616e68d67c3330efefd9fc87e46862db87ab553f
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-03-23  Michael Saboff  <msaboff@apple.com>
2
3         DFG::compileValueToInt32 Sometime Generates GPR to FPR reg back to GPR
4         https://bugs.webkit.org/show_bug.cgi?id=81805
5
6         Reviewed by Filip Pizlo.
7
8         Added SpeculativeJIT::checkGeneratedType() to determine the current format
9         of an operand.  Used that information in SpeculativeJIT::compileValueToInt32
10         to generate code that will use integer and JSValue types in integer
11         format directly without a conversion to double.
12
13         * JavaScriptCore.xcodeproj/project.pbxproj:
14         * dfg/DFGSpeculativeJIT.cpp:
15         (JSC::DFG::SpeculativeJIT::checkGeneratedType):
16         (DFG):
17         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
18         * dfg/DFGSpeculativeJIT.h:
19         (DFG):
20         (SpeculativeJIT):
21
22 2012-03-23  Steve Falkenburg  <sfalken@apple.com>
23
24         Update Apple Windows build files for WTF move
25         https://bugs.webkit.org/show_bug.cgi?id=82069
26
27         Reviewed by Jessie Berlin.
28
29         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed WTF and WTFGenerated.
30
31 2012-03-23  Dean Jackson  <dino@apple.com>
32
33         Disable CSS_SHADERS in Apple builds
34         https://bugs.webkit.org/show_bug.cgi?id=81996
35
36         Reviewed by Simon Fraser.
37
38         Remove ENABLE_CSS_SHADERS from FeatureDefines. It's now in Platform.h.
39
40         * Configurations/FeatureDefines.xcconfig:
41
42 2012-03-23  Gavin Barraclough  <barraclough@apple.com>
43
44         RexExp constructor last match properties should not rely on previous ovector
45         https://bugs.webkit.org/show_bug.cgi?id=82077
46
47         Reviewed by Oliver Hunt.
48
49         This change simplifies matching, and will enable subpattern results to be fully lazily generated in the future.
50
51         This patch changes the scheme used to lazily generate the last match properties of the RegExp object.
52         Instead of relying on the results in the ovector, we can instead lazily generate the subpatters using
53         a RegExpMatchesArray. To do so we just need to store the input, the regexp matched, and the match
54         location (the MatchResult). When the match is accessed or the input is set, we reify results. We use
55         a special value of setting the saved result to MatchResult::failed() to indicated that we're in a
56         reified state. This means that next time a match is performed, the store of the result will
57         automatically blow away the reified value.
58
59         * JavaScriptCore.xcodeproj/project.pbxproj:
60             - Added new files.
61         * runtime/RegExp.cpp:
62         (JSC::RegExpFunctionalTestCollector::outputOneTest):
63             - changed 'subPattern' -> 'subpattern' (there was a mix in JSC, 'subpattern' was more common).
64         * runtime/RegExpCachedResult.cpp: Added.
65         (JSC::RegExpCachedResult::visitChildren):
66         (JSC::RegExpCachedResult::lastResult):
67         (JSC::RegExpCachedResult::setInput):
68             - New methods, mark GC objects, lazily create the matches array, and record a user provided input (via assignment to RegExp.inupt).
69         * runtime/RegExpCachedResult.h: Added.
70         (RegExpCachedResult):
71             - Added new class.
72         (JSC::RegExpCachedResult::RegExpCachedResult):
73         (JSC::RegExpCachedResult::record):
74         (JSC::RegExpCachedResult::input):
75             - Initialize the object, record the result of a RegExp match, access the stored input property.
76         * runtime/RegExpConstructor.cpp:
77         (JSC::RegExpConstructor::RegExpConstructor):
78             - Initialize m_result/m_multiline properties.
79         (JSC::RegExpConstructor::visitChildren):
80             - Make sure the cached results (or lazy source for them) are marked.
81         (JSC::RegExpConstructor::getBackref):
82         (JSC::RegExpConstructor::getLastParen):
83         (JSC::RegExpConstructor::getLeftContext):
84         (JSC::RegExpConstructor::getRightContext):
85             - Moved from RegExpConstructor, moved to RegExpCachedResult, and using new caching scheme.
86         (JSC::regExpConstructorInput):
87         (JSC::setRegExpConstructorInput):
88             - Changed to use RegExpCachedResult.
89         * runtime/RegExpConstructor.h:
90         (JSC::RegExpConstructor::create):
91         (RegExpConstructor):
92         (JSC::RegExpConstructor::setMultiline):
93         (JSC::RegExpConstructor::multiline):
94             - Move multiline property onto the constructor object; it is not affected by the last match.
95         (JSC::RegExpConstructor::setInput):
96         (JSC::RegExpConstructor::input):
97             - These defer to RegExpCachedResult.
98         (JSC::RegExpConstructor::performMatch):
99         * runtime/RegExpMatchesArray.cpp: Added.
100         (JSC::RegExpMatchesArray::visitChildren):
101             - Eeeep! added missing visitChildren!
102         (JSC::RegExpMatchesArray::finishCreation):
103         (JSC::RegExpMatchesArray::reifyAllProperties):
104         (JSC::RegExpMatchesArray::reifyMatchProperty):
105             - Moved from RegExpConstructor.cpp.
106         (JSC::RegExpMatchesArray::leftContext):
107         (JSC::RegExpMatchesArray::rightContext):
108             - Since the match start/
109         * runtime/RegExpMatchesArray.h:
110         (RegExpMatchesArray):
111             - Declare new methods & structure flags.
112         * runtime/RegExpObject.cpp:
113         (JSC::RegExpObject::match):
114             - performMatch now requires the JSString input, to cache.
115         * runtime/StringPrototype.cpp:
116         (JSC::removeUsingRegExpSearch):
117         (JSC::replaceUsingRegExpSearch):
118         (JSC::stringProtoFuncMatch):
119         (JSC::stringProtoFuncSearch):
120             - performMatch now requires the JSString input, to cache.
121
122 2012-03-23  Tony Chang  <tony@chromium.org>
123
124         [chromium] rename newwtf target back to wtf
125         https://bugs.webkit.org/show_bug.cgi?id=82064
126
127         Reviewed by Adam Barth.
128
129         * JavaScriptCore.gyp/JavaScriptCore.gyp:
130
131 2012-03-23  Mark Hahnenberg  <mhahnenberg@apple.com>
132
133         Simplify memory usage tracking in CopiedSpace
134         https://bugs.webkit.org/show_bug.cgi?id=80705
135
136         Reviewed by Filip Pizlo.
137
138         * heap/CopiedAllocator.h:
139         (CopiedAllocator): Rename currentUtilization to currentSize.
140         (JSC::CopiedAllocator::currentCapacity):
141         * heap/CopiedBlock.h:
142         (CopiedBlock):
143         (JSC::CopiedBlock::payload): Move the implementation of payload() out of the class
144         declaration.
145         (JSC):
146         (JSC::CopiedBlock::size): Add new function to calculate the block's size.
147         (JSC::CopiedBlock::capacity): Ditto for capacity.
148         * heap/CopiedSpace.cpp:
149         (JSC::CopiedSpace::CopiedSpace): Remove old bogus memory stats fields and add a new
150         field for the water mark.
151         (JSC::CopiedSpace::init):
152         (JSC::CopiedSpace::tryAllocateSlowCase): When we fail to allocate from the current 
153         block, we need to update our current water mark with the size of the block.
154         (JSC::CopiedSpace::tryAllocateOversize): When we allocate a new oversize block, we 
155         need to update our current water mark with the size of the used portion of the block.
156         (JSC::CopiedSpace::tryReallocate): We don't need to update the water mark when 
157         reallocating because it will either get accounted for when we fill up the block later 
158         in the case of being able to reallocate in the current block or it will get picked up 
159         immediately because we'll have to get a new block.
160         (JSC::CopiedSpace::tryReallocateOversize): We do, however, need to update in when 
161         realloc-ing an oversize block because we deallocate the old block and allocate a brand 
162         new one.
163         (JSC::CopiedSpace::doneFillingBlock): Update the water mark as blocks are returned to 
164         the CopiedSpace by the SlotVisitors.
165         (JSC::CopiedSpace::doneCopying): Add in any pinned blocks to the water mark.
166         (JSC::CopiedSpace::getFreshBlock): We use the Heap's new function to tell us whether or 
167         not we should collect now instead of doing the calculation ourself.
168         (JSC::CopiedSpace::destroy):
169         (JSC):
170         (JSC::CopiedSpace::size): Manually calculate the size of the CopiedSpace, similar to how 
171         MarkedSpace does.
172         (JSC::CopiedSpace::capacity): Ditto for capacity.
173         * heap/CopiedSpace.h:
174         (JSC::CopiedSpace::waterMark):
175         (CopiedSpace):
176         * heap/CopiedSpaceInlineMethods.h:
177         (JSC::CopiedSpace::startedCopying): Reset water mark to 0 when we start copying during a 
178         collection.
179         (JSC::CopiedSpace::allocateNewBlock):
180         (JSC::CopiedSpace::fitsInBlock):
181         (JSC::CopiedSpace::allocateFromBlock):
182         * heap/Heap.cpp:
183         (JSC::Heap::size): Incorporate size of CopiedSpace into the total size of the Heap.
184         (JSC::Heap::capacity): Ditto for capacity.
185         (JSC::Heap::collect):
186         * heap/Heap.h:
187         (Heap):
188         (JSC::Heap::shouldCollect): New function for other sub-parts of the Heap to use to 
189         determine whether they should initiate a collection or continue to allocate new blocks.
190         (JSC):
191         (JSC::Heap::waterMark): Now is the sum of the water marks of the two sub-parts of the
192         Heap (MarkedSpace and CopiedSpace).
193         * heap/MarkedAllocator.cpp:
194         (JSC::MarkedAllocator::allocateSlowCase): Changed to use the Heap's new shouldCollect() function.
195
196 2012-03-23  Ryosuke Niwa  <rniwa@webkit.org>
197
198         BitVector::resizeOutOfLine doesn't memset when converting an inline buffer
199         https://bugs.webkit.org/show_bug.cgi?id=82012
200
201         Reviewed by Filip Pizlo.
202
203         Initialize out-of-line buffers while extending an inline buffer. Also export symbols to be used in WebCore.
204
205         * wtf/BitVector.cpp:
206         (WTF::BitVector::resizeOutOfLine):
207         * wtf/BitVector.h:
208         (BitVector):
209         (OutOfLineBits):
210
211 2012-03-22  Michael Saboff  <msaboff@apple.com>
212
213         ExecutableAllocator::memoryPressureMultiplier() might can return NaN
214         https://bugs.webkit.org/show_bug.cgi?id=82002
215
216         Reviewed by Filip Pizlo.
217
218         Guard against divide by zero and then make sure the return
219         value is >= 1.0.
220
221         * jit/ExecutableAllocator.cpp:
222         (JSC::ExecutableAllocator::memoryPressureMultiplier):
223         * jit/ExecutableAllocatorFixedVMPool.cpp:
224         (JSC::ExecutableAllocator::memoryPressureMultiplier):
225
226 2012-03-22  Jessie Berlin  <jberlin@apple.com>
227
228         Windows build fix after r111778.
229
230         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
231         Don't include and try to build files owned by WTF.
232         Also, let VS have its way with the vcproj in terms of file ordering.
233
234 2012-03-22  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
235
236         [CMake] Unreviewed build fix after r111778.
237
238         * CMakeLists.txt: Move ${WTF_DIR} after ${JAVASCRIPTCORE_DIR} in
239         the include paths so that the right config.h is used.
240
241 2012-03-22  Tony Chang  <tony@chromium.org>
242
243         Unreviewed, fix chromium build after wtf move.
244
245         Remove old wtf_config and wtf targets.
246
247         * JavaScriptCore.gyp/JavaScriptCore.gyp:
248
249 2012-03-22  Martin Robinson  <mrobinson@igalia.com>
250
251         Fixed the GTK+ WTF/JavaScriptCore build after r111778.
252
253         * GNUmakefile.list.am: Removed an extra trailing backslash.
254
255 2012-03-22  Mark Rowe  <mrowe@apple.com>
256
257         Fix the build.
258
259         * Configurations/JavaScriptCore.xcconfig: Tell the linker to pull in all members from static libraries
260         rather than only those that contain symbols that JavaScriptCore itself uses.
261         * JavaScriptCore.xcodeproj/project.pbxproj: Remove some bogus settings that crept in to the Xcode project.
262
263 2012-03-22  Filip Pizlo  <fpizlo@apple.com>
264
265         DFG NodeFlags has some duplicate code and naming issues
266         https://bugs.webkit.org/show_bug.cgi?id=81975
267
268         Reviewed by Gavin Barraclough.
269         
270         Removed most references to "ArithNodeFlags" since those are now just part
271         of the node flags. Fixed some renaming goofs (EdgedAsNum is once again
272         NodeUsedAsNum). Got rid of setArithNodeFlags() and mergeArithNodeFlags()
273         because the former was never called and the latter did the same things as
274         mergeFlags().
275
276         * dfg/DFGByteCodeParser.cpp:
277         (JSC::DFG::ByteCodeParser::makeSafe):
278         (JSC::DFG::ByteCodeParser::makeDivSafe):
279         (JSC::DFG::ByteCodeParser::handleIntrinsic):
280         * dfg/DFGGraph.cpp:
281         (JSC::DFG::Graph::dump):
282         * dfg/DFGNode.h:
283         (JSC::DFG::Node::arithNodeFlags):
284         (Node):
285         * dfg/DFGNodeFlags.cpp:
286         (JSC::DFG::nodeFlagsAsString):
287         * dfg/DFGNodeFlags.h:
288         (DFG):
289         (JSC::DFG::nodeUsedAsNumber):
290         * dfg/DFGPredictionPropagationPhase.cpp:
291         (JSC::DFG::PredictionPropagationPhase::propagate):
292         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
293
294 2012-03-22  Eric Seidel  <eric@webkit.org>
295
296         Actually move WTF files to their new home
297         https://bugs.webkit.org/show_bug.cgi?id=81844
298
299         Unreviewed.  The details of the port-specific changes
300         have been seen by contributors from those ports, but
301         the whole 5MB change isn't very reviewable as-is.
302
303         * GNUmakefile.am:
304         * GNUmakefile.list.am:
305         * JSCTypedArrayStubs.h:
306         * JavaScriptCore.gypi:
307         * JavaScriptCore.xcodeproj/project.pbxproj:
308         * jsc.cpp:
309
310 2012-03-22  Kevin Ollivier  <kevino@theolliviers.com>
311
312         [wx] Unreviewed. Adding Source/WTF to the build.
313
314         * wscript:
315
316 2012-03-22  Gavin Barraclough  <barraclough@apple.com>
317
318         Add JSValue::isFunction
319         https://bugs.webkit.org/show_bug.cgi?id=81935
320
321         Reviewed by Geoff Garen.
322
323         This would be useful in the WebCore bindings code.
324         Also, remove asFunction, replace with jsCast<JSFunction*>.
325
326         * API/JSContextRef.cpp:
327         * debugger/Debugger.cpp:
328         * debugger/DebuggerCallFrame.cpp:
329         (JSC::DebuggerCallFrame::functionName):
330         * dfg/DFGGraph.h:
331         (JSC::DFG::Graph::valueOfFunctionConstant):
332         * dfg/DFGOperations.cpp:
333         * interpreter/CallFrame.cpp:
334         (JSC::CallFrame::isInlineCallFrameSlow):
335         * interpreter/Interpreter.cpp:
336         (JSC::Interpreter::privateExecute):
337         * jit/JITStubs.cpp:
338         (JSC::DEFINE_STUB_FUNCTION):
339         (JSC::jitCompileFor):
340         (JSC::lazyLinkFor):
341         * llint/LLIntSlowPaths.cpp:
342         (JSC::LLInt::traceFunctionPrologue):
343         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
344         (JSC::LLInt::setUpCall):
345         * runtime/Arguments.h:
346         (JSC::Arguments::finishCreation):
347         * runtime/ArrayPrototype.cpp:
348         (JSC::arrayProtoFuncFilter):
349         (JSC::arrayProtoFuncMap):
350         (JSC::arrayProtoFuncEvery):
351         (JSC::arrayProtoFuncForEach):
352         (JSC::arrayProtoFuncSome):
353         (JSC::arrayProtoFuncReduce):
354         (JSC::arrayProtoFuncReduceRight):
355         * runtime/CommonSlowPaths.h:
356         (JSC::CommonSlowPaths::arityCheckFor):
357         * runtime/Executable.h:
358         (JSC::FunctionExecutable::compileFor):
359         (JSC::FunctionExecutable::compileOptimizedFor):
360         * runtime/FunctionPrototype.cpp:
361         (JSC::functionProtoFuncToString):
362         * runtime/JSArray.cpp:
363         (JSC::JSArray::sort):
364         * runtime/JSFunction.cpp:
365         (JSC::JSFunction::argumentsGetter):
366         (JSC::JSFunction::callerGetter):
367         (JSC::JSFunction::lengthGetter):
368         * runtime/JSFunction.h:
369         (JSC):
370         (JSC::asJSFunction):
371         (JSC::JSValue::isFunction):
372         * runtime/JSGlobalData.cpp:
373         (WTF::Recompiler::operator()):
374         (JSC::JSGlobalData::releaseExecutableMemory):
375         * runtime/JSValue.h:
376         * runtime/StringPrototype.cpp:
377         (JSC::replaceUsingRegExpSearch):
378
379 2012-03-21  Filip Pizlo  <fpizlo@apple.com>
380
381         DFG speculation on booleans should be rationalized
382         https://bugs.webkit.org/show_bug.cgi?id=81840
383
384         Reviewed by Gavin Barraclough.
385         
386         This removes isKnownBoolean() and replaces it with AbstractState-based
387         optimization, and cleans up the control flow in code gen methods for
388         Branch and LogicalNot. Also fixes a goof in Node::shouldSpeculateNumber,
389         and removes isKnownNotBoolean() since that method appeared to be a
390         helper used solely by 32_64's speculateBooleanOperation().
391         
392         This is performance-neutral.
393
394         * dfg/DFGAbstractState.cpp:
395         (JSC::DFG::AbstractState::execute):
396         * dfg/DFGNode.h:
397         (JSC::DFG::Node::shouldSpeculateNumber):
398         * dfg/DFGSpeculativeJIT.cpp:
399         (DFG):
400         * dfg/DFGSpeculativeJIT.h:
401         (SpeculativeJIT):
402         * dfg/DFGSpeculativeJIT32_64.cpp:
403         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
404         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
405         (JSC::DFG::SpeculativeJIT::emitBranch):
406         (JSC::DFG::SpeculativeJIT::compile):
407         * dfg/DFGSpeculativeJIT64.cpp:
408         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
409         (JSC::DFG::SpeculativeJIT::emitBranch):
410         (JSC::DFG::SpeculativeJIT::compile):
411
412 2012-03-21  Mark Rowe  <mrowe@apple.com>
413
414         Fix the build.
415
416         * wtf/MetaAllocator.h:
417         (MetaAllocator): Export the destructor.
418
419 2012-03-21  Eric Seidel  <eric@webkit.org>
420
421         Fix remaining WTF includes in JavaScriptCore in preparation for moving WTF headers out of JavaScriptCore
422         https://bugs.webkit.org/show_bug.cgi?id=81834
423
424         Reviewed by Adam Barth.
425
426         * jsc.cpp:
427         * os-win32/WinMain.cpp:
428         * runtime/JSDateMath.cpp:
429         * runtime/TimeoutChecker.cpp:
430         * testRegExp.cpp:
431         * tools/CodeProfiling.cpp:
432
433 2012-03-21  Eric Seidel  <eric@webkit.org>
434
435         WTF::MetaAllocator has a weak vtable (discovered when building wtf as a static library)
436         https://bugs.webkit.org/show_bug.cgi?id=81838
437
438         Reviewed by Geoffrey Garen.
439
440         My understanding is that weak vtables happen when the compiler/linker cannot
441         determine which compilation unit should constain the vtable.  In this case
442         because there were only pure virtual functions as well as an "inline"
443         virtual destructor (thus the virtual destructor was defined in many compilation
444         units).  Since you can't actually "inline" a virtual function (it still has to
445         bounce through the vtable), the "inline" on this virutal destructor doesn't
446         actually help performance, and is only serving to confuse the compiler here.
447         I've moved the destructor implementation to the .cpp file, thus making
448         it clear to the compiler where the vtable should be stored, and solving the error.
449
450         * wtf/MetaAllocator.cpp:
451         (WTF::MetaAllocator::~MetaAllocator):
452         (WTF):
453         * wtf/MetaAllocator.h:
454
455 2012-03-20  Gavin Barraclough  <barraclough@apple.com>
456
457         RegExpMatchesArray should not copy the ovector
458         https://bugs.webkit.org/show_bug.cgi?id=81742
459
460         Reviewed by Michael Saboff.
461
462         Currently, all RegExpMatchesArray object contain Vector<int, 32>, used to hold any sub-pattern results.
463         This makes allocation/construction/destruction of these objects more expensive. Instead, just store the
464         main match, and recreate the sub-pattern ranges only if necessary (these are often only used for grouping,
465         and the results never accessed).
466         If the main match (index 0) of the RegExpMatchesArray is accessed, reify that value alone.
467
468         * dfg/DFGOperations.cpp:
469             - RegExpObject match renamed back to test (test returns a bool).
470         * runtime/RegExpConstructor.cpp:
471         (JSC):
472             - Removed RegExpResult, RegExpMatchesArray constructor, destroy method.
473         (JSC::RegExpMatchesArray::finishCreation):
474             - Removed RegExpConstructorPrivate parameter.
475         (JSC::RegExpMatchesArray::reifyAllProperties):
476             - (Was fillArrayInstance) Reify all properties of the RegExpMatchesArray.
477             If there are sub-pattern properties, the RegExp is re-run to generate their values.
478         (JSC::RegExpMatchesArray::reifyMatchProperty):
479             - Reify just the match (index 0) property of the RegExpMatchesArray.
480         * runtime/RegExpConstructor.h:
481         (RegExpConstructor):
482         (JSC::RegExpConstructor::performMatch):
483             - performMatch now returns a MatchResult, rather than using out-parameters.
