpObject.cpp:
1683         (JSC::regExpObjectSource):
1684
1685 2011-07-01  Adam Roben  <aroben@apple.com>
1686
1687         Roll out r90194
1688         http://trac.webkit.org/changeset/90194
1689         https://bugs.webkit.org/show_bug.cgi?id=63778
1690
1691         Fixes <http://webkit.org/b/63812> REGRESSION (r90194): Multiple tests intermittently failing
1692         assertions in WriteBarrierBase<JSC::Structure>::get
1693
1694         * runtime/JSCell.h:
1695         (JSC::JSCell::JSCell::~JSCell):
1696
1697 2011-06-30  Oliver Hunt  <oliver@apple.com>
1698
1699         Reviewed by Gavin Barraclough.
1700
1701         Add optimised paths for a few maths functions
1702         https://bugs.webkit.org/show_bug.cgi?id=63757
1703
1704         Relanding as a Mac only patch.
1705
1706         This adds specialised thunks for Math.abs, Math.round, Math.ceil,
1707         Math.floor, Math.log, and Math.exp as they are apparently more
1708         important in real web content than we thought, which is somewhat
1709         mind-boggling.  On average doubles the performance of the common
1710         cases (eg. actually passing numbers in).  They're not as efficient
1711         as they could be, but this way gives them the most portability.
1712
1713         * assembler/MacroAssemblerARM.h:
1714         (JSC::MacroAssemblerARM::supportsDoubleBitops):
1715         (JSC::MacroAssemblerARM::andnotDouble):
1716         * assembler/MacroAssemblerARMv7.h:
1717         (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
1718         (JSC::MacroAssemblerARMv7::andnotDouble):
1719         * assembler/MacroAssemblerMIPS.h:
1720         (JSC::MacroAssemblerMIPS::andnotDouble):
1721         (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
1722         * assembler/MacroAssemblerSH4.h:
1723         (JSC::MacroAssemblerSH4::supportsDoubleBitops):
1724         (JSC::MacroAssemblerSH4::andnotDouble):
1725         * assembler/MacroAssemblerX86.h:
1726         (JSC::MacroAssemblerX86::supportsDoubleBitops):
1727         * assembler/MacroAssemblerX86Common.h:
1728         (JSC::MacroAssemblerX86Common::andnotDouble):
1729         * assembler/MacroAssemblerX86_64.h:
1730         (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
1731         * assembler/X86Assembler.h:
1732         (JSC::X86Assembler::andnpd_rr):
1733         * create_hash_table:
1734         * jit/SpecializedThunkJIT.h:
1735         (JSC::SpecializedThunkJIT::finalize):
1736         (JSC::SpecializedThunkJIT::callDoubleToDouble):
1737         * jit/ThunkGenerators.cpp:
1738         (JSC::floorThunkGenerator):
1739         (JSC::ceilThunkGenerator):
1740         (JSC::roundThunkGenerator):
1741         (JSC::expThunkGenerator):
1742         (JSC::logThunkGenerator):
1743         (JSC::absThunkGenerator):
1744         * jit/ThunkGenerators.h:
1745
1746 2011-07-01  David Kilzer  <ddkilzer@apple.com>
1747
1748         <http://webkit.org/b/63814> Fix clang build error in JITOpcodes32_64.cpp
1749
1750         Fixes the following build error in clang:
1751
1752             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:9-741:35}: error: operator '?:' has lower precedence than '+'; '+' will be evaluated first [-Werror,-Wparentheses,3]
1753                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
1754                      ~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
1755             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36: note: place parentheses around the '+' expression to silence this warning [3]
1756                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
1757                                                 ^
1758                      (                         )
1759             fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:9-741:9}:"("
1760             fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:35-741:35}:")"
1761             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:28-741:94}: note: place parentheses around the '?:' expression to evaluate it first [3]
1762                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
1763                                         ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1764             1 error generated.
1765
1766         * jit/JITOpcodes32_64.cpp:
1767         (JSC::JIT::emit_op_resolve_global): Add parenthesis to make the
1768         tertiary expression evaluate first.
1769
1770 2011-07-01  Sheriff Bot  <webkit.review.bot@gmail.com>
1771
1772         Unreviewed, rolling out r90177 and r90179.
1773         http://trac.webkit.org/changeset/90177
1774         http://trac.webkit.org/changeset/90179
1775         https://bugs.webkit.org/show_bug.cgi?id=63790
1776
1777         It caused crashes on Qt in debug mode (Requested by Ossy on
1778         #webkit).
1779
1780         * assembler/MacroAssemblerARM.h:
1781         (JSC::MacroAssemblerARM::rshift32):
1782         (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
1783         (JSC::MacroAssemblerARM::sqrtDouble):
1784         * assembler/MacroAssemblerARMv7.h:
1785         (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
1786         (JSC::MacroAssemblerARMv7::sqrtDouble):
1787         * assembler/MacroAssemblerMIPS.h:
1788         (JSC::MacroAssemblerMIPS::sqrtDouble):
1789         (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
1790         * assembler/MacroAssemblerSH4.h:
1791         (JSC::MacroAssemblerSH4::sqrtDouble):
1792         * assembler/MacroAssemblerX86.h:
1793         * assembler/MacroAssemblerX86Common.h:
1794         * assembler/MacroAssemblerX86_64.h:
1795         * assembler/X86Assembler.h:
1796         * create_hash_table:
1797         * jit/JSInterfaceJIT.h:
1798         (JSC::JSInterfaceJIT::emitLoadDouble):
1799         * jit/SpecializedThunkJIT.h:
1800         (JSC::SpecializedThunkJIT::finalize):
1801         * jit/ThunkGenerators.cpp:
1802         * jit/ThunkGenerators.h:
1803
1804 2011-06-30  Oliver Hunt  <oliver@apple.com>
1805
1806         Reviewed by Beth Dakin.
1807
1808         Make GC validation clear cell structure on destruction
1809         https://bugs.webkit.org/show_bug.cgi?id=63778
1810
1811         * runtime/JSCell.h:
1812         (JSC::JSCell::JSCell::~JSCell):
1813
1814 2011-06-30  Geoffrey Garen  <ggaren@apple.com>
1815
1816         Reviewed by Gavin Barraclough.
1817
1818         Added write barrier that was missing from put_by_id_transition
1819         https://bugs.webkit.org/show_bug.cgi?id=63775
1820
1821         * dfg/DFGJITCodeGenerator.cpp:
1822         (JSC::DFG::JITCodeGenerator::writeBarrier): Made this static with a
1823         MacroAssembler& argument so our patching functions could use it.
1824
1825         (JSC::DFG::JITCodeGenerator::cachedPutById):
1826         * dfg/DFGJITCodeGenerator.h:
1827         * dfg/DFGNonSpeculativeJIT.cpp:
1828         (JSC::DFG::NonSpeculativeJIT::compile): Updated for signature change.
1829
1830         * dfg/DFGRepatch.cpp:
1831         (JSC::DFG::tryCachePutByID): Missing barrier!
1832
1833         * dfg/DFGSpeculativeJIT.cpp:
1834         (JSC::DFG::SpeculativeJIT::compile): Updated for signature change.
1835
1836         * jit/JITPropertyAccess.cpp:
1837         (JSC::JIT::privateCompilePutByIdTransition):
1838         * jit/JITPropertyAccess32_64.cpp:
1839         (JSC::JIT::privateCompilePutByIdTransition):
1840         * jit/JSInterfaceJIT.h: Same game here. Removed storePtrWithWriteBarrier
1841         because its meaning isn't clear -- maybe in the future we'll have a
1842         clear way to pass all stores through a common function that guarantees
1843         a write barrier, but that's not the case right now.
1844
1845 2011-06-30  Filip Pizlo  <fpizlo@apple.com>
1846
1847         Reviewed by Gavin Barraclough.
1848
1849         DFG non-speculative JIT does not reuse registers when compiling comparisons.
1850         https://bugs.webkit.org/show_bug.cgi?id=63565
1851
1852         * dfg/DFGNonSpeculativeJIT.cpp:
1853         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1854         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1855         (JSC::DFG::NonSpeculativeJIT::compare):
1856
1857 2011-06-30  Geoffrey Garen  <ggaren@apple.com>
1858
1859         Reviewed by Gavin Barraclough.
1860
1861         Added empty write barrier stubs in all the right places in the DFG JIT
1862         https://bugs.webkit.org/show_bug.cgi?id=63764
1863         
1864         SunSpider thinks this might be a 0.5% speedup. Meh.
1865
1866         * dfg/DFGJITCodeGenerator.cpp:
1867         (JSC::DFG::JITCodeGenerator::writeBarrier): Le stub.
1868
1869         (JSC::DFG::JITCodeGenerator::cachedPutById): Don't do anything special
1870         for the case where base == scratch, since we now require base and scratch
1871         to be not equal, for the sake of the write barrier.
1872
1873         * dfg/DFGJITCodeGenerator.h: Le stub.
1874
1875         * dfg/DFGNonSpeculativeJIT.cpp:
1876         (JSC::DFG::NonSpeculativeJIT::compile): Don't reuse the base register
1877         as the scratch register, since that's incompatible with the write barrier,
1878         which needs a distinct base and scratch.
1879         
1880         Do put the global object into a register before loading its var storage,
1881         since it needs to be in a register for the write barrier to operate on it.
1882
1883         * dfg/DFGSpeculativeJIT.cpp:
1884         (JSC::DFG::SpeculativeJIT::compile):
1885         * jit/JITPropertyAccess.cpp:
1886         (JSC::JIT::emitWriteBarrier): Second verse, same as the first.
1887
1888         * jit/JITPropertyAccess.cpp:
1889         (JSC::JIT::emit_op_get_scoped_var):
1890         (JSC::JIT::emit_op_put_scoped_var):
1891         (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
1892         places.
