[WebKit-https.git] / Source / JavaScriptCore / ChangeLog

2011-11-21  Filip Pizlo  <fpizlo@apple.com>
        
        Another attempt at a build fix.

        * dfg/DFGRepatch.h:
        (JSC::DFG::dfgResetGetByID):
        (JSC::DFG::dfgResetPutByID):

2011-11-20  Filip Pizlo  <fpizlo@apple.com>

        Unreviewed interpreter build fix.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::finalizeUnconditionally):
        * dfg/DFGRepatch.h:

2011-11-20  Yuqiang Xian  <yuqiang.xian@intel.com>

        Improve modulo operation on 32bit platforms
        https://bugs.webkit.org/show_bug.cgi?id=72501

        Reviewed by Filip Pizlo.

        Extend softModulo to support X86 and MIPS in baseline JIT.
        Apply the same optimization to 32bit DFG JIT.
        1% gain on Kraken, tested on Linux Core i7 Nehalem 32bit.

        * dfg/DFGSpeculativeJIT.h:
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
        (JSC::DFG::SpeculativeJIT::compile):
        * jit/JITArithmetic32_64.cpp:
        (JSC::JIT::emit_op_mod):
        (JSC::JIT::emitSlow_op_mod):
        * jit/JITOpcodes32_64.cpp:
        (JSC::JIT::softModulo):
        * wtf/Platform.h:

2011-11-18  Filip Pizlo  <fpizlo@apple.com>

        Inline caches that refer to otherwise dead objects should be cleared
        https://bugs.webkit.org/show_bug.cgi?id=72311

        Reviewed by Geoff Garen.

        DFG code blocks now participate in the weak reference harvester fixpoint
        so that they only consider themselves to be live if either they are
        currently executing, or their owner is live and all of their weak references
        are live. If not, the relevant code blocks are jettisoned.

        Inline caches in both the old JIT and the DFG are now cleared if any of
        their references are not marked at the end of a GC.

        This is performance-neutral on SunSpider, V8, and Kraken. With the clear-
        all-code-on-GC policy that we currently have, it shows a slight reduction
        in memory usage. If we turn that policy off, it's pretty easy to come up
        with an example program that will cause ToT to experience linear heap
        growth, while with this patch, the heap stays small and remains at a
        constant size.

        * assembler/ARMv7Assembler.h:
        (JSC::ARMv7Assembler::readCallTarget):
        * assembler/MacroAssemblerARMv7.h:
        (JSC::MacroAssemblerARMv7::readCallTarget):
        * assembler/MacroAssemblerX86.h:
        (JSC::MacroAssemblerX86::readCallTarget):
        * assembler/MacroAssemblerX86_64.h:
        (JSC::MacroAssemblerX86_64::readCallTarget):
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::visitAggregate):
        (JSC::CodeBlock::performTracingFixpointIteration):
        (JSC::CodeBlock::visitWeakReferences):
        (JSC::CodeBlock::finalizeUnconditionally):
        (JSC::CodeBlock::stronglyVisitStrongReferences):
        (JSC::MethodCallLinkInfo::reset):
        (JSC::ProgramCodeBlock::jettison):
        (JSC::EvalCodeBlock::jettison):
        (JSC::FunctionCodeBlock::jettison):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::reoptimize):
        (JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
        * bytecode/Instruction.h:
        (JSC::PolymorphicAccessStructureList::visitWeak):
        * bytecode/StructureStubInfo.cpp:
        (JSC::StructureStubInfo::visitWeakReferences):
        * bytecode/StructureStubInfo.h:
        (JSC::isGetByIdAccess):
        (JSC::isPutByIdAccess):
        (JSC::StructureStubInfo::reset):
        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::link):
        * dfg/DFGOperations.cpp:
        * dfg/DFGRepatch.cpp:
        (JSC::DFG::dfgRepatchByIdSelfAccess):
        (JSC::DFG::dfgResetGetByID):
        (JSC::DFG::dfgResetPutByID):
        * dfg/DFGRepatch.h:
        (JSC::DFG::dfgResetGetByID):
        (JSC::DFG::dfgResetPutByID):
        * jit/JIT.h:
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::resetPatchGetById):
        (JSC::JIT::resetPatchPutById):
        * jit/JITPropertyAccess32_64.cpp:
        (JSC::JIT::resetPatchGetById):
        (JSC::JIT::resetPatchPutById):
        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):
        * jit/JITWriteBarrier.h:
        (JSC::JITWriteBarrierBase::clearToMaxUnsigned):

2011-11-20  Filip Pizlo  <fpizlo@apple.com>

        Showing the data overlay in OpenStreetMap doesn't work, zooming partially broken
        https://bugs.webkit.org/show_bug.cgi?id=71505

        Reviewed by Oliver Hunt.
        
        The bytecode generator was assuming that call_varargs never reuses the base register
        (i.e. the function being called) for the result. This is no longer true.

        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitCallVarargs):
        * bytecompiler/BytecodeGenerator.h:
        * bytecompiler/NodesCodegen.cpp:
        (JSC::ApplyFunctionCallDotNode::emitBytecode):

2011-11-20  Filip Pizlo  <fpizlo@apple.com>

        DFG 32_64 should directly store double virtual registers on SetLocal
        https://bugs.webkit.org/show_bug.cgi?id=72845

        Reviewed by Oliver Hunt.
        
        2% win on Kraken.

        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):

2011-11-20  Noel Gordon  <noel.gordon@gmail.com>

        [chromium] Remove DFG::JITCodeGenerator from the gyp projects
        https://bugs.webkit.org/show_bug.cgi?id=72842

        Reviewed by Filip Pizlo.

        dfg/DFGJITCodeGenerator.{h,cpp} were removed in r100244

        * JavaScriptCore.gypi: remove dfg/DFGJITCodeGenerator.{h,cpp}

2011-11-18  Daniel Bates  <dbates@rim.com>

        Add CMake build infrastructure for the BlackBerry port
        https://bugs.webkit.org/show_bug.cgi?id=72768

        Reviewed by Antonio Gomes.

        * PlatformBlackBerry.cmake: Added.
        * shell/PlatformBlackBerry.cmake: Added.
        * wtf/PlatformBlackBerry.cmake: Added.

2011-11-18  Filip Pizlo  <fpizlo@apple.com>

        DFG JIT fails speculation on InstanceOf if the base is not an object
        https://bugs.webkit.org/show_bug.cgi?id=72709

        Reviewed by Geoff Garen.
        
        InstanceOf already leverages the fact that we only allow the default
        hasInstance implementation. So, if the base is predicted to possibly
        be not an object and the CFA has not yet proven otherwise, InstanceOf
        will abstain from speculating cell and instead return false if the
        base is not a cell.
        
        This appears to be a 1% speed-up on V8 on the V8 harness. 3-4% or so
        speed-up in earley-boyer. Neutral according to bencher on SunSpider,
        V8, and Kraken. In 32-bit, it's a 0.5% win on SunSpider and a 1.9%
        win on V8 even on my harness, due to a 12.5% win on earley-boyer.
        
        I also took this opportunity to make the code for InstanceOf common
        between the two JITs. This was partially successful, in that the
        "common code" has a bunch of #if's, but overall it seems like a code
        size reduction.

        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::execute):
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
        (JSC::DFG::SpeculativeJIT::compileInstanceOf):
        * dfg/DFGSpeculativeJIT.h:
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):

2011-11-18  Mark Hahnenberg  <mhahnenberg@apple.com>

        Forgot to completely de-virtualize isDynamicScope
        https://bugs.webkit.org/show_bug.cgi?id=72763

        Reviewed by Darin Adler.

        * runtime/JSActivation.h: Removed virtual keyword.

2011-11-18  Filip Pizlo  <fpizlo@apple.com>

        Crash in JSC::DFG::OSRExitCompiler::compileExit(JSC::DFG::OSRExit const&, JSC::DFG::SpeculationRecovery*)
        https://bugs.webkit.org/show_bug.cgi?id=72292

        Reviewed by Darin Adler.
        
        Fix this for 32_64.

        * dfg/DFGOSRExitCompiler32_64.cpp:
        (JSC::DFG::OSRExitCompiler::compileExit):

2011-11-18  Mark Hahnenberg  <mhahnenberg@apple.com>

        De-virtualize ExecutableBase::intrinsic
        https://bugs.webkit.org/show_bug.cgi?id=72548

        Reviewed by Oliver Hunt.

        * runtime/Executable.cpp:
        (JSC::ExecutableBase::intrinsic): Dynamic cast to NativeExecutable. If successful, call intrinsic, otherwise return default value. 
        * runtime/Executable.h:
        * runtime/JSCell.h:
        (JSC::jsDynamicCast): Add jsDynamicCast that duplicates the functionality of dynamic_cast in C++ but uses ClassInfo
        rather than requiring C++ RTTI.

2011-11-18  Patrick Gansterer  <paroga@webkit.org>

        [CMake] Remove duplicate dtoa files from CMakeLists.txt
        https://bugs.webkit.org/show_bug.cgi?id=72711

        Reviewed by Brent Fulgham.

        * wtf/CMakeLists.txt:

2011-11-17  Michael Saboff  <msaboff@apple.com>

        [Qt] REGRESSION(r100510): Enable 8 Bit Strings in JavaScriptCore
        https://bugs.webkit.org/show_bug.cgi?id=72602

        Fixed StringImpl::foldCase by adding return in the case we need to handle
        folding of 8 bit strings with Latin-1 characters.

        Fixed case where StringImpl::replace was using a char temp instead of an
        LChar temp.

        Because of the second change, I changed other uses of char or
        unsigned char to LChar.

        Reviewed by Zoltan Herczeg.

        * wtf/text/StringImpl.cpp:
        (WTF::StringImpl::upper):
        (WTF::StringImpl::foldCase):
        (WTF::equal):
        (WTF::equalIgnoringCase):
        (WTF::StringImpl::replace):

2011-11-17  Patrick Gansterer  <paroga@webkit.org>

        [CMake] Move FAST_MALLOC specific lines from Platform*.cmake to CMakeLists.txt
        https://bugs.webkit.org/show_bug.cgi?id=72644

        Reviewed by Brent Fulgham.

        All ports need to do the same determination about fast malloc. Move the CMake code from
        platform specific files into the generic one, so that additional ports can reuse it.

        * wtf/CMakeLists.txt:
        * wtf/PlatformEfl.cmake:
        * wtf/PlatformWinCE.cmake:

2011-11-17  Mark Hahnenberg  <mhahnenberg@apple.com>

        Add finalizer to JSActivation
        https://bugs.webkit.org/show_bug.cgi?id=72575

        Reviewed by Geoffrey Garen.

        * runtime/JSActivation.cpp:
        (JSC::JSActivation::finishCreation): Attach finalize function to objects during creation.
        (JSC::JSActivation::finalize):
        * runtime/JSActivation.h: Replaced virtual destructor with static finalize function.

2011-11-15  Filip Pizlo  <fpizlo@apple.com>

        Code block jettisoning should be part of the GC's transitive closure
        https://bugs.webkit.org/show_bug.cgi?id=72467

        Reviewed by Geoff Garen.
        
        Replaced JettisonedCodeBlocks with DFGCodeBlocks. The latter knows about all
        DFG code blocks (i.e. those that may be jettisoned, and may have inlined weak
        references) and helps track what state each of those code blocks is in during
        GC. The state consists of two flags; mayBeExecuting, which tells if the code block
        is live from call frames; and isJettisoned, which tells if the code block is
        not owned by any executable and thus should be deleted as soon as it is not
        mayBeExecuting.
        
        - Not executing, Not jettisoned: The code block may or may not be reachable from
          any executables, but it is owned by an executable, and hence should be
          kept alive if its executable is live and if all of its weak references are
          live. Otherwise it should be deleted during the current GC cycle, and its
          outgoing references should not be scanned.
          
        - Not executing but jettisoned: The code block should be deleted as soon as
          possible and none of its outgoing references should be scanned.
          
        - Executing but not jettisoned: The code block should be kept alive during this
          GC cycle, and all of its outgoing references (including the weak ones)
          should be scanned and marked strongly. The mayBeExecuting bit will be cleared at
          the end of the GC cycle.
          
        - Executing and jettisoned: The code block should be kept alive during this
          GC cycle, and all of its outgoing references (including the weak ones)
          should be scanned and marked strongly. However, on the next GC cycle, it
          will have its mayBeExecuting bit cleared and hence it will become a candidate
          for immediate deletion provided it is not executing again.

        This is performance-neutral.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::~CodeBlock):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::setJITCode):
        (JSC::CodeBlock::DFGData::DFGData):
        (JSC::DFGCodeBlocks::mark):
        * heap/ConservativeRoots.cpp:
        (JSC::ConservativeRoots::add):
        * heap/ConservativeRoots.h:
        * heap/DFGCodeBlocks.cpp: Added.
        (JSC::DFGCodeBlocks::DFGCodeBlocks):
        (JSC::DFGCodeBlocks::~DFGCodeBlocks):
        (JSC::DFGCodeBlocks::jettison):
        (JSC::DFGCodeBlocks::clearMarks):
        (JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks):
        (JSC::DFGCodeBlocks::traceMarkedCodeBlocks):
        * heap/DFGCodeBlocks.h: Added.
        * heap/Heap.cpp:
        (JSC::Heap::jettisonDFGCodeBlock):
        (JSC::Heap::markRoots):
        (JSC::Heap::collect):
        * heap/Heap.h:
        * heap/JettisonedCodeBlocks.cpp: Removed.
        * heap/JettisonedCodeBlocks.h: Removed.
        * interpreter/RegisterFile.cpp:
        (JSC::RegisterFile::gatherConservativeRoots):
        * interpreter/RegisterFile.h:
        * runtime/Executable.cpp:
        (JSC::jettisonCodeBlock):

2011-11-16  Filip Pizlo  <fpizlo@apple.com>

        Unreviewed, build fix for 32-bit.

        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):

2011-11-16  Geoffrey Garen  <ggaren@apple.com>

        Some CachedCall cleanup, in preparation for reversing argument order.

        Reviewed by Gavin Barraclough.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::stronglyVisitWeakReferences): A build fix for the interpreter,
        so I can test it.

        * interpreter/CachedCall.h:
        (JSC::CachedCall::CachedCall): Renamed argCount to argumentCount because
        we are not that desperate for character saving.

        (JSC::CachedCall::setThis):
        (JSC::CachedCall::setArgument): Adopted new 0-based argument indexing for
        CallFrameClosure.

        * interpreter/CallFrameClosure.h:
        (JSC::CallFrameClosure::setThis):
        (JSC::CallFrameClosure::setArgument):
        (JSC::CallFrameClosure::resetCallFrame): Provide 0-based argument indexing,
        with an explicit setter for 'this', since that's how most clients think.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::prepareForRepeatCall):
        * interpreter/Interpreter.h: Change argCount to argumentCountIncludingThis,
        for clarity.

2011-11-16  Mark Hahnenberg  <mhahnenberg@apple.com>

        De-virtualize ScriptExecutable::unlinkCalls
        https://bugs.webkit.org/show_bug.cgi?id=72546

        Reviewed by Geoffrey Garen.

        * runtime/Executable.cpp:
        (JSC::FunctionExecutable::~FunctionExecutable): Added an empty explicit virtual destructor to prevent a very odd compilation error
        due to the fact that the compiler was trying to generate the implicit inline destructor in every translation unit, some of which 
        didn't have complete type information on the things that needed to be destructed in the implicit destructor.
        * runtime/Executable.h:
        (JSC::EvalExecutable::createStructure): Used new type value from JSType
        (JSC::ProgramExecutable::createStructure): Ditto
        (JSC::FunctionExecutable::createStructure): Ditto
        (JSC::ScriptExecutable::unlinkCalls): Condition upon the type value, cast and call the corresponding unlinkCalls implementation.
        * runtime/JSType.h: Added new values for EvalExecutable, ProgramExecutable, and FunctionExecutable.  Remove explicit numbers, since 
        that just adds noise to patches and they currently have no significance.

2011-11-16  Filip Pizlo  <fpizlo@apple.com>

        JSC::CodeBlock should know which references generated by the DFG are weak
        https://bugs.webkit.org/show_bug.cgi?id=72563

        Reviewed by Geoff Garen.
        
        CodeBlock::m_dfgData now tracks weak references and weak reference transitions
        (like ephemerons) generated by the DFG. The DFG makes sure to notify the
        CodeBlock of all uses of weak references and weak reference transitions.
        CodeBlock currently marks them strongly, since the weak marking logic is not
        in place, yet.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::visitAggregate):
        (JSC::CodeBlock::stronglyVisitWeakReferences):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::appendWeakReference):
        (JSC::CodeBlock::shrinkWeakReferencesToFit):
        (JSC::CodeBlock::appendWeakReferenceTransition):
        (JSC::CodeBlock::shrinkWeakReferenceTransitionsToFit):
        (JSC::CodeBlock::WeakReferenceTransition::WeakReferenceTransition):
        * bytecode/CodeOrigin.h:
        (JSC::CodeOrigin::codeOriginOwner):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::handleCall):
        (JSC::DFG::ByteCodeParser::handleInlining):
        (JSC::DFG::ByteCodeParser::parseBlock):
        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::link):
        * dfg/DFGJITCompiler.h:
        (JSC::DFG::JITCompiler::addWeakReference):
        (JSC::DFG::JITCompiler::addWeakReferenceTransition):
        (JSC::DFG::JITCompiler::branchWeakPtr):
        * dfg/DFGSpeculativeJIT.h:
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::fillJSValue):
        (JSC::DFG::SpeculativeJIT::compile):

2011-11-16  Michael Saboff  <msaboff@apple.com>

        LayoutTests for Debug Builds Crashes in JavaScriptCore/yarr/YarrInterpreter.cpp(185)
        https://bugs.webkit.org/show_bug.cgi?id=72561

        Removed #if USE(JSC) and therefore the ASSERT_NOT_REACHED().
        Simplified the code in the process.

        Reviewed by James Robinson.

        * yarr/YarrInterpreter.cpp:
        (JSC::Yarr::Interpreter::CharAccess::CharAccess):
        (JSC::Yarr::Interpreter::CharAccess::~CharAccess):

2011-11-16  Geoffrey Garen  <ggaren@apple.com>

        Interpreter build fixes.

        * bytecode/CodeBlock.h:
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::privateExecute):

2011-11-16  Patrick Gansterer  <paroga@webkit.org>

        Unreviewed. Build fix for !ENABLE(JIT) after r100363.

        * bytecode/CodeBlock.h:

2011-11-16  Geoffrey Garen  <ggaren@apple.com>

        Rolled back in r100375 and r100385 with 32-bit build fixed.

        * dfg/DFGOperations.cpp:
        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):
        * runtime/ArgList.cpp:
        (JSC::ArgList::getSlice):
        * runtime/ArgList.h:
        * runtime/JSArray.cpp:
        (JSC::JSArray::finishCreation):
        * runtime/JSArray.h:
        (JSC::JSArray::create):
        * runtime/JSGlobalObject.h:
        (JSC::constructArray):

2011-11-16  Filip Pizlo  <fpizlo@apple.com>

        DFG global variable CSE mishandles the cross-global-object inlining corner case
        https://bugs.webkit.org/show_bug.cgi?id=72542

        Reviewed by Geoff Garen.
        
        Moved code to get the global object for a code origin into CodeBlock, so it is
        more broadly accessible. Fixed CSE to compare both the variable number, and the
        global object, before deciding to perform elimination.

        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::globalObjectFor):
        * dfg/DFGAssemblyHelpers.h:
        (JSC::DFG::AssemblyHelpers::globalObjectFor):
        * dfg/DFGPropagator.cpp:
        (JSC::DFG::Propagator::globalVarLoadElimination):
        (JSC::DFG::Propagator::performNodeCSE):

2011-11-16  Michael Saboff  <msaboff@apple.com>

        Enable 8 Bit Strings in JavaScriptCore
        https://bugs.webkit.org/show_bug.cgi?id=71337

        This patch turns on 8 bit strings in StringImpl and enables
        their use in JavaScriptCore. Some of the changes are to
        turn on code that had been staged (Lexer.cpp, Identifier.cpp,
        SmallStrings.cpp and some of StringImpl.{h,cpp}).
        Other changes are minor fixes to make 8 bit strings work
        (UString.h, StringImpl::getData16SlowCase()).
        Changed StringBuffer to be a templated class based on character
        type.  This change rippled into WebCore code as well.