484         * runtime/RegExpMatchesArray.h:
485         (JSC::RegExpMatchesArray::RegExpMatchesArray):
486             - Moved from .cpp, stores the input/regExp/result to use when lazily reifying properties.
487         (RegExpMatchesArray):
488         (JSC::RegExpMatchesArray::create):
489             - Now passed the input string matched against, the RegExp, and the MatchResult.
490         (JSC::RegExpMatchesArray::reifyAllPropertiesIfNecessary):
491         (JSC::RegExpMatchesArray::reifyMatchPropertyIfNecessary):
492             - Helpers to conditionally reify properties.
493         (JSC::RegExpMatchesArray::getOwnPropertySlot):
494         (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
495         (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
496         (JSC::RegExpMatchesArray::put):
497         (JSC::RegExpMatchesArray::putByIndex):
498         (JSC::RegExpMatchesArray::deleteProperty):
499         (JSC::RegExpMatchesArray::deletePropertyByIndex):
500         (JSC::RegExpMatchesArray::getOwnPropertyNames):
501         (JSC::RegExpMatchesArray::defineOwnProperty):
502             - Changed to use reifyAllPropertiesIfNecessary/reifyMatchPropertyIfNecessary
503             (getOwnPropertySlotByIndex calls reifyMatchPropertyIfNecessary if index is 0).
504         * runtime/RegExpObject.cpp:
505         (JSC::RegExpObject::exec):
506         (JSC::RegExpObject::match):
507             - match now returns a MatchResult.
508         * runtime/RegExpObject.h:
509         (JSC::MatchResult::MatchResult):
510             - Added the result of a match is a start & end tuple.
511         (JSC::MatchResult::failed):
512             - A failure is indicated by (notFound, 0).
513         (JSC::MatchResult::operator bool):
514             - Evaluates to false if the match failed.
515         (JSC::MatchResult::empty):
516             - Evaluates to true if the match succeeded with length 0.
517         (JSC::RegExpObject::test):
518             - Now returns a bool.
519         * runtime/RegExpPrototype.cpp:
520         (JSC::regExpProtoFuncTest):
521             - RegExpObject match renamed back to test (test returns a bool).
522         * runtime/StringPrototype.cpp:
523         (JSC::removeUsingRegExpSearch):
524         (JSC::replaceUsingRegExpSearch):
525         (JSC::stringProtoFuncMatch):
526         (JSC::stringProtoFuncSearch):
527             - performMatch now returns a MatchResult, rather than using out-parameters.
528
529 2012-03-21  Hojong Han  <hojong.han@samsung.com>
530
531         Fix out of memory by allowing overcommit
532         https://bugs.webkit.org/show_bug.cgi?id=81743
533
534         Reviewed by Geoffrey Garen.
535
536         Garbage collection is not triggered and new blocks are added
537         because overcommit is allowed by MAP_NORESERVE flag when high water mark is big enough.
538
539         * wtf/OSAllocatorPosix.cpp:
540         (WTF::OSAllocator::reserveAndCommit):
541
542 2012-03-21  Jessie Berlin  <jberlin@apple.com>
543
544         More Windows build fixing.
545
546         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
547         Fix the order of the include directories to look in include/private first before looking
548         in include/private/JavaScriptCore.
549         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
550         Look in the Production output directory (where the wtf headers will be). This is the same
551         thing that is done for jsc and testRegExp in ReleasePGO.
552
553 2012-03-21  Jessie Berlin  <jberlin@apple.com>
554
555         WTF headers should be in $(ConfigurationBuildDir)\include\private\wtf, not
556         $(ConfigurationBuildDir)\include\private\JavaScriptCore\wtf.
557         https://bugs.webkit.org/show_bug.cgi?id=81739
558
559         Reviewed by Dan Bernstein.
560
561         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
562         Look for AtomicString.cpp, StringBuilder.cpp, StringImpl.cpp, and WTFString.cpp in the wtf
563         subdirectory of the build output, not the JavaScriptCore/wtf subdirectory.
564         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
565         Ditto.
566
567         * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops:
568         Get the headers for those 4 files from the wtf subdirectory of the build output, not the
569         JavaScriptCore/wtf subdirectory.
570         * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
571         Ditto.
572
573 2012-03-20  Eric Seidel  <eric@webkit.org>
574
575         Move wtf/Platform.h from JavaScriptCore to Source/WTF/wtf
576         https://bugs.webkit.org/show_bug.cgi?id=80911
577
578         Reviewed by Adam Barth.
579
580         Update the various build systems to depend on Source/WTF headers
581         as well as remove references to Platform.h (since it's now moved).
582
583         * CMakeLists.txt:
584         * JavaScriptCore.pri:
585         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
586         * JavaScriptCore.xcodeproj/project.pbxproj:
587         * wtf/CMakeLists.txt:
588
589 2012-03-20  Filip Pizlo  <fpizlo@apple.com>
590
591         op_mod fails on many interesting corner cases
592         https://bugs.webkit.org/show_bug.cgi?id=81648
593
594         Reviewed by Oliver Hunt.
595         
596         Removed most strength reduction for op_mod, and fixed the integer handling
597         to do the right thing for corner cases. Oddly, this revealed bugs in OSR,
598         which this patch also fixes.
599         
600         This patch is performance neutral on all of the major benchmarks we track.
601
602         * dfg/DFGOperations.cpp:
603         * dfg/DFGOperations.h:
604         * dfg/DFGSpeculativeJIT.cpp:
605         (DFG):
606         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
607         (JSC::DFG::SpeculativeJIT::compileArithMod):
608         * jit/JIT.h:
609         (JIT):
610         * jit/JITArithmetic.cpp:
611         (JSC):
612         (JSC::JIT::emit_op_mod):
613         (JSC::JIT::emitSlow_op_mod):
614         * jit/JITArithmetic32_64.cpp:
615         (JSC::JIT::emit_op_mod):
616         (JSC::JIT::emitSlow_op_mod):
617         * jit/JITOpcodes32_64.cpp:
618         (JSC::JIT::privateCompileCTIMachineTrampolines):
619         (JSC):
620         * jit/JITStubs.h:
621         (TrampolineStructure):
622         (JSC::JITThunks::ctiNativeConstruct):
623         * llint/LowLevelInterpreter64.asm:
624         * wtf/Platform.h:
625         * wtf/SimpleStats.h:
626         (WTF::SimpleStats::variance):
627
628 2012-03-20  Steve Falkenburg  <sfalken@apple.com>
629
630         Windows (make based) build fix.
631         <rdar://problem/11069015>
632
633         * JavaScriptCore.vcproj/JavaScriptCore.make: devenv /rebuild doesn't work with JavaScriptCore.vcproj. Use /clean and /build instead.
634
635 2012-03-20  Steve Falkenburg  <sfalken@apple.com>
636
637         Move WTF-related Windows project files out of JavaScriptCore
638         https://bugs.webkit.org/show_bug.cgi?id=80680
639
640         This change only moves the vcproj and related files from JavaScriptCore/JavaScriptCore.vcproj/WTF.
641         It does not move any source code. This is in preparation for the WTF source move out of
642         JavaScriptCore.
643
644         Reviewed by Jessie Berlin.
645
646         * JavaScriptCore.vcproj/JavaScriptCore.sln:
647         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
648         * JavaScriptCore.vcproj/WTF: Removed.
649         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed.
650         * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Removed.
651         * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Removed.
652         * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Removed.
653         * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Removed.
654         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Removed.
655         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Removed.
656         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Removed.
657         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Removed.
658         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Removed.
659         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Removed.
660         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Removed.
661         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Removed.
662         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Removed.
663         * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd: Removed.
664         * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd: Removed.
665         * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Removed.
666         * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Removed.
667         * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Removed.
668         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Removed.
669         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Removed.
670         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Removed.
671
672 2012-03-20  Benjamin Poulain  <bpoulain@apple.com>
673
674         Cache the type string of JavaScript object
675         https://bugs.webkit.org/show_bug.cgi?id=81446
676
677         Reviewed by Geoffrey Garen.
678
679         Instead of creating the JSString every time, we create
680         lazily the strings in JSGlobalData.
681
682         This avoid the construction of the StringImpl and of the JSString,
683         which gives some performance improvements.
684
685         * runtime/CommonIdentifiers.h:
686         * runtime/JSValue.cpp:
687         (JSC::JSValue::toStringSlowCase):
688         * runtime/Operations.cpp:
689         (JSC::jsTypeStringForValue):
690         * runtime/SmallStrings.cpp:
691         (JSC::SmallStrings::SmallStrings):
692         (JSC::SmallStrings::finalizeSmallStrings):
693         (JSC::SmallStrings::initialize):
694         (JSC):
695         * runtime/SmallStrings.h:
696         (SmallStrings):
697
698 2012-03-20  Oliver Hunt  <oliver@apple.com>
699
700         Allow LLINT to work even when executable allocation fails.
701         https://bugs.webkit.org/show_bug.cgi?id=81693
702
703         Reviewed by Gavin Barraclough.
704
705         Don't crash if executable allocation fails if we can fall back on LLINT
706
707         * jit/ExecutableAllocatorFixedVMPool.cpp:
708         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
709         * wtf/OSAllocatorPosix.cpp:
710         (WTF::OSAllocator::reserveAndCommit):
711
712 2012-03-20  Csaba Osztrogonác  <ossy@webkit.org>
713
714         Division optimizations fail to infer cases of truncated division and mishandle -2147483648/-1
715         https://bugs.webkit.org/show_bug.cgi?id=81428
716
717         32 bit buildfix after r111355.
718
719         2147483648 (2^31) isn't valid int literal in ISO C90, because 2147483647 (2^31-1) is the biggest int.
720         The smallest int is -2147483648 (-2^31) == -2147483647 - 1  == -INT32_MAX-1 == INT32_MIN (stdint.h).
721
722         Reviewed by Zoltan Herczeg.
723
724         * dfg/DFGSpeculativeJIT.cpp:
725         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
726
727 2012-03-19  Jochen Eisinger  <jochen@chromium.org>
728
729         Split WTFReportBacktrace into WTFReportBacktrace and WTFPrintBacktrace
730         https://bugs.webkit.org/show_bug.cgi?id=80983
731
732         Reviewed by Darin Adler.
733
734         This allows printing a backtrace acquired by an earlier WTFGetBacktrace
735         call which is useful for local debugging.
736
737         * wtf/Assertions.cpp:
738         * wtf/Assertions.h:
739
740 2012-03-19  Benjamin Poulain  <benjamin@webkit.org>
741
742         Do not copy the script source in the SourceProvider, just reference the existing string
743         https://bugs.webkit.org/show_bug.cgi?id=81466
744
745         Reviewed by Geoffrey Garen.
746
747         * parser/SourceCode.h: Remove the unused, and incorrect, function data().
748         * parser/SourceProvider.h: Add OVERRIDE for clarity.
749
750 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
751
752         Division optimizations fail to infer cases of truncated division and
753         mishandle -2147483648/-1
754         https://bugs.webkit.org/show_bug.cgi?id=81428
755         <rdar://problem/11067382>
756
757         Reviewed by Oliver Hunt.
758
759         If you're a division over integers and you're only used as an integer, then you're
760         an integer division and remainder checks become unnecessary. If you're dividing
761         -2147483648 by -1, don't crash.
762
763         * assembler/MacroAssemblerX86Common.h:
764         (MacroAssemblerX86Common):
765         (JSC::MacroAssemblerX86Common::add32):
766         * dfg/DFGSpeculativeJIT.cpp:
767         (DFG):
768         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
769         * dfg/DFGSpeculativeJIT.h:
770         (SpeculativeJIT):
771         * dfg/DFGSpeculativeJIT32_64.cpp:
772         (JSC::DFG::SpeculativeJIT::compile):
773         * dfg/DFGSpeculativeJIT64.cpp:
774         (JSC::DFG::SpeculativeJIT::compile):
775         * llint/LowLevelInterpreter64.asm:
776
777 2012-03-19  Benjamin Poulain  <bpoulain@apple.com>
778
779         Simplify SmallStrings
780         https://bugs.webkit.org/show_bug.cgi?id=81445
781
782         Reviewed by Gavin Barraclough.
783
784         SmallStrings had two methods that should not be public: count() and clear().
785
786         The method clear() is effectively replaced by finalizeSmallStrings(). The body
787         of the method was moved to the constructor since the code is obvious.
788
789         The method count() is unused.
790
791         * runtime/SmallStrings.cpp:
792         (JSC::SmallStrings::SmallStrings):
793         * runtime/SmallStrings.h:
794         (SmallStrings):
795
796 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
797
798         DFG can no longer compile V8-v4/regexp in debug mode
799         https://bugs.webkit.org/show_bug.cgi?id=81592
800
801         Reviewed by Gavin Barraclough.
802
803         * dfg/DFGSpeculativeJIT32_64.cpp:
804         (JSC::DFG::SpeculativeJIT::compile):
805         * dfg/DFGSpeculativeJIT64.cpp:
806         (JSC::DFG::SpeculativeJIT::compile):
807
808 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
809
810         Prediction propagation for UInt32ToNumber incorrectly assumes that outs outcome does not
811         change throughout the fixpoint
812         https://bugs.webkit.org/show_bug.cgi?id=81583
813
814         Reviewed by Michael Saboff.
815
816         * dfg/DFGPredictionPropagationPhase.cpp:
817         (JSC::DFG::PredictionPropagationPhase::propagate):
818
819 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
820
821         GC should not attempt to clear LLInt instruction inline caches for code blocks that are in
822         the process of being generated
823         https://bugs.webkit.org/show_bug.cgi?id=81565
824
825         Reviewed by Oliver Hunt.
826
827         * bytecode/CodeBlock.cpp:
828         (JSC::CodeBlock::finalizeUnconditionally):
829
830 2012-03-19  Eric Seidel  <eric@webkit.org>
831
832         Fix WTF header include discipline in Chromium WebKit
833         https://bugs.webkit.org/show_bug.cgi?id=81281
834
835         Reviewed by James Robinson.
836
837         * JavaScriptCore.gyp/JavaScriptCore.gyp:
838         * wtf/unicode/icu/CollatorICU.cpp:
839
840 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
841
842         DFG NodeUse should be called Edge and NodeReferenceBlob should be called AdjacencyList
843         https://bugs.webkit.org/show_bug.cgi?id=81556
844
845         Rubber stamped by Gavin Barraclough.
846
847         * GNUmakefile.list.am:
848         * JavaScriptCore.xcodeproj/project.pbxproj:
849         * dfg/DFGAbstractState.h:
850         (JSC::DFG::AbstractState::forNode):
851         * dfg/DFGAdjacencyList.h: Copied from Source/JavaScriptCore/dfg/DFGNodeReferenceBlob.h.
852         (JSC::DFG::AdjacencyList::AdjacencyList):
853         (JSC::DFG::AdjacencyList::child):
854         (JSC::DFG::AdjacencyList::setChild):
855         (JSC::DFG::AdjacencyList::child1):
856         (JSC::DFG::AdjacencyList::child2):
857         (JSC::DFG::AdjacencyList::child3):
858         (JSC::DFG::AdjacencyList::setChild1):
859         (JSC::DFG::AdjacencyList::setChild2):
860         (JSC::DFG::AdjacencyList::setChild3):
861         (JSC::DFG::AdjacencyList::child1Unchecked):
862         (JSC::DFG::AdjacencyList::initialize):
863         (AdjacencyList):
864         * dfg/DFGByteCodeParser.cpp:
865         (JSC::DFG::ByteCodeParser::addVarArgChild):
866         (JSC::DFG::ByteCodeParser::processPhiStack):
867         * dfg/DFGCSEPhase.cpp:
868         (JSC::DFG::CSEPhase::canonicalize):
869         (JSC::DFG::CSEPhase::performSubstitution):
870         * dfg/DFGEdge.h: Copied from Source/JavaScriptCore/dfg/DFGNodeUse.h.
871         (DFG):
872         (JSC::DFG::Edge::Edge):
873         (JSC::DFG::Edge::operator==):
874         (JSC::DFG::Edge::operator!=):
875         (Edge):
876         (JSC::DFG::operator==):
877         (JSC::DFG::operator!=):
878         * dfg/DFGGraph.h:
879         (JSC::DFG::Graph::operator[]):
880         (JSC::DFG::Graph::at):
881         (JSC::DFG::Graph::ref):
882         (JSC::DFG::Graph::deref):
883         (JSC::DFG::Graph::clearAndDerefChild1):
884         (JSC::DFG::Graph::clearAndDerefChild2):
885         (JSC::DFG::Graph::clearAndDerefChild3):
886         (Graph):
887         * dfg/DFGJITCompiler.h:
888         (JSC::DFG::JITCompiler::getPrediction):
889         * dfg/DFGNode.h:
890         (JSC::DFG::Node::Node):
891         (JSC::DFG::Node::child1):
892         (JSC::DFG::Node::child1Unchecked):
893         (JSC::DFG::Node::child2):
894         (JSC::DFG::Node::child3):
895         (Node):
896         * dfg/DFGNodeFlags.cpp:
897         (JSC::DFG::arithNodeFlagsAsString):
898         * dfg/DFGNodeFlags.h:
899         (DFG):
900         (JSC::DFG::nodeUsedAsNumber):
901         * dfg/DFGNodeReferenceBlob.h: Removed.
902         * dfg/DFGNodeUse.h: Removed.
903         * dfg/DFGPredictionPropagationPhase.cpp:
904         (JSC::DFG::PredictionPropagationPhase::propagate):
905         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
906         (JSC::DFG::PredictionPropagationPhase::vote):
907         (JSC::DFG::PredictionPropagationPhase::fixupNode):
908         * dfg/DFGScoreBoard.h:
909         (JSC::DFG::ScoreBoard::use):
910         * dfg/DFGSpeculativeJIT.cpp:
911         (JSC::DFG::SpeculativeJIT::useChildren):
912         (JSC::DFG::SpeculativeJIT::writeBarrier):
913         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
914         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
915         (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
916         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
917         * dfg/DFGSpeculativeJIT.h:
918         (JSC::DFG::SpeculativeJIT::at):
919         (JSC::DFG::SpeculativeJIT::canReuse):
920         (JSC::DFG::SpeculativeJIT::use):
921         (SpeculativeJIT):
922         (JSC::DFG::SpeculativeJIT::speculationCheck):
923         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
924         (JSC::DFG::IntegerOperand::IntegerOperand):
925         (JSC::DFG::DoubleOperand::DoubleOperand):
926         (JSC::DFG::JSValueOperand::JSValueOperand):
927         (JSC::DFG::StorageOperand::StorageOperand):
928         (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
929         (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
930         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
931         (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
932         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
933         * dfg/DFGSpeculativeJIT32_64.cpp:
934         (JSC::DFG::SpeculativeJIT::cachedPutById):
935         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
936         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
937         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
938         (JSC::DFG::SpeculativeJIT::emitCall):
939         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
940         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
941         * dfg/DFGSpeculativeJIT64.cpp:
942         (JSC::DFG::SpeculativeJIT::cachedPutById):
943         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
944         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
945         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
946         (JSC::DFG::SpeculativeJIT::emitCall):
947         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
948         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
949
950 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
951
952         Object.freeze broken on latest Nightly
953         https://bugs.webkit.org/show_bug.cgi?id=80577
954
955         Reviewed by Oliver Hunt.
956
957         * runtime/Arguments.cpp:
958         (JSC::Arguments::defineOwnProperty):
959             - defineOwnProperty was checking for correct behaviour, provided that length/callee hadn't
960             been overrridden. instead, just reify length/callee & rely on JSObject::defineOwnProperty.
961         * runtime/JSFunction.cpp:
962         (JSC::JSFunction::defineOwnProperty):
963             - for arguments/caller/length properties, defineOwnProperty was incorrectly asserting that
964             the object must be extensible; this is incorrect since these properties should already exist
965             on the object. In addition, it was asserting that the arguments/caller values must match the
966             corresponding magic data properties, but for strict mode function this is incorrect. Instead,
967             just reify the arguments/caller accessor & defer to JSObject::defineOwnProperty.
968
969 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
970
971         LLInt get_by_pname slow path incorrectly assumes that the operands are not constants
972         https://bugs.webkit.org/show_bug.cgi?id=81559
973
974         Reviewed by Michael Saboff.
975
976         * llint/LLIntSlowPaths.cpp:
977         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
978
979 2012-03-19  Yong Li  <yoli@rim.com>
980
981         [BlackBerry] Implement OSAllocator::commit/decommit in the correct way
982         https://bugs.webkit.org/show_bug.cgi?id=77013
983
984         We should use mmap(PROT_NONE, MAP_LAZY) instead of posix_madvise() to
985         implement memory decommitting for QNX.
986
987         Reviewed by Rob Buis.
988
989         * wtf/OSAllocatorPosix.cpp:
990         (WTF::OSAllocator::reserveUncommitted):
991         (WTF::OSAllocator::commit):
992         (WTF::OSAllocator::decommit):
993
994 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
995
996         Unreviewed - revent a couple of files accidentally committed.
997
998         * runtime/Arguments.cpp:
999         (JSC::Arguments::defineOwnProperty):
1000         * runtime/JSFunction.cpp:
1001         (JSC::JSFunction::defineOwnProperty):
1002
1003 2012-03-19  Jessie Berlin  <jberlin@apple.com>
1004
1005         Another Windows build fix after r111129.
1006
1007         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1008
1009 2012-03-19  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
1010
1011         Cross-platform processor core counter: fix build on FreeBSD.
1012         https://bugs.webkit.org/show_bug.cgi?id=81482
1013
1014         Reviewed by Zoltan Herczeg.
1015
1016         The documentation of sysctl(3) shows that <sys/types.h> should be
1017         included before <sys/sysctl.h> (sys/types.h tends to be the first
1018         included header in general).
1019
1020         This should fix the build on FreeBSD and other systems where
1021         sysctl.h really depends on types defined in types.h.
1022
1023         * wtf/NumberOfCores.cpp:
1024
1025 2012-03-19  Jessie Berlin  <jberlin@apple.com>
1026
1027         Windows build fix after r111129.
1028
1029         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1030
1031 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1032
1033         JSCallbackFunction::toStringCallback/valueOfCallback do not handle 0 return value from convertToType
1034         https://bugs.webkit.org/show_bug.cgi?id=81468 <rdar://problem/11034745>
1035
1036         Reviewed by Oliver Hunt.
1037
1038         The API specifies that convertToType may opt not to handle a conversion:
1039             "@result The objects's converted value, or NULL if the object was not converted."