1893
1894         (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
1895         is a little more than meaningless.
1896
1897         * jit/JITPropertyAccess32_64.cpp:
1898         (JSC::JIT::emit_op_get_scoped_var):
1899         (JSC::JIT::emit_op_put_scoped_var):
1900         (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
1901         places.
1902
1903         (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
1904         is a little more than meaningless.
1905
1906         * runtime/JSVariableObject.h:
1907         (JSC::JSVariableObject::offsetOfRegisters): Now used by the JIT, since
1908         we put the global object in a register and only then load its var storage
1909         by offset.
1910
1911         (JSC::JIT::emitWriteBarrier):
1912
1913 2011-06-30  Oliver Hunt  <oliver@apple.com>
1914
1915         Fix ARMv6 build
1916
1917         * assembler/MacroAssemblerARM.h:
1918         (JSC::MacroAssemblerARM::rshift32):
1919
1920 2011-06-30  Oliver Hunt  <oliver@apple.com>
1921
1922         Reviewed by Gavin Barraclough.
1923
1924         Add optimised paths for a few maths functions
1925         https://bugs.webkit.org/show_bug.cgi?id=63757
1926
1927         This adds specialised thunks for Math.abs, Math.round, Math.ceil,
1928         Math.floor, Math.log, and Math.exp as they are apparently more
1929         important in real web content than we thought, which is somewhat
1930         mind-boggling.  On average doubles the performance of the common
1931         cases (eg. actually passing numbers in).  They're not as efficient
1932         as they could be, but this way gives them the most portability.
1933
1934         * assembler/MacroAssemblerARM.h:
1935         (JSC::MacroAssemblerARM::supportsDoubleBitops):
1936         (JSC::MacroAssemblerARM::andnotDouble):
1937         * assembler/MacroAssemblerARMv7.h:
1938         (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
1939         (JSC::MacroAssemblerARMv7::andnotDouble):
1940         * assembler/MacroAssemblerMIPS.h:
1941         (JSC::MacroAssemblerMIPS::andnotDouble):
1942         (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
1943         * assembler/MacroAssemblerSH4.h:
1944         (JSC::MacroAssemblerSH4::supportsDoubleBitops):
1945         (JSC::MacroAssemblerSH4::andnotDouble):
1946         * assembler/MacroAssemblerX86.h:
1947         (JSC::MacroAssemblerX86::supportsDoubleBitops):
1948         * assembler/MacroAssemblerX86Common.h:
1949         (JSC::MacroAssemblerX86Common::andnotDouble):
1950         * assembler/MacroAssemblerX86_64.h:
1951         (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
1952         * assembler/X86Assembler.h:
1953         (JSC::X86Assembler::andnpd_rr):
1954         * create_hash_table:
1955         * jit/SpecializedThunkJIT.h:
1956         (JSC::SpecializedThunkJIT::finalize):
1957         (JSC::SpecializedThunkJIT::callDoubleToDouble):
1958         * jit/ThunkGenerators.cpp:
1959         (JSC::floorThunkGenerator):
1960         (JSC::ceilThunkGenerator):
1961         (JSC::roundThunkGenerator):
1962         (JSC::expThunkGenerator):
1963         (JSC::logThunkGenerator):
1964         (JSC::absThunkGenerator):
1965         * jit/ThunkGenerators.h:
1966
1967 2011-06-30  Cary Clark  <caryclark@google.com>
1968
1969         Reviewed by James Robinson.
1970
1971         Use Skia if Skia on Mac Chrome is enabled
1972         https://bugs.webkit.org/show_bug.cgi?id=62999
1973
1974         * wtf/Platform.h:
1975         Add switch to use Skia if, externally,
1976         Skia has been enabled by a gyp define.
1977
1978 2011-06-30  Juan C. Montemayor  <jmont@apple.com>
1979
1980         Reviewed by Geoffrey Garen.
1981
1982         Web Inspector fails to display source for eval with syntax error
1983         https://bugs.webkit.org/show_bug.cgi?id=63583
1984
1985         Web Inspector now displays a link to an eval statement that contains
1986         a syntax error.
1987
1988         * parser/Parser.h:
1989         (JSC::isEvalNode):
1990         (JSC::EvalNode):
1991         (JSC::Parser::parse):
1992
1993 2011-06-30  Filip Pizlo  <fpizlo@apple.com>
1994
1995         Reviewed by Gavin Barraclough.
1996
1997         X86Assembler does not encode byte registers in 64-bit mode correctly.
1998         https://bugs.webkit.org/show_bug.cgi?id=63665
1999
2000         * assembler/X86Assembler.h:
2001         (JSC::X86Assembler::testb_rr):
2002         (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
2003
2004 2011-06-30  Sheriff Bot  <webkit.review.bot@gmail.com>
2005
2006         Unreviewed, rolling out r90102.
2007         http://trac.webkit.org/changeset/90102
2008         https://bugs.webkit.org/show_bug.cgi?id=63714
2009
2010         Lots of tests asserting beneath
2011         SVGSMILElement::findInstanceTime (Requested by aroben on
2012         #webkit).
2013
2014         * wtf/StdLibExtras.h:
2015         (WTF::binarySearch):
2016
2017 2011-06-30  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
2018
2019         Reviewed by Nikolas Zimmermann.
2020
2021         Speed up SVGSMILElement::findInstanceTime.
2022         https://bugs.webkit.org/show_bug.cgi?id=61025
2023
2024         Add a new parameter to StdlibExtras.h::binarySerarch function
2025         to also handle cases when the array does not contain the key value.
2026         This is needed for an svg function.
2027
2028         * wtf/StdLibExtras.h:
2029         (WTF::binarySearch):
2030
2031 2011-06-29  Gavin Barraclough  <barraclough@apple.com>
2032
2033         Reviewed by Geoff Garen.
2034
2035         https://bugs.webkit.org/show_bug.cgi?id=63669
2036         DFG JIT - fix spectral-norm regression
2037
2038         The problem is a mis-speculation leading to us falling off the speculative path.
2039         Make the speculation logic slightly smarter, don't predict int if one of the
2040         operands is already loaded as a double (we use this logic already for compares).
2041
2042         * dfg/DFGSpeculativeJIT.cpp:
2043         (JSC::DFG::SpeculativeJIT::compile):
2044         * dfg/DFGSpeculativeJIT.h:
2045         (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
2046
2047 2011-06-29  Filip Pizlo  <fpizlo@apple.com>
2048
2049         Reviewed by Gavin Barraclough.
2050
2051         DFG JIT does not do put_by_id transition caching.
2052         https://bugs.webkit.org/show_bug.cgi?id=63662
2053
2054         * dfg/DFGJITCodeGenerator.cpp:
2055         (JSC::DFG::JITCodeGenerator::cachedPutById):
2056         * dfg/DFGJITCompiler.h:
2057         (JSC::DFG::JITCompiler::addPropertyAccess):
2058         * dfg/DFGRepatch.cpp:
2059         (JSC::DFG::testPrototype):
2060         (JSC::DFG::tryCachePutByID):
2061
2062 2011-06-29  Geoffrey Garen  <ggaren@apple.com>
2063
2064         Reviewed by Oliver Hunt.
2065
2066         Added a dummy write barrier emitting function in all the right places in the old JIT
2067         https://bugs.webkit.org/show_bug.cgi?id=63667
2068         
2069         SunSpider reports no change.
2070
2071         * jit/JIT.h:
2072         * jit/JITPropertyAccess.cpp:
2073         (JSC::JIT::emit_op_put_by_id):
2074         (JSC::JIT::emit_op_put_scoped_var): Do it.
2075
2076         (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
2077         for the sake of the write barrier.
2078
2079         (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
2080
2081         * jit/JITPropertyAccess32_64.cpp:
2082         (JSC::JIT::emit_op_put_by_val):
2083         (JSC::JIT::emit_op_put_by_id):
2084         (JSC::JIT::emit_op_put_scoped_var): Do it.
2085
2086         (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
2087         for the sake of the write barrier.
2088
2089         (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
2090
2091 2011-06-29  Filip Pizlo  <fpizlo@apple.com>
2092
2093         Reviewed by Gavin Barraclough.
2094
2095         DFG JIT does not perform get_by_id self list caching.
2096         https://bugs.webkit.org/show_bug.cgi?id=63605
2097
2098         * bytecode/StructureStubInfo.h:
2099         * dfg/DFGJITCompiler.cpp:
2100         (JSC::DFG::JITCompiler::compileFunction):
2101         * dfg/DFGOperations.cpp:
2102         * dfg/DFGOperations.h:
2103         * dfg/DFGRepatch.cpp:
2104         (JSC::DFG::tryCacheGetByID):
2105         (JSC::DFG::tryBuildGetByIDList):
2106         (JSC::DFG::dfgBuildGetByIDList):
2107         * dfg/DFGRepatch.h:
2108
2109 2011-06-28  Filip Pizlo  <fpizlo@apple.com>
2110
2111         Reviewed by Gavin Barraclough.
2112
2113         DFG JIT lacks array.length caching.
2114         https://bugs.webkit.org/show_bug.cgi?id=63505
2115
2116         * bytecode/StructureStubInfo.h:
2117         * dfg/DFGJITCodeGenerator.cpp:
2118         (JSC::DFG::JITCodeGenerator::cachedGetById):
2119         (JSC::DFG::JITCodeGenerator::cachedPutById):
2120         * dfg/DFGJITCodeGenerator.h:
2121         (JSC::DFG::JITCodeGenerator::tryAllocate):
2122         (JSC::DFG::JITCodeGenerator::selectScratchGPR):
2123         (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
2124         * dfg/DFGJITCompiler.cpp:
2125         (JSC::DFG::JITCompiler::compileFunction):
2126         * dfg/DFGJITCompiler.h:
2127         (JSC::DFG::JITCompiler::addPropertyAccess):
2128         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
2129         * dfg/DFGRegisterBank.h:
2130         (JSC::DFG::RegisterBank::tryAllocate):
2131         * dfg/DFGRepatch.cpp:
2132         (JSC::DFG::tryCacheGetByID):
2133
2134 2011-06-28  Pierre Rossi  <pierre.rossi@gmail.com>
2135
2136         Reviewed by Eric Seidel.
2137
2138         Warnings in JSC's JIT on 32 bit
2139         https://bugs.webkit.org/show_bug.cgi?id=63259
2140
2141         Fairly straightforward, just use ASSERT_JIT_OFFSET_UNUSED when it applies.
2142
2143         * jit/JITPropertyAccess32_64.cpp:
2144         (JSC::JIT::emit_op_method_check):
2145         (JSC::JIT::compileGetByIdHotPath):
2146         (JSC::JIT::emit_op_put_by_id):
2147
2148 2011-06-28  Sheriff Bot  <webkit.review.bot@gmail.com>
2149
2150         Unreviewed, rolling out r89968.
2151         http://trac.webkit.org/changeset/89968
2152         https://bugs.webkit.org/show_bug.cgi?id=63581
2153
2154         Broke chromium windows compile (Requested by jamesr on
2155         #webkit).