        Reviewed by Geoffrey Garen.

        * JavaScriptCore.exp:
        * parser/Lexer.cpp:
        (JSC::::append8): Changed to use 8 bit buffers.
        (JSC::::parseIdentifier): Changed to use 8 bit buffers.
        (JSC::::parseString): Changed to use 8 bit buffers.
        * runtime/Identifier.cpp:
        (JSC::IdentifierCStringTranslator::translate): 8 bit version keeps data 8 bit
        (JSC::Identifier::toUInt32FromCharacters): Templated helper.
        (JSC::Identifier::toUInt32): Added 8 bit optimized path.
        * runtime/SmallStrings.cpp:
        (JSC::SmallStringsStorage::SmallStringsStorage): Changed to be 8 bit strings
        * runtime/UString.h:
        (JSC::UString::characters): Now calls StringImpl::characters()
        * wtf/Forward.h:
        * wtf/text/StringBuffer.h: Made StringBuffer a template base on character type.
        (WTF::StringBuffer::StringBuffer):
        (WTF::StringBuffer::characters):
        (WTF::StringBuffer::release):
        * wtf/text/StringImpl.cpp:
        (WTF::StringImpl::create):
        (WTF::StringImpl::getData16SlowCase): Fixed null terminated case.
        (WTF::StringImpl::removeCharacters): Added 8 bit path.
        (WTF::StringImpl::simplifyMatchedCharactersToSpace):
        (WTF::StringImpl::simplifyWhiteSpace):
        (WTF::equal): Removed bug from code copied from null terminated version.
        (WTF::StringImpl::adopt): Added 8 bit path.
        (WTF::StringImpl::createWithTerminatingNullCharacter): Fixed 8 bi flag propagation.
        * wtf/text/StringImpl.h:
        (WTF::StringImpl::StringImpl): Added new 8 bit constructor.
        (WTF::StringImpl::characters8): Removed ASSERT_NOT_REACHED().
        (WTF::getCharacters<LChar>): Added templated accessor for 8 bit strings.
        (WTF::getCharacters<UChar>): Added templated accessor for 16 bit strings.
        * wtf/text/WTFString.h:
        (WTF::String::adopt): Changed to use StringBuffer template.

2011-11-16  Mark Hahnenberg  <mhahnenberg@apple.com>

        De-virtualize ExecutableBase::clearCodeVirtual
        https://bugs.webkit.org/show_bug.cgi?id=72337

        Reviewed by Darin Adler.

        Added static finalize functions to the subclasses of ExecutableBase that provide an implementation 
        of clearCodeVirtual, changed all of the clearCodeVirtual methods to non-virtual clearCode method,
        and had the finalize functions call the corresponding clearCode methods.

        * runtime/Executable.cpp:
        (JSC::ExecutableBase::clearCode):
        (JSC::NativeExecutable::finalize):
        (JSC::EvalExecutable::finalize):
        (JSC::EvalExecutable::clearCode):
        (JSC::ProgramExecutable::finalize):
        (JSC::ProgramExecutable::clearCode):
        (JSC::FunctionExecutable::discardCode):
        (JSC::FunctionExecutable::finalize):
        (JSC::FunctionExecutable::clearCode):
        * runtime/Executable.h:
        (JSC::ExecutableBase::finishCreation):
        (JSC::NativeExecutable::create):
        (JSC::EvalExecutable::create):
        (JSC::ProgramExecutable::create):
        (JSC::FunctionExecutable::create):

2011-11-16  Yusuke Suzuki  <utatane.tea@gmail.com>

        String new RegExp('\n').toString() returns is invalid RegularExpressionLiteral
        https://bugs.webkit.org/show_bug.cgi?id=71572

        Reviewed by Gavin Barraclough and Darin Adler.

        * runtime/RegExpObject.cpp:
        (JSC::regExpObjectSource):

2011-11-16  Darin Adler  <darin@apple.com>

        Specialize HashTraits for OwnPtr to use PassOwnPtr and raw pointer
        https://bugs.webkit.org/show_bug.cgi?id=72475

        Reviewed by Adam Roben.

        * wtf/HashTraits.h: Specialize HashTraits for OwnPtr.
        Do overloads so we can pass a nullptr and also be sure to get the
        raw pointer type from the OwnPtr template so we handle both forms
        of OwnPtr: OwnPtr<T> and OwnPtr<T*>.

2011-11-16  Simon Hausmann  <simon.hausmann@nokia.com>

        [Qt] Centralize hide_symbols and ensure all libs are built with symbol visibility & bsymbolic_functions

        Reviewed by Tor Arne Vestbø.

        * Target.pri: Eliminate duplicated symbol stuff that lives now in default_post.prf.

2011-11-16  Simon Hausmann  <simon.hausmann@nokia.com>

        Unreviewed, rolling out r100266.
        http://trac.webkit.org/changeset/100266

        Broke WTR.

        * Target.pri:

2011-11-16  Darin Adler  <darin@apple.com>

        Add a "pass type" and "peek type" concept to HashTraits
        https://bugs.webkit.org/show_bug.cgi?id=72473

        Reviewed by Filip Pizlo.

        * wtf/HashTraits.h: Added the pass type and peek type.
        For OwnPtr, the pass type will be PassOwnPtr and the peek
        type will be a raw pointer.

2011-11-16  Darin Adler  <darin@apple.com>

        Fix some hash traits that don't derive from the base hash traits
        https://bugs.webkit.org/show_bug.cgi?id=72470

        Reviewed by Filip Pizlo.

        Hash traits structures need to derive from the base hash traits in
        HashTraits.h, but some were not. This is needed for compatibility with
        some additional traits we will be adding to make OwnPtr work with HashMap.

        * runtime/Identifier.h: Make IdentifierMapIndexHashTraits derive from
        HashTraits<int>. This enabled removal of all the members except for the
        ones that control the empty value, because this is otherwise the same
        as the standard int hash.

        * runtime/SymbolTable.h: Changed SymbolTableIndexHashTraits to derive
        from HashTraits<SymbolTableEntry> and removed redundant members.

2011-11-15  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r100375 and r100385.
        http://trac.webkit.org/changeset/100375
        http://trac.webkit.org/changeset/100385
        https://bugs.webkit.org/show_bug.cgi?id=72465

        They broke 32 bit builds on Qt (Requested by ossy on #webkit).

        * dfg/DFGOperations.cpp:
        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):
        * runtime/ArgList.cpp:
        (JSC::ArgList::getSlice):
        * runtime/ArgList.h:
        (JSC::ArgList::ArgList):
        * runtime/JSArray.cpp:
        * runtime/JSArray.h:
        * runtime/JSGlobalObject.h:

2011-11-15  George Staikos  <staikos@webkit.org>

        Remove the guard page from the addressable stack region on QNX.
        https://bugs.webkit.org/show_bug.cgi?id=72455

        Reviewed by Daniel Bates.

        * wtf/StackBounds.cpp:
        (WTF::StackBounds::initialize):

2011-11-15  Michael Saboff  <msaboff@apple.com>

        Towards 8 bit Strings - Update utf8() and ascii() methods for 8 bit strings
        https://bugs.webkit.org/show_bug.cgi?id=72323

        Added 8 bit optimized paths for String and UString ascii() and utf8() methods.

        Added String::characters8(), characters16() and is8Bit() helper methods.

        Added an new Unicode::convertLatin1ToUTF8() method that works on
        LChar (8 bit) strings that is a stripped down version of convertUTF16ToUTF8().

        Reviewed by Geoff Garen.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * runtime/UString.cpp:
        (JSC::UString::utf8):
        * wtf/text/WTFString.cpp:
        (WTF::String::ascii):
        (WTF::String::utf8):
        * wtf/text/WTFString.h:
        (WTF::String::characters8):
        (WTF::String::characters16):
        (WTF::String::is8Bit):
        (WTF::LChar):
        (WTF::UChar):
        * wtf/unicode/UTF8.cpp:
        (WTF::Unicode::convertLatin1ToUTF8):
        * wtf/unicode/UTF8.h:
        * wtf/unicode/Unicode.h:

2011-11-15  Darin Adler  <darin@apple.com>

        REGRESSION (r98887): ParserArena and Keywords leaking
        https://bugs.webkit.org/show_bug.cgi?id=72428

        Reviewed by Sam Weinig.

        * parser/Lexer.h: Made Keywords destructor public since OwnPtr and PassOwnPtr
        need to be able to destroy it.

        * parser/Parser.cpp:
        (JSC::Parser::Parser): Use get now that parserArena is an OwnPtr.

        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData): Use adoptPtr to initialize OwnPtr members.

        * runtime/JSGlobalData.h: Make parserArena and keywords be OwnPtr.

2011-11-15  Geoffrey Garen  <ggaren@apple.com>

        Removed another use of ArgList that baked in the assumption that arguments
        are forward in the regiter file.

        Reviewed by Sam Weinig.

        * dfg/DFGOperations.cpp:
        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION): Use our new array creation API, instead of
        working through ArgList.

        * runtime/ArgList.h: Removed!

2011-11-15  Geoffrey Garen  <ggaren@apple.com>

        Removed a use of ArgList that baked in the assumption that arguments
        are forward in the regiter file.

        Reviewed by Sam Weinig.

        * dfg/DFGOperations.cpp:
        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION): Use new API.

        * runtime/ArgList.cpp:
        (JSC::ArgList::getSlice): No need to provide an arbitrary constructor --
        getSlice can do the right thing by using its rights to private data.

        * runtime/ArgList.h: Removed constructor that took a forward-contiguous
        set of arguments.

        * runtime/JSArray.cpp:
        (JSC::JSArray::finishCreation):
        * runtime/JSArray.h:
        (JSC::JSArray::create):
        * runtime/JSGlobalObject.h:
        (JSC::constructArray): Added explicit support for creating an array from
        a pre-allocated set of values, so we could stop relying on the ArgList
        API we want to remove.

2011-11-15  Filip Pizlo  <fpizlo@apple.com>

        Crash in JSC::DFG::OSRExitCompiler::compileExit(JSC::DFG::OSRExit const&, JSC::DFG::SpeculationRecovery*)
        https://bugs.webkit.org/show_bug.cgi?id=72292

        Reviewed by Geoff Garen.
        
        We need to be careful about how we look for the baseline CodeBlock if we're lazy-compiling
        an OSR exit after our CodeBlock has been jettisoned. In short, use CodeBlock::baselineVersion()
        instead of CodeBlock::alternative().
        
        No performance effect.
        
        No tests because all of our heuristics work very hard to make sure that this never happens in
        the first place. OSR exits are rare by design, and jettisoning of CodeBlocks (i.e. recompilation)
        is even rarer. Furthermore, OSR exits after a CodeBlock has been jettisoned is rarer still
        because the whole point of jettisoning is to bring the probability of future OSR exits to as
        close to zero as possible. But even that isn't enough to trigger this bug; it requires the OSR
        exit after a jettison to be the first of its kind; our whole design tries to ensure that
        CodeBlocks tend to OSR exit at a handful (i.e. 1 in most cases) of points, and since jettisoning
        is triggered by OSR, in most sane cases the OSR exits after jettison will not require lazy OSR
        compilation. So this is a truly evil case, and any test for it would be quite fragile.

        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::specializationKind):
        (JSC::CodeBlock::largeFailCountThreshold):
        (JSC::CodeBlock::largeFailCountThresholdForLoop):
        * dfg/DFGAssemblyHelpers.h:
        (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
        (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor):
        (JSC::DFG::AssemblyHelpers::baselineCodeBlock):
        * dfg/DFGDriver.cpp:
        (JSC::DFG::compile):
        * dfg/DFGOSRExitCompiler.cpp:
        * dfg/DFGOSRExitCompiler64.cpp:
        (JSC::DFG::OSRExitCompiler::compileExit):

2011-11-15  Geoffrey Garen  <ggaren@apple.com>

        Use MarkedArgumentBuffer to avoid making assumptions about argument order
        https://bugs.webkit.org/show_bug.cgi?id=72418

        Reviewed by Sam Weinig.
        
        A step toward reversing the argument order.

        * runtime/JSONObject.cpp:
        (JSC::Stringifier::toJSON):
        (JSC::Stringifier::appendStringifiedValue):
        (JSC::Walker::callReviver): Don't assume that ArgList wants to point
        at arguments in forward order. Instead, use MarkedArgumentBuffer, which
        will make the decision for us.

2011-11-15  Filip Pizlo  <fpizlo@apple.com>

        DFG should distinguish between constants in the constant pool and weak
        constants added as artifacts of code generation
        https://bugs.webkit.org/show_bug.cgi?id=72367

        Reviewed by Geoff Garen.
        
        Added the notion of a WeakJSConstant, which is like a JSConstant except that
        it can only refer to JSCell*. Currently all WeakJSConstants are also backed
        by constants in the constant pool, since weak references originated from
        machine code are not yet properly handled.
        
        Replaced CheckMethod, and MethodCheckData, with a combination of WeakJSConstant
        and CheckStructure. This results in improved CSE, leading to a 1% win on V8.

        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::execute):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::cellConstant):
        (JSC::DFG::ByteCodeParser::prepareToParseBlock):
        (JSC::DFG::ByteCodeParser::parseBlock):
        * dfg/DFGGraph.cpp:
        (JSC::DFG::Graph::dump):
        * dfg/DFGGraph.h:
        (JSC::DFG::Graph::getJSConstantPrediction):
        (JSC::DFG::Graph::valueOfJSConstant):
        (JSC::DFG::Graph::valueOfInt32Constant):
        (JSC::DFG::Graph::valueOfNumberConstant):
        (JSC::DFG::Graph::valueOfBooleanConstant):
        * dfg/DFGNode.h:
        (JSC::DFG::Node::isWeakConstant):
        (JSC::DFG::Node::hasConstant):
        (JSC::DFG::Node::weakConstant):
        (JSC::DFG::Node::valueOfJSConstant):
        (JSC::DFG::Node::isInt32Constant):
        (JSC::DFG::Node::isDoubleConstant):
        (JSC::DFG::Node::isNumberConstant):
        (JSC::DFG::Node::isBooleanConstant):
        (JSC::DFG::Node::hasIdentifier):
        * dfg/DFGPropagator.cpp:
        (JSC::DFG::Propagator::propagateNodePredictions):
        (JSC::DFG::Propagator::performNodeCSE):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):

2011-11-15  Michael Saboff  <msaboff@apple.com>

        Towards 8 bit Strings - Initial JS String Tuning
        https://bugs.webkit.org/show_bug.cgi?id=72326

        Added 8 bit optimized paths for the methods below.

        Reviewed by Geoffrey Garen.

        * runtime/JSString.h:
        (JSC::jsSubstring8):
        * runtime/StringPrototype.cpp:
        (JSC::jsSpliceSubstrings):
        (JSC::jsSpliceSubstringsWithSeparators):
        (JSC::stringProtoFuncReplace):
        (JSC::stringProtoFuncCharCodeAt):

2011-11-15  Gavin Barraclough  <barraclough@apple.com>

        Result of Error.prototype.toString not ES5 conformant
        https://bugs.webkit.org/show_bug.cgi?id=70889

        Reviewed by Oliver Hunt.

        * runtime/ErrorPrototype.cpp:
        (JSC::errorProtoFuncToString):

2011-11-15  Simon Hausmann  <simon.hausmann@nokia.com>

        [Qt] Centralize hide_symbols and ensure all libs are built with symbol visibility & bsymbolic_functions

        Reviewed by Tor Arne Vestbø.

        * Target.pri: Eliminate duplicated symbol stuff that lives now in default_post.prf.

2011-11-15  Yuqiang Xian  <yuqiang.xian@intel.com>

        Remove DFGJITCompilerInlineMethods
        https://bugs.webkit.org/show_bug.cgi?id=72366

        Reviewed by Filip Pizlo.

        Those methods are actually seldom used. Modify the few such places and
        remove DFGJITCompilerInlineMethods stuffs totally.

        * GNUmakefile.list.am:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * dfg/DFGJITCompiler.h:
        (JSC::DFG::JITCompiler::addressOfDoubleConstant):
        * dfg/DFGJITCompilerInlineMethods.h: Removed.
        * dfg/DFGSpeculativeJIT.cpp:
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::silentFillFPR):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::fillJSValue):
        (JSC::DFG::SpeculativeJIT::cachedGetMethod):

2011-11-14  Filip Pizlo  <fpizlo@apple.com>

        DFG::SpeculativeJIT and DFG::JITCodeGenerator should be combined
        https://bugs.webkit.org/show_bug.cgi?id=72348

        Reviewed by Gavin Barraclough.
        