1040         In which case, it would propagate first up the JSClass hierarchy, calling its superclass's
1041         conversion functions, and failing that call the JSObject::defaultValue function.
1042
1043         Unfortunately this behaviour was removed in bug#69677/bug#69858, and instead we now rely on
1044         the toStringCallback/valueOfCallback function introduced in bug#69156. Even after a fix in
1045         bug#73368, these will return the result from the first convertToType they find, regardless
1046         of whether this result is null, and if no convertToType method is found in the api class
1047         hierarchy (possible if toStringCallback/valueOfCallback was accessed off the prototype
1048         chain), they will also return a null pointer. This is unsafe.
1049
1050         It would be easy to make the approach based around toStringCallback/valueOfCallback continue
1051         to walk the api class hierarchy, but making the fallback to defaultValue would be problematic
1052         (since defaultValue calls toStringCallback/valueOfCallback, this would infinitely recurse).
1053         Making the fallback work with toString/valueOf methods attached to api objects is probably
1054         not the right thing to do – instead, we should just implement the defaultValue trap for api
1055         objects.
1056
1057         In addition, this bug highlights that fact that JSCallbackFunction::call will allow a hard
1058         null to be returned from C to JavaScript - this is not okay. Handle with an exception.
1059
1060         * API/JSCallbackFunction.cpp:
1061         (JSC::JSCallbackFunction::call):
1062             - Should be null checking the return value.
1063         (JSC):
1064             - Remove toStringCallback/valueOfCallback.
1065         * API/JSCallbackFunction.h:
1066         (JSCallbackFunction):
1067             - Remove toStringCallback/valueOfCallback.
1068         * API/JSCallbackObject.h:
1069         (JSCallbackObject):
1070             - Add defaultValue mthods to JSCallbackObject.
1071         * API/JSCallbackObjectFunctions.h:
1072         (JSC::::defaultValue):
1073             - Add defaultValue mthods to JSCallbackObject.
1074         * API/JSClassRef.cpp:
1075         (OpaqueJSClass::prototype):
1076             - Remove toStringCallback/valueOfCallback.
1077         * API/tests/testapi.js:
1078             - Revert this test, now we no longer artificially introduce a toString method onto the api object.
1079
1080 2012-03-18  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
1081
1082         [EFL] Include ICU_INCLUDE_DIRS when building.
1083         https://bugs.webkit.org/show_bug.cgi?id=81483
1084
1085         Reviewed by Daniel Bates.
1086
1087         So far, only the ICU libraries were being included when building
1088         JavaScriptCore, however the include path is also needed, otherwise the
1089         build will fail when ICU is installed into a non-standard location.
1090
1091         * PlatformEfl.cmake: Include ${ICU_INCLUDE_DIRS}.
1092
1093 2012-03-17  Gavin Barraclough  <barraclough@apple.com>
1094
1095         Strength reduction, RegExp.exec -> RegExp.test
1096         https://bugs.webkit.org/show_bug.cgi?id=81459
1097
1098         Reviewed by Sam Weinig.
1099
1100         RegExp.prototype.exec & RegExp.prototype.test can both be used to test a regular
1101         expression for a match against a string - however exec is more expensive, since
1102         it allocates a matches array object. In cases where the result is consumed in a
1103         boolean context the allocation of the matches array can be trivially elided.
1104
1105         For example:
1106             function f()
1107             {
1108                 for (i =0; i < 10000000; ++i)
1109                     if(!/a/.exec("a"))
1110                         err = true;
1111             }
1112
1113         This is a 2.5x speedup on this example microbenchmark loop.
1114
1115         In a more advanced form of this optimization, we may be able to avoid allocating
1116         the array where access to the array can be observed.
1117
1118         * create_hash_table:
1119         * dfg/DFGAbstractState.cpp:
1120         (JSC::DFG::AbstractState::execute):
1121         * dfg/DFGByteCodeParser.cpp:
1122         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1123         * dfg/DFGNode.h:
1124         (JSC::DFG::Node::hasHeapPrediction):
1125         * dfg/DFGNodeType.h:
1126         (DFG):
1127         * dfg/DFGOperations.cpp:
1128         * dfg/DFGOperations.h:
1129         * dfg/DFGPredictionPropagationPhase.cpp:
1130         (JSC::DFG::PredictionPropagationPhase::propagate):
1131         * dfg/DFGSpeculativeJIT.cpp:
1132         (JSC::DFG::SpeculativeJIT::compileRegExpExec):
1133         (DFG):
1134         * dfg/DFGSpeculativeJIT.h:
1135         (JSC::DFG::SpeculativeJIT::callOperation):
1136         * dfg/DFGSpeculativeJIT32_64.cpp:
1137         (JSC::DFG::SpeculativeJIT::compile):
1138         * dfg/DFGSpeculativeJIT64.cpp:
1139         (JSC::DFG::SpeculativeJIT::compile):
1140         * jsc.cpp:
1141         (GlobalObject::addConstructableFunction):
1142         * runtime/Intrinsic.h:
1143         * runtime/JSFunction.cpp:
1144         (JSC::JSFunction::create):
1145         (JSC):
1146         * runtime/JSFunction.h:
1147         (JSFunction):
1148         * runtime/Lookup.cpp:
1149         (JSC::setUpStaticFunctionSlot):
1150         * runtime/RegExpObject.cpp:
1151         (JSC::RegExpObject::exec):
1152         (JSC::RegExpObject::match):
1153         * runtime/RegExpObject.h:
1154         (RegExpObject):
1155         * runtime/RegExpPrototype.cpp:
1156         (JSC::regExpProtoFuncTest):
1157         (JSC::regExpProtoFuncExec):
1158
1159 2012-03-16  Michael Saboff  <msaboff@apple.com>
1160
1161         Improve diagnostic benefit of JSGlobalData::m_isInitializingObject
1162         https://bugs.webkit.org/show_bug.cgi?id=81244
1163
1164         Rubber stamped by Filip Pizlo.
1165
1166         Changed type and name of JSGlobalData::m_isInitializingObject to
1167         ClassInfo* and m_initializingObjectClass.
1168         Changed JSGlobalData::setInitializingObject to
1169         JSGlobalData::setInitializingObjectClass.  This pointer can be used within 
1170         the debugger to determine what type of object is being initialized.
1171         
1172         * runtime/JSCell.h:
1173         (JSC::JSCell::finishCreation):
1174         (JSC::allocateCell):
1175         * runtime/JSGlobalData.cpp:
1176         (JSC::JSGlobalData::JSGlobalData):
1177         * runtime/JSGlobalData.h:
1178         (JSGlobalData):
1179         (JSC::JSGlobalData::isInitializingObject):
1180         (JSC::JSGlobalData::setInitializingObjectClass):
1181         * runtime/Structure.h:
1182         (JSC::JSCell::finishCreation):
1183
1184 2012-03-16  Mark Rowe  <mrowe@apple.com>
1185
1186         Build fix. Do not preserve owner and group information when installing the WTF headers.
1187
1188         * JavaScriptCore.xcodeproj/project.pbxproj:
1189
1190 2012-03-15  David Dorwin  <ddorwin@chromium.org>
1191
1192         Make the array pointer parameters in the Typed Array create() methods const.
1193         https://bugs.webkit.org/show_bug.cgi?id=81147
1194
1195         Reviewed by Kenneth Russell.
1196
1197         This allows const arrays to be passed to these methods.
1198         They use PassRefPtr<Subclass> create(), which already has a const parameter.
1199
1200         * wtf/Int16Array.h:
1201         (Int16Array):
1202         (WTF::Int16Array::create):
1203         * wtf/Int32Array.h:
1204         (Int32Array):
1205         (WTF::Int32Array::create):
1206         * wtf/Int8Array.h:
1207         (Int8Array):
1208         (WTF::Int8Array::create):
1209         * wtf/Uint16Array.h:
1210         (Uint16Array):
1211         (WTF::Uint16Array::create):
1212         * wtf/Uint32Array.h:
1213         (Uint32Array):
1214         (WTF::Uint32Array::create):
1215         * wtf/Uint8Array.h:
1216         (Uint8Array):
1217         (WTF::Uint8Array::create):
1218         * wtf/Uint8ClampedArray.h:
1219         (Uint8ClampedArray):
1220         (WTF::Uint8ClampedArray::create):
1221
1222 2012-03-15  Myles Maxfield  <mmaxfield@google.com>
1223
1224         CopiedSpace::tryAllocateOversize assumes system page size
1225         https://bugs.webkit.org/show_bug.cgi?id=80615
1226
1227         Reviewed by Geoffrey Garen.
1228
1229         * heap/CopiedSpace.cpp:
1230         (JSC::CopiedSpace::tryAllocateOversize):
1231         * heap/CopiedSpace.h:
1232         (CopiedSpace):
1233         * heap/CopiedSpaceInlineMethods.h:
1234         (JSC::CopiedSpace::oversizeBlockFor):
1235         * wtf/BumpPointerAllocator.h:
1236         (WTF::BumpPointerPool::create):
1237         * wtf/StdLibExtras.h:
1238         (WTF::roundUpToMultipleOf):
1239
1240 2012-03-15  Mark Hahnenberg  <mhahnenberg@apple.com>
1241
1242         Fixing Windows build breakage
1243
1244         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1245
1246 2012-03-15  Patrick Gansterer  <paroga@webkit.org>
1247
1248         [EFL] Make zlib a general build requirement
1249         https://bugs.webkit.org/show_bug.cgi?id=80153
1250
1251         Reviewed by Hajime Morita.
1252
1253         After r109538 WebSocket module needs zlib to support deflate-frame extension.
1254
1255         * wtf/Platform.h:
1256
1257 2012-03-15  Benjamin Poulain  <bpoulain@apple.com>
1258
1259         NumericStrings should be inlined
1260         https://bugs.webkit.org/show_bug.cgi?id=81183
1261
1262         Reviewed by Gavin Barraclough.
1263
1264         NumericStrings is not always inlined. When it is not, the class is not faster
1265         than using UString::number() directly.
1266
1267         * runtime/NumericStrings.h:
1268         (JSC::NumericStrings::add):
1269         (JSC::NumericStrings::lookupSmallString):
1270
1271 2012-03-15  Andras Becsi  <andras.becsi@nokia.com>
1272
1273         Fix ARM build after r110792.
1274
1275         Unreviewed build fix.
1276
1277         * jit/ExecutableAllocator.h:
1278         (JSC::ExecutableAllocator::cacheFlush):
1279         Remove superfluous curly brackets.
1280
1281 2012-03-15  Gavin Barraclough  <barraclough@apple.com>
1282
1283         ARMv7: prefer vmov(gpr,gpr->double) over vmov(gpr->single)
1284         https://bugs.webkit.org/show_bug.cgi?id=81256
1285
1286         Reviewed by Oliver Hunt.
1287
1288         This is a 0.5% sunspider progression.
1289
1290         * assembler/MacroAssemblerARMv7.h:
1291         (JSC::MacroAssemblerARMv7::convertInt32ToDouble):
1292             - switch which form of vmov we use.
1293
1294 2012-03-15  YoungTaeck Song  <youngtaeck.song@samsung.com>
1295
1296         [EFL] Add OwnPtr specialization for Ecore_Timer.
1297         https://bugs.webkit.org/show_bug.cgi?id=80119
1298
1299         Reviewed by Hajime Morita.
1300
1301         Add an overload for deleteOwnedPtr(Ecore_Timer*) on EFL port.
1302
1303         * wtf/OwnPtrCommon.h:
1304         (WTF):
1305         * wtf/efl/OwnPtrEfl.cpp:
1306         (WTF::deleteOwnedPtr):
1307         (WTF):
1308
1309 2012-03-15  Hojong Han  <hojong.han@samsung.com>
1310
1311         Linux has madvise enough to support OSAllocator::commit/decommit
1312         https://bugs.webkit.org/show_bug.cgi?id=80505
1313
1314         Reviewed by Geoffrey Garen.
1315
1316         * wtf/OSAllocatorPosix.cpp:
1317         (WTF::OSAllocator::reserveUncommitted):
1318         (WTF::OSAllocator::commit):
1319         (WTF::OSAllocator::decommit):
1320
1321 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
1322
1323         Windows build fix.
1324
1325         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
1326         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
1327         * JavaScriptCore.vcproj/WTF/copy-files.cmd:
1328         * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
1329
1330 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
1331
1332         Windows build fix.
1333
1334         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
1335
1336 2012-03-15  Kevin Ollivier  <kevino@theolliviers.com>
1337
1338         Move wx port to using export macros
1339         https://bugs.webkit.org/show_bug.cgi?id=77279
1340
1341         Reviewed by Hajime Morita.
1342
1343         * wscript:
1344         * wtf/Platform.h:
1345
1346 2012-03-14  Benjamin Poulain  <bpoulain@apple.com>
1347
1348         Avoid StringImpl::getData16SlowCase() when sorting array
1349         https://bugs.webkit.org/show_bug.cgi?id=81070
1350
1351         Reviewed by Geoffrey Garen.
1352
1353         The function codePointCompare() is used intensively when sorting strings.
1354         This patch improves its performance by:
1355         -Avoiding character conversion.
1356         -Inlining the function.
1357
1358         This makes Peacekeeper's arrayCombined test 30% faster.
1359
1360         * wtf/text/StringImpl.cpp:
1361         * wtf/text/StringImpl.h:
1362         (WTF):
1363         (WTF::codePointCompare):
1364         (WTF::codePointCompare8):
1365         (WTF::codePointCompare16):
1366         (WTF::codePointCompare8To16):
1367
1368 2012-03-14  Hojong Han  <hojong.han@samsung.com>
1369
1370         Fix memory allocation failed by fastmalloc
1371         https://bugs.webkit.org/show_bug.cgi?id=79614
1372
1373         Reviewed by Geoffrey Garen.
1374
1375         Memory allocation failed even if the heap grows successfully.
1376         It is wrong to get the span only from the large list after the heap grows,
1377         because new span could be added in the normal list.
1378
1379         * wtf/FastMalloc.cpp:
1380         (WTF::TCMalloc_PageHeap::New):
1381
1382 2012-03-14  Hojong Han  <hojong.han@samsung.com>
1383
1384         Run cacheFlush page by page to assure of flushing all the requested ranges
1385         https://bugs.webkit.org/show_bug.cgi?id=77712
1386
1387         Reviewed by Geoffrey Garen.
1388
1389         Current MetaAllocator concept, always coalesces adjacent free spaces,
1390         doesn't meet memory management of Linux kernel.
1391         In a certain case Linux kernel doesn't regard contiguous virtual memory areas as one but two.
1392         Therefore cacheFlush page by page guarantees a flush-requested range.
1393
1394         * jit/ExecutableAllocator.h:
1395         (JSC::ExecutableAllocator::cacheFlush):
1396
1397 2012-03-14  Oliver Hunt  <oliver@apple.com>
1398
1399         Make ARMv7 work again
1400         https://bugs.webkit.org/show_bug.cgi?id=81157
1401
1402         Reviewed by Geoffrey Garen.
1403
1404         We were trying to use the ARMv7 dataRegister as a scratch register in a scenario
1405         where we the ARMv7MacroAssembler would also try to use dataRegister for its own
1406         nefarious purposes.
1407
1408         * assembler/MacroAssembler.h:
1409         (JSC::MacroAssembler::store32):
1410         * assembler/MacroAssemblerARMv7.h:
1411         (MacroAssemblerARMv7):
1412
1413 2012-03-14  Mark Hahnenberg  <mhahnenberg@apple.com>
1414
1415         Heap::destroy leaks CopiedSpace
1416         https://bugs.webkit.org/show_bug.cgi?id=81055
1417
1418         Reviewed by Geoffrey Garen.
1419
1420         Added a destroy() function to CopiedSpace that moves all normal size 
1421         CopiedBlocks from the CopiedSpace to the Heap's list of free blocks 
1422         as well as deallocates all of the oversize blocks in the CopiedSpace. 
1423         This function is now called in Heap::destroy().
1424
1425         * heap/CopiedSpace.cpp:
1426         (JSC::CopiedSpace::destroy):
1427         (JSC):
1428         * heap/CopiedSpace.h:
1429         (CopiedSpace):
1430         * heap/Heap.cpp:
1431         (JSC::Heap::destroy):
1432
1433 2012-03-14  Andrew Lo  <anlo@rim.com>
1434
1435         [BlackBerry] Implement REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR using AnimationFrameRateController
1436         https://bugs.webkit.org/show_bug.cgi?id=81000
1437
1438         Enable WTF_USE_REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for BlackBerry.
1439
1440         Reviewed by Antonio Gomes.
1441
1442         * wtf/Platform.h:
1443
1444 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1445
1446         ValueToInt32 speculation will cause OSR exits even when it does not have to
1447         https://bugs.webkit.org/show_bug.cgi?id=81068
1448         <rdar://problem/11043926>
1449
1450         Reviewed by Anders Carlsson.
1451         
1452         Two related changes:
1453         1) ValueToInt32 will now always just defer to the non-speculative path, instead
1454            of exiting, if it doesn't know what speculations to perform.
1455         2) ValueToInt32 will speculate boolean if it sees this to be profitable.
1456
1457         * dfg/DFGAbstractState.cpp:
1458         (JSC::DFG::AbstractState::execute):
1459         * dfg/DFGNode.h:
1460         (JSC::DFG::Node::shouldSpeculateBoolean):
1461         (Node):
1462         * dfg/DFGSpeculativeJIT.cpp:
1463         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
1464
1465 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
1466
1467         More Windows build fixing
1468
1469         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1470
1471 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
1472
1473         Windows build fix
1474
1475         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1476
1477 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
1478
1479         Type conversion of exponential part failed
1480         https://bugs.webkit.org/show_bug.cgi?id=80673
1481
1482         Reviewed by Geoffrey Garen.
1483
1484         * parser/Lexer.cpp:
1485         (JSC::::lex):
1486         * runtime/JSGlobalObjectFunctions.cpp:
1487         (JSC::parseInt):
1488         (JSC):
1489         (JSC::jsStrDecimalLiteral): Added another template argument that exposes whether or not
1490         we accept trailing junk to clients of jsStrDecimalLiteral. Also added additional template 
1491         parameter for strtod to allow trailing spaces.
1492         (JSC::toDouble):
1493         (JSC::parseFloat): Accept trailing junk, as per the ECMA 262 spec (15.1.2.3).
1494         * runtime/LiteralParser.cpp:
1495         (JSC::::Lexer::lexNumber):
1496         * tests/mozilla/expected.html: Update the expected page for run-javascriptcore-tests so that 
1497         we will run ecma/TypeConversion/9.3.1-3.js as a regression test now.
1498         * wtf/dtoa.cpp:
1499         (WTF):
1500         (WTF::strtod): We also needed to sometimes accept trailing spaces to pass a few other tests that were 
1501         broken by changing the default allowance of trailing junk in jsStrDecimalLiteral.
1502         * wtf/dtoa.h:
1503         * wtf/dtoa/double-conversion.cc: When the AdvanceToNonspace function was lifted out of the 
1504         Chromium codebase, the person porting it only thought to check for spaces when skipping whitespace.
1505         A few of our JSC tests check for other types of trailing whitespace, so I've added checks for those 
1506         here to cover those cases (horizontal tab, vertical tab, carriage return, form feed, and line feed).
1507         * wtf/text/WTFString.cpp:
1508         (WTF::toDoubleType): Disallow trailing spaces, as this breaks form input verification stuff.
1509
1510 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1511
1512         Unreviewed, build fix since is_pod<> includes some header that I didn't know about.
1513         Removing the assert for now.
1514
1515         * dfg/DFGOperations.h:
1516         * llint/LLIntSlowPaths.h:
1517
1518 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1519
1520         Functions with C linkage should return POD types
1521         https://bugs.webkit.org/show_bug.cgi?id=81061
1522
1523         Reviewed by Mark Rowe.
1524
1525         * dfg/DFGOperations.h:
1526         * llint/LLIntSlowPaths.h:
1527         (LLInt):
1528         (SlowPathReturnType):
1529         (JSC::LLInt::encodeResult):
1530
1531 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1532
1533         Loads from UInt32Arrays should not result in a double up-convert if it isn't necessary
1534         https://bugs.webkit.org/show_bug.cgi?id=80979
1535         <rdar://problem/11036848>
1536
1537         Reviewed by Oliver Hunt.
1538         
1539         Also improved DFG IR dumping to include type information in a somewhat more
1540         intuitive way.
1541
1542         * bytecode/PredictedType.cpp:
1543         (JSC::predictionToAbbreviatedString):
1544         (JSC):
1545         * bytecode/PredictedType.h:
1546         (JSC):
1547         * dfg/DFGAbstractState.cpp:
1548         (JSC::DFG::AbstractState::execute):
1549         * dfg/DFGGraph.cpp:
1550         (JSC::DFG::Graph::dump):
1551         * dfg/DFGPredictionPropagationPhase.cpp:
1552         (JSC::DFG::PredictionPropagationPhase::propagate):
1553         * dfg/DFGSpeculativeJIT.cpp:
1554         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
1555         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
1556         * dfg/DFGSpeculativeJIT.h:
1557         (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
1558
1559 2012-03-13  George Staikos  <staikos@webkit.org>
1560
1561         The callback is only used if SA_RESTART is defined.  Compile it out
1562         otherwise to avoid a warning.
1563         https://bugs.webkit.org/show_bug.cgi?id=80926
1564
1565         Reviewed by Alexey Proskuryakov.
1566
1567         * heap/MachineStackMarker.cpp:
1568         (JSC):
1569
1570 2012-03-13  Hojong Han  <hojong.han@samsung.com>
1571
1572         Dump the generated code for ARM_TRADITIONAL
1573         https://bugs.webkit.org/show_bug.cgi?id=80975
1574
1575         Reviewed by Gavin Barraclough.
1576
1577         * assembler/LinkBuffer.h:
1578         (JSC::LinkBuffer::dumpCode):
1579
1580 2012-03-13  Adam Barth  <abarth@webkit.org> && Benjamin Poulain  <bpoulain@apple.com>
1581
1582         Always enable ENABLE(CLIENT_BASED_GEOLOCATION)
1583         https://bugs.webkit.org/show_bug.cgi?id=78853
1584
1585         Reviewed by Adam Barth.
1586
1587         * Configurations/FeatureDefines.xcconfig:
1588         * wtf/Platform.h:
1589
1590 2012-03-13  Kwonjin Jeong  <gram@company100.net>
1591
1592         Remove SlotVisitor::copy() method.
1593         https://bugs.webkit.org/show_bug.cgi?id=80973
1594
1595         Reviewed by Geoffrey Garen.
1596
1597         SlotVisitor::copy() method isn't called anywhere.
1598
1599         * heap/MarkStack.cpp: Remove definition of SlotVisitor::copy() method.