2156
2157         * wtf/Platform.h:
2158
2159 2011-06-28  Oliver Hunt  <oliver@apple.com>
2160
2161         Reviewed by Gavin Barraclough.
2162
2163         Fix sampling build
2164         https://bugs.webkit.org/show_bug.cgi?id=63579
2165
2166         Gets opcode sampling building again, doesn't seem to work alas
2167
2168         * bytecode/SamplingTool.cpp:
2169         (JSC::SamplingTool::notifyOfScope):
2170         * bytecode/SamplingTool.h:
2171         (JSC::SamplingTool::SamplingTool):
2172         * interpreter/Interpreter.cpp:
2173         (JSC::Interpreter::enableSampler):
2174         * runtime/Executable.h:
2175         (JSC::ScriptExecutable::ScriptExecutable):
2176
2177 2011-06-28  Cary Clark  <caryclark@google.com>
2178
2179         Reviewed by James Robinson.
2180
2181         Use Skia if Skia on Mac Chrome is enabled
2182         https://bugs.webkit.org/show_bug.cgi?id=62999
2183
2184         * wtf/Platform.h:
2185         Add switch to use Skia if, externally,
2186         Skia has been enabled by a gyp define.
2187
2188 2011-06-28  Oliver Hunt  <oliver@apple.com>
2189
2190         Reviewed by Gavin Barraclough.
2191
2192         ASSERT when launching debug builds with interpreter and jit enabled
2193         https://bugs.webkit.org/show_bug.cgi?id=63566
2194
2195         Add appropriate guards to the various Executable's memory reporting
2196         logic.
2197
2198         * runtime/Executable.cpp:
2199         (JSC::EvalExecutable::compileInternal):
2200         (JSC::ProgramExecutable::compileInternal):
2201         (JSC::FunctionExecutable::compileForCallInternal):
2202         (JSC::FunctionExecutable::compileForConstructInternal):
2203
2204 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
2205
2206         Reviewed by Oliver Hunt.
2207
2208         https://bugs.webkit.org/show_bug.cgi?id=63563
2209         DFG JIT - add support for double arith to speculative path
2210
2211         Add integer support for div & mod, add double support for div, mod,
2212         add, sub & mul, dynamically selecting based on operand types.
2213
2214         * dfg/DFGJITCodeGenerator.cpp:
2215         (JSC::DFG::FPRTemporary::FPRTemporary):
2216         * dfg/DFGJITCodeGenerator.h:
2217         * dfg/DFGJITCompiler.h:
2218         (JSC::DFG::JITCompiler::assembler):
2219         * dfg/DFGSpeculativeJIT.cpp:
2220         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2221         (JSC::DFG::SpeculativeJIT::compile):
2222         * dfg/DFGSpeculativeJIT.h:
2223         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
2224         (JSC::DFG::SpeculateDoubleOperand::~SpeculateDoubleOperand):
2225         (JSC::DFG::SpeculateDoubleOperand::index):
2226         (JSC::DFG::SpeculateDoubleOperand::fpr):
2227
2228 2011-06-28  Oliver Hunt  <oliver@apple.com>
2229
2230         Fix interpreter build.
2231
2232         * interpreter/Interpreter.cpp:
2233         (JSC::Interpreter::privateExecute):
2234
2235 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
2236
2237         Reviewed by Oliver Hunt.
2238
2239         https://bugs.webkit.org/show_bug.cgi?id=63561
2240         DFG JIT - don't always assume integer in relational compare
2241
2242         If neither operand is known integer, or either is in double representation,
2243         then at least use a function call (don't bail off the speculative path).
2244
2245         * dfg/DFGSpeculativeJIT.cpp:
2246         (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
2247         (JSC::DFG::SpeculativeJIT::compile):
2248         * dfg/DFGSpeculativeJIT.h:
2249         (JSC::DFG::SpeculativeJIT::isDataFormatDouble):
2250         (JSC::DFG::SpeculativeJIT::compareIsInteger):
2251
2252 2011-06-28  Oliver Hunt  <oliver@apple.com>
2253
2254         Reviewed by Gavin Barraclough.
2255
2256         Make constant array optimisation less strict about what constitutes a constant
2257         https://bugs.webkit.org/show_bug.cgi?id=63554
2258
2259         Now allow string constants in array literals to actually be considered constant,
2260         and so avoid codegen in array literals with strings in them.
2261
2262         * bytecode/CodeBlock.h:
2263         (JSC::CodeBlock::addConstantBuffer):
2264         (JSC::CodeBlock::constantBuffer):
2265         * bytecompiler/BytecodeGenerator.cpp:
2266         (JSC::BytecodeGenerator::addConstantBuffer):
2267         (JSC::BytecodeGenerator::addStringConstant):
2268         (JSC::BytecodeGenerator::emitNewArray):
2269         * bytecompiler/BytecodeGenerator.h:
2270         * interpreter/Interpreter.cpp:
2271         (JSC::Interpreter::privateExecute):
2272         * jit/JITStubs.cpp:
2273         (JSC::DEFINE_STUB_FUNCTION):
2274
2275 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
2276
2277         Reviewed by Oliver Hunt.
2278
2279         https://bugs.webkit.org/show_bug.cgi?id=63560
2280         DFG_JIT allow allocation of specific machine registers
2281
2282         This allow us to allocate the registers necessary to perform x86
2283         idiv instructions for div/mod, and may be useful for shifts, too.
2284
2285         * dfg/DFGJITCodeGenerator.cpp:
2286         (JSC::DFG::GPRTemporary::GPRTemporary):
2287         * dfg/DFGJITCodeGenerator.h:
2288         (JSC::DFG::JITCodeGenerator::allocate):
2289         (JSC::DFG::GPRResult::GPRResult):
2290         * dfg/DFGRegisterBank.h:
2291         (JSC::DFG::RegisterBank::allocateSpecific):
2292         * dfg/DFGSpeculativeJIT.h:
2293         (JSC::DFG::SpeculativeJIT::isInteger):
2294
2295 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
2296
2297         Reviewed by Oliver Hunt.
2298
2299         https://bugs.webkit.org/show_bug.cgi?id=55040
2300         RegExp constructor returns the argument regexp instead of a new object
2301
2302         Per 15.10.3.1, our current behaviour is correct if called as a function,
2303         but incorrect when called as a constructor.
2304
2305         * runtime/RegExpConstructor.cpp:
2306         (JSC::constructRegExp):
2307         (JSC::constructWithRegExpConstructor):
2308         * runtime/RegExpConstructor.h:
2309
2310 2011-06-28  Luke Macpherson   <macpherson@chromium.org>
2311
2312         Reviewed by Darin Adler.
2313
2314         Clean up integer clamping functions in MathExtras.h and support arbitrary numeric types and limits.
2315         https://bugs.webkit.org/show_bug.cgi?id=63469
2316
2317         * wtf/MathExtras.h:
2318         (defaultMinimumForClamp):
2319         Version of std::numeric_limits::min() that returns the largest negative value for floating point types.
2320         (defaultMaximumForClamp):
2321         Symmetric alias for std::numeric_limits::max()
2322         (clampTo):
2323         New templated clamping function that supports arbitrary output types.
2324         (clampToInteger):
2325         Use new clampTo template.
2326         (clampToFloat):
2327         Use new clampTo template.
2328         (clampToPositiveInteger):
2329         Use new clampTo template.
2330
2331 2011-06-28  Adam Roben  <aroben@apple.com>
2332
2333         Windows Debug build fix after r89885
2334
2335         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported
2336         JSGlobalData::releaseExecutableMemory for jsc.exe's benefit.
2337
2338 2011-06-28  Shinya Kawanaka  <shinyak@google.com>
2339
2340         Reviewed by Kent Tamura.
2341
2342         Add const to show() method in WTFString and AtomicString.
2343         https://bugs.webkit.org/show_bug.cgi?id=63515
2344
2345         The lack of const in show() method is painful when
2346         doing something like printf-debug.
2347
2348         * wtf/text/AtomicString.cpp:
2349         (WTF::AtomicString::show):
2350         * wtf/text/AtomicString.h:
2351         * wtf/text/WTFString.cpp:
2352         (String::show):
2353         * wtf/text/WTFString.h:
2354
2355 2011-06-27  Ryosuke Niwa  <rniwa@webkit.org>
2356
2357         Build fix attempt after r89885.
2358
2359         * JavaScriptCore.exp:
2360         * jsc.cpp:
2361
2362 2011-06-27  Oliver Hunt  <oliver@apple.com>
2363
2364         Reviewed by Geoffrey Garen.
2365
2366         Support throwing away non-running code even while other code is running
2367         https://bugs.webkit.org/show_bug.cgi?id=63485
2368
2369         Add a function to CodeBlock to support unlinking direct linked callsites,
2370         and then with that in place add logic to discard code from any function
2371         that is not currently on the stack.