        Moved all of JITCodeGenerator into SpeculativeJIT.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * dfg/DFGJITCodeGenerator.cpp: Removed.
        * dfg/DFGJITCodeGenerator.h: Removed.
        * dfg/DFGJITCodeGenerator32_64.cpp: Removed.
        * dfg/DFGJITCodeGenerator64.cpp: Removed.
        * dfg/DFGJITCompiler.cpp:
        * dfg/DFGRepatch.cpp:
        (JSC::DFG::generateProtoChainAccessStub):
        (JSC::DFG::tryCacheGetByID):
        (JSC::DFG::tryCachePutByID):
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::clearGenerationInfo):
        (JSC::DFG::SpeculativeJIT::fillStorage):
        (JSC::DFG::SpeculativeJIT::useChildren):
        (JSC::DFG::SpeculativeJIT::isStrictInt32):
        (JSC::DFG::SpeculativeJIT::isKnownInteger):
        (JSC::DFG::SpeculativeJIT::isKnownNumeric):
        (JSC::DFG::SpeculativeJIT::isKnownCell):
        (JSC::DFG::SpeculativeJIT::isKnownNotCell):
        (JSC::DFG::SpeculativeJIT::isKnownNotInteger):
        (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
        (JSC::DFG::SpeculativeJIT::isKnownBoolean):
        (JSC::DFG::SpeculativeJIT::writeBarrier):
        (JSC::DFG::SpeculativeJIT::markCellCard):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
        (JSC::DFG::dataFormatString):
        (JSC::DFG::SpeculativeJIT::dump):
        (JSC::DFG::SpeculativeJIT::checkConsistency):
        (JSC::DFG::GPRTemporary::GPRTemporary):
        (JSC::DFG::GPRTemporary::adopt):
        (JSC::DFG::FPRTemporary::FPRTemporary):
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::at):
        (JSC::DFG::SpeculativeJIT::lock):
        (JSC::DFG::SpeculativeJIT::unlock):
        (JSC::DFG::SpeculativeJIT::canReuse):
        (JSC::DFG::SpeculativeJIT::reuse):
        (JSC::DFG::SpeculativeJIT::allocate):
        (JSC::DFG::SpeculativeJIT::tryAllocate):
        (JSC::DFG::SpeculativeJIT::fprAllocate):
        (JSC::DFG::SpeculativeJIT::isFilled):
        (JSC::DFG::SpeculativeJIT::isFilledDouble):
        (JSC::DFG::SpeculativeJIT::use):
        (JSC::DFG::SpeculativeJIT::selectScratchGPR):
        (JSC::DFG::SpeculativeJIT::silentSpillGPR):
        (JSC::DFG::SpeculativeJIT::silentSpillFPR):
        (JSC::DFG::SpeculativeJIT::silentFillGPR):
        (JSC::DFG::SpeculativeJIT::silentFillFPR):
        (JSC::DFG::SpeculativeJIT::silentSpillAllRegisters):
        (JSC::DFG::SpeculativeJIT::silentFillAllRegisters):
        (JSC::DFG::SpeculativeJIT::boxDouble):
        (JSC::DFG::SpeculativeJIT::unboxDouble):
        (JSC::DFG::SpeculativeJIT::spill):
        (JSC::DFG::SpeculativeJIT::isConstant):
        (JSC::DFG::SpeculativeJIT::isJSConstant):
        (JSC::DFG::SpeculativeJIT::isInt32Constant):
        (JSC::DFG::SpeculativeJIT::isDoubleConstant):
        (JSC::DFG::SpeculativeJIT::isNumberConstant):
        (JSC::DFG::SpeculativeJIT::isBooleanConstant):
        (JSC::DFG::SpeculativeJIT::isFunctionConstant):
        (JSC::DFG::SpeculativeJIT::valueOfInt32Constant):
        (JSC::DFG::SpeculativeJIT::valueOfNumberConstant):
        (JSC::DFG::SpeculativeJIT::addressOfDoubleConstant):
        (JSC::DFG::SpeculativeJIT::valueOfJSConstant):
        (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant):
        (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant):
        (JSC::DFG::SpeculativeJIT::isNullConstant):
        (JSC::DFG::SpeculativeJIT::identifier):
        (JSC::DFG::SpeculativeJIT::flushRegisters):
        (JSC::DFG::SpeculativeJIT::isFlushed):
        (JSC::DFG::SpeculativeJIT::valueOfJSConstantAsImmPtr):
        (JSC::DFG::SpeculativeJIT::bitOp):
        (JSC::DFG::SpeculativeJIT::shiftOp):
        (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
        (JSC::DFG::SpeculativeJIT::addressOfCallData):
        (JSC::DFG::SpeculativeJIT::tagOfCallData):
        (JSC::DFG::SpeculativeJIT::payloadOfCallData):
        (JSC::DFG::SpeculativeJIT::integerResult):
        (JSC::DFG::SpeculativeJIT::noResult):
        (JSC::DFG::SpeculativeJIT::cellResult):
        (JSC::DFG::SpeculativeJIT::booleanResult):
        (JSC::DFG::SpeculativeJIT::jsValueResult):
        (JSC::DFG::SpeculativeJIT::storageResult):
        (JSC::DFG::SpeculativeJIT::doubleResult):
        (JSC::DFG::SpeculativeJIT::initConstantInfo):
        (JSC::DFG::SpeculativeJIT::resetCallArguments):
        (JSC::DFG::SpeculativeJIT::addCallArgument):
        (JSC::DFG::SpeculativeJIT::setupArguments):
        (JSC::DFG::SpeculativeJIT::setupArgumentsExecState):
        (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState):
        (JSC::DFG::SpeculativeJIT::setupTwoStubArgs):
        (JSC::DFG::SpeculativeJIT::setupStubArguments):
        (JSC::DFG::SpeculativeJIT::callOperation):
        (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
        (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
        (JSC::DFG::SpeculativeJIT::setupResults):
        (JSC::DFG::SpeculativeJIT::appendCallSetResult):
        (JSC::DFG::SpeculativeJIT::addBranch):
        (JSC::DFG::SpeculativeJIT::linkBranches):
        (JSC::DFG::SpeculativeJIT::block):
        (JSC::DFG::SpeculativeJIT::checkConsistency):
        (JSC::DFG::SpeculativeJIT::BranchRecord::BranchRecord):
        (JSC::DFG::IntegerOperand::IntegerOperand):
        (JSC::DFG::IntegerOperand::~IntegerOperand):
        (JSC::DFG::IntegerOperand::index):
        (JSC::DFG::IntegerOperand::format):
        (JSC::DFG::IntegerOperand::gpr):
        (JSC::DFG::IntegerOperand::use):
        (JSC::DFG::DoubleOperand::DoubleOperand):
        (JSC::DFG::DoubleOperand::~DoubleOperand):
        (JSC::DFG::DoubleOperand::index):
        (JSC::DFG::DoubleOperand::fpr):
        (JSC::DFG::DoubleOperand::use):
        (JSC::DFG::JSValueOperand::JSValueOperand):
        (JSC::DFG::JSValueOperand::~JSValueOperand):
        (JSC::DFG::JSValueOperand::index):
        (JSC::DFG::JSValueOperand::gpr):
        (JSC::DFG::JSValueOperand::jsValueRegs):
        (JSC::DFG::JSValueOperand::isDouble):
        (JSC::DFG::JSValueOperand::fill):
        (JSC::DFG::JSValueOperand::tagGPR):
        (JSC::DFG::JSValueOperand::payloadGPR):
        (JSC::DFG::JSValueOperand::fpr):
        (JSC::DFG::JSValueOperand::use):
        (JSC::DFG::StorageOperand::StorageOperand):
        (JSC::DFG::StorageOperand::~StorageOperand):
        (JSC::DFG::StorageOperand::index):
        (JSC::DFG::StorageOperand::gpr):
        (JSC::DFG::StorageOperand::use):
        (JSC::DFG::GPRTemporary::~GPRTemporary):
        (JSC::DFG::GPRTemporary::gpr):
        (JSC::DFG::FPRTemporary::~FPRTemporary):
        (JSC::DFG::FPRTemporary::fpr):
        (JSC::DFG::FPRTemporary::FPRTemporary):
        (JSC::DFG::GPRResult::GPRResult):
        (JSC::DFG::GPRResult2::GPRResult2):
        (JSC::DFG::FPRResult::FPRResult):
        (JSC::DFG::FPRResult::lockedResult):
        (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::fillInteger):
        (JSC::DFG::SpeculativeJIT::fillDouble):
        (JSC::DFG::SpeculativeJIT::fillJSValue):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeKnownConstantArithOp):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeBasicArithOp):
        (JSC::DFG::SpeculativeJIT::cachedGetById):
        (JSC::DFG::SpeculativeJIT::cachedPutById):
        (JSC::DFG::SpeculativeJIT::cachedGetMethod):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
        (JSC::DFG::SpeculativeJIT::emitCall):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::fillInteger):
        (JSC::DFG::SpeculativeJIT::fillDouble):
        (JSC::DFG::SpeculativeJIT::fillJSValue):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeKnownConstantArithOp):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeBasicArithOp):
        (JSC::DFG::SpeculativeJIT::cachedGetById):
        (JSC::DFG::SpeculativeJIT::cachedPutById):
        (JSC::DFG::SpeculativeJIT::cachedGetMethod):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
        (JSC::DFG::SpeculativeJIT::emitCall):
        * runtime/JSFunction.h:

2011-11-14  Filip Pizlo  <fpizlo@apple.com>

        Weak reference harvesters should run to fixpoint
        https://bugs.webkit.org/show_bug.cgi?id=72346

        Reviewed by Oliver Hunt.

        * heap/Heap.cpp:
        (JSC::Heap::markRoots):
        * heap/ListableHandler.h:
        (JSC::ListableHandler::next):
        (JSC::ListableHandler::List::head):
        (JSC::ListableHandler::List::removeNext):
        (JSC::ListableHandler::List::removeAll):
        * heap/MarkStack.cpp:
        (JSC::MarkStackThreadSharedData::reset):
        (JSC::SlotVisitor::harvestWeakReferences):
        * heap/MarkStack.h:
        (JSC::MarkStack::isEmpty):

2011-11-14  Oliver Hunt  <oliver@apple.com>

        Start migrating typed array impl types to WTF
        https://bugs.webkit.org/show_bug.cgi?id=72336

        Reviewed by Geoffrey Garen.

        Add typed array impls to WTF forwarding header.

        * wtf/Forward.h:

2011-11-14  Julien Chaffraix  <jchaffraix@webkit.org>

        Add --css-grid-layout to build-webkit and the build systems
        https://bugs.webkit.org/show_bug.cgi?id=72320

        Reviewed by Ojan Vafai.

        * Configurations/FeatureDefines.xcconfig:

2011-11-14  Geoffrey Garen  <ggaren@apple.com>

        A little bit of arguments / activation cleanup
        https://bugs.webkit.org/show_bug.cgi?id=72339

        Reviewed by Gavin Barraclough.
        
        Renamed copyRegisters => tearOff to match bytecode and other terminology.
        
        Renamed setActivation => didTearOffActivation to indicate that this is a
        notification the object may choose to ignore. Moved "Should I ignore?"
        code into the arguments object to avoid duplication elsewhere.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::unwindCallFrame):
        (JSC::Interpreter::privateExecute):
        (JSC::Interpreter::retrieveArguments):
        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):
        * runtime/Arguments.h:
        (JSC::Arguments::createAndTearOff):
        (JSC::Arguments::didTearOffActivation):
        (JSC::Arguments::finishCreationButDontTearOff):
        (JSC::Arguments::finishCreation):
        (JSC::Arguments::finishCreationAndTearOff):
        (JSC::Arguments::tearOff):

        * runtime/JSActivation.h:
        (JSC::JSActivation::tearOff): Moved Activation's code into its own header
        because that's where it belongs.

2011-11-14  Gavin Barraclough  <barraclough@apple.com>

        Should sign the jsc binary
        https://bugs.webkit.org/show_bug.cgi?id=72332

        Reviewed by David Kilzer.

        * Configurations/JSC.xcconfig:
        * entitlements.plist: Added.

2011-11-14  Filip Pizlo  <fpizlo@apple.com>

        DFG's inline references to objects should be tracked
        https://bugs.webkit.org/show_bug.cgi?id=72313

        Reviewed by Gavin Barraclough.
        
        Added a pinCell() method in the parser that currently creates a
        dummy constant in CodeBlock. Added calls to pinCell() wherever the
        DFG would inline a constant reference that the original code would
        not have referred to.
        
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::getCellConstantIndex):
        (JSC::DFG::ByteCodeParser::pinCell):
        (JSC::DFG::ByteCodeParser::cellConstant):
        (JSC::DFG::ByteCodeParser::handleCall):
        (JSC::DFG::ByteCodeParser::handleInlining):
        (JSC::DFG::ByteCodeParser::parseBlock):

2011-11-14  Filip Pizlo  <fpizlo@apple.com>

        DFG put_by_id transition optimizations test the wrong structures
        https://bugs.webkit.org/show_bug.cgi?id=72324

        Reviewed by Gavin Barraclough.

        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::structureChainIsStillValid):
        (JSC::DFG::ByteCodeParser::parseBlock):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::privateCompilePutByIdTransition):

2011-11-14  Michael Saboff  <msaboff@apple.com>

        Further changes and cleanup to JSString.h and cpp.

        Reviewed by Darin Adler.

        * runtime/JSString.cpp:
        (JSC::JSString::resolveRope): Change PassRefPtr to RefPtr.  Eliminated exec in slow case calls.
        (JSC::JSString::resolveRopeSlowCase8): Darin and I agreed that this should have 8 in name.
        (JSC::JSString::resolveRopeSlowCase): Removed exec parameter.
        * runtime/JSString.h:

2011-11-14  Adam Barth  <abarth@webkit.org>

        DateMath.cpp should not depend on JavaScriptCore
        https://bugs.webkit.org/show_bug.cgi?id=71747

        Reviewed by Darin Adler.

        This patch moves the JSC-specific parts of DateMath into JSDateMath in
        JavaScriptCore.  There shouldn't be any behavior change.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.gypi:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * runtime/DateConstructor.cpp:
        * runtime/DateConversion.cpp:
        * runtime/DateInstance.cpp:
        * runtime/DateInstanceCache.h:
        * runtime/DatePrototype.cpp:
        * runtime/InitializeThreading.cpp:
        * runtime/JSDateMath.cpp: Copied from Source/JavaScriptCore/wtf/DateMath.cpp.
        (JSC::timeToMS):
        (JSC::msToSeconds):
        * runtime/JSDateMath.h: Copied from Source/JavaScriptCore/wtf/DateMath.h.
        * wtf/DateMath.cpp:
        (WTF::isLeapYear):
        (WTF::msToDays):
        (WTF::msToMinutes):
        (WTF::msToHours):
        (WTF::parseDateFromNullTerminatedCharacters):
        (WTF::makeRFC2822DateString):
        * wtf/DateMath.h:

2011-11-14  Michael Saboff  <msaboff@apple.com>

        Towards 8 bit strings - Add 8 bit handling to JSString Ropes
        https://bugs.webkit.org/show_bug.cgi?id=72317

        Added bit to track that a rope is made up of all 8 bit fibers.
        Created an 8 bit path (fast and slow cases) to handle 8 bit 
        only ropes.

        Reviewed by Oliver Hunt.

        * runtime/JSString.cpp:
        (JSC::JSString::resolveRope):
        (JSC::JSString::resolveRopeSlowCase8):
        (JSC::JSString::resolveRopeSlowCase16):
        * runtime/JSString.h:
        (JSC::RopeBuilder::finishCreation):
        (JSC::RopeBuilder::is8Bit):
        (JSC::jsSubstring8):

2011-11-14  Geoffrey Garen  <ggaren@apple.com>

        A little bit of function call cleanup
        https://bugs.webkit.org/show_bug.cgi?id=72314

        Reviewed by Oliver Hunt.

        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitCall): Renamed callFrame to registerOffset
        because this value doesn't give you the offset of the callee's call frame.

        (JSC::BytecodeGenerator::emitReturn): Tightened to use equality instead
        of greater-than. Removed comment since its reasoning was wrong.
        
        (JSC::BytecodeGenerator::emitConstruct): Updated for rename mentioned above.

        (JSC::BytecodeGenerator::isArgumentNumber): Provided a more precise way
        to ask this question, giving the bytecode generator more freedom to change
        internal implementation details.
        
        * bytecompiler/BytecodeGenerator.h: Reduced default vector capacity because
        16 was overkill.
        (JSC::CallArguments::registerOffset): Updated for rename mentioned above.

        * bytecompiler/NodesCodegen.cpp:
        (JSC::CallArguments::CallArguments):
        (JSC::CallArguments::newArgument): Factored out argument allocation into
        a helper function, so I can change it later.

        (JSC::CallFunctionCallDotNode::emitBytecode):
        (JSC::FunctionBodyNode::emitBytecode): Use helper function mentioned above.

2011-11-14  Tony Chang  <tony@chromium.org>

        Remove the CSS3_FLEXBOX compile time flag and enable on all ports
        https://bugs.webkit.org/show_bug.cgi?id=72196

        Reviewed by Ojan Vafai.

        * Configurations/FeatureDefines.xcconfig:

2011-11-14  Mark Rowe  <mrowe@apple.com>

        <rdar://problem/10424154> testRegExp should not be installed as part of JavaScriptCore

        testRegExp and testapi.js were being installed in the JavaScriptCore framework.
        As test-only tools they shouldn't be installed there by default, only when
        FORCE_TOOL_INSTALL is set to YES.

        This patch incorprorates a few related changes:
        1) Make the jsc and testRegExp targets be configured via .xcconfig files.
        2) Sets up testRegExp so that SKIP_INSTALL is YES by default, and only NO when
           FORCE_TOOL_INSTALL is YES.
        3) Switches the testapi target to using a script build phase to install testapi.js
           so that the installation will be skipped when SKIP_INSTALL is YES. I'm not sure
           why this isn't the built-in behavior when a Copy Files build phase has "Copy only
           when installing" checked, but it doesn't seem to be.
        4) Other random cleanup such as removing a bogus group that refers to files that do
           not exist, moving testRegExp.cpp in to the tests group, etc.

        Reviewed by Geoff Garen.

        * Configurations/JSC.xcconfig: Added.
        * Configurations/TestRegExp.xcconfig: Added.
        * JavaScriptCore.xcodeproj/project.pbxproj:

2011-11-14  Michael Saboff  <msaboff@apple.com>

        Towards 8 bit strings - Add 8 bit paths to StringImpl methods
        https://bugs.webkit.org/show_bug.cgi?id=72290

        Added 8 bit patchs to StringImpl to number and find methods.

        Reviewed by Oliver Hunt.

        * wtf/text/StringImpl.cpp:
        (WTF::StringImpl::toIntStrict):
        (WTF::StringImpl::toUIntStrict):
        (WTF::StringImpl::toInt64Strict):
        (WTF::StringImpl::toUInt64Strict):
        (WTF::StringImpl::toIntPtrStrict):
        (WTF::StringImpl::toInt):
        (WTF::StringImpl::toUInt):
        (WTF::StringImpl::toInt64):
        (WTF::StringImpl::toUInt64):
        (WTF::StringImpl::toIntPtr):
        (WTF::StringImpl::toDouble):
        (WTF::StringImpl::toFloat):
        (WTF::StringImpl::find):
        (WTF::StringImpl::reverseFind):
        * wtf/text/WTFString.cpp:
        (WTF::toIntegralType):
        (WTF::lengthOfCharactersAsInteger):
        (WTF::charactersToIntStrict):
        (WTF::charactersToUIntStrict):
        (WTF::charactersToInt64Strict):
        (WTF::charactersToUInt64Strict):
        (WTF::charactersToIntPtrStrict):
        (WTF::charactersToInt):
        (WTF::charactersToUInt):
        (WTF::charactersToInt64):
        (WTF::charactersToUInt64):
        (WTF::charactersToIntPtr):
        (WTF::toDoubleType):
        (WTF::charactersToDouble):
        (WTF::charactersToFloat):
        * wtf/text/WTFString.h:
        (WTF::find):
        (WTF::reverseFind):

2011-11-14  Vincent Scheib  <scheib@chromium.org>

        Mouse Lock: Renaming to 'Pointer Lock': ENABLE Flags
        https://bugs.webkit.org/show_bug.cgi?id=72286

        Reviewed by Adam Barth.

        * wtf/Platform.h:

2011-11-14  Gavin Barraclough  <barraclough@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=72280

        Rubber stamped by Geoff Garen.

        Fix 32-bit Lion.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * wtf/OSAllocatorPosix.cpp:
        (WTF::OSAllocator::reserveAndCommit):

2011-11-14  Geoffrey Garen  <ggaren@apple.com>

        32-bit Build fix: declare virtual register indices to be int rather than
        unsigned, since they can be positive or negative.
        
        For better clarity, explicitly use ReturnPC instead of -1 as the "invalid"
        state, since we'll never load and operate on the ReturnPC as a JS value.

        * jit/JIT.cpp:
        (JSC::JIT::JIT):
        * jit/JIT.h:
        * jit/JITInlineMethods.h:
        (JSC::JIT::emitLoadTag):
        (JSC::JIT::emitLoadPayload):
        (JSC::JIT::emitLoad):
        (JSC::JIT::emitLoad2):
        (JSC::JIT::emitLoadDouble):
        (JSC::JIT::emitLoadInt32ToDouble):
        (JSC::JIT::emitStore):
        (JSC::JIT::emitStoreInt32):
        (JSC::JIT::emitStoreAndMapInt32):
        (JSC::JIT::emitStoreCell):
        (JSC::JIT::emitStoreBool):
        (JSC::JIT::emitStoreDouble):
        (JSC::JIT::map):
        (JSC::JIT::unmap):
        (JSC::JIT::isMapped):
        (JSC::JIT::getMappedPayload):
        (JSC::JIT::getMappedTag):
        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):

2011-11-14  Michael Saboff  <msaboff@apple.com>

        Remove unused m_data member from UStringSourceProvider
        https://bugs.webkit.org/show_bug.cgi?id=72289

        Removed unused m_data member from UStringSourceProvider.

        Reviewed by Oliver Hunt.

        * parser/SourceProvider.h:
        (JSC::UStringSourceProvider::UStringSourceProvider):

2011-11-14  Michael Saboff  <msaboff@apple.com>

        Towards 8 Bit Strings: Templatize YARR Parser
        https://bugs.webkit.org/show_bug.cgi?id=72288

        Changed Yarr::Parser to be a template based on character type.

        Reviewed by Oliver Hunt.

        * yarr/YarrParser.h:
        (JSC::Yarr::Parser::Parser):
        (JSC::Yarr::parse):

2011-11-14  Geoffrey Garen  <ggaren@apple.com>

        32-bit build fix: Removed unused declaration.

        * dfg/DFGJITCodeGenerator32_64.cpp:
        (JSC::DFG::JITCodeGenerator::emitCall):

2011-11-12  Geoffrey Garen  <ggaren@apple.com>

        Standardized the JS calling convention
        https://bugs.webkit.org/show_bug.cgi?id=72221
        
        Reviewed by Oliver Hunt.