1600         * heap/SlotVisitor.h: Remove declaration of SlotVisitor::copy() method.
1601
1602 2012-03-12  Hojong Han  <hojong.han@samsung.com>
1603
1604         Fix test cases for RegExp multiline
1605         https://bugs.webkit.org/show_bug.cgi?id=80822
1606
1607         Reviewed by Gavin Barraclough.
1608
1609         * tests/mozilla/js1_2/regexp/RegExp_multiline.js:
1610         * tests/mozilla/js1_2/regexp/RegExp_multiline_as_array.js:
1611         * tests/mozilla/js1_2/regexp/beginLine.js:
1612         * tests/mozilla/js1_2/regexp/endLine.js:
1613
1614 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
1615
1616         Arithmetic use inference should be procedure-global and should run in tandem
1617         with type propagation
1618         https://bugs.webkit.org/show_bug.cgi?id=80819
1619         <rdar://problem/11034006>
1620
1621         Reviewed by Gavin Barraclough.
1622         
1623         * CMakeLists.txt:
1624         * GNUmakefile.list.am:
1625         * JavaScriptCore.xcodeproj/project.pbxproj:
1626         * Target.pri:
1627         * dfg/DFGArithNodeFlagsInferencePhase.cpp: Removed.
1628         * dfg/DFGArithNodeFlagsInferencePhase.h: Removed.
1629         * dfg/DFGDriver.cpp:
1630         (JSC::DFG::compile):
1631         * dfg/DFGPredictionPropagationPhase.cpp:
1632         (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
1633         (PredictionPropagationPhase):
1634         (JSC::DFG::PredictionPropagationPhase::isNotZero):
1635         (JSC::DFG::PredictionPropagationPhase::propagate):
1636         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
1637         * dfg/DFGVariableAccessData.h:
1638         (JSC::DFG::VariableAccessData::VariableAccessData):
1639         (JSC::DFG::VariableAccessData::flags):
1640         (VariableAccessData):
1641         (JSC::DFG::VariableAccessData::mergeFlags):
1642
1643 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
1644
1645         Node::op and Node::flags should be private
1646         https://bugs.webkit.org/show_bug.cgi?id=80824
1647         <rdar://problem/11033435>
1648
1649         Reviewed by Gavin Barraclough.
1650
1651         * CMakeLists.txt:
1652         * GNUmakefile.list.am:
1653         * JavaScriptCore.xcodeproj/project.pbxproj:
1654         * Target.pri:
1655         * dfg/DFGAbstractState.cpp:
1656         (JSC::DFG::AbstractState::initialize):
1657         (JSC::DFG::AbstractState::execute):
1658         (JSC::DFG::AbstractState::mergeStateAtTail):
1659         (JSC::DFG::AbstractState::mergeToSuccessors):
1660         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
1661         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
1662         * dfg/DFGByteCodeParser.cpp:
1663         (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
1664         (JSC::DFG::ByteCodeParser::getLocal):
1665         (JSC::DFG::ByteCodeParser::getArgument):
1666         (JSC::DFG::ByteCodeParser::flushArgument):
1667         (JSC::DFG::ByteCodeParser::toInt32):
1668         (JSC::DFG::ByteCodeParser::isJSConstant):
1669         (JSC::DFG::ByteCodeParser::makeSafe):
1670         (JSC::DFG::ByteCodeParser::makeDivSafe):
1671         (JSC::DFG::ByteCodeParser::handleInlining):
1672         (JSC::DFG::ByteCodeParser::parseBlock):
1673         (JSC::DFG::ByteCodeParser::processPhiStack):
1674         (JSC::DFG::ByteCodeParser::linkBlock):
1675         * dfg/DFGCFAPhase.cpp:
1676         (JSC::DFG::CFAPhase::performBlockCFA):
1677         * dfg/DFGCSEPhase.cpp:
1678         (JSC::DFG::CSEPhase::canonicalize):
1679         (JSC::DFG::CSEPhase::endIndexForPureCSE):
1680         (JSC::DFG::CSEPhase::pureCSE):
1681         (JSC::DFG::CSEPhase::byValIsPure):
1682         (JSC::DFG::CSEPhase::clobbersWorld):
1683         (JSC::DFG::CSEPhase::impureCSE):
1684         (JSC::DFG::CSEPhase::globalVarLoadElimination):
1685         (JSC::DFG::CSEPhase::getByValLoadElimination):
1686         (JSC::DFG::CSEPhase::checkFunctionElimination):
1687         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
1688         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
1689         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
1690         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
1691         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
1692         (JSC::DFG::CSEPhase::performNodeCSE):
1693         * dfg/DFGGraph.cpp:
1694         (JSC::DFG::Graph::dump):
1695         (DFG):
1696         * dfg/DFGGraph.h:
1697         (JSC::DFG::Graph::addShouldSpeculateInteger):
1698         (JSC::DFG::Graph::negateShouldSpeculateInteger):
1699         (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
1700         * dfg/DFGNode.cpp: Removed.
1701         * dfg/DFGNode.h:
1702         (DFG):
1703         (JSC::DFG::Node::Node):
1704         (Node):
1705         (JSC::DFG::Node::op):
1706         (JSC::DFG::Node::flags):
1707         (JSC::DFG::Node::setOp):
1708         (JSC::DFG::Node::setFlags):
1709         (JSC::DFG::Node::mergeFlags):
1710         (JSC::DFG::Node::filterFlags):
1711         (JSC::DFG::Node::clearFlags):
1712         (JSC::DFG::Node::setOpAndDefaultFlags):
1713         (JSC::DFG::Node::mustGenerate):
1714         (JSC::DFG::Node::isConstant):
1715         (JSC::DFG::Node::isWeakConstant):
1716         (JSC::DFG::Node::valueOfJSConstant):
1717         (JSC::DFG::Node::hasVariableAccessData):
1718         (JSC::DFG::Node::hasIdentifier):
1719         (JSC::DFG::Node::resolveGlobalDataIndex):
1720         (JSC::DFG::Node::hasArithNodeFlags):
1721         (JSC::DFG::Node::arithNodeFlags):
1722         (JSC::DFG::Node::setArithNodeFlag):
1723         (JSC::DFG::Node::mergeArithNodeFlags):
1724         (JSC::DFG::Node::hasConstantBuffer):
1725         (JSC::DFG::Node::hasRegexpIndex):
1726         (JSC::DFG::Node::hasVarNumber):
1727         (JSC::DFG::Node::hasScopeChainDepth):
1728         (JSC::DFG::Node::hasResult):
1729         (JSC::DFG::Node::hasInt32Result):
1730         (JSC::DFG::Node::hasNumberResult):
1731         (JSC::DFG::Node::hasJSResult):
1732         (JSC::DFG::Node::hasBooleanResult):
1733         (JSC::DFG::Node::isJump):
1734         (JSC::DFG::Node::isBranch):
1735         (JSC::DFG::Node::isTerminal):
1736         (JSC::DFG::Node::hasHeapPrediction):
1737         (JSC::DFG::Node::hasFunctionCheckData):
1738         (JSC::DFG::Node::hasStructureTransitionData):
1739         (JSC::DFG::Node::hasStructureSet):
1740         (JSC::DFG::Node::hasStorageAccessData):
1741         (JSC::DFG::Node::hasFunctionDeclIndex):
1742         (JSC::DFG::Node::hasFunctionExprIndex):
1743         (JSC::DFG::Node::child1):
1744         (JSC::DFG::Node::child2):
1745         (JSC::DFG::Node::child3):
1746         (JSC::DFG::Node::firstChild):
1747         (JSC::DFG::Node::numChildren):
1748         * dfg/DFGNodeFlags.cpp: Copied from Source/JavaScriptCore/dfg/DFGNode.cpp.
1749         * dfg/DFGNodeFlags.h: Added.
1750         (DFG):
1751         (JSC::DFG::nodeUsedAsNumber):
1752         (JSC::DFG::nodeCanTruncateInteger):
1753         (JSC::DFG::nodeCanIgnoreNegativeZero):
1754         (JSC::DFG::nodeMayOverflow):
1755         (JSC::DFG::nodeCanSpeculateInteger):
1756         * dfg/DFGNodeType.h: Added.
1757         (DFG):
1758         (JSC::DFG::defaultFlags):
1759         * dfg/DFGPredictionPropagationPhase.cpp:
1760         (JSC::DFG::PredictionPropagationPhase::propagate):
1761         (JSC::DFG::PredictionPropagationPhase::vote):
1762         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
1763         (JSC::DFG::PredictionPropagationPhase::fixupNode):
1764         * dfg/DFGRedundantPhiEliminationPhase.cpp:
1765         (JSC::DFG::RedundantPhiEliminationPhase::run):
1766         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
1767         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
1768         * dfg/DFGSpeculativeJIT.cpp:
1769         (JSC::DFG::SpeculativeJIT::useChildren):
1770         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
1771         (JSC::DFG::SpeculativeJIT::compileMovHint):
1772         (JSC::DFG::SpeculativeJIT::compile):
1773         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
1774         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
1775         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
1776         (JSC::DFG::SpeculativeJIT::compileAdd):
1777         (JSC::DFG::SpeculativeJIT::compare):
1778         * dfg/DFGSpeculativeJIT.h:
1779         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
1780         * dfg/DFGSpeculativeJIT32_64.cpp:
1781         (JSC::DFG::SpeculativeJIT::emitCall):
1782         (JSC::DFG::SpeculativeJIT::compile):
1783         * dfg/DFGSpeculativeJIT64.cpp:
1784         (JSC::DFG::SpeculativeJIT::emitCall):
1785         (JSC::DFG::SpeculativeJIT::compile):
1786         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1787         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1788
1789 2012-03-12  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
1790
1791         Minor DataLog fixes
1792         https://bugs.webkit.org/show_bug.cgi?id=80826
1793
1794         Reviewed by Andreas Kling.
1795
1796         * bytecode/ExecutionCounter.cpp:
1797         Do not include DataLog.h, it is not used.
1798         
1799         * jit/ExecutableAllocator.cpp:
1800         Ditto.
1801
1802         * wtf/DataLog.cpp:
1803         (WTF::initializeLogFileOnce):
1804         Add missing semi-colon to the code path where DATA_LOG_FILENAME is defined.
1805
1806         * wtf/HashTable.cpp:
1807         Include DataLog as it is used.
1808
1809 2012-03-12  SangGyu Lee  <sg5.lee@samsung.com>
1810
1811         Integer overflow check code in arithmetic operation in classic interpreter
1812         https://bugs.webkit.org/show_bug.cgi?id=80465
1813
1814         Reviewed by Gavin Barraclough.
1815
1816         * interpreter/Interpreter.cpp:
1817         (JSC::Interpreter::privateExecute):
1818
1819 2012-03-12  Zeno Albisser  <zeno@webkit.org>
1820
1821         [Qt][Mac] Build fails after enabling LLINT when JIT is disabled (r109863)
1822         https://bugs.webkit.org/show_bug.cgi?id=80827
1823
1824         Qt on Mac uses OS(DARWIN) as well, but we do not want to enable LLINT.
1825
1826         Reviewed by Simon Hausmann.
1827
1828         * wtf/Platform.h:
1829
1830 2012-03-12  Simon Hausmann  <simon.hausmann@nokia.com>
1831
1832         Unreviewed prospective Qt/Mac build fix
1833
1834         * runtime/JSGlobalData.cpp: use #USE(CF) instead of PLATFORM(MAC) to determine
1835         whether to include CoreFoundation headers, used for JIT configuration in JSGlobalData
1836         constructor.
1837
1838 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
1839
1840         All DFG nodes should have a mutable set of flags
1841         https://bugs.webkit.org/show_bug.cgi?id=80779
1842         <rdar://problem/11026218>
1843
1844         Reviewed by Gavin Barraclough.
1845         
1846         Got rid of NodeId, and placed all of the flags that distinguished NodeId
1847         from NodeType into a separate Node::flags field. Combined what was previously
1848         ArithNodeFlags into Node::flags.
1849         
1850         In the process of debugging, I found that the debug support in the virtual
1851         register allocator was lacking, so I improved it. I also realized that the
1852         virtual register allocator was assuming that the nodes in a basic block were
1853         contiguous, which is no longer the case. So I fixed that. The fix also made
1854         it natural to have more extreme assertions, so I added them. I suspect this
1855         will make it easier to catch virtual register allocation bugs in the future.
1856         
1857         This is mostly performance neutral; if anything it looks like a slight
1858         speed-up.
1859         
1860         This patch does leave some work for future refactorings; for example, Node::op
1861         is unencapsulated. This was already the case, though now it feels even more
1862         like it should be. I avoided doing that because this patch has already grown
1863         way bigger than I wanted.
1864         
1865         Finally, this patch creates a DFGNode.cpp file and makes a slight effort to
1866         move some unnecessarily inline stuff out of DFGNode.h.
1867
1868         * CMakeLists.txt:
1869         * GNUmakefile.list.am:
1870         * JavaScriptCore.xcodeproj/project.pbxproj:
1871         * Target.pri:
1872         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
1873         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
1874         * dfg/DFGByteCodeParser.cpp:
1875         (JSC::DFG::ByteCodeParser::addToGraph):
1876         (JSC::DFG::ByteCodeParser::makeSafe):
1877         (JSC::DFG::ByteCodeParser::makeDivSafe):
1878         (JSC::DFG::ByteCodeParser::handleMinMax):
1879         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1880         (JSC::DFG::ByteCodeParser::parseBlock):
1881         * dfg/DFGCFAPhase.cpp:
1882         (JSC::DFG::CFAPhase::performBlockCFA):
1883         * dfg/DFGCSEPhase.cpp:
1884         (JSC::DFG::CSEPhase::endIndexForPureCSE):
1885         (JSC::DFG::CSEPhase::pureCSE):
1886         (JSC::DFG::CSEPhase::clobbersWorld):
1887         (JSC::DFG::CSEPhase::impureCSE):
1888         (JSC::DFG::CSEPhase::setReplacement):
1889         (JSC::DFG::CSEPhase::eliminate):
1890         (JSC::DFG::CSEPhase::performNodeCSE):
1891         (JSC::DFG::CSEPhase::performBlockCSE):
1892         (CSEPhase):
1893         * dfg/DFGGraph.cpp:
1894         (JSC::DFG::Graph::opName):
1895         (JSC::DFG::Graph::dump):
1896         (DFG):
1897         * dfg/DFGNode.cpp: Added.
1898         (DFG):
1899         (JSC::DFG::arithNodeFlagsAsString):
1900         * dfg/DFGNode.h:
1901         (DFG):
1902         (JSC::DFG::nodeUsedAsNumber):
1903         (JSC::DFG::nodeCanTruncateInteger):
1904         (JSC::DFG::nodeCanIgnoreNegativeZero):
1905         (JSC::DFG::nodeMayOverflow):
1906         (JSC::DFG::nodeCanSpeculateInteger):
1907         (JSC::DFG::defaultFlags):
1908         (JSC::DFG::Node::Node):
1909         (Node):
1910         (JSC::DFG::Node::setOpAndDefaultFlags):
1911         (JSC::DFG::Node::mustGenerate):
1912         (JSC::DFG::Node::arithNodeFlags):
1913         (JSC::DFG::Node::setArithNodeFlag):
1914         (JSC::DFG::Node::mergeArithNodeFlags):
1915         (JSC::DFG::Node::hasResult):
1916         (JSC::DFG::Node::hasInt32Result):
1917         (JSC::DFG::Node::hasNumberResult):
1918         (JSC::DFG::Node::hasJSResult):
1919         (JSC::DFG::Node::hasBooleanResult):
1920         (JSC::DFG::Node::isJump):
1921         (JSC::DFG::Node::isBranch):
1922         (JSC::DFG::Node::isTerminal):
1923         (JSC::DFG::Node::child1):
1924         (JSC::DFG::Node::child2):
1925         (JSC::DFG::Node::child3):
1926         (JSC::DFG::Node::firstChild):
1927         (JSC::DFG::Node::numChildren):
1928         * dfg/DFGPredictionPropagationPhase.cpp:
1929         (JSC::DFG::PredictionPropagationPhase::propagate):
1930         (JSC::DFG::PredictionPropagationPhase::vote):
1931         (JSC::DFG::PredictionPropagationPhase::fixupNode):
1932         * dfg/DFGScoreBoard.h:
1933         (ScoreBoard):
1934         (JSC::DFG::ScoreBoard::~ScoreBoard):
1935         (JSC::DFG::ScoreBoard::assertClear):
1936         (JSC::DFG::ScoreBoard::use):
1937         * dfg/DFGSpeculativeJIT.cpp:
1938         (JSC::DFG::SpeculativeJIT::useChildren):
1939         * dfg/DFGSpeculativeJIT32_64.cpp:
1940         (JSC::DFG::SpeculativeJIT::compile):
1941         * dfg/DFGSpeculativeJIT64.cpp:
1942         (JSC::DFG::SpeculativeJIT::compile):
1943         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1944         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1945
1946 2012-03-10  Filip Pizlo  <fpizlo@apple.com>
1947
1948         LLInt should support JSVALUE64
1949         https://bugs.webkit.org/show_bug.cgi?id=79609
1950         <rdar://problem/10063437>
1951
1952         Reviewed by Gavin Barraclough and Oliver Hunt.
1953         
1954         Ported the LLInt, which previously only worked on 32-bit, to 64-bit. This
1955         patch moves a fair bit of code from LowLevelInterpreter32_64.asm to the common
1956         file, LowLevelInterpreter.asm. About 1/3 of the LLInt did not have to be
1957         specialized for value representation.
1958         
1959         Also made some minor changes to offlineasm and the slow-paths.
1960
1961         * llint/LLIntData.cpp:
1962         (JSC::LLInt::Data::performAssertions):
1963         * llint/LLIntEntrypoints.cpp:
1964         * llint/LLIntSlowPaths.cpp:
1965         (LLInt):
1966         (JSC::LLInt::llint_trace_value):
1967         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1968         (JSC::LLInt::jitCompileAndSetHeuristics):
1969         * llint/LLIntSlowPaths.h:
1970         (LLInt):
1971         (SlowPathReturnType):
1972         (JSC::LLInt::SlowPathReturnType::SlowPathReturnType):
1973         (JSC::LLInt::encodeResult):
1974         * llint/LLIntThunks.cpp:
1975         * llint/LowLevelInterpreter.asm:
1976         * llint/LowLevelInterpreter32_64.asm:
1977         * llint/LowLevelInterpreter64.asm:
1978         * offlineasm/armv7.rb:
1979         * offlineasm/asm.rb:
1980         * offlineasm/ast.rb:
1981         * offlineasm/backends.rb:
1982         * offlineasm/instructions.rb:
1983         * offlineasm/parser.rb:
1984         * offlineasm/registers.rb:
1985         * offlineasm/transform.rb:
1986         * offlineasm/x86.rb:
1987         * wtf/Platform.h:
1988
1989 2012-03-10  Yong Li  <yoli@rim.com>
1990
1991         Web Worker crashes with WX_EXCLUSIVE
1992         https://bugs.webkit.org/show_bug.cgi?id=80532
1993
1994         Let each JS global object own a meta allocator
1995         for WX_EXCLUSIVE to avoid conflicts from Web Worker.
1996         Also fix a mutex leak in MetaAllocator's dtor.
1997
1998         Reviewed by Filip Pizlo.
1999
2000         * jit/ExecutableAllocator.cpp:
2001         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
2002         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
2003         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
2004         (DemandExecutableAllocator):
2005         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
2006         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
2007         (JSC::DemandExecutableAllocator::allocateNewSpace):
2008         (JSC::DemandExecutableAllocator::allocators):
2009         (JSC::DemandExecutableAllocator::allocatorsMutex):
2010         (JSC):
2011         (JSC::ExecutableAllocator::initializeAllocator):
2012         (JSC::ExecutableAllocator::ExecutableAllocator):
2013         (JSC::ExecutableAllocator::underMemoryPressure):
2014         (JSC::ExecutableAllocator::memoryPressureMultiplier):
2015         (JSC::ExecutableAllocator::allocate):
2016         (JSC::ExecutableAllocator::committedByteCount):
2017         (JSC::ExecutableAllocator::dumpProfile):
2018         * jit/ExecutableAllocator.h:
2019         (JSC):
2020         (ExecutableAllocator):
2021         (JSC::ExecutableAllocator::allocator):
2022         * wtf/MetaAllocator.h:
2023         (WTF::MetaAllocator::~MetaAllocator): Finalize the spin lock.
2024         * wtf/TCSpinLock.h:
2025         (TCMalloc_SpinLock::Finalize): Add empty Finalize() to some implementations.
2026
2027 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2028
2029         Object.freeze broken on latest Nightly
2030         https://bugs.webkit.org/show_bug.cgi?id=80577
2031
2032         Reviewed by Oliver Hunt.
2033
2034         The problem here is that deleteProperty rejects deletion of prototype.
2035         This is correct in most cases, however defineOwnPropery is presently
2036         implemented internally to ensure the attributes change by deleting the
2037         old property, and creating a new one.
2038
2039         * runtime/JSFunction.cpp:
2040         (JSC::JSFunction::deleteProperty):
2041             - If deletePropery is called via defineOwnPropery, allow old prototype to be removed.
2042
2043 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2044
2045         Array.prototype.toLocaleString visits elements in wrong order under certain conditions
2046         https://bugs.webkit.org/show_bug.cgi?id=80663
2047
2048         Reviewed by Michael Saboff.
2049
2050         The bug here is actually that we're continuing to process the array after an exception
2051         has been thrown, and that the second value throw is overriding the first.