2372
2373         The unlinking completely reverts any optimized call sites, such that they
2374         may be relinked again in future.
2375
2376         * JavaScriptCore.exp:
2377         * bytecode/CodeBlock.cpp:
2378         (JSC::CodeBlock::unlinkCalls):
2379         (JSC::CodeBlock::clearEvalCache):
2380         * bytecode/CodeBlock.h:
2381         (JSC::CallLinkInfo::CallLinkInfo):
2382         (JSC::CallLinkInfo::unlink):
2383         * bytecode/EvalCodeCache.h:
2384         (JSC::EvalCodeCache::clear):
2385         * heap/Heap.cpp:
2386         (JSC::Heap::getConservativeRegisterRoots):
2387         * heap/Heap.h:
2388         * jit/JIT.cpp:
2389         (JSC::JIT::privateCompile):
2390         * jit/JIT.h:
2391         * jit/JITCall.cpp:
2392         (JSC::JIT::compileOpCall):
2393         * jit/JITWriteBarrier.h:
2394         (JSC::JITWriteBarrierBase::clear):
2395         * jsc.cpp:
2396         (GlobalObject::GlobalObject):
2397         (functionReleaseExecutableMemory):
2398         * runtime/Executable.cpp:
2399         (JSC::EvalExecutable::unlinkCalls):
2400         (JSC::ProgramExecutable::unlinkCalls):
2401         (JSC::FunctionExecutable::discardCode):
2402         (JSC::FunctionExecutable::unlinkCalls):
2403         * runtime/Executable.h:
2404         * runtime/JSGlobalData.cpp:
2405         (JSC::SafeRecompiler::returnValue):
2406         (JSC::SafeRecompiler::operator()):
2407         (JSC::JSGlobalData::releaseExecutableMemory):
2408
2409 2011-06-27  Gavin Barraclough  <barraclough@apple.com>
2410
2411         Reviewed by Darin Adler & Oliver Hunt.
2412
2413         https://bugs.webkit.org/show_bug.cgi?id=50554
2414         RegExp.prototype.toString does not escape slashes
2415
2416         The problem here is that we don't escape forwards slashes when converting
2417         a RegExp to a string. This means that RegExp("/").toString() is "///",
2418         which is not a valid RegExp literal. Also, we return an invalid literal
2419         for RegExp.prototype.toString() ("//", which is an empty single-line comment).
2420
2421         From ES5:
2422         "NOTE: The returned String has the form of a RegularExpressionLiteral that
2423         evaluates to another RegExp object with the same behaviour as this object."
2424
2425         * runtime/RegExpObject.cpp:
2426         (JSC::regExpObjectSource):
2427             - Escape forward slashes when getting the source of a RegExp.
2428         * runtime/RegExpPrototype.cpp:
2429         (JSC::regExpProtoFuncToString):
2430             - Remove unnecessary and erroneous hack to return "//" as the string
2431             representation of RegExp.prototype. This is not a valid RegExp literal
2432             (it is an empty single-line comment).
2433
2434 2011-06-27  Gavin Barraclough  <barraclough@apple.com>
2435
2436         Reviewed by Oliver Hunt.
2437
2438         https://bugs.webkit.org/show_bug.cgi?id=63497
2439         Add DEBUG_WITH_BREAKPOINT support to the DFG JIT.
2440
2441         * dfg/DFGByteCodeParser.cpp:
2442         (JSC::DFG::ByteCodeParser::parseBlock):
2443         * dfg/DFGNode.h:
2444         * dfg/DFGNonSpeculativeJIT.cpp:
2445         (JSC::DFG::NonSpeculativeJIT::compile):
2446         * dfg/DFGSpeculativeJIT.cpp:
2447         (JSC::DFG::SpeculativeJIT::compile):
2448
2449 2011-06-27  Juan C. Montemayor  <jmont@apple.com>
2450
2451         Reviewed by Mark Rowe.
2452
2453         Indirectly including TextPosition.h and XPathGrammar.h causes compile errors
2454         https://bugs.webkit.org/show_bug.cgi?id=63392
2455         
2456         When both TextPosition.h and XPathGrammar.h are included a compile-error
2457         is caused, since XPathGrammar.h defines a macro called NUMBER and 
2458         TextPosition has a typedef named NUMBER.
2459
2460         * wtf/text/TextPosition.h:
2461         (WTF::TextPosition::TextPosition):
2462         (WTF::TextPosition::minimumPosition):
2463         (WTF::TextPosition::belowRangePosition):
2464
2465 2011-06-27  Filip Pizlo  <fpizlo@apple.com>
2466
2467         Reviewed by Gavin Barraclough.
2468
2469         DFG JIT does not perform put_by_id caching.
2470         https://bugs.webkit.org/show_bug.cgi?id=63409
2471
2472         * bytecode/StructureStubInfo.h:
2473         * dfg/DFGJITCodeGenerator.cpp:
2474         (JSC::DFG::JITCodeGenerator::cachedPutById):
2475         * dfg/DFGJITCodeGenerator.h:
2476         * dfg/DFGJITCompiler.cpp:
2477         (JSC::DFG::JITCompiler::compileFunction):
2478         * dfg/DFGJITCompiler.h:
2479         (JSC::DFG::JITCompiler::addPropertyAccess):
2480         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
2481         * dfg/DFGNonSpeculativeJIT.cpp:
2482         (JSC::DFG::NonSpeculativeJIT::compile):
2483         * dfg/DFGOperations.cpp:
2484         * dfg/DFGOperations.h:
2485         * dfg/DFGRepatch.cpp:
2486         (JSC::DFG::dfgRepatchByIdSelfAccess):
2487         (JSC::DFG::tryCacheGetByID):
2488         (JSC::DFG::appropriatePutByIdFunction):
2489         (JSC::DFG::tryCachePutByID):
2490         (JSC::DFG::dfgRepatchPutByID):
2491         * dfg/DFGRepatch.h:
2492         * dfg/DFGSpeculativeJIT.cpp:
2493         (JSC::DFG::SpeculativeJIT::compile):
2494
2495 2011-06-27  Gustavo Noronha Silva  <gns@gnome.org>
2496
2497         Unreviewed build fix. One more filed missing during distcheck, for
2498         the MIPS build.
2499
2500         * GNUmakefile.list.am:
2501
2502 2011-06-26  Filip Pizlo  <fpizlo@apple.com>
2503
2504         Reviewed by Gavin Barraclough.
2505
2506         DFG non-speculative JIT has potentially harmful speculations with respect to arithmetic operations.
2507         https://bugs.webkit.org/show_bug.cgi?id=63347
2508
2509         * dfg/DFGNonSpeculativeJIT.cpp:
2510             - Changed arithmetic operations to speculate in favor of integers.
2511         (JSC::DFG::NonSpeculativeJIT::valueToNumber):
2512         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
2513         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
2514         (JSC::DFG::NonSpeculativeJIT::compile):
2515         * dfg/DFGNonSpeculativeJIT.h:
2516         * dfg/DFGOperations.cpp:
2517             - Added slow-path routines for arithmetic that perform no speculation; the
2518               non-speculative JIT will generate calls to these in cases where its
2519               speculation fails.
2520         * dfg/DFGOperations.h:
2521
2522 2011-06-24  Nikolas Zimmermann  <nzimmermann@rim.com>
2523
2524         Reviewed by Rob Buis.
2525
2526         Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
2527         https://bugs.webkit.org/show_bug.cgi?id=59085
2528
2529         * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
2530
2531 2011-06-24  Michael Saboff  <msaboff@apple.com>
2532
2533         Reviewed by Gavin Barraclough.
2534
2535         Arm Assembler, Immediate stack offset values truncated to 8 bits for add & sub
2536         https://bugs.webkit.org/show_bug.cgi?id=63345
2537
2538         The methods ARMThumbImmediate::getUInt9 and ARMThumbImmediate::getUInt10
2539         return 9 and 10 bit quantities, therefore changed their return type from
2540         uint8_t to uint16_t.  Also casted the places where they are used as they
2541         are currently shifted and used as 7 or 8 bit values.
2542
2543         These methods are currently used for literals for stack offsets, 
2544         including creating and destroying stack frames.  The prior truncation of
2545         the upper bits caused stack frames to be too small, thus allowing a
2546         JIT'ed function to access and overwrite stack space outside of the
2547         incorrectly sized stack frame.
2548
2549         * assembler/ARMv7Assembler.h:
2550         (JSC::ARMThumbImmediate::getUInt9):
2551         (JSC::ARMThumbImmediate::getUInt10):
2552         (JSC::ARMv7Assembler::add):
2553         (JSC::ARMv7Assembler::ldr):
2554         (JSC::ARMv7Assembler::str):
2555         (JSC::ARMv7Assembler::sub):
2556         (JSC::ARMv7Assembler::sub_S):
2557
2558 2011-06-24  Michael Saboff  <msaboff@apple.com>
2559
2560         Reviewed by Geoffrey Garen.
2561
2562         releaseFastMallocFreeMemory doesn't adjust free counts for scavenger
2563         https://bugs.webkit.org/show_bug.cgi?id=63015
2564
2565         Added code to adjust class TCMalloc_PageHeap variables free_committed_pages_ and
2566         min_free_committed_pages_since_last_scavenge_ in ReleaseFreeList().  These 
2567         adjustments are a bug.  These need to reflect the pages that are released
2568         in ReleaseFreeLsit so that scavenge doesn't try to free that many pages as well.
2569         Made ReleaseFreeList a member of TCMalloc_PageHeap in the process.  Updated
2570         Check() and helper method CheckList() to check the number of actual free pages
2571         with free_committed_pages_.