        This patch standardizes the calling convention so that the caller always
        sets up the callee's CallFrame. Adjustments for call type, callee type,
        argument count, etc. now always take place after that initial setup.
        
        This is a step toward reversing the argument order, but also has these
        immediate benefits (measured on x64):
        
        (1) 1% benchmark speedup across the board.
        
        (2) 50% code size reduction in baseline JIT function calls.
        
        (3) 1.5x speedup for single-dispatch .apply forwarding.
        
        (4) 1.1x speedup for multi-dispatch .apply forwarding.

        This change affected the baseline JIT most, since the baseline JIT had
        lots of ad hoc calling conventions for different caller / callee types.

        * assembler/MacroAssemblerX86_64.h:
        (JSC::MacroAssemblerX86_64::branchPtr):
        (JSC::MacroAssemblerX86_64::branchAddPtr): Optimize compare to 0 into
        a test, like other assemblers do. (I added some compares to 0, and didn't
        want them to be slow.)

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dump): Merged op_load_varargs into op_call_varargs so
        op_call_varargs could share code generation with other forms of op_call.
        This is also a small optimization, since op_*varargs no longer have to
        pass arguments to each other through the register file.

        (JSC::CallLinkInfo::unlink):
        * bytecode/CodeBlock.h: Added a new call type: CallVarargs. This allows
        us to link functions called through .apply syntax. We need to distinguish
        CallVarargs from Call because CallVarargs changes its argument count
        on each inovcation, so we must always link to the argument count checking
        version of the callee.

        * bytecode/Opcode.h:
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitCallVarargs):
        * bytecompiler/BytecodeGenerator.h: Merged op_load_varargs into op_call_varargs.

        * bytecompiler/NodesCodegen.cpp:
        (JSC::ApplyFunctionCallDotNode::emitBytecode): Ditto. Also, simplified
        some of this bytecode generation to remove redundant copies.

        * dfg/DFGJITCodeGenerator32_64.cpp:
        (JSC::DFG::JITCodeGenerator::emitCall):
        * dfg/DFGJITCodeGenerator64.cpp:
        (JSC::DFG::JITCodeGenerator::emitCall): Added a new call type: CallVarargs.
        DFG doesn't support this type, but its code needs to change slightly
        to accomodate a 3-state variable.

        Stopped passing the argument count in regT1 because this is non-standard.
        (The argument count goes in the CallFrame. This trades speed on the slow
        path for speed and code size on the fast path, and simplicity on all paths.
        A good trade, in my opinion.)

        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::compileEntry):
        (JSC::DFG::JITCompiler::link):
        (JSC::DFG::JITCompiler::compile):
        (JSC::DFG::JITCompiler::compileFunction): Tweaked code to make CallFrame
        setup more obvious when single-stepping. Also, updated for argument count
        not being in regT1.

        * dfg/DFGJITCompiler.h:
        (JSC::DFG::JITCompiler::addJSCall):
        (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord): Added a new call
        type: CallVarargs.

        * dfg/DFGOperations.cpp: Do finish CallFrame setup in one place before
        doing anything else. Don't check for stack overflow because we have no callee
        registers, and our caller has already checked for its own registers.

        * dfg/DFGRepatch.cpp:
        (JSC::DFG::dfgLinkFor): We can link to our callee even if our argument
        count doesn't match -- we just need to link to the argument count checking
        version.

        * interpreter/CallFrameClosure.h:
        (JSC::CallFrameClosure::setArgument): BUG FIX: When supplying too many
        arguments from C++, we need to supply a full copy of the arguments prior
        to the subset copy that matches our callee's argument count. (That is what
        the standard calling convention would have produced in JS.) I would have
        split this into its own patch, but I couldn't find a way to get the JIT
        to fail a regression test in this area without my patch applied.

        * interpreter/Interpreter.cpp: Let the true code bomb begin!

        (JSC::eval): Fixed up this helper function to operate on eval()'s CallFrame,
        and not eval()'s caller frame. We no longer leave the CallFrame pointing
        to eval()'s caller during a call to eval(), since that is not standard.

        (JSC::loadVarargs): Factored out a shared helper function for use by JIT
        and interpreter because half the code means one quarter the bugs -- in my
        programming, at least.

        (JSC::Interpreter::execute): Removed a now-unused way to invoke eval.
        
        (JSC::Interpreter::privateExecute): Removed an invalid ASSERT following
        putDirect, because it got in the way of my testing. (When putting a
        function, the cached base of a PutPropertySlot can be 0 to signify "do
        not optimize".)
        
        op_call_eval: Updated for new, standard eval calling convention.
        
        op_load_varargs: Merged op_load_varargs into op_call_varargs.

        op_call_varags: Updated for new, standard eval calling convention. Don't
        check for stack overflow because the loadVarargs helper function already
        checked.

        * interpreter/Interpreter.h:
        (JSC::Interpreter::execute): Headers are fun and educational!

        * interpreter/RegisterFile.cpp:
        (JSC::RegisterFile::growSlowCase):
        * interpreter/RegisterFile.h:
        (JSC::RegisterFile::grow): Factored out the slow case into a slow
        case because it was cramping the style of my fast case.

        * jit/JIT.cpp:
        (JSC::JIT::privateCompile): Moved initialization of
        RegisterFile::CodeBlock to make it more obvious when debugging. Removed
        assumption that argument count is in regT1, as above. Removed call to
        restoreArgumentReference() because the JITStubCall abstraction does this for us.

        (JSC::JIT::linkFor): Link even if we miss on argument count, as above.

        * jit/JIT.h:
        * jit/JITCall32_64.cpp:
        (JSC::JIT::emitSlow_op_call):
        (JSC::JIT::emitSlow_op_call_eval):
        (JSC::JIT::emitSlow_op_call_varargs):
        (JSC::JIT::emitSlow_op_construct):
        (JSC::JIT::emit_op_call_eval):
        (JSC::JIT::emit_op_call_varargs): Share all function call code generation.
        Don't count call_eval when accounting for linkable function calls because
        eval doesn't link. (Its fast path is to perform the eval.)

        (JSC::JIT::compileLoadVarargs): Ported this inline copying optimization
        to our new calling convention. The key to this optimization is the
        observation that, in a function that declares no arguments, if any
        arguments are passed, they all end up right behind 'this'.

        (JSC::JIT::compileCallEval):
        (JSC::JIT::compileCallEvalSlowCase): Factored out eval for a little clarity.

        (JSC::JIT::compileOpCall):
        (JSC::JIT::compileOpCallSlowCase): If you are still with me, dear reader,
        this is the whole point of my patch. The caller now unconditionally moves
        the CallFrame forward and fills in the data it knows before taking any
        branches to deal with weird caller/callee pairs.
        
        This also means that there is almost no slow path for calls -- it all
        gets folded into the shared virtual call stub. The only things remaining
        in the slow path are the rare case counter and a call to the stub.

        * jit/JITOpcodes32_64.cpp:
        (JSC::JIT::privateCompileCTIMachineTrampolines):
        (JSC::JIT::privateCompileCTINativeCall): Updated for values being in
        different registers or in memory, based on our new standard calling
        convention.
        
        Added a shared path for calling out to CTI helper functions for non-JS
        calls.

        * jit/JITPropertyAccess32_64.cpp:
        (JSC::JIT::emit_op_method_check): method_check emits its own code and
        the following get_by_id's code, so it needs to add both when informing
        result chaining of its result. This is important because the standard
        calling convention can now take advantage of this chaining.

        * jit/JITCall.cpp:
        (JSC::JIT::compileLoadVarargs):
        (JSC::JIT::compileCallEval):
        (JSC::JIT::compileCallEvalSlowCase):
        (JSC::JIT::compileOpCall):
        (JSC::JIT::compileOpCallSlowCase):
        * jit/JITOpcodes.cpp:
        (JSC::JIT::privateCompileCTIMachineTrampolines):
        (JSC::JIT::emit_op_call_eval):
        (JSC::JIT::emit_op_call_varargs):
        (JSC::JIT::emitSlow_op_call):
        (JSC::JIT::emitSlow_op_call_eval):
        (JSC::JIT::emitSlow_op_call_varargs):
        (JSC::JIT::emitSlow_op_construct): Observe, as I write all of my code a
        second time, now with 64 bits.

        * jit/JITStubs.cpp:
        (JSC::throwExceptionFromOpCall):
        (JSC::jitCompileFor):
        (JSC::arityCheckFor):
        (JSC::lazyLinkFor): A lot of mechanical changes here for one purpose:
        Exceptions thrown in the middle of a function call now use a shared helper
        function (throwExceptionFromOpCall). This function understands that the
        CallFrame currently points to the callEE, and the exception must be
        thrown by the callER. (The old calling convention would often still have
        the CallFrame pointing at the callER at the point of an exception. That
        is not the way of our new, standard calling convention.)

        (JSC::op_call_eval): Finish standard CallFrame setup before calling 
        our eval helper function, which now depends on that setup.

        * runtime/Arguments.h:
        (JSC::Arguments::length): Renamed numProvidedArguments() to length()
        because that's what other objects call it, and the difference made our
        new loadVarargs helper function hard to read.

        * runtime/Executable.cpp:
        (JSC::FunctionExecutable::compileForCallInternal):
        (JSC::FunctionExecutable::compileForConstructInternal): Interpreter build
        fixes.

        * runtime/FunctionPrototype.cpp:
        (JSC::functionProtoFuncApply): Honor Arguments::MaxArguments even when
        the .apply call_varargs optimization fails. (This bug appears on layout
        tests when you disable the optimization.)

2011-11-11  Jer Noble  <jer.noble@apple.com>

        Implement MediaController.
        https://bugs.webkit.org/show_bug.cgi?id=71408

        Reviewed by Eric Carlson.

        Change the definition of WTF_USE_COREAUDIO to exclude Windows completely, as 
        CoreAudioClock.h is not available there.

        * wtf/Platform.h:

2011-11-14  Patrick Gansterer  <paroga@webkit.org>

        [WIN] Remove dependency on pthread from FastMalloc
        https://bugs.webkit.org/show_bug.cgi?id=72098

        Reviewed by Adam Roben.

        All pthread calls are already ported to native Windows calls.
        Use the native version for all OS(WINDOWS) to remove the
        runtime dependency on the pthread dll.

        * wtf/FastMalloc.cpp:

2011-11-14  Simon Hausmann  <simon.hausmann@nokia.com>

        [Qt] Replace use of QApplication with QGuiApplication.

        Reviewed by Tor Arne Vestbø.

        * wtf/qt/compat/qguiapplication.h:
        (QGuiApplication::styleHints): Introduce styleHints wrapper hack.

2011-11-14  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix make distcheck build.

        * GNUmakefile.list.am: Add missing files.

2011-11-11  Yury Semikhatsky  <yurys@chromium.org>

        Web Inspector: function remote objetct should provide access to function position in the script
        https://bugs.webkit.org/show_bug.cgi?id=71808

        Exposed accessor for function source code.

        Reviewed by Pavel Feldman.

        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::sourceCode):
        * runtime/JSFunction.h:

2011-11-13  Yuqiang Xian  <yuqiang.xian@intel.com>

        Fix silent spilling/filling GPRs in DFG 32_64
        https://bugs.webkit.org/show_bug.cgi?id=72201

        Reviewed by Gavin Barraclough.

        Current silentSpillGPR/silentFillGPR may not work as expected for some
        cases in 32_64. If there's a JSValue which was retained by two GPRs,
        we may end up failing to spill/fill some GPRs or redundantly
        spilling/filling some GPRs. For example, if we tend to exclude "eax"
        from spilling while a JSValue is retained by both "eax" and "edx",
        then "edx" won't be spilled as well (wrong). And if another JSValue is
        retained by "ecx" and "ebx", both "ecx" and "ebx" will be spilled
        twice. The similar problem applies to silentFillGPR.
        The fix is to make silentSpillGPR/silentFillGPR more straightforward,
        i.e., spilling/filling based on the GPR instead of the virtual
        register. FPR spilling/filling is also modified accordingly to make it
        consistent with GPR spilling/filling.

        * dfg/DFGJITCodeGenerator.h:
        (JSC::DFG::JITCodeGenerator::silentSpillGPR):
        (JSC::DFG::JITCodeGenerator::silentSpillFPR):
        (JSC::DFG::JITCodeGenerator::silentFillGPR):
        (JSC::DFG::JITCodeGenerator::silentFillFPR):
        (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
        (JSC::DFG::JITCodeGenerator::silentFillAllRegisters):

2011-11-12  Laszlo Gombos  <laszlo.1.gombos@nokia.com>

        [Qt][Symbian] Remove support for WINSCW compiler
        https://bugs.webkit.org/show_bug.cgi?id=70178

        Reviewed by Chang Shu.

        * API/JSStringRef.h:
        * create_hash_table: Revert r45553.
        * runtime/JSGlobalData.cpp: Revert r45553.
        * runtime/LiteralParser.cpp: Remove WINSCW comment.
        (JSC::LiteralParser::Lexer::lexString):
        * runtime/Lookup.h: Revert r45553.
        * runtime/Structure.h: Revert r48461.
        * wtf/Alignment.h:
        * wtf/Assertions.h: Revert r52337.
        * wtf/Compiler.h:
        * wtf/ListRefPtr.h: Revert r48988.
        (WTF::ListRefPtr::~ListRefPtr):
        * wtf/OwnArrayPtr.h: Revert r45911.
        (WTF::OwnArrayPtr::operator UnspecifiedBoolType):
        * wtf/PassOwnArrayPtr.h:
        (WTF::PassOwnArrayPtr::operator UnspecifiedBoolType):
        * wtf/PassRefPtr.h:
        * wtf/StaticConstructors.h:
        * wtf/unicode/qt4/UnicodeQt4.h:

2011-11-12  Patrick Gansterer  <paroga@webkit.org>

        Unreviewed. Add ENABLE(DFG_JIT) around DFGCorrectableJumpPoint code.

        * dfg/DFGCorrectableJumpPoint.cpp:
        * dfg/DFGCorrectableJumpPoint.h:

2011-11-12  Patrick Gansterer  <paroga@webkit.org>

        [CMake] Move list of DFG source files into correct file
        https://bugs.webkit.org/show_bug.cgi?id=72212

        Reviewed by Daniel Bates.

        The DFG files are platform independent. So move them from
        the EFL specific file into the general CMakeLists.txt.

        * CMakeLists.txt:
        * PlatformEfl.cmake:

2011-11-12  Patrick Gansterer  <paroga@webkit.org>

        Fix "unused variable" warning in JSLock
        https://bugs.webkit.org/show_bug.cgi?id=72213

        Reviewed by Anders Carlsson.

        Use ASSERT_UNUSED() instead of ASSERT() to make sure
        that the variable is also used in the release build.

        * runtime/JSLock.cpp:
        (JSC::JSLock::lock):
        (JSC::JSLock::unlock):

2011-11-11  Gavin Barraclough  <barraclough@apple.com>

        Update iOS compiler version.

        Reviewed by David Kilzer.

        * Configurations/CompilerVersion.xcconfig:
            - Update compiler version.

2011-11-11  Gavin Barraclough  <barraclough@apple.com>

        Update iOS port's configuration setting, particularly in Platform.h
        https://bugs.webkit.org/show_bug.cgi?id=72187
        
        Reviewed by David Kilzer.

        * interpreter/Interpreter.h:
            - Lower the reentry depth.
        * runtime/DatePrototype.cpp:
            - iOS also uses CF.
        * wtf/FastMalloc.cpp:
        (WTF::TCMalloc_PageHeap::IncrementalScavenge):
            - Update fastmalloc configuration for iOS.
        * wtf/OSAllocatorPosix.cpp:
        (WTF::OSAllocator::reserveAndCommit):
            - Added flag.
        * wtf/Platform.h:
            - Update platform configuration for iOS.

2011-11-11  David Kilzer  <ddkilzer@apple.com>

        Only define BUILDING_ON_* and TARGETING_* macros when building for Mac OS X
        <http://webkit.org/b/72175>

        Reviewed by Joseph Pecoraro.

        * wtf/Platform.h: Move the definition of the BUILDING_ON_* and
        TARGETING_* macros to where the WTF_OS_MAC_OS_X macro is defined
        so that they're only defined on Mac OS X builds.  Also include
        Availability.h, which is needed on iOS builds.

2011-11-11  Darin Adler  <darin@apple.com>

        Remove all releaseRef implementations except for RetainPtr
        https://bugs.webkit.org/show_bug.cgi?id=71423

        Reviewed by Julien Chaffraix.

        * API/JSRetainPtr.h: Removed releaseRef.
        * wtf/PassRefPtr.h: Removed releaseRef.

2011-11-11  Darin Adler  <darin@apple.com>

        * JavaScriptCore.xcodeproj/project.pbxproj: Let a newer Xcode update this file.
        If an older Xcode downgrades this file and we have a risk of some kind of
        oscillating commit situation, please contact me so I know not to do this again.

2011-11-11  Mark Hahnenberg  <mhahnenberg@apple.com>

        Add jsCast to replace static_cast
        https://bugs.webkit.org/show_bug.cgi?id=72071

        Reviewed by Geoffrey Garen.

        Added new jsCast and changed all of the static_cast sites in functions that 
        are in the MethodTable to use jsCast instead.