2052
2053         * runtime/ArrayPrototype.cpp:
2054         (JSC::arrayProtoFuncToLocaleString):
2055
2056 2012-03-09  Ryosuke Niwa  <rniwa@webkit.org>
2057
2058         WebKit compiled by gcc (Xcode 3.2.6) hangs while running DOM/Accessors.html
2059         https://bugs.webkit.org/show_bug.cgi?id=80080
2060
2061         Reviewed by Filip Pizlo.
2062
2063         * bytecode/SamplingTool.cpp:
2064         (JSC::SamplingRegion::Locker::Locker):
2065         (JSC::SamplingRegion::Locker::~Locker):
2066         * bytecode/SamplingTool.h:
2067         (JSC::SamplingRegion::exchangeCurrent):
2068         * wtf/Atomics.h:
2069         (WTF):
2070         (WTF::weakCompareAndSwap):
2071         (WTF::weakCompareAndSwapUIntPtr):
2072
2073 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2074
2075         REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN
2076         https://bugs.webkit.org/show_bug.cgi?id=49989
2077
2078         Reviewed by Oliver Hunt.
2079
2080         Patch originally by chris reiss <christopher.reiss@nokia.com>,
2081         allow the year to appear before the timezone in date strings.
2082
2083         * wtf/DateMath.cpp:
2084         (WTF::parseDateFromNullTerminatedCharacters):
2085
2086 2012-03-09  Mark Rowe  <mrowe@apple.com>
2087
2088         Ensure that the WTF headers are copied at installhdrs time.
2089
2090         Reviewed by Dan Bernstein and Jessie Berlin.
2091
2092         * Configurations/JavaScriptCore.xcconfig: Set INSTALLHDRS_SCRIPT_PHASE = YES
2093         so that our script phases are invoked at installhdrs time. The only one that
2094         does any useful work at that time is the one that installs WTF headers.
2095
2096 2012-03-09  Jon Lee  <jonlee@apple.com>
2097
2098         Add support for ENABLE(LEGACY_NOTIFICATIONS)
2099         https://bugs.webkit.org/show_bug.cgi?id=80497
2100
2101         Reviewed by Adam Barth.
2102
2103         Prep for b80472: Update API for Web Notifications
2104         * Configurations/FeatureDefines.xcconfig:
2105
2106 2012-03-09  Ashod Nakashian  <ashodnakashian@yahoo.com>
2107
2108         Bash scripts should support LF endings only
2109         https://bugs.webkit.org/show_bug.cgi?id=79509
2110
2111         Reviewed by David Kilzer.
2112
2113         * gyp/generate-derived-sources.sh: Added property svn:eol-style.
2114         * gyp/run-if-exists.sh: Added property svn:eol-style.
2115         * gyp/update-info-plist.sh: Added property svn:eol-style.
2116
2117 2012-03-09  Jessie Berlin  <jberlin@apple.com>
2118
2119         Windows debug build fix.
2120
2121         * assembler/MacroAssembler.h:
2122         (JSC::MacroAssembler::shouldBlind):
2123         Fix unreachable code warnings (which we treat as errors).
2124
2125 2012-03-09  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
2126
2127         Reviewed by Zoltan Herczeg.
2128
2129         [Qt] Fix the SH4 build after r109834
2130         https://bugs.webkit.org/show_bug.cgi?id=80492
2131
2132         * assembler/MacroAssemblerSH4.h:
2133         (JSC::MacroAssemblerSH4::branchAdd32):
2134         (JSC::MacroAssemblerSH4::branchSub32):
2135
2136 2012-03-09  Andy Wingo  <wingo@igalia.com>
2137
2138         Refactor code feature analysis in the parser
2139         https://bugs.webkit.org/show_bug.cgi?id=79112
2140
2141         Reviewed by Geoffrey Garen.
2142
2143         This commit refactors the parser to more uniformly propagate flag
2144         bits down and up the parse process, as the parser descends and
2145         returns into nested blocks.  Some flags get passed town to
2146         subscopes, some apply to specific scopes only, and some get
2147         unioned up after parsing subscopes.
2148
2149         The goal is to eventually be very precise with scoping
2150         information, once we have block scopes: one block scope might use
2151         `eval', which would require the emission of a symbol table within
2152         that block and containing blocks, whereas another block in the
2153         same function might not, allowing us to not emit a symbol table.
2154
2155         * parser/Nodes.h:
2156         (JSC::ScopeFlags): Rename from CodeFeatures.
2157         (JSC::ScopeNode::addScopeFlags):
2158         (JSC::ScopeNode::scopeFlags): New accessors for m_scopeFlags.
2159         (JSC::ScopeNode::isStrictMode):
2160         (JSC::ScopeNode::usesEval):
2161         (JSC::ScopeNode::usesArguments):
2162         (JSC::ScopeNode::setUsesArguments):
2163         (JSC::ScopeNode::usesThis):
2164         (JSC::ScopeNode::needsActivationForMoreThanVariables):
2165         (JSC::ScopeNode::needsActivation): Refactor these accessors to
2166         operate on the m_scopeFlags member.
2167         (JSC::ScopeNode::source):
2168         (JSC::ScopeNode::sourceURL):
2169         (JSC::ScopeNode::sourceID): Shuffle these definitions around; no
2170         semantic change.
2171         (JSC::ScopeNode::ScopeNode)
2172         (JSC::ProgramNode::ProgramNode)
2173         (JSC::EvalNode::EvalNode)
2174         (JSC::FunctionBodyNode::FunctionBodyNode): Have these constructors
2175         take a ScopeFlags as an argument, instead of a bool inStrictContext.
2176
2177         * parser/Nodes.cpp:
2178         (JSC::ScopeNode::ScopeNode):
2179         (JSC::ProgramNode::ProgramNode):
2180         (JSC::ProgramNode::create):
2181         (JSC::EvalNode::EvalNode):
2182         (JSC::EvalNode::create):
2183         (JSC::FunctionBodyNode::FunctionBodyNode):
2184         (JSC::FunctionBodyNode::create): Adapt constructors to change.
2185
2186         * parser/ASTBuilder.h:
2187         (JSC::ASTBuilder::ASTBuilder):
2188         (JSC::ASTBuilder::thisExpr):
2189         (JSC::ASTBuilder::createResolve):
2190         (JSC::ASTBuilder::createFunctionBody):
2191         (JSC::ASTBuilder::createFuncDeclStatement):
2192         (JSC::ASTBuilder::createTryStatement):
2193         (JSC::ASTBuilder::createWithStatement):
2194         (JSC::ASTBuilder::addVar):
2195         (JSC::ASTBuilder::Scope::Scope):
2196         (Scope):
2197         (ASTBuilder):
2198         (JSC::ASTBuilder::makeFunctionCallNode): Don't track scope
2199         features here.  Instead rely on the base Parser mechanism to track
2200         features.
2201
2202         * parser/NodeInfo.h (NodeInfo, NodeDeclarationInfo): "ScopeFlags".
2203
2204         * parser/Parser.h:
2205         (JSC::Scope::Scope): Manage scope through flags, not
2206         bit-booleans.  This lets us uniformly propagate them up and down.
2207         (JSC::Scope::declareWrite):
2208         (JSC::Scope::declareParameter):
2209         (JSC::Scope::useVariable):
2210         (JSC::Scope::collectFreeVariables):
2211         (JSC::Scope::getCapturedVariables):
2212         (JSC::Scope::saveFunctionInfo):
2213         (JSC::Scope::restoreFunctionInfo):
2214         (JSC::Parser::pushScope): Adapt to use scope flags and their
2215         accessors instead of bit-booleans.
2216         * parser/Parser.cpp:
2217         (JSC::::Parser):
2218         (JSC::::parseInner):
2219         (JSC::::didFinishParsing):
2220         (JSC::::parseSourceElements):
2221         (JSC::::parseVarDeclarationList):
2222         (JSC::::parseConstDeclarationList):
2223         (JSC::::parseWithStatement):
2224         (JSC::::parseTryStatement):
2225         (JSC::::parseFunctionBody):
2226         (JSC::::parseFunctionInfo):
2227         (JSC::::parseFunctionDeclaration):
2228         (JSC::::parsePrimaryExpression): Hoist some of the flag handling
2229         out of the "context" (ASTBuilder or SyntaxChecker) and to here.
2230         Does not seem to have a performance impact.
2231
2232         * parser/SourceProviderCacheItem.h (SourceProviderCacheItem):
2233         Cache the scopeflags.
2234         * parser/SyntaxChecker.h: Remove evalCount() decl.
2235
2236         * runtime/Executable.cpp:
2237         (JSC::EvalExecutable::compileInternal):
2238         (JSC::ProgramExecutable::compileInternal):
2239         (JSC::FunctionExecutable::produceCodeBlockFor):
2240         * runtime/Executable.h:
2241         (JSC::ScriptExecutable::ScriptExecutable):
2242         (JSC::ScriptExecutable::usesEval):
2243         (JSC::ScriptExecutable::usesArguments):
2244         (JSC::ScriptExecutable::needsActivation):
2245         (JSC::ScriptExecutable::isStrictMode):
2246         (JSC::ScriptExecutable::recordParse):
2247         (ScriptExecutable): ScopeFlags, not features.
2248
2249 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
2250
2251         Build fix for MSVC after r110266
2252
2253         Unreviewed. A #ifdef for MSVC was left over in r110266.
2254
2255         * runtime/RegExpObject.h:
2256         (RegExpObject):
2257
2258 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
2259
2260         Allocate the RegExpObject's data with the Cell
2261         https://bugs.webkit.org/show_bug.cgi?id=80654
2262
2263         Reviewed by Gavin Barraclough.
2264
2265         This patch removes the creation of RegExpObject's data to avoid the overhead
2266         create by the allocation and destruction.
2267
2268         We RegExp are created repeatedly, this provides some performance improvment.
2269         The PeaceKeeper test stringDetectBrowser improves by 10%.
2270
2271         * runtime/RegExpObject.cpp:
2272         (JSC::RegExpObject::RegExpObject):
2273         (JSC::RegExpObject::visitChildren):
2274         (JSC::RegExpObject::getOwnPropertyDescriptor):
2275         (JSC::RegExpObject::defineOwnProperty):
2276         (JSC::RegExpObject::match):
2277         * runtime/RegExpObject.h:
2278         (JSC::RegExpObject::setRegExp):
2279         (JSC::RegExpObject::regExp):
2280         (JSC::RegExpObject::setLastIndex):
2281         (JSC::RegExpObject::getLastIndex):
2282         (RegExpObject):
2283
2284 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
2285
2286         Separate WTF parts of JavaScriptCoreGenerated into WTFGenerated for Windows build
2287         https://bugs.webkit.org/show_bug.cgi?id=80657
2288         
2289         Preparation for WTF separation from JavaScriptCore.
2290         The "Generated" vcproj files on Windows are necessary so Visual Studio can calculate correct
2291         dependencies for generated files.
2292         
2293         This also removes the PGO build targets from the WTF code, since we can't build instrumentation/optimization
2294         versions of the WTF code independent of the JavaScriptCore code.
2295
2296         Reviewed by Jessie Berlin.
2297
2298         * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WTFGenerated, update dependent projects.
2299         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed WTF specific parts.
2300         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed WTF specific parts.
2301         * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed WTF specific parts.
2302         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed WTF specific parts.
2303         * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Removed.
2304         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Add WTFGenerated, update dependent projects.
2305         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Remove PGO targets from WTF.
2306         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make.
2307         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj.
2308         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops.
2309         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops.
2310         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops.
2311         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops.
2312         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops.
2313         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops.
2314         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops.
2315         * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Removed.
2316         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh.
2317         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd.
2318         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py.
2319
2320 2012-03-08  Benjamin Poulain  <benjamin@webkit.org>
2321
2322         Fix the build of WebKit with WTFURL following the removal of ForwardingHeaders/wtf
2323         https://bugs.webkit.org/show_bug.cgi?id=80652
2324
2325         Reviewed by Eric Seidel.
2326
2327         Fix the header, URLSegments.h is not part of the API.
2328
2329         * wtf/url/api/ParsedURL.h:
2330
2331 2012-03-08  Ryosuke Niwa  <rniwa@webkit.org>
2332
2333         Mac build fix for micro data API.
2334
2335         * Configurations/FeatureDefines.xcconfig:
2336
2337 2012-03-08  Gavin Barraclough  <barraclough@apple.com>
2338
2339         String.prototype.match and replace do not clear global regexp lastIndex per ES5.1 15.5.4.10
2340         https://bugs.webkit.org/show_bug.cgi?id=26890
2341
2342         Reviewed by Oliver Hunt.
2343
2344         Per 15.10.6.2 step 9.a.1 called via the action of the last iteration of 15.5.4.10 8.f.i.
2345
2346         * runtime/StringPrototype.cpp:
2347         (JSC::replaceUsingRegExpSearch):
2348         (JSC::stringProtoFuncMatch):
2349             - added calls to setLastIndex.
2350
2351 2012-03-08  Matt Lilek  <mrl@apple.com>
2352
2353         Don't enable VIDEO_TRACK on all OS X platforms
2354         https://bugs.webkit.org/show_bug.cgi?id=80635
2355
2356         Reviewed by Eric Carlson.
2357
2358         * Configurations/FeatureDefines.xcconfig:
2359
2360 2012-03-08  Oliver Hunt  <oliver@apple.com>
2361
2362         Build fix.  That day is not today.
2363
2364         * assembler/MacroAssembler.h:
2365         (JSC::MacroAssembler::shouldBlind):
2366         * assembler/MacroAssemblerX86Common.h:
2367         (MacroAssemblerX86Common):
2368         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2369
2370 2012-03-08  Oliver Hunt  <oliver@apple.com>
2371
2372         Build fix. One of these days I'll manage to commit something that works everywhere.
2373
2374         * assembler/AbstractMacroAssembler.h:
2375         (AbstractMacroAssembler):
2376         * assembler/MacroAssemblerARMv7.h:
2377         (MacroAssemblerARMv7):
2378         * assembler/MacroAssemblerX86Common.h:
2379         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2380         (MacroAssemblerX86Common):
2381
2382 2012-03-08  Chao-ying Fu  <fu@mips.com>
2383
2384         Update MIPS patchOffsetGetByIdSlowCaseCall
2385         https://bugs.webkit.org/show_bug.cgi?id=80302
2386
2387         Reviewed by Oliver Hunt.
2388
2389         * jit/JIT.h:
2390         (JIT):
2391
2392 2012-03-08  Oliver Hunt  <oliver@apple.com>
2393
2394         Missing some places where we should be blinding 64bit values (and blinding something we shouldn't)
2395         https://bugs.webkit.org/show_bug.cgi?id=80633
2396
2397         Reviewed by Gavin Barraclough.
2398
2399         Add 64-bit trap for shouldBlindForSpecificArch, so that we always blind
2400         if there isn't a machine specific implementation (otherwise the 64bit value
2401         got truncated and 32bit checks were used -- leaving 32bits untested).
2402         Also add a bit of logic to ensure that we don't try to blind a few common
2403         constants that go through the ImmPtr paths -- encoded numeric JSValues and
2404         unencoded doubles with common "safe" values.
2405
2406         * assembler/AbstractMacroAssembler.h:
2407         (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
2408         * assembler/MacroAssembler.h:
2409         (JSC::MacroAssembler::shouldBlindDouble):
2410         (MacroAssembler):
2411         (JSC::MacroAssembler::shouldBlind):
2412         * assembler/MacroAssemblerX86Common.h:
2413         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2414
2415 2012-03-08  Mark Rowe  <mrowe@apple.com>
2416
2417         <rdar://problem/11012572> Ensure that the staged frameworks path is in the search path for JavaScriptCore
2418
2419         Reviewed by Dan Bernstein.
2420
2421         * Configurations/Base.xcconfig:
2422
2423 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
2424
2425         Fix line endings for copy-files.cmd.
2426         
2427         If a cmd file doesn't have Windows line endings, it doesn't work properly.
2428         In this case, the label :clean wasn't found, breaking the clean build.
2429         
2430         Reviewed by Jessie Berlin.
2431
2432         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2433
2434 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
2435
2436         DFG CFA incorrectly handles ValueToInt32
2437         https://bugs.webkit.org/show_bug.cgi?id=80568
2438
2439         Reviewed by Gavin Barraclough.
2440         
2441         Changed it match exactly the decision pattern used in
2442         DFG::SpeculativeJIT::compileValueToInt32
2443
2444         * dfg/DFGAbstractState.cpp:
2445         (JSC::DFG::AbstractState::execute):
2446
2447 2012-03-08  Viatcheslav Ostapenko  <ostapenko.viatcheslav@nokia.com>
2448
2449         [Qt] [WK2] Webkit fails to link when compiled with force_static_libs_as_shared
2450         https://bugs.webkit.org/show_bug.cgi?id=80524
2451
2452         Reviewed by Simon Hausmann.
2453
2454         Move IdentifierTable methods defintion to WTFThreadData.cpp to fix linking 
2455         of WTF library.
2456
2457         * runtime/Identifier.cpp:
2458         * wtf/WTFThreadData.cpp:
2459         (JSC):
2460         (JSC::IdentifierTable::~IdentifierTable):
2461         (JSC::IdentifierTable::add):
2462
2463 2012-03-08  Filip Pizlo  <fpizlo@apple.com>
2464
2465         DFG instruction count threshold should be lifted to 10000
2466         https://bugs.webkit.org/show_bug.cgi?id=80579
2467
2468         Reviewed by Gavin Barraclough.
2469
2470         * runtime/Options.cpp:
2471         (JSC::Options::initializeOptions):
2472
2473 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
2474
2475         Incorrect tracking of abstract values of variables forced double
2476         https://bugs.webkit.org/show_bug.cgi?id=80566
2477         <rdar://problem/11001442>
2478
2479         Reviewed by Gavin Barraclough.
2480
2481         * dfg/DFGAbstractState.cpp:
2482         (JSC::DFG::AbstractState::mergeStateAtTail):
2483
2484 2012-03-07  Chao-yng Fu  <fu@mips.com>
2485
2486         [Qt] Fix the MIPS/SH4 build after r109834
2487         https://bugs.webkit.org/show_bug.cgi?id=80492
2488
2489         Reviewed by Oliver Hunt.
2490
2491         Implement three-argument branch(Add,Sub)32.
2492
2493         * assembler/MacroAssemblerMIPS.h:
2494         (JSC::MacroAssemblerMIPS::add32):
2495         (MacroAssemblerMIPS):
2496         (JSC::MacroAssemblerMIPS::sub32):
2497         (JSC::MacroAssemblerMIPS::branchAdd32):
2498         (JSC::MacroAssemblerMIPS::branchSub32):
2499
2500 2012-03-07  Sheriff Bot  <webkit.review.bot@gmail.com>
2501
2502         Unreviewed, rolling out r110127.
2503         http://trac.webkit.org/changeset/110127
2504         https://bugs.webkit.org/show_bug.cgi?id=80562
2505
2506         compile failed on AppleWin (Requested by ukai on #webkit).
2507
2508         * heap/Heap.cpp:
2509         (JSC::Heap::collectAllGarbage):
2510         * heap/Heap.h:
2511         (JSC):
2512         (Heap):
2513         * runtime/Executable.cpp:
2514         (JSC::FunctionExecutable::FunctionExecutable):
2515         (JSC::FunctionExecutable::finalize):
2516         * runtime/Executable.h:
2517         (FunctionExecutable):
2518         (JSC::FunctionExecutable::create):
2519         * runtime/JSGlobalData.cpp:
2520         (WTF):
2521         (Recompiler):
2522         (WTF::Recompiler::operator()):
2523         (JSC::JSGlobalData::recompileAllJSFunctions):
2524         (JSC):
2525         * runtime/JSGlobalData.h:
2526         (JSGlobalData):
2527         * runtime/JSGlobalObject.cpp:
2528         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
2529
2530 2012-03-07  Hojong Han  <hojong.han@samsung.com>
2531
2532         The end atom of the marked block considered to filter invalid cells
2533         https://bugs.webkit.org/show_bug.cgi?id=79191
2534
2535         Reviewed by Geoffrey Garen.
2536
2537         Register file could have stale pointers beyond the end atom of marked block.
2538         Those pointers can weasel out of filtering in-middle-of-cell pointer.
2539
2540         * heap/MarkedBlock.h:
2541         (JSC::MarkedBlock::isLiveCell):
2542
2543 2012-03-07  Jessie Berlin  <jberlin@apple.com>
2544
2545         Clean Windows build fails after r110033
2546         https://bugs.webkit.org/show_bug.cgi?id=80553
2547
2548         Rubber-stamped by Jon Honeycutt and Eric Seidel.
2549
2550         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2551         Place the implementation files next to their header files in the wtf/text subdirectory.
2552         Use echo -F to tell xcopy that these are files (since there is apparently no flag).
2553         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
2554         Update the path to those implementation files.
2555         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
2556         Ditto.
2557
2558 2012-03-07  Yuqiang Xian  <yuqiang.xian@intel.com>
2559
2560         Eliminate redundant Phis in DFG
2561         https://bugs.webkit.org/show_bug.cgi?id=80415
2562
2563         Reviewed by Filip Pizlo.
2564
2565         Although this may not have any advantage at current stage, this is towards
2566         minimal SSA to make more high level optimizations (like bug 76770) easier.
2567         We have the choices either to build minimal SSA from scratch or to
2568         keep current simple Phi insertion mechanism and remove the redundancy
2569         in another phase. Currently we choose the latter because the change
2570         could be smaller.
2571
2572         * CMakeLists.txt:
2573         * GNUmakefile.list.am:
2574         * JavaScriptCore.xcodeproj/project.pbxproj:
2575         * Target.pri:
2576         * dfg/DFGDriver.cpp:
2577         (JSC::DFG::compile):
2578         * dfg/DFGGraph.cpp:
2579         (JSC::DFG::Graph::dump):
2580         * dfg/DFGRedundantPhiEliminationPhase.cpp: Added.
2581         (DFG):
2582         (RedundantPhiEliminationPhase):
2583         (JSC::DFG::RedundantPhiEliminationPhase::RedundantPhiEliminationPhase):
2584         (JSC::DFG::RedundantPhiEliminationPhase::run):
2585         (JSC::DFG::RedundantPhiEliminationPhase::getRedundantReplacement):
2586         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
2587         (JSC::DFG::RedundantPhiEliminationPhase::fixupPhis):
2588         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
2589         (JSC::DFG::performRedundantPhiElimination):
2590         * dfg/DFGRedundantPhiEliminationPhase.h: Added.
