51f9ab90436037daf354910b43274a32eb86bf58
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-03-29  Filip Pizlo  <fpizlo@apple.com>
2
3         DFG should optimize a==b for a being an object and b being either an object or
4         null/undefined, and vice versa
5         https://bugs.webkit.org/show_bug.cgi?id=82656
6
7         Reviewed by Oliver Hunt.
8         
9         Implements additional object equality optimizations for the case that one
10         operand is predicted to be an easily speculated object (like FinalObject or
11         Array) and the other is either an easily speculated object or Other, i.e.
12         Null or Undefined.
13         
14         2-5% speed-up on V8/raytrace, leading to a sub-1% progression on V8.
15         
16         I also took the opportunity to clean up the control flow for the speculation
17         decisions in the various Compare opcodes. And to fix a build bug in SamplingTool.
18         And to remove debug cruft I stupidly committed in my last patch.
19         
20         * bytecode/SamplingTool.h:
21         (SamplingRegion):
22         * dfg/DFGAbstractState.cpp:
23         (JSC::DFG::AbstractState::execute):
24         * dfg/DFGOperations.cpp:
25         * dfg/DFGSpeculativeJIT.cpp:
26         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
27         (JSC::DFG::SpeculativeJIT::compare):
28         * dfg/DFGSpeculativeJIT.h:
29         (SpeculativeJIT):
30         * dfg/DFGSpeculativeJIT32_64.cpp:
31         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
32         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
33         (DFG):
34         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
35         * dfg/DFGSpeculativeJIT64.cpp:
36         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
37         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
38         (DFG):
39         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
40
41 2012-03-30  David Barr  <davidbarr@chromium.org>
42
43         Split up top-level .gitignore and .gitattributes
44         https://bugs.webkit.org/show_bug.cgi?id=82687
45
46         Reviewed by Tor Arne Vestbø.
47
48         * JavaScriptCore.gyp/.gitignore: Added.
49
50 2012-03-30  Steve Falkenburg  <sfalken@apple.com>
51
52         Windows (make based) build fix.
53
54         * JavaScriptCore.vcproj/JavaScriptCore.make: Copy WTF header files into a place where JavaScriptCore build can see them.
55
56 2012-03-30  Keishi Hattori  <keishi@webkit.org>
57
58         Change ENABLE_INPUT_COLOR to ENABLE_INPUT_TYPE_COLOR and enable it for chromium
59         https://bugs.webkit.org/show_bug.cgi?id=80972
60
61         Reviewed by Kent Tamura.
62
63         * Configurations/FeatureDefines.xcconfig:
64
65 2012-03-29  Mark Hahnenberg  <mhahnenberg@apple.com>
66
67         Refactor recompileAllJSFunctions() to be less expensive
68         https://bugs.webkit.org/show_bug.cgi?id=80330
69
70         Reviewed by Filip Pizlo.
71
72         This change is performance neutral on the JS benchmarks we track. It's mostly to improve page 
73         load performance, which currently does at least a couple full GCs per navigation.
74
75         * heap/Heap.cpp:
76         (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode 
77         because the function doesn't actually recompile anything (and never did); it simply throws code
78         away for it to be recompiled later if we determine we should do so.
79         (JSC):
80         (JSC::Heap::collectAllGarbage):
81         (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list.
82         (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list.
83         * heap/Heap.h:
84         (JSC):
85         (Heap):
86         * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can 
87         be used in DoublyLinkedLists.
88         (JSC::FunctionExecutable::FunctionExecutable):
89         (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list.
90         * runtime/Executable.h:
91         (FunctionExecutable):
92         (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list.
93         * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage 
94         the list of FunctionExecutables.
95         * runtime/JSGlobalData.h:
96         (JSGlobalData):
97         * runtime/JSGlobalObject.cpp:
98         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode.
99
100 2012-03-29  Filip Pizlo  <fpizlo@apple.com>
101
102         Unreviewed build fix for non-x86 platforms.
103
104         * dfg/DFGSpeculativeJIT.cpp:
105         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
106         * dfg/DFGSpeculativeJIT.h:
107         (JSC::DFG::SpeculativeJIT::callOperation):
108         * jit/JITArithmetic32_64.cpp:
109         (JSC::JIT::emitSlow_op_mod):
110
111 2012-03-29  Gavin Barraclough  <barraclough@apple.com>
112
113         Windows build fix p2.
114
115         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
116
117 2012-03-29  Gavin Barraclough  <barraclough@apple.com>
118
119         Windows build fix p1.
120
121         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
122
123 2012-03-29  Gavin Barraclough  <barraclough@apple.com>
124
125         Template the Yarr::Interpreter on the character type
126         https://bugs.webkit.org/show_bug.cgi?id=82637
127
128         Reviewed by Sam Weinig.
129
130         We should be able to call to the interpreter after having already checked the character type,
131         without having to re-package the character pointer back up into a string!
132
133         * runtime/RegExp.cpp:
134         (JSC::RegExp::match):
135         (JSC::RegExp::matchCompareWithInterpreter):
136             - Don't pass length.
137         * yarr/Yarr.h:
138             - moved function declarations to YarrInterpreter.h.
139         * yarr/YarrInterpreter.cpp:
140         (Yarr):
141         (Interpreter):
142         (JSC::Yarr::Interpreter::InputStream::InputStream):
143         (InputStream):
144         (JSC::Yarr::Interpreter::Interpreter):
145         (JSC::Yarr::interpret):
146             - templated Interpreter class on CharType.
147         * yarr/YarrInterpreter.h:
148         (Yarr):
149             - added function declarations.
150
151 2012-03-29  David Kilzer  <ddkilzer@apple.com>
152
153         Don't use a flattened framework path when building on OS X
154
155         Reviewed by Mark Rowe.
156
157         * Configurations/ToolExecutable.xcconfig: Use REAL_PLATFORM_NAME
158         to select different INSTALL_PATH values.
159
160 2012-03-29  Kevin Ollivier  <kevino@theolliviers.com>
161
162         [wx] Unreviewed build fix, add Win-specific sources
163         the wx port needs after WTF move.
164
165         * wscript:
166
167 2012-03-29  Andy Estes  <aestes@apple.com>
168
169         Remove an unused variable that breaks the build with newer versions of clang.
170
171         Rubber stamped by Gavin Barraclough.
172
173         * yarr/YarrJIT.cpp:
174         (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
175
176 2012-03-29  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>
177
178         HashMap<>::add should return a more descriptive object
179         https://bugs.webkit.org/show_bug.cgi?id=71063
180
181         Reviewed by Ryosuke Niwa.
182
183         Update code to use AddResult instead of a pair. Note that since WeakGCMap wraps
184         the iterator type, there's a need for its own AddResult type -- instantiated from
185         HashTableAddResult template class.
186
187         * API/JSCallbackObject.h:
188         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
189         * API/JSClassRef.cpp:
190         (OpaqueJSClass::contextData):
191         * bytecompiler/BytecodeGenerator.cpp:
192         (JSC::BytecodeGenerator::addVar):
193         (JSC::BytecodeGenerator::addGlobalVar):
194         (JSC::BytecodeGenerator::addConstant):
195         (JSC::BytecodeGenerator::addConstantValue):
196         (JSC::BytecodeGenerator::emitLoad):
197         (JSC::BytecodeGenerator::addStringConstant):
198         (JSC::BytecodeGenerator::emitLazyNewFunction):
199         * bytecompiler/NodesCodegen.cpp:
200         (JSC::PropertyListNode::emitBytecode):
201         * debugger/Debugger.cpp:
202         * dfg/DFGAssemblyHelpers.cpp:
203         (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
204         * dfg/DFGByteCodeParser.cpp:
205         (JSC::DFG::ByteCodeParser::cellConstant):
206         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
207         * jit/JITStubs.cpp:
208         (JSC::JITThunks::ctiStub):
209         (JSC::JITThunks::hostFunctionStub):
210         * parser/Parser.cpp:
211         (JSC::::parseStrictObjectLiteral):
212         * parser/Parser.h:
213         (JSC::Scope::declareParameter):
214         * runtime/Identifier.cpp:
215         (JSC::Identifier::add):
216         (JSC::Identifier::add8):
217         (JSC::Identifier::addSlowCase):
218         * runtime/Identifier.h:
219         (JSC::Identifier::add):
220         (JSC::IdentifierTable::add):
221         * runtime/JSArray.cpp:
222         (JSC::SparseArrayValueMap::add):
223         (JSC::SparseArrayValueMap::put):
224         (JSC::SparseArrayValueMap::putDirect):
225         (JSC::JSArray::enterDictionaryMode):
226         (JSC::JSArray::defineOwnNumericProperty):
227         * runtime/JSArray.h:
228         (SparseArrayValueMap):
229         * runtime/PropertyNameArray.cpp:
230         (JSC::PropertyNameArray::add):
231         * runtime/StringRecursionChecker.h:
232         (JSC::StringRecursionChecker::performCheck):
233         * runtime/Structure.cpp:
234         (JSC::StructureTransitionTable::add):
235         * runtime/WeakGCMap.h:
236         (WeakGCMap):
237         (JSC::WeakGCMap::add):
238         (JSC::WeakGCMap::set):
239         * tools/ProfileTreeNode.h:
240         (JSC::ProfileTreeNode::sampleChild):
241
242 2012-03-29  Patrick Gansterer  <paroga@webkit.org>
243
244         Build fix for !ENABLE(YARR_JIT) after r112454.
245
246         * runtime/RegExp.cpp:
247         (JSC::RegExp::invalidateCode):
248
249 2012-03-28  Filip Pizlo  <fpizlo@apple.com>
250
251         DFG object equality speculations should be simplified
252         https://bugs.webkit.org/show_bug.cgi?id=82557
253
254         Reviewed by Gavin Barraclough.
255
256         * dfg/DFGNode.h:
257         (JSC::DFG::Node::shouldSpeculateFinalObject):
258         (JSC::DFG::Node::shouldSpeculateArray):
259
260 2012-03-28  David Kilzer  <ddkilzer@apple.com>
261
262         minidom configurations should be based on ToolExecutable.xcconfig
263         <http://webkit.org/b/82513>
264
265         Reviewed by Mark Rowe.
266
267         Note that this patch changes minidom from being installed in
268         /usr/local/bin to JavaScriptCore.framework/Resources.
269
270         * Configurations/ToolExecutable.xcconfig: Add semi-colon.
271         * JavaScriptCore.xcodeproj/project.pbxproj: Base minidom
272         configurations on ToolExecutable.xcconfig.  Remove redundant
273         PRODUCT_NAME and SKIP_INSTALL variables.
274
275 2012-03-28  Gavin Barraclough  <barraclough@apple.com>
276
277         Build fix - some compiles generating NORETURN related warnings.
278
279         * yarr/YarrJIT.cpp:
280         (JSC::Yarr::YarrGenerator::setSubpatternStart):
281         (JSC::Yarr::YarrGenerator::setSubpatternEnd):
282         (JSC::Yarr::YarrGenerator::clearSubpatternStart):
283
284 2012-03-28  Kevin Ollivier  <kevino@theolliviers.com>
285
286         [wx] Unreviewed. Build fix, move WTF back into JSCore target
287         until issues with JSCore not linking in all WTF symbols are resolved.
288         
289         * wscript:
290
291 2012-03-28  Gavin Barraclough  <barraclough@apple.com>
292
293         Yarr: if we're not using the output array, don't populate it!
294         https://bugs.webkit.org/show_bug.cgi?id=82519
295
296         Reviewed by Sam Weinig.
297
298         * runtime/RegExp.cpp:
299         (JSC):
300             - Missed review comment! - didn't fully remove RegExpRepresentation.
301
302 2012-03-28  Gavin Barraclough  <barraclough@apple.com>
303
304         Yarr: if we're not using the output array, don't populate it!
305         https://bugs.webkit.org/show_bug.cgi?id=82519
306
307         Reviewed by Sam Weinig.
308
309         Add a new variant of the match method to RegExp that returns a MatchResult,
310         and modify YarrJIT to be able to compile code that doesn't use an output vector.
311
312         This is a 3% progression on v8-regexp.
313
314         * JavaScriptCore.xcodeproj/project.pbxproj:
315             - Moved MatchResult into its own header.
316         * assembler/AbstractMacroAssembler.h:
317             - Added missing include.
318         * runtime/MatchResult.h: Added.
319         (MatchResult::MatchResult):
320         (MatchResult):
321         (MatchResult::failed):
322         (MatchResult::operator bool):
323         (MatchResult::empty):
324             - Moved MatchResult into its own header.
325         * runtime/RegExp.cpp:
326         (JSC::RegExp::compile):
327         (JSC::RegExp::compileIfNecessary):
328         (JSC::RegExp::match):
329             - Changed due to execute & representation changes.
330         (JSC::RegExp::compileMatchOnly):
331         (JSC::RegExp::compileIfNecessaryMatchOnly):
332             - Added helper to compile MatchOnly code.
333         (JSC::RegExp::invalidateCode):
334         (JSC::RegExp::matchCompareWithInterpreter):
335         (JSC::RegExp::printTraceData):
336             - Changed due representation changes.
337         * runtime/RegExp.h:
338         (RegExp):
339         (JSC::RegExp::hasCode):
340             - Made YarrCodeBlock a member.
341         * runtime/RegExpConstructor.h:
342         (RegExpConstructor):
343         (JSC::RegExpConstructor::performMatch):
344             - Added no-ovector form.
345         * runtime/RegExpMatchesArray.cpp:
346         (JSC::RegExpMatchesArray::reifyAllProperties):
347             - Match now takes a reference to ovector, not a pointer.
348         * runtime/RegExpObject.h:
349         (JSC):
350             - Moved MatchResult into its own header.
351         * runtime/StringPrototype.cpp:
352         (JSC::stringProtoFuncSplit):
353             - Match now takes a reference to ovector, not a pointer.
354         * testRegExp.cpp:
355         (testOneRegExp):
356             - Match now takes a reference to ovector, not a pointer.
357         * yarr/YarrJIT.cpp:
358         (Yarr):
359         (YarrGenerator):
360         (JSC::Yarr::YarrGenerator::initCallFrame):
361         (JSC::Yarr::YarrGenerator::removeCallFrame):
362         (JSC::Yarr::YarrGenerator::setSubpatternStart):
363         (JSC::Yarr::YarrGenerator::setSubpatternEnd):
364         (JSC::Yarr::YarrGenerator::clearSubpatternStart):
365         (JSC::Yarr::YarrGenerator::setMatchStart):
366         (JSC::Yarr::YarrGenerator::getMatchStart):
367             - Added helper functions to intermediate access to output.
368         (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
369         (JSC::Yarr::YarrGenerator::generate):
370         (JSC::Yarr::YarrGenerator::backtrack):
371         (JSC::Yarr::YarrGenerator::generateEnter):
372         (JSC::Yarr::YarrGenerator::compile):
373             - Changed to use the new helpers, only generate subpatterns if IncludeSubpatterns.
374         (JSC::Yarr::jitCompile):
375             - Needs to template of MatchOnly or IncludeSubpatterns.
376         * yarr/YarrJIT.h:
377         (YarrCodeBlock):
378         (JSC::Yarr::YarrCodeBlock::set8BitCode):
379         (JSC::Yarr::YarrCodeBlock::set16BitCode):
380         (JSC::Yarr::YarrCodeBlock::has8BitCodeMatchOnly):
381         (JSC::Yarr::YarrCodeBlock::has16BitCodeMatchOnly):
382         (JSC::Yarr::YarrCodeBlock::set8BitCodeMatchOnly):
383         (JSC::Yarr::YarrCodeBlock::set16BitCodeMatchOnly):
384         (JSC::Yarr::YarrCodeBlock::execute):
385         (JSC::Yarr::YarrCodeBlock::clear):
386             - Added a second set of CodeRefs, so that we can compile RexExps with/without subpattern matching.
387
388 2012-03-27  Filip Pizlo  <fpizlo@apple.com>
389
390         DFG OSR exit should not generate an exit for variables of inlinees if the
391         inlinees are not in scope
392         https://bugs.webkit.org/show_bug.cgi?id=82312
393
394         Reviewed by Oliver Hunt.
395         
396         * bytecode/CodeBlock.h:
397         (JSC::baselineCodeBlockForInlineCallFrame):
398         (JSC):
399         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
400         * dfg/DFGOSRExit.cpp:
401         (JSC::DFG::computeNumVariablesForCodeOrigin):
402         (DFG):
403         (JSC::DFG::OSRExit::OSRExit):
404
405 2012-03-27  Matt Lilek  <mrl@apple.com>
406
407         Stop compiling Interpreter.cpp with -fno-var-tracking
408         https://bugs.webkit.org/show_bug.cgi?id=82299
409
410         Reviewed by Anders Carlsson.
411
412         * JavaScriptCore.xcodeproj/project.pbxproj:
413
414 2012-03-27  Pratik Solanki  <psolanki@apple.com>
415
416         Compiler warning when JIT is not enabled
417         https://bugs.webkit.org/show_bug.cgi?id=82352
418
419         Reviewed by Filip Pizlo.
420
421         * runtime/JSFunction.cpp:
422         (JSC::JSFunction::create):
423
424 2012-03-26  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
425
426         Unaligned userspace access for SH4 platforms
427         https://bugs.webkit.org/show_bug.cgi?id=79104
428
429         Reviewed by Gavin Barraclough.
430
431         * assembler/AbstractMacroAssembler.h:
432         (Jump):
433         (JSC::AbstractMacroAssembler::Jump::Jump):
434         (JSC::AbstractMacroAssembler::Jump::link):
435         * assembler/MacroAssemblerSH4.h:
436         (JSC::MacroAssemblerSH4::load16Unaligned):
437         (JSC::MacroAssemblerSH4::load32WithUnalignedHalfWords):
438         (JSC::MacroAssemblerSH4::branchDouble):
439         (JSC::MacroAssemblerSH4::branchTrue):
440         (JSC::MacroAssemblerSH4::branchFalse):
441         * assembler/SH4Assembler.h:
442         (JSC::SH4Assembler::extraInstrForBranch):
443         (SH4Assembler):
444         (JSC::SH4Assembler::bra):
445         (JSC::SH4Assembler::linkJump):
446         * jit/JIT.h:
447         (JIT):
448         * yarr/YarrJIT.cpp:
449         (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
450
451 2012-03-26  Ryosuke Niwa  <rniwa@webkit.org>
452
453         cssText should use shorthand notations
454         https://bugs.webkit.org/show_bug.cgi?id=81737
455
456         Reviewed by Enrica Casucci.
457
458         Export symbols of BitVector on Windows.
459
460         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
461
462 2012-03-26  Filip Pizlo  <fpizlo@apple.com>
463
464         DFG should assert that argument value recoveries can only be
465         AlreadyInRegisterFile or Constant
466         https://bugs.webkit.org/show_bug.cgi?id=82249
467
468         Reviewed by Michael Saboff.
469         
470         Made the assertions that the DFG makes for argument value recoveries match
471         what Arguments expects.
472
473         * bytecode/ValueRecovery.h:
474         (JSC::ValueRecovery::isConstant):
475         (ValueRecovery):
476         (JSC::ValueRecovery::isAlreadyInRegisterFile):
477         * dfg/DFGSpeculativeJIT.cpp:
478         (JSC::DFG::SpeculativeJIT::compile):
479
480 2012-03-26  Dan Bernstein  <mitz@apple.com>
481
482         Tried to fix the Windows build.
483
484         * yarr/YarrPattern.cpp:
485         (JSC::Yarr::CharacterClassConstructor::putRange):
486
487 2012-03-26  Gavin Barraclough  <barraclough@apple.com>
488
489         Unreviewed - speculative Windows build fix.
490
491         * yarr/YarrCanonicalizeUCS2.h:
492         (JSC::Yarr::getCanonicalPair):
493
494 2012-03-26  Dan Bernstein  <mitz@apple.com>
495
496         Fixed builds with assertions disabled.
497
498         * yarr/YarrCanonicalizeUCS2.h:
499         (JSC::Yarr::areCanonicallyEquivalent):
500
501 2012-03-26  Gavin Barraclough  <barraclough@apple.com>
502
503         Unreviewed - errk! - accidentally the whole pbxproj.
504
505         * JavaScriptCore.xcodeproj/project.pbxproj:
506
507 2012-03-25  Gavin Barraclough  <barraclough@apple.com>
508
509         Greek sigma is handled wrong in case independent regexp.
510         https://bugs.webkit.org/show_bug.cgi?id=82063
511
512         Reviewed by Oliver Hunt.
513
514         The bug here is that we assume that any given codepoint has at most one additional value it
515         should match under a case insensitive match, and that the pair of codepoints that match (if
516         a codepoint does not only match itself) can be determined by calling toUpper/toLower on the
517         given codepoint). Life is not that simple.
518
519         Instead, pre-calculate a set of tables mapping from a UCS2 codepoint to the set of characters
520         it may match, under the ES5.1 case-insensitive matching rules. Since unicode is fairly regular
521         we can pack this table quite nicely, and get it down to 364 entries. This means we can use a
522         simple binary search to find an entry in typically eight compares.
523
524         * CMakeLists.txt:
525         * GNUmakefile.list.am:
526         * JavaScriptCore.gypi:
527         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
528         * JavaScriptCore.xcodeproj/project.pbxproj:
529         * yarr/yarr.pri:
530             - Added new files to build systems.
531         * yarr/YarrCanonicalizeUCS2.cpp: Added.
532             - New - autogenerated, UCS2 canonicalized comparison tables.
533         * yarr/YarrCanonicalizeUCS2.h: Added.
534         (JSC::Yarr::rangeInfoFor):
535             - Look up the canonicalization info for a UCS2 character.
536         (JSC::Yarr::getCanonicalPair):
537             - For a UCS2 character with a single equivalent value, look it up.
538         (JSC::Yarr::isCanonicallyUnique):
539             - Returns true if no other UCS2 code points are canonically equal.
540         (JSC::Yarr::areCanonicallyEquivalent):
541             - Compare two values, under canonicalization rules.