        * API/JSCallbackFunction.cpp:
        (JSC::JSCallbackFunction::toStringCallback):
        (JSC::JSCallbackFunction::valueOfCallback):
        * API/JSCallbackObject.h:
        (JSC::JSCallbackObject::visitChildren):
        * API/JSCallbackObjectFunctions.h:
        (JSC::::className):
        (JSC::::getOwnPropertySlot):
        (JSC::::getOwnPropertyDescriptor):
        (JSC::::put):
        (JSC::::deleteProperty):
        (JSC::::deletePropertyByIndex):
        (JSC::::getConstructData):
        (JSC::::hasInstance):
        (JSC::::getCallData):
        (JSC::::getOwnPropertyNames):
        * debugger/DebuggerActivation.cpp:
        (JSC::DebuggerActivation::visitChildren):
        (JSC::DebuggerActivation::className):
        (JSC::DebuggerActivation::getOwnPropertySlot):
        (JSC::DebuggerActivation::put):
        (JSC::DebuggerActivation::putWithAttributes):
        (JSC::DebuggerActivation::deleteProperty):
        (JSC::DebuggerActivation::getOwnPropertyNames):
        (JSC::DebuggerActivation::getOwnPropertyDescriptor):
        (JSC::DebuggerActivation::defineGetter):
        (JSC::DebuggerActivation::defineSetter):
        * runtime/Arguments.cpp:
        (JSC::Arguments::visitChildren):
        (JSC::Arguments::getOwnPropertySlotByIndex):
        (JSC::Arguments::getOwnPropertySlot):
        (JSC::Arguments::getOwnPropertyDescriptor):
        (JSC::Arguments::getOwnPropertyNames):
        (JSC::Arguments::putByIndex):
        (JSC::Arguments::put):
        (JSC::Arguments::deletePropertyByIndex):
        (JSC::Arguments::deleteProperty):
        * runtime/ArrayConstructor.cpp:
        (JSC::ArrayConstructor::getOwnPropertySlot):
        (JSC::ArrayConstructor::getOwnPropertyDescriptor):
        * runtime/ArrayPrototype.cpp:
        (JSC::ArrayPrototype::getOwnPropertySlot):
        (JSC::ArrayPrototype::getOwnPropertyDescriptor):
        * runtime/BooleanPrototype.cpp:
        (JSC::BooleanPrototype::getOwnPropertySlot):
        (JSC::BooleanPrototype::getOwnPropertyDescriptor):
        * runtime/DateConstructor.cpp:
        (JSC::DateConstructor::getOwnPropertySlot):
        (JSC::DateConstructor::getOwnPropertyDescriptor):
        * runtime/DatePrototype.cpp:
        (JSC::DatePrototype::getOwnPropertySlot):
        (JSC::DatePrototype::getOwnPropertyDescriptor):
        * runtime/ErrorPrototype.cpp:
        (JSC::ErrorPrototype::getOwnPropertySlot):
        (JSC::ErrorPrototype::getOwnPropertyDescriptor):
        * runtime/Executable.cpp:
        (JSC::ExecutableBase::clearCode):
        (JSC::EvalExecutable::visitChildren):
        (JSC::ProgramExecutable::visitChildren):
        (JSC::FunctionExecutable::visitChildren):
        * runtime/GetterSetter.cpp:
        (JSC::GetterSetter::visitChildren):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::visitChildren):
        (JSC::JSActivation::getOwnPropertyNames):
        (JSC::JSActivation::getOwnPropertySlot):
        (JSC::JSActivation::put):
        (JSC::JSActivation::putWithAttributes):
        * runtime/JSArray.cpp:
        (JSC::JSArray::getOwnPropertySlotByIndex):
        (JSC::JSArray::getOwnPropertySlot):
        (JSC::JSArray::getOwnPropertyDescriptor):
        (JSC::JSArray::put):
        (JSC::JSArray::putByIndex):
        (JSC::JSArray::deleteProperty):
        (JSC::JSArray::deletePropertyByIndex):
        (JSC::JSArray::getOwnPropertyNames):
        (JSC::JSArray::visitChildren):
        * runtime/JSBoundFunction.cpp:
        (JSC::JSBoundFunction::hasInstance):
        (JSC::JSBoundFunction::visitChildren):
        * runtime/JSByteArray.cpp:
        (JSC::JSByteArray::getOwnPropertySlot):
        (JSC::JSByteArray::getOwnPropertyDescriptor):
        (JSC::JSByteArray::getOwnPropertySlotByIndex):
        (JSC::JSByteArray::put):
        (JSC::JSByteArray::putByIndex):
        (JSC::JSByteArray::getOwnPropertyNames):
        * runtime/JSCell.h:
        (JSC::JSCell::visitChildren):
        (JSC::jsCast):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::visitChildren):
        (JSC::JSFunction::getCallData):
        (JSC::JSFunction::getOwnPropertySlot):
        (JSC::JSFunction::getOwnPropertyDescriptor):
        (JSC::JSFunction::getOwnPropertyNames):
        (JSC::JSFunction::put):
        (JSC::JSFunction::deleteProperty):
        (JSC::JSFunction::getConstructData):
        * runtime/JSGlobalData.cpp:
        (JSC::StackPreservingRecompiler::operator()):
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::put):
        (JSC::JSGlobalObject::putWithAttributes):
        (JSC::JSGlobalObject::defineGetter):
        (JSC::JSGlobalObject::defineSetter):
        (JSC::JSGlobalObject::visitChildren):
        (JSC::JSGlobalObject::getOwnPropertySlot):
        (JSC::JSGlobalObject::getOwnPropertyDescriptor):
        (JSC::JSGlobalObject::clearRareData):
        * runtime/JSGlobalThis.cpp:
        (JSC::JSGlobalThis::visitChildren):
        * runtime/JSONObject.cpp:
        (JSC::JSONObject::getOwnPropertySlot):
        (JSC::JSONObject::getOwnPropertyDescriptor):
        * runtime/JSObject.cpp:
        (JSC::JSObject::finalize):
        (JSC::JSObject::visitChildren):
        (JSC::JSObject::getOwnPropertySlotByIndex):
        (JSC::JSObject::put):
        (JSC::JSObject::putByIndex):
        (JSC::JSObject::deleteProperty):
        (JSC::JSObject::deletePropertyByIndex):
        * runtime/JSObject.h:
        (JSC::JSObject::getOwnPropertySlot):
        * runtime/JSPropertyNameIterator.cpp:
        (JSC::JSPropertyNameIterator::visitChildren):
        * runtime/JSStaticScopeObject.cpp:
        (JSC::JSStaticScopeObject::visitChildren):
        (JSC::JSStaticScopeObject::put):
        (JSC::JSStaticScopeObject::putWithAttributes):
        (JSC::JSStaticScopeObject::getOwnPropertySlot):
        * runtime/JSString.cpp:
        (JSC::JSString::visitChildren):
        (JSC::JSString::toThisObject):
        (JSC::JSString::getOwnPropertySlot):
        (JSC::JSString::getOwnPropertySlotByIndex):
        * runtime/JSVariableObject.cpp:
        (JSC::JSVariableObject::deleteProperty):
        (JSC::JSVariableObject::getOwnPropertyNames):
        * runtime/JSWrapperObject.cpp:
        (JSC::JSWrapperObject::visitChildren):
        * runtime/MathObject.cpp:
        (JSC::MathObject::getOwnPropertySlot):
        (JSC::MathObject::getOwnPropertyDescriptor):
        * runtime/NativeErrorConstructor.cpp:
        (JSC::NativeErrorConstructor::visitChildren):
        * runtime/NumberConstructor.cpp:
        (JSC::NumberConstructor::getOwnPropertySlot):
        (JSC::NumberConstructor::getOwnPropertyDescriptor):
        * runtime/NumberPrototype.cpp:
        (JSC::NumberPrototype::getOwnPropertySlot):
        (JSC::NumberPrototype::getOwnPropertyDescriptor):
        * runtime/ObjectConstructor.cpp:
        (JSC::ObjectConstructor::getOwnPropertySlot):
        (JSC::ObjectConstructor::getOwnPropertyDescriptor):
        * runtime/ObjectPrototype.cpp:
        (JSC::ObjectPrototype::put):
        (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
        (JSC::ObjectPrototype::getOwnPropertySlot):
        (JSC::ObjectPrototype::getOwnPropertyDescriptor):
        * runtime/RegExpConstructor.cpp:
        (JSC::RegExpConstructor::getOwnPropertySlot):
        (JSC::RegExpConstructor::getOwnPropertyDescriptor):
        (JSC::RegExpConstructor::put):
        * runtime/RegExpMatchesArray.h:
        (JSC::RegExpMatchesArray::getOwnPropertySlot):
        (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
        (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
        (JSC::RegExpMatchesArray::put):
        (JSC::RegExpMatchesArray::putByIndex):
        (JSC::RegExpMatchesArray::deleteProperty):
        (JSC::RegExpMatchesArray::deletePropertyByIndex):
        (JSC::RegExpMatchesArray::getOwnPropertyNames):
        * runtime/RegExpObject.cpp:
        (JSC::RegExpObject::visitChildren):
        (JSC::RegExpObject::getOwnPropertySlot):
        (JSC::RegExpObject::getOwnPropertyDescriptor):
        (JSC::RegExpObject::put):
        * runtime/RegExpPrototype.cpp:
        (JSC::RegExpPrototype::getOwnPropertySlot):
        (JSC::RegExpPrototype::getOwnPropertyDescriptor):
        * runtime/ScopeChain.cpp:
        (JSC::ScopeChainNode::visitChildren):
        * runtime/StringConstructor.cpp:
        (JSC::StringConstructor::getOwnPropertySlot):
        (JSC::StringConstructor::getOwnPropertyDescriptor):
        * runtime/StringObject.cpp:
        (JSC::StringObject::getOwnPropertySlot):
        (JSC::StringObject::getOwnPropertySlotByIndex):
        (JSC::StringObject::getOwnPropertyDescriptor):
        (JSC::StringObject::deleteProperty):
        (JSC::StringObject::getOwnPropertyNames):
        * runtime/StringPrototype.cpp:
        (JSC::StringPrototype::getOwnPropertySlot):
        (JSC::StringPrototype::getOwnPropertyDescriptor):
        * runtime/Structure.cpp:
        (JSC::Structure::visitChildren):
        * runtime/StructureChain.cpp:
        (JSC::StructureChain::visitChildren):

2011-11-11  Gavin Barraclough  <barraclough@apple.com>

        Enable DFG JIT for ARMv7/iOS.

        Rubber stamped by Oliver Hunt.

        * wtf/Platform.h:
            - enable DFG JIT for ARMv7/iOS.

2011-11-11  Mark Hahnenberg  <mhahnenberg@apple.com>

        De-virtualize supportsProfiling, supportsRichSourceInfo, shouldInterruptScript in JSGlobalObject
        https://bugs.webkit.org/show_bug.cgi?id=72035

        Reviewed by Geoffrey Garen.

        De-virtualized the methods through the use of a new method table just for JSGlobalObject and subclasses.

        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * bytecompiler/BytecodeGenerator.cpp: Changed call sites to use the new GlobalObjectMethodTable.
        (JSC::BytecodeGenerator::BytecodeGenerator):
        * interpreter/Interpreter.cpp: Ditto.
        (JSC::Interpreter::execute):
        * runtime/JSGlobalObject.cpp: Added a static const GlobalObjectMethodTable with the correct function pointers.
        * runtime/JSGlobalObject.h: Added a field in JSGlobalObject to keep track of the current method table.
        (JSC::JSGlobalObject::JSGlobalObject):
        (JSC::JSGlobalObject::globalObjectMethodTable): The new struct to contain the function pointers.
        (JSC::JSGlobalObject::supportsProfiling): Made static to put in the method table.
        (JSC::JSGlobalObject::supportsRichSourceInfo): Ditto.
        (JSC::JSGlobalObject::shouldInterruptScript): Ditto.
        * runtime/TimeoutChecker.cpp: Changed call sites to use the new GlobalObjectMethodTable for lookup.
        (JSC::TimeoutChecker::didTimeOut):

2011-11-11  Mark Hahnenberg  <mhahnenberg@apple.com>

        De-virtualize JSGlobalObject::allowsAccessFrom
        https://bugs.webkit.org/show_bug.cgi?id=71969

        Reviewed by Darin Adler.

        * runtime/JSGlobalObject.h: Removed allowsAccessFrom from JSGlobalObject since it is exclusive to 
        JSDOMWindowBase and WebScriptObject.

2011-11-11  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r99950.
        http://trac.webkit.org/changeset/99950
        https://bugs.webkit.org/show_bug.cgi?id=72117

        "Landed wrong patch by mistake" (Requested by yurys on
        #webkit).

        * JavaScriptCore.exp:
        * runtime/JSFunction.cpp:
        * runtime/JSFunction.h:

2011-11-11  Patrick Gansterer  <paroga@webkit.org>

        Unreviewed. Build fix for !ENABLE(JIT) after r99898.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::CodeBlock):

2011-11-10  Dan Bernstein  <mitz@apple.com>

        Disabling assertions breaks the debug build
        https://bugs.webkit.org/show_bug.cgi?id=72091

        Reviewed by Geoff Garen.

        * dfg/DFGNode.h: Made hasIdentifier() available when assertions are
        disabled. It is used in Graph::dump().
        * runtime/JSObject.cpp:
        (JSC::JSObject::visitChildren): Update m_isCheckingForDefaultMarkViolation
        only if assertions are enabled.
        * wtf/Deque.h:
        (WTF::::checkIndexValidity): Changed ASSERT to ASSERT_UNUSED.
        * wtf/ThreadRestrictionVerifier.h:
        (WTF::ThreadRestrictionVerifier::setShared): Guarded the definition of
        a local variable that is only used in an assertion.

2011-11-10  Filip Pizlo  <fpizlo@apple.com>

        JSString forgets to clear m_fibers when resolving ropes
        https://bugs.webkit.org/show_bug.cgi?id=72089

        Reviewed by Geoff Garen.

        * runtime/JSString.cpp:
        (JSC::JSString::resolveRopeSlowCase):

2011-11-09  Filip Pizlo  <fpizlo@apple.com>

        DFG byte array support sometimes clamps values incorrectly
        https://bugs.webkit.org/show_bug.cgi?id=71975

        Reviewed by Oliver Hunt.

        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):

2011-11-10  Filip Pizlo  <fpizlo@apple.com>

        ValueProfile/PredictedType contains dead code, and doesn't recognize functions
        https://bugs.webkit.org/show_bug.cgi?id=72065

        Reviewed by Gavin Barraclough and Geoff Garen.
        
        Added PredictFunction support, and did some cleaning up along the way.
        ValueProfile no longer has statistics machinery, because we never used
        it. Rearranged some bits in PredictedType to more easily make room for
        one more object type. Changed some debug code to use more consistent
        conventions (ByteArray becomes Bytearray so that if we ever have a
        "Byte" prediction we don't get confused between a prediction that is
        the union of Byte and Array and a prediction that indicates precisely
        a ByteArray).

        * bytecode/PredictedType.cpp:
        (JSC::predictionToString):
        (JSC::predictionFromClassInfo):
        * bytecode/PredictedType.h:
        (JSC::isFunctionPrediction):
        * bytecode/ValueProfile.cpp:
        * bytecode/ValueProfile.h:
        (JSC::ValueProfile::dump):
        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::execute):
        * dfg/DFGPropagator.cpp:
        (JSC::DFG::Propagator::propagateNodePredictions):

2011-11-10  David Kilzer  <ddkilzer@apple.com>

        <http://webkit.org/b/72049> Specify testapi.js install path using JAVASCRIPTCORE_FRAMEWORKS_DIR

        Reviewed by Joseph Pecoraro.

        * JavaScriptCore.xcodeproj/project.pbxproj: The testapi.js
        script should use JAVASCRIPTCORE_FRAMEWORKS_DIR in its dstPath
        for installation.  Also removed "Versions/A/" from the path
        since this is unneeded due the default symlinks present in the
        framework.

2011-11-10  Gavin Barraclough  <barraclough@apple.com>

        Add ARMv7 support to the DFG JIT
        https://bugs.webkit.org/show_bug.cgi?id=72061

        Reviewed by Geoff Garen.

        * dfg/DFGAssemblyHelpers.h:
        (JSC::DFG::AssemblyHelpers::preserveReturnAddressAfterCall):
        (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
        (JSC::DFG::AssemblyHelpers::emitPutImmediateToCallFrameHeader):
        (JSC::DFG::AssemblyHelpers::boxDouble):
        (JSC::DFG::AssemblyHelpers::unboxDouble):
            - Add CPU(ARM) copies of these functions.
        * dfg/DFGJITCodeGenerator.h:
        (JSC::DFG::JITCodeGenerator::spill):
            - Fix matching of '}' re #if blocks, makes some tools happy.
        (JSC::DFG::JITCodeGenerator::setupArguments):
        (JSC::DFG::JITCodeGenerator::setupArgumentsWithExecState):
        (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheckSetResult):
        (JSC::DFG::JITCodeGenerator::appendCallSetResult):
            - Add CPU(ARM) / 4 argument register copies of these functions.
        * dfg/DFGJITCodeGenerator32_64.cpp:
        (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
            - Should use callOperation to plant a call to a DFG_OPERATION.
        (JSC::DFG::JITCodeGenerator::cachedGetById):
        (JSC::DFG::JITCodeGenerator::cachedPutById):
            - These methods need to plant a relinkable jump; we currently do so
              using beginUninterruptedSequence() / endUninterruptedSequence().
        * dfg/DFGJITCodeGenerator64.cpp:
        (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
            - Should use callOperation to plant a call to a DFG_OPERATION.
        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::linkOSRExits):
            - This method needs to plant a relinkable jump; we currently do so
              using beginUninterruptedSequence() / endUninterruptedSequence().
        (JSC::DFG::JITCompiler::compileBody):
            - Add abstraction to retrieve the pc after a call.
        * dfg/DFGOSRExitCompiler.cpp:
            - Fix a bug - CodeLocationLabel needs a data address rather than an
              executable one, but can just take a MacroAssemblerCodePtr instead!
        * dfg/DFGOperations.cpp:
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::compileClampDoubleToByte):
            - Add FIXME comment to come back to! - bug#72054.
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::speculationCheck):
            - Add missing method (ooops, required by bug#72047)
        * dfg/DFGSpeculativeJIT32_64.cpp:
            - Need to wrap fmod on ARMv7.


2011-11-10  Filip Pizlo  <fpizlo@apple.com>

        DFG should not reparse code that was just parsed
        https://bugs.webkit.org/show_bug.cgi?id=71977

        Reviewed by Geoff Garen.
        
        The instruction stream of a code block is now kept around until
        the next GC. When doing either an optimizing compilation of an
        executable, or inlining of an executable, we now try to find the
        already preexisting bytecode. If we find it, we don't have to parse.
        If we don't find it, we parse as before. Inlining takes the extra
        step of caching code blocks, so if the same executable gets inlined
        multiple times into the same caller, then we parse it at most once
        even if prior to inlining that executable did not have any code
        blocks with an instruction stream.
        
        Also fixed a silly bug where the strict mode for various operations
        was being determined by looking at the machine code block rather
        than the inlinee.

        To enable the delete-on-next-GC policy, I introduced the notion
        of an ultra weak finalizer, which anyone can register during
        tracing. This is thread-safe (for parallel GC) and
        stop-the-world-safe (so calls to free() are postponed until the
        world is resumed). This required reusing some facilities previously
        created for WeakReferenceHarvester, so I created a common utility
        class. I also retweaked the handling of WeakReferenceHarvesters,
        since they should be executed during stop-the-world since in the
        future we may want to allow them to call drain().
        
        2% win on SunSpider. 2% win on V8, when run in my harness. Neutral
        elsewhere.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::CodeBlock):
        (JSC::CodeBlock::visitAggregate):
        (JSC::CodeBlock::copyPostParseDataFrom):
        (JSC::CodeBlock::copyPostParseDataFromAlternative):
        (JSC::CodeBlock::finalizeUnconditionally):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::canProduceCopyWithBytecode):
        (JSC::CodeBlock::discardBytecodeLater):
        (JSC::CodeBlock::handleBytecodeDiscardingOpportunity):
        (JSC::GlobalCodeBlock::GlobalCodeBlock):
        (JSC::ProgramCodeBlock::ProgramCodeBlock):
        (JSC::EvalCodeBlock::EvalCodeBlock):
        (JSC::FunctionCodeBlock::FunctionCodeBlock):
        (JSC::BytecodeDestructionBlocker::BytecodeDestructionBlocker):
        (JSC::BytecodeDestructionBlocker::~BytecodeDestructionBlocker):
        * dfg/DFGAssemblyHelpers.h:
        (JSC::DFG::AssemblyHelpers::strictModeFor):
        * dfg/DFGByteCodeCache.h: Added.
        (JSC::DFG::CodeBlockKey::CodeBlockKey):
        (JSC::DFG::CodeBlockKey::operator==):
        (JSC::DFG::CodeBlockKey::hash):
        (JSC::DFG::CodeBlockKey::executable):
        (JSC::DFG::CodeBlockKey::kind):
        (JSC::DFG::CodeBlockKey::isHashTableDeletedValue):
        (JSC::DFG::CodeBlockKeyHash::hash):
        (JSC::DFG::CodeBlockKeyHash::equal):
        (JSC::DFG::ByteCodeCache::ByteCodeCache):
        (JSC::DFG::ByteCodeCache::~ByteCodeCache):
        (JSC::DFG::ByteCodeCache::get):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::handleInlining):
        * dfg/DFGJITCodeGenerator32_64.cpp:
        (JSC::DFG::JITCodeGenerator::cachedPutById):
        * dfg/DFGJITCodeGenerator64.cpp:
        (JSC::DFG::JITCodeGenerator::cachedPutById):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * heap/Heap.cpp:
        (JSC::Heap::finalizeUnconditionally):
        (JSC::Heap::markRoots):
        (JSC::Heap::collect):
        * heap/Heap.h:
        * heap/ListableHandler.h: Added.
        (JSC::ListableHandler::ListableHandler):
        (JSC::ListableHandler::~ListableHandler):
        (JSC::ListableHandler::List::List):
        (JSC::ListableHandler::List::addNotThreadSafe):
        (JSC::ListableHandler::List::addThreadSafe):
        (JSC::ListableHandler::List::hasNext):
        (JSC::ListableHandler::List::removeNext):
        * heap/MarkStack.cpp:
        (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
        (JSC::SlotVisitor::harvestWeakReferences):
        (JSC::SlotVisitor::finalizeUnconditionally):
        * heap/MarkStack.h:
        (JSC::MarkStack::addWeakReferenceHarvester):
        (JSC::MarkStack::addUnconditionalFinalizer):
        * heap/SlotVisitor.h:
        * heap/UnconditionalFinalizer.h: Added.
        (JSC::UnconditionalFinalizer::~UnconditionalFinalizer):
        * heap/WeakReferenceHarvester.h:
        (JSC::WeakReferenceHarvester::WeakReferenceHarvester):
        (JSC::WeakReferenceHarvester::~WeakReferenceHarvester):
        * runtime/Executable.cpp:
        (JSC::EvalExecutable::compileInternal):
        (JSC::ProgramExecutable::compileInternal):
        (JSC::FunctionExecutable::baselineCodeBlockFor):
        (JSC::FunctionExecutable::codeBlockWithBytecodeFor):
        (JSC::FunctionExecutable::produceCodeBlockFor):
        (JSC::FunctionExecutable::compileForCallInternal):
        (JSC::FunctionExecutable::compileForConstructInternal):
        * runtime/Executable.h:
        (JSC::FunctionExecutable::profiledCodeBlockFor):

2011-11-10  Gavin Barraclough  <barraclough@apple.com>

        Add ARMv7 register info for the DFG JIT
        https://bugs.webkit.org/show_bug.cgi?id=72050

        Reviewed by Geoff Garen.