2572
2573         The symptom of the problem of the existing code is that the scavenger may
2574         run unneccesarily without any real work to do, i.e. pages on the free lists.
2575         The scanvenger would also end up freeing too many pages, that is going below 
2576         the current 528 target free pages.
2577
2578         Note that the style of the changes was kept consistent with the
2579         existing style.
2580
2581         * wtf/FastMalloc.cpp:
2582         (WTF::TCMalloc_PageHeap::Check):
2583         (WTF::TCMalloc_PageHeap::CheckList):
2584         (WTF::TCMalloc_PageHeap::ReleaseFreeList):
2585
2586 2011-06-24  Abhishek Arya  <inferno@chromium.org>
2587
2588         Reviewed by Darin Adler.
2589
2590         Match other clampTo* functions in style with clampToInteger(float)
2591         function.
2592         https://bugs.webkit.org/show_bug.cgi?id=53449
2593
2594         * wtf/MathExtras.h:
2595         (clampToInteger):
2596         (clampToFloat):
2597         (clampToPositiveInteger):
2598
2599 2011-06-24  Sheriff Bot  <webkit.review.bot@gmail.com>
2600
2601         Unreviewed, rolling out r89594.
2602         http://trac.webkit.org/changeset/89594
2603         https://bugs.webkit.org/show_bug.cgi?id=63316
2604
2605         It broke 5 tests on the Qt bot (Requested by Ossy_DC on
2606         #webkit).
2607
2608         * GNUmakefile.list.am:
2609         * JavaScriptCore.gypi:
2610         * icu/unicode/uscript.h: Removed.
2611         * wtf/unicode/ScriptCodesFromICU.h: Removed.
2612         * wtf/unicode/brew/UnicodeBrew.h:
2613         * wtf/unicode/glib/UnicodeGLib.h:
2614         * wtf/unicode/icu/UnicodeIcu.h:
2615         * wtf/unicode/qt4/UnicodeQt4.h:
2616         * wtf/unicode/wince/UnicodeWinCE.h:
2617
2618 2011-06-23  Filip Pizlo  <fpizlo@apple.com>
2619
2620         Reviewed by Gavin Barraclough.
2621
2622         DFG non-speculative JIT should have obvious optimizations for GetById and GetByVal
2623         https://bugs.webkit.org/show_bug.cgi?id=63173
2624
2625         * dfg/DFGJITCodeGenerator.cpp:
2626         (JSC::DFG::JITCodeGenerator::cachedGetById):
2627         * dfg/DFGJITCodeGenerator.h:
2628         * dfg/DFGNonSpeculativeJIT.cpp:
2629         (JSC::DFG::NonSpeculativeJIT::compile):
2630         * dfg/DFGSpeculativeJIT.cpp:
2631         (JSC::DFG::SpeculativeJIT::compile):
2632
2633 2011-06-23  Oliver Hunt  <oliver@apple.com>
2634
2635         Fix Qt again.
2636
2637         * assembler/ARMAssembler.h:
2638         (JSC::ARMAssembler::readPointer):
2639
2640 2011-06-23  Oliver Hunt  <oliver@apple.com>
2641
2642         Fix Qt Build
2643
2644         * assembler/ARMAssembler.h:
2645         (JSC::ARMAssembler::readPointer):
2646
2647 2011-06-23  Stephanie Lewis  <slewis@apple.com>
2648
2649         Reviewed by Darin Adler.
2650
2651         https://bugs.webkit.org/show_bug.cgi?id=63298
2652         Replace Malloc with FastMalloc to match the rest of wtf.
2653
2654         * wtf/BlockStack.h:
2655         (WTF::::~BlockStack):
2656         (WTF::::grow):
2657         (WTF::::shrink):
2658
2659 2011-06-23  Oliver Hunt  <oliver@apple.com>
2660
2661         Reviewed by Gavin Barraclough.
2662
2663         Add the ability to dynamically modify linked call sites
2664         https://bugs.webkit.org/show_bug.cgi?id=63291
2665
2666         Add JITWriteBarrier as a writebarrier class that allows
2667         reading and writing directly into the code stream.
2668
2669         This required adding logic to all the assemblers to allow
2670         us to read values back out of the instruction stream.
2671
2672         * JavaScriptCore.xcodeproj/project.pbxproj:
2673         * assembler/ARMAssembler.h:
2674         (JSC::ARMAssembler::readPointer):
2675         * assembler/ARMv7Assembler.h:
2676         (JSC::ARMv7Assembler::readPointer):
2677         (JSC::ARMv7Assembler::readInt32):
2678         (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmFirst):
2679         (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmSecond):
2680         * assembler/AbstractMacroAssembler.h:
2681         (JSC::AbstractMacroAssembler::readPointer):
2682         * assembler/MIPSAssembler.h:
2683         (JSC::MIPSAssembler::readInt32):
2684         (JSC::MIPSAssembler::readPointer):
2685         * assembler/MacroAssemblerCodeRef.h:
2686         (JSC::MacroAssemblerCodePtr::operator!):
2687         * assembler/SH4Assembler.h:
2688         (JSC::SH4Assembler::readPCrelativeAddress):
2689         (JSC::SH4Assembler::readPointer):
2690         (JSC::SH4Assembler::readInt32):
2691         * assembler/X86Assembler.h:
2692         (JSC::X86Assembler::readPointer):
2693         * bytecode/CodeBlock.cpp:
2694         (JSC::CodeBlock::visitAggregate):
2695         * bytecode/CodeBlock.h:
2696         (JSC::MethodCallLinkInfo::seenOnce):
2697         (JSC::MethodCallLinkInfo::setSeen):
2698         * heap/MarkStack.h:
2699         * jit/JIT.cpp:
2700         (JSC::JIT::privateCompile):
2701         (JSC::JIT::linkCall):
2702         (JSC::JIT::linkConstruct):
2703         * jit/JITPropertyAccess.cpp:
2704         (JSC::JIT::patchMethodCallProto):
2705         * jit/JITPropertyAccess32_64.cpp:
2706         * jit/JITWriteBarrier.h: Added.
2707         (JSC::JITWriteBarrierBase::operator UnspecifiedBoolType*):
2708         (JSC::JITWriteBarrierBase::operator!):
2709         (JSC::JITWriteBarrierBase::setFlagOnBarrier):
2710         (JSC::JITWriteBarrierBase::isFlagged):
2711         (JSC::JITWriteBarrierBase::setLocation):
2712         (JSC::JITWriteBarrierBase::location):
2713         (JSC::JITWriteBarrierBase::JITWriteBarrierBase):
2714         (JSC::JITWriteBarrierBase::set):
2715         (JSC::JITWriteBarrierBase::get):
2716         (JSC::JITWriteBarrier::JITWriteBarrier):
2717         (JSC::JITWriteBarrier::set):
2718         (JSC::JITWriteBarrier::get):
2719         (JSC::MarkStack::append):
2720
2721 2011-06-23  Gavin Barraclough  <barraclough@apple.com>
2722
2723         Reviewed by Oliver Hunt.
2724
2725         https://bugs.webkit.org/show_bug.cgi?id=61585
2726         Crash running regexp /(?:(?=g))|(?:m).{2147483648,}/
2727
2728         This is due to use of int instead of unsigned, bad math around
2729         the 2^31 boundary.
2730
2731         * yarr/YarrInterpreter.cpp:
2732         (JSC::Yarr::ByteCompiler::emitDisjunction):
2733             - Change some uses of int to unsigned, refactor compare logic to
2734               restrict to the range 0..2^32-1 (rather than -2^32-1..2^32-1).
2735         * yarr/YarrJIT.cpp:
2736         (JSC::Yarr::YarrGenerator::generate):
2737         (JSC::Yarr::YarrGenerator::backtrack):
2738             - Ditto.
2739
2740 2011-06-22  Gavin Barraclough  <barraclough@apple.com>
2741
2742         Reviewed by Sam Weinig.
2743
2744         https://bugs.webkit.org/show_bug.cgi?id=63218
2745         DFG JIT - remove machine type guarantees from graph
2746
2747         The DFG JIT currently makes assumptions about the types of machine registers
2748         that certain nodes will be loaded into. This will be broken as we generate
2749         nodes to produce both integer and double code paths. Remove int<->double
2750         conversions nodes. This design decision also gave rise to multiple types of
2751         constant nodes, requiring separate handling for each type. Merge these back
2752         into JSConstant.
2753
2754         * dfg/DFGAliasTracker.h:
2755         (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
2756         * dfg/DFGByteCodeParser.cpp:
2757         (JSC::DFG::ByteCodeParser::getToInt32):
2758         (JSC::DFG::ByteCodeParser::getToNumber):
2759         (JSC::DFG::ByteCodeParser::toInt32):
2760         (JSC::DFG::ByteCodeParser::toNumber):
2761         (JSC::DFG::ByteCodeParser::isInt32Constant):
2762         (JSC::DFG::ByteCodeParser::isDoubleConstant):
2763         (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
2764         (JSC::DFG::ByteCodeParser::valueOfDoubleConstant):
2765         (JSC::DFG::ByteCodeParser::one):
2766         (JSC::DFG::ByteCodeParser::predictInt32):
2767         * dfg/DFGGraph.cpp:
2768         (JSC::DFG::Graph::dump):
2769         * dfg/DFGJITCodeGenerator.h:
2770         (JSC::DFG::JITCodeGenerator::silentFillGPR):
2771         (JSC::DFG::JITCodeGenerator::silentFillFPR):
2772         (JSC::DFG::JITCodeGenerator::isJSConstant):
2773         (JSC::DFG::JITCodeGenerator::isDoubleConstant):
2774         (JSC::DFG::JITCodeGenerator::valueOfJSConstantAsImmPtr):
2775         * dfg/DFGJITCompiler.cpp:
2776         (JSC::DFG::JITCompiler::fillNumericToDouble):
2777         (JSC::DFG::JITCompiler::fillInt32ToInteger):
2778         * dfg/DFGJITCompiler.h:
2779         (JSC::DFG::JITCompiler::isJSConstant):
2780         (JSC::DFG::JITCompiler::isInt32Constant):
2781         (JSC::DFG::JITCompiler::isDoubleConstant):
2782         (JSC::DFG::JITCompiler::valueOfJSConstant):
2783         (JSC::DFG::JITCompiler::valueOfInt32Constant):
2784         (JSC::DFG::JITCompiler::valueOfDoubleConstant):
2785         * dfg/DFGNode.h:
2786         (JSC::DFG::Node::Node):
2787         (JSC::DFG::Node::isConstant):
2788         (JSC::DFG::Node::notTakenBytecodeOffset):
2789         * dfg/DFGNonSpeculativeJIT.cpp:
2790         (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
2791         (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
2792         (JSC::DFG::NonSpeculativeJIT::compile):
2793         * dfg/DFGSpeculativeJIT.cpp:
2794         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
2795         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2796         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
2797         (JSC::DFG::SpeculativeJIT::compile):
2798
2799 2011-06-23  Jungshik Shin  <jshin@chromium.org>
2800
2801         Reviewed by Alexey Proskuryakov.
2802
2803         Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
2804         build files for ports not using ICU.
2805         Add icu/unicode/uscript.h for ports using ICU. It's taken from 
2806         ICU 3.6 (the version used on Mac OS 10.5)
2807
2808         http://bugs.webkit.org/show_bug.cgi?id=20797
2809
2810         * GNUmakefile.list.am:
2811         * JavaScriptCore.gypi:
2812         * icu/unicode/uscript.h: Added for UScriptCode enum.
2813         * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
2814         * wtf/unicode/icu/UnicodeIcu.h:
2815         * wtf/unicode/brew/UnicodeBrew.h:
2816         * wtf/unicode/glib/UnicodeGLib.h:
2817         * wtf/unicode/qt4/UnicodeQt4.h:
2818         * wtf/unicode/wince/UnicodeWinCE.h:
2819
2820 2011-06-23  Ryuan Choi  <ryuan.choi@samsung.com>
2821
2822         Reviewed by Andreas Kling.
2823
2824         [EFL][WK2] Add PLATFORM(EFL) to use UNIX_DOMAIN_SOCKETS.
2825         https://bugs.webkit.org/show_bug.cgi?id=63228
2826
2827         * wtf/Platform.h: Add PLATFORM(EFL) guard.
2828
2829 2011-06-23  Sheriff Bot  <webkit.review.bot@gmail.com>
2830
2831         Unreviewed, rolling out r89547.
2832         http://trac.webkit.org/changeset/89547
2833         https://bugs.webkit.org/show_bug.cgi?id=63252
2834
2835         "Chrmium crash on start" (Requested by yurys on #webkit).
2836
2837         * wtf/DynamicAnnotations.cpp:
2838         (WTFAnnotateBenignRaceSized):
2839         (WTFAnnotateHappensBefore):
2840         (WTFAnnotateHappensAfter):
2841         * wtf/DynamicAnnotations.h:
2842
2843 2011-06-23  Timur Iskhodzhanov  <timurrrr@google.com>
2844
2845         Reviewed by David Levin.
2846
2847         Make dynamic annotations weak symbols and prevent identical code folding by the linker
2848         https://bugs.webkit.org/show_bug.cgi?id=62443
2849
2850         * wtf/DynamicAnnotations.cpp:
2851         (WTFAnnotateBenignRaceSized):
2852         (WTFAnnotateHappensBefore):
2853         (WTFAnnotateHappensAfter):
2854         * wtf/DynamicAnnotations.h:
2855
2856 2011-06-22  Yael Aharon  <yael.aharon@nokia.com>
2857
2858         Reviewed by Andreas Kling.
2859
2860         [Qt] Add a build flag for building with libxml2 and libxslt.
2861         https://bugs.webkit.org/show_bug.cgi?id=63113
2862
2863         * wtf/Platform.h:
2864
2865 2011-06-22  Sheriff Bot  <webkit.review.bot@gmail.com>
2866
2867         Unreviewed, rolling out r89489.
2868         http://trac.webkit.org/changeset/89489
2869         https://bugs.webkit.org/show_bug.cgi?id=63203
2870
2871         Broke chromium mac build on build.webkit.org (Requested by
2872         abarth on #webkit).
2873
2874         * wtf/Platform.h:
2875
2876 2011-06-22  Cary Clark  <caryclark@google.com>
2877
2878         Reviewed by Darin Fisher.
2879
2880         Use Skia if Skia on Mac Chrome is enabled
2881         https://bugs.webkit.org/show_bug.cgi?id=62999
2882
2883         * wtf/Platform.h:
2884         Add switch to use Skia if, externally,
2885         Skia has been enabled by a gyp define.
2886
2887 2011-06-22  Geoffrey Garen  <ggaren@apple.com>
2888
2889         Reviewed by Oliver Hunt.
2890
2891         * interpreter/RegisterFile.h: Removed unnecessary #include <stdio.h>.
2892
2893 2011-06-22  Geoffrey Garen  <ggaren@apple.com>
2894
2895         Reviewed by Oliver Hunt.
2896
2897         Removed the conceit that global variables are local variables when running global code
2898         https://bugs.webkit.org/show_bug.cgi?id=63106
2899         
2900         This is required for write barrier correctness.
2901         
2902         SunSpider reports about a 0.5% regression, mostly from bitops-bitwise-and.js.
2903         I was able to reduce the regression with a tiny peephole optimization in
2904         the bytecompiler, but not eliminate it. I'm committing this assuming
2905         that turning on generational GC will win back at least 0.5%.
2906
2907         (FWIW, the DFG JIT can easily eliminate any regression by sharing loads of
2908         the global object's var storage. I considered doing the same kind of
2909         optimization in the existing JIT, but it seemed like moving in the wrong
2910         direction.)
2911
2912         * bytecompiler/BytecodeGenerator.cpp:
2913         (JSC::BytecodeGenerator::addGlobalVar):
2914         (JSC::BytecodeGenerator::BytecodeGenerator): Don't give global variables
2915         negative indices, since they're no longer negatively offset from the
2916         current stack frame.
2917         
2918         Do give global variables monotonically increasing positive indices, since
2919         that's much easier to work with.
2920         
2921         Don't limit the number of optimizable global variables, since it's no
2922         longer limited by the register file, since they're no longer stored in
2923         the register file.
2924
2925         (JSC::BytecodeGenerator::registerFor): Global code never has any local
2926         registers because a var in global code is actually a property of the
2927         global object.
2928
2929         (JSC::BytecodeGenerator::constRegisterFor): Ditto.
2930
2931         (JSC::BytecodeGenerator::emitResolve): Did a tiny bit of constant
2932         propagation and dead code elimination to speed up our compiles and
2933         reduce WTFs / minute.
2934
2935         * bytecompiler/BytecodeGenerator.h:
2936         (JSC::BytecodeGenerator::registerFor): Removed special handling of globals.
2937
2938         (JSC::BytecodeGenerator::shouldOptimizeLocals): Don't optimize locals in
2939         global code, since there are none.
2940
2941         (JSC::BytecodeGenerator::canOptimizeNonLocals): Do optimize non-locals
2942         in global code (i.e., global vars), since there are some.
2943
2944         * interpreter/Interpreter.cpp:
2945         (JSC::Interpreter::callEval):
2946         (JSC::Interpreter::Interpreter):
2947         (JSC::Interpreter::dumpRegisters):
2948         (JSC::Interpreter::execute):
2949         * interpreter/Interpreter.h: Updated for deleted / renamed code.
2950
2951         * interpreter/RegisterFile.cpp:
2952         (JSC::RegisterFile::gatherConservativeRoots):
2953         (JSC::RegisterFile::releaseExcessCapacity): Updated for deleted / renamed
2954         data members.
2955
2956         * interpreter/RegisterFile.h:
2957         (JSC::RegisterFile::begin):
2958         (JSC::RegisterFile::size):
2959         (JSC::RegisterFile::RegisterFile):
2960         (JSC::RegisterFile::shrink): Removed all code and comments dealing with
2961         global variables stored in the register file.
2962
2963         (JSC::RegisterFile::grow): Updated for same.
2964         
2965         Also, a slight correctness fix: Test the VM commit end, and not just the
2966         in-use end, when checking for stack overflow. In theory, it's invalid to
2967         commit past the end of your allocation, even if you never touch that
2968         memory. This makes the usable size of the stack slightly smaller. No test
2969         because we don't know of any case in practice where this crashes.
2970
2971         * runtime/JSGlobalData.cpp:
2972         (JSC::JSGlobalData::JSGlobalData): Updated for changes above.
2973
2974         * runtime/JSGlobalObject.cpp:
2975         (JSC::JSGlobalObject::resizeRegisters):
2976         (JSC::JSGlobalObject::addStaticGlobals):
2977         * runtime/JSGlobalObject.h: Simplified globals to have monotonically 
2978         increasing indexes, always located in our external storage.
2979
2980 2011-06-21  MORITA Hajime  <morrita@google.com>
2981
2982         Unreviewed, rolling out r89401 and r89403.
2983         http://trac.webkit.org/changeset/89401
2984         http://trac.webkit.org/changeset/89403
2985         https://bugs.webkit.org/show_bug.cgi?id=62970
2986
2987         Breaks mac build and mistakenly enables the spellcheck API
2988
2989         * Configurations/FeatureDefines.xcconfig:
2990         * JavaScriptCore.xcodeproj/project.pbxproj:
2991
2992 2011-06-21  Kent Tamura  <tkent@chromium.org>
2993
2994         [Mac] Sort Xcode project files.
2995
2996         * JavaScriptCore.xcodeproj/project.pbxproj:
2997
2998 2011-06-20  MORITA Hajime  <morrita@google.com>
2999
3000         Reviewed by Kent Tamura.
3001
3002         Spellcheck API should be build-able.
3003         https://bugs.webkit.org/show_bug.cgi?id=62970
3004
3005         No new tests, changing only build related files
3006         
3007         * Configurations/FeatureDefines.xcconfig:
3008
3009 2011-06-21  Geoffrey Garen  <ggaren@apple.com>
3010
3011         Reviewed by Oliver Hunt.
3012
3013         Moved 'const' off the global-variable-as-local-variable crack pipe
3014         https://bugs.webkit.org/show_bug.cgi?id=63105
3015         
3016         This is necessary for moving the rest of the code off of same.
3017         
3018         Many problems remain in our handling of const. I have fixed none of them.
3019
3020         * bytecompiler/BytecodeGenerator.h:
3021         (JSC::BytecodeGenerator::scopeChain): New accessor, needed to enable
3022         const to directly implement its unique scoping rules.
3023
3024         * bytecompiler/NodesCodegen.cpp:
3025         (JSC::PrefixResolveNode::emitBytecode): Do specify that our resolve is
3026         for writing, so we don't overwrite const variables.
3027
3028         (JSC::ConstDeclNode::emitCodeSingle): Don't assume that all declared const
3029         variables are available as local variables, since this won't be the case
3030         once global variables are not available as local variables. Instead, use
3031         put_scoped_var in the case where there is no local variable. Like a local
3032         variable, put_scoped_var succeeds even though const properties are
3033         read-only, since put_scoped_var skips read-only checks. (Yay?)
3034
3035 2011-06-21  Oliver Hunt  <oliver@apple.com>
3036
3037         Reviewed by Alexey Proskuryakov.
3038
3039         REGRESSION(r89257): It broke 2 jscore tests (Requested by Ossy_away on #webkit).
3040         https://bugs.webkit.org/show_bug.cgi?id=63052
3041
3042         Release mode only failure, the stack overflow guards were getting there error
3043         handling inlined, so that they were essentially causing their own demise.
3044
3045         * parser/JSParser.cpp:
3046         (JSC::JSParser::updateErrorMessage):
3047         (JSC::JSParser::updateErrorWithNameAndMessage):
3048
3049 2011-06-20  Kenneth Russell  <kbr@google.com>
3050
3051         Unreviewed.
3052
3053         Rolled out r89233 and r89235 because of crashes in http/tests/misc/acid3.html on Snow Leopard and other platforms
3054         https://bugs.webkit.org/show_bug.cgi?id=63022
3055
3056         * wtf/Platform.h:
3057
3058 2011-06-18  Anders Carlsson  <andersca@apple.com>
3059
3060         Reviewed by Darin Adler.
3061
3062         Disallow assigning into PassOwnArrayPtr, PassOwnPtr and PassRefPtr
3063         https://bugs.webkit.org/show_bug.cgi?id=62940
3064
3065         Remove clear() and all assignment operators except one which now has a COMPILE_ASSERT.
3066
3067         * wtf/PassOwnArrayPtr.h:
3068         (WTF::PassOwnArrayPtr::operator=):
3069         * wtf/PassOwnPtr.h:
3070         (WTF::PassOwnPtr::operator=):
3071         * wtf/PassRefPtr.h:
3072         (WTF::PassRefPtr::operator=):
3073         (WTF::NonNullPassRefPtr::operator=):
3074
3075 2011-06-20  Oliver Hunt  <oliver@apple.com>
3076
3077         Reviewed by Darin Adler.
3078
3079         REGRESSION (r79060): Searching for a flight at united.com fails
3080         https://bugs.webkit.org/show_bug.cgi?id=63003
3081
3082         This original change also broke Twitter, and we attempted to refine the fix to 
3083         address that problem (http://trac.webkit.org/changeset/80542), but since it still breaks United,
3084         we need to revert the change until we understand the problem better.
3085
3086         * wtf/DateMath.cpp:
3087         (WTF::parseDateFromNullTerminatedCharacters):
3088
3089 2011-06-20  Juan C. Montemayor  <jmont@apple.com>
3090
3091         Reviewed by Oliver Hunt.
3092
3093         No context for javascript parse errors.
3094         https://bugs.webkit.org/show_bug.cgi?id=62613
3095         
3096         Parse errors now show more details like:
3097         "Unexpected token: ]"
3098         or
3099         "Expected token: while"
3100         
3101         For reserved names, numbers, indentifiers, strings, lexer errors, 
3102         and EOFs, the following error messages are printed:
3103         
3104         "Use of reserved word: super"
3105         "Unexpected number: 42"
3106         "Unexpected identifier: "
3107         "Unexpected string: "foobar""
3108         "Invalid token character sequence: \u4023"
3109         "Unexpected EOF"
3110
3111         * parser/JSParser.cpp:
3112         (JSC::JSParser::consume):
3113         (JSC::JSParser::getToken):
3114         (JSC::JSParser::getTokenName):
3115         (JSC::JSParser::updateErrorMessageSpecialCase):
3116         (JSC::JSParser::updateErrorMessage):
3117         (JSC::JSParser::updateErrorWithNameAndMessage):
3118         (JSC::jsParse):
3119         (JSC::JSParser::JSParser):
3120         (JSC::JSParser::parseProgram):
3121         (JSC::JSParser::parseVarDeclarationList):
3122         (JSC::JSParser::parseForStatement):
3123         (JSC::JSParser::parseBreakStatement):
3124         (JSC::JSParser::parseContinueStatement):
3125         (JSC::JSParser::parseWithStatement):
3126         (JSC::JSParser::parseTryStatement):
3127         (JSC::JSParser::parseStatement):
3128         (JSC::JSParser::parseFormalParameters):
3129         (JSC::JSParser::parseFunctionInfo):
3130         (JSC::JSParser::parseAssignmentExpression):
3131         (JSC::JSParser::parsePrimaryExpression):
3132         (JSC::JSParser::parseMemberExpression):
3133         (JSC::JSParser::parseUnaryExpression):
3134         * parser/JSParser.h:
3135         * parser/Lexer.cpp:
3136         (JSC::Lexer::lex):
3137         * parser/Parser.cpp:
3138         (JSC::Parser::parse):
3139
3140 2011-06-20  Nikolas Zimmermann  <nzimmermann@rim.com>
3141
3142         Reviewed by Rob Buis.
3143
3144         Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
3145         https://bugs.webkit.org/show_bug.cgi?id=59085
3146
3147         * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
3148
3149 2011-06-19  Oliver Hunt  <oliver@apple.com>
3150
3151         Reviewed by Sam Weinig.
3152
3153         Correct logic for putting errors on the correct line when handling JSONP
3154         https://bugs.webkit.org/show_bug.cgi?id=62962
3155
3156         Minor fix for the minor fix.  *sigh*
3157
3158         * interpreter/Interpreter.cpp:
3159         (JSC::Interpreter::execute):
3160
3161 2011-06-19  Oliver Hunt  <oliver@apple.com>
3162
3163         Minor fix to correct layout test results.
3164
3165         * interpreter/Interpreter.cpp:
3166         (JSC::Interpreter::execute):
3167
3168 2011-06-17  Oliver Hunt  <oliver@apple.com>
3169
3170         Reviewed by Gavin Barraclough.
3171
3172         JSONP is unnecessarily slow
3173         https://bugs.webkit.org/show_bug.cgi?id=62920
3174
3175         JSONP has unfortunately become a fairly common idiom online, yet
3176         it triggers very poor performance in JSC as we end up doing codegen
3177         for a large number of property accesses that will
3178            * only be run once, so the vast amount of logic we dump to handle
3179              caching of accesses is unnecessary.
3180            * We are doing codegen that is directly proportional to just
3181              creating the object in the first place.
3182
3183         This patch extends the use of the literal parser to JSONP-like structures
3184         in global code, handling a number of different forms I have seen online.
3185         In an extreme case this improves performance of JSONP by more than 2x
3186         due to removal of code generation and execution time, and a few optimisations
3187         that I made to the parser itself.
3188
3189         * API/JSValueRef.cpp:
3190         (JSValueMakeFromJSONString):
3191         * interpreter/Interpreter.cpp:
3192         (JSC::Interpreter::callEval):
3193         (JSC::Interpreter::execute):
3194         * parser/Lexer.cpp:
3195         (JSC::Lexer::isKeyword):
3196         * parser/Lexer.h:
3197         * runtime/JSGlobalObjectFunctions.cpp:
3198         (JSC::globalFuncEval):
3199         * runtime/JSONObject.cpp:
3200         (JSC::JSONProtoFuncParse):
3201         * runtime/LiteralParser.cpp:
3202         (JSC::LiteralParser::tryJSONPParse):
3203         (JSC::LiteralParser::makeIdentifier):
3204         (JSC::LiteralParser::Lexer::lex):
3205         (JSC::LiteralParser::Lexer::next):
3206         (JSC::isSafeStringCharacter):
3207         (JSC::LiteralParser::Lexer::lexString):
3208         (JSC::LiteralParser::Lexer::lexNumber):
3209         (JSC::LiteralParser::parse):
3210         * runtime/LiteralParser.h:
3211         (JSC::LiteralParser::LiteralParser):
3212         (JSC::LiteralParser::tryLiteralParse):
3213         (JSC::LiteralParser::Lexer::Lexer):
3214
3215 2011-06-18  Sheriff Bot  <webkit.review.bot@gmail.com>
3216
3217         Unreviewed, rolling out r89184.
3218         http://trac.webkit.org/changeset/89184
3219         https://bugs.webkit.org/show_bug.cgi?id=62927
3220
3221         It broke 22 tests on all bot (Requested by Ossy_weekend on
3222         #webkit).
3223
3224         * API/JSValueRef.cpp:
3225         (JSValueMakeFromJSONString):
3226         * interpreter/Interpreter.cpp:
3227         (JSC::Interpreter::callEval):
3228         (JSC::Interpreter::execute):
3229         * parser/Lexer.cpp:
3230         * parser/Lexer.h:
3231         * runtime/JSGlobalObjectFunctions.cpp:
3232         (JSC::globalFuncEval):
3233         * runtime/JSONObject.cpp:
3234         (JSC::JSONProtoFuncParse):
3235         * runtime/LiteralParser.cpp:
3236         (JSC::LiteralParser::Lexer::lex):
3237         (JSC::isSafeStringCharacter):
3238         (JSC::LiteralParser::Lexer::lexString):
3239         (JSC::LiteralParser::Lexer::lexNumber):
3240         (JSC::LiteralParser::parse):
3241         * runtime/LiteralParser.h:
3242         (JSC::LiteralParser::LiteralParser):
3243         (JSC::LiteralParser::tryLiteralParse):
3244         (JSC::LiteralParser::Lexer::Lexer):
3245         (JSC::LiteralParser::Lexer::next):
3246
3247 2011-06-17  Oliver Hunt  <oliver@apple.com>
3248
3249         Reviewed by Gavin Barraclough.
3250
3251         JSONP is unnecessarily slow
3252         https://bugs.webkit.org/show_bug.cgi?id=62920
3253
3254         JSONP has unfortunately become a fairly common idiom online, yet
3255         it triggers very poor performance in JSC as we end up doing codegen
3256         for a large number of property accesses that will
3257            * only be run once, so the vast amount of logic we dump to handle
3258              caching of accesses is unnecessary.
3259            * We are doing codegen that is directly proportional to just
3260              creating the object in the first place.
3261
3262         This patch extends the use of the literal parser to JSONP-like structures
3263         in global code, handling a number of different forms I have seen online.
3264         In an extreme case this improves performance of JSONP by more than 2x
3265         due to removal of code generation and execution time, and a few optimisations
3266         that I made to the parser itself.
3267
3268         * API/JSValueRef.cpp:
3269         (JSValueMakeFromJSONString):
3270         * interpreter/Interpreter.cpp:
3271         (JSC::Interpreter::callEval):
3272         (JSC::Interpreter::execute):
3273         * parser/Lexer.cpp:
3274         (JSC::Lexer::isKeyword):
3275         * parser/Lexer.h:
3276         * runtime/JSGlobalObjectFunctions.cpp:
3277         (JSC::globalFuncEval):
3278         * runtime/JSONObject.cpp:
3279         (JSC::JSONProtoFuncParse):
3280         * runtime/LiteralParser.cpp:
3281         (JSC::LiteralParser::tryJSONPParse):
3282         (JSC::LiteralParser::makeIdentifier):
3283         (JSC::LiteralParser::Lexer::lex):
3284         (JSC::LiteralParser::Lexer::next):
3285         (JSC::isSafeStringCharacter):
3286         (JSC::LiteralParser::Lexer::lexString):
3287         (JSC::LiteralParser::Lexer::lexNumber):
3288         (JSC::LiteralParser::parse):
3289         * runtime/LiteralParser.h:
3290         (JSC::LiteralParser::LiteralParser):
3291         (JSC::LiteralParser::tryLiteralParse):
3292         (JSC::LiteralParser::Lexer::Lexer):
3293
3294 2011-06-17  Geoffrey Garen  <ggaren@apple.com>
3295
3296         Reviewed by Oliver Hunt.
3297
3298         Moved some property access JIT code into property access JIT files
3299         https://bugs.webkit.org/show_bug.cgi?id=62906
3300
3301         * jit/JITOpcodes.cpp:
3302         * jit/JITOpcodes32_64.cpp:
3303         * jit/JITPropertyAccess.cpp:
3304         (JSC::JIT::emitSlow_op_put_by_val):
3305         (JSC::JIT::emit_op_get_scoped_var):
3306         (JSC::JIT::emit_op_put_scoped_var):
3307         (JSC::JIT::emit_op_get_global_var):
3308         (JSC::JIT::emit_op_put_global_var):
3309         * jit/JITPropertyAccess32_64.cpp:
3310         (JSC::JIT::emit_op_get_scoped_var):
3311         (JSC::JIT::emit_op_put_scoped_var):
3312         (JSC::JIT::emit_op_get_global_var):
3313         (JSC::JIT::emit_op_put_global_var):
3314
3315 2011-06-17  Anders Carlsson  <andersca@apple.com>
3316
3317         Build fix.
3318
3319         * JavaScriptCore.xcodeproj/project.pbxproj:
3320
3321 2011-06-17  Geoffrey Garen  <ggaren@apple.com>
3322
3323         Try to fix the Leopard build?
3324
3325         * JavaScriptCore.xcodeproj/project.pbxproj:
3326
3327 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
3328
3329         Reviewed by Oliver Hunt.
3330
3331         Added some write barrier action, compiled out by default
3332         https://bugs.webkit.org/show_bug.cgi?id=62844
3333
3334         * JavaScriptCore.exp: Build!
3335
3336         * JavaScriptCore.xcodeproj/project.pbxproj: Fixed an incremental build
3337         issue with Heap.cpp.
3338
3339         * heap/Heap.cpp:
3340         (JSC::Heap::writeBarrierSlowCase):
3341         * heap/Heap.h:
3342         (JSC::Heap::writeBarrier):
3343         * heap/MarkedBlock.h:
3344         (JSC::MarkedBlock::isAtomAligned):
3345         (JSC::MarkedBlock::blockFor):
3346         (JSC::MarkedBlock::atomNumber):
3347         (JSC::MarkedBlock::ownerSetNumber):
3348         (JSC::MarkedBlock::addOldSpaceOwner):
3349         (JSC::MarkedBlock::OwnerSet::OwnerSet):
3350         (JSC::MarkedBlock::OwnerSet::add):
3351         (JSC::MarkedBlock::OwnerSet::clear):
3352         (JSC::MarkedBlock::OwnerSet::size):
3353         (JSC::MarkedBlock::OwnerSet::didOverflow):
3354         (JSC::MarkedBlock::OwnerSet::owners): Added a basic write barrier that
3355         tracks owners for regions within blocks. Currently unused.
3356
3357 2011-06-17  Raphael Kubo da Costa  <kubo@profusion.mobi>
3358
3359         Reviewed by Eric Seidel.
3360
3361         [EFL] Add some OwnPtr specializations for EFL types.
3362         For now there are specializations for Ecore_Evas and Evas_Object.
3363         https://bugs.webkit.org/show_bug.cgi?id=62877
3364
3365         * wtf/CMakeListsEfl.txt:
3366         * wtf/OwnPtrCommon.h:
3367         * wtf/efl/OwnPtrEfl.cpp: Added.
3368         (WTF::deleteOwnedPtr):
3369
3370 2011-06-17  Joone Hur  <joone.hur@collabora.co.uk>
3371
3372         Reviewed by Martin Robinson.
3373
3374         [GTK] Replace GdkRectangle by cairo_rectangle_int_t
3375         https://bugs.webkit.org/show_bug.cgi?id=60687
3376
3377         Replace GdkRectangle by cairo_rectangle_int_t.
3378
3379         * wtf/gobject/GTypedefs.h: Replace GdkRectangle by cairo_rectangle_int_t.
3380
3381 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
3382
3383         Reviewed by Oliver Hunt.
3384
3385         https://bugs.webkit.org/show_bug.cgi?id=53014
3386         ES5 strict mode keyword restrictions aren't implemented
3387
3388         The following are future restricted words is strict mode code:
3389             implements, interface, let, package, private, protected, public, static, yield
3390
3391         * parser/JSParser.h:
3392             - Add RESERVED_IF_STRICT token.
3393         * parser/Keywords.table:
3394             - Add new future restricted words.
3395         * parser/Lexer.cpp:
3396         (JSC::Lexer::parseIdentifier):
3397             - Check for RESERVED_IF_STRICT; in nonstrict code this is converted to IDENT.
3398         (JSC::Lexer::lex):
3399             - Pass strictMode flag to parseIdentifier.
3400         * parser/Lexer.h:
3401             - parseIdentifier needs a strictMode flag.
3402         * runtime/CommonIdentifiers.h:
3403             - Add identifiers for new reserved words.
3404
3405 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
3406
3407         Reviewed by Oliver Hunt.
3408
3409         https://bugs.webkit.org/show_bug.cgi?id=23611
3410         Multiline Javascript comments cause incorrect parsing of following script.
3411
3412         From the spec:
3413         "A MultiLineComment [is] simply discarded if it contains no line terminator,
3414         but if a MultiLineComment contains one or more line terminators, then it is
3415         replaced with a single line terminator, which becomes part of the stream of
3416         inputs for the syntactic grammar." 
3417
3418         This may result in behavioural changes, due to automatic semicolon insertion.
3419
3420         * parser/Lexer.cpp:
3421         (JSC::Lexer::parseMultilineComment):
3422             - Set m_terminator is we see a line terminator in a multiline comment.
3423
3424 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
3425
3426         Reviewed by Sam Weinig.
3427
3428         https://bugs.webkit.org/show_bug.cgi?id=62824
3429         DFG JIT - add support for branch-fusion of compareEq, JSValue comparisons in SpeculativeJIT
3430
3431         CompareEq of non-integer values is the most common cause of speculation failure.
3432
3433         * dfg/DFGSpeculativeJIT.cpp:
3434         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
3435             - Support Equals.
3436         (JSC::DFG::SpeculativeJIT::compilePeepHoleEq):
3437             - new! - peephole optimized Eq of JSValues.
3438         (JSC::DFG::SpeculativeJIT::compile):
3439             - Add peephole optimization for CompareEq.
3440         * dfg/DFGSpeculativeJIT.h:
3441         (JSC::DFG::