542         * yarr/YarrCanonicalizeUCS2.js: Added.
543             - script used to generate YarrCanonicalizeUCS2.cpp.
544         * yarr/YarrInterpreter.cpp:
545         (JSC::Yarr::Interpreter::tryConsumeBackReference):
546             - Use isCanonicallyUnique, rather than Unicode toUpper/toLower.
547         * yarr/YarrJIT.cpp:
548         (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
549         (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
550         (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
551             - Use isCanonicallyUnique, rather than Unicode toUpper/toLower.
552         * yarr/YarrPattern.cpp:
553         (JSC::Yarr::CharacterClassConstructor::putChar):
554             - Updated to determine canonical equivalents correctly.
555         (JSC::Yarr::CharacterClassConstructor::putUnicodeIgnoreCase):
556             - Added, used to put a non-ascii, non-unique character in a case-insensitive match.
557         (JSC::Yarr::CharacterClassConstructor::putRange):
558             - Updated to determine canonical equivalents correctly.
559         (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
560             - Changed to call putUnicodeIgnoreCase, instead of putChar, avoid a double lookup of rangeInfo.
561
562 2012-03-26  Kevin Ollivier  <kevino@theolliviers.com>
563
564         [wx] Unreviewed build fix. Add the build outputs dir to the list of build dirs,
565         so we make sure it finds the API headers on all platforms.
566
567         * wscript:
568
569 2012-03-26  Patrick Gansterer  <paroga@webkit.org>
570
571         Build fix for WinCE after r112039.
572
573         * interpreter/Register.h:
574         (Register): Removed inline keyword from decleration since
575                     there is an ALWAYS_INLINE at the definition anyway.
576
577 2012-03-26  Carlos Garcia Campos  <cgarcia@igalia.com>
578
579         Unreviewed. Fix make distcheck.
580
581         * GNUmakefile.list.am: Add missing files.
582
583 2012-03-25  Kevin Ollivier  <kevino@theolliviers.com>
584
585         [wx] Unreviewed build fix. Move WTF to its own static lib build.
586
587         * wscript:
588
589 2012-03-25  Filip Pizlo  <fpizlo@apple.com>
590
591         DFG int-to-double conversion should be revealed to CSE
592         https://bugs.webkit.org/show_bug.cgi?id=82135
593
594         Reviewed by Oliver Hunt.
595         
596         This introduces the notion of an Int32ToDouble node, which is injected
597         into the graph anytime we know that we have a double use of a node that
598         was predicted integer. The Int32ToDouble simplifies double speculation
599         on integers by skipping the path that would unbox doubles, if we know
600         that the value is already proven to be an integer. It allows integer to
601         double conversions to be subjected to common subexpression elimination
602         (CSE) by allowing the CSE phase to see where these conversions are
603         occurring. Finally, it allows us to see when a constant is being used
604         as both a double and an integer. This is a bit odd, since it means that
605         sometimes a double use of a constant will not refer directly to the
606         constant. This should not cause problems, for now, but it may require
607         some canonizalization in the future if we want to support strength
608         reductions of double operations based on constants.
609         
610         To allow injection of nodes into the graph, this change introduces the
611         DFG::InsertionSet, which is a way of lazily inserting elements into a
612         list. This allows the FixupPhase to remain O(N) despite performing
613         multiple injections in a single basic block. Without the InsertionSet,
614         each injection would require performing an insertion into a vector,
615         which is O(N), leading to O(N^2) performance overall. With the
616         InsertionSet, each injection simply records what insertion would have
617         been performed, and all insertions are performed at once (via
618         InsertionSet::execute) after processing of a basic block is completed.
619
620         * JavaScriptCore.xcodeproj/project.pbxproj:
621         * bytecode/PredictedType.h:
622         (JSC::isActionableIntMutableArrayPrediction):
623         (JSC):
624         (JSC::isActionableFloatMutableArrayPrediction):
625         (JSC::isActionableTypedMutableArrayPrediction):
626         (JSC::isActionableMutableArrayPrediction):
627         * dfg/DFGAbstractState.cpp:
628         (JSC::DFG::AbstractState::execute):
629         * dfg/DFGCSEPhase.cpp:
630         (JSC::DFG::CSEPhase::performNodeCSE):
631         * dfg/DFGCommon.h:
632         (JSC::DFG::useKindToString):
633         (DFG):
634         * dfg/DFGFixupPhase.cpp:
635         (JSC::DFG::FixupPhase::run):
636         (JSC::DFG::FixupPhase::fixupBlock):
637         (FixupPhase):
638         (JSC::DFG::FixupPhase::fixupNode):
639         (JSC::DFG::FixupPhase::fixDoubleEdge):
640         * dfg/DFGGraph.cpp:
641         (JSC::DFG::Graph::dump):
642         * dfg/DFGInsertionSet.h: Added.
643         (DFG):
644         (Insertion):
645         (JSC::DFG::Insertion::Insertion):
646         (JSC::DFG::Insertion::index):
647         (JSC::DFG::Insertion::element):
648         (InsertionSet):
649         (JSC::DFG::InsertionSet::InsertionSet):
650         (JSC::DFG::InsertionSet::append):
651         (JSC::DFG::InsertionSet::execute):
652         * dfg/DFGNodeType.h:
653         (DFG):
654         * dfg/DFGPredictionPropagationPhase.cpp:
655         (JSC::DFG::PredictionPropagationPhase::propagate):
656         * dfg/DFGSpeculativeJIT.cpp:
657         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
658         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
659         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
660         (DFG):
661         * dfg/DFGSpeculativeJIT.h:
662         (SpeculativeJIT):
663         (JSC::DFG::IntegerOperand::IntegerOperand):
664         (JSC::DFG::DoubleOperand::DoubleOperand):
665         (JSC::DFG::JSValueOperand::JSValueOperand):
666         (JSC::DFG::StorageOperand::StorageOperand):
667         (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
668         (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
669         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
670         (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
671         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
672         * dfg/DFGSpeculativeJIT32_64.cpp:
673         (JSC::DFG::SpeculativeJIT::compile):
674         * dfg/DFGSpeculativeJIT64.cpp:
675         (JSC::DFG::SpeculativeJIT::compile):
676
677 2012-03-25  Filip Pizlo  <fpizlo@apple.com>
678
679         DFGOperands should be moved out of the DFG and into bytecode
680         https://bugs.webkit.org/show_bug.cgi?id=82151
681
682         Reviewed by Dan Bernstein.
683
684         * GNUmakefile.list.am:
685         * JavaScriptCore.xcodeproj/project.pbxproj:
686         * bytecode/Operands.h: Copied from Source/JavaScriptCore/dfg/DFGOperands.h.
687         * dfg/DFGBasicBlock.h:
688         * dfg/DFGNode.h:
689         * dfg/DFGOSREntry.h:
690         * dfg/DFGOSRExit.h:
691         * dfg/DFGOperands.h: Removed.
692         * dfg/DFGVariableAccessData.h:
693
694 2012-03-24  Filip Pizlo  <fpizlo@apple.com>
695
696         DFG 64-bit Branch implementation should not be creating a JSValueOperand that
697         it isn't going to use
698         https://bugs.webkit.org/show_bug.cgi?id=82136
699
700         Reviewed by Geoff Garen.
701
702         * dfg/DFGSpeculativeJIT64.cpp:
703         (JSC::DFG::SpeculativeJIT::emitBranch):
704
705 2012-03-24  Kevin Ollivier  <kevino@theolliviers.com>
706
707         [wx] Unreviewed. Fix the build after WTF move.
708
709         * wscript:
710
711 2012-03-23  Filip Pizlo  <fpizlo@apple.com>
712
713         DFG double voting may be overzealous in the case of variables that end up
714         being used as integers
715         https://bugs.webkit.org/show_bug.cgi?id=82008
716
717         Reviewed by Oliver Hunt.
718         
719         Cleaned up propagation, making the intent more explicit in most places.
720         Back-propagate NodeUsedAsInt for cases where a node was used in a context
721         that is known to strongly prefer integers.
722
723         * dfg/DFGByteCodeParser.cpp:
724         (JSC::DFG::ByteCodeParser::handleCall):
725         (JSC::DFG::ByteCodeParser::parseBlock):
726         * dfg/DFGGraph.cpp:
727         (JSC::DFG::Graph::dumpCodeOrigin):
728         (JSC::DFG::Graph::dump):
729         * dfg/DFGGraph.h:
730         (Graph):
731         * dfg/DFGNodeFlags.cpp:
732         (JSC::DFG::nodeFlagsAsString):
733         * dfg/DFGNodeFlags.h:
734         (DFG):
735         * dfg/DFGPredictionPropagationPhase.cpp:
736         (JSC::DFG::PredictionPropagationPhase::run):
737         (JSC::DFG::PredictionPropagationPhase::propagate):
738         (PredictionPropagationPhase):
739         (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags):
740         (JSC::DFG::PredictionPropagationPhase::vote):
741         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
742         (JSC::DFG::PredictionPropagationPhase::fixupNode):
743         * dfg/DFGVariableAccessData.h:
744         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
745
746 2012-03-24  Filip Pizlo  <fpizlo@apple.com>
747
748         DFG::Node::shouldNotSpeculateInteger() should be eliminated
749         https://bugs.webkit.org/show_bug.cgi?id=82123
750
751         Reviewed by Geoff Garen.
752
753         * dfg/DFGAbstractState.cpp:
754         (JSC::DFG::AbstractState::execute):
755         * dfg/DFGNode.h:
756         (Node):
757         * dfg/DFGSpeculativeJIT.cpp:
758         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
759         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
760
761 2012-03-24  Yong Li  <yoli@rim.com>
762
763         Increase getByIdSlowCase ConstantSpace/InstructionSpace for CPU(ARM_TRADITIONAL)
764         https://bugs.webkit.org/show_bug.cgi?id=81521
765
766         Increase sequenceGetByIdSlowCaseConstantSpace and sequenceGetByIdSlowCaseInstructionSpace
767         for CPU(ARM_TRADITIONAL) to fit actual need.
768
769         Reviewed by Oliver Hunt.
770
771         * jit/JIT.h:
772         (JIT):
773
774 2012-03-23  Filip Pizlo  <fpizlo@apple.com>
775
776         DFG Fixup should be able to short-circuit trivial ValueToInt32's
777         https://bugs.webkit.org/show_bug.cgi?id=82030
778
779         Reviewed by Michael Saboff.
780         
781         Takes the fixup() method of the prediction propagation phase and makes it
782         into its own phase. Adds the ability to short-circuit trivial ValueToInt32
783         nodes, and mark pure ValueToInt32's as such.
784
785         * CMakeLists.txt:
786         * GNUmakefile.list.am:
787         * JavaScriptCore.xcodeproj/project.pbxproj:
788         * Target.pri:
789         * dfg/DFGByteCodeParser.cpp:
790         (JSC::DFG::ByteCodeParser::makeSafe):
791         (JSC::DFG::ByteCodeParser::handleCall):
792         (JSC::DFG::ByteCodeParser::parseBlock):
793         * dfg/DFGCommon.h:
794         * dfg/DFGDriver.cpp:
795         (JSC::DFG::compile):
796         * dfg/DFGFixupPhase.cpp: Added.
797         (DFG):
798         (FixupPhase):
799         (JSC::DFG::FixupPhase::FixupPhase):
800         (JSC::DFG::FixupPhase::run):
801         (JSC::DFG::FixupPhase::fixupNode):
802         (JSC::DFG::FixupPhase::fixIntEdge):
803         (JSC::DFG::performFixup):
804         * dfg/DFGFixupPhase.h: Added.
805         (DFG):
806         * dfg/DFGPredictionPropagationPhase.cpp:
807         (JSC::DFG::PredictionPropagationPhase::run):
808         (PredictionPropagationPhase):
809
810 2012-03-23  Mark Hahnenberg  <mhahnenberg@apple.com>
811
812         tryReallocate could break the zero-ed memory invariant of CopiedBlocks
813         https://bugs.webkit.org/show_bug.cgi?id=82087
814
815         Reviewed by Filip Pizlo.
816
817         Removing this optimization turned out to be ~1% regression on kraken, so I simply 
818         undid the modification to the current block if we fail.
819
820         * heap/CopiedSpace.cpp:
821         (JSC::CopiedSpace::tryReallocate): Undid the reset in the CopiedAllocator if we fail 
822         to reallocate from the current block.
823
824 2012-03-23  Alexey Proskuryakov  <ap@apple.com>
825
826         [Mac] No need for platform-specific ENABLE_BLOB values
827         https://bugs.webkit.org/show_bug.cgi?id=82102
828
829         Reviewed by David Kilzer.
830
831         * Configurations/FeatureDefines.xcconfig:
832
833 2012-03-23  Michael Saboff  <msaboff@apple.com>
834
835         DFG::compileValueToInt32 Sometime Generates GPR to FPR reg back to GPR
836         https://bugs.webkit.org/show_bug.cgi?id=81805
837
838         Reviewed by Filip Pizlo.
839
840         Added SpeculativeJIT::checkGeneratedType() to determine the current format
841         of an operand.  Used that information in SpeculativeJIT::compileValueToInt32
842         to generate code that will use integer and JSValue types in integer
843         format directly without a conversion to double.
844
845         * JavaScriptCore.xcodeproj/project.pbxproj:
846         * dfg/DFGSpeculativeJIT.cpp:
847         (JSC::DFG::SpeculativeJIT::checkGeneratedType):
848         (DFG):
849         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
850         * dfg/DFGSpeculativeJIT.h:
851         (DFG):
852         (SpeculativeJIT):
853
854 2012-03-23  Steve Falkenburg  <sfalken@apple.com>
855
856         Update Apple Windows build files for WTF move
857         https://bugs.webkit.org/show_bug.cgi?id=82069
858
859         Reviewed by Jessie Berlin.
860
861         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed WTF and WTFGenerated.
862
863 2012-03-23  Dean Jackson  <dino@apple.com>
864
865         Disable CSS_SHADERS in Apple builds
866         https://bugs.webkit.org/show_bug.cgi?id=81996
867
868         Reviewed by Simon Fraser.
869
870         Remove ENABLE_CSS_SHADERS from FeatureDefines. It's now in Platform.h.
871
872         * Configurations/FeatureDefines.xcconfig:
873
874 2012-03-23  Gavin Barraclough  <barraclough@apple.com>
875
876         RexExp constructor last match properties should not rely on previous ovector
877         https://bugs.webkit.org/show_bug.cgi?id=82077
878
879         Reviewed by Oliver Hunt.
880
881         This change simplifies matching, and will enable subpattern results to be fully lazily generated in the future.
882
883         This patch changes the scheme used to lazily generate the last match properties of the RegExp object.
884         Instead of relying on the results in the ovector, we can instead lazily generate the subpatters using
885         a RegExpMatchesArray. To do so we just need to store the input, the regexp matched, and the match
886         location (the MatchResult). When the match is accessed or the input is set, we reify results. We use
887         a special value of setting the saved result to MatchResult::failed() to indicated that we're in a
888         reified state. This means that next time a match is performed, the store of the result will
889         automatically blow away the reified value.
890
891         * JavaScriptCore.xcodeproj/project.pbxproj:
892             - Added new files.
893         * runtime/RegExp.cpp:
894         (JSC::RegExpFunctionalTestCollector::outputOneTest):
895             - changed 'subPattern' -> 'subpattern' (there was a mix in JSC, 'subpattern' was more common).
896         * runtime/RegExpCachedResult.cpp: Added.
897         (JSC::RegExpCachedResult::visitChildren):
898         (JSC::RegExpCachedResult::lastResult):
899         (JSC::RegExpCachedResult::setInput):
900             - New methods, mark GC objects, lazily create the matches array, and record a user provided input (via assignment to RegExp.inupt).
901         * runtime/RegExpCachedResult.h: Added.
902         (RegExpCachedResult):
903             - Added new class.
904         (JSC::RegExpCachedResult::RegExpCachedResult):
905         (JSC::RegExpCachedResult::record):
906         (JSC::RegExpCachedResult::input):
907             - Initialize the object, record the result of a RegExp match, access the stored input property.
908         * runtime/RegExpConstructor.cpp:
909         (JSC::RegExpConstructor::RegExpConstructor):
910             - Initialize m_result/m_multiline properties.
911         (JSC::RegExpConstructor::visitChildren):
912             - Make sure the cached results (or lazy source for them) are marked.
913         (JSC::RegExpConstructor::getBackref):
914         (JSC::RegExpConstructor::getLastParen):
915         (JSC::RegExpConstructor::getLeftContext):
916         (JSC::RegExpConstructor::getRightContext):
917             - Moved from RegExpConstructor, moved to RegExpCachedResult, and using new caching scheme.
918         (JSC::regExpConstructorInput):
919         (JSC::setRegExpConstructorInput):
920             - Changed to use RegExpCachedResult.
921         * runtime/RegExpConstructor.h:
922         (JSC::RegExpConstructor::create):
923         (RegExpConstructor):
924         (JSC::RegExpConstructor::setMultiline):
925         (JSC::RegExpConstructor::multiline):
926             - Move multiline property onto the constructor object; it is not affected by the last match.
927         (JSC::RegExpConstructor::setInput):
928         (JSC::RegExpConstructor::input):
929             - These defer to RegExpCachedResult.
930         (JSC::RegExpConstructor::performMatch):
931         * runtime/RegExpMatchesArray.cpp: Added.
932         (JSC::RegExpMatchesArray::visitChildren):
933             - Eeeep! added missing visitChildren!
934         (JSC::RegExpMatchesArray::finishCreation):
935         (JSC::RegExpMatchesArray::reifyAllProperties):
936         (JSC::RegExpMatchesArray::reifyMatchProperty):
937             - Moved from RegExpConstructor.cpp.
938         (JSC::RegExpMatchesArray::leftContext):
939         (JSC::RegExpMatchesArray::rightContext):
940             - Since the match start/
941         * runtime/RegExpMatchesArray.h:
942         (RegExpMatchesArray):
943             - Declare new methods & structure flags.
944         * runtime/RegExpObject.cpp:
945         (JSC::RegExpObject::match):
946             - performMatch now requires the JSString input, to cache.
947         * runtime/StringPrototype.cpp:
948         (JSC::removeUsingRegExpSearch):
949         (JSC::replaceUsingRegExpSearch):
950         (JSC::stringProtoFuncMatch):
951         (JSC::stringProtoFuncSearch):
952             - performMatch now requires the JSString input, to cache.
953
954 2012-03-23  Tony Chang  <tony@chromium.org>
955
956         [chromium] rename newwtf target back to wtf
957         https://bugs.webkit.org/show_bug.cgi?id=82064
958
959         Reviewed by Adam Barth.
960
961         * JavaScriptCore.gyp/JavaScriptCore.gyp:
962
963 2012-03-23  Mark Hahnenberg  <mhahnenberg@apple.com>
964
965         Simplify memory usage tracking in CopiedSpace
966         https://bugs.webkit.org/show_bug.cgi?id=80705
967
968         Reviewed by Filip Pizlo.
969
970         * heap/CopiedAllocator.h:
971         (CopiedAllocator): Rename currentUtilization to currentSize.
972         (JSC::CopiedAllocator::currentCapacity):
973         * heap/CopiedBlock.h:
974         (CopiedBlock):
975         (JSC::CopiedBlock::payload): Move the implementation of payload() out of the class
976         declaration.
977         (JSC):
978         (JSC::CopiedBlock::size): Add new function to calculate the block's size.
979         (JSC::CopiedBlock::capacity): Ditto for capacity.
980         * heap/CopiedSpace.cpp:
981         (JSC::CopiedSpace::CopiedSpace): Remove old bogus memory stats fields and add a new
982         field for the water mark.
983         (JSC::CopiedSpace::init):
984         (JSC::CopiedSpace::tryAllocateSlowCase): When we fail to allocate from the current 
985         block, we need to update our current water mark with the size of the block.
986         (JSC::CopiedSpace::tryAllocateOversize): When we allocate a new oversize block, we 
987         need to update our current water mark with the size of the used portion of the block.
988         (JSC::CopiedSpace::tryReallocate): We don't need to update the water mark when 
989         reallocating because it will either get accounted for when we fill up the block later 
990         in the case of being able to reallocate in the current block or it will get picked up 
991         immediately because we'll have to get a new block.
992         (JSC::CopiedSpace::tryReallocateOversize): We do, however, need to update in when 
993         realloc-ing an oversize block because we deallocate the old block and allocate a brand 
994         new one.
995         (JSC::CopiedSpace::doneFillingBlock): Update the water mark as blocks are returned to 
996         the CopiedSpace by the SlotVisitors.
997         (JSC::CopiedSpace::doneCopying): Add in any pinned blocks to the water mark.
998         (JSC::CopiedSpace::getFreshBlock): We use the Heap's new function to tell us whether or 
999         not we should collect now instead of doing the calculation ourself.
1000         (JSC::CopiedSpace::destroy):
1001         (JSC):
1002         (JSC::CopiedSpace::size): Manually calculate the size of the CopiedSpace, similar to how 
1003         MarkedSpace does.
1004         (JSC::CopiedSpace::capacity): Ditto for capacity.
1005         * heap/CopiedSpace.h:
1006         (JSC::CopiedSpace::waterMark):
1007         (CopiedSpace):
1008         * heap/CopiedSpaceInlineMethods.h:
1009         (JSC::CopiedSpace::startedCopying): Reset water mark to 0 when we start copying during a 
1010         collection.
1011         (JSC::CopiedSpace::allocateNewBlock):
1012         (JSC::CopiedSpace::fitsInBlock):
1013         (JSC::CopiedSpace::allocateFromBlock):
1014         * heap/Heap.cpp:
1015         (JSC::Heap::size): Incorporate size of CopiedSpace into the total size of the Heap.
1016         (JSC::Heap::capacity): Ditto for capacity.
1017         (JSC::Heap::collect):
1018         * heap/Heap.h:
1019         (Heap):
1020         (JSC::Heap::shouldCollect): New function for other sub-parts of the Heap to use to 
1021         determine whether they should initiate a collection or continue to allocate new blocks.