        * dfg/DFGFPRInfo.h:
        (JSC::DFG::FPRInfo::toRegister):
        (JSC::DFG::FPRInfo::toIndex):
        (JSC::DFG::FPRInfo::debugName):
        * dfg/DFGGPRInfo.h:
        (JSC::DFG::GPRInfo::toRegister):
        (JSC::DFG::GPRInfo::toIndex):
        (JSC::DFG::GPRInfo::debugName):

2011-11-10  Gavin Barraclough  <barraclough@apple.com>

        #ifdef CPU(X86) specific div/mod code in DFGSpeculativeJIT32_64
        https://bugs.webkit.org/show_bug.cgi?id=72047

        Reviewed by Geoff Garen.

        We currently don't attempt to abstract divide through the macro assembler,
        due to these instructions commonly having specific requirements. This means
        there is architecture specific code in the JIT - #ifdef it, and provide a
        common implementation.

        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::fmodAsDFGOperation):
        (JSC::DFG::SpeculativeJIT::compile):

2011-11-10  Gavin Barraclough  <barraclough@apple.com>

        Add ENABLE_VALUE_PROFILER support for ARMv7
        https://bugs.webkit.org/show_bug.cgi?id=72043

        Reviewed by Geoff Garen.

        This requires us to make a bucketCounterRegister available; to do so we'll need to spill more registers on entry to JIT code.

        * jit/JITArithmetic32_64.cpp:
        (JSC::JIT::emitSlow_op_mod):
            - cleanup location of UNUSED_PARAM
        * jit/JITStubs.cpp:
        (JSC::ctiTrampoline):
        (JSC::ctiVMThrowTrampoline):
        (JSC::ctiOpThrowNotCaught):
        (JSC::JITThunks::JITThunks):
        * jit/JITStubs.h:
            - Update JITStackFrame structure & asm code to spill more registers.
        * jit/JSInterfaceJIT.h:
            - Assign a bucketCounterRegister.

2011-11-10  Gavin Barraclough  <barraclough@apple.com>

        Fix sampling counters on ARMv7, move add64 functionality to macro assembler
        https://bugs.webkit.org/show_bug.cgi?id=72040

        Reviewed by Geoff Garen.

        The ability to add an integer to a uint64_t in memory is poorly copied in
        multiple places & ifdef'ed on architecture, addWithCarry32 is also a badly
        designed interface since add32 is not required to set flags (we have no
        concept of flags in the macro assembler interface).

        * assembler/MacroAssemblerARMv7.h:
        (JSC::MacroAssemblerARMv7::add64):
        * assembler/MacroAssemblerX86.h:
        (JSC::MacroAssemblerX86::add64):
        * assembler/MacroAssemblerX86_64.h:
        (JSC::MacroAssemblerX86_64::add64):
        * dfg/DFGAssemblyHelpers.cpp:
        * dfg/DFGAssemblyHelpers.h:
        (JSC::DFG::AssemblyHelpers::emitCount):
        * dfg/DFGJITCodeGenerator.cpp:
        (JSC::DFG::JITCodeGenerator::writeBarrier):
        * jit/JIT.h:
        * jit/JITInlineMethods.h:
        (JSC::JIT::emitCount):

011-11-10  Ryuan Choi  <ryuan.choi@samsung.com>

        [CMAKE] Refactoring CMakeLists${PORT}.txt to Platform${PORT}.cmake
        https://bugs.webkit.org/show_bug.cgi?id=56705

        Reviewed by Adam Roben.

        * CMakeLists.txt:
        * PlatformEfl.cmake: Renamed from Source/JavaScriptCore/CMakeListsEfl.txt.
        * PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/CMakeListsWinCE.txt.
        * shell/CMakeLists.txt:
        * shell/PlatformEfl.cmake: Renamed from Source/JavaScriptCore/shell/CMakeListsEfl.txt.
        * shell/PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/shell/CMakeListsWinCE.txt.
        * wtf/CMakeLists.txt:
        * wtf/PlatformEfl.cmake: Renamed from Source/JavaScriptCore/wtf/CMakeListsEfl.txt.
        * wtf/PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/wtf/CMakeListsWinCE.txt.

2011-11-10  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix make distcheck build.

        * GNUmakefile.list.am: Add missing files.

2011-11-09  Michael Saboff  <msaboff@apple.com>

        Towards 8 Bit Strings: Templatize JSC::LiteralParser class by character type
        https://bugs.webkit.org/show_bug.cgi?id=71862

        Changed LiteralParser to be templatized of character type.

        Moved five enums out of class definition to work around a clang compiler defect.

        Added lexIdentifier templated method to break out character specific versions.
        Added static setParserTokenString templated method to handle setting approriately
        sized string pointer.

        To keep code in LiteralParser.cpp and keep LiteralParser.h small, the two
        flavors of LiteralParser are explicitly instantiated at the end of
        LiteralParser.cpp.

        Reviewed by Oliver Hunt.

        * API/JSValueRef.cpp:
        (JSValueMakeFromJSONString):
        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::callEval):
        (JSC::Interpreter::execute):
        * runtime/JSGlobalObjectFunctions.cpp:
        (JSC::globalFuncEval):
        * runtime/JSONObject.cpp:
        (JSC::JSONProtoFuncParse):
        * runtime/LiteralParser.cpp:
        (JSC::isJSONWhiteSpace):
        (JSC::::tryJSONPParse):
        (JSC::::makeIdentifier):
        (JSC::::Lexer::lex):
        (JSC::::Lexer::lexIdentifier):
        (JSC::::Lexer::next):
        (JSC::LChar):
        (JSC::UChar):
        (JSC::isSafeStringCharacter):
        (JSC::::Lexer::lexString):
        (JSC::::Lexer::lexNumber):
        (JSC::::parse):
        * runtime/LiteralParser.h:
        (JSC::LiteralParser::LiteralParser):
        (JSC::LiteralParser::getErrorMessage):
        (JSC::LiteralParser::tryLiteralParse):
        (JSC::LiteralParser::Lexer::Lexer):
        (JSC::LiteralParser::Lexer::currentToken):
        (JSC::LiteralParser::Lexer::getErrorMessage):
        * runtime/UString.h:
        (JSC::LChar):
        (JSC::UChar):
        * wtf/text/StringBuilder.cpp:
        (WTF::StringBuilder::append):
        * wtf/text/StringBuilder.h:
        (WTF::StringBuilder::append):

2011-11-09  Filip Pizlo  <fpizlo@apple.com>

        Multiple CodeBlock should be able to share the same instruction
        stream without copying
        https://bugs.webkit.org/show_bug.cgi?id=71978

        Reviewed by Oliver Hunt.
        
        This refactors CodeBlock::m_instructions to be a Vector boxed in a
        ref-counted object, but otherwise does not take advantage of this.
        
        This is performance neutral.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::printStructure):
        (JSC::CodeBlock::printStructures):
        (JSC::CodeBlock::dump):
        (JSC::CodeBlock::CodeBlock):
        (JSC::CodeBlock::visitAggregate):
        (JSC::CodeBlock::shrinkToFit):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::hasInstructions):
        (JSC::CodeBlock::numberOfInstructions):
        (JSC::CodeBlock::instructions):
        * jit/JIT.cpp:
        (JSC::JIT::JIT):

2011-11-09  Gavin Barraclough  <barraclough@apple.com>

        Renovate ARMv7 assembler/macro-assembler
        https://bugs.webkit.org/show_bug.cgi?id=71982

        Reviewed by Geoff Garen.

        ARMv7Assembler:
        * add support for strb (byte stores)
        * rename the VMOV_CtoS opcodes (there are currently backwards!)
        * add support for adc (add with carry)
        * add support for vsqrt, vabs
        * add support for vmov (between FPRs, and to/from GPR pairs).
        * remove '_F64' postfixes from instructions (these aren't helpful, functions can already be distinguished by their signatures).
        * rename vcvt_F64_S32  to vcvt_signedToFloatingPoint, the prior postfix was unhelpful in failing to distinguish the types (S32 indicates a single precision register, but the type could be float, int32, or uint32).
        * rename vcvtr_S32_F64 to vcvt_floatingPointToSigned, as for previous, also vcvtr was the incorrect name for the operation (the emitted instruction truncates).

        MacroAssemblerARMv7:
        * add 3-operand versions of and32, lshift32, or32, rshift32, urshift32, sub32, xor32, 
        * add store8, and store32 imm to base-index.
        * fix load32WithCompactAddressOffsetPatch to work for all gprs (the fix is a little kludgy but functional; to do better we'll have to also fix the repatching code).
        * Update supportsFloating* flags (all features now supported).
        * add moveDouble, storeDouble to absolute address, addDouble to absolute address
        * add 3-operand double operations.
        * implement sqrtDouble/absDouble
        * add branchTruncateDoubleToInt32, implement truncateDoubleToInt32
        * move should do nothing if src == dest
        * branchTest8-on-memory can be implemented in terms of branchTest32-on-register (branchTest8-on-register has been removed).
        * add 3-operand branchAdd32, branchSub32, also branchAdd32 absolute address.

2011-11-09  Gavin Barraclough  <barraclough@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=71873

        Reviewed by Geoff Garen.

        Incrementally re-landing these changes, trying to determine what went wrong.
        (The whole patch failed tests on the build bot but worked locally.

        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::handleIntrinsic):

2011-11-09  Filip Pizlo  <fpizlo@apple.com>

        DFG OSR exit code should be lazily generated
        https://bugs.webkit.org/show_bug.cgi?id=71744

        Reviewed by Gavin Barraclough.
        
        The OSR exit code is now generated the first time it is executed,
        rather than right after speculative compilation. Because most OSR
        exits are never taken, this should greatly reduce both code size
        and compilation time.
        
        This is a 1% win on SunSpider, and a 1% win on V8 when running in
        my harness. No change in V8 in V8's harness (due to the long runs,
        so compile time is not an issue) and no change in Kraken (again,
        long runs of small code so compile time has no measurable effect).

        * CMakeListsEfl.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * assembler/AbstractMacroAssembler.h:
        * assembler/MacroAssemblerX86.h:
        (JSC::MacroAssemblerX86::jump):
        * assembler/MacroAssemblerX86_64.h:
        (JSC::MacroAssemblerX86_64::jump):
        * assembler/X86Assembler.h:
        (JSC::X86Assembler::jmp_m):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::createDFGDataIfNecessary):
        (JSC::CodeBlock::appendDFGOSREntryData):
        (JSC::CodeBlock::numberOfDFGOSREntries):
        (JSC::CodeBlock::dfgOSREntryData):
        (JSC::CodeBlock::dfgOSREntryDataForBytecodeIndex):
        (JSC::CodeBlock::appendOSRExit):
        (JSC::CodeBlock::appendSpeculationRecovery):
        (JSC::CodeBlock::numberOfOSRExits):
        (JSC::CodeBlock::numberOfSpeculationRecoveries):
        (JSC::CodeBlock::osrExit):
        (JSC::CodeBlock::speculationRecovery):
        * dfg/DFGAssemblyHelpers.h:
        (JSC::DFG::AssemblyHelpers::debugCall):
        * dfg/DFGCorrectableJumpPoint.cpp: Added.
        (JSC::DFG::CorrectableJumpPoint::codeLocationForRepatch):
        * dfg/DFGCorrectableJumpPoint.h: Added.
        (JSC::DFG::CorrectableJumpPoint::CorrectableJumpPoint):
        (JSC::DFG::CorrectableJumpPoint::switchToLateJump):
        (JSC::DFG::CorrectableJumpPoint::correctInitialJump):
        (JSC::DFG::CorrectableJumpPoint::correctLateJump):
        (JSC::DFG::CorrectableJumpPoint::initialJump):
        (JSC::DFG::CorrectableJumpPoint::lateJump):
        (JSC::DFG::CorrectableJumpPoint::correctJump):
        (JSC::DFG::CorrectableJumpPoint::getJump):
        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::linkOSRExits):
        (JSC::DFG::JITCompiler::compileBody):
        (JSC::DFG::JITCompiler::link):
        * dfg/DFGJITCompiler.h:
        * dfg/DFGOSRExit.cpp: Added.
        (JSC::DFG::OSRExit::OSRExit):
        (JSC::DFG::OSRExit::dump):
        * dfg/DFGOSRExit.h:
        * dfg/DFGOSRExitCompiler.cpp: Added.
        * dfg/DFGOSRExitCompiler.h:
        * dfg/DFGOSRExitCompiler32_64.cpp:
        (JSC::DFG::OSRExitCompiler::compileExit):
        * dfg/DFGOSRExitCompiler64.cpp:
        (JSC::DFG::OSRExitCompiler::compileExit):
        * dfg/DFGOperations.cpp:
        * dfg/DFGSpeculativeJIT.cpp:
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::speculationCheck):
        * dfg/DFGThunks.cpp: Added.
        (JSC::DFG::osrExitGenerationThunkGenerator):
        * dfg/DFGThunks.h: Added.
        * jit/JITCode.h:
        (JSC::JITCode::dataAddressAtOffset):
        * runtime/JSGlobalData.h:

2011-11-09  Mark Hahnenberg  <mhahnenberg@apple.com>

        Fixing build breakage

        Unreviewed build fix

        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2011-11-09  Mark Hahnenberg  <mhahnenberg@apple.com>

        De-virtualize JSVariableObject::isDynamicScope
        https://bugs.webkit.org/show_bug.cgi?id=71933

        Reviewed by Geoffrey Garen.

        * runtime/JSActivation.cpp:
        * runtime/JSActivation.h: Inlined and de-virtualized isDynamicScope
        (JSC::JSActivation::isDynamicScope):
        * runtime/JSGlobalObject.cpp:
        * runtime/JSGlobalObject.h: Inlined and de-virtualized isDynamicScope
        (JSC::JSGlobalObject::isDynamicScope):
        * runtime/JSStaticScopeObject.cpp:
        * runtime/JSStaticScopeObject.h: Inlined and de-virtualized isDynamicScope
        (JSC::JSStaticScopeObject::createStructure): Changed createStructure to use new JSType
        (JSC::JSStaticScopeObject::isDynamicScope):
        * runtime/JSType.h: Added new type for JSStaticScopeObject
        * runtime/JSVariableObject.cpp: De-virtualized and added an implementation that checks the 
        object's type and calls the corresponding implementation.
        (JSC::JSVariableObject::isDynamicScope):
        * runtime/JSVariableObject.h:

2011-11-09  Mark Hahnenberg  <mhahnenberg@apple.com>

        De-virtualize JSGlobalObject::hasOwnPropertyForWrite
        https://bugs.webkit.org/show_bug.cgi?id=71934

        Reviewed by Geoffrey Garen.

        * runtime/JSGlobalObject.h: Removed the virtual-ness of hasOwnPropertyForWrite since nobody overrides it.

2011-11-09  Gavin Barraclough  <barraclough@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=71873

        Reviewed by Geoff Garen.

        Incrementally re-landing these changes, trying to determine what went wrong.
        (The whole patch failed tests on the build bot but worked locally.

        * assembler/MacroAssemblerARM.h:
        (JSC::MacroAssemblerARM::absDouble):
        * assembler/MacroAssemblerARMv7.h:
        * assembler/MacroAssemblerMIPS.h:
        (JSC::MacroAssemblerMIPS::absDouble):
        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::absDouble):
        * assembler/MacroAssemblerX86.h:
        (JSC::MacroAssemblerX86::absDouble):
        * assembler/MacroAssemblerX86Common.h:
        * assembler/MacroAssemblerX86_64.h:
        (JSC::MacroAssemblerX86_64::absDouble):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * jit/ThunkGenerators.cpp:
        (JSC::absThunkGenerator):

2011-11-09  Mark Hahnenberg  <mhahnenberg@apple.com>

        De-virtualize JSObject::getOwnPropertyDescriptor
        https://bugs.webkit.org/show_bug.cgi?id=71523

        Reviewed by Sam Weinig.

        Added getOwnPropertyDescriptor to the MethodTable, changed all of the 
        virtual versions of getOwnPropertyDescriptor to static ones, and 
        changed all of the call sites to the corresponding lookup in the MethodTable.

        * API/JSCallbackObject.h:
        * API/JSCallbackObjectFunctions.h:
        (JSC::::getOwnPropertyDescriptor):
        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * debugger/DebuggerActivation.cpp:
        (JSC::DebuggerActivation::getOwnPropertyDescriptor):
        * debugger/DebuggerActivation.h:
        * runtime/Arguments.cpp:
        (JSC::Arguments::getOwnPropertyDescriptor):
        * runtime/Arguments.h:
        * runtime/ArrayConstructor.cpp:
        (JSC::ArrayConstructor::getOwnPropertyDescriptor):
        * runtime/ArrayConstructor.h:
        * runtime/ArrayPrototype.cpp:
        (JSC::ArrayPrototype::getOwnPropertyDescriptor):
        * runtime/ArrayPrototype.h:
        * runtime/BooleanPrototype.cpp:
        (JSC::BooleanPrototype::getOwnPropertyDescriptor):
        * runtime/BooleanPrototype.h:
        * runtime/ClassInfo.h:
        * runtime/DateConstructor.cpp:
        (JSC::DateConstructor::getOwnPropertyDescriptor):
        * runtime/DateConstructor.h:
        * runtime/DatePrototype.cpp:
        (JSC::DatePrototype::getOwnPropertyDescriptor):
        * runtime/DatePrototype.h:
        * runtime/ErrorPrototype.cpp:
        (JSC::ErrorPrototype::getOwnPropertyDescriptor):
        * runtime/ErrorPrototype.h:
        * runtime/JSArray.cpp:
        (JSC::JSArray::getOwnPropertyDescriptor):
        * runtime/JSArray.h:
        * runtime/JSByteArray.cpp:
        (JSC::JSByteArray::getOwnPropertyDescriptor):
        * runtime/JSByteArray.h:
        * runtime/JSCell.cpp:
        (JSC::JSCell::getOwnPropertyDescriptor):
        * runtime/JSCell.h:
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::getOwnPropertyDescriptor):
        * runtime/JSFunction.h:
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::getOwnPropertyDescriptor):
        * runtime/JSGlobalObject.h:
        * runtime/JSNotAnObject.cpp:
        (JSC::JSNotAnObject::getOwnPropertyDescriptor):
        * runtime/JSNotAnObject.h:
        * runtime/JSONObject.cpp:
        (JSC::JSONObject::getOwnPropertyDescriptor):
        * runtime/JSONObject.h:
        * runtime/JSObject.cpp:
        (JSC::JSObject::vtableAnchor):
        (JSC::JSObject::propertyIsEnumerable):
        (JSC::JSObject::getOwnPropertyDescriptor):
        (JSC::JSObject::getPropertyDescriptor):
        (JSC::JSObject::defineOwnProperty):
        * runtime/JSObject.h:
        * runtime/JSString.cpp: Removed getOwnPropertyDescriptor, since this seems to be a relic from a 
        bygone era when getOwnPropertyDescriptor was rooted in JSCell rather than JSObject.  There were 
        no call sites for this version of getOwnPropertyDescriptor in the entire project.
        * runtime/JSString.h:
        * runtime/Lookup.h:
        (JSC::getStaticPropertyDescriptor):
        (JSC::getStaticFunctionDescriptor):
        (JSC::getStaticValueDescriptor):
        * runtime/MathObject.cpp:
        (JSC::MathObject::getOwnPropertyDescriptor):
        * runtime/MathObject.h:
        * runtime/NumberConstructor.cpp:
        (JSC::NumberConstructor::getOwnPropertyDescriptor):
        * runtime/NumberConstructor.h:
        * runtime/NumberPrototype.cpp:
        (JSC::NumberPrototype::getOwnPropertyDescriptor):
        * runtime/NumberPrototype.h:
        * runtime/ObjectConstructor.cpp:
        (JSC::ObjectConstructor::getOwnPropertyDescriptor):
        (JSC::objectConstructorGetOwnPropertyDescriptor):
        * runtime/ObjectConstructor.h:
        * runtime/ObjectPrototype.cpp:
        (JSC::ObjectPrototype::getOwnPropertyDescriptor):
        * runtime/ObjectPrototype.h:
        * runtime/RegExpConstructor.cpp:
        (JSC::RegExpConstructor::getOwnPropertyDescriptor):
        * runtime/RegExpConstructor.h:
        * runtime/RegExpMatchesArray.h:
        (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
        * runtime/RegExpObject.cpp:
        (JSC::RegExpObject::getOwnPropertyDescriptor):
        * runtime/RegExpObject.h:
        * runtime/RegExpPrototype.cpp:
        (JSC::RegExpPrototype::getOwnPropertyDescriptor):
        * runtime/RegExpPrototype.h:
        * runtime/StringConstructor.cpp:
        (JSC::StringConstructor::getOwnPropertyDescriptor):
        * runtime/StringConstructor.h:
        * runtime/StringObject.cpp:
        (JSC::StringObject::vtableAnchor): Added to prevent a weak vtable.
        (JSC::StringObject::getOwnPropertyDescriptor):
        * runtime/StringObject.h:
        * runtime/StringPrototype.cpp:
        (JSC::StringPrototype::getOwnPropertyDescriptor):
        * runtime/StringPrototype.h:

2011-11-09  Gavin Barraclough  <barraclough@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=71873

        Reviewed by Geoff Garen.