2591         (DFG):
2592
2593 2012-03-07  Mark Hahnenberg  <mhahnenberg@apple.com>
2594
2595         Refactor recompileAllJSFunctions() to be less expensive
2596         https://bugs.webkit.org/show_bug.cgi?id=80330
2597
2598         Reviewed by Geoffrey Garen.
2599
2600         This change is performance neutral on the JS benchmarks we track. It's mostly to improve page 
2601         load performance, which currently does at least a couple full GCs per navigation.
2602
2603         * heap/Heap.cpp:
2604         (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode 
2605         because the function doesn't actually recompile anything (and never did); it simply throws code
2606         away for it to be recompiled later if we determine we should do so.
2607         (JSC):
2608         (JSC::Heap::collectAllGarbage):
2609         (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list.
2610         (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list.
2611         * heap/Heap.h:
2612         (JSC):
2613         (Heap):
2614         * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can 
2615         be used in DoublyLinkedLists.
2616         (JSC::FunctionExecutable::FunctionExecutable):
2617         (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list.
2618         * runtime/Executable.h:
2619         (FunctionExecutable):
2620         (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list.
2621         * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage 
2622         the list of FunctionExecutables.
2623         * runtime/JSGlobalData.h:
2624         (JSGlobalData):
2625         * runtime/JSGlobalObject.cpp:
2626         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode.
2627
2628 2012-03-06  Oliver Hunt  <oliver@apple.com>
2629
2630         Further harden 64-bit JIT
2631         https://bugs.webkit.org/show_bug.cgi?id=80457
2632
2633         Reviewed by Filip Pizlo.
2634
2635         This patch implements blinding for ImmPtr.  Rather than xor based blinding
2636         we perform randomised pointer rotations in order to avoid the significant
2637         cost in executable memory that would otherwise be necessary (and to avoid
2638         the need for an additional scratch register in some cases).
2639
2640         As with the prior blinding patch there's a moderate amount of noise as we
2641         correct the use of ImmPtr vs. TrustedImmPtr.
2642
2643         * assembler/AbstractMacroAssembler.h:
2644         (ImmPtr):
2645         (JSC::AbstractMacroAssembler::ImmPtr::asTrustedImmPtr):
2646         * assembler/MacroAssembler.h:
2647         (MacroAssembler):
2648         (JSC::MacroAssembler::storePtr):
2649         (JSC::MacroAssembler::branchPtr):
2650         (JSC::MacroAssembler::shouldBlind):
2651         (JSC::MacroAssembler::RotatedImmPtr::RotatedImmPtr):
2652         (RotatedImmPtr):
2653         (JSC::MacroAssembler::rotationBlindConstant):
2654         (JSC::MacroAssembler::loadRotationBlindedConstant):
2655         (JSC::MacroAssembler::convertInt32ToDouble):
2656         (JSC::MacroAssembler::move):
2657         (JSC::MacroAssembler::poke):
2658         * assembler/MacroAssemblerARMv7.h:
2659         (JSC::MacroAssemblerARMv7::storeDouble):
2660         (JSC::MacroAssemblerARMv7::branchAdd32):
2661         * assembler/MacroAssemblerX86_64.h:
2662         (MacroAssemblerX86_64):
2663         (JSC::MacroAssemblerX86_64::rotateRightPtr):
2664         (JSC::MacroAssemblerX86_64::xorPtr):
2665         * assembler/X86Assembler.h:
2666         (X86Assembler):
2667         (JSC::X86Assembler::xorq_rm):
2668         (JSC::X86Assembler::rorq_i8r):
2669         * dfg/DFGCCallHelpers.h:
2670         (CCallHelpers):
2671         (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
2672         * dfg/DFGOSRExitCompiler32_64.cpp:
2673         (JSC::DFG::OSRExitCompiler::compileExit):
2674         * dfg/DFGOSRExitCompiler64.cpp:
2675         (JSC::DFG::OSRExitCompiler::compileExit):
2676         * dfg/DFGSpeculativeJIT.cpp:
2677         (JSC::DFG::SpeculativeJIT::createOSREntries):
2678         * dfg/DFGSpeculativeJIT.h:
2679         (JSC::DFG::SpeculativeJIT::silentFillGPR):
2680         (JSC::DFG::SpeculativeJIT::callOperation):
2681         (JSC::DFG::SpeculativeJIT::emitEdgeCode):
2682         * dfg/DFGSpeculativeJIT32_64.cpp:
2683         (JSC::DFG::SpeculativeJIT::compile):
2684         * dfg/DFGSpeculativeJIT64.cpp:
2685         (JSC::DFG::SpeculativeJIT::fillInteger):
2686         (JSC::DFG::SpeculativeJIT::fillDouble):
2687         (JSC::DFG::SpeculativeJIT::fillJSValue):
2688         (JSC::DFG::SpeculativeJIT::emitCall):
2689         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
2690         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
2691         (JSC::DFG::SpeculativeJIT::emitBranch):
2692         * jit/JIT.cpp:
2693         (JSC::JIT::emitOptimizationCheck):
2694         * jit/JITArithmetic32_64.cpp:
2695         (JSC::JIT::emitSlow_op_post_inc):
2696         * jit/JITInlineMethods.h:
2697         (JSC::JIT::emitValueProfilingSite):
2698         (JSC::JIT::emitGetVirtualRegister):
2699         * jit/JITOpcodes.cpp:
2700         (JSC::JIT::emit_op_mov):
2701         (JSC::JIT::emit_op_new_object):
2702         (JSC::JIT::emit_op_strcat):
2703         (JSC::JIT::emit_op_ensure_property_exists):
2704         (JSC::JIT::emit_op_resolve_skip):
2705         (JSC::JIT::emitSlow_op_resolve_global):
2706         (JSC::JIT::emit_op_resolve_with_base):
2707         (JSC::JIT::emit_op_resolve_with_this):
2708         (JSC::JIT::emit_op_jmp_scopes):
2709         (JSC::JIT::emit_op_switch_imm):
2710         (JSC::JIT::emit_op_switch_char):
2711         (JSC::JIT::emit_op_switch_string):
2712         (JSC::JIT::emit_op_throw_reference_error):
2713         (JSC::JIT::emit_op_debug):
2714         (JSC::JIT::emitSlow_op_resolve_global_dynamic):
2715         (JSC::JIT::emit_op_new_array):
2716         (JSC::JIT::emitSlow_op_new_array):
2717         (JSC::JIT::emit_op_new_array_buffer):
2718         * jit/JITOpcodes32_64.cpp:
2719         (JSC::JIT::emit_op_new_object):
2720         (JSC::JIT::emit_op_strcat):
2721         (JSC::JIT::emit_op_ensure_property_exists):
2722         (JSC::JIT::emit_op_resolve_skip):
2723         (JSC::JIT::emitSlow_op_resolve_global):
2724         (JSC::JIT::emit_op_resolve_with_base):
2725         (JSC::JIT::emit_op_resolve_with_this):
2726         (JSC::JIT::emit_op_jmp_scopes):
2727         (JSC::JIT::emit_op_switch_imm):
2728         (JSC::JIT::emit_op_switch_char):
2729         (JSC::JIT::emit_op_switch_string):
2730         * jit/JITPropertyAccess32_64.cpp:
2731         (JSC::JIT::emit_op_put_by_index):
2732         * jit/JITStubCall.h:
2733         (JITStubCall):
2734         (JSC::JITStubCall::addArgument):
2735
2736 2012-03-07  Simon Hausmann  <simon.hausmann@nokia.com>
2737
2738         ARM build fix.
2739
2740         Reviewed by Zoltan Herczeg.
2741
2742         Implement three-argument branch(Add,Sub)32.
2743
2744         * assembler/MacroAssemblerARM.h:
2745         (JSC::MacroAssemblerARM::add32):
2746         (MacroAssemblerARM):
2747         (JSC::MacroAssemblerARM::sub32):
2748         (JSC::MacroAssemblerARM::branchAdd32):
2749         (JSC::MacroAssemblerARM::branchSub32):
2750
2751 2012-03-07  Andy Wingo  <wingo@igalia.com>
2752
2753         Parser: Inline ScopeNodeData into ScopeNode
2754         https://bugs.webkit.org/show_bug.cgi?id=79776
2755
2756         Reviewed by Geoffrey Garen.
2757
2758         It used to be that some ScopeNode members were kept in a separate
2759         structure because sometimes they wouldn't be needed, and
2760         allocating a ParserArena was expensive.  This patch makes
2761         ParserArena lazily allocate its IdentifierArena, allowing the
2762         members to be included directly, which is simpler and easier to
2763         reason about.
2764
2765         * parser/ParserArena.cpp:
2766         (JSC::ParserArena::ParserArena):
2767         (JSC::ParserArena::reset):
2768         (JSC::ParserArena::isEmpty):
2769         * parser/ParserArena.h:
2770         (JSC::ParserArena::identifierArena): Lazily allocate the
2771         IdentifierArena.
2772
2773         * parser/Nodes.cpp:
2774         (JSC::ScopeNode::ScopeNode):
2775         (JSC::ScopeNode::singleStatement):
2776         (JSC::ProgramNode::create):
2777         (JSC::EvalNode::create):
2778         (JSC::FunctionBodyNode::create):
2779         * parser/Nodes.h:
2780         (JSC::ScopeNode::destroyData):
2781         (JSC::ScopeNode::needsActivationForMoreThanVariables):
2782         (JSC::ScopeNode::needsActivation):
2783         (JSC::ScopeNode::hasCapturedVariables):
2784         (JSC::ScopeNode::capturedVariableCount):
2785         (JSC::ScopeNode::captures):
2786         (JSC::ScopeNode::varStack):
2787         (JSC::ScopeNode::functionStack):
2788         (JSC::ScopeNode::neededConstants):
2789         (ScopeNode):
2790         * bytecompiler/NodesCodegen.cpp:
2791         (JSC::ScopeNode::emitStatementsBytecode): Inline ScopeNodeData
2792         into ScopeNode.  Adapt accessors.
2793
2794 2012-03-06  Eric Seidel  <eric@webkit.org>
2795
2796         Make WTF public headers use fully-qualified include paths and remove ForwardingHeaders/wtf
2797         https://bugs.webkit.org/show_bug.cgi?id=80363
2798
2799         Reviewed by Mark Rowe.
2800
2801         Historically WTF has been part of JavaScriptCore, and on Mac and Windows
2802         its headers have appeared as part of the "private" headers exported by
2803         JavaScriptCore.  All of the WTF headers there are "flattened" into a single
2804         private headers directory, and WebCore, WebKit and WebKit2 have used "ForwardingHeaders"
2805         to re-map fully-qualified <wtf/text/Foo.h> includes to simple <JavaScriptCore/Foo.h> includes.
2806
2807         However, very soon, we are moving the WTF source code out of JavaScriptCore into its
2808         own directory and project.  As part of such, the WTF headers will no longer be part of
2809         the JavaScriptCore private interfaces.
2810         In preparation for that, this change makes both the Mac and Win builds export
2811         WTF headers in a non-flattened manner.  On Mac, that means into usr/local/include/wtf
2812         (and subdirectories), on Windows for now that means JavaScriptCore/wtf (and subdirectories).
2813
2814         There are 5 parts to this change.
2815         1.  Updates the JavaScriptCore XCode and VCProj files to actually install these headers
2816             (and header directories) into the appropriate places in the build directory.
2817         2.  Updates JavaScriptCore.xcodeproj to look for these WTF headers in this install location
2818             (WebCore, WebKit, etc. had already been taught to look in previous patches).
2819         3.  Fixes all JavaScriptCore source files, and WTF headers to include WTF headers
2820             using fully qualified paths.
2821         4.  Stops the Mac and Win builds from installing these WTF headers in their old "flattened" location.
2822         5.  Removes WebCore and WebKit ForwardingHeaders/wtf directories now that the flattened headers no longer exist.
2823
2824         Unfortunately we see no way to do this change in smaller parts, since all of these steps are interdependant.
2825         It is possible there are internal Apple projects which depend on JavaScriptCore/Foo.h working for WTF
2826         headers, those will have to be updated to use <wtf/Foo.h> after this change.
2827         I've discussed this proposed change at length with Mark Rowe, and my understanding is they
2828         are ready for (and interested in) this change happening.
2829
2830         * API/tests/JSNode.c:
2831         * API/tests/JSNodeList.c:
2832         * Configurations/Base.xcconfig:
2833         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2834         * JavaScriptCore.xcodeproj/project.pbxproj:
2835         * assembler/MacroAssemblerCodeRef.h:
2836         * bytecompiler/BytecodeGenerator.h:
2837         * dfg/DFGOperations.cpp:
2838         * heap/GCAssertions.h:
2839         * heap/HandleHeap.h:
2840         * heap/HandleStack.h:
2841         * heap/MarkedSpace.h:
2842         * heap/PassWeak.h:
2843         * heap/Strong.h:
2844         * heap/Weak.h:
2845         * jit/HostCallReturnValue.cpp:
2846         * jit/JIT.cpp:
2847         * jit/JITStubs.cpp:
2848         * jit/ThunkGenerators.cpp:
2849         * parser/Lexer.cpp:
2850         * runtime/Completion.cpp:
2851         * runtime/Executable.cpp:
2852         * runtime/Identifier.h:
2853         * runtime/InitializeThreading.cpp:
2854         * runtime/JSDateMath.cpp:
2855         * runtime/JSGlobalObjectFunctions.cpp:
2856         * runtime/JSStringBuilder.h:
2857         * runtime/JSVariableObject.h:
2858         * runtime/NumberPrototype.cpp:
2859         * runtime/WriteBarrier.h:
2860         * tools/CodeProfile.cpp:
2861         * tools/TieredMMapArray.h:
2862         * wtf/AVLTree.h:
2863         * wtf/Alignment.h:
2864         * wtf/AlwaysInline.h:
2865         * wtf/ArrayBufferView.h:
2866         * wtf/Assertions.h:
2867         * wtf/Atomics.h:
2868         * wtf/Bitmap.h:
2869         * wtf/BoundsCheckedPointer.h:
2870         * wtf/CheckedArithmetic.h:
2871         * wtf/Deque.h:
2872         * wtf/ExportMacros.h:
2873         * wtf/FastAllocBase.h:
2874         * wtf/FastMalloc.h:
2875         * wtf/Float32Array.h:
2876         * wtf/Float64Array.h:
2877         * wtf/Functional.h:
2878         * wtf/HashCountedSet.h:
2879         * wtf/HashFunctions.h:
2880         * wtf/HashMap.h:
2881         * wtf/HashSet.h:
2882         * wtf/HashTable.h:
2883         * wtf/HashTraits.h:
2884         * wtf/Int16Array.h:
2885         * wtf/Int32Array.h:
2886         * wtf/Int8Array.h:
2887         * wtf/IntegralTypedArrayBase.h:
2888         * wtf/ListHashSet.h:
2889         * wtf/MainThread.h:
2890         * wtf/MetaAllocator.h:
2891         * wtf/Noncopyable.h:
2892         * wtf/OwnArrayPtr.h:
2893         * wtf/OwnPtr.h:
2894         * wtf/PackedIntVector.h:
2895         * wtf/ParallelJobs.h:
2896         * wtf/PassOwnArrayPtr.h:
2897         * wtf/PassOwnPtr.h:
2898         * wtf/PassRefPtr.h:
2899         * wtf/PassTraits.h:
2900         * wtf/Platform.h:
2901         * wtf/PossiblyNull.h:
2902         * wtf/RefCounted.h:
2903         * wtf/RefCountedLeakCounter.h:
2904         * wtf/RefPtr.h:
2905         * wtf/RetainPtr.h:
2906         * wtf/SimpleStats.h:
2907         * wtf/Spectrum.h:
2908         * wtf/StdLibExtras.h:
2909         * wtf/TCPageMap.h:
2910         * wtf/TemporaryChange.h:
2911         * wtf/ThreadSafeRefCounted.h:
2912         * wtf/Threading.h:
2913         * wtf/ThreadingPrimitives.h:
2914         * wtf/TypeTraits.h:
2915         * wtf/TypedArrayBase.h:
2916         * wtf/Uint16Array.h:
2917         * wtf/Uint32Array.h:
2918         * wtf/Uint8Array.h:
2919         * wtf/Uint8ClampedArray.h:
2920         * wtf/UnusedParam.h:
2921         * wtf/Vector.h:
2922         * wtf/VectorTraits.h:
2923         * wtf/dtoa/double-conversion.h:
2924         * wtf/dtoa/utils.h:
2925         * wtf/gobject/GRefPtr.h:
2926         * wtf/gobject/GlibUtilities.h:
2927         * wtf/text/AtomicString.h:
2928         * wtf/text/AtomicStringImpl.h:
2929         * wtf/text/CString.h:
2930         * wtf/text/StringConcatenate.h:
2931         * wtf/text/StringHash.h:
2932         * wtf/text/WTFString.h:
2933         * wtf/unicode/CharacterNames.h:
2934         * wtf/unicode/UTF8.h:
2935         * wtf/unicode/glib/UnicodeGLib.h:
2936         * wtf/unicode/qt4/UnicodeQt4.h:
2937         * wtf/unicode/wince/UnicodeWinCE.h:
2938         * wtf/url/api/ParsedURL.h:
2939         * wtf/url/api/URLString.h:
2940         * wtf/wince/FastMallocWinCE.h:
2941         * yarr/YarrJIT.cpp:
2942
2943 2012-03-06  Gavin Barraclough  <barraclough@apple.com>
2944
2945         Array.prototype functions should throw if delete fails
2946         https://bugs.webkit.org/show_bug.cgi?id=80467
2947
2948         Reviewed by Oliver Hunt.
2949
2950         All calls to [[Delete]] from Array.prototype are specified to pass 'true' as the value of Throw.
2951         In the case of shift/unshift, these are also missing a throw from the 'put' in the implementations
2952         in JSArray.cpp. There are effectively three copies of each of the generic shift/unshift routines,
2953         one in splice, one in ArrayPrototype's shift/unshift methods, and one in JSArray's shift/unshift
2954         routines, for handling arrays with holes. These three copies should be unified.
2955
2956         * runtime/ArrayPrototype.cpp:
2957         (JSC::shift):
2958         (JSC::unshift):
2959             - Added - shared copies of the shift/unshift functionality.
2960         (JSC::arrayProtoFuncPop):
2961             - should throw if the delete fails.
2962         (JSC::arrayProtoFuncReverse):
2963             - should throw if the delete fails.
2964         (JSC::arrayProtoFuncShift):
2965         (JSC::arrayProtoFuncSplice):
2966         (JSC::arrayProtoFuncUnShift):
2967             - use shift/unshift.
2968         * runtime/JSArray.cpp:
2969         (JSC::JSArray::shiftCount):
2970         (JSC::JSArray::unshiftCount):
2971             - Don't try to handle arrays with holes; return a value indicating
2972               the generic routine should be used instead.
2973         * runtime/JSArray.h:
2974             - declaration for shiftCount/unshiftCount changed.
2975         * tests/mozilla/js1_6/Array/regress-304828.js:
2976             - this was asserting incorrect behaviour.
2977
2978 2012-03-06  Raphael Kubo da Costa  <kubo@profusion.mobi>
2979
2980         [CMake] Make the removal of transitive library dependencies work with CMake < 2.8.7.
2981         https://bugs.webkit.org/show_bug.cgi?id=80469
2982
2983         Reviewed by Antonio Gomes.
2984
2985         * CMakeLists.txt: Manually set the LINK_INTERFACE_LIBRARIES target
2986         property on the library being created.
2987
2988 2012-03-06  Yuqiang Xian  <yuqiang.xian@intel.com>
2989
2990         DFG BasicBlock should group the Phi nodes together and separate them
2991         from the other nodes
2992         https://bugs.webkit.org/show_bug.cgi?id=80361
2993
2994         Reviewed by Filip Pizlo.
2995
2996         This would make it more efficient to remove the redundant Phi nodes or
2997         insert new Phi nodes for SSA, besides providing a cleaner BasicBlock structure.
2998         This is performance neutral on SunSpider, V8 and Kraken.
2999
3000         * dfg/DFGAbstractState.cpp:
3001         (JSC::DFG::AbstractState::clobberStructures):
3002         (JSC::DFG::AbstractState::dump):
3003         * dfg/DFGBasicBlock.h:
3004         (JSC::DFG::BasicBlock::BasicBlock):
3005         (BasicBlock):
3006         * dfg/DFGByteCodeParser.cpp:
3007         (JSC::DFG::ByteCodeParser::addToGraph):
3008         (JSC::DFG::ByteCodeParser::insertPhiNode):
3009         * dfg/DFGCFAPhase.cpp:
3010         (JSC::DFG::CFAPhase::performBlockCFA):
3011         * dfg/DFGCSEPhase.cpp:
3012         (JSC::DFG::CSEPhase::pureCSE):
3013         (JSC::DFG::CSEPhase::impureCSE):
3014         (JSC::DFG::CSEPhase::globalVarLoadElimination):
3015         (JSC::DFG::CSEPhase::getByValLoadElimination):
3016         (JSC::DFG::CSEPhase::checkFunctionElimination):
3017         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
3018         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
3019         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
3020         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
3021         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
3022         (JSC::DFG::CSEPhase::performBlockCSE):
3023         * dfg/DFGGraph.cpp:
3024         (JSC::DFG::Graph::dump):
3025         * dfg/DFGSpeculativeJIT.cpp:
3026         (JSC::DFG::SpeculativeJIT::compile):
3027
3028 2012-03-06  Mark Hahnenberg  <mhahnenberg@apple.com>
3029
3030         GCActivityCallback timer should vary with the length of the previous GC
3031         https://bugs.webkit.org/show_bug.cgi?id=80344
3032
3033         Reviewed by Geoffrey Garen.
3034
3035         * heap/Heap.cpp: Gave Heap the ability to keep track of the length of its last 
3036         GC length so that the GC Activity Callback can use it.
3037         (JSC::Heap::Heap):
3038         (JSC::Heap::collect):
3039         * heap/Heap.h:
3040         (JSC::Heap::lastGCLength):
3041         (Heap):
3042         * runtime/GCActivityCallbackCF.cpp:
3043         (JSC):
3044         (JSC::DefaultGCActivityCallback::operator()): Use the length of the Heap's last 
3045         GC to determine the length of our timer trigger (currently set at 100x the duration 
3046         of the last GC).
3047
3048 2012-03-06  Rob Buis  <rbuis@rim.com>
3049
3050         BlackBerry] Fix cast-align gcc warnings when compiling JSC
3051         https://bugs.webkit.org/show_bug.cgi?id=80420
3052
3053         Reviewed by Gavin Barraclough.
3054
3055         Fix warnings given in Blackberry build.
3056
3057         * heap/CopiedBlock.h:
3058         (JSC::CopiedBlock::CopiedBlock):
3059         * wtf/RefCountedArray.h:
3060         (WTF::RefCountedArray::Header::fromPayload):
3061
3062 2012-03-06  Gavin Barraclough  <barraclough@apple.com>
3063
3064         writable/configurable not respected for some properties of Function/String/Arguments
3065         https://bugs.webkit.org/show_bug.cgi?id=80436
3066
3067         Reviewed by Oliver Hunt.
3068
3069         Special properties should behave like regular properties.
3070
3071         * runtime/Arguments.cpp:
3072         (JSC::Arguments::defineOwnProperty):
3073             - Mis-nested logic for making read-only properties non-live.
3074         * runtime/JSFunction.cpp:
3075         (JSC::JSFunction::put):
3076             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
3077         (JSC::JSFunction::deleteProperty):
3078             - Attempting to delete prototype/caller should fail.
3079         (JSC::JSFunction::defineOwnProperty):
3080             - Ensure prototype is reified on attempt to reify it.
3081             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
3082         * runtime/JSFunction.h:
3083             - added declaration for defineOwnProperty.
3084         (JSFunction):
3085         * runtime/StringObject.cpp:
3086         (JSC::StringObject::put):
3087             - length is non-writable, non-configurable - reject appropriately.
3088
3089 2012-03-06  Ulan Degenbaev  <ulan@chromium.org>
3090
3091         TypedArray subarray call for subarray does not clamp the end index parameter properly
3092         https://bugs.webkit.org/show_bug.cgi?id=80285
3093
3094         Reviewed by Kenneth Russell.
3095
3096         * wtf/ArrayBufferView.h:
3097         (WTF::ArrayBufferView::calculateOffsetAndLength):
3098
3099 2012-03-06  Sheriff Bot  <webkit.review.bot@gmail.com>
3100
3101         Unreviewed, rolling out r109837.
3102         http://trac.webkit.org/changeset/109837
3103         https://bugs.webkit.org/show_bug.cgi?id=80399
3104
3105         breaks Mac Productions builds, too late to try and fix it
3106         tonight (Requested by eseidel on #webkit).
3107
3108         * API/tests/JSNode.c:
3109         * API/tests/JSNodeList.c:
3110         * Configurations/Base.xcconfig:
3111         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
3112         * JavaScriptCore.xcodeproj/project.pbxproj:
3113         * assembler/MacroAssemblerCodeRef.h:
3114         * bytecompiler/BytecodeGenerator.h:
3115         * dfg/DFGOperations.cpp:
3116         * heap/GCAssertions.h:
3117         * heap/HandleHeap.h:
3118         * heap/HandleStack.h:
3119         * heap/MarkedSpace.h:
3120         * heap/PassWeak.h:
3121         * heap/Strong.h:
3122         * heap/Weak.h:
3123         * jit/HostCallReturnValue.cpp:
3124         * jit/JIT.cpp:
3125         * jit/JITStubs.cpp:
3126         * jit/ThunkGenerators.cpp:
3127         * parser/Lexer.cpp:
3128         * runtime/Completion.cpp:
3129         * runtime/Executable.cpp:
3130         * runtime/Identifier.h:
3131         * runtime/InitializeThreading.cpp:
3132         * runtime/JSDateMath.cpp:
3133         * runtime/JSGlobalObjectFunctions.cpp:
3134         * runtime/JSStringBuilder.h:
3135         * runtime/JSVariableObject.h:
3136         * runtime/NumberPrototype.cpp:
3137         * runtime/WriteBarrier.h:
3138         * tools/CodeProfile.cpp:
3139         * tools/TieredMMapArray.h:
3140         * yarr/YarrJIT.cpp:
3141
3142 2012-03-06  Zoltan Herczeg  <zherczeg@webkit.org>
3143
3144         [Qt][ARM] Speculative buildfix after r109834.
3145
3146         Reviewed by Csaba Osztrogonác.
3147
3148         * assembler/MacroAssemblerARM.h:
3149         (JSC::MacroAssemblerARM::and32):
3150         (MacroAssemblerARM):
3151
3152 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3153
3154         Unreviewed windows build fix pt 2.
3155
3156         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3157
3158 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3159
3160         Unreviewed windows build fix pt 1.
3161
3162         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3163
3164 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3165
3166         putByIndex should throw in strict mode
3167         https://bugs.webkit.org/show_bug.cgi?id=80335
3168
3169         Reviewed by Filip Pizlo.
3170
3171         Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter.
3172
3173         This is a largely mechanical change, simply adding an extra parameter to a number
3174         of functions. Some call sites need perform additional exception checks, and
3175         operationPutByValBeyondArrayBounds needs to know whether it is strict or not.
3176
3177         This patch doesn't fix a missing throw from some cases of shift/unshift (this is
3178         an existing bug), I'll follow up with a third patch to handle that.
3179
3180         * API/JSObjectRef.cpp:
3181         (JSObjectSetPropertyAtIndex):
3182         * JSCTypedArrayStubs.h:
3183         (JSC):
3184         * dfg/DFGOperations.cpp:
3185         (JSC::DFG::putByVal):
3186         * dfg/DFGOperations.h:
3187         * dfg/DFGSpeculativeJIT32_64.cpp:
3188         (JSC::DFG::SpeculativeJIT::compile):
3189         * dfg/DFGSpeculativeJIT64.cpp:
3190         (JSC::DFG::SpeculativeJIT::compile):
3191         * interpreter/Interpreter.cpp:
3192         (JSC::Interpreter::privateExecute):
3193         * jit/JITStubs.cpp:
3194         (JSC::DEFINE_STUB_FUNCTION):
3195         * jsc.cpp:
3196         (GlobalObject::finishCreation):
3197         * llint/LLIntSlowPaths.cpp:
3198         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3199         * runtime/Arguments.cpp:
3200         (JSC::Arguments::putByIndex):
3201         * runtime/Arguments.h:
3202         (Arguments):
3203         * runtime/ArrayPrototype.cpp:
3204         (JSC::arrayProtoFuncPush):
3205         (JSC::arrayProtoFuncReverse):
3206         (JSC::arrayProtoFuncShift):
3207         (JSC::arrayProtoFuncSort):
3208         (JSC::arrayProtoFuncSplice):
3209         (JSC::arrayProtoFuncUnShift):
3210         * runtime/ClassInfo.h:
3211         (MethodTable):
3212         * runtime/JSArray.cpp:
3213         (JSC::SparseArrayValueMap::put):
3214         (JSC::JSArray::put):
3215         (JSC::JSArray::putByIndex):
3216         (JSC::JSArray::putByIndexBeyondVectorLength):
3217         (JSC::JSArray::push):
3218         (JSC::JSArray::shiftCount):
3219         (JSC::JSArray::unshiftCount):
3220         * runtime/JSArray.h:
3221         (SparseArrayValueMap):
3222         (JSArray):
3223         * runtime/JSByteArray.cpp:
3224         (JSC::JSByteArray::putByIndex):
3225         * runtime/JSByteArray.h:
3226         (JSByteArray):
3227         * runtime/JSCell.cpp:
3228         (JSC::JSCell::putByIndex):
3229         * runtime/JSCell.h:
3230         (JSCell):
3231         * runtime/JSNotAnObject.cpp:
3232         (JSC::JSNotAnObject::putByIndex):
3233         * runtime/JSNotAnObject.h:
3234         (JSNotAnObject):
3235         * runtime/JSONObject.cpp:
3236         (JSC::Walker::walk):
3237         * runtime/JSObject.cpp:
3238         (JSC::JSObject::putByIndex):
3239         * runtime/JSObject.h:
3240         (JSC::JSValue::putByIndex):
3241         * runtime/RegExpConstructor.cpp:
3242         (JSC::RegExpMatchesArray::fillArrayInstance):
3243         * runtime/RegExpMatchesArray.h:
3244         (JSC::RegExpMatchesArray::putByIndex):
3245         * runtime/StringPrototype.cpp:
3246         (JSC::stringProtoFuncSplit):
3247
3248 2012-03-05  Yuqiang Xian  <yuqiang.xian@intel.com>
3249
3250         PredictNone is incorrectly treated as isDoublePrediction
3251         https://bugs.webkit.org/show_bug.cgi?id=80365
3252
3253         Reviewed by Filip Pizlo.
3254
3255         Also it is incorrectly treated as isFixedIndexedStorageObjectPrediction.
3256
3257         * bytecode/PredictedType.h:
3258         (JSC::isFixedIndexedStorageObjectPrediction):
3259         (JSC::isDoublePrediction):
3260
3261 2012-03-05  Filip Pizlo  <fpizlo@apple.com>
3262
3263         The LLInt should work even when the JIT is disabled
3264         https://bugs.webkit.org/show_bug.cgi?id=80340
3265         <rdar://problem/10922235>
3266
3267         Reviewed by Gavin Barraclough.
3268
3269         * assembler/MacroAssemblerCodeRef.h:
3270         (JSC::MacroAssemblerCodePtr::createLLIntCodePtr):
3271         (MacroAssemblerCodeRef):
3272         (JSC::MacroAssemblerCodeRef::createLLIntCodeRef):
3273         * interpreter/Interpreter.cpp:
3274         (JSC::Interpreter::initialize):
3275         (JSC::Interpreter::execute):
3276         (JSC::Interpreter::executeCall):
3277         (JSC::Interpreter::executeConstruct):
3278         * jit/JIT.h:
3279         (JSC::JIT::compileCTINativeCall):
3280         * jit/JITStubs.h:
3281         (JSC::JITThunks::ctiNativeCall):
3282         (JSC::JITThunks::ctiNativeConstruct):
3283         * llint/LLIntEntrypoints.cpp:
3284         (JSC::LLInt::getFunctionEntrypoint):
3285         (JSC::LLInt::getEvalEntrypoint):
3286         (JSC::LLInt::getProgramEntrypoint):
3287         * llint/LLIntSlowPaths.cpp:
3288         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3289         (LLInt):
3290         * llint/LLIntSlowPaths.h:
3291         (LLInt):
3292         * llint/LowLevelInterpreter.h:
3293         * llint/LowLevelInterpreter32_64.asm:
3294         * runtime/Executable.h:
3295         (NativeExecutable):
3296         (JSC::NativeExecutable::create):
3297         (JSC::NativeExecutable::finishCreation):
3298         * runtime/JSGlobalData.cpp:
3299         (JSC::JSGlobalData::JSGlobalData):
3300         * runtime/JSGlobalData.h:
3301         (JSGlobalData):
3302         * runtime/Options.cpp:
3303         (Options):
3304         (JSC::Options::parse):
3305         (JSC::Options::initializeOptions):
3306         * runtime/Options.h:
3307         (Options):
3308         * wtf/Platform.h:
3309
3310 2012-03-05  Yuqiang Xian  <yuqiang.xian@intel.com>
3311
3312         Checks for dead variables are not sufficient when fixing the expected
3313         values in DFG OSR entry
3314         https://bugs.webkit.org/show_bug.cgi?id=80371
3315
3316         Reviewed by Filip Pizlo.
3317
3318         A dead variable should be identified when there's no node referencing it.
3319         But we currently failed to catch the case where there are some nodes
3320         referencing a variable but those nodes are actually not referenced by
3321         others so will be ignored in code generation. In such case we should
3322         also consider that variable to be a dead variable in the block and fix
3323         the expected values.
3324         This is performance neutral on SunSpider, V8 and Kraken.
3325
3326         * dfg/DFGJITCompiler.h:
3327         (JSC::DFG::JITCompiler::noticeOSREntry):
3328
3329 2012-03-05  Oliver Hunt  <oliver@apple.com>
3330
3331         Fix Qt build.
3332
3333         * assembler/AbstractMacroAssembler.h:
3334         * assembler/MacroAssembler.h:
3335         (MacroAssembler):
3336         * dfg/DFGSpeculativeJIT.cpp:
3337         (JSC::DFG::SpeculativeJIT::compileArithSub):
3338         * jit/JITArithmetic32_64.cpp:
3339         (JSC::JIT::emitSub32Constant):
3340
3341 2012-03-05  Eric Seidel  <eric@webkit.org>
3342
3343         Update JavaScriptCore files to use fully-qualified WTF include paths
3344         https://bugs.webkit.org/show_bug.cgi?id=79960
3345
3346         Reviewed by Adam Barth.
3347
3348         This change does 5 small/related things:
3349          1. Updates JavaScriptCore.xcodeproj to install WTF headers into $BUILD/usr/local/include
3350             (WebCore, WebKit were already setup to look there, but JavaScriptCore.xcodeproj
3351             was not installing headers there.)
3352          2. Makes JavaScriptCore targets include $BUILD/usr/local/include in their
3353             header search path, as that's where the WTF headers will be installed.
3354          3. Similarly updates JavaScriptCore.vcproj/copy-files.cmd to copy WTF headers to PrivateHeaders/wtf/*
3355             in addition to the current behavior of flattening all headers to PrivateHeaders/*.h.
3356          4. Updates a bunch of JSC files to use #include <wtf/Foo.h> instead of #include "Foo.h"
3357             since soon the WTF headers will not be part of the JavaScriptCore Xcode project.
3358          5. Makes build-webkit build the WTF XCode project by default.
3359
3360         * API/tests/JSNode.c:
3361         * API/tests/JSNodeList.c:
3362         * Configurations/Base.xcconfig:
3363         * assembler/MacroAssemblerCodeRef.h:
3364         * bytecompiler/BytecodeGenerator.h:
3365         * dfg/DFGOperations.cpp:
3366         * heap/GCAssertions.h:
3367         * heap/HandleHeap.h:
3368         * heap/HandleStack.h:
3369         * heap/MarkedSpace.h:
3370         * heap/PassWeak.h:
3371         * heap/Strong.h:
3372         * heap/Weak.h:
3373         * jit/HostCallReturnValue.cpp:
3374         * jit/JIT.cpp:
3375         * jit/JITStubs.cpp:
3376         * jit/ThunkGenerators.cpp:
3377         * parser/Lexer.cpp:
3378         * runtime/Completion.cpp:
3379         * runtime/Executable.cpp:
3380         * runtime/Identifier.h:
3381         * runtime/InitializeThreading.cpp:
3382         * runtime/JSDateMath.cpp:
3383         * runtime/JSGlobalObjectFunctions.cpp:
3384         * runtime/JSStringBuilder.h:
3385         * runtime/JSVariableObject.h:
3386         * runtime/NumberPrototype.cpp:
3387         * runtime/WriteBarrier.h:
3388         * tools/CodeProfile.cpp:
3389         * tools/TieredMMapArray.h:
3390         * yarr/YarrJIT.cpp:
3391
3392 2012-03-05  Oliver Hunt  <oliver@apple.com>
3393
3394         Add basic support for constant blinding to the JIT
3395         https://bugs.webkit.org/show_bug.cgi?id=80354
3396
3397         Reviewed by Filip Pizlo.
3398
3399         This patch adds basic constant blinding support to the JIT, at the
3400         MacroAssembler level.  This means all JITs in JSC (Yarr, baseline, and DFG)
3401         get constant blinding.  Woo!
3402
3403         This patch only introduces blinding for Imm32, a later patch will do similar
3404         for ImmPtr.  In order to make misuse of Imm32 as a trusted type essentially
3405         impossible, we make TrustedImm32 a private parent of Imm32 and add an explicit
3406         accessor that's needed to access the actual value.  This also means you cannot
3407         accidentally pass an untrusted value to a function that does not perform
3408         blinding.
3409
3410         To make everything work sensibly, this patch also corrects some code that was using
3411         Imm32 when TrustedImm32 could be used, and refactors a few callers that use
3412         untrusted immediates, so that they call slightly different varaints of the functions
3413         that they used previously.  This is largely necessary to deal with x86-32 not having
3414         sufficient registers to handle the additional work required when we choose to blind
3415         a constant.
3416
3417         * assembler/AbstractMacroAssembler.h:
3418         (JSC::AbstractMacroAssembler::Imm32::asTrustedImm32):
3419         (Imm32):
3420         (JSC::AbstractMacroAssembler::beginUninterruptedSequence):
3421         (JSC::AbstractMacroAssembler::endUninterruptedSequence):
3422         (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
3423         (AbstractMacroAssembler):
3424         (JSC::AbstractMacroAssembler::inUninterruptedSequence):
3425         (JSC::AbstractMacroAssembler::random):
3426         (JSC::AbstractMacroAssembler::scratchRegisterForBlinding):
3427         (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
3428         * assembler/MacroAssembler.h:
3429         (JSC::MacroAssembler::addressForPoke):
3430         (MacroAssembler):
3431         (JSC::MacroAssembler::poke):
3432         (JSC::MacroAssembler::branchPtr):
3433         (JSC::MacroAssembler::branch32):
3434         (JSC::MacroAssembler::convertInt32ToDouble):
3435         (JSC::MacroAssembler::shouldBlind):
3436         (JSC::MacroAssembler::BlindedImm32::BlindedImm32):
3437         (BlindedImm32):
3438         (JSC::MacroAssembler::keyForConstant):
3439         (JSC::MacroAssembler::xorBlindConstant):
3440         (JSC::MacroAssembler::additionBlindedConstant):
3441         (JSC::MacroAssembler::andBlindedConstant):
3442         (JSC::MacroAssembler::orBlindedConstant):
3443         (JSC::MacroAssembler::loadXorBlindedConstant):
3444         (JSC::MacroAssembler::add32):
3445         (JSC::MacroAssembler::addPtr):
3446         (JSC::MacroAssembler::and32):
3447         (JSC::MacroAssembler::andPtr):
3448         (JSC::MacroAssembler::move):
3449         (JSC::MacroAssembler::or32):
3450         (JSC::MacroAssembler::store32):
3451         (JSC::MacroAssembler::sub32):
3452         (JSC::MacroAssembler::subPtr):
3453         (JSC::MacroAssembler::xor32):
3454         (JSC::MacroAssembler::branchAdd32):
3455         (JSC::MacroAssembler::branchMul32):
3456         (JSC::MacroAssembler::branchSub32):
3457         (JSC::MacroAssembler::trustedImm32ForShift):
3458         (JSC::MacroAssembler::lshift32):
3459         (JSC::MacroAssembler::rshift32):
3460         (JSC::MacroAssembler::urshift32):
3461         * assembler/MacroAssemblerARMv7.h:
3462         (MacroAssemblerARMv7):
3463         (JSC::MacroAssemblerARMv7::scratchRegisterForBlinding):
3464         (JSC::MacroAssemblerARMv7::shouldBlindForSpecificArch):
3465         * assembler/MacroAssemblerX86_64.h:
3466         (JSC::MacroAssemblerX86_64::branchSubPtr):
3467         (MacroAssemblerX86_64):
3468         (JSC::MacroAssemblerX86_64::scratchRegisterForBlinding):
3469         * dfg/DFGJITCompiler.cpp:
3470         (JSC::DFG::JITCompiler::linkOSRExits):
3471         (JSC::DFG::JITCompiler::compileBody):
3472         (JSC::DFG::JITCompiler::compileFunction):
3473         * dfg/DFGOSRExitCompiler32_64.cpp:
3474         (JSC::DFG::OSRExitCompiler::compileExit):
3475         * dfg/DFGOSRExitCompiler64.cpp:
3476         (JSC::DFG::OSRExitCompiler::compileExit):
3477         * dfg/DFGSpeculativeJIT.cpp:
3478         (JSC::DFG::SpeculativeJIT::compile):
3479         (JSC::DFG::SpeculativeJIT::compileArithSub):
3480         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
3481         * dfg/DFGSpeculativeJIT.h:
3482         (JSC::DFG::SpeculativeJIT::callOperation):
3483         * dfg/DFGSpeculativeJIT32_64.cpp:
3484         (JSC::DFG::SpeculativeJIT::emitCall):
3485         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
3486         (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
3487         (JSC::DFG::SpeculativeJIT::compile):
3488         * dfg/DFGSpeculativeJIT64.cpp:
3489         (JSC::DFG::SpeculativeJIT::emitCall):
3490         (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
3491         (JSC::DFG::SpeculativeJIT::compile):
3492         * jit/JIT.cpp:
3493         (JSC::JIT::privateCompileSlowCases):
3494         (JSC::JIT::privateCompile):
3495         * jit/JITArithmetic.cpp:
3496         (JSC::JIT::compileBinaryArithOp):
3497         (JSC::JIT::emit_op_add):
3498         (JSC::JIT::emit_op_mul):
3499         (JSC::JIT::emit_op_div):
3500         * jit/JITArithmetic32_64.cpp:
3501         (JSC::JIT::emitAdd32Constant):
3502         (JSC::JIT::emitSub32Constant):
3503         (JSC::JIT::emitBinaryDoubleOp):
3504         (JSC::JIT::emitSlow_op_mul):
3505         (JSC::JIT::emit_op_div):
3506         * jit/JITCall.cpp:
3507         (JSC::JIT::compileLoadVarargs):
3508         * jit/JITCall32_64.cpp:
3509         (JSC::JIT::compileLoadVarargs):
3510         * jit/JITInlineMethods.h:
3511         (JSC::JIT::updateTopCallFrame):
3512         (JSC::JIT::emitValueProfilingSite):
3513         * jit/JITOpcodes32_64.cpp:
3514         (JSC::JIT::emitSlow_op_jfalse):
3515         (JSC::JIT::emitSlow_op_jtrue):
3516         * jit/JITStubCall.h:
3517         (JITStubCall):
3518         (JSC::JITStubCall::addArgument):
3519         * yarr/YarrJIT.cpp:
3520         (JSC::Yarr::YarrGenerator::backtrack):
3521
3522 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3523
3524         putByIndex should throw in strict mode
3525         https://bugs.webkit.org/show_bug.cgi?id=80335
3526
3527         Reviewed by Filip Pizlo.
3528
3529         We'll need to pass an additional parameter.
3530
3531         Part 1 - rename JSValue::put() for integer indices to JSValue::putByIndex()
3532         to match the method in the MethodTable, make this take a parameter indicating
3533         whether the put should throw. This fixes the cases where the base of the put
3534         is a primitive.
3535
3536         * dfg/DFGOperations.cpp:
3537         (DFG):
3538         (JSC::DFG::putByVal):
3539         (JSC::DFG::operationPutByValInternal):
3540         * interpreter/Interpreter.cpp:
3541         (JSC::Interpreter::execute):
3542         (JSC::Interpreter::privateExecute):
3543         * jit/JITStubs.cpp:
3544         (JSC::DEFINE_STUB_FUNCTION):
3545         * llint/LLIntSlowPaths.cpp:
3546         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3547         * runtime/JSObject.h:
3548         (JSC::JSValue::putByIndex):
3549         * runtime/JSValue.cpp:
3550         (JSC):
3551         * runtime/JSValue.h:
3552         (JSValue):
3553
3554 2012-03-05  Sam Weinig  <sam@webkit.org>
3555
3556         Add support for hosting layers in the window server in WebKit2
3557         <rdar://problem/10400246>
3558         https://bugs.webkit.org/show_bug.cgi?id=80310
3559
3560         Reviewed by Anders Carlsson.
3561
3562         * wtf/Platform.h:
3563         Add HAVE_LAYER_HOSTING_IN_WINDOW_SERVER.
3564
3565 2012-03-05  Filip Pizlo  <fpizlo@apple.com>
3566
3567         Unreviewed, attempted build fix for !ENABLE(JIT) after r109705.
3568
3569         * bytecode/ExecutionCounter.cpp:
3570         (JSC::ExecutionCounter::applyMemoryUsageHeuristics):
3571         * bytecode/ExecutionCounter.h:
3572
3573 2012-03-05  Patrick Gansterer  <paroga@webkit.org>
3574
3575         Unreviewed. Build fix for !ENABLE(JIT) after r109705.
3576
3577         * bytecode/ExecutionCounter.cpp:
3578         * bytecode/ExecutionCounter.h:
3579
3580 2012-03-05  Andy Wingo  <wingo@igalia.com>
3581
3582         Lexer: Specialize character predicates for LChar, UChar
3583         https://bugs.webkit.org/show_bug.cgi?id=79677
3584
3585         Reviewed by Oliver Hunt.
3586
3587         This patch specializes isIdentStart, isIdentPart, isWhiteSpace,
3588         and isLineTerminator to perform a more limited number of checks if
3589         the lexer is being instantiated to work on LChar sequences.  This
3590         is about a 1.5% win on the --parse-only suite, here.
3591
3592         * parser/Lexer.cpp:
3593         (JSC::isLatin1): New static helper, specialized for LChar and
3594         UChar.
3595         (JSC::typesOfLatin1Characters): Rename from
3596         typesOfASCIICharacters, and expand to the range of the LChar
3597         type.  All uses of isASCII are changed to use isLatin1.  Generated
3598         using libunistring.
3599         (JSC::isNonLatin1IdentStart):
3600         (JSC::isIdentStart):
3601         (JSC::isNonLatin1IdentPart):
3602         (JSC::isIdentPart):
3603         (JSC::Lexer::shiftLineTerminator):
3604         (JSC::Lexer::parseIdentifier):
3605         (JSC::Lexer::parseIdentifierSlowCase):
3606         (JSC::Lexer::parseStringSlowCase):
3607         (JSC::Lexer::parseMultilineComment):
3608         (JSC::Lexer::lex):
3609         (JSC::Lexer::scanRegExp):
3610         (JSC::Lexer::skipRegExp): Sprinkle static_cast<T>(_) around.
3611         * parser/Lexer.h:
3612         (JSC::Lexer::isWhiteSpace):
3613         (JSC::Lexer::isLineTerminator):
3614         * KeywordLookupGenerator.py:
3615         (Trie.printAsC): Declare specialized isIdentPart static functions.
3616
3617 2012-03-05  Carlos Garcia Campos  <cgarcia@igalia.com>
3618
3619         Unreviewed. Fix make distcheck.
3620
3621         * GNUmakefile.list.am: Add missing header file.
3622
3623 2012-03-05  Andy Wingo  <wingo@igalia.com>
3624
3625         WTF: Micro-optimize cleanup of empty vectors and hash tables
3626         https://bugs.webkit.org/show_bug.cgi?id=79903
3627
3628         Reviewed by Michael Saboff and Geoffrey Garen.
3629
3630         This patch speeds up cleanup of vectors and hash tables whose
3631         backing store was never allocated.  This is the case by default
3632         for most vectors / hash tables that never had any entries added.
3633
3634         The result for me is that calling checkSyntax 1000 times on
3635         concat-jquery-mootools-prototype.js goes from 6.234s to 6.068s, a
3636         2.4% speedup.
3637
3638         * wtf/HashTable.h:
3639         (WTF::HashTable::~HashTable):
3640         (WTF::::clear): Don't deallocate the storage or frob member
3641         variables if there is no backing storage.
3642         * wtf/Vector.h:
3643         (WTF::VectorBufferBase::deallocateBuffer): Likewise.
3644
3645 2012-03-04  Filip Pizlo  <fpizlo@apple.com>
3646
3647         JIT heuristics should be hyperbolic
3648         https://bugs.webkit.org/show_bug.cgi?id=80055
3649         <rdar://problem/10922260>
3650
3651         Reviewed by Oliver Hunt.
3652         
3653         Added tracking of the amount of executable memory typically used for a bytecode
3654         instruction. Modified the execution counter scheme to use this, and the amount
3655         of free memory, to determine how long to wait before invoking the JIT.
3656         
3657         The result is that even if we bomb the VM with more code than can fit in our
3658         executable memory pool, we still keep running and almost never run out of
3659         executable memory - which ensures that if we have to JIT something critical, then
3660         we'll likely have enough memory to do so. This also does not regress performance
3661         on the three main benchmarks.
3662         
3663         * CMakeLists.txt:
3664         * GNUmakefile.list.am:
3665         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3666         * JavaScriptCore.xcodeproj/project.pbxproj:
3667         * Target.pri:
3668         * bytecode/CodeBlock.cpp:
3669         (JSC::CodeBlock::predictedMachineCodeSize):
3670         (JSC):
3671         (JSC::CodeBlock::usesOpcode):
3672         * bytecode/CodeBlock.h:
3673         (CodeBlock):
3674         (JSC::CodeBlock::checkIfJITThresholdReached):
3675         (JSC::CodeBlock::dontJITAnytimeSoon):
3676         (JSC::CodeBlock::jitAfterWarmUp):
3677         (JSC::CodeBlock::jitSoon):
3678         (JSC::CodeBlock::llintExecuteCounter):
3679         (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
3680         (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
3681         (JSC::CodeBlock::addressOfJITExecuteCounter):
3682         (JSC::CodeBlock::offsetOfJITExecuteCounter):
3683         (JSC::CodeBlock::offsetOfJITExecutionActiveThreshold):
3684         (JSC::CodeBlock::offsetOfJITExecutionTotalCount):
3685         (JSC::CodeBlock::jitExecuteCounter):
3686         (JSC::CodeBlock::checkIfOptimizationThresholdReached):
3687         (JSC::CodeBlock::optimizeNextInvocation):
3688         (JSC::CodeBlock::dontOptimizeAnytimeSoon):
3689         (JSC::CodeBlock::optimizeAfterWarmUp):
3690         (JSC::CodeBlock::optimizeAfterLongWarmUp):
3691         (JSC::CodeBlock::optimizeSoon):
3692         * bytecode/ExecutionCounter.cpp: Added.
3693         (JSC):
3694         (JSC::ExecutionCounter::ExecutionCounter):
3695         (JSC::ExecutionCounter::checkIfThresholdCrossedAndSet):
3696         (JSC::ExecutionCounter::setNewThreshold):
3697         (JSC::ExecutionCounter::deferIndefinitely):
3698         (JSC::ExecutionCounter::applyMemoryUsageHeuristics):
3699         (JSC::ExecutionCounter::applyMemoryUsageHeuristicsAndConvertToInt):
3700         (JSC::ExecutionCounter::hasCrossedThreshold):
3701         (JSC::ExecutionCounter::setThreshold):
3702         (JSC::ExecutionCounter::reset):
3703         * bytecode/ExecutionCounter.h: Added.
3704         (JSC):
3705         (ExecutionCounter):
3706         (JSC::ExecutionCounter::formattedTotalCount):
3707         * dfg/DFGOSRExitCompiler32_64.cpp:
3708         (JSC::DFG::OSRExitCompiler::compileExit):
3709         * dfg/DFGOSRExitCompiler64.cpp:
3710         (JSC::DFG::OSRExitCompiler::compileExit):
3711         * jit/ExecutableAllocator.cpp:
3712         (JSC::DemandExecutableAllocator::allocateNewSpace):
3713         (JSC::ExecutableAllocator::underMemoryPressure):
3714         (JSC):
3715         (JSC::ExecutableAllocator::memoryPressureMultiplier):
3716         * jit/ExecutableAllocator.h:
3717         * jit/ExecutableAllocatorFixedVMPool.cpp:
3718         (JSC::ExecutableAllocator::memoryPressureMultiplier):
3719         (JSC):
3720         * jit/JIT.cpp:
3721         (JSC::JIT::privateCompile):
3722         * jit/JITStubs.cpp:
3723         (JSC::DEFINE_STUB_FUNCTION):
3724         * llint/LLIntSlowPaths.cpp:
3725         (JSC::LLInt::jitCompileAndSetHeuristics):
3726         * llint/LowLevelInterpreter32_64.asm:
3727         * runtime/JSGlobalData.h:
3728         (JSGlobalData):
3729         * runtime/Options.cpp:
3730         (Options):
3731         (JSC::Options::initializeOptions):
3732         * runtime/Options.h:
3733         (Options):
3734         * wtf/SimpleStats.h: Added.
3735         (WTF):
3736         (SimpleStats):
3737         (WTF::SimpleStats::SimpleStats):
3738         (WTF::SimpleStats::add):
3739         (WTF::SimpleStats::operator!):
3740         (WTF::SimpleStats::count):
3741         (WTF::SimpleStats::sum):
3742         (WTF::SimpleStats::sumOfSquares):
3743         (WTF::SimpleStats::mean):
3744         (WTF::SimpleStats::variance):
3745         (WTF::SimpleStats::standardDeviation):
3746
3747 2012-03-04  Raphael Kubo da Costa  <kubo@profusion.mobi>
3748
3749         [CMake] Libraries are installed to /usr/lib and not /usr/lib64 on x86_64
3750         https://bugs.webkit.org/show_bug.cgi?id=71507
3751
3752         Reviewed by Antonio Gomes.
3753
3754         * CMakeLists.txt: Use ${LIB_INSTALL_DIR} instead of hardcoding "lib".
3755
3756 2012-03-04  David Kilzer  <ddkilzer@apple.com>
3757
3758         Fix build when the classic interpreter is enabled
3759
3760         Reviewed by Gavin Barraclough.
3761
3762         Fixes the following build error when running the "Generate
3763         Derived Sources" build phase script:
3764
3765             offlineasm: Parsing JavaScriptCore/llint/LowLevelInterpreter.asm and ../../JSCLLIntOffsetsExtractor and creating assembly file LLIntAssembly.h.
3766             ./JavaScriptCore/offlineasm/offsets.rb:145:in `offsetsAndConfigurationIndex': unhandled exception
3767                     from JavaScriptCore/offlineasm/asm.rb:131
3768             Command /bin/sh failed with exit code 1
3769
3770         Gavin's fix in r109674 avoided the #error statement in
3771         JITStubs.h when compiling LLIntOffsetsExtractor.cpp, but it
3772         caused the "Generate Derived Sources" build phase script to fail
3773         when JavaScriptCore/offlineasm/asm.rb was run.  The solution is
3774         to detect when the classic interpreter is being built and simply
3775         exit early from asm.rb in that case.
3776
3777         * llint/LLIntOffsetsExtractor.cpp:
3778         (JSC::LLIntOffsetsExtractor::dummy): Return NULL pointer if the
3779         JIT is disabled.  Note that offsets.rb doesn't care about the
3780         return value here, but instead it cares about finding the magic
3781         values in the binary.  The magic values are no longer present
3782         when the JIT is disabled.
3783         * offlineasm/asm.rb: Catch MissingMagicValuesException and exit
3784         early with a status message.
3785         * offlineasm/offsets.rb:
3786         (MissingMagicValuesException): Add new exception class.
3787         (offsetsAndConfigurationIndex): Throw
3788         MissingMagicValuesException when no magic values are found.
3789
3790 2012-03-04  Jurij Smakov  <jurij@wooyd.org>
3791
3792         SPARC also needs aligned accesses.
3793
3794         Rubber-stamped by Gustavo Noronha Silva.
3795
3796         * wtf/Platform.h:
3797
3798 2012-03-04  Gavin Barraclough  <barraclough@apple.com>
3799
3800         Unreviewed build fix.
3801
3802         * jit/JITStubs.h:
3803             - Move ENABLE(JIT) to head of file.
3804
3805 2012-03-03  Gavin Barraclough  <barraclough@apple.com>
3806
3807         Split JSArray's [[Put]] & [[DefineOwnProperty]] traps.
3808         https://bugs.webkit.org/show_bug.cgi?id=80217
3809
3810         Reviewed by Filip Pizlo.
3811
3812         putByIndex() provides similar behavior to put(), but for indexed property names.
3813         Many places in ArrayPrototype call putByIndex() where they really mean to call
3814         [[DefineOwnProperty]]. This is only okay due to a bug – putByIndex should be
3815         calling numeric accessors (& respecting numeric read only properties) on the
3816         prototype chain, but isn't. Add a new putDirectIndex (matching JSObject's
3817         putDirect* methods), to correctly provide a fast [[DefineOwnProperty]] interface.
3818
3819         * runtime/ArrayPrototype.cpp:
3820         (JSC::arrayProtoFuncConcat):
3821         (JSC::arrayProtoFuncSlice):
3822         (JSC::arrayProtoFuncFilter):
3823         (JSC::arrayProtoFuncMap):
3824         * runtime/JSArray.cpp:
3825         (JSC):
3826         (JSC::reject):
3827         (JSC::SparseArrayValueMap::putDirect):
3828         (JSC::JSArray::defineOwnNumericProperty):
3829         (JSC::JSArray::putByIndexBeyondVectorLength):
3830         (JSC::JSArray::putDirectIndexBeyondVectorLength):
3831         * runtime/JSArray.h:
3832         (SparseArrayValueMap):
3833         (JSArray):
3834         (JSC::JSArray::putDirectIndex):
3835
3836 2012-03-03  Benjamin Poulain  <benjamin@webkit.org>
3837
3838         Implement the basis of KURLWTFURL
3839         https://bugs.webkit.org/show_bug.cgi?id=79600
3840
3841         Reviewed by Adam Barth.
3842
3843         Add an API to know if a ParsedURL is valid.
3844
3845         * wtf/url/api/ParsedURL.cpp:
3846         (WTF::ParsedURL::ParsedURL):
3847         (WTF):
3848         (WTF::ParsedURL::isolatedCopy): This is needed by APIs moving URL objects between thread
3849         and by KURL's detach() on write.
3850         (WTF::ParsedURL::baseAsString):
3851         (WTF::ParsedURL::segment):
3852         Add a stronger constraint on accessors: the client of this API should never ask for the segments
3853         on an invalid URL.
3854         * wtf/url/api/ParsedURL.h:
3855         (WTF):
3856         (WTF::ParsedURL::ParsedURL):
3857         (ParsedURL):
3858         (WTF::ParsedURL::isValid):
3859
3860 2012-03-03  Hans Wennborg  <hans@chromium.org>
3861
3862         Implement Speech JavaScript API
3863         https://bugs.webkit.org/show_bug.cgi?id=80019
3864
3865         Reviewed by Adam Barth.
3866
3867         Add ENABLE_SCRIPTED_SPEECH.
3868
3869         * Configurations/FeatureDefines.xcconfig:
3870
3871 2012-03-02  Filip Pizlo  <fpizlo@apple.com>
3872
3873         When getting the line number of a call into a call frame with no code block, it's
3874         incorrect to rely on the returnPC
3875         https://bugs.webkit.org/show_bug.cgi?id=80195
3876
3877         Reviewed by Oliver Hunt.
3878
3879         * interpreter/Interpreter.cpp:
3880         (JSC::getCallerInfo):
3881         * jit/JITCall.cpp:
3882         (JSC::JIT::compileLoadVarargs):
3883
3884 2012-03-02  Han Hojong  <hojong.han@samsung.com>
3885
3886         Expected results updated for checking type conversion
3887         https://bugs.webkit.org/show_bug.cgi?id=80138
3888
3889         Reviewed by Gavin Barraclough.
3890
3891         * tests/mozilla/ecma/TypeConversion/9.3.1-3.js:
3892
3893 2012-03-02  Kenichi Ishibashi  <bashi@chromium.org>
3894
3895         Adding WebSocket per-frame DEFLATE extension
3896         https://bugs.webkit.org/show_bug.cgi?id=77522
3897
3898         Added USE(ZLIB) flag.
3899
3900         Reviewed by Kent Tamura.
3901
3902         * wtf/Platform.h:
3903
3904 2012-03-02  Filip Pizlo  <fpizlo@apple.com>
3905
3906         Unreviewed build fix for platforms that have DFG_JIT disabled but PARALLEL_GC enabled.
3907
3908         * bytecode/CodeBlock.cpp:
3909         (JSC::CodeBlock::visitAggregate):
3910
3911 2012-03-01  Filip Pizlo  <fpizlo@apple.com>
3912
3913         DFGCodeBlocks should not trace CodeBlocks that are also going to be traced by
3914         virtue of being in the transitive closure
3915         https://bugs.webkit.org/show_bug.cgi?id=80098
3916  
3917         Reviewed by Anders Carlsson.
3918         
3919         If DFGCodeBlocks traces a CodeBlock that might also be traced via its owner Executable,
3920         then you might have the visitAggregate() method called concurrently by multiple threads.
3921         This is benign on 64-bit -- visitAggregate() and everything it calls turns out to be
3922         racy and slightly imprecise but not unsound. But on 32-bit, visitAggregate() may crash
3923         due to word tearing in ValueProfile bucket updates inside of computeUpdatedPrediction().
3924         
3925         It would seem that the fix is just to have DFGCodeBlocks not trace CodeBlocks that are
3926         not jettisoned. But CodeBlocks may be jettisoned later during the GC, so it must trace
3927         any CodeBlock that it knows to be live by virtue of it being reachable from the stack.
3928         Hence the real fix is to make sure that concurrent calls into CodeBlock::visitAggregate()
3929         don't lead to two threads racing over each other as they clobber state. This patch
3930         achieves this with a simple CAS loop: whichever thread wins the CAS race (which is
3931         trivially linearizable) will get to trace the CodeBlock; all other threads give up and
3932         go home.
3933         
3934         Unfortunately there will be no new tests. It's possible to reproduce this maybe 1/10
3935         times by running V8-v6's raytrace repeatedly, using the V8 harness hacked to rerun it
3936         even when it's gotten sufficient counts. But that takes a while - sometimes up to a
3937         minute to get a crash. I have no other reliable repro case.
3938
3939         * bytecode/CodeBlock.cpp:
3940         (JSC::CodeBlock::visitAggregate):
3941         * bytecode/CodeBlock.h:
3942         (DFGData):
3943         * heap/DFGCodeBlocks.cpp:
3944         (JSC::DFGCodeBlocks::clearMarks):
3945
3946 2012-03-01  Filip Pizlo  <fpizlo@apple.com>
3947
3948         The JIT should not crash the entire process just because there is not enough executable
3949         memory, if the LLInt is enabled
3950         https://bugs.webkit.org/show_bug.cgi?id=79962
3951
3952         Reviewed by Csaba Osztrogonác.
3953         
3954         Fix for ARM, SH4.
3955
3956         * assembler/AssemblerBufferWithConstantPool.h:
3957         (JSC::AssemblerBufferWithConstantPool::executableCopy):
3958
3959 2012-03-01  Ryosuke Niwa  <rniwa@webkit.org>
3960
3961         Revert my change. Broke builds.
3962         Source/JavaScriptCore/wtf/Atomics.h:188: error: redefinition of 'bool WTF::weakCompareAndSwap(volatile uintptr_t*, uintptr_t, uintptr_t)'
3963         Source/JavaScriptCore/wtf/Atomics.h:122: error: 'bool WTF::weakCompareAndSwap(volatile unsigned int*, unsigned int, unsigned i
3964
3965         * wtf/Atomics.h:
3966         (WTF):
3967         (WTF::weakCompareAndSwap):
3968
3969 2012-03-01  Ryosuke Niwa  <rniwa@webkit.org>
3970
3971         Gcc build fix.
3972
3973         Rubber-stamped by Filip Pizlo.
3974
3975         * wtf/Atomics.h:
3976         (WTF):
3977         (WTF::weakCompareAndSwap):
3978
3979 2012-03-01  Gavin Barraclough  <barraclough@apple.com>
3980
3981         ES5.1-15.3.5.4. prohibits Function.caller from [[Get]]ting a strict caller
3982         https://bugs.webkit.org/show_bug.cgi?id=80011
3983
3984         Reviewed by Oliver Hunt.
3985
3986         Also, fix getting the caller from within a bound function, for within a getter,
3987         or setter (make our implementation match other browsers).
3988
3989         * interpreter/Interpreter.cpp:
3990         (JSC::getCallerInfo):
3991             - Allow this to get the caller of host functions.
3992         (JSC::Interpreter::retrieveCallerFromVMCode):
3993             - This should use getCallerInfo, and should skip over function bindings.
3994         * runtime/JSFunction.cpp:
3995         (JSC::JSFunction::callerGetter):
3996             - This should never return a strict-mode function.
3997
3998 2012-03-01  Yuqiang Xian  <yuqiang.xian@intel.com>
3999
4000         DFG local CSE for a node can be terminated earlier
4001         https://bugs.webkit.org/show_bug.cgi?id=80014
4002
4003         Reviewed by Filip Pizlo.
4004
4005         When one of the node's childredn is met in the process of back traversing
4006         the nodes, we don't need to traverse&