1022         (JSC):
1023         (JSC::Heap::waterMark): Now is the sum of the water marks of the two sub-parts of the
1024         Heap (MarkedSpace and CopiedSpace).
1025         * heap/MarkedAllocator.cpp:
1026         (JSC::MarkedAllocator::allocateSlowCase): Changed to use the Heap's new shouldCollect() function.
1027
1028 2012-03-23  Ryosuke Niwa  <rniwa@webkit.org>
1029
1030         BitVector::resizeOutOfLine doesn't memset when converting an inline buffer
1031         https://bugs.webkit.org/show_bug.cgi?id=82012
1032
1033         Reviewed by Filip Pizlo.
1034
1035         Initialize out-of-line buffers while extending an inline buffer. Also export symbols to be used in WebCore.
1036
1037         * wtf/BitVector.cpp:
1038         (WTF::BitVector::resizeOutOfLine):
1039         * wtf/BitVector.h:
1040         (BitVector):
1041         (OutOfLineBits):
1042
1043 2012-03-22  Michael Saboff  <msaboff@apple.com>
1044
1045         ExecutableAllocator::memoryPressureMultiplier() might can return NaN
1046         https://bugs.webkit.org/show_bug.cgi?id=82002
1047
1048         Reviewed by Filip Pizlo.
1049
1050         Guard against divide by zero and then make sure the return
1051         value is >= 1.0.
1052
1053         * jit/ExecutableAllocator.cpp:
1054         (JSC::ExecutableAllocator::memoryPressureMultiplier):
1055         * jit/ExecutableAllocatorFixedVMPool.cpp:
1056         (JSC::ExecutableAllocator::memoryPressureMultiplier):
1057
1058 2012-03-22  Jessie Berlin  <jberlin@apple.com>
1059
1060         Windows build fix after r111778.
1061
1062         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1063         Don't include and try to build files owned by WTF.
1064         Also, let VS have its way with the vcproj in terms of file ordering.
1065
1066 2012-03-22  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
1067
1068         [CMake] Unreviewed build fix after r111778.
1069
1070         * CMakeLists.txt: Move ${WTF_DIR} after ${JAVASCRIPTCORE_DIR} in
1071         the include paths so that the right config.h is used.
1072
1073 2012-03-22  Tony Chang  <tony@chromium.org>
1074
1075         Unreviewed, fix chromium build after wtf move.
1076
1077         Remove old wtf_config and wtf targets.
1078
1079         * JavaScriptCore.gyp/JavaScriptCore.gyp:
1080
1081 2012-03-22  Martin Robinson  <mrobinson@igalia.com>
1082
1083         Fixed the GTK+ WTF/JavaScriptCore build after r111778.
1084
1085         * GNUmakefile.list.am: Removed an extra trailing backslash.
1086
1087 2012-03-22  Mark Rowe  <mrowe@apple.com>
1088
1089         Fix the build.
1090
1091         * Configurations/JavaScriptCore.xcconfig: Tell the linker to pull in all members from static libraries
1092         rather than only those that contain symbols that JavaScriptCore itself uses.
1093         * JavaScriptCore.xcodeproj/project.pbxproj: Remove some bogus settings that crept in to the Xcode project.
1094
1095 2012-03-22  Filip Pizlo  <fpizlo@apple.com>
1096
1097         DFG NodeFlags has some duplicate code and naming issues
1098         https://bugs.webkit.org/show_bug.cgi?id=81975
1099
1100         Reviewed by Gavin Barraclough.
1101         
1102         Removed most references to "ArithNodeFlags" since those are now just part
1103         of the node flags. Fixed some renaming goofs (EdgedAsNum is once again
1104         NodeUsedAsNum). Got rid of setArithNodeFlags() and mergeArithNodeFlags()
1105         because the former was never called and the latter did the same things as
1106         mergeFlags().
1107
1108         * dfg/DFGByteCodeParser.cpp:
1109         (JSC::DFG::ByteCodeParser::makeSafe):
1110         (JSC::DFG::ByteCodeParser::makeDivSafe):
1111         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1112         * dfg/DFGGraph.cpp:
1113         (JSC::DFG::Graph::dump):
1114         * dfg/DFGNode.h:
1115         (JSC::DFG::Node::arithNodeFlags):
1116         (Node):
1117         * dfg/DFGNodeFlags.cpp:
1118         (JSC::DFG::nodeFlagsAsString):
1119         * dfg/DFGNodeFlags.h:
1120         (DFG):
1121         (JSC::DFG::nodeUsedAsNumber):
1122         * dfg/DFGPredictionPropagationPhase.cpp:
1123         (JSC::DFG::PredictionPropagationPhase::propagate):
1124         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
1125
1126 2012-03-22  Eric Seidel  <eric@webkit.org>
1127
1128         Actually move WTF files to their new home
1129         https://bugs.webkit.org/show_bug.cgi?id=81844
1130
1131         Unreviewed.  The details of the port-specific changes
1132         have been seen by contributors from those ports, but
1133         the whole 5MB change isn't very reviewable as-is.
1134
1135         * GNUmakefile.am:
1136         * GNUmakefile.list.am:
1137         * JSCTypedArrayStubs.h:
1138         * JavaScriptCore.gypi:
1139         * JavaScriptCore.xcodeproj/project.pbxproj:
1140         * jsc.cpp:
1141
1142 2012-03-22  Kevin Ollivier  <kevino@theolliviers.com>
1143
1144         [wx] Unreviewed. Adding Source/WTF to the build.
1145
1146         * wscript:
1147
1148 2012-03-22  Gavin Barraclough  <barraclough@apple.com>
1149
1150         Add JSValue::isFunction
1151         https://bugs.webkit.org/show_bug.cgi?id=81935
1152
1153         Reviewed by Geoff Garen.
1154
1155         This would be useful in the WebCore bindings code.
1156         Also, remove asFunction, replace with jsCast<JSFunction*>.
1157
1158         * API/JSContextRef.cpp:
1159         * debugger/Debugger.cpp:
1160         * debugger/DebuggerCallFrame.cpp:
1161         (JSC::DebuggerCallFrame::functionName):
1162         * dfg/DFGGraph.h:
1163         (JSC::DFG::Graph::valueOfFunctionConstant):
1164         * dfg/DFGOperations.cpp:
1165         * interpreter/CallFrame.cpp:
1166         (JSC::CallFrame::isInlineCallFrameSlow):
1167         * interpreter/Interpreter.cpp:
1168         (JSC::Interpreter::privateExecute):
1169         * jit/JITStubs.cpp:
1170         (JSC::DEFINE_STUB_FUNCTION):
1171         (JSC::jitCompileFor):
1172         (JSC::lazyLinkFor):
1173         * llint/LLIntSlowPaths.cpp:
1174         (JSC::LLInt::traceFunctionPrologue):
1175         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1176         (JSC::LLInt::setUpCall):
1177         * runtime/Arguments.h:
1178         (JSC::Arguments::finishCreation):
1179         * runtime/ArrayPrototype.cpp:
1180         (JSC::arrayProtoFuncFilter):
1181         (JSC::arrayProtoFuncMap):
1182         (JSC::arrayProtoFuncEvery):
1183         (JSC::arrayProtoFuncForEach):
1184         (JSC::arrayProtoFuncSome):
1185         (JSC::arrayProtoFuncReduce):
1186         (JSC::arrayProtoFuncReduceRight):
1187         * runtime/CommonSlowPaths.h:
1188         (JSC::CommonSlowPaths::arityCheckFor):
1189         * runtime/Executable.h:
1190         (JSC::FunctionExecutable::compileFor):
1191         (JSC::FunctionExecutable::compileOptimizedFor):
1192         * runtime/FunctionPrototype.cpp:
1193         (JSC::functionProtoFuncToString):
1194         * runtime/JSArray.cpp:
1195         (JSC::JSArray::sort):
1196         * runtime/JSFunction.cpp:
1197         (JSC::JSFunction::argumentsGetter):
1198         (JSC::JSFunction::callerGetter):
1199         (JSC::JSFunction::lengthGetter):
1200         * runtime/JSFunction.h:
1201         (JSC):
1202         (JSC::asJSFunction):
1203         (JSC::JSValue::isFunction):
1204         * runtime/JSGlobalData.cpp:
1205         (WTF::Recompiler::operator()):
1206         (JSC::JSGlobalData::releaseExecutableMemory):
1207         * runtime/JSValue.h:
1208         * runtime/StringPrototype.cpp:
1209         (JSC::replaceUsingRegExpSearch):
1210
1211 2012-03-21  Filip Pizlo  <fpizlo@apple.com>
1212
1213         DFG speculation on booleans should be rationalized
1214         https://bugs.webkit.org/show_bug.cgi?id=81840
1215
1216         Reviewed by Gavin Barraclough.
1217         
1218         This removes isKnownBoolean() and replaces it with AbstractState-based
1219         optimization, and cleans up the control flow in code gen methods for
1220         Branch and LogicalNot. Also fixes a goof in Node::shouldSpeculateNumber,
1221         and removes isKnownNotBoolean() since that method appeared to be a
1222         helper used solely by 32_64's speculateBooleanOperation().
1223         
1224         This is performance-neutral.
1225
1226         * dfg/DFGAbstractState.cpp:
1227         (JSC::DFG::AbstractState::execute):
1228         * dfg/DFGNode.h:
1229         (JSC::DFG::Node::shouldSpeculateNumber):
1230         * dfg/DFGSpeculativeJIT.cpp:
1231         (DFG):
1232         * dfg/DFGSpeculativeJIT.h:
1233         (SpeculativeJIT):
1234         * dfg/DFGSpeculativeJIT32_64.cpp:
1235         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1236         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1237         (JSC::DFG::SpeculativeJIT::emitBranch):
1238         (JSC::DFG::SpeculativeJIT::compile):
1239         * dfg/DFGSpeculativeJIT64.cpp:
1240         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1241         (JSC::DFG::SpeculativeJIT::emitBranch):
1242         (JSC::DFG::SpeculativeJIT::compile):
1243
1244 2012-03-21  Mark Rowe  <mrowe@apple.com>
1245
1246         Fix the build.
1247
1248         * wtf/MetaAllocator.h:
1249         (MetaAllocator): Export the destructor.
1250
1251 2012-03-21  Eric Seidel  <eric@webkit.org>
1252
1253         Fix remaining WTF includes in JavaScriptCore in preparation for moving WTF headers out of JavaScriptCore
1254         https://bugs.webkit.org/show_bug.cgi?id=81834
1255
1256         Reviewed by Adam Barth.
1257
1258         * jsc.cpp:
1259         * os-win32/WinMain.cpp:
1260         * runtime/JSDateMath.cpp:
1261         * runtime/TimeoutChecker.cpp:
1262         * testRegExp.cpp:
1263         * tools/CodeProfiling.cpp:
1264
1265 2012-03-21  Eric Seidel  <eric@webkit.org>
1266
1267         WTF::MetaAllocator has a weak vtable (discovered when building wtf as a static library)
1268         https://bugs.webkit.org/show_bug.cgi?id=81838
1269
1270         Reviewed by Geoffrey Garen.
1271
1272         My understanding is that weak vtables happen when the compiler/linker cannot
1273         determine which compilation unit should constain the vtable.  In this case
1274         because there were only pure virtual functions as well as an "inline"
1275         virtual destructor (thus the virtual destructor was defined in many compilation
1276         units).  Since you can't actually "inline" a virtual function (it still has to
1277         bounce through the vtable), the "inline" on this virutal destructor doesn't
1278         actually help performance, and is only serving to confuse the compiler here.
1279         I've moved the destructor implementation to the .cpp file, thus making
1280         it clear to the compiler where the vtable should be stored, and solving the error.
1281
1282         * wtf/MetaAllocator.cpp:
1283         (WTF::MetaAllocator::~MetaAllocator):
1284         (WTF):
1285         * wtf/MetaAllocator.h:
1286
1287 2012-03-20  Gavin Barraclough  <barraclough@apple.com>
1288
1289         RegExpMatchesArray should not copy the ovector
1290         https://bugs.webkit.org/show_bug.cgi?id=81742
1291
1292         Reviewed by Michael Saboff.
1293
1294         Currently, all RegExpMatchesArray object contain Vector<int, 32>, used to hold any sub-pattern results.
1295         This makes allocation/construction/destruction of these objects more expensive. Instead, just store the
1296         main match, and recreate the sub-pattern ranges only if necessary (these are often only used for grouping,
1297         and the results never accessed).
1298         If the main match (index 0) of the RegExpMatchesArray is accessed, reify that value alone.
1299
1300         * dfg/DFGOperations.cpp:
1301             - RegExpObject match renamed back to test (test returns a bool).
1302         * runtime/RegExpConstructor.cpp:
1303         (JSC):
1304             - Removed RegExpResult, RegExpMatchesArray constructor, destroy method.
1305         (JSC::RegExpMatchesArray::finishCreation):
1306             - Removed RegExpConstructorPrivate parameter.
1307         (JSC::RegExpMatchesArray::reifyAllProperties):
1308             - (Was fillArrayInstance) Reify all properties of the RegExpMatchesArray.
1309             If there are sub-pattern properties, the RegExp is re-run to generate their values.
1310         (JSC::RegExpMatchesArray::reifyMatchProperty):
1311             - Reify just the match (index 0) property of the RegExpMatchesArray.
1312         * runtime/RegExpConstructor.h:
1313         (RegExpConstructor):
1314         (JSC::RegExpConstructor::performMatch):
1315             - performMatch now returns a MatchResult, rather than using out-parameters.
1316         * runtime/RegExpMatchesArray.h:
1317         (JSC::RegExpMatchesArray::RegExpMatchesArray):
1318             - Moved from .cpp, stores the input/regExp/result to use when lazily reifying properties.
1319         (RegExpMatchesArray):
1320         (JSC::RegExpMatchesArray::create):
1321             - Now passed the input string matched against, the RegExp, and the MatchResult.
1322         (JSC::RegExpMatchesArray::reifyAllPropertiesIfNecessary):
1323         (JSC::RegExpMatchesArray::reifyMatchPropertyIfNecessary):
1324             - Helpers to conditionally reify properties.
1325         (JSC::RegExpMatchesArray::getOwnPropertySlot):
1326         (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
1327         (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
1328         (JSC::RegExpMatchesArray::put):
1329         (JSC::RegExpMatchesArray::putByIndex):
1330         (JSC::RegExpMatchesArray::deleteProperty):
1331         (JSC::RegExpMatchesArray::deletePropertyByIndex):
1332         (JSC::RegExpMatchesArray::getOwnPropertyNames):
1333         (JSC::RegExpMatchesArray::defineOwnProperty):
1334             - Changed to use reifyAllPropertiesIfNecessary/reifyMatchPropertyIfNecessary
1335             (getOwnPropertySlotByIndex calls reifyMatchPropertyIfNecessary if index is 0).
1336         * runtime/RegExpObject.cpp:
1337         (JSC::RegExpObject::exec):
1338         (JSC::RegExpObject::match):
1339             - match now returns a MatchResult.
1340         * runtime/RegExpObject.h:
1341         (JSC::MatchResult::MatchResult):
1342             - Added the result of a match is a start & end tuple.
1343         (JSC::MatchResult::failed):
1344             - A failure is indicated by (notFound, 0).
1345         (JSC::MatchResult::operator bool):
1346             - Evaluates to false if the match failed.
1347         (JSC::MatchResult::empty):
1348             - Evaluates to true if the match succeeded with length 0.
1349         (JSC::RegExpObject::test):
1350             - Now returns a bool.
1351         * runtime/RegExpPrototype.cpp:
1352         (JSC::regExpProtoFuncTest):
1353             - RegExpObject match renamed back to test (test returns a bool).
1354         * runtime/StringPrototype.cpp:
1355         (JSC::removeUsingRegExpSearch):
1356         (JSC::replaceUsingRegExpSearch):
1357         (JSC::stringProtoFuncMatch):
1358         (JSC::stringProtoFuncSearch):
1359             - performMatch now returns a MatchResult, rather than using out-parameters.
1360
1361 2012-03-21  Hojong Han  <hojong.han@samsung.com>
1362
1363         Fix out of memory by allowing overcommit
1364         https://bugs.webkit.org/show_bug.cgi?id=81743
1365
1366         Reviewed by Geoffrey Garen.
1367
1368         Garbage collection is not triggered and new blocks are added
1369         because overcommit is allowed by MAP_NORESERVE flag when high water mark is big enough.
1370
1371         * wtf/OSAllocatorPosix.cpp:
1372         (WTF::OSAllocator::reserveAndCommit):
1373
1374 2012-03-21  Jessie Berlin  <jberlin@apple.com>
1375
1376         More Windows build fixing.
1377
1378         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
1379         Fix the order of the include directories to look in include/private first before looking
1380         in include/private/JavaScriptCore.
1381         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
1382         Look in the Production output directory (where the wtf headers will be). This is the same
1383         thing that is done for jsc and testRegExp in ReleasePGO.
1384
1385 2012-03-21  Jessie Berlin  <jberlin@apple.com>
1386
1387         WTF headers should be in $(ConfigurationBuildDir)\include\private\wtf, not
1388         $(ConfigurationBuildDir)\include\private\JavaScriptCore\wtf.
1389         https://bugs.webkit.org/show_bug.cgi?id=81739
1390
1391         Reviewed by Dan Bernstein.
1392
1393         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
1394         Look for AtomicString.cpp, StringBuilder.cpp, StringImpl.cpp, and WTFString.cpp in the wtf
1395         subdirectory of the build output, not the JavaScriptCore/wtf subdirectory.
1396         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
1397         Ditto.
1398
1399         * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops:
1400         Get the headers for those 4 files from the wtf subdirectory of the build output, not the
1401         JavaScriptCore/wtf subdirectory.
1402         * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
1403         Ditto.
1404
1405 2012-03-20  Eric Seidel  <eric@webkit.org>
1406
1407         Move wtf/Platform.h from JavaScriptCore to Source/WTF/wtf
1408         https://bugs.webkit.org/show_bug.cgi?id=80911
1409
1410         Reviewed by Adam Barth.
1411
1412         Update the various build systems to depend on Source/WTF headers
1413         as well as remove references to Platform.h (since it's now moved).
1414
1415         * CMakeLists.txt:
1416         * JavaScriptCore.pri:
1417         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
1418         * JavaScriptCore.xcodeproj/project.pbxproj:
1419         * wtf/CMakeLists.txt:
1420
1421 2012-03-20  Filip Pizlo  <fpizlo@apple.com>
1422
1423         op_mod fails on many interesting corner cases
1424         https://bugs.webkit.org/show_bug.cgi?id=81648
1425
1426         Reviewed by Oliver Hunt.
1427         
1428         Removed most strength reduction for op_mod, and fixed the integer handling
1429         to do the right thing for corner cases. Oddly, this revealed bugs in OSR,
1430         which this patch also fixes.
1431         
1432         This patch is performance neutral on all of the major benchmarks we track.
1433
1434         * dfg/DFGOperations.cpp:
1435         * dfg/DFGOperations.h:
1436         * dfg/DFGSpeculativeJIT.cpp:
1437         (DFG):
1438         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
1439         (JSC::DFG::SpeculativeJIT::compileArithMod):
1440         * jit/JIT.h:
1441         (JIT):
1442         * jit/JITArithmetic.cpp:
1443         (JSC):
1444         (JSC::JIT::emit_op_mod):
1445         (JSC::JIT::emitSlow_op_mod):
1446         * jit/JITArithmetic32_64.cpp:
1447         (JSC::JIT::emit_op_mod):
1448         (JSC::JIT::emitSlow_op_mod):
1449         * jit/JITOpcodes32_64.cpp:
1450         (JSC::JIT::privateCompileCTIMachineTrampolines):
1451         (JSC):
1452         * jit/JITStubs.h:
1453         (TrampolineStructure):
1454         (JSC::JITThunks::ctiNativeConstruct):
1455         * llint/LowLevelInterpreter64.asm:
1456         * wtf/Platform.h:
1457         * wtf/SimpleStats.h:
1458         (WTF::SimpleStats::variance):
1459
1460 2012-03-20  Steve Falkenburg  <sfalken@apple.com>
1461
1462         Windows (make based) build fix.
1463         <rdar://problem/11069015>
1464
1465         * JavaScriptCore.vcproj/JavaScriptCore.make: devenv /rebuild doesn't work with JavaScriptCore.vcproj. Use /clean and /build instead.
1466
1467 2012-03-20  Steve Falkenburg  <sfalken@apple.com>
1468
1469         Move WTF-related Windows project files out of JavaScriptCore
1470         https://bugs.webkit.org/show_bug.cgi?id=80680
1471
1472         This change only moves the vcproj and related files from JavaScriptCore/JavaScriptCore.vcproj/WTF.
1473         It does not move any source code. This is in preparation for the WTF source move out of
1474         JavaScriptCore.
1475
1476         Reviewed by Jessie Berlin.
1477
1478         * JavaScriptCore.vcproj/JavaScriptCore.sln:
1479         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
1480         * JavaScriptCore.vcproj/WTF: Removed.
1481         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed.
1482         * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Removed.
1483         * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Removed.
1484         * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Removed.
1485         * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Removed.
1486         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Removed.
1487         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Removed.
1488         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Removed.
1489         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Removed.
1490         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Removed.
1491         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Removed.
1492         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Removed.
1493         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Removed.
1494         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Removed.
1495         * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd: Removed.
1496         * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd: Removed.
1497         * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Removed.
1498         * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Removed.
1499         * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Removed.
1500         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Removed.
1501         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Removed.
1502         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Removed.
1503
1504 2012-03-20  Benjamin Poulain  <bpoulain@apple.com>
1505
1506         Cache the type string of JavaScript object
1507         https://bugs.webkit.org/show_bug.cgi?id=81446
1508
1509         Reviewed by Geoffrey Garen.
1510
1511         Instead of creating the JSString every time, we create
1512         lazily the strings in JSGlobalData.
1513
1514         This avoid the construction of the StringImpl and of the JSString,
1515         which gives some performance improvements.
1516
1517         * runtime/CommonIdentifiers.h:
1518         * runtime/JSValue.cpp:
1519         (JSC::JSValue::toStringSlowCase):
1520         * runtime/Operations.cpp:
1521         (JSC::jsTypeStringForValue):
1522         * runtime/SmallStrings.cpp:
1523         (JSC::SmallStrings::SmallStrings):
1524         (JSC::SmallStrings::finalizeSmallStrings):
1525         (JSC::SmallStrings::initialize):
1526         (JSC):
1527         * runtime/SmallStrings.h:
1528         (SmallStrings):
1529
1530 2012-03-20  Oliver Hunt  <oliver@apple.com>
1531
1532         Allow LLINT to work even when executable allocation fails.
1533         https://bugs.webkit.org/show_bug.cgi?id=81693
1534
1535         Reviewed by Gavin Barraclough.
1536
1537         Don't crash if executable allocation fails if we can fall back on LLINT
1538
1539         * jit/ExecutableAllocatorFixedVMPool.cpp:
1540         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
1541         * wtf/OSAllocatorPosix.cpp:
1542         (WTF::OSAllocator::reserveAndCommit):
1543
1544 2012-03-20  Csaba Osztrogonác  <ossy@webkit.org>
1545
1546         Division optimizations fail to infer cases of truncated division and mishandle -2147483648/-1
1547         https://bugs.webkit.org/show_bug.cgi?id=81428
1548
1549         32 bit buildfix after r111355.
1550
1551         2147483648 (2^31) isn't valid int literal in ISO C90, because 2147483647 (2^31-1) is the biggest int.
1552         The smallest int is -2147483648 (-2^31) == -2147483647 - 1  == -INT32_MAX-1 == INT32_MIN (stdint.h).
1553
1554         Reviewed by Zoltan Herczeg.
1555
1556         * dfg/DFGSpeculativeJIT.cpp:
1557         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
1558
1559 2012-03-19  Jochen Eisinger  <jochen@chromium.org>
1560
1561         Split WTFReportBacktrace into WTFReportBacktrace and WTFPrintBacktrace
1562         https://bugs.webkit.org/show_bug.cgi?id=80983
1563
1564         Reviewed by Darin Adler.
1565
1566         This allows printing a backtrace acquired by an earlier WTFGetBacktrace
1567         call which is useful for local debugging.
1568
1569         * wtf/Assertions.cpp:
1570         * wtf/Assertions.h:
1571
1572 2012-03-19  Benjamin Poulain  <benjamin@webkit.org>
1573
1574         Do not copy the script source in the SourceProvider, just reference the existing string
1575         https://bugs.webkit.org/show_bug.cgi?id=81466
1576
1577         Reviewed by Geoffrey Garen.
1578
1579         * parser/SourceCode.h: Remove the unused, and incorrect, function data().
1580         * parser/SourceProvider.h: Add OVERRIDE for clarity.
1581
1582 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1583
1584         Division optimizations fail to infer cases of truncated division and
1585         mishandle -2147483648/-1
1586         https://bugs.webkit.org/show_bug.cgi?id=81428
1587         <rdar://problem/11067382>
1588
1589         Reviewed by Oliver Hunt.
1590
1591         If you're a division over integers and you're only used as an integer, then you're
1592         an integer division and remainder checks become unnecessary. If you're dividing
1593         -2147483648 by -1, don't crash.
1594
1595         * assembler/MacroAssemblerX86Common.h:
1596         (MacroAssemblerX86Common):
1597         (JSC::MacroAssemblerX86Common::add32):
1598         * dfg/DFGSpeculativeJIT.cpp:
1599         (DFG):
1600         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
1601         * dfg/DFGSpeculativeJIT.h:
1602         (SpeculativeJIT):
1603         * dfg/DFGSpeculativeJIT32_64.cpp:
1604         (JSC::DFG::SpeculativeJIT::compile):
1605         * dfg/DFGSpeculativeJIT64.cpp:
1606         (JSC::DFG::SpeculativeJIT::compile):
1607         * llint/LowLevelInterpreter64.asm:
1608
1609 2012-03-19  Benjamin Poulain  <bpoulain@apple.com>
1610
1611         Simplify SmallStrings
1612         https://bugs.webkit.org/show_bug.cgi?id=81445
1613
1614         Reviewed by Gavin Barraclough.
1615
1616         SmallStrings had two methods that should not be public: count() and clear().
1617
1618         The method clear() is effectively replaced by finalizeSmallStrings(). The body
1619         of the method was moved to the constructor since the code is obvious.
1620
1621         The method count() is unused.
1622
1623         * runtime/SmallStrings.cpp:
1624         (JSC::SmallStrings::SmallStrings):
1625         * runtime/SmallStrings.h:
1626         (SmallStrings):
1627
1628 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1629
1630         DFG can no longer compile V8-v4/regexp in debug mode
1631         https://bugs.webkit.org/show_bug.cgi?id=81592
1632
1633         Reviewed by Gavin Barraclough.
1634
1635         * dfg/DFGSpeculativeJIT32_64.cpp:
1636         (JSC::DFG::SpeculativeJIT::compile):
1637         * dfg/DFGSpeculativeJIT64.cpp:
1638         (JSC::DFG::SpeculativeJIT::compile):
1639
1640 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1641
1642         Prediction propagation for UInt32ToNumber incorrectly assumes that outs outcome does not
1643         change throughout the fixpoint
1644         https://bugs.webkit.org/show_bug.cgi?id=81583
1645
1646         Reviewed by Michael Saboff.
1647
1648         * dfg/DFGPredictionPropagationPhase.cpp:
1649         (JSC::DFG::PredictionPropagationPhase::propagate):
1650
1651 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1652
1653         GC should not attempt to clear LLInt instruction inline caches for code blocks that are in
1654         the process of being generated
1655         https://bugs.webkit.org/show_bug.cgi?id=81565
1656
1657         Reviewed by Oliver Hunt.
1658
1659         * bytecode/CodeBlock.cpp:
1660         (JSC::CodeBlock::finalizeUnconditionally):
1661
1662 2012-03-19  Eric Seidel  <eric@webkit.org>
1663
1664         Fix WTF header include discipline in Chromium WebKit
1665         https://bugs.webkit.org/show_bug.cgi?id=81281
1666
1667         Reviewed by James Robinson.
1668
1669         * JavaScriptCore.gyp/JavaScriptCore.gyp:
1670         * wtf/unicode/icu/CollatorICU.cpp:
1671
1672 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1673
1674         DFG NodeUse should be called Edge and NodeReferenceBlob should be called AdjacencyList
1675         https://bugs.webkit.org/show_bug.cgi?id=81556
1676
1677         Rubber stamped by Gavin Barraclough.
1678
1679         * GNUmakefile.list.am:
1680         * JavaScriptCore.xcodeproj/project.pbxproj:
1681         * dfg/DFGAbstractState.h:
1682         (JSC::DFG::AbstractState::forNode):
1683         * dfg/DFGAdjacencyList.h: Copied from Source/JavaScriptCore/dfg/DFGNodeReferenceBlob.h.
1684         (JSC::DFG::AdjacencyList::AdjacencyList):
1685         (JSC::DFG::AdjacencyList::child):
1686         (JSC::DFG::AdjacencyList::setChild):
1687         (JSC::DFG::AdjacencyList::child1):
1688         (JSC::DFG::AdjacencyList::child2):
1689         (JSC::DFG::AdjacencyList::child3):
1690         (JSC::DFG::AdjacencyList::setChild1):
1691         (JSC::DFG::AdjacencyList::setChild2):
1692         (JSC::DFG::AdjacencyList::setChild3):
1693         (JSC::DFG::AdjacencyList::child1Unchecked):
1694         (JSC::DFG::AdjacencyList::initialize):
1695         (AdjacencyList):
1696         * dfg/DFGByteCodeParser.cpp:
1697         (JSC::DFG::ByteCodeParser::addVarArgChild):
1698         (JSC::DFG::ByteCodeParser::processPhiStack):
1699         * dfg/DFGCSEPhase.cpp:
1700         (JSC::DFG::CSEPhase::canonicalize):
1701         (JSC::DFG::CSEPhase::performSubstitution):
1702         * dfg/DFGEdge.h: Copied from Source/JavaScriptCore/dfg/DFGNodeUse.h.
1703         (DFG):
1704         (JSC::DFG::Edge::Edge):
1705         (JSC::DFG::Edge::operator==):
1706         (JSC::DFG::Edge::operator!=):
1707         (Edge):
1708         (JSC::DFG::operator==):
1709         (JSC::DFG::operator!=):
1710         * dfg/DFGGraph.h:
1711         (JSC::DFG::Graph::operator[]):
1712         (JSC::DFG::Graph::at):
1713         (JSC::DFG::Graph::ref):
1714         (JSC::DFG::Graph::deref):
1715         (JSC::DFG::Graph::clearAndDerefChild1):
1716         (JSC::DFG::Graph::clearAndDerefChild2):
1717         (JSC::DFG::Graph::clearAndDerefChild3):
1718         (Graph):
1719         * dfg/DFGJITCompiler.h:
1720         (JSC::DFG::JITCompiler::getPrediction):
1721         * dfg/DFGNode.h:
1722         (JSC::DFG::Node::Node):
1723         (JSC::DFG::Node::child1):
1724         (JSC::DFG::Node::child1Unchecked):
1725         (JSC::DFG::Node::child2):
1726         (JSC::DFG::Node::child3):
1727         (Node):
1728         * dfg/DFGNodeFlags.cpp:
1729         (JSC::DFG::arithNodeFlagsAsString):
1730         * dfg/DFGNodeFlags.h:
1731         (DFG):
1732         (JSC::DFG::nodeUsedAsNumber):
1733         * dfg/DFGNodeReferenceBlob.h: Removed.
1734         * dfg/DFGNodeUse.h: Removed.
1735         * dfg/DFGPredictionPropagationPhase.cpp:
1736         (JSC::DFG::PredictionPropagationPhase::propagate):
1737         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
1738         (JSC::DFG::PredictionPropagationPhase::vote):
1739         (JSC::DFG::PredictionPropagationPhase::fixupNode):
1740         * dfg/DFGScoreBoard.h:
1741         (JSC::DFG::ScoreBoard::use):
1742         * dfg/DFGSpeculativeJIT.cpp:
1743         (JSC::DFG::SpeculativeJIT::useChildren):
1744         (JSC::DFG::SpeculativeJIT::writeBarrier):
1745         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
1746         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
1747         (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
1748         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
1749         * dfg/DFGSpeculativeJIT.h:
1750         (JSC::DFG::SpeculativeJIT::at):
1751         (JSC::DFG::SpeculativeJIT::canReuse):
1752         (JSC::DFG::SpeculativeJIT::use):
1753         (SpeculativeJIT):
1754         (JSC::DFG::SpeculativeJIT::speculationCheck):
1755         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
1756         (JSC::DFG::IntegerOperand::IntegerOperand):
1757         (JSC::DFG::DoubleOperand::DoubleOperand):
1758         (JSC::DFG::JSValueOperand::JSValueOperand):
1759         (JSC::DFG::StorageOperand::StorageOperand):
1760         (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
1761         (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
1762         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
1763         (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
1764         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
1765         * dfg/DFGSpeculativeJIT32_64.cpp:
1766         (JSC::DFG::SpeculativeJIT::cachedPutById):
1767         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1768         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1769         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
1770         (JSC::DFG::SpeculativeJIT::emitCall):
1771         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1772         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1773         * dfg/DFGSpeculativeJIT64.cpp:
1774         (JSC::DFG::SpeculativeJIT::cachedPutById):
1775         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1776         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1777         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
1778         (JSC::DFG::SpeculativeJIT::emitCall):
1779         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1780         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1781
1782 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1783
1784         Object.freeze broken on latest Nightly
1785         https://bugs.webkit.org/show_bug.cgi?id=80577
1786
1787         Reviewed by Oliver Hunt.
1788
1789         * runtime/Arguments.cpp:
1790         (JSC::Arguments::defineOwnProperty):
1791             - defineOwnProperty was checking for correct behaviour, provided that length/callee hadn't
1792             been overrridden. instead, just reify length/callee & rely on JSObject::defineOwnProperty.
1793         * runtime/JSFunction.cpp:
1794         (JSC::JSFunction::defineOwnProperty):
1795             - for arguments/caller/length properties, defineOwnProperty was incorrectly asserting that
1796             the object must be extensible; this is incorrect since these properties should already exist
1797             on the object. In addition, it was asserting that the arguments/caller values must match the
1798             corresponding magic data properties, but for strict mode function this is incorrect. Instead,
1799             just reify the arguments/caller accessor & defer to JSObject::defineOwnProperty.
1800
1801 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1802
1803         LLInt get_by_pname slow path incorrectly assumes that the operands are not constants
1804         https://bugs.webkit.org/show_bug.cgi?id=81559
1805
1806         Reviewed by Michael Saboff.
1807
1808         * llint/LLIntSlowPaths.cpp:
1809         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1810
1811 2012-03-19  Yong Li  <yoli@rim.com>
1812
1813         [BlackBerry] Implement OSAllocator::commit/decommit in the correct way
1814         https://bugs.webkit.org/show_bug.cgi?id=77013
1815
1816         We should use mmap(PROT_NONE, MAP_LAZY) instead of posix_madvise() to
1817         implement memory decommitting for QNX.
1818
1819         Reviewed by Rob Buis.
1820
1821         * wtf/OSAllocatorPosix.cpp:
1822         (WTF::OSAllocator::reserveUncommitted):
1823         (WTF::OSAllocator::commit):
1824         (WTF::OSAllocator::decommit):
1825
1826 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1827
1828         Unreviewed - revent a couple of files accidentally committed.
1829
1830         * runtime/Arguments.cpp:
1831         (JSC::Arguments::defineOwnProperty):
1832         * runtime/JSFunction.cpp:
1833         (JSC::JSFunction::defineOwnProperty):
1834
1835 2012-03-19  Jessie Berlin  <jberlin@apple.com>
1836
1837         Another Windows build fix after r111129.
1838
1839         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1840
1841 2012-03-19  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
1842
1843         Cross-platform processor core counter: fix build on FreeBSD.
1844         https://bugs.webkit.org/show_bug.cgi?id=81482
1845
1846         Reviewed by Zoltan Herczeg.
1847
1848         The documentation of sysctl(3) shows that <sys/types.h> should be
1849         included before <sys/sysctl.h> (sys/types.h tends to be the first
1850         included header in general).
1851
1852         This should fix the build on FreeBSD and other systems where
1853         sysctl.h really depends on types defined in types.h.
1854
1855         * wtf/NumberOfCores.cpp:
1856
1857 2012-03-19  Jessie Berlin  <jberlin@apple.com>
1858
1859         Windows build fix after r111129.
1860
1861         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1862
1863 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1864
1865         JSCallbackFunction::toStringCallback/valueOfCallback do not handle 0 return value from convertToType
1866         https://bugs.webkit.org/show_bug.cgi?id=81468 <rdar://problem/11034745>
1867
1868         Reviewed by Oliver Hunt.
1869
1870         The API specifies that convertToType may opt not to handle a conversion:
1871             "@result The objects's converted value, or NULL if the object was not converted."
1872         In which case, it would propagate first up the JSClass hierarchy, calling its superclass's
1873         conversion functions, and failing that call the JSObject::defaultValue function.
1874
1875         Unfortunately this behaviour was removed in bug#69677/bug#69858, and instead we now rely on
1876         the toStringCallback/valueOfCallback function introduced in bug#69156. Even after a fix in
1877         bug#73368, these will return the result from the first convertToType they find, regardless
1878         of whether this result is null, and if no convertToType method is found in the api class
1879         hierarchy (possible if toStringCallback/valueOfCallback was accessed off the prototype
1880         chain), they will also return a null pointer. This is unsafe.
1881
1882         It would be easy to make the approach based around toStringCallback/valueOfCallback continue
1883         to walk the api class hierarchy, but making the fallback to defaultValue would be problematic
1884         (since defaultValue calls toStringCallback/valueOfCallback, this would infinitely recurse).
1885         Making the fallback work with toString/valueOf methods attached to api objects is probably
1886         not the right thing to do – instead, we should just implement the defaultValue trap for api
1887         objects.
1888
1889         In addition, this bug highlights that fact that JSCallbackFunction::call will allow a hard
1890         null to be returned from C to JavaScript - this is not okay. Handle with an exception.
1891
1892         * API/JSCallbackFunction.cpp:
1893         (JSC::JSCallbackFunction::call):
1894             - Should be null checking the return value.
1895         (JSC):
1896             - Remove toStringCallback/valueOfCallback.
1897         * API/JSCallbackFunction.h:
1898         (JSCallbackFunction):
1899             - Remove toStringCallback/valueOfCallback.
1900         * API/JSCallbackObject.h:
1901         (JSCallbackObject):
1902             - Add defaultValue mthods to JSCallbackObject.
1903         * API/JSCallbackObjectFunctions.h:
1904         (JSC::::defaultValue):
1905             - Add defaultValue mthods to JSCallbackObject.
1906         * API/JSClassRef.cpp:
1907         (OpaqueJSClass::prototype):
1908             - Remove toStringCallback/valueOfCallback.
1909         * API/tests/testapi.js:
1910             - Revert this test, now we no longer artificially introduce a toString method onto the api object.
1911
1912 2012-03-18  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
1913
1914         [EFL] Include ICU_INCLUDE_DIRS when building.
1915         https://bugs.webkit.org/show_bug.cgi?id=81483
1916
1917         Reviewed by Daniel Bates.
1918
1919         So far, only the ICU libraries were being included when building
1920         JavaScriptCore, however the include path is also needed, otherwise the
1921         build will fail when ICU is installed into a non-standard location.
1922
1923         * PlatformEfl.cmake: Include ${ICU_INCLUDE_DIRS}.
1924
1925 2012-03-17  Gavin Barraclough  <barraclough@apple.com>
1926
1927         Strength reduction, RegExp.exec -> RegExp.test
1928         https://bugs.webkit.org/show_bug.cgi?id=81459
1929
1930         Reviewed by Sam Weinig.
1931
1932         RegExp.prototype.exec & RegExp.prototype.test can both be used to test a regular
1933         expression for a match against a string - however exec is more expensive, since
1934         it allocates a matches array object. In cases where the result is consumed in a
1935         boolean context the allocation of the matches array can be trivially elided.
1936
1937         For example:
1938             function f()
1939             {
1940                 for (i =0; i < 10000000; ++i)
1941                     if(!/a/.exec("a"))
1942                         err = true;
1943             }
1944
1945         This is a 2.5x speedup on this example microbenchmark loop.
1946
1947         In a more advanced form of this optimization, we may be able to avoid allocating
1948         the array where access to the array can be observed.
1949
1950         * create_hash_table:
1951         * dfg/DFGAbstractState.cpp:
1952         (JSC::DFG::AbstractState::execute):
1953         * dfg/DFGByteCodeParser.cpp:
1954         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1955         * dfg/DFGNode.h:
1956         (JSC::DFG::Node::hasHeapPrediction):
1957         * dfg/DFGNodeType.h:
1958         (DFG):
1959         * dfg/DFGOperations.cpp:
1960         * dfg/DFGOperations.h:
1961         * dfg/DFGPredictionPropagationPhase.cpp:
1962         (JSC::DFG::PredictionPropagationPhase::propagate):
1963         * dfg/DFGSpeculativeJIT.cpp:
1964         (JSC::DFG::SpeculativeJIT::compileRegExpExec):
1965         (DFG):
1966         * dfg/DFGSpeculativeJIT.h:
1967         (JSC::DFG::SpeculativeJIT::callOperation):
1968         * dfg/DFGSpeculativeJIT32_64.cpp:
1969         (JSC::DFG::SpeculativeJIT::compile):
1970         * dfg/DFGSpeculativeJIT64.cpp:
1971         (JSC::DFG::SpeculativeJIT::compile):
1972         * jsc.cpp:
1973         (GlobalObject::addConstructableFunction):
1974         * runtime/Intrinsic.h:
1975         * runtime/JSFunction.cpp:
1976         (JSC::JSFunction::create):
1977         (JSC):
1978         * runtime/JSFunction.h:
1979         (JSFunction):
1980         * runtime/Lookup.cpp:
1981         (JSC::setUpStaticFunctionSlot):
1982         * runtime/RegExpObject.cpp:
1983         (JSC::RegExpObject::exec):
1984         (JSC::RegExpObject::match):
1985         * runtime/RegExpObject.h:
1986         (RegExpObject):
1987         * runtime/RegExpPrototype.cpp:
1988         (JSC::regExpProtoFuncTest):
1989         (JSC::regExpProtoFuncExec):
1990
1991 2012-03-16  Michael Saboff  <msaboff@apple.com>
1992
1993         Improve diagnostic benefit of JSGlobalData::m_isInitializingObject
1994         https://bugs.webkit.org/show_bug.cgi?id=81244
1995
1996         Rubber stamped by Filip Pizlo.
1997
1998         Changed type and name of JSGlobalData::m_isInitializingObject to
1999         ClassInfo* and m_initializingObjectClass.
2000         Changed JSGlobalData::setInitializingObject to
2001         JSGlobalData::setInitializingObjectClass.  This pointer can be used within 
2002         the debugger to determine what type of object is being initialized.
2003         
2004         * runtime/JSCell.h:
2005         (JSC::JSCell::finishCreation):
2006         (JSC::allocateCell):
2007         * runtime/JSGlobalData.cpp:
2008         (JSC::JSGlobalData::JSGlobalData):
2009         * runtime/JSGlobalData.h:
2010         (JSGlobalData):
2011         (JSC::JSGlobalData::isInitializingObject):
2012         (JSC::JSGlobalData::setInitializingObjectClass):
2013         * runtime/Structure.h:
2014         (JSC::JSCell::finishCreation):
2015
2016 2012-03-16  Mark Rowe  <mrowe@apple.com>
2017
2018         Build fix. Do not preserve owner and group information when installing the WTF headers.
2019
2020         * JavaScriptCore.xcodeproj/project.pbxproj:
2021
2022 2012-03-15  David Dorwin  <ddorwin@chromium.org>
2023
2024         Make the array pointer parameters in the Typed Array create() methods const.
2025         https://bugs.webkit.org/show_bug.cgi?id=81147
2026
2027         Reviewed by Kenneth Russell.
2028
2029         This allows const arrays to be passed to these methods.
2030         They use PassRefPtr<Subclass> create(), which already has a const parameter.
2031
2032         * wtf/Int16Array.h:
2033         (Int16Array):
2034         (WTF::Int16Array::create):
2035         * wtf/Int32Array.h:
2036         (Int32Array):
2037         (WTF::Int32Array::create):
2038         * wtf/Int8Array.h:
2039         (Int8Array):
2040         (WTF::Int8Array::create):
2041         * wtf/Uint16Array.h:
2042         (Uint16Array):
2043         (WTF::Uint16Array::create):
2044         * wtf/Uint32Array.h:
2045         (Uint32Array):
2046         (WTF::Uint32Array::create):
2047         * wtf/Uint8Array.h:
2048         (Uint8Array):
2049         (WTF::Uint8Array::create):
2050         * wtf/Uint8ClampedArray.h:
2051         (Uint8ClampedArray):
2052         (WTF::Uint8ClampedArray::create):
2053
2054 2012-03-15  Myles Maxfield  <mmaxfield@google.com>
2055
2056         CopiedSpace::tryAllocateOversize assumes system page size
2057         https://bugs.webkit.org/show_bug.cgi?id=80615
2058
2059         Reviewed by Geoffrey Garen.
2060
2061         * heap/CopiedSpace.cpp:
2062         (JSC::CopiedSpace::tryAllocateOversize):
2063         * heap/CopiedSpace.h:
2064         (CopiedSpace):
2065         * heap/CopiedSpaceInlineMethods.h:
2066         (JSC::CopiedSpace::oversizeBlockFor):
2067         * wtf/BumpPointerAllocator.h:
2068         (WTF::BumpPointerPool::create):
2069         * wtf/StdLibExtras.h:
2070         (WTF::roundUpToMultipleOf):
2071
2072 2012-03-15  Mark Hahnenberg  <mhahnenberg@apple.com>
2073
2074         Fixing Windows build breakage
2075
2076         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2077
2078 2012-03-15  Patrick Gansterer  <paroga@webkit.org>
2079
2080         [EFL] Make zlib a general build requirement
2081         https://bugs.webkit.org/show_bug.cgi?id=80153
2082
2083         Reviewed by Hajime Morita.
2084
2085         After r109538 WebSocket module needs zlib to support deflate-frame extension.
2086
2087         * wtf/Platform.h:
2088
2089 2012-03-15  Benjamin Poulain  <bpoulain@apple.com>
2090
2091         NumericStrings should be inlined
2092         https://bugs.webkit.org/show_bug.cgi?id=81183
2093
2094         Reviewed by Gavin Barraclough.
2095
2096         NumericStrings is not always inlined. When it is not, the class is not faster
2097         than using UString::number() directly.
2098
2099         * runtime/NumericStrings.h:
2100         (JSC::NumericStrings::add):
2101         (JSC::NumericStrings::lookupSmallString):
2102
2103 2012-03-15  Andras Becsi  <andras.becsi@nokia.com>
2104
2105         Fix ARM build after r110792.
2106
2107         Unreviewed build fix.
2108
2109         * jit/ExecutableAllocator.h:
2110         (JSC::ExecutableAllocator::cacheFlush):
2111         Remove superfluous curly brackets.
2112
2113 2012-03-15  Gavin Barraclough  <barraclough@apple.com>
2114
2115         ARMv7: prefer vmov(gpr,gpr->double) over vmov(gpr->single)
2116         https://bugs.webkit.org/show_bug.cgi?id=81256
2117
2118         Reviewed by Oliver Hunt.
2119
2120         This is a 0.5% sunspider progression.
2121
2122         * assembler/MacroAssemblerARMv7.h:
2123         (JSC::MacroAssemblerARMv7::convertInt32ToDouble):
2124             - switch which form of vmov we use.
2125
2126 2012-03-15  YoungTaeck Song  <youngtaeck.song@samsung.com>
2127
2128         [EFL] Add OwnPtr specialization for Ecore_Timer.
2129         https://bugs.webkit.org/show_bug.cgi?id=80119
2130
2131         Reviewed by Hajime Morita.
2132
2133         Add an overload for deleteOwnedPtr(Ecore_Timer*) on EFL port.
2134
2135         * wtf/OwnPtrCommon.h:
2136         (WTF):
2137         * wtf/efl/OwnPtrEfl.cpp:
2138         (WTF::deleteOwnedPtr):
2139         (WTF):
2140
2141 2012-03-15  Hojong Han  <hojong.han@samsung.com>
2142
2143         Linux has madvise enough to support OSAllocator::commit/decommit
2144         https://bugs.webkit.org/show_bug.cgi?id=80505
2145
2146         Reviewed by Geoffrey Garen.
2147
2148         * wtf/OSAllocatorPosix.cpp:
2149         (WTF::OSAllocator::reserveUncommitted):
2150         (WTF::OSAllocator::commit):
2151         (WTF::OSAllocator::decommit):
2152
2153 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
2154
2155         Windows build fix.
2156
2157         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
2158         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
2159         * JavaScriptCore.vcproj/WTF/copy-files.cmd:
2160         * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
2161
2162 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
2163
2164         Windows build fix.
2165
2166         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
2167
2168 2012-03-15  Kevin Ollivier  <kevino@theolliviers.com>
2169
2170         Move wx port to using export macros
2171         https://bugs.webkit.org/show_bug.cgi?id=77279
2172
2173         Reviewed by Hajime Morita.
2174
2175         * wscript:
2176         * wtf/Platform.h:
2177
2178 2012-03-14  Benjamin Poulain  <bpoulain@apple.com>
2179
2180         Avoid StringImpl::getData16SlowCase() when sorting array
2181         https://bugs.webkit.org/show_bug.cgi?id=81070
2182
2183         Reviewed by Geoffrey Garen.
2184
2185         The function codePointCompare() is used intensively when sorting strings.
2186         This patch improves its performance by:
2187         -Avoiding character conversion.
2188         -Inlining the function.
2189
2190         This makes Peacekeeper's arrayCombined test 30% faster.
2191
2192         * wtf/text/StringImpl.cpp:
2193         * wtf/text/StringImpl.h:
2194         (WTF):
2195         (WTF::codePointCompare):
2196         (WTF::codePointCompare8):
2197         (WTF::codePointCompare16):
2198         (WTF::codePointCompare8To16):
2199
2200 2012-03-14  Hojong Han  <hojong.han@samsung.com>
2201
2202         Fix memory allocation failed by fastmalloc
2203         https://bugs.webkit.org/show_bug.cgi?id=79614
2204
2205         Reviewed by Geoffrey Garen.
2206
2207         Memory allocation failed even if the heap grows successfully.
2208         It is wrong to get the span only from the large list after the heap grows,
2209         because new span could be added in the normal list.
2210
2211         * wtf/FastMalloc.cpp:
2212         (WTF::TCMalloc_PageHeap::New):
2213
2214 2012-03-14  Hojong Han  <hojong.han@samsung.com>
2215
2216         Run cacheFlush page by page to assure of flushing all the requested ranges
2217         https://bugs.webkit.org/show_bug.cgi?id=77712
2218
2219         Reviewed by Geoffrey Garen.
2220
2221         Current MetaAllocator concept, always coalesces adjacent free spaces,
2222         doesn't meet memory management of Linux kernel.
2223         In a certain case Linux kernel doesn't regard contiguous virtual memory areas as one but two.
2224         Therefore cacheFlush page by page guarantees a flush-requested range.
2225
2226         * jit/ExecutableAllocator.h:
2227         (JSC::ExecutableAllocator::cacheFlush):
2228
2229 2012-03-14  Oliver Hunt  <oliver@apple.com>
2230
2231         Make ARMv7 work again
2232         https://bugs.webkit.org/show_bug.cgi?id=81157
2233
2234         Reviewed by Geoffrey Garen.
2235
2236         We were trying to use the ARMv7 dataRegister as a scratch register in a scenario
2237         where we the ARMv7MacroAssembler would also try to use dataRegister for its own
2238         nefarious purposes.
2239
2240         * assembler/MacroAssembler.h:
2241         (JSC::MacroAssembler::store32):
2242         * assembler/MacroAssemblerARMv7.h:
2243         (MacroAssemblerARMv7):
2244
2245 2012-03-14  Mark Hahnenberg  <mhahnenberg@apple.com>
2246
2247         Heap::destroy leaks CopiedSpace
2248         https://bugs.webkit.org/show_bug.cgi?id=81055
2249
2250         Reviewed by Geoffrey Garen.
2251
2252         Added a destroy() function to CopiedSpace that moves all normal size 
2253         CopiedBlocks from the CopiedSpace to the Heap's list of free blocks 
2254         as well as deallocates all of the oversize blocks in the CopiedSpace. 
2255         This function is now called in Heap::destroy().
2256
2257         * heap/CopiedSpace.cpp:
2258         (JSC::CopiedSpace::destroy):
2259         (JSC):
2260         * heap/CopiedSpace.h:
2261         (CopiedSpace):
2262         * heap/Heap.cpp:
2263         (JSC::Heap::destroy):
2264
2265 2012-03-14  Andrew Lo  <anlo@rim.com>
2266
2267         [BlackBerry] Implement REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR using AnimationFrameRateController
2268         https://bugs.webkit.org/show_bug.cgi?id=81000
2269
2270         Enable WTF_USE_REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for BlackBerry.
2271
2272         Reviewed by Antonio Gomes.
2273
2274         * wtf/Platform.h:
2275
2276 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
2277
2278         ValueToInt32 speculation will cause OSR exits even when it does not have to
2279         https://bugs.webkit.org/show_bug.cgi?id=81068
2280         <rdar://problem/11043926>
2281
2282         Reviewed by Anders Carlsson.
2283         
2284         Two related changes:
2285         1) ValueToInt32 will now always just defer to the non-speculative path, instead
2286            of exiting, if it doesn't know what speculations to perform.
2287         2) ValueToInt32 will speculate boolean if it sees this to be profitable.
2288
2289         * dfg/DFGAbstractState.cpp:
2290         (JSC::DFG::AbstractState::execute):
2291         * dfg/DFGNode.h:
2292         (JSC::DFG::Node::shouldSpeculateBoolean):
2293         (Node):
2294         * dfg/DFGSpeculativeJIT.cpp:
2295         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
2296
2297 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
2298
2299         More Windows build fixing
2300
2301         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2302
2303 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
2304
2305         Windows build fix
2306
2307         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2308
2309 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
2310
2311         Type conversion of exponential part failed
2312         https://bugs.webkit.org/show_bug.cgi?id=80673
2313
2314         Reviewed by Geoffrey Garen.
2315
2316         * parser/Lexer.cpp:
2317         (JSC::::lex):
2318         * runtime/JSGlobalObjectFunctions.cpp:
2319         (JSC::parseInt):
2320         (JSC):
2321         (JSC::jsStrDecimalLiteral): Added another template argument that exposes whether or not
2322         we accept trailing junk to clients of jsStrDecimalLiteral. Also added additional template 
2323         parameter for strtod to allow trailing spaces.
2324         (JSC::toDouble):
2325         (JSC::parseFloat): Accept trailing junk, as per the ECMA 262 spec (15.1.2.3).
2326         * runtime/LiteralParser.cpp:
2327         (JSC::::Lexer::lexNumber):
2328         * tests/mozilla/expected.html: Update the expected page for run-javascriptcore-tests so that 
2329         we will run ecma/TypeConversion/9.3.1-3.js as a regression test now.
2330         * wtf/dtoa.cpp:
2331         (WTF):
2332         (WTF::strtod): We also needed to sometimes accept trailing spaces to pass a few other tests that were 
2333         broken by changing the default allowance of trailing junk in jsStrDecimalLiteral.
2334         * wtf/dtoa.h:
2335         * wtf/dtoa/double-conversion.cc: When the AdvanceToNonspace function was lifted out of the 
2336         Chromium codebase, the person porting it only thought to check for spaces when skipping whitespace.
2337         A few of our JSC tests check for other types of trailing whitespace, so I've added checks for those 
2338         here to cover those cases (horizontal tab, vertical tab, carriage return, form feed, and line feed).
2339         * wtf/text/WTFString.cpp:
2340         (WTF::toDoubleType): Disallow trailing spaces, as this breaks form input verification stuff.
2341
2342 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
2343
2344         Unreviewed, build fix since is_pod<> includes some header that I didn't know about.
2345         Removing the assert for now.
2346
2347         * dfg/DFGOperations.h:
2348         * llint/LLIntSlowPaths.h:
2349
2350 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
2351
2352         Functions with C linkage should return POD types
2353         https://bugs.webkit.org/show_bug.cgi?id=81061
2354
2355         Reviewed by Mark Rowe.
2356
2357         * dfg/DFGOperations.h:
2358         * llint/LLIntSlowPaths.h:
2359         (LLInt):
2360         (SlowPathReturnType):
2361         (JSC::LLInt::encodeResult):
2362
2363 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
2364
2365         Loads from UInt32Arrays should not result in a double up-convert if it isn't necessary
2366         https://bugs.webkit.org/show_bug.cgi?id=80979
2367         <rdar://problem/11036848>
2368
2369         Reviewed by Oliver Hunt.
2370         
2371         Also improved DFG IR dumping to include type information in a somewhat more
2372         intuitive way.
2373
2374         * bytecode/PredictedType.cpp:
2375         (JSC::predictionToAbbreviatedString):
2376         (JSC):
2377         * bytecode/PredictedType.h:
2378         (JSC):
2379         * dfg/DFGAbstractState.cpp:
2380         (JSC::DFG::AbstractState::execute):
2381         * dfg/DFGGraph.cpp:
2382         (JSC::DFG::Graph::dump):
2383         * dfg/DFGPredictionPropagationPhase.cpp:
2384         (JSC::DFG::PredictionPropagationPhase::propagate):
2385         * dfg/DFGSpeculativeJIT.cpp:
2386         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
2387         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
2388         * dfg/DFGSpeculativeJIT.h:
2389         (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
2390
2391 2012-03-13  George Staikos  <staikos@webkit.org>
2392
2393         The callback is only used if SA_RESTART is defined.  Compile it out
2394         otherwise to avoid a warning.
2395         https://bugs.webkit.org/show_bug.cgi?id=80926
2396
2397         Reviewed by Alexey Proskuryakov.
2398
2399         * heap/MachineStackMarker.cpp:
2400         (JSC):
2401
2402 2012-03-13  Hojong Han  <hojong.han@samsung.com>
2403
2404         Dump the generated code for ARM_TRADITIONAL
2405         https://bugs.webkit.org/show_bug.cgi?id=80975
2406
2407         Reviewed by Gavin Barraclough.
2408
2409         * assembler/LinkBuffer.h:
2410         (JSC::LinkBuffer::dumpCode):
2411
2412 2012-03-13  Adam Barth  <abarth@webkit.org> && Benjamin Poulain  <bpoulain@apple.com>
2413
2414         Always enable ENABLE(CLIENT_BASED_GEOLOCATION)
2415         https://bugs.webkit.org/show_bug.cgi?id=78853
2416
2417         Reviewed by Adam Barth.
2418
2419         * Configurations/FeatureDefines.xcconfig:
2420         * wtf/Platform.h:
2421
2422 2012-03-13  Kwonjin Jeong  <gram@company100.net>
2423
2424         Remove SlotVisitor::copy() method.
2425         https://bugs.webkit.org/show_bug.cgi?id=80973
2426
2427         Reviewed by Geoffrey Garen.
2428
2429         SlotVisitor::copy() method isn't called anywhere.
2430
2431         * heap/MarkStack.cpp: Remove definition of SlotVisitor::copy() method.
2432         * heap/SlotVisitor.h: Remove declaration of SlotVisitor::copy() method.
2433
2434 2012-03-12  Hojong Han  <hojong.han@samsung.com>
2435
2436         Fix test cases for RegExp multiline
2437         https://bugs.webkit.org/show_bug.cgi?id=80822
2438
2439         Reviewed by Gavin Barraclough.
2440
2441         * tests/mozilla/js1_2/regexp/RegExp_multiline.js:
2442         * tests/mozilla/js1_2/regexp/RegExp_multiline_as_array.js:
2443         * tests/mozilla/js1_2/regexp/beginLine.js:
2444         * tests/mozilla/js1_2/regexp/endLine.js:
2445
2446 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
2447
2448         Arithmetic use inference should be procedure-global and should run in tandem
2449         with type propagation
2450         https://bugs.webkit.org/show_bug.cgi?id=80819
2451         <rdar://problem/11034006>
2452
2453         Reviewed by Gavin Barraclough.
2454         
2455         * CMakeLists.txt:
2456         * GNUmakefile.list.am:
2457         * JavaScriptCore.xcodeproj/project.pbxproj:
2458         * Target.pri:
2459         * dfg/DFGArithNodeFlagsInferencePhase.cpp: Removed.
2460         * dfg/DFGArithNodeFlagsInferencePhase.h: Removed.
2461         * dfg/DFGDriver.cpp:
2462         (JSC::DFG::compile):
2463         * dfg/DFGPredictionPropagationPhase.cpp:
2464         (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
2465         (PredictionPropagationPhase):
2466         (JSC::DFG::PredictionPropagationPhase::isNotZero):
2467         (JSC::DFG::PredictionPropagationPhase::propagate):
2468         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
2469         * dfg/DFGVariableAccessData.h:
2470         (JSC::DFG::VariableAccessData::VariableAccessData):
2471         (JSC::DFG::VariableAccessData::flags):
2472         (VariableAccessData):
2473         (JSC::DFG::VariableAccessData::mergeFlags):
2474
2475 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
2476
2477         Node::op and Node::flags should be private
2478         https://bugs.webkit.org/show_bug.cgi?id=80824
2479         <rdar://problem/11033435>
2480
2481         Reviewed by Gavin Barraclough.
2482
2483         * CMakeLists.txt:
2484         * GNUmakefile.list.am:
2485         * JavaScriptCore.xcodeproj/project.pbxproj:
2486         * Target.pri:
2487         * dfg/DFGAbstractState.cpp:
2488         (JSC::DFG::AbstractState::initialize):
2489         (JSC::DFG::AbstractState::execute):
2490         (JSC::DFG::AbstractState::mergeStateAtTail):
2491         (JSC::DFG::AbstractState::mergeToSuccessors):
2492         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
2493         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
2494         * dfg/DFGByteCodeParser.cpp:
2495         (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
2496         (JSC::DFG::ByteCodeParser::getLocal):
2497         (JSC::DFG::ByteCodeParser::getArgument):
2498         (JSC::DFG::ByteCodeParser::flushArgument):
2499         (JSC::DFG::ByteCodeParser::toInt32):
2500         (JSC::DFG::ByteCodeParser::isJSConstant):
2501         (JSC::DFG::ByteCodeParser::makeSafe):
2502         (JSC::DFG::ByteCodeParser::makeDivSafe):
2503         (JSC::DFG::ByteCodeParser::handleInlining):
2504         (JSC::DFG::ByteCodeParser::parseBlock):
2505         (JSC::DFG::ByteCodeParser::processPhiStack):
2506         (JSC::DFG::ByteCodeParser::linkBlock):
2507         * dfg/DFGCFAPhase.cpp:
2508         (JSC::DFG::CFAPhase::performBlockCFA):
2509         * dfg/DFGCSEPhase.cpp:
2510         (JSC::DFG::CSEPhase::canonicalize):
2511         (JSC::DFG::CSEPhase::endIndexForPureCSE):
2512         (JSC::DFG::CSEPhase::pureCSE):
2513         (JSC::DFG::CSEPhase::byValIsPure):
2514         (JSC::DFG::CSEPhase::clobbersWorld):
2515         (JSC::DFG::CSEPhase::impureCSE):
2516         (JSC::DFG::CSEPhase::globalVarLoadElimination):
2517         (JSC::DFG::CSEPhase::getByValLoadElimination):
2518         (JSC::DFG::CSEPhase::checkFunctionElimination):
2519         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
2520         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
2521         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
2522         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
2523         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
2524         (JSC::DFG::CSEPhase::performNodeCSE):
2525         * dfg/DFGGraph.cpp:
2526         (JSC::DFG::Graph::dump):
2527         (DFG):
2528         * dfg/DFGGraph.h:
2529         (JSC::DFG::Graph::addShouldSpeculateInteger):
2530         (JSC::DFG::Graph::negateShouldSpeculateInteger):
2531         (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
2532         * dfg/DFGNode.cpp: Removed.
2533         * dfg/DFGNode.h:
2534         (DFG):
2535         (JSC::DFG::Node::Node):
2536         (Node):
2537         (JSC::DFG::Node::op):
2538         (JSC::DFG::Node::flags):
2539         (JSC::DFG::Node::setOp):
2540         (JSC::DFG::Node::setFlags):
2541         (JSC::DFG::Node::mergeFlags):
2542         (JSC::DFG::Node::filterFlags):
2543         (JSC::DFG::Node::clearFlags):
2544         (JSC::DFG::Node::setOpAndDefaultFlags):
2545         (JSC::DFG::Node::mustGenerate):
2546         (JSC::DFG::Node::isConstant):
2547         (JSC::DFG::Node::isWeakConstant):
2548         (JSC::DFG::Node::valueOfJSConstant):
2549         (JSC::DFG::Node::hasVariableAccessData):
2550         (JSC::DFG::Node::hasIdentifier):
2551         (JSC::DFG::Node::resolveGlobalDataIndex):
2552         (JSC::DFG::Node::hasArithNodeFlags):
2553         (JSC::DFG::Node::arithNodeFlags):
2554         (JSC::DFG::Node::setArithNodeFlag):
2555         (JSC::DFG::Node::mergeArithNodeFlags):
2556         (JSC::DFG::Node::hasConstantBuffer):
2557         (JSC::DFG::Node::hasRegexpIndex):
2558         (JSC::DFG::Node::hasVarNumber):
2559         (JSC::DFG::Node::hasScopeChainDepth):
2560         (JSC::DFG::Node::hasResult):
2561         (JSC::DFG::Node::hasInt32Result):
2562         (JSC::DFG::Node::hasNumberResult):
2563         (JSC::DFG::Node::hasJSResult):
2564         (JSC::DFG::Node::hasBooleanResult):
2565         (JSC::DFG::Node::isJump):
2566         (JSC::DFG::Node::isBranch):
2567         (JSC::DFG::Node::isTerminal):
2568         (JSC::DFG::Node::hasHeapPrediction):
2569         (JSC::DFG::Node::hasFunctionCheckData):
2570         (JSC::DFG::Node::hasStructureTransitionData):
2571         (JSC::DFG::Node::hasStructureSet):
2572         (JSC::DFG::Node::hasStorageAccessData):
2573         (JSC::DFG::Node::hasFunctionDeclIndex):
2574         (JSC::DFG::Node::hasFunctionExprIndex):
2575         (JSC::DFG::Node::child1):
2576         (JSC::DFG::Node::child2):
2577         (JSC::DFG::Node::child3):
2578         (JSC::DFG::Node::firstChild):
2579         (JSC::DFG::Node::numChildren):
2580         * dfg/DFGNodeFlags.cpp: Copied from Source/JavaScriptCore/dfg/DFGNode.cpp.
2581         * dfg/DFGNodeFlags.h: Added.
2582         (DFG):
2583         (JSC::DFG::nodeUsedAsNumber):
2584         (JSC::DFG::nodeCanTruncateInteger):
2585         (JSC::DFG::nodeCanIgnoreNegativeZero):
2586         (JSC::DFG::nodeMayOverflow):
2587         (JSC::DFG::nodeCanSpeculateInteger):
2588         * dfg/DFGNodeType.h: Added.
2589         (DFG):
2590         (JSC::DFG::defaultFlags):
2591         * dfg/DFGPredictionPropagationPhase.cpp:
2592         (JSC::DFG::PredictionPropagationPhase::propagate):
2593         (JSC::DFG::PredictionPropagationPhase::vote):
2594         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
2595         (JSC::DFG::PredictionPropagationPhase::fixupNode):
2596         * dfg/DFGRedundantPhiEliminationPhase.cpp:
2597         (JSC::DFG::RedundantPhiEliminationPhase::run):
2598         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
2599         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
2600         * dfg/DFGSpeculativeJIT.cpp:
2601         (JSC::DFG::SpeculativeJIT::useChildren):
2602         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
2603         (JSC::DFG::SpeculativeJIT::compileMovHint):
2604         (JSC::DFG::SpeculativeJIT::compile):
2605         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2606         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
2607         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
2608         (JSC::DFG::SpeculativeJIT::compileAdd):
2609         (JSC::DFG::SpeculativeJIT::compare):
2610         * dfg/DFGSpeculativeJIT.h:
2611         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
2612         * dfg/DFGSpeculativeJIT32_64.cpp:
2613         (JSC::DFG::SpeculativeJIT::emitCall):
2614         (JSC::DFG::SpeculativeJIT::compile):
2615         * dfg/DFGSpeculativeJIT64.cpp:
2616         (JSC::DFG::SpeculativeJIT::emitCall):
2617         (JSC::DFG::SpeculativeJIT::compile):
2618         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2619         (JSC::DFG::VirtualRegisterAllocationPhase::run):
2620
2621 2012-03-12  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
2622
2623         Minor DataLog fixes
2624         https://bugs.webkit.org/show_bug.cgi?id=80826
2625
2626         Reviewed by Andreas Kling.
2627
2628         * bytecode/ExecutionCounter.cpp:
2629         Do not include DataLog.h, it is not used.
2630         
2631         * jit/ExecutableAllocator.cpp:
2632         Ditto.
2633
2634         * wtf/DataLog.cpp:
2635         (WTF::initializeLogFileOnce):
2636         Add missing semi-colon to the code path where DATA_LOG_FILENAME is defined.
2637
2638         * wtf/HashTable.cpp:
2639         Include DataLog as it is used.
2640
2641 2012-03-12  SangGyu Lee  <sg5.lee@samsung.com>
2642
2643         Integer overflow check code in arithmetic operation in classic interpreter
2644         https://bugs.webkit.org/show_bug.cgi?id=80465
2645
2646         Reviewed by Gavin Barraclough.
2647
2648         * interpreter/Interpreter.cpp:
2649         (JSC::Interpreter::privateExecute):
2650
2651 2012-03-12  Zeno Albisser  <zeno@webkit.org>
2652
2653         [Qt][Mac] Build fails after enabling LLINT when JIT is disabled (r109863)
2654         https://bugs.webkit.org/show_bug.cgi?id=80827
2655
2656         Qt on Mac uses OS(DARWIN) as well, but we do not want to enable LLINT.
2657
2658         Reviewed by Simon Hausmann.
2659
2660         * wtf/Platform.h:
2661
2662 2012-03-12  Simon Hausmann  <simon.hausmann@nokia.com>
2663
2664         Unreviewed prospective Qt/Mac build fix
2665
2666         * runtime/JSGlobalData.cpp: use #USE(CF) instead of PLATFORM(MAC) to determine
2667         whether to include CoreFoundation headers, used for JIT configuration in JSGlobalData
2668         constructor.
2669
2670 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
2671
2672         All DFG nodes should have a mutable set of flags
2673         https://bugs.webkit.org/show_bug.cgi?id=80779
2674         <rdar://problem/11026218>
2675
2676         Reviewed by Gavin Barraclough.
2677         
2678         Got rid of NodeId, and placed all of the flags that distinguished NodeId
2679         from NodeType into a separate Node::flags field. Combined what was previously
2680         ArithNodeFlags into Node::flags.
2681         
2682         In the process of debugging, I found that the debug support in the virtual
2683         register allocator was lacking, so I improved it. I also realized that the
2684         virtual register allocator was assuming that the nodes in a basic block were
2685         contiguous, which is no longer the case. So I fixed that. The fix also made
2686         it natural to have more extreme assertions, so I added them. I suspect this
2687         will make it easier to catch virtual register allocation bugs in the future.
2688         
2689         This is mostly performance neutral; if anything it looks like a slight
2690         speed-up.
2691         
2692         This patch does leave some work for future refactorings; for example, Node::op
2693         is unencapsulated. This was already the case, though now it feels even more
2694         like it should be. I avoided doing that because this patch has already grown
2695         way bigger than I wanted.
2696         
2697         Finally, this patch creates a DFGNode.cpp file and makes a slight effort to
2698         move some unnecessarily inline stuff out of DFGNode.h.
2699
2700         * CMakeLists.txt:
2701         * GNUmakefile.list.am:
2702         * JavaScriptCore.xcodeproj/project.pbxproj:
2703         * Target.pri:
2704         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
2705         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
2706         * dfg/DFGByteCodeParser.cpp:
2707         (JSC::DFG::ByteCodeParser::addToGraph):
2708         (JSC::DFG::ByteCodeParser::makeSafe):
2709         (JSC::DFG::ByteCodeParser::makeDivSafe):
2710         (JSC::DFG::ByteCodeParser::handleMinMax):
2711         (JSC::DFG::ByteCodeParser::handleIntrinsic):
2712         (JSC::DFG::ByteCodeParser::parseBlock):
2713         * dfg/DFGCFAPhase.cpp:
2714         (JSC::DFG::CFAPhase::performBlockCFA):
2715         * dfg/DFGCSEPhase.cpp:
2716         (JSC::DFG::CSEPhase::endIndexForPureCSE):
2717         (JSC::DFG::CSEPhase::pureCSE):
2718         (JSC::DFG::CSEPhase::clobbersWorld):
2719         (JSC::DFG::CSEPhase::impureCSE):
2720         (JSC::DFG::CSEPhase::setReplacement):
2721         (JSC::DFG::CSEPhase::eliminate):
2722         (JSC::DFG::CSEPhase::performNodeCSE):
2723         (JSC::DFG::CSEPhase::performBlockCSE):
2724         (CSEPhase):
2725         * dfg/DFGGraph.cpp:
2726         (JSC::DFG::Graph::opName):
2727         (JSC::DFG::Graph::dump):
2728         (DFG):
2729         * dfg/DFGNode.cpp: Added.
2730         (DFG):
2731         (JSC::DFG::arithNodeFlagsAsString):
2732         * dfg/DFGNode.h:
2733         (DFG):
2734         (JSC::DFG::nodeUsedAsNumber):
2735         (JSC::DFG::nodeCanTruncateInteger):
2736         (JSC::DFG::nodeCanIgnoreNegativeZero):
2737         (JSC::DFG::nodeMayOverflow):
2738         (JSC::DFG::nodeCanSpeculateInteger):
2739         (JSC::DFG::defaultFlags):
2740         (JSC::DFG::Node::Node):
2741         (Node):
2742         (JSC::DFG::Node::setOpAndDefaultFlags):
2743         (JSC::DFG::Node::mustGenerate):
2744         (JSC::DFG::Node::arithNodeFlags):
2745         (JSC::DFG::Node::setArithNodeFlag):
2746         (JSC::DFG::Node::mergeArithNodeFlags):
2747         (JSC::DFG::Node::hasResult):
2748         (JSC::DFG::Node::hasInt32Result):
2749         (JSC::DFG::Node::hasNumberResult):
2750         (JSC::DFG::Node::hasJSResult):
2751         (JSC::DFG::Node::hasBooleanResult):
2752         (JSC::DFG::Node::isJump):
2753         (JSC::DFG::Node::isBranch):
2754         (JSC::DFG::Node::isTerminal):
2755         (JSC::DFG::Node::child1):
2756         (JSC::DFG::Node::child2):
2757         (JSC::DFG::Node::child3):
2758         (JSC::DFG::Node::firstChild):
2759         (JSC::DFG::Node::numChildren):
2760         * dfg/DFGPredictionPropagationPhase.cpp:
2761         (JSC::DFG::PredictionPropagationPhase::propagate):
2762         (JSC::DFG::PredictionPropagationPhase::vote):
2763         (JSC::DFG::PredictionPropagationPhase::fixupNode):
2764         * dfg/DFGScoreBoard.h:
2765         (ScoreBoard):
2766         (JSC::DFG::ScoreBoard::~ScoreBoard):
2767         (JSC::DFG::ScoreBoard::assertClear):
2768         (JSC::DFG::ScoreBoard::use):
2769         * dfg/DFGSpeculativeJIT.cpp:
2770         (JSC::DFG::SpeculativeJIT::useChildren):
2771         * dfg/DFGSpeculativeJIT32_64.cpp:
2772         (JSC::DFG::SpeculativeJIT::compile):
2773         * dfg/DFGSpeculativeJIT64.cpp:
2774         (JSC::DFG::SpeculativeJIT::compile):
2775         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2776         (JSC::DFG::VirtualRegisterAllocationPhase::run):
2777
2778 2012-03-10  Filip Pizlo  <fpizlo@apple.com>
2779
2780         LLInt should support JSVALUE64
2781         https://bugs.webkit.org/show_bug.cgi?id=79609
2782         <rdar://problem/10063437>
2783
2784         Reviewed by Gavin Barraclough and Oliver Hunt.
2785         
2786         Ported the LLInt, which previously only worked on 32-bit, to 64-bit. This
2787         patch moves a fair bit of code from LowLevelInterpreter32_64.asm to the common
2788         file, LowLevelInterpreter.asm. About 1/3 of the LLInt did not have to be
2789         specialized for value representation.
2790         
2791         Also made some minor changes to offlineasm and the slow-paths.
2792
2793         * llint/LLIntData.cpp:
2794         (JSC::LLInt::Data::performAssertions):
2795         * llint/LLIntEntrypoints.cpp:
2796         * llint/LLIntSlowPaths.cpp:
2797         (LLInt):
2798         (JSC::LLInt::llint_trace_value):
2799         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2800         (JSC::LLInt::jitCompileAndSetHeuristics):
2801         * llint/LLIntSlowPaths.h:
2802         (LLInt):
2803         (SlowPathReturnType):
2804         (JSC::LLInt::SlowPathReturnType::SlowPathReturnType):
2805         (JSC::LLInt::encodeResult):
2806         * llint/LLIntThunks.cpp:
2807         * llint/LowLevelInterpreter.asm:
2808         * llint/LowLevelInterpreter32_64.asm:
2809         * llint/LowLevelInterpreter64.asm:
2810         * offlineasm/armv7.rb:
2811         * offlineasm/asm.rb:
2812         * offlineasm/ast.rb:
2813         * offlineasm/backends.rb:
2814         * offlineasm/instructions.rb:
2815         * offlineasm/parser.rb:
2816         * offlineasm/registers.rb:
2817         * offlineasm/transform.rb:
2818         * offlineasm/x86.rb:
2819         * wtf/Platform.h:
2820
2821 2012-03-10  Yong Li  <yoli@rim.com>
2822
2823         Web Worker crashes with WX_EXCLUSIVE
2824         https://bugs.webkit.org/show_bug.cgi?id=80532
2825
2826         Let each JS global object own a meta allocator
2827         for WX_EXCLUSIVE to avoid conflicts from Web Worker.
2828         Also fix a mutex leak in MetaAllocator's dtor.
2829
2830         Reviewed by Filip Pizlo.
2831
2832         * jit/ExecutableAllocator.cpp:
2833         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
2834         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
2835         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
2836         (DemandExecutableAllocator):
2837         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
2838         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
2839         (JSC::DemandExecutableAllocator::allocateNewSpace):
2840         (JSC::DemandExecutableAllocator::allocators):
2841         (JSC::DemandExecutableAllocator::allocatorsMutex):
2842         (JSC):
2843         (JSC::ExecutableAllocator::initializeAllocator):
2844         (JSC::ExecutableAllocator::ExecutableAllocator):
2845         (JSC::ExecutableAllocator::underMemoryPressure):
2846         (JSC::ExecutableAllocator::memoryPressureMultiplier):
2847         (JSC::ExecutableAllocator::allocate):
2848         (JSC::ExecutableAllocator::committedByteCount):
2849         (JSC::ExecutableAllocator::dumpProfile):
2850         * jit/ExecutableAllocator.h:
2851         (JSC):
2852         (ExecutableAllocator):
2853         (JSC::ExecutableAllocator::allocator):
2854         * wtf/MetaAllocator.h:
2855         (WTF::MetaAllocator::~MetaAllocator): Finalize the spin lock.
2856         * wtf/TCSpinLock.h:
2857         (TCMalloc_SpinLock::Finalize): Add empty Finalize() to some implementations.
2858
2859 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2860
2861         Object.freeze broken on latest Nightly
2862         https://bugs.webkit.org/show_bug.cgi?id=80577
2863
2864         Reviewed by Oliver Hunt.
2865
2866         The problem here is that deleteProperty rejects deletion of prototype.
2867         This is correct in most cases, however defineOwnPropery is presently
2868         implemented internally to ensure the attributes change by deleting the
2869         old property, and creating a new one.
2870
2871         * runtime/JSFunction.cpp:
2872         (JSC::JSFunction::deleteProperty):
2873             - If deletePropery is called via defineOwnPropery, allow old prototype to be removed.
2874
2875 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2876
2877         Array.prototype.toLocaleString visits elements in wrong order under certain conditions
2878         https://bugs.webkit.org/show_bug.cgi?id=80663
2879
2880         Reviewed by Michael Saboff.
2881
2882         The bug here is actually that we're continuing to process the array after an exception
2883         has been thrown, and that the second value throw is overriding the first.
2884
2885         * runtime/ArrayPrototype.cpp:
2886         (JSC::arrayProtoFuncToLocaleString):
2887
2888 2012-03-09  Ryosuke Niwa  <rniwa@webkit.org>
2889
2890         WebKit compiled by gcc (Xcode 3.2.6) hangs while running DOM/Accessors.html
2891         https://bugs.webkit.org/show_bug.cgi?id=80080
2892
2893         Reviewed by Filip Pizlo.
2894
2895         * bytecode/SamplingTool.cpp:
2896         (JSC::SamplingRegion::Locker::Locker):
2897         (JSC::SamplingRegion::Locker::~Locker):
2898         * bytecode/SamplingTool.h:
2899         (JSC::SamplingRegion::exchangeCurrent):
2900         * wtf/Atomics.h:
2901         (WTF):
2902         (WTF::weakCompareAndSwap):
2903         (WTF::weakCompareAndSwapUIntPtr):
2904
2905 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2906
2907         REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN
2908         https://bugs.webkit.org/show_bug.cgi?id=49989
2909
2910         Reviewed by Oliver Hunt.
2911
2912         Patch originally by chris reiss <christopher.reiss@nokia.com>,
2913         allow the year to appear before the timezone in date strings.
2914
2915         * wtf/DateMath.cpp:
2916         (WTF::parseDateFromNullTerminatedCharacters):
2917
2918 2012-03-09  Mark Rowe  <mrowe@apple.com>
2919
2920         Ensure that the WTF headers are copied at installhdrs time.
2921
2922         Reviewed by Dan Bernstein and Jessie Berlin.
2923
2924         * Configurations/JavaScriptCore.xcconfig: Set INSTALLHDRS_SCRIPT_PHASE = YES
2925         so that our script phases are invoked at installhdrs time. The only one that
2926         does any useful work at that time is the one that installs WTF headers.
2927
2928 2012-03-09  Jon Lee  <jonlee@apple.com>
2929
2930         Add support for ENABLE(LEGACY_NOTIFICATIONS)
2931         https://bugs.webkit.org/show_bug.cgi?id=80497
2932
2933         Reviewed by Adam Barth.
2934
2935         Prep for b80472: Update API for Web Notifications
2936         * Configurations/FeatureDefines.xcconfig:
2937
2938 2012-03-09  Ashod Nakashian  <ashodnakashian@yahoo.com>
2939
2940         Bash scripts should support LF endings only
2941         https://bugs.webkit.org/show_bug.cgi?id=79509
2942
2943         Reviewed by David Kilzer.
2944
2945         * gyp/generate-derived-sources.sh: Added property svn:eol-style.
2946         * gyp/run-if-exists.sh: Added property svn:eol-style.
2947         * gyp/update-info-plist.sh: Added property svn:eol-style.
2948
2949 2012-03-09  Jessie Berlin  <jberlin@apple.com>
2950
2951         Windows debug build fix.
2952
2953         * assembler/MacroAssembler.h:
2954         (JSC::MacroAssembler::shouldBlind):
2955         Fix unreachable code warnings (which we treat as errors).
2956
2957 2012-03-09  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
2958
2959         Reviewed by Zoltan Herczeg.
2960
2961         [Qt] Fix the SH4 build after r109834
2962         https://bugs.webkit.org/show_bug.cgi?id=80492
2963
2964         * assembler/MacroAssemblerSH4.h:
2965         (JSC::MacroAssemblerSH4::branchAdd32):
2966         (JSC::MacroAssemblerSH4::branchSub32):
2967
2968 2012-03-09  Andy Wingo  <wingo@igalia.com>
2969
2970         Refactor code feature analysis in the parser
2971         https://bugs.webkit.org/show_bug.cgi?id=79112
2972
2973         Reviewed by Geoffrey Garen.
2974
2975         This commit refactors the parser to more uniformly propagate flag
2976         bits down and up the parse process, as the parser descends and
2977         returns into nested blocks.  Some flags get passed town to
2978         subscopes, some apply to specific scopes only, and some get
2979         unioned up after parsing subscopes.
2980
2981         The goal is to eventually be very precise with scoping
2982         information, once we have block scopes: one block scope might use
2983         `eval', which would require the emission of a symbol table within
2984         that block and containing blocks, whereas another block in the
2985         same function might not, allowing us to not emit a symbol table.
2986
2987         * parser/Nodes.h:
2988         (JSC::ScopeFlags): Rename from CodeFeatures.
2989         (JSC::ScopeNode::addScopeFlags):
2990         (JSC::ScopeNode::scopeFlags): New accessors for m_scopeFlags.
2991         (JSC::ScopeNode::isStrictMode):
2992         (JSC::ScopeNode::usesEval):
2993         (JSC::ScopeNode::usesArguments):
2994         (JSC::ScopeNode::setUsesArguments):
2995         (JSC::ScopeNode::usesThis):
2996         (JSC::ScopeNode::needsActivationForMoreThanVariables):
2997         (JSC::ScopeNode::needsActivation): Refactor these accessors to
2998         operate on the m_scopeFlags member.
2999         (JSC::ScopeNode::source):
3000         (JSC::ScopeNode::sourceURL):
3001         (JSC::ScopeNode::sourceID): Shuffle these definitions around; no
3002         semantic change.
3003         (JSC::ScopeNode::ScopeNode)
3004         (JSC::ProgramNode::ProgramNode)
3005         (JSC::EvalNode::EvalNode)
3006         (JSC::FunctionBodyNode::FunctionBodyNode): Have these constructors
3007         take a ScopeFlags as an argument, instead of a bool inStrictContext.
3008
3009         * parser/Nodes.cpp:
3010         (JSC::ScopeNode::ScopeNode):
3011         (JSC::ProgramNode::ProgramNode):
3012         (JSC::ProgramNode::create):
3013         (JSC::EvalNode::EvalNode):
3014         (JSC::EvalNode::create):
3015         (JSC::FunctionBodyNode::FunctionBodyNode):
3016         (JSC::FunctionBodyNode::create): Adapt constructors to change.
3017
3018         * parser/ASTBuilder.h:
3019         (JSC::ASTBuilder::ASTBuilder):
3020         (JSC::ASTBuilder::thisExpr):
3021         (JSC::ASTBuilder::createResolve):
3022         (JSC::ASTBuilder::createFunctionBody):
3023         (JSC::ASTBuilder::createFuncDeclStatement):
3024         (JSC::ASTBuilder::createTryStatement):
3025         (JSC::ASTBuilder::createWithStatement):
3026         (JSC::ASTBuilder::addVar):
3027         (JSC::ASTBuilder::Scope::Scope):
3028         (Scope):
3029         (ASTBuilder):
3030         (JSC::ASTBuilder::makeFunctionCallNode): Don't track scope
3031         features here.  Instead rely on the base Parser mechanism to track
3032         features.
3033
3034         * parser/NodeInfo.h (NodeInfo, NodeDeclarationInfo): "ScopeFlags".
3035
3036         * parser/Parser.h:
3037         (JSC::Scope::Scope): Manage scope through flags, not
3038         bit-booleans.  This lets us uniformly propagate them up and down.
3039         (JSC::Scope::declareWrite):
3040         (JSC::Scope::declareParameter):
3041         (JSC::Scope::useVariable):
3042         (JSC::Scope::collectFreeVariables):
3043         (JSC::Scope::getCapturedVariables):
3044         (JSC::Scope::saveFunctionInfo):
3045         (JSC::Scope::restoreFunctionInfo):
3046         (JSC::Parser::pushScope): Adapt to use scope flags and their
3047         accessors instead of bit-booleans.
3048         * parser/Parser.cpp:
3049         (JSC::::Parser):
3050         (JSC::::parseInner):
3051         (JSC::::didFinishParsing):
3052         (JSC::::parseSourceElements):
3053         (JSC::::parseVarDeclarationList):
3054         (JSC::::parseConstDeclarationList):
3055         (JSC::::parseWithStatement):
3056         (JSC::::parseTryStatement):
3057         (JSC::::parseFunctionBody):
3058         (JSC::::parseFunctionInfo):
3059         (JSC::::parseFunctionDeclaration):
3060         (JSC::::parsePrimaryExpression): Hoist some of the flag handling
3061         out of the "context" (ASTBuilder or SyntaxChecker) and to here.
3062         Does not seem to have a performance impact.
3063
3064         * parser/SourceProviderCacheItem.h (SourceProviderCacheItem):
3065         Cache the scopeflags.
3066         * parser/SyntaxChecker.h: Remove evalCount() decl.
3067
3068         * runtime/Executable.cpp:
3069         (JSC::EvalExecutable::compileInternal):
3070         (JSC::ProgramExecutable::compileInternal):
3071         (JSC::FunctionExecutable::produceCodeBlockFor):
3072         * runtime/Executable.h:
3073         (JSC::ScriptExecutable::ScriptExecutable):
3074         (JSC::ScriptExecutable::usesEval):
3075         (JSC::ScriptExecutable::usesArguments):
3076         (JSC::ScriptExecutable::needsActivation):
3077         (JSC::ScriptExecutable::isStrictMode):
3078         (JSC::ScriptExecutable::recordParse):
3079         (ScriptExecutable): ScopeFlags, not features.
3080
3081 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
3082
3083         Build fix for MSVC after r110266
3084
3085         Unreviewed. A #ifdef for MSVC was left over in r110266.
3086
3087         * runtime/RegExpObject.h:
3088         (RegExpObject):
3089
3090 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
3091
3092         Allocate the RegExpObject's data with the Cell
3093         https://bugs.webkit.org/show_bug.cgi?id=80654
3094
3095         Reviewed by Gavin Barraclough.
3096
3097         This patch removes the creation of RegExpObject's data to avoid the overhead
3098         create by the allocation and destruction.
3099
3100         We RegExp are created repeatedly, this provides some performance improvment.
3101         The PeaceKeeper test stringDetectBrowser improves by 10%.
3102
3103         * runtime/RegExpObject.cpp:
3104         (JSC::RegExpObject::RegExpObject):
3105         (JSC::RegExpObject::visitChildren):
3106         (JSC::RegExpObject::getOwnPropertyDescriptor):
3107         (JSC::RegExpObject::defineOwnProperty):
3108         (JSC::RegExpObject::match):
3109         * runtime/RegExpObject.h:
3110         (JSC::RegExpObject::setRegExp):
3111         (JSC::RegExpObject::regExp):
3112         (JSC::RegExpObject::setLastIndex):
3113         (JSC::RegExpObject::getLastIndex):
3114         (RegExpObject):
3115
3116 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
3117
3118         Separate WTF parts of JavaScriptCoreGenerated into WTFGenerated for Windows build
3119         https://bugs.webkit.org/show_bug.cgi?id=80657
3120         
3121         Preparation for WTF separation from JavaScriptCore.
3122         The "Generated" vcproj files on Windows are necessary so Visual Studio can calculate correct
3123         dependencies for generated files.
3124         
3125         This also removes the PGO build targets from the WTF code, since we can't build instrumentation/optimization
3126         versions of the WTF code independent of the JavaScriptCore code.
3127
3128         Reviewed by Jessie Berlin.
3129
3130         * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WTFGenerated, update dependent projects.
3131         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed WTF specific parts.
3132         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed WTF specific parts.
3133         * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed WTF specific parts.
3134         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed WTF specific parts.
3135         * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Removed.
3136         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Add WTFGenerated, update dependent projects.
3137         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Remove PGO targets from WTF.
3138         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make.
3139         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj.
3140         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops.
3141         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops.
3142         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops.
3143         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops.
3144         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops.
3145         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops.
3146         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops.
3147         * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Removed.
3148         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh.
3149         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd.
3150         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py.
3151
3152 2012-03-08  Benjamin Poulain  <benjamin@webkit.org>
3153
3154         Fix the build of WebKit with WTFURL following the removal of ForwardingHeaders/wtf
3155         https://bugs.webkit.org/show_bug.cgi?id=80652
3156
3157         Reviewed by Eric Seidel.
3158
3159         Fix the header, URLSegments.h is not part of the API.
3160
3161         * wtf/url/api/ParsedURL.h:
3162
3163 2012-03-08  Ryosuke Niwa  <rniwa@webkit.org>
3164
3165         Mac build fix for micro data API.
3166
3167         * Configurations/FeatureDefines.xcconfig:
3168
3169 2012-03-08  Gavin Barraclough  <barraclough@apple.com>
3170
3171         String.prototype.match and replace do not clear global regexp lastIndex per ES5.1 15.5.4.10
3172         https://bugs.webkit.org/show_bug.cgi?id=26890
3173
3174         Reviewed by Oliver Hunt.
3175
3176         Per 15.10.6.2 step 9.a.1 called via the action of the last iteration of 15.5.4.10 8.f.i.
3177
3178         * runtime/StringPrototype.cpp:
3179         (JSC::replaceUsingRegExpSearch):
3180         (JSC::stringProtoFuncMatch):
3181             - added calls to setLastIndex.
3182
3183 2012-03-08  Matt Lilek  <mrl@apple.com>
3184
3185         Don't enable VIDEO_TRACK on all OS X platforms
3186         https://bugs.webkit.org/show_bug.cgi?id=80635
3187
3188         Reviewed by Eric Carlson.
3189
3190         * Configurations/FeatureDefines.xcconfig:
3191
3192 2012-03-08  Oliver Hunt  <oliver@apple.com>
3193
3194         Build fix.  That day is not today.
3195
3196         * assembler/MacroAssembler.h:
3197         (JSC::MacroAssembler::shouldBlind):
3198         * assembler/MacroAssemblerX86Common.h:
3199         (MacroAssemblerX86Common):
3200         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
3201
3202 2012-03-08  Oliver Hunt  <oliver@apple.com>
3203
3204         Build fix. One of these days I'll manage to commit something that works everywhere.
3205
3206         * assembler/AbstractMacroAssembler.h:
3207         (AbstractMacroAssembler):
3208         * assembler/MacroAssemblerARMv7.h:
3209         (MacroAssemblerARMv7):
3210         * assembler/MacroAssemblerX86Common.h:
3211         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
3212         (MacroAssemblerX86Common):
3213
3214 2012-03-08  Chao-ying Fu  <fu@mips.com>
3215
3216         Update MIPS patchOffsetGetByIdSlowCaseCall
3217         https://bugs.webkit.org/show_bug.cgi?id=80302
3218
3219         Reviewed by Oliver Hunt.
3220
3221         * jit/JIT.h:
3222         (JIT):
3223
3224 2012-03-08  Oliver Hunt  <oliver@apple.com>
3225
3226         Missing some places where we should be blinding 64bit values (and blinding something we shouldn't)
3227         https://bugs.webkit.org/show_bug.cgi?id=80633
3228
3229         Reviewed by Gavin Barraclough.
3230
3231         Add 64-bit trap for shouldBlindForSpecificArch, so that we always blind
3232         if there isn't a machine specific implementation (otherwise the 64bit value
3233         got truncated and 32bit checks were used -- leaving 32bits untested).
3234         Also add a bit of logic to ensure that we don't try to blind a few common
3235         constants that go through the ImmPtr paths -- encoded numeric JSValues and
3236         unencoded doubles with common "safe" values.
3237
3238         * assembler/AbstractMacroAssembler.h:
3239         (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
3240         * assembler/MacroAssembler.h:
3241         (JSC::MacroAssembler::shouldBlindDouble):
3242         (MacroAssembler):
3243         (JSC::MacroAssembler::shouldBlind):
3244         * assembler/MacroAssemblerX86Common.h:
3245         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
3246
3247 2012-03-08  Mark Rowe  <mrowe@apple.com>
3248
3249         <rdar://problem/11012572> Ensure that the staged frameworks path is in the search path for JavaScriptCore
3250
3251         Reviewed by Dan Bernstein.
3252
3253         * Configurations/Base.xcconfig:
3254
3255 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
3256
3257         Fix line endings for copy-files.cmd.
3258         
3259         If a cmd file doesn't have Windows line endings, it doesn't work properly.
3260         In this case, the label :clean wasn't found, breaking the clean build.
3261         
3262         Reviewed by Jessie Berlin.
3263
3264         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
3265
3266 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
3267
3268         DFG CFA incorrectly handles ValueToInt32
3269         https://bugs.webkit.org/show_bug.cgi?id=80568
3270
3271         Reviewed by Gavin Barraclough.
3272         
3273         Changed it match exactly the decision pattern used in
3274         DFG::SpeculativeJIT::compileValueToInt32
3275
3276         * dfg/DFGAbstractState.cpp:
3277         (JSC::DFG::AbstractState::execute):
3278
3279 2012-03-08  Viatcheslav Ostapenko  <ostapenko.viatcheslav@nokia.com>
3280
3281         [Qt] [WK2] Webkit fails to link when compiled with force_static_libs_as_shared
3282         https://bugs.webkit.org/show_bug.cgi?id=80524
3283
3284         Reviewed by Simon Hausmann.
3285
3286         Move IdentifierTable methods defintion to WTFThreadData.cpp to fix linking 
3287         of WTF library.
3288
3289         * runtime/Identifier.cpp:
3290         * wtf/WTFThreadData.cpp:
3291         (JSC):
3292         (JSC::IdentifierTable::~IdentifierTable):
3293         (JSC::IdentifierTable::add):
3294
3295 2012-03-08  Filip Pizlo  <fpizlo@apple.com>
3296
3297         DFG instruction count threshold should be lifted to 10000
3298         https://bugs.webkit.org/show_bug.cgi?id=80579
3299
3300         Reviewed by Gavin Barraclough.
3301
3302         * runtime/Options.cpp:
3303         (JSC::Options::initializeOptions):
3304
3305 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
3306
3307         Incorrect tracking of abstract values of variables forced double
3308         https://bugs.webkit.org/show_bug.cgi?id=80566
3309         <rdar://problem/11001442>
3310
3311         Reviewed by Gavin Barraclough.
3312
3313         * dfg/DFGAbstractState.cpp:
3314         (JSC::DFG::AbstractState::mergeStateAtTail):
3315
3316 2012-03-07  Chao-yng Fu  <fu@mips.com>
3317
3318         [Qt] Fix the MIPS/SH4 build after r109834
3319         https://bugs.webkit.org/show_bug.cgi?id=80492
3320
3321         Reviewed by Oliver Hunt.
3322
3323         Implement three-argument branch(Add,Sub)32.
3324
3325         * assembler/MacroAssemblerMIPS.h:
3326         (JSC::MacroAssemblerMIPS::add32):
3327         (MacroAssemblerMIPS):
3328         (JSC::MacroAssemblerMIPS::sub32):
3329         (JSC::MacroAssemblerMIPS::branchAdd32):
3330         (JSC::MacroAssemblerMIPS::branchSub32):
3331
3332 2012-03-07  Sheriff Bot  <webkit.review.bot@gmail.com>
3333
3334         Unreviewed, rolling out r110127.
3335         http://trac.webkit.org/changeset/110127
3336         https://bugs.webkit.org/show_bug.cgi?id=80562
3337
3338         compile failed on AppleWin (Requested by ukai on #webkit).
3339
3340         * heap/Heap.cpp:
3341         (JSC::Heap::collectAllGarbage):
3342         * heap/Heap.h:
3343         (JSC):
3344         (Heap):
3345         * runtime/Executable.cpp:
3346         (JSC::FunctionExecutable::FunctionExecutable):
3347         (JSC::FunctionExecutable::finalize):
3348         * runtime/Executable.h:
3349         (FunctionExecutable):
3350         (JSC::FunctionExecutable::create):
3351         * runtime/JSGlobalData.cpp:
3352         (WTF):
3353         (Recompiler):
3354         (WTF::Recompiler::operator()):
3355         (JSC::JSGlobalData::recompileAllJSFunctions):
3356         (JSC):
3357         * runtime/JSGlobalData.h:
3358         (JSGlobalData):
3359         * runtime/JSGlobalObject.cpp:
3360         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
3361
3362 2012-03-07  Hojong Han  <hojong.han@samsung.com>
3363
3364         The end atom of the marked block considered to filter invalid cells
3365         https://bugs.webkit.org/show_bug.cgi?id=79191
3366
3367         Reviewed by Geoffrey Garen.
3368
3369         Register file could have stale pointers beyond the end atom of marked block.
3370         Those pointers can weasel out of filtering in-middle-of-cell pointer.
3371
3372         * heap/MarkedBlock.h:
3373         (JSC::MarkedBlock::isLiveCell):
3374
3375 2012-03-07  Jessie Berlin  <jberlin@apple.com>
3376
3377         Clean Windows build fails after r110033
3378         https://bugs.webkit.org/show_bug.cgi?id=80553
3379
3380         Rubber-stamped by Jon Honeycutt and Eric Seidel.
3381
3382         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
3383         Place the implementation files next to their header files in the wtf/text subdirectory.
3384         Use echo -F to tell xcopy that these are files (since there is apparently no flag).
3385         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
3386         Update the path to those implementation files.
3387         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
3388         Ditto.
3389
3390 2012-03-07  Yuqiang Xian  <yuqiang.xian@intel.com>
3391
3392         Eliminate redundant Phis in DFG
3393         https://bugs.webkit.org/show_bug.cgi?id=80415
3394
3395         Reviewed by Filip Pizlo.
3396
3397         Although this may not have any advantage at current stage, this is towards
3398         minimal SSA to make more high level optimizations (like bug 76770) easier.
3399         We have the choices either to build minimal SSA from scratch or to
3400         keep current simple Phi insertion mechanism and remove the redundancy
3401         in another phase. Currently we choose the latter because the change
3402         could be smaller.
3403
3404         * CMakeLists.txt:
3405         * GNUmakefile.list.am:
3406         * JavaScriptCore.xcodeproj/project.pbxproj:
3407         * Target.pri:
3408         * dfg/DFGDriver.cpp:
3409         (JSC::DFG::compile):
3410         * dfg/DFGGraph.cpp:
3411         (JSC::DFG::Graph::dump):
3412         * dfg/DFGRedundantPhiEliminationPhase.cpp: Added.
3413         (DFG):
3414         (RedundantPhiEliminationPhase):
3415         (JSC::DFG::RedundantPhiEliminationPhase::RedundantPhiEliminationPhase):
3416         (JSC::DFG::RedundantPhiEliminationPhase::run):
3417         (JSC::DFG::RedundantPhiEliminationPhase::getRedundantReplacement):
3418         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
3419         (JSC::DFG::RedundantPhiEliminationPhase::fixupPhis):
3420         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
3421         (JSC::DFG::performRedundantPhiElimination):
3422         * dfg/DFGRedundantPhiEliminationPhase.h: Added.
3423         (DFG):
3424
3425 2012-03-07  Mark Hahnenberg  <mhahnenberg@apple.com>
3426
3427         Refactor recompileAllJSFunctions() to be less expensive
3428         https://bugs.webkit.org/show_bug.cgi?id=80330
3429
3430         Reviewed by Geoffrey Garen.
3431
3432         This change is performance neutral on the JS benchmarks we track. It's mostly to improve page 
3433         load performance, which currently does at least a couple full GCs per navigation.
3434
3435         * heap/Heap.cpp:
3436         (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode 
3437         because the function doesn't actually recompile anything (and never did); it simply throws code
3438         away for it to be recompiled later if we determine we should do so.
3439         (JSC):
3440         (JSC::Heap::collectAllGarbage):
3441         (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list.
3442         (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list.
3443         * heap/Heap.h:
3444         (JSC):
3445         (Heap):
3446         * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can 
3447         be used in DoublyLinkedLists.
3448         (JSC::FunctionExecutable::FunctionExecutable):
3449         (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list.
3450         * runtime/Executable.h:
3451         (FunctionExecutable):
3452         (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list.
3453         * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage 
3454         the list of FunctionExecutables.
3455         * runtime/JSGlobalData.h:
3456         (JSGlobalData):
3457         * runtime/JSGlobalObject.cpp:
3458         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode.
3459
3460 2012-03-06  Oliver Hunt  <oliver@apple.com>
3461
3462         Further harden 64-bit JIT
3463         https://bugs.webkit.org/show_bug.cgi?id=80457
3464
3465         Reviewed by Filip Pizlo.
3466
3467         This patch implements blinding for ImmPtr.  Rather than xor based blinding
3468         we perform randomised pointer rotations in order to avoid the significant
3469         cost in executable memory that would otherwise be necessary (and to avoid
3470         the need for an additional scratch register in some cases).
3471
3472         As with the prior blinding patch there's a moderate amount of noise as we
3473         correct the use of ImmPtr vs. TrustedImmPtr.
3474
3475         * assembler/AbstractMacroAssembler.h:
3476         (ImmPtr):
3477         (JSC::AbstractMacroAssembler::ImmPtr::asTrustedImmPtr):
3478         * assembler/MacroAssembler.h:
3479         (MacroAssembler):
3480         (JSC::MacroAssembler::storePtr):
3481         (JSC::MacroAssembler::branchPtr):
3482         (JSC::MacroAssembler::shouldBlind):
3483         (JSC::MacroAssembler::RotatedImmPtr::RotatedImmPtr):
3484         (RotatedImmPtr):
3485         (JSC::MacroAssembler::rotationBlindConstant):
3486         (JSC::MacroAssembler::loadRotationBlindedConstant):
3487         (JSC::MacroAssembler::convertInt32ToDouble):
3488         (JSC::MacroAssembler::move):
3489         (JSC::MacroAssembler::poke):
3490         * assembler/MacroAssemblerARMv7.h:
3491         (JSC::MacroAssemblerARMv7::storeDouble):
3492         (JSC::MacroAssemblerARMv7::branchAdd32):
3493         * assembler/MacroAssemblerX86_64.h:
3494         (MacroAssemblerX86_64):
3495         (JSC::MacroAssemblerX86_64::rotateRightPtr):
3496         (JSC::MacroAssemblerX86_64::xorPtr):
3497         * assembler/X86Assembler.h:
3498         (X86Assembler):
3499         (JSC::X86Assembler::xorq_rm):
3500         (JSC::X86Assembler::rorq_i8r):
3501         * dfg/DFGCCallHelpers.h:
3502         (CCallHelpers):
3503         (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
3504         * dfg/DFGOSRExitCompiler32_64.cpp:
3505         (JSC::DFG::OSRExitCompiler::compileExit):
3506         * dfg/DFGOSRExitCompiler64.cpp:
3507         (JSC::DFG::OSRExitCompiler::compileExit):
3508         * dfg/DFGSpeculativeJIT.cpp:
3509         (JSC::DFG::SpeculativeJIT::createOSREntries):
3510         * dfg/DFGSpeculativeJIT.h:
3511         (JSC::DFG::SpeculativeJIT::silentFillGPR):
3512         (JSC::DFG::SpeculativeJIT::callOperation):
3513         (JSC::DFG::SpeculativeJIT::emitEdgeCode):
3514         * dfg/DFGSpeculativeJIT32_64.cpp:
3515         (JSC::DFG::SpeculativeJIT::compile):
3516         * dfg/DFGSpeculativeJIT64.cpp:
3517         (JSC::DFG::SpeculativeJIT::fillInteger):
3518         (JSC::DFG::SpeculativeJIT::fillDouble):
3519         (JSC::DFG::SpeculativeJIT::fillJSValue):
3520         (JSC::DFG::SpeculativeJIT::emitCall):
3521         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
3522         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
3523         (JSC::DFG::SpeculativeJIT::emitBranch):
3524         * jit/JIT.cpp:
3525         (JSC::JIT::emitOptimizationCheck):
3526         * jit/JITArithmetic32_64.cpp:
3527         (JSC::JIT::emitSlow_op_post_inc):
3528         * jit/JITInlineMethods.h:
3529         (JSC::JIT::emitValueProfilingSite):
3530         (JSC::JIT::emitGetVirtualRegister):
3531         * jit/JITOpcodes.cpp:
3532         (JSC::JIT::emit_op_mov):
3533         (JSC::JIT::emit_op_new_object):
3534         (JSC::JIT::emit_op_strcat):
3535         (JSC::JIT::emit_op_ensure_property_exists):
3536         (JSC::JIT::emit_op_resolve_skip):
3537         (JSC::JIT::emitSlow_op_resolve_global):
3538         (JSC::JIT::emit_op_resolve_with_base):
3539         (JSC::JIT::emit_op_resolve_with_this):
3540         (JSC::JIT::emit_op_jmp_scopes):
3541         (JSC::JIT::emit_op_switch_imm):
3542         (JSC::JIT::emit_op_switch_char):
3543         (JSC::JIT::emit_op_switch_string):
3544         (JSC::JIT::emit_op_throw_reference_error):
3545         (JSC::JIT::emit_op_debug):
3546         (JSC::JIT::emitSlow_op_resolve_global_dynamic):
3547         (JSC::JIT::emit_op_new_array):
3548         (JSC::JIT::emitSlow_op_new_array):
3549         (JSC::JIT::emit_op_new_array_buffer):
3550         * jit/JITOpcodes32_64.cpp:
3551         (JSC::JIT::emit_op_new_object):
3552         (JSC::JIT::emit_op_strcat):
3553         (JSC::JIT::emit_op_ensure_property_exists):
3554         (JSC::JIT::emit_op_resolve_skip):
3555         (JSC::JIT::emitSlow_op_resolve_global):
3556         (JSC::JIT::emit_op_resolve_with_base):
3557         (JSC::JIT::emit_op_resolve_with_this):
3558         (JSC::JIT::emit_op_jmp_scopes):
3559         (JSC::JIT::emit_op_switch_imm):
3560         (JSC::JIT::emit_op_switch_char):
3561         (JSC::JIT::emit_op_switch_string):
3562         * jit/JITPropertyAccess32_64.cpp:
3563         (JSC::JIT::emit_op_put_by_index):
3564         * jit/JITStubCall.h:
3565         (JITStubCall):
3566         (JSC::JITStubCall::addArgument):
3567
3568 2012-03-07  Simon Hausmann  <simon.hausmann@nokia.com>
3569
3570         ARM build fix.
3571
3572         Reviewed by Zoltan Herczeg.
3573
3574         Implement three-argument branch(Add,Sub)32.
3575
3576         * assembler/MacroAssemblerARM.h:
3577         (JSC::MacroAssemblerARM::add32):
3578         (MacroAssemblerARM):
3579         (JSC::MacroAssemblerARM::sub32):
3580         (JSC::MacroAssemblerARM::branchAdd32):
3581         (JSC::MacroAssemblerARM::branchSub32):
3582
3583 2012-03-07  Andy Wingo  <wingo@igalia.com>
3584
3585         Parser: Inline ScopeNodeData into ScopeNode
3586         https://bugs.webkit.org/show_bug.cgi?id=79776
3587
3588         Reviewed by Geoffrey Garen.
3589
3590         It used to be that some ScopeNode members were kept in a separate
3591         structure because sometimes they wouldn't be needed, and
3592         allocating a ParserArena was expensive.  This patch makes
3593         ParserArena lazily allocate its IdentifierArena, allowing the
3594         members to be included directly, which is simpler and easier to
3595         reason about.
3596
3597         * parser/ParserArena.cpp:
3598         (JSC::ParserArena::ParserArena):
3599         (JSC::ParserArena::reset):
3600         (JSC::ParserArena::isEmpty):
3601         * parser/ParserArena.h:
3602         (JSC::ParserArena::identifierArena): Lazily allocate the
3603         IdentifierArena.
3604
3605         * parser/Nodes.cpp:
3606         (JSC::ScopeNode::ScopeNode):
3607         (JSC::ScopeNode::singleStatement):
3608         (JSC::ProgramNode::create):
3609         (JSC::EvalNode::create):
3610         (JSC::FunctionBodyNode::create):
3611         * parser/Nodes.h:
3612         (JSC::ScopeNode::destroyData):
3613         (JSC::ScopeNode::needsActivationForMoreThanVariables):
3614         (JSC::ScopeNode::needsActivation):
3615         (JSC::ScopeNode::hasCapturedVariables):
3616         (JSC::ScopeNode::capturedVariableCount):
3617         (JSC::ScopeNode::captures):
3618         (JSC::ScopeNode::varStack):
3619         (JSC::ScopeNode::functionStack):
3620         (JSC::ScopeNode::neededConstants):
3621         (ScopeNode):
3622         * bytecompiler/NodesCodegen.cpp:
3623         (JSC::ScopeNode::emitStatementsBytecode): Inline ScopeNodeData
3624         into ScopeNode.  Adapt accessors.
3625
3626 2012-03-06  Eric Seidel  <eric@webkit.org>
3627
3628         Make WTF public headers use fully-qualified include paths and remove ForwardingHeaders/wtf
3629         https://bugs.webkit.org/show_bug.cgi?id=80363
3630
3631         Reviewed by Mark Rowe.
3632
3633         Historically WTF has been part of JavaScriptCore, and on Mac and Windows
3634         its headers have appeared as part of the "private" headers exported by
3635         JavaScriptCore.  All of the WTF headers there are "flattened" into a single
3636         private headers directory, and WebCore, WebKit and WebKit2 have used "ForwardingHeaders"
3637         to re-map fully-qualified <wtf/text/Foo.h> includes to simple <JavaScriptCore/Foo.h> includes.
3638
3639         However, very soon, we are moving the WTF source code out of JavaScriptCore into its
3640         own directory and project.  As part of such, the WTF headers will no longer be part of
3641         the JavaScriptCore private interfaces.
3642         In preparation for that, this change makes both the Mac and Win builds export
3643         WTF headers in a non-flattened manner.  On Mac, that means into usr/local/include/wtf
3644         (and subdirectories), on Windows for now that means JavaScriptCore/wtf (and subdirectories).
3645
3646         There are 5 parts to this change.
3647         1.  Updates the JavaScriptCore XCode and VCProj files to actually install these headers
3648             (and header directories) into the appropriate places in the build directory.
3649         2.  Updates JavaScriptCore.xcodeproj to look for these WTF headers in this install location
3650             (WebCore, WebKit, etc. had already been taught to look in previous patches).
3651         3.  Fixes all JavaScriptCore source files, and WTF headers to include WTF headers
3652             using fully qualified paths.
3653         4.  Stops the Mac and Win builds from installing these WTF headers in their old "flattened" location.
3654         5.  Removes WebCore and WebKit ForwardingHeaders/wtf directories now that the flattened headers no longer exist.
3655
3656         Unfortunately we see no way to do this change in smaller parts, since all of these steps are interdependant.
3657         It is possible there are internal Apple projects which depend on JavaScriptCore/Foo.h working for WTF
3658         headers, those will have to be updated to use <wtf/Foo.h> after this change.
3659         I've discussed this proposed change at length with Mark Rowe, and my understanding is they
3660         are ready for (and interested in) this change happening.
3661
3662         * API/tests/JSNode.c:
3663         * API/tests/JSNodeList.c:
3664         * Configurations/Base.xcconfig:
3665         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
3666         * JavaScriptCore.xcodeproj/project.pbxproj:
3667         * assembler/MacroAssemblerCodeRef.h:
3668         * bytecompiler/BytecodeGenerator.h:
3669         * dfg/DFGOperations.cpp:
3670         * heap/GCAssertions.h:
3671         * heap/HandleHeap.h:
3672         * heap/HandleStack.h:
3673         * heap/MarkedSpace.h:
3674         * heap/PassWeak.h:
3675         * heap/Strong.h:
3676         * heap/Weak.h:
3677         * jit/HostCallReturnValue.cpp:
3678         * jit/JIT.cpp:
3679         * jit/JITStubs.cpp:
3680         * jit/ThunkGenerators.cpp:
3681         * parser/Lexer.cpp:
3682         * runtime/Completion.cpp:
3683         * runtime/Executable.cpp:
3684         * runtime/Identifier.h:
3685         * runtime/InitializeThreading.cpp:
3686         * runtime/JSDateMath.cpp:
3687         * runtime/JSGlobalObjectFunctions.cpp:
3688         * runtime/JSStringBuilder.h:
3689         * runtime/JSVariableObject.h:
3690         * runtime/NumberPrototype.cpp:
3691         * runtime/WriteBarrier.h:
3692         * tools/CodeProfile.cpp:
3693         * tools/TieredMMapArray.h:
3694         * wtf/AVLTree.h:
3695         * wtf/Alignment.h:
3696         * wtf/AlwaysInline.h:
3697         * wtf/ArrayBufferView.h:
3698         * wtf/Assertions.h:
3699         * wtf/Atomics.h:
3700         * wtf/Bitmap.h:
3701         * wtf/BoundsCheckedPointer.h:
3702         * wtf/CheckedArithmetic.h:
3703         * wtf/Deque.h:
3704         * wtf/ExportMacros.h:
3705         * wtf/FastAllocBase.h:
3706         * wtf/FastMalloc.h:
3707         * wtf/Float32Array.h:
3708         * wtf/Float64Array.h:
3709         * wtf/Functional.h:
3710         * wtf/HashCountedSet.h:
3711         * wtf/HashFunctions.h:
3712         * wtf/HashMap.h:
3713         * wtf/HashSet.h:
3714         * wtf/HashTable.h:
3715         * wtf/HashTraits.h:
3716         * wtf/Int16Array.h:
3717         * wtf/Int32Array.h:
3718         * wtf/Int8Array.h:
3719         * wtf/IntegralTypedArrayBase.h:
3720         * wtf/ListHashSet.h:
3721         * wtf/MainThread.h:
3722         * wtf/MetaAllocator.h:
3723         * wtf/Noncopyable.h:
3724         * wtf/OwnArrayPtr.h:
3725         * wtf/OwnPtr.h:
3726         * wtf/PackedIntVector.h:
3727         * wtf/ParallelJobs.h:
3728         * wtf/PassOwnArrayPtr.h:
3729         * wtf/PassOwnPtr.h:
3730         * wtf/PassRefPtr.h:
3731         * wtf/PassTraits.h:
3732         * wtf/Platform.h:
3733         * wtf/PossiblyNull.h:
3734         * wtf/RefCounted.h:
3735         * wtf/RefCountedLeakCounter.h:
3736         * wtf/RefPtr.h:
3737         * wtf/RetainPtr.h:
3738         * wtf/SimpleStats.h:
3739         * wtf/Spectrum.h:
3740         * wtf/StdLibExtras.h:
3741         * wtf/TCPageMap.h:
3742         * wtf/TemporaryChange.h:
3743         * wtf/ThreadSafeRefCounted.h:
3744         * wtf/Threading.h:
3745         * wtf/ThreadingPrimitives.h:
3746         * wtf/TypeTraits.h:
3747         * wtf/TypedArrayBase.h:
3748         * wtf/Uint16Array.h:
3749         * wtf/Uint32Array.h:
3750         * wtf/Uint8Array.h:
3751         * wtf/Uint8ClampedArray.h:
3752         * wtf/UnusedParam.h:
3753         * wtf/Vector.h:
3754         * wtf/VectorTraits.h:
3755         * wtf/dtoa/double-conversion.h:
3756         * wtf/dtoa/utils.h:
3757         * wtf/gobject/GRefPtr.h:
3758         * wtf/gobject/GlibUtilities.h:
3759         * wtf/text/AtomicString.h:
3760         * wtf/text/AtomicStringImpl.h:
3761         * wtf/text/CString.h:
3762         * wtf/text/StringConcatenate.h:
3763         * wtf/text/StringHash.h:
3764         * wtf/text/WTFString.h:
3765         * wtf/unicode/CharacterNames.h:
3766         * wtf/unicode/UTF8.h:
3767         * wtf/unicode/glib/UnicodeGLib.h:
3768         * wtf/unicode/qt4/UnicodeQt4.h:
3769         * wtf/unicode/wince/UnicodeWinCE.h:
3770         * wtf/url/api/ParsedURL.h:
3771         * wtf/url/api/URLString.h:
3772         * wtf/wince/FastMallocWinCE.h:
3773         * yarr/YarrJIT.cpp:
3774
3775 2012-03-06  Gavin Barraclough  <barraclough@apple.com>
3776
3777         Array.prototype functions should throw if delete fails
3778         https://bugs.webkit.org/show_bug.cgi?id=80467
3779
3780         Reviewed by Oliver Hunt.
3781
3782         All calls to [[Delete]] from Array.prototype are specified to pass 'true' as the value of Throw.
3783         In the case of shift/unshift, these are also missing a throw from the 'put' in the implementations
3784         in JSArray.cpp. There are effectively three copies of each of the generic shift/unshift routines,
3785         one in splice, one in ArrayPrototype's shift/unshift methods, and one in JSArray's shift/unshift
3786         routines, for handling arrays with holes. These three copies should be unified.
3787
3788         * runtime/ArrayPrototype.cpp:
3789         (JSC::shift):
3790         (JSC::unshift):
3791             - Added - shared copies of the shift/unshift functionality.
3792         (JSC::arrayProtoFuncPop):
3793             - should throw if the delete fails.
3794         (JSC::arrayProtoFuncReverse):
3795             - should throw if the delete fails.
3796         (JSC::arrayProtoFuncShift):
3797         (JSC::arrayProtoFuncSplice):
3798         (JSC::arrayProtoFuncUnShift):
3799             - use shift/unshift.
3800         * runtime/JSArray.cpp:
3801         (JSC::JSArray::shiftCount):
3802         (JSC::JSArray::unshiftCount):
3803             - Don't try to handle arrays with holes; return a value indicating
3804               the generic routine should be used instead.
3805         * runtime/JSArray.h:
3806             - declaration for shiftCount/unshiftCount changed.
3807         * tests/mozilla/js1_6/Array/regress-304828.js:
3808             - this was asserting incorrect behaviour.
3809
3810 2012-03-06  Raphael Kubo da Costa  <kubo@profusion.mobi>
3811
3812         [CMake] Make the removal of transitive library dependencies work with CMake < 2.8.7.
3813         https://bugs.webkit.org/show_bug.cgi?id=80469
3814
3815         Reviewed by Antonio Gomes.
3816
3817         * CMakeLists.txt: Manually set the LINK_INTERFACE_LIBRARIES target
3818         property on the library being created.
3819
3820 2012-03-06  Yuqiang Xian  <yuqiang.xian@intel.com>
3821
3822         DFG BasicBlock should group the Phi nodes together and separate them
3823         from the other nodes
3824         https://bugs.webkit.org/show_bug.cgi?id=80361
3825
3826         Reviewed by Filip Pizlo.
3827
3828         This would make it more efficient to remove the redundant Phi nodes or
3829         insert new Phi nodes for SSA, besides providing a cleaner BasicBlock structure.
3830         This is performance neutral on SunSpider, V8 and Kraken.
3831
3832         * dfg/DFGAbstractState.cpp:
3833         (JSC::DFG::AbstractState::clobberStructures):
3834         (JSC::DFG::AbstractState::dump):
3835         * dfg/DFGBasicBlock.h:
3836         (JSC::DFG::BasicBlock::BasicBlock):
3837         (BasicBlock):
3838         * dfg/DFGByteCodeParser.cpp:
3839         (JSC::DFG::ByteCodeParser::addToGraph):
3840         (JSC::DFG::ByteCodeParser::insertPhiNode):
3841         * dfg/DFGCFAPhase.cpp:
3842         (JSC::DFG::CFAPhase::performBlockCFA):
3843         * dfg/DFGCSEPhase.cpp:
3844         (JSC::DFG::CSEPhase::pureCSE):
3845         (JSC::DFG::CSEPhase::impureCSE):
3846         (JSC::DFG::CSEPhase::globalVarLoadElimination):
3847         (JSC::DFG::CSEPhase::getByValLoadElimination):
3848         (JSC::DFG::CSEPhase::checkFunctionElimination):
3849         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
3850         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
3851         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
3852         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
3853         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
3854         (JSC::DFG::CSEPhase::performBlockCSE):
3855         * dfg/DFGGraph.cpp:
3856         (JSC::DFG::Graph::dump):
3857         * dfg/DFGSpeculativeJIT.cpp:
3858         (JSC::DFG::SpeculativeJIT::compile):
3859
3860 2012-03-06  Mark Hahnenberg  <mhahnenberg@apple.com>
3861
3862         GCActivityCallback timer should vary with the length of the previous GC
3863         https://bugs.webkit.org/show_bug.cgi?id=80344
3864
3865         Reviewed by Geoffrey Garen.
3866
3867         * heap/Heap.cpp: Gave Heap the ability to keep track of the length of its last 
3868         GC length so that the GC Activity Callback can use it.
3869         (JSC::Heap::Heap):
3870         (JSC::Heap::collect):
3871         * heap/Heap.h:
3872         (JSC::Heap::lastGCLength):
3873         (Heap):
3874         * runtime/GCActivityCallbackCF.cpp:
3875         (JSC):
3876         (JSC::DefaultGCActivityCallback::operator()): Use the length of the Heap's last 
3877         GC to determine the length of our timer trigger (currently set at 100x the duration 
3878         of the last GC).
3879
3880 2012-03-06  Rob Buis  <rbuis@rim.com>
3881
3882         BlackBerry] Fix cast-align gcc warnings when compiling JSC
3883         https://bugs.webkit.org/show_bug.cgi?id=80420
3884
3885         Reviewed by Gavin Barraclough.
3886
3887         Fix warnings given in Blackberry build.
3888
3889         * heap/CopiedBlock.h:
3890         (JSC::CopiedBlock::CopiedBlock):
3891         * wtf/RefCountedArray.h:
3892         (WTF::RefCountedArray::Header::fromPayload):
3893
3894 2012-03-06  Gavin Barraclough  <barraclough@apple.com>
3895
3896         writable/configurable not respected for some properties of Function/String/Arguments
3897         https://bugs.webkit.org/show_bug.cgi?id=80436
3898
3899         Reviewed by Oliver Hunt.
3900
3901         Special properties should behave like regular properties.
3902
3903         * runtime/Arguments.cpp:
3904         (JSC::Arguments::defineOwnProperty):
3905             - Mis-nested logic for making read-only properties non-live.
3906         * runtime/JSFunction.cpp:
3907         (JSC::JSFunction::put):
3908             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
3909         (JSC::JSFunction::deleteProperty):
3910             - Attempting to delete prototype/caller should fail.
3911         (JSC::JSFunction::defineOwnProperty):
3912             - Ensure prototype is reified on attempt to reify it.
3913             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
3914         * runtime/JSFunction.h:
3915             - added declaration for defineOwnProperty.
3916         (JSFunction):
3917         * runtime/StringObject.cpp:
3918         (JSC::StringObject::put):
3919             - length is non-writable, non-configurable - reject appropriately.
3920
3921 2012-03-06  Ulan Degenbaev  <ulan@chromium.org>
3922
3923         TypedArray subarray call for subarray does not clamp the end index parameter properly
3924         https://bugs.webkit.org/show_bug.cgi?id=80285
3925
3926         Reviewed by Kenneth Russell.
3927
3928         * wtf/ArrayBufferView.h:
3929         (WTF::ArrayBufferView::calculateOffsetAndLength):
3930
3931 2012-03-06  Sheriff Bot  <webkit.review.bot@gmail.com>
3932
3933         Unreviewed, rolling out r109837.
3934         http://trac.webkit.org/changeset/109837
3935         https://bugs.webkit.org/show_bug.cgi?id=80399
3936
3937         breaks Mac Productions builds, too late to try and fix it
3938         tonight (Requested by eseidel on #webkit).
3939
3940         * API/tests/JSNode.c:
3941         * API/tests/JSNodeList.c:
3942         * Configurations/Base.xcconfig:
3943         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
3944         * JavaScriptCore.xcodeproj/project.pbxproj:
3945         * assembler/MacroAssemblerCodeRef.h:
3946         * bytecompiler/BytecodeGenerator.h:
3947         * dfg/DFGOperations.cpp:
3948         * heap/GCAssertions.h:
3949         * heap/HandleHeap.h:
3950         * heap/HandleStack.h:
3951         * heap/MarkedSpace.h:
3952         * heap/PassWeak.h:
3953         * heap/Strong.h:
3954         * heap/Weak.h:
3955         * jit/HostCallReturnValue.cpp:
3956         * jit/JIT.cpp:
3957         * jit/JITStubs.cpp:
3958         * jit/ThunkGenerators.cpp:
3959         * parser/Lexer.cpp:
3960         * runtime/Completion.cpp:
3961         * runtime/Executable.cpp:
3962         * runtime/Identifier.h:
3963         * runtime/InitializeThreading.cpp:
3964         * runtime/JSDateMath.cpp:
3965         * runtime/JSGlobalObjectFunctions.cpp:
3966         * runtime/JSStringBuilder.h:
3967         * runtime/JSVariableObject.h:
3968         * runtime/NumberPrototype.cpp:
3969         * runtime/WriteBarrier.h:
3970         * tools/CodeProfile.cpp:
3971         * tools/TieredMMapArray.h:
3972         * yarr/YarrJIT.cpp:
3973
3974 2012-03-06  Zoltan Herczeg  <zherczeg@webkit.org>
3975
3976         [Qt][ARM] Speculative buildfix after r109834.
3977
3978         Reviewed by Csaba Osztrogonác.
3979
3980         * assembler/MacroAssemblerARM.h:
3981         (JSC::MacroAssemblerARM::and32):
3982         (MacroAssemblerARM):
3983
3984 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3985
3986         Unreviewed windows build fix pt 2.
3987
3988         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3989
3990 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3991
3992         Unreviewed windows build fix pt 1.
3993
3994         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3995
3996 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3997
3998         putByIndex should throw in strict mode
3999         https://bugs.webkit.org/show_bug.cgi?id=80335
4000
4001         Reviewed by Filip Pizlo.
4002
4003         Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter.
4004
4005         This is a largely mechanical change, simply adding an extra parameter to a number
4006         of functions. Some call sites need perform additional exception checks, and
4007         operationPutByValBeyondArrayBounds needs to know whether it is strict or not.
4008
4009         This patch doesn't fix a missing throw from some cases of shift/unshift (this is
4010         an existing bug), I'll follow up with a third patch to handle that.