        Incrementally re-landing these changes, trying to determine what went wrong.
        (The whole patch failed tests on the build bot but worked locally.

        * assembler/MacroAssemblerARM.h:
        (JSC::MacroAssemblerARM::supportsFloatingPoint):
        (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
        (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
        (JSC::MacroAssemblerARM::supportsFloatingPointAbs):
        * assembler/MacroAssemblerARMv7.h:
        (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
        (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
        (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
        (JSC::MacroAssemblerARMv7::supportsFloatingPointAbs):
        * assembler/MacroAssemblerMIPS.h:
        (JSC::MacroAssemblerMIPS::supportsFloatingPoint):
        (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
        (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
        (JSC::MacroAssemblerMIPS::supportsFloatingPointAbs):
        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::supportsFloatingPoint):
        (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
        (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
        (JSC::MacroAssemblerSH4::supportsFloatingPointAbs):
        * assembler/MacroAssemblerX86.h:
        (JSC::MacroAssemblerX86::supportsFloatingPoint):
        (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
        (JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
        (JSC::MacroAssemblerX86::supportsFloatingPointAbs):
        * assembler/MacroAssemblerX86_64.h:
        (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
        (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
        (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
        (JSC::MacroAssemblerX86_64::supportsFloatingPointAbs):
        * jit/ThunkGenerators.cpp:
        (JSC::absThunkGenerator):

2011-11-08  Darin Adler  <darin@apple.com>

        Add code path in HashTable for emptyValueIsZero that does not require copying the empty value
        https://bugs.webkit.org/show_bug.cgi?id=71875

        Reviewed by Anders Carlsson.

        This is a step along the path of making OwnPtr work as HashMap value types.

        * wtf/Alignment.h: Moved the AlignedBufferChar and AlignedBuffer types from Vector.h here.
        Also fixed include style. To include other WTF headers inside WTF, we use "" includes.
        I did not change the code to fix style checker complaints.

        * wtf/HashTable.h: Added includes as needed and fixed include style.
        (WTF::doubleHash): Removed the uneeeded and inappropriate "static" in this function, which
        gave it internal linkage for no good reason.
        (WTF::HashTable::checkKey): Made this use AlignedBuffer for the deleted value check to avoid
        construction/destruction problems instead of doing the trick where we construct and destroy
        an empty value twice. It's cleaner and simpler and avoids copying the empty value.
        (WTF::HashTable::initializeBucket): Specialized initializeBucket to use memset when the
        empty value is zero rather than copying an empty value.

        * wtf/Vector.h: Moved the AlignedBufferChar and AlignedBuffer types into Alignment.h.

2011-11-09  Gabor Rapcsanyi  <rgabor@webkit.org>

        Buildfix for 32bit debug mode.

        Reviewed by Csaba Osztrogonác.

        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::dump):
        * dfg/DFGGraph.cpp:
        (JSC::DFG::Graph::dump):

2011-11-09  Andy Wingo  <wingo@igalia.com>

        Enable the DFG JIT on X86-64 Linux platforms
        https://bugs.webkit.org/show_bug.cgi?id=71373

        Reviewed by Csaba Osztrogonác.

        * wtf/Platform.h (ENABLE_DFG_JIT): Enable the DFG JIT on the
        x86-64 GNU/Linux platform.
        * CMakeListsEfl.txt: Add JSValue64 implementations to EFL build.

2011-11-09  Csaba Osztrogonác  <ossy@webkit.org>

        Enable the DFG JIT on x86-64 Linux platforms
        https://bugs.webkit.org/show_bug.cgi?id=71373

        Enable DFG JIT by default on X86 Linux and Mac platforms
        https://bugs.webkit.org/show_bug.cgi?id=71686

        Buildfix for stricter compilers: -Werror=unused-but-set-variable

        Reviewed by Zoltan Herczeg.

        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):

2011-11-09  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r99678.
        http://trac.webkit.org/changeset/99678
        https://bugs.webkit.org/show_bug.cgi?id=71882

        broke the build with -Werror=unused-but-set-variable
        (Requested by tronical_ on #webkit).

        * CMakeListsEfl.txt:
        * wtf/Platform.h:

2011-11-09  Andy Wingo  <wingo@igalia.com>

        Enable the DFG JIT on X86-64 Linux platforms
        https://bugs.webkit.org/show_bug.cgi?id=71373

        Reviewed by Filip Pizlo.

        * wtf/Platform.h (ENABLE_DFG_JIT): Enable the DFG JIT on the
        x86-64 GNU/Linux platform.
        * CMakeListsEfl.txt: Add JSValue64 implementations to EFL build.

2011-11-09  Mark Hahnenberg  <mhahnenberg@apple.com>

        De-virtualize JSObject::defineOwnProperty
        https://bugs.webkit.org/show_bug.cgi?id=71429

        Reviewed by Geoffrey Garen.

        Added defineOwnProperty to the MethodTable, changed all the virtual 
        implementations of defineOwnProperty to static ones, and replaced 
        all call sites with corresponding lookups in the MethodTable.

        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * runtime/Arguments.cpp:
        (JSC::Arguments::createStrictModeCallerIfNecessary):
        (JSC::Arguments::createStrictModeCalleeIfNecessary):
        * runtime/ClassInfo.h:
        * runtime/JSCell.cpp:
        (JSC::JSCell::defineOwnProperty):
        * runtime/JSCell.h:
        * runtime/JSObject.cpp:
        (JSC::JSObject::defineOwnProperty):
        * runtime/JSObject.h:
        * runtime/ObjectConstructor.cpp:
        (JSC::objectConstructorDefineProperty):
        (JSC::defineProperties):

2011-11-09  Simon Hausmann  <simon.hausmann@nokia.com>

        [Qt] Build system cleanup
        https://bugs.webkit.org/show_bug.cgi?id=71815

        Reviewed by Kenneth Rohde Christiansen.

        * wtf/wtf.pri: Moved the glib dependency to javascriptcore.prf.

2011-11-08  Simon Hausmann  <simon.hausmann@nokia.com>

        [Qt] Replace use of QApplication with QGuiApplication
        https://bugs.webkit.org/show_bug.cgi?id=71794

        Reviewed by Andreas Kling.

        Add compat headers for use when building with Qt 4: QGuiApplication
        is typedef'ed to QApplication.

        * wtf/qt/compat/QGuiApplication: Added.
        * wtf/qt/compat/qguiapplication.h: Added.

2011-11-08  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r99647.
        http://trac.webkit.org/changeset/99647
        https://bugs.webkit.org/show_bug.cgi?id=71876

        It broke jsc and layout tests on all bot (Requested by
        Ossy_night on #webkit).

        * assembler/MacroAssemblerARM.h:
        (JSC::MacroAssemblerARM::supportsFloatingPoint):
        (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
        (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
        (JSC::MacroAssemblerARM::supportsDoubleBitops):
        (JSC::MacroAssemblerARM::andnotDouble):
        * assembler/MacroAssemblerARMv7.h:
        (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
        (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
        (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
        (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
        * assembler/MacroAssemblerMIPS.h:
        (JSC::MacroAssemblerMIPS::andnotDouble):
        (JSC::MacroAssemblerMIPS::supportsFloatingPoint):
        (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
        (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
        (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::supportsFloatingPoint):
        (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
        (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
        (JSC::MacroAssemblerSH4::supportsDoubleBitops):
        (JSC::MacroAssemblerSH4::andnotDouble):
        * assembler/MacroAssemblerX86.h:
        (JSC::MacroAssemblerX86::MacroAssemblerX86):
        (JSC::MacroAssemblerX86::supportsFloatingPoint):
        (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
        (JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
        (JSC::MacroAssemblerX86::supportsDoubleBitops):
        * assembler/MacroAssemblerX86Common.h:
        (JSC::MacroAssemblerX86Common::andnotDouble):
        * assembler/MacroAssemblerX86_64.h:
        (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
        (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
        (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
        (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
        * assembler/X86Assembler.h:
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::handleIntrinsic):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * jit/ThunkGenerators.cpp:
        (JSC::absThunkGenerator):
        * runtime/JSGlobalData.cpp:

2011-11-08  Gavin Barraclough  <barraclough@apple.com>

        Better abstract 'abs' operation through the MacroAssembler.
        https://bugs.webkit.org/show_bug.cgi?id=71873

        Reviewed by Geoff Garen.

        Currently the x86 specific instruction sequence to perform a double abs
        is duplicated throughout the JITs / thunk generators.

        * assembler/MacroAssemblerARM.h:
        (JSC::MacroAssemblerARM::supportsFloatingPoint):
        (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
        (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
        (JSC::MacroAssemblerARM::supportsFloatingPointAbs):
        (JSC::MacroAssemblerARM::absDouble):
            - Renamed supportsFloatingPointAbs, make these methods static so that
              we can check the JIT's capabilites before we begin compilation.
        * assembler/MacroAssemblerARMv7.h:
        (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
        (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
        (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
        (JSC::MacroAssemblerARMv7::supportsFloatingPointAbs):
            - Renamed supportsFloatingPointAbs, make these methods static so that
              we can check the JIT's capabilites before we begin compilation.
        * assembler/MacroAssemblerMIPS.h:
        (JSC::MacroAssemblerMIPS::absDouble):
        (JSC::MacroAssemblerMIPS::supportsFloatingPoint):
        (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
        (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
        (JSC::MacroAssemblerMIPS::supportsFloatingPointAbs):
            - Renamed supportsFloatingPointAbs, make these methods static so that
              we can check the JIT's capabilites before we begin compilation.
        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::supportsFloatingPoint):
        (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
        (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
        (JSC::MacroAssemblerSH4::supportsFloatingPointAbs):
        (JSC::MacroAssemblerSH4::absDouble):
            - Renamed supportsFloatingPointAbs, make these methods static so that
              we can check the JIT's capabilites before we begin compilation.
        * assembler/MacroAssemblerX86.h:
        (JSC::MacroAssemblerX86::absDouble):
        (JSC::MacroAssemblerX86::supportsFloatingPoint):
        (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
        (JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
        (JSC::MacroAssemblerX86::supportsFloatingPointAbs):
            - Made supports* methods static so that we can check the JIT's
              capabilites before we begin compilation. Added absDouble.
        * assembler/MacroAssemblerX86Common.h:
            - Removed andnotDouble, added s_maskSignBit.
        * assembler/MacroAssemblerX86_64.h:
        (JSC::MacroAssemblerX86_64::absDouble):
        (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
        (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
        (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
        (JSC::MacroAssemblerX86_64::supportsFloatingPointAbs):
            - Made supports* methods static so that we can check the JIT's
              capabilites before we begin compilation. Added absDouble.
        * assembler/X86Assembler.h:
        (JSC::X86Assembler::andpd_rr):
        (JSC::X86Assembler::andpd_mr):
            - Added support for andpd instruction.
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::handleIntrinsic):
            - Added checks for supportsFloatingPointAbs, supportsFloatingPointSqrt.
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
            - Switched to use doubleAbs, we can now also reuse the operand register for the result.
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
            - Switched to use doubleAbs, we can now also reuse the operand register for the result.
        * jit/ThunkGenerators.cpp:
            - Switched to use doubleAbs.
        (JSC::absThunkGenerator):
        * runtime/JSGlobalData.cpp:
            - Declared MacroAssemblerX86Common::s_maskSignBit here.
              This is a little ugly, but it doesn't seem worth adding a whole extra .cpp
              to the compile for just one constant.

2011-11-08  Gavin Barraclough  <barraclough@apple.com>

        Move duplicates of SYMBOL_STRING* macros to the single location
        https://bugs.webkit.org/show_bug.cgi?id=71456

        Reviewed by Sam Weinig.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * dfg/DFGOperations.cpp:
        * jit/JITStubs.cpp:
        * wtf/InlineASM.h: Added.
            - Moved asm related macros.

2011-11-08  Gavin Barraclough  <barraclough@apple.com>

        Move code to handle 8bit regs from X86Assembler to MacroAssembler
        https://bugs.webkit.org/show_bug.cgi?id=71867

        Reviewed by Oliver Hunt.

        This code is fine, but is in the wrong place really. X86 assembler should
        basically just format up exactly the instruction you request - not expand
        out to a set of instructions (that is what the macro assembler layer is
        for!). For other 8-bit ops, on X86 we don't guard against clients accessing
        the XH registers.

        * assembler/MacroAssemblerX86Common.h:
        (JSC::MacroAssemblerX86Common::store8):
        * assembler/X86Assembler.h:
        (JSC::X86Assembler::movb_rm):
            - moved some code.

2011-11-08  Filip Pizlo  <fpizlo@apple.com>

        Unreviewed build fix for GTK.

        * GNUmakefile.list.am:

2011-11-08  Gavin Barraclough  <barraclough@apple.com>

        Build fix.

        * assembler/X86Assembler.h:

2011-11-08  Gavin Barraclough  <barraclough@apple.com>

        Errrk, failed to commit this in last change.

        * assembler/X86Assembler.h:

2011-11-08  Gavin Barraclough  <barraclough@apple.com>

        Remove an unused method.

        Rubber stamped by Geoff Garen.

        * assembler/AbstractMacroAssembler.h:
        * assembler/AssemblerBuffer.h:
            - removed rewindToLabel.

2011-11-08  Gavin Barraclough  <barraclough@apple.com>

        Fix OSR entry points to calculate offsets correctly WRT to branch compaction.
        https://bugs.webkit.org/show_bug.cgi?id=71864

        Reviewed by Filip Pizlo.

        * assembler/LinkBuffer.h:
        (JSC::LinkBuffer::offsetOf):
            - We use this to return the offsets into the code of the entry points.
        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::compileEntry):
        (JSC::DFG::JITCompiler::compileBody):
        (JSC::DFG::JITCompiler::compile):
        (JSC::DFG::JITCompiler::compileFunction):
            - Move the construction of the speculative JIT outside of
              compileBody, such that it is still available to link the
              OSR entry points at the point we are linking.
        * dfg/DFGJITCompiler.h:
        (JSC::DFG::JITCompiler::noticeOSREntry):
            - Pass the label of the block & linkbuffer into noticeOSREntry.
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        (JSC::DFG::SpeculativeJIT::linkOSREntries):
            - Moved call to noticeOSREntry until we we linking.
        * dfg/DFGSpeculativeJIT.h:
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompileSlowCases):
        (JSC::JIT::privateCompile):
            - Moved calculation of entries until we we linking.
        * jit/JIT.h:
            - Removed some members.

2011-11-08  Filip Pizlo  <fpizlo@apple.com>

        DFG OSR exit code should be generated by a separate compiler, not
        related to DFG::JITCompiler
        https://bugs.webkit.org/show_bug.cgi?id=71787

        Reviewed by Gavin Barraclough.
        
        Moves the exitSpeculativeWithOSR() method from JITCompiler to
        OSRExitCompiler::compileExit().

        * CMakeListsEfl.txt:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::linkOSRExits):
        * dfg/DFGJITCompiler32_64.cpp: Removed.
        * dfg/DFGOSRExitCompiler.h: Added.
        (JSC::DFG::OSRExitCompiler::OSRExitCompiler):
        * dfg/DFGOSRExitCompiler32_64.cpp: Added.
        (JSC::DFG::OSRExitCompiler::compileExit):
        * dfg/DFGOSRExitCompiler64.cpp: Added.
        (JSC::DFG::OSRExitCompiler::compileExit):
        * runtime/JSValue.h:

2011-11-08  Filip Pizlo  <fpizlo@apple.com>

        Basic DFG definitions should be moved out of DFGNode.h
        https://bugs.webkit.org/show_bug.cgi?id=71861

        Rubber-stamped by Gavin Barraclough.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * dfg/DFGCommon.h: Added.
        (JSC::DFG::NodeIndexTraits::defaultValue):
        * dfg/DFGNode.h:
        * dfg/DFGOSRExit.h:
        * dfg/DFGRegisterBank.h:

2011-11-08  Michael Saboff  <msaboff@apple.com>

        Towards 8 Bit Strings: Templatize JSC::Parser class by Lexer type
        https://bugs.webkit.org/show_bug.cgi?id=71761

        Templatized Parser based on Lexer<T>. Moved two enums,
        SourceElementsMode and FunctionRequirements out of Parser definition
        to work around a clang compiler defect.

        Cleaned up SourceCode data() to return StringImpl* and eliminated
        the recently added stringData() virtual method.

        To keep code in Parser.cpp and keep Parser.h small, the two flavors
        of Parser are explicitly instantiated at the end of Parser.cpp.

        Reviewed by Gavin Barraclough.

        * interpreter/Interpreter.cpp:
        (JSC::appendSourceToError):
        * parser/Lexer.cpp:
        (JSC::::setCode):
        (JSC::::sourceCode):
        * parser/Parser.cpp:
        (JSC::::Parser):
        (JSC::::~Parser):
        (JSC::::parseInner):
        (JSC::::didFinishParsing):
        (JSC::::allowAutomaticSemicolon):
        (JSC::::parseSourceElements):
        (JSC::::parseVarDeclaration):
        (JSC::::parseConstDeclaration):
        (JSC::::parseDoWhileStatement):
        (JSC::::parseWhileStatement):
        (JSC::::parseVarDeclarationList):
        (JSC::::parseConstDeclarationList):
        (JSC::::parseForStatement):
        (JSC::::parseBreakStatement):
        (JSC::::parseContinueStatement):
        (JSC::::parseReturnStatement):
        (JSC::::parseThrowStatement):
        (JSC::::parseWithStatement):
        (JSC::::parseSwitchStatement):
        (JSC::::parseSwitchClauses):
        (JSC::::parseSwitchDefaultClause):
        (JSC::::parseTryStatement):
        (JSC::::parseDebuggerStatement):
        (JSC::::parseBlockStatement):
        (JSC::::parseStatement):
        (JSC::::parseFormalParameters):
        (JSC::::parseFunctionBody):
        (JSC::::parseFunctionInfo):
        (JSC::::parseFunctionDeclaration):
        (JSC::::parseExpressionOrLabelStatement):
        (JSC::::parseExpressionStatement):
        (JSC::::parseIfStatement):
        (JSC::::parseExpression):
        (JSC::::parseAssignmentExpression):
        (JSC::::parseConditionalExpression):
        (JSC::::isBinaryOperator):
        (JSC::::parseBinaryExpression):
        (JSC::::parseProperty):
        (JSC::::parseObjectLiteral):
        (JSC::::parseStrictObjectLiteral):
        (JSC::::parseArrayLiteral):
        (JSC::::parsePrimaryExpression):
        (JSC::::parseArguments):
        (JSC::::parseMemberExpression):
        (JSC::::parseUnaryExpression):
        * parser/Parser.h:
        (JSC::::parse):
        (JSC::parse):
        * parser/SourceCode.h:
        (JSC::SourceCode::data):
        (JSC::SourceCode::subExpression):
        * parser/SourceProvider.h:
        (JSC::UStringSourceProvider::data):

2011-11-08  Gavin Barraclough  <barraclough@apple.com>

        Fix PropertyAccessRecords in DFG JIT to take account of branch compaction.
        https://bugs.webkit.org/show_bug.cgi?id=71855

        Reviewed by Filip Pizlo.

        The DFG JIT presently calculates a set of offsets early, before branches have been compacted.
        This won't work on ARMv7.

        * assembler/AbstractMacroAssembler.h:
        (JSC::AbstractMacroAssembler::differenceBetweenCodePtr):
        * assembler/LinkBuffer.h:
        (JSC::LinkBuffer::locationOf):
        * dfg/DFGJITCodeGenerator32_64.cpp:
        (JSC::DFG::JITCodeGenerator::cachedGetById):
        (JSC::DFG::JITCodeGenerator::cachedPutById):
        * dfg/DFGJITCodeGenerator64.cpp:
        (JSC::DFG::JITCodeGenerator::cachedGetById):
        (JSC::DFG::JITCodeGenerator::cachedPutById):
        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::link):
        * dfg/DFGJITCompiler.h:
        (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
        (JSC::DFG::JITCompiler::addPropertyAccess):

2011-11-08  Gavin Barraclough  <barraclough@apple.com>

        DFG JIT calculation of OSR entry points is not THUMB2 safe
        https://bugs.webkit.org/show_bug.cgi?id=71852

        Reviewed by Oliver Hunt.

        Executable addresses are tagged with a low bit set to distinguish
        between THUMB2 and traditional ARM.

        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
        * dfg/DFGJITCompiler32_64.cpp:
        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
        * dfg/DFGOSREntry.cpp:
        (JSC::DFG::prepareOSREntry):
        * jit/JITCode.h:
        (JSC::JITCode::executableAddressAtOffset):
        (JSC::JITCode::start):
        (JSC::JITCode::size):

2011-11-08  Michael Saboff  <msaboff@apple.com>

        JSC::Parser::Parser leaks Lexer member
        https://bugs.webkit.org/show_bug.cgi?id=71847

        Changed m_lexer member of Parser to be OwnPtr to fix a memory leak.

        Reviewed by Oliver Hunt.

        * parser/Parser.cpp:
        (JSC::Parser::Parser):
        (JSC::Parser::parseFunctionBody):
        * parser/Parser.h:

2011-11-08  Yuqiang Xian  <yuqiang.xian@intel.com>

        Enable DFG JIT by default on X86 Linux and Mac platforms
        https://bugs.webkit.org/show_bug.cgi?id=71686

        Reviewed by Filip Pizlo.

        We can get 9% on SunSpider, 89% on Kraken and 37% on V8, on Linux X86.

        * wtf/Platform.h:

2011-11-08  Yuqiang Xian  <yuqiang.xian@intel.com>

        DFG 32_64 - update make lists for efl, gtk, and Qt ports with DFG change r99519
        https://bugs.webkit.org/show_bug.cgi?id=71768

        Reviewed by Geoffrey Garen.

        Also includes a fix to make the newly introduced AssemblyHelpers
        friend of JSValue as we need the Tag definitions.

        * CMakeListsEfl.txt:
        * GNUmakefile.list.am:
        * Target.pri:
        * runtime/JSValue.h:

2011-11-07  Yuqiang Xian  <yuqiang.xian@intel.com>

        Fix gcc 4.4 compilation warnings in DFG 32_64
        https://bugs.webkit.org/show_bug.cgi?id=71762

        Reviewed by Filip Pizlo.

        * dfg/DFGJITCodeGenerator.h:
        (JSC::DFG::JITCodeGenerator::registersMatched):

2011-11-07  Filip Pizlo  <fpizlo@apple.com>

        DFG code base should allow for classes not related to DFG::JITCompiler
        to use DFG idioms
        https://bugs.webkit.org/show_bug.cgi?id=71746

        Reviewed by Gavin Barraclough.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * dfg/DFGAssemblyHelpers.cpp: Added.
        (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
        (JSC::DFG::AssemblyHelpers::emitCount):
        (JSC::DFG::AssemblyHelpers::setSamplingFlag):
        (JSC::DFG::AssemblyHelpers::clearSamplingFlag):
        (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
        (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
        (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
        (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
        (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
        * dfg/DFGAssemblyHelpers.h: Added.
        * dfg/DFGJITCompiler.cpp:
        * dfg/DFGJITCompiler.h:
        (JSC::DFG::JITCompiler::JITCompiler):
        (JSC::DFG::JITCompiler::graph):
        * dfg/DFGJITCompiler32_64.cpp:
        * dfg/DFGOSRExit.h: Added.
        (JSC::DFG::SpeculationRecovery::SpeculationRecovery):
        (JSC::DFG::SpeculationRecovery::type):
        (JSC::DFG::SpeculationRecovery::dest):
        (JSC::DFG::SpeculationRecovery::src):
        (JSC::DFG::OSRExit::numberOfRecoveries):
        (JSC::DFG::OSRExit::valueRecovery):
        (JSC::DFG::OSRExit::isArgument):
        (JSC::DFG::OSRExit::isVariable):
        (JSC::DFG::OSRExit::argumentForIndex):
        (JSC::DFG::OSRExit::variableForIndex):
        (JSC::DFG::OSRExit::operandForArgument):
        (JSC::DFG::OSRExit::operandForIndex):
        * dfg/DFGSpeculativeJIT.h:

2011-11-07  Filip Pizlo  <fpizlo@apple.com>

        Switch back to 1+1 value profiling buckets, since it didn't help on arewefastyet,
        but it appears to help on other benchmarks.

        Rubber stamped by Oliver Hunt.

        * bytecode/ValueProfile.h:

2011-11-07  Ariya Hidayat  <ariya@sencha.com>

        "use strict" can not contain escape sequences or line continuation
        https://bugs.webkit.org/show_bug.cgi?id=71532

        Reviewed by Darin Adler.

        Store the actual literal length (before the escapes and line
        continuation are encoded) while parsing the directive and use it
        for the directive comparison.

        * parser/Parser.cpp:
        (JSC::Parser::parseSourceElements):
        (JSC::Parser::parseStatement):
        * parser/Parser.h:

2011-11-06  Filip Pizlo  <fpizlo@apple.com>

        DFG operationCreateThis slow path may get the wrong callee in case of inlining
        https://bugs.webkit.org/show_bug.cgi?id=71647

        Reviewed by Oliver Hunt.
        
        No new tests because I only saw this manifest itself when I had other bugs
        leading to spurious slow path executions.

        * dfg/DFGJITCodeGenerator.h:
        (JSC::DFG::callOperation):
        * dfg/DFGOperations.cpp:
        * dfg/DFGOperations.h:
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):

2011-11-07  Mark Hahnenberg  <mhahnenberg@apple.com>

        De-virtualize JSObject::putWithAttributes
        https://bugs.webkit.org/show_bug.cgi?id=71716

        Reviewed by Darin Adler.

        Added putWithAttributes to the MethodTable, changed all the virtual 
        implementations of putWithAttributes to static ones, and replaced 
        all call sites with corresponding lookups in the MethodTable.

        * API/JSObjectRef.cpp:
        (JSObjectSetProperty):
        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * debugger/DebuggerActivation.cpp:
        (JSC::DebuggerActivation::putWithAttributes):
        * debugger/DebuggerActivation.h:
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::execute):
        * runtime/ClassInfo.h:
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::putWithAttributes):
        * runtime/JSActivation.h:
        * runtime/JSCell.cpp:
        (JSC::JSCell::putWithAttributes):
        * runtime/JSCell.h:
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::putWithAttributes):
        * runtime/JSGlobalObject.h:
        * runtime/JSObject.cpp:
        (JSC::JSObject::putWithAttributes):
        (JSC::putDescriptor):
        * runtime/JSObject.h:
        * runtime/JSStaticScopeObject.cpp:
        (JSC::JSStaticScopeObject::putWithAttributes):
        * runtime/JSStaticScopeObject.h:
        * runtime/JSVariableObject.cpp:
        (JSC::JSVariableObject::putWithAttributes):
        * runtime/JSVariableObject.h:

2011-11-07  Dmitry Lomov  <dslomov@google.com>

        Unreviewed. Release build fix.

        * parser/Lexer.cpp:
        (JSC::assertCharIsIn8BitRange):

2011-11-07  Filip Pizlo  <fpizlo@apple.com>

        Switch the value profiler back to 8 buckets, because we suspect that while this
        is more expensive it's also more stable.

        Rubber stamped by Geoff Garen.

        * bytecode/ValueProfile.h:

2011-11-07  Andrew Wason  <rectalogic@rectalogic.com>

        Uninitialized Heap member var
        https://bugs.webkit.org/show_bug.cgi?id=71722

        Reviewed by Filip Pizlo.

        * heap/Heap.cpp:
        (JSC::Heap::Heap): Initialize m_blockFreeingThreadShouldQuit

2011-11-07  Yuqiang Xian  <yuqiang.xian@intel.com>

        DFG 32_64 - registers cannot be reused arbitrarily if speculation failures are possible
        https://bugs.webkit.org/show_bug.cgi?id=71684

        Reviewed by Filip Pizlo.

        Currently in DFG JIT, we try to reuse the physical register of an
        operand for temporary usage if the current use of the operand is the
        last use. But sometimes this can be wrong, for example if there are
        possible speculation failures and we need to fallback to baseline JIT,
        the value of the operand which is supposed to be hold in the physical
        register can be modified by register reusing. The fixes the last
        inspector failures in layout test on Mac 32-bit if switching on DFG.

        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
        (JSC::DFG::SpeculativeJIT::compile):

2011-11-07  Ryosuke Niwa  <rniwa@webkit.org>

        REGRESSION(r99436): Broke Snow Leopard debug build
        https://bugs.webkit.org/show_bug.cgi?id=71713

        Reviewed by Darin Adler.

        Put the assertion in a template and use template specialization
        to avoid warning when instantiated with UChar or LChar.

        In the long term, we should have traits for unsigned integral types
        and use that to specialize template instead of specializing it for UChar and LChar.

        * parser/Lexer.cpp:
        (JSC::assertCharIsIn8BitRange):
        (JSC::::append8):

2011-11-07  ChangSeok Oh  <shivamidow@gmail.com>

        [EFL] Support requestAnimationFrame API
        https://bugs.webkit.org/show_bug.cgi?id=67112

        Reviewed by Andreas Kling.

        Let EFL port use REQUEST_ANIMATION_FRAME_TIMER.

        * wtf/Platform.h:

2011-11-07  Michael Saboff  <msaboff@apple.com>

        Towards 8 Bit Strings: Templatize JSC::Lexer class by character type
        https://bugs.webkit.org/show_bug.cgi?id=71331

        Change the Lexer class to be a template class based on the character
        type of the source.  In the process updated the parseIdentifier()
        and parseString() methods to create 8 bit strings where possible.
        Also added some helper methods for accumulating temporary string
        data in the 8 and 16 bit vectors.

        Changed the SourceProvider::data() virtual method to return a
        StringImpl* instead of a UChar*.

        Updated the KeywordLookup generator to create code to match keywords
        for both 8 and 16 bit source strings.

        Due to a compiler bug (<rdar://problem/10194295>) moved enum
        definition outside of Lexer class declaration.  Remove second enum
        no longer needed.

        Reviewed by Darin Adler.

        * KeywordLookupGenerator.py:
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::callEval):
        * parser/Lexer.cpp:
        (JSC::::Lexer):
        (JSC::::~Lexer):
        (JSC::::getInvalidCharMessage):
        (JSC::::currentCharacter):
        (JSC::::setCode):
        (JSC::::internalShift):
        (JSC::::shift):
        (JSC::::peek):
        (JSC::::getUnicodeCharacter):
        (JSC::::shiftLineTerminator):
        (JSC::::lastTokenWasRestrKeyword):
        (JSC::::record8):
        (JSC::::append8):
        (JSC::::append16):
        (JSC::::record16):
        (JSC::::parseIdentifier):
        (JSC::::parseIdentifierSlowCase):
        (JSC::::parseString):
        (JSC::::parseStringSlowCase):
        (JSC::::parseHex):
        (JSC::::parseOctal):
        (JSC::::parseDecimal):
        (JSC::::parseNumberAfterDecimalPoint):
        (JSC::::parseNumberAfterExponentIndicator):
        (JSC::::parseMultilineComment):
        (JSC::::nextTokenIsColon):
        (JSC::::lex):
        (JSC::::scanRegExp):
        (JSC::::skipRegExp):
        (JSC::::clear):
        (JSC::::sourceCode):
        * parser/Lexer.h:
        (JSC::Lexer::append16):
        (JSC::Lexer::currentOffset):
        (JSC::Lexer::setOffsetFromCharOffset):
        (JSC::::isWhiteSpace):
        (JSC::::isLineTerminator):
        (JSC::::convertHex):
        (JSC::::convertUnicode):
        (JSC::::makeIdentifier):
        (JSC::::setCodeStart):
        (JSC::::makeIdentifierLCharFromUChar):
        (JSC::::lexExpectIdentifier):
        * parser/Parser.cpp:
        (JSC::Parser::Parser):
        (JSC::Parser::parseProperty):
        (JSC::Parser::parseMemberExpression):
        * parser/Parser.h:
        (JSC::Parser::next):
        (JSC::Parser::nextExpectIdentifier):
        * parser/ParserArena.h:
        (JSC::IdentifierArena::makeIdentifier):
        (JSC::IdentifierArena::makeIdentifierLCharFromUChar):
        * parser/SourceCode.h:
        (JSC::SourceCode::subExpression):
        * parser/SourceProvider.h:
        (JSC::UStringSourceProvider::stringData):
        * parser/SourceProviderCache.h:
        * parser/SyntaxChecker.h:
        * runtime/FunctionPrototype.cpp:
        (JSC::insertSemicolonIfNeeded):
        * runtime/Identifier.cpp:
        (JSC::IdentifierTable::add):
        (JSC::IdentifierLCharFromUCharTranslator::hash):
        (JSC::IdentifierLCharFromUCharTranslator::equal):
        (JSC::IdentifierLCharFromUCharTranslator::translate):
        (JSC::Identifier::add8):
        * runtime/Identifier.h:
        (JSC::Identifier::Identifier):
        (JSC::Identifier::createLCharFromUChar):
        (JSC::Identifier::canUseSingleCharacterString):
        (JSC::IdentifierCharBufferTranslator::hash):
        (JSC::IdentifierCharBufferTranslator::equal):
        (JSC::IdentifierCharBufferTranslator::translate):
        (JSC::Identifier::add):
        (JSC::Identifier::equal):
        (JSC::IdentifierTable::add):
        * runtime/JSGlobalObjectFunctions.cpp:
        (JSC::decode):
        (JSC::parseIntOverflow):
        (JSC::globalFuncUnescape):
        * runtime/JSGlobalObjectFunctions.h:
        (JSC::parseIntOverflow):
        * runtime/LiteralParser.cpp:
        (JSC::LiteralParser::tryJSONPParse):
        (JSC::LiteralParser::Lexer::lexString):
        * wtf/text/StringImpl.h:

2011-11-07  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>

        [Qt] Put the jsc binary in 'bin' instead of leaving it deep in the build tree

        Allows us to not package up the whole Source/JavaScriptCore directory for the
        buildbots.

        Reviewed-by Simon Hausmann.

        * jsc.pro:

2011-11-06  Filip Pizlo  <fpizlo@apple.com>

        REGRESSION(r99374): GTK+ build of the jsc binary doesn't like the call
        to initializeMainThread, and crashes
        https://bugs.webkit.org/show_bug.cgi?id=71643

        Reviewed by Sam Weinig.

        * jsc.cpp:
        (main):

2011-11-06  Sam Weinig  <sam@webkit.org>

        Add space missing from some class declarations
        https://bugs.webkit.org/show_bug.cgi?id=71632

        Reviewed by Anders Carlsson.

        * assembler/AssemblerBufferWithConstantPool.h:
        * bytecode/CodeBlock.h:
        * dfg/DFGVariableAccessData.h:
        * heap/VTableSpectrum.h:
        * jit/ExecutableAllocator.cpp:
        * jit/ExecutableAllocatorFixedVMPool.cpp:
        * wtf/MetaAllocatorHandle.h:
        * wtf/UnionFind.h:

2011-11-06  Sam Weinig  <sam@webkit.org>

        Allow use of FINAL in JavaScriptCore
        https://bugs.webkit.org/show_bug.cgi?id=71630

        Reviewed by Anders Carlsson.

        * Configurations/Base.xcconfig:
        Don't warn about C++11 extensions used in C++98 mode.

2011-11-05  Filip Pizlo  <fpizlo@apple.com>

        Value profiling should just use two buckets
        https://bugs.webkit.org/show_bug.cgi?id=71619

        Reviewed by Gavin Barraclough.
        
        Added one more configuration options (like Heuristics::minimumOptimizationDelay),
        improved debugging in JIT optimization support, changed the number of buckets
        in the value profile from 9 to 2, and wrote a more optimal value profiling path
        in the old JIT to take advantage of this. It's still possible to play around with
        larger numbers of buckets, and we should probably keep this for a little while
        until we convince ourselves that using just two buckets is the right call.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::shouldOptimizeNow):
        * bytecode/ValueProfile.h:
        * jit/JITInlineMethods.h:
        (JSC::JIT::emitValueProfilingSite):
        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):
        * runtime/Heuristics.cpp:
        (JSC::Heuristics::initializeHeuristics):
        * runtime/Heuristics.h:

2011-11-03  Filip Pizlo  <fpizlo@apple.com>

        JSC should be able to sample itself in a more flexible way than just sampling flags
        https://bugs.webkit.org/show_bug.cgi?id=71522

        Reviewed by Gavin Barraclough.
        
        Added a construct that looks like SamplingRegion samplingRegion("name").

        * JavaScriptCore.exp:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bytecode/SamplingTool.cpp:
        (JSC::SamplingRegion::Locker::Locker):
        (JSC::SamplingRegion::Locker::~Locker):
        (JSC::SamplingRegion::sample):
        (JSC::SamplingRegion::dump):
        (JSC::SamplingRegion::dumpInternal):
        (JSC::SamplingThread::threadStartFunc):
        * bytecode/SamplingTool.h:
        (JSC::SamplingRegion::SamplingRegion):
        (JSC::SamplingRegion::~SamplingRegion):
        (JSC::SamplingRegion::exchangeCurrent):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::generate):
        * dfg/DFGDriver.cpp:
        (JSC::DFG::compile):
        * heap/Heap.cpp:
        (JSC::Heap::markRoots):
        (JSC::Heap::